Ping, tracert, and system debugging commands debugging Use debugging to enable debugging for a module. Use undo debugging to disable debugging for a module or for all modules. Syntax debugging module-name [ option ] undo debugging { all | module-name [ option ] } Default Debugging is disabled for all modules.
Syntax display debugging [ module-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters module-name: Specifies a module by its name. For a list of supported modules, use the display debugging ? command. If you do not specify a module name, this command displays the enabled debugging features for all modules.
Page 12
-i interface-type interface-number: Specifies the source interface for ICMP echo requests. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMP echo requests. -m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200.
Page 13
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms # Test whether the device with an IP address of 1.1.2.2 in VPN instance vpn1 is reachable. <Sysname> ping -vpn-instance vpn1 1.1.2.2 Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms 56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms 56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms...
Field Description Received ICMP echo replies from the device whose IP address is 1.1.2.2. If no echo reply is received within the timeout period, no information is displayed. • bytes—Number of bytes in the ICMP echo reply. 56 bytes from 1.1.2.2: icmp_seq=0 •...
Page 15
-s packet-size: Specifies the length (in bytes) of ICMPv6 echo requests (excluding the IPv6 packet header and the ICMPv6 packet header). The value range is 20 to 8100, and the default is 56. -t timeout: Specifies the timeout time (in milliseconds) of an ICMPv6 echo reply. The value range is 0 to 65535, and the default is 2000.
--- Ping6 statistics for 2001::2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms Table 2 Command output Field Description Ping6(56 data bytes) An ICMPv6 echo reply with a data length of 56 bytes is sent from 2001::1 to 2001::2.
Page 17
-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434. If the destination address is an EID address at a remote LISP site, specify a port number in the range of 33434 to 65535. -q packet-number: Specifies the number of probe packets to send per hop.
1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms 1.1.2.2 (1.1.2.2) 580 ms 470 ms 80 ms 1.1.3.2 (1.1.3.2) [AS 65535] 530 ms 472 ms 380 ms # Trace the path to destination (192.168.0.46) over an MPLS network. <Sysname> tracert 192.168.0.46 traceroute to 192.168.0.46(192.168.0.46), 30 hops at most, 40 bytes each packet, press CTRL_C to break 192.0.2.13 (192.0.2.13)
Page 19
Views Any view Predefined user roles network-admin mdc-admin Parameters -f first-hop: Specifies the TTL value of the first packet. The value range is 1 to 255, and the default is 1. The value must be no greater than the value of the max-hops argument. -m max-hops: Specifies the maximum number of hops allowed for a packet.
Page 20
Examples # Display the path that the packets traverse from source to destination (2001:3::2). <Sysname> tracert ipv6 2001:3::2 traceroute to 2001:3::2(2001:3::2), 30 hops at most, 60 byte packets, press CTRL_C to break 2001:1::2 0.661 ms 0.618 ms 0.579 ms 2001:2::2 [AS 100] 0.861 ms 0.718 ms 0.679 ms...
NQA commands NQA client commands advantage-factor Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values. Use undo advantage-factor to restore the default. Syntax advantage-factor factor undo advantage-factor Default The advantage factor is 0.
Default The codec type for the voice operation is G.711 A-law. Views Voice operation view Predefined user roles network-admin mdc-admin Parameters g711a: Specifies G.711 A-law codec type. g711u: Specifies G.711 µ-law codec type g729a: Specifies G.729 A-law codec type. Examples # Set the codec type to g729a for the voice operation.
• The SNMP operation uses the SNMPv1 or SNMPv2c agent. • The SNMPv1 or SNMPv2c agent is configured with a read-only or read-write community name. The specified community name must be the same as the community name configured on the SNMP agent.
• For the voice operation, the first 16 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload. • For the path jitter operation, the first four bytes of the payload of an ICMP echo request are for special purpose.
mdc-admin Parameters size: Specifies the payload size. Available value ranges include: • 20 to 65507 bytes for the ICMP echo, UDP echo, or UDP tracert operation. • 68 to 65507 bytes for the UDP jitter or path jitter operation. • 16 to 65507 bytes for the voice operation.
<Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] description icmp-probe # In ICMP template view, configure the description as icmp-probe for the NQA operation. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] description icmp-probe destination host Use destination host to configure the destination host name for the operation. Use undo destination host to restore the default.
Parameters ipv6-address: Specifies the destination IPv6 address for the operation. IPv6 link-local addresses are not supported. Examples # In ICMP template view, specify 1::1 as the destination IPv6 address for the operation. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] destination ipv6 1::1 destination port Use destination port to configure the destination port number for the operation.
<Sysname> system-view [Sysname] nqa template tcp tcptplt [Sysname-nqatplt-tcp-tcptplt] destination port 9000 display nqa history Use display nqa history to display the history records of NQA operations. Syntax display nqa history [ admin-name operation-tag ] Views Any view Predefined user roles network-admin network-operator mdc-admin...
<Sysname> display nqa history administrator test NQA entry (admin administrator, tag test) history records: Index Response Status Time Succeeded 2011-04-29 20:54:26.5 Succeeded 2011-04-29 20:54:26.2 Succeeded 2011-04-29 20:54:25.8 Succeeded 2011-04-29 20:54:25.5 Succeeded 2011-04-29 20:54:25.1 Succeeded 2011-04-29 20:54:24.8 Succeeded 2011-04-29 20:54:24.5 Succeeded 2011-04-29 20:54:24.1 Succeeded 2011-04-29 20:54:23.8...
Page 31
The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the current monitoring results of reaction entries for all NQA operations.
Monitored Threshold performance Collect data in Checked Num Over-threshold Num type metric Probes after the Number of accumulate Number of probe failures. operation starts. completed probes. probe-fail Probes after the Number of consecutive Number of probe failures. operation starts. completed probes. Table 9 Monitored performance metrics for ICMP jitter/UDP jitter/voice operations Monitored Threshold...
Page 33
The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the most recent results of all NQA operations. Examples # Display the most recent result of the TCP operation with administrator name admin and operation tag test.
Page 34
One way results: Max SD delay: 1 Max DS delay: 2 Min SD delay: 1 Min DS delay: 2 Number of SD delay: 1 Number of DS delay: 1 Sum of SD delay: 1 Sum of DS delay: 2 Square-Sum of SD delay: 1 Square-Sum of DS delay: 4 Lost packets for unknown reason: 0 # Display the most recent result of the UDP jitter operation with administrator name admin and...
Page 35
Send operation times: 1000 Receive response times: 0 Min/Max/Average round trip time: 0/0/0 Square-Sum of round trip time: 0 Last packet received time: 0-00-00 00:00:00.0 Extended results: Packet loss ratio: 100% Failures due to timeout: 1000 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0...
Page 36
Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Path-Jitter Results: Jitter number: 9 Min/Max/Average jitter: 0/0/0 Positive jitter number: 0 Min/Max/Average positive jitter: 0/0/0 Sum/Square-Sum positive jitter: 0/0 Negative jitter number: 0 Min/Max/Average negative jitter: 0/0/0 Sum/Square-Sum negative jitter: 0/0...
Page 37
UDP-tracert results: Hop IP Time 3.1.1.1 2013-09-09 14:23:24.5 4.1.1.1 2013-09-09 14:23:24.5 Table 10 Command output Field Description Data collecting in progress The operation is in progress. Send operation times Number of operations. Receive response times Number of response packets received. Min/Max/Average round trip time Minimum/maximum/average round-trip time in milliseconds.
Page 38
Field Description Positive DS number Number of positive jitters from destination to source. Positive SD sum Sum of positive jitters from source to destination. Positive DS sum Sum of positive jitters from destination to source. Positive SD average Average positive jitters from source to destination. Positive DS average Average positive jitters from destination to source.
Field Description Square-Sum of SD delay Square sum of delays from source to destination. Square-Sum of DS delay Square sum of delays from destination to source. SD lost packets Number of lost packets from the source to the destination. DS lost packets Number of lost packets from the destination to the source.
Page 40
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
Page 41
Min/Max/Average round trip time: 1/2/1 Square-Sum of round trip time: 1563 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 ICMP-jitter results: RTT number: 1560 Min positive SD: 1...
Page 42
Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 UDP-jitter results: RTT number: 550 Min positive SD: 1 Min positive DS: 1 Max positive SD: 7 Max positive DS: 1...
Page 43
Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Voice results: RTT number: 10 Min positive SD: 3 Min positive DS: 1 Max positive SD: 10 Max positive DS: 1 Positive SD number: 3 Positive DS number: 2...
Page 44
Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Path-Jitter Results: Jitter number: 9 Min/Max/Average jitter: 0/0/0 Positive jitter number: 0 Min/Max/Average positive jitter: 0/0/0 Sum/Square-Sum positive jitter: 0/0 Negative jitter number: 0 Min/Max/Average negative jitter: 0/0/0...
Page 45
Field Description Packet loss ratio Average packet loss ratio. Failures due to timeout Number of timeout occurrences in an operation. Failures due to disconnect Number of disconnections by the peer. Failures due to no connection Number of failures to connect with the peer. Failures due to internal error Number of failures due to internal errors.
Page 46
Field Description Negative DS number Number of negative jitters from destination to source. Sum of absolute values of negative jitters from source to Negative SD sum destination. Sum of absolute values of negative jitters from destination to Negative DS sum source.
Page 47
Field Description Threshold Type Threshold type. Number of targets that have been monitored for data Checked Num collection. Over-threshold Num Number of threshold violations. Serial number for the path in the path jitter operation. Path This field is available only for the path jitter operation. IP address of the hop.
Table 13 Monitored performance metrics for ICMP jitter/UDP jitter/voice operations Monitored Threshold performance Collect data in Checked Num Over-threshold Num type metric Packets sent in Number of packets of Number of sent accumulate the counting which the round-trip time packets. interval.
Usage guidelines Upon receiving a response packet, the NQA client examines the target payload for the expected data. • If a match is found, the NQA client verifies the NQA destination device as legal. • If no match is found, the NQA client looks up the entire payload for a match. If no match is found again, the NQA destination device is verified as illegal.
[Sysname] nqa template dns dnstplt [Sysname-nqatplt-dns-dnstplt] expect ip 1.1.1.1 expect ipv6 Use expect ipv6 to specify the expected IPv6 address. Use undo expect ipv6 to restore the default. Syntax expect ipv6 ipv6-address undo expect ipv6 Default No expected IPv6 address is specified. Views DNS template view Predefined user roles...
Predefined user roles network-admin mdc-admin Parameters status-list: Specifies a space-separated list of up to 10 status code items. Each item specifies a status code or a range of status codes in the form of status-num 1 to status-num 2. The value ranges for both the status-num 1 and status-num 2 arguments are 0 to 999.
# In FTP template view, specify config.txt as the file to be transferred between the FTP server and the FTP client. <Sysname> system-view [Sysname] nqa template ftp ftptplt [Sysname-nqatplt-ftp-ftptplt] filename config.txt frequency Use frequency to specify the interval at which the NQA operation repeats. Use undo frequency to restore the default.
history-record enable Use history-record enable to enable the saving of history records for the NQA operation. Use undo history-record enable to disable the saving of history records. Syntax history-record enable undo history-record enable Default The saving of history records is enabled only for the UDP tracert operation. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view...
UDP tracert operation view Predefined user roles network-admin mdc-admin Parameters keep-time: Specifies how long the history records can be saved. The value range is 1 to 1440 minutes. Usage guidelines When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached.
<Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] history-record number 10 init-ttl Use init-ttl to set the TTL value for UDP packets in the start round of the UDP tracert operation. Use undo init-ttl to restore the default. Syntax init-ttl value undo init-ttl...
Parameters cipher: Specifies a key in encrypted form. simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form. string: Specifies the shared key string. Its plaintext form is a case-sensitive string of 1 to 64 characters.
max-failure Use max-failure to set the maximum number of consecutive probe failures in a UDP tracert operation. Use undo max-failure to restore the default. Syntax max-failure times undo max-failure Default A UDP tracert operation stops and fails when it detects five consecutive probe failures. Views UDP tracert operation view Predefined user roles...
Predefined user roles network-admin mdc-admin Parameters active: Sets the data transmission mode to active. The FTP server initiates a connection request. passive: Sets the data transmission mode to passive. The FTP client initiates a connection request. Examples # Set the data transmission mode to passive for the FTP operation. <Sysname>...
[Sysname-nqa-admin-test-icmp-echo] next-hop ip 10.1.1.1 next-hop ipv6 Use next-hop ipv6 to specify the next hop IPv6 address for probe packets. Use undo next-hop ipv6 to restore the default. Syntax next-hop ipv6 ipv6-address undo next-hop ipv6 Default No next hop IPv6 address is specified for probe packets. Views ICMP echo operation view ICMP/TCP half open template view...
Predefined user roles network-admin mdc-admin Usage guidelines The no-fragmentation feature sets the DF field to 1. Packets with the DF field set cannot be fragmented during the forwarding process. You can use this command to test the path MTU of a link. Examples # Enable the no-fragmentation feature for the UDP tracert operation.
nqa agent enable Use nqa agent enable to enable the NQA client. Use undo nqa agent enable to disable the NQA client and stop all operations being performed. Syntax nqa agent enable undo nqa agent enable Default The NQA client is enabled. Views System view Predefined user roles...
start-time: Specifies the start time and date of the NQA operation. hh:mm:ss: Specifies the start time of an NQA operation. yyyy/mm/dd: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035. mm/dd/yyyy: Specifies the start date of an NQA operation.
Predefined user roles network-admin mdc-admin Parameters dns: Specifies the DNS template. ftp: Specifies the FTP template. http: Specifies the HTTP template. https: Specifies the HTTPS template. icmp: Specifies the ICMP template. radius: Specifies the RADIUS template. ssl: Specifies the SSL template. tcp: Specifies the TCP template.
Usage guidelines When you perform the put operation with the filename command configured, make sure the file exists on the NQA client. If you get a file from the FTP server, make sure the file specified in the URL exists on the FTP server. The NQA client does not save the file obtained from the FTP server.
For the get or post operation, the content in the request is obtained from the URL specified by the url command. For the raw operation, the content in the request is configured in raw request view. You can use the raw-request command to enter the raw request view.
Examples # Specify VLAN-interface 1 as the output interface for probe packets in the UDP tracert operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-tracert [Sysname-nqa-admin-test-udp-tracert] out interface vlan-interface 1 password Use password to specify a password. Use undo password to restore the default. Syntax password { cipher | simple } string undo password...
Related commands operation username probe count Use probe count to specify the probe times. Use undo probe count to restore the default. Syntax probe count times undo probe count Default In an UDP tracert operation, the NQA client sends three probe packets to each hop along the path. In other types of operations, the NQA client performs one probe to the destination per operation.
• A UDP tracert operation determines the routing path from the source to the destination. The number of probe packets sent to each hop is set by using the probe count command. • A frame loss, latency, or throughput operation sends probe frames to the destination device to test the frame loss ratio, latency, or throughput of the network.
Parameters timeout: Specifies the timeout time in milliseconds. The value range is 10 to 3600000. Examples # Set the response timeout time to 100 milliseconds in the UDP jitter operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] probe packet-timeout 100 probe timeout Use probe timeout to set the probe timeout time.
[Sysname-nqatplt-http-httptplt] probe timeout 10000 raw-request Use raw-request to enter raw request view and specify the content of an HTTP or HTTPS request. Use undo raw-request to restore the default. Syntax raw-request undo raw-request Default The contents of an HTTP or HTTPS raw request are not specified. Views HTTP operation view HTTP/HTTPS template view...
[Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element jitter-ds threshold-type average threshold-value 50 5 action-type trap-only # Create reaction entry 2 for monitoring the destination-to-source jitter of UDP jitter probe packets, and set the upper limit to 50 milliseconds, and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid.
No actions can be configured for a reaction entry of monitoring one-way delays. To display the monitoring results and statistics, use the display nqa reaction counters and display nqa statistics commands. Examples # Create reaction entry 1 for monitoring the destination-to-source delay of every UDP jitter packet, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds.
Examples # Create reaction entry 1 for monitoring the ICPIF value in the voice operation, and set the upper limit to 50 and lower limit to 5. Before the voice operation starts, the initial state of the reaction entry is invalid.
Examples # Create reaction entry 1 for monitoring the MOS value of the voice operation, and set the upper limit to 2 and lower limit to 1. Before the NQA operation starts, the initial state of the reaction entry is invalid.
the lost packets is checked against the threshold. If the number reaches or exceeds 100, the state of the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS. <Sysname>...
Usage guidelines You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one. Only successful probe packets are monitored. Statistics about failed probe packets are not collected. Examples # Create reaction entry 1 for monitoring the average probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds.
Page 79
undo reaction item-number Default No reaction entries for monitoring probe failures exist. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view Predefined user roles network-admin mdc-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-type: Specifies a threshold type.
# Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold.
Usage guidelines The ICMP jitter, UDP jitter, and voice operations support only the test-complete keyword. The following parameters are not available for the UDP tracert operation: • The probe-failure consecutive-probe-failures option. • The accumulate-probe-failures argument. Examples # Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.
reaction trigger probe-fail Use reaction trigger probe-fail to set the number of consecutive probe failures to determine an operation failure. Use undo reaction trigger probe-fail to restore the default. Syntax reaction trigger probe-fail count undo reaction trigger probe-fail Default The NQA client notifies the feature of the operation failure when the number of consecutive probe failures reaches 3.
Default The NQA client notifies the feature of the successful operation event if the number of consecutive successful probes reaches 3. Views Any NQA template view Predefined user roles network-admin mdc-admin Parameters count: Specifies the number of consecutive successful probes, in the range of 1 to 15. Usage guidelines If number of consecutive successful probes is reached, the NQA client notifies the feature that uses the template of the successful operation event.
Parameters domain-name: Specifies the domain name to be resolved. It is a dot-separated case-sensitive string of 1 to 255 characters including letters, digits, hyphens (-), and underscores (_) (for example, aabbcc.com). Each part consists of 1 to 63 characters, and consecutive dots (.) are not allowed. Examples # Specify domain1 as the domain name to be resolved.
Predefined user roles network-admin mdc-admin Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The specified interface must be up. If the interface is down, no probe requests can be sent out. If you execute this command and the source ip or source ipv6 command for an ICMP echo operation or ICMP template multiple times, the most recent configuration takes effect.
Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the source IPv4 address for probe packets. Usage guidelines The specified source IPv4 address must be the IPv4 address of a local interface, and the local interface must be up. Otherwise, no probe packets can be sent out. For an NQA template, if the source and destination addresses have different IP versions, the source address does not take effect.
Parameters ipv6-address: Specifies the source IPv6 address for probe packets. IPv6 link-local addresses are not supported. Usage guidelines The specified source IPv6 address must be the IPv6 address of a local interface. The local interface must be up. Otherwise, no probe packets can be sent out. For an NQA template, if the source and destination addresses have different IP versions, the source address does not take effect.
[Sysname-nqa-admin-test] type udp-echo [Sysname-nqa-admin-test-udp-echo] source port 8000 # In DNS template view, set the source port number to 8000 for probe packets in the DNS operation. <Sysname> system-view [Sysname] nqa template dns dnstplt [Sysname-nqatplt-dns-dnstplt] source port 8000 ssl-client-policy Use ssl-client-policy to specify an SSL client policy for an HTTPS or SSL template. Use undo ssl-client-policy to restore the default.
Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view ICMP jitter/path jitter/UDP jitter/voice operation view Predefined user roles network-admin mdc-admin Parameters hold-time: Specifies the hold time in minutes, in the range of 1 to 1440. Usage guidelines A statistics group is deleted when its hold time expires. Examples # Set the hold time to 3 minutes for statistics groups of the ICMP echo operation.
Examples # Configure NQA to collect the ICMP echo operation statistics every 2 minutes. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] statistics interval 2 statistics max-group Use statistics max-group to set the maximum number of statistics groups that can be saved. Use undo statistics max-group to restore the default.
undo target-only Default NQA performs the path jitter operation to the destination hop by hop. Views Path jitter operation view Predefined user roles network-admin mdc-admin Examples # Perform the path jitter operation only on the destination address. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type path-jitter [Sysname-nqa-admin-test-path-jitter] target-only Use tos to set the ToS value in the IP header for probe packets.
Use ttl to set the maximum number of hops that the probe packets can traverse. Use undo ttl to restore the default. Syntax ttl value undo ttl Default The maximum number of hops is 30 for probe packets of the UDP tracert operation, and is 20 for probe packets of other types of operations.
Views FTP/HTTP operation view FTP/HTTP/HTTPS template view Predefined user roles network-admin mdc-admin Parameters url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. The following table describes the URL format and parameters for different operations. Operation URL format Parameter description...
Views FTP/HTTP operation view FTP/HTTP/HTTPS/RADIUS template view Predefined user roles network-admin mdc-admin Parameters username: Specifies the username. This argument is case sensitive. It is a string of 1 to 32 characters for an FTP, HTTP, or HTTPS username, and a string of 1 to 253 characters for a RADIUS authentication username.
v1.1: Uses version 1.1. Examples # Configure the HTTP operation to use the HTTP version 1.1. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type http [Sysname-nqa-admin-test-http] version v1.1 vpn-instance Use vpn-instance to apply the operation to a VPN instance. Use undo vpn-instance to restore the default.
NQA server commands IMPORTANT: Configure the NQA server only for UDP jitter, TCP, UDP echo, and voice operations. display nqa server Use display nqa server status to display NQA server status. Syntax display nqa server Views Any view Predefined user roles network-admin network-operator mdc-admin...
Related commands nqa server enable nqa server tcp-connect nqa server udp-echo nqa server enable Use nqa server enable to enable the NQA server. Use undo nqa server enable to disable the NQA server. Syntax nqa server enable undo nqa server enable Default The NQA server is disabled.
Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the IP address for the TCP listening service. port-number: Specifies the port number for the TCP listening service, in the range of 1 to 65535. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Page 103
mdc-admin Parameters ip-address: Specifies the IP address for the UDP listening service. port-number: Specifies the port number for the UDP listening service, in the range of 1 to 65535. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
NTP commands NTP is supported on the following Layer 3 interfaces: • Layer 3 Ethernet interfaces. • Layer 3 Ethernet subinterfaces. • Layer 3 aggregate interfaces. • Layer 3 aggregate subinterfaces. • VLAN interfaces. • Tunnel interfaces. display ntp-service ipv6 sessions Use display ntp-service ipv6 sessions to display information about all IPv6 NTP associations.
Page 105
Table 15 Command output Field Description • 1—Clock source selected by the system (the current reference source). • 2—The stratum level of the clock source is less than or equal to 15. [12345] • 3—The clock source has survived the clock selection algorithm. •...
Page 107
Field Description Status of the clock source corresponding to this association: • configured—The association was created at the CLI. • dynamic—The association is established dynamically. • master—The clock source is the primary reference source of the current system. • selected—The clock source has survived the clock selection algorithm.
Page 108
Field Description Operation mode of the peer device: • unspec—The mode is unspecified. • sym_active—Active mode. • sym_passive—Passive mode. peer mode • client—Client mode. • server—Server mode. • broadcast—Broadcast or multicast server mode. • bclient—Broadcast or multicast client mode. Polling interval for the peer device, in seconds. The value peer poll interval displayed is a power of 2.
display ntp-service sessions Use display ntp-service sessions to display information about all IPv4 NTP associations. Syntax display ntp-service sessions [ verbose ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters verbose: Displays detailed information about all IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information about the NTP associations.
Page 110
Field Description Reference clock ID of the NTP server: • If the reference clock is the local clock, the value of this field is related to the value of the stra field: When the value of the stra field is 0 or 1, this field displays LOCL. ...
Page 112
Field Description Reference clock ID of the NTP server: • If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: When the value of the Clock stratum field is 0 or 1, this ...
Field Description Synchronization distance relative to the upper-level clock, in sync distance seconds, and calculated from dispersion and roundtrip delay values. Precision Accuracy of the system clock. version NTP version in the range of 1 to 4. Source interface. source interface If the source interface is not specified, this field is Not specified.
Page 114
Stability: 0.000 pps Clock precision: 2^-18 Root delay: 0.00000 ms Root dispersion: 3.96367 ms Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573 # Display the NTP service status when time is not synchronized. <Sysname> display ntp-service status Clock status: unsynchronized Clock stratum: 16 Reference clock ID: none Clock jitter: 0.000000 s...
Field Description For an IPv4 NTP server: The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as a reference source. •...
Page 116
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters source interface-type interface-number: Specifies the source interface for sending NTP packets to trace each NTP server from the local device back to the primary reference source. The source IP address of the NTP packets is the IPv4 address/IPv6 address of the specified source interface. If the IP address of an NTP server is a link-local address, the link-local address of the outgoing interface of NTP packets is used as the source IP address of the NTP packets.
ntp-service unicast-peer ntp-service acl Use ntp-service acl to configure the access-control right for peer devices to access NTP services of the local device. Use undo ntp-service acl to remove the configured NTP service access-control right. Syntax ntp-service { peer | query | server | synchronization } acl acl-number undo ntp-service { peer | query | server | synchronization } acl acl-number Default The access-control right for the peer devices to access the NTP services of the local device is peer.
Page 119
Default No NTP authentication key exists. Views System view Predefined user roles network-admin mdc-admin Parameters keyid: Specifies an authentication key ID in the range of 1 to 4294967295. authentication-mode: Specifies an authentication algorithm. • hmac-sha-1: Specifies the HMAC-SHA-1 algorithm. • hmac-sha-256: Specifies the HMAC-SHA-256 algorithm.
ntp-service broadcast-client Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets. Use undo ntp-service broadcast-client to remove the configuration. Syntax ntp-service broadcast-client undo ntp-service broadcast-client Default The device does not operate in any NTP association mode.
Predefined user roles network-admin mdc-admin Parameters authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication. version number: Specifies the NTP version.
Examples # Set the DSCP value for IPv4 NTP packets to 30. <Sysname> system-view [Sysname] ntp-service dscp 30 ntp-service enable Use ntp-service enable to enable the NTP service. Use undo ntp-service enable to disable the NTP service. Syntax ntp-service enable undo ntp-service enable Default The NTP service is disabled.
• You do not want the device to be synchronized by the peer device in the subnet corresponding to the interface. Examples # Disable VLAN-interface 1 from receiving NTP messages. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] undo ntp-service inbound enable ntp-service ipv6 acl Use ntp-service ipv6 acl to configure the access-control right for the peer devices to access the IPv6 NTP services of the local device.
• If no ACL is created for any access right, peer is granted. The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is more secure. Examples # Configure the peer devices on subnet 2001::1 to have full access to the local device. <Sysname>...
Use undo ntp-service ipv6 inbound enable to disable an interface from receiving IPv6 NTP messages. Syntax ntp-service ipv6 inbound enable undo ntp-service ipv6 inbound enable Default An interface receives IPv6 NTP messages. Views Interface view Predefined user roles network-admin mdc-admin Usage guidelines Execute the undo ntp-service ipv6 inbound enable command on an interface in the following cases:...
Usage guidelines After you configure the command, the device listens to IPv6 NTP messages using the specified multicast address as the destination address. It is synchronized based on the received IPv6 NTP messages. If you have configured the device to operate in IPv6 multicast client mode on an interface by using the command, do not add the interface to any aggregate group.
If you have configured the device to operate in IPv6 multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command. Examples # Configure the device to operate in IPv6 multicast server mode and send IPv6 NTP multicast messages on VLAN-interface 1 to the multicast address FF21::1, using key 4 for encryption.
• In NTP symmetric active/passive mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-peer command, the specified interface acts as the source interface for IPv6 NTP messages. • In NTP multicast mode, if you have configured the ntp-service ipv6 multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.
specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages.
Parameters server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters. ipv6-address: Specifies an NTP server by its IPv6 address. It must be a unicast address, rather than a multicast address. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the NTP server belongs.
undo ntp-service max-dynamic-sessions Default The maximum number of dynamic NTP sessions is 100. Views System view Predefined user roles network-admin mdc-admin Parameters number: Sets the maximum number of dynamic NTP associations, in the range of 0 to 100. Usage guidelines A device can have a maximum of 128 concurrent associations, including static associations and dynamic associations.
Usage guidelines After you configure the command, the device listens to NTP messages using the specified multicast address as the destination address. If you have configured the device to operate in multicast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
If you have configured the device to operate in multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command. Examples # Configure the device to operate in multicast server mode and send NTP multicast messages on VLAN-interface 1 to the multicast address 224.0.1.1, using key 4 for encryption.
Use the command with caution to avoid time errors. As a best practice, set the local clock time to a correct value before you execute the command. Examples # Specify the local clock as the reference source, with the stratum level 2. <Sysname>...
ntp-service source Use ntp-service source to specify a source interface for NTP messages. Use undo ntp-service source to restore the default. Syntax ntp-service source interface-type interface-number undo ntp-service source Default No source interface is specified for NTP messages. The device performs the following operations: •...
ntp-service unicast-peer Use ntp-service unicast-peer to specify a symmetric-passive peer for the device. Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device. Syntax ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] undo ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] Default No symmetric-passive peer is specified.
include vpn-instance vpn-instance-name in the command, the command removes the symmetric-passive peer on the public network. Examples # Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the device, and configure the device to run NTP version 4. Specify the source interface of NTP messages as VLAN-interface 1.
Page 138
outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages. version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4. Usage guidelines When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.
SNTP commands display sntp ipv6 sessions Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations. Syntax display sntp ipv6 sessions Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about all IPv6 SNTP associations. <Sysname>...
Syntax display sntp sessions Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about all IPv4 SNTP associations. <Sysname> display sntp sessions SNTP server Stratum Version Last receive time 1.0.1.11 Tue, May 17 2011 9:11:20.833 (Synced) Table 22 Command output Field Description...
Usage guidelines You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers. To authenticate an NTP server, set an authentication key and specify it as a trusted key. Examples # Enable SNTP authentication.
Usage guidelines You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers. Configure the same key ID and key on the SNTP client and NTP server. Otherwise, the SNTP client cannot be synchronized to the NTP server.
Page 143
Use undo sntp ipv6 unicast-server to remove the IPv6 NTP server specified for the device. Syntax sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number ] * undo sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] Default No IPv6 NTP server is specified.
SNMP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.
Page 148
Role name: bb Storage-type: nonVolatile Community name: userv1 Group name: testv1 Storage-type: nonvolatile Community name: cc Group name: cc ACL name: testacl Storage-type: nonVolatile Table 23 Command output Field Description Community name created by using the snmp-agent community command or Community name username created by using the snmp-agent usm-user { v1 | v2c } command.
display snmp-agent context Use display snmp-agent context to display SNMP contexts. Syntax display snmp-agent context [ context-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If you do not specify this argument, the command displays all SNMP contexts.
Group name: groupv3 Security model: v3 noAuthnoPriv Readview: ViewDefault Writeview: <no specified> Notifyview: <no specified> Storage-type: nonvolatile ACL name: testacl Table 24 Command output Field Description Group name SNMP group name. Security model of the SNMP group: • authPriv—Authentication with privacy. •...
Usage guidelines Every SNMP entity has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects. An SNMP engine ID uniquely identifies an SNMP entity in an SNMP domain. Examples # Display the local SNMP engine ID.
Page 152
|-ieee802dot1<1.0.8802.1>(NA) |-ieee802dot1mibs<1.0.8802.1.1>(NA) Table 25 Command output Field Description -std MIB node name. <1.0> OID of a MIB node. Permissions to MIB nodes: • NA—Not accessible. • NF—Notifications. • (NA) RO—Read-only access. • RW—Read and write access. • RC—Read-write-create access. • WO—Write-only access.
Page 153
Field Description OID of a MIB index node. # Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects. <Sysname> display snmp-agent mib-node trap-node Name |lldpRemTablesChange ||1.0.8802.1.1.2.0.0.1 Trap Object Name |||lldpStatsRemTablesInserts ||||1.0.8802.1.1.2.1.2.2 Name |||lldpStatsRemTablesDeletes ||||1.0.8802.1.1.2.1.2.3 Name |||lldpStatsRemTablesDrops ||||1.0.8802.1.1.2.1.2.4...
Page 154
Field Description OID of a MIB node. MIB node types: • Table—Table node. • Row—Row node in a MIB table. • Column—Column node in a MIB table. NodeType • Leaf—Leaf node. • Group—Group node (parent node of a leaf node). •...
Field Description Value range Value range of a MIB node. Index Table index. This field appears only for a table node. display snmp-agent mib-view Use display snmp-agent mib-view to display MIB views. Syntax display snmp-agent mib-view [ exclude | include | viewname view-name ] Views Any view Predefined user roles...
Subtree mask: Storage-type: nonVolatile View Type: excluded View status: active View name: ViewDefault MIB Subtree: snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type: excluded View status: active ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.
Parameters ipv4-address: Specifies a remote SNMP entity by its IPv4 address. ipv6 ipv6-address: Specifies a remote SNMP entity by its IPv6 address. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the remote SNMP entity belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters.
Page 158
mdc-operator Examples # Display SNMP message statistics. <Sysname> display snmp-agent statistics 1684 messages delivered to the SNMP entity. 5 messages were for an unsupported version. 0 messages used an unknown SNMP community name. 0 messages represented an illegal operation for the community supplied. 0 ASN.1 or BER errors in the process of decoding.
Field Description Number of MIB objects that have been MIB objects altered successfully successfully modified. Number of GetRequest requests that have GetRequest-PDU accepted and processed been received and processed. Number of getNext requests that have been GetNextRequest-PDU accepted and processed received and processed.
Palo Alto, CA 94304 The location information of the agent: The SNMP version of the agent: SNMPv3 Related commands snmp-agent sys-info display snmp-agent trap queue Use display snmp-agent trap queue to display basic information about the trap queue. Syntax display snmp-agent trap queue Views Any view Predefined user roles...
mdc-operator Usage guidelines If a module has multiple sub-modules and SNMP notifications are enabled for one of its sub-modules, the command output shows that the module is SNMP notifications-enabled. To determine whether a module supports SNMP notifications, execute the snmp-agent trap enable ? command.
Page 162
Usage guidelines This command displays only SNMPv3 users that you have created by using the snmp-agent usm-user v3 command. To display SNMPv1 or SNMPv2c users created by using the snmp-agent usm-user { v1 | v2c } command, use the display snmp-agent community command. Examples # Display information about all SNMPv3 users.
Field Description Storage type: • volatile. • nonvolatile. • permanent. Storage-type • readOnly. • other. For more information about these storage types, see Table SNMP user status: • active—The SNMP user is effective. • UserStatus notInService—The SNMP user is correctly configured but not activated. •...
Views System view Predefined user roles network-admin mdc-admin Parameters inform: Specifies informs. trap: Specifies traps. interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094. Usage guidelines The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface or subinterface as the source IP address in all its SNMP informs or traps, regardless of their...
Page 166
Views System view Predefined user roles network-admin mdc-admin Parameters plain-password: Specifies a key in plaintext form. The plain-password argument is a case-sensitive string of 1 to 64 characters. mode: Specifies an authentication algorithm and encryption algorithm. The device supports the HMAC-MD5 and HMAC-SHA1 authentication algorithms.
Examples # Use the local engine ID and the HMAC-SHA1 algorithm to calculate the encrypted form for key authkey. <Sysname> system-view [Sysname] snmp-agent calculate-password authkey mode sha local-engineid The encrypted key is: 09659EC5A9AE91BA189E5845E1DDE0CC Related commands snmp-agent local-engineid snmp-agent usm-user v3 snmp-agent community Use snmp-agent community to configure an SNMPv1 or SNMPv2c community.
Page 168
set of accessible MIB objects. If you do not specify a view, the specified community can access the MIB objects in the default MIB view ViewDefault. user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63 characters.
For more information about ACL, see ACL and QoS Configuration Guide. You can also create an SNMP community by using the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands. These two commands create an SNMPv1 or SNMPv2c user and the group to which the user is assigned.
Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context. Syntax snmp-agent community-map community-name context context-name undo snmp-agent community-map community-name context context-name Default No mapping exists between an SNMP community and an SNMP context. Views System view Predefined user roles...
Parameters context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters. Usage guidelines For an NMS and an SNMP agent to communicate, configure the same SNMP context for them or do not configure a context for the NMS. You can create a maximum of 20 SNMP contexts.
Page 172
Parameters v1: Specifies SNMPv1. v2c: Specifies SNMPv2c. v3: Specifies SNMPv3. group-name: Specifies an SNMP group name, a case-sensitive string of 1 to 32 characters. authentication: Specifies the authentication without privacy security model for the SNMPv3 group. privacy: Specifies the authentication with privacy security model for the SNMPv3 group. read-view view-name: Specifies a read-only MIB view.
Security model Security key Security model keyword for the settings for the Remarks group user If no authentication key is configured, SNMP communication will fail. Authentication without authentication Authentication key privacy The encryption key (if any) for the user does not take effect.
Parameters engineid: Specifies an SNMP engine ID, a case-insensitive hexadecimal string. Its length is an even number in the range of 10 to 64. All-zero and all-F strings are invalid. Usage guidelines An SNMP engine ID uniquely identifies a device in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.
The system can store entries for up to 20 unique MIB view records. In addition to the four default MIB view records, you can create up to 16 unique MIB view records. After you delete the default view with the undo snmp-agent mib-view command, you can create up to 20 unique MIB view records. Be cautious with deleting the default MIB view.
[Sysname] snmp-agent packet max-size 1024 snmp-agent port Use snmp-agent port to specify the UDP port for receiving SNMP packets. Use undo snmp-agent port to restore the default. Syntax snmp-agent port port-num undo snmp-agent port Default The device uses UDP port 161 for receiving SNMP packets. Views System view Predefined user roles...
Views System view Predefined user roles network-admin mdc-admin Parameters ipv4-address: Specifies a remote SNMP entity by its IPv4 address. ipv6 ipv6-address: Specifies a remote SNMP entity by its IPv6 address. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the remote SNMP entity belongs.
Parameters sys-contact: Specifies the system contact, a case-sensitive string of 1 to 255 characters. Usage guidelines Configure the system contact for system maintenance and management. Examples # Configure the system contact as Dial System Operator # 27345. <Sysname> system-view [Sysname] snmp-agent sys-info contact Dial System Operator # 27345 Related commands display snmp-agent sys-info snmp-agent sys-info location...
• privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and encryption key when you create the SNMPv3 user. Usage guidelines You can specify multiple SNMP notification target hosts. Make sure the SNMP agent uses the same UDP port for SNMP notifications as the target host. Typically, NMSs, for example, IMC and MIB Browser, use port 162 for SNMP notifications as defined in the SNMP protocols.
protocol: Specifies a protocol module. You can use the snmp-agent trap enable ? command to obtain the value of this argument. For more information about this argument, see the command reference for each module. standard: Specifies SNMP standard notifications. Table 35 Standard SNMP notifications Keyword Definition Authentication failure notification sent when an NMS fails to be authenticated by the...
Usage guidelines Extended linkUp and linkDown notifications add interface description and interface type to the standard linkUp/linkDown notifications for fast failure point identification. When you use this command, make sure the NMS supports the extended linkup and linkDown notifications. Examples # Enable extended linkUp/linkDown notifications.
Syntax snmp-agent trap log undo snmp-agent trap log Default SNMP notification logging is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends the logs to the information center. You can configure the information center to output the logs to a destination as needed.
Examples # Set the SNMP notification queue size to 200. <Sysname> system-view [Sysname] snmp-agent trap queue-size 200 Related commands snmp-agent target-host snmp-agent trap enable snmp-agent trap life snmp-agent usm-user { v1 | v2c } Use snmp-agent usm-user { v1 | v2c } to create an SNMPv1 or SNMPv2c user. Use undo snmp-agent usm-user { v1 | v2c } to delete an SNMPv1 or SNMPv2c user.
Page 187
Only users with the network-admin, mdc-admin, or level-15 user role can execute this command. Users with other user roles cannot execute this command even if these roles are granted access to commands of the SNMP feature or this command. On an SNMPv1 or SNMPv2c network, NMSs and agents authenticate each other by using the community name.
snmp-agent community snmp-agent group snmp-agent usm-user v3 Use snmp-agent usm-user v3 to create an SNMPv3 user. Use undo snmp-agent usm-user v3 to delete an SNMPv3 user. Syntax In non-FIPS mode: • In VACM mode: snmp-agent usm-user v3 user-name group-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { 3des | aes128 | aes192 | aes256 | des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *...
Page 189
Parameters user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters. group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. The user takes effect only after you create the group. user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.
Page 190
name ipv6-acl-name: Specifies a basic IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters. local: Specifies the local SNMP engine. By default, an SNMPv3 user is associated with the local SNMP engine. engineid engineid-string: Specifies an SNMP engine ID. The engineid-string argument is an even number of hexadecimal characters, in the range of 10 to 64.
Page 191
<Sysname> system-view [Sysname] snmp-agent group v3 testGroup authentication [Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTplat&! # For an NMS to access the MIB objects in the default view ViewDefault, make sure the following configurations on the NMS are the same as the SNMP agent: •...
snmp-agent calculate-password snmp-agent group snmp-agent remote snmp-agent usm-user v3 user-role snmp-agent usm-user v3 user-role Use snmp-agent usm-user v3 user-role to assign a user role to an SNMPv3 user created in RBAC mode. Use undo snmp-agent usm-user user-role to remove a user role. Syntax snmp-agent usm-user v3 user-name user-role role-name undo snmp-agent usm-user v3 user-name user-role role-name...
RMON commands display rmon alarm Use display rmon alarm to display information about RMON alarm entries. Syntax display rmon alarm [ entry-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters entry-number: Specifies an alarm entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all RMON alarm entries.
Field Description Sample type: • Sample type absolute. • delta. Sampled variable Monitored variable. Sampling interval Interval (in seconds) at which data is sampled. Rising threshold Alarm rising threshold. associated with event Event index associated with the alarm.. Falling threshold Alarm falling threshold.
Examples # Display information about all RMON event entries. <Sysname> display rmon event EventEntry 1 owned by user1 is VALID. Description: N/A Community: Security Take the action log-trap when triggered, last triggered at 0days 00h:02m:27s uptime. Table 37 Command output Field Description Event entry owner and status:...
Page 196
Parameters entry-number: Specifies an event entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays log entries for all event entries. Usage guidelines If the log action is specified for an event, the system adds a record in the event log table each time the event occurs.
Related commands rmon event display rmon history Use display rmon history to display RMON history control entries and history samples of Ethernet statistics for Ethernet interfaces. Syntax display rmon history [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin...
Page 198
Table 39 Command output Field Description Status and owner of the history control entry: • entry-number—History control entry index. • owner—Entry owner. • status—Entry status: HistoryControlEntry VALID—The entry is valid. entry-number owned by UNDERCREATION—The entry is invalid. owner is status. The status field is not configurable at the CLI.
Related commands rmon history display rmon prialarm Use display rmon prialarm to display information about RMON private alarm entries. Syntax display rmon prialarm [ entry-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all private alarm entries.
Field Description Sample type: • Sample type absolute. • delta. Variable formula Variable formula. Description Description of the alarm. Sampling interval Interval (in seconds) at which data is sampled. Rising threshold Alarm rising threshold. Falling threshold Alarm falling threshold. associated with event Event index associated with the alarm..
Field Description Incoming-packet statistics by packet length: • 64—Number of packets with a length less than or equal to 64 bytes. • 65-127—Number of 65- to 127-byte packets. • Incoming packets by size: 128-255—Number of 128- to 255-byte packets. • 256-511—Number of 256- to 511-byte packets.
Page 203
sampling-interval: Sets the sampling interval in the range of 5 to 65535 seconds. absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds. delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current sampled value, and then compares the difference with the rising and falling thresholds.
[Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising-threshold 5000 1 falling-threshold 5 2 owner user1 In this example, you can replace 1.3.6.1.2.1.16.1.1.1.4.1 with etherStatsOctets.1, where 1 is the statistics entry index for the interface. If you execute the rmon statistics 5 command, you can use etherStatsOctets.5 to replace 1.3.6.1.2.1.16.1.1.1.4.5.
Usage guidelines You can create a maximum of 60 event entries. You can associate an event entry with a standard or private alarm entry to specify the action to take when an alarm condition occurs. Depending on your configuration, the system logs the event, sends an SNMP notification, does both, or does neither.
If an Ethernet interface has a history control entry, RMON periodically samples packet statistics on the interface and stores the samples to the history table. When the bucket size for the history control entry is reached, RMON overwrites the oldest sample with the most recent sample. You can create multiple RMON history control entries for an Ethernet interface.
Page 207
delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current sampled value, and then compares the difference with the rising and falling thresholds. startup-alarm: Specifies alarms that can be generated at the first sampling when a rising or falling threshold is reached or exceeded.
[Sysname] rmon event 1 log [Sysname] rmon event 2 none [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] rmon statistics 1 [Sysname-Ten-GigabitEthernet1/0/1] quit [Sysname] rmon prialarm 1 (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1) BroadcastPktsRatioOfXGE1/0/1 10 absolute rising-threshold 80 1 falling-threshold 5 2 entrytype forever owner user1 The last number in the OID forms of variables must be the same as the statistics entry index for the interface.
NETCONF commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. netconf idle-timeout Use netconf idle-timeout to set the NETCONF session idle timeout time.
Examples # Configure the device to log NETCONF edit-config information sourced from agent clients. <Sysname> system-view [Sysname] netconf log source agent protocol-operation set netconf soap domain Use netconf soap domain to specify a mandatory authentication domain for NETCONF users. Use undo netconf soap domain to restore the default. Syntax netconf soap domain domain-name undo netconf soap domain domain-name...
undo netconf soap http acl Default No ACL is applied to NETCONF over SOAP over HTTP traffic. Views System view Predefined user roles network-admin mdc-admin Parameters acl-number: Specifies an ACL by its number in the range of 2000 to 2999. name acl-name: Specifies an ACL by its name.
Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. A larger DSCP value represents a higher priority. Usage guidelines The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet.
Default No ACL is applied to NETCONF over SOAP over HTTPS traffic. Views System view Predefined user roles network-admin mdc-admin Parameters acl-number: Specifies an ACL by its number in the range of 2000 to 2999. name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.
Usage guidelines The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet. Examples # Set the DSCP value to 30 for outgoing NETCONF over SOAP over HTTPS packets. <Sysname>...
Predefined user roles network-admin mdc-admin Usage guidelines This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command. Before you execute this command, configure the authentication mode for users as scheme on the device.
Page 218
For example, in user line view, you configured "a" as the shortcut key by using the escape-key a command. When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed. Examples # Enter XML view. <Sysname> xml <?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:pa rams:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-runnin g</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capabi lity><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capabil ity>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:hpe...
EAA commands action cli Use action cli to add a CLI action to a monitor policy. Use undo action to remove an action. Syntax action number cli command-line undo action number Default A monitor policy does not contain any actions. Views CLI-defined policy view Predefined user roles...
[Sysname-rtm-test] action 3 cli shutdown action reboot Use action reboot to add a reboot action to a monitor policy. Use undo action to remove an action. Syntax In standalone mode: action number reboot [ slot slot-number [ subslot subslot-number ] ] undo action number In IRF mode: action number reboot [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ]...
Examples # (In standalone mode.) Configure an action for the CLI-defined policy test to reboot the specified slot. <Sysname> system-view [Sysname] rtm cli-policy test [Sysname-rtm-test] action 3 reboot slot 1 action switchover Use action switchover to add an active/standby switchover action to a monitor policy. Use undo action to remove an action.
action syslog Use action syslog to add a Syslog action to a monitor policy. Use undo action to remove an action. Syntax action number syslog priority priority facility local-number msg msg-body undo action number Default A monitor policy does not contain any actions. Views CLI-defined policy view Predefined user roles...
Default No CLI-defined monitor policies are enabled. Views CLI-defined policy view Predefined user roles network-admin mdc-admin Usage guidelines You must execute this command for a CLI-defined monitor policy to take effect. After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect.
Table 44 Command output Field Description Name of a user-defined EAA environment variable. This field displays a maximum of Name 30 characters. To display a user-defined EAA environment variable name of more than 30 characters, use the display current-configuration command. Value of the user-defined EAA environment variable.
Page 226
Field Description Event type, including CLI, hotplug, interface, process, SNMP, SNMP-Notification, Event Syslog, and track. TimeActive Time when the monitor policy was triggered. PolicyName Name of the monitor policy. # Display brief information about all created monitor policies. <Sysname> display rtm policy registered Total number: 1 Type Event...
event cli Use event cli to configure a CLI event for a CLI-defined monitor policy. Use undo event to delete the event in a CLI-defined monitor policy. Syntax event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp undo event Default No CLI event is configured.
[Sysname] rtm cli-policy test [Sysname-rmt-test] event cli async mode tab pattern display interface brief # Configure a CLI-defined policy to monitor the use of the question mark (?) at command lines that contain the display interface brief string. Enable the system to execute a policy-matching command line only if the actions in the policy are executed successfully when a question mark is entered at the command line.
You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry. Examples # (In standalone mode.) Configure a CLI-defined policy to monitor the specified slot for card swapping.
Page 230
Monitored traffic Description statistic input-errors Number of incoming error packets. output-drops Number of discarded outgoing packets. output-errors Number of outgoing error packets. rcv-bps Receive rate, in bps. rcv-broadcasts Number of incoming broadcasts. rcv-pps Receive rate, in packets per second. tx-bps Transmit rate, in bps.
EAA to re-execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50. <Sysname> system-view [Sysname] rtm cli-policy test [Sysname-rtm-test] event interface ten-gigabitethernet 1/0/1 monitor-obj input-errors start-op gt start-val 1000 restart-op lt restart-val 50 interval 60 event process Use event process to configure a process event for a CLI-defined monitor policy.
chassis chassis-number: Specifies an IRF member device by its member ID or specifies a PEX by its virtual chassis number. On an IRF fabric, the policy applies to all member devices if you do not specify a member device. On an eIRF system, the policy applies to all IRF member devices and PEXs if you do not specify a member device or PEX.
restart-op op: Specifies the operator for comparing the sampled value with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table restart-op restart-val: Specifies the restart threshold to be compared with the sampled value. The restart-val argument can be any data type supported by SNMP, including numerals and character strings.
Default No SNMP-Notification event is configured. Views CLI-defined policy view Predefined user roles network-admin mdc-admin Parameters oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters. oid-val oid-val: Specifies the threshold to be compared with the sampled value. The oid-val argument can be any data type supported by SNMP, including numerals and character strings.
Predefined user roles network-admin mdc-admin Parameters priority priority: Specifies the lowest severity level for matching log messages. The level argument can be an integer in the range of 0 to 7, or the word all. A lower number represents higher priority level.
Predefined user roles network-admin mdc-admin Parameters track-list: Specifies a space-separated list of up to 16 track items. Each item specifies a track entry number or a range of track entry numbers in the form of track-entry-number to track-entry-number. The value range for the track-entry-number argument is 1 to 1024. state { negative | positive }: Triggers the policy when the states of the track entries change.
undo rtm cli-policy policy-name Default No CLI-defined monitor policies exist. Views System view Predefined user roles network-admin mdc-admin Parameters policy-name: Specifies the name of a CLI-defined monitor policy, a case-sensitive string of 1 to 63 characters. Usage guidelines You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy.
Page 238
Variable name Description _event_id Event ID. _event_type Event type. _event_type_string Event type description. _event_time Time when the event occurs. _event_severity Severity level of an event. CLI: _cmd Commands that are matched. Syslog: _syslog_pattern Log message content. Hotplug: _slot ID of the slot where card hot-swapping occurs. ID of the subslot where subcard hot-swapping occurs.
Examples # Create an environment variable: set its name to if and set its value to interface. <Sysname> system-view [Sysname] rtm environment if interface rtm event syslog buffer-size Use rtm event syslog buffer-size to set the size for the EAA-monitored log buffer. Use undo rtm event syslog buffer-size to restore the default.
Views System view Predefined user roles network-admin mdc-admin Usage guidelines You need to suspend the monitor policies under the following circumstances: • The monitor policies are triggered frequently, affecting the system services and performance. • The Tcl script of a policy needs to be revised. After you execute this command, EAA will not execute the policies even if the trigger conditions are met.
after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies. To bind a Tcl-defined policy to a different Tcl script file: Execute the undo rtm tcl-policy command to delete the Tcl policy. Create the Tcl policy again, and then bind it to the new Tcl script file.
Page 242
Use undo user-role to remove a user role from a CLI-defined policy. Syntax user-role role-name undo user-role role-name Default A monitor policy contains user roles that its creator had at the time of policy creation. Views CLI-defined policy view Predefined user roles network-admin mdc-admin Parameters...
Process monitoring and maintenance commands The display memory, display process, display process cpu, monitor process and monitor thread commands display information about both user processes and kernel threads. In these commands, "process" refers to both user processes and kernel threads. display exception context Use display exception context to display context information for process exceptions.
Page 244
Core file path: flash:/core/node0_routed_120_7_20130409-171430_1365527670.core 0xb7caba4a 0x0804cb79 0xb7cd77c4 0x08049f45 Backtrace stopped. Registers' content eax:0xfffffffc ebx:0x00000003 ecx:0xbfe244ec edx:0x0000000a esp:0xbfe244b8 ebp:0xbfe244c8 esi:0xffffffff edi:0xbfe24674 eip:0xb7caba4a eflag:0x00000292 cs:0x00000073 ss:0x0000007b ds:0x0000007b es:0x0000007b fs:0x00000000 gs:0x00000033 # Display the exception context information on the x86-based 64-bit terminal. <Sysname> display exception context Index 1 of 1 ------------------------------ Crashed PID: 121 (routed)
Views Any view Predefined user roles network-admin mdc-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays the core file directory on the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays the core file directory on the global active MPU.
Page 249
Examples # (In standalone mode.) Display brief information about the most recent kernel thread deadloop. <Sysname> display kernel deadloop 1 ----------------- Deadloop record 1 ----------------- Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306] Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01...
Page 250
Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ; Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ; Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ; Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;...
Function Address = 0x8012d734 Function Address = 0x80100a00 Function Address = 0xe0071004 Function Address = 0x8016ce0c Function Address = 0x801223a0 Instruction dump: 41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80 4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c Table 52 Command output Field Description Description for the kernel thread deadloop, including the CPU number,...
Page 252
Syntax In standalone mode: display kernel deadloop configuration [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel deadloop configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin mdc-admin Parameters slot slot-number: Specifies an MPU by its slot number.
display kernel exception Use display kernel exception to display kernel thread exception information. Syntax In standalone mode: display kernel exception show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel exception show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
Page 254
module name (disk) module address (0xe00bd000) # (In standalone mode.) Display detailed information about the most recent kernel thread exception. <Sysname> display kernel exception 1 verbose ----------------- Exception record 1 ----------------- Description : Oops[#0] Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Instruction address...
display process Use display process to display process state information. Syntax In standalone mode: display process [ all | job job-id | name process-name ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display process [ all | job job-id | name process-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
Page 264
Process state: sleeping Max. core: 0 ARGS: - LAST_CPU Stack State HH:MM:SS:MSEC Name 0:0:5:220 scmd Table 56 Command output Field Description Job ID Job ID of the process. The job ID never changes. Number of the process. The number identifies the process, and it might change as the process restarts.
Page 265
• Z—Zombie. HH:MM:SS:MSEC Running time since the most recent start. Name Process name. # Display state information for all processes. <Sysname> display process all PID %CPU %MEM STAT PRI THIRD TTY HH:MM:SS COMMAND 00:00:04 scmd 00:00:00 [kthreadd] 00:00:00 [migration/0] 00:00:05 [ksoftirqd/0] 00:00:00 [watchdog/0] 00:00:00 [events/0] 00:00:00 [khelper]...
TTY used by a process. This field displays a hyphen (-) for non-default MDCs. This field is not supported in the current software version. HH:MM:SS Running time since the most recent start. Name and parameters of a process. If square brackets ([ ]) exist in a process name, COMMAND the process is a kernel thread.
1 min: 4.7%; 5 mins: 4.7% Job ID of a process. It never changes. 5Sec CPU usage of the process within the last 5 seconds. 1Min CPU usage of the process within the last minute. 5Min CPU usage of the process within the last 5 minutes. Name of the process.
pkg_update 12-17 07:10:30 12-17 07:10:31 Table 59 Command output Field Description Process Name of a user process. JobID Job ID of a user process. ID of a user process. Indicates whether the process exited abnormally: • Abort Y—Yes. • N—No. Indicates whether the process can generate core files: •...
cpu cpu-number: Specifies a CPU by its number. Usage guidelines When a user process starts, it requests the following types of memory from the system: • Text memory—Stores code for the user process. • Data memory—Stores data for the user process. •...
Page 270
display process memory heap job job-id [ verbose ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display process memory heap job job-id [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin...
4096 8192 81920 Summary: Total virtual memory heap space (in bytes) 2293760 Total physical memory heap space (in bytes) : 58368 Total allocated memory (in bytes) 42368 Table 61 Command output Field Description Size Size of each memory block, in bytes. Free Number of free memory blocks.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory content information on the active MPU.(In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF 2 member device or specifies a PEX.
Parameters job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. size memory-size: Specifies the memory block size in the range of 1 to 4294967295. offset offset-size: Specifies an offset in the range of 0 to 4294967295. The default value is 128. For example, suppose the system allocates 100 16-byte memory blocks to process job 1, and the process has used 66 blocks.
Default The default directory is the root directory of the flash: file system on the active MPU (in standalone mode) or global active MPU (in IRF mode). Views User view Predefined user roles network-admin mdc-admin Parameters directory: Specifies the directory for saving core files. Usage guidelines (In standalone mode.) The specified directory must be the root directory of a file system on the active MPU.
Default The system logs the kernel thread deadloop event. Views System view Predefined user roles network-admin Parameters reboot: Logs the event and reboots the specified slot or CPU. record-only: Logs the event. slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command specifies the action for the active MPU.
Default Kernel thread deadloop detection is enabled. Views System view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified.
monitor kernel deadloop time time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] undo monitor kernel deadloop time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Default The interval for identifying a kernel thread deadloop is 600 seconds. Views System view Predefined user roles...
undo monitor kernel starvation time [ slot slot-number [ cpu cpu-number ] ] In IRF mode: monitor kernel starvation time time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] undo monitor kernel starvation time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Default The interval for identifying a kernel thread starvation is 120 seconds.
Page 282
monitor process [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin mdc-admin Parameters dumbtty: Specifies dumbtty mode. In this mode, the command displays process statistics in descending order of CPU usage without refreshing statistics.
Page 283
Commands Description Changes the maximum number of processes displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only processes not exceeding the screen size can be displayed. Quits the interactive mode.
Page 284
5373 5373 1496K 00:00:00 0.51% 00:00:00 0.00% [kthreadd] 00:00:00 0.00% [migration/0] 00:00:00 0.00% [watchdog/0] 00:00:01 0.00% [events/0] 00:00:00 0.00% [khelper] 4796 4796 2744K 00:00:00 0.00% login 4797 4797 28832K 00:00:03 0.00% comsh Five seconds later, the system refreshes process statistics as follows (which is the same as executing the monitor process dumbtty command twice at a 5-second interval): 76 processes;...
Page 285
5491 5491 1500K 00:00:00 0.18% 00:00:00 0.00% [kthreadd] The system refreshes process statistics every 5 seconds. You can enter interactive commands to perform operation as follows: • Enter h or a question mark (?) to display help information as follows: Help for interactive commands: Show the available interactive commands Toggle SMP view: '1' single/separate states...
• Enter k and then enter a JID to kill a process. If you enter 884, the process with the JID of 884 is killed. Enter the JID to kill: 884 84 processes; 107 threads; 683 fds Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie CPU states: 59.03% idle, 1.92% user, 37.88% kernel, 1.15% interrupt Memory: 755M total, 419M available, page size 4K State...
Page 287
Views Any view Predefined user roles network-admin mdc-admin Parameters dumbtty: Specifies dumbtty mode. In this mode, the command displays all thread statistics in descending order of CPU usage without refreshing statistics. If you do not specify the keyword, the command displays statistics for top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.
Page 289
Enter the delay interval between screen updates (1~2147483647): 3 • Enter n, and then enter a number to modify the maximum number of displayed threads. If you enter 5, statistics for five threads are displayed. Enter the max number of threads to display(0 means unlimited): 5 84 processes;...
Name of a thread. If square brackets ([ ]) exist in a thread name, the thread is a Name kernel thread. process core Use process core to enable or disable a process to generate core files for exceptions and set the maximum number of core files.
Because the core files consume system storage resources, you can disable core file generation for processes for which you do not need to review exception information. Examples # Disable core file generation for process routed. <Sysname> process core off name routed # Enable core file generation for process routed and set the maximum number of core files to 5.
reset kernel deadloop [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset kernel deadloop [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread deadloop information for the active MPU.
Related commands display kernel exception reset kernel reboot Use reset kernel reboot to clear kernel thread reboot information. Syntax In standalone mode: reset kernel reboot [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset kernel reboot [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles...
Page 294
Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread starvation information for the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears kernel thread starvation information for the global active MPU.
sampler Use sampler to create a sampler. Use undo sampler to delete a sampler. Syntax sampler sampler-name mode fixed packet-interval n-power rate undo sampler sampler-name Default No samplers exist. Views System view Predefined user roles network-admin mdc-admin Parameters sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. fixed: Specifies the fixed sampling mode.
Port mirroring commands display mirroring-group Use display mirroring-group to display mirroring group information. Syntax display mirroring-group { group-id | all | local | remote-destination | remote-source } Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters group-id: Specifies a mirroring group by its number. The value range for this argument is 1 to 16. all: Specifies all mirroring groups.
Field Description Type of the mirroring group: • Local. Type • Remote source. • Remote destination. Status of the mirroring group: • Active—The mirroring group has taken effect. Status • Incomplete—The mirroring group configuration is not complete and does not take effect. Mirroring port Source port.
Page 299
Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group. Syntax In standalone mode: mirroring-group group-id mirroring-cpu slot slot-number-list { both | inbound | outbound } undo mirroring-group group-id mirroring-cpu slot slot-number-list In IRF mode: mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list { both | inbound | outbound } undo mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list Default...
mirroring-group mirroring-port (interface view) Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group. Use undo mirroring-group mirroring-port to restore the default. Syntax mirroring-group group-id mirroring-port { both | inbound | outbound } undo mirroring-group group-id mirroring-port Default A port does not act as a source port for any mirroring groups.
mirroring-group mirroring-port (system view) Use mirroring-group mirroring-port to configure source ports for a mirroring group. Use undo mirroring-group mirroring-port to remove source ports from a mirroring group. Syntax mirroring-group group-id mirroring-port interface-list { both | inbound | outbound } undo mirroring-group group-id mirroring-port interface-list Default No source port is configured for a mirroring group.
Related commands mirroring-group mirroring-group monitor-egress Use mirroring-group monitor-egress to configure the egress port for a remote source group. Use undo mirroring-group monitor-egress to restore the default. Syntax In system view: mirroring-group group-id monitor-egress interface-type interface-number undo mirroring-group group-id monitor-egress interface-type interface-number In interface view: mirroring-group group-id monitor-egress undo mirroring-group group-id monitor-egress...
Examples # Create local mirroring group 1 and configure Ten-GigabitEthernet 1/0/1 as its monitor port. <Sysname> system-view [Sysname] mirroring-group 1 local [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] mirroring-group 1 monitor-port # Create remote destination group 2 and configure Ten-GigabitEthernet 1/0/2 as its monitor port. <Sysname>...
A Layer 2 or Layer 3 aggregate interface cannot be configured as the monitor port for a Layer 2 remote destination group. The member port of an existing mirroring group cannot be configured as a monitor port. The member port of an aggregate interface cannot be configured as a monitor port. Examples # Create local mirroring group 1 and configure Ten-GigabitEthernet 1/0/1 as its monitor port.
Parameters group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 16. interface-type interface-number: Specifies a port by its type and number. Usage guidelines You can configure reflector ports only for remote source groups. Do not assign the reflector port of a mirroring group to a source VLAN of the mirroring group.
Page 307
undo mirroring-group group-id remote-probe vlan vlan-id Default No remote probe VLAN is configured for a mirroring group. Views System view Predefined user roles network-admin mdc-admin Parameters group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 16.
Flow mirroring commands mirror-to cpu Use mirror-to cpu to configure a mirroring action that mirrors traffic to the CPU. Use undo mirror-to cpu to delete the mirroring action that mirrors traffic to the CPU. Syntax mirror-to cpu undo mirror-to cpu Default No mirroring action exists to mirror traffic to the CPU.
Page 309
Usage guidelines You can execute this command multiple times for a traffic behavior to mirror traffic to different interfaces. The encapsulation parameters for the mirrored packets are available only when the mirrored packets are sent out of Ethernet interfaces. Examples # Create traffic behavior 1 and configure the action of mirroring traffic to Ten-GigabitEthernet 1/0/1 for the traffic behavior.
NetStream configuration commands display ip netstream cache Use display ip netstream cache to display NetStream entry information. Syntax In standalone mode: display ip netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | interface interface-type interface-number | source source-ip ] * [ slot slot-number ] In IRF mode:...
Page 311
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about NetStream entries for all cards. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device or specifies a PEX.
Page 313
Field Description This field is not supported in the current software version. Distribution of IP packets by packet size, and the bracketed IP packet size distribution (0 packets in number is the total number of IP packets. total) The value is displayed in the proportion of the number of IP packets of the specified sizes to the total number of IP packets, and the value is displayed with 3 decimal places.
Field Description Layer 2 information of the active flows in the current cache: • Destination MAC address. • DstMAC(VLAN) SrcMAC(VLAN) Destination VLAN ID. • Source MAC address. • Source VLAN ID. This field is not supported in the current software version. Information about the active MPLS flows in the current cache: •...
Page 315
Usage guidelines IP NetStream export information varies by aggregation mode. This command displays IP NetStream export information for all the configured aggregation modes. Examples # Display information about the NetStream data export. <Sysname> display ip netstream export IP export information: Flow source interface : GigabitEthernet1/0/1 Flow destination VPN instance...
Field Description Version 5 exported flows number Number of flows that are exported in version 5 format. Number of UDP packets that are sent in version 5 format. The Version 5 exported UDP datagram field in the parentheses indicates the number of UDP packets that number (failed) failed to be sent.
Page 317
Usage guidelines IP NetStream templates vary by aggregation mode. This command displays IP NetStream template information for all the configured aggregation modes. Examples # Display NetStream template information. <Sysname> display ip netstream template Flow template refresh frequency : 20 Flow template refresh interval : 30 min Active flow templates Created flow templates...
L4 destination port Sampling algorithm Sampling interval Table 70 Command output Field Description Flow template refresh frequency Refresh frequency at which the templates are sent, in packets. Flow template refresh interval Refresh interval at which the templates are sent, in minutes. Active flow templates Number of active NetStream templates.
Default No NetStream aggregation mode is enabled. Views NetStream aggregation mode view Predefined user roles network-admin mdc-admin Examples # Enable NetStream destination-prefix aggregation mode. <Sysname> system-view [Sysname] ip netstream aggregation destination-prefix [Sysname-ns-aggregation-dstpre] enable Related commands ip netstream aggregation ip netstream Use ip netstream to enable NetStream on an interface.
Page 320
Use undo ip netstream aggregation to remove the configuration for a NetStream aggregation mode. Syntax ip netstream aggregation { destination-prefix | prefix | prefix-port | protocol-port | source-prefix | tos-destination-prefix | tos-prefix | tos-protocol-port | tos-source-prefix } undo ip netstream aggregation { destination-prefix | prefix | prefix-port | protocol-port | source-prefix | tos-destination-prefix | tos-prefix | tos-protocol-port | tos-source-prefix } Default No NetStream aggregation mode is specified.
Predefined user roles network-admin mdc-admin Usage guidelines The hardware aggregation does not take effect if the destination host is configured for NetStream traditional data export. The NetStream hardware aggregation entries are stored in the same cache as NetStream traditional data entries and are exportable. Examples # Enable NetStream hardware aggregation.
If no destination host is specified in a NetStream aggregation mode view, the destination host in system view applies. If destination hosts are specified in a NetStream aggregation view and system view, the destination hosts in aggregation view take effect. You can specify a maximum of four destination hosts in system view or a NetStream aggregation mode view.
[Sysname] ip netstream export rate 10 ip netstream export source Use ip netstream export source to specify the source interface for data packets sent to NetStream servers. Use undo ip netstream export source to restore the default. Syntax ip netstream export source interface interface-type interface-number undo ip netstream export source Default The packets take the IP address of the output interface as the source IP address.
Syntax ip netstream export template refresh-rate { packet packets | time minutes } undo ip netstream export template refresh-rate { packet | time } Default The packet count-based refresh rate is 20 packets, and the time-based refresh interval is 30 minutes.
Views System view Predefined user roles network-admin mdc-admin Parameters origin-as: Records the source AS of the source address and the destination AS of the destination address. peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively.
Predefined user roles network-admin mdc-admin Parameters inbound: Filters incoming traffic. outbound: Filters outgoing traffic. acl ipv4-acl-number: Specifies an IPv4 ACL by its number. The value range is 2000 to 2999 for basic ACLs, 3000 to 3999 for advanced ACLs, and 4000 to 4999 for Layer 2 ACLs. Usage guidelines NetStream filtering uses an ACL to identify intended packets.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ip netstream inbound [Sysname-GigabitEthernet1/0/1] ip netstream inbound sampler abc ip netstream timeout active Use ip netstream timeout active to set the aging timer for active flows. Use undo ip netstream timeout active to restore the default. Syntax ip netstream timeout active minutes undo ip netstream timeout active...
Views System view Predefined user roles network-admin mdc-admin Parameters seconds: Sets the aging timer for inactive flows, in the range of 10 to 320 seconds. Usage guidelines A flow is considered inactive if no packet for the NetStream entry arrives before the timer set by this command expires.
Page 332
number is the total number of IPv6 packets. The value is displayed in the proportion of the number of IPv6 packets of the specified sizes to the total number of IPv6 packets. The value is displayed with three decimal places. This field is not supported in the current software version.
• Type of the labels at the top of the label stack: IP address associated with the label. Mask associated with the label. • Label list: Lbl—20-bit label value. Exp—3-bit field for implementing QoS. S—1-bit bottom of stack flag. The S field is set to 1 if ...
Flow destination VPN instance : Not specified Flow destination IP address (UDP) : 40::1 (30000) Version 9 exported flows number : 16 Version 9 exported UDP datagram number (failed) : 2 (0) Version 10 exported flows number Version 10 exported UDP datagram number (failed) : 0 (0) IPv6 export information: Flow source interface...
Page 335
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays IPv6 NetStream template information for the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device or specifies a PEX.
Page 336
Sampling interval Protocol-port inbound template: Template ID : 3257 Field count : 14 Field type Field length (bytes) --------------------------------------------------------------------------- Flows In packets In bytes First forwarded Last forwarded Protocol IP protocol version Direction L4 source port L4 destination port Sampling algorithm Sampling interval Table 73 Command output Field...
accurate to milliseconds. Direction Traffic direction. L4 source port Source UDP or TCP port. L4 destination port Destination UDP or TCP port. Padding string. Sampling interval Sampling rate. enable Use enable to enable an IPv6 NetStream aggregation mode. Use undo enable to disable an IPv6 NetStream aggregation mode. Syntax enable undo enable...
source-prefix: Specifies the source-prefix aggregation by source AS number, source address mask length, source prefix, and input interface index. Usage guidelines In IPv6 NetStream aggregation mode view, you can perform the following tasks: • Enable or disable the specified IPv6 NetStream aggregation mode. •...
Related commands ipv6 netstream export host ipv6 netstream aggregation ipv6 netstream export host Use ipv6 netstream export host to specify a destination host for IPv6 NetStream data export. Use undo ipv6 netstream export host to remove the specified destination host or all destination hosts that are configured in the current view.
Examples # In system view, specify 40::1 as the IP address of the destination host and UDP port 5000 as the export destination port number. <Sysname> system-view [Sysname] ipv6 netstream export host 40::1 5000 Related commands ipv6 netstream aggregation ipv6 netstream export source ipv6 netstream export rate Use ipv6 netstream export rate to limit the IPv6 NetStream data export rate.
undo ipv6 netstream export source Default The packets take the IPv6 address of the output interface as the source IPv6 address. Views System view IPv6 NetStream aggregation mode view Predefined user roles network-admin mdc-admin Parameters interface-type interface-number: Specifies a source interface by its type and number for the IPv6 NetStream data export.
Views System view Predefined user roles network-admin mdc-admin Parameters packet packets: Specifies the number of packets that are sent before the template is sent. The value range is 1 to 600. time minutes: Specifies the interval at which the template is sent, in the range of 1 to 3600 minutes. Usage guidelines Version 9 and version 10 are template-based and support user-defined formats.
peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively. bgp-nexthop: Records BGP next hops. Usage guidelines Only one version format can take effect on the device. If you execute the ipv6 netstream export version command multiple times, the most recent configuration takes effect.
Views System view Predefined user roles network-admin mdc-admin Parameters minutes: Sets the aging timer for active flows, in the range of 1 to 5 minutes. Usage guidelines A flow is considered active if packets for the IPv6 NetStream entry arrive before the timer set by this command expires.
Related commands ipv6 netstream timeout active reset ipv6 netstream statistics Use reset ipv6 netstream statistics to age out all flows in the cache and export IPv6 NetStream data. Syntax reset ipv6 netstream statistics Views User view Predefined user roles network-admin mdc-admin Usage guidelines It takes the system several minutes to execute the command.
Field Description Port sFlow collector port. Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow Aging collector never ages out. Size Maximum length of the sFlow data portion in an sFlow packet. VPN-instance Name of the VPN instance to which the sFlow collector belongs. Description Description of the sFlow collector.
Parameters ip ipv4-address: Specifies an IPv4 address for the sFlow agent. ipv6 ipv6-address: Specifies an IPv6 address for the sFlow agent. Usage guidelines As a best practice, manually configure an IP address for the sFlow agent. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify IP address 10.10.10.1 for the sFlow agent.
Examples # Configure the following parameters for sFlow collector 2: • IP address—3.3.3.1. • Port number—Default. • Description—netserver. • Aging timer—1200 seconds. • Maximum length of the sFlow data portion in the sFlow packet—1000 bytes. <Sysname> system-view [Sysname] sflow collector 2 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000 sflow counter collector Use sflow counter collector to specify an sFlow collector for counter sampling.
Default Counter sampling is disabled. Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Parameters interval: Specifies the counter sampling interval in the range of 2 to 86400 seconds. Examples # Enable counter sampling and set the counter sampling interval to 120 seconds on Ten-GigabitEthernet 1/0/1.
sflow flow max-header Use sflow flow max-header to set the maximum number of bytes (starting from the packet header) that flow sampling can copy per packet. Use undo sflow flow max-header to restore the default. Syntax sflow flow max-header length undo sflow flow max-header Default Flow sampling can copy up to 128 bytes of a packet.
Parameters determine: Specifies the fixed sampling mode. For example, if the flow sampling interval is set to 4000 (by using the sflow sampling-rate command), the device samples packets as follows: • The device randomly samples a packet, like the tenth packet, from the first 4000 packets. •...
Examples # Enable flow sampling to sample a packet out of 32768 packets on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] sflow sampling-rate 32768 Related commands sflow sampling-mode sflow source Use sflow source to specify the source IP address of sent sFlow packets. Use undo sflow source to restore the default.
Information center commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. diagnostic-logfile save Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
Log buffer: Enabled Max buffer size 1024, current buffer size 512, Current messages 0, dropped messages 0, overwritten messages 0 Log file: Enabled Security log file: Enabled Information timestamp format: Log host: Date Other output destination: Date display logbuffer Use display logbuffer to display the state of the log buffer and the log information in the log buffer. Syntax In standalone mode: display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *...
Page 359
Severity Keyword in Level Description value commands Normal but significant condition. For example, a terminal Notification notification logs in to the device, or the device reboots. Informational message. For example, a command or a Informational informational ping operation is executed. Debugging Debugging message.
[Sysname-Ten-GigabitEthernet1/0/1] undo enable log updown info-center diagnostic-logfile directory Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file. Syntax info-center diagnostic-logfile directory dir-name Default The diagnostic log file directory is flash:/diagfile. Views System view Predefined user roles network-admin mdc-admin Parameters...
Predefined user roles network-admin mdc-admin Usage guidelines This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems. Examples # Enable saving diagnostic logs to the diagnostic log file. <Sysname>...
Syntax info-center diagnostic-logfile quota size undo info-center diagnostic-logfile quota Default The maximum size for the diagnostic log file is 10 MB. Views System view Predefined user roles network-admin mdc-admin Parameters size: Specifies the maximum size for the diagnostic log file, in MB. The value range is 1 to 10. Examples # Set the maximum size to 6 MB for the diagnostic log file.
Syntax info-center format { cmcc | unicom } undo info-center format Default Logs are sent to log hosts in standard format. Views System view Predefined user roles network-admin mdc-admin Parameters cmcc: Specifies the China Mobile Communications Corporation (cmcc) format. unicom: Specifies the China Unicom (unicom) format. Usage guidelines Logs can be sent to log hosts in standard, unicom, or cmcc format.
Related commands display logbuffer info-center enable info-center logbuffer size Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer. Use undo info-center logbuffer size to restore the default. Syntax info-center logbuffer size buffersize undo info-center logbuffer size Default The log buffer can store a maximum of 512 logs.
Predefined user roles network-admin mdc-admin Parameters dir-name: Specifies a directory by its name, a string of 1 to 64 characters. Usage guidelines The specified log file directory must have been created. The log file uses the .log extension. (In standalone mode.) This command cannot survive a reboot or an active/standby switchover. (In IRF mode.) This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric.
info-center logfile frequency Use info-center logfile frequency to configure the interval at which the system saves logs from the log file buffer to the log file. Use undo info-center logfile frequency to restore the default. Syntax info-center logfile frequency freq-sec undo info-center logfile frequency Default The log file saving interval is 86400 seconds.
Parameters all-port-powerdown: Shuts down all the service ports on the device when no log file space or storage device space is available. If you do not specify this keyword, the device does not shut down service ports when no log file space or storage device space is available. Usage guidelines This command is available only in FIPS mode.
Page 371
undo info-center logging suppress duplicates Default Duplicate log suppression is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources. With this feature enabled, the system starts a suppression period when outputting a new log: •...
%Jan 1 07:30:19:542 2000 Sysname CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[12]-CommandSource=[2]-ConfigSource=[4]-ConfigDestination=[2]; Configuration is changed. The output shows that a different log is generated during the suppression period. %Jan 1 07:30:24:643 2000 Sysname ARP/6/DUPIFIP: Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-0058-123d %Jan 1 07:30:55:645 2000 Sysname ARP/6/DUPIFIP: Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-0058-123d This message repeated 4 times in last 30 seconds.
info-center loghost source Use info-center loghost source to specify a source IP address for logs sent to log hosts. Use undo info-center loghost source to restore the default. Syntax info-center loghost source interface-type interface-number undo info-center loghost source Default The source IP address of logs sent to log hosts is the primary IP address of the outgoing interface. Views System view Predefined user roles...
Predefined user roles network-admin mdc-admin Parameters usage: Specifies an alarm threshold. The value must be an integer in the range of 1 to 100. Usage guidelines When the security log file is full, the system deletes the oldest logs and then writes new logs to the security log file.
info-center security-logfile enable Use info-center security-logfile enable to enable saving of security logs to the security log file. Use undo info-center security-logfile enable to restore the default. Syntax info-center security-logfile enable undo info-center security-logfile enable Default The saving of security logs to the security log file is disabled. Views System view Predefined user roles...
Usage guidelines The system outputs security logs to the security log file buffer, and then saves the buffered logs to the security log file at the specified interval. Examples # Set the security log file saving interval to 600 seconds. <Sysname>...
level severity: Specifies a severity level in the range of 0 to 7. The smaller the severity value, the higher the severity level. See Table 76 for more information. Logs at the specified severity level and higher levels are allowed or denied to be output. Usage guidelines If you do not set an output rule for a module, the module uses the output rule set by using the default keyword.
[Sysname] info-center synchronous Info-center synchronous output is on [Sysname] display current- At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example. %May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44 [Sysname] display current- Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.
info-center timestamp Use info-center timestamp to set the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file. Use undo info-center timestamp to restore the default. Syntax info-center timestamp { boot | date | none } undo info-center timestamp Default The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.
Default The timestamp format for logs sent to log hosts is date. Views System view Predefined user roles network-admin mdc-admin Parameters date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time. iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.
<Sysname> system-view [Sysname] info-center trace-logfile quota 6 logfile save Use logfile save to manually save logs in the log file buffer to the log file. Syntax logfile save Views Any view Predefined user roles network-admin mdc-admin Usage guidelines You can specify the directory to save the log file by using the info-center logfile directory command.
Related commands display logbuffer security-logfile save Use security-logfile save to manually save security logs from the security log file buffer to the security log file. Syntax security-logfile save Views Any view Predefined user roles security-audit Usage guidelines The system clears the security log file buffer after saving the buffered security logs to the security log file automatically or manually.
mdc-admin Usage guidelines To enable display of debug information on the console, perform the following tasks: Execute the terminal debugging command. Enable the information center. The information center is enabled by default. Use a debugging command to enable the related debugging. To enable display of debug information on the current terminal, perform the following tasks: Execute the terminal monitor and terminal debugging commands.
mdc-admin Parameters severity: Specifies a log severity level in the range of 0 to 7. Usage guidelines This command enables the device to output logs with a severity level higher than or equal to the specified level to the current terminal. For example, if you set the severity argument to 6, logs with a severity value from 0 to 6 are output to the current terminal.
GOLD commands diagnostic event-log size Use diagnostic event-log size to configure the maximum number of GOLD log entries. Use undo diagnostic event-log size to restore the default. Syntax diagnostic event-log size number undo diagnostic event-log size Default GOLD can save up to 512 log entries. Views System view Predefined user roles...
Default The status of monitoring diagnostics varies by test. Use the display diagnostic content command to view the status of monitoring diagnostics for a test. Views System view Predefined user roles network-admin Parameters slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies a card by its slot number or specifies a range of cards in the form of start-slot-number to end-slot-number.
diagnostic monitor interval chassis chassis-number slot slot-number-list [ test test-name ] time interval undo diagnostic monitor interval chassis chassis-number slot slot-number-list [ test test-name ] Default The execution interval varies by test. Use the display diagnostic content command to view the execution interval for a test.
Use undo diagnostic ondemand failure to restore the default. Syntax diagnostic ondemand failure failure-number undo diagnostic ondemand failure Default The maximum number of failed on-demand diagnostic tests is not specified. Views User view Predefined user roles network-admin Parameters failure-number: Specifies the maximum number of failed tests, in the range of 1 to 999. Usage guidelines After you use the diagnostic ondemand start command to enable on-demand diagnostics, you can stop the diagnostic tests by using any of the following commands:...
Views User view Predefined user roles network-admin Parameters repeating-number: Specifies the number of executions for on-demand diagnostic tests, in the range of 1 to 999. Usage guidelines Use this command to configure the number of executions for diagnostic tests to be enabled. This command does not survive a device reboot.
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies a card or a PEX by its slot number or specifies a range of cards or PEXs in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number.
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies a card or a PEX by its slot number or specifies a range of cards or PEXs in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number.
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies a card or a PEX by its slot number or specifies a range of cards or PEXs in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number.
Page 395
verbose: Displays detailed information about diagnostic tests. If you do not specify this keyword, the command displays brief information about the diagnostic tests. Examples # (In standalone mode.) Display brief information about all diagnostic tests on the specified slot. <Sysname> display diagnostic content slot 1 Diagnostic test suite attributes: #B/*: Bootup test/NA #O/*: Ondemand test/NA...
Page 396
Test name : TaskMonitor Test attributes : **M*PA Test interval : 00:00:10 Min interval : 00:00:10 Correct-action : -NA- Description : A Real-time test, enabled by default that checks the importan t tasks. Exec : -NA- Test name : PortMonitor Test attributes : **M*PA Test interval...
display diagnostic event-log Use display diagnostic event-log to display GOLD log entries. Syntax display diagnostic event-log [ error | info ] Views Any view Predefined user roles network-admin network-operator Parameters error: Displays all error log entries. info: Displays all log entries except error log entries. Usage guidelines If you do not specify the error and info keywords, the command displays all GOLD log entries.
<Sysname> display diagnostic ondemand configuration Maximum test-repeating times: 4 Maximum test-failure times: 1 Related commands diagnostic ondemand failure diagnostic ondemand repeating display diagnostic result Use display diagnostic result to display test results. Syntax In standalone mode: display diagnostic result [ slot slot-number [ test test-name ] ] [ verbose ] In IRF mode: display diagnostic result [ chassis chassis-number [ slot slot-number [ test test-name ] ] ] [ verbose ]...
Page 399
PortMonitor Success ComponentMonitor Success # (In standalone mode.) Display detailed test results for all diagnostic tests. <Sysname> display diagnostic result verbose Slot 1: Test name : IPCMonitor Total run count : 52 Total failure count Consecutive failure count: 0 Last execution time : Fri Nov 21 23:13:25 2014 First failure time : -NA-...
Last execution time : Fri Nov 21 23:13:35 2014 First failure time : -NA- Last failure time : -NA- Last pass time : Fri Nov 21 23:13:35 2014 Last execution result : Success Last failure reason : -NA- Next execution time : Fri Nov 21 23:13:45 2014 test result: pass Test name...
Page 401
display diagnostic result [ slot slot-number [ test test-name ] ] statistics In IRF mode: display diagnostic result [ chassis chassis-number [ slot slot-number [ test test-name ] ] ] statistics Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number.
Examples # Clear GOLD logs. <Sysname> reset diagnostic event-log Related commands display diagnostic event-log reset diagnostic result Use reset diagnostic result to clear test results. Syntax In standalone mode: reset diagnostic result [ slot slot-number [ test test-name ] ] In IRF mode: reset diagnostic result [ chassis chassis-number [ slot slot-number [ test test-name ] ] ] Views...
Packet capture commands packet-capture interface IMPORTANT: To use the packet capture feature, you must install the feature image by using the boot-loader, install, or issu command. For more information about the commands, see Fundamentals Command Reference. Use packet-capture interface to capture incoming packets on an interface. Syntax Save captured packets to a file: packet-capture interface interface-type interface-number [ capture-filter capt-expression |...
Page 405
autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited. autostop files numbers: Stops capturing packets when the maximum number of file rotations is reached.
Table 85 Using the packet filter parameters Purpose Options Remarks • Stop based on the capturing duration: The packet capture stops if any one of autostop duration seconds the limits for the stop options is • Stop based on the number of reached.
Page 407
Parameters filepath: Specifies the full path of the packet file to store captured packet data. The path must be a case-sensitive string of up to 64 characters. The filename extension must be .pcap or .pcapng. For more information about setting a file path, see file system management in Fundamentals Configuration Guide.
VCF fabric commands display vcf-fabric topology Use display vcf-fabric topology to display VCF fabric topology information. Syntax display vcf-fabric topology Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Usage guidelines You can execute this command only on the master spine node. Before you display VCF fabric topology information, make sure VCF fabric topology discovery and automated underlay network provisioning are enabled.
Field Description This field displays Deploying if automated underlay network provisioning is in progress. Related commands vcf-fabric underlay autoconfigure vcf-fabric topology enable display vcf-fabric underlay autoconfigure Use display vcf-fabric underlay autoconfigure to display information about automated underlay network provisioning. Syntax display vcf-fabric underlay autoconfigure Views Any view...
Syntax vcf-fabric role { access | leaf | spine } undo vcf-fabric role Default No role is specified for the device. Views Neutron view Predefined user roles network-admin mdc-admin Parameters access: Specifies the access node. leaf: Specifies the leaf node. spine: Specifies the spine node.
Parameters template: Specifies a template file by its name, a case-insensitive string of 1 to 127 characters. A template file is a file that ends with the .template file extension. Usage guidelines After this command is executed, the device uses the specified template file to deploy the underlay network.
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 418
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Index A C D E F H I K L M N O P R S T U V X display ipv6 netstream export,324 display ipv6 netstream template,325 action cli,211 display kernel deadloop,239 action reboot,212 display kernel deadloop configuration,242 action switchover,213 display kernel exception,244...