HPE FlexNetwork 5130 HI Series Network Management And Monitoring Command Reference
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexNetwork 5130 HI SERIES
  6. Network management and monitoring command reference

HPE FlexNetwork 5130 HI Series Network Management And Monitoring Command Reference

Hide thumbs Also See for FlexNetwork 5130 HI Series:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual
HPE FlexNetwork 5130 HI Switch Series

Network Management and Monitoring

Command Reference

Part number: 5200-3617
Software version: Release 13xx
Document version: 6W100-20170315

Advertisement

Table of Contents
loading

Related Manuals for HPE FlexNetwork 5130 HI Series

Summary of Contents for HPE FlexNetwork 5130 HI Series

  • Page 1: Network Management And Monitoring

    HPE FlexNetwork 5130 HI Switch Series Network Management and Monitoring Command Reference Part number: 5200-3617 Software version: Release 13xx Document version: 6W100-20170315...
  • Page 2 © Copyright 2015, 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Ping, tracert, and system debugging commands ····································· 1   debugging ·························································································································· 1   display debugging ··············································································································· 1   ping ·································································································································· 2   ping ipv6 ···························································································································· 5   tracert ······························································································································· 7   tracert ipv6 ························································································································· 8   NQA commands ············································································ 10  ...
  • Page 4 reaction checked-element mos ····························································································· 62   reaction checked-element packet-loss ··················································································· 63   reaction checked-element probe-duration ··············································································· 64   reaction checked-element probe-fail (for trap) ·········································································· 65   reaction checked-element probe-fail (for trigger) ······································································ 67   reaction checked-element rtt ································································································ 67   reaction trap ·····················································································································...
  • Page 5 ntp-service unicast-server ································································································· 121   SNTP commands ········································································· 123   display sntp ipv6 sessions ································································································· 123   display sntp sessions ······································································································· 123   sntp authentication enable ································································································· 124   sntp authentication-keyid ·································································································· 125   sntp enable ···················································································································· 126   sntp ipv6 unicast-server ···································································································· 127  ...
  • Page 6 snmp-agent sys-info location ····························································································· 183   snmp-agent sys-info version ······························································································ 183   snmp-agent target-host ····································································································· 184   snmp-agent trap enable ···································································································· 186   snmp-agent trap if-mib link extended ··················································································· 187   snmp-agent trap life ········································································································· 187   snmp-agent trap log ········································································································· 188  ...
  • Page 7 EAA commands ··········································································· 239   action cli ························································································································ 239   action reboot ·················································································································· 240   action switchover ············································································································· 240   action syslog ·················································································································· 241   commit ·························································································································· 242   display rtm environment ···································································································· 242   display rtm policy ············································································································· 243  ...
  • Page 8 mirroring-group mirroring-port (system view) ········································································· 309   mirroring-group monitor-egress ·························································································· 311   mirroring-group monitor-port (interface view) ········································································· 312   mirroring-group monitor-port (system view) ··········································································· 313   mirroring-group reflector-port ····························································································· 314   mirroring-group remote-probe vlan ······················································································ 315   Flow mirroring commands ······························································ 317  ...
  • Page 9 security-logfile save ········································································································· 352   snmp-agent trap enable syslog ··························································································· 353   terminal debugging ·········································································································· 353   terminal logging level ······································································································· 354   terminal monitor ·············································································································· 355   Packet capture commands ····························································· 357   packet-capture interface ··································································································· 357   packet-capture read ········································································································· 359  ...

  • Page 10: Ping, Tracert, And System Debugging Commands

    Ping, tracert, and system debugging commands debugging Use debugging to enable debugging for a module. Use undo debugging to disable debugging for a module or for all modules. Syntax debugging module-name [ option ] undo debugging { all | module-name [ option ] } Default Debugging is disabled for all modules.

  • Page 11: Ping

    Views Any view Predefined user roles network-admin network-operator Parameters module-name: Specifies a module by its name. For a list of supported modules, use the display debugging ? command. If you do not specify a module name, this command displays the enabled debugging features for all modules.
  • Page 12 -n: Disables domain name resolution for the host argument. If the host argument represents the host name of the destination, and if this keyword is not specified, the device translates host into an address. -p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits.
  • Page 13 round-trip min/avg/max/std-dev = 1.962/2.196/2.665/0.244 ms # Test whether the device with an IP address of 1.1.2.2 is reachable. The IP addresses of the hops that the ICMP packets passed in the path are displayed. <Sysname> ping -r 1.1.2.2 Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms 1.1.2.1 1.1.2.2...

  • Page 14: Ping Ipv6

    ping ipv6 Use ping ipv6 to test the reachability of the destination IPv6 address and display IPv6 ping statistics. Syntax ping ipv6 [ -a source-ipv6 | -c count | -i interface-type interface-number | -m interval | -q | -s packet-size | -t timeout | -tc traffic-class | -v ] * host Views Any view Predefined user roles...
  • Page 15 56 bytes from 2001::2, icmp_seq=1 hlim=64 time=23.000 ms 56 bytes from 2001::2, icmp_seq=2 hlim=64 time=20.000 ms 56 bytes from 2001::2, icmp_seq=3 hlim=64 time=4.000 ms 56 bytes from 2001::2, icmp_seq=4 hlim=64 time=16.000 ms --- Ping6 statistics for 2001::2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms # Test whether the IPv6 address (2001::2) is reachable.

  • Page 16: Tracert

    Field Description round-trip min/avg/max/ std-dev Minimum/average/maximum/standard deviation response time, in =4.000/25.000/62.000/20.000 ms milliseconds. tracert Use tracert to trace the path that the packets traverse from source to destination. Syntax tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | -t tos | -w timeout ] * host Views Any view Predefined user roles...

  • Page 17: Tracert Ipv6

    <Sysname> tracert 1.1.2.2 traceroute to 1.1.2.2 (1.1.2.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms 1.1.2.2 (1.1.2.2) [AS 100] 580 ms 470 ms 80 ms Table 3 Command output Field Description Display the route that the IP packets traverse from the current device to the...
  • Page 18 -w timeout: Specifies the timeout time (in milliseconds) of the reply packet of a probe packet. The value range is 1 to 65535, and the default is 5000. host: Specifies the IPv6 address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters.

  • Page 19: Nqa Commands

    NQA commands NQA client commands advantage-factor Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values. Use undo advantage-factor to restore the default. Syntax advantage-factor factor undo advantage-factor Default The advantage factor is 0.

  • Page 20: Community Read

    Views Voice operation view Predefined user roles network-admin Parameters g711a: Specifies G.711 A-law codec type. g711u: Specifies G.711 µ-law codec type g729a: Specifies G.729 A-law codec type. Examples # Set the codec type to g729a for the voice operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type voice [Sysname-nqa-admin-test-voice] codec-type g729a...

  • Page 21: Data-Fill

    For more information about SNMP, see "Configuring SNMP." Examples # Specify readaccess as the community name for the SNMP operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type snmp [Sysname-nqa-admin-test-snmp] community read simple readaccess data-fill Use data-fill to configure the payload fill string for probe packets. Use undo data-fill to restore the default.

  • Page 22: Data-Size

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] data-fill abcd # In TCP template view, specify abcd as the payload fill string for probe packets. <Sysname> system-view [Sysname] nqa template tcp tcptplt [Sysname-nqatplt-tcp-tcptplt] data-fill abcd data-size Use data-size to set the payload size for each probe packet. Use undo data-size to restore the default.

  • Page 23: Description

    Usage guidelines In ICMP echo and path jitter operations, the command sets the payload size for each ICMP echo request. In UDP echo, UDP jitter, UDP tracert, and voice operations, the command sets the payload size for each UDP packet. Examples # Set the payload size to 80 bytes for each ICMP echo request.

  • Page 24: Destination Host

    destination host Use destination host to configure the destination host name for the operation. Use undo destination host to restore the default. Syntax destination host host-name undo destination host Default No destination host name is configured for the operation. Views UDP tracert operation view Predefined user roles network-admin...

  • Page 25: Destination Ipv6

    Predefined user roles network-admin Parameters ip-address: Specifies the destination IPv4 address for the operation. Examples # Specify 10.1.1.1 as the destination IPv4 address for the ICMP echo operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] destination ip 10.1.1.1 # In ICMP template view, specify 10.1.1.1 as the destination IPv4 address for the ICMP echo operation.

  • Page 26: Destination Port

    destination port Use destination port to configure the destination port number for the operation. Use undo destination port to restore the default. Syntax destination port port-number undo destination port Default The destination port number is 33434 for the UDP tracert operation. The destination port numbers for the operations that use the following NQA templates are: •...
  • Page 27 Views Any view Predefined user roles network-admin network-operator Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).

  • Page 28: Display Nqa Reaction Counters

    Succeeded 2011-04-29 20:54:23.4 Table 6 Command output Field Description History record ID. Index The history records in one UDP tracert operation have the same ID. TTL value in the probe packet. Round-trip time if the operation succeeds, timeout time upon timeout, or 0 if the Response operation cannot be completed, in milliseconds.
  • Page 29 Examples # Display the monitoring results of all reaction entries of the ICMP echo operation with administrator name admin and operation tag test. <Sysname> display nqa reaction counters admin test NQA entry (admin admin, tag test) reaction counters: Index Checked Element Threshold Type Checked Num Over-threshold Num...

  • Page 30: Display Nqa Result

    Monitored Threshold performance Collect data in Checked Num Over-threshold Num type metric average Packets sent Number of packets with Number of sent accumulate after the the one-way jitter packets. jitter-DS/jitter-SD operation starts. exceeding the threshold. average Packets sent Number of packets with Number of sent OWD-DS/OWD-SD after the...
  • Page 31 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the most recent result of the ICMP jitter operation with administrator name admin and operation tag test. <Sysname>...
  • Page 32 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 UDP-jitter results: RTT number: 10 Min positive SD: 8 Min positive DS: 8 Max positive SD: 18 Max positive DS: 8...
  • Page 33 Positive SD number: 0 Positive DS number: 0 Positive SD sum: 0 Positive DS sum: 0 Positive SD average: 0 Positive DS average: 0 Positive SD square-sum: 0 Positive DS square-sum: 0 Min negative SD: 0 Min negative DS: 0 Max negative SD: 0 Max negative DS: 0 Negative SD number: 0...
  • Page 34 Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 1/1/1 Square-Sum of round trip time: 10 Extended Results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Path-Jitter Results:...
  • Page 35 Field Description Time when the last successful probe was completed. If no probes are successful in an operation, the field displays 0. Last succeeded probe time This field is not available for UDP jitter, path jitter, and voice operations. Time when the last response packet was received. If no response packets in a probe were received, the field displays 0.
  • Page 36 Field Description Minimum absolute value among negative jitters from destination to Min negative DS source. Maximum absolute value among negative jitters from source to Max negative SD destination. Maximum absolute value among negative jitters from destination to Max negative DS source.

  • Page 37: Display Nqa Statistics

    Field Description IP address of the hop. Hop IP This field is available only for the path jitter operation. Path jitter operation results. Path-jitter results This field is available only for the path jitter operation. Number of jitters. Jitter number This field is available only for the path jitter operation.
  • Page 38 Usage guidelines The statistics are generated after the NQA operation completes. If you execute the display nqa statistics command before the operation completes, the statistics are displayed as all 0s. If a reaction entry is configured, the command displays the monitoring results of the reaction entry in the period specified by the statistics internal command.
  • Page 39 Max positive SD: 1 Max positive DS: 2 Positive SD number: 18 Positive DS number: 46 Positive SD sum: 18 Positive DS sum: 49 Positive SD average: 1 Positive DS average: 1 Positive SD square-sum: 18 Positive DS square-sum: 55 Min negative SD: 1 Min negative DS: 1 Max negative SD: 1...
  • Page 40 Positive SD sum: 283 Positive DS sum: 287 Positive SD average: 1 Positive DS average: 2 Positive SD square-sum: 709 Positive DS square-sum: 1937 Min negative SD: 2 Min negative DS: 1 Max negative SD: 10 Max negative DS: 1 Negative SD number: 81 Negative DS number: 94 Negative SD sum: 556...
  • Page 41 Positive SD square-sum: 134 Positive DS square-sum: 2 Min negative SD: 3 Min negative DS: 1 Max negative SD: 9 Max negative DS: 1 Negative SD number: 4 Negative DS number: 2 Negative SD sum: 25 Negative DS sum: 2 Negative SD average: 6 Negative DS average: 1 Negative SD square-sum: 187...
  • Page 42 Min/Max/Average negative jitter: 0/0/0 Sum/Square-Sum negative jitter: 0/0 Hop IP 192.168.50.209 Basic Results: Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 1/1/1 Square-Sum of round trip time: 10 Extended Results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0...
  • Page 43 Field Description ICMP jitter operation results. ICMP-jitter results This field is available only for the ICMP jitter operation. UDP jitter operation results. UDP-jitter results This field is available only for the UDP jitter operation. Voice operation results. Voice results This field is available only for the voice operation. RTT number Number of response packets received.
  • Page 44 Field Description Negative DS square-sum Square sum of negative jitters from destination to source. Unidirectional delay result. One way results This field is available only for the ICMP jitter, UDP jitter, and voice operations. Max SD delay Maximum delay from source to destination. Max DS delay Maximum delay from destination to source.
  • Page 45 Field Description Path jitter operation results. Path-jitter results This field is available only for the path jitter operation. Number of jitters. Jitter number This field is available only for the path jitter operation. Minimum/maximum/average positive jitter in milliseconds. Min/Max/Average jitter This field is available only for the path jitter operation.

  • Page 46: Expect Data

    Monitored Threshold performance Collect data in Checked Num Over-threshold Num type metric Packets sent in Number of packets of Number of sent accumulate the counting which the one-way jitter packets. jitter-DS/jitter-SD interval. exceeds the threshold. average Packets sent in Number of packets of Number of sent OWD-DS/OWD-SD the counting...

  • Page 47: Expect Ip

    Expected data check takes place in the following conditions: • For features that use the HTTP or HTTPS template, the NQA client checks for the expected data if the response contains the Content-Length header. • For features that use the TCP or UDP template, the NQA client checks for the expected data if the data-fill command is configured.

  • Page 48: Expect Status

    undo expect ipv6 Default No expected IPv6 address is specified. Views DNS template view Predefined user roles network-admin Parameters ip-address: Specifies the expected IPv6 address for a DNS echo request. Usage guidelines During a DNS operation, the NQA client compares the expected IPv6 address with the IPv6 address resolved by the DNS server.

  • Page 49: Filename

    <Sysname> system-view [Sysname] nqa template http httptplt [Sysname-nqatplt-http-httptplt] expect status 200 300 400 to 500 filename Use filename to specify a file to be transferred between the FTP server and the FTP client. Use undo filename to restore the default. Syntax filename filename undo filename...

  • Page 50: History-Record Enable

    Default In NQA operation view, the interval between two consecutive voice or path jitter operations is 60000 milliseconds. The interval between two consecutive operations of other types is 0 milliseconds. In NQA template view, the interval between two consecutive operations is 5000 milliseconds. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view...

  • Page 51: History-Record Keep-Time

    Predefined user roles network-admin Usage guidelines To display the history records of the NQA operation, use the display nqa history command. The undo form of the command also removes existing history records of an NQA operation. Examples # Enable the saving of history records for the NQA operation. <Sysname>...

  • Page 52: History-Record Number

    history-record number Use history-record number to set the maximum number of history records that can be saved for an NQA operation. Use undo history-record number to restore the default. Syntax history-record number number undo history-record number Default A maximum of 50 history records can be saved for an NQA operation. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view...

  • Page 53: Lsr-Path

    Predefined user roles network-admin Parameters value: Specifies the TTL value in the range of 1 to 255. Examples # Set the TTL value to 5 for the UDP packets in the start round. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-tracert [Sysname-nqa-admin-test-udp-tracert] init-ttl 5 lsr-path...

  • Page 54: Mode

    Use undo max-failure to restore the default. Syntax max-failure times undo max-failure Default A UDP tracert operation stops and fails when it detects five consecutive probe failures. Views UDP tracert operation view Predefined user roles network-admin Parameters times: Specifies the maximum number in the range of 0 to 255. When this argument is set to 0 or 255, the UDP tracert operation does not stop when consecutive probe failures occur.

  • Page 55: Next-Hop Ip

    Examples # Set the data transmission mode to passive for the FTP operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] mode passive # In FTP template view, set the data transmission mode to passive for the FTP operation. <Sysname>...

  • Page 56: No-Fragment Enable

    undo next-hop ipv6 Default No next hop IPv6 address is specified for probe packets. Views ICMP echo operation view ICMP/TCP half open template view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of the next hop. IPv6 link-local addresses are not supported.

  • Page 57: Nqa

    [Sysname-nqa-admin-test] type udp-tracert [Sysname-nqa-admin-test-udp-tracert] no-fragment enable Use nqa to create an NQA operation and enter its view, or enter the view of an existing NQA operation. Use undo nqa to remove the operation. Syntax nqa entry admin-name operation-tag undo nqa { all | entry admin-name operation-tag } Default No NQA operations exist.

  • Page 58: Nqa Schedule

    Examples # Enable the NQA client. <Sysname> system-view [Sysname] nqa agent enable Related commands nqa server enable nqa schedule Use nqa schedule to configure scheduling parameters for an NQA operation. Use undo nqa schedule to stop the operation. Syntax nqa schedule admin-name operation-tag start-time { hh:mm:ss [ yyyy/mm/dd | mm/dd/yyyy ] | now } lifetime { lifetime | forever } [ recurring ] undo nqa schedule admin-name operation-tag Default...

  • Page 59: Nqa Template

    You cannot enter the operation view or operation type view of a scheduled NQA operation. Specify a lifetime long enough for an operation to complete. Examples # Schedule the operation with administrator name admin and operation tag test to start on 08:08:08 2008/08/08 and last 1000 seconds.

  • Page 60: Operation (Ftp Operation View)

    [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] operation (FTP operation view) Use operation to specify the operation type for the FTP operation. Use undo operation to restore the default. Syntax operation { get | put } undo operation Default The FTP operation type is get. Views FTP operation view FTP template view...

  • Page 61: Operation (Http/Https Operation View)

    operation (HTTP/HTTPS operation view) Use operation to specify the operation type for the HTTP or HTTPS operation. Use undo operation to restore the default. Syntax operation { get | post | raw } undo operation Default The HTTP or HTTPS operation type is get. Views HTTP operation view HTTP/HTTPS template view...

  • Page 62: Password

    Use undo out interface to restore the default. Syntax out interface interface-type interface-number undo out interface Default The output interface for probe packets is not specified. The NQA client determines the output interface based on the routing table lookup. Views ICMP echo operation view DHCP operation view UDP tracert operation view...

  • Page 63: Probe Count

    Parameters cipher: Specifies a password in encrypted form. simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password. The plaintext form of the password is a case-sensitive string of 1 to 32 characters.

  • Page 64: Probe Packet-Interval

    • For other types of operations, this argument specifies the times of probes to the destination per operation. The value range for this argument is 1 to 15. Usage guidelines The following describes how NQA performs different types of operations: •...

  • Page 65: Probe Packet-Number

    Predefined user roles network-admin Parameters interval: Specifies the sending interval in the range of 10 to 60000 milliseconds. Examples # Configure the UDP jitter operation to send packets every 100 milliseconds. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] probe packet-interval 100 probe packet-number Use probe packet-number to set the number of packets to be sent in a UDP jitter, path jitter, or...

  • Page 66: Probe Timeout

    Syntax probe packet-timeout timeout undo probe packet-timeout Default The response timeout time in the UDP jitter or path jitter operation is 3000 milliseconds. The response timeout time in the voice operation is 5000 milliseconds. Views ICMP jitter/path jitter/UDP jitter/voice operation view Predefined user roles network-admin Parameters...

  • Page 67: Raw-Request

    Usage guidelines If a probe does not complete within the period, the probe is timed out. Examples # Set the probe timeout time to 10000 milliseconds for the DHCP operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type dhcp [Sysname-nqa-admin-test-dhcp] probe timeout 10000 # In HTTP template view, set the probe timeout time to 10000 milliseconds for the HTTP operation.

  • Page 68: Reaction Checked-Element { Jitter-Ds | Jitter-Sd

    [Sysname-nqatplt-http-httptplt] raw-request [Sysname-nqatplt-http-httptplt-raw-request] POST /sdn/ui/app/index HTTP/1.0\r\nHost: 172.0.0.2\r\nAuthorization: Basic cm9vdDoxMjM0NTY=\r\n\r\n reaction checked-element { jitter-ds | jitter-sd } Use reaction checked-element { jitter-ds | jitter-sd } to configure a reaction entry for monitoring one-way jitter in the NQA operation. Use undo reaction to delete a reaction entry. Syntax reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences...

  • Page 69: Reaction Checked-Element { Owd-Ds | Owd-Sd

    Examples # Create reaction entry 1 for monitoring the average destination-to-source jitter of UDP jitter packets, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average destination-to-source jitter is checked against the threshold range.

  • Page 70: Reaction Checked-Element Icpif

    lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit. Usage guidelines You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

  • Page 71: Reaction Checked-Element Mos

    trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. Usage guidelines You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

  • Page 72: Reaction Checked-Element Packet-Loss

    Usage guidelines You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one. For the MOS threshold, the number is expressed in three digits representing ones, tenths, and hundredths.

  • Page 73: Reaction Checked-Element Probe-Duration

    Usage guidelines You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one. Examples # Create reaction entry 1 for monitoring packet loss in the UDP jitter operation. Before the NQA operation starts, the initial state of the reaction entry is invalid.

  • Page 74: Reaction Checked-Element Probe-Fail (For Trap)

    action-type: Specifies what action to be triggered. The default action is none. none: Specifies the action of displaying results on the terminal display. trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation. Usage guidelines You cannot edit a reaction entry after it is created.
  • Page 75 Syntax reaction item-number checked-element probe-fail threshold-type accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ] undo reaction item-number Default No reaction entries for monitoring probe failures exist. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view Predefined user roles network-admin Parameters...

  • Page 76: Reaction Checked-Element Probe-Fail (For Trigger)

    [Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-fail threshold-type consecutive 10 action-type trap-only reaction checked-element probe-fail (for trigger) Use reaction checked-element probe-fail to configure a reaction entry for monitoring probe failures. Use undo reaction to delete a reaction entry. Syntax reaction item-number checked-element probe-fail threshold-type consecutive...
  • Page 77 Use undo reaction to delete a reaction entry. Syntax reaction item-number checked-element threshold-type accumulate accumulate-occurrences average threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] undo reaction item-number Default No reaction entries for monitoring packet round-trip time exist. Views ICMP jitter/UDP jitter/voice operation view Predefined user roles...

  • Page 78: Reaction Trap

    # Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold.

  • Page 79: Reaction Trigger Per-Probe

    The following parameters are not available for the UDP tracert operation: • The probe-failure consecutive-probe-failures option. • The accumulate-probe-failures argument. Examples # Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.

  • Page 80: Reaction Trigger Probe-Fail

    reaction trigger probe-fail Use reaction trigger probe-fail to set the number of consecutive probe failures to determine an operation failure. Use undo reaction trigger probe-fail to restore the default. Syntax reaction trigger probe-fail count undo reaction trigger probe-fail Default The NQA client notifies the feature of the operation failure when the number of consecutive probe failures reaches 3.

  • Page 81: Resolve-Target

    Views Any NQA template view Predefined user roles network-admin Parameters count: Specifies the number of consecutive successful probes, in the range of 1 to 15. Usage guidelines If number of consecutive successful probes is reached, the NQA client notifies the feature that uses the template of the successful operation event.

  • Page 82: Resolve-Type

    [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type dns [Sysname-nqa-admin-test-dns] resolve-target domain1 # In DNS template view, specify domain1 as the domain name to be resolved. <Sysname> system-view [Sysname] nqa template dns dnstplt [Sysname-nqatplt-dns-dnstplt] resolve-target domain1 resolve-type Use resolve-type to configure the domain name resolution type. Use undo resolve-type to restore the default.

  • Page 83: Source Interface (Icmp Echo/Udp Tracert Operation View)

    Views ICMP echo/TCP/UDP echo operation view DLSw/DNS/FTP/HTTP/SNMP operation view UDP tracert operation view ICMP jitter/UDP jitter/voice operation view Predefined user roles network-admin Usage guidelines When the routing table bypass feature is enabled, the following events occur: • The routing table is not searched. Packets are sent to the destination in a directly connected network.

  • Page 84: Source Ip

    If you execute this command and the source ip command for a UDP tracert operation multiple times, the most recent configuration takes effect. Examples # Specify the IP address of the interface VLAN-interface 1 as the source IP address of ICMP echo request packets.

  • Page 85: Source Ipv6

    If you execute the source interface and source ip commands multiple times for an ICMP echo operation, ICMP template, or UDP tracert operation, the most recent configuration takes effect. Examples # Specify 10.1.1.1 as the source IPv4 address for ICMP echo requests. <Sysname>...

  • Page 86: Source Port

    [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] source ipv6 1::1 # In ICMP template view, specify 1::1 as the source IPv6 address for ICMP echo requests. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] source ipv6 1::1 Related commands source interface source port Use source port to configure the source port number for probe packets.

  • Page 87: Statistics Hold-Time

    Use undo ssl-client-policy to restore the default. Syntax ssl-client-policy policy-name undo ssl-client-policy Default No SSL client policy is specified for an HTTPS or SSL template. Views HTTPS/SSL template view Predefined user roles network-admin Parameters policy-name: Specifies an SSL client policy by its name, a case-insensitive string of 1 to 31 characters.

  • Page 88: Statistics Interval

    Examples # Set the hold time to 3 minutes for statistics groups of the ICMP echo operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] statistics hold-time 3 statistics interval Use statistics interval to set the statistics collection interval for an NQA operation. Use undo statistics interval to restore the default.

  • Page 89: Target-Only

    Default A maximum of two statistics groups can be saved. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view ICMP jitter/path jitter/UDP jitter/voice operation view Predefined user roles network-admin Parameters number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.

  • Page 90: Tos

    Use tos to set the ToS value in the IP header for probe packets. Use undo tos to restore the default. Syntax tos value undo tos Default The ToS value in the IP header of probe packets is 0. Views Any operation view Any NQA template view Predefined user roles...

  • Page 91: Type

    ICMP jitter/UDP jitter/voice operation view Any NQA template view Predefined user roles network-admin Parameters value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255. Usage guidelines The route-option bypass-route command sets the TTL to 1 for probe packets. If you configure both the route-option bypass-route and ttl commands for an operation, the ttl command does not take effect.

  • Page 92: Url

    icmp-jitter: Specifies the ICMP jitter operation type. path-jitter: Specifies the path jitter operation type. snmp: Specifies the SNMP operation type. tcp: Specifies the TCP operation type. udp-echo: Specifies the UDP echo operation type. udp-jitter: Specifies the UDP jitter operation type. udp-tracert: Specifies the UDP tracert operation type.

  • Page 93: Username

    Operation URL format Parameter description ftp://host/filename FTP operation ftp://host:port/filename Examples # Configure the URL that the HTTP operation visits as http://www.company.com/index.htm. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type http [Sysname-nqa-admin-test-http] url http://www.company.com/index.html # In HTTP template view, configure the URL that the HTTP operation visits as http://www.company.com/index.htm.

  • Page 94: Version

    Related commands operation password version Use version to specify the version used in the HTTP or HTTPS operation. Use undo version to restore the default. Syntax version { v1.0 | v1.1 } undo version Default Version 1.0 is used in the HTTP operation or HTTPS operation. Views HTTP operation view HTTP/HTTPS template view...

  • Page 95: Nqa Server Enable

    Predefined user roles network-admin network-operator Examples # Display NQA server status. <Sysname> display nqa server NQA server status: Enabled TCP connect: IP address Port VPN instance 2.2.2.2 2000 UDP echo: IP address Port VPN instance 3.3.3.3 3000 Table 14 Command output Field Description NQA server status...

  • Page 96: Nqa Server Tcp-Connect

    Views System view Predefined user roles network-admin Examples # Enable the NQA server. <Sysname> system-view [Sysname] nqa server enable Related commands display nqa server nqa server tcp-connect nqa server udp-echo nqa server tcp-connect Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen to a port on an IP address.

  • Page 97: Nqa Server Udp-Echo

    Examples # Configure a TCP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2. <Sysname> system-view [Sysname] nqa server tcp-connect 169.254.10.2 9000 Related commands display nqa server nqa server enable nqa server udp-echo Use nqa server udp-echo to configure a UDP listening service to enable the NQA server to listen to a port on an IP address.
  • Page 98 Related commands display nqa server nqa server enable...

  • Page 99: Ntp Commands

    NTP commands NTP is supported on VLAN interfaces. display ntp-service ipv6 sessions Use display ntp-service ipv6 sessions to display information about all IPv6 NTP associations. Syntax display ntp-service ipv6 sessions [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters verbose: Displays detailed information about all IPv6 NTP associations.
  • Page 100 Field Description Reference clock ID of the NTP server: • If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: When the value of the Clock stratum field is 0 or 1, this field displays LOCL.
  • Page 101 Root roundtrip delay: 0.0000ms, root dispersion: 0.0000ms Reachabilities:0, sync distance: 15.938 Precision: 2^10, version: 4, source interface: Not specified Reftime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000 Orgtime: d17cbb21.0f318106 Tue, May 17 2011 9:15:13.059 Rcvtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000 Xmttime: 00000000.00000000 Thu, Feb 7 2036...
  • Page 102 Field Description • If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: When the value of the Clock stratum field is 0 or 1, this field displays LOCL. When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the Reference clock ID...

  • Page 103: Display Ntp-Service Sessions

    Field Description Synchronization distance relative to the upper-level clock, in sync distance seconds, and calculated from dispersion and roundtrip delay values. Precision Accuracy of the system clock. version NTP version in the range of 1 to 4. Source interface. source interface If the source interface is not specified, this field displays Not specified.
  • Page 104 source reference stra reach poll now offset delay disper ******************************************************************************** [12345]LOCAL(0) LOCL - 0.0000 0.0000 7937.9 [5]0.0.0.0 INIT - 0.0000 0.0000 0.0000 Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured. Total sessions: 1 Table 17 Command output Field Description •...
  • Page 105 Field Description • 1—Clock source selected by the system (the current reference source). • 2—The stratum level of the clock source is less than or equal to 15. [12345] • 3—The clock source has survived the clock selection algorithm. • 4—The clock source is a candidate clock source.
  • Page 106 Field Description Status of the clock source corresponding to this association: • configured—The association was created by a configuration command. • dynamic—The association is established dynamically. • master—The clock source is the primary reference source of the current system. • selected—The clock source has survived the clock selection algorithm.

  • Page 107: Display Ntp-Service Status

    Field Description Operation mode of the peer device: • unspec—The mode is unspecified. • active—Active mode. • passive—Passive mode. Peer mode • client—Client mode. • server—Server mode. • broadcast—Broadcast or multicast server mode. • bclient—Broadcast or multicast client mode. Polling interval of the peer device, in seconds. The value peer poll interval displayed is a power of 2.
  • Page 108 Syntax display ntp-service status Views Any view Predefined user roles network-admin network-operator Examples # Display NTP service status after time synchronization. <Sysname> display ntp-service status Clock status: synchronized Clock stratum: 2 System peer: LOCAL(0) Local mode: client Reference clock ID: 127.127.1.0 Leap indicator: 00 Clock jitter: 0.000977 s Stability: 0.000 pps...
  • Page 109 Field Description Operation mode of the local device: • unspec—The mode is unspecified. • active—Active mode. • passive—Passive mode. Local mode • client—Client mode. • server—Server mode. • broadcast—Broadcast or multicast server mode. • bclient—Broadcast or multicast client mode. For an IPv4 NTP server: The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server.

  • Page 110: Display Ntp-Service Trace

    display ntp-service trace Use display ntp-service trace to display brief information about each NTP server from the local device back to the primary reference source. Syntax display ntp-service trace [ source interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 111: Ntp-Service Acl

    Related commands ntp-service ipv6 source ntp-service ipv6 unicast-server ntp-service ipv6 unicast-peer ntp-service source ntp-service unicast-server ntp-service unicast-peer ntp-service acl Use ntp-service acl to configure the right for peer devices to access the IPv4 NTP services on the local device. Use undo ntp-service to remove the configured IPv4 NTP service access right. Syntax ntp-service { peer | query | server | synchronization } acl ipv4-acl-number undo ntp-service { peer | query | server | synchronization } [ acl ipv4-acl-number ]...

  • Page 112: Ntp-Service Authentication Enable

    • If none of the IPv4 ACLs specified for the access rights is created, the peer access right applies. • If none of the IPv4 ACLs specified for the access rights contains rules, no access right is granted. The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication.

  • Page 113: Ntp-Service Authentication-Keyid

    ntp-service authentication-keyid Use ntp-service authentication-keyid to set an NTP authentication key. Use undo ntp-service authentication-keyid to remove an NTP authentication key. Syntax ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * undo ntp-service authentication-keyid keyid Default...

  • Page 114: Ntp-Service Broadcast-Client

    • If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for authentication. • If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for authentication.

  • Page 115: Ntp-Service Broadcast-Server

    Examples # Configure the device to operate in broadcast client mode and receive NTP broadcast messages on VLAN-interface 1. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ntp-service broadcast-client Related commands ntp-service broadcast-server ntp-service broadcast-server Use ntp-service broadcast-server to configure the device to operate in NTP broadcast server mode and use the current interface to send NTP broadcast packets.

  • Page 116: Ntp-Service Dscp

    ntp-service dscp Use ntp-service dscp to set a DSCP value for IPv4 NTP packets. Use undo ntp-service dscp to restore the default. Syntax ntp-service dscp dscp-value undo ntp-service dscp Default The DSCP value for IPv4 NTP packets is 48. Views System view Predefined user roles network-admin...

  • Page 117: Ntp-Service Inbound Enable

    ntp-service inbound enable Use ntp-service inbound enable to enable an interface to receive NTP messages. Use undo ntp-service inbound enable to disable an interface from receiving NTP messages. Syntax ntp-service inbound enable undo ntp-service inbound enable Default An interface receives NTP messages. Views Interface view Predefined user roles...

  • Page 118: Ntp-Service Ipv6 Dscp

    query: Allows only NTP control queries from a peer device to the local device. server: Allows time requests and NTP control queries, but does not allow the local device to synchronize itself to a peer device. synchronization: Allows only time requests from a system whose address passes the access list criteria.

  • Page 119: Ntp-Service Ipv6 Inbound Enable

    Default The DSCP value for IPv6 NTP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63 for IPv6 NTP packets. Usage guidelines The DSCP value is included in the Traffic Class field of an IPv6 packet to identify the packet priority. Examples # Set the DSCP value for IPv6 NTP packets to 30.

  • Page 120: Ntp-Service Ipv6 Multicast-Client

    ntp-service ipv6 multicast-client Use ntp-service ipv6 multicast-client to configure the device to operate in IPv6 NTP multicast client mode and use the current interface to receive IPv6 NTP multicast packets. Use undo ntp-service ipv6 multicast-client to remove the configuration. Syntax ntp-service ipv6 multicast-client ipv6-address undo ntp-service ipv6 multicast-client ipv6-address Default...

  • Page 121: Ntp-Service Ipv6 Source

    Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 multicast address. An IPv6 multicast client and server must be configured with the same multicast address. authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients.

  • Page 122: Ntp-Service Ipv6 Unicast-Peer

    Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If you specify a source interface for IPv6 NTP messages, the device uses the IPv6 address of the source interface as the source address to send IPv6 NTP messages. Consequently, the destination address of the IPv6 NTP response messages is the address of the source interface.

  • Page 123: Ntp-Service Ipv6 Unicast-Server

    ipv6-address: Specifies a symmetric-passive peer by its IPv6 address. It must be a unicast address, rather than a multicast address. authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and the peer do not authenticate each other.

  • Page 124: Ntp-Service Max-Dynamic-Sessions

    Parameters server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters. ipv6-address: Specifies an NTP server by its IPv6 address. It must be a unicast address, rather than a multicast address. authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server.

  • Page 125: Ntp-Service Multicast-Client

    Usage guidelines A device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command. A dynamic association is a temporary association created by the system during operation.

  • Page 126: Ntp-Service Multicast-Server

    Related commands ntp-service multicast-server ntp-service multicast-server Use ntp-service multicast-server to configure the device to operate in NTP multicast server mode and use the current interface to send NTP multicast packets. Use undo ntp-service multicast-server to remove the configuration. Syntax ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] * undo ntp-service multicast-server [ ip-address ] Default...

  • Page 127: Ntp-Service Refclock-Master

    ntp-service refclock-master Use ntp-service refclock-master to configure the local clock as the reference source. Use undo ntp-service refclock-master to remove the configuration. Syntax ntp-service refclock-master [ ip-address ] [ stratum ] undo ntp-service refclock-master [ ip-address ] Default The device does not use its local clock as the reference clock. Views System view Predefined user roles...

  • Page 128: Ntp-Service Source

    Default No trusted key is specified. Views System view Predefined user roles network-admin Parameters keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295. Usage guidelines When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.

  • Page 129: Ntp-Service Unicast-Peer

    Predefined user roles network-admin Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If you specify a source interface for NTP messages, the device uses the primary IP address of the specified interface as the source IP address to send NTP messages. Consequently, the destination address of the NTP response messages is the primary IP address of the source interface.

  • Page 130: Ntp-Service Unicast-Server

    Parameters peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters. ip-address: Specifies a symmetric-passive peer by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock. authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer.
  • Page 131 Predefined user roles network-admin Parameters server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters. ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

  • Page 132: Sntp Commands

    SNTP commands display sntp ipv6 sessions Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations. Syntax display sntp ipv6 sessions Views Any view Predefined user roles network-admin network-operator Examples # Display information about all IPv6 SNTP associations. <Sysname>...

  • Page 133: Sntp Authentication Enable

    Views Any view Predefined user roles network-admin network-operator Examples # Display information about all IPv4 SNTP associations. <Sysname> display sntp sessions SNTP server Stratum Version Last receive time 1.0.1.11 Tue, May 17 2011 9:11:20.833 (Synced) Table 22 Command output Field Description SNTP server (NTP server).

  • Page 134: Sntp Authentication-Keyid

    Related commands sntp authentication-keyid sntp reliable authentication-keyid sntp authentication-keyid Use sntp authentication-keyid to set an SNTP authentication key. Use undo sntp authentication-keyid to remove an SNTP authentication key. Syntax sntp authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * undo sntp authentication-keyid keyid Default...

  • Page 135: Sntp Enable

    • The device uses the acl ipv4-acl-number or acl ipv6-acl-number option to identify the peer device that can use the key ID only when an SNTP session for the peer device is required to be established or after the SNTP session has been established. •...

  • Page 136: Sntp Ipv6 Unicast-Server

    sntp ipv6 unicast-server Use sntp ipv6 unicast-server to specify an IPv6 NTP server for the device. Use undo sntp ipv6 unicast-server to remove the IPv6 NTP server specified for the device. Syntax sntp ipv6 unicast-server { server-name | ipv6-address } [ authentication-keyid keyid | source interface-type interface-number ] * undo sntp ipv6 unicast-server { server-name | ipv6-address } Default...

  • Page 137: Sntp Unicast-Server

    Use undo sntp reliable authentication-keyid to remove the trusted key. Syntax sntp reliable authentication-keyid keyid undo sntp reliable authentication-keyid keyid Default No trusted key is specified. Views System view Predefined user roles network-admin Parameters keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295. Usage guidelines If SNTP is enabled, the SNTP client is synchronized only to an NTP server that provides a trusted key.
  • Page 138 Predefined user roles network-admin Parameters server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters. ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

  • Page 139: Poe Commands

    PoE commands apply poe-profile Use apply poe-profile to apply a PoE profile to a power interface (PI). Use undo apply poe-profile to restore the default. Syntax apply poe-profile { index index | name profile-name } undo apply poe-profile { index index | name profile-name } Default No PoE profile is applied to PIs.

  • Page 140: Display Poe Device

    Predefined user roles network-admin Parameters index index: Specifies a PoE profile by its index number in the range of 1 to 100. name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters. interface-range: Specifies a range of Ethernet interfaces in the form of interface-type interface-number [ to interface-type interface-number ], where interface-type interface-number represents the interface type and interface number.

  • Page 141: Display Poe Interface

    Table 23 Command output Field Description Slot IRF member device ID. PSE ID ID of the PSE. Slot No. Slot number of the PSE. SSlot No. Sub-slot number of the PSE. PortNum Number of PIs on the PSE. MaxPower(W) Maximum power of the PSE. PSE status: •...
  • Page 142 PD Description : IP Phone For Room 101 Table 24 Command output Field Description PoE status: • PoE Status Enabled. • Disabled. Power supply priority of the PI: • Critical (highest). Power Priority • High. • Low. Operating status of a PI: •...
  • Page 143 Class Status GE1/0/1 Enabled Searching GE1/0/2 Disabled Disabled GE1/0/3 Disabled Disabled GE1/0/4 Disabled Disabled GE1/0/5 Disabled Disabled GE1/0/6 Disabled Disabled GE1/0/7 Disabled Disabled GE1/0/8 Disabled Disabled GE1/0/9 Disabled Disabled GE1/0/10 Disabled Disabled GE1/0/11 Disabled Disabled GE1/0/12 Disabled Disabled GE1/0/13 Disabled Disabled GE1/0/14 Disabled...

  • Page 144: Display Poe Interface Power

    GE1/0/48 Disabled Disabled On State Ports: 0; Used: 0.0(W); Remaining: 180.0(W) Table 25 Command output Field Description Interface Interface name of a PI. PoE status: • Enabled. • Disabled. Power priority of a PI: • Critical (highest). Priority • High. •...
  • Page 145 Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power information for all PIs. Examples # Display power information for GigabitEthernet 1/0/1. <Sysname>...

  • Page 146: Display Poe Pse

    GE1/0/29 30.0 GE1/0/30 30.0 GE1/0/31 30.0 GE1/0/32 30.0 GE1/0/33 30.0 GE1/0/34 30.0 GE1/0/35 30.0 GE1/0/36 30.0 GE1/0/37 30.0 GE1/0/38 30.0 GE1/0/39 30.0 GE1/0/40 30.0 GE1/0/41 30.0 GE1/0/42 30.0 GE1/0/43 30.0 GE1/0/44 30.0 GE1/0/45 30.0 GE1/0/46 30.0 GE1/0/47 30.0 GE1/0/48 30.0 On State Ports: 0;...
  • Page 147 network-operator Parameters pse-id: Specifies a PSE by its ID. If you do not specify a PSE, this command displays detailed PSE information about all PSEs. Examples # Display detailed PSE information. <Sysname> display poe pse PSE ID Slot No. SSlot No. PSE Model : LSP6POEB PSE Status...

  • Page 148: Display Poe Pse Interface

    PSE Software Version PSE software version number. PSE Hardware Version PSE hardware version number. Nonstandard PD detection status: Legacy PD Detection • Enabled. • Disabled. Power Utilization Threshold PSE power alarm threshold. PSE Power Policy PSE power management policy mode. PD Power Policy PD power management policy mode.
  • Page 149 GE1/0/16 Disabled Disabled GE1/0/17 Disabled Disabled GE1/0/18 Disabled Disabled GE1/0/19 Disabled Disabled GE1/0/20 Disabled Disabled GE1/0/21 Disabled Disabled GE1/0/22 Disabled Disabled GE1/0/23 Disabled Disabled GE1/0/24 Disabled Disabled GE1/0/25 Disabled Disabled GE1/0/26 Disabled Disabled GE1/0/27 Disabled Disabled GE1/0/28 Disabled Disabled GE1/0/29 Disabled Disabled GE1/0/30...

  • Page 150: Display Poe Pse Interface Power

    Field Description Operating status of a PI: • Off—PoE is disabled. • On—Power is being supplied to the PI correctly. • Power-lack—Remaining guaranteed power is insufficient for a critical PI. Oper • Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power.
  • Page 151 GE1/0/1 30.0 GE1/0/2 30.0 GE1/0/3 30.0 GE1/0/4 30.0 GE1/0/5 30.0 GE1/0/6 30.0 GE1/0/7 30.0 GE1/0/8 30.0 GE1/0/9 30.0 GE1/0/10 30.0 GE1/0/11 30.0 GE1/0/12 30.0 GE1/0/13 30.0 GE1/0/14 30.0 GE1/0/15 30.0 GE1/0/16 30.0 GE1/0/17 30.0 GE1/0/18 30.0 GE1/0/19 30.0 GE1/0/20 30.0 GE1/0/21 30.0 GE1/0/22...

  • Page 152: Display Poe-Profile

    On State Ports: 0; Used: 0.0(W); Remaining: 180.0(W) Table 29 Command output Field Description Interface Interface name of a PI. Current Current power of a PI. Peak Peak power of a PI. Maximum power of a PI. PD Description Type and location description for the PD connected with a PI. Ports On Number of PIs that are supplying power.

  • Page 153: Display Poe-Profile Interface

    PoE Profile Index ApplyNum Interfaces Configuration forIPphone GE1/0/1 poe enable GE1/0/2 poe priority critical GE1/0/3 GE1/0/4 GE1/0/5 GE1/0/6 Total ports: 6 Table 30 Command output Field Description PoE Profile Name of the PoE profile. Index Index number of the PoE profile. ApplyNum Number of PIs to which the PoE profile is applied.

  • Page 154: Poe Enable

    poe enable Use poe enable to enable PoE on a PI. Use undo poe enable to disable PoE on a PI. Syntax poe enable undo poe enable Default PoE is disabled on a PI. Views PI view PoE profile view Predefined user roles network-admin Usage guidelines...

  • Page 155: Poe Legacy Enable

    Views System view Predefined user roles network-admin Parameters pse-id: Specifies a PSE by its ID. Examples # Enable PoE for PSE 4. <Sysname> system-view [Sysname] poe enable pse 4 Related commands display poe pse poe legacy enable Use poe legacy enable to enable the PSE to detect nonstandard PDs. Use undo poe legacy enable to disable the PSE from detecting nonstandard PDs.

  • Page 156: Poe Pd-Description

    undo poe max-power Default The maximum PI power is 30000. Views PI view PoE profile view Predefined user roles network-admin Parameters max-power: Sets the maximum PI power in milliwatts. The value range is 1000 to 30000. Examples # Set the maximum PI power to 12000 milliwatts in PI view. <Sysname>...

  • Page 157: Poe Pd-Policy Priority

    [Sysname-GigabitEthernet1/0/1] poe pd-description IP Phone For Room 101 poe pd-policy priority Use poe pd-policy priority to enable PI power management. Use undo poe pd-policy priority to restore the default. Syntax poe pd-policy priority undo poe pd-policy priority Default PI power management is disabled. Views System view Predefined user roles...

  • Page 158: Poe Update

    Parameters critical: Sets the power supply priority to critical. The PI with critical power priority operates in guaranteed mode. Power is first supplied to the PD connected to the critical PI. high: Sets the power supply priority to high. low: Sets the power supply priority to low. Usage guidelines When the PoE power is insufficient, power is first supplied to PIs with higher priority.

  • Page 159: Poe Utilization-Threshold

    Usage guidelines You can upgrade the PSE firmware in service in either of the following modes: • Refresh mode—Updates the PSE firmware without deleting it. You can use the refresh mode in most cases. • Full mode—Deletes the current PSE firmware and reloads a new one. Use the full mode if the PSE firmware is damaged and you cannot execute any PoE commands.
  • Page 160 Default No PoE profiles exist. Views System view Predefined user roles network-admin Parameters profile-name: Specifies a PoE profile name, a case-sensitive string of 1 to 15 characters. A PoE configuration file name begins with a letter and must not contain reserved keywords including undo, all, name, interface, user, poe, disable, max-power, mode, priority, or enable.

  • Page 161: Snmp Commands

    SNMP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.

  • Page 162: Display Snmp-Agent Context

    Community name: userv1 Group name: testv1 Storage-type: nonvolatile Community name: cc Group name: cc ACL name: testacl Storage-type: nonVolatile Table 31 Command output Field Description Community name created by using the snmp-agent community command or Community name username created by using the snmp-agent usm-user { v1 | v2c } command. SNMP group name.

  • Page 163: Display Snmp-Agent Group

    Syntax display snmp-agent context [ context-name ] Views Any view Predefined user roles network-admin network-operator Parameters context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If you do not specify this argument, the command displays all SNMP contexts. Examples # Display all SNMP contexts.

  • Page 164: Display Snmp-Agent Local-Engineid

    Table 32 Command output Field Description Group name SNMP group name. Security model of the SNMP group: • authPriv—Authentication with privacy. • authNoPriv—Authentication without privacy. Security model • noAuthNoPriv—No authentication, no privacy. Security model of an SNMPv1 or SNMPv2c group can only be noAuthNoPriv. Readview Read-only MIB view accessible to the SNMP group.

  • Page 165: Display Snmp-Agent Mib-Node

    Related commands snmp-agent local-engineid display snmp-agent mib-node Use display snmp-agent mib-node to display SNMP MIB node information. Syntax display snmp-agent mib-node [ details | index-node | trap-node | verbose ] Views Any view Predefined user roles network-admin network-operator Parameters details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node.
  • Page 166 Field Description Permissions to MIB nodes: • NA—Not accessible. • NF—Notifications. (NA) • RO—Read-only access. • RW—Read and write access. • RC—Read-write-create access. • WO—Write-only access. Leaf node or MIB table node. # Display detailed MIB node information. <Sysname> display snmp-agent mib-node details iso(1)(dot1xPaeSystemAuthControl) |-std(0)(dot1xPaeSystemAuthControl) |-iso8802(8802)(dot1xPaeSystemAuthControl)
  • Page 167 Name |lldpRemTablesChange ||1.0.8802.1.1.2.0.0.1 Trap Object Name |||lldpStatsRemTablesInserts ||||1.0.8802.1.1.2.1.2.2 Name |||lldpStatsRemTablesDeletes ||||1.0.8802.1.1.2.1.2.3 Name |||lldpStatsRemTablesDrops ||||1.0.8802.1.1.2.1.2.4 Name |||lldpStatsRemTablesAgeouts ||||1.0.8802.1.1.2.1.2.5 Table 36 Command output Field Description Name Name of a MIB notification node. OID of a MIB notification node. Trap Object Name and OID of a notification object. # Display detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.
  • Page 168 Field Description MIB node types: • Table—Table node. • Row—Row node in a MIB table. • Column—Column node in a MIB table. NodeType • Leaf—Leaf node. • Group—Group node (parent node of a leaf node). • Trapnode—Notification node. • Other—Other node types. Permissions to MIB nodes: •...

  • Page 169: Display Snmp-Agent Mib-View

    Field Description Index Table index. This field appears only for a table node. display snmp-agent mib-view Use display snmp-agent mib-view to display MIB views. Syntax display snmp-agent mib-view [ exclude | include | viewname view-name ] Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 170: Display Snmp-Agent Remote

    View name: ViewDefault MIB Subtree: snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type: excluded View status: active ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.

  • Page 171: Display Snmp-Agent Statistics

    An SNMP engine ID uniquely identifies an SNMP entity in an SNMP domain. If you do not specify a remote SNMP entity, this command displays the engine IDs of all remote SNMP entities. Examples # Display engine IDs of all remote SNMP entities. <Sysname>...
  • Page 172 7 GetRequest-PDU accepted and processed. 7 GetNextRequest-PDU accepted and processed. 1653 GetBulkRequest-PDU accepted and processed. 1669 GetResponse-PDU accepted and processed. 2 SetRequest-PDU accepted and processed. 0 Trap PDUs accepted and processed. 0 alternate Response Class PDUs dropped silently. 0 forwarded Confirmed Class PDUs dropped silently. Table 40 Command output Field Description...

  • Page 173: Display Snmp-Agent Sys-Info

    display snmp-agent sys-info Use display snmp-agent sys-info to display SNMP agent system information. Syntax display snmp-agent sys-info [ contact | location | version ] * Views Any view Predefined user roles network-admin network-operator Parameters contact: Displays the system contact. location: Displays the physical location of the device. version: Displays the SNMP agent version.

  • Page 174: Display Snmp-Agent Trap-List

    Examples # Display the trap queue configuration and usage status. <Sysname> display snmp-agent trap queue Queue size: 100 Message number: 6 Related commands snmp-agent trap life snmp-agent trap queue-size display snmp-agent trap-list Use display snmp-agent trap-list to display SNMP notifications enabling status for modules. Syntax display snmp-agent trap-list Views...
  • Page 175 Syntax display snmp-agent usm-user [ engineid engineid | group group-name | username user-name ] * Views Any view Predefined user roles network-admin network-operator Parameters engineid engineid: Specifies an SNMP engine ID. The engine ID is case insensitive. When an SNMPv3 user is created, the system records the local SNMP entity engine ID. The user becomes invalid when the engine ID changes, and it becomes valid again when the recorded engine ID is restored.

  • Page 176: Enable Snmp Trap Updown

    Storage-type: nonVolatile UserStatus: active Table 41 Command output Field Description Username SNMP username. Group name SNMP group name. Role name SNMP user role name. Engine ID Engine ID that the SNMP agent used when the SNMP user was created. Storage type: •...

  • Page 177: Snmp-Agent

    Usage guidelines For an interface to generate linkUp/linkDown notifications when its state changes, you must also enable the linkUp/linkDown notification function globally by using the snmp-agent trap enable standard [ linkdown | linkup ] * command. Examples # Enable GigabitEthernet 1/0/1 to send linkUp/linkDown SNMP traps to 10.1.1.1 in the community public.

  • Page 178: Snmp-Agent Calculate-Password

    Syntax snmp-agent { inform | trap } source interface-type interface-number undo snmp-agent { inform | trap } source Default The SNMP agent uses the IP address of the outgoing interface as the source IP address of notifications. Views System view Predefined user roles network-admin Parameters...
  • Page 179 Views System view Predefined user roles network-admin Parameters plain-password: Specifies a key in plaintext form. The plain-password argument is a case-sensitive string of 1 to 64 characters. mode: Specifies an authentication algorithm and encryption algorithm. The device supports the HMAC-MD5 and HMAC-SHA1 authentication algorithms. The HMAC-MD5 algorithm is faster than the HMAC-SHA1 algorithm.

  • Page 180: Snmp-Agent Community

    Examples # Use the local engine ID and the HMAC-SHA1 algorithm to calculate the encrypted form for key authkey. <Sysname> system-view [Sysname] snmp-agent calculate-password authkey mode sha local-engineid The encrypted key is: 09659EC5A9AE91BA189E5845E1DDE0CC Related commands snmp-agent local-engineid snmp-agent usm-user v3 snmp-agent community Use snmp-agent community to configure an SNMPv1 or SNMPv2c community.
  • Page 181 set of accessible MIB objects. If you do not specify a view, the specified community can access the MIB objects in the default MIB view ViewDefault. user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63 characters.
  • Page 182 • If you specify an ACL and the ACL has rules, only NMSs permitted by the ACL can access the SNMP agent. For more information about ACL, see ACL and QoS Configuration Guide. You can also create an SNMP community by using the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands.

  • Page 183: Snmp-Agent Community-Map

    snmp-agent community-map Use snmp-agent community-map to map an SNMP community to an SNMP context. Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context. Syntax snmp-agent community-map community-name context context-name undo snmp-agent community-map community-name context context-name Default No mapping exists between an SNMP community and an SNMP context.

  • Page 184: Snmp-Agent Group

    Parameters context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters. Usage guidelines For an NMS and an SNMP agent to communicate, configure the same SNMP context for them or do not configure a context for the NMS. You can create a maximum of 20 SNMP contexts.
  • Page 185 v2c: Specifies SNMPv2c. v3: Specifies SNMPv3. group-name: Specifies an SNMP group name, a case-sensitive string of 1 to 32 characters. authentication: Specifies the authentication without privacy security model for the SNMPv3 group. privacy: Specifies the authentication with privacy security model for the SNMPv3 group. read-view view-name: Specifies a read-only MIB view.

  • Page 186: Snmp-Agent Local-Engineid

    Security model Security key Security model keyword for the settings for the Remarks group user If no authentication key is configured, SNMP communication will fail. Authentication without Authentication key authentication privacy The encryption key (if any) for the user does not take effect.

  • Page 187: Snmp-Agent Log

    Parameters engineid: Specifies an SNMP engine ID, a case-insensitive hexadecimal string. Its length is an even number in the range of 10 to 64. All-zero and all-F strings are invalid. Usage guidelines An SNMP engine ID uniquely identifies a device in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.

  • Page 188: Snmp-Agent Mib-View

    Examples # Enable logging SNMP Get operations. <Sysname> system-view [Sysname] snmp-agent log get-operation # Enable logging SNMP Set operations. <Sysname> system-view [Sysname] snmp-agent log set-operation # Enable logging SNMP authentication failures. <Sysname> system-view [Sysname] snmp-agent log authfail snmp-agent mib-view Use snmp-agent mib-view to create or update a MIB view. Use undo snmp-agent mib-view to delete a MIB view.

  • Page 189: Snmp-Agent Packet Max-Size

    Examples # Include the mib-2 (OID 1.3.6.1.2.1) subtree in the mibtest view and exclude the system subtree from this view. <Sysname> system-view [Sysname] snmp-agent sys-info version v1 [Sysname] snmp-agent mib-view included mibtest 1.3.6.1.2.1 [Sysname] snmp-agent mib-view excluded mibtest system [Sysname] snmp-agent community read public mib-view mibtest An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree but not any object (for example, the sysDescr or sysObjectID node) in the system subtree.

  • Page 190: Snmp-Agent Remote

    Syntax snmp-agent port port-num undo snmp-agent port Default The device uses UDP port 161 for receiving SNMP packets. Views System view Predefined user roles network-admin Parameters port-num: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default port number is 161.

  • Page 191: Snmp-Agent Sys-Info Contact

    engineid: Specifies the SNMP engine ID of the remote SNMP entity. This argument is a case-insensitive hexadecimal string. Its length is an even number in the range of 10 to 64. All-zero and all-F strings are invalid. Usage guidelines To send informs to an NMS, you must configure the SNMP engine ID of the NMS on the SNMP agent.

  • Page 192: Snmp-Agent Sys-Info Location

    snmp-agent sys-info location Use snmp-agent sys-info location to configure the system location. Use undo snmp-agent sys-info location to restore the default location. Syntax snmp-agent sys-info location sys-location undo snmp-agent sys-info location Default The system location is not configured. Views System view Predefined user roles network-admin Parameters...

  • Page 193: Snmp-Agent Target-Host

    Predefined user roles network-admin Parameters all: Specifies SNMPv1, SNMPv2c, and SNMPv3. v1: Specifies SNMPv1. v2c: Specifies SNMPv2c. v3: Specifies SNMPv3. Usage guidelines SNMPv1 and SNMPv2c settings in this command are not supported in FIPS mode. Configure the SNMP agent with the same SNMP version as the NMS for successful communications between them.
  • Page 194 Predefined user roles network-admin Parameters inform: Specifies a host that receives informs. trap: Specifies a host that receives traps. address: Specifies the destination address of SNMP notifications. udp-domain: Specifies UDP as the transport protocol. ipv4-address: Specifies a target host by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters.

  • Page 195: Snmp-Agent Trap Enable

    snmp-agent trap life snmp-agent trap enable Use snmp-agent trap enable to enable SNMP notifications. Use undo snmp-agent trap enable to disable SNMP notifications. Syntax snmp-agent trap enable [ configuration | protocol | standard [ authentication | coldstart | linkdown | linkup | warmstart ] * | system ] undo snmp-agent trap enable [ configuration | protocol | standard [ authentication | coldstart | linkdown | linkup | warmstart ] * | system ] Default...

  • Page 196: Snmp-Agent Trap If-Mib Link Extended

    Examples # Enable the SNMP agent to send SNMP authentication failure notifications. <Sysname> system-view [Sysname] snmp-agent trap enable standard authentication Related commands snmp-agent target-host snmp-agent trap if-mib link extended Use snmp-agent trap if-mib link extended to configure the SNMP agent to send extended linkUp/linkDown notifications.

  • Page 197: Snmp-Agent Trap Log

    Predefined user roles network-admin Parameters seconds: Sets a lifetime in the range of 1 to 2592000, in seconds. Usage guidelines When congestion occurs, the SNMP agent buffers notifications in a queue. The notification lifetime sets how long a notification can stay in the queue. A notification is deleted when its lifetime expires. Examples # Set the SNMP notification lifetime to 60 seconds.

  • Page 198: Snmp-Agent Usm-User { V1 | V2C

    Syntax snmp-agent trap queue-size size undo snmp-agent trap queue-size Default The SNMP notification queue can store a maximum of 100 notifications. Views System view Predefined user roles network-admin Parameters size: Specifies the maximum number of notifications that the SNMP notification queue can hold. The value range is 1 to 1000.
  • Page 199 v2c: Specifies SNMPv2c. user-name: Specifies an SNMP username, a case-sensitive string of 1 to 32 characters. group-name: Specifies an SNMPv1 or SNMPv2c group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. The user takes effect only after you create the group.

  • Page 200: Snmp-Agent Usm-User V3

    <Sysname> system-view [Sysname] acl basic 2001 [Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0 [Sysname-acl-ipv4-basic-2001] rule deny source any [Sysname-acl-ipv4-basic-2001] quit [Sysname] snmp-agent sys-info version v2c [Sysname] snmp-agent group v2c readCom [Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001 # Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.2 can use the protocol SNMPv2c and read-only community name userv2c to access the device.
  • Page 201 aes256 } priv-password ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] * undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } } •...
  • Page 202 • aes256: Specifies the AES encryption algorithm that uses a 256-bit key. • des56: Specifies the DES encryption algorithm that uses a 56-bit key. priv-password: Specifies an encryption key. This argument is case sensitive. • The plaintext form of the key in non-FIPS mode is a string of 1 to 64 characters. The plaintext form of the key in FIPS mode is a string of 15 to 64 characters, which must contain numbers, uppercase letters, lowercase letters, and special characters.
  • Page 203 • If you specify only user roles but do not change any other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user. Other settings remain unchanged. • If you specify user roles and also change other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user.

  • Page 204: Snmp-Agent Usm-User V3 User-Role

    [Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A [Sysname] snmp-agent group v3 testGroup privacy [Sysname] snmp-agent usm-user v3 remoteUser testGroup remote 10.1.1.1 simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&! In RBAC mode: # Create SNMPv3 user testUser with user role network-operator and enable authentication for the user.
  • Page 205 An SNMPv3 user must have a minimum of one user role. Examples # Assign the user role network-admin to the SNMPv3 user testUser. <Sysname> system-view [Sysname] snmp-agent usm-user v3 testUser user-role network-admin Related commands snmp-agent usm-user v3...

  • Page 206: Rmon Commands

    RMON commands display rmon alarm Use display rmon alarm to display information about RMON alarm entries. Syntax display rmon alarm [ entry-number ] Views Any view Predefined user roles network-admin network-operator Parameters entry-number: Specifies an alarm entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all RMON alarm entries.

  • Page 207: Display Rmon Event

    Field Description Sampling interval Interval (in seconds) at which data is sampled. Rising threshold Alarm rising threshold. associated with event Event index associated with the alarm.. Falling threshold Alarm falling threshold. Alarm that can be generated at the first sampling: •...

  • Page 208: Display Rmon Eventlog

    Table 45 Command output Field Description Event entry owner and status: • entry-number—Event entry index. owner—Entry owner. • • status—Entry status: VALID—The entry is valid. EventEntry entry-number UNDERCREATION—The entry is invalid. owned by owner is status. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default.

  • Page 209: Display Rmon History

    Examples # Display the RMON log for event entry 99. <Sysname> display rmon eventlog 99 EventEntry 99 owned by ww is VALID. LogEntry 99.1 created at 50days 08h:54m:44s uptime. Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77, uprise 16760000 with alarm value 16776314. Alarm sample type is absolute. LogEntry 99.2 created at 50days 09h:11m:13s uptime.
  • Page 210 Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays history samples for all interfaces that have an RMON history control entry. Usage guidelines RMON uses the etherHistoryTable object to store the history samples of Ethernet statistics for Ethernet interfaces.

  • Page 211: Display Rmon Prialarm

    Field Description Maximum number of samples that can be saved for the history control entry. If the expected bucket size specified with the rmon history command exceeds the available history table size, RMON sets the bucket size as closely to the buckets max expected bucket size as possible.
  • Page 212 network-operator Parameters entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all private alarm entries. Examples # Display information about all RMON private alarm entries. <Sysname> display rmon prialarm PrialarmEntry 1 owned by user1 is VALID.

  • Page 213: Display Rmon Statistics

    Field Description Lifetime of the entry. • If the lifetime is set to forever, the entry never expires. Entry lifetime • If the lifetime is set to an amount of time, the entry is removed when the timer expires. Latest value Most recent sampled value.

  • Page 214: Rmon Alarm

    Table 49 Command output Field Description Statistics entry owner and status: • entry-number—Statistics entry index. owner—Entry owner. • • status—Entry status: EtherStatsEntry VALID—The entry is valid. entry-number owned by UNDERCREATION—The entry is invalid. owner is status. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default.
  • Page 215 Syntax rmon alarm entry-number alarm-variable sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ] undo rmon alarm entry-number Default No RMON alarm entries exist. Views System view Predefined user roles...

  • Page 216: Rmon Event

    falling-threshold threshold-value2 event-entry2: Sets the falling threshold. The threshold-value2 argument represents the falling threshold in the range of –2147483648 to 2147483647. The event-entry2 argument represents the index of the event that is triggered when the falling threshold is crossed. The value range for the event-entry2 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.

  • Page 217: Rmon History

    Default No RMON event entries exist. Views System view Predefined user roles network-admin Parameters entry-number: Specifies an event entry index in the range of 1 to 65535. description string: Configures an event description, a case-sensitive string of 1 to 127 characters. log: Logs the event .

  • Page 218: Rmon Prialarm

    Syntax rmon history entry-number buckets number interval interval [ owner text ] undo rmon history entry-number Default No RMON history control entries exist. Views Ethernet interface view Predefined user roles network-admin Parameters entry-number: Specifies a history control entry index in the range of 1 to 65535. buckets number: Specifies the expected maximum number of samples to be retained for the entry, in the range of 1 to 65535.
  • Page 219 undo rmon prialarm entry-number Default No RMON private alarm entries exist. Views System view Predefined user roles network-admin Parameters entry-number: Specifies a private alarm entry index in the range of 1 to 65535. prialarm-formula: Configures a private alarm variable formula, a string of 1 to 255 characters. The variables in the formula must be represented in OID format that starts with a dot (.), for example, (.1.3.6.1.2.1.2.1.10.1)*8.

  • Page 220: Rmon Statistics

    Each alarm entry must have a unique alarm variable, sampling interval, sample type, rising threshold, or falling threshold. You cannot create an alarm entry if all these parameters for the entry are the same as an existing entry. To trigger the event associated with an alarm condition, you must create the event with the rmon event command.
  • Page 221 Default No RMON statistics entries exist. Views Ethernet interface view Predefined user roles network-admin Parameters entry-number: Specifies a statistics entry index in the range of 1 to 65535. owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters. Usage guidelines Each RMON statistics entry provides a set of cumulative traffic statistics collected up to the present time for an interface.

  • Page 222: Netconf Commands

    NETCONF commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. netconf idle-timeout Use netconf idle-timeout to set the NETCONF session idle timeout time.

  • Page 223: Netconf Log

    netconf log Use netconf log to enable NETCONF logging. Use undo netconf log to remove the configuration for the specified NETCONF operation sources and NETCONF operations. Syntax netconf log source { all | { agent | soap } * } { { protocol-operation { all | { action | config | get | session | set | syntax | others } * } } | verbose } undo netconf log source { all | { agent | soap } * } { { protocol-operation { all | { action | config | get | session | set | syntax | others } * } } | verbose }...

  • Page 224: Netconf Soap Domain

    <Sysname> system-view [Sysname] netconf log source agent protocol-operation set netconf soap domain Use netconf soap domain to specify a mandatory authentication domain for NETCONF users. Use undo netconf soap domain to restore the default. Syntax netconf soap domain domain-name undo netconf soap domain domain-name Default No mandatory authentication domain is specified for NETCONF users.

  • Page 225: Netconf Soap Http Dscp

    Views System view Predefined user roles network-admin Parameters acl-number: Specifies an ACL by its number in the range of 2000 to 2999. name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all. The specified ACL must be an existing IPv4 basic ACL.

  • Page 226: Netconf Soap Http Enable

    Examples # Set the DSCP value to 30 for outgoing NETCONF over SOAP over HTTP packets. <Sysname> system-view [Sysname] netconf soap http dscp 30 netconf soap http enable Use netconf soap http enable to enable NETCONF over SOAP over HTTP. Use undo netconf soap http enable to disable NETCONF over SOAP over HTTP.

  • Page 227: Netconf Soap Https Dscp

    Parameters acl-number: Specifies an ACL by its number in the range of 2000 to 2999. name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all. The specified ACL must be an existing IPv4 basic ACL.

  • Page 228: Netconf Soap Https Enable

    netconf soap https enable Use netconf soap https enable to enable NETCONF over SOAP over HTTPS. Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS. Syntax netconf soap https enable undo netconf soap https enable Default NETCONF over SOAP over HTTPS is disabled.

  • Page 229: Netconf Ssh Server Port

    Examples # Enable NETCONF over SSH. <Sysname> system-view [Sysname] netconf ssh server enable netconf ssh server port Use netconf ssh server port to specify a port to listen for NETCONF over SSH connections. Use undo netconf ssh server port to restore the default. Syntax netconf ssh server port port-number undo netconf ssh server port...
  • Page 230 Table 51 NETCONF operations available for the predefined user roles User role NETCONF operations network-admin All NETCONF operations • • Get-bulk • Get-bulk-config network-operator Get-config • • Get-sessions • Close-session To configure NETCONF in XML view, copy NETCONF messages to the device in strict accordance with the NETCONF message format.
  • Page 231 <close-session> </close-session> </rpc>]]>]]> <Sysname>...

  • Page 232: Cwmp Commands

    CWMP commands cwmp Use cwmp to enter CWMP view. Syntax cwmp Views System view Predefined user roles network-admin Examples # Enter CWMP view. <Sysname> system-view [Sysname] cwmp Related commands cwmp enable cwmp acs default password Use cwmp acs default password to configure a password for authentication to the default ACS URL.

  • Page 233: Cwmp Acs Default Url

    Usage guidelines You can configure only one password for authentication to the default ACS URL. If you execute this command multiple times, the most recent configuration takes effect. For a successful connection, make sure the CPE has the same username and password settings as the ACS.

  • Page 234: Cwmp Acs Default Username

    Related commands cwmp acs default password cwmp acs default username cwmp acs default username Use cwmp acs default username to configure the username for authentication to the default ACS URL. Use undo cwmp acs default username to restore the default. Syntax cwmp acs default username username undo cwmp acs default username...

  • Page 235: Cwmp Acs Url

    Default No password is configured for authentication to the preferred ACS URL. Views CWMP view Predefined user roles network-admin Parameters cipher: Specifies a password in encrypted form. simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

  • Page 236: Cwmp Acs Username

    Parameters url: Specifies the preferred ACS URL, a string of 8 to 255 characters. The URL must use the http://host[:port]/path or https://host[:port]/path format. Usage guidelines The device supports only one preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

  • Page 237: Cwmp Cpe Connect Interface

    Related commands cwmp acs password cwmp cpe connect interface Use cwmp cpe connect interface to specify the CWMP connection interface. Use undo cwmp cpe connect interface to restore the default. Syntax cwmp cpe connect interface interface-type interface-number undo cwmp cpe connect interface Default No CWMP connection interface is specified.

  • Page 238: Cwmp Cpe Inform Interval

    Default The CPE retries a failed connection until the connection is established with the ACS. Views CWMP view Predefined user roles network-admin Parameters retries: Specifies the maximum number of CWMP connection retries. The value range is 0 to 100. To disable the CPE to retry a CWMP connection, set this argument to 0.

  • Page 239: Cwmp Cpe Inform Interval Enable

    [Sysname-cwmp] cwmp cpe inform interval enable [Sysname-cwmp] cwmp cpe inform interval 3600 Related commands cwmp cpe inform interval enable cwmp cpe inform interval enable Use cwmp cpe inform interval enable to enable the periodic Inform feature. Use undo cwmp cpe inform interval enable to disable the periodic Inform feature. Syntax cwmp cpe inform interval enable undo cwmp cpe inform interval enable...

  • Page 240: Cwmp Cpe Password

    Predefined user roles network-admin Parameters time: Specifies the time at which the CPE sends an Inform message. The time format is yyyy-mm-ddThh:mm:ss, and the value range is 1970-01-01T00:00:00 to 2035-12-31T23:59:59. The specified time must be greater than the current system time. Examples # Configure the CPE to send an Inform message at 2007-12-01T20:00:00.

  • Page 241: Cwmp Cpe Provision-Code

    <Sysname> system-view [Sysname] cwmp [Sysname-cwmp] cwmp cpe password simple newpsw Related commands cwmp cpe username cwmp cpe provision-code Use cwmp cpe provision-code to configure the provision code of the CPE. Use undo cwmp cpe provision-code to restore the default. Syntax cwmp cpe provision-code provision-code undo cwmp cpe provision-code Default...

  • Page 242: Cwmp Cpe Username

    Default NAT traversal is disabled for CWMP. Views CWMP view Predefined user roles network-admin Usage guidelines Connection requests initiated from the CPE can reach the ACS through a NAT gateway without NAT traversal. However, for the connection request initiated from the ACS to reach the CPE, you must enable NAT traversal on the CPE when a NAT gateway resides between the CPE and the ACS.

  • Page 243: Cwmp Cpe Wait Timeout

    For a successful connection, make sure the ACS has the same username setting as the CPE. If a password is required, you must also make sure the ACS has the same password setting as the CPE. The ACS must provide the correct username when it initiates a connection to the CPE. If the username is incorrect, the CPE denies the connection request from the ACS.

  • Page 244: Cwmp Enable

    cwmp enable Use cwmp enable to enable CWMP. Use undo cwmp enable to disable CWMP. Syntax cwmp enable undo cwmp enable Default CWMP is disabled. Views CWMP view Predefined user roles network-admin Usage guidelines CWMP configuration takes effect only after CWMP is enabled. Examples # Enable CWMP.

  • Page 245: Display Cwmp Status

    Periodic inform : Disabled Inform interval : 600s Inform time : None Wait timeout : 30s Connection retries : Unlimited Source IP interface : None STUN state : Disabled SSL policy name : Null Table 52 Command output Field Description CWMP state Status of CWMP: Enabled or Disabled.
  • Page 246 Syntax display cwmp status Views Any view Predefined user roles network-admin network-operator Examples # Display CWMP state information. <Sysname> display cwmp status CWMP state : Enabled ACS URL of most recent connection : http://www.acs.com:80/acs ACS information source : User ACS username of most recent connection : newname Connection status : Disconnected...

  • Page 247: Ssl Client-Policy

    Field Description Amount of time (in seconds) that the CPE must wait before it initiates the next Length of time before next connection. This field displays None if the CPE does not detect an event that connection attempt will trigger a connection attempt. Related commands display cwmp configuration ssl client-policy...

  • Page 248: Eaa Commands

    EAA commands action cli Use action cli to add a CLI action to a monitor policy. Use undo action to remove an action. Syntax action number cli command-line undo action number Default A monitor policy does not contain any actions. Views CLI-defined policy view Predefined user roles...

  • Page 249: Action Reboot

    action reboot Use action reboot to add a reboot action to a monitor policy. Use undo action to remove an action. Syntax action number reboot [ slot slot-number ] undo action number Default A monitor policy does not contain any actions. Views CLI-defined policy view Predefined user roles...

  • Page 250: Action Syslog

    Views CLI-defined policy view Predefined user roles network-admin Parameters number: Specifies an action ID in the range of 0 to 231. Usage guidelines You can configure a series of actions to be executed in response to the event specified in a monitor policy.

  • Page 251: Commit

    Usage guidelines EAA sends log messages to the information center. You can configure the information center to output these messages to certain destinations. For more information about the information center, see "Configuring the information center." You can configure a series of actions to be executed in response to the event specified in a monitor policy.

  • Page 252: Display Rtm Policy

    Views Any view Predefined user roles network-admin network-operator Parameters var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign.
  • Page 253 Usage guidelines To display the running configuration of CLI-defined monitor policies, execute the display current-configuration command in any view or execute the display this command in CLI-defined monitor policy view. Examples # Display monitor policies that are executing the actions. <Sysname>...

  • Page 254: Event Cli

    network-admin Table 57 Command output Field Description Total number Total number of the monitor polices. PolicyName Name of the monitor policy. Policy creation method: Policy Type • TCL—The policy was configured by using Tcl. • CLI—The policy was configured from the CLI. Event type, including CLI, hotplug, interface, process, SNMP, SNMP-Notification, Event Type Syslog, and track.

  • Page 255: Event Hotplug

    Usage guidelines Use CLI event monitor policies to monitor operations performed at the CLI. You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event. Examples # Configure a CLI-defined policy to monitor execution of commands that contain the display interface brief string.

  • Page 256: Event Interface

    Usage guidelines After you configure the event, the monitor policy is triggered when the member device joins or leaves the IRF fabric, or when a subcard is inserted in or removed from the specified subcard slot. If you do not specify the insert or remove keyword, EAA monitors the member device for joining or leaving the IRF fabric and the subcard slot for subcard hot-swapping.
  • Page 257 Table 58 Monitored objects Monitored traffic Description statistic Number of discarded incoming packets. input-drops Number of incoming error packets. input-errors Number of discarded outgoing packets. output-drops Number of outgoing error packets. output-errors Receive rate, in bps. rcv-bps Number of incoming broadcasts. rcv-broadcasts Receive rate, in packets per second.

  • Page 258: Event Process

    Examples # Configure a CLI-defined policy to monitor the incoming error packet statistic on GigabitEthernet 1/0/1 every 60 seconds. Set the start threshold to 1000 and the restart threshold to 50. Enable EAA to execute the policy when the statistic exceeds 1000 for the first time. Enable EAA to re-execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50.

  • Page 259: Event Snmp Oid

    Examples # Configure a CLI-defined policy to monitor all instances of the process snmpd for restart events. <Sysname>system-view [Sysname] rtm cli-policy test [Sysname-rtm-test] event process restart name snmpd event snmp oid Use event snmp oid to configure an SNMP event for a CLI-defined monitor policy. Use undo event to delete the event in a CLI-defined monitor policy.

  • Page 260: Event Snmp-Notification

    EAA executes an SNMP event policy when the monitored MIB variable's value crosses the start threshold in the following situations: • The monitored variable's value crosses the start threshold for the first time. • The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.

  • Page 261: Event Syslog

    op op: Specifies the operator for comparing the sampled value with the threshold. The policy is executed if the comparison result meets the condition. For keywords available for the start-op argument, see Table drop: Drops the notification if the comparison result meets the condition. If you do not specify this keyword, the system sends the notification.

  • Page 262: Event Track

    occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds. Usage guidelines Use Syslog event monitor policies to monitor log messages.

  • Page 263: Rtm Cli-Policy

    Usage guidelines Use track event monitor policies to monitor state change of track entries. If you specify one track entry for a policy, EAA triggers the policy when the state of the track entry changes from Positive to Negative or from Negative to Positive. If you specify multiple track entries for a policy, EAA triggers the policy only when the state of all the track entries changes from Positive to Negative or Negative to Positive.

  • Page 264: Rtm Environment

    Examples # Create a CLI-defined policy and enter its view. <Sysname> system-view [Sysname] rtm cli-policy test Related commands commit rtm environment Use rtm environment to configure an EAA environment variable. Use undo rtm environment to delete a user-defined EAA environment variable. Syntax rtm environment var-name var-value undo rtm environment var-name...

  • Page 265: Rtm Event Syslog Buffer-Size

    Variable name Description _oid OID that is included in the SNMP notification. Process: _process_name Process name. Views System view Predefined user roles network-admin Parameters var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign.

  • Page 266: Rtm Scheduler Suspend

    Usage guidelines After you execute a Syslog event monitor policy, the system saves a copy of the logs to the EAA-monitored log buffer. When the logs in the buffer match the Syslog event, EAA executes the monitor policy actions. Typically, the default EAA-monitored log buffer size is sufficient. However, when a feature malfunctions or the user enables multiple debugging functions, a large number of logs are generated.

  • Page 267: Running-Time

    Syntax rtm tcl-policy policy-name tcl-filename undo rtm tcl-policy policy-name Default No Tcl policies exist. Views System view Predefined user roles network-admin Parameters policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters. tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must ensure that the file is available on a storage medium of the device.

  • Page 268: User-Role

    Views CLI-defined policy view Predefined user roles network-admin Parameters time: Specifies the runtime of the CLI-defined policy, in the range of 0 to 31536000 seconds. If you specify 0, the policy can run forever until it is manually interrupted. Usage guidelines Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered.
  • Page 269 An EAA policy cannot have both the security-audit user role and any other user roles. Any previously assigned user roles are automatically removed when you assign the security-audit user role to the policy. The previously assigned security-audit user role is automatically removed when you assign any other user roles to the policy.

  • Page 270: Process Monitoring And Maintenance Commands

    Process monitoring and maintenance commands The display memory, display process, display process cpu, monitor process and monitor thread commands display information about both user processes and kernel threads. In these commands, "process" refers to both user processes and kernel threads. display exception context Use display exception context to display context information for process exceptions.
  • Page 271 esp:0xbfe244b8 ebp:0xbfe244c8 esi:0xffffffff edi:0xbfe24674 eip:0xb7caba4a eflag:0x00000292 cs:0x00000073 ss:0x0000007b ds:0x0000007b es:0x0000007b fs:0x00000000 gs:0x00000033 # Display the exception context information on the x86-based 64-bit terminal. <Sysname> display exception context Index 1 of 1 ------------------------------ Crashed PID: 121 (routed) Crash signal: SIGBUS Crash time: Sun Mar 31 11:12:21 2013 Core file path: flash:/core/node0_routed_121_7_20130331-111221_1364728341.core 0x00007fae7dbad20c...
  • Page 272 grp12: 0x10006b4c 0x10020534 0xd6744100 0x00000000 grp16: 0x00000000 0xa0203ff0 0xa028b12c 0xa028b13c grp20: 0xa028b148 0xa028b168 0xa028b178 0xa028b190 grp24: 0xa028b1a8 0xa028b1b8 0x00000000 0x7ffd6c08 grp28: 0x10006cac 0x7ffd6f92 0x184c1b84 0x7ffd6ae0 nip:0x184720bc lr:0x10006b4c cr:0x38000022 ctr:0x1847209c msr:0x0002db00 xer:0x00000000 ret:0xfffffffc dsisr:0x08000000 gr3:0x00000003 mq:0x00000000 trap:0x00000c00 dar:0x1833114c # Display the exception context information on the PowerPC-based 64-bit terminal. <Sysname>...
  • Page 273 Index 1 of 1 ------------------------------ Crashed PID: 182 (routed) Crash signal: SIGBUS Crash time: Sun Jan 2 08:11:38 2013 Core file path: flash:/core/node4_routed_182_10_20130102-081138_1293955898.core 0x2af2faf4 0x00406d8c Backtrace stopped. Registers' content zero:0x00000000 at:0x1000dc00 v0:0x00000004 v1:0x00000003 a0:0x00000003 a1:0x7fd267e8 a2:0x0000000a a3:0x00000001 t0:0x00000000 t1:0xcf08fa14 t2:0x80230510 t3:0xfffffff8 t4:0x69766520 t5:0x00000000...

  • Page 274: Display Exception Filepath

    gp:0x0000000120020460 sp:0x000000ffff899d70 s8:0x000000ffff899d80 ra:0x0000000120006c1c sr:0x000000000400fff3 lo:0xdf3b645a1cac08c9 hi:0x000000000000007f bad:0x000000555589ba84 cause:0x0000000000800020 pc:0x0000005555a3bcb4 Table 61 Command output Filed Description Crashed PID ID of the crashed process. Signals that led to the crash: • SIGABRT—Abort. • SIGBUS—Bus error. • SIGFPE—Erroneous arithmetic operation. • SIGILL—Illegal hardware instructions. •...

  • Page 275: Display Kernel Deadloop

    The exception filepath on slot 1 is flash:. display kernel deadloop Use display kernel deadloop to display kernel thread deadloop information. Syntax display kernel deadloop show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles...
  • Page 276 VCPU ID Kernel module info : module name (mrpnc) module address (0xe332a000) Last 5 thread switches : migration/0 (11:16:00.823018)--> swapper (11:16:00.833018)--> kthreadd (11:16:00.833518)--> swapper (11:16:00.833550)--> disk (11:16:00.833560) Register content: Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ; Reg: r2, Val = 0x00000000 ;...
  • Page 277 0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30 0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00 0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0 0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00 0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc 0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18...

  • Page 278: Display Kernel Deadloop Configuration

    Field Description Information about kernel modules that had been loaded when the kernel thread deadloop was detected, including: Kernel module info • Module name—Kernel module name. • Module address—Memory address of the module. Last five kernel thread switches on the CPU before the kernel thread Last 5 thread switches deadloop was detected, including kernel thread name and kernel thread switching time with microsecond precision.

  • Page 279: Display Kernel Exception

    Table 63 Command output Field Description Time interval (in seconds) to identify a kernel thread deadloop. A Dead loop timer (in seconds): n kernel thread deadloop occurs if a kernel thread runs more than n seconds. Dead loop core list CPU cores for which kernel thread deadloop detection is performed.
  • Page 280 Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Instruction address : 0x4004158c Thread : comsh (TID: 16306) Context : thread context Slot VCPU ID Kernel module info : module name (mrpnc) module address (0xe332a000) module name (disk) module address (0xe00bd000) # Display detailed information about the most recent kernel thread exception.
  • Page 281 Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ; Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ; Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ; Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;...

  • Page 282: Display Kernel Reboot

    Function Address = 0x8016ce0c Function Address = 0x801223a0 Instruction dump: 41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80 4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c For more information about the command output, see Table Related commands reset kernel exception display kernel reboot Use display kernel reboot to display reboot information for member devices.
  • Page 283 # Display detailed information about the most recent reboot. <Sysname> display kernel reboot 1 verbose ----------------- Reboot record 1 ----------------- Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Reason : 0x31 Thread : comsh (TID: 16306) Context : thread context Slot Target Slot VCPU ID...

  • Page 284: Display Kernel Starvation

    0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98 0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00 0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0 0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70 0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44...
  • Page 285 Syntax display kernel starvation show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin Parameters show-number: Specifies the number of thread starvations to display, in the range of 1 to 20. offset: Specifies the offset between the starting starvation and the most recent starvation, in the range of 0 to 19.
  • Page 286 Last 5 thread switches : migration/0 (11:16:00.823018)--> swapper (11:16:00.833018)--> kthreadd (11:16:00.833518)--> swapper (11:16:00.833550)--> disk (11:16:00.833560) Register content: Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ; Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ; Reg: r4, Val = 0x00000000 ;...

  • Page 287: Display Kernel Starvation Configuration

    0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00 0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc 0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18 0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f 0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68 0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00...

  • Page 288: Display Process

    cpu cpu-number: Specifies a CPU by its number. Examples # Display kernel thread starvation detection configuration. <Sysname> display kernel starvation configuration Thread starvation detection: Disabled Starvation timer (in seconds): 10 Threads excluded from monitoring: 1 TID: Name: co0 Table 65 Command output Field Description Time interval (in seconds) to identify a kernel thread starvation.
  • Page 289 Examples # Display state information for the process scmd. <Sysname> display process name scmd Job ID: 1 PID: 1 Parent JID: 0 Parent PID: 0 Executable path: /sbin/scmd Instance: 0 Respawn: OFF Respawn count: 1 Max. spawns per minute: 0 Last started: Wed Jun 1 14:45:46 2013 Process state: sleeping...
  • Page 290 Parameters carried by the process during startup. If the process carries no ARGS parameters, this field displays a hyphen (-). Thread ID. LAST_CPU Number of the CPU on which the process is last scheduled. Stack Stack size. Thread priority. Thread state: •...

  • Page 291: Display Process Cpu

    Table 67 Command output Field Description Job ID of a process. It never changes. Number of a process. %CPU CPU usage in percentage (%). %MEM Memory usage in percentage (%). State of a process: • R—Running. • S—Sleeping. STAT • T—Traced or stopped.

  • Page 292: Display Process Log

    Table 68 Command output Field Description CPU utilization in 5 secs: 16.8%; System CPU usage within the last 5 seconds, 1 minute, and 5 minutes. 1 min: 4.7%; 5 mins: 4.7% Job ID of a process. It never changes. 5Sec CPU usage of the process within the last 5 seconds.

  • Page 293: Display Process Memory

    Field Description ID of a user process. Indicates whether the process exited abnormally: Abort • Y—Yes. • N—No. Indicates whether the process can generate core files: Core • Y—Yes. • N—No. Process exit code. This field displays two hyphens (--) if the process was killed Exit by a signal.

  • Page 294: Display Process Memory Heap

    [kthreadd] [ksoftirqd/0] [watchdog/0] [events/0] [khelper] [kblockd/0] [vzmond] [pdflush] ---- More ---- Table 70 Command output Field Description Job ID of a process. It never changes. Text Text memory used by the user process, in KB. The value for a kernel thread is 0. Data Data memory used by the user process, in KB.
  • Page 295 Usage guidelines Heap memory comprises fixed-sized blocks such as 16-byte or 64-byte blocks. It stores data and variables used by the user process. When a user process starts, the system dynamically allocates heap memory to the process. Each memory block has an address represented in hexadecimal format, which can be used to access the memory block.

  • Page 296: Display Process Memory Heap Address

    display process memory heap address Use display process memory heap address to display heap memory content starting from a specified memory block for a process. Syntax display process memory heap job job-id address starting-address length memory-length [ slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles...
  • Page 297 Syntax display process memory heap job job-id size memory-size [ offset offset-size ] [ slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin network-operator Parameters job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. size memory-size: Specifies the memory block size in the range of 1 to 4294967295.

  • Page 298: Exception Filepath

    exception filepath Use exception filepath to specify the directory for saving core files. Use undo exception filepath to remove the specified directory. Syntax exception filepath directory undo exception filepath directory Default The directory for saving core files is flash:. Views User view Predefined user roles network-admin...

  • Page 299: Monitor Kernel Deadloop Enable

    Views System view Predefined user roles network-admin Parameters reboot: Logs the event and reboots the specified slot or CPU. record-only: Logs the event. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command specifies the action for the master device.

  • Page 300: Monitor Kernel Deadloop Exclude-Thread

    Usage guidelines Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it. Kernel threads share resources in kernel space. If a kernel thread monopolizes the CPU for a long time, other threads cannot run, resulting in a deadloop.

  • Page 301: Monitor Kernel Deadloop Time

    You can disable kernel thread deadloop detection for up to 128 kernel threads by executing the command. Examples # Disable kernel thread deadloop detection for kernel thread 15. <Sysname> system-view [Sysname]monitor kernel deadloop exclude-thread 15 Related commands display kernel deadloop configuration display kernel deadloop monitor kernel deadloop enable monitor kernel deadloop time...

  • Page 302: Monitor Kernel Starvation Enable

    monitor kernel deadloop enable monitor kernel starvation enable Use monitor kernel starvation enable to enable kernel thread starvation detection. Use undo monitor kernel starvation enable to disable kernel thread starvation detection. Syntax monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ] undo monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ] Default Kernel thread starvation detection is disabled.

  • Page 303: Monitor Kernel Starvation Time

    Use undo monitor kernel starvation exclude-thread to enable kernel thread starvation detection for a kernel thread. Syntax monitor kernel starvation exclude-thread tid [ slot slot-number [ cpu cpu-number ] ] undo monitor kernel starvation exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ] Default Kernel thread starvation detection, if enabled, monitors all kernel threads.

  • Page 304: Monitor Process

    Views System view Predefined user roles network-admin Parameters time time: Specifies the interval for identifying a kernel thread starvation, in the range of 1 to 65535 seconds. slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.
  • Page 305 cpu cpu-number: Specifies a CPU by its number. Usage guidelines If you do not specify the dumbtty keyword, the command displays process statistics in an interactive mode. In this mode, the system automatically determines the number of displayed processes according to the screen size, and does not display exceeding processes. You can also input interactive commands as shown in Table 72 to perform relevant operations.
  • Page 306 00:00:00 0.00% [watchdog/0] 00:00:01 0.00% [events/0] 00:00:00 0.00% [khelper] 4797 4797 28832K 00:00:02 0.00% comsh 5117 5117 1496K 00:00:00 0.00% <Sysname> # Display process statistics twice in dumbtty mode. <Sysname> monitor process dumbtty iteration 2 76 processes; 103 threads; 687 fds Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie CPU states: 44.84% idle, 0.51% user, 39.17% kernel, 15.46% interrupt Memory: 496M total, 341M available, page size 4K...
  • Page 307 00:00:06 0.00% [ksoftirqd/0] 00:00:00 0.00% [watchdog/0] 00:00:00 0.00% [khelper] 4796 4796 2744K 00:00:00 0.00% login 4797 4797 28832K 00:00:03 0.00% comsh <Sysname> # Display process statistics in interactive mode. <Sysname> monitor process 76 processes; 103 threads; 687 fds Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie CPU states: 78.98% idle, 0.16% user, 14.57% kernel, 6.27% interrupt Memory: 496M total, 341M available, page size 4K State...
  • Page 308 87 processes; 113 threads; 735 fds Thread states: 2 running, 111 sleeping, 0 stopped, 0 zombie CPU states: 86.57% idle, 0.83% user, 11.74% kernel, 0.83% interrupt Memory: 755M total, 414M available, page size 4K State HH:MM:SS Name 27020K 00:00:43 8.95% syslogd 1173 1173...

  • Page 309: Monitor Thread

    • T—Traced or stopped. • D—Uninterruptible sleep. • Z—Zombie. Number of open files for a process. Memory usage. It displays 0 for a kernel thread. HH:MM:SS Running time of a process since last restart. CPU usage of a process. Name of a process. If square brackets ([ ]) exist in a process name, the process Name is a kernel thread.
  • Page 310 to 2147483647. The default value is 10. A value of 0 means no limit. Only threads not exceeding the screen size can be displayed. Quits interactive mode. < Moves sort field to the next left column. > Moves sort field to the next right column. Examples # Display thread statistics in dumbtty mode.
  • Page 311 Sort by the CPU field(default) Set the delay interval between screen updates Kill a job Refresh the screen Set the maximum number of threads to display Quit the interactive display Sort by run time of threads since last restart < Move sort field to the next left column >...

  • Page 312: Process Core

    LAST_CPU Number of the CPU on which the most recent thread scheduling occurs. Priority level of a thread. State of a thread: • R—Running. • S—Sleeping. State • T—Traced or stopped. • D—Uninterruptible sleep. • Z—Zombie. HH:MM:SS Running time of a thread since last restart. Longest time that a single thread scheduling occupies the CPU, in milliseconds.

  • Page 313: Reset Exception Context

    Because the core files consume system storage resources, you can disable core file generation for processes for which you do not need to review exception information. Examples # Disable core file generation for process routed. <Sysname> process core off name routed # Enable core file generation for process routed and set the maximum number of core files to 5.

  • Page 314: Reset Kernel Exception

    cpu cpu-number: Specifies a CPU by its number. Examples # Clear kernel thread deadloop information. <Sysname> reset kernel deadloop Related commands display kernel deadloop reset kernel exception Use reset kernel exception to clear kernel thread exception information. Syntax reset kernel exception [ slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles...

  • Page 315: Reset Kernel Starvation

    <Sysname> reset kernel reboot Related commands display kernel reboot reset kernel starvation Use reset kernel starvation to clear kernel thread starvation information. Syntax reset kernel starvation [ slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device by its ID.

  • Page 316: Port Mirroring Commands

    Port mirroring commands display mirroring-group Use display mirroring-group to display mirroring group information. Syntax display mirroring-group { group-id | all | local | remote-destination | remote-source } Views Any view Predefined user roles network-admin network-operator Parameters group-id: Specifies a mirroring group by its number. The value range is 1 to 4. all: Specifies all mirroring groups.

  • Page 317: Mirroring-Group

    Field Description Mirroring port Source port. Monitor port Destination port. mirroring-group Use mirroring-group to create a mirroring group. Use undo mirroring-group to delete mirroring groups. Syntax mirroring-group group-id { local | remote-destination | remote-source } undo mirroring-group { group-id | all | local | remote-destination | remote-source } Default No mirroring groups exist.

  • Page 318: Mirroring-Group Mirroring-Port (System View)

    Predefined user roles network-admin Parameters group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 4. both: Mirrors both received and sent packets. inbound: Mirrors only received packets. outbound: Mirrors only sent packets.
  • Page 319 Default No source port is configured for a mirroring group. Views System view Predefined user roles network-admin Parameters group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 4. interface-list: Specifies a space-separated list of up to eight interface items.

  • Page 320: Mirroring-Group Monitor-Egress

    mirroring-group monitor-egress Use mirroring-group monitor-egress to configure the egress port for a remote source group. Use undo mirroring-group monitor-egress to restore the default. Syntax In system view: mirroring-group group-id monitor-egress interface-type interface-number undo mirroring-group group-id monitor-egress interface-type interface-number In interface view: mirroring-group group-id monitor-egress undo mirroring-group group-id monitor-egress Default...

  • Page 321: Mirroring-Group Monitor-Port (Interface View)

    [Sysname] interface gigabitethernet 1/0/2 [Sysname-GigabitEthernet1/0/2] mirroring-group 2 monitor-egress Related commands mirroring-group mirroring-group monitor-port (interface view) Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group. Use undo mirroring-group monitor-port to restore the default. Syntax mirroring-group group-id monitor-port undo mirroring-group group-id monitor-port Default A port does not act as the monitor port for any mirroring groups.

  • Page 322: Mirroring-Group Monitor-Port (System View)

    Related commands mirroring-group mirroring-group monitor-port (system view) Use mirroring-group monitor-port to configure the monitor ports for a mirroring group. Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group. Syntax mirroring-group group-id monitor-port interface-type interface-number undo mirroring-group group-id monitor-port interface-type interface-number Default No monitor port is configured for a mirroring group.

  • Page 323: Mirroring-Group Reflector-Port

    mirroring-group reflector-port Use mirroring-group reflector-port to configure the reflector port for a remote source group. Use undo mirroring-group reflector-port to restore the default. Syntax In system view: mirroring-group group-id reflector-port interface-type interface-number undo mirroring-group group-id reflector-port interface-type interface-number In interface view: mirroring-group group-id reflector-port undo mirroring-group group-id reflector-port Default...

  • Page 324: Mirroring-Group Remote-Probe Vlan

    [Sysname] interface gigabitethernet 1/0/2 [Sysname-GigabitEthernet1/0/2] mirroring-group 2 reflector-port This operation may delete all settings made on the interface. Continue? [Y/N]: y Related commands mirroring-group mirroring-group remote-probe vlan Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.
  • Page 325 Related commands mirroring-group...

  • Page 326: Flow Mirroring Commands

    Flow mirroring commands mirror-to cpu Use mirror-to cpu to configure a mirroring action that mirrors traffic to the CPU. Use undo mirror-to cpu to delete the mirroring action that mirrors traffic to the CPU. Syntax mirror-to cpu undo mirror-to cpu Default No mirroring action exists to mirror traffic to the CPU.
  • Page 327 dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table Table 77 DSCP keywords and values Keyword DSCP value in binary DSCP value in decimal af11 001010...

  • Page 328: Sflow Commands

    sFlow commands display sflow Use display sflow to display sFlow configuration and operation information. Syntax display sflow Views Any view Predefined user roles network-admin network-operator Examples # Display sFlow configuration and operation information. <Sysname> display sflow sFlow datagram version: 5 Global information: Agent IP: 10.10.10.1(CLI) Source address: 10.0.0.1 2001::1...

  • Page 329: Sflow Agent

    Field Description Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow Aging collector never ages out. Size Maximum length of the sFlow data portion in an sFlow packet. Name of the VPN instance to which the sFlow collector belongs. VPN-instance This field is not supported in the current software version.

  • Page 330: Sflow Collector

    Usage guidelines As a best practice, manually configure an IP address for the sFlow agent. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify IP address 10.10.10.1 for the sFlow agent. <Sysname> system-view [Sysname] sflow agent ip 10.10.10.1 sflow collector Use sflow collector to configure parameters for an sFlow collector.

  • Page 331: Sflow Counter Collector

    <Sysname> system-view [Sysname] sflow collector 2 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000 sflow counter collector Use sflow counter collector to specify an sFlow collector for counter sampling. Use undo sflow counter collector to restore the default. Syntax sflow counter collector collector-id undo sflow counter collector Default No sFlow collector is specified for counter sampling.

  • Page 332: Sflow Flow Collector

    Examples # Enable counter sampling and set the counter sampling interval to 120 seconds on GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] sflow counter interval 120 sflow flow collector Use sflow flow collector to specify an sFlow collector for flow sampling. Use undo sflow flow collector to restore the default.

  • Page 333: Sflow Sampling-Mode

    Parameters length: Specifies the maximum number of bytes that can be copied, in the range of 18 to 512. As a best practice, use the default value. Examples # Set the maximum number of bytes to 60 for flow sampling to copy per packet on GigabitEthernet 1/0/1.

  • Page 334: Sflow Source

    Syntax sflow sampling-rate rate undo sflow sampling-rate Default Flow sampling is disabled. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters rate: Specifies the number of packets out of which flow sampling will sample a packet on the interface.

  • Page 335: Information Center Commands

    Information center commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. diagnostic-logfile save Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

  • Page 336: Display Info-Center

    Examples # Display the diagnostic log file configuration. <Sysname> display diagnostic-logfile summary Diagnostic log file: Enabled. Diagnostic log file size quota: 10 MB Diagnostic log file directory: flash:/diagfile Writing frequency: 24 hour 0 min 0 sec Table 79 Command output Field Description Status of the diagnostic log file:...

  • Page 337: Display Logbuffer

    Log host: Date Other output destination: Date display logbuffer Use display logbuffer to display the state of the log buffer and the log information in the log buffer. Syntax display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] * Views Any view Predefined user roles...

  • Page 338: Display Logbuffer Summary

    Log buffer: Enabled Max buffer size: 1024 Actual buffer size: 512 Dropped messages: 0 Overwritten messages: 718 Current messages: 512 %Jun 17 15:57:09:578 2016 Sysname SYSLOG/7/SYS_RESTART:System restarted -- … Table 81 Command output Field Description Status of the log buffer: Log buffer •...

  • Page 339: Display Logfile Summary

    Slot EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG Table 82 Command output Field Description EMERG Represents emergency. For more information, see Table ALERT Represents alert. For more information, see Table CRIT Represents critical. For more information, see Table ERROR Represents error.

  • Page 340: Display Security-Logfile Summary

    display security-logfile summary Use display security-logfile summary to display the summary of the security log file. Syntax display security-logfile summary Views Any view Predefined user roles security-audit Usage guidelines To use this command, a local user must have the security-audit user role. For information about configuring the security-audit user role, see Security Command Reference.

  • Page 341: Info-Center Diagnostic-Logfile Directory

    undo enable log updown Default All interfaces are allowed to generate link up and link down logs. Views Interface view Predefined user roles network-admin Examples # Disable GigabitEthernet 1/0/1 from generating link up or link down logs. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo enable log updown info-center diagnostic-logfile directory Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log...

  • Page 342: Info-Center Diagnostic-Logfile Frequency

    Syntax info-center diagnostic-logfile enable undo info-center diagnostic-logfile enable Default Saving diagnostic logs to the diagnostic log file is enabled. Views System view Predefined user roles network-admin Usage guidelines This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems.

  • Page 343: Info-Center Diagnostic-Logfile Quota

    Related commands info-center diagnostic-logfile enable info-center diagnostic-logfile quota Use info-center diagnostic-logfile quota to set the maximum size for the diagnostic log file. Use undo info-center diagnostic-logfile quota to restore the default. Syntax info-center diagnostic-logfile quota size undo info-center diagnostic-logfile quota Default The maximum size for the diagnostic log file is 10 MB.

  • Page 344: Info-Center Logbuffer

    info-center logbuffer Use info-center logbuffer to enable log output to the log buffer. Use undo info-center logbuffer to disable log output to the log buffer. Syntax info-center logbuffer undo info-center logbuffer Default Log output to the log buffer is enabled. Views System view Predefined user roles...

  • Page 345: Info-Center Logfile Directory

    [Sysname] info-center logbuffer size 50 # Restore the default maximum log buffer size. <Sysname> system-view [Sysname] undo info-center logbuffer size Related commands display logbuffer info-center enable info-center logfile directory Use info-center logfile directory to specify the directory to save the log file. Syntax info-center logfile directory dir-name Default...

  • Page 346: Info-Center Logfile Frequency

    Default The log file feature is enabled. Views System view Predefined user roles network-admin Examples # Enable log output to the log file. <Sysname> system-view [Sysname] info-center logfile enable info-center logfile frequency Use info-center logfile frequency to configure the interval at which the system saves logs from the log file buffer to the log file.

  • Page 347: Info-Center Logfile Size-Quota

    Syntax info-center logfile overwrite-protection [ all-port-powerdown ] undo info-center logfile overwrite-protection Default Log file overwrite-protection is disabled. Views System view Predefined user roles network-admin Parameters all-port-powerdown: Shuts down all the service ports on the device when no log file space or storage device space is available.

  • Page 348: Info-Center Logging Suppress Duplicates

    Related commands info-center logfile enable info-center logging suppress duplicates Use info-center logging suppress duplicates to enable duplicate log suppression. Use undo info-center logging suppress duplicate to disable duplicate log suppression. Syntax info-center logging suppress duplicates undo info-center logging suppress duplicates Default Duplicate log suppression is disabled.

  • Page 349: Info-Center Logging Suppress Module

    %Jan 1 07:30:19:643 2000 Sysname ARP/6/DUPIFIP: Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-0058-123d This message repeated 20 times in last 2 minutes. The output shows that the second suppression period lasts for 2 minutes. %Jan 1 07:30:20:541 2000 Sysname ARP/6/DUPIFIP: Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-0058-123d This message repeated 1 times in last 1 second.

  • Page 350: Info-Center Loghost

    Examples # Configure a log suppression rule to suppress output of logs with the shell_login mnemonic value for the shell module. <Sysname> system-view [Sysname] info-center logging suppress module shell mnemonic shell_login Related commands info-center source info-center loghost Use info-center loghost to specify a log host and to configure output parameters. Use undo info-center loghost to remove a log host.

  • Page 351: Info-Center Loghost Source

    info-center loghost source Use info-center loghost source to specify a source IP address for logs sent to log hosts. Use undo info-center loghost source to restore the default. Syntax info-center loghost source interface-type interface-number undo info-center loghost source Default The source IP address of logs sent to log hosts is the primary IP address of the outgoing interface. Views System view Predefined user roles...

  • Page 352: Info-Center Security-Logfile Directory

    Predefined user roles network-admin Parameters usage: Specifies an alarm threshold. The value must be an integer in the range of 1 to 100. Usage guidelines When the security log file is full, the system deletes the oldest logs and then writes new logs to the security log file.

  • Page 353: Info-Center Security-Logfile Frequency

    Use undo info-center security-logfile enable to restore the default. Syntax info-center security-logfile enable undo info-center security-logfile enable Default The saving of security logs to the security log file is disabled. Views System view Predefined user roles network-admin Usage guidelines This feature enables the system to output security logs to the security log file buffer, and then saves the buffered logs to the security log file regularly.

  • Page 354: Info-Center Security-Logfile Size-Quota

    [Sysname] info-center security-logfile frequency 600 Related commands info-center security-logfile enable info-center security-logfile size-quota Use info-center security-logfile size-quota to set the maximum size for the security log file. Use undo info-center security-logfile size-quota to restore the default. Syntax info-center security-logfile size-quota size undo info-center security-logfile size-quota Default The maximum size for the security log file is 10 MB.
  • Page 355 Table 85 Default output rules Source Destinatio module Common log Security log Diagnostic log Hidden log Console supported debugging Disabled Disabled Disabled modules Monitor supported debugging Disabled Disabled Disabled terminal modules Log host supported informational Disabled Disabled informational modules Log buffer supported informational Disabled...

  • Page 356: Info-Center Synchronous

    Usage guidelines If you do not set an output rule for a module, the module uses the output rule set by using the default keyword. If no rule is set by using the default keyword, the module uses the default output rule. To modify or remove an output rule set for a module, you must use the module-name argument.

  • Page 357: Info-Center Syslog Min-Age

    At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example. %May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44 [Sysname] display current- Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.

  • Page 358: Info-Center Timestamp

    Syntax info-center syslog trap buffersize buffersize undo info-center syslog trap buffersize Default The log trap buffer can store a maximum of 1024 traps. Views System view Predefined user roles network-admin Parameters buffersize: Specifies the maximum number of log traps that can be stored in the log trap buffer. The value range is 0 to 65535.

  • Page 359: Info-Center Timestamp Loghost

    Parameters boot: Sets the timestamp format to xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. The boot time shows the time since system startup. date: Sets the timestamp format to MMM DD hh:mm:ss:xxx YYYY, such as Dec 8 10:12:21:708 2007.

  • Page 360: Info-Center Trace-Logfile Quota

    Examples # Set the timestamp format to no-year-date for logs sent to log hosts. <Sysname> system-view [Sysname] info-center timestamp loghost no-year-date Related commands info-center timestamp info-center trace-logfile quota Use info-center trace-logfile quota to set the maximum size for the trace log file. Use undo info-center trace-logfile quota to restore the default.

  • Page 361: Reset Logbuffer

    If the log file buffer is empty, this command displays a success message event though no logs are saved to the log file. Examples # Manually save logs from the log file buffer to a log file. <Sysname> logfile save The contents in the log file buffer have been saved to the file flash:/logfile/logfile.log.

  • Page 362: Snmp-Agent Trap Enable Syslog

    Examples # Manually save the security logs in the security log file buffer to the security log file. <Sysname> security-logfile save The contents in the security log file buffer have been saved to the file flash:/seclog/seclog.log. Related commands info-center security-logfile directory authorization-attribute (Security Command Reference) snmp-agent trap enable syslog Use snmp-agent trap enable syslog to enable SNMP notifications for log messages.

  • Page 363: Terminal Logging Level

    Syntax terminal debugging undo terminal debugging Default Display of debug information is disabled on the current terminal. Views User view Predefined user roles network-admin Usage guidelines To enable display of debug information on the console, perform the following tasks: Execute the terminal debugging command. Enable the information center.

  • Page 364: Terminal Monitor

    Syntax terminal logging level severity undo terminal logging level Default The lowest level of logs that can be output to the current terminal is 6 (Informational). Views User view Predefined user roles network-admin Parameters severity: Specifies a log severity level. Valid values are alert, critical, debugging, emergency, error, informational, notification, warning, and digits from 0 to 7.
  • Page 365 The current terminal is enabled to display logs.

  • Page 366: Packet Capture Commands

    Packet capture commands To use packet capture, you must install the packet capture feature image by using the boot-loader or install command. For more information, see software upgrade or ISSU in Fundamentals Configuration Guide. packet-capture interface Use packet-capture interface to capture incoming packets on an interface. Syntax Save captured packets to a file: packet-capture interface interface-type interface-number [ capture-filter capt-expression |...
  • Page 367 64. The capture creates a file to store packet data when a rotation is triggered. The first rotation occurs when the capture starts. If you do not set a limit, the number of file rotations is unlimited. capture-ring-buffer filesize kilobytes: Rotates the packet file when the maximum file size is reached.

  • Page 368: Packet-Capture Read

    Purpose Options Remarks • Rotate based on the file size: capture-ring-buffer filesize kilobytes The capture rotates the packet file • Rotate based on the rotation when any one of the limits for the interval: rotation options is reached. capture-ring-buffer duration If you specify the autostop filesize Rotate files seconds...
  • Page 369 Examples # Display the contents in the file flash:/test/aaaa.pcap. <Sysname> packet-capture read flash:/test/aaaa.pcap Related commands packet-capture interface...

  • Page 370: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values. Italic Square brackets enclose syntax choices (keywords or arguments) that are optional.

  • Page 371: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 372: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 373: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 374 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 375: Index

    Index A C D E F H I L M N O P R S T U V W X display debugging,1 display diagnostic-logfile summary,326 action cli,239 display exception context,261 action reboot,240 display exception filepath,265 action switchover,240 display info-center,327 action syslog,241 display kernel deadloop,266...
  • Page 376 display rtm environment,242 info-center logbuffer,335 display rtm policy,243 info-center logbuffer size,335 display security-logfile summary,331 info-center logfile directory,336 display sflow,319 info-center logfile enable,336 display snmp-agent community,152 info-center logfile frequency,337 display snmp-agent context,153 info-center logfile overwrite-protection,337 display snmp-agent group,154 info-center logfile size-quota,338 display snmp-agent local-engineid,155 info-center logging suppress...
  • Page 377 interface,52 netconf idle-timeout,213 netconf log,214 packet-capture interface,357 netconf soap domain,215 packet-capture read,359 netconf soap http acl,215 password,53 netconf soap http dscp,216 ping,2 netconf soap http enable,217 ping ipv6,5 netconf soap https acl,217 enable,145 netconf soap https dscp,218 poe enable pse,145 netconf soap https enable,219 poe legacy...
  • Page 378 rmon history,208 snmp-agent trap queue-size,188 rmon prialarm,209 snmp-agent usm-user { v1 | v2c },189 rmon statistics,211 snmp-agent usm-user v3,191 route-option bypass-route,73 snmp-agent usm-user v3 user-role,195 cli-policy,254 sntp authentication enable,124 environment,255 sntp authentication-keyid,125 rtm event syslog buffer-size,256 sntp enable,126 rtm scheduler suspend,257 sntp ipv6 unicast-server,127...

Table of Contents