Ping, tracert, and system debugging commands debugging Use debugging to enable debugging for a module. Use undo debugging to disable debugging for a module. Syntax debugging module-name [ option ] undo debugging module-name [ option ] Default Debugging is disabled for all modules. Views User view Predefined user roles...
display debugging Use display debugging to display the enabled debugging features for a module or for all modules. Syntax display debugging [ module-name ] Views Any view Predefined user roles network-admin network-operator Parameters module-name: Specifies a module by its name. For a list of supported modules, use the display debugging ? command.
Page 17
-a source-ip: Specifies an IP address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IP address of ICMP echo requests is the primary IP address of the outbound interface. -c count: Specifies the number of ICMP echo requests that are sent to the destination.
Page 18
-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option. host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters.
Page 19
# Test whether the device with an IP address of 1.1.2.2 is reachable. The IP addresses of the hops that the ICMP packets passed in the path are displayed. <Sysname> ping -r 1.1.2.2 Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms 1.1.2.1 1.1.2.2...
ping ipv6 Use ping ipv6 to test the reachability of the destination IPv6 address and display IPv6 ping statistics. Syntax ping ipv6 [ -a source-ipv6 | -c count | -i interface-type interface-number | -m interval | -q | -s packet-size | -t timeout | -tc traffic-class| -v | -vpn-instance vpn-instance-name ] * host Views Any view Predefined user roles...
Page 21
host: Specifies the IPv6 address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.). Usage guidelines To ping a device identified by its host name, configure the DNS settings on the device first.
Table 2 Command output Field Description Ping6(56 data bytes) An ICMPv6 echo reply with a data length of 56 bytes is sent from 2001::1 to 2001::2. 2001::1 --> 2001::2, press CTRL_C to break Press Ctrl+C to abort the ping IPv6 operation. Received ICMPv6 echo replies from the device whose IPv6 address is 2001::2.
Page 23
-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434. If the destination address is an EID address at a remote LISP site, specify a port number in the range of 33434 to 65535. -q packet-number: Specifies the number of probe packets to send per hop.
Page 24
To abort the tracert operation during the execution of the command, press Ctrl+C. Examples # Display the path that the packets traverse from source to destination (1.1.2.2). <Sysname> tracert 1.1.2.2 traceroute to 1.1.2.2 (1.1.2.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms 1.1.2.2 (1.1.2.2) [AS 100] 580 ms 470 ms 80 ms...
Field Description ICMP timeout packets on an MPLS network, carrying MPLS label information: • Label—Label value that is used to identify a forwarding equivalence class (FEC). MPLS Label=100048 Exp=0 • Exp—Reserved, usually used for class of service (CoS). TTL=1 S=1 •...
Page 26
• global: Specifies the global routing table. • none: Disables AS resolution. • vpn: Specifies the VPN routing table. -w timeout: Specifies the timeout time (in milliseconds) of the reply packet of a probe packet. The value range is 1 to 65535, and the default is 5000. host: Specifies the IPv6 address or host name of the destination.
Page 27
Table 4 Command output Field Description Display the route that the IPv6 packets traverse from the current device traceroute to 2001:3::2 to the device whose IP address is 2001:3:2. Maximum number of hops of the probe packets, which can be set by the hops at most -m keyword.
NQA commands NQA client commands advantage-factor Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values. Use undo advantage-factor to restore the default. Syntax advantage-factor factor undo advantage-factor Default The advantage factor is 0.
Predefined user roles network-admin Parameters string: Specifies a case-sensitive string of 1 to 200 characters. Usage guidelines If the payload length is smaller than the string length, only the first part of the string is filled. For example, if you configure the string as abcd and set the payload size to 3 bytes, abc is filled. If the payload length is greater than the string length, the system fills the payload with the string cyclically until the payload is full.
description Use description to configure a description for an NQA operation, such as the operation type or purpose. Use undo description to restore the default. Syntax description text undo description Default No description is configured for an NQA operation. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view ICMP/path/UDP jitter operation view...
[Sysname-nqa-admin-test-icmp-echo] destination ipv6 1::1 destination port Use destination port to configure the destination port number for the operation. Use undo destination port to restore the default. Syntax destination port port-number undo destination port Default The destination port number is 33434 for the UDP tracert operation. No destination port number is configured for other types of operations.
Page 35
Predefined user roles network-admin network-operator Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
Succeeded 2011-04-29 20:54:24.5 Succeeded 2011-04-29 20:54:24.1 Succeeded 2011-04-29 20:54:23.8 Succeeded 2011-04-29 20:54:23.4 Table 6 Command output Field Description History record ID. Index The history records in one UDP tracert operation have the same ID. TTL value in the probe packet. Round-trip time if the operation succeeds, timeout time upon timeout, or 0 if the Response operation cannot be completed, in milliseconds.
Page 37
Usage guidelines The result fields display hyphens (-) in one of the following conditions: • The threshold type is the average value. • The monitored performance metric is ICPIF or MOS of the voice operation. The monitoring results of an operation are accumulated, and are not cleared after the operation completes.
Monitored Threshold performance Collect data in Checked Num Over-threshold Num type metric Packets sent Number of packets with Number of sent accumulate after the round-trip time exceeding packets. operation starts. threshold. average Packets sent Number of packets with Number of sent accumulate after the the one-way jitter...
Page 39
Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 35/35/35 Square-Sum of round trip time: 1225 Last succeeded probe time: 2011-05-29 10:50:33.2 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to internal error: 0 Failures due to other errors: 0...
Page 40
# Display the most recent result of the UDP jitter operation with administrator name admin and operation tag test. <Sysname> display nqa result admin test NQA entry (admin admin, tag test) test results: Send operation times: 10 Receive response times: 10 Min/Max/Average round trip time: 15/46/26 Square-Sum of round trip time: 8103 Last packet received time: 2011-05-29 10:56:38.7...
Page 41
Failures due to timeout: 1000 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Voice results: RTT number: 0 Min positive SD: 0 Min positive DS: 0 Max positive SD: 0 Max positive DS: 0 Positive SD number: 0 Positive DS number: 0...
Page 43
Table 9 Command output Field Description Data collecting in progress The operation is in progress. Send operation times Number of operations. Receive response times Number of response packets received. Min/Max/Average round trip time Minimum/maximum/average round-trip time in milliseconds. Square-Sum of round trip time Square sum of round-trip time.
Page 44
Field Description Positive SD average Average positive jitters from source to destination. Positive DS average Average positive jitters from destination to source. Positive SD square-sum Square sum of positive jitters from source to destination. Positive DS square-sum Square sum of positive jitters from destination to source. Minimum absolute value among negative jitters from source to Min negative SD destination.
Field Description DS lost packets Number of lost packets from the destination to the source. Lost packets for unknown reason Number of lost packets for unknown reasons. Voice parameters. Voice scores This field is available only for the voice operation. MOS value MOS value calculated for the voice operation.
Page 46
Predefined user roles network-admin network-operator Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
Page 47
Send operation times: 1560 Receive response times: 1560 Min/Max/Average round trip time: 1/2/1 Square-Sum of round trip time: 1563 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 ICMP-jitter results:...
Page 48
Square-Sum of round trip time: 24360 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 UDP-jitter results: RTT number: 550 Min positive SD: 1 Min positive DS: 1...
Page 49
Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Voice results: RTT number: 10 Min positive SD: 3 Min positive DS: 1 Max positive SD: 10 Max positive DS: 1 Positive SD number: 3...
Page 50
Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Path-Jitter Results: Jitter number: 9 Min/Max/Average jitter: 0/0/0 Positive jitter number: 0 Min/Max/Average positive jitter: 0/0/0 Sum/Square-Sum positive jitter: 0/0 Negative jitter number: 0...
Page 51
Field Description Square-Sum of round trip time Square sum of round-trip time. Packet loss ratio Average packet loss ratio. Failures due to timeout Number of timeout occurrences in an operation. Failures due to disconnect Number of disconnections by the peer. Failures due to no connection Number of failures to connect with the peer.
Page 52
Field Description Negative SD number Number of negative jitters from source to destination. Negative DS number Number of negative jitters from destination to source. Sum of absolute values of negative jitters from source to Negative SD sum destination. Sum of absolute values of negative jitters from destination to Negative DS sum source.
Page 53
Field Description Checked Element Monitored element. Threshold Type Threshold type. Number of targets that have been monitored for data Checked Num collection. Over-threshold Num Number of threshold violations. Serial number for the path in the path jitter operation. Path This field is available only for the path jitter operation. IP address of the hop.
Monitored Threshold performance Collect data in Checked Num Over-threshold Num type metric Probes in the Number of consecutive Number of probe failures. counting interval. completed probes. Packets sent in Number of packets of Number of sent accumulate the counting which the round-trip time packets.
Examples # Specify config.txt as the file to be transferred between the FTP server and the FTP client for the FTP operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] filename config.txt frequency Use frequency to specify the interval at which the NQA operation repeats. Use undo frequency to restore the default.
history-record enable Use history-record enable to enable the saving of history records for the NQA operation. Use undo history-record enable to disable the saving of history records. Syntax history-record enable undo history-record enable Default The saving of history records is enabled only for the UDP tracert operation. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view ICMP/UDP echo operation view...
Default The history records of an NQA operation are kept for 120 minutes. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view ICMP/UDP echo operation view UDP tracert operation view Predefined user roles network-admin Parameters keep-time: Specifies how long the history records can be saved. The value range is 1 to 1440 minutes.
Predefined user roles network-admin Parameters number: Specifies the maximum number of history records that can be saved for an NQA operation. The value range is 0 to 50. Usage guidelines If the number of history records for an NQA operation exceeds the maximum number, earliest history records are removed.
lsr-path Use lsr-path to specify a loose source routing (LSR) path. Use undo lsr-path to restore the default. Syntax lsr-path ip-address&<1-8> undo lsr-path Default No LSR path is configured. Views Path jitter operation view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses. Each IP address represents a hop on the path.
Default A UDP tracert operation stops and fails when it detects five consecutive probe failures. Views UDP tracert operation view Predefined user roles network-admin Parameters times: Specifies the maximum number in the range of 0 to 255. When this argument is set to 0 or 255, the UDP tracert operation does not stop when consecutive probe failures occur.
Examples # Set the data transmission mode to passive for the FTP operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] mode passive next-hop ip Use next-hop ip to specify the next hop IPv4 address for probe packets. Use undo next-hop ip to restore the default.
undo next-hop ipv6 Default No next hop IPv6 address is specified for probe packets. Views ICMP echo operation view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of the next hop. IPv6 link-local addresses are not supported. Usage guidelines If the next hop IPv6 address is not configured, the device searches the routing table to determine the next hop IPv6 address for the probe packets.
You can use this command to test the path MTU of a link. Examples # Enable the no-fragmentation feature for the UDP tracert operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-tracert [Sysname-nqa-admin-test-udp-tracert] no-fragment enable Use nqa to create an NQA operation and enter its view, or enter the view of an existing NQA operation.
Use undo nqa agent enable to disable the NQA client and stop all operations being performed. Syntax nqa agent enable undo nqa agent enable Default The NQA client is enabled. Views System view Predefined user roles network-admin Examples # Enable the NQA client. <Sysname>...
start-time: Specifies the start time and date of the NQA operation. hh:mm:ss: Specifies the start time of an NQA operation. yyyy/mm/dd: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035. mm/dd/yyyy: Specifies the start date of an NQA operation.
undo operation Default The FTP operation type is get. Views FTP operation view Predefined user roles network-admin Parameters get: Gets a file from the FTP server. put: Transfers a file to the FTP server. Usage guidelines When you perform the put operation with the filename command configured, make sure the file exists on the NQA client.
Views HTTP operation view Predefined user roles network-admin Parameters get: Gets data from the HTTP server. post: Transfers data to the HTTP server. raw: Sends the RAW request to the HTTP server. Usage guidelines The HTTP operation use HTTP requests as probe packets. For the get or post operation, the content in the request is obtained from the URL specified by the url command.
Views DHCP operation view ICMP echo operation view UDP tracert operation view Predefined user roles network-admin Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines For successful operation, the specified output interface must be up. If both the next-hop and out interface commands are configured for the ICMP echo operation, the out interface command does not take effect.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password. The plaintext form of the password is a case-sensitive string of 1 to 32 characters. The encrypted form of the password is a case-sensitive string of 1 to 73 characters. Examples # Set the FTP login password to ftpuser.
• For other types of operations, this argument specifies the times of probes to the destination per operation. The value range for this argument is 1 to 15. Usage guidelines The following describes how NQA performs different types of operations: •...
Use undo probe packet-interval to restore the default. Syntax probe packet-interval interval undo probe packet-interval Default The packet sending interval is 20 milliseconds. Views ICMP jitter operation view Path jitter operation view UDP jitter operation view Voice operation view Predefined user roles network-admin Parameters interval: Specifies the sending interval in the range of 10 to 60000 milliseconds.
UDP jitter operation view Voice operation view Predefined user roles network-admin Parameters packet-number: Specifies the number of packets to be sent per probe. Available value ranges include: • 10 to 1000 for the ICMP jitter, UDP jitter, or path jitter operation. •...
Parameters timeout: Specifies the timeout time in milliseconds. The value range is 10 to 3600000. Examples # Set the response timeout time to 100 milliseconds in the UDP jitter operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] probe packet-timeout 100 probe timeout Use probe timeout to set the probe timeout time.
raw-request Use raw-request to enter raw request view and specify the content of an HTTP request. Use undo raw-request to restore the default. Syntax raw-request undo raw-request Default The contents of an HTTP raw request are not specified. Views HTTP operation view Predefined user roles network-admin Usage guidelines...
Page 75
Default No reaction entries for monitoring one-way jitter exist. Views ICMP jitter operation view UDP jitter operation view Voice operation view Predefined user roles network-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).
state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS. <Sysname>...
owd-ds: Specifies the destination-to-source delay of each probe packet as the monitored element. owd-sd: Specifies the source-to-destination delay of each probe packet as the monitored element. threshold-value: Specifies threshold range in milliseconds. upper-threshold: Specifies the upper limit in the range of 0 to 3600000. lower-threshold: Specifies the lower limit in the range of 0 to 3600000.
Views Voice operation view Predefined user roles network-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-value: Specifies threshold range. upper-threshold: Specifies the upper limit in the range of 1 to 100. lower-threshold: Specifies the lower limit in the range of 1 to 100.
Page 79
undo reaction item-number Default No reaction entries for monitoring the MOS value exist. Views Voice operation view Predefined user roles network-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-value: Specifies threshold range. upper-threshold: Specifies the upper limit in the range of 1 to 500.
reaction checked-element packet-loss Use reaction checked-element packet-loss to configure a reaction entry for monitoring packet loss in UDP jitter or voice operation. Use undo reaction to delete the specified reaction entry. Syntax reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ] undo reaction item-number Default No reaction entries for monitoring packet loss exist.
the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element packet-loss threshold-type accumulate 100 action-type trap-only reaction checked-element probe-duration...
Page 82
action-type: Specifies what action to be triggered. The default action is none. none: Specifies the action of displaying results on the terminal display. trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation. Usage guidelines You cannot edit a reaction entry after it is created.
[Sysname-nqa-admin-test-icmp-echo] reaction 3 checked-element probe-duration threshold-type consecutive 10 threshold-value 50 5 action-type trap-only reaction checked-element probe-fail (for trap) Use reaction checked-element probe-fail to configure a reaction entry for monitoring the probe failures of the operation. Use undo reaction to delete the specified reaction entry. Syntax reaction item-number...
Examples # Create reaction entry 1 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the total number of probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold.
threshold-type: Specifies a threshold type. consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures, in the range of 1 to 16. action-type: Specifies what action to be triggered. trigger-only: Triggers other modules to react to certain conditions. Usage guidelines You cannot edit a reaction entry after it is created.
Page 86
Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-type: Specifies a threshold type. accumulate accumulate-occurrences: Checks the total number of threshold violations. Available value ranges include: • 1 to 15000 for the ICMP jitter and UDP jitter operations. •...
<Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type accumulate 100 threshold-value 50 5 action-type trap-only reaction trap Use reaction trap to configure the sending of traps to the NMS under specific conditions. Use undo reaction trap to restore the default.
Usage guidelines The ICMP jitter, UDP jitter, and voice operations support only the test-complete keyword. The following parameters are not available for the UDP tracert operation: • The probe-failure consecutive-probe-failures option. • The accumulate-probe-failures argument. Examples # Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.
route-option bypass-route Use route-option bypass-route to enable the routing table bypass feature to test the connectivity to the direct destination. Use undo route-option bypass-route to disable the routing table bypass feature. Syntax route-option bypass-route undo route-option bypass-route Default The routing table bypass feature is disabled. Views DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view...
Syntax source interface interface-type interface-number undo source interface Default No source IP address is specified for probe packets. The probe packets take the primary IP address of the outgoing interface as their source IP address. Views ICMP echo operation view UDP tracert operation view Predefined user roles network-admin...
undo source ip Default The probe packets takes the IP address of their output interface as the source IP address. Views DHCP/DLSw/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view ICMP/path/UDP jitter operation view UDP tracert operation view Predefined user roles network-admin Parameters ip-address: Specifies the source IPv4 address for probe packets.
Views ICMP echo operation view Predefined user roles network-admin Parameters ipv6-address: Specifies the source IPv6 address for probe packets. IPv6 link-local addresses are not supported. Usage guidelines If you execute the source interface and source ipv6 commands for an ICMP echo operation multiple times, the most recent configuration takes effect.
Predefined user roles network-admin Parameters port-number: Specifies the source port number in the range of 1 to 65535. Examples # Set the source port number to 8000 for probe packets in the UDP echo operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-echo [Sysname-nqa-admin-test-udp-echo] source port 8000 statistics hold-time...
statistics interval Use statistics interval to set the statistics collection interval for an NQA operation. Use undo statistics interval to restore the default. Syntax statistics interval interval undo statistics interval Default The statistics collection interval is 60 minutes. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view ICMP/path/UDP jitter operation view Predefined user roles...
Default A maximum of two statistics groups can be saved. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view ICMP/path/UDP jitter operation view Predefined user roles network-admin Parameters number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.
<Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type path-jitter [Sysname-nqa-admin-test-path-jitter] target-only Use tos to set the ToS value in the IP header for probe packets. Use undo tos to restore the default. Syntax tos value undo tos Default The ToS value in the IP header of probe packets is 0. Views Any operation view Predefined user roles...
Views DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view ICMP/UDP jitter operation view UDP tracert operation view Predefined user roles network-admin Parameters value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255. Usage guidelines The route-option bypass-route command sets the TTL to 1 for probe packets.
Parameters url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. The following table describes the URL format and parameters for different operations. Operation URL format Parameter description The host parameter represents the host name of the destination server.
[Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] username administrator Related commands operation password version Use version to specify the version used in the HTTP operation. Use undo version to restore the default. Syntax version { v1.0 | v1.1 } undo version Default Version 1.0 is used in the HTTP operation.
Default The operation applies to the public network. Views DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view ICMP/UDP echo operation view ICMP/path/UDP jitter operation view UDP tracert operation view Predefined user roles network-admin Parameters vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.
NQA server status: Enabled TCP connect: IP Address Port Vpn-instance 2.2.2.2 2000 UDP echo: IP Address Port Vpn-instance 3.3.3.3 3000 vpn1 Table 12 Command output Field Description NQA server status Whether the NQA server is enabled. TCP connect Information about the TCP listening service on the NQA server. UDP echo Information about the UDP listening service on the NQA server.
Examples # Enable the NQA server. <Sysname> system-view [Sysname] nqa server enable Related commands display nqa server nqa server tcp-connect nqa server udp-echo nqa server tcp-connect Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen to a port on the specified IP address.
• The IP address must be the address of an interface on the NQA server. • To ensure successful NQA operations and avoid affecting existing services, do not configure the TCP listening service on well-known ports from 1 to 1023. Examples # Configure a TCP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.
Page 105
When you configure the IP address and port number for a UDP listening service on the NQA server, follow these restrictions and guidelines: • The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.
NTP commands NTP is supported on the following Layer 3 interfaces: • Layer 3 Ethernet interfaces. • Layer 3 Ethernet subinterfaces. • Layer 3 aggregate interfaces. • Layer 3 aggregate subinterfaces. • VLAN interfaces. • Tunnel interfaces. display ntp-service ipv6 sessions Use display ntp-service ipv6 sessionsto display information about all IPv6 NTP associations.
Page 107
Table 13 Command output Field Description • 1—Clock source selected by the system (the current reference source). • 2—The stratum level of the clock source is less than or equal to 15. [12345] • 3—The clock source has survived the clock selection algorithm. •...
Page 109
Field Description Status of the clock source corresponding to this association: • configured—The association was created at the CLI. • dynamic—The association is established dynamically. • master—The clock source is the primary time server of the current system. • selected—The clock source has survived the clock selection algorithm.
Page 110
Field Description Operation mode of the peer device: • unspec—The mode is unspecified. • sym_active—Active mode. • sym_passive—Passive mode. peer mode • client—Client mode. • server—Server mode. • broadcast—Broadcast or multicast server mode. • bclient—Broadcast or multicast client mode. Polling intervalfor the peer device, in seconds. The value peer poll interval displayed is a power of 2.
display ntp-service sessions Use display ntp-service sessionsto display information about all IPv4 NTP associations. Syntax display ntp-service sessions [verbose] Views Any view Predefined user roles network-admin network-operator Parameters verbose: Displays detailed information aboutall IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information aboutthe NTP associations.
Page 112
Field Description Reference clock ID of the NTP server: • If the reference clock is the local clock, the value of this field is related to the value of the strafield: When the value of the strafield is 0 or 1, this field displaysLOCL. When the strafield has another value, this field displaysthe IP reference address of the local clock.
Page 114
Field Description Reference clock ID of the NTP server: • If the reference clock is the local clock, the value of this field is related to the value of the Clock stratumfield: When the value of the Clock stratumfield is 0 or 1, this field displaysLOCL.
Field Description Synchronization distance relative to the upper-level clock, in sync distance seconds, and calculated from dispersion and roundtrip delay values. Precision Accuracy of the system clock. version NTP version in the range of 1 to 4. Source interface. source interface If the source interface is not specified, this field isNot specified.
Page 116
Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00000 ms Root dispersion: 3.96367 ms Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573 # Display the NTP service status when time is not synchronized. <Sysname>display ntp-service status Clock status: unsynchronized Clock stratum: 16 Reference clock ID: none Clock jitter: 0.000000 s Stability: 0.000 pps...
Field Description For an IPv4 NTP server: The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as the reference source. •...
Predefined user roles network-admin network-operator Examples #Displaybrief information about each NTP server from the local device back to the primary time server. <Sysname>display ntp-service trace Server 127.0.0.1 Stratum 3, jitter 0.000, synch distance 0.0000. Server 3000::32 Stratum 2 , jitter 790.00, synch distance 0.0000. RefID 127.127.1.0 The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is...
Page 119
Predefined user roles network-admin Parameters peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device. query: Allows only NTP control queries from a peer device to the local device. server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.
ntp-service authentication enable Use ntp-service authentication enableto enable NTP authentication. Use undo ntp-service authentication enableto disable NTP authentication. Syntax ntp-service authentication enable undo ntp-service authentication enable Default NTP authentication is disabled. Views System view Predefined user roles network-admin Usage guidelines Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are synchronized only to authenticated NTP servers.
Views System view Predefined user roles network-admin Parameters keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295. authentication-modemd5value: Uses the MD5 algorithm for key authentication. cipher: Specifies a key in encrypted form. simple: Specifies a key in plaintext form.For security purposes, the key specified in plaintext form will be stored in encrypted form.
Syntax ntp-servicebroadcast-client undontp-servicebroadcast-client Default The device does not operatein any NTP association mode. Views Interface view Predefined user roles network-admin Usage guidelines After you configure the command, the device listens to NTP messages sent by the NTP broadcast server and is synchronized based on the received NTP messages. If you have configured the device to operate in broadcast client mode on an interface with the command, do not add the interface to any aggregate group.
Predefined user roles network-admin Parameters authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients. Thevalue range for the keyidargument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication. versionnumber: Specifies the NTP version.
Parameters dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets. Usage guidelines The DSCP value is included in the ToS fieldof an IPv4 packet to identify the packet priority. Examples # Set the DSCP value forIPv4 NTP packets to 30. <Sysname>...
Views Interface view Predefined user roles network-admin Usage guidelines Execute the undo ntp-service inbound enablecommand on an interface in the following cases: • You do not want the interface to synchronize the peer device in the corresponding subnet. • You do not want the device to be synchronized by the peer device in the subnet corresponding to theinterface.
synchronization: Allows only time requests from a system whose address passes the access list criteria. ipv6-acl-number: Specifies an ACL. The peer devices that match the ACL have the access right specified in the command. The ipv6-acl-number argument represents a basic ACL number in the range of 2000 to 2999.
Default The DSCP value for IPv6 NTP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63 for IPv6 NTP packets. Usage guidelines The DSCP value is included in the TrafficClass field of an IPv6 packetto identify the packet priority. Examples # Set the DSCP value forIPv6 NTP packets to 30.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo ntp-service ipv6 inboundenable ntp-service ipv6 multicast-client Use ntp-service ipv6 multicast-client to configure the device to operate in IPv6 NTP multicast client mode and use the current interface to receive IPv6 NTP multicast packets. Use undo ntp-service ipv6 multicast-clientto remove the configuration.
ntp-service ipv6 multicast-server Use ntp-service ipv6 multicast-serverto configure the device to operate in IPv6 NTP multicast server mode and use the current interface to send IPv6 NTP multicast packets. Use undo ntp-service ipv6 multicast-serverto remove the configuration. Syntax ntp-service ipv6 multicast-serveripv6-address[authentication-keyidkeyid| ttlttl-number] * undo ntp-service ipv6multicast-server ipv6-address Default The device does not operate in anyNTP association mode.
ntp-service ipv6 source Use ntp-service ipv6 sourceto specify the source interface for IPv6 NTP messages. Use undo ntp-service ipv6 sourceto restore the default. Syntax ntp-service ipv6 sourceinterface-type interface-number undo ntp-service ipv6 source Default No source interface is specified for IPv6 NTP messages. The device automatically selects the source IP address for IPv6 NTP messages.
Usage guidelines When you specify an IPv6 passive peer for the device, the device and its IPv6 passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level. To synchronize the PE to a PE or CE in a VPN, provide thevpn-instance vpn-instance-nameoption in the command.
Page 133
Predefined user roles network-admin Parameters server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters. ipv6-address: Specifies an NTP server by its IPv6 address. It must be a unicast address, rather than a multicast address. vpn-instance vpn-instance-name: Specifies the VPN to which the NTP server belongs.
Related commands ntp-service authentication enable ntp-service authentication-keyid ntp-service reliable authentication-keyid ntp-service max-dynamic-sessions Use ntp-service max-dynamic-sessionsto set the maximum number of dynamic NTP sessions. Use undo ntp-service max-dynamic-sessionsto restore the default. Syntax ntp-service max-dynamic-sessions number undo ntp-service max-dynamic-sessions Default The maximum number of dynamic NTP sessions is 100. Views System view Predefined user roles...
ntp-service multicast-client Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets. Use undo ntp-service multicast-clientto remove the configuration. Syntax ntp-servicemulticast-client[ ip-address ] undo ntp-service multicast-client [ ip-address ] Default The device does not operate in anyNTP association mode.
Page 136
Syntax ntp-service multicast-server[ ip-address ] [ authentication-keyidkeyid | ttlttl-number | versionnumber ] * undo ntp-service multicast-server [ ip-address ] Default The device does not operate in anyNTP association mode. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies a multicast IP address. Thedefault is224.0.1.1. A multicast server and client must be configured with the same multicast IP address.
ntp-service refclock-master Use ntp-service refclock-masterto configure the local clock as the reference source. Use undo ntp-service refclock-masterto remove the configuration. Syntax ntp-service refclock-master [ip-address ] [stratum ] undo ntp-service refclock-master[ip-address ] Default The device does not use its local clock as the reference clock. Views System view Predefined user roles...
ntp-service reliable authentication-keyid Use ntp-service reliable authentication-keyid to specify an authentication key asatrusted key. Use undontp-service reliable authentication-keyid to remove the configuration. Syntax ntp-service reliable authentication-keyidkeyid undo ntp-service reliable authentication-keyidkeyid Default No trusted key is specified. Views System view Predefined user roles network-admin Parameters keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295.
ntp-service source Use ntp-service sourceto specify the source interface for NTP messages. Use undo ntp-service sourceto restore the default. Syntax ntp-service sourceinterface-type interface-number undo ntp-service source Default No source interface is specified for NTP messages. The deviceperforms the following operations: •...
ntp-service unicast-peer Use ntp-serviceunicast-peerto specify a symmetric-passive peer for the device. Use undo ntp-serviceunicast-peerto remove the symmetric-passive peer specified for the device. Syntax ntp-serviceunicast-peer peer-name |ip-address} [vpn-instance vpn-instance-name [authentication-keyidkeyid|priority| sourceinterface-type interface-number|versionnumber] * undontp-serviceunicast-peer { peer-name |ip-address} [vpn-instancevpn-instance-name ] Default No symmetric-passive peer is specified. Views System view Predefined user roles...
Usage guidelines When you specify a passive peer for the device, the device and its passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level. To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.
Page 142
Parameters server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters. ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock. vpn-instance vpn-instance-name: Specifies the VPN to which the NTP server belongs.
display sntp sessions Use display sntp sessionsto display information about all IPv4SNTP associations. Syntax display sntp sessions Views Any view Predefined user roles network-admin network-operator Examples # Display information aboutall IPv4SNTP associations. <Sysname>display sntp sessions SNTP server Stratum Version Last receive time 1.0.1.112 Tue, May 17 2011 9:11:20.833 (Synced)
Predefined user roles network-admin Usage guidelines You needto enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers. To authenticate an NTP server, set an authentication key and specify it as a trusted key. Examples # Enable SNTP authentication.
Usage guidelines You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers. Configure the same key ID and key on the SNTP client and NTP server. Otherwise, the SNTP client cannot be synchronized to the NTP server.
sntp ipv6 unicast-server Use sntpipv6 unicast-server to specify an IPv6 NTP server for the device. Use undo sntpipv6 unicast-serverto remove theIPv6 NTP server specified for the device. Syntax sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instancevpn-instance-name ] [authentication-keyidkeyid|sourceinterface-type interface-number ]* undo sntp ipv6unicast-server { server-name|ipv6-address} [ vpn-instance vpn-instance-name] Default No IPv6 NTP server is specified.
If you include thevpn-instance vpn-instance-nameoption in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include thevpn-instance vpn-instance-nameoption in the command, the command removes the NTP server with the IP address of ip-address in the public network. If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the NTP server.
Examples # Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey. <Sysname> system-view [Sysname] sntp authentication enable [Sysname] sntp authentication-keyid 37 authentication-mode md5 simple BetterKey # Specify this key as a trusted key. [Sysname] sntp reliable authentication-keyid 37 Related commands sntp authentication-keyid...
Page 150
sourceinterface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-numberargument represents the interface type and number.
PoE commands This feature is supported only by MSR958(JH301A) and PoE-capable routers installed with the following modules: • DSIC-9FSWP. • HMIM-24GSWP. • SIC-4FSWP. PoE-capable routers include the following models: • MSR3012/3024/3044/3064. • MSR4060/4080. Commands and descriptions for centralized devices apply to the following routers: •...
Views PI view Predefined user roles network-admin Parameters index index: Specifies a PoE profile by its index number in the range of 1 to 100. name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters. Examples # Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1.
the end interface number. If an interface in the specified range does not support PoE, it is ignored when the PoE profile is applied. Examples # Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] apply poe-profile name forIPphone interface gigabitethernet 1/0/1 # Apply the PoE profile with index number 1 to PIs GigabitEthernet 1/0/2 to GigabitEthernet 1/0/8.
Page 154
Examples # Display general PSE information. <Sysname> display poe device PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model LSP2LTSUC LSP2LTSUC # (Distributed devices in IRF mode.) Display general PSE information. <Sysname> display poe device Chassis 1: PSE ID Slot No.
display poe interface Use display poe interface to display power supplying information for PIs. Syntax display poe interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power supplying information for all PIs.
Page 156
Field Description Operating status of a PI: • Off—PoE is disabled. • On—Power is being supplied to the PI correctly. • Power-lack—Remaining guaranteed power is insufficient for a critical PI. • Oper Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power.
On State Ports: 2; Used: 8.4(W); Remaining: 171.6(W) Table 23 Command output Field Description Interface Interface name of a PI. PoE status: • Enabled. • Disabled. Power priority of a PI: • Critical (highest). Priority • High. • Low. CurPower Current power of a PI.
Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power information for all PIs. Examples # Display power information for GigabitEthernet 1/0/1. <Sysname> display poe interface power gigabitethernet 1/0/1 Interface Current Peak...
Page 159
display poe power-usage Distributed devices in IRF mode: display poe power-usage [ chassis chassis-number ] Centralized devices in IRF mode display poe power-usage [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PoE power supplies and PSEs in the IRF fabric.
Page 160
PSE ID Current Peak Average Remaining Powered Guaranteed(W) Ports Chassis 2 : PoE Current Power : 600 PoE Max Power : 2000 PoE Max Guaranteed Power : 1000 PoE Remaining Allocable Power : 800 PoE Remaining Guaranteed Power : 600 Powered PoE Ports : 60 Statistics by PSE:...
Table 25 Command output Field Description PoE power and PSE power information for member device 1. Chassis 1 (Distributed devices in IRF mode.) PoE power and PSE power information for member device 1. Slot 1 (Centralized devices in IRF mode.) PoE Current Power Total power that has been consumed by PSEs.
Page 162
Parameters pse-id: Specifies a PSE by its ID. If you do not specify a PSE, this command displays information about all PSEs. Examples # Display detailed information about PSE 7. <Sysname> display poe pse 7 PSE ID Slot No. PSE Model : LSBMPOEGV48TP PSE Status : Enabled...
PD Power Policy : Disabled PD Disconnect Detection Mode : DC Table 26 Command output Field Description PSE ID ID of the PSE. Slot No. Slot number of the PSE. SSlot No. Subslot number of the PSE. Chassis In IRF mode, member ID of the device where the PSE resides. PoE status of the PSE: •...
Page 164
Views Any view Predefined user roles network-admin network-operator Parameters pse pse-id: Specifies a PSE ID. To display PSE ID and slot mappings, use the display poe device command. Examples # Display the status of all PIs on PSE 7. <Sysname> display poe pse 7 interface Interface Priority CurPower...
Field Description Operating status of a PI: • Off—PoE is disabled. • On—Power is being supplied to the PI correctly. • Power-lack—Remaining guaranteed power is insufficient for a critical PI. Oper • Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power.
<Sysname> display poe pse 7 interface power Interface Current Peak PD Description GE1/0/25 IP Phone on Room 309 for Peter Smith GE1/0/26 15.4 IP Phone on Room 409 for Peter Pan GE1/0/27 15.0 15.3 15.4 Access Point on Room 509 for Peter GE1/0/28 IP Phone on Room 609 for Peter John GE1/0/29...
Page 167
Parameters chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PoE power supplies and PSEs in the IRF fabric. (Distributed devices in IRF mode.) slot slot-number: Specifies an IRF member device by its member ID.
Page 168
PoE Hardware Version : 0002 PoE Software Version : 0001 PoE Power Supplies PoE Power Supply 1: Manufacturer : Tyco Electronics Com Type : PSE2500-A Status : Normal PoE Power Supply 2: Manufacturer : Tyco Electronics Com Type : PSE2500-B Status : Normal Chassis 2 :...
Page 169
PoE Hardware Version : 0002 PoE Software Version : 0001 PoE Power Supplies PoE Power Supply 1: Manufacturer : Tyco Electronics Com Type : PSE2500-A Status : Normal PoE Power Supply 2: Manufacturer : Tyco Electronics Com Type : PSE2500-B Status : Normal Slot 2 :...
Field Description PoE Current Voltage Current PoE voltage. PoE Lower Input Threshold AC input under-voltage threshold. PoE Upper Input Threshold AC input over-voltage threshold. PoE Lower Output Threshold DC output under-voltage threshold. PoE Upper Output Threshold DC output over-voltage threshold. PoE Hardware Version PoE hardware version number.
Usage guidelines If you do not specify a profile, the command displays information about all PoE profiles. Examples # Display information about all PoE profiles. <Sysname> display poe-profile PoE Profile Index ApplyNum Interfaces Configuration forIPphone GE1/0/5 poe enable GE1/0/6 poe priority critical GE1/0/7 GE1/0/8 GE1/0/9...
Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Examples # Display information about the PoE profile on GigabitEthernet 1/0/1. <Sysname> display poe-profile interface gigabitethernet 1/0/1 PoEProfile Index ApplyNum Interface Effective configuration forIPphone GE1/0/1...
Examples # Set the PD disconnection detection mode to dc. <Sysname> system-view [Sysname] poe disconnect dc Related commands display poe pse poe enable Use poe enable to enable PoE on a PI. Use undo poe enable to disable PoE on a PI. Syntax poe enable undo poe enable...
poe enable pse Use poe enable pse to enable PoE for a PSE. Use undo poe enable pse to disable PoE for the PSE. Syntax poe enable pse pse-id undo poe enable pse pse-id Default PoE is disabled on PSEs. Views System view Predefined user roles...
Parameters pse pse-id: Specifies a PSE by its ID. Examples # Enable PSE 7 to detect nonstandard PDs. <Sysname> system-view [Sysname] poe legacy enable pse 7 Related commands display poe pse poe max-power Use poe max-power to set the maximum PI power. Use undo poe max-power to restore the default.
poe max-power (system view) Use poe max-power to set the maximum PSE power. Use undo poe max-power to restore the default. Syntax poe pse pse-id max-power max-power undo poe pse pse-id max-power Default The maximum PSE power is 37 watts. Views System view Predefined user roles...
undo poe pd-description Default No description is configured for the PD that connects to a PI. Views PI view Predefined user roles network-admin Parameters text: Configures a description for the PD connected to the PI, a case-sensitive string of 1 to 80 characters.
<Sysname> system-view [Sysname] poe pd-policy priority Related commands poe priority poe priority Use poe priority to set the power supply priority for a PI. Use undo poe priority to restore the default. Syntax poe priority { critical | high | low } undo poe priority Default The power supply priority of a PI is low.
<Sysname> system-view [Sysname] poe-profile abc [Sysname-poe-profile-abc-1] poe priority critical [Sysname-poe-profile-abc-1] quit [Sysname] interface gigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] apply poe-profile name abc Related commands poe pd-policy priority poe priority (system view) Use poe priority to set the power supply priority for a PSE. Use undo poe priority to restore the default.
• Supplies power to the PSE that has higher priority. Examples # Set the power supply priority of PSE 7 to critical. <Sysname> system-view [Sysname] poe priority critical pse 7 Related commands poe pse-policy priority poe pse-policy priority Use poe pse-policy priority to enable PSE power management. Use undo poe pse-policy priority to disable PSE power management.
Syntax poe update { full | refresh } filename [ pse pse-id ] Views System view Predefined user roles network-admin Parameters full: Upgrades the PSE firmware in full mode. refresh: Upgrades the PSE firmware in refresh mode. filename: Specifies the name of the upgrade file, a case-insensitive string of 1 to 64 characters. The specified file must be in the root directory of the file system of the device.
Predefined user roles network-admin Parameters profile-name: Specifies a PoE profile name, a case-sensitive string of 1 to 15 characters. A PoE configuration file name begins with a letter and must not contain reserved keywords including undo, all, name, interface, user, poe, disable, max-power, mode, priority, or enable. index: Specifies the index number of a PoE profile, in the range of 1 to 100.
Page 183
Views System view Predefined user roles network-admin Parameters value: Specifies alarm threshold as a percentage of 1 to 99. pse pse-id: Specifies a PSE by its ID. Usage guidelines If PSE power usage crosses the threshold multiple times in succession, the system sends notification messages only for the first crossing.
SNMP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.
Page 185
Storage-type: nonVolatile Context name: con1 Community name: bb Role name: bb Storage-type: nonVolatile Community name: userv1 Group name: testv1 Storage type: nonvolatile Community name: cc Group name: cc ACL name: testacl Storage type: nonVolatile Table 31 Command output Field Description Community name created by using the snmp-agent community command or Community name username created by using the snmp-agent usm-user { v1 | v2c } command.
Field Description SNMP context: • If a mapping between an SNMP community and an SNMP context is configured, Context name the SNMP context is displayed. • If no mapping between an SNMP community and an SNMP context exists, this field is empty. Related commands snmp-agent community snmp-agent usm-user { v1 | v2c }...
Page 187
Views Any view Predefined user roles network-admin network-operator Parameters group-name: Specifies an SNMPv1, SNMPv2c, or SNMPv3 group name in non-FIPS mode, and an SNMPv3 group name in FIPS mode. It is a case-sensitive string of 1 to 32 characters. If no group is specified, this command displays information about all SNMP groups.
Related commands snmp-agent group display snmp-agent local-engineid Use display snmp-agent local-engineid to display the local SNMP engine ID. Syntax display snmp-agent local-engineid Views Any view Predefined user roles network-admin network-operator Usage guidelines Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.
Page 189
Parameters details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node. index-node: Specifies SNMP MIB tables, and node names and OIDs of MIB index nodes. trap-node: Specifies node names and OIDs of MIB notification nodes, and node names and OIDs of notification objects.
Page 191
Table |lldpStatsTxPortTable Index ||lldpStatsTxPortNum 1.0.8802.1.1.2.1.2.6.1.1 Table |lldpStatsRxPortTable Index ||lldpStatsRxPortNum 1.0.8802.1.1.2.1.2.7.1.1 Table |lldpLocPortTable Index ||lldpLocPortNum 1.0.8802.1.1.2.1.3.7.1.1 Table 35 Command output Field Description Table MIB table name. Index Name of a MIB index node. OID of a MIB index node. # Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects. <Sysname>...
Page 192
||||1.3.6.1.2.1.10.166.11.1.2.1.1.5 Name |||mplsL3VpnVrfOperStatus ||||1.3.6.1.2.1.10.166.11.1.2.2.1.6 Table 36 Command output Field Description Name Name of a MIB notification node. OID of a MIB notification node. Trap Object Name and OID of a notification object. # Display detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.
Page 193
Index ||[indexImplied:0, indexLength:1]: Name |lldpPortConfigPortNum ||1.0.8802.1.1.2.1.1.6.1.1 Properties ||NodeType: Column ||AccessType: NA ||DataType: Integer32 ||MOR: 0x020c1201 Parent ||lldpPortConfigEntry First child Next leaf ||lldpPortConfigAdminStatus Next sibling ||lldpPortConfigAdminStatus Allow ||get/set/getnext Index ||[indexImplied:0, indexLength:1]: Value range [1..4096] Name |lldpPortConfigAdminStatus ||1.0.8802.1.1.2.1.1.6.1.2 Properties ||NodeType: Column ||AccessType: RW ||DataType: Integer ||MOR:...
Field Description Permissions to MIB nodes: • NA—Not accessible. • NF—Supports notifications. • AccessType RO—Supports read-only access. • RW—Supports read and write access. • RC—Supports read-write-create access. • WO—Supports write-only access. Data types of MIB nodes: • Integer—An integer. • Integer32—A 32-bit integer.
Page 195
Syntax display snmp-agent mib-view [ exclude | include | viewname view-name ] Views Any view Predefined user roles network-admin network-operator Parameters exclude: Displays the subtrees excluded from any MIB view. include: Displays the subtrees included in any MIB view. viewname view-name: Displays information about the specified MIB view. The view-name argument is a case-sensitive string of 1 to 32 characters.
View Type: excluded View status: active ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible. Table 38 Command output Field Description View name...
vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the remote SNMP entity is in the public network. Usage guidelines Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.
Page 198
<Sysname> display snmp-agent statistics 1684 messages delivered to the SNMP entity. 5 messages were for an unsupported version. 0 messages used an unknown SNMP community name. 0 messages represented an illegal operation for the community supplied. 0 ASN.1 or BER errors in the process of decoding. 1679 messages passed from the SNMP entity.
Field Description Number of getNext requests that have been GetNextRequest-PDU accepted and processed received and processed. Number of getBulk requests that have been GetBulkRequest-PDU accepted and processed received and processed. Number of get responses that have been GetResponse-PDU accepted and processed received and processed.
The location information of the agent: The SNMP version of the agent: SNMPv3 Related commands snmp-agent sys-info display snmp-agent trap queue Use display snmp-agent trap queue to display basic information about the trap queue, including the queue size and number of traps in the queue. Syntax display snmp-agent trap queue Views...
Usage guidelines You can use the snmp-agent trap enable command to enable or disable the notification function of a module. For a module that has sub-modules, the notification function status is enable if the trap function of any of its sub-modules is enabled. Examples # Display the modules that can generate notification and their notification function status.
Page 202
username user-name: Displays information about the specified SNMPv3 user. The username is case sensitive. Usage guidelines This command displays only SNMPv3 users that you have created by using the snmp-agent usm-user v3 command. To display SNMPv1 or SNMPv2c users created by using the snmp-agent usm-user { v1 | v2c } command, use the display snmp-agent community command.
Field Description Storage type: • volatile. • nonvolatile. • permanent. Storage type • readOnly. • other. Table For more information about these storage types, see SNMP user status: • active—The SNMP user is effective. • notInService—The SNMP user is correctly configured but not activated. •...
Usage guidelines For an interface to generate linkUp/linkDown notifications when its state changes, you must also enable the linkUp/linkDown notification function globally by using the snmp-agent trap enable standard [ linkdown | linkup ] * command. Examples # Enable GigabitEthernet 1/0/1 to send linkUp/linkDown SNMP traps to 10.1.1.1 in the community public.
snmp-agent calculate-password Use snmp-agent calculate-password to calculate a digest for the encrypted from of an authentication or privacy key in plaintext form. Syntax In non-FIPS mode: snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid } In FIPS mode: snmp-agent calculate-password...
Usage guidelines Make sure the SNMP agent is enabled before you execute the snmp-agent calculate-password command. For security purposes, use this command to calculate digests for ciphertext authentication and privacy keys when you create SNMPv3 users by using the snmp-agent usm-user v3 command. The converted key is valid only under the engine ID specified for key conversion.
Page 207
Parameters read: Assigns the specified community read-only access to MIB objects. A read-only community can only inquire MIB information. write: Assigns the specified community read and write access to MIB objects. A read and write community can configure MIB information. simple: Specifies a community name in plaintext form.
Page 208
• Role based access control—RBAC mode controls access to MIB objects by assigning user roles to SNMP communities. The network-admin, mdc-admin, and level-15 user roles have the read and write access to all MIB objects. The network-operator user role and mdc-operator user role have the read-only access to all MIB objects.
[Sysname] snmp-agent community write simple writeaccess acl 2001 # Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.2 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.
context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters. Usage guidelines This command enables a module on an agent to obtain the context mapped to a community name when an NMS accesses the agent by using SNMPv1 or SNMPv2c. You can configure a maximum of 10 community-context mappings on the device.
Related commands display snmp-agent context snmp-agent group Use snmp-agent group to create an SNMP group. Use undo snmp-agent group to delete an SNMP group. Syntax SNMPv1 and SNMP v2c: snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] * undo snmp-agent group { v1 | v2c } group-name...
Page 212
read-view view-name: Specifies a read-only MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read-only MIB view is specified, the SNMP group has read access to the default view ViewDefault. write-view view-name: Specifies a read and write MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters.
Security model Security key Security model keyword for the settings for the Remarks group user If no authentication key is configured, SNMP communication will fail. Authentication without authentication Authentication key privacy The privacy key (if any) for the user does not take effect.
Default The engine ID of a device is the combination of the company ID and the device ID. The device ID varies by device model. Views System view Predefined user roles network-admin Parameters engineid: Specifies an SNMP engine ID, a hexadecimal string. Its length is an even number in the range of 10 to 64.
Parameters all: Enables logging SNMP authentication failures, Get operations, and Set operations. authfail: Enables logging SNMP authentication failures. get-operation: Enables logging SNMP Get operations. set-operation: Enables logging SNMP Set operations. Usage guidelines Use SNMP logging to record the SNMP operations performed on the SNMP agent or authentication failures from the NMS to the agent for auditing NMS behaviors.
Parameters excluded: Denies access to any node in the specified MIB subtree. included: Permits access to all the nodes in the specified MIB subtree. view-name: Specifies a view name, a string of 1 to 32 characters. oid-tree: Specifies a MIB subtree by its root node's OID (for example, 1.3.6.1.2.1.1) or object name (for example, system), a case-sensitive string of 1 to 255 characters.
Use undo snmp-agent packet max-size to restore the default. Syntax snmp-agent packet max-size byte-count undo snmp-agent packet max-size Default An SNMP agent can process SNMP packets with a maximum size of 1500 bytes. Views System view Predefined user roles network-admin Parameters byte-count: Sets the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send.
Parameters port-num: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default is 161. Usage guidelines After changing the port number for receiving SNMP packets, reconnect the device by using the port number for SNMP get and set operations. To display UDP port information, use the display current-configuration command.
Usage guidelines To send informs to an NMS, you must configure the SNMP engine ID of the NMS on the SNMP agent. The NMS accepts the SNMPv3 informs from the SNMP agent only if the engine ID in the informs is the same as its local engine ID.
Usage guidelines The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface or subinterface as the source IP address in all its SNMP informs or traps, regardless of their outgoing interfaces. An NMS can use this IP address to filter all the informs or traps sent by the SNMP agent.
Examples # Configure the system contact as Dial System Operator # 27345. <Sysname> system-view [Sysname] snmp-agent sys-info contact Dial System Operator # 27345 Related commands display snmp-agent sys-info snmp-agent sys-info location Use snmp-agent sys-info location to configure the system location. Use undo snmp-agent sys-info location to restore the default location.
Page 224
udp-port port-number: Specifies the UDP port for SNMP notifications. If no UDP port is specified, UDP port 162 is used. vpn-instance vpn-instance-name: Specifies the VPN for the target host. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the target host is in the public network.
You can use the snmp-agent target-host command to enable the device to send the notifications as informs or traps to a host. If no optional parameters are specified, this command or its undo form enables or disables all SNMP notifications supported by the device. Examples # Enable the SNMP agent to send SNMP authentication failure traps to 10.1.1.1 in the community public.
snmp-agent trap life Use snmp-agent trap life to set the lifetime of notifications in the SNMP notification queue. Use undo snmp-agent trap life to restore the default notification lifetime. Syntax snmp-agent trap life seconds undo snmp-agent trap life Default The SNMP notification lifetime is 120 seconds. Views System view Predefined user roles...
Default SNMP notification logging is disabled. Views System view Predefined user roles network-admin Usage guidelines Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends the logs to the information center. You can configure the information center to output the logs to a destination as needed.
Examples # Set the SNMP notification queue size to 200. <Sysname> system-view [Sysname] snmp-agent trap queue-size 200 Related commands snmp-agent target-host snmp-agent trap enable snmp-agent trap life snmp-agent usm-user { v1 | v2c } Use snmp-agent usm-user { v1 | v2c } to create an SNMPv1 or SNMPv2c user. Use undo snmp-agent usm-user { v1 | v2c } to delete an SNMPv1 or SNMPv2c user.
Page 230
ipv6-acl-number: Specifies a basic IPv6 ACL by its number in the range of 2000 to 2999. name ipv6-acl-name: Specifies a basic IPv6 ACL for the user. The ipv6-acl-name argument represents a basic IPv6 ACL name, a case-insensitive string of 1 to 63 characters. Usage guidelines This command is not available in FIPS mode.
Page 233
• The plaintext form of the key in non-FIPS mode is a string of 1 to 64 characters. The plaintext form of the key in FIPS mode is a string of 15 to 64 characters, which must contain numbers, uppercase letters, lowercase letters, and special characters. •...
Page 234
name ipv6-acl-name: Specifies a basic IPv6 ACL for the user. The ipv6-acl-name argument represents a basic IPv6 ACL name, a case-insensitive string of 1 to 63 characters. local: Specifies the local SNMP engine. By default, an SNMPv3 user is associated with the local SNMP engine.
Page 235
For more information about ACL, see ACL and QoS Configuration Guide. Examples In VACM mode: # Add the user testUser to the SNMPv3 group testGroup, and enable the authentication without privacy security model for the group. Specify the authentication algorithm SHA-1 and the authentication key 123456TESTplat&! in plain text for the user.
# Create the SNMPv3 user testUser with the user role network-operator and enable the authentication without privacy security model for the user. Specify the authentication algorithm SHA-1 and the authentication key 123456TESTplat&! in plain text for the user. <Sysname> system-view [Sysname] snmp-agent usm-user v3 testUser user-role network-operator simple authentication-mode sha 123456TESTplat&! # For an NMS to have read-only access to all MIB objects, make sure the following configurations on...
Page 237
Usage guidelines You can assign a maximum of 64 user roles to an SNMPv3 user. An SNMPv3 user must have a minimum of one user role. Examples # Assign the user role testRole2 to the SNMPv3 user testUser. <Sysname> system-view [Sysname] snmp-agent usm-user v3 testUser user-role testRole2 Related commands snmp-agent usm-user v3...
RMON commands display rmon alarm Use display rmon alarm to display information about RMON alarm entries. Syntax display rmon alarm [ entry-number ] Views Any view Predefined user roles network-admin network-operator Parameters entry-number: Specifies an alarm entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all RMON alarm entries.
Field Description Sample type: • absolute—RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval. Sample type • delta—RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.
Page 240
Syntax display rmon event [ entry-number ] Views Any view Predefined user roles network-admin network-operator Parameters entry-number: Specifies an event entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all event entries. Usage guidelines An event entry includes the following information: •...
Field Description SNMP community name for the RMON event. You can specify an SNMP community name when you create an RMON event entry, but the setting does Community not take effect. The system always uses the settings configured with the SNMP feature when it sends RMON event notifications.
Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77, uprise 16760000 with alarm value 16776314. Alarm sample type is absolute. LogEntry 99.2 created at 50days 09h:11m:13s uptime. Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77, less than(or =) 20000000 with alarm value 16951648. Alarm sample type is absolute. LogEntry 99.3 created at 50days 09h:18m:43s uptime.
Page 243
Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays history samples for all interfaces that have an RMON history control entry. Usage guidelines RMON uses the etherHistoryTable object to store the history samples of Ethernet statistics for Ethernet interfaces.
Field Description Number of oversize packets received during the sampling interval. oversize packets Oversize packets are longer than 1518 octets (excluding framing bits but including FCS octets). Number of undersize packets with CRC errors received during the sampling fragments interval. Number of oversize packets with CRC errors received during the sampling jabbers interval.
Page 246
Table 50 Command output Field Description Alarm entry owner and status: • entry-number—Alarm entry index. • owner—Entry owner. • status—Entry status: VALID—The entry is valid. PrialarmEntry entry-number UNDERCREATION—The entry is invalid. owned by owner is status. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default.
Field Description Alarm that can be generated when the entry becomes valid: • risingAlarm—Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold. • fallingAlarm—Generates a falling alarm if the first sample after the Alarm sent upon entry entry becomes valid is less than or equal to the rising threshold.
Field Description Incoming-packet statistics by packet length: • 64—Number of packets with a length less than or equal to 64 bytes. • 65-127—Number of 65- to 127-byte packets.. • Incoming packets by size: 128-255—Number of 128- to 255-byte packets. • 256-511—Number of 256- to 511-byte packets.
Page 250
Format Examples etherStatsOctets.1 etherStatsPkts.1 etherStatsBroadcastPkts.1 Object name.instance ifInOctets.1 ifInUcastPkts.1 ifInNUcastPkts.1 sampling-interval: Sets the sampling interval in the range of 5 to 65535 seconds. absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval. delta: Specifies delta sampling.
To trigger the event associated with an alarm condition, you must create the event with the rmon event command. RMON samples the monitored alarm variable at the specified sampling interval, compares the sampled value with the predefined thresholds, and does one of the following: •...
Page 252
Views System view Predefined user roles network-admin Parameters entry-number: Specifies an event entry index in the range of 1 to 65535. description string: Configures an event description, a case-sensitive string of 1 to 127 characters. log: Logs the event when it occurs. log-trap: Logs the event and sends an SNMP notification when the event occurs.
rmon history Use rmon history to create an RMON history control entry. Use undo rmon history to remove an RMON history control entry. Syntax rmon history entry-number buckets number interval interval [ owner text ] undo rmon history entry-number Default No RMON history control entries exist.
Related commands display rmon history rmon prialarm Use rmon prialarm to create an RMON private alarm entry. Use undo rmon prialarm to remove an RMON private alarm entry. Syntax rmon prialarm entry-number prialarm-formula prialarm-des sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]...
Page 255
• Generates a rising alarm if the first sample crosses the rising threshold. • Generates a falling alarm if the first sample crosses the falling threshold. rising: Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold.
Triggers the event associated with the rising alarm event if the result is equal to or greater than the rising threshold. Triggers the event associated with the falling alarm event if the result is equal to or less than the falling threshold. Examples # Add a permanent private alarm entry to monitor the ratio of incoming broadcasts to the total number of incoming packets on GigabitEthernet 1/0/1.
Page 257
Predefined user roles network-admin Parameters entry-number: Specifies a statistics entry index in the range of 1 to 65535. owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters. Usage guidelines You can create RMON statistics entries only for Layer 2 or Layer 3 Ethernet interfaces. You can create one statistics entry for each Ethernet interface, and a maximum of 100 statistics entries on the device.
Event MIB commands action Use action to set an action for an event. Use undo action to remove an action. Syntax action { notification | set } undo action { notification | set } Default An event does not have an action. Views Event view Predefined user roles...
[Sysname-event-owner1-EventA-set] oid ipForwarding.0 [Sysname-event-owner1-EventA-set] value 2 Related commands event enable snmp mib event comparison Use comparison to specify a Boolean comparison type for the sampled value and the reference value. Use undo comparison to restore the default. Syntax comparison { equal | greater | greaterorequal | less | lessorequal | unequal } undo comparison Default The Boolean comparison type is unequal.
For an event to be triggered at the first sampling, execute the startup enable command. Examples # Specify the Boolean comparison type as unequal. <Sysname> system-view [Sysname] snmp mib event trigger owner owner1 name triggerA [Sysname-trigger-owner1-triggerA] test boolean [Sysname-trigger-owner1-triggerA-boolean] comparison unequal Related commands snmp mib event trigger test...
wildcard context context (trigger view) Use context to configure a context for a monitored object. Use undo context to restore the default. Syntax context context-name undo context Default A monitored object does not have a context. Views Trigger view Predefined user roles network-admin Parameters context-name: Specifies a context, a case-sensitive string of 1 to 32 characters.
Default The delta falling threshold is 0, and no falling event is specified. Views Trigger-threshold view Predefined user roles network-admin Parameters event owner event-owner name event-name: Specifies an event by its owner and its name. Use the trigger owner as the event owner. The event-name argument is a case-sensitive string of 1 to 32 characters.
Views Trigger-threshold view Predefined user roles network-admin Parameters event owner event-owner name event-name: Specifies an event by its owner and its name. Use the trigger owner as the event owner. The event-name argument is a case-sensitive string of 1 to 32 characters.
Views Event view Predefined user roles network-admin Parameters text: Specifies a description, a case-sensitive string of 1 to 255 characters. Examples # Configure the description EventA is an RMON event for the event with the owner owner1 and the name eventA. <Sysname>...
EvtComment : event is to set ifAdminStatus EvtAction : Notification | Set EvtEnabled : true Notification entry: NotifyOID : 1.3.6.1.2.1.88.2.0.1<mteTriggerFired> NotifyObjOwner : N/A NotifyObjName : N/A Set entry: SetObj : 1.3.6.1.2.1.2.2.1.7<ifAdminStatus> SetObjWildcard : true SetValue SetTargetTag : N/A SetContextName : context1 SetContextNameWildcard : false Object list objectA owned by owner3:...
Page 267
1 to 32 characters. If you do not specify an event, this command displays information about all events and event actions. Examples # Display information about the event with the owner owner2 and name eventA and the event actions. <Sysname> display snmp mib event event owner owner2 name eventA Event entry eventA owned by owner2: EvtComment : event is to set ifAdminStatus...
Field Description SetContextName Context for the set-action object. Wildcarding option for the context • SetContextNameWildcard false—Specifies a context. • true—Enables wildcard search for the context. Related commands snmp mib event display snmp mib event object list Use display snmp mib event event to display information about object lists. Syntax display snmp mib event object list [ owner objects-owner name objects-name ] Views...
Field Description Wildcarding option for the OID: • ObjIDWildcard false—Specifies the OID. • true—Enables wildcarded search for the OID. Related commands snmp mib event object list display snmp mib event summary Use display snmp mib event summary to display the Event MIB brief information. Syntax display snmp mib event summary Views...
Related commands display snmp mib event display snmp mib event trigger Use display snmp mib event trigger to display information about a trigger and the trigger tests. Syntax display snmp mib event trigger [ owner trigger-owner name trigger-name ] Views Any view Predefined user roles network-admin...
Page 272
Field Description TriggerObjOwner Owner of the trigger object. TriggerObjName Name of the trigger object. Trigger status: • TriggerEnabled Enabled. • Disabled. Existence entry Type of the existence test: • present. ExiTest • absent. • changed. Type of the existence test for the first sampling: •...
Field Description ThresDeltaFalling Delta falling threshold. ThresObjOwner Owner of the threshold test object. ThresObjName Name of the threshold test object. ThresRisEvtOwner Owner of the rising event. ThresRisEvtName Name of the rising event. ThresFalEvtOwner Owner of the falling event. ThresFalEvtName Name of the falling event. ThresDeltaRisEvtOwner Owner of the Delta rising event.
Related commands action snmp mib event event owner (trigger-Boolean view) Use event owner to specify an event for a Boolean test. Use undo event to restore the default. Syntax event owner event-owner name event-name undo event Default No event is specified for a Boolean test. Views Trigger-Boolean view Predefined user roles...
Syntax event owner event-owner name event-name undo event Default No event is specified for an existence test. Views Trigger-existence view Predefined user roles network-admin Parameters event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner.
Parameters event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner. name event-name: Specifies the name of an event, a case-sensitive string of 1 to 32 characters. value integer-value: Specifies a falling threshold in the range of –2147483648 to 2147483647. The value must be smaller than or equal to the rising threshold.
Parameters interval: Specifies a sampling interval in the range of 1 to 4294967295 seconds. The sampling interval must be greater than or equal to the minimum sampling interval. Usage guidelines To set the minimum sampling interval, execute the snmp mib event sample minimum command. To avoid sampling failure, do not set the sampling interval too small when there are a large number of sampled objects.
For more information, see "object list (trigger view)." Examples # Specify the object list with the owner owner1 and name listA for an event with the owner owner1 and name EventA. <Sysname> system-view [Sysname] snmp mib event owner owner1 name EventA [Sysname-event-owner1-EventA] action notification [Sysname-event-owner1-EventA-notification] object list owner owner1 name listA Related commands...
Examples # Specify the object list with the owner owner1 and name objectA for a trigger. <Sysname> system-view [Sysname] snmp mib event trigger owner owner1 name triggerA [Sysname-trigger-owner1-triggerA] object list owner owner1 name objectA Related commands snmp mib event trigger object list (trigger-Boolean view) Use object list to specify an object list for a Boolean trigger test.
object list (trigger-existence view) Use object list to specify an object list for a Boolean trigger test. The objects in the list will be added to the notification triggered by the test. Use undo object list to restore the default. Syntax object list owner objects-owner name objects-name undo object list...
undo object list Default No object list is specified for a trigger-threshold test. Views Trigger-threshold view Predefined user roles network-admin Parameters owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner. name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters. Usage guidelines For more information, see "object list (trigger view)."...
Parameters object-identifier: Specifies a notification OID, a case-sensitive string of 1 to 255 characters. It must be a trap node. Usage guidelines The notification OID configured by using this command will be carried in the notification when the notification action is taken. Examples # Specify the notification OID 1.3.6.1.2.1.14.16.2.1 for the event with the owner owner1 and name EventA.
<Sysname> system-view [Sysname] snmp mib event owner owner1 name EventA [Sysname-event-owner1-EventA] action set [Sysname-event-owner1-EventA-set] oid 1.3.6.1.2.1.2.2.1.7.3 Related commands action snmp mib event owner wildcard oid (action-set view) oid (trigger view) Use oid to specify a MIB object for trigger sampling. Use undo oid to restore the default.
Use undo rising to restore the default. Syntax rising { event owner event-owner name event-name | value integer-value } undo rising { event | value } Default The rising threshold is 0, and no rising event is specified. Views Trigger-threshold view Predefined user roles network-admin Parameters...
Syntax sample { absolute | delta } undo sample Default The sampling method is absolute. Views Trigger view Predefined user roles network-admin Parameters absolute: Specifies the absolute sampling method. Use the current sampled value. delta: Specifies the delta sampling method. Use the difference between the current sampled value and previous sampled value.
Views System view Predefined user roles network-admin Parameters event-owner: Specifies an event owner. The event owner must be an existing SNMPv3 user. event-name: Specifies an event name, a case-sensitive string of 1 to 32 characters. Usage guidelines An event is identified by its owner and name. Examples # Create an event with the owner owner1 and the name EventA and enter its view.
Parameters owner group-owner: Specifies an object list owner. The object list owner must be an existing SNMPv3 user. name group-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters. object-index argument: Specifies an object list index in the range of 1 to 4294967295. oid object-identifier: Specifies an object by its OID or name, a case-sensitive string of 1 to 255 characters.
Predefined user roles network-admin Parameters max-number: Specifies the maximum number of object instances that can be concurrently sampled. The value is in the range of 0 to 4294967295. Usage guidelines If you use the wildcard option for an object, Event MIB also samples the wildcarded object instances. Include the wildcarded object instances when you calculate the number of the concurrently sampled instances.
Usage guidelines After you configure the minimum sampling interval, make sure the trigger sampling interval is greater than or equal to the minimum sampling interval. Changing the minimum sampling interval does not affect the existing instances. If the minimum sampling interval is changed to a value smaller than the sampling interval of a trigger, the existing instances of the trigger will continue to be sampled at its interval.
If the trigger owner has no read access to the monitored object configured in trigger view, sampling on the object cannot be performed. For more information about SNMPv3 user access rights, see Network Management and Monitoring Configuration Guide. Examples # Create a trigger with the owner owner1 and name triggerA. <Sysname>...
Syntax startup { absent | present } undo startup { absent | present } Default The existence test types for the first sampling are present and absent. Views Trigger-existence view Predefined user roles network-admin Parameters absent: Monitors the absence of a MIB object. present: Monitors the presence of a MIB object.
Default The threshold trap type for the first sampling is rising-or-falling. Views Trigger-threshold view Predefined user roles network-admin Parameters falling: Specifies the falling trap. rising: Specifies the rising trap. rising-or-falling: Specifies the rising or falling trap. Usage guidelines If the trap type for the first sampling is rising or rising-or-falling, a rising trap is triggered when the first sample value is greater than or equal to the rising threshold.
Default An event is triggered for the first Boolean sampling. Views Trigger-Boolean view Predefined user roles network-admin Usage guidelines For an event to be triggered when a trigger condition is met at the first Boolean sampling, execute the startup enable command. If the first sampling fails or the monitored object does not exist at the first sampling, the second sampling is considered the first sampling.
Parameters boolean: Specifies the Boolean test. This test compares the value of the monitored object with the reference value. existence: Specifies the existence test. This test monitors the absence, presence, and change of the monitored object. threshold: Specifies the threshold test. This test compares the value of the monitored object with the specified thresholds, such as rising threshold and falling threshold.
Examples # Create and enable a trigger. <Sysname>system-view [Sysname] snmp mib event trigger owner owner1 name triggerA [Sysname-trigger-owner1-triggerA] oid 1.3.6.1.2.1.2.2.1.1.3 [Sysname-trigger-owner1-triggerA] frequency 360 [Sysname-trigger-owner1-triggerA] trigger enable Related commands snmp mib event trigger type Use type to specify existence trigger test types. Use undo type to remove the existence trigger test types.
Related commands snmp mib event trigger startup test value (action-set view) Use value to set a value for a set-action object. Use undo value to restore the default. Syntax value integer-value undo value Default The value of a set-action object is 0. Views Action-set view Predefined user roles...
Use undo value to restore the default. Syntax value integer-value undo value Default The reference value is 0. Views Trigger-Boolean view Predefined user roles network-admin Parameters integer-value: Specifies a reference value in the range of –2147483648 to +2147483647. Usage guidelines A Boolean trigger test compares the sampled value with the reference value.
Views Action-set view Predefined user roles network-admin Usage guidelines This command must be used in conjunction with the context command. A wildcarded context has two parts: the context specified by the context command and the wildcarded part. Examples # Specify the context for the set-action object as contextname1 and enable wildcard search for the contexts.
Examples # Specify the contexts for the monitored object as contextname and enable wildcard search for the contexts. <Sysname> system-view [Sysname] snmp mib event trigger owner owner1 name triggerA [Sysname-trigger-owner1-triggerA] context contextname [Sysname-trigger-owner1-triggerA] wildcard context Related commands context snmp mib event trigger wildcard oid (action-set view) Use wildcard oid to enable wildcard search for the set-action object OIDs.
snmp mib event owner wildcard oid (trigger view) Use wildcard oid to enable wildcard search for the monitored object OIDs. Use undo wildcard oid to restore the default. Syntax wildcard oid undo wildcard oid Default A MIB object OID is fully specified. Views Trigger view Predefined user roles...
NETCONF commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. netconf log Use netconf log to enable NETCONF logging.
• set: Specifies all edit-config operations. • session: Specifies session-related NETCONF operations, including the kill-session and close-session operations, and capability exchanges by hello messages. • syntax: Specifies the requests that include XML and schema errors. • others: Specifies NETCONF operations except for those specified by keywords action, config, get, set, session, and syntax.
Usage guidelines This command is not available in FIPS mode. Only NETCONF clients permitted by the applied ACL can access the device through SOAP over HTTP. If you execute this command multiple times, the most recent configuration takes effect. Examples # Use ACL 2001 to allow only NETCONF clients in the subnet 10.10.0.0/16 to access the device through SOAP over HTTP.
netconf soap https acl Use netconf soap https acl to apply an ACL to NETCONF over SOAP over HTTPS traffic. Use undo netconf soap https acl to restore the default. Syntax netconf soap https acl { acl-number | name acl-name } undo netconf soap https acl Default No ACL is applied to NETCONF over SOAP over HTTPS traffic.
Syntax netconf soap https enable undo netconf soap https enable Default NETCONF over SOAP over HTTPS is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTPS packets.
Only capability set urn:ietf:params:netconf:base:1.0 is available. It is supported by both the device and user terminals. Examples # Enable NETCONF over SSH. <Sysname> system-view [Sysname] netconf ssh server enable netconf ssh server port Use netconf ssh server port to specify a port to listen for NETCONF over SSH connections. Use undo netconf ssh server port to restore the default.
Page 307
When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed. Examples # Enter XML view. <Sysname> xml <?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:pa rams:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-runnin g</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capabi lity><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capabil ity>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:hpe :params:netconf:capability:h3c-netconf-ext:1.0</capability></capabilities><session-id >1</session-id></hello>]]>]]> # Quit XML view. <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <close-session> </close-session> </rpc>]]>]]> <Sysname>...
CWMP commands cwmp Use cwmp to enter CWMP view. Syntax cwmp Views System view Predefined user roles network-admin Examples # Enter CWMP view. <Sysname> system-view [Sysname] cwmp Related commands cwmp enable cwmp acs default password Use cwmp acs default password to configure a password for authentication to the default ACS URL.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 33 to 373 characters. Usage guidelines You can configure only one password for authentication to the default ACS URL.
Usage guidelines The CPE attempts to connect to the default ACS URL if no ACS URL has been assigned to it through the cwmp acs url command or DHCP. You can configure only one default ACS URL. If you execute this command multiple times, the most recent configuration takes effect.
cwmp acs username Use cwmp acs username to configure the username for authentication to the preferred ACS URL. Use undo cwmp acs username to restore the default. Syntax cwmp acs username username undo cwmp acs username Default No username is configured for authentication to the preferred ACS URL. Views CWMP view Predefined user roles...
Default No CWMP connection interface is specified. The CPE automatically selects the CWMP connection interface. Views CWMP view Predefined user roles network-admin Parameters interface-type interface-number: Specifies the type and number of the CWMP connection interface. Usage guidelines A CWMP connection interface is the interface that the CPE uses to communicate with the ACS. To establish a CWMP connection, the CPE sends the IP address of this interface in the Inform message, and the ACS replies to this IP address.
Predefined user roles network-admin Parameters retries: Specifies the maximum number of CWMP connection retries. The value range is 0 to 100. To disable the CPE to retry a CWMP connection, set this argument to 0. Usage guidelines The CPE retries connecting to the ACS when its initial connection attempt fails or the CWMP session is ended before the CPE receives a session closed message from the ACS.
undo cwmp cpe inform time Default No connection initiation has been scheduled. Views CWMP view Predefined user roles network-admin Parameters time: Specifies the time at which the CPE sends an Inform message. The time format is yyyy-mm-ddThh:mm:ss, and the value range is 1970-01-01T00:00:00 to 2035-12-31T23:59:59. The specified time must be greater than the current system time.
Usage guidelines You can configure only one password for the ACS to authenticate to the CPE when it initiates a connection. If you execute this command multiple times, the most recent configuration takes effect. For a successful connection, make sure the ACS has the same username and password settings as the CPE.
ACS. For information about the support of your ACS for provision codes, see the ACS documentation. The CPE can have only one provision code. If you execute this command multiple times, the most recent configuration takes effect. Examples # Set the provision code to ABC20150714. <Sysname>...
Examples # Enable NAT traversal for the CPE. <Sysname> system-view [Sysname] cwmp [Sysname-cwmp] cwmp cpe stun enable cwmp cpe username Use cwmp cpe username to configure the username for the CPE to authenticate the ACS. Use undo cwmp cpe username to restore the default. Syntax cwmp cpe username username undo cwmp cpe username...
cwmp cpe wait timeout Use cwmp cpe wait timeout to set the close-wait timer for the CPE to close an idle connection. Use undo cwmp cpe wait timeout to restore the default. Syntax cwmp cpe wait timeout seconds undo cwmp cpe wait timeout Default The close-wait timer is 30 seconds.
Source IP interface : None STUN state : Disabled SSL policy name : Null Table 58 Command output Field Description Status of CWMP: Enabled or Disabled. CWMP state Preferred ACS URL. ACS URL This field displays Null if no preferred ACS URL has been specified. Username for the CPE to authenticate to the ACS.
Page 324
Syntax display cwmp status Views Any view Predefined user roles network-admin network-operator Examples # Display CWMP state information. <Sysname> display cwmp status CWMP state : Enabled ACS URL of most recent connection : http://www.acs.com:80/acs ACS information source : User ACS username of most recent connection : newname Connection status : Disconnected...
Field Description Amount of time (in seconds) that the CPE must wait before it initiates the next Length of time before next connection. This field displays None if the CPE does not detect an event that connection attempt will trigger a connection attempt. Related commands display cwmp configuration ssl client-policy...
EAA commands Commands and descriptions for centralized devices apply to the following routers: • MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. • MSR954(JH296A/JH297A/JH298A/JH299A/JH373A). • MSR958(JH300A/JH301A). Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. • action cli Use action cli to add a CLI action to a monitor policy.
To execute a command in a view other than user view, you must define actions required for accessing the target view before defining the command execution action. In addition, you must number the actions in the order they should be executed, starting with entering system view. For example, to shut down an interface, you must create the following actions in order: Action to enter system view.
Page 328
Predefined user roles network-admin Parameters number: Specifies an action ID in the range of 0 to 231. chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command reboots all IRF member devices. (Distributed devices in IRF mode.) slot slot-number: Specifies a card by its slot number.
<Sysname> system-view [Sysname] rtm cli-policy test [Sysname-rtm-test] action 3 reboot # (Centralized devices in IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1. <Sysname> system-view [Sysname] rtm cli-policy test [Sysname-rtm-test] action 3 reboot slot 1 # (Distributed devices in IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1.
• The device has only one MPU. • The standby MPU is not in up state. (Centralized devices in IRF mode.) This command does not trigger an active/standby switchover in either of the following situations: • No subordinate device is configured. •...
Usage guidelines EAA sends log messages to the information center. You can configure the information center to output these messages to certain destinations. For more information about the information center, see "Configuring the information center." You can configure a series of actions to be executed in response to the event specified in a monitor policy.
display rtm environment Use display rtm environment to display user-defined EAA environment variables and their values. Syntax display rtm environment [ var-name ] Views Any view Predefined user roles network-admin Parameters var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters.
Page 333
Predefined user roles network-admin Parameters active: Displays policies that are running. registered: Displays policies that have been created. policy-name: Specifies a policy by its name. If you do not specify a policy, the command displays all monitor policies that are running or have been created. verbose: Displays detailed information about monitor policies.
Field Description Source of the event specified in the policy. Event Options include CLI, HOTPLUG, INTERFACE, PROCESS, SNMP, SNMP_NOTIF, Event Type and SYSLOG. TimeActive Time when the policy started to execute. TimeRegistered Time when the policy was created. Total number Total number of policies.
Usage guidelines Use CLI event monitor policies to monitor operations performed at the CLI. You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event. Examples # Configure a CLI-defined policy to monitor execution of commands that contain the dis inter brief string.
Page 336
undo event Default No hotplug event is configured. Views CLI-defined policy view Predefined user roles network-admin Parameters insert: Specifies the card insert event. EAA executes the policy when card insertion occurs while the device is operating. remove: Specifies the card remove event. EAA executes the policy when card removal occurs while the device is operating.
(Centralized devices in IRF mode.) After you configure the event, the monitor policy is triggered when the member device joins or leaves the IRF fabric, or when a subcard is inserted in or removed from the specified subcard slot. If you do not specify the insert or remove keyword, EAA monitors the member device for joining or leaving the IRF fabric and the subcard slot for subcard hot-swapping.
Page 338
Default No interface event is configured. Views CLI-defined policy view Predefined user roles network-admin Parameters interface-type interface-number: Specifies an interface by its type and number. monitor-obj monitor-obj: Specifies the traffic statistic to be monitored on the interface. For keywords Table available for the monitor-obj argument, see start-op start-op: Specifies the operator for comparing the monitored traffic statistic with the start threshold.
Page 339
Table 63 Comparison operators Comparison operator Description Equal to. Greater than or equal to. Greater than. Less than or equal to. Less than. Not equal to. Usage guidelines Use interface event monitor policies to monitor traffic statistics on an interface. You can configure only one event for a monitor policy.
event process Use event process to configure a process event for a CLI-defined monitor policy. Use undo event to delete the event in a CLI-defined monitor policy. Syntax Distributed devices in standalone mode/centralized devices in standalone or IRF mode: event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ] undo event Distributed devices in IRF mode:...
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the policy applies to all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the policy applies to all IRF member devices.
Page 342
Parameters oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters. monitor-obj { get | next }: Specifies the SNMP operation used for sampling variable values. The get keyword represents the SNMP get operation, and the next keyword represents the SNMP getNext operation.
Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed. Executes the policy again. This process cycles for the monitor policy to be executed and re-executed. Examples # Configure a CLI-defined policy to get the value of the MIB variable 1.3.6.4.9.9.42.1.2.1.6.4 every five seconds.
Usage guidelines Use SNMP-Notification event monitor policies to monitor variables in SNMP notifications. EAA executes an SNMP-Notification event monitor policy when the value of the monitored variable in an SNMP notification meets the specified condition. You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds. Usage guidelines Use Syslog event monitor policies to monitor log messages.
Usage guidelines You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy. You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy, but you cannot assign the same name to policies that are the same type. For a CLI-defined monitor policy to take effect, you must execute the commit command after you complete configuring the policy.
Page 347
Variable name Description _syslog_pattern Log message content. Hotplug: (Centralized devices in standalone mode.) 0. (Distributed devices.) ID of the slot where card hot-swapping occurs. _slot (Centralized devices in IRF mode.) ID of the member device that joins or leaves the IRF fabric. _subslot ID of the subslot where a hot swap event occurs.
rtm scheduler suspend Use rtm scheduler suspend to suspend monitor policies. Use undo rtm scheduler suspend to resume monitor policies. Syntax rtm scheduler suspend undo rtm scheduler suspend Views System view Predefined user roles network-admin Usage guidelines This command disables all CLI-defined and Tcl-defined monitor policies except for the monitor policies that are running.
Parameters policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters. tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must make sure the file is available on a storage medium of the device. Usage guidelines When you use this command to create a Tcl-defined policy, follow these guidelines: (Centralized devices in IRF mode.) Make sure the script file is saved on all IRF member devices.
Predefined user roles network-admin Parameters time: Specifies the runtime of the CLI-defined policy, in the range of 0 to 31536000 seconds. If you specify 0, the policy can run forever until it is manually interrupted. Usage guidelines Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered. When the runtime is reached, the system stops executing the policy even if the execution is not finished.
Page 351
For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4, but it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1. A monitor policy supports a maximum of 64 valid user roles.
Process monitoring and maintenance commands Commands and descriptions for centralized devices apply to the following routers: • MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. • MSR954(JH296A/JH297A/JH298A/JH299A/JH373A). • MSR958(JH300A/JH301A). Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. The display memory, display process, display process cpu, monitor process, and monitor thread commands display information about both user processes and kernel threads.
Page 353
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays context information for process exceptions on the active MPU. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays context information for process exceptions on the IRF master device.
Filed Description Signals that led to the crash: • SIGABRT—Abort. • SIGBUS—Bus error. • SIGFPE—Erroneous arithmetic operation. • SIGILL—Illegal hardware instructions. • SIGQUIT—Quit signal sent by the controlling terminal. Crash signal • SIGSEGV—Invalid memory access. • SIGSYS—Invalid system call. • SIGTRAP—Trap message.
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays the core file directory on the IRF master device. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays the core file directory on the global active MPU.
Page 359
Predefined user roles network-admin Parameters show-number: Specifies the number of deadloops to display, in the range of 1 to 10. offset: Specifies the offset between the starting deadloop and the latest deadloop, in the range of 0 to 9. The default value is 0. verbose: Displays detailed information.
Page 360
Thread : comsh (TID: 16306) Context : thread context Chassis Slot CPU ID Kernel module info : module name (mrpnc) module address (0xe332a000) module name (12500) module address (0xe00bd000) Last 5 thread switches : migration/0 (11:16:00.823018)--> swapper (11:16:00.833018)--> kthreadd (11:16:00.833518)--> swapper (11:16:00.833550)-->...
Field Description Thread Name and number of the kernel thread deadloop. Context Context for the kernel thread deadloop. Chassis Number of the IRF member device on which the kernel thread ran. Slot number of the MPU on which the kernel thread ran. (Distributed devices in IRF or standalone mode.) ID of the IRF member device on which the kernel thread ran.
Views Any view Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the active MPU. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its ID.
Page 365
Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Instruction address : 0x4004158c Thread : comsh (TID: 16306) Context : thread context Chassis Slot CPU ID Kernel module info : module name (mrpnc) module address (0xe332a000) module name (disk) module address (0xe00bd000) # Display detailed information about the latest kernel thread exception.
Page 366
Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ; Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ; Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ; Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;...
Function Address = 0x8016ce0c Function Address = 0x801223a0 Instruction dump: 41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80 4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c Table For detailed information about the command output, see Related commands reset kernel exception display kernel reboot Use display kernel reboot to display kernel thread reboot information.
Page 368
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread reboot information for the global active MPU. (Distributed devices in IRF mode.) cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.) Examples # Display brief information about the latest kernel thread reboot.
Field Description Chassis Number of the IRF member device where the kernel thread ran. Slot number of the MPU where the kernel thread ran. (Distributed devices in IRF or standalone mode.) IRF member ID of the device where the kernel thread ran. (Centralized devices Slot in IRF mode.) Fixed to 0 without any special meaning.
Page 371
offset: Specifies the offset between the starting starvation and the latest starvation, in the range of 0 to 9. The default value is 0. verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information. slot slot-number: Specifies an MPU by its slot number.
Page 372
module name (12500) module address (0xe00bd000) Last 5 thread switches : migration/0 (11:16:00.823018)--> swapper (11:16:00.833018)--> kthreadd (11:16:00.833518)--> swapper (11:16:00.833550)--> disk (11:16:00.833560) Register content: Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ; Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;...
0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00 0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0 0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00 0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc 0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18 0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f...
Page 374
Distributed devices in IRF mode: display kernel starvation configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread starvation detection configuration on the active MPU.
display process Use display process to display process state information. Syntax Centralized devices in standalone mode: display process [ all | job job-id | name process-name ] Distributed devices in standalone mode/centralized devices in IRF mode: display process [ all | job job-id | name process-name ] [ slot slot-number [ cpu cpu-number ] ] Distributed devices in IRF mode: display process [ all | job job-id | name process-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]...
Page 376
Examples # Display state information for process scmd. <Sysname> display process name scmd Job ID: 1 PID: 1 Parent JID: 0 Parent PID: 0 Executable path: - Instance: 0 Respawn: OFF Respawn count: 1 Max. spawns per minute: 0 Last started: Wed Jun 1 14:45:46 2013 Process state: sleeping Max.
Page 377
Field Description Maximum number of core files that the process can create. 0 indicates that the process never creates a core file. A process creates a core file after it Max. core abnormally restarts. If the number of core files reaches the maximum value, no more core files are created.
Table 71 Command output Field Description Job ID of a process. It never changes. Number of a process. %CPU CPU usage in percentage (%). %MEM Memory usage in percentage (%). State of a process: • R—Running. • S—Sleeping. STAT • T—Traced or stopped.
Page 379
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Field Description Name of the process. If square brackets ([ ]) exist in a process name, the Name process is a kernel thread. display process log Use display process log to display log information for all user processes. Syntax Centralized devices in standalone mode: display process log Distributed devices in standalone mode/centralized devices in IRF mode: display process log [ slot slot-number [ cpu cpu-number ] ]...
knotify 12-17 07:10:31 12-17 07:10:31 autocfgd 12-17 07:10:31 12-17 07:10:31 pkg_update 12-17 07:10:30 12-17 07:10:31 Table 73 Command output Field Description Process Name of a user process. JobID Job ID of a user process. ID of a user process. Indicates whether the process exited abnormally: •...
Page 382
Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory usage for all user processes on the active MPU. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device.
Field Description Stack Stack memory used by the user process, in KB. The value for a kernel thread is 0. Dynamic Dynamic memory used by the user process, in KB. The value for a kernel thread is 0. Name of the user process. If square brackets ([ ]) exist in a process name, the process is Name a kernel thread.
Page 384
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU.
Field Description Free Ratio Ratio of free memory to total memory. It helps identify fragment information. Related commands display process memory display process memory heap address display process memory heap size display process memory heap address Use display process memory heap address to display heap memory content starting from a specified memory block for a process.
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU.
Page 387
Views Any view Predefined user roles network-admin network-operator Parameters job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. size memory-size: Specifies the memory block size in the range of 1 to 4294967295. offset offset-size: Specifies an offset in the range of 0 to 4294967295. The default value is 128. For example, suppose the system allocates 100 16-byte memory blocks to process job 1, and the process has used 66 blocks.
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.) Usage guidelines Kernel threads share resources in kernel space. If a kernel thread monopolizes the CPU for a long time, other threads cannot run, resulting in a deadloop. The command enables the device to detect deadloops.
Page 391
undo monitor kernel deadloop exclude-thread [ tid ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Default Kernel thread deadloop detection monitors all kernel threads. Views System view Predefined user roles network-admin Parameters tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.
monitor kernel deadloop time Use monitor kernel deadloop time to set the interval for identifying a kernel thread deadloop. Use undo monitor kernel deadloop time to restore the default. Syntax Centralized devices in standalone mode: monitor kernel deadloop time time undo monitor kernel deadloop time Distributed devices in standalone mode/centralized devices in IRF mode: monitor kernel deadloop time time [ slot slot-number [ cpu cpu-number ] ]...
Usage guidelines If a kernel thread runs for the specified interval, kernel thread deadloop detection considers that a deadloop has occurred. The system records the deadloop and restarts. Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.
Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.
Page 395
Syntax Centralized devices in standalone mode: monitor kernel starvation exclude-thread tid undo monitor kernel starvation exclude-thread [ tid ] Distributed devices in standalone mode/centralized devices in IRF mode: monitor kernel starvation exclude-thread tid [ slot slot-number [ cpu cpu-number ] ] undo monitor kernel starvation exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ] Distributed devices in IRF mode: monitor kernel starvation exclude-thread tid [ chassis chassis-number slot slot-number [ cpu...
Examples # Disable kernel thread starvation detection for kernel thread 15. <Sysname> system-view [Sysname] monitor kernel starvation exclude-thread 15 Related commands display kernel starvation display kernel starvation configuration monitor kernel starvation time monitor kernel starvation enable monitor kernel starvation time Use monitor kernel starvation time to set the interval for identifying a kernel thread starvation.
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.
Page 398
Predefined user roles network-admin Parameters dumbtty: Specifies dumbtty mode. In this mode, the command displays process statistics in descending order of CPU usage without refreshing statistics. If you do not specify this keyword, the command displays statistics for the top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.
Page 399
Commands Description Refreshes the screen. Sorts processes by memory usage in descending order. Changes the maximum number of processes displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only processes not exceeding the screen size can be displayed.
State HH:MM:SS Name 5384K 00:00:01 0.00% dbmd 2464K 00:00:02 0.00% ipbased 1956K 00:00:00 0.00% 30600K 00:00:00 0.00% lsmd 61592K 00:00:00 0.00% routed • Enter k and then enter a JID to kill a process. If you enter 884, the process with the JID of 884 is killed.
Page 403
Syntax Centralized devices in standalone mode: monitor thread [ dumbtty ] [ iteration number ] Distributed devices in standalone mode/centralized devices in IRF mode: monitor thread [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ] Distributed devices in IRF mode: monitor thread [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]...
Page 404
Table 78 Interactive commands Commands Description ? or h Displays help information that includes available interactive commands. Sets the interval for refreshing statistics. The default interval is 5 seconds. Kills a process. Because the command can impact system operation, be cautious when you use it.
Page 405
00:00:06 0.42% scmd 1160 1160 00:00:01 0.21% sshd 00:00:00 0.00% [kthreadd] 00:00:01 0.00% [ksoftirqd/0] 00:00:00 0.00% [watchdog/0] 00:00:00 0.00% [events/0] 00:00:00 0.00% [khelper] • Enter h or a question mark (?) to display help information as follows: Help for interactive commands: Show the available interactive commands Sort by the CPU field(default) Set the delay interval between screen updates...
00:00:04 0.12% [DIBC] 00:00:22 0.12% [MNET] • Enter q to quit interactive mode. Table 79 Command output Field Description 84 processes; 107 Numbers of processes and threads. threads Job ID of a thread, which never changes. ID of a thread. LAST_CPU Number of the CPU on which the latest thread scheduling occurs.
Page 407
Default A process generates a core file for the first exception and does not generate any core files for subsequent exceptions. Predefined user roles network-admin Parameters off: Disables core file generation. maxcore value: Enables core file generation and sets the maximum number of core files, in the range of 1 to 10.
reset kernel reboot [ slot slot-number [ cpu cpu-number ] ] Distributed devices in IRF mode: reset kernel reboot [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread reboot information for the active MPU.
Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread starvation information for the active MPU. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its ID.
Usage guidelines Use this command to start a third-party process, such as Wifidog, Puppet, or Chef. Examples # Start third-party process puppet. <Sysname> system-view [Sysname] third-part-process start name puppet arg agent --certname=1.1.1.1 --server=1.1.1.2 Related commands third-part-process stop third-part-process stop Use third-part-process stop to stop a third-party process. Syntax third-part-process stop pid pid&<1-10>...
Sampler commands Commands and descriptions for centralized devices apply to the following routers: • MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. • MSR954(JH296A/JH297A/JH298A/JH299A/JH373A). • MSR958(JH300A/JH301A). Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display sampler Use display sampler to display configuration information for a sampler. Syntax Centralized devices in standalone mode: display sampler [ sampler-name ]...
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays sampler configuration information for the master device. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Page 417
Default No samplers exist. Views System view Predefined user roles network-admin Parameters sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. fixed: Specifies the fixed sampling mode. A sampler in this mode selects the first packet per sampling.
Port mirroring commands Commands and descriptions for centralized devices apply to the following routers: • MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. • MSR954(JH296A/JH297A/JH298A/JH299A/JH373A). • MSR958(JH300A/JH301A). Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display mirroring-group Use display mirroring-group to display mirroring group information.
Monitor port: GigabitEthernet1/0/2 GigabitEthernet1/0/3 GigabitEthernet1/0/4 Mirroring group 3: Type: Local Status: Active Mirroring port: GigabitEthernet1/0/5 Inbound GigabitEthernet1/0/6 Both Monitor port: GigabitEthernet1/0/7 Table 81 Command output Field Description Mirroring group Number of the mirroring group. Type Type of the mirroring group: Local. Status of the mirroring group: •...
Examples # Create local mirroring group 1. <Sysname> system-view [Sysname] mirroring-group 1 local mirroring-group mirroring-port (interface view) Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group. Use undo mirroring-group mirroring-port to restore the default. Syntax mirroring-group group-id mirroring-port { both | inbound | outbound } undo mirroring-group group-id mirroring-port...
mirroring-group mirroring-port (system view) Use mirroring-group mirroring-port to configure source ports for a mirroring group. Use undo mirroring-group mirroring-port to remove source ports from a mirroring group. Syntax mirroring-group group-id mirroring-port interface-list { both | inbound | outbound } undo mirroring-group group-id mirroring-port interface-list Default No source port is configured for a mirroring group.
mirroring-group monitor-port (interface view) Use mirroring-group monitor-port to configure a port as a monitor port for a mirroring group. Use undo mirroring-group monitor-port to restore the default. Syntax mirroring-group group-id monitor-port undo mirroring-group group-id monitor-port Default A port does not act as a monitor port for any mirroring groups. Views Interface view Predefined user roles...
Page 423
undo mirroring-group group-id monitor-port interface-type interface-number Default No monitor port is configured for a mirroring group. Views System view Predefined user roles network-admin Parameters group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6. interface-type interface-number: Specifies an interface by its type and number.
Flow mirroring commands mirror-to Use mirror-to to configure a mirroring action for a traffic behavior. Use undo mirror-to to delete a mirroring action. Syntax mirror-to interface interface-type interface-number undo mirror-to interface interface-type interface-number Default No mirroring action is configured for a traffic behavior. Views Traffic behavior view Predefined user roles...
NetStream configuration commands Commands and descriptions for centralized devices apply to the following routers: • MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. • MSR954(JH296A/JH297A/JH298A/JH299A/JH373A). • MSR958(JH300A/JH301A). Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ip netstream cache Use display ip netstream cache to display NetStream entry information.
Page 426
type: Specifies the NetStream entry type. If you do not specify this keyword, this commands displays information about all types of NetStream entries. ip: Specifies Layer 3 NetStream entries. ipl2: Specifies Layer 2 and Layer 3 NetStream entries. l2: Specifies Layer 2 NetStream entries. mpls: Specifies MPLS NetStream entries.
Page 430
MPLS LDP(4.4.4.4/24) 1:55-6-0 2:16-6-1 DstMask: SrcMask: NextHop: 172.16.2.10 DstAS: SrcAS: BGPNextHop: 0.0.0.0 InVRF: SamplerMode: SamplerInt: Active: 382.542 Bytes/Pkt: 1426 First packet arrived: 10/28/2013, 14:12:03 Last packet arrived: 10/28/2013, 14:23:03 Table 82 Command output Field Description Active flow timeout Aging timer for active flows, in minutes. Inactive flow timeout Aging timer for inactive flows, in seconds.
Page 431
Field Description Statistics of packets by protocol type: • Protocol type. • Protocol Total Flows Packets Total number of flows. /sec • Number of packets per second. • Flows/sec Packets/flow Number of flows per second. • Active(sec)/flow Idle(sec)/flow Number of packets per flow. •...
Field Description Other information about the active flows in the cache: • TCP tag. • Destination mask. • Source mask. • Routing next hop. TCPFlag: • Destination AS. DstMask: SrcMask: • Source AS. NextHop: • BGP next hop. DstAS: SrcAS: •...
MPLS export information: Flow source interface : GigabitEthernet1/0/1 Flow destination VPN instance : VPN1 Flow destination IP address (UDP) : 10.10.0.10 (30000) Version 9 exported flows number : 20 Version 9 exported UDP datagrams number (failed) : 2 (0) as aggregation export information: Flow source interface : GigabitEthernet1/0/1 Flow destination VPN instance...
Page 434
display ip netstream template Distributed devices in standalone mode/centralized devices in IRF mode: display ip netstream template [ slot slot-number ] Distributed devices in IRF mode: display ip netstream template [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
Page 435
Flows Out packets Out bytes First forwarded Last forwarded Source AS Destination AS Input interface index Output interface index Direction Sampling algorithm Sampling interval AS inbound template: Template ID : 3257 Packets Last template export time : Never Field count : 14 Field type Field length (bytes)
Field Description Field type Type of a field in the template. Field length (bytes) Length of the field, in bytes. Flows Number of aggregate flows. Out packets Number of sent packets. In packets Number of received packets. Out bytes Size of sent packets, in bytes. In bytes Size of received packets, in bytes.
ip netstream Use ip netstream to enable NetStream on an interface. Use undo ip netstream to disable NetStream on an interface. Syntax ip netstream [ inbound | outbound ] undo ip netstream [ inbound | outbound ] Default NetStream is disabled on an interface. Views Interface view Predefined user roles...
Predefined user roles network-admin Parameters inbound: Filters incoming traffic. outbound: Filters outgoing traffic. acl ipv4-acl-number: Specifies an IPv4 ACL by its number. For an IPv4 basic ACL, the value range is 2000 to 2999. For an IPv4 advanced ACL, the value range is 3000 to 3999. Usage guidelines NetStream filtering uses an ACL to identify intended packets.
sampler sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. Examples # Use sampler abc for inbound NetStream sampling on GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ip netstream inbound [Sysname-GigabitEthernet1/0/1] ip netstream inbound sampler abc ip netstream aggregation Use ip netstream aggregation to specify a NetStream aggregation mode and enter its view.
tos-protocol-port: Specifies the ToS-protocol-port aggregation by ToS, protocol number, source port, destination port, inbound interface index, and outbound interface index. tos-source-prefix: Specifies the ToS-source-prefix aggregation by ToS, source AS number, source prefix, source address mask length, and inbound interface index. Usage guidelines In NetStream aggregation mode view, you can perform the following tasks: •...
Parameters ip-address: Specifies the destination IP address. udp-port: Specifies the destination UDP port number in the range of 0 to 65535. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the destination host belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
Use undo ip netstream export rate to restore the default. Syntax ip netstream export rate rate undo ip netstream export rate Default The export rate of NetStream data is not limited. Views System view Predefined user roles network-admin Parameters rate: Specifies the maximum number of packets to be exported per second. The value range is 1 to 1000.
Usage guidelines You can configure different source interfaces in different NetStream aggregation mode views. If no source interface is configured in NetStream aggregation mode view, the source interface in system view applies. Examples # In system view, specify GigabitEthernet 1/0/1 as the source interface for NetStream traditional data packets.
Usage guidelines Version 9 is template-based and supports user-defined formats. A NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates. You can configure the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.
You can adjust the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met. To configure the refresh frequency for version 9 templates, use the ip netstream export v9-template refresh-rate packet command.
Usage guidelines A NetStream entry records the source IP address and destination IP address, and two AS numbers for each IP address. You can choose to configure which AS numbers are to be exported as the source AS and destination AS. You can choose to record BGP next hop data only when you configure the version 9 format.
(Distributed devices in IRF mode.) The max-entries argument takes effect on each card of each IRF member device. (Centralized devices in IRF mode.) The max-entries argument takes effect on each IRF member device. If you execute this command multiple times, the most recent configuration takes effect. Examples # Set the upper limit to 5000 for NetStream entries.
Examples # Enable NetStream for MPLS packets with top label counted but without IP fields. <Sysname> system-view [Sysname] ip netstream mpls no-ip-fields ip netstream timeout active Use ip netstream timeout active to set the aging timer for active flows. Use undo ip netstream timeout active to restore the default. Syntax ip netstream timeout active minutes undo ip netstream timeout active...
undo ip netstream timeout inactive Default The aging timer is 30 seconds for inactive flows. Views System view Predefined user roles network-admin Parameters seconds: Sets the aging timer for inactive flows, in the range of 10 to 600 seconds. Usage guidelines A flow is considered inactive if no packet for the NetStream entry arrives before the timer set by this command expires.
IPv6 NetStream commands Commands and descriptions for centralized devices apply to the following routers: • MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. • MSR954(JH296A/JH297A/JH298A/JH299A/JH373A). • MSR958(JH300A/JH301A). Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ipv6 netstream cache Use display ipv6 netstream cache to display IPv6 NetStream entry information.
Page 452
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv6 NetStream entries for all cards.
Page 453
2:24-6-0 3:30-6-1 IP& 2010::1(1024) 2020::1(67) 0x12345 0x0 GE1/0/3(I) 1848 MPLS LDP(4.4.4.4/24) 1:55-6-0 2:16-6-1 2:0-0-0 # (Distributed devices in standalone mode.) Display information about IPv6 NetStream entries for the card in slot 1. <Sysname> display ipv6 netstream cache slot 1 IPv6 NetStream cache information: Active flow timeout : 60 min Inactive flow timeout...
Page 455
Field Description Range of IPv6 packet length (excluding data link layer header). • For the values in the range of 1 to 576 bytes, the range increases in the step of 32 bytes. For example, 1-32 shows the number of packets with the size of 1 to 32 1-32 64 96 128 160 192 224 256 288 bytes.
Field Description Information about the active MPLS flows in the current cache: • Type of the labels at the top of the label stack: IP address associated with the label. Mask associated with the label. • TopLblType(IP/MASK) Lbl-Exp-S-List Label list: Lbl—20-bit label value.
Flow destination VPN instance : VPN1 Flow destination IP address (UDP) : 40::1 (30000) Version 9 exported flows number : 16 Version 9 exported UDP datagrams number (failed) : 2 (0) IPv6 export information: Flow source interface : GigabitEthernet1/0/1 Flow destination VPN instance : VPN1 Flow destination IP address (UDP) : 40::1 (30000)
Page 458
display ipv6 netstream template [ slot slot-number ] Distributed devices in IRF mode: display ipv6 netstream template [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays IPv6 NetStream template information for the active MPU.
Page 459
Source AS Destination AS Input Interface Index Output Interface Index IP protocol version Direction Sampling algorithm Sampling interval AS inbound template: Template ID : 3292 Field count : 14 Field type Field length (bytes) --------------------------------------------------------------------------- Flows In packets In bytes First forwarded Last forwarded Source AS...
Page 460
L4 source port L4 destination port IP protocol version TCP flags Protocol Source ToS IPv6 source mask IPv6 destination mask Direction Forwarding offset Out VPN ID Sampling algorithm Sampling interval L3 inbound template: Template ID : 3306 Field count : 27 Field type Field length (bytes) ---------------------------------------------------------------------------...
Table 87 Command output Field Description Refresh frequency at which the templates are sent, in Flow template refresh frequency packets. Refresh interval at which the templates are sent, in Flow template refresh interval minutes. Active flow templates Number of active IPv6 NetStream templates. Created flow templates Number of templates that have been created.
Views IPv6 NetStream aggregation mode view Predefined user roles network-admin Examples # Enable IPv6 NetStream AS aggregation mode. <Sysname> system-view [Sysname] ipv6 netstream aggregation as [Sysname-ns6-aggregation-as] enable Related commands ipv6 netstream aggregation ipv6 netstream Use ipv6 netstream to enable IPv6 NetStream on an interface. Use undo ipv6 netstream to disable IPv6 NetStream on an interface.
Default IPv6 NetStream sampling is disabled. Views Interface view Predefined user roles network-admin Parameters inbound: Enables IPv6 NetStream sampling in the inbound direction. outbound: Enables IPv6 NetStream sampling in the outbound direction. sampler sampler-name: Specifies a sampler by its name. The name is a case-insensitive string of 1 to 31 characters.
Page 465
Parameters as: Specifies the AS aggregation by source AS number, destination AS number, input interface index, and output interface index. bgp-nexthop: Specifies the BGP nexthop aggregation by BGP next hop IPv6 address and output interface index. destination-prefix: Specifies the destination-prefix aggregation by destination AS number, destination address mask length, destination prefix, and output interface index.
ipv6 netstream export host Use ipv6 netstream export host to specify a destination host for IPv6 NetStream data export. Use undo ipv6 netstream export host to remove the specified destination host or all destination hosts that are configured in the current view. Syntax ipv6 netstream export host { ipv4-address | ipv6-address } udp-port [ vpn-instance vpn-instance-name ]...
IPv6 NetStream traditional data is exported to all destination hosts in system view. IPv6 NetStream aggregation data is exported to all destination hosts in the related aggregation view. If you expect only IPv6 NetStream aggregation data, specify destination hosts only in the IPv6 NetStream aggregation mode view.
[Sysname] ipv6 netstream export rate 10 ipv6 netstream export source Use ipv6 netstream export source to specify the source interface for data packets sent to NetStream servers. The IPv6 address of the interface is used as the source IPv6 address of the data packets.
ipv6 netstream export v9-template refresh-rate packet Use ipv6 netstream export v9-template refresh-rate packet to configure the refresh frequency (in packets) for IPv6 NetStream version 9 templates. The templates are sent after the specified number of packets are sent. Use undo ipv6 netstream export v9-template refresh-rate packet to restore the default. Syntax ipv6 netstream export v9-template refresh-rate packet packets undo ipv6 netstream export v9-template refresh-rate packet...
ipv6 netstream export v9-template refresh-rate time Use ipv6 netstream export v9-template refresh-rate time to configure the sending interval for IPv6 NetStream version 9 templates. Use undo ipv6 netstream export v9-template refresh-rate time to restore the default. Syntax ipv6 netstream export v9-template refresh-rate time minutes undo ipv6 netstream export v9-template refresh-rate time Default Version 9 templates are sent every 30 minutes.
Syntax ipv6 netstream export version 9 [ origin-as | peer-as ] [ bgp-nexthop ] undo ipv6 netstream export version Default The version 9 format is used to export IPv6 NetStream traditional data, IPv6 NetStream aggregation data, and MPLS flow data with IPv6 fields. The peer AS numbers are recorded.
Default The upper limit for IPv6 NetStream entries is 10000. Views System view Predefined user roles network-admin Parameters max-entries: Specifies the upper limit for IPv6 NetStream entries that the cache can accommodate. The value range is 1000 to 100000. Usage guidelines (Distributed devices in standalone mode.) The max-entries argument takes effect on each card.
Parameters minutes: Sets the aging timer for active flows, in the range of 1 to 60 minutes. Usage guidelines A flow is considered active if packets for the IPv6 NetStream entry arrive before the timer set by this command expires. Examples # Set the aging timer to 60 minutes for active flows.
reset ipv6 netstream statistics Use reset ipv6 netstream statistics to age out all flows in the cache and export IPv6 NetStream data. Syntax reset ipv6 netstream statistics Views User view Predefined user roles network-admin Usage guidelines It takes the system several minutes to execute the command. During this period, the system does not collect IPv6 NetStream data.
sFlow commands sFlow is not supported on Layer 2 Ethernet interfaces and Layer-configurable Ethernet interfaces. The following matrix shows the feature and hardware compatibility: Hardware sFlow compatibility MSR954(JH296A/JH297A/JH298A/JH299A/JH373A) MSR958(JH300A/JH301A) MSR1002-4/1003-8S MSR2003 Yes on GigabitEthernet 0/0 MSR2004-24/2004-48 No on GigabitEthernet 0/1 and GigabitEthernet 0/2 MSR3012/3024/3044/3064 No on the management Ethernet interfaces of the MPUs...
Interface Interval(s) FID MaxHLen Rate Mode Status GE1/0/1 1000 determine Active GE1/0/2 1000 determine Active Table 88 Command output Field Description sFlow version, which can only take the value of 5. The device can send only sFlow datagram version sFlow packets whose sFlow version is 5. Global information Global sFlow information.
Use undo sflow agent to restore the default. Syntax sflow agent { ip ipv4-address | ipv6 ipv6-address } undo sflow agent { ip | ipv6 } Default No IP address is configured for the sFlow agent. The device periodically identifies whether the sFlow agent has an IP address.
Predefined user roles network-admin Parameters collector-id: Specifies an sFlow collector by its ID. The value range for this argument is 1 to 10. vpn-instance vpn-instance-name: Specifies a VPN instance by its name for the sFlow collector. A VPN instance name is a case-sensitive string of 1 to 31 characters and cannot contain spaces. By default, the sFlow collector belongs to the public network.
undo sflow counter interval Default Counter sampling is disabled. Views Layer 3 Ethernet interface view Predefined user roles network-admin Parameters interval: Specifies the counter sampling interval in the range of 2 to 86400 seconds. Examples # Enable counter sampling and set the counter sampling interval to 120 seconds on GigabitEthernet 1/0/1.
sflow flow collector Use sflow flow collector to specify an sFlow collector for flow sampling. Use undo sflow flow collector to restore the default. Syntax sflow flow collector collector-id undo sflow flow collector Default No sFlow collector is specified for flow sampling. Views Layer 3 Ethernet interface view Predefined user roles...
Parameters length: Specifies the maximum number of bytes that can be copied, in the range of 18 to 512. As a best practice, use the default value. Examples # Set the maximum number of bytes to 60 for flow sampling to copy per packet on GigabitEthernet 1/0/1.
sflow sampling-rate Use sflow sampling-rate to enable flow sampling and specify the number of packets out of which flow sampling will sample a packet on an interface. Use undo sflow sampling-rate to disable flow sampling on an interface. Syntax sflow sampling-rate rate undo sflow sampling-rate Default Flow sampling is disabled.
Page 483
Views System view Predefined user roles network-admin Parameters ip ipv4-address: Specifies the source IPv4 address of sent sFlow packets. ipv6 ipv6-address: Specifies the source IPv6 address of sent sFlow packets. Examples # Specify the source IPv4 address of sent sFlow packets as 10.0.0.1. <Sysname>...
Information center commands Commands and descriptions for centralized devices apply to the following routers: • MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • MSR3012/3024/3044/3064. • MSR954(JH296A/JH297A/JH298A/JH299A/JH373A). • MSR958(JH300A/JH301A). Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. diagnostic-logfile save Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
Predefined user roles network-admin network-operator Examples # Display information center configuration. <Sysname> display info-center Information Center: Enabled Console: Enabled Monitor: Enabled Log host: Enabled 192.168.0.1, port number: 514, host facility: local7 Log buffer: Enabled Max buffer size 1024, current buffer size 512, Current messages 0, dropped messages 0, overwritten messages 0 Log file: Enabled Security log file: Enabled...
Page 487
Parameters reverse: Displays log entries chronologically, with the most recent entry at the top. If you do not specify this keyword, the command displays log entries chronologically, with the oldest entry at the top. level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information for all levels.
Page 488
Actual buffer size: 512 Dropped messages: 0 Overwritten messages: 718 Current messages: 512 %Jun 17 15:57:09:578 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted -- … # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the state and log information of the log buffer. <Sysname>...
info-center diagnostic-logfile directory Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file. Syntax info-center diagnostic-logfile directory dir-name Default Diagnostic log files are saved in the diagfile directory under the root directory of the storage device. Views System view Predefined user roles...
Syntax info-center diagnostic-logfile enable undo info-center diagnostic-logfile enable Default Saving diagnostic logs to the diagnostic log file is enabled. Views System view Predefined user roles network-admin Usage guidelines This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems.
Examples # Set the diagnostic log file saving interval to 600 seconds. <Sysname> system-view [Sysname] info-center diagnostic-logfile frequency 600 Related commands info-center diagnostic-logfile enable info-center diagnostic-logfile quota Use info-center diagnostic-logfile quota to set the maximum size for the diagnostic log file. Use undo info-center diagnostic-logfile quota to restore the default.
Views System view Predefined user roles network-admin Examples # Enable the information center. <Sysname> system-view [Sysname] info-center enable Information center is enabled. info-center format Use info-center format to set the format for logs sent to log hosts. Use undo info-center format to restore the default. Syntax info-center format { unicom | cmcc } undo info-center format...
Use undo info-center logbuffer to disable log output to the log buffer. Syntax info-center logbuffer undo info-center logbuffer Default Log output to the log buffer is enabled. Views System view Predefined user roles network-admin Examples # Enable log output to the log buffer. <Sysname>...
Examples # Set the maximum log buffer size to 50. <Sysname> system-view [Sysname] info-center logbuffer size 50 # Restore the default maximum log buffer size. <Sysname> system-view [Sysname] undo info-center logbuffer size Related commands display logbuffer info-center enable info-center logfile directory Use info-center logfile directory to specify the directory to save the log file.
Examples # Create a directory named test under the flash root directory. <Sysname> mkdir test Creating directory flash:/test... Done. # Set the log file directory to flash:/test. <Sysname> system-view [Sysname] info-center logfile directory flash:/test Related commands info-center logfile enable info-center logfile enable Use info-center logfile enable to enable the log file feature.
Default The log file saving interval is 86400 seconds. Views System view Predefined user roles network-admin Parameters freq-sec: Specifies the log file saving interval in seconds. The value range is 1 to 86400. Usage guidelines This command enables the system to automatically save logs in the log file buffer to the log file at the specified interval.
Log file overwrite protection enables the system to stop saving new logs when the last log file is full or the storage device runs out of space. Examples # Enable log file overwrite-protection. <Sysname> system-view [Sysname] info-center logfile overwrite-protection info-center logfile size-quota Use info-center logfile size-quota to set the maximum size for the log file.
Page 502
Default Duplicate log suppression is disabled. Views System view Predefined user roles network-admin Usage guidelines Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources. With this feature enabled, the system starts a suppression period when outputting a new log: •...
%Jan 1 07:30:20:541 2000 Sysname ARP/6/DUPIFIP: Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d This message repeated 1 times in last 1 second. %Jan 1 07:30:19:542 2000 Sysname CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[12]-CommandSource=[2]-ConfigSource=[4]-ConfigDestination=[2]; Configuration is changed. The output shows that a different log is generated during the suppression period. %Jan 1 07:30:24:643 2000 Sysname ARP/6/DUPIFIP: Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d...
port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, logs cannot be sent to the log host.
Syntax info-center security-logfile directory dir-name Default The security log file is saved in the seclog directory under the root directory of the storage device. Views System view Predefined user roles security-audit Parameters dir-name: Specifies a directory by its name, a string of 1 to 64 characters. Usage guidelines The specified directory must have been created.
Default The saving of security logs to the security log file is disabled. Views System view Predefined user roles network-admin Usage guidelines This feature enables the system to output security logs to the security log file buffer, and then saves the buffered logs to the security log file regularly.
[Sysname] info-center security-logfile frequency 600 Related commands info-center security-logfile enable info-center security-logfile size-quota Use info-center security-logfile size-quota to set the maximum size for the security log file. Use undo info-center security-logfile size-quota to restore the default. Syntax info-center security-logfile size-quota size undo info-center security-logfile size-quota Default The maximum size for the security log file is 10 MB.
Page 509
Default Table 95 lists the default log output rules. Table 95 Default output rules Source Common Diagnostic Destination Security log Hidden log modules All supported Console debugging Disabled Disabled Disabled modules Monitor All supported debugging Disabled Disabled Disabled terminal modules All supported Log host informational...
level severity: Specifies a severity level in the range of 0 to 7. The smaller the severity value, the Table 90 higher the severity level. See for more information. Logs at the specified severity level and higher levels are allowed or denied to be output. Usage guidelines If you do not set an output rule for a module, the module uses the output rule set by using the default keyword.
provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped. Examples # Enable synchronous information output, and then execute the display current-configuration command to view the current configuration of the device. <Sysname>...
Views System view Predefined user roles network-admin Parameters min-age: Sets the minimum storage period in hours. The value range is 1 to 8760. Examples # Set the minimum storage period to 168 hours for log files and logs in the log buffer. <Sysname>...
<Sysname> system-view [Sysname] info-center syslog trap buffersize 2048 Related commands snmp-agent trap enable syslog info-center timestamp Use info-center timestamp to set the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file. Use undo info-center timestamp to restore the default. Syntax info-center timestamp { boot | date | none } undo info-center timestamp...
Related commands info-center timestamp loghost info-center timestamp loghost Use info-center timestamp loghost to set the timestamp format for logs sent to log hosts. Use undo info-center timestamp loghost to restore the default. Syntax info-center timestamp loghost { date | iso | no-year-date | none } undo info-center timestamp loghost Default The timestamp format for logs sent to log hosts is date.
undo info-center trace-logfile quota Default The maximum size for the trace log file is 1 MB. Views System view Predefined user roles network-admin Parameters size: Sets the maximum size for the trace log file, in MB. The value range is 1 to 10. Examples # Set the maximum size to 6 MB for the trace log file.
info-center logfile directory reset logbuffer Use reset logbuffer to clear the log buffer. Syntax reset logbuffer Views User view Predefined user roles network-admin Examples # Clear the log buffer. <Sysname> reset logbuffer Related commands display logbuffer security-logfile save Use security-logfile save to manually save security logs from the security log file buffer to the security log file.
Examples # Manually save the security logs in the security log file buffer to the security log file. <Sysname> security-logfile save The contents in the security log file buffer have been saved to the file flash:/seclog/seclog.log. Related commands info-center security-logfile directory authorization-attribute (Security Command Reference) snmp-agent trap enable syslog Use snmp-agent trap enable syslog to enable SNMP notifications for log messages.
terminal debugging Use terminal debugging to enable the display of debug information on the current terminal. Use undo terminal debugging to disable the display of debug information on the current terminal. Syntax terminal debugging undo terminal debugging Default The display of debug information is disabled on the current terminal. Views User view Predefined user roles...
Examples # Enable the display of debug information on the current terminal. <Sysname> terminal debugging The current terminal is enabled to display debugging information. Related commands terminal logging level terminal monitor terminal logging level Use terminal logging level to set the lowest level of logs that can be output to the current terminal. Use undo terminal logging level to restore the default.
terminal monitor Use terminal monitor to enable the monitoring of logs on the current terminal. Use undo terminal monitor to disable the monitoring of logs on the current terminal. Syntax terminal monitor undo terminal monitor Default Monitoring of logs is enabled on the console and disabled on the monitor terminal. Views User view Predefined user roles...
Field Description Load balancing status for flow log entries: • Enabled—Flow log entries are distributed Log load balancing function among available log hosts. • Disabled—Every flow log entry is copied and sent to all available log hosts. Whether the use of the local time in the timestamp of Local time stamp flow logs is enabled or disabled..
undo userlog flow export load-balancing Default Load balancing is disabled. The device sends a copy of each flow log entry to all available log hosts. Views System view Predefined user roles network-admin Usage guidelines In load balancing mode, flow log entries are distributed among log hosts based on the source IP addresses (before NAT) that are recorded in the entries.
Examples # Specify 1.2.1.2 as the source IP address for flow log packets. <Sysname> system-view [Sysname] userlog flow export source-ip 1.2.1.2 Related commands userlog flow export host userlog flow export timestamp localtime Use userlog flow export timestamp localtime to configure the device to use the local time in the timestamp of flow logs.
Syntax userlog flow export version version-number undo userlog flow export version Default The flow log version is 1.0. Views System view Predefined user roles network-admin Parameters version-number: Specifies a flow log version. Available options are 1 and 3. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect.
Page 527
Usage guidelines You can export flow log entries to log hosts or the information center, but not both. If both methods are configured, the system exports flow log entries to the information center. Flow log entries are converted to the syslog format when they are exported to the information center. Their severity level is informational.
Packet capture commands The term "AP" in this document refers to MSR routers that support WLAN. WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). display packet-capture status Use display packet-capture status to display packet capture status information. Syntax display packet-capture status Views User view Predefined user roles...
Related commands packet-capture local interface packet-capture remote interface packet-capture (on wired devices) IMPORTANT: To use the packet capture feature, you must install the feature image by using the boot-loader or install command. For more information about the commands, see Fundamentals Command Reference.
Page 530
range is 0 to 2147483647, and the default value is 10. If you set the limit to 0, the maximum number of captured packets is unlimited. limit-frame-size bytes: Sets the maximum number of bytes to capture for a packet. The value range is 64 to 8000 bytes, and the default value is 8000 bytes.
Page 531
brief: Displays brief information about captured packets. Usage guidelines The device displays captured packet data in real time. • If you specify the write filepath parameters without specifying the raw, brief, or verbose keyword, this command displays the number of captured packets. •...
packet-capture local interface (on wired devices/fat APs) Use packet-capture local interface to capture incoming packets on an interface and save the captured packets to a local file or to a remote file on an FTP server. Syntax packet-capture local interface interface-type interface-number [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write { filepath | url url [ username username [ password { cipher | simple } string ] ] } Views...
Page 533
password: Specifies a password for logging in to the FTP server. cipher: Specifies a password in encrypted form. simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password.
packet-capture read (on wired devices) IMPORTANT: To use the packet capture feature, you must install the feature image by using the boot-loader or install command. For more information about the commands, see Fundamentals Command Reference. Use packet-capture read to display the contents in a packet file. Syntax packet-capture read filepath [ display-filter disp-expression ] [ raw | { brief | verbose } ] * Views...
packet-capture remote interface (on wired devices/fat APs) Use packet-capture remote interface to capture incoming packets on an interface. Syntax packet-capture remote interface interface-type interface-number [ port port ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an Ethernet interface by its type and number. port port: Specifies the RPCAP service port by its number.
Page 536
Views User view Predefined user roles network-admin Examples # Stop the packet capture. <Sysname> packet-capture stop Related commands packet-capture local interface packet-capture remote interface...
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Convention Description An alert that provides helpful information. TIP: Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
Packard Enterprise Support Center. You must have an HP Passport set up with relevant entitlements. Websites Website Link Networking websites Hewlett Packard Enterprise Information Library for www.hpe.com/networking/resourcefinder Networking Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking...
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Index A C D E F H I L M N O P R S T U V W X action,244 data-fill,15 action reboot,313 data-size,16 action switchover,315 debugging,1 action syslog,316 delta falling,247 advantage-factor,14 delta rising,248 apply poe-profile,137 description,18 apply poe-profile interface,138 description (event view),249...
Need help?
Do you have a question about the FlexNetwork MSR954 and is the answer not in the manual?
Questions and answers