HPE FlexFabric 5950 Series Command Reference Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexFabric 5950 Series
  6. Command reference manual

HPE FlexFabric 5950 Series Command Reference Manual

Hide thumbs Also See for FlexFabric 5950 Series:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Installation Manual
HPE FlexFabric 5950 Switch Series
Layer 3—IP Services Command Reference
Part number: 5200-0824
Software version: Release 6106 and later
Document version: 6W100-20160513

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexFabric 5950 Series and is the answer not in the manual?

Questions and answers

Related Manuals for HPE FlexFabric 5950 Series

Summary of Contents for HPE FlexFabric 5950 Series

  • Page 1 HPE FlexFabric 5950 Switch Series Layer 3—IP Services Command Reference Part number: 5200-0824 Software version: Release 6106 and later Document version: 6W100-20160513...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents ARP commands ······························································································ 1     arp check enable ········································································································································ 1   arp check log enable ·································································································································· 1   arp max-learning-num ································································································································ 2   arp max-learning-number ··························································································································· 3   arp mode uni ·············································································································································· 4   arp multiport ··············································································································································· 4  ...
  • Page 4   dhcp apply-policy ····································································································································· 39   dhcp class ················································································································································ 39   dhcp option-group ···································································································································· 40   dhcp policy ··············································································································································· 41   dhcp server always-broadcast ················································································································· 42   dhcp server apply ip-pool ························································································································· 42   dhcp server bootp ignore ························································································································· 43  ...
  • Page 5   dhcp relay server-address algorithm ········································································································ 90   dhcp-server timeout ································································································································· 91   dhcp smart-relay enable ··························································································································· 91   display dhcp relay check mac-address ···································································································· 92   display dhcp relay client-information ········································································································ 92   display dhcp relay information ·················································································································· 94  ...
  • Page 6   ipv6 dns server ······································································································································· 136   ipv6 dns spoofing ··································································································································· 137   ipv6 host ················································································································································· 138   reset dns host ········································································································································· 138 DDNS commands ······················································································· 140     ddns apply policy ···································································································································· 140   ddns dscp ··············································································································································· 140   ddns policy ·············································································································································...
  • Page 7   ip mtu ····················································································································································· 185   ip reassemble local enable ····················································································································· 186   ip redirects enable ·································································································································· 187   ip ttl-expires enable ································································································································ 187   ip unreachables enable ·························································································································· 188   reset ip statistics ····································································································································· 189   reset tcp statistics ··································································································································· 190  ...
  • Page 8   ipv6 nd ra interval ··································································································································· 240   ipv6 nd ra no-advlinkmtu ························································································································ 240   ipv6 nd ra prefix ······································································································································ 241   ipv6 nd ra prefix default ·························································································································· 242   ipv6 nd ra router-lifetime ························································································································ 243   ipv6 nd router-preference ······················································································································· 244  ...
  • Page 9   option ····················································································································································· 294   option-group ··········································································································································· 295   prefix-pool ·············································································································································· 295   reset ipv6 dhcp server conflict ················································································································ 296   reset ipv6 dhcp server expired ··············································································································· 297   reset ipv6 dhcp server ip-in-use ············································································································· 297   reset ipv6 dhcp server pd-in-use ············································································································ 298  ...
  • Page 10   source ···················································································································································· 338   tunnel dfbit enable ·································································································································· 339   tunnel discard ipv4-compatible-packet ··································································································· 340   tunnel tos ················································································································································ 340   tunnel ttl ·················································································································································· 341 GRE commands ·························································································· 343     keepalive ················································································································································ 343 Document conventions and icons ······························································· 344  ...

  • Page 11: Arp Commands

    ARP commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Predefined user roles...

  • Page 12: Arp Max-Learning-Num

    Usage guidelines This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The device can log the following ARP events: • On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the following IP addresses: The IP address of the receiving interface.

  • Page 13: Arp Max-Learning-Number

    Usage guidelines An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When the maximum number is reached, the interface stops learning ARP entries. When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries.

  • Page 14: Arp Mode Uni

    Usage guidelines A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn. When the maximum number is reached, the device stops learning ARP entries. When the number argument is set to 0, the device is disabled from learning dynamic ARP entries.

  • Page 15: Arp Static

    Default No multiport ARP entries exist. Views System view Predefined user roles network-admin Parameters ip-address: Specifies an IP address for the multiport ARP entry. mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H. vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094. The specified VLAN must already exist.
  • Page 16 Predefined user roles network-admin Parameters ip-address: Specifies an IP address for the static ARP entry. mac-address: Specifies a MAC address for the static ARP entry, in the format of H-H-H. vlan-id: Specifies the ID of a VLAN to which the static ARP entry belongs. The value range is 1 to 4094.

  • Page 17: Arp Timer Aging

    # Configure a long static ARP entry that contains IP address 1.1.1.1, MAC address 00e0-fc01-0000, input interface VSI-interface 1, output interface Tunnel 1, and the VSI a. <Sysname> system-view [Sysname] arp static 1.1.1.1 00e0-fc01-0000 vsi-interface 1 tunnel 1 vsi a Related commands display arp reset arp...
  • Page 18 Views Any view Predefined user roles network-admin network-operator Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. multiport: Displays multiport ARP entries. static: Displays static ARP entries. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ARP entries for the master device.
  • Page 19 VSI Interface : N/A IP Address : 1.1.1.3 VID : 12 Aging : 15 MAC Address : 0013-1234-0001 Type: D Nickname: 0x0000 Interface/Link ID: Tunnel1 VPN Instance : [No Vrf] VSI Name : vpna VSI Interface : Vsi1 IP Address : 1.1.1.4 VID : 12 Aging...

  • Page 20: Display Arp Ip-Address

    Field Description Name of VPN instance. If no VPN instance is configured for the ARP entry, this VPN Instance field displays [No Vrf]. Name of the VSI to which the ARP entry belongs. If the ARP entry does not VSI Name belong to any VSI, this field displays N/A.

  • Page 21: Display Arp Entry-Limit

    display arp entry-limit Use display arp entry-limit to display the maximum number of ARP entries that a device supports. Syntax display arp entry-limit Views Any view Predefined user roles network-admin network-operator Examples # Display the maximum number of ARP entries that the device supports. <Sysname>...

  • Page 22: Reset Arp

    network-operator Parameters vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance name cannot contain any spaces. count: Displays the number of ARP entries. Usage guidelines This command displays information about ARP entries for a VPN instance, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.
  • Page 23 display arp...

  • Page 24: Gratuitous Arp Commands

    Gratuitous ARP commands arp ip-conflict log prompt Use arp ip-conflict log prompt to enable IP conflict notification. Use undo arp ip-conflict log prompt to restore the default. Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default IP conflict notification is disabled. Views System view Predefined user roles...

  • Page 25: Gratuitous-Arp-Learning Enable

    Virtual switch interface view VLAN interface view Predefined user roles network-admin Parameters interval interval: Specifies the sending interval in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This feature takes effect on an interface only when the interface has an IP address and the data link layer state of the interface is up.

  • Page 26: Gratuitous-Arp-Sending Enable

    When this feature is disabled, the device uses received gratuitous ARP packets to update existing ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which saves ARP table space. Examples # Enable learning of gratuitous ARP packets. <Sysname>...

  • Page 27: Proxy Arp Commands

    Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the local proxy ARP status for all interfaces.

  • Page 28: Local-Proxy-Arp Enable

    Examples # Display the proxy ARP status on VLAN-interface 2. <Sysname> display proxy-arp interface vlan-interface 2 Interface Vlan-interface2 Proxy ARP status: disabled Related commands proxy-arp enable local-proxy-arp enable Use local-proxy-arp enable to enable local proxy ARP. Use undo local-proxy-arp enable to disable local proxy ARP. Syntax local-proxy-arp enable [ ip-range start-ip-address to end-ip-address ] undo local-proxy-arp enable...

  • Page 29: Proxy-Arp Enable

    # Enable local proxy ARP on VLAN-interface 2 for an IP address range. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.20 Related commands display local-proxy-arp proxy-arp enable Use proxy-arp enable to enable proxy ARP. Use undo proxy-arp enable to disable proxy ARP. Syntax proxy-arp enable undo proxy-arp enable...

  • Page 30: Arp Snooping Commands

    ARP snooping commands arp snooping enable Use arp snooping enable to enable ARP snooping. Use undo arp snooping enable to disable ARP snooping. Syntax arp snooping enable undo arp snooping enable Default ARP snooping is disabled. Views VLAN view Predefined user roles network-admin Examples # Enable ARP snooping for VLAN 2.

  • Page 31: Reset Arp Snooping

    Examples # Display ARP snooping entries for VLAN 2. <Sysname> display arp snooping vlan 2 IP Address MAC Address VLAN ID Interface Aging Status 3.3.3.3 0003-0003-0003 2 HGE1/0/1 Valid 3.3.3.4 0004-0004-0004 2 HGE1/0/2 Invalid # Display the number of the ARP snooping entries. <Sysname>...
  • Page 32 <Sysname> reset arp snooping vlan 2 Related commands display arp snooping...

  • Page 33: Arp Fast-Reply Commands

    ARP fast-reply commands arp fast-reply enable Use arp fast-reply enable to enable ARP fast-reply for a VLAN. Use undo arp fast-reply enable to disable ARP fast-reply for a VLAN. Syntax arp fast-reply enable undo arp fast-reply enable Default ARP fast-reply is disabled on a VLAN. Views VLAN view Predefined user roles...

  • Page 34: Ip Addressing Commands

    IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays IP configuration and statistics for all Layer 3 interfaces except VA interfaces.
  • Page 35 IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 3 Command output Field Description Physical link state of the interface: • Administrative DOWN—The interface has been shut down by using the shutdown command. current state •...

  • Page 36: Display Ip Interface Brief

    Field Description • Time exceeded packets. Time exceed: • IP header bad packets. IP header bad: • Timestamp request packets. Timestamp request: • Timestamp reply packets. Timestamp reply: • Information request packets. Information request: • Information reply packets. Information reply: •...

  • Page 37: Ip Address

    <Sysname> display ip interface vlan-interface brief description *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description Vlan10 down down 6.6.6.1 Link to CoreRouter Vlan2 down down 7.7.7.1 Table 4 Command output Field Description *down: administratively The interface is administratively shut down by using the shutdown command. down Spoofing attribute of the interface.

  • Page 38: Ip Address Unnumbered

    Predefined user roles network-admin Parameters ip-address: Specifies the IP address of the interface, in dotted decimal notation. mask-length: Specifies the subnet mask length in the range of 1 to 31. For a loopback interface, the value range is 1 to 32. mask: Specifies the subnet mask in dotted decimal notation.
  • Page 39 Use undo ip address unnumbered to restore the default. Syntax ip address unnumbered interface interface-type interface-number undo ip address unnumbered Default The interface does not borrow IP addresses from other interfaces. Views Interface view Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an interface from which the current interface can borrow an IP address.

  • Page 40: Dhcp Commands

    DHCP commands Common DHCP commands dhcp client-detect Use dhcp client-detect to enable client offline detection on the DHCP server or DHCP relay agent. Use undo dhcp client-detect to disable client offline detection on the DHCP server or DHCP relay agent. Syntax dhcp client-detect undo dhcp client-detect...

  • Page 41: Dhcp Enable

    Predefined user roles network-admin Parameters dscp-value: Specifies the DSCP value for DHCP packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCP packets sent by the DHCP server or the DHCP relay agent.

  • Page 42: Dhcp Select

    Default DHCP server logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCP server to generate DHCP logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

  • Page 43: Dhcp Server Commands

    • When receiving DHCP requests from DHCP clients, the proxy forwards them to the DHCP server. • When receiving DHCP responses from the DHCP server, the proxy modifies the DHCP server's IP address in these responses as its own IP address. Examples # Enable the DHCP relay agent on VLAN-interface 2.

  • Page 44: Bims-Server

    Examples # Specify an address range of 192.168.8.1 through 192.168.8.150 in address pool 1. <Sysname> system-view [Sysname] dhcp server ip-pool 1 [Sysname-dhcp-pool-1] address range 192.168.8.1 192.168.8.150 Related commands class dhcp class display dhcp server pool network bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool.

  • Page 45: Bootfile-Name

    Related commands display dhcp server pool bootfile-name Use bootfile-name to specify a configuration file name or URL. Use undo bootfile-name to restore the default. Syntax bootfile-name { bootfile-name | url } undo bootfile-name Default No configuration file name or URL is specified. Views DHCP address pool view Predefined user roles...

  • Page 46: Class Option-Group

    Use undo class ip-pool to remove the DHCP address pool specified for a DHCP user class. Syntax class class-name ip-pool pool-name undo class class-name ip-pool Default No DHCP address pool is specified for a DHCP user class. Views DHCP policy view Predefined user roles network-admin Parameters...

  • Page 47: Class Range

    Parameters class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters. option-group-number: Specifies a DHCP option group by its number in the range of 1 to 32768. Usage guidelines When receiving a DHCP-DISCOVER message, the server compares the client against the user classes in the order that they are specified by this command.

  • Page 48: Default Ip-Pool

    Usage guidelines The class range command allows you to divide an address range into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary subnet specified by the network command. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command.

  • Page 49: Dhcp Apply-Policy

    Examples # Specify DHCP address pool pool1 as the default DHCP address pool in DHCP policy 1. <Sysname> system-view [Sysname] dhcp policy 1 [Sysname-dhcp-policy-1] default ip-pool pool1 Related commands class ip-pool dhcp policy dhcp apply-policy Use dhcp apply-policy to apply a DHCP policy to an interface. Use undo dhcp apply-policy to restore the default.

  • Page 50: Dhcp Option-Group

    undo dhcp class class-name Default No DHCP user classes exist. Views System view Predefined user roles network-admin Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. Usage guidelines In the DHCP user class view, you can use the if-match command to configure match rules to group clients to the user class.

  • Page 51: Dhcp Policy

    Parameters option-group-number: Assigns a number to the DHCP option group, in the range of 1 to 32768. Examples # Create DHCP option group 1 and enter DHCP option group view. <Sysname> system-view [Sysname] dhcp option-group 1 [Sysname-dhcp-option-group-1] Related commands class option-group option dhcp policy Use dhcp policy to create a DHCP policy and enter its view, or enter the view of an existing DHCP...

  • Page 52: Dhcp Server Always-Broadcast

    dhcp server always-broadcast Use dhcp server always-broadcast to enable the DHCP server to broadcast all responses. Use undo dhcp server always-broadcast to restore the default. Syntax dhcp server always-broadcast undo dhcp server always-broadcast Default The DHCP server reads the broadcast flag in a DHCP request to decide whether to broadcast or unicast the response.

  • Page 53: Dhcp Server Bootp Ignore

    Parameters pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63 characters. Usage guidelines Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for the client from all address pools. If no static binding is found, the server assigns configuration parameters from the address pool applied on the interface to the client.

  • Page 54: Dhcp Server Database Filename

    Syntax dhcp server bootp reply-rfc-1048 undo dhcp server bootp reply-rfc-1048 Default This feature is disabled. The DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses. Views System view Predefined user roles network-admin Usage guidelines Not all BOOTP clients can send requests compliant with RFC 1048.

  • Page 55: Dhcp Server Database Update Interval

    cipher: Specifies a password in encrypted form. simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.

  • Page 56: Dhcp Server Database Update Now

    Syntax dhcp server database update interval interval undo dhcp server database update interval Default The DHCP server waits 300 seconds to update the backup file after a DHCP binding change. If no DHCP binding changes, the backup file is not updated. Views System view Predefined user roles...

  • Page 57: Dhcp Server Database Update Stop

    Examples # Manually save the DHCP bindings to the backup file. <Sysname> system-view [Sysname] dhcp server database update now Related commands dhcp server database filename dhcp server database update interval dhcp server database update stop dhcp server database update stop Use dhcp server database update stop to terminate the download of DHCP bindings from the backup file.

  • Page 58: Dhcp Server Ip-Pool

    Default No IP addresses are excluded from dynamic allocation globally. Views System view Predefined user roles network-admin Parameters start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If you do not specify this argument, only the start-ip-address is excluded from dynamic allocation. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

  • Page 59: Dhcp Server Ping Packets

    Predefined user roles network-admin Parameters pool-name: Specifies a DHCP address pool name, a case-insensitive string of 1 to 63 characters. The pool name uniquely identifies an address pool. Usage guidelines A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients. Examples # Create a DHCP address pool named pool1.

  • Page 60: Dhcp Server Ping Timeout

    Related commands dhcp server ping timeout display dhcp server conflict reset dhcp server conflict dhcp server ping timeout Use dhcp server ping timeout to set the ping response timeout time on the DHCP server. Use undo dhcp server ping timeout to restore the default. Syntax dhcp server ping timeout milliseconds undo dhcp server ping timeout...

  • Page 61: Display Dhcp Server Conflict

    undo dhcp server relay information enable Default The DHCP server handles Option 82. Views System view Predefined user roles network-admin Usage guidelines Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82. Examples # Configure the DHCP server to ignore Option 82.

  • Page 62: Display Dhcp Server Database

    4.4.4.1 Apr 25 16:57:20 2007 4.4.4.2 Apr 25 17:00:10 2007 Table 5 Command output Field Description IP address Conflicted IP address. Detect time Time when the conflict was discovered. Related commands reset dhcp server conflict display dhcp server database Use display dhcp server database to display information about DHCP binding auto backup. Syntax display dhcp server database Views...

  • Page 63: Display Dhcp Server Expired

    display dhcp server expired Use display dhcp server expired to display the lease expiration information. Syntax display dhcp server expired [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip ip-address: Displays lease expiration information about the specified IP address.
  • Page 64 Syntax display dhcp server free-ip [ pool pool-name | vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays all assignable IP addresses for all address pools.

  • Page 65: Display Dhcp Server Ip-In-Use

    display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about assigned IP addresses. Syntax display dhcp server ip-in-use [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 66: Display Dhcp Server Pool

    Field Description to the specific client. • Unlimited—Infinite lease expiration time. • After 2100—The lease will expire after 2100. Binding types: • Static(F)—A free static binding whose IP address has not been assigned. • Static(O)—An offered static binding whose IP address has been selected and sent by the DHCP server in a DHCP-OFFER packet to the client.
  • Page 67 option 2 ip-address 1.1.1.1 expired 1 2 3 0 Pool name: 1 Network 20.1.1.0 mask 255.255.255.0 secondary networks: 20.1.2.0 mask 255.255.255.0 20.1.3.0 mask 255.255.255.0 bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU= forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37 forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24 gateway-list 1.1.1.1 2.2.2.2 4.4.4.4 nbns-list 5.5.5.5 6.6.6.6 7.7.7.7 netbios-type m-node...

  • Page 68: Display Dhcp Server Statistics

    Field Description static bindings Static IP-to-MAC/client ID bindings. option Customized DHCP option. Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3 expired minutes 4 seconds. bootfile-name Boot file name dns-list DNS server IP address. domain-name Domain name suffix.
  • Page 69 <Sysname> display dhcp server statistics Pool number: Pool utilization: 0.39% Bindings: Automatic: Manual: Expired: Conflict: Messages received: DHCPDISCOVER: DHCPREQUEST: DHCPDECLINE: DHCPRELEASE: DHCPINFORM: BOOTPREQUEST: Messages sent: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: Bad Messages: Table 11 Command output Field Description Total number of address pools. This field is not displayed when you Pool number display statistics for a specific address pool.

  • Page 70: Dns-List

    Field Description • DHCPNAK. • BOOTPREPLY. This field is not displayed if statistics about a specific address pool are displayed. Number of bad messages. This field is not displayed if you display Bad Messages statistics for a specific address pool. Related commands reset dhcp server statistics dns-list...

  • Page 71: Expired

    Syntax domain-name domain-name undo domain-name Default No domain name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify domain name company.com in DHCP address pool 0.

  • Page 72: Forbidden-Ip

    Usage guidelines The DHCP server assigns an IP address together with the lease duration to the DHCP client. Before the lease expires, the DHCP client must extend the lease duration. • If the lease extension operation succeeds, the DHCP client can continue to use the IP address. •...

  • Page 73: Gateway-List

    [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] forbidden-ip 192.168.1.3 192.168.1.10 Related commands dhcp server forbidden-ip display dhcp server pool gateway-list Use gateway-list to specify gateway addresses in a DHCP address pool or a DHCP secondary subnet. Use undo gateway-list to remove the specified gateway addresses from a DHCP address pool or a DHCP secondary subnet.

  • Page 74: If-Match

    if-match Use if-match to configure a match rule for a DHCP user class. Use undo if-match to delete a match rule for a DHCP user class. Syntax if-match rule rule-number { hardware-address hardware-address mask hardware-address-mask | option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-address } undo if-match rule rule-number Default...
  • Page 75 Usage guidelines If a DHCP request sent by a DHCP client matches a rule in a DHCP user class, the DHCP client matches the user class. You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified by a rule ID within its type (hardware address, option, or relay agent address).

  • Page 76: Ip-In-Use Threshold

    <Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 4 option 82 hex 13ae92 offset 0 length 3 # Configure match rule 5 for DHCP user class exam. The rule matches DHCP requests in which the Option 82 contains the hexadecimal number 13ae. <Sysname>...

  • Page 77: Nbns-List

    nbns-list Use nbns-list to specify WINS server addresses in a DHCP address pool. Use undo nbns-list to remove the specified WINS server addresses. Syntax nbns-list ip-address&<1-8> undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin Parameters...

  • Page 78: Network

    Predefined user roles network-admin Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.

  • Page 79: Next-Server

    secondary: Specifies the subnet as a secondary subnet. If you do not specify this keyword, this command specifies the primary subnet. If the addresses in the primary subnet are used up, the DHCP server can select addresses from a secondary subnet for clients. Usage guidelines You can use the secondary keyword to specify a secondary subnet and enter its view.

  • Page 80: Option

    Usage guidelines Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 10.1.1.254 in DHCP address pool 0.

  • Page 81: Reset Dhcp Server Conflict

    • Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients. • Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command.

  • Page 82: Reset Dhcp Server Expired

    Related commands display dhcp server conflict reset dhcp server expired Use reset dhcp server expired to clear binding information about expired IP addresses. Syntax reset dhcp server expired [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views User view Predefined user roles...

  • Page 83: Reset Dhcp Server Statistics

    vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears binding information for the public network. pool pool-name: Clears binding information about assigned IP addresses in the specified address pool.

  • Page 84: Tftp-Server Domain-Name

    Default No static binding is specified in a DHCP address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no mask length or mask is specified. mask-length: Specifies the mask length in the range of 1 to 30.

  • Page 85: Tftp-Server Ip-Address

    Syntax tftp-server domain-name domain-name undo tftp-server domain-name Default No TFTP server name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect.

  • Page 86: Valid Class

    Examples # Specify TFTP server address 10.1.1.1 in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.1 Related commands display dhcp server pool tftp-server domain-name valid class Use valid class to add DHCP user classes to the whitelist. Use undo valid class to remove DHCP user classes from the whitelist.

  • Page 87: Voice-Config

    undo verify class Default The DHCP user class whitelist is disabled. Views DHCP address pool view Predefined user roles network-admin Usage guidelines After you enable the DHCP user class whitelist, the DHCP server processes requests only from clients on the DHCP user class whitelist. The DHCP user class whitelist does not take effect on clients that request static IP addresses, and the server always processes their requests.

  • Page 88: Vpn-Instance

    • enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Configure Option 184 in DHCP address pool 0. The primary and backup network calling processors are at 10.1.1.1 and 10.2.2.2, respectively.

  • Page 89: Dhcp Relay Agent Commands

    Examples # Apply DHCP address pool 0 to VPN instance abc. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] vpn-instance abc DHCP relay agent commands dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.

  • Page 90: Dhcp Relay Client-Information Record

    Syntax dhcp relay check mac-address aging-time time undo dhcp relay check mac-address aging-time Default The aging time is 30 seconds. Views System view Predefined user roles network-admin Parameters time: Specifies the aging time for MAC address check entries, in the range of 30 to 600 seconds. Usage guidelines This command takes effect only after you execute the dhcp relay check mac-address command.

  • Page 91: Dhcp Relay Client-Information Refresh

    Related commands dhcp relay client-information refresh dhcp relay client-information refresh enable dhcp relay client-information refresh Use dhcp relay client-information refresh to set the interval at which the DHCP relay agent refreshes relay entries. Use undo dhcp relay client-information refresh to restore the default. Syntax dhcp relay client-information refresh [ auto | interval interval ] undo dhcp relay client-information refresh...

  • Page 92: Dhcp Relay Dhcp-Server Timeout

    Default The DHCP relay agent periodically refreshes relay entries. Views System view Predefined user roles network-admin Usage guidelines A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.

  • Page 93: Dhcp Relay Gateway

    Parameters time: Specifies the DHCP server response timeout time in the range of 30 to 65535 seconds. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Set the DHCP server response timeout time to 60 seconds for DHCP server switchover on VLAN-interface 2.

  • Page 94: Dhcp Relay Information Circuit-Id

    dhcp relay information circuit-id Use dhcp relay information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option of Option 82. Use undo dhcp relay information circuit-id to restore the default. Syntax dhcp relay information circuit-id { string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] [ interface ] } [ format { ascii | hex } ] } undo dhcp relay information circuit-id Default...

  • Page 95: Dhcp Relay Information Enable

    Usage guidelines The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide. If you execute this command multiple times, the most recent configuration takes effect. The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration.

  • Page 96: Dhcp Relay Information Remote-Id

    Predefined user roles network-admin Usage guidelines This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands.

  • Page 97: Dhcp Relay Information Strategy

    string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option. sysname: Specifies the sysname mode that uses the device name as the content of the Remote ID sub-option.

  • Page 98: Dhcp Relay Master-Server Switch-Delay

    For DHCP requests that do not contain Option 82, the DHCP relay agent always adds Option 82 to the requests before forwarding the requests to the DHCP server. If the handling strategy is replace, configure a padding mode and padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure any padding mode or padding format.

  • Page 99: Dhcp Relay Release Ip

    dhcp relay release ip Use dhcp relay release ip to release a client IP address. Syntax dhcp relay release ip ip-address [ vpn-instance vpn-instance-name ] Views System view Predefined user roles network-admin Parameters ip-address: Specifies the IP address to be released. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified IP address belongs.

  • Page 100: Dhcp Relay Server-Address Algorithm

    You can specify a maximum of eight DHCP servers on an interface. The DHCP relay agent forwards the packets from the clients to all the specified DHCP servers. If you do not specify an IP address, the undo dhcp relay server-address command removes all DHCP servers on the interface.

  • Page 101: Dhcp-Server Timeout

    dhcp relay server-address remote-server algorithm dhcp-server timeout Use dhcp-server timeout to set the DHCP server response timeout time for DHCP server switchover. Use undo dhcp-server timeout to restore the default. Syntax dhcp-server timeout time undo dhcp-server timeout Default The DHCP server response timeout time is 30 seconds. Views DHCP address pool view Predefined user roles...

  • Page 102: Display Dhcp Relay Check Mac-Address

    Predefined user roles network-admin Usage guidelines The smart relay feature allows the relay agent to use secondary IP addresses as the gateway address when the DHCP server does not reply the DHCP-OFFER message. The relay agent initially pads its primary IP address to the giaddr field before forwarding a request to the DHCP server. If no DHCP-OFFER is returned after two retries, the relay agent switches to secondary IP addresses.
  • Page 103 Syntax display dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. If you do not specify an interface, this command displays relay entries on all interfaces. ip ip-address: Displays the relay entry for the specified IP address.

  • Page 104: Display Dhcp Relay Information

    Field Description the DHCP client does not belong to any VPN, this field displays N/A. Related commands dhcp relay client-information record reset dhcp relay client-information display dhcp relay information Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent.

  • Page 105: Display Dhcp Relay Server-Address

    Table 15 Command output Field Description Interface Interface name. Option 82 states: • Status Enable—DHCP relay agent support for Option 82 is enabled. • Disable—DHCP relay agent support for Option 82 is disabled. Handling strategy for request messages containing Option 82, Drop, Strategy Keep, or Replace.

  • Page 106: Display Dhcp Relay Statistics

    Table 16 Command output Field Description Interface name Interface name. Server IP address DHCP server IP address. Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent. Syntax display dhcp relay statistics [ interface interface-type interface-number ] Views...

  • Page 107: Gateway-List

    DHCP packets relayed to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: DHCP packets sent to servers: DHCPDISCOVER: DHCPREQUEST: DHCPINFORM: DHCPRELEASE: DHCPDECLINE: BOOTPREQUEST: DHCP packets sent to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: Related commands reset dhcp relay statistics gateway-list Use gateway-list to specify gateway addresses for DHCP clients in a DHCP address pool. Use undo gateway-list to remove gateway addresses from a DHCP address pool.

  • Page 108: Master-Server Switch-Delay

    The DHCP servers select a DHCP address pool according to the gateway address. Examples # Specify gateway address 10.1.1.1 in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] gateway-list 10.1.1.1 Related commands dhcp smart-relay enable master-server switch-delay Use master-server switch-delay to enable the switchback to the master DHCP server and set the switchback delay time.

  • Page 109: Remote-Server Algorithm

    undo remote-server [ ip-address&<1-8> ] Default No DHCP server is specified for the DHCP address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies a space-separated list of up to eight DHCP server addresses. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect.

  • Page 110: Reset Dhcp Relay Client-Information

    Examples # Specify master-backup as the DHCP server selecting algorithm in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] remote-server algorithm master-backup Related commands dhcp relay server-address algorithm dhcp-server timeout master-server switch-delay remote-server reset dhcp relay client-information Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.

  • Page 111: Dhcp Client Commands

    Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears all DHCP relay agent statistics. Examples # Clear all DHCP relay agent statistics. <Sysname> reset dhcp relay statistics Related commands display dhcp relay statistics DHCP client commands...

  • Page 112: Dhcp Client Identifier

    undo dhcp client dscp Default The DSCP value is 56 in DHCP packets sent by the DHCP client. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.

  • Page 113: Display Dhcp Client

    • Using the MAC address of an interface to generate a client ID. Whichever method you use, make sure the IDs for different DHCP clients are unique. Examples # Use a hexadecimal number of FFFFFFFF as the client ID for VLAN-interface 10. <Sysname>...
  • Page 114 Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16 DNS servers: 44.1.1.11 44.1.1.12 Domain name: ddd.com Boot servers: 200.200.200.200 1.1.1.1 ACS parameter: URL: http://192.168.1.1:7547/acs Username: bims Password: ****** Client ID type: acsii(type value=00) Client ID value: 000c.29d3.8659-Vlan10 Client ID (with type) hex: 0030-3030-632e-3239- 6433-2e38-3635-392d- 4574-6830-2f30-2f32...

  • Page 115: Ip Address Dhcp-Alloc

    Field Description DHCP client, which are obtained through Option 43. ACS parameter Parameters about the ACS. URL of the ACS. Username Username for logging in to the ACS. Password for logging in to the ACS. If a password is configured, Password this field displays ******.

  • Page 116: Dhcp Snooping Commands

    Examples # Configure VLAN-interface 10 to use DHCP for IP address acquisition. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ip address dhcp-alloc DHCP snooping commands DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent.

  • Page 117: Dhcp Snooping Binding Database Update Interval

    a DHCP snooping entry change to update the backup file. To change the waiting period, use the dhcp snooping binding database update interval command. If no DHCP snooping entry changes, the backup file is not updated. As a best practice, back up the DHCP snooping entries to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP snooping device to malfunction.

  • Page 118: Dhcp Snooping Binding Database Update Now

    Views System view Predefined user roles network-admin Parameters interval: Specifies the waiting time in seconds, in the range of 60 to 864000. Usage guidelines When a DHCP snooping entry is learned, updated, or removed, the waiting period starts. The DHCP snooping device updates the backup file when the waiting period is reached.

  • Page 119: Dhcp Snooping Binding Record

    dhcp snooping binding record Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries. Use undo dhcp snooping binding record to disable recording of client information in DHCP snooping entries. Syntax dhcp snooping binding record undo dhcp snooping binding record Default DHCP snooping does not record client information.

  • Page 120: Dhcp Snooping Check Request-Message

    snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request. Examples # Enable MAC address check for DHCP snooping. <Sysname> system-view [Sysname] interface hundredgige 1/0/1 [Sysname-HundredGigE1/0/1] dhcp snooping check mac-address dhcp snooping check request-message Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP snooping.

  • Page 121: Dhcp Snooping Enable

    Syntax dhcp snooping deny undo dhcp snooping deny Default A port does not block DHCP requests. Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines A DHCP packet blocking port drops all incoming DHCP requests. Examples # Configure HundredGigE 1/0/1 as a DHCP packet blocking port.

  • Page 122: Dhcp Snooping Information Circuit-Id

    dhcp snooping information circuit-id Use dhcp snooping information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option. Use undo dhcp snooping information circuit-id to restore the default. Syntax dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] } undo dhcp snooping information circuit-id [ vlan vlan-id ] Default...

  • Page 123: Dhcp Snooping Information Enable

    Usage guidelines The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide. If you execute this command multiple times, the most recent configuration takes effect. The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration.

  • Page 124: Dhcp Snooping Information Remote-Id

    Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines This command enables DHCP snooping to add Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp snooping information circuit-id and dhcp snooping information remote-id commands.

  • Page 125: Dhcp Snooping Information Strategy

    string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option. sysname: Specifies the sysname mode that uses the device name as the Remote ID sub-option. You can configure the device name by using the sysname command in system view. normal: Specifies the normal mode.

  • Page 126: Dhcp Snooping Log Enable

    keep: Keeps the original Option 82 intact and forwards the DHCP messages. replace: Replaces the original Option 82 with the configured Option 82 before forwarding the DHCP messages. Usage guidelines This command takes effect only on DHCP requests that contain Option 82. For DHCP requests that do not contain Option 82, the DHCP snooping device always adds Option 82 into the requests before forwarding them to the DHCP server.

  • Page 127: Dhcp Snooping Max-Learning-Num

    dhcp snooping max-learning-num Use dhcp snooping max-learning-num to set the maximum number of DHCP snooping entries that an interface can learn. Use undo dhcp snooping max-learning-num to restore the default. Syntax dhcp snooping max-learning-num max-number undo dhcp snooping max-learning-num Default The maximum number of DHCP snooping entries for an interface to learn is unlimited.

  • Page 128: Dhcp Snooping Trust

    Usage guidelines This command takes effect only when DHCP snooping is enabled. With the rate limit feature, the interface discards DHCP packets that exceed the maximum rate. The rate configured on a Layer 2 aggregate interface applies to all members of the aggregate interface.

  • Page 129: Display Dhcp Snooping Binding Database

    Syntax display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ] Views Any view Predefined user roles network-admin network-operator Parameters ip ip-address: Displays the DHCP snooping entry for the specified IP address. If you do not specify an IP address, this command displays DHCP snooping entries for all IP addresses. vlan vlan-id: Specifies the VLAN ID where the IP address resides.

  • Page 130: Display Dhcp Snooping Information

    Syntax display dhcp snooping binding database Views Any view Predefined user roles network-admin network-operator Examples # Display information about DHCP snooping entry auto backup. <Sysname> display dhcp snooping binding database File name database.dhcp Username Password Update interval 600 seconds Latest write time Feb 27 18:48:04 2012 Status Last write succeeded.

  • Page 131: Display Dhcp Snooping Packet Statistics

    Parameters all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces. interface interface-type interface-number: Specifies an interface by its type and number. Examples # Display Option 82 configuration on all interfaces. <Sysname> display dhcp snooping information all Interface: Bridge-Aggregation1 Status: Disable Strategy: Drop Circuit ID:...

  • Page 132: Display Dhcp Snooping Trust

    Syntax display dhcp snooping packet statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays DHCP packet statistics for the master device. Examples # Display DHCP packet statistics for DHCP snooping.

  • Page 133: Reset Dhcp Snooping Packet Statistics

    Syntax reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] } Views User view Predefined user roles network-admin Parameters all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entry for the specified IP address. vlan vlan-id: Clears DHCP snooping entries for the specified VLAN.

  • Page 134: Ip Address Bootp-Alloc

    Syntax display bootp client [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays BOOTP client information on all interfaces. Examples # Display BOOTP client information on VLAN-interface 10.
  • Page 135 Predefined user roles network-admin Examples # Configure VLAN-interface 10 to use BOOTP for IP address acquisition. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ip address bootp-alloc Related commands display bootp client...

  • Page 136: Dns Commands

    DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.
  • Page 137 Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries.

  • Page 138: Display Dns Server

    Field Description • For a type AAAA query, the replied IP address is an IPv6 address. Related commands ip host ipv6 host reset dns host display dns server Use display dns server to display IPv4 DNS server information. Syntax display dns server [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles...

  • Page 139: Display Ipv6 Dns Server

    Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information. Syntax display ipv6 dns server [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays IPv6 DNS server information dynamically obtained through DHCP or other protocols.

  • Page 140: Dns Dscp

    Use undo dns domain to delete the specified domain name suffix. Syntax dns domain domain-name [ vpn-instance vpn-instance-name ] undo dns domain domain-name [ vpn-instance vpn-instance-name ] Default No domain name suffix is configured. Only the provided domain name is resolved. Views System view Predefined user roles...

  • Page 141: Dns Proxy Enable

    Predefined user roles network-admin Parameters dscp-value: Specifies the DSCP value in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for outgoing DNS packets.

  • Page 142: Dns Source-Interface

    Views System view Predefined user roles network-admin Parameters ip-address: Specifies the IPv4 address of a DNS server. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To specify a DNS server IPv4 address for the public network, do not use this option.

  • Page 143: Dns Spoofing

    Usage guidelines This configuration applies to both IPv4 and IPv6. In IPv4 DNS, the device uses the primary IPv4 address of the specified source interface as the source IP address of a DNS query. In IPv6 DNS, the device selects an IPv6 address of the specified source interface as the source IP address of a DNS query.

  • Page 144: Dns Trust-Interface

    Examples # Enable DNS spoofing for the public network and specify IPv4 address 1.1.1.1 for spoofing DNS requests. <Sysname> system-view [Sysname] dns proxy enable [Sysname] dns spoofing 1.1.1.1 Related commands dns proxy enable dns trust-interface Use dns trust-interface to specify a DNS trusted interface. Use undo dns trust-interface to remove a DNS trusted interface.

  • Page 145: Ipv6 Dns Dscp

    Syntax ip host host-name ip-address [ vpn-instance vpn-instance-name ] undo ip host host-name ip-address [ vpn-instance vpn-instance-name ] Default No host name-to-IPv4 address mappings exist. Views System view Predefined user roles network-admin Parameters host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. Valid characters are letters, digits, hyphens (-), underscores (_), and dots (.).

  • Page 146: Ipv6 Dns Server

    Views System view Predefined user roles network-admin Parameters dscp-value: Specifies the DSCP value in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for outgoing IPv6 DNS packets.

  • Page 147: Ipv6 Dns Spoofing

    If you do not specify an IPv6 address, the undo ipv6 dns server command removes all DNS server IPv6 addresses for the public network or the specified VPN instance. Examples # Specify DNS server IPv6 address 2002::1 for the public network. <Sysname>...

  • Page 148: Ipv6 Host

    Related commands dns proxy enable ipv6 host Use ipv6 host to create a host name-to-IPv6 address mapping. Use undo ipv6 host to remove a host name-to-IPv6 address mapping. Syntax ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ] undo ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ] Default No host name-to-IPv6 address mappings exist.
  • Page 149 Syntax reset dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views User view Predefined user roles network-admin Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.

  • Page 150: Ddns Commands

    DDNS commands ddns apply policy Use ddns apply policy to apply a DDNS policy to an interface and enable DDNS update. DDNS updates the mapping between the FQDN and the primary IP address of the interface. Use undo ddns apply policy to remove the application of a DDNS policy from an interface and to stop DDNS update.

  • Page 151: Ddns Policy

    Syntax ddns dscp dscp-value undo ddns dscp Default The DSCP value for outgoing DDNS packets is 0. Views System view Predefined user roles network-admin Parameters dscp-value: Specifies the DSCP value in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.

  • Page 152: Display Ddns Policy

    Related commands ddns apply policy display ddns policy display ddns policy Use display ddns policy to display information about DDNS policies. Syntax display ddns policy [ policy-name ] Views Any view Predefined user roles network-admin network-operator Parameters policy-name: Specifies a DDNS policy by its name, a case-insensitive string of 1 to 32 characters. If you do not specify a DDNS policy, this command displays information about all DDNS policies.

  • Page 153: Interval

    SSL client policy: Interval : 0 days 0 hours 15 minutes DDNS policy: u-policy : oray://phservice2.oray.net Username : username Password Method SSL client policy: Interval : 0 days 0 hours 15 minutes Table 27 Command output Field Description DDNS policy DDNS policy name.

  • Page 154: Method

    hours: Hours in the range of 0 to 23. minutes: Minutes in the range of 0 to 59. Usage guidelines Whether the interval is reached or not, a DDNS update request is initiated immediately if either of the following conditions occurs: •...

  • Page 155: Password

    Usage guidelines This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server. For example, a DHS server supports the http-post method. If the DDNS policy has been applied to an interface, a DDNS update is sent immediately after the parameter transmission is changed.

  • Page 156: Ssl-Client-Policy

    username ssl-client-policy Use ssl-client-policy to associate an SSL client policy with a DDNS policy. Use undo ssl-client-policy to restore the default. Syntax ssl-client-policy policy-name undo ssl-client-policy Default No SSL client policy is associated with a DDNS policy. Views DDNS policy view Predefined user roles network-admin Parameters...
  • Page 157 Views DDNS policy view Predefined user roles network-admin Parameters request-url: Specifies the URL address, a case-sensitive string of 1 to 240 characters. Usage guidelines The URL addresses configured for update requests vary by DDNS server. Common DDNS server URL address formats are shown in Table Table 28 Common URL addresses for DDNS update request DDNS server...

  • Page 158: Username

    The port number in the URL address is optional. If you do not specify a port number, the default port number is used. HTTP uses port 80, HTTPS uses port 443, and the PeanutHull server uses port 6060. The system automatically performs the following tasks: •...
  • Page 159 Parameters username: Specifies the username, a case-sensitive string of 1 to 32 characters. Examples # In DDNS policy steven_policy, specify steven as the username for logging in to the DDNS server. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] username steven Related commands ddns policy display ddns policy...

  • Page 160: Basic Ip Forwarding Commands

    Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

  • Page 161: Ip Forwarding-Table Save

    Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay F:FRR Destination/Mask Nexthop Flag OutInterface/Token Label 0.0.0.0/32 127.0.0.1 InLoop0 Null 20.20.20.0/24 20.20.20.25 M-GE0/0/0 Null 20.20.20.0/32 20.20.20.25 M-GE0/0/0 Null 20.20.20.25/32 127.0.0.1 InLoop0 Null 20.20.20.25/32 20.20.20.25 M-GE0/0/0 Null 20.20.20.255/32 20.20.20.25 M-GE0/0/0 Null # Display the FIB entries matching the destination IP address 10.2.1.1. <Sysname>...
  • Page 162 Syntax ip forwarding-table save filename filename Views Any view Predefined user roles network-admin Parameters filename filename: Specifies the name of a file, a string of 1 to 255 characters. For information about the filename argument, see Fundamentals Configuration Guide. Usage guidelines The command automatically creates the file if you specify a nonexistent file.

  • Page 163: Load Sharing Commands

    Load sharing commands display ip load-sharing path Use display ip load-sharing path to display the load sharing path selected for a flow. Syntax display ip load-sharing path ingress-port interface-type interface-number packet-format { ipv4oe dest-ip ip-address [ src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address ] } [ dest-port port-id | ip-pro protocol-id | src-port port-id | vpn-instance vpn-instance-name ] * Views...

  • Page 164: Ip Load-Sharing Mode

    Examples # Display the load sharing path selected for the flow with the following attributes: ingress port HundredGigE 1/0/3, destination IP address 10.110.0.2, source IP address 10.100.0.2, IP protocol number 153, destination port number 2000, source port number 2000. <Sysname> display ip load-sharing path ingress-port hundredgige 1/0/3 packet-format ipv4oe destination-ip 10.110.0.2 source-ip 10.100.0.2 ip-pro 153 dest-port 2000 src-port 2000 Load-sharing algorithm: 0 Load-sharing options: ingress-port | dest-ip | src-ip | ip-pro | dest-port | src-port...
  • Page 165 Syntax ip load-sharing mode per-flow [ algorithm algorithm-number | [ dest-ip | dest-port | ip-pro | src-ip | src-port | ingress-port ] * | tunnel { inner | outer } ] { global | slot slot-number } undo ip load-sharing mode { global | slot slot-number } Default The device performs per-flow load sharing based on the following criteria: source IP address, destination IP address, source port number, destination port number, IP protocol number, ingress...

  • Page 166: Fast Forwarding Commands

    Fast forwarding commands display ip fast-forwarding aging-time Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries. Syntax display ip fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of fast forwarding entries. <Sysname>...

  • Page 167: Display Ip Fast-Forwarding Fragcache

    Table 31 Command output Field Description Source IP address. SPort Source port number. Destination IP address. DPort Destination port number. Protocol number. Input interface type and number. Input_If If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-).

  • Page 168: Ip Fast-Forwarding Aging-Time

    Table 32 Command output Field Description Source IP address. SPort Source port number. Destination IP address. DPort Destination port number. Protocol number. Input interface type and number. Input_If If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-).

  • Page 169: Reset Ip Fast-Forwarding Cache

    Syntax ip fast-forwarding load-sharing undo ip fast-forwarding load-sharing Default Fast forwarding load sharing is enabled. Views System view Predefined user roles network-admin Usage guidelines Fast forwarding load sharing enables the device to load share packets of the same flow. This feature identifies a data flow by using the five-tuple (source IP, source port, destination IP, destination port, and protocol).

  • Page 170: Ipv4 Adjacency Table Commands

    IPv4 adjacency table commands display adjacent-table Use display adjacent-table to display IPv4 adjacency entries. Syntax display adjacent-table physical-interface interface-type interface-number routing-interface interface-type interface-number | slot slot-number } [ count | verbose ] View Any view Predefined user roles network-admin network-operator Parameters all: Displays all IPv4 adjacency entries.
  • Page 171 IP address Routing interface Physical interface Type 0.0.0.0 Tun1 Tun1 Tunnel # Display the number of IPv4 adjacency entries for the specified slot. <Sysname> display adjacent-table slot 1 count Total entries on slot 1: 1 Table 33 Command output Field Description IP address of the next hop.

  • Page 172: Ipv6 Adjacency Table Commands

    IPv6 adjacency table commands display ipv6 adjacent-table Use display ipv6 adjacent-table to display IPv6 adjacency entries. Syntax display ipv6 adjacent-table { all | physical-interface interface-type interface-number | routing-interface interface-type interface-number | slot slot-number } [ count | verbose ] Views Any view Predefined user roles network-admin...
  • Page 173 IPv6 address Routing interface Physical interface Type Tun1 Tun1 Tunnel # Display the number of IPv6 adjacency entries for the specified slot. <Sysname> display ipv6 adjacent-table slot 1 count Total entries on slot 1: 1 Table 34 Command output Field Description IPv6 address of the next hop.

  • Page 174: Irdp Commands

    IRDP commands ip irdp Use ip irdp to enable IRDP on an interface. Use undo ip irdp to disable IRDP on an interface. Syntax ip irdp undo ip irdp Default IRDP is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines This command validates the IRDP settings on an interface.

  • Page 175: Ip Irdp Lifetime

    preference-value: Specifies the preference for the IP address, in the range of –2147483648 to 2147483647. A larger preference value represents a higher preference. Usage guidelines You can specify a maximum of four IP addresses for an interface to proxy-advertise. An RA sent on the interface includes the interface IP addresses and the proxy-advertised IP addresses.

  • Page 176: Ip Irdp Interval

    Related commands ip irdp ip irdp interval ip irdp interval Use ip irdp interval to set the maximum and minimum intervals for advertising RAs on an interface. Use undo ip irdp interval to restore the default. Syntax ip irdp interval max-interval [ min-interval ] undo ip irdp interval Default The maximum interval is 600 seconds, and the minimum interval is 3/4 of the maximum interval.

  • Page 177: Ip Irdp Preference

    Default RAs use the broadcast address 255.255.255.255 as the destination IP address. Views Interface view Predefined user roles network-admin Examples # Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ip irdp multicast Related commands ip irdp...

  • Page 178: Ip Performance Optimization Commands

    IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax display icmp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ICMP statistics for all member devices.
  • Page 179 Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IP packet statistics for all member devices. Usage guidelines IP statistics include information about received and sent packets, fragments, and reassembly.

  • Page 180: Display Rawip

    Field Description • sum—Total number of packets reassembled. • timeouts—Total number of reassembly timeouts. Related commands display ip interface reset ip statistics display rawip Use display rawip to display brief information about RawIP connections. Syntax display rawip [ slot slot-number ] Views Any view Predefined user roles...

  • Page 181: Usage Guidelines

    Syntax display rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB. The index is a hexadecimal string in the range of 1 to ffffffffffffffff.
  • Page 182 Field Description Options Socket options. Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. • drop—Number of dropped packets. Receiving buffer (cc/hiwat/lowat/drop/state) • state—Buffer state: CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer.

  • Page 183: Display Tcp

    Field Description frame. • INP_SNDBYLSPV—Sends through MPLS. • INP_RECVTOS—Receives TOS of the packet. Only UDP and RawIP support this flag. • INP_USEICMPSRC—Uses the specified IP address as the source IP address for outgoing ICMP packets. • INP_SYNCPCB—Waits until Internet PCB is synchronized. •...

  • Page 184: Display Tcp Statistics

    *: TCP connection with authentication Local Addr:port Foreign Addr:port State Slot *0.0.0.0:21 0.0.0.0:0 LISTEN 0x000000000000c387 192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 0x0000000000000009 192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 0x0000000000000002 Table 38 Command output Field Description Indicates that the TCP connection uses authentication. Local Addr:port Local IP address and port number.
  • Page 185 packets after close: 0 ACK packets: 3531 (795048 bytes) duplicate ACK packets: 33, ACK packets for unsent data: 0 Sent packets: Total: 4058 urgent packets: 0 control packets: 50 window probe packets: 3, window update packets: 11 data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes) ACK-only packets: 150 (52 delayed) unnecessary packet retransmissions: 0 Syncache/syncookie related statistics:...

  • Page 186: Display Tcp Verbose

    listen queue overflows: 0 RTT updates: 3518(attempt segment: 3537) correct ACK header predictions: 0 correct data packet header predictions: 568 resends due to MTU discovery: 0 packets dropped due to MD5 authentication failure: 0 packets that passed MD5 authentication: 0 sent Keychain-encrypted packets: 0 packets that passed Keychain authentication: 0 packets dropped due to Keychain authentication failure: 0...
  • Page 187 Type: 1 Protocol: 6 Connection info: src = 192.168.20.200:179 , dst = 192.168.20.14:4181 Inpcb flags: N/A Inpcb extflag: N/A Inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) Connection state: ESTABLISHED TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR NSR state: READY(M) Send VRF: 0x0 Receive VRF: 0x0 Table 39 Command output Field...
  • Page 188 Field Description Protocol Number of the protocol using the socket. Source IP address and port number, and destination IP address and Connection info port number. Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address.

  • Page 189: Display Udp

    Field Description • TF_BINDFOREIGNADDR—Binds the peer IP address. • TF_NSR—Enables TCP NSR. • TF_REQ_SCALE—Enables the TCP window scale option. • TF_REQ_TSTMP—Enables the time stamp option. • TF_SACK_PERMIT—Enables the TCP selective acknowledgement option. • TF_ENHANCED_AUTH—Enables the enhanced authentication option. State of the TCP connections. Between the parentheses is the role of the connection: NSR state •...

  • Page 190: Display Udp Statistics

    display udp statistics Use display udp statistics to display UDP traffic statistics. Syntax display udp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays UDP traffic statistics for all member devices.
  • Page 191 Parameters pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The index is a hexadecimal string in the range of 1 to ffffffffffffffff. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about UDP connections for all member devices.
  • Page 192 Field Description N/A—None of the above states. Displays send buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Sending • state—Buffer state: buffer(cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag.

  • Page 193: Ip Forward-Broadcast

    Field Description • INP_ONESBCAST—Sends broadcast packets. • INP_DROPPED—Protocol dropped flag. • INP_SOCKREF—Strong socket reference. • INP_DONTBLOCK—Do not block synchronization of the Internet PCB. • N/A—None of the above flags. TTL value in the Internet PCB. ip forward-broadcast Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets destined for the directly connected network.

  • Page 194: Ip Icmp Error-Interval

    ip icmp error-interval Use ip icmp error-interval to set the bucket size and the interval for tokens to arrive in the bucket for ICMP error messages. Use undo ip icmp error-interval to restore the default. Syntax ip icmp error-interval interval [ bucketsize ] undo ip icmp error-interval Default The bucket allows a maximum of 10 tokens, and a token is placed in the bucket every 100...

  • Page 195: Ip Icmp Source

    Views System view Predefined user roles network-admin Usage guidelines Disabling forwarding of ICMP fragments can prevent ICMP fragment attacks. Examples # Disable forwarding of ICMP fragments. <Sysname> system-view [Sysname] ip icmp fragment discarding ip icmp source Use ip icmp source to specify the source address for outgoing ICMP packets. Use undo ip icmp source to remove the specified source address for outgoing ICMP packets.

  • Page 196: Ip Reassemble Local Enable

    Use undo ip mtu to restore the default. Syntax ip mtu mtu-size undo ip mtu Default The MTU of IPv4 packets sent over an interface is not set. Views Interface view Predefined user roles network-admin Parameters mtu-size: Specifies the MTU in bytes. The value range for the mtu-size argument is 128 to 9008. Usage guidelines When a packet exceeds the MTU of IPv4 packets sent over an interface, the device processes the packet in one of the following ways:...

  • Page 197: Ip Redirects Enable

    Usage guidelines Use this feature on a multichassis IRF fabric to improve fragment reassembly efficiency. This feature enables a subordinate to reassemble the IPv4 fragments of a packet if all the fragments arrive at it. If this feature is disabled, all IPv4 fragments are delivered to the master device for reassembly. The feature applies only to fragments destined for the same subordinate.

  • Page 198: Ip Unreachables Enable

    Syntax ip ttl-expires enable undo ip ttl-expires enable Default Sending ICMP time exceeded messages is disabled. Views System view Predefined user roles network-admin Usage guidelines A device sends ICMP time exceeded messages by following these rules: • The device sends an ICMP TTL exceeded in transit message to the source when the following conditions are met: The received packet is not destined for the device.

  • Page 199: Reset Ip Statistics

    The received packet does not match any route. No default route exists in the routing table. • The device sends the source an ICMP protocol unreachable message when the following conditions are met: The received packet is destined for the device. The transport layer protocol of the packet is not supported by the device.

  • Page 200: Reset Tcp Statistics

    display ip statistics reset tcp statistics Use reset tcp statistics to clear TCP traffic statistics. Syntax reset tcp statistics Views User view Predefined user roles network-admin Examples # Clear TCP traffic statistics. <Sysname> reset tcp statistics Related commands display tcp statistics reset udp statistics Use reset udp statistics to clear UDP traffic statistics.

  • Page 201: Tcp Path-Mtu-Discovery

    Views Interface view Predefined user roles network-admin Parameters value: Specifies the TCP MSS in bytes. The value range for this argument is 128 to 8968. Usage guidelines The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment.

  • Page 202: Tcp Syn-Cookie Enable

    After you disable TCP path MTU discovery, the system stops all path MTU timers. The TCP connections established later do not detect the path MTU, but the TCP connections previously established still can detect the path MTU. Examples # Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes. <Sysname>...

  • Page 203: Tcp Timer Syn-Timeout

    Use undo tcp timer fin-timeout to restore the default. Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP FIN wait timer is 675 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds. Usage guidelines TCP starts the FIN wait timer when the state of a TCP connection changes to FIN_WAIT_2.

  • Page 204: Tcp Window

    Examples # Set the TCP SYN wait timer to 80 seconds. <Sysname> system-view [Sysname] tcp timer syn-timeout 80 tcp window Use tcp window to set the size of the TCP receive/send buffer. Use undo tcp window to restore the default. Syntax tcp window window-size undo tcp window...

  • Page 205: Udp Helper Commands

    UDP helper commands display udp-helper interface Use display udp-helper interface to display information about broadcast to unicast conversion by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines This command displays information about destination servers and total number of unicast packets converted from UDP broadcast packets by UDP helper.

  • Page 206: Udp-Helper Broadcast-Map

    Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the statistics about broadcast to unicast conversion by UDP helper. <Sysname> reset udp-helper statistics Related commands display udp-helper interface udp-helper broadcast-map Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast to multicast.

  • Page 207: Udp-Helper Enable

    [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] udp-helper broadcast-map 225.0.0.1 udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper. Syntax udp-helper enable undo udp-helper enable Default UDP helper is disabled. Views System view Predefined user roles network-admin Usage guidelines For UDP helper to take effect on an interface, make sure the following conditions are met:...

  • Page 208: Udp-Helper Server

    Predefined user roles network-admin Parameters port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). dns: Specifies the UDP port 53 used by DNS packets. netbios-ds: Specifies the UDP port 138 used by NetBIOS distribution service packets. netbios-ns: Specifies the UDP port 137 used by NetBIOS name service packets.
  • Page 209 Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets. If the packets' destination UDP port numbers match the UDP helper ports, UDP helper forwards the broadcasts to the specified servers. You can specify a maximum of 20 unicast and multicast addresses for UDP helper to convert broadcast packets on an interface.

  • Page 210: Ipv6 Basics Commands

    IPv6 basics commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address [ prefix-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

  • Page 211: Display Ipv6 Icmp Statistics

    Field Description Route flag: • U—Usable route. • G—Gateway route. • H—Host route. • Flags B—Black hole route. • D—Dynamic route. • S—Static route. • R—Recursive route. • F—Fast re-route. Time stamp Time when the IPv6 FIB entry was generated. Label Inner MPLS label.

  • Page 212: Display Ipv6 Interface

    time exceed reassembly 0 redirect ratelimited other errors display ipv6 interface Use display ipv6 interface to display IPv6 interface information. Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type: Specifies an interface by its type.
  • Page 213 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts:...
  • Page 214 Field Description • DUPLICATE—The address is not unique on the link. • PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. •...
  • Page 215 Field Description InUnknownProtos Received IPv6 packets with unknown or unsupported protocol type. Received IPv6 packets that are delivered to user protocols (such as InDelivers ICMPv6, TCP, and UDP). OutRequests Local IPv6 packets sent by IPv6 user protocols. OutForwDatagrams IPv6 packets forwarded by the interface. Received IPv6 packets that are discarded because no matching route InNoRoutes can be found.

  • Page 216: Display Ipv6 Interface Prefix

    Field Description Link layer protocol state of the interface: • Protocol down—The network layer protocol state of the interface is down. • up—The network layer protocol state of the interface is up. IPv6 address of the interface. • If multiple global unicast addresses are configured, this field displays the lowest address.

  • Page 217: Display Ipv6 Neighbors

    Filed Description • ADDRESS—Generated by a manually configured address. Aging time in seconds. If the prefix does not age out, this field displays a hyphen (-). Flags carried in RA messages. If no flags are available, this field displays a hyphen (-). •...
  • Page 218 # Display detailed information about all neighbors. <Sysname> display ipv6 neighbors all verbose Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid IPv6 Address: FE80::3470:984:D96B:10CA Link Layer : a036-9f8b-18ad VID : N/A Interface: MGE0/0/0 State : STALE Type: D : 4310 Vpn-instance: [No Vrf] NickName : 0x0 Table 47 Command output...

  • Page 219: Display Ipv6 Neighbors Count

    Related commands ipv6 neighbor reset ipv6 neighbors display ipv6 neighbors count Use display ipv6 neighbors count to display the number of neighbor entries. Syntax display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count Views Any view...

  • Page 220: Display Ipv6 Neighbors Vpn-Instance

    Examples # Display the maximum number of ND entries that the device supports. <Sysname> display ipv6 neighbors entry-limit ND entries: 4096 display ipv6 neighbors vpn-instance Use display ipv6 neighbors vpn-instance to display neighbor information about a VPN instance. Syntax display ipv6 neighbors vpn-instance vpn-instance-name [ count ] Views Any view Predefined user roles...

  • Page 221: Display Ipv6 Pathmtu

    Field Description • O—Learned from the OpenFlow module. • I—Invalid. A hyphen (-) indicates a static entry. For a dynamic entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#). display ipv6 pathmtu Use the display ipv6 pathmtu command to display IPv6 Path MTU information.

  • Page 222: Display Ipv6 Prefix

    Field Description hyphen (-). Path MTU type: • Type Dynamic—Dynamically negotiated. • Static—Statically configured. Total number of entries Total number of Path MTU entries. Related commands ipv6 pathmtu reset ipv6 pathmtu display ipv6 prefix Use display ipv6 prefix to display information about IPv6 prefixes, including dynamic and static prefixes.

  • Page 223: Display Ipv6 Rawip

    Field Description Prefix type: • Type Static—Static IPv6 prefix. • Dynamic—Dynamic IPv6 prefix. Prefix Prefix and its length. If no prefix is obtained, this field displays Not-available. Preferred lifetime 90 Preferred lifetime in seconds. For a static IPv6 prefix, this field is not displayed. valid lifetime 120 sec Valid lifetime in seconds.

  • Page 224: Display Ipv6 Rawip Verbose

    display ipv6 rawip verbose Use display ipv6 rawip verbose to display detailed information about IPv6 RawIP connections. Syntax display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16.
  • Page 225 Field Description Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. • drop—Number of dropped packets. Receiving buffer (cc/hiwat/lowat/drop/state) • state—Buffer state: CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer.

  • Page 226: Display Ipv6 Statistics

    Field Description • IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. • IN6P_TCLASS—Receives the traffic class of the packet. • IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. • IN6P_RFC2292—Uses the API specified in RFC 2292. • IN6P_MTU—Discovers differences in the MTU size of every link along a given data path.
  • Page 227 Examples # Display IPv6 and ICMPv6 packet statistics. <Sysname> display ipv6 statistics IPv6 statistics: Sent packets: Total: Sent locally: Forwarded: Raw packets: Discarded: Fragments: Fragments failed: Routing failed: Received packets: Total: Received locally: Hop limit exceeded: Fragments: Reassembled: Reassembly failures: Reassembly timeout: Format errors: Option errors:...

  • Page 228: Display Ipv6 Tcp

    Related commands reset ipv6 statistics display ipv6 tcp Use display ipv6 tcp to display brief information about IPv6 TCP connections. Syntax display ipv6 tcp [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about IPv6 TCP connections for all member devices.
  • Page 229 Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 TCP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about IPv6 TCP connections for all member devices.
  • Page 230 Field Description • hiwat—Maximum space. • lowat—Minimum space. • state—Buffer state: CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag. N/A—None of the above states. Displays send buffer information in the following order: •...
  • Page 231 Field Description • IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag. • INP_RCVMACADDR—Receives the MAC address of the frame. • INP_SYNCPCB—Waits until Internet PCB is synchronized. • N/A—None of the above flags. Extension flags in the Internet PCB: •...

  • Page 232: Display Ipv6 Udp

    Field Description • TF_NSR—Enables TCP NSR. • TF_REQ_SCALE—Enables the TCP window scale option. • TF_REQ_TSTMP—Enables the time stamp option. • TF_SACK_PERMIT—Enables the TCP selective acknowledgement option. • TF_ENHANCED_AUTH—Enables the enhanced authentication option. State of the TCP connections. Between the parentheses is the role of the connection: NSR state •...

  • Page 233: Display Ipv6 Udp Verbose

    display ipv6 udp verbose Use display ipv6 udp verbose to display detailed information about IPv6 UDP connections. Syntax display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 UDP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16.
  • Page 234 Field Description Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. • drop—Number of dropped packets. Receiving buffer(cc/hiwat/lowat/drop/state) • state—Buffer state: CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag.

  • Page 235: Ipv6 Address

    Field Description • IN6P_RTHDR—Receives the routing extension header. • IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. • IN6P_TCLASS—Receives the traffic class of the packet. • IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. • IN6P_RFC2292—Uses the API specified in RFC 2292. •...

  • Page 236: Ipv6 Address Anycast

    Parameters ipv6-address: Specifies an IPv6 address. prefix-length: Specifies a prefix length in the range of 1 to 128. Usage guidelines Like public IPv4 addresses, IPv6 global unicast addresses are assigned to ISPs. This type of address allows for prefix aggregation to reduce the number of global routing entries. If you do not specify any parameters, the undo ipv6 address command deletes all IPv6 addresses of an interface.

  • Page 237: Ipv6 Address Auto

    <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1 64 anycast ipv6 address auto Use ipv6 address auto to enable the stateless address autoconfiguration feature on an interface, so that the interface can automatically generate a global unicast address. Use undo ipv6 address auto to disable this feature.

  • Page 238: Ipv6 Address Eui-64

    Predefined user roles network-admin Usage guidelines Link-local addresses are used for neighbor discovery and stateless autoconfiguration on the local link. Packets using link-local addresses as the source or destination addresses cannot be forwarded to other links. After an IPv6 global unicast address is configured for an interface, a link-local address is automatically generated.

  • Page 239: Ipv6 Address Link-Local

    Parameters ipv6-address/prefix-length: Specifies an IPv6 address and IPv6 prefix length. The ipv6-address and prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address. The value range for the prefix-length argument is 1 to 64. Usage guidelines An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated interface ID.

  • Page 240: Ipv6 Address Prefix-Number

    • The automatically generated link-local address does not take effect. • The manually assigned link-local address of an interface remains. After you delete the manually assigned address, the automatically generated link-local address takes effect. For automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command.

  • Page 241: Ipv6 Extension-Header Drop Enable

    [Sysname] ipv6 prefix 1 AAAA::/16 [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 1 BBBB:CCCC:DDDD::10/32 Related commands ipv6 prefix ipv6 extension-header drop enable Use ipv6 extension-header drop enable to enable a device to discard IPv6 packets that contain extension headers. Use undo ipv6 extension-header drop enable to disable a device from discarding IPv6 packets that contain extension headers.

  • Page 242: Ipv6 Hoplimit-Expires Enable

    Parameters value: Specifies the number of hops, in the range of 1 to 255. Usage guidelines The hop limit determines the number of hops that an IPv6 packet generated by the device can travel. The device advertises the hop limit in RA messages. All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent.

  • Page 243: Ipv6 Icmpv6 Multicast-Echo-Reply Enable

    Syntax ipv6 icmpv6 error-interval interval [ bucketsize ] undo ipv6 icmpv6 error-interval Default The bucket allows a maximum of 10 tokens, and a token is placed in the bucket every 100 milliseconds. Views System view Predefined user roles network-admin Parameters interval: Specifies the interval for tokens to arrive in the bucket.

  • Page 244: Ipv6 Icmpv6 Source

    Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host. For example, the attacker can send an echo request to a multicast address with Host A as the source. All hosts in the multicast group will send echo replies to Host A. To prevent attacks, do not enable the device to reply to multicast echo requests unless necessary.

  • Page 245: Ipv6 Nd Autoconfig Managed-Address-Flag

    Use undo ipv6 mtu to restore the default MTU. Syntax ipv6 mtu size undo ipv6 mtu Default No MTU is configured for an interface. Views Interface view Predefined user roles network-admin Parameters size: Specifies the size of the MTUs of an interface in bytes. The value range for this argument is 1280 to 9008.

  • Page 246: Ipv6 Nd Autoconfig Other-Flag

    Usage guidelines The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain IPv6 addresses. • If the M flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from an DHCPv6 server) to obtain IPv6 addresses. •...

  • Page 247: Ipv6 Nd Dad Attempts

    ipv6 nd dad attempts Use ipv6 nd dad attempts to set the number of attempts to send an NS message for DAD. Use undo ipv6 nd dad attempts to restore the default. Syntax ipv6 nd dad attempts interval undo ipv6 nd dad attempts Default The number of attempts to send an NS message for DAD is 1.

  • Page 248: Ipv6 Nd Nud Reachable-Time

    Views Interface view Predefined user roles network-admin Parameters value: Specifies the interval value in the range of 1000 to 4294967295 milliseconds. Usage guidelines If a device does not receive a response from the peer within the specified interval, the device resends an NS message.

  • Page 249: Ipv6 Nd Ra Halt

    <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd nud reachable-time 10000 Related commands display ipv6 interface ipv6 nd ra halt Use ipv6 nd ra halt to suppress an interface from advertising RA messages. Use undo ipv6 nd ra halt to disable this feature. Syntax ipv6 nd ra halt undo ipv6 nd ra halt...

  • Page 250: Ipv6 Nd Ra Interval

    Examples # Specify unlimited hops in the RA messages on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ipv6 nd ra hop-limit unspecified Related commands ipv6 hop-limit ipv6 nd ra interval Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages. Use undo ipv6 nd ra interval to restore the default.

  • Page 251: Ipv6 Nd Ra Prefix

    Use undo ipv6 nd ra no-advlinkmtu to restore the default. Syntax ipv6 nd ra no-advlinkmtu undo ipv6 nd ra no-advlinkmtu Default RA messages contain the MTU option. Views Interface view Predefined user roles network-admin Usage guidelines The MTU option in the RA messages specifies the link MTU to ensure that all nodes on the link use the same MTU.

  • Page 252: Ipv6 Nd Ra Prefix Default

    valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days). preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The preferred lifetime cannot be longer than the valid lifetime. The default value is 604800 seconds (7 days).

  • Page 253: Ipv6 Nd Ra Router-Lifetime

    Views Interface view Predefined user roles network-admin Parameters valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days). preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds.

  • Page 254: Ipv6 Nd Router-Preference

    Usage guidelines The router lifetime in RA messages specifies how long the router sending the RA messages acts as the default router. Hosts receiving the RA messages check this value to determine whether to use the sending router as the default router. If the router lifetime is 0, the router cannot be used as the default router.

  • Page 255: Ipv6 Neighbor

    ipv6 neighbor Use ipv6 neighbor to configure a static neighbor entry. Use undo ipv6 neighbor to delete a static neighbor entry. Syntax ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number } [ vpn-instance vpn-instance-name ] undo ipv6 neighbor ipv6-address interface-type interface-number Default No static neighbor entries exist.

  • Page 256: Ipv6 Neighbor Link-Local Minimize

    To delete a static neighbor entry for a VLAN interface, specify only the corresponding VLAN interface. Examples # Configure a static neighbor entry for VLAN-interface 1. <Sysname> system-view [Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface Vlan-interface 1 Related commands display ipv6 neighbors reset ipv6 neighbors ipv6 neighbor link-local minimize Use ipv6 neighbor link-local minimize to minimize link-local ND entries.

  • Page 257: Ipv6 Neighbors Max-Learning-Num

    Default The aging timer for ND entries in stale state is 240 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Specifies the aging timer for ND entries in stale state, in the range of 1 to 1440 minutes. Usage guidelines This aging time applies to all ND entries in stale state.

  • Page 258: Ipv6 Pathmtu

    When the number of dynamic neighbor entries reaches the threshold, the interface stops learning neighbor information. Examples # Set the maximum number of dynamic neighbor entries that VLAN-interface 100 can learn to 10. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 neighbors max-learning-num 10 ipv6 pathmtu Use ipv6 pathmtu to set a static Path MTU for an IPv6 address.

  • Page 259: Ipv6 Prefer Temporary-Address

    Use undo ipv6 pathmtu age to restore the default. Syntax ipv6 pathmtu age age-time undo ipv6 pathmtu age Default The aging time for dynamic Path MTU is 10 minutes. Views System view Predefined user roles network-admin Parameters age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100. Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU.

  • Page 260: Ipv6 Prefix

    Usage guidelines The temporary address feature enables the system to generate and preferentially use the temporary IPv6 address of the sending interface as the source address of a packet. If the temporary IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address. Examples # Enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of the packet.

  • Page 261: Ipv6 Reassemble Local Enable

    ipv6 reassemble local enable Use ipv6 reassemble local enable to enable IPv6 local fragment reassembly. Use undo ipv6 reassemble local enable to disable IPv6 local fragment reassembly. Syntax ipv6 reassemble local enable undo ipv6 reassemble local enable Default IPv6 local fragment reassembly is disabled. Views System view Predefined user roles...

  • Page 262: Ipv6 Temporary-Address

    performance degrades when there are too many host routes. As a result, sending ICMPv6 redirect messages is disabled by default. Examples # Enable sending ICMPv6 redirect messages. <Sysname> system-view [Sysname] ipv6 redirects enable ipv6 temporary-address Use ipv6 temporary-address to enable the temporary IPv6 address feature. Use undo ipv6 temporary-address to restore the default.

  • Page 263: Ipv6 Unreachables Enable

    The preferred lifetime of the address prefix in the RA message. The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR (a random number in the range of 0 to 600 seconds). • The valid lifetime of a temporary IPv6 address takes the smaller of the following values: The valid lifetime of the address prefix.

  • Page 264: Proxy-Nd Enable

    Use undo local-proxy-nd enable to disable local ND proxy. Syntax local-proxy-nd enable undo local-proxy-nd enable Default Local ND proxy is disabled. Views VLAN interface view Layer 3 Ethernet interface view Layer 3 Ethernet subinterface view Predefined user roles network-admin Examples # Enable local ND proxy on VLAN-interface 100.

  • Page 265: Reset Ipv6 Neighbors

    Related commands local-proxy-nd enable reset ipv6 neighbors Use reset ipv6 neighbors to clear IPv6 neighbor information. Syntax reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static } Views User view Predefined user roles network-admin Parameters all: Clears static and dynamic neighbor information for all interfaces.

  • Page 266: Reset Ipv6 Statistics

    Predefined user roles network-admin Parameters all: Clears all Path MTUs. dynamic: Clears all dynamic Path MTUs. static: Clears all static Path MTUs. Examples # Clear all Path MTUs. <Sysname> reset ipv6 pathmtu all Related commands display ipv6 pathmtu reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics.

  • Page 267: Dhcpv6 Commands

    DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).

  • Page 268: Ipv6 Dhcp Log Enable

    Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.

  • Page 269: Dhcpv6 Server Commands

    Default An interface does not work in the DHCPv6 server mode or in the DHCPv6 relay agent mode. It discards DHCPv6 packets from DHCPv6 clients. Views Interface view Predefined user roles network-admin Parameters relay: Enables the DHCPv6 relay agent on the interface. server: Enables the DHCPv6 server on the interface.

  • Page 270: Class Pool

    Default No non-temporary IPv6 address range exists. Views DHCPv6 address pool view Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime for the non-temporary IPv6 addresses. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days).

  • Page 271: Default Pool

    Default No DHCPv6 address pool is specified for a DHCPv6 user class. Views DHCPv6 policy view Predefined user roles network-admin Parameters class-name: Specifies a DHCPv6 user class by its name, a case-insensitive string of 1 to 63 characters. pool-name: Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63 characters.

  • Page 272: Display Ipv6 Dhcp Option-Group

    Usage guidelines In a DHCPv6 policy, the DHCPv6 server uses the default address pool to assign IPv6 address, IPv6 prefix, or other parameters to clients that do not match any user classes. If no default address pool is specified or the default address pool does not have assignable IPv6 addresses or prefixes, the assignment fails.
  • Page 273 Interface: Vlan-interface10 1::1 Domain name: Type: Static Interface: N/A aaa.com Domain name: Type: Dynamic (DHCPv6 address allocation) Interface: Vlan-interface10 aaa.com Options: Code: 23 Type: Dynamic (DHCPv6 prefix allocation) Interface: Vlan-interface10 Length: 2 bytes Hex: ABCD DHCPv6 option group: 20 DNS server addresses: Type: Static Interface: N/A 1::1...

  • Page 274: Display Ipv6 Dhcp Pool

    Field Description DHCPv6 option group created during IPv6 prefix acquisition. • Dynamic (DHCPv6 address and prefix allocation)—Parameters in a dynamic DHCPv6 option group created during IPv6 address and prefix acquisition. Interface Interface name. DNS server addresses IPv6 address of the DNS server. Domain name Domain name suffix.
  • Page 275 Addresses: Range: from 3FFE:501:FFFF:100::1 to 3FFE:501:FFFF:100::99 Preferred lifetime 70480, valid lifetime 200000 Total address number: 153 Available: 153 In-use: 0 Temporary addresses: Range: from 3FFE:501:FFFF:100::200 to 3FFE:501:FFFF:100::210 Preferred lifetime 60480, valid lifetime 259200 Total address number: 17 Available: 17 In-use: 0 Static bindings: DUID: 0003000100e0fc000001 IAID: 0000003f...

  • Page 276: Display Ipv6 Dhcp Prefix-Pool

    Field Description example, a switchover from the backup to the master), the prefix is marked (Zombie). Prefix pool Prefix pool referenced by the address pool. Preferred lifetime Preferred lifetime in seconds. valid lifetime Valid lifetime in seconds. Addresses Non-temporary IPv6 address range. Range IPv6 address range for dynamic allocation.
  • Page 277 Examples # Display brief information about all prefix pools. <Sysname> display ipv6 dhcp prefix-pool Prefix-pool Prefix Available In-use Static 5::/64 # Display brief information about all prefix pools. <Sysname> display ipv6 dhcp prefix-pool Prefix-pool Prefix Available In-use Static Not-available # Display brief information about all prefix pools. <Sysname>...

  • Page 278: Display Ipv6 Dhcp Server

    Field Description In-use Number of assigned prefixes. Static Number of statically bound prefixes. Assigned length Length of assigned prefixes. Total prefix number Number of prefixes. display ipv6 dhcp server Use display ipv6 dhcp server to display DHCPv6 server configuration information. Syntax display ipv6 dhcp server [ interface interface-type interface-number ] Views...

  • Page 279: Display Ipv6 Dhcp Server Conflict

    Field Description Server preference in the DHCPv6 Advertise message. The value range Preference value is 0 to 255. The bigger the value is, the higher preference the server has. Allow-hint Indicates whether desired address/prefix assignment is enabled. Rapid-commit Indicates whether rapid address/prefix assignment is enabled. display ipv6 dhcp server conflict Use display ipv6 dhcp server conflict to display information about IPv6 address conflicts.

  • Page 280: Display Ipv6 Dhcp Server Database

    display ipv6 dhcp server database Use display ipv6 dhcp server database to display information about DHCPv6 binding auto backup. Syntax display ipv6 dhcp server database Views Any view Predefined user roles network-admin network-operator Examples # Display information about DHCPv6 binding auto backup. <Sysname>...

  • Page 281: Display Ipv6 Dhcp Server Ip-In-Use

    Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays lease expiration information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays lease expiration information for all IPv6 addresses. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
  • Page 282 Parameters address ipv6-address: Displays binding information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays binding information for all IPv6 addresses. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays binding information about IPv6 addresses for the public network.

  • Page 283: Display Ipv6 Dhcp Server Pd-In-Use

    Field Description • Static(F)—Free static binding whose IPv6 address has not been assigned. • Static(O)—Offered static binding whose IPv6 address has been selected and sent by the DHCPv6 server in a DHCPv6 OFFER packet to the client. • Static(C)—Committed static binding whose IPv6 address has been assigned to the client.
  • Page 284 Parameters pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays IPv6 prefix binding information for all DHCPv6 address pools. prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix.

  • Page 285: Display Ipv6 Dhcp Server Statistics

    Field Description • Static(O)—Offered static binding whose IPv6 prefix has been selected and sent by the DHCPv6 server in a DHCPv6 OFFER packet to the client. • Static(C)—Committed static binding whose IPv6 prefix has been assigned to the client. • Auto(O)—Offered dynamic binding whose IPv6 prefix has been dynamically selected by the DHCPv6 server and sent in a DHCPv6-OFFER packet to the DHCPv6 client.
  • Page 286 vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays DHCPv6 server statistics for the public network. Examples # Display all DHCPv6 packet statistics on the DHCPv6 server. <Sysname>...

  • Page 287: Dns-Server

    Field Description Number of packets discarded. If statistics about an address pool are Packets dropped displayed, this field is not displayed. Number of messages sent by the DHCPv6 server. The message types include: • Advertise. • Reconfigure. Packets sent • Reply.

  • Page 288: Domain-Name

    domain-name Use domain-name to specify a domain name in a DHCPv6 address pool. Use undo domain-name to restore the default. Syntax domain-name domain-name undo domain-name Default No domain name is specified. Views DHCPv6 address pool view DHCPv6 option group view Predefined user roles network-admin Parameters...
  • Page 289 Predefined user roles network-admin Parameters rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a higher match priority. option option-code: Specifies a DHCPv6 option by its number in the range of 1 to 65535. ascii ascii-string: Specifies an ASCII string of 1 to 128 characters.

  • Page 290: Ipv6 Dhcp Apply-Policy

    Examples # Configure match rule 1 for the DHCPv6 user class exam to match DHCPv6 requests that contain Option 16. <Sysname> system-view [Sysname] ipv6 dhcp class exam [Sysname-dhcp6-class-exam] if-match rule 1 option 16 # Configure match rule 2 for the DHCPv6 user class exam. The rule matches DHCPv6 requests in which the highest bit of the fourth byte in Option 16 is the hexadecimal number 1.

  • Page 291: Ipv6 Dhcp Class

    Usage guidelines You can apply only one DHCPv6 policy to an interface. If you execute this command multiple times, the most recent configuration takes effect. Examples # Apply the DHCPv6 policy test to VLAN-interface 2. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ipv6 dhcp apply-policy test Related commands ipv6 dhcp class...

  • Page 292: Ipv6 Dhcp Option-Group

    ipv6 dhcp option-group Use ipv6 dhcp option-group to create a static DHCPv6 option group and enter its view. Use undo ipv6 dhcp option-group to delete the specified static DHCPv6 option group. Syntax ipv6 dhcp option-group option-group-number undo ipv6 dhcp option-group option-group-number Default No static DHCPv6 option groups exist.

  • Page 293: Ipv6 Dhcp Pool

    Parameters policy-name: Assigns a name to the DHCPv6 policy. The policy name is a case-insensitive string of 1 to 63 characters. Usage guidelines In DHCP policy view, you can specify address pools for different user classes. Clients matching a user class will obtain IPv6 addresses and other parameters from the specified address pool. For a DHCPv6 policy to take effect, you must apply it to an interface.

  • Page 294: Ipv6 Dhcp Prefix-Pool

    <Sysname> system-view [Sysname] ipv6 dhcp pool pool1 [Sysname-dhcp6-pool-pool1] Related commands class pool display ipv6 dhcp pool ipv6 dhcp server apply pool ipv6 dhcp prefix-pool Use ipv6 dhcp prefix-pool to create a prefix pool and specify the prefix and the assigned prefix length for the pool.

  • Page 295: Ipv6 Dhcp Server

    • If the prefix that the ID represents is changed, the prefix range in the prefix pool accordingly changes. Examples # Create IPv6 prefix 88:99::/32 with the ID 3. Configure prefix pool 2 with IPv6 prefix 3 and assigned prefix length 42. Prefix pool 2 contains 1024 prefixes from 88:99::/42 to 88:99:FFC0::/42. <Sysname>...

  • Page 296: Ipv6 Dhcp Server Apply Pool

    Examples # Configure global address assignment on the interface VLAN-interface 2. Use the desired address/prefix assignment and rapid address/prefix assignment, and set the server preference to the highest 255. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ipv6 dhcp server allow-hint preference 255 rapid-commit Related commands display ipv6 dhcp server ipv6 dhcp select...

  • Page 297: Ipv6 Dhcp Server Database Filename

    A non-existing address pool can be applied to an interface, but the server cannot assign any prefix, address, or other configuration information from the address pool until the address pool is created. Examples # Apply address pool 1 to VLAN-interface 2, configure the address pool to support desired address/prefix assignment and address/prefix rapid assignment, and set the preference to 255.

  • Page 298: Ipv6 Dhcp Server Database Update Interval

    Usage guidelines The command automatically creates the file if you specify a nonexistent file. With this command executed, the DHCPv6 server backs up its bindings immediately and runs auto backup. The server, by default, waits 300 seconds after a binding change to update the backup file. You can use the ipv6 dhcp server database update interval command to change the waiting time.

  • Page 299: Ipv6 Dhcp Server Database Update Now

    Views System view Predefined user roles network-admin Parameters interval: Sets the waiting time in the range of 60 to 864000 seconds. Usage guidelines When a DHCPv6 binding is created, updated, or removed, the waiting period starts. The DHCPv6 server updates the backup file when the waiting period is reached. All bindings changed during the period will be saved to the backup file.

  • Page 300: Ipv6 Dhcp Server Database Update Stop

    ipv6 dhcp server database update stop ipv6 dhcp server database update stop Use ipv6 dhcp server database update stop to terminate the download of DHCPv6 bindings from the backup file. Syntax ipv6 dhcp server database update stop Views System view Predefined user roles network-admin Usage guidelines...

  • Page 301: Ipv6 Dhcp Server Forbidden-Prefix

    Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address, which cannot be lower than start-ipv6-address. If you do not specify an end IPv6 address, only the start IPv6 address is excluded from dynamic allocation.

  • Page 302: Network

    Predefined user roles network-admin Parameters start-prefix/prefix-len: Specifies the start IPv6 prefix. The prefix-len argument specifies the prefix length in the range of 1 to 128. end-prefix/prefix-len: Specifies the end IPv6 prefix. The prefix-len argument specifies the prefix length in the range of 1 to 128. The value for end-prefix cannot be lower than that for start-prefix. If you do not specify this argument, only the start-prefix/prefix-len is excluded from dynamic allocation.
  • Page 303 Parameters prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation. The value range for the prefix-length argument is 1 to 128. prefix prefix-number: Specifies an IPv6 prefix by its ID in the range of 1 to 1024. sub-prefix/sub-prefix-length: Specifies an IPv6 sub-prefix and its length. The value range for the sub-prefix-length argument is 1 to 128.

  • Page 304: Option

    display ipv6 dhcp pool temporary address range option Use option to configure a self-defined DHCPv6 option in a DHCPv6 address pool. Use undo option to remove a self-defined DHCPv6 option from a DHCPv6 address pool. Syntax option code hex hex-string undo option code Default No self-defined DHCPv6 option is configured in a DHCPv6 address pool.

  • Page 305: Option-Group

    Related commands display ipv6 dhcp pool dns-server domain-name sip-server option-group Use option-group to specify a DHCPv6 option group for a DHCPv6 address pool. Use undo option-group to restore the default. Syntax option-group option-group-number undo option-group Default No DHCPv6 option group is specified for a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles...

  • Page 306: Reset Ipv6 Dhcp Server Conflict

    Views DHCPv6 address pool view Predefined user roles network-admin Parameters prefix-pool-number: Specifies a prefix pool by its number in the range of 1 to 128. preferred-lifetime preferred-lifetime: Sets the preferred lifetime in the range of 60 to 4294967295 seconds. The default value is 604800 seconds (7 days). valid-lifetime valid-lifetime: Sets the valid lifetime in the range of 60 to 4294967295 seconds.

  • Page 307: Reset Ipv6 Dhcp Server Expired

    vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears conflict information about IPv6 addresses for the public network. Usage guidelines Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts.

  • Page 308: Reset Ipv6 Dhcp Server Pd-In-Use

    Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears binding information for the specified assigned IPv6 address. If you do not specify an IPv6 address, this command clears binding information for all assigned IPv6 addresses. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

  • Page 309: Reset Ipv6 Dhcp Server Statistics

    vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears binding information about assigned IPv6 prefixes for the public network. Usage guidelines If you execute this command to clear information about an assigned static binding, the static binding becomes a free static binding.

  • Page 310: Static-Bind

    Default No SIP server address or domain name is specified. Views DHCPv6 address pool view DHCPv6 option group view Predefined user roles network-admin Parameters address ipv6-address: Specifies the IPv6 address of a SIP server. domain-name domain-name: Specifies the domain name of a SIP server, a case-insensitive string of 1 to 50 characters.

  • Page 311: Temporary Address Range

    prefix prefix/prefix-len: Specifies the prefix and prefix length. The value range for the prefix length is 1 to 128. duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256. iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF. If you do not specify an IAID, the server does not match the client IAID for prefix assignment.

  • Page 312: Vpn-Instance

    Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Sets the preferred lifetime. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days). valid-lifetime valid-lifetime: Sets the valid lifetime. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days).

  • Page 313: Dhcpv6 Relay Agent Commands

    Parameters vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the DHCPv6 address pool belongs to the public network. Usage guidelines If a DHCPv6 address pool is applied to a VPN instance, the DHCPv6 server assigns IPv6 addresses in this address pool to clients in the specified VPN instance.

  • Page 314: Display Ipv6 Dhcp Relay Statistics

    Interface: Vlan-interface3 Server address Outgoing Interface 2::3 3::4 Vlan-interface4 # Display DHCPv6 server addresses on VLAN-interface 2. <Sysname> display ipv6 dhcp relay server-address interface vlan-interface 2 Interface: Vlan-interface2 Server address Outgoing Interface 2::3 3::4 Vlan-interface4 Table 67 Command output Field Description Server address DHCPv6 server address specified on the DHCP relay agent.
  • Page 315 Renew Rebind Release Decline Information-request Relay-forward Relay-reply Packets sent Advertise Reconfigure Reply Relay-forward Relay-reply # Display DHCPv6 packet statistics on the DHCPv6 relay agent on VLAN-interface 2. <Sysname> display ipv6 dhcp relay statistics interface vlan-interface 2 Packets dropped Packets received Solicit Request Confirm...

  • Page 316: Gateway-List

    Field Description Information-request Number of received information request packets. Relay-forward Number of received relay-forward packets. Relay-reply Number of received relay-reply packets. Packets sent Number of sent packets. Advertise Number of sent advertise packets. Reconfigure Number of sent reconfigure packets. Reply Number of sent reply packets.

  • Page 317: Ipv6 Dhcp Relay Gateway

    [Sysname] ipv6 dhcp pool p1 [Sysname-dhcp6-pool-p1] gateway-list 10::1 ipv6 dhcp relay gateway Use ipv6 dhcp relay gateway to specify a gateway address for DHCPv6 clients on the DHCPv6 relay interface. Use undo ipv6 dhcp relay gateway to restore the default. Syntax ipv6 dhcp relay gateway ipv6-address undo ipv6 dhcp relay gateway...

  • Page 318: Ipv6 Dhcp Relay Server-Address

    Views Interface view Predefined user roles network-admin Parameters interface: Specifies the interface name mode. This mode pads the Interface-ID option in ASCII code with the interface name and VLAN ID of the interface. Usage guidelines Enable the DHCPv6 relay agent on the interface before executing this command. Otherwise, the command does not take effect.

  • Page 319: Remote-Server

    If you do not specify an IPv6 address, the undo ipv6 dhcp relay server-address command removes all DHCPv6 server addresses specified on the interface. Do not enable the DHCPv6 client and the DHCPv6 relay agent on the same interface. Examples # Enable the DHCPv6 relay agent on VLAN-interface 2 and specify the DHCPv6 server address 2001:1::3.

  • Page 320: Reset Ipv6 Dhcp Relay Statistics

    [Sysname-dhcp6-pool-0] remote-server 10::1 reset ipv6 dhcp relay statistics Use reset ipv6 dhcp relay statistics to clear packets statistics on the DHCPv6 relay agent. Syntax reset ipv6 dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an interface by its type and number.

  • Page 321: Display Ipv6 Dhcp Snooping Binding Database

    Examples # Display all DHCPv6 snooping entries. <Sysname> display ipv6 dhcp snooping binding 1 DHCPv6 snooping entries found. IPv6 address MAC address Lease VLAN SVLAN Interface ================ ============== =========== ==== ===== ======================== 2::1 00e0-fc00-0006 54 HundredGigE1/0/1 Table 69 Command output Field Description IPv6 Address...

  • Page 322: Display Ipv6 Dhcp Snooping Packet Statistics

    Status Last write succeeded. Table 70 Command output Field Description File name Name of the DHCPv6 snooping entry backup file. Username Username for accessing the URL of the remote backup file. Password for accessing the URL of the remote backup file. This field displays ****** if Password a password is configured.

  • Page 323: Ipv6 Dhcp Snooping Binding Database Filename

    Syntax display ipv6 dhcp snooping trust Views Any view Predefined user roles network-admin network-operator Examples # Display information about trusted ports. <Sysname> display ipv6 dhcp snooping trust DHCPv6 snooping is enabled. Interface Trusted ========================= ============ HundredGigE1/0/1 Trusted The output shows that DHCPv6 snooping is enabled and HundredGigE 1/0/1 is the trusted port. Related commands ipv6 dhcp snooping trust ipv6 dhcp snooping binding database filename...
  • Page 324 cipher: Specifies a password in encrypted form. simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.

  • Page 325: Ipv6 Dhcp Snooping Binding Database Update Interval

    ipv6 dhcp snooping binding database update interval Use ipv6 dhcp snooping binding database update interval to set the waiting time for the DHCPv6 snooping device to update the backup file after a DHCPv6 snooping entry change. Use undo ipv6 dhcp snooping binding database update interval to restore the default. Syntax ipv6 dhcp snooping binding database update interval interval undo ipv6 dhcp snooping binding database update interval...

  • Page 326: Ipv6 Dhcp Snooping Binding Record

    This command takes effect only after you configure the DHCPv6 snooping entry auto backup by using the ipv6 dhcp snooping binding database filename command. Examples # Manually save DHCPv6 snooping entries to the backup file. <Sysname> system-view [Sysname] ipv6 dhcp snooping binding database update now Related commands ipv6 dhcp snooping binding database filename ipv6 dhcp snooping binding record...

  • Page 327: Ipv6 Dhcp Snooping Deny

    Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines Use the DHCPv6-REQUEST check feature to protect the DHCPv6 server against DHCPv6 client spoofing attacks. The feature enables the DHCPv6 snooping device to check every received DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries.

  • Page 328: Ipv6 Dhcp Snooping Enable

    ipv6 dhcp snooping enable Use ipv6 dhcp snooping enable to enable DHCPv6 snooping. Use undo ipv6 dhcp snooping enable to disable DHCPv6 snooping. Syntax ipv6 dhcp snooping enable undo ipv6 dhcp snooping enable Default DHCPv6 snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines...

  • Page 329: Ipv6 Dhcp Snooping Max-Learning-Num

    configuration in the information center, see Network Management and Monitoring Configuration Guide. As a best practice, disable this feature if the log generation affects the device performance. Examples # Enable DHCPv6 snooping logging. <Sysname> system-view [Sysname] ipv6 dhcp snooping log enable ipv6 dhcp snooping max-learning-num Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping entries for an interface to learn.

  • Page 330: Ipv6 Dhcp Snooping Option Interface-Id String

    Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines This command takes effect only when DHCPv6 snooping is globally enabled. Examples # Enable support for Option 18. <Sysname> system-view [Sysname] ipv6 dhcp snooping enable [Sysname] interface hundredgige 1/0/1 [Sysname-HundredGigE1/0/1] ipv6 dhcp snooping option interface-id enable Related commands...

  • Page 331: Ipv6 Dhcp Snooping Option Remote-Id Enable

    Related commands ipv6 dhcp snooping enable ipv6 dhcp snooping option interface-id enable ipv6 dhcp snooping option remote-id enable Use ipv6 dhcp snooping option remote-id enable to enable support for the remote-ID option (also called Option 37). Use undo ipv6 dhcp snooping option remote-id enable to disable support for the remote-ID option.

  • Page 332: Ipv6 Dhcp Snooping Rate-Limit

    Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Predefined user roles network-admin Parameters vlan vlan-id: Pads the remote ID for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the remote ID for packets received from the default VLAN. remote-id: Specifies the a string of 1 to 128 characters as the remote ID.

  • Page 333: Ipv6 Dhcp Snooping Trust

    The chip-supported maximum rate is an integer multiple of eight. If you set the maximum rate to 67, the value 64 or 72 takes effect. Examples # Configure HundredGigE 1/0/1 to receive DHCPv6 packets at a maximum rate of 64 Kbps. <Sysname>...

  • Page 334: Reset Ipv6 Dhcp Snooping Packet Statistics

    Parameters address ipv6-address: Clears the DHCPv6 snooping entry for the specified IPv6 address. vlan vlan-id: Clears DHCPv6 snooping entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCPv6 snooping entries for the default VLAN. all: Clears all DHCPv6 snooping entries.

  • Page 335: Ipv6 Fast Forwarding Commands

    IPv6 fast forwarding commands display ipv6 fast-forwarding aging-time Use display ipv6 fast-forwarding aging-time to display the aging time of IPv6 fast forwarding entries. Syntax display ipv6 fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of IPv6 fast forwarding entries. <Sysname>...

  • Page 336: Ipv6 Fast-Forwarding Aging-Time

    Examples # Display all IPv6 fast forwarding entries. <Sysname> display ipv6 fast-forwarding cache Total number of IPv6 fast-forwarding items: 2 Src IP: 2002::1 Src port: 129 Dst IP: 2001::1 Dst port: 65535 Protocol: 58 VPN instance: vpn1 Input interface: GE1/0/2 Output interface: GE1/0/1 Src IP: 2001::1 Src port: 128...

  • Page 337: Ipv6 Fast-Forwarding Load-Sharing

    Default The aging time is 30 seconds. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging time in the range of 10 to 300 seconds. Examples # Set the aging time to 20 seconds for IPv6 fast forwarding entries. <Sysname>...
  • Page 338 Syntax reset ipv6 fast-forwarding cache [ slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears the IPv6 fast forwarding table for all member devices. Examples # Clear the IPv6 fast forwarding table.

  • Page 339: Tunneling Commands

    Tunneling commands bandwidth Use bandwidth to set the expected bandwidth for an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth (in kbps) is the interface maximum rate divided by 1000. Views Tunnel interface view Predefined user roles network-admin...

  • Page 340: Description

    This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use their undo forms or follow the command reference to restore their default settings.

  • Page 341: Display Interface Tunnel

    undo destination Default No tunnel destination address is configured. Views Tunnel interface view Predefined user roles network-admin Parameters ipv4-address: Specifies the tunnel destination IPv4 address. ipv6-address: Specifies the tunnel destination IPv6 address. Usage guidelines For a manual tunnel interface, you must configure the destination address. For an automatic tunnel interface, you do not need to configure the destination address.
  • Page 342 Views Any view Predefined user roles network-admin network-operator Parameters tunnel [ number ]: Specifies a tunnel interface. The number argument specifies the tunnel interface number. The specified tunnel interface must have been created. If you do not specify the tunnel keyword, this command displays information about all interfaces on the device.
  • Page 343 Field Description • UP—The interface is both administratively and physically up. Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. • UP—The data link layer protocol is up. • Line protocol state UP (spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist.
  • Page 344 Field Description software. # Display brief information about Tunnel 1. <Sysname> display interface tunnel 1 brief Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Primary IP Description Tun1 1.1.1.1...

  • Page 345: Interface Tunnel

    Field Description using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. • Not connected—The tunnel is not established. Related commands destination interface tunnel source interface tunnel Use interface tunnel to create a tunnel interface, specify the tunnel mode, and enter tunnel interface view, or enter the view of an existing tunnel interface.

  • Page 346: Mtu

    Examples # Create GRE/IPv4 tunnel interface Tunnel 1 and enter tunnel interface view. <Sysname> system-view [Sysname] interface tunnel 1 mode gre [Sysname-Tunnel1] Related commands destination display interface tunnel source Use mtu to set the MTU on a tunnel interface. Use undo mtu to restore the default. Syntax mtu size undo mtu...

  • Page 347: Reset Counters Interface Tunnel

    reset counters interface tunnel Use reset counters interface tunnel to clear tunnel interface statistics. Syntax reset counters interface [ tunnel [ number ] ] Views User view Predefined user roles network-admin Parameters tunnel [ number ]: Specifies a tunnel interface. The number argument specifies the tunnel interface number.

  • Page 348: Shutdown

    Make sure the specified traffic processing slot is available. If the specified traffic processing slot is unavailable, traffic on the tunnel interface cannot be forwarded, whether or not the tunnel interface is up. Traffic on the tunnel interface will not be forwarded until the traffic processing slot becomes available or until you respecify an available traffic processing slot.

  • Page 349: Tunnel Dfbit Enable

    Views Tunnel interface view Predefined user roles network-admin Parameters ipv4-address: Specifies the tunnel source IPv4 address. ipv6-address: Specifies the tunnel source IPv6 address. interface-type interface-number: Specifies the source interface by its type and number. The interface must be up and must have an IP address. Usage guidelines The specified source address or the address of the specified source interface is used as the source address of tunneled packets.

  • Page 350: Tunnel Discard Ipv4-Compatible-Packet

    Predefined user roles network-admin Usage guidelines To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than the tunneled packet length. To avoid discarding tunneled packets whose length is larger than the path MTU, do not set the DF bit. This command is not supported on a GRE/IPv6 tunnel interface and an IPv6 tunnel interface.

  • Page 351: Tunnel Ttl

    Default The ToS of tunneled packets is the same as the ToS of the original packets. Views Tunnel interface view Predefined user roles network-admin Parameters tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255. Usage guidelines After you configure this command, all the tunneled packets of different services sent on the tunnel interface will use the same configured ToS.
  • Page 352 [Sysname] interface tunnel 1 mode gre [Sysname-Tunnel1] tunnel ttl 100 Related commands display interface tunnel...

  • Page 353: Gre Commands

    GRE commands keepalive Use keepalive to enable GRE keepalive and set the keepalive interval and the keepalive number. Use undo keepalive to disable GRE keepalive. Syntax keepalive [ interval [ times ] ] undo keepalive Default GRE keepalive is disabled. Views Tunnel interface view Predefined user roles...

  • Page 354: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 355: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 356: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 357: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 358 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 359: Index

    Index A B C D E F G I K L M N O P R S T U V W dhcp log enable,31 dhcp option-group,40 address range,33 dhcp policy,41 address range,259 dhcp relay check mac-address,79 arp check enable,1 dhcp relay check mac-address aging-time,79 arp check log enable,1...
  • Page 360 dhcp snooping log enable,116 display ipv6 dhcp relay server-address,303 dhcp snooping max-learning-num,117 display ipv6 dhcp relay statistics,304 dhcp snooping rate-limit,117 display ipv6 dhcp server,268 dhcp snooping trust,118 display ipv6 dhcp server conflict,269 dhcp-server timeout,91 display ipv6 dhcp server database,270 display adjacent-table,160 display ipv6 dhcp server expired,270...
  • Page 361 trust-interface,134 ipv6 address auto,227 dns-list,60 ipv6 address auto link-local,227 dns-server,277 ipv6 address eui-64,228 Documentation feedback,347 ipv6 address link-local,229 domain-name,60 ipv6 address prefix-number,230 domain-name,278 ipv6 dhcp apply-policy,280 ipv6 dhcp class,281 ipv6 dhcp dscp,257 expired,61 ipv6 dhcp log enable,258 ipv6 dhcp option-group,282 ipv6 dhcp policy,282 forbidden-ip,62...
  • Page 362 ipv6 icmpv6 error-interval,232 option-group,295 ipv6 icmpv6 multicast-echo-reply enable,233 ipv6 icmpv6 source,234 password,145 ipv6 mtu,234 prefix-pool,295 ipv6 nd autoconfig managed-address-flag,235 proxy-arp enable,19 ipv6 nd autoconfig other-flag,236 proxy-nd enable,254 ipv6 nd dad attempts,237 ipv6 nd ns retrans-timer,237 ipv6 nd nud reachable-time,238 Remote support,347 ipv6 nd ra halt,239...
  • Page 363 udp-helper broadcast-map,196 udp-helper enable,197 mss,190 udp-helper port,197 path-mtu-discovery,191 udp-helper server,198 tcp syn-cookie enable,192 url,146 tcp timer fin-timeout,192 username,148 tcp timer syn-timeout,193 window,194 temporary address range,301 valid class,76 tftp-server domain-name,74 verify class,76 tftp-server ip-address,75 voice-config,77 tunnel dfbit enable,339 vpn-instance,302 tunnel discard ipv4-compatible-packet,340 vpn-instance,78 tunnel...

Table of Contents