HPE FlexNetwork 7500 Series Network Management And Monitoring Command Reference
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexNetwork 7500 Series
  6. Network management and monitoring command reference
HPE FlexNetwork 7500 Series Network Management And Monitoring Command Reference

HPE FlexNetwork 7500 Series Network Management And Monitoring Command Reference

Hide thumbs Also See for FlexNetwork 7500 Series:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
HPE FlexNetwork 7500 Switch Series

Network Management and Monitoring

Command Reference

Part number: 5998-7478R
Software version: 7500-CMW710-R7178
Document version: 6W100-20160129

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexNetwork 7500 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for HPE FlexNetwork 7500 Series

Summary of Contents for HPE FlexNetwork 7500 Series

  • Page 1: Network Management And Monitoring

    HPE FlexNetwork 7500 Switch Series Network Management and Monitoring Command Reference Part number: 5998-7478R Software version: 7500-CMW710-R7178 Document version: 6W100-20160129...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Ping, tracert, and system debugging commands ············································ 1 debugging ·················································································································································· 1 display debugging ······································································································································ 1 ping ···························································································································································· 2 ping ipv6 ····················································································································································· 5 tracert ························································································································································· 7 tracert ipv6 ················································································································································· 9 NQA commands ···························································································· 11 NQA client commands ····································································································································· 11 advantage-factor ······································································································································ 11 codec-type ················································································································································...
  • Page 4 reaction checked-element probe-fail (for trap) ························································································· 62 reaction checked-element probe-fail (for trigger) ····················································································· 64 reaction checked-element rtt ···················································································································· 64 reaction trap ············································································································································· 66 reaction trigger probe-fail ························································································································· 67 reaction trigger probe-pass ······················································································································ 67 resolve-target ··········································································································································· 68 resolve-type ·············································································································································· 69 route-option bypass-route ························································································································ 69 source interface ········································································································································...
  • Page 5 display sntp sessions ····························································································································· 119 sntp authentication enable ····················································································································· 120 sntp authentication-keyid ······················································································································· 121 sntp enable ············································································································································· 122 sntp ipv6 unicast-server ························································································································· 122 sntp reliable authentication-keyid ··········································································································· 123 sntp unicast-server ································································································································· 124 PoE commands ··························································································· 126 apply poe-profile ····································································································································· 126 apply poe-profile interface ······················································································································...
  • Page 6 snmp-agent port ····································································································································· 186 snmp-agent remote ································································································································ 186 snmp-agent { inform | trap } source ········································································································ 187 snmp-agent sys-info contact ·················································································································· 188 snmp-agent sys-info location ················································································································· 189 snmp-agent sys-info version ·················································································································· 189 snmp-agent target-host ·························································································································· 190 snmp-agent trap enable ························································································································· 192 snmp-agent trap if-mib link extended ·····································································································...
  • Page 7 Process monitoring and maintenance commands ······································ 251 display exception context ······················································································································· 251 display exception filepath ······················································································································· 255 display kernel deadloop ························································································································· 256 display kernel deadloop configuration ···································································································· 260 display kernel exception ························································································································· 261 display kernel reboot ······························································································································ 264 display kernel starvation ························································································································· 267 display kernel starvation configuration ···································································································...
  • Page 8 ip netstream export version ···················································································································· 329 ip netstream timeout active ···················································································································· 330 ip netstream timeout inactive ················································································································· 331 reset ip netstream statistics ···················································································································· 331 IPv6 NetStream commands ········································································ 333 display ipv6 netstream cache ················································································································· 333 display ipv6 netstream export ················································································································ 336 display ipv6 netstream template ·············································································································...
  • Page 9 info-center security-logfile alarm-threshold ···························································································· 378 info-center security-logfile enable ·········································································································· 379 info-center security-logfile frequency ····································································································· 379 info-center security-logfile size-quota ····································································································· 380 info-center security-logfile directory ······································································································· 381 info-center source ·································································································································· 381 info-center synchronous ························································································································· 383 info-center syslog min-age ····················································································································· 384 info-center timestamp ····························································································································· 385 info-center timestamp loghost ················································································································...

  • Page 10: Ping, Tracert, And System Debugging Commands

    Ping, tracert, and system debugging commands debugging Use debugging to enable debugging for a module. Use undo debugging to disable debugging for a module. Syntax debugging { all [ timeout time ] | module-name [ option ] } undo debugging { all | module-name [ option ] } Default Debugging functions are disabled for all modules.

  • Page 11: Ping

    Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters module-name: Specifies a module by its name. To display the current module name, use the display debugging ? command. Examples # Display all enabled debugging functions. <Sysname> display debugging DEV debugging switch is on Related commands debugging...
  • Page 12 -m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200. -n: Disables domain name resolution for the host argument. If the host argument represents the host name of the destination, and if this keyword is not specified, the device translates host into an address.
  • Page 13 <Sysname> ping -vpn-instance vpn1 1.1.2.2 Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms 56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms 56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms 56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms 56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms --- Ping statistics for 1.1.2.2 in VPN instance vpn1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss...

  • Page 14: Ping Ipv6

    Field Description • icmp_seq—Packet sequence, used to determine whether a segment is lost, disordered or repeated. • ttl—TTL value in the ICMP echo reply. • time—Response time. Routers through which the ICMP echo request passed. They are displayed in inversed order, which means the router with a smaller distance to the destination is displayed first.
  • Page 15 -t timeout: Specifies the timeout time (in milliseconds) of an ICMPv6 echo reply. The value range is 0 to 65535, and the default is 2000. -tc traffic-class: Specifies the traffic class value in an ICMPv6 packet. The value range is 0 to 255 and the default is 0.

  • Page 16: Tracert

    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms The output shows that: • The destination is reachable, and ICMPv6 echo requests are replied. • The minimum/average/maximum/standard deviation roundtrip time of packets is 4 milliseconds, 25 milliseconds, 62 milliseconds, and 20 milliseconds.
  • Page 17 -f first-ttl: Specifies the TTL of the first packet sent to the destination. The value range is 1 to 255, and the default is 1. It must be no greater than the value of the max-ttl argument. -m max-ttl: Specifies the maximum number of hops allowed for a probe packet. The value range is 1 to 255, and the default is 30.

  • Page 18: Tracert Ipv6

    Field Description Maximum number of hops of the probe packets, which can be set by the -m hops at most keyword. bytes each packet Number of bytes of a probe packet. During the execution of the command, press Ctrl+C to abort the tracert press CTRL_C to break operation.
  • Page 19 -vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option. -w timeout: Specifies the timeout time (in milliseconds) of the reply packet of a probe packet. The value range is 1 to 65535, and the default is 5000.

  • Page 20: Nqa Commands

    NQA commands NQA client commands advantage-factor Use advantage-factor to configure the advantage factor that is used to count Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values. Use undo advantage-factor to restore the default. Syntax advantage-factor factor undo advantage-factor Default The advantage factor is 0.

  • Page 21: Data-Fill

    Default The codec type for the voice operation is G.711 A-law. Views Voice operation view Predefined user roles network-admin mdc-admin Parameters g711a: Specifies G.711 A-law codec type. g711u: Specifies G.711 µ-law codec type g729a: Specifies G.729 A-law codec type. Examples # Configure the codec type as g729a for the voice operation.

  • Page 22: Data-Size

    If the payload length is greater than the string length, the system fills the payload with the string cyclically until the payload is full. For example, if you configure the string as abcd and the payload size as 6 bytes, abcdab is filled. How the string is filled depends on the operation type.

  • Page 23: Description (Any Nqa Operation Type View)

    Views ICMP/UDP echo operation view Path/UDP jitter operation view UDP tracert operation view Voice operation view ICMP/UDP template view Predefined user roles network-admin mdc-admin Parameters size: Specifies the size of the payload in each probe packet in bytes. Available value ranges include: •...

  • Page 24: Destination Ip

    Views Any NQA operation type view, any NQA template view Predefined user roles network-admin mdc-admin Parameters text: Specifies a case-sensitive string of 1 to 200 characters. Examples # Configure the description for an NQA operation as icmp-probe. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] description icmp-probe # In ICMP template view, configure the description for an NQA operation as icmp-probe.

  • Page 25: Destination Ipv6

    [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] destination ip 10.1.1.1 # In ICMP template view, configure the destination IP address as 10.1.1.1 for the ICMP echo operation. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] destination ip 10.1.1.1 destination ipv6 Use destination ipv6 to configure the destination IPv6 address for the operation.

  • Page 26: Display Nqa History

    • 21 for the FTP template. • 80 for the HTTP template. No destination port number is configured for other types of operations or templates. Views TCP/voice operation view UDP echo operation view UDP jitter operation view UDP tracert operation view DNS/TCP/UDP template view Predefined user roles network-admin...
  • Page 27 case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the history records of all NQA operations. Usage guidelines The display nqa history command does not display the results or statistics of UDP jitter and voice operations.

  • Page 28: Display Nqa Reaction Counters

    Field Description Time Time when the operation was completed. display nqa reaction counters Use display nqa reaction counters to display the current monitoring results of reaction entries. Syntax display nqa reaction counters [ admin-name operation-tag [ item-number ] ] Views Any view Predefined user roles network-admin...

  • Page 29: Display Nqa Result

    Table 7 Command output Field Description Index ID of a reaction entry. Checked Element Monitored performance metric. Threshold Type Threshold type. Checked Num Number of targets that have been monitored for data collection. Over-threshold Num Number of threshold violations. Table 8 Description for the threshold monitoring fields Monitored Threshold performance...
  • Page 30 Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
  • Page 31 Positive SD number: 5 Positive DS number: 2 Positive SD sum: 75 Positive DS sum: 32 Positive SD average: 15 Positive DS average: 16 Positive SD square-sum: 1189 Positive DS square-sum: 640 Min negative SD: 8 Min negative DS: 1 Max negative SD: 24 Max negative DS: 30 Negative SD number: 4...
  • Page 32 Min SD delay: 0 Min DS delay: 0 Number of SD delay: 0 Number of DS delay: 0 Sum of SD delay: 0 Sum of DS delay: 0 Square-Sum of SD delay: 0 Square-Sum of DS delay: 0 SD lost packets: 0 DS lost packets: 0 Lost packets for unknown reason: 1000 Voice scores:...
  • Page 33 Min/Max/Average jitter: 0/0/0 Positive jitter number: 0 Min/Max/Average positive jitter: 0/0/0 Sum/Square-Sum positive jitter: 0/0 Negative jitter number: 0 Min/Max/Average negative jitter: 0/0/0 Sum/Square-Sum negative jitter: 0/0 # Display the most recent result of the UDP tracert operation. <Sysname> display nqa result admin test NQA entry (admin admin, tag test) test results: Send operation times: 6 Receive response times: 6...
  • Page 34 Field Description Packets arrived late Number of response packets received after a probe times out. UDP jitter operation results. UDP-jitter results This field is available only for the UDP jitter operation. Voice operation results. Voice results This field is available only for the voice operation. RTT number Number of response packets received.
  • Page 35 Field Description Unidirectional delay. One way results This field is available only for the UDP jitter and voice operations. Max SD delay Maximum delay from source to destination. Max DS delay Maximum delay from destination to source. Min SD delay Minimum delay from source to destination.

  • Page 36: Display Nqa Statistics

    Field Description Sum/square sum of the negative jitter. Sum/Square-Sum negative jitter This field is available only for the path jitter operation. TTL value in the received reply packet. Hop IP IP address of the node that sent the reply packet. Time Time when the NQA client received the reply packet.
  • Page 37 Min/Max/Average round trip time: 13/13/13 Square-Sum of round trip time: 169 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0 # Display the statistics for the UDP jitter operation.
  • Page 38 Index Checked Element Threshold Type Checked Num Over-threshold Num jitter-DS accumulate jitter-SD average OWD-DS OWD-SD packet-loss accumulate accumulate # Display the statistics for the voice operation. <Sysname> display nqa statistics admin test NQA entry (admin admin, tag test) test statistics: NO.
  • Page 39 Reaction statistics: Index Checked Element Threshold Type Checked Num Over-threshold Num ICPIF # Display the statistics for the path jitter operation. <Sysname> display nqa statistics admin test NQA entry (admin admin, tag test) test statistics: NO. : 1 Path 1: Hop IP 192.168.40.210 Basic Results: Send operation times: 10...
  • Page 40 Min/Max/Average positive jitter: 0/0/0 Sum/Square-Sum positive jitter: 0/0 Negative jitter number: 0 Min/Max/Average negative jitter: 0/0/0 Sum/Square-Sum negative jitter: 0/0 Table 10 Command output Field Description Statistics group ID. Start time Time when the operation started. Life time Duration of the operation in seconds. Send operation times Number of probe packets sent.
  • Page 41 Field Description Positive DS average Average positive jitters from destination to source. Positive SD square-sum Square sum of positive jitters from source to destination. Positive DS square-sum Square sum of positive jitters from destination to source. Minimum absolute value among negative jitters from source to Min negative SD destination.
  • Page 42 Field Description Lost packets for unknown reason Number of lost packets for unknown reasons. Voice parameters. Voice scores This field is available only for the voice operation. Max MOS value Maximum MOS value. Min MOS value Minimum MOS value. Max ICPIF value Maximum ICPIF value.

  • Page 43: Expect Data

    Table 11 Description for the threshold monitoring fields Monitored Threshold performance Collect data in Checked Num Over-threshold Num type metric Number of probes of Probes in the Number of accumulate which the duration counting interval. completed probes. exceeds the threshold. probe-duration average Number of probes of...

  • Page 44: Expect Ip

    Views HTTP template view, TCP template view, UDP template view Predefined user roles network-admin mdc-admin Parameters expression: Specifies the expected data, a case-sensitive string of 1 to 200 characters. offset number: Specifies the offset in bytes after which the NQA client looks up the received packet's payload for the expected data.

  • Page 45: Expect Ipv6

    Parameters ip-address: Specifies the expected IP address for a DNS echo request. Usage guidelines During a DNS operation, the NQA client compares the expected IP address with the IP address resolved by the DNS server. If they are the same, it considers the DNS server legal. Examples # In DNS template view, configure the expected IP address as 1.1.1.1.

  • Page 46: Filename

    undo expect status [ status-list ] Default No expected status code is configured. Views HTTP template view Predefined user roles network-admin mdc-admin Parameters status-list: Specifies a space-separated list of up to 10 status code items. Each item specifies a status code or a range of status codes in the form of status-num 1 to status-num 2. The value ranges for both the status-num 1 and status-num 2 arguments are 0 to 999.

  • Page 47: Frequency

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] filename config.txt # In FTP template view, specify the file to be transferred between the FTP server and the FTP client as config.txt. <Sysname> system-view [Sysname] nqa template ftp ftptplt [Sysname-nqatplt-ftp-ftptplt] filename config.txt frequency Use frequency to specify the interval at which the NQA operation repeats.

  • Page 48: History-Record Enable

    history-record enable Use history-record enable to enable the saving of history records for the NQA operation. Use undo history-record enable to disable the saving of history records. Syntax history-record enable undo history-record enable Default The saving of history records is enabled only for the UDP tracert operation. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view ICMP/UDP echo operation view...

  • Page 49: History-Record Number

    UDP tracert operation view Predefined user roles network-admin mdc-admin Parameters keep-time: Specifies how long the history records can be saved. The value is in the range of 1 to 1440 minutes. Usage guidelines When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached.

  • Page 50: Init-Ttl

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] history-record number 10 init-ttl Use init-ttl to set the TTL value for UDP packets in the start round of the UDP tracert operation. Use undo init-ttl to restore the default. Syntax init-ttl value undo init-ttl...

  • Page 51: Max-Failure

    Parameters ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses. Each IP address represents a hop on the path. Usage guidelines The path jitter operation first uses tracert to detect each hop to the destination. It then sends ICMP echo requests to measure the delay and jitters from the source to each node.

  • Page 52: Mode

    mode Use mode to set the data transmission mode for the FTP operation. Use undo mode to restore the default. Syntax mode { active | passive } undo mode Default The FTP operation uses the data transmission mode active. Views FTP operation view, FTP template view Predefined user roles network-admin...

  • Page 53: No-Fragment Enable

    mdc-admin Parameters ip-address: Specifies the IP address of the next hop. Examples # Specify the next hop IP address as 10.1.1.1 for the ICMP echo operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] next-hop 10.1.1.1 no-fragment enable Use no-fragment enable to enable the no-fragmentation feature.

  • Page 54: Nqa Agent Enable

    Default No NQA operation is created. Views System view Predefined user roles network-admin mdc-admin Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag.

  • Page 55: Nqa Schedule

    Related commands nqa server enable nqa schedule Use nqa schedule to configure scheduling parameters for an NQA operation. Use undo nqa schedule to stop the operation. Syntax nqa schedule admin-name operation-tag start-time { hh:mm:ss [ yyyy/mm/dd | mm/dd/yyyy ] | now } lifetime { lifetime | forever } [ recurring ] undo nqa schedule admin-name operation-tag Default...

  • Page 56: Nqa Template

    Related commands destination ip nqa entry type nqa template Use nqa template to create an NQA template and enter its view. Use undo nqa template to remove the NQA template. Syntax nqa template { dns | ftp | http | icmp | tcp | udp } name undo nqa template { dns | ftp | http | icmp | tcp | udp } name Default No NQA template is created.

  • Page 57: Operation (Http Operation View)

    Default The FTP operation type is get. Views FTP operation view, FTP template view Predefined user roles network-admin mdc-admin Parameters get: Gets a file from the FTP server. put: Transfers a file to the FTP server. Usage guidelines When you perform the put operation with the filename command configured, make sure the file exists on the NQA client.

  • Page 58: Out Interface

    Parameters get: Gets data from the HTTP server. post: Transfers data to the HTTP server. raw: Sends the HTTP request specified by the raw-request command to the HTTP server. Usage guidelines For the HTTP get or post operation, the content in the HTTP request is obtained from the URL specified by the URL command.

  • Page 59: Password

    Examples # Specify GigabitEthernet 3/0/1 as the output interface for probe packets in the UDP tracert operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-tracert [Sysname-nqa-admin-test-udp-tracert] out interface gigabitethernet 3/0/1 password Use password to specify the FTP or HTTP login password. Use undo password to remove the configuration.

  • Page 60: Probe Count

    username probe count Use probe count to specify the probe times. Use undo probe count to restore the default. Syntax probe count times undo probe count Default In an UDP tracert operation, the NQA client performs three probes to each hop along the path. In other types of operations, the NQA client performs one probe to the destination per operation.

  • Page 61: Probe Packet-Interval

    b. The NQA client sends ICMP echo requests to each hop along the path. The number of ICMP echo requests is set by using the probe packet-number command. • A UDP tracert operation determines the routing path from the source to the destination. The number of probes to each hop is set by using the probe count command.

  • Page 62: Probe Packet-Timeout

    Use undo probe packet-number to restore the default. Syntax probe packet-number packet-number undo probe packet-number Default A UDP jitter or path jitter probe sends 10 packets and a voice probe sends 1000 packets. Views Path jitter operation view, UDP jitter operation view, voice operation view Predefined user roles network-admin mdc-admin...

  • Page 63: Probe Timeout

    Parameters packet-timeout: Specifies the timeout time in milliseconds for waiting for a response in the UDP jitter, path jitter, or voice operation. The value is in the range of 10 to 3600000. Examples # Configure the timeout time for waiting for a response as 100 milliseconds in the UDP jitter operation.

  • Page 64: Raw-Request

    <Sysname> system-view [Sysname] nqa template http httptplt [Sysname-nqatplt-http-httptplt] probe timeout 10000 raw-request Use raw-request to enter raw-request view and specify the content of an HTTP request. Use undo raw-request to delete the content of an HTTP request. Syntax raw-request undo raw-request Default No contents are specified.
  • Page 65 undo reaction item-number Default No reaction entry for monitoring one-way jitter is configured. Views UDP jitter operation view, voice operation view Predefined user roles network-admin mdc-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).

  • Page 66: Reaction Checked-Element { Owd-Ds | Owd-Sd

    # Create reaction entry 2 for monitoring the destination-to-source jitter of UDP jitter probe packets, and set the upper limit to 50 milliseconds, and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the destination-to-source jitter is checked against the threshold range.

  • Page 67: Reaction Checked-Element Icpif

    Examples # Create reaction entry 1 for monitoring the destination-to-source delay of every UDP jitter packet, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. The destination-to-source delay is calculated after the response to the probe packet arrives.

  • Page 68: Reaction Checked-Element Mos

    Examples # Create reaction entry 1 for monitoring the ICPIF value in the voice operation, and set the upper limit to 50 and lower limit to 5. Before the voice operation starts, the initial state of the reaction entry is invalid.

  • Page 69: Reaction Checked-Element Packet-Loss

    Examples # Create reaction entry 1 for monitoring the MOS value of the voice operation, and set the upper limit to 2 and lower limit to 1. Before the NQA operation starts, the initial state of the reaction entry is invalid.

  • Page 70: Reaction Checked-Element Probe-Duration

    the lost packets is checked against the threshold. If the number reaches or exceeds 100, the state of the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS. <Sysname>...

  • Page 71: Reaction Checked-Element Probe-Fail (For Trap)

    Usage guidelines You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one. Only successful probe packets are monitored. Statistics about failed probe packets are not collected. Examples # Create reaction entry 1 for monitoring the average probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds.
  • Page 72 undo reaction item-number Default No reaction entry for monitoring probe failures is configured. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view ICMP/UDP echo operation view Predefined user roles network-admin mdc-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-type: Specifies a threshold type.

  • Page 73: Reaction Checked-Element Probe-Fail (For Trigger)

    reaction checked-element probe-fail (for trigger) Use reaction checked-element probe-fail to configure a reaction entry for monitoring probe failures. Use undo reaction to remove the specified reaction entry. Syntax reaction item-number checked-element probe-fail threshold-type consecutive consecutive-occurrences action-type trigger-only undo reaction item-number Default No reaction entry for monitoring probe failures is configured.
  • Page 74 Syntax reaction item-number checked-element threshold-type accumulate accumulate-occurrences average threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] undo reaction item-number Default No reaction entry for monitoring packet round-trip time is configured. Views UDP jitter operation view, voice operation view Predefined user roles network-admin mdc-admin...

  • Page 75: Reaction Trap

    # Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold.

  • Page 76: Reaction Trigger Probe-Fail

    Usage guidelines The UDP jitter and voice operations support only the test-complete keyword. The UDP tracert operation supports the path-change, test-complete, and test-failure keywords. Examples # Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.

  • Page 77: Resolve-Target

    Syntax reaction trigger probe-pass count undo reaction trigger probe-pass Default When the number of consecutive successful probes reaches 3, the operation succeeds. Views Any NQA template view Predefined user roles network-admin mdc-admin Parameters count: Specifies the number of consecutive successful probes, in the range of 1 to 15. Usage guidelines If the operation succeeds, the NQA client notifies the feature that uses the template of the successful operation event.

  • Page 78: Resolve-Type

    Examples # Set the domain name domain1 to be resolved. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type dns [Sysname-nqa-admin-test-dns] resolve-target domain1 # In DNS template view, set the domain name domain1 to be resolved. <Sysname> system-view [Sysname] nqa template dns dnstplt [Sysname-nqatplt-dns-dnstplt] resolve-target domain1 resolve-type Use resolve-type to configure the domain name resolution type.

  • Page 79: Source Interface

    Default The routing table bypass function is disabled. Views DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view UDP jitter operation view UDP tracert operation view Predefined user roles network-admin mdc-admin Usage guidelines When the routing table bypass function is enabled, the following events occur: •...

  • Page 80: Source Ip

    Usage guidelines If you configure the source interface command with the source ip or source ipv6 command, the most recent configuration takes effect. The specified source interface must be up. Otherwise, no probe requests can be sent out. Examples # Specify the IP address of interface VLAN-interface 2 as the source IP address of ICMP echo request packets.

  • Page 81: Source Ipv6

    The specified source IP address must be the IP address of a local interface, and the local interface must be up. Otherwise, no probe packets can be sent out. For an NQA template, if the source and destination addresses have different IP versions, the source address does not take effect.

  • Page 82: Source Port

    Examples # In ICMP template view, configure the source IPv6 address as 1::1 for ICMP echo requests. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] source ipv6 1::1 Related commands source interface source port Use source port to configure the source port for probe packets. Use undo source port to remove the configured source port number.

  • Page 83: Statistics Interval

    Use undo statistics hold-time to restore the default. Syntax statistics hold-time hold-time undo statistics hold-time Default The hold time of statistics groups is 120 minutes. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view Path/UDP jitter operation view Predefined user roles network-admin mdc-admin Parameters...

  • Page 84: Statistics Max-Group

    Parameters interval: Specifies the interval in minutes, in the range of 1 to 35791394. Usage guidelines NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command. Examples # Configure the system to collect the ICMP echo operation statistics at 2-minute intervals.

  • Page 85: Target-Only

    target-only Use target-only to perform the path jitter operation only on the destination address. Use undo target-only to restore the default. Syntax target-only undo target-only Default NQA performs the path jitter operation to the destination hop by hop. Views Path jitter operation view Predefined user roles network-admin mdc-admin...

  • Page 86: Ttl

    [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] tos 1 # In ICMP template view, set the ToS value to 1 in the IP header for probe packets. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] tos 1 Use ttl to specify the maximum number of hops that the probe packets can traverse. Use undo ttl to restore the default.

  • Page 87: Type

    [Sysname-nqatplt-icmp-icmptplt] ttl 16 type Use type to specify the operation type of the NQA operation and enter operation type view. Syntax type { dhcp | dlsw | dns | ftp | http | icmp-echo | path-jitter | snmp | tcp | udp-echo | udp-jitter | udp-tracert | voice } Default No operation type is specified.

  • Page 88: Username

    Syntax url url undo url Default No URL is configured for the destination server. Views FTP/HTTP operation view FTP/HTTP template view Predefined user roles network-admin mdc-admin Parameters url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. Spaces and question marks (?) are not allowed.

  • Page 89: Version

    Default No FTP or HTTP login username is configured. Views FTP/HTTP operation view FTP/HTTP template view Predefined user roles network-admin mdc-admin Parameters username: Specifies the username, a case-sensitive string of 1 to 32 characters. Examples # Set the FTP login username to administrator. <Sysname>...

  • Page 90: Vpn-Instance

    Examples # Configure the HTTP operation to use the HTTP version 1.1. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type http [Sysname-nqa-admin-test-http] version v1.1 vpn-instance Use vpn-instance to apply the operation to a VPN. Use undo vpn-instance to restore the default. Syntax vpn-instance vpn-instance-name undo vpn-instance...

  • Page 91: Display Nqa Server

    display nqa server Use display nqa server status to display NQA server status. Syntax display nqa server Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display NQA server status. <Sysname> display nqa server NQA server status: Enabled TCP connect: IP Address Port...

  • Page 92: Nqa Server Tcp-Connect

    Default The NQA server is disabled. Views System view Predefined user roles network-admin mdc-admin Examples # Enable the NQA server. <Sysname> system-view [Sysname] nqa server enable Related commands display nqa server nqa server tcp-connect nqa server udp-echo nqa server tcp-connect Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen and respond to the specified IP address and port.

  • Page 93: Nqa Server Udp-Echo

    When you configure the IP address and port number for a TCP listening service on the NQA server, follow these restrictions and guidelines: • The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.
  • Page 94 • The IP address and port number must be unique on the NQA server and match the configuration on the NQA client. • The IP address must be the address of an interface on the NQA server. • To ensure successful NQA operations and avoid affecting existing services, do not configure the UDP listening service on well-known ports from 1 to 1023.

  • Page 95: Ntp Commands

    NTP commands Only the following Layer 3 interfaces support NTP: • Layer 3 Ethernet interfaces • Layer 3 Ethernet subinterfaces • Layer 3 aggregate interfaces • Layer 3 aggregate subinterfaces • VLAN interfaces, and tunnel interfaces display ntp-service ipv6 sessions Use display ntp-service ipv6 sessions to display information about all IPv6 NTP associations.
  • Page 96 Field Description • 4—The clock source is a candidate clock source. • 5—The clock source was created by a command. IPv6 address of the NTP server. If this field displays ::, the IPv6 address of Source the NTP server has not been resolved successfully. Reference clock ID of the NTP server: •...
  • Page 97 Local mode: sym_active, local poll interval: 6 Peer mode: unspec, peer poll interval: 10 Offset: 0.0000ms, roundtrip delay: 0.0000ms, dispersion: 15937ms Root roundtrip delay: 0.0000ms, root dispersion: 0.0000ms Reachabilities:0, sync distance: 15.938 Precision: 2^10, version: 4, source interface: Not specified Reftime: 00000000.00000000 Thu, Feb 7 2036...
  • Page 98 Field Description 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server. VPN instance of the NTP server. If the NTP server is in a public VPN instance network, the field is displayed as Not specified.

  • Page 99: Display Ntp-Service Sessions

    Field Description Rcvtime Receive timestamp in the NTP message. Xmttime Transmit timestamp in the NTP message. Filter order Dispersion information. Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock.
  • Page 100 Table 15 Command output Field Description • When the reference clock is the local clock, the field displays LOCAL (number). It indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3. source •...
  • Page 101 <Sysname> display ntp-service sessions verbose Clock source: 192.168.1.40 Session ID: 35888 Clock stratum: 2 Clock status: configured, master, sane, valid Reference clock ID: 127.127.1.0 VPN instance: Not specified Local mode: client, local poll interval: 6 Peer mode: server, peer poll interval: 6 Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms Reachabilities:31, sync distance: 0.0194...
  • Page 102 Field Description the value of the stratum level is invalid. Reference clock ID of the NTP server: • If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: When the value of the Clock stratum field is 0 or 1, this field displays LOCL.

  • Page 103: Display Ntp-Service Status

    Field Description Synchronization distance relative to the upper-level clock, in sync distance seconds, and calculated from dispersion and roundtrip delay values. Precision Accuracy of the system clock. version NTP version in the range of 1 to 4. Source interface. source interface If the source interface is not specified, this field is Not specified.
  • Page 104 Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00000 ms Root dispersion: 3.96367 ms Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573 # Display the NTP service status when time is not synchronized. <Sysname> display ntp-service status Clock status: unsynchronized Clock stratum: 16 Reference clock ID: none Clock jitter: 0.000000 s...

  • Page 105: Display Ntp-Service Trace

    Field Description displays Local. • When the local clock has any other stratum, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the local clock. Alarming status: • 00—Normal. • 01—Leap second, indicates that the last minute in a day Leap indicator has 61 seconds.

  • Page 106: Ntp-Service Acl

    The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock. Table 18 Command output Field Description Server IP address of the NTP server. Stratum Stratum level of the NTP server. Root mean square (RMS) value of the clock offset relative to the upper-level clock, jitter in seconds.

  • Page 107: Ntp-Service Authentication Enable

    Usage guidelines You can control NTP access by using ACL. The access rights are in the following order, from least restrictive to most restrictive: peer, server, synchronization, and query. The device processes an NTP request by following these rules: • If no NTP access control is configured, peer is granted to the local device and peer devices.

  • Page 108: Ntp-Service Authentication-Keyid

    Examples # Enable NTP authentication. <Sysname> system-view [Sysname] ntp-service authentication enable Related commands ntp-service authentication-keyid ntp-service reliable authentication-keyid ntp-service authentication-keyid Use ntp-service authentication-keyid to set an NTP authentication key. Use undo ntp-service authentication-keyid to remove the NTP authentication key. Syntax ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } value undo ntp-service authentication-keyid keyed Default...

  • Page 109: Ntp-Service Broadcast-Client

    <Sysname> system-view [Sysname] ntp-service authentication enable [Sysname] ntp-service authentication-keyid 10 authentication-mode md5 simple BetterKey Related commands ntp-service authentication enable ntp-service reliable authentication-keyid ntp-service broadcast-client Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets. Use undo ntp-service broadcast-client to remove the configuration.

  • Page 110: Ntp-Service Dscp

    Syntax ntp-service broadcast-server [ authentication-keyid keyid | version number ] * undo ntp-service broadcast-server Default The device does not operate in any NTP association mode. Views Interface view Predefined user roles network-admin mdc-admin Parameters authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients, where keyid is in the range of 1 to 4294967295.

  • Page 111: Ntp-Service Enable

    Predefined user roles network-admin mdc-admin Parameters dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets. Usage guidelines The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority. Examples # Set the DSCP value for IPv4 NTP packets to 30.

  • Page 112: Ntp-Service Ipv6 Acl

    Views Interface view Predefined user roles network-admin mdc-admin Usage guidelines Execute the undo ntp-service inbound enable command on an interface in the following cases: • You do not want the interface to synchronize the peer device in the corresponding subnet. •...

  • Page 113: Ntp-Service Ipv6 Dscp

    Usage guidelines You can control IPv6 NTP access by using ACL. The access rights are in the following order, from least restrictive to most restrictive: peer, server, synchronization, and query. The device processes an NTP request by following these rules: •...

  • Page 114: Ntp-Service Ipv6 Inbound Enable

    Examples # Set the DSCP value for IPv6 NTP packets to 30. <Sysname> system-view [Sysname] ntp-service ipv6 dscp 30 ntp-service ipv6 inbound enable Use ntp-service ipv6 inbound enable to enable an interface to process IPv6 NTP messages. Use undo ntp-service ipv6 inbound enable to disable an interface from processing IPv6 NTP messages.

  • Page 115: Ntp-Service Ipv6 Multicast-Server

    Views Interface view Predefined user roles network-admin mdc-admin Parameters ipv6-multicast-address: Specifies an IPv6 multicast address. An IPv6 broadcast client and an IPv6 broadcast server must be configured with the same multicast address. Usage guidelines After you configure the command, the device listens to IPv6 NTP messages using the specified multicast address as the destination address.

  • Page 116: Ntp-Service Ipv6 Source

    authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients, where keyid is in the range of 1 to 4294967295. If this option is not specified, the local device cannot synchronize clients enabled with NTP authentication. ttl ttl-number: Specifies the TTL of NTP multicast messages.

  • Page 117: Ntp-Service Ipv6 Unicast-Peer

    • If you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-server or ntp-service ipv5 unicast-peer command, the interface specified in the ntp-service ipv6 unicast-server or ntp-service ipv6 unicast-peer command works as the source interface for IPv6 NTP messages. If you have configured the ntp-service ipv6 broadcast-server or ntp-service ipv6 multicast-server command, the source interface for the broadcast or multicast NTP messages is the interface configured with the respective command.

  • Page 118: Ntp-Service Ipv6 Unicast-Server

    specified passive peer address is a link local address, the IPv6 NTP messages are sent from the specified source interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages.

  • Page 119: Ntp-Service Max-Dynamic-Sessions

    ipv6-address: Specifies the IPv6 address of the NTP server. It must be a unicast address, rather than a multicast address. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the NTP server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.

  • Page 120: Ntp-Service Multicast-Client

    Default The maximum number of dynamic NTP sessions is 100. Views System view Predefined user roles network-admin mdc-admin Parameters number: Sets the maximum number of dynamic NTP associations allowed to be established, in the range of 0 to 100. Usage guidelines A single device can have a maximum of 128 concurrent associations, including static associations and dynamic associations.

  • Page 121: Ntp-Service Multicast-Server

    Usage guidelines As a best practice, specify a multicast IP address in the range of 224.0.1.0 to 224.0.1.255 for the ip-address argument. After you configure the command, the device listens to NTP messages using the specified multicast address as the destination address. If you have configured the device to operate in multicast client mode on an interface with the command, do not add the interface to any aggregate group.

  • Page 122: Ntp-Service Refclock-Master

    Usage guidelines As a best practice, specify a multicast IP address in the range of 224.0.1.0 to 224.0.1.255 for the ip-address argument. After you configure the command, the device periodically sends NTP messages to the specified multicast address. If you have configured the device to operate in multicast server mode on an interface with the command, do not add the interface to any aggregate group.

  • Page 123: Ntp-Service Reliable Authentication-Keyid

    If the devices in a network cannot synchronize to an authoritative time source, you can perform the following tasks: • Select a device that has a relatively accurate clock from the network. • Use the local clock of the device as the reference clock to synchronize other devices in the network.

  • Page 124: Ntp-Service Source

    Related commands ntp-service authentication enable ntp-service authentication-keyid ntp-service source Use ntp-service source to specify the source interface for NTP messages. Use undo ntp-service source to restore the default. Syntax ntp-service source interface-type interface-number undo ntp-service source Default No source interface is specified for NTP messages. The device does the following: •...

  • Page 125: Ntp-Service Unicast-Peer

    ntp-service unicast-peer Use ntp-service unicast-peer to specify a symmetric-passive peer for the device. Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device. Syntax ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] undo ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] Default No symmetric-passive peer is specified for the device.

  • Page 126: Ntp-Service Unicast-Server

    Examples # Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the device, and configure the device to run NTP version 4. Specify the source interface of NTP messages as VLAN-interface 1. <Sysname> system-view [Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source-interface vlan-interface 1 Related commands ntp-service authentication enable ntp-service authentication-keyid...
  • Page 127 Usage guidelines When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device. To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.

  • Page 128: Sntp Commands

    SNTP commands display sntp ipv6 sessions Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations. Syntax display sntp ipv6 sessions Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about all IPv6 SNTP associations. <Sysname>...

  • Page 129: Sntp Authentication Enable

    Syntax display sntp sessions Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about all IPv4 SNTP associations. <Sysname> display sntp sessions SNTP server Stratum Version Last receive time 1.0.1.11 Tue, May 17 2011 9:11:20.833 (Synced) Table 20 Command output Field Description...

  • Page 130: Sntp Authentication-Keyid

    Usage guidelines You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers. To authenticate an NTP server, set an authentication key and specify it as a trusted key. Examples # Enable SNTP authentication.

  • Page 131: Sntp Enable

    The authentication key, set in either plain text or cipher text, is saved to the configuration file in cipher text. Examples # Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey. Input the key in plain text.

  • Page 132: Sntp Reliable Authentication-Keyid

    Views System view Predefined user roles network-admin mdc-admin Parameters server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters. ipv6-address: Specifies the IPv6 address of the NTP server. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the NTP server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters.

  • Page 133: Sntp Unicast-Server

    Use undo sntp reliable authentication-keyid to remove the specified trusted key. Syntax sntp reliable authentication-keyid keyid undo sntp reliable authentication-keyid keyid Default No trust key is specified. Views System view Predefined user roles network-admin mdc-admin Parameters keyid: Specifies an authentication key number in the range of 1 to 4294967295. Usage guidelines If SNTP is enabled, the SNTP client is synchronized only to an NTP server that provides a trusted key.
  • Page 134 Views System view Predefined user roles network-admin mdc-admin Parameters server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters. ip-address: Specifies the IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

  • Page 135: Poe Commands

    PoE commands apply poe-profile Use apply poe-profile to apply a PoE profile to a power interface (PI). Use undo apply poe-profile to remove application of a PoE profile from a PI. Syntax apply poe-profile { index index | name profile-name } undo apply poe-profile { index index | name profile-name } Default No PoE profile is applied to PIs.

  • Page 136: Display Poe Device

    Predefined user roles network-admin mdc-admin Parameters index index: Specifies a PoE profile by its index number in the range of 1 to 100. name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters. interface-range: Specifies a range of Ethernet interfaces in the form of interface-type interface-number [ to interface-type interface-number ], where interface-type interface-number represents the interface type and interface number.

  • Page 137: Display Poe Interface

    chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, the command displays information about all PSEs in the IRF fabric.
  • Page 138 Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The interface-type interface-number argument is optional for the default MDC and is required for non-default MDCs. For the default MDC, if you do not specify an interface, this command displays power supplying information for all PIs.
  • Page 139 Field Description • Power-itself—The PD is using another power supply. • Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power. PD power class: 0, 1, 2, 3, or 4. IEEE Class If the PSE does not support PD classification, this field displays a hyphen (-).

  • Page 140: Display Poe Interface Power

    Field Description PoE status: • Enabled. • Disabled. Power priority of a PI: • Critical (highest). Priority • High. • Low. CurPower Current power of a PI. Operating status of a PI: • Off—PoE is disabled. • On—Power is being supplied to the PI correctly. •...

  • Page 141: Display Poe Power-Usage

    mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The interface-type interface-number argument is optional for the default MDC and is required for non-default MDCs. For the default MDC, if you do not specify an interface, this command displays power information for all PIs.
  • Page 142 Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PoE power supplies and PSEs in the IRF fabric.

  • Page 143: Display Poe Pse

    PoE Remaining Allocable Power : 800 PoE Remaining Guaranteed Power : 600 Powered PoE Ports : 60 Statistics by PSE: PSE ID Current Peak Average Remaining Powered Guaranteed(W) Ports Table 25 Command output Field Description PoE power and PSE power information for member device 1. (In IRF Chassis 1 mode.) PoE Current Power...
  • Page 144 mdc-admin mdc-operator Parameters pse-id: Specifies a PSE by its ID. If you do not specify a PSE, this command displays information about all PSEs. Usage guidelines This command is only available for the default MDC. For more information about MDCs, see Virtual Technologies Configuration Guide.

  • Page 145: Display Poe Pse Interface

    PD Power Policy : Disabled PD Disconnect Detection Mode : DC Table 26 Command output Field Description PSE ID ID of the PSE. Slot No. Slot number of the PSE. SSlot No. Subslot number of the PSE. Chassis In IRF mode, member ID of the device where the PSE resides. PoE status of the PSE: •...
  • Page 146 mdc-operator Parameters pse pse-id: Specifies a PSE ID. Usage guidelines To display PSE ID and slot mappings, use the display poe device command. This command is only available for the default MDC. For more information about MDCs, see Virtual Technologies Configuration Guide. Examples # Display the status of all PIs connected to PSE 7.

  • Page 147: Display Poe Pse Interface Power

    Field Description hyphen (-). Power detection status of a PI: • Disabled—PoE function is disabled. • Searching—The PI is searching for the PD. • Delivering Power—The PI is supplying power to the PD. Detection Status • Fault—A fault occurred during the test. •...

  • Page 148: Display Poe-Power

    GE1/0/30 IP Phone on Room 809 for Alien On State Ports: 3; Used: 23.8(W); Remaining: 776.2(W) --- Table 28 Command output Field Description Interface Interface name of a PI. Current Current power of a PI. Peak Peak power of a PI. Maximum power of a PI.
  • Page 149 PoE Peak Power : 2350 PoE Max Power : 2000 PoE Nominal Power : 2500 PoE Current Electric Current : 3.00 PoE Current Voltage : 55.00 PoE Lower Input Threshold : 111.22 PoE Upper Input Threshold : 131.00 PoE Lower Output Threshold : 45.00 PoE Upper Output Threshold : 57.00...
  • Page 150 PoE Peak Power : 2350 PoE Max Power : 2000 PoE Nominal Power : 2500 PoE Current Electric Current : 3.00 PoE Current Voltage : 55.00 PoE Lower Input Threshold : 111.22 PoE Upper Input Threshold : 131.00 PoE Lower Output Threshold : 45.00 PoE Upper Output Threshold : 57.00...

  • Page 151: Display Poe-Profile

    Field Description • Normal—The PoE power supply is operating correctly. • Absent—The PoE power supply is not present. display poe-profile Use display poe-profile to display information about the PoE profile. Syntax display poe-profile [ index index | name profile-name ] Views Any view Predefined user roles...

  • Page 152: Display Poe-Profile Interface

    Total ports: 0 Table 30 Command output Field Description PoE Profile Name of the PoE profile. Index Index number of the PoE profile. ApplyNum Number of PIs to which the PoE profile is applied. Interfaces Interface name of the PI to which the PoE configuration is applied. Configuration Configurations of the PoE profile.

  • Page 153: Poe Enable Pse

    undo poe enable Default PoE is disabled on a PI. Views PI view PoE profile view Predefined user roles network-admin mdc-admin Usage guidelines If a PoE profile has been applied to a PI, remove the application before configuring the PI in PoE profile view.

  • Page 154: Poe Legacy Enable

    Parameters pse-id: Specifies a PSE by its ID. Usage guidelines This command is only available for the default MDC. For more information about MDCs, see Virtual Technologies Configuration Guide. Examples # Enable PoE for PSE 7. <Sysname> system-view [Sysname] poe enable pse 7 Related commands display poe pse poe legacy enable...

  • Page 155: Poe Max-Power (System View)

    Syntax poe max-power max-power undo poe max-power Default The maximum power of a PI is 30000 milliwatts. Views PI view PoE profile view Predefined user roles network-admin mdc-admin Parameters max-power: Sets the maximum power to an integer in the range of 1000 to 30000, in milliwatts. Examples # Set the maximum power of a PI to 12000 milliwatts in PI view.

  • Page 156: Poe Mode

    Parameters max-power: Sets the maximum power to an integer in the range of 37 to 800, in watts. pse pse-id: Specifies a PSE by its ID. Usage guidelines To prevent power supply interruption, the maximum PSE power must be greater than the total maximum power of all critical PIs.

  • Page 157: Poe Pd-Description

    # Set the PoE power transmission mode to power over signal cables in PoE profile view. <Sysname> system-view [Sysname] poe-profile abc [Sysname-poe-profile-abc-1] poe mode signal Related commands poe-profile poe pd-description Use poe pd-description to configure a description for the PD that connects to a PI. Use undo poe pd-description to restore the default.

  • Page 158: Poe Power Max-Value

    Predefined user roles network-admin mdc-admin Usage guidelines If PI power management is disabled, the PSE does not supply power to new PDs when PSE power overload occurs. If PI power management is enabled, when a PSE is overloaded, the PSE allocates power to new PDs based on the priority of their PIs.

  • Page 159: Poe Priority

    Usage guidelines The configured maximum PoE power cannot exceed the rated PoE power. This command is only available for the default MDC. For more information about MDCs, see Virtual Technologies Configuration Guide. Examples # Set the maximum PoE power to 2000 watts. <Sysname>...

  • Page 160: Poe Priority (System View)

    [Sysname] poe-profile abc [Sysname-poe-profile-abc-1] poe priority critical [Sysname-poe-profile-abc-1] quit [Sysname] interface gigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] apply poe-profile name abc Related commands poe pd-policy priority poe priority (system view) Use poe priority to set the power supply priority for a PSE. Use undo poe priority to restore the default. Syntax poe priority { critical | high | low } pse pse-id undo poe priority pse pse-id...

  • Page 161: Poe Pse-Policy Priority

    [Sysname] poe priority critical pse 7 Related commands poe pse-policy priority poe pse-policy priority Use poe pse-policy priority to enable PSE power management. Use undo poe pse-policy priority to restore the default. Syntax poe pse-policy priority undo poe pse-policy priority Default PSE power management is disabled.

  • Page 162: Poe Update

    Views System view Predefined user roles network-admin mdc-admin Usage guidelines If PoE over-temperature protection is enabled, the device disables PoE on all PIs when the temperature exceeds the upper limit or drops below the lower limit. This command is only available for the default MDC. For more information about MDCs, see Virtual Technologies Configuration Guide.

  • Page 163: Poe-Profile

    poe-profile Use poe-profile to create a PoE profile and enter PoE profile view. Use undo poe-profile to delete the specified PoE profile. Syntax poe-profile profile-name [ index ] undo poe-profile { index index | name profile-name } Default No PoE profile is created. Views System view Predefined user roles...

  • Page 164: Poe Utilization-Threshold

    poe utilization-threshold Use poe utilization-threshold to configure a power alarm threshold for a PSE. Use undo poe utilization-threshold to restore the default power alarm threshold of a PSE. Syntax poe utilization-threshold value pse pse-id undo poe utilization-threshold pse pse-id Default The power alarm threshold for the PSE is 80%.

  • Page 165: Snmp Commands

    SNMP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.

  • Page 166: Display Snmp-Agent Context

    Storage-type: nonVolatile Community name: userv1 Group name: testv1 Storage type: nonVolatile Table 31 Command output Field Description Community name created by using the snmp-agent community command or Community name username created by using the snmp-agent usm-user { v1 | v2c } command. SNMP group name.

  • Page 167: Display Snmp-Agent Group

    Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If no SNMP context is specified, this command displays all SNMP contexts created on the device. Examples # Display all SNMP contexts created on the device.

  • Page 168: Display Snmp-Agent Local-Engineid

    Table 32 Command output Field Description Group name SNMP group name. Security model of the SNMP group: • authPriv—authentication with privacy. • authNoPriv—authentication without privacy. Security model • noAuthNoPriv—no authentication, no privacy. Security model of an SNMPv1 or SNMPv2c group can only be noAuthNoPriv. Readview Read-only MIB view accessible to the SNMP group.

  • Page 169: Display Snmp-Agent Mib-Node

    Related commands snmp-agent local-engineid display snmp-agent mib-node Use display snmp-agent mib-node to display SNMP MIB node information. Syntax display snmp-agent mib-node [ details | index-node | trap-node | verbose ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node.
  • Page 170 |-*lldpReinitDelay<1.0.8802.1.1.2.1.1.3>(RW) Table 33 Command output Field Description -std MIB node name. <1.0> OID of a MIB node. Permissions to MIB nodes: • NA—Not accessible. • NF—Supports notifications. • RO—Supports read-only access. (NA) • RW—Supports read and write access. • RC—Supports read-write-create access. •...
  • Page 171 # Display MIB table names, and node names and OIDs of MIB index nodes. <Sysname> display snmp-agent mib-node index-node Table |lldpPortConfigTable Index ||lldpPortConfigPortNum 1.0.8802.1.1.2.1.1.6.1.1 Table |lldpConfigManAddrTable Index ||lldpLocManAddrSubtype 1.0.8802.1.1.2.1.3.8.1.1 Index ||lldpLocManAddr 1.0.8802.1.1.2.1.3.8.1.2 Table |lldpStatsTxPortTable Index ||lldpStatsTxPortNum 1.0.8802.1.1.2.1.2.6.1.1 Table |lldpStatsRxPortTable Index ||lldpStatsRxPortNum 1.0.8802.1.1.2.1.2.7.1.1 Table...
  • Page 172 Name |||lldpRemChassisIdSubtype ||||1.0.8802.1.1.2.1.4.1.1.4 Name |||lldpRemChassisId ||||1.0.8802.1.1.2.1.4.1.1.5 Name |||lldpXMedRemDeviceClass ||||1.0.8802.1.1.2.1.5.4795.1.3.1.1.3 Name |mplsL3VpnVrfUp ||1.3.6.1.2.1.10.166.11.0.1 Trap Object Name |||mplsL3VpnIfConfRowStatus ||||1.3.6.1.2.1.10.166.11.1.2.1.1.5 Name |||mplsL3VpnVrfOperStatus ||||1.3.6.1.2.1.10.166.11.1.2.2.1.6 Table 36 Command output Field Description Name Name of a MIB notification node. OID of a MIB notification node. Trap Object Name and OID of a notification object.
  • Page 173 Name |lldpPortConfigEntry ||1.0.8802.1.1.2.1.1.6.1 Properties ||NodeType: ||AccessType: NA ||DataType: ||MOR: 0x00000000 Parent ||lldpPortConfigTable First child ||lldpPortConfigPortNum Next leaf ||lldpPortConfigPortNum Next sibling Index ||[indexImplied:0, indexLength:1]: Name |lldpPortConfigPortNum ||1.0.8802.1.1.2.1.1.6.1.1 Properties ||NodeType: Column ||AccessType: NA ||DataType: Integer32 ||MOR: 0x020c1201 Parent ||lldpPortConfigEntry First child Next leaf ||lldpPortConfigAdminStatus Next sibling ||lldpPortConfigAdminStatus...
  • Page 174 Field Description OID of a MIB node. MIB node types: • Table—Table node. • Row—Row node in a MIB table. • Column—Column node in a MIB table. NodeType • Leaf—Leaf node. • Group—Group node (parent node of a leaf node). •...

  • Page 175: Display Snmp-Agent Mib-View

    Field Description Value range Value range of a MIB node. Index Table index. This field appears only for a table node. display snmp-agent mib-view Use display snmp-agent mib-view to display MIB views. Syntax display snmp-agent mib-view [ exclude | include | viewname view-name ] Views Any view Predefined user roles...

  • Page 176: Display Snmp-Agent Remote

    Subtree mask: Storage-type: nonVolatile View Type: excluded View status: active View name: ViewDefault MIB Subtree: snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type: excluded View status: active ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.

  • Page 177: Display Snmp-Agent Statistics

    mdc-operator Parameters ip-address: Specifies the IP address of a remote SNMP entity to display its SNMP engine ID. ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity to display its SNMP engine vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters.
  • Page 178 Examples # Display SNMP message statistics. <Sysname> display snmp-agent statistics 1684 messages delivered to the SNMP entity. 5 messages were for an unsupported version. 0 messages used an unknown SNMP community name. 0 messages represented an illegal operation for the community supplied. 0 ASN.1 or BER errors in the process of decoding.

  • Page 179: Display Snmp-Agent Sys-Info

    Field Description Number of GetRequest requests that have GetRequest-PDU accepted and processed been received and processed. Number of getNext requests that have been GetNextRequest-PDU accepted and processed received and processed. Number of getBulk requests that have been GetBulkRequest-PDU accepted and processed received and processed.

  • Page 180: Display Snmp-Agent Trap Queue

    The location information of the agent: The SNMP version of the agent: SNMPv3 Related commands snmp-agent sys-info display snmp-agent trap queue Use display snmp-agent trap queue to display basic information about the trap queue, including the queue size and number of traps in the queue. Syntax display snmp-agent trap queue Views...

  • Page 181: Display Snmp-Agent Usm-User

    Examples # Display the modules that can generate notification and their notification function status. <Sysname> display snmp-agent trap-list arp notification is disabled. configuration notification is enabled. isis notification is enabled. l3vpn notification is enabled. mac-address notification is enabled. mpls notification is disabled. ospf notification is enabled.
  • Page 182 Examples # Display information about all SNMPv3 users. <Sysname> display snmp-agent usm-user Username: userv3 Group name: mygroupv3 Engine ID: 800063A203000FE240A1A6 Storage type: nonVolatile User status: active Username: userv3 Group name: mygroupv3 Engine ID: 8000259503000BB3100A508 Storage type: nonVolatile User status: active Username: userv3code Role name: groupv3code network-operator...

  • Page 183: Enable Snmp Trap Updown

    Field Description SNMP users are active upon their creation at the CLI. To temporarily disable an SNMP user without deleting it, you can perform an SNMP set operation to change its status. Number of the ACL that controls the access of the SNMP user (the NMS) to the device.

  • Page 184: Snmp-Agent

    snmp-agent Use snmp-agent to enable the SNMP agent. Use undo snmp-agent to disable the SNMP agent. Syntax snmp-agent undo snmp-agent Default SNMP agent is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines The snmp-agent command is optional for an SNMP configuration task. The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command.

  • Page 185: Snmp-Agent Community

    mode: Specifies the same authentication mode and privacy mode as configured in the snmp-agent usm-user v3 command. The encryption algorithms AES, 3DES, and DES are in descending order of security strength. DES is enough to meet general security requirements. The MD5 authentication algorithm is faster than SHA-1, while SHA-1 provides higher security than MD5.
  • Page 186 snmp-agent community [ simple | cipher ] community-name user-role role-name [ acl acl-number | acl ipv6 ipv6-acl-number ] * undo snmp-agent community [ cipher ] community-name Default No SNMP community exists. Views System view Predefined user roles network-admin mdc-admin Parameters read: Assigns the specified community read-only access to MIB objects.
  • Page 187 An SNMPv1 or SNMPv2c community contains a set of NMSs and SNMP agents, and is identified by a community name. An NMS and an SNMP agent must use the same community name to authenticate each other. Typically, public is used as the read-only community name and private is used as the read and write community name.

  • Page 188: Snmp-Agent Community-Map

    [Sysname] snmp-agent mib-view included test system [Sysname] snmp-agent community write simple wr-sys-acc mib-view test Related commands display snmp-agent community snmp-agent mib-view snmp-agent community-map Use snmp-agent community-map to map an SNMP community to an SNMP context. Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context.

  • Page 189: Snmp-Agent Group

    undo snmp-agent context context-name Default No SNMP context is configured on the device. Views System view Predefined use roles network-admin mdc-admin Parameters context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters. Usage guidelines An NMS and an SNMP agent can communicate with each other if the following conditions exist: •...
  • Page 190 Default No SNMP group exists. Views System view Predefined use roles network-admin mdc-admin Parameters v1: Specifies SNMPv1. v2c: Specifies SNMPv2c. v3: Specifies SNMPv3. group-name: Specifies an SNMP group name, a string of 1 to 32 case-sensitive characters. authentication: Specifies the authentication without privacy security model for the SNMPv3 group. privacy: Specifies the authentication with privacy security model for the SNMPv3 group.

  • Page 191: Snmp-Agent Local-Engineid

    Table 42 Basic security setting requirements for different security models Security model Security key Security model keyword for the settings for the Remarks group user If the authentication key Authentication with Authentication key, or the privacy key is not privacy privacy privacy key configured, SNMP...

  • Page 192: Snmp-Agent Log

    Parameters engineid: Specifies an SNMP engine ID as a hexadecimal string. It must contain an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid. Usage guidelines An SNMP engine ID uniquely identifies an SNMP entity in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.

  • Page 193: Snmp-Agent Mib-View

    Examples # Enable logging SNMP Get operations. <Sysname> system-view [Sysname] snmp-agent log get-operation # Enable logging SNMP Set operations. <Sysname> system-view [Sysname] snmp-agent log set-operation # Enable logging SNMP authentication failures. <Sysname> system-view [Sysname] snmp-agent log authfail snmp-agent mib-view Use snmp-agent mib-view to create or update a MIB view. Use undo snmp-agent mib-view to delete a MIB view.

  • Page 194: Snmp-Agent Packet Max-Size

    The system can store entries for up to 20 unique MIB view records. In addition to the four default MIB view records, you can create up to 16 unique MIB view records. After you delete the default view with the undo snmp-agent mib-view command, you can create up to 20 unique MIB view records. Be cautious with deleting the default MIB view.

  • Page 195: Snmp-Agent Port

    [Sysname] snmp-agent packet max-size 1024 snmp-agent port Use snmp-agent port to specify the UDP port for receiving SNMP packets. Use undo snmp-agent port to restore the default. Syntax snmp-agent port port-num undo snmp-agent port Default The device uses UDP port 161 for receiving SNMP packets. Views System view Predefined user roles...

  • Page 196: Snmp-Agent { Inform | Trap } Source

    Views System view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the IP address of a remote SNMP entity. ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity. vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters.

  • Page 197: Snmp-Agent Sys-Info Contact

    mdc-admin Parameters inform: Specifies informs. trap: Specifies traps. interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094. Usage guidelines The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface or subinterface as the source IP address in all its SNMP informs or traps, regardless of their...

  • Page 198: Snmp-Agent Sys-Info Location

    Parameters sys-contact: Specifies the system contact, a string of 1 to 255 characters. Usage guidelines Configure the system contact for system maintenance and management. Examples # Configure the system contact as Dial System Operator # 27345. <Sysname> system-view [Sysname] snmp-agent sys-info contact Dial System Operator # 27345 Related commands display snmp-agent sys-info snmp-agent sys-info location...

  • Page 199: Snmp-Agent Target-Host

    Syntax High encryption in non-FIPS mode: snmp-agent sys-info contact version { all | { v1 | v2c | v3 } * } undo snmp-agent sys-info version { all | { v1 | v2c | v3 } * } High encryption in FIPS mode: snmp-agent sys-info version v3 undo snmp-agent sys-info version v3 Default...
  • Page 200 snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host { trap | inform } address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] High encryption in FIPS mode: snmp-agent target-host inform address udp-domain { ip-address | ipv6 ipv6-address }...

  • Page 201: Snmp-Agent Trap Enable

    • authentication: Specifies the security model to be authentication without privacy. You must specify the authentication key when you create the SNMPv3 user. • privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and privacy key when you create the SNMPv3 user. Usage guidelines You can specify multiple SNMP notification target hosts.

  • Page 202: Snmp-Agent Trap If-Mib Link Extended

    Parameters configuration: Specifies configuration notifications. If configuration notifications are enabled, the system checks the running configuration and the startup configuration every 10 minutes for any change and generates a notification for the most recent change. protocol: Specifies a module for enabling SNMP notifications. For more information about this argument, see the command reference for each module.

  • Page 203: Snmp-Agent Trap Life

    Default The SNMP agent sends standard linkUp/linkDown notifications. Views System view Predefined user roles network-admin mdc-admin Usage guidelines Extended linkUp and linkDown notifications add interface description and interface type to the standard linkUp/linkDown notifications for fast failure point identification. When you use this command, make sure the NMS supports the extended linkup and linkDown notifications.

  • Page 204: Snmp-Agent Trap Log

    Related commands snmp-agent target-host snmp-agent trap enable snmp-agent trap queue-size snmp-agent trap log Use snmp-agent trap log to enable SNMP notification logging. Use undo snmp-agent trap log to disable SNMP notification logging. Syntax snmp-agent trap log undo snmp-agent trap log Default SNMP notification logging is disabled.

  • Page 205: Snmp-Agent Usm-User { V1 | V2C

    mdc-admin Parameters size: Sets the maximum number of notifications that the SNMP notification queue can hold. The value range is 1 to 1000. Usage guidelines When congestion occurs, the SNMP agent buffers notifications in a queue. SNMP notification queue size sets the maximum number of notifications that this queue can hold. When the queue size is reached, the oldest notifications are dropped for new notifications.

  • Page 206: Snmp-Agent Usm-User V3

    to access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent. acl ipv6 ipv6-acl-number: Specifies a basic IPv6 ACL to filter NMSs by source IPv6 address. The ipv6-acl-number argument represents an ACL number in the range of 2000 to 2999.
  • Page 207 Syntax High encryption in non-FIPS mode (in VACM mode): snmp-agent usm-user v3 user-name group-name [ remote { ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }...
  • Page 208 Predefined user roles network-admin mdc-admin Parameters user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters. group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters. user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. remote { ip-address | ipv6 ipv6-address }: Specifies the IPv4 or IPv6 address of the remote SNMP entity.
  • Page 209 Table 45 Encrypted privacy key length requirements Authentication Encryption Hexadecimal string Non-hexadecimal string algorithm algorithm 3DES 64 characters 73 characters AES128 or 32 characters 53 characters DES-56 3DES 80 characters 73 characters AES128 or 40 characters 53 characters DES-56 acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999.
  • Page 210 After creating an SNMPv3 user in this mode, you can use the snmp-agent usm-user v3 user-role command to assign a maximum of 64 user roles to the SNMPv3 user. In VACM mode, if you configure an SNMPv3 user multiple times, the most recent configuration takes effect.

  • Page 211: Snmp-Agent Usm-User V3 User-Role

    • Plaintext authentication and privacy keys. # Add the user remoteUser for the SNMP remote engine at 10.1.1.1 to the SNMPv3 group testGroup, and enable the authentication and privacy security model for the group. Specify the authentication algorithm SHA-1, the privacy algorithm AES, the plaintext authentication key 123456TESTauth&!, and the plaintext privacy key 123456TESTencr&! for the user.
  • Page 212 Parameters user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters. user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. Usage guidelines You can assign a maximum of 64 user roles to an SNMPv3 user. An SNMPv3 user must have a minimum of one user role.

  • Page 213: Rmon Commands

    RMON commands display rmon alarm Use display rmon alarm to display entries in the RMON alarm table. Syntax display rmon alarm [ entry-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all entries in the RMON alarm table.
  • Page 214 Field Description falling thresholds at the end of the sampling interval. • delta—RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds. Sampled variable Monitored variable (MIB object alarmVariable).

  • Page 215: Display Rmon Event

    display rmon event Use display rmon event to display RMON event entries. Syntax display rmon event [ entry-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters entry-number: Specifies an event entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all event entries.

  • Page 216: Display Rmon Eventlog

    Field Description SNMP community name for the RMON event (MIB object eventCommunity). You can specify an SNMP community name when you create an RMON event Community entry, but the setting does not take effect. The system always uses the settings configured with the SNMP feature when it sends RMON event notifications.

  • Page 217: Display Rmon History

    LogEntry 99.2 created at 50days 09h:11m:13s uptime. Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77, less than(or =) 20000000 with alarm value 16951648. Alarm sample type is absolute. LogEntry 99.3 created at 50days 09h:18m:43s uptime. Description: The alarm formula defined in prialarmEntry 777, less than(or =) 15000000 with alarm value 14026493.
  • Page 218 mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays history samples for all interfaces that have an RMON history control entry. Usage guidelines RMON uses the etherHistoryTable object to store the history samples of Ethernet statistics for Ethernet interfaces.
  • Page 219 fragments , jabbers collisions , utilization Table 49 Command output Field Description Status and owner of the history control entry: • entry-number—History control entry index (MIB object historyControlIndex). • owner—Entry owner (MIB object historyControlOwner). • status—Entry status (MIB object historyControlStatus): HistoryControlEntry VALID—The entry is valid.

  • Page 220: Display Rmon Prialarm

    Field Description Number of undersize packets with CRC errors received during the sampling fragments interval (MIB object etherHistoryFragments). Number of oversize packets with CRC errors received during the sampling jabbers interval (MIB object etherHistoryJabbers). Number of colliding packets received during the sampling interval (MIB object collisions etherHistoryCollisions).
  • Page 221 Table 50 Command output Field Description Alarm entry owner and status: • entry-number—Alarm entry index (MIB object hh3cRmonExtAlarmIndex). • owner—Entry owner (MIB object hh3cRmonExtAlarmOwner). • status—Entry status (MIB object hh3cRmonExtAlarmStatus): PrialarmEntry entry-number VALID—The entry is valid. owned by owner is status. UNDERCREATION—The entry is invalid.

  • Page 222: Display Rmon Statistics

    Field Description Alarm that can be generated when the entry becomes valid (MIB object hh3cRmonExtAlarmStartupAlarm): • risingAlarm—Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold. • fallingAlarm—Generates a falling alarm if the first sample after the entry Alarm sent upon entry startup becomes valid is less than or equal to the rising threshold.
  • Page 223 EtherStatsEntry 1 owned by user1 is VALID. Interface : GigabitEthernet1/0/1<ifIndex.3> etherStatsOctets : 43393306 , etherStatsPkts : 619825 etherStatsBroadcastPkts : 503581 , etherStatsMulticastPkts : 44013 etherStatsUndersizePkts , etherStatsOversizePkts etherStatsFragments , etherStatsJabbers etherStatsCRCAlignErrors : 0 , etherStatsCollisions etherStatsDropEvents (insufficient resources): 0 Incoming packets by size: 65-127 128-255 256-511: 0...

  • Page 224: Rmon Alarm

    Field Description NOTE: This statistic is the number of times that a drop condition occurred. It is not necessarily the total number of dropped packets. Incoming-packet statistics by packet length: • 64—Number of 64-byte packets. The value is stored in the MIB node etherStatsPkts64Octets.
  • Page 225 Format Examples entry.integer.instance etherStatsOctets.1 etherStatsPkts.1 etherStatsBroadcastPkts.1 Object name.instance ifInOctets.1 ifInUcastPkts.1 ifInNUcastPkts.1 sampling-interval: Sets the sampling interval in the range of 5 to 65535 seconds. absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval. delta: Specifies delta sampling.

  • Page 226: Rmon Event

    • Triggers the event associated with the falling alarm if the sampled value is equal to or less than the falling threshold. Examples # Create an alarm entry to perform absolute sampling on the number of octets received on GigabitEthernet 1/0/1 (object instance 1.3.6.1.2.1.16.1.1.1.4.1) at 10-seconds intervals. If the sampled value reaches or exceeds 5000, log the rising alarm event.

  • Page 227: Rmon History

    none: Performs no action when the event occurs. trap: Sends an SNMP notification when the event occurs. owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters. NOTE: The SNMP community name setting for the security-string argument does not take effect even though you can configure it with the command.

  • Page 228: Rmon Prialarm

    If the expected bucket size exceeds the available history table size, RMON sets the bucket size as closely to the expected bucket size as is possible. However, the granted bucket size will not exceed 50. For example, the bucket size for a history control entry will be 30 if the expected bucket size is set to 55, but the available bucket size is only 30.
  • Page 229 addition, subtraction, multiplication, and division on these variables. To get a correct calculation result, make sure the following conditions are met: • The values of the variables in the formula are positive integers. • The result of each calculating step is in the value range for long integers. prialarm-des: Configures an entry description, a case-sensitive string of 1 to 127 characters.

  • Page 230: Rmon Statistics

    Compares the calculation result with the predefined thresholds, and then takes one of the following actions: Triggers the event associated with the rising alarm event if the result is equal to or greater than the rising threshold. Triggers the event associated with the falling alarm event if the result is equal to or less than the falling threshold.
  • Page 231 owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters. Usage guidelines You can create RMON statistics entries only for Layer 2 or Layer 3 Ethernet interfaces. You can create one statistics entry for each Ethernet interface, and a maximum of 100 statistics entries on the device.

  • Page 232: Netconf Commands

    NETCONF commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. netconf log Use netconf log to enable NETCONF logging.

  • Page 233: Netconf Soap Http Dscp

    verbose: Logs detailed NETCONF information. For request operations, this keyword logs the texts of the requests after brief information. For service operations, this keyword takes effect only on edit-config operations. When an edit-config operation error occurs, this keyword logs detailed error information.

  • Page 234: Netconf Soap Https Dscp

    Syntax netconf soap http enable undo netconf soap http enable Default NETCONF over SOAP over HTTP is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines This command is not available for high encryption in FIPS mode. This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP packets.

  • Page 235: Netconf Soap Https Enable

    Examples # Set the DSCP value to 30 for outgoing NETCONF over SOAP over HTTPS packets. <Sysname> system-view [Sysname] netconf soap https dscp 30 netconf soap https enable Use netconf soap https enable to enable NETCONF over SOAP over HTTPS. Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS.

  • Page 236: Netconf Ssh Server Port

    Usage guidelines This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command. Before you execute this command, configure the authentication mode for users as scheme on the device.
  • Page 237 "a," only the contents after the last "a" in the message can be processed. Examples # Enter XML view. <Sysname> xml <?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:pa rams:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-runnin g</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capabi lity><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capabil ity>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:hpe :params:netconf:capability:hpe-netconf-ext:1.0</capability></capabilities><session-id >1</session-id></hello>]]>]]> # Quit XML view. <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <close-session> </close-session> </rpc>]]>]]>...
  • Page 238 <Sysname>...

  • Page 239: Eaa Commands

    EAA commands action cli Use action cli to add a CLI action to a monitor policy. Use undo action to remove an action. Syntax action number cli command-line undo action number Default Monitor policies do not contain any actions. Views CLI-defined policy view Predefined user roles network-admin...

  • Page 240: Action Reboot

    [Sysname-rtm-test] action 1 cli system-view [Sysname-rtm-test] action 2 cli interface gigabitethernet 1/0/1 [Sysname-rtm-test] action 3 cli shutdown action reboot Use action reboot to add a reboot action to a monitor policy. Use undo action to remove an action. Syntax In standalone mode: action number reboot [ slot slot-number [ subslot subslot-number ] ] undo action number In IRF mode:...

  • Page 241: Action Switchover

    When you define an action, you may choose to specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment." Examples # (In standalone mode.) Configure an action for the CLI-defined policy test to reboot the device. <Sysname>...

  • Page 242: Action Syslog

    action syslog Use action syslog to add a Syslog action to a monitor policy. Use undo action to remove an action. Syntax action number syslog priority level facility local-number msg msg-body undo action number Default Monitor policies do not contain any actions. Views CLI-defined policy view Predefined user roles...

  • Page 243: Display Rtm Environment

    Syntax commit Default No CLI-defined policies are enabled. Views CLI-defined policy view Predefined user roles network-admin mdc-admin Usage guidelines You must execute this command for a CLI-defined policy to take effect. After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect.

  • Page 244: Display Rtm Policy

    display rtm policy Use display rtm policy to display monitor policies. Syntax display rtm policy { active | registered [ verbose ] } [ policy-name ] Views Any view Predefined user roles network-admin mdc-admin Parameters active: Displays policies that are running. registered: Displays policies that have been created.

  • Page 245: Event Cli

    Table 54 Command output Field Description Job ID. This field is available for the display rtm policy active command. PolicyName Monitor policy name. Policy creation method: Type • TCL—The policy was configured by using Tcl. Policy Type • CLI—The policy was configured from the CLI. Source of the event specified in the policy.

  • Page 246: Event Hotplug

    pattern regular-exp: Specifies a regular expression for matching commands that trigger the policy. For more information about using regular expressions, see Fundamentals Configuration Guide. Usage guidelines Use CLI event monitor policies to monitor operations performed at the CLI. You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

  • Page 247: Event Interface

    mdc-admin Parameters slot slot-number: Specifies a card by its slot number. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card.
  • Page 248 Parameters interface-type interface-number: Specifies an interface by its type and number. monitor-obj monitor-obj: Specifies the traffic statistic to be monitored on the interface. For keywords available for the monitor-obj argument, see Table start-op start-op: Specifies the operator for comparing the monitored traffic statistic with the start threshold.

  • Page 249: Event Process

    EAA executes an interface event monitor policy when the monitored interface traffic statistic crosses the start threshold in the following situations: • The statistic crosses the start threshold for the first time. • The statistic crosses the start threshold each time after it crosses the restart threshold. The following is the interface event monitor process of EAA: Compares the traffic statistic sample with the start threshold at sampling intervals until the comparison result meets the condition specified by the start operator.

  • Page 250: Event Snmp Oid

    Parameters exception: Monitors the specified process for exceptional events. EAA executes the policy when an exception occurs to the monitored process. restart: Monitors the specified process for restart events. EAA executes the policy when the monitored process restarts. shutdown: Monitors the specified process for shutdown events. EAA executes the policy when the monitored process is shut down.
  • Page 251 Views CLI-defined policy view Predefined user roles network-admin mdc-admin Parameters oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters. monitor-obj { get | next }: Specifies the SNMP operation used for sampling variable values. The get keyword represents the SNMP get operation, and the next keyword represents the SNMP getNext operation.

  • Page 252: Event Snmp-Notification

    Examples # Configure a CLI-defined policy to get the value of the MIB variable 1.3.6.4.9.9.42.1.2.1.6.4 every five seconds. Set the start threshold to 1 and the restart threshold to 2. Enable EAA to execute the policy when the value changes to 1 for the first time. Enable EAA to re-execute the policy if the value changes to 1 each time after the value has changed to 2.

  • Page 253: Event Syslog

    <Sysname> system-view [Sysname] rtm cli-policy snmp-notification [Sysname-rtm-snmp-notification] event snmp-notification oid 1.3.6.1.4.1.318.2.8.3 oid-val “UPS:Returned from battery backup power” op eq drop event syslog Use event syslog to configure a Syslog event for a CLI-defined monitor policy. Use undo event to delete the event in a CLI-defined monitor policy. Syntax event syslog priority level msg msg occurs times period period undo event...

  • Page 254: Rtm Cli-Policy

    [Sysname-rtm-syslog] event syslog priority 3 msg down occurs 5 period 6 rtm cli-policy Use rtm cli-policy to create a CLI-defined EAA monitor policy and enter its view. Use undo rtm cli-policy to delete a CLI-defined monitor policy. Syntax rtm cli-policy policy-name undo rtm cli-policy policy-name Default No CLI-defined monitor policy exists.
  • Page 255 Default The system provides the variables in Table 57. You cannot create, delete, or modify these system-defined variables. Table 57 System-defined EAA environment variables by event type Variable name Description Any event: _event_id Event ID. _event_type Event type. _event_type_string Event type description. _event_time Time when the event occurs.

  • Page 256: Rtm Scheduler Suspend

    Usage guidelines When you define an action, you can enter a variable name with a leading dollar sign ($variable_name) instead of entering a value for an argument. EAA will replace the variable name with the variable value when it performs the action. For an action argument, you can specify a list of variable names in the form of $variable_name1$variable_name2...$variable_nameN.

  • Page 257: Running-Time

    Views System view Predefined user roles network-admin mdc-admin Parameters policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters. tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must make sure the file is available on a storage medium of the device.

  • Page 258: User-Role

    Usage guidelines Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered. When the runtime is reached, the system stops executing the policy even if the execution is not finished. This setting prevents an incorrectly defined policy from running permanently to occupy resources. Examples # Set the runtime to 60 seconds for the CLI-defined policy test.
  • Page 259 <Sysname> system-view [Sysname] rtm cli-policy test [Sysname-rtm-test] user-role network-admin [Sysname-rtm-test] user-role admin...

  • Page 260: Process Monitoring And Maintenance Commands

    Process monitoring and maintenance commands The display memory, display process, display process cpu, monitor process and monitor thread commands display information about both user processes and kernel threads. In these commands, "process" refers to both user processes and kernel threads. display exception context Use display exception context to display context information for process exceptions.
  • Page 261 Core file path: flash:/core/node0_routed_120_7_20130409-171430_1365527670.core 0xb7caba4a 0x0804cb79 0xb7cd77c4 0x08049f45 Backtrace stopped. Registers' content eax:0xfffffffc ebx:0x00000003 ecx:0xbfe244ec edx:0x0000000a esp:0xbfe244b8 ebp:0xbfe244c8 esi:0xffffffff edi:0xbfe24674 eip:0xb7caba4a eflag:0x00000292 cs:0x00000073 ss:0x0000007b ds:0x0000007b es:0x0000007b fs:0x00000000 gs:0x00000033 # Display the exception context information on the x86-based 64-bit device. <Sysname> display exception context Index 1 of 1 ------------------------------ Crashed PID: 121 (routed)
  • Page 262 Core file path: flash:/core/node0_routed_133_7_20130410-154749_1365608869.core 0x184720bc 0x10006b4c Backtrace stopped. Registers' content grp00: 0x000000ee 0x7ffd6ad0 0x1800f440 0x00000004 grp04: 0x7ffd6af8 0x0000000a 0xffffffff 0x184720bc grp08: 0x0002d200 0x00000003 0x00000001 0x1847209c grp12: 0x10006b4c 0x10020534 0xd6744100 0x00000000 grp16: 0x00000000 0xa0203ff0 0xa028b12c 0xa028b13c grp20: 0xa028b148 0xa028b168 0xa028b178 0xa028b190 grp24: 0xa028b1a8 0xa028b1b8 0x00000000 0x7ffd6c08 grp28: 0x10006cac 0x7ffd6f92 0x184c1b84 0x7ffd6ae0 nip:0x184720bc...
  • Page 263 nip:0x00000fff803c66b4 lr:0x0000000010009b94 cr:0x0000000058000482 ctr:0x00000fff803c66ac msr:0x000000008002d000 xer:0x0000000000000000 ret:0xfffffffffffffffc dsisr:0x0000000000000000 gr3:0x0000000000000003 softe:0x0000000000000001 trap:0x0000000000000c00 dar:0x00000fff8059d14c # Display the exception context information on the MIPS-based 32-bit device. <Sysname> display exception context Index 1 of 1 ------------------------------ Crashed PID: 182 (routed) Crash signal: SIGBUS Crash time: Sun Jan 2 08:11:38 2013 Core file path: flash:/core/node4_routed_182_10_20130102-081138_1293955898.core...

  • Page 264: Display Exception Filepath

    a6:0xffffffff8021349c a7:0x20696e206368616e t0:0x0000000000000000 t1:0xffffffff80105068 t2:0xffffffff80213890 t3:0x0000000000000008 s0:0x0000005555a99c40 s1:0x000000ffff89af5f s2:0x0000000120007320 s3:0x0000005555a5f470 s4:0x000000ffff899f80 s5:0xffffffff803cc6c0 s6:0xffffffff803cc6a8 s7:0xffffffff803cc690 t8:0x0000000000000002 t9:0x0000005555a3bc98 k0:0x0000000000000000 k1:0x0000000000000000 gp:0x0000000120020460 sp:0x000000ffff899d70 s8:0x000000ffff899d80 ra:0x0000000120006c1c sr:0x000000000400fff3 lo:0xdf3b645a1cac08c9 hi:0x000000000000007f bad:0x000000555589ba84 cause:0x0000000000800020 pc:0x0000005555a3bcb4 Table 58 Command output Filed Description Crashed PID ID of the crashed process. Signals that led to the crash: •...

  • Page 265: Display Kernel Deadloop

    Views Any view Predefined user roles network-admin mdc-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays the core file directory on the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays the core file directory on the global active MPU.
  • Page 266 chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread deadloop information for the global active MPU. (In IRF mode.) cpu cpu-number: Specifies a CPU by its number. Examples # Display brief information about the latest kernel thread deadloop.
  • Page 267 Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ; Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ; Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ; Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;...
  • Page 268 Function Address = 0x8012a4b4 Function Address = 0x8017989c Function Address = 0x80179b30 Function Address = 0x80127438 Function Address = 0x8012d734 Function Address = 0x80100a00 Function Address = 0xe0071004 Function Address = 0x8016ce0c Function Address = 0x801223a0 Instruction dump: 41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80 4bfffe6c 80780290 7f64db78 4804ea35 <807f002c>...

  • Page 269: Display Kernel Deadloop Configuration

    display kernel deadloop configuration Use display kernel deadloop configuration to display kernel thread deadloop detection configuration. Syntax In standalone mode: display kernel deadloop configuration [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel deadloop configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...

  • Page 270: Display Kernel Exception

    display kernel exception Use display kernel exception to display kernel thread exception information. Syntax In standalone mode: display kernel exception show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel exception show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
  • Page 271 # Display detailed information about the latest kernel thread exception. <Sysname> display kernel exception 1 verbose ----------------- Exception record 1 ----------------- Description : Oops[#0] Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Instruction address : 0x4004158c Thread : comsh (TID: 16306) Context : thread context Chassis...
  • Page 272 0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00 0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0...

  • Page 273: Display Kernel Reboot

    display kernel reboot Use display kernel reboot to display kernel thread reboot information. Syntax In standalone mode: display kernel reboot show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel reboot show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
  • Page 274 <Sysname> display kernel reboot 1 verbose ----------------- Reboot record 1 ----------------- Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Reason : 0x31 Thread : comsh (TID: 16306) Context : thread context Chassis Target Chassis Slot Target Slot VCPU ID Kernel module info : module name (system) module address (0xffffffffc0054000) module name (addon) module address (0xffffffffc0002000)
  • Page 275 0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68 0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98 0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00 0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0 0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70...

  • Page 276: Display Kernel Starvation

    Field Description If the active MPU actively rebooted a card, this field displays information about the active MPU. Last five kernel thread switches on the CPU before the kernel thread rebooted, including kernel thread name and kernel thread switching time, with microsecond precision.
  • Page 277 cpu cpu-number: Specifies a CPU by its number. Examples # Display brief information about the latest kernel thread starvation. <Sysname> display kernel starvation 1 ----------------- Starvation record 1 ----------------- Description : INFO: task comsh: 16306 blocked for more than 10 seconds. Recorded at : 2013-05-01 11:16:00.823018...
  • Page 278 Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ; Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ; Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ; Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;...

  • Page 279: Display Kernel Starvation Configuration

    Function Address = 0x80127438 Function Address = 0x8012d734 Function Address = 0x80100a00 Function Address = 0xe0071004 Function Address = 0x8016ce0c Function Address = 0x801223a0 Instruction dump: 41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80 4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c For detailed information about the command output, see Table Related commands...

  • Page 280: Display Process

    Table 62 Command output Field Description Time interval (in seconds) to identify a kernel thread starvation. A Starvation timer (in seconds): n kernel thread starvation occurs if a kernel thread does not run within n seconds. Threads excluded from monitoring Kernel threads excluded from kernel thread starvation detection.
  • Page 281 Examples # Display state information for process scmd. <Sysname> display process name scmd Job ID: 1 PID: 1 Parent JID: 0 Parent PID: 0 Executable path: - Instance: 0 Respawn: OFF Respawn count: 1 Max. spawns per minute: 0 Last started: Wed Jun 1 14:45:46 2013 Process state: sleeping Max.
  • Page 282 Field Description Parameters carried by the process during startup. If the process carries no ARGS parameters, this field displays a hyphen (-). Thread ID. LAST_CPU Number of the CPU on which the process is last scheduled. Stack Stack size. Thread priority. Thread state: •...

  • Page 283: Display Process Cpu

    Field Description %CPU CPU usage in percentage (%). %MEM Memory usage in percentage (%). State of a process: • R—Running. • S—Sleeping. STAT • T—Traced or stopped. • D—Uninterruptible sleep. • Z—Zombie. Priority of a process for scheduling. TTY used by a process. It displays a hyphen (-) for non-default MDCs. HH:MM:SS Running time since the latest start.

  • Page 284: Display Process Log

    0.0% 0.0% 0.0% scmd 0.0% 0.0% 0.0% [kthreadd] 0.1% 0.0% 0.0% [ksoftirqd/0] 0.0% 0.0% 0.0% [watchdog/0] 0.0% 0.0% 0.0% [events/0] 0.0% 0.0% 0.0% [khelper] 0.0% 0.0% 0.0% [kblockd/0] 0.0% 0.0% 0.0% [vzmond] 0.0% 0.0% 0.0% [pdflush] 0.0% 0.0% 0.0% [pdflush] 0.0% 0.0% 0.0%...

  • Page 285: Display Process Memory

    Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays log information for all user processes on the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device.
  • Page 286 display process memory [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display process memory [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory usage for all user processes on the active MPU.

  • Page 287: Display Process Memory Heap

    Field Description Data Data memory used by the user process, in KB. The value for a kernel thread is 0. Stack Stack memory used by the user process, in KB. The value for a kernel thread is 0. Dynamic Dynamic memory used by the user process, in KB. The value for a kernel thread is 0. Name of the user process.

  • Page 288: Display Process Memory Heap Address

    Each memory block has an address represented in hexadecimal format, which can be used to access the memory block. You can view memory block addresses by using the display process memory heap size command, and view memory block contents by using the display process memory heap address command.

  • Page 289: Display Process Memory Heap Size

    display process memory heap job job-id address starting-address length memory-length [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display process memory heap job job-id address starting-address length memory-length [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles...
  • Page 290 Syntax In standalone mode: display process memory heap job job-id size memory-size [ offset offset-size ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display process memory heap job job-id size memory-size [ offset offset-size ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...

  • Page 291: Exception Filepath

    0xb7e30180 0xb7e30190 0xb7e301a0 0xb7e301b0 0xb7e301c0 0xb7e301d0 0xb7e301e0 0xb7e301f0 0xb7e30200 0xb7e30210 0xb7e30220 0xb7e30230 Related commands display process memory heap display process memory heap address exception filepath Use exception filepath to specify the directory for saving core files. Use undo exception filepath to remove the specified directory. Syntax exception filepath directory undo exception filepath directory...

  • Page 292: Monitor Kernel Deadloop Enable

    monitor kernel deadloop enable Use monitor kernel deadloop enable to enable kernel thread deadloop detection. Use undo monitor kernel deadloop enable to disable kernel thread deadloop detection. Syntax In standalone mode: monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ] undo monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ] In IRF mode: monitor kernel deadloop enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]...

  • Page 293: Monitor Kernel Deadloop Exclude-Thread

    monitor kernel deadloop exclude-thread Use monitor kernel deadloop exclude-thread to disable kernel thread deadloop detection for a kernel thread. Use undo monitor kernel deadloop exclude-thread to enable kernel thread deadloop detection for a kernel thread. Syntax In standalone mode: monitor kernel deadloop exclude-thread tid [ slot slot-number [ cpu cpu-number ] ] undo monitor kernel deadloop exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: monitor kernel deadloop exclude-thread tid [ chassis chassis-number slot slot-number [ cpu...

  • Page 294: Monitor Kernel Deadloop Time

    monitor kernel deadloop time monitor kernel deadloop time Use monitor kernel deadloop time to set the interval for identifying a kernel thread deadloop. Use undo monitor kernel deadloop time to restore the default. Syntax In standalone mode: monitor kernel deadloop time interval [ slot slot-number [ cpu cpu-number ] ] undo monitor kernel deadloop time [ slot slot-number [ cpu cpu-number ] ] In IRF mode: monitor kernel deadloop time interval [ chassis chassis-number slot slot-number [ cpu...

  • Page 295: Monitor Kernel Starvation Enable

    monitor kernel deadloop exclude-thread monitor kernel starvation enable Use monitor kernel starvation enable to enable kernel thread starvation detection. Use undo monitor kernel starvation enable to disable kernel thread starvation detection. Syntax In standalone mode: monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ] undo monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ] In IRF mode: monitor kernel starvation enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]...

  • Page 296: Monitor Kernel Starvation Exclude-Thread

    monitor kernel starvation time monitor kernel starvation exclude-thread monitor kernel starvation exclude-thread Use monitor kernel starvation exclude-thread to disable kernel thread starvation detection for a kernel thread. Use undo monitor kernel starvation exclude-thread to enable kernel thread starvation detection for a kernel thread. Syntax In standalone mode: monitor kernel starvation exclude-thread tid [ slot slot-number [ cpu cpu-number ] ]...

  • Page 297: Monitor Kernel Starvation Time

    display kernel starvation configuration monitor kernel starvation time monitor kernel starvation enable monitor kernel starvation time Use monitor kernel starvation time to set the interval for identifying a kernel thread starvation. Use undo monitor kernel starvation time to restore the default. Syntax In standalone mode: monitor kernel starvation time interval [ slot slot-number [ cpu cpu-number ] ]...

  • Page 298: Monitor Process

    display kernel starvation configuration monitor kernel starvation enable monitor kernel starvation exclude-thread monitor process Use monitor process to display process statistics. Syntax In standalone mode: monitor process [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: monitor process [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]...
  • Page 299 Commands Description By default, the average value of all CPU states is displayed. Sorts processes by CPU usage in descending order, which is the default setting. Sets the interval for refreshing process statistics, in the range of 1 to 2147483647 seconds.
  • Page 300 Memory: 496M total, 341M available, page size 4K State HH:MM:SS Name 1047 1047 1420K 00:02:30 37.11% diagd 1092K 00:00:21 11.34% scmd 1000 1000 00:00:09 2.06% [sock/1] 1026 1026 26044K 00:00:05 1.54% syslogd 1027 1027 9280K 00:01:12 1.03% devd 00:00:06 0.51% [ksoftirqd/0] 1009 1009...
  • Page 301 Memory: 496M total, 341M available, page size 4K State HH:MM:SS Name 1047 1047 1420K 00:02:39 14.13% diagd 1092K 00:00:23 3.98% scmd 1027 1027 9280K 00:01:13 1.44% devd 1000 1000 00:00:09 0.36% [sock/1] 1009 1009 00:00:09 0.36% [karp/1] 00:00:06 0.18% [ksoftirqd/0] 1010 1010 00:00:13...
  • Page 302 87 processes; 113 threads; 735 fds Thread states: 1 running, 112 sleeping, 0 stopped, 0 zombie CPU states: 90.66% idle, 0.88% user, 5.77% kernel, 2.66% interrupt Memory: 755M total, 414M available, page size 4K State HH:MM:SS Name 5384K 00:00:01 0.00% dbmd 2464K 00:00:02...

  • Page 303: Monitor Thread

    monitor thread Use monitor thread to display thread statistics. Syntax In standalone mode: monitor thread [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: monitor thread [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
  • Page 304 Commands Description < Moves sort field to the next left column. > Moves sort field to the next right column. Examples # Display thread statistics in dumbtty mode. <Sysname> monitor thread dumbtty 84 processes; 107 threads Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie CPU states: 83.19% idle, 1.68% user, 10.08% kernel, 5.04% interrupt Memory: 755M total, 417M available, page size 4K LAST_CPU...
  • Page 305 Kill a job Refresh the screen Set the maximum number of threads to display Quit the interactive display Sort by run time of threads since last restart < Move sort field to the next left column > Move sort field to the next right column Press any key to continue •...

  • Page 306: Process Core

    Field Description State of a thread: • R—Running. • S—Sleeping. State • T—Traced or stopped. • D—Uninterruptible sleep. • Z—Zombie. HH:MM:SS Running time of a thread since last restart. Longest time that a single thread scheduling occupies the CPU, in milliseconds. CPU usage of a thread.

  • Page 307: Reset Exception Context

    chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the command enables or disables core file generation for a process and sets the maximum number of core files on the global active MPU. (In IRF mode.) cpu cpu-number: Specifies a CPU by its number.

  • Page 308: Reset Kernel Deadloop

    Related commands display exception context reset kernel deadloop Use reset kernel deadloop to clear kernel thread deadloop information. Syntax In standalone mode: reset kernel deadloop [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset kernel deadloop [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles...

  • Page 309: Reset Kernel Reboot

    Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread exception information for the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears kernel thread exception information for the global active MPU.
  • Page 310 reset kernel starvation [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset kernel starvation [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread starvation information for the active MPU.

  • Page 311: Port Mirroring Commands

    Port mirroring commands display mirroring-group Use display mirroring-group to display mirroring group information. Syntax display mirroring-group { group-id | all | local | remote-destination | remote-source } Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters group-id: Specifies a mirroring group by its number in the range of 1 to 4. all: Specifies all mirroring groups.

  • Page 312: Mirroring-Group

    Remote probe VLAN: 1901 Table 73 Command output Field Description Mirroring group Number of the mirroring group. Type of the mirroring group: • Local. Type • Remote source. • Remote destination. Status of the mirroring group: • Active—The mirroring group has taken effect. Status •...

  • Page 313: Mirroring-Group Mirroring-Cpu

    mirroring-group mirroring-cpu Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group. Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group. Syntax In standalone mode: mirroring-group group-id mirroring-cpu slot slot-number-list { both | inbound | outbound } undo mirroring-group group-id mirroring-cpu slot slot-number-list In IRF mode: mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list { both |...

  • Page 314: Mirroring-Group Mirroring-Port (Interface View)

    Examples # (In standalone mode.) Create local mirroring group 1 to monitor the bidirectional traffic of the CPU of the card in slot 1. <Sysname> system-view [Sysname] mirroring-group 1 local [Sysname] mirroring-group 1 mirroring-cpu slot 1 both # (In standalone mode.) Create remote source group 2 to monitor the bidirectional traffic of the CPU of the card in slot 2.

  • Page 315: Mirroring-Group Mirroring-Port (System View)

    Examples # Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] mirroring-group 1 local [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] mirroring-group 1 mirroring-port both # Create remote source group 2 to monitor the bidirectional traffic of GigabitEthernet 1/0/2. <Sysname>...

  • Page 316: Mirroring-Group Monitor-Egress

    Typically, a port can act as a source port for only one mirroring group. On the switch, a port can be a source port for multiple mirroring groups that have different monitor ports. A source port cannot be used as a reflector port, monitor port, or egress port. Examples # Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.

  • Page 317: Mirroring-Group Monitor-Port (Interface View)

    • Spanning tree. • 802.1X. • IGMP snooping. • Static ARP. • MAC address learning. Do not configure a port of an existing mirroring group as an egress port. Examples # Create remote source group 1. Configure GigabitEthernet 1/0/1 as its egress port in system view. <Sysname>...

  • Page 318: Mirroring-Group Monitor-Port (System View)

    Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic. Do not configure a port of an existing mirroring group as a monitor port. Examples # Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port. <Sysname>...

  • Page 319: Mirroring-Group Reflector-Port

    Do not configure a port of an existing mirroring group as a monitor port. Examples # Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port. <Sysname> system-view [Sysname] mirroring-group 1 local [Sysname] mirroring-group 1 monitor-port gigabitethernet 1/0/1 # Create remote destination group 2 and configure GigabitEthernet 1/0/2 as its monitor port.

  • Page 320: Mirroring-Group Remote-Probe Vlan

    You can configure a port as a reflector port only when the port is operating with the default duplex mode, speed, and MDI settings. You cannot change these settings for a reflector port. Examples # Create remote source group 1. Configure GigabitEthernet 1/0/1 as its reflector port in system view. <Sysname>...
  • Page 321 Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group. To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.

  • Page 322: Flow Mirroring Commands

    Flow mirroring commands The flow mirroring commands are available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

  • Page 323: Netstream Configuration Commands

    NetStream configuration commands display ip netstream cache Use display ip netstream cache to display NetStream entry information. Syntax In standalone mode: display ip netstream cache [ slot slot-number ] [ verbose ] In IRF mode: display ip netstream cache [ chassis chassis-number slot slot-number ] [ verbose ] Views Any view Predefined user roles...
  • Page 324 1-32 .249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608 .000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000 Protocol Total Packets Flows Packets Active(sec) Idle(sec) Flows /sec...
  • Page 325 Field Description IP active flow entries Number of active IP flows in the cache. MPLS active flow entries This field is not supported in current release. L2 active flow entries Number of active Layer 2 flows in the cache. IPL2 active flow entries Number of active Layer 2 and Layer 3 flows in the cache.

  • Page 326: Display Ip Netstream Export

    Field Description • The highest 8 bits represent the type field. • The lowest 8 bits represent the code field. The value for the source port is set to 0 and does not indicate any statistics. Layer 2 information of the active flows in the current cache: •...
  • Page 327 IP export information: Flow source interface : Not specified Flow destination VPN instance : Not specified Flow destination IP address (UDP) : 192.168.0.5 (5000) Version 5 exported flows number : 27 Version 5 exported UDP datagrams number (failed): 21 (0) Version 9 exported flows number Version 9 exported UDP datagram number (failed) : 0 (0) L2 export information:...

  • Page 328: Display Ip Netstream Template

    Field Description failed to be sent. display ip netstream template Use display ip netstream template to display NetStream template information. Syntax In standalone mode: display ip netstream template [ slot slot-number ] In IRF mode: display ip netstream template [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles...
  • Page 329 Out bytes First forwarded Last forwarded Protocol Direction L4 source port L4 destination port Sampling algorithm Sampling interval Protocol-port inbound template: Template ID : 3271 Field count : 16 Field type Field length (bytes) --------------------------------------------------------------------------- Flows In packets In bytes First forwarded Last forwarded Protocol...

  • Page 330: Enable

    Field Description In packets Number of received packets. Out bytes Size of sent packets, in bytes. In bytes Size of received packets, in bytes. System time when the first packet was forwarded, accurate First forwarded to milliseconds. System time when the last packet was forwarded, accurate Last forwarded to milliseconds.

  • Page 331: Ip Netstream { Inbound | Outbound } Filter

    Syntax ip netstream { inbound | outbound } undo ip netstream { inbound | outbound } Default NetStream is disabled on an interface. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Parameters inbound: Enables NetStream for incoming traffic.

  • Page 332: Ip Netstream Aggregation

    • If you want to collect data for specific flows, use the ACL permit statements to identify the flows. NetStream collects data only for these flows. • If you do not want to collect data for specific flows, use the ACL deny statements to identify the flows.

  • Page 333: Ip Netstream Aggregation Advanced

    • ToS. • Protocol number. • Source port. • Destination port. • Inbound interface index. • Outbound interface index. protocol-port: Specifies the protocol-port aggregation by protocol number, source port, and destination port. source-prefix: Specifies the source-prefix aggregation by source AS number, source address mask length, source prefix, and inbound interface index.

  • Page 334: Ip Netstream Export Host

    Use undo ip netstream aggregation advanced to restore the default. Syntax ip netstream aggregation advanced undo ip netstream aggregation advanced Default NetStream hardware aggregation is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines The hardware aggregation does not take effect in the following situations: •...

  • Page 335: Ip Netstream Export Rate

    Parameters ip-address: Specifies the destination IP address. udp-port: Specifies the destination UDP port number, in the range of 0 to 65535. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the destination host belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.

  • Page 336: Ip Netstream Export Source

    Predefined user roles network-admin mdc-admin Parameters rate: Specifies the maximum rate of packets to be exported per second. The value range is 1 to 1000. Examples # Allow a maximum of 10 packets to be exported per second. <Sysname> system-view [Sysname] ip netstream export rate 10 ip netstream export source Use ip netstream export source to specify the source interface for data packets sent to NetStream...

  • Page 337: Ip Netstream Export V9-Template Refresh-Rate Packet

    [Sysname-ns-aggregation-dstpre] ip netstream export source interface gigabitethernet 1/0/2 Related commands ip netstream aggregation ip netstream export v9-template refresh-rate packet Use ip netstream export v9-template refresh-rate packet to configure the refresh frequency (in packets) for NetStream version 9 templates. The templates are sent after the specified number of packets are sent.

  • Page 338: Ip Netstream Export Version

    Syntax ip netstream export v9-template refresh-rate time minutes undo ip netstream export v9-template refresh-rate time Default Version 9 templates are sent every 30 minutes. Views System view Predefined user roles network-admin mdc-admin Parameters minutes: Specifies the refresh interval in the range of 1 to 3600 minutes. Usage guidelines A NetStream server uses version 9 templates to parse the data from the NetStream device, but the server does not permanently save version 9 templates.

  • Page 339: Ip Netstream Timeout Active

    Views System view Predefined user roles network-admin mdc-admin Parameters origin-as: Exports statistics of the source AS originating the route for the source address and the destination AS for the destination address. peer-as: Exports statistics of the peer ASs for the source and destination address. bgp-nexthop: Exports statistics of BGP next hops.

  • Page 340: Ip Netstream Timeout Inactive

    Usage guidelines A flow is considered active if packets for the NetStream entry arrive within the range of time set by the aging timer for active flows. Examples # Set the aging timer to 5 minutes for active flows. <Sysname> system-view [Sysname] ip netstream timeout active 5 Related commands ip netstream timeout inactive...
  • Page 341 Views User view Predefined user roles network-admin mdc-admin Usage guidelines It takes several minutes for the system to execute the command. During this period, the system does not collect NetStream data. Examples # Age out and export all NetStream data. <Sysname>...

  • Page 342: Ipv6 Netstream Commands

    IPv6 NetStream commands display ipv6 netstream cache Use display ipv6 netstream cache to display IPv6 NetStream entry information. Syntax In standalone mode: display ipv6 netstream cache [ slot slot-number ] [ verbose ] In IRF mode: display ipv6 netstream cache [ chassis chassis-number slot slot-number ] [ verbose ] Views Any view Predefined user roles...
  • Page 343 .249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608 .000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000 Protocol Total Packets Flows Packets Active(sec) Idle(sec) Flows /sec...
  • Page 344 Field Description this command. Distribution of IPv6 packets by packet size, and the bracketed number is the total number of IPv6 packets. IPv6 packet size distribution The value is displayed in the proportion of the number of IPv6 (1103746packets in total): packets of the specified sizes to the total number of IPv6 packets.

  • Page 345: Display Ipv6 Netstream Export

    Field Description • TCP flag. DstMask: SrcMask: • Destination mask. DstAS: SrcAS: • Source mask. NextHop: • Destination AS. BGPNextHop: • Source AS. OutVRF: InVRF: • Routing next hop. SamplerMode: SamplerInt: • BGP next hop. Active: Bytes/Pkt: • VPN to which the outbound packets belong. •...

  • Page 346: Display Ipv6 Netstream Template

    Field Description Source interface from which the IPv6 NetStream data are Flow source interface exported. VPN to which the destination address of the IPv6 Flow destination VPN instance NetStream data export belongs. Destination IP address and UDP port number of the IPv6 Flow destination IP address (UDP) NetStream data export.
  • Page 347 Created flow templates Protocol-port outbound template: Template ID : 3299 Field count : 16 Field type Field length (bytes) --------------------------------------------------------------------------- Flows Out packets Out bytes First forwarded Last forwarded Protocol IP protocol version Direction L4 source port L4 destination port Sampling algorithm Sampling interval Protocol-port inbound template:...

  • Page 348: Enable

    Table 79 Command output Field Description Refresh frequency at which the templates are sent, in Flow template refresh frequency packets. Refresh interval at which the templates are sent, in Flow template refresh interval minutes. Active flow templates Number of active IPv6 NetStream templates. Created flow templates Number of templates that have been created.

  • Page 349: Ipv6 Netstream

    mdc-admin Examples # Enable IPv6 NetStream destination-prefix aggregation mode. <Sysname> system-view [Sysname] ipv6 netstream aggregation destination-prefix [Sysname-ns6-aggregation-dstpre] enable Related commands ipv6 netstream aggregation ipv6 netstream Use ipv6 netstream to enable IPv6 NetStream on an interface. Use undo ipv6 netstream to disable IPv6 NetStream on an interface. Syntax ipv6 netstream { inbound | outbound } undo ipv6 netstream { inbound | outbound }...

  • Page 350: Ipv6 Netstream Aggregation

    Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Parameters inbound: Filters incoming traffic. outbound: Filters outgoing traffic. acl acl-number: Specifies an ACL by its number. • For a basic or an advanced ACL, the value range is 2000 to 3999. •...

  • Page 351: Ipv6 Netstream Aggregation Advanced

    • Source AS number. • Destination AS number. • Source address mask length. • Destination address mask length. • Source prefix. • Destination prefix. • Input interface index. • Output interface index. protocol-port: Specifies the protocol-port aggregation by protocol number, source port, and destination port.

  • Page 352: Ipv6 Netstream Export Host

    Usage guidelines The IPv6 NetStream hardware aggregation does not take effect in the following situations: • The destination host is configured for the IPv6 NetStream traditional data export in system view. • The aggregation mode set by the ipv6 netstream aggregation command is not supported by the IPv6 NetStream hardware aggregation.

  • Page 353: Ipv6 Netstream Export Rate

    If no destination host is specified in an IPv6 NetStream aggregation mode view, the destination host in system view applies. If destination hosts are specified in an IPv6 NetStream aggregation view and system view, the destination hosts in aggregation view take effect. You can specify a maximum of four destination hosts in system view or in IPv6 NetStream aggregation mode view.

  • Page 354: Ipv6 Netstream Export Source

    Parameters rate: Specifies the maximum rate for exporting IPv6 NetStream data, in the range of 1 to 1000 (maximum number of packets per second). Examples # Allow a maximum of 10 packets to be exported per second. <Sysname> system-view [Sysname] ipv6 netstream export rate 10 ipv6 netstream export source Use ipv6 netstream export source to specify the source interface for data packets sent to NetStream servers.

  • Page 355: Ipv6 Netstream Export V9-Template Refresh-Rate Packet

    ipv6 netstream export v9-template refresh-rate packet Use ipv6 netstream export v9-template refresh-rate packet to configure the refresh frequency (in packets) for IPv6 NetStream version 9 templates. The templates are sent after the specified number of packets are sent. Use undo ipv6 netstream export v9-template refresh-rate packet to restore the default. Syntax ipv6 netstream export v9-template refresh-rate packet packets undo ipv6 netstream export v9-template refresh-rate packet...

  • Page 356: Ipv6 Netstream Export Version 9

    Default Version 9 templates are sent every 30 minutes. Views System view Predefined user roles network-admin mdc-admin Parameters minutes: Specifies the refresh interval in the range of 1 to 3600 minutes. Usage guidelines An IPv6 NetStream server uses version 9 templates to parse the data from the NetStream device, but the server does not permanently save version 9 templates.

  • Page 357: Ipv6 Netstream Timeout Active

    Parameters origin-as: Exports statistics of the source AS originating the route for the source address and the destination AS for the destination address. peer-as: Exports statistics of the peer ASs for the source and destination address. bgp-nexthop: Exports statistics of BGP next hops. Usage guidelines An IPv6 NetStream entry for a flow records the source IPv6 address, destination IPv6 address, and two AS numbers for each address.

  • Page 358: Ipv6 Netstream Timeout Inactive

    ipv6 netstream timeout inactive Use ipv6 netstream timeout inactive to set the aging timer for inactive flows. Use undo ipv6 netstream timeout inactive to restore the default. Syntax ipv6 netstream timeout inactive seconds undo ipv6 netstream timeout inactive Default The aging timer is 300 seconds for inactive flows. Views System view Predefined user roles...
  • Page 359 Examples # Age out and export all IPv6 NetStream data. <Sysname> reset ipv6 netstream statistics This process may take a few minutes. NetStream statistic function is disabled during this process.

  • Page 360: Sflow Commands

    sFlow commands display sflow Use display sflow to display sFlow configuration and operation information. Syntax display sflow Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display sFlow configuration and operation information. <Sysname> display sflow sFlow datagram version: 5 Global information: Agent IP: 10.10.10.1(CLI) Source address: 10.0.0.1 2001::1...

  • Page 361: Sflow Agent

    Field Description Port sFlow collector port. Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow Aging collector never ages out. Size Maximum length of the sFlow data portion in an sFlow packet. VPN-instance Name of the VPN bound with the sFlow collector. Description Description of the sFlow collector.

  • Page 362: Sflow Collector

    Parameters ip ip-address: Specifies an IPv4 address for the sFlow agent. ipv6 ipv6-address: Specifies an IPv6 address for the sFlow agent. Usage guidelines As a best practice, manually configure an IP address for the sFlow agent. Only one IP address can be specified for the sFlow agent on the switch. A newly configured IP address overwrites the existing one.

  • Page 363: Sflow Counter Interval

    Examples # Configure the following parameters for sFlow collector 2: • VPN name—vpn1. • IP address—3.3.3.1. • Port number—Default. • Description—netserver. • Aging timer—1200 seconds. • Maximum length of the sFlow data portion in the sFlow packet—1000 bytes. <Sysname> system-view [Sysname] sflow collector 2 vpn-instance vpn1 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000 sflow counter interval...

  • Page 364: Sflow Flow Collector

    Default No sFlow collector is specified for counter sampling. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Parameters collector-id: Specifies an sFlow collector by its ID in the range of 1 to 10. Examples # Specify sFlow collector 2 on GigabitEthernet 1/0/1 for counter sampling.

  • Page 365: Sflow Sampling-Mode

    Syntax sflow flow max-header length undo sflow flow max-header Default Flow sampling can copy up to 128 bytes of a packet. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Parameters length: Specifies the maximum number of bytes that can be copied, in the range of 18 to 512. As a best practice, use the default.

  • Page 366: Sflow Sampling-Rate

    • The switch might sample multiple packets from the next 4000 packets. • The switch might sample no packets from the third 4000 packets. However, the switch samples one packet from 4000 packets on average. Examples # Specify the random flow sampling mode on GigabitEthernet 1/0/1. <Sysname>...
  • Page 367 Syntax sflow source { ip ip-address | ipv6 ipv6-address } * undo sflow source { ip | ipv6 } * Default The source IP address of sent sFlow packets is determined by routing. Views System view Predefined user roles network-admin mdc-admin Parameters ip ip-address: Specifies the source IPv4 address of sent sFlow packets.

  • Page 368: Information Center Commands

    Information center commands diagnostic-logfile save Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log buffer to the diagnostic log file. Syntax diagnostic-logfile save Views Any view Predefined user roles network-admin mdc-admin Usage guidelines You can specify the directory to save the diagnostic log file with the info-center diagnostic-logfile directory command.

  • Page 369: Display Info-Center

    Examples # Display the diagnostic log file configuration. <Sysname> display diagnostic-logfile summary Diagnostic log file: Enabled. Diagnostic log file size quota: 10 MB Diagnostic log file directory: flash:/diagfile Writing frequency: 24 hour 0 min 0 sec Table 81 Command output Field Description •...

  • Page 370: Display Logbuffer

    Information timestamp format: Loghost: Date Other output destination: Date display logbuffer Use display logbuffer to display the state of the log buffer and the log information in the log buffer. Syntax In standalone mode: display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] * In IRF mode: display logbuffer [ reverse ] [ level severity | size buffersize | chassis chassis-number slot slot-number ] *...
  • Page 371 Corresponding Severity Level Description keyword in value commands Debugging Debugging message. debugging size buffersize: Specifies the number of latest log messages to be displayed, in the range of 1 to 1024. If you do not specify this keyword, the command displays all log information. slot slot-number: Specifies a card by its slot number.

  • Page 372: Display Logbuffer Summary

    Related commands info-center logbuffer reset logbuffer display logbuffer summary Use display logbuffer summary to display the summary of the log buffer. Syntax In standalone mode: display logbuffer summary [ level severity | slot slot-number ] * In IRF mode: display logbuffer summary [ level severity | chassis chassis-number slot slot-number ] * Views Any view Predefined user roles...

  • Page 373: Display Logfile Summary

    Field Description SLOT Slot number of the card. CPU number on the card. EMERG Represents emergency. For more information, see Table ALERT Represents alert. For more information, see Table CRIT Represents critical. For more information, see Table ERROR Represents error. For more information, see Table WARN Represents warning.

  • Page 374: Display Security-Logfile Summary

    display security-logfile summary Use display security-logfile summary to display the summary of the security log file. Syntax display security-logfile summary Views Any view Predefined user roles security-audit Usage guidelines A local user can use this command only after being authorized as the security log administrator by the system administrator through the authorization-attribute user-role security-audit command.

  • Page 375: Info-Center Diagnostic-Logfile Enable

    undo enable log updown Default All interfaces are allowed to generate link up and link down logs. Views Interface view Predefined user roles network-admin mdc-admin Examples # Disable port GigabitEthernet 1/0/1 from generating link up or link down logs. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo enable log updown info-center diagnostic-logfile enable...

  • Page 376: Info-Center Diagnostic-Logfile Quota

    Use undo info-center diagnostic-logfile frequency to restore the default saving interval. Syntax info-center diagnostic-logfile frequency freq-sec undo info-center diagnostic-logfile frequency Default The default saving interval is 86400 seconds. Views System view Predefined user roles network-admin mdc-admin Parameters freq-sec: Specifies the interval (in seconds) at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

  • Page 377: Info-Center Diagnostic-Logfile Directory

    Parameters size: Specifies the maximum size of the diagnostic log file, in the range of 1 to 10 MB. Examples # Set the maximum size of the diagnostic log file to 6 MB. <Sysname> system-view [Sysname] info-center diagnostic-logfile quota 6 info-center diagnostic-logfile directory Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.

  • Page 378: Info-Center Enable

    Syntax info-center logfile overwrite-protection [ all-port-powerdown ] undo info-center logfile overwrite-protection Default Log file overwrite-protection is disabled. Views System view Predefined user roles network-admin mdc-admin Parameters all-port-powerdown: Shuts down all the service ports on the device when the log file is full or the storage media runs out of space.

  • Page 379: Info-Center Format

    info-center format Use info-center format to set the format of logs sent to a log host. Use undo info-center format to restore the default. Syntax info-center format { unicom | cmcc } undo info-center format Default Logs are sent to a log host in standard format. Views System view Predefined user roles...

  • Page 380: Info-Center Logbuffer Size

    Examples # Configure output of log information to the log buffer. <Sysname> system-view [Sysname] info-center logbuffer Related commands display logbuffer info-center enable info-center logbuffer size Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer.

  • Page 381: Info-Center Logfile Frequency

    Syntax info-center logfile enable undo info-center logfile enable Default The log file feature is enabled. Views System view Predefined user roles network-admin mdc-admin Examples # Enable the output of logs to the log file. <Sysname> system-view [Sysname] info-center logfile enable info-center logfile frequency Use info-center logfile frequency to configure the interval for saving logs to the log file.

  • Page 382: Info-Center Logfile Size-Quota

    info-center logfile size-quota Use info-center logfile size-quota to set the maximum size for the log file. Use undo info-center logfile size-quota to restore the default. Syntax info-center logfile size-quota size undo info-center logfile size-quota Default The maximum size of the log file is 10 MB. Views System view Predefined user roles...

  • Page 383: Info-Center Logging Suppress Duplicates

    Usage guidelines The specified directory must have been created. The suffix of a log file is .log. When the default directory has no enough space for storing the file, you can specify a new log file storage directory. The configuration made by this command cannot survive a reboot or an active/standby switchover. (In standalone mode.) The configuration made by this command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric.

  • Page 384: Info-Center Logging Suppress Module

    • If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then outputs the new log, starting another suppression period. Examples Suppose the IP address of Vlan-interface 100 on device A conflicts with that of another device on the network, device A will output the following log information repeatedly: %Jan 1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:...

  • Page 385: Info-Center Loghost

    Views System view Predefined user roles network-admin network-operator Parameters module-name: Specifies a log source module by its name, a case-insensitive string of 1 to 8 characters. To view the list of available log source modules, use the info-center logging suppress module ? command.

  • Page 386: Info-Center Loghost Source

    Default No log host is specified. Views System view Predefined user roles network-admin mdc-admin Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.

  • Page 387: Info-Center Security-Logfile Alarm-Threshold

    Predefined user roles network-admin mdc-admin Parameters interface-type interface-number: Specifies the egress interface for logs. Usage guidelines The system uses the primary IP address of the specified egress interface as the source IP address of log information no matter which physical interface is used to output the logs. The info-center loghost source command takes effect only after the information center is enabled with the info-center enable command.

  • Page 388: Info-Center Security-Logfile Enable

    Examples # Set the alarm threshold for the security log file usage to 90%. <Sysname> system-view [Sysname] info-center security-logfile alarm-threshold 90 Related commands info-center security-logfile size-quota info-center security-logfile enable Use info-center security-logfile enable to enable saving of security logs to the security log file. Use undo info-center security-logfile enable to restore the default.

  • Page 389: Info-Center Security-Logfile Size-Quota

    Predefined user roles network-admin mdc-admin Parameters freq-sec: Specifies a saving interval in the range of 10 to 86400 seconds. The default saving interval is 86400 seconds Usage guidelines The system first outputs the security logs to the security log file buffer, and then saves the logs in the buffer to the security log file at the specified interval.

  • Page 390: Info-Center Security-Logfile Directory

    info-center security-logfile directory Use info-center security-logfile directory to configure the directory where the security log file is saved. Syntax info-center security-logfile directory dir-name Default The security log file is saved in the seclog directory under the root directory of the storage device. Views System view Predefined user roles...
  • Page 391 Source Common Diagnostic Destination Security log Hidden log modules modules Monitor All supported debugging Disabled Disabled Disabled terminal modules All supported Log host informational Disabled Disabled informational modules All supported Log buffer informational Disabled Disabled informational modules All supported Log file informational Disabled Disabled...

  • Page 392: Info-Center Synchronous

    After you set an output rule for a module, you must use the module-name argument to modify or remove the rule. A new output rule configured by using the default keyword does not take effect on the module. Examples # Output only VLAN module's information with a minimum severity level of emergency to the console.

  • Page 393: Info-Center Syslog Min-Age

    Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command. # Enable synchronous information output, and then save the current configuration (enter interactive information). <Sysname> system-view [Sysname] info-center synchronous Info-center synchronous output is on [Sysname] save The current configuration will be written to the device.

  • Page 394: Info-Center Timestamp

    info-center timestamp Use info-center timestamp to configure the timestamp format for logs sent to console, monitor, log buffer, and log file. Use undo info-center timestamp to restore the default. Syntax info-center timestamp { boot | date | none } undo info-center timestamp Default The timestamp format for logs sent to console, monitor terminal, log buffer, and log file is date.

  • Page 395: Info-Center Trace-Logfile Quota

    Default The timestamp format for logs sent to a log host is date. Views System view Predefined user roles network-admin mdc-admin Parameters date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time. iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.

  • Page 396: Logfile Save

    logfile save Use logfile save to manually save logs in the log file buffer to the log file. Syntax logfile save Views Any view Predefined user roles 2: System level Usage guidelines You can specify the directory to save the log file with the info-center logfile directory command. The system clears the log file buffer after saving logs from the buffer to the log file automatically or manually.

  • Page 397: Terminal Debugging

    Syntax security-logfile save Views Any view Predefined user roles security-audit Usage guidelines The system clears the security log file buffer after saving security logs to the security log file automatically or manually. A local user can use this command only after being authorized as the security log administrator by the system administrator.

  • Page 398: Terminal Logging Level

    Enable the information center (enabled by default). Use a debugging command to enable the related debugging. This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored. You can also enable the display of debug information on the current terminal by executing the terminal logging level 7 command.

  • Page 399: Terminal Monitor

    This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the display of logs on the terminal restores the default. Examples # Set the lowest level of the logs that can be output on the monitor terminal to 7 (Debugging). <Sysname>...

  • Page 400: Gold Commands

    GOLD commands diagnostic event-log size Use diagnostic event-log size to configure the maximum number of GOLD log entries. Use undo diagnostic event-log size to restore the default. Syntax diagnostic event-log size number undo diagnostic event-log size Default GOLD can save up to 512 log entries. Views System view Predefined user roles...

  • Page 401: Diagnostic Monitor Interval

    Default The default enabling status varies by monitoring diagnostic test. To view the status of diagnostic tests, use the display diagnostic content command. Views System view Predefined user roles network-admin Parameters slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number.
  • Page 402 In IRF mode: diagnostic monitor interval chassis chassis-number slot slot-number-list [ test test-name ] time time undo diagnostic monitor interval chassis chassis-number slot slot-number-list [ test test-name ] Default The default execution interval varies by monitoring diagnostic test. To view the execution interval of diagnostic tests, use the display diagnostic content command.

  • Page 403: Diagnostic Ondemand Failure

    diagnostic ondemand failure Use diagnostic ondemand failure to set the maximum number of failed on-demand diagnostic tests. Use undo diagnostic ondemand failure to restore the default. Syntax diagnostic ondemand failure failure-number undo diagnostic ondemand failure Default The maximum number of failed on-demand diagnostic tests is not specified. Views User view Predefined user roles...

  • Page 404: Diagnostic Ondemand Start

    undo diagnostic ondemand repeating Default The default number of executions is 1. Views User view Predefined user roles network-admin Parameters repeating-number: Specifies the number of executions for on-demand diagnostic tests, in the range of 1 to 999. Usage guidelines Use this command to configure the number of executions for diagnostic tests to be enabled. This command does not survive a device reboot.

  • Page 405: Diagnostic Ondemand Stop

    chassis chassis-number slot slot-number-list: Specifies cards on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number-list argument specifies a space-separated list of up to seven slot number items. An item specifies a card by its slot number, a range of cards in the form of start-slot-number to end-slot-number, by its virtual slot number.

  • Page 406: Diagnostic Simulation

    end-slot-number, by its virtual slot number. The end slot number must be equal to or greater than the start slot number. (In IRF mode.) test-name: Specifies a test by its name, a case-insensitive string of 1 to 31 characters. non-disruptive: Executes all non-disruptive diagnostic tests. Usage guidelines You can configure the number of executions and the maximum number of failed tests for on-demand diagnostic tests at the CLI.

  • Page 407: Display Diagnostic Content

    end-slot-number, by its virtual slot number. The end slot number must be equal to or greater than the start slot number. (In IRF mode.) test-name: Specifies a test by its name, a case-insensitive string of 1 to 31 characters. failure: Configures the system to generate failure results. random-failure: Configures the system to randomly generate results.
  • Page 408 Examples # (In standalone mode.) Display brief information about all diagnostic tests on card 1. <Sysname> display diagnostic content slot 1 Diagnostic test suite attributes: #B/*: Bootup test/NA #O/*: Ondemand test/NA #M/*: Monitoring test/NA #D/*: Disruptive test/Non-disruptive test #P/*: Per port test/NA #A/I/*: Monitoring test is active/Monitoring test is inactive/NA Slot 1 : Name...

  • Page 409: Display Diagnostic Event-Log

    # (In IRF mode.) Display detailed information about all diagnostic tests on card 1 of IRF member device 1. <Sysname> display diagnostic content chassis 1 slot 1 verbose Diagnostic test suite attributes: #B/*: Bootup test/NA #O/*: Ondemand test/NA #M/*: Monitoring test/NA #D/*: Disruptive test/Non-disruptive test #P/*: Per port test/NA #A/I/*: Monitoring test is active/Monitoring test is inactive/NA...

  • Page 410: Display Diagnostic Ondemand Configuration

    Syntax display diagnostic event-log [ error | info ] Views Any view Predefined user roles network-admin network-operator Parameters error: Displays all error log entries. info: Displays all log entries except error log entries. Usage guidelines If you do not specify the error and info keywords, the command displays all GOLD log entries. The system records information about test execution in the form of logs.

  • Page 411: Display Diagnostic Result

    Examples # Display the number of executions and the number of failed tests configured for on-demand diagnostic tests. <Sysname> display diagnostic ondemand configuration Maximum test-repeating times: 4 Maximum test-failure times: 1 # Display the number of executions configured for on-demand diagnostic tests. <Sysname>...

  • Page 412: Display Diagnostic Result Statistics

    Slot 1 : Name Run count Failure count Last result HGMonitor Failure # (In IRF mode.) Display brief test results for all diagnostic tests on card 1 of IRF member device 1. <Sysname> display diagnostic result chassis 1 slot 1 Chassis 1 slot 1 : Name Run count...
  • Page 413 Syntax In standalone mode: display diagnostic result [ slot slot-number [ test test-name ] ] statistics In IRF mode: display diagnostic result [ chassis chassis-number [ slot slot-number [ test test-name ] ] ] statistics Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 414: Display Diagnostic Simulation

    Table 90 Command output Field Description Test name Name of the test. Port Port number. Packets sent Number of packets that the device sends. Packets received Number of packets that the device receives. Packets lost Number of lost packets. display diagnostic simulation Use display diagnostic simulation to display configurations for simulated diagnostic tests.

  • Page 415: Reset Diagnostic Event-Log

    # (In IRF mode.) Display configurations for all simulated diagnostic tests on card 1 of IRF member device 1. <Sysname> display diagnostic simulation chassis 1 slot 1 Chassis 1 slot 1 : Name Mode HGMonitor failure Related commands diagnostic simulation reset diagnostic event-log Use reset diagnostic event-log to clear GOLD logs.
  • Page 416 virtual chassis, the command applies to all member devices. If you do not specify a card, the command applies to all cards of the specified member device. (In IRF mode.) test test-name: Specifies a test by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this option, the command applies to all diagnostic tests on the specified card.

  • Page 417: Packet Capture Commands

    Packet capture commands packet-capture Use packet-capture to capture incoming packets on an interface. Syntax Save captured packets to a file: packet-capture interface interface-type interface-number [ capture-filter capt-expression | limit-captured-frames limit | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds | autostop files numbers | capture-ring-buffer filesize kilobytes | capture-ring-buffer duration seconds | capture-ring-buffer files numbers ] * write filepath [ raw | { brief | verbose } ] * Filter packet data to display:...
  • Page 418 capture-ring-buffer filesize kilobytes: Rotates the packet file when the maximum file size is reached. The kilobytes argument sets the maximum file size. The value range is 1 to 65536 kilobytes. capture-ring-buffer duration seconds: Rotates the packet file when the rotation interval expires. The seconds argument sets the rotation interval.

  • Page 419: Packet-Capture Read

    Purpose Options Remarks capture-ring-buffer duration filesize option, the capture rotates the seconds file based on the file size specified for • the autostop filesize option. Rotate based on the file size specified for the autostop filesize kilobytes option: autostop files numbers autostop filesize kilobytes autostop filesize kilobytes capture-ring-buffer files numbers...
  • Page 420 Related commands packet-capture...

  • Page 421: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 422: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 423: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 424: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 425 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 426: Index

    Index A C D E F H I L M N O P R S T U V W X display ipv6 netstream cache,333 display ipv6 netstream export,336 action cli,230 display ipv6 netstream template,337 action reboot,231 display kernel deadloop,256 action switchover,232 display kernel deadloop configuration,260...
  • Page 427 display rtm environment,234 info-center enable,369 display rtm policy,235 info-center format,370 display security-logfile summary,365 info-center logbuffer,370 display sflow,351 info-center logbuffer size,371 display snmp-agent community,156 info-center logfile directory,373 display snmp-agent context,157 info-center logfile enable,371 display snmp-agent group,158 info-center logfile frequency,372 display snmp-agent local-engineid,159 info-center logfile overwrite-protection,368...
  • Page 428 ipv6 netstream timeout active,348 ntp-service dscp,101 ipv6 netstream timeout inactive,349 ntp-service enable,102 ntp-service inbound enable,102 ntp-service ipv6 acl,103 logfile save,387 ntp-service ipv6 dscp,104 lsr-path,41 ntp-service ipv6 inbound enable,105 ntp-service ipv6 multicast-client,105 ntp-service ipv6 multicast-server,106 max-failure,42 ntp-service ipv6 source,107 mirroring-group,303 ntp-service ipv6 unicast-peer,108 mirroring-group mirroring-cpu,304...
  • Page 429 probe timeout,54 sflow sampling-rate,357 process core,297 sflow source,357 snmp-agent,175 snmp-agent { inform | trap } source,187 raw-request,55 snmp-agent calculate-password,175 reaction checked-element { jitter-ds | jitter-sd },55 snmp-agent community,176 reaction checked-element { owd-ds | owd-sd },57 snmp-agent community-map,179 reaction checked-element icpif,58 snmp-agent context,179 reaction checked-element...
  • Page 430 url,78 Websites,415 username,79 user-role,249 xml,227 version,80 vpn-instance,81...

Table of Contents