HPE FlexNetwork 7500 Series Command Reference Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexNetwork 7500 Series
  6. Command reference manual

HPE FlexNetwork 7500 Series Command Reference Manual

Network management and monitoring
Hide thumbs Also See for FlexNetwork 7500 Series:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
HPE FlexNetwork 7500 Switch Series

Network Management and Monitoring

Command Reference

Part number: 5200-1945a
Software version: 7500-CMW710-R7557P01
Document version: 6W101-20171020

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexNetwork 7500 Series and is the answer not in the manual?

Questions and answers

Related Manuals for HPE FlexNetwork 7500 Series

Summary of Contents for HPE FlexNetwork 7500 Series

  • Page 1: Network Management And Monitoring

    HPE FlexNetwork 7500 Switch Series Network Management and Monitoring Command Reference Part number: 5200-1945a Software version: 7500-CMW710-R7557P01 Document version: 6W101-20171020...
  • Page 2 © Copyright 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Ping, tracert, and system debugging commands ··········································· 1 debugging ·················································································································································· 1 display debugging ······································································································································ 1 ping ···························································································································································· 2 ping ipv6 ····················································································································································· 5 tracert ························································································································································· 7 tracert ipv6 ················································································································································· 9 NQA commands ·························································································· 12 NQA client commands ····································································································································· 12 advantage-factor ······································································································································ 12 codec-type ················································································································································...
  • Page 4 reaction checked-element icpif················································································································· 65 reaction checked-element mos ················································································································ 66 reaction checked-element packet-loss ····································································································· 67 reaction checked-element probe-duration································································································ 68 reaction checked-element probe-fail (for trap) ························································································· 69 reaction checked-element probe-fail (for trigger) ····················································································· 70 reaction checked-element rtt ···················································································································· 71 reaction trap ············································································································································· 73 reaction trigger per-probe ·························································································································...
  • Page 5 ntp-service source ·································································································································· 125 ntp-service unicast-peer ························································································································· 126 ntp-service unicast-server ······················································································································ 128 SNTP commands······················································································· 131 display sntp ipv6 sessions ······················································································································ 131 display sntp sessions ····························································································································· 131 sntp authentication enable ····················································································································· 132 sntp authentication-keyid ······················································································································· 133 sntp enable ············································································································································· 134 sntp ipv6 unicast-server ························································································································· 135 sntp reliable authentication-keyid ···········································································································...
  • Page 6 snmp-agent community-map ·················································································································· 189 snmp-agent context ································································································································ 190 snmp-agent group ·································································································································· 191 snmp-agent local-engineid ····················································································································· 193 snmp-agent log ······································································································································ 194 snmp-agent mib-view ····························································································································· 195 snmp-agent packet max-size ················································································································· 196 snmp-agent port ····································································································································· 196 snmp-agent remote ································································································································ 197 snmp-agent sys-info contact ·················································································································· 198 snmp-agent sys-info location ·················································································································...
  • Page 7 event syslog ··········································································································································· 255 event track ·············································································································································· 256 rtm cli-policy ··········································································································································· 257 rtm environment ····································································································································· 258 rtm event syslog buffer-size ··················································································································· 259 rtm scheduler suspend ··························································································································· 260 rtm tcl-policy ··········································································································································· 261 running-time ··········································································································································· 262 user-role ················································································································································· 262 Process monitoring and maintenance commands ······································ 264 display exception context ·······················································································································...
  • Page 8 NetStream commands ··············································································· 331 display ip netstream cache ····················································································································· 331 display ip netstream export ···················································································································· 336 display ip netstream template ················································································································ 338 enable ···················································································································································· 340 ip netstream ··········································································································································· 341 ip netstream aggregation ······················································································································· 341 ip netstream aggregation advanced ······································································································· 343 ip netstream export host ·························································································································...
  • Page 9 info-center enable ·································································································································· 387 info-center format ··································································································································· 387 info-center logbuffer ······························································································································· 388 info-center logbuffer size ························································································································ 389 info-center logfile directory ····················································································································· 389 info-center logfile enable ························································································································ 390 info-center logfile frequency ··················································································································· 391 info-center logfile overwrite-protection ··································································································· 391 info-center logfile size-quota ·················································································································· 392 info-center logging suppress duplicates ·································································································...
  • Page 10 vcf-fabric underlay pause ······················································································································· 437 CWMP commands ····················································································· 438 cwmp ······················································································································································ 438 cwmp acs default password ··················································································································· 438 cwmp acs default url ······························································································································ 439 cwmp acs default username ·················································································································· 440 cwmp acs password ······························································································································· 440 cwmp acs url ·········································································································································· 441 cwmp acs username ······························································································································...

  • Page 11: Ping, Tracert, And System Debugging Commands

    Ping, tracert, and system debugging commands debugging Use debugging to enable debugging for a module. Use undo debugging to disable debugging for a module or for all modules. Syntax debugging module-name [ option ] undo debugging { all | module-name [ option ] } Default Debugging is disabled for all modules.

  • Page 12: Ping

    Syntax display debugging [ module-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters module-name: Specifies a module by its name. For a list of supported modules, use the display debugging ? command. If you do not specify a module name, this command displays the enabled debugging features for all modules.
  • Page 13 -i interface-type interface-number: Specifies the source interface for ICMP echo requests. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMP echo requests. -m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200.
  • Page 14 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms # Test whether the device with an IP address of 1.1.2.2 in VPN instance vpn1 is reachable. <Sysname> ping -vpn-instance vpn1 1.1.2.2 Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break 56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms 56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms 56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms...

  • Page 15: Ping Ipv6

    Field Description Received ICMP echo replies from the device whose IP address is 1.1.2.2. If no echo reply is received within the timeout period, no information is displayed. • bytes—Number of bytes in the ICMP echo reply. 56 bytes from 1.1.2.2: icmp_seq=0 •...
  • Page 16 -s packet-size: Specifies the length (in bytes) of ICMPv6 echo requests (excluding the IPv6 packet header and the ICMPv6 packet header). The value range is 20 to 8100, and the default is 56. -t timeout: Specifies the timeout time (in milliseconds) of an ICMPv6 echo reply. The value range is 0 to 65535, and the default is 2000.

  • Page 17: Tracert

    --- Ping6 statistics for 2001::2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms Table 2 Command output Field Description Ping6(56 data bytes) An ICMPv6 echo reply with a data length of 56 bytes is sent from 2001::1 to 2001::2.
  • Page 18 -p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434. If the destination address is an EID address at a remote LISP site, specify a port number in the range of 33434 to 65535. -q packet-number: Specifies the number of probe packets to send per hop.

  • Page 19: Tracert Ipv6

    1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms 1.1.2.2 (1.1.2.2) 580 ms 470 ms 80 ms 1.1.3.2 (1.1.3.2) [AS 65535] 530 ms 472 ms 380 ms # Trace the path to destination (192.168.0.46) over an MPLS network. <Sysname> tracert 192.168.0.46 traceroute to 192.168.0.46(192.168.0.46), 30 hops at most, 40 bytes each packet, press CTRL_C to break 192.0.2.13 (192.0.2.13)
  • Page 20 Views Any view Predefined user roles network-admin mdc-admin Parameters -f first-hop: Specifies the TTL value of the first packet. The value range is 1 to 255, and the default is 1. The value must be no greater than the value of the max-hops argument. -m max-hops: Specifies the maximum number of hops allowed for a packet.
  • Page 21 Examples # Display the path that the packets traverse from source to destination (2001:3::2). <Sysname> tracert ipv6 2001:3::2 traceroute to 2001:3::2(2001:3::2), 30 hops at most, 60 byte packets, press CTRL_C to break 2001:1::2 0.661 ms 0.618 ms 0.579 ms 2001:2::2 [AS 100] 0.861 ms 0.718 ms 0.679 ms...

  • Page 22: Nqa Commands

    NQA commands NQA client commands advantage-factor Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values. Use undo advantage-factor to restore the default. Syntax advantage-factor factor undo advantage-factor Default The advantage factor is 0.

  • Page 23: Community Read

    Default The codec type for the voice operation is G.711 A-law. Views Voice operation view Predefined user roles network-admin mdc-admin Parameters g711a: Specifies G.711 A-law codec type. g711u: Specifies G.711 µ-law codec type g729a: Specifies G.729 A-law codec type. Examples # Set the codec type to g729a for the voice operation.

  • Page 24: Data-Fill

    • The SNMP operation uses the SNMPv1 or SNMPv2c agent. • The SNMPv1 or SNMPv2c agent is configured with a read-only or read-write community name. The specified community name must be the same as the community name configured on the SNMP agent.

  • Page 25: Data-Size

    • For the voice operation, the first 16 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload. • For the path jitter operation, the first four bytes of the payload of an ICMP echo request are for special purpose.

  • Page 26: Description

    mdc-admin Parameters size: Specifies the payload size. Available value ranges include: • 20 to 65507 bytes for the ICMP echo, UDP echo, or UDP tracert operation. • 68 to 65507 bytes for the UDP jitter or path jitter operation. • 16 to 65507 bytes for the voice operation.

  • Page 27: Destination Host

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] description icmp-probe # In ICMP template view, configure the description as icmp-probe for the NQA operation. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] description icmp-probe destination host Use destination host to configure the destination host name for the operation. Use undo destination host to restore the default.

  • Page 28: Destination Ipv6

    Default No destination IPv4 address is configured for an operation. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view UDP tracert operation view ICMP jitter/path jitter/UDP jitter/voice operation view DNS/ICMP/RADIUS/SSL/TCP/TCP half open/UDP template view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the destination IPv4 address for the operation.

  • Page 29: Destination Port

    Parameters ipv6-address: Specifies the destination IPv6 address for the operation. IPv6 link-local addresses are not supported. Examples # Specify 1::1 as the destination IPv6 address for the ICMP echo operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] destination ipv6 1::1 # In ICMP template view, specify 1::1 as the destination IPv6 address for the operation.

  • Page 30: Display Nqa History

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-echo [Sysname-nqa-admin-test-udp-echo] destination port 9000 # In TCP template view, set the destination port number to 9000 for the NQA operation. <Sysname> system-view [Sysname] nqa template tcp tcptplt [Sysname-nqatplt-tcp-tcptplt] destination port 9000 display nqa history Use display nqa history to display the history records of NQA operations.

  • Page 31: Display Nqa Reaction Counters

    3.1.1.2 Succeeded 2013-09-09 14:46:03.2 3.1.1.1 Succeeded 2013-09-09 14:46:02.2 3.1.1.1 Succeeded 2013-09-09 14:46:01.2 # Display the history records of the NQA operation with administrator name administrator and operation tag test. <Sysname> display nqa history administrator test NQA entry (admin administrator, tag test) history records: Index Response Status...
  • Page 32 mdc-operator Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).

  • Page 33: Display Nqa Result

    Monitored Threshold Collect data in Checked Num Over-threshold Num performance type metric average Number of probes with Probes after the Number of consecutive duration exceeding the operation starts. completed probes. threshold. Probes after the Number of accumulate Number of probe failures. operation starts.
  • Page 34 Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
  • Page 35 Negative SD sum: 1 Negative DS sum: 2 Negative SD average: 1 Negative DS average: 2 Negative SD square-sum: 1 Negative DS square-sum: 4 One way results: Max SD delay: 1 Max DS delay: 2 Min SD delay: 1 Min DS delay: 2 Number of SD delay: 1 Number of DS delay: 1 Sum of SD delay: 1...
  • Page 36 # Display the most recent result of the voice operation with administrator name admin and operation tag test. <Sysname> display nqa result admin test NQA entry (admin admin, tag test) test results: Send operation times: 1000 Receive response times: 0 Min/Max/Average round trip time: 0/0/0 Square-Sum of round trip time: 0 Last packet received time: 0-00-00 00:00:00.0...
  • Page 37 Extended Results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Path-Jitter Results: Jitter number: 9 Min/Max/Average jitter: 0/0/0 Positive jitter number: 0 Min/Max/Average positive jitter: 0/0/0 Sum/Square-Sum positive jitter: 0/0...
  • Page 38 Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 UDP-tracert results: Hop IP Time 3.1.1.1 2013-09-09 14:23:24.5 4.1.1.1 2013-09-09 14:23:24.5 Table 10 Command output Field Description Data collecting in progress The operation is in progress. Send operation times Number of operations.
  • Page 39 Field Description Positive DS number Number of positive jitters from destination to source. Positive SD sum Sum of positive jitters from source to destination. Positive DS sum Sum of positive jitters from destination to source. Positive SD average Average positive jitters from source to destination. Positive DS average Average positive jitters from destination to source.

  • Page 40: Display Nqa Statistics

    Field Description DS lost packets Number of lost packets from the destination to the source. Lost packets for unknown reason Number of lost packets for unknown reasons. Voice parameters. Voice scores This field is available only for the voice operation. MOS value MOS value calculated for the voice operation.
  • Page 41 network-operator mdc-admin mdc-operator Parameters admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
  • Page 42 Extended results: Packet loss ratio: 0% Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 ICMP-jitter results: RTT number: 1560 Min positive SD: 1 Min positive DS: 1 Max positive SD: 1 Max positive DS: 2...
  • Page 43 Failures due to timeout: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 UDP-jitter results: RTT number: 550 Min positive SD: 1 Min positive DS: 1 Max positive SD: 7 Max positive DS: 1 Positive SD number: 220 Positive DS number: 97...
  • Page 44 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Voice results: RTT number: 10 Min positive SD: 3 Min positive DS: 1 Max positive SD: 10 Max positive DS: 1 Positive SD number: 3 Positive DS number: 2 Positive SD sum: 18 Positive DS sum: 2...
  • Page 45 Failures due to other errors: 0 Packets out of sequence: 0 Packets arrived late: 0 Path-Jitter Results: Jitter number: 9 Min/Max/Average jitter: 0/0/0 Positive jitter number: 0 Min/Max/Average positive jitter: 0/0/0 Sum/Square-Sum positive jitter: 0/0 Negative jitter number: 0 Min/Max/Average negative jitter: 0/0/0 Sum/Square-Sum negative jitter: 0/0 Hop IP 192.168.50.209 Basic Results:...
  • Page 46 Field Description Failures due to disconnect Number of disconnections by the peer. Failures due to no connection Number of failures to connect with the peer. Failures due to internal error Number of failures due to internal errors. Failures due to other errors Failures due to other errors.
  • Page 47 Field Description Average absolute value of negative jitters from source to Negative SD average destination. Average absolute value of negative jitters from destination to Negative DS average source. Negative SD square-sum Square sum of negative jitters from source to destination. Negative DS square-sum Square sum of negative jitters from destination to source.
  • Page 48 Field Description Path jitter operation results. Path-jitter results This field is available only for the path jitter operation. Number of jitters. Jitter number This field is available only for the path jitter operation. Minimum/maximum/average positive jitter in milliseconds. Min/Max/Average jitter This field is available only for the path jitter operation.

  • Page 49: Expect Data

    Monitored Threshold Collect data in Checked Num Over-threshold Num performance type metric Packets sent in Number of packets of Number of sent accumulate the counting which the one-way jitter packets. jitter-DS/jitter-SD interval. exceeds the threshold. average Packets sent in Number of packets of Number of sent OWD-DS/OWD-SD the counting...

  • Page 50: Expect Ip

    second round if no offset is specified. It verifies the NQA destination as illegal directly if no match is found for the first round. Expected data check takes place in the following conditions: • For features that use the HTTP or HTTPS template, the NQA client checks for the expected data if the response contains the Content-Length header.

  • Page 51: Expect Status

    Use undo expect ipv6 to restore the default. Syntax expect ipv6 ipv6-address undo expect ipv6 Default No expected IPv6 address is specified. Views DNS template view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the expected IPv6 address for a DNS echo request. Usage guidelines During a DNS operation, the NQA client compares the expected IPv6 address with the IPv6 address resolved by the DNS server.

  • Page 52: Filename

    for both the status-num 1 and status-num 2 arguments are 0 to 999. The value for the status-num 2 argument must be equal to or greater than the value for the status-num 1 argument. Usage guidelines The status code of the HTTP or HTTPS packet is a three-digit field in decimal notation, and the code includes the server status information.

  • Page 53: Frequency

    frequency Use frequency to specify the interval at which the NQA operation repeats. Use undo frequency to restore the default. Syntax frequency interval undo frequency Default In NQA operation view, the interval between two consecutive voice or path jitter operations is 60000 milliseconds.

  • Page 54: History-Record Keep-Time

    Syntax history-record enable undo history-record enable Default The saving of history records is enabled only for the UDP tracert operation. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view UDP tracert operation view Predefined user roles network-admin mdc-admin Usage guidelines To display the history records of the NQA operation, use the display nqa history command.

  • Page 55: History-Record Number

    Parameters keep-time: Specifies how long the history records can be saved. The value range is 1 to 1440 minutes. Usage guidelines When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached. Examples # Set the lifetime of the history records to 100 minutes for the ICMP echo operation. <Sysname>...

  • Page 56: Init-Ttl

    init-ttl Use init-ttl to set the TTL value for UDP packets in the start round of the UDP tracert operation. Use undo init-ttl to restore the default. Syntax init-ttl value undo init-ttl Default The NQA client sends a UDP packet with the TTL value 1 to start the UDP tracert operation. Views UDP tracert operation view Predefined user roles...

  • Page 57: Lsr-Path

    string: Specifies the shared key string. Its plaintext form is a case-sensitive string of 1 to 64 characters. Its encrypted form is a case-sensitive string of 1 to 117 characters. Usage guidelines Make sure the NQA client and the RADIUS server have the same shared key. Examples # In RADIUS template view, set the shared key to abc in plain text for secure RADIUS authentication.

  • Page 58: Mode

    Use undo max-failure to restore the default. Syntax max-failure times undo max-failure Default A UDP tracert operation stops and fails when it detects five consecutive probe failures. Views UDP tracert operation view Predefined user roles network-admin mdc-admin Parameters times: Specifies the maximum number in the range of 0 to 255. When this argument is set to 0 or 255, the UDP tracert operation does not stop when consecutive probe failures occur.

  • Page 59: Next-Hop Ip

    passive: Sets the data transmission mode to passive. The FTP client initiates a connection request. Examples # Set the data transmission mode to passive for the FTP operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] mode passive # In FTP template view, set the data transmission mode to passive for the FTP operation.

  • Page 60: No-Fragment Enable

    Syntax next-hop ipv6 ipv6-address undo next-hop ipv6 Default No next hop IPv6 address is specified for probe packets. Views ICMP echo operation view ICMP/TCP half open template view Predefined user roles network-admin mdc-admin Parameters ipv6-address: Specifies the IPv6 address of the next hop. IPv6 link-local addresses are not supported.

  • Page 61: Nqa

    You can use this command to test the path MTU of a link. Examples # Enable the no-fragmentation feature for the UDP tracert operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-tracert [Sysname-nqa-admin-test-udp-tracert] no-fragment enable Use nqa to create an NQA operation and enter its view, or enter the view of an existing NQA operation.

  • Page 62: Nqa Schedule

    Default The NQA client is enabled. Views System view Predefined user roles network-admin mdc-admin Examples # Enable the NQA client. <Sysname> system-view [Sysname] nqa agent enable Related commands nqa server enable nqa schedule Use nqa schedule to configure scheduling parameters for an NQA operation. Use undo nqa schedule to stop the operation.

  • Page 63: Nqa Template

    lifetime: Specifies the duration of an operation in seconds. The value range is 1 to 2147483647. forever: Performs the operation until you stop it by using the undo nqa schedule command. recurring: Runs the operation automatically at the start time and for the specified duration. If you do not specify this keyword, the NQA operation is performed only once at the specified date and time.

  • Page 64: Operation (Ftp Operation View)

    https: Specifies the HTTPS template. icmp: Specifies the ICMP template. radius: Specifies the RADIUS template. ssl: Specifies the SSL template. tcp: Specifies the TCP template. tcphalfopen: Specifies the TCP half open template. udp: Specifies the UDP template. name: Specifies the name of the NQA template, a case-insensitive string of 1 to 32 characters. Examples # Create an ICMP template named icmptplt, and enter its view.

  • Page 65: Operation (Http/Https Operation View)

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] operation put # In FTP template view, set the operation type to put for the FTP operation. <Sysname> system-view [Sysname] nqa template ftp ftptplt [Sysname-nqatplt-ftp-ftptplt] operation put Related commands password username operation (HTTP/HTTPS operation view)

  • Page 66: Out Interface

    [Sysname-nqa-admin-test-http] operation raw # In HTTP template view, set the operation type to raw for the HTTP operation. <Sysname> system-view [Sysname] nqa template http httptplt [Sysname-nqatplt-http-httptplt] operation raw Related commands password raw-request username out interface Use out interface to specify the output interface for probe packets. Use undo out interface to restore the default.

  • Page 67: Password

    password Use password to specify a password. Use undo password to restore the default. Syntax password { cipher | simple } string undo password Default No password is specified. Views FTP/HTTP operation view FTP/HTTP/HTTPS/RADIUS template view Predefined user roles network-admin mdc-admin Parameters cipher: Specifies a password in encrypted form.
  • Page 68 Use undo probe count to restore the default. Syntax probe count times undo probe count Default In an UDP tracert operation, the NQA client sends three probe packets to each hop along the path. In other types of operations, the NQA client performs one probe to the destination per operation. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view...

  • Page 69: Probe Packet-Interval

    This command is not available for the voice or path jitter operations. Each of these operations performs only one probe. Examples # Configure the ICMP echo operation to perform 10 probes. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] probe count 10 probe packet-interval Use probe packet-interval to configure the packet sending interval in the probe.

  • Page 70: Probe Packet-Timeout

    Views ICMP jitter/path jitter/UDP jitter/voice operation view Predefined user roles network-admin mdc-admin Parameters packet-number: Specifies the number of packets to be sent per probe. Available value ranges include: • 10 to 1000 for the ICMP jitter, UDP jitter, and path jitter operations. •...

  • Page 71: Probe Timeout

    probe timeout Use probe timeout to set the probe timeout time. Use undo probe timeout to restore the default. Syntax probe timeout timeout undo probe timeout Default The timeout time of a probe is 3000 milliseconds. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view UDP tracert operation view Any NQA template view...

  • Page 72: Reaction Checked-Element { Jitter-Ds | Jitter-Sd

    Syntax raw-request undo raw-request Default The contents of an HTTP or HTTPS raw request are not specified. Views HTTP operation view HTTP/HTTPS template view Predefined user roles network-admin mdc-admin Usage guidelines This command places you in raw request view and deletes the previously configured request content. To ensure successful operations, make sure the request content is in the correct format.
  • Page 73 Views ICMP jitter/UDP jitter/voice operation view Predefined user roles network-admin mdc-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).

  • Page 74: Reaction Checked-Element { Owd-Ds | Owd-Sd

    of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] reaction 2 checked-element jitter-ds threshold-type accumulate 100 threshold-value 50 5 action-type trap-only reaction checked-element { owd-ds | owd-sd } Use reaction checked-element { owd-ds | owd-sd } to configure a reaction entry for monitoring the...

  • Page 75: Reaction Checked-Element Icpif

    reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element owd-ds threshold-value 50 reaction checked-element icpif...

  • Page 76: Reaction Checked-Element Mos

    [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type voice [Sysname-nqa-admin-test-voice] reaction 1 checked-element icpif threshold-value 50 5 action-type trap-only reaction checked-element mos Use reaction checked-element mos to configure a reaction entry for monitoring the MOS value in the voice operation. Use undo reaction to delete a reaction entry. Syntax reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]...

  • Page 77: Reaction Checked-Element Packet-Loss

    [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type voice [Sysname-nqa-admin-test-voice] reaction 1 checked-element mos threshold-value 200 100 action-type trap-only reaction checked-element packet-loss Use reaction checked-element packet-loss to configure a reaction entry for monitoring packet loss in UDP jitter or voice operation. Use undo reaction to delete a reaction entry.

  • Page 78: Reaction Checked-Element Probe-Duration

    reaction checked-element probe-duration Use reaction checked-element probe-duration to configure a reaction entry for monitoring the probe duration. Use undo reaction to delete a reaction entry. Syntax reaction item-number checked-element probe-duration threshold-type accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] undo reaction item-number Default...

  • Page 79: Reaction Checked-Element Probe-Fail (For Trap)

    the state of the reaction entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-duration threshold-type average threshold-value 50 5 action-type trap-only # Create reaction entry 2 for monitoring the probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds.

  • Page 80: Reaction Checked-Element Probe-Fail (For Trigger)

    Predefined user roles network-admin mdc-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-type: Specifies a threshold type. accumulate accumulate-occurrences: Checks the total number of probe failures. The value range is 1 to 15. consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures.

  • Page 81: Reaction Checked-Element Rtt

    undo reaction item-number Default No reaction entries for monitoring probe failures exist. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view Predefined user roles network-admin mdc-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-type: Specifies a threshold type.
  • Page 82 Views ICMP jitter/UDP jitter/voice operation view Predefined user roles network-admin mdc-admin Parameters item-number: Assigns an ID to the reaction entry, in the range of 1 to 10. threshold-type: Specifies a threshold type. accumulate accumulate-occurrences: Checks the total number of threshold violations. Available value ranges include: •...

  • Page 83: Reaction Trap

    [Sysname-nqa-admin-test] type udp-jitter [Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type accumulate 100 threshold-value 50 5 action-type trap-only reaction trap Use reaction trap to configure the sending of traps to the NMS under specific conditions. Use undo reaction trap to restore the default. Syntax reaction trap { path-change | probe-failure consecutive-probe-failures | test-complete | test-failure [ accumulate-probe-failures ] }...

  • Page 84: Reaction Trigger Per-Probe

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] reaction trap probe-failure 5 reaction trigger per-probe Use reaction trigger per-probe to configure the probe result sending on a per-probe basis. Use undo reaction trigger per-probe to restore the default. Syntax reaction trigger per-probe undo reaction trigger per-probe...

  • Page 85: Reaction Trigger Probe-Pass

    undo reaction trigger probe-fail Default The NQA client notifies the feature of the operation failure when the number of consecutive probe failures reaches 3. Views Any NQA template view Predefined user roles network-admin mdc-admin Parameters count: Specifies the number of consecutive probe failures, in the range of 1 to 15. Usage guidelines If the number of consecutive probe failures is reached, the NQA client notifies the feature that uses the NQA template of the operation failure.

  • Page 86: Resolve-Target

    Parameters count: Specifies the number of consecutive successful probes, in the range of 1 to 15. Usage guidelines If number of consecutive successful probes is reached, the NQA client notifies the feature that uses the template of the successful operation event. If you execute this command and the reaction trigger per-probe command multiple times, the most configuration takes effect.

  • Page 87: Resolve-Type

    <Sysname> system-view [Sysname] nqa template dns dnstplt [Sysname-nqatplt-dns-dnstplt] resolve-target domain1 resolve-type Use resolve-type to configure the domain name resolution type. Use undo resolve-type to restore the default. Syntax resolve-type { A | AAAA } undo resolve-type Default The domain name resolution type is type A. Views DNS template view Predefined user roles...

  • Page 88: Source Interface (Icmp Echo/Udp Tracert Operation View)

    ICMP jitter/UDP jitter/voice operation view Predefined user roles network-admin mdc-admin Usage guidelines When the routing table bypass feature is enabled, the following events occur: • The routing table is not searched. Packets are sent to the destination on a directly connected network.

  • Page 89: Source Ip

    Examples # Specify the IP address of the interface VLAN-interface 1 as the source IP address of ICMP echo request packets. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] source interface vlan-interface 1 # In ICMP template view, specify the IP address of the interface VLAN-interface 1 as the source IP address of ICMP echo request packets.

  • Page 90: Source Ipv6

    Examples # Specify 10.1.1.1 as the source IPv4 address for ICMP echo requests. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] source ip 10.1.1.1 # In ICMP template view, specify 10.1.1.1 as the source IPv4 address for ICMP echo requests. <Sysname>...

  • Page 91: Source Port

    [Sysname-nqa-admin-test-icmp-echo] source ipv6 1::1 # In ICMP template view, specify 1::1 as the source IPv6 address for ICMP echo requests. <Sysname> system-view [Sysname] nqa template icmp icmptplt [Sysname-nqatplt-icmp-icmptplt] source ipv6 1::1 Related commands source interface source port Use source port to configure the source port number for probe packets. Use undo source port to restore the default.

  • Page 92: Statistics Hold-Time

    Use undo ssl-client-policy to restore the default. Syntax ssl-client-policy policy-name undo ssl-client-policy Default No SSL client policy is specified for an HTTPS or SSL template. Views HTTPS/SSL template view Predefined user roles network-admin mdc-admin Parameters policy-name: Specifies an SSL client policy by its name, a case-insensitive string of 1 to 31 characters.

  • Page 93: Statistics Interval

    Usage guidelines A statistics group is deleted when its hold time expires. Examples # Set the hold time to 3 minutes for statistics groups of the ICMP echo operation. <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] statistics hold-time 3 statistics interval Use statistics interval to set the statistics collection interval for an NQA operation.

  • Page 94: Target-Only

    Syntax statistics max-group number undo statistics max-group Default A maximum of two statistics groups can be saved. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view ICMP jitter/path jitter/UDP jitter/voice operation view Predefined user roles network-admin mdc-admin Parameters number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.

  • Page 95: Tos

    <Sysname> system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type path-jitter [Sysname-nqa-admin-test-path-jitter] target-only Use tos to set the ToS value in the IP header for probe packets. Use undo tos to restore the default. Syntax tos value undo tos Default The ToS value in the IP header of probe packets is 0. Views Any operation view Any NQA template view...

  • Page 96: Type

    Views ICMP echo/TCP/UDP echo operation view DLSw/DNS/FTP/HTTP/SNMP operation view UDP tracert operation view ICMP jitter/UDP jitter/voice operation view Any NQA template view Predefined user roles network-admin mdc-admin Parameters value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255.

  • Page 97: Url

    Parameters dhcp: Specifies the DHCP operation type. dlsw: Specifies the DLSw operation type. dns: Specifies the DNS operation type. ftp: Specifies the FTP operation type. http: Specifies the HTTP operation type. icmp-echo: Specifies the ICMP echo operation type. icmp-jitter: Specifies the ICMP jitter operation type. path-jitter: Specifies the path jitter operation type.

  • Page 98: Username

    Operation URL format Parameter description http://host/resource The host parameter represents the host name of the HTTP operation destination server. The host name is a dot-separated http://host:port/resource case-sensitive string including letters, digits, hyphens (-), and underscores (_). Host names are composed https://host/resource HTTPS operation of series of labels, aabbcc.com for example.

  • Page 99: Version

    [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] username administrator # Set the FTP login username to administrator in FTP template view. <Sysname> system-view [Sysname] nqa template ftp ftptplt [Sysname-nqatplt-ftp-ftptplt] username administrator Related commands operation password version Use version to specify the version used in the HTTP or HTTPS operation. Use undo version to restore the default.

  • Page 100: Nqa Server Commands

    Default The operation applies to the public network. Views ICMP echo/TCP/UDP echo operation view DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view UDP tracert operation view ICMP jitter/path jitter/UDP jitter/voice operation view Any NQA template view Predefined user roles network-admin mdc-admin Parameters vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

  • Page 101: Nqa Server Enable

    network-operator mdc-admin mdc-operator Examples # Display NQA server status. <Sysname> display nqa server NQA server status: Enabled TCP connect: IP address Port VPN instance 2.2.2.2 2000 UDP echo: IP address Port VPN instance 3.3.3.3 3000 Table 14 Command output Field Description NQA server status Whether the NQA server is enabled.

  • Page 102: Nqa Server Tcp-Connect

    Predefined user roles network-admin mdc-admin Examples # Enable the NQA server. <Sysname> system-view [Sysname] nqa server enable Related commands display nqa server nqa server tcp-connect nqa server udp-echo nqa server tcp-connect Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen to a port on an IP address.

  • Page 103: Nqa Server Udp-Echo

    • To ensure successful NQA operations and avoid affecting existing services, do not configure the TCP listening service on well-known ports from 1 to 1023. Examples # Configure a TCP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.
  • Page 104 Examples # Configure a UDP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2. <Sysname> system-view [Sysname] nqa server udp-echo 169.254.10.2 9000 Related commands display nqa server nqa server enable...

  • Page 105: Ntp Commands

    NTP commands NTP is supported on the following Layer 3 interfaces: • Layer 3 Ethernet interfaces. • Layer 3 Ethernet subinterfaces. • Layer 3 aggregate interfaces. • Layer 3 aggregate subinterfaces. • VLAN interfaces. • Tunnel interfaces. display ntp-service ipv6 sessions Use display ntp-service ipv6 sessions to display information about all IPv6 NTP associations.
  • Page 106 Table 15 Command output Field Description • 1—Clock source selected by the system (the current reference source). • 2—The stratum level of the clock source is less than or equal to 15. • 3—The clock source has survived the clock selection algorithm. [12345] •...
  • Page 107 Session ID: 36144 Clock stratum: 16 Clock status: configured, insane, valid, unsynced Reference clock ID: INIT VPN instance: Not specified Local mode: sym_active, local poll interval: 6 Peer mode: unspec, peer poll interval: 10 Offset: 0.0000ms, roundtrip delay: 0.0000ms, dispersion: 15937ms Root roundtrip delay: 0.0000ms, root dispersion: 0.0000ms Reachabilities:0, sync distance: 15.938...
  • Page 108 Field Description • If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: When the value of the Clock stratum field is 0 or 1, this field displays ...

  • Page 109: Display Ntp-Service Sessions

    Field Description Source interface. source interface If the source interface is not specified, this field displays Not specified. Reftime Reference timestamp in the NTP message. Orgtime Originate timestamp in the NTP message. Rcvtime Receive timestamp in the NTP message. Xmttime Transmit timestamp in the NTP message.
  • Page 110 Total sessions: 1 Table 17 Command output Field Description • When the reference clock is the local clock, the field displays LOCAL (number). It indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3.
  • Page 111 Clock source: 192.168.1.40 Session ID: 35888 Clock stratum: 2 Clock status: configured, master, sane, valid Reference clock ID: 127.127.1.0 VPN instance: Not specified Local mode: client, local poll interval: 6 Peer mode: server, peer poll interval: 6 Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms Reachabilities:31, sync distance: 0.0194 Precision: 2^18, version: 3, source interface: Not specified...
  • Page 112 Field Description Reference clock ID of the NTP server: • If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: When the value of the Clock stratum field is 0 or 1, this field displays ...

  • Page 113: Display Ntp-Service Status

    Field Description version NTP version in the range of 1 to 4. Source interface. source interface If the source interface is not specified, this field is Not specified. Reftime Reference timestamp in the NTP message. Orgtime Originate timestamp in the NTP message. Rcvtime Receive timestamp in the NTP message.
  • Page 114 System poll interval: 256 s # Display the NTP service status when time is not synchronized. <Sysname> display ntp-service status Clock status: unsynchronized Clock stratum: 16 Reference clock ID: none Clock jitter: 0.000000 s Stability: 0.000 pps Clock precision: 2^-18 Clock precision: Root delay: 0.00000 ms Root dispersion: 0.00002 ms...

  • Page 115: Display Ntp-Service Trace

    Field Description Alarming status: • 00—Normal. • 01—Leap second, indicates that the last minute in a day has 61 seconds. Leap indicator • 10—Leap second, indicates that the last minute in a day has 59 seconds. • 11—Time is not synchronized. Clock jitter Difference between the system clock and reference clock, in seconds.

  • Page 116: Ntp-Service Acl

    Server 127.0.0.1 Stratum 3, jitter 0.000, synch distance 0.0000. Server 3000::32 Stratum 2 , jitter 790.00, synch distance 0.0000. RefID 127.127.1.0 The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock. Table 20 Command output Field Description...

  • Page 117: Ntp-Service Authentication Enable

    Parameters peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device. query: Allows only NTP control queries from a peer device to the local device. server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.

  • Page 118: Ntp-Service Authentication-Keyid

    undo ntp-service authentication enable Default NTP authentication is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are synchronized only to authenticated NTP servers. To authenticate an NTP server, set an authentication key and specify it as a trusted key.
  • Page 119 • hmac-sha-384: Specifies the HMAC-SHA-384 algorithm. • hmac-sha-512: Specifies the HMAC-SHA-512 algorithm. • md5: Specifies the MD5 algorithm. cipher: Specifies an authentication key in encrypted form. simple: Specifies an authentication key in plaintext form. For security purposes, the authentication key specified in plaintext form will be stored in encrypted form. string: Specifies a case-sensitive authentication key.

  • Page 120: Ntp-Service Broadcast-Client

    ntp-service broadcast-client Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets. Use undo ntp-service broadcast-client to remove the configuration. Syntax ntp-service broadcast-client undo ntp-service broadcast-client Default The device does not operate in any NTP association mode.

  • Page 121: Ntp-Service Dscp

    Predefined user roles network-admin mdc-admin Parameters authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication. version number: Specifies the NTP version.

  • Page 122: Ntp-Service Enable

    Examples # Set the DSCP value for IPv4 NTP packets to 30. <Sysname> system-view [Sysname] ntp-service dscp 30 ntp-service enable Use ntp-service enable to enable the NTP service. Use undo ntp-service enable to disable the NTP service. Syntax ntp-service enable undo ntp-service enable Default The NTP service is disabled.

  • Page 123: Ntp-Service Ipv6 Acl

    • You do not want the device to be synchronized by the peer device in the subnet corresponding to the interface. Examples # Disable VLAN-interface 1 from receiving NTP messages. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] undo ntp-service inbound enable ntp-service ipv6 acl Use ntp-service ipv6 acl to configure the right for the peer devices to access the IPv6 NTP services of the local device.

  • Page 124: Ntp-Service Ipv6 Dscp

    • If none of the IPv6 ACLs specified for the access rights is created, the peer access right applies. • If none of the IPv6 ACLs specified for the access rights contains rules, no access right is granted. The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is more secure.

  • Page 125: Ntp-Service Ipv6 Inbound Enable

    ntp-service ipv6 inbound enable Use ntp-service ipv6 inbound enable to enable an interface to receive IPv6 NTP messages. Use undo ntp-service ipv6 inbound enable to disable an interface from receiving IPv6 NTP messages. Syntax ntp-service ipv6 inbound enable undo ntp-service ipv6 inbound enable Default An interface receives IPv6 NTP messages.

  • Page 126: Ntp-Service Ipv6 Multicast-Server

    Parameters ipv6-address: Specifies an IPv6 multicast address. An IPv6 broadcast client and an IPv6 broadcast server must be configured with the same multicast address. Usage guidelines After you configure the command, the device listens to IPv6 NTP messages using the specified multicast address as the destination address.

  • Page 127: Ntp-Service Ipv6 Source

    Usage guidelines After you configure the command, the device periodically sends NTP messages to the specified IPv6 multicast address. If you have configured the device to operate in IPv6 multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

  • Page 128: Ntp-Service Ipv6 Unicast-Peer

    • In NTP client/server mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-server command, the specified interface acts as the source interface for IPv6 NTP messages. • In NTP symmetric active/passive mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-peer command, the specified interface acts as the source interface for IPv6 NTP messages.

  • Page 129: Ntp-Service Ipv6 Unicast-Server

    maximum polling interval is in the range of 2 to 2 (16 to 131072) seconds. The default value for the maxpoll-interval argument is 6 and the default maximum polling interval is 2 (64) seconds. minpoll minpoll-interval: Specifies the minimum polling interval. The value range for the minpoll-interval argument is 4 to 17, to which base 2 is raised to get the interval in seconds.
  • Page 130 Syntax ntp-service ipv6 unicast-server server-name ipv6-address vpn-instance vpn-instance-name ] [ authentication-keyid keyid | maxpoll maxpoll-interval | minpoll minpoll-interval | priority | source interface-type interface-number ] * undo ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] Default No IPv6 NTP server is specified.

  • Page 131: Ntp-Service Max-Dynamic-Sessions

    If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server on the public network.

  • Page 132: Ntp-Service Multicast-Client

    Examples # Set the maximum number of dynamic NTP associations to 50. <Sysname> system-view [Sysname] ntp-service max-dynamic-sessions 50 Related commands display ntp-service sessions ntp-service multicast-client Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets. Use undo ntp-service multicast-client to remove the configuration.

  • Page 133: Ntp-Service Refclock-Master

    Use undo ntp-service multicast-server to remove the configuration. Syntax ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] * undo ntp-service multicast-server [ ip-address ] Default The device does not operate in any NTP association mode. Views Interface view Predefined user roles...

  • Page 134: Ntp-Service Reliable Authentication-Keyid

    Syntax ntp-service refclock-master [ ip-address ] [ stratum ] undo ntp-service refclock-master [ ip-address ] Default The device does not use its local clock as the reference clock. Views System view Predefined user roles network-admin mdc-admin Parameters ip-address: IP address of the local clock, 127.127.1.u, where u is the NTP process ID in the range of 0 to 3.

  • Page 135: Ntp-Service Source

    Views System view Predefined user roles network-admin mdc-admin Parameters keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295. Usage guidelines When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.

  • Page 136: Ntp-Service Unicast-Peer

    mdc-admin Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If you specify a source interface for NTP messages, the device uses the primary IP address of the specified interface as the source IP address to send NTP messages. Consequently, the destination address of the NTP response messages is the primary IP address of the source interface.
  • Page 137 Parameters peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters. ip-address: Specifies a symmetric-passive peer by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the symmetric-passive peer belongs.

  • Page 138: Ntp-Service Unicast-Server

    [Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source-interface vlan-interface 1 Related commands ntp-service authentication enable ntp-service authentication-keyid ntp-service reliable authentication-keyid ntp-service unicast-server Use ntp-service unicast-server to specify an NTP server for the device. Use undo ntp-service unicast-server to remove an NTP server specified for the device. Syntax ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | maxpoll maxpoll-interval | minpoll minpoll-interval | priority |...
  • Page 139 type and number. If you do not specify this option, the device searches the routing table for the outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages. version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

  • Page 141: Sntp Commands

    SNTP commands display sntp ipv6 sessions Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations. Syntax display sntp ipv6 sessions Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about all IPv6 SNTP associations. <Sysname>...

  • Page 142: Sntp Authentication Enable

    Syntax display sntp sessions Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about all IPv4 SNTP associations. <Sysname> display sntp sessions SNTP server Stratum Version Last receive time 1.0.1.11 Tue, May 17 2011 9:11:20.833 (Synced) Table 22 Command output Field Description...

  • Page 143: Sntp Authentication-Keyid

    Usage guidelines You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers. To authenticate an NTP server, set an authentication key and specify it as a trusted key. Examples # Enable SNTP authentication.

  • Page 144: Sntp Enable

    acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication. ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

  • Page 145: Sntp Ipv6 Unicast-Server

    Views System view Predefined user roles network-admin mdc-admin Examples # Enable the SNTP service. <Sysname> system-view [Sysname] sntp enable sntp ipv6 unicast-server Use sntp ipv6 unicast-server to specify an IPv6 NTP server for the device. Use undo sntp ipv6 unicast-server to remove the IPv6 NTP server specified for the device. Syntax sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number ] *...

  • Page 146: Sntp Reliable Authentication-Keyid

    Usage guidelines When you specify an IPv6 NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device. To synchronize the PE to a PE or CE in a VPN instance, provide the vpn-instance vpn-instance-name option in your command.

  • Page 147: Sntp Unicast-Server

    Examples # Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey. <Sysname> system-view [Sysname] sntp authentication enable [Sysname] sntp authentication-keyid 37 authentication-mode md5 simple BetterKey # Specify this key as a trusted key. [Sysname] sntp reliable authentication-keyid 37 Related commands sntp authentication-keyid...
  • Page 148 Usage guidelines When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device. To synchronize the PE to a PE or CE in a VPN instance, provide vpn-instance vpn-instance-name in your command.

  • Page 149: Poe Commands

    PoE commands apply poe-profile Use apply poe-profile to apply a PoE profile to a power interface (PI). Use undo apply poe-profile to restore the default. Syntax apply poe-profile { index index | name profile-name } undo apply poe-profile { index index | name profile-name } Default No PoE profile is applied to PIs.

  • Page 150: Display Poe Device

    Predefined user roles network-admin mdc-admin Parameters index index: Specifies a PoE profile by its index number in the range of 1 to 100. name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters. interface-range: Specifies a range of Ethernet interfaces in the form of interface-type interface-number [ to interface-type interface-number ], where interface-type interface-number represents the interface type and interface number.

  • Page 151: Display Poe Interface

    Usage guidelines Only the default MDC supports this command. Examples # Display general PSE information. <Sysname> display poe device PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model LSQ1GV48SD0 Table 23 Command output Field Description PSE ID ID of the PSE. Slot No.
  • Page 152 Power Priority : Critical Oper : On IEEE Class Detection Status : Delivering power Power Mode : Signal Current Power : 11592 Average Power : 11610 Peak Power : 11684 Max Power : 15400 Electric Current : 244 Voltage : 51.7 PD Description : IP Phone For Room 101 Table 24 Command output...
  • Page 153 Field Description Average Power Average power of a PI. Peak Power Peak power of a PI. Max Power Maximum power of a PI. Electric Current Current of a PI. Voltage Voltage of a PI. PD Description Type and location description for the PD connected to the PI. # Display power supplying information for all PIs.

  • Page 154: Display Poe Interface Power

    Field Description Power detection status of a PI: • Disabled—PoE function is disabled. • Searching—The PI is searching for the PD. • Delivering Power—The PI is supplying power for the PD. Detection Status • Fault—A fault occurred during the test. •...

  • Page 155: Display Poe Power-Usage

    GE1/0/6 30.0 IP Phone in Room 809 for Alien --- On State Ports: 3; Used: 23.8(W); Remaining: 776.2(W) --- Table 26 Command output Field Description Interface Interface name of a PI. CurPower Current power of a PI. PeakPower Peak power of a PI. MaxPower Maximum power of a PI.

  • Page 156: Display Poe Pse

    PoE Remaining Allocable Power : 1800 PoE Remaining Guaranteed Power : 2000 Powered PoE Ports Statistics by PSE: PSE ID Current Peak Average Remaining Powered Guaranteed(W) Ports Table 27 Command output Field Description PoE Current Power Total power that has been consumed by PSEs. PoE Max Power Maximum PoE power.
  • Page 157 Parameters pse-id: Specifies a PSE by its ID. If you do not specify a PSE, this command displays detailed PSE information about all PSEs. Usage guidelines Only the default MDC supports this command. Examples # Display detailed PSE information. <Sysname> display poe pse PSE ID Slot NO.

  • Page 158: Display Poe Pse Interface

    Field Description Remaining guaranteed power of the PSE = Maximum guaranteed Remaining Guaranteed Power power of the PSE – Total maximum power of all critical PIs of the PSE. PSE CPLD Version PSE CPLD version number. PSE Software Version PSE software version number. PSE Hardware Version PSE hardware version number.

  • Page 159: Display Poe Pse Interface Power

    GE1/0/5 Enabled Power-limit Delivering Power GE1/0/6 Enabled Power-itself Disabled GE1/0/7 Disabled Fault On State Ports: 2; Used: 8.4(W); Remaining: 171.6 (W) Table 29 Command output Field Description Interface Interface name of a PI. PoE status of a PI: • Enabled. •...

  • Page 160: Display Poe-Power

    Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters pse pse-id: Specifies a PSE by its ID. To display PSE ID and slot mappings, use the display poe device command. Usage guidelines Only the default MDC supports this command. Examples # Display power information for PIs on PSE 4.
  • Page 161 In IRF mode: display poe-power [ chassis chassis-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PoE power supplies and PSEs in the IRF fabric.

  • Page 162: Display Poe-Profile

    Field Description PoE Peak Power Peak PoE power. PoE Max Power Maximum PoE power. PoE Nominal Power Nominal PoE power. PoE Current Electric Current Current PoE current. PoE Current Voltage Current PoE voltage. PoE Lower Input Threshold AC input under-voltage threshold. PoE Upper Input Threshold AC input over-voltage threshold.

  • Page 163: Display Poe-Profile Interface

    Examples # Display information about all PoE profiles. <Sysname> display poe-profile PoE Profile Index ApplyNum Interfaces Configuration forIPphone XGE1/0/1 poe enable XGE1/0/2 poe priority critical XGE1/0/3 XGE1/0/4 forAP XGE1/0/5 poe enable XGE1/0/6 poe max-power 14000 Total PoE profiles: 2, total ports: 6 # Display information about the PoE profile with index number 1.

  • Page 164: Poe Enable

    mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines Only the default MDC supports this command. Examples # Display information about the PoE profile on Ten-GigabitEthernet 1/0/1. <Sysname> display poe-profile interface ten-gigabitethernet 1/0/1 PoEProfile Index ApplyNum Interface Effective configuration...

  • Page 165: Poe Enable Pse

    Related commands display poe interface poe-profile poe enable pse Use poe enable pse to enable PoE for a PSE. Use undo poe enable pse to disable PoE for the PSE. Syntax poe enable pse pse-id undo poe enable pse pse-id Default PoE is disabled on PSEs.

  • Page 166: Poe Max-Power

    Predefined user roles network-admin mdc-admin Parameters pse pse-id: Specifies a PSE by its ID. Usage guidelines Only the default MDC supports this command. Examples # Enable PSE 4 to detect nonstandard PDs. <Sysname> system-view [Sysname] poe legacy enable pse 4 Related commands display poe pse poe max-power...

  • Page 167: Poe Max-Power (System View)

    Related commands poe max-power (system view) poe power max-value poe max-power (system view) Use poe max-power to set the maximum PSE power. Use undo poe max-power to restore the default. Syntax poe pse pse-id max-power max-power undo poe pse pse-id max-power Default The maximum PSE power varies by PSE.

  • Page 168: Poe Pd-Description

    undo poe mode Default The PoE power transmission mode is signal (power over signal cables). Views PI view PoE profile view Predefined user roles network-admin mdc-admin Parameters signal: Specifies the PoE power transmission mode as power over signal cables. The system uses pairs 1, 2, 3, and 6 in the Category 3 or Category 5 twisted pair cable to supply DC power.

  • Page 169: Poe Pd-Policy Priority

    Parameters text: Configures a description for the PD connected to the PI, a case-sensitive string of 1 to 80 characters. Examples # Configure the description for the PD as IP Phone for Room 101. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] poe pd-description IP Phone For Room 101 poe pd-policy priority Use poe pd-policy priority to enable PI power management.

  • Page 170: Poe Priority

    poe power max-value max-power undo poe power max-value In IRF mode: poe power chassis chassis-number max-value max-power undo poe power chassis chassis-number max-value Default The maximum PoE power is the total maximum power of all operating power modules in the power frame.

  • Page 171: Poe Priority (System View)

    PoE profile view Predefined user roles network-admin mdc-admin Parameters critical: Sets the power supply priority to critical. The PI with critical power priority operates in guaranteed mode. Power is first supplied to the PD connected to the critical PI. high: Sets the power supply priority to high. low: Sets the power supply priority to low.

  • Page 172: Poe Pse-Policy Priority

    Predefined user roles network-admin mdc-admin Parameters critical: Sets the power supply priority to critical. The PSE with critical power priority operates in guaranteed mode, and power is supplied to it first. high: Sets the power supply priority to high. low: Sets the power supply priority to low. pse pse-id: Specifies a PSE by its ID.

  • Page 173: Poe Temperature-Protection

    Usage guidelines Only the default MDC supports this command. If PSE power management is disabled, the system does not supply power to new PSEs when PoE power overload occurs. If PSE power management is enabled, the system supplies power based on the PSE priority and PSE ID when a new PSE causes PoE power overload: Priority of the new PoE system operations...

  • Page 174: Poe Update

    • Disables PoE on all ports when the temperature exceeds the upper limit. Disables PoE on all ports when the temperature drops below the lower limit. Examples # Disable PoE over-temperature protection. <Sysname> system-view [Sysname] undo poe temperature-protection enable poe update Use poe update to upgrade the PSE firmware when the device is operating.

  • Page 175: Poe-Profile

    Default The power alarm threshold for the PSE is 80%. Views System view Predefined user roles network-admin mdc-admin Parameters value: Specifies alarm threshold as a percentage of 1 to 99. pse pse-id: Specifies a PSE by its ID. Usage guidelines Only the default MDC supports this command.
  • Page 176 If you do not specify a profile index, the system automatically assigns an index (starting from 1) to the PoE profile. If a PoE profile is applied, use the undo apply poe-profile command to remove the application before deleting the PoE profile. Examples # Create a PoE profile, name it abc, and specify the index number as 3.

  • Page 177: Snmp Commands

    SNMP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts.
  • Page 178 Role name: bb Storage-type: nonVolatile Community name: userv1 Group name: testv1 Storage-type: nonvolatile Community name: cc Group name: cc ACL name: testacl Storage-type: nonVolatile Table 33 Command output Field Description Community name created by using the snmp-agent community Community name command or username created by using the snmp-agent usm-user { v1 | v2c } command.

  • Page 179: Display Snmp-Agent Context

    display snmp-agent context Use display snmp-agent context to display SNMP contexts. Syntax display snmp-agent context [ context-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If you do not specify this argument, the command displays all SNMP contexts.

  • Page 180: Display Snmp-Agent Local-Engineid

    Group name: groupv3 Security model: v3 noAuthnoPriv Readview: ViewDefault Writeview: <no specified> Notifyview: <no specified> Storage-type: nonvolatile ACL name: testacl Table 34 Command output Field Description Group name SNMP group name. Security model of the SNMP group: • authPriv—Authentication with privacy. •...

  • Page 181: Display Snmp-Agent Mib-Node

    Usage guidelines Every SNMP entity has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects. An SNMP engine ID uniquely identifies an SNMP entity in an SNMP domain. Examples # Display the local SNMP engine ID.
  • Page 182 |-ieee802dot1<1.0.8802.1>(NA) |-ieee802dot1mibs<1.0.8802.1.1>(NA) Table 35 Command output Field Description -std MIB node name. <1.0> OID of a MIB node. Permissions to MIB nodes: • NA—Not accessible. • NF—Notifications. • RO—Read-only access. (NA) • RW—Read and write access. • RC—Read-write-create access. • WO—Write-only access.
  • Page 183 Field Description OID of a MIB index node. # Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects. <Sysname> display snmp-agent mib-node trap-node Name |lldpRemTablesChange ||1.0.8802.1.1.2.0.0.1 Trap Object Name |||lldpStatsRemTablesInserts ||||1.0.8802.1.1.2.1.2.2 Name |||lldpStatsRemTablesDeletes ||||1.0.8802.1.1.2.1.2.3 Name |||lldpStatsRemTablesDrops ||||1.0.8802.1.1.2.1.2.4...
  • Page 184 Field Description MIB node types: • Table—Table node. • Row—Row node in a MIB table. • Column—Column node in a MIB table. NodeType • Leaf—Leaf node. • Group—Group node (parent node of a leaf node). • Trapnode—Notification node. • Other—Other node types. Permissions to MIB nodes: •...

  • Page 185: Display Snmp-Agent Mib-View

    display snmp-agent mib-view Use display snmp-agent mib-view to display MIB views. Syntax display snmp-agent mib-view [ exclude | include | viewname view-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters exclude: Displays the subtrees excluded from any MIB view. include: Displays the subtrees included in any MIB view.

  • Page 186: Display Snmp-Agent Remote

    MIB Subtree: snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type: excluded View status: active ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.

  • Page 187: Display Snmp-Agent Statistics

    case-sensitive string of 1 to 31 characters. If the remote SNMP entity belongs to the public network, do not specify this option. Usage guidelines Every SNMP entity has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects. An SNMP engine ID uniquely identifies an SNMP entity in an SNMP domain.
  • Page 188 5 messages were for an unsupported version. 0 messages used an unknown SNMP community name. 0 messages represented an illegal operation for the community supplied. 0 ASN.1 or BER errors in the process of decoding. 1679 messages passed from the SNMP entity. 0 SNMP PDUs had badValue error-status.

  • Page 189: Display Snmp-Agent Sys-Info

    Field Description Number of getBulk requests that have been GetBulkRequest-PDU accepted and processed received and processed. Number of get responses that have been GetResponse-PDU accepted and processed received and processed. Number of set requests that have been SetRequest-PDU accepted and processed received and processed.

  • Page 190: Display Snmp-Agent Trap Queue

    SNMPv3 Related commands snmp-agent sys-info display snmp-agent trap queue Use display snmp-agent trap queue to display basic information about the trap queue. Syntax display snmp-agent trap queue Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display the trap queue configuration and usage status. <Sysname>...

  • Page 191: Display Snmp-Agent Usm-User

    To determine whether a module supports SNMP notifications, execute the snmp-agent trap enable ? command. The display snmp-agent trap-list command output varies by the snmp-agent trap enable command configuration and the module configuration. Examples # Display SNMP notifications enabling status for modules. <Sysname>...
  • Page 192 <Sysname> display snmp-agent usm-user Username: userv3 Group name: mygroupv3 Engine ID: 800063A203000FE240A1A6 Storage-type: nonVolatile UserStatus: active ACL: 2000 Username: userv3 Group name: mygroupv3 Engine ID: 8000259503000BB3100A508 Storage-type: nonVolatile UserStatus: active ACL name: testacl Username: userv3code Role name: groupv3code network-operator Engine ID: 800063A203000FE240A1A6 Storage-type: nonVolatile UserStatus: active Username: userv3code...

  • Page 193: Enable Snmp Trap Updown

    Field Description Number of the ACL. This field appears only when an ACL is specified for the SNMPv3 user. It is exclusive with the ACL name field. Name of the ACL. ACL name This field appears only when an ACL is specified for the SNMPv3 user. It is exclusive with the ACL field.

  • Page 194: Snmp-Agent

    snmp-agent Use snmp-agent to enable the SNMP agent. Use undo snmp-agent to disable the SNMP agent. Syntax snmp-agent undo snmp-agent Default The SNMP agent is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command.

  • Page 195: Snmp-Agent Calculate-Password

    trap: Specifies traps. interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094. Usage guidelines The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface or subinterface as the source IP address in all its SNMP informs or traps, regardless of their outgoing interfaces.
  • Page 196 mode: Specifies an authentication algorithm and encryption algorithm. The device supports the HMAC-MD5 and HMAC-SHA1 authentication algorithms. The HMAC-MD5 algorithm is faster than the HMAC-SHA1 algorithm. The HMAC-SHA1 algorithm provides more security than the HMAC-MD5 algorithm. The AES256, AES192, AES, 3DES, and DES encryption algorithms (in descending order of security strength) are available for the device.

  • Page 197: Snmp-Agent Community

    snmp-agent community Use snmp-agent community to configure an SNMPv1 or SNMPv2c community. Use undo snmp-agent community to delete an SNMPv1 or SNMPv2c community. Syntax In VACM mode: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] * undo snmp-agent community [ cipher ] community-name...
  • Page 198 acl ipv6: Specifies a basic or advanced IPv6 ACL for the community. ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999.

  • Page 199: Snmp-Agent Community-Map

    Examples # Create the read-only community with the plaintext form name readaccess so an SNMPv1 or SNMPv2c NMS can use the community name readaccess to read the MIB objects in the default view ViewDefault. <Sysname> system-view [Sysname] snmp-agent sys-info version v1 v2c [Sysname] snmp-agent community read simple readaccess # Create the read and write community with the plaintext form name writeaccess so only the SNMPv2c NMS at 1.1.1.1 can use the community name writeaccess to read or set the MIB objects...

  • Page 200: Snmp-Agent Context

    Default No mapping exists between an SNMP community and an SNMP context. Views System view Predefined user roles network-admin mdc-admin Parameters community-name: Specifies an SNMP community, a case-sensitive string of 1 to 32 characters. context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters. Usage guidelines This command enables a module on an agent to obtain the context mapped to a community name when an NMS accesses the agent by using SNMPv1 or SNMPv2c.

  • Page 201: Snmp-Agent Group

    You can create a maximum of 20 SNMP contexts. Examples # Create SNMP context testcontext. <Sysname> system-view [Sysname] snmp-agent context testcontext Related commands display snmp-agent context snmp-agent group Use snmp-agent group to create an SNMP group. Use undo snmp-agent group to delete an SNMP group. Syntax In non-FIPS mode: •...
  • Page 202 privacy: Specifies the authentication with privacy security model for the SNMPv3 group. read-view view-name: Specifies a read-only MIB view. The view-name represents a MIB view name, a case-sensitive string of 1 to 32 characters. If you do not specify a read-only MIB view, the SNMP group has read access to the default view ViewDefault.

  • Page 203: Snmp-Agent Local-Engineid

    Security model Security key Security model Remarks keyword for the settings for the group user The authentication and No authentication, no Neither authentication encryption keys, if None nor privacy privacy configured, do not take effect. You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent.

  • Page 204: Snmp-Agent Log

    Usage guidelines An SNMP engine ID uniquely identifies a device in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems. If you have configured SNMPv3 users, change the local SNMP engine ID only when necessary. The change can void the SNMPv3 usernames and encrypted keys you have configured.

  • Page 205: Snmp-Agent Mib-View

    <Sysname> system-view [Sysname] snmp-agent log get-operation # Enable logging SNMP Set operations. <Sysname> system-view [Sysname] snmp-agent log set-operation # Enable logging SNMP authentication failures. <Sysname> system-view [Sysname] snmp-agent log authfail snmp-agent mib-view Use snmp-agent mib-view to create or update a MIB view. Use undo snmp-agent mib-view to delete a MIB view.

  • Page 206: Snmp-Agent Packet Max-Size

    Examples # Include the mib-2 (OID 1.3.6.1.2.1) subtree in the mibtest view and exclude the system subtree from this view. <Sysname> system-view [Sysname] snmp-agent sys-info version v1 [Sysname] snmp-agent mib-view included mibtest 1.3.6.1.2.1 [Sysname] snmp-agent mib-view excluded mibtest system [Sysname] snmp-agent community read public mib-view mibtest An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree but not any object (for example, the sysDescr or sysObjectID node) in the system subtree.

  • Page 207: Snmp-Agent Remote

    Use undo snmp-agent port to restore the default. Syntax snmp-agent port port-number undo snmp-agent port Default The device uses UDP port 161 for receiving SNMP packets. Views System view Predefined user roles network-admin mdc-admin Parameters port-number: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default port number is 161.

  • Page 208: Snmp-Agent Sys-Info Contact

    Parameters ipv4-address: Specifies a remote SNMP entity by its IPv4 address. ipv6 ipv6-address: Specifies a remote SNMP entity by its IPv6 address. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the remote SNMP entity belongs. The vpn-instance-name argument represents the VPN instance name. a case-sensitive string of 1 to 31 characters.

  • Page 209: Snmp-Agent Sys-Info Location

    Examples # Configure the system contact as Dial System Operator # 27345. <Sysname> system-view [Sysname] snmp-agent sys-info contact Dial System Operator # 27345 Related commands display snmp-agent sys-info snmp-agent sys-info location Use snmp-agent sys-info location to configure the system location. Use undo snmp-agent sys-info location to restore the default location.

  • Page 210: Snmp-Agent Target-Host

    snmp-agent sys-info version v3 undo snmp-agent sys-info version v3 Default SNMPv3 is enabled. Views System view Predefined user roles network-admin mdc-admin Parameters all: Specifies SNMPv1, SNMPv2c, and SNMPv3. v1: Specifies SNMPv1. v2c: Specifies SNMPv2c. v3: Specifies SNMPv3. Usage guidelines SNMPv1 and SNMPv2c settings in this command are not supported in FIPS mode. Configure the SNMP agent with the same SNMP version as the NMS for successful communications between them.
  • Page 211 snmp-agent target-host trap address udp-domain { ipv4-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy } undo snmp-agent target-host { trap | inform } address udp-domain { ipv4-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] Default No SNMP notification target hosts exist.

  • Page 212: Snmp-Agent Trap Enable

    If none of the keywords v1, v2c, or v3 is specified, SNMPv1 is used. Make sure the SNMP agent uses the same SNMP version as the target host so the host can receive the notification. If neither authentication nor privacy is specified, the security model is no authentication, no privacy.

  • Page 213: Snmp-Agent Trap If-Mib Link Extended

    Table 45 Standard SNMP notifications Keyword Definition Authentication failure notification sent when an NMS fails to be authenticated by the authentication SNMP agent. coldstart Notification sent when the device restarts. linkdown Notification sent when the link of a port goes down. linkup Notification sent when the link of a port comes up.

  • Page 214: Snmp-Agent Trap Life

    When you use this command, make sure the NMS supports the extended linkup and linkDown notifications. Examples # Enable extended linkUp/linkDown notifications. <Sysname> system-view [Sysname] snmp-agent trap if-mib link extended snmp-agent trap life Use snmp-agent trap life to set the lifetime of notifications in the SNMP notification queue. Use undo snmp-agent trap life to restore the default notification lifetime.

  • Page 215: Snmp-Agent Trap Periodical-Interval

    Default SNMP notification logging is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends the logs to the information center. You can configure the information center to output the logs to a destination as needed.

  • Page 216: Snmp-Agent Trap Queue-Size

    <Sysname> system-view [sysname] snmp-agent trap periodical-interval 0 Related commands snmp-agent target-host snmp-agent trap enable snmp-agent trap queue-size Use snmp-agent trap queue-size to set the SNMP notification queue size. Use undo snmp-agent trap queue-size to restore the default queue size. Syntax snmp-agent trap queue-size size undo snmp-agent trap queue-size Default...
  • Page 217 Syntax snmp-agent usm-user { v1 | v2c } user-name group-name [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] * undo snmp-agent usm-user { v1 | v2c } user-name Default No SNMPv1 or SNMPv2c users exist. Views System view Predefined user roles...

  • Page 218: Snmp-Agent Usm-User V3

    You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group: •...
  • Page 219 snmp-agent usm-user v3 user-name group-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { 3des | aes128 | aes192 | aes256 | des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] * undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }...
  • Page 220 vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the target host belongs to. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the target host belongs to the public network, do not specify this option. cipher: Specifies an authentication key and an encryption key in encrypted form.
  • Page 221 range of 10 to 64. If you change the local engine ID, the existing SNMPv3 users and keys become invalid. To delete an invalid username, specify the engine ID associated with the username in the undo snmp-agent usm-user v3 command. Usage guidelines Only users with the network-admin, mdc-admin or level-15 user role can execute this command.
  • Page 222 • SNMPv3 username. • SNMP protocol version. • Authentication algorithm and key. # Add user testUser to SNMPv3 group testGroup, and enable authentication and encryption for the group. Specify authentication algorithm HMAC-SHA1, encryption algorithm AES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.

  • Page 223: Snmp-Agent Usm-User V3 User-Role

    snmp-agent usm-user v3 user-role Use snmp-agent usm-user v3 user-role to assign a user role to an SNMPv3 user created in RBAC mode. Use undo snmp-agent usm-user user-role to remove a user role. Syntax snmp-agent usm-user v3 user-name user-role role-name undo snmp-agent usm-user v3 user-name user-role role-name Default An SNMPv3 user has the user role assigned to it at its creation.

  • Page 224: Rmon Commands

    RMON commands display rmon alarm Use display rmon alarm to display information about RMON alarm entries. Syntax display rmon alarm [ entry-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters entry-number: Specifies an alarm entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all RMON alarm entries.

  • Page 225: Display Rmon Event

    Field Description Sample type: • Sample type absolute. • delta. Sampled variable Monitored variable. Sampling interval Interval (in seconds) at which data is sampled. Rising threshold Alarm rising threshold. associated with event Event index associated with the alarm.. Falling threshold Alarm falling threshold.

  • Page 226: Display Rmon Eventlog

    Examples # Display information about all RMON event entries. <Sysname> display rmon event EventEntry 1 owned by user1 is VALID. Description: N/A Community: Security Take the action log-trap when triggered, last triggered at 0days 00h:02m:27s uptime. Table 47 Command output Field Description Event entry owner and status:...
  • Page 227 Parameters entry-number: Specifies an event entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays log entries for all event entries. Usage guidelines If the log action is specified for an event, the system adds a record in the event log table each time the event occurs.

  • Page 228: Display Rmon History

    Related commands rmon event display rmon history Use display rmon history to display RMON history control entries and history samples of Ethernet statistics for Ethernet interfaces. Syntax display rmon history [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin...
  • Page 229 Table 49 Command output Field Description Status and owner of the history control entry: • entry-number—History control entry index. • owner—Entry owner. • status—Entry status: VALID—The entry is valid. HistoryControlEntry  entry-number owned by UNDERCREATION—The entry is invalid.  owner is status. The status field is not configurable at the CLI.

  • Page 230: Display Rmon Prialarm

    Related commands rmon history display rmon prialarm Use display rmon prialarm to display information about RMON private alarm entries. Syntax display rmon prialarm [ entry-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all private alarm entries.

  • Page 231: Display Rmon Statistics

    Field Description Sample type: • Sample type absolute. • delta. Variable formula Variable formula. Description Description of the alarm. Sampling interval Interval (in seconds) at which data is sampled. Rising threshold Alarm rising threshold. Falling threshold Alarm falling threshold. associated with event Event index associated with the alarm..
  • Page 232 Examples # Display RMON statistics for Ten-GigabitEthernet 1/0/1. <Sysname> display rmon statistics ten-gigabitethernet 1/0/1 EtherStatsEntry 1 owned by user1 is VALID. Interface : Ten-GigabitEthernet1/0/1<ifIndex.3> etherStatsOctets : 43393306 , etherStatsPkts : 619825 etherStatsBroadcastPkts : 503581 , etherStatsMulticastPkts : 44013 etherStatsUndersizePkts , etherStatsOversizePkts etherStatsFragments , etherStatsJabbers etherStatsCRCAlignErrors : 0...

  • Page 233: Rmon Alarm

    Field Description Incoming-packet statistics by packet length: • 64—Number of packets with a lengthequal to 64 bytes. • 65-127—Number of 65- to 127-byte packets. • 128-255—Number of 128- to 255-byte packets. Incoming packets by size: • 256-511—Number of 256- to 511-byte packets. •...
  • Page 234 sampling-interval: Sets the sampling interval in the range of 5 to 65535 seconds. absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds. delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current sampled value, and then compares the difference with the rising and falling thresholds.

  • Page 235: Rmon Event

    [Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising-threshold 5000 1 falling-threshold 5 2 owner user1 In this example, you can replace 1.3.6.1.2.1.16.1.1.1.4.1 with etherStatsOctets.1, where 1 is the statistics entry index for the interface. If you execute the rmon statistics 5 command, you can use etherStatsOctets.5 to replace 1.3.6.1.2.1.16.1.1.1.4.5.

  • Page 236: Rmon History

    Usage guidelines You can create a maximum of 60 event entries. You can associate an event entry with a standard or private alarm entry to specify the action to take when an alarm condition occurs. Depending on your configuration, the system logs the event, sends an SNMP notification, does both, or does neither.

  • Page 237: Rmon Prialarm

    If an Ethernet interface has a history control entry, RMON periodically samples packet statistics on the interface and stores the samples to the history table. When the bucket size for the history control entry is reached, RMON overwrites the oldest sample with the most recent sample. You can create multiple RMON history control entries for an Ethernet interface.
  • Page 238 delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current sampled value, and then compares the difference with the rising and falling thresholds. startup-alarm: Specifies alarms that can be generated at the first sampling when a rising or falling threshold is reached or exceeded.

  • Page 239: Rmon Statistics

    [Sysname] rmon event 1 log [Sysname] rmon event 2 none [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] rmon statistics 1 [Sysname-Ten-GigabitEthernet1/0/1] quit [Sysname] rmon prialarm 1 (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1) BroadcastPktsRatioOfXGE1/0/1 10 absolute rising-threshold 80 1 falling-threshold 5 2 entrytype forever owner user1 The last number in the OID forms of variables must be the same as the statistics entry index for the interface.
  • Page 240 [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] rmon statistics 20 owner user1 Related commands display rmon statistics...

  • Page 241: Netconf Commands

    NETCONF commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. netconf capability specific-namespace Use netconf capability specific-namespace to configure the device to use module-specific namespaces.

  • Page 242: Netconf Log

    The NETCONF session idle timeout time is 0 minutes for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. The sessions never time out. Views System view Predefined user roles network-admin mdc-admin Parameters soap: Specifies the NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.
  • Page 243 For example, if you perform a NETCONF operation to create VLANs 3 through 5, the device outputs the following log messages: %Mar 21 17:11:34:479 2017 HPE XMLSOAP/6/XML_REQUEST: test from 192.168.100.198, session id 2,message-id 100, receive edit-config request.

  • Page 244: Netconf Soap Acl

    Examples # Configure the device to log NETCONF edit-config information sourced from agent clients. <Sysname> system-view [Sysname] netconf log source agent protocol-operation set netconf soap acl Use netconf soap acl to apply an ACL to NETCONF over SOAP traffic. Use undo netconf soap acl to restore the default. Syntax In non-FIPS mode: netconf soap { http | https } acl { acl-number | name acl-name }...

  • Page 245: Netconf Soap Domain

    netconf soap domain Use netconf soap domain to specify a mandatory authentication domain for NETCONF users. Use undo netconf soap domain to restore the default. Syntax netconf soap domain domain-name undo netconf soap domain domain-name Default No mandatory authentication domain is specified for NETCONF users. Views System view Predefined user roles...

  • Page 246: Netconf Soap Enable

    undo netconf soap https dscp Default The DSCP value is 0 for outgoing NETCONF over SOAP packets. Views System view Predefined user roles network-admin mdc-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. A larger DSCP value represents a higher priority.

  • Page 247: Netconf Ssh Server Enable

    Parameters http: Specifies NETCONF over SOAP over HTTP. https: Specifies NETCONF over SOAP over HTTPS. Usage guidelines This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP or HTTPS packets. Examples # Enable NETCONF over SOAP over HTTP. <Sysname>...

  • Page 248: Xml

    Syntax netconf ssh server port port-number undo netconf ssh server port Default The device uses port 830 to listen for NETCONF over SSH session requests. Views System view Predefined user roles network-admin mdc-admin Parameters port-number: Specifies a port by its number in the range of 1 to 65535. Usage guidelines Make sure the specified port is not being used by other services.
  • Page 249 User role NETCONF operations • • Get-bulk • network-operator Get-bulk-config • Get-config mdc-operator • Get-sessions • Close-session To ensure the format correctness of NETCONF messages in XML view, do not enter NETCONF messages manually. Copy and paste the messages. While the device is performing a NETCONF operation, do not perform any other operations, such as pasting a NETCONF message or pressing Enter.
  • Page 250 </close-session> </rpc>]]>]]> <Sysname>...

  • Page 251: Eaa Commands

    EAA commands action cli Use action cli to add a CLI action to a monitor policy. Use undo action to remove an action. Syntax action number cli command-line undo action number Default A monitor policy does not contain any actions. Views CLI-defined policy view Predefined user roles...

  • Page 252: Action Reboot

    [Sysname-rtm-test] action 3 cli shutdown action reboot Use action reboot to add a reboot action to a monitor policy. Use undo action to remove an action. Syntax In standalone mode: action number reboot [ slot slot-number [ subslot subslot-number ] ] undo action number In IRF mode: action number reboot [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ]...

  • Page 253: Action Switchover

    [Sysname-rtm-test] action 3 reboot slot 1 action switchover Use action switchover to add an active/standby switchover action to a monitor policy. Use undo action to remove an action. Syntax action number switchover undo action number Default A monitor policy does not contain any actions. Views CLI-defined policy view Predefined user roles...

  • Page 254: Commit

    undo action number Default A monitor policy does not contain any actions. Views CLI-defined policy view Predefined user roles network-admin mdc-admin Parameters number: Specifies an action ID in the range of 0 to 231. priority priority: Specifies the log severity level in the range of 0 to 7. A lower value represents a higher severity level.

  • Page 255: Display Rtm Environment

    mdc-admin Usage guidelines You must execute this command for a CLI-defined monitor policy to take effect. After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect. Examples # Enable CLI-defined monitor policy test. <Sysname>...

  • Page 256: Display Rtm Policy

    display rtm policy Use display rtm policy to display information about EAA monitor policies. Syntax display rtm policy { active | registered [ verbose ] } [ policy-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters active: Specifies policies that are executing the actions.

  • Page 257: Event Cli

    Aug 29 14:54:50 2013 test Table 56 Command output Field Description Total number Total number of the monitor policies. Policy creation method: • TCL—The policy was configured by using Tcl. Type • CLI—The policy was configured from the CLI. Event type, including CLI, hotplug, interface, process, SNMP, SNMP-Notification, Event Syslog, and track.
  • Page 258 Default No CLI event is configured. Views CLI-defined policy view Predefined user roles network-admin mdc-admin Parameters async [ skip ]: Enables or disables the system to execute the command that triggers the policy. If you specify the skip keyword, the system executes the actions in the policy without executing the command that triggers the policy.

  • Page 259: Event Hotplug

    event hotplug Use event hotplug to configure a hot-swapping event. Use undo event to delete the event in a CLI-defined monitor policy. Syntax In standalone mode: event hotplug [ insert | remove ] slot slot-number [ subslot subslot-number ] undo event In IRF mode: event hotplug [ insert | remove ] chassis chassis-number slot slot-number [ subslot subslot-number ]...

  • Page 260: Event Interface

    event interface Use event interface to configure an interface event for a CLI-defined monitor policy. Use undo event to delete the event in a CLI-defined monitor policy. Syntax event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ] undo event Default No interface event is configured.

  • Page 261: Event Process

    Monitored traffic statistic Description tx-pps Transmit rate, in packets per second Table 59 Comparison operators Comparison operator Description Equal to. Greater than or equal to. Greater than. Less than or equal to. Less than. Not equal to. Usage guidelines Use interface event monitor policies to monitor traffic statistics on an interface. You can configure only one event for a monitor policy.
  • Page 262 Syntax In standalone mode: event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ] undo event In IRF mode: event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ chassis chassis-number [ slot slot-number ] ] undo event Default...

  • Page 263: Event Snmp Oid

    [Sysname-rtm-test] event process restart name snmpd event snmp oid Use event snmp oid to configure an SNMP event for a CLI-defined monitor policy. Use undo event to delete the event in a CLI-defined monitor policy. Syntax event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ] undo event Default...

  • Page 264: Event Snmp-Notification

    • The monitored variable's value crosses the start threshold each time after it crosses the restart threshold. The following is the SNMP event monitor process of EAA: Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.

  • Page 265: Event Syslog

    op op: Specifies the operator for comparing the sampled value with the threshold. The policy is executed if the comparison result meets the condition. For keywords available for the start-op argument, see Table drop: Drops the notification if the comparison result meets the condition. If you do not specify this keyword, the system sends the notification.

  • Page 266: Event Track

    occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds. Usage guidelines Use Syslog event monitor policies to monitor log messages.

  • Page 267: Rtm Cli-Policy

    suppress-time suppress-time: Sets a suppress time in the range of 1 to 4294967295, in seconds. The default value is 0. Usage guidelines Use track event monitor policies to monitor state change of track entries. If you specify one track entry for a policy, EAA triggers the policy when the state of the track entry changes from Positive to Negative or from Negative to Positive.

  • Page 268: Rtm Environment

    Usage guidelines You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy. For a CLI-defined monitor policy to take effect, you must execute the commit command after you complete configuring the policy. You can execute this command multiple times to create multiple CLI-defined monitor policies.

  • Page 269: Rtm Event Syslog Buffer-Size

    Variable name Description ID of the subslot where subcard hot-swapping occurs. This variable is not _subslot supported by the device. Interface: _ifname Interface name. SNMP: _oid OID of the MIB variable where an SNMP operation is performed. _oid_value Value of the MIB variable. SNMP-Notification: _oid OID that is included in the SNMP notification.

  • Page 270: Rtm Scheduler Suspend

    Default The size of the EAA-monitored log buffer is 50000. Views System view Predefined user roles network-admin mdc-admin Parameters buffer-size: Specifies the size for the EAA-monitored log buffer, in the range of 1 to 500000. Usage guidelines After you execute a Syslog event monitor policy, the system saves a copy of the logs to the EAA-monitored log buffer.

  • Page 271: Rtm Tcl-Policy

    This command does not suspend a running monitor policy until all its actions are executed. Examples # Suspend monitor policies. <Sysname> system-view [Sysname] rtm scheduler suspend rtm tcl-policy Use rtm tcl-policy to create a Tcl-defined policy and bind it to a Tcl script file. Use undo rtm tcl-policy to delete a Tcl policy.

  • Page 272: Running-Time

    running-time Use running-time to configure the runtime of a CLI-defined policy. Use undo running-time to restore the default. Syntax running-time time undo running-time Default The runtime of a CLI-defined policy is 20 seconds. Views CLI-defined policy view Predefined user roles network-admin mdc-admin Parameters...
  • Page 273 mdc-admin Parameters role-name: Specifies a user role by its name, a case-sensitive string of 1 to 63 characters. Usage guidelines For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources.

  • Page 274: Process Monitoring And Maintenance Commands

    Process monitoring and maintenance commands The display memory, display process, display process cpu, monitor process and monitor thread commands display information about both user processes and kernel threads. In these commands, "process" refers to both user processes and kernel threads. display exception context Use display exception context to display context information for process exceptions.
  • Page 275 Core file path: flash:/core/node0_routed_120_7_20130409-171430_1365527670.core 0xb7caba4a 0x0804cb79 0xb7cd77c4 0x08049f45 Backtrace stopped. Registers' content eax:0xfffffffc ebx:0x00000003 ecx:0xbfe244ec edx:0x0000000a esp:0xbfe244b8 ebp:0xbfe244c8 esi:0xffffffff edi:0xbfe24674 eip:0xb7caba4a eflag:0x00000292 cs:0x00000073 ss:0x0000007b ds:0x0000007b es:0x0000007b fs:0x00000000 gs:0x00000033 # Display the exception context information on the x86-based 64-bit terminal. <Sysname> display exception context Index 1 of 1 ------------------------------ Crashed PID: 121 (routed)
  • Page 276 Core file path: flash:/core/node0_routed_133_7_20130410-154749_1365608869.core 0x184720bc 0x10006b4c Backtrace stopped. Registers' content grp00: 0x000000ee 0x7ffd6ad0 0x1800f440 0x00000004 grp04: 0x7ffd6af8 0x0000000a 0xffffffff 0x184720bc grp08: 0x0002d200 0x00000003 0x00000001 0x1847209c grp12: 0x10006b4c 0x10020534 0xd6744100 0x00000000 grp16: 0x00000000 0xa0203ff0 0xa028b12c 0xa028b13c grp20: 0xa028b148 0xa028b168 0xa028b178 0xa028b190 grp24: 0xa028b1a8 0xa028b1b8 0x00000000 0x7ffd6c08 grp28: 0x10006cac 0x7ffd6f92 0x184c1b84 0x7ffd6ae0 nip:0x184720bc...
  • Page 277 nip:0x00000fff803c66b4 lr:0x0000000010009b94 cr:0x0000000058000482 ctr:0x00000fff803c66ac msr:0x000000008002d000 xer:0x0000000000000000 ret:0xfffffffffffffffc dsisr:0x0000000000000000 gr3:0x0000000000000003 softe:0x0000000000000001 trap:0x0000000000000c00 dar:0x00000fff8059d14c # Display the exception context information on the MIPS-based 32-bit terminal. <Sysname> display exception context Index 1 of 1 ------------------------------ Crashed PID: 182 (routed) Crash signal: SIGBUS Crash time: Sun Jan 2 08:11:38 2013 Core file path: flash:/core/node4_routed_182_10_20130102-081138_1293955898.core...

  • Page 278: Display Exception Filepath

    a6:0xffffffff8021349c a7:0x20696e206368616e t0:0x0000000000000000 t1:0xffffffff80105068 t2:0xffffffff80213890 t3:0x0000000000000008 s0:0x0000005555a99c40 s1:0x000000ffff89af5f s2:0x0000000120007320 s3:0x0000005555a5f470 s4:0x000000ffff899f80 s5:0xffffffff803cc6c0 s6:0xffffffff803cc6a8 s7:0xffffffff803cc690 t8:0x0000000000000002 t9:0x0000005555a3bc98 k0:0x0000000000000000 k1:0x0000000000000000 gp:0x0000000120020460 sp:0x000000ffff899d70 s8:0x000000ffff899d80 ra:0x0000000120006c1c sr:0x000000000400fff3 lo:0xdf3b645a1cac08c9 hi:0x000000000000007f bad:0x000000555589ba84 cause:0x0000000000800020 pc:0x0000005555a3bcb4 Table 61 Command output Filed Description Crashed PID ID of the crashed process. Signals that led to the crash: •...

  • Page 279: Display Kernel Deadloop

    Views Any view Predefined user roles network-admin mdc-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays the core file directory on the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays the core file directory on the global active MPU.
  • Page 280 Examples # (In standalone mode.) Display brief information about the most recent kernel thread deadloop. <Sysname> display kernel deadloop 1 ----------------- Deadloop record 1 ----------------- Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306] Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01...
  • Page 281 Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ; Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ; Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ; Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;...

  • Page 282: Display Kernel Deadloop Configuration

    Function Address = 0x8012d734 Function Address = 0x80100a00 Function Address = 0xe0071004 Function Address = 0x8016ce0c Function Address = 0x801223a0 Instruction dump: 41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80 4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c Table 62 Command output Field Description Description for the kernel thread deadloop, including the CPU number,...
  • Page 283 Syntax In standalone mode: display kernel deadloop configuration [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel deadloop configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin mdc-admin Parameters slot slot-number: Specifies an MPU by its slot number.

  • Page 284: Display Kernel Exception

    display kernel exception Use display kernel exception to display kernel thread exception information. Syntax In standalone mode: display kernel exception show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel exception show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
  • Page 285 module name (disk) module address (0xe00bd000) # (In standalone mode.) Display detailed information about the most recent kernel thread exception. <Sysname> display kernel exception 1 verbose ----------------- Exception record 1 ----------------- Description : Oops[#0] Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Instruction address...
  • Page 286 0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00 0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00...

  • Page 287: Display Kernel Reboot

    display kernel reboot Use display kernel reboot to display reboot information for cards. Syntax In standalone mode: display kernel reboot show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel reboot show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
  • Page 288 <Sysname> display kernel reboot 1 verbose ----------------- Reboot record 1 ----------------- Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Reason : 0x31 Thread : comsh (TID: 16306) Context : thread context Slot Target Slot VCPU ID Kernel module info : module name (mrpnc) module address (0xe332a000) module name (12500) module address (0xe00bd000) Last 5 thread switches : migration/0 (11:16:00.823018)-->...
  • Page 289 0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00 0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0 0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70 0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44 Call trace:...

  • Page 290: Display Kernel Starvation

    display kernel starvation Use display kernel starvation to display kernel thread starvation information. Syntax In standalone mode: display kernel starvation show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel starvation show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
  • Page 291 Description : INFO: task comsh: 16306 blocked for more than 10 seconds. Recorded at : 2013-05-01 11:16:00.823018 Occurred at : 2013-05-01 11:16:00.823018 Instruction address : 0x4004158c Thread : comsh (TID: 16306) Context : thread context Slot VCPU ID Kernel module info : module name (mrpnc) module address (0xe332a000) module name (12500) module address (0xe00bd000) Last 5 thread switches : migration/0 (11:16:00.823018)-->...
  • Page 292 0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00 0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0 0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4 0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08...

  • Page 293: Display Kernel Starvation Configuration

    display kernel starvation configuration Use display kernel starvation configuration to display kernel thread starvation detection configuration. Syntax In standalone mode: display kernel starvation configuration [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display kernel starvation configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...

  • Page 294: Display Process

    display process Use display process to display process state information. Syntax In standalone mode: display process [ all | job job-id | name process-name ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display process [ all | job job-id | name process-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view...
  • Page 295 Max. core: 0 ARGS: - LAST_CPU Stack State HH:MM:SS:MSEC Name 0:0:5:220 scmd Table 66 Command output Field Description Job ID Job ID of the process. The job ID never changes. Number of the process. The number identifies the process, and it might change as the process restarts.
  • Page 296 Field Description Name Process name. # Display state information for all processes. <Sysname> display process all PID %CPU %MEM STAT PRI THIRD TTY HH:MM:SS COMMAND 00:00:04 scmd 00:00:00 [kthreadd] 00:00:00 [migration/0] 00:00:05 [ksoftirqd/0] 00:00:00 [watchdog/0] 00:00:00 [events/0] 00:00:00 [khelper] 00:00:00 [kblockd/0] 00:00:00 [ata/0] 00:00:00 [ata_aux] 00:00:00 [kseriod]...

  • Page 297: Display Process Cpu

    Field Description Running time since the most recent start. If the running time reaches or exceeds 100 HH:MM:SS hours, this field displays only the number of hours. Name and parameters of a process. If square brackets ([ ]) exist in a process name, COMMAND the process is a kernel thread.

  • Page 298: Display Process Log

    Field Description Job ID of a process. It never changes. 5Sec CPU usage of the process within the last 5 seconds. 1Min CPU usage of the process within the last minute. 5Min CPU usage of the process within the last 5 minutes. Name of the process.

  • Page 299: Display Process Memory

    pkg_update 12-17 07:10:30 12-17 07:10:31 Table 69 Command output Field Description Process Name of a user process. JobID Job ID of a user process. ID of a user process. Indicates whether the process exited abnormally: • Y—Yes. Abort • N—No. Indicates whether the process can generate core files: •...

  • Page 300: Display Process Memory Heap

    Usage guidelines When a user process starts, it requests the following types of memory from the system: • Text memory—Stores code for the user process. • Data memory—Stores data for the user process. • Stack memory—Stores temporary data. • Dynamic memory—Heap memory dynamically assigned and released by the system according to the needs of the user process.
  • Page 301 In IRF mode: display process memory heap job job-id [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters job job-id: Specifies a user process by its job ID, in the range of 1 to 2147483647. verbose: Displays detailed information.

  • Page 302: Display Process Memory Heap Address

    81920 Summary: Total virtual memory heap space (in bytes) 2293760 Total physical memory heap space (in bytes) : 58368 Total allocated memory (in bytes) 42368 Table 71 Command output Field Description Size Size of each memory block, in bytes. Free Number of free memory blocks.

  • Page 303: Display Process Memory Heap Size

    chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU.

  • Page 304: Exception Filepath

    offset offset-size: Specifies an offset in the range of 0 to 4294967295. The default value is 128. For example, suppose the system allocates 100 16-byte memory blocks to process job 1, and the process has used 66 blocks. Then if you execute the display process memory heap job 1 size 16 offset 50 command, the output shows the addresses of the 51 through 66 16-byte blocks used by...

  • Page 305: Monitor Kernel Deadloop Action

    Views User view Predefined user roles network-admin mdc-admin Parameters directory: Specifies the directory for saving core files. Usage guidelines (In standalone mode.) The specified directory must be the root directory of a file system on the active MPU. (In IRF mode.) The specified directory must be the root directory of a file system on the global active MPU.

  • Page 306: Monitor Kernel Deadloop Enable

    Views System view Predefined user roles network-admin Parameters reboot: Logs the event and reboots the specified slot or CPU. record-only: Logs the event. slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command specifies the action for the active MPU.

  • Page 307: Monitor Kernel Deadloop Exclude-Thread

    Views System view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified.

  • Page 308: Monitor Kernel Deadloop Time

    undo monitor kernel deadloop exclude-thread [ tid ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Default Kernel thread deadloop detection monitors all kernel threads. Views System view Predefined user roles network-admin Parameters tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.

  • Page 309: Monitor Kernel Starvation Enable

    undo monitor kernel deadloop time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Default The interval for identifying a kernel thread deadloop is 45 seconds. Views System view Predefined user roles network-admin Parameters time time: Specifies the interval for identifying a kernel thread deadloop, in the range of 1 to 65535 seconds.

  • Page 310: Monitor Kernel Starvation Exclude-Thread

    Default Kernel thread starvation detection is disabled. Views System view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified.

  • Page 311: Monitor Kernel Starvation Time

    monitor kernel starvation exclude-thread tid [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] undo monitor kernel starvation exclude-thread [ tid ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Default Kernel thread starvation detection, if enabled, monitors all kernel threads. Views System view Predefined user roles...

  • Page 312: Monitor Process

    undo monitor kernel starvation time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Default The interval for identifying a kernel thread starvation is 120 seconds. Views System view Predefined user roles network-admin Parameters time time: Specifies the interval for identifying a kernel thread starvation, in the range of 1 to 65535 seconds.
  • Page 313 Predefined user roles network-admin mdc-admin Parameters dumbtty: Specifies dumbtty mode. In this mode, the command displays process statistics in descending order of CPU usage without refreshing statistics. If you do not specify this keyword, the command displays statistics for the top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.
  • Page 314 Commands Description > Moves sort field to the next right column. Examples # Display process statistics in dumbtty mode. In this mode, the system displays process statistics once, and then returns to command view. <Sysname> monitor process dumbtty 76 processes; 103 threads; 687 fds Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie CPU states: 77.16% idle, 0.00% user, 14.96% kernel, 7.87% interrupt Memory: 496M total, 341M available, page size 4K...
  • Page 315 4797 4797 28832K 00:00:03 0.00% comsh Five seconds later, the system refreshes process statistics as follows (which is the same as executing the monitor process dumbtty command twice at a 5-second interval): 76 processes; 103 threads; 687 fds Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie CPU states: 78.71% idle, 0.16% user, 14.86% kernel, 6.25% interrupt Memory: 496M total, 341M available, page size 4K State...
  • Page 316 Toggle SMP view: '1' single/separate states Sort by the CPU field(default) Set the delay interval between screen updates Sort by number of open files Kill a job Refresh the screen Sort by memory used Set the maximum number of processes to display Quit the interactive display Sort by run time of processes since last restart <...

  • Page 317: Monitor Thread

    5384K 00:00:01 0.00% dbmd 2464K 00:00:02 0.00% ipbased 1956K 00:00:00 0.00% 61592K 00:00:00 0.00% routed 1160 1160 23096K 00:00:01 0.19% sshd • Enter q to quit interactive mode. Table 73 Command output Field Description 84 processes; 107 Numbers of processes, threads, and open files. threads;...
  • Page 318 Parameters dumbtty: Specifies dumbtty mode. In this mode, the command displays all thread statistics in descending order of CPU usage without refreshing statistics. If you do not specify the keyword, the command displays statistics for top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.
  • Page 319 00:00:11 0.67% devd 00:00:00 0.00% [kthreadd] 00:00:01 0.00% [ksoftirqd/0] 00:00:00 0.00% [watchdog/0] 00:00:00 0.00% [events/0] 00:00:00 0.00% [khelper] 00:00:00 0.00% [kip6fs/1] <Sysname> # Display thread statistics in interactive mode. <Sysname> monitor thread 84 processes; 107 threads Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie CPU states: 94.43% idle, 0.76% user, 3.64% kernel, 1.15% interrupt Memory: 755M total, 417M available, page size 4K LAST_CPU...

  • Page 320: Process Core

    Memory: 755M total, 417M available, page size 4K LAST_CPU State HH:MM:SS Name 1176 1176 00:00:02 3.71% 00:00:06 0.92% scmd 00:00:13 0.69% devd 00:00:10 0.69% diagd 00:00:01 0.23% [TMTH] • Enter k and then enter a JID to kill a thread. If you enter 881, the thread with the JID of 881 is killed.
  • Page 321 Syntax In standalone mode: process core { maxcore value | off } { job job-id | name process-name } [ slot slot-number [ cpu cpu-number ] ] In IRF mode: process core { maxcore value | off } { job job-id | name process-name } [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view...

  • Page 322: Reset Exception Context

    exception filepath reset exception context Use reset exception context to clear context information for process exceptions. Syntax In standalone mode: reset exception context [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset exception context [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles...

  • Page 323: Reset Kernel Exception

    Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread deadloop information for the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears kernel thread deadloop information for the global active MPU.

  • Page 324: Reset Kernel Starvation

    reset kernel reboot [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset kernel reboot [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread reboot information for the active MPU.
  • Page 325 Related commands display kernel starvation...

  • Page 326: Sampler Commands

    Sampler commands display sampler Use display sampler to display configuration information for a sampler. Syntax In standalone mode: display sampler [ sampler-name ] [ slot slot-number ] In IRF mode: display sampler [ sampler-name ] [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles...

  • Page 327: Sampler

    sampler Use sampler to create a sampler. Use undo sampler to delete a sampler. Syntax sampler sampler-name mode fixed packet-interval n-power rate undo sampler sampler-name Default No samplers exist. Views System view Predefined user roles network-admin mdc-admin Parameters sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. fixed: Specifies the fixed sampling mode.

  • Page 328: Port Mirroring Commands

    Port mirroring commands display mirroring-group Use display mirroring-group to display mirroring group information. Syntax display mirroring-group { group-id | all | local | remote-destination | remote-source } Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters group-id: Specifies a mirroring group by its number. The value range for this argument is 1 to 16. all: Specifies all mirroring groups.

  • Page 329: Mirroring-Group

    Field Description Type of the mirroring group: • Local. Type • Remote source. • Remote destination. Status of the mirroring group: • Active—The mirroring group has taken effect. Status • Incomplete—The mirroring group configuration is not complete and does not take effect. Mirroring port Source port.
  • Page 330 Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group. Syntax In standalone mode: mirroring-group group-id mirroring-cpu slot slot-number-list { both | inbound | outbound } undo mirroring-group group-id mirroring-cpu slot slot-number-list In IRF mode: mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list { both | inbound | outbound } undo mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list Default...

  • Page 331: Mirroring-Group Mirroring-Port (Interface View)

    mirroring-group mirroring-port (interface view) Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group. Use undo mirroring-group mirroring-port to restore the default. Syntax mirroring-group group-id mirroring-port { both | inbound | outbound } undo mirroring-group group-id mirroring-port Default A port does not act as a source port for any mirroring groups.

  • Page 332: Mirroring-Group Mirroring-Port (System View)

    mirroring-group mirroring-port (system view) Use mirroring-group mirroring-port to configure source ports for a mirroring group. Use undo mirroring-group mirroring-port to remove source ports from a mirroring group. Syntax mirroring-group group-id mirroring-port interface-list { both | inbound | outbound } undo mirroring-group group-id mirroring-port interface-list Default No source port is configured for a mirroring group.

  • Page 333: Mirroring-Group Monitor-Egress

    mirroring-group monitor-egress Use mirroring-group monitor-egress to configure the egress port for a remote source group. Use undo mirroring-group monitor-egress to restore the default. Syntax In system view: mirroring-group group-id monitor-egress interface-type interface-number undo mirroring-group group-id monitor-egress interface-type interface-number In interface view: mirroring-group group-id monitor-egress undo mirroring-group group-id monitor-egress Default...

  • Page 334: Mirroring-Group Monitor-Port (Interface View)

    # Create remote source group 2. Configure Ten-GigabitEthernet 1/0/2 as its egress port in interface view. <Sysname> system-view [Sysname] mirroring-group 2 remote-source [Sysname] interface ten-gigabitethernet 1/0/2 [Sysname-Ten-GigabitEthernet1/0/2] mirroring-group 2 monitor-egress Related commands mirroring-group mirroring-group monitor-port (interface view) Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group. Use undo mirroring-group monitor-port to restore the default.

  • Page 335: Mirroring-Group Monitor-Port (System View)

    # Create remote destination group 2 and configure Ten-GigabitEthernet 1/0/2 as its monitor port. <Sysname> system-view [Sysname] mirroring-group 2 remote-destination [Sysname] interface ten-gigabitethernet 1/0/2 [Sysname-Ten-GigabitEthernet1/0/2] mirroring-group 2 monitor-port Related commands mirroring-group mirroring-group monitor-port (system view) Use mirroring-group monitor-port to configure the monitor ports for a mirroring group. Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

  • Page 336: Mirroring-Group Reflector-Port

    <Sysname> system-view [Sysname] mirroring-group 2 remote-destination [Sysname] mirroring-group 2 monitor-port ten-gigabitethernet 1/0/2 # Create local mirroring group 3 and configure ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/5 as its monitor ports. <Sysname> system-view [Sysname] mirroring-group 3 local [Sysname] mirroring-group 3 monitor-port ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3 ten-gigabitethernet 1/0/5 Related commands mirroring-group...

  • Page 337: Mirroring-Group Remote-Probe Vlan

    If an IRF port is bound to only one physical interface, do not configure the physical interface as a reflector port. Otherwise, the IRF might split. You can configure a port as a reflector port only when the port is operating with the default setting of the following parameters: •...
  • Page 338 vlan-id: Specifies a VLAN by its ID. Usage guidelines You can configure remote probe VLANs only for remote source groups and remote destination groups. When a VLAN is configured as a remote probe VLAN, use the VLAN for port mirroring exclusively. The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.

  • Page 339: Flow Mirroring Commands

    Flow mirroring commands mirror-to cpu Use mirror-to cpu to configure a mirroring action that mirrors traffic to the CPU. Use undo mirror-to cpu to delete the mirroring action that mirrors traffic to the CPU. Syntax mirror-to cpu undo mirror-to cpu Default No mirroring action exists to mirror traffic to the CPU.
  • Page 340 Usage guidelines You can execute this command multiple times for a traffic behavior to mirror traffic to different interfaces. The encapsulation parameters for the mirrored packets are available only when the mirrored packets are sent out of Ethernet interfaces. Examples # Create traffic behavior 1 and configure the action of mirroring traffic to Ten-GigabitEthernet 1/0/1 for the traffic behavior.

  • Page 341: Netstream Commands

    NetStream commands display ip netstream cache Use display ip netstream cache to display NetStream entry information. Syntax In standalone mode: display ip netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | interface interface-type interface-number | source source-ip ] * [ slot slot-number ] In IRF mode:...
  • Page 342 interface interface-type interface-number: Specifies an interface by its type and number. source source-ip: Specifies a source IP address in dotted-decimal notation. If you specify this option, this command does not display Layer 2 NetStream entries. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about NetStream entries for all cards.
  • Page 343 TCP-FTP 5900082 TCP-FTPD 3200453 1006 TCP-WWW 546778274 11170 TCP-other 49148540 3752 UDP-DNS 117240379 UDP-other 45502422 2272 ICMP 14837957 IP-other 77406 Type DstIP(Port) SrcIP(Port) Pro ToS VNI If(Direct) Pkts DstMAC(VLAN) SrcMAC(VLAN) TopLblType(IP/Mask) Lbl-Exp-S-List -------------------------------------------------------------------------- 11.1.1.1(1024) 11.1.1.2(21) 128 N/A GE1/0/1 (I) 42996 TCPFlag: DstMask: SrcMask:...
  • Page 344 Field Description L2 active flow entries Number of active Layer 2 flows in the cache. IPL2 active flow entries Number of active Layer 2 and Layer 3 flows in the cache. IP flow entries counted Number of IP flows that have been counted. This field is not supported in the current software version.
  • Page 345 Field Description Statistics of the active flows in the current cache: • Flow type. Flows are classified into the following types: Layer 3 flows.  Layer 2 flows.  Layer 2 and Layer 3 flows.  MPLS flows without IP options. This field is not ...

  • Page 346: Display Ip Netstream Export

    Field Description Other information about the active flows in the cache: • TCP tag. • Destination mask. • Source mask. • Routing next hop. • Destination AS. TCPFlag: • Source AS. DstMask: SrcMask: NextHop: • BGP next hop. DstAS: SrcAS: •...
  • Page 347 Version 9 exported flow number Version 9 exported UDP datagram number (failed) : 0 (0) Version 10 exported flow number Version 10 exported UDP datagram number (failed) : 0 (0) L2 export information: Flow source interface : GigabitEthernet1/0/1 Flow destination VPN instance : Not specified Flow destination IP address (UDP) : 192.168.0.5 (5000)

  • Page 348: Display Ip Netstream Template

    Field Description Number of UDP packets that are sent in version 8 format. The Version 8 exported UDP datagram field in the parentheses indicates the number of UDP packets that number (failed) failed to be sent. Version 10 exported flow number Number of flows that are exported in version 10 format.
  • Page 349 Field count : 14 Field type Field length (bytes) --------------------------------------------------------------------------- Flows Out packets Out bytes First forwarded Last forwarded Protocol Direction L4 source port L4 destination port Sampling algorithm Sampling interval Protocol-port inbound template: Template ID : 3257 Field count : 14 Field type Field length (bytes)

  • Page 350: Enable

    Field Description Created flow templates Number of templates that have been created. Information of the protocol-port template in the outbound Protocol-port outbound template direction. Protocol-port inbound template Information of the protocol-port template in the inbound direction. Packets Number of packets sent by using the template. Last template export time Time when the template was last exported.

  • Page 351: Ip Netstream

    [Sysname] ip netstream aggregation destination-prefix [Sysname-ns-aggregation-dstpre] enable Related commands ip netstream aggregation ip netstream Use ip netstream to enable NetStream on an interface. Use undo ip netstream to disable NetStream on an interface. Syntax ip netstream { inbound | outbound } undo ip netstream { inbound | outbound } Default NetStream is disabled on an interface.
  • Page 352 Predefined user roles network-admin mdc-admin Parameters destination-prefix: Specifies the destination-prefix aggregation by destination AS number, destination address mask length, destination prefix, and outbound interface index. prefix: Specifies the source and destination prefix aggregation by the following criteria: • Source AS number. •...

  • Page 353: Ip Netstream Aggregation Advanced

    tos-protocol-port: Specifies the ToS-protocol-port aggregation by ToS, protocol number, source port, destination port, inbound interface index, and outbound interface index. tos-source-prefix: Specifies the ToS-source-prefix aggregation by ToS, source AS number, source prefix, source address mask length, and inbound interface index. Usage guidelines In NetStream aggregation mode view, you can perform the following tasks: •...

  • Page 354: Ip Netstream Export Host

    <Sysname> system-view [Sysname] ip netstream aggregation advanced Related commands ip netstream aggregation ip netstream export host ip netstream export host Use ip netstream export host to specify a destination host for NetStream data export. Use undo ip netstream export host to remove the specified destination host or all destination hosts that are configured in the current view.

  • Page 355: Ip Netstream Export Rate

    Examples # In system view, specify 172.16.105.48 as the IP address of the destination host and UDP port 5000 as the export destination port number. <Sysname> system-view [Sysname] ip netstream export host 172.16.105.48 5000 Related commands ip netstream aggregation ip netstream export source ip netstream export rate Use ip netstream export rate to limit the NetStream data export rate.

  • Page 356: Ip Netstream Export Template Refresh-Rate

    Default The packets take the IP address of the output interface as the source IP address. Views System view NetStream aggregation mode view Predefined user roles network-admin mdc-admin Parameters interface-type interface-number: Specifies a source interface by its type and number. Usage guidelines The IP address of the specified source interface is used as the source IP address for packets sent to NetStream servers.

  • Page 357: Ip Netstream Export Version

    Predefined user roles network-admin mdc-admin Parameters packets: Specifies the number of packets that are sent before the template is sent. The value range is 1 to 600. time minutes: Specifies the interval at which the template is sent, in the range of 1 to 3600 minutes. Usage guidelines Version 9 and version 10 are template-based and support user-defined formats.

  • Page 358: Ip Netstream Filter

    peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively. bgp-nexthop: Records BGP next hops. Usage guidelines A NetStream entry records the source IP address and destination IP address, and two AS numbers for each IP address.

  • Page 359: Ip Netstream Sampler

    Usage guidelines NetStream filtering uses an ACL to identify intended packets. • If you want to collect data for specific flows, use the ACL permit statements to identify the flows. NetStream collects data only for these flows. • If you do not want to collect data for specific flows, use the ACL deny statements to identify the flows.

  • Page 360: Ip Netstream Timeout Inactive

    Syntax ip netstream timeout active minutes undo ip netstream timeout active Default The aging timer is 5 minutes for active flows. Views System view Predefined user roles network-admin mdc-admin Parameters minutes: Sets the aging timer for active flows, in the range of 1 to 5 minutes. Usage guidelines A flow is considered active if packets for the NetStream entry arrive before the timer set by this command expires.

  • Page 361: Reset Ip Netstream Statistics

    Usage guidelines A flow is considered inactive if no packet for the NetStream entry arrives before the timer set by this command expires. Examples # Set the aging timer to 60 seconds for inactive flows. <Sysname> system-view [Sysname] ip netstream timeout inactive 60 Related commands ip netstream timeout active reset ip netstream statistics...

  • Page 362: Ipv6 Netstream Commands

    IPv6 NetStream commands display ipv6 netstream cache Use display ipv6 netstream cache to display IPv6 NetStream entry information. Syntax In standalone mode: display ipv6 netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ipv6 | interface interface-type interface-number | source source-ipv6 ] * [ slot slot-number ] In IRF mode:...
  • Page 363 source source-ipv6: Specifies a source IPv6 address. If you specify this option, this command does not display Layer 2 flow NetStream entries. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about IPv6 NetStream entries for all cards.
  • Page 364 DstMAC(VLAN) SrcMAC(VLAN) TopLblType(IP/MASK) Lbl-Exp-S-List -------------------------------------------------------------------------- 2001::1(1024) 2002::1(21) 0x6000 GE1/0/1(I) 42996 IP& 2003::1(2048) 2008::1(0) GE1/0/1(O) IP& 2010::1(1024) 2020::1(67) 0x12345 GE1/0/3(I) 1848 Table 81 Command output Field Description Active flow timeout Aging timer for active flows, in minutes. Inactive flow timeout Aging timer for inactive flows, in seconds. Max number of entries Maximum number of IPv6 flows allowed in the cache.
  • Page 365 Field Description Statistics of the active flows in the current cache: • Flow type. Flows are classified into the following types: IP flows.  Layer 2 flows with IPv6 protocol information (IPL2).  MPLS flows without IP options (MPLS). This field is not ...

  • Page 366: Display Ipv6 Netstream Export

    Field Description Other information about the active flows in the cache: • TCP flag. • Destination mask. • Source mask. TcpFlag: • Destination AS. DstMask: SrcMask: • Source AS. DstAS: SrcAS: • Routing next hop. NextHop: • BGP next hop. •...

  • Page 367: Display Ipv6 Netstream Template

    IPv6 export information: Flow source interface : GigabitEthernet1/0/1 Flow destination VPN instance : Not specified Flow destination IP address (UDP) : 40::1 (30000) Version 9 exported flow number : 16 Version 9 exported UDP datagram number (failed) : 16 (0) Version 10 exported flow number Version 10 exported UDP datagram number (failed) : 0 (0)
  • Page 368 mdc-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays IPv6 NetStream template information for the active MPU. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
  • Page 369 In bytes First forwarded Last forwarded Protocol IP protocol version Direction L4 source port L4 destination port Sampling algorithm Sampling interval Table 83 Command output Field Description Refresh frequency at which the templates are sent, in Flow template refresh frequency packets.

  • Page 370: Enable

    Field Description Sampling rate. Sampling interval This field is not supported in the current software version. enable Use enable to enable an IPv6 NetStream aggregation mode. Use undo enable to disable an IPv6 NetStream aggregation mode. Syntax enable undo enable Default No IPv6 NetStream aggregation mode is enabled.

  • Page 371: Ipv6 Netstream Aggregation

    Parameters inbound: Enables IPv6 NetStream for incoming traffic. outbound: Enables IPv6 NetStream for outgoing traffic. Examples # Enable NetStream for incoming traffic on GigabitEthernet1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ipv6 netstream inbound ipv6 netstream aggregation Use ipv6 netstream aggregation to specify an IPv6 NetStream aggregation mode and enter its view.

  • Page 372: Ipv6 Netstream Aggregation Advanced

    Usage guidelines In IPv6 NetStream aggregation mode view, you can perform the following tasks: • Enable or disable the specified IPv6 NetStream aggregation mode. • Configure source interface, destination IPv6 address, and destination port for the IPv6 NetStream data export. A flow matching multiple aggregation modes is counted as multiple aggregate flows.

  • Page 373: Ipv6 Netstream Export Host

    ipv6 netstream aggregation ipv6 netstream export host Use ipv6 netstream export host to specify a destination host for IPv6 NetStream data export. Use undo ipv6 netstream export host to remove the specified destination host or all destination hosts that are configured in the current view. Syntax ipv6 netstream export host { ipv4-address | ipv6-address } udp-port [ vpn-instance vpn-instance-name ]...

  • Page 374: Ipv6 Netstream Export Rate

    Examples # In system view, specify 40::1 as the IP address of the destination host and UDP port 5000 as the export destination port number. <Sysname> system-view [Sysname] ipv6 netstream export host 40::1 5000 Related commands ipv6 netstream aggregation ipv6 netstream export source ipv6 netstream export rate Use ipv6 netstream export rate to limit the IPv6 NetStream data export rate.

  • Page 375: Ipv6 Netstream Export Template Refresh-Rate

    undo ipv6 netstream export source Default The packets take the IPv6 address of the output interface as the source IPv6 address. Views System view IPv6 NetStream aggregation mode view Predefined user roles network-admin mdc-admin Parameters interface-type interface-number: Specifies a source interface by its type and number for the IPv6 NetStream data export.

  • Page 376: Ipv6 Netstream Export Version

    Views System view Predefined user roles network-admin mdc-admin Parameters packet packets: Specifies the number of packets that are sent before the template is sent. The value range is 1 to 600. time minutes: Specifies the interval at which the template is sent, in the range of 1 to 3600 minutes. Usage guidelines Version 9 and version 10 are template-based and support user-defined formats.

  • Page 377: Ipv6 Netstream Timeout Active

    peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively. bgp-nexthop: Records BGP next hops. Usage guidelines Only one version format can take effect on the device. If you execute the ipv6 netstream export version command multiple times, the most recent configuration takes effect.

  • Page 378: Ipv6 Netstream Timeout Inactive

    ipv6 netstream timeout inactive Use ipv6 netstream timeout inactive to set the aging timer for inactive flows. Use undo ipv6 netstream timeout inactive to restore the default. Syntax ipv6 netstream timeout inactive seconds undo ipv6 netstream timeout inactive Default The aging timer is 300 seconds for inactive flows. Views System view Predefined user roles...
  • Page 379 Examples # Age out and export all IPv6 NetStream data. <Sysname> reset ipv6 netstream statistics This process may take a few minutes. NetStream statistic function is disabled during this process.

  • Page 380: Sflow Commands

    sFlow commands display sflow Use display sflow to display sFlow configuration and operation information. Syntax display sflow Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display sFlow configuration and operation information. <Sysname> display sflow sFlow datagram version: 5 Global information: Agent IP: 10.10.10.1(CLI) Source address: 10.0.0.1 2001::1...

  • Page 381: Sflow Agent

    Field Description Port sFlow collector port. Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow Aging collector never ages out. Size Maximum length of the sFlow data portion in an sFlow packet. VPN-instance Name of the VPN instance to which the sFlow collector belongs. Description Description of the sFlow collector.

  • Page 382: Sflow Collector

    Parameters ip ipv4-address: Specifies an IPv4 address for the sFlow agent. ipv6 ipv6-address: Specifies an IPv6 address for the sFlow agent. Usage guidelines As a best practice, manually configure an IP address for the sFlow agent. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify IP address 10.10.10.1 for the sFlow agent.

  • Page 383: Sflow Counter Collector

    Examples # Configure the following parameters for sFlow collector 2: • IP address—3.3.3.1. • Port number—Default. • Description—netserver. • Aging timer—1200 seconds. • Maximum length of the sFlow data portion in the sFlow packet—1000 bytes. <Sysname> system-view [Sysname] sflow collector 2 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000 sflow counter collector Use sflow counter collector to specify an sFlow collector for counter sampling.

  • Page 384: Sflow Flow Collector

    Default Counter sampling is disabled. Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Parameters interval: Specifies the counter sampling interval in the range of 2 to 86400 seconds. Examples # Enable counter sampling and set the counter sampling interval to 120 seconds on Ten-GigabitEthernet 1/0/1.

  • Page 385: Sflow Flow Max-Header

    sflow flow max-header Use sflow flow max-header to set the maximum number of bytes (starting from the packet header) that flow sampling can copy per packet. Use undo sflow flow max-header to restore the default. Syntax sflow flow max-header length undo sflow flow max-header Default Flow sampling can copy up to 128 bytes of a packet.

  • Page 386: Sflow Sampling-Rate

    Parameters determine: Specifies the fixed sampling mode. For example, if the flow sampling interval is set to 4000 (by using the sflow sampling-rate command), the device samples packets as follows: • The device randomly samples a packet, like the tenth packet, from the first 4000 packets. •...

  • Page 387: Sflow Source

    Examples # Enable flow sampling to sample a packet out of 32768 packets on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] sflow sampling-rate 32768 Related commands sflow sampling-mode sflow source Use sflow source to specify the source IP address of sent sFlow packets. Use undo sflow source to restore the default.

  • Page 388: Information Center Commands

    Information center commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. diagnostic-logfile save Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

  • Page 389: Display Info-Center

    network-operator mdc-admin mdc-operator Examples # Display the diagnostic log file configuration. <Sysname> display diagnostic-logfile summary Diagnostic log file: Enabled. Diagnostic log file size quota: 10 MB Diagnostic log file directory: flash:/diagfile Writing frequency: 24 hour 0 min 0 sec Table 85 Command output Field Description Status of the diagnostic log file:...

  • Page 390: Display Logbuffer

    Log buffer: Enabled Max buffer size 1024, current buffer size 512, Current messages 0, dropped messages 0, overwritten messages 0 Log file: Enabled Security log file: Enabled Information timestamp format: Log host: Date Other output destination: Date display logbuffer Use display logbuffer to display the state of the log buffer and the log information in the log buffer. Syntax In standalone mode: display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *...
  • Page 391 Severity Keyword in Level Description value commands Normal but significant condition. For example, a terminal notification Notification logs in to the device, or the device reboots. Informational message. For example, a command or a informational Informational ping operation is executed. debugging Debugging Debugging message.

  • Page 392: Display Logbuffer Summary

    display logbuffer summary Use display logbuffer summary to display the summary of the log buffer. Syntax In standalone mode: display logbuffer summary [ level severity | slot slot-number ] * In IRF mode: display logbuffer summary [ level severity | chassis chassis-number slot slot-number ] * Views Any view Predefined user roles...

  • Page 393: Display Logfile Summary

    display logfile summary Use display logfile summary to display the log file configuration. Syntax display logfile summary Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display the log file configuration. <Sysname> display logfile summary Log file: Enabled. Log file size quota: 10 MB Log file directory: flash:/logfile Writing frequency: 24 hour 0 min 10 sec...

  • Page 394: Enable Log Updown

    Examples # Display the summary of the security log file. <Sysname> display security-logfile summary Security log file: Enabled Security log file size quota: 10 MB Security log file directory: flash:/seclog Alarm threshold: 80% Current usage: 30% Writing frequency: 24 hour 0 min 0 sec Table 90 Command output Field Description...

  • Page 395: Info-Center Diagnostic-Logfile Directory

    [Sysname-Ten-GigabitEthernet1/0/1] undo enable log updown info-center diagnostic-logfile directory Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file. Syntax info-center diagnostic-logfile directory dir-name Default The diagnostic log file directory is flash:/diagfile. Views System view Predefined user roles network-admin mdc-admin Parameters...

  • Page 396: Info-Center Diagnostic-Logfile Frequency

    Predefined user roles network-admin mdc-admin Usage guidelines This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems. Examples # Enable saving diagnostic logs to the diagnostic log file. <Sysname>...

  • Page 397: Info-Center Enable

    Syntax info-center diagnostic-logfile quota size undo info-center diagnostic-logfile quota Default The maximum size for the diagnostic log file is 10 MB. Views System view Predefined user roles network-admin mdc-admin Parameters size: Specifies the maximum size for the diagnostic log file, in MB. The value range is 1 to 10. Examples # Set the maximum size to 6 MB for the diagnostic log file.

  • Page 398: Info-Center Logbuffer

    Syntax info-center format { cmcc | unicom } undo info-center format Default Logs are sent to log hosts in standard format. Views System view Predefined user roles network-admin mdc-admin Parameters cmcc: Specifies the China Mobile Communications Corporation (cmcc) format. unicom: Specifies the China Unicom (unicom) format. Usage guidelines Logs can be sent to log hosts in standard, unicom, or cmcc format.

  • Page 399: Info-Center Logbuffer Size

    Related commands display logbuffer info-center enable info-center logbuffer size Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer. Use undo info-center logbuffer size to restore the default. Syntax info-center logbuffer size buffersize undo info-center logbuffer size Default The log buffer can store a maximum of 512 logs.

  • Page 400: Info-Center Logfile Enable

    Predefined user roles network-admin mdc-admin Parameters dir-name: Specifies a directory by its name, a string of 1 to 64 characters. Usage guidelines The specified log file directory must have been created. The log file uses the .log extension. (In standalone mode.) This command cannot survive a reboot or an active/standby switchover. (In IRF mode.) This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric.

  • Page 401: Info-Center Logfile Frequency

    info-center logfile frequency Use info-center logfile frequency to configure the interval at which the system saves logs from the log file buffer to the log file. Use undo info-center logfile frequency to restore the default. Syntax info-center logfile frequency freq-sec undo info-center logfile frequency Default The log file saving interval is 86400 seconds.

  • Page 402: Info-Center Logfile Size-Quota

    Parameters all-port-powerdown: Shuts down all the service ports on the device when no log file space or storage device space is available. If you do not specify this keyword, the device does not shut down service ports when no log file space or storage device space is available. Usage guidelines This command is available only in FIPS mode.

  • Page 403: Info-Center Logging Suppress Module

    undo info-center logging suppress duplicates Default Duplicate log suppression is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines Outputting consecutive duplicate logs wastes system and network resources and increases device maintenance costs. You can enable this feature to suppress output of consecutive duplicate logs. Examples # Enable duplicate log suppression on device A.

  • Page 404: Info-Center Loghost

    Usage guidelines You can configure log suppression rules to filter out the logs that you are not concerned with. A log suppression rule suppresses output of all logs or only logs with a specific mnemonic value for a module. Examples # Configure a log suppression rule to suppress output of logs with the shell_login mnemonic value for the shell module.

  • Page 405: Info-Center Loghost Source

    Usage guidelines The info-center loghost command takes effect only after the information center is enabled by using info-center enable command. The device supports a maximum of 20 log hosts. Examples # Output logs to the log host at 1.1.1.1. <Sysname> system-view [Sysname] info-center loghost 1.1.1.1 info-center loghost source Use info-center loghost source to specify a source IP address for logs sent to log hosts.

  • Page 406: Info-Center Security-Logfile Directory

    Syntax info-center security-logfile alarm-threshold usage undo info-center security-logfile alarm-threshold Default The alarm threshold for security log file usage is 80. When the usage of the security log file reaches 80%, the system outputs a message to inform the administrator. Views System view Predefined user roles network-admin...

  • Page 407: Info-Center Security-Logfile Enable

    (In standalone mode.) This command cannot survive a reboot or an active/standby switchover. (In IRF mode.) This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. Examples # Set the security log file directory to flash:/test. <Sysname>...

  • Page 408: Info-Center Security-Logfile Size-Quota

    Views System view Predefined user roles network-admin mdc-admin Parameters freq-sec: Specifies the security log file saving interval in seconds. The value range is 10 to 86400 seconds. Usage guidelines The system outputs security logs to the security log file buffer, and then saves the buffered logs to the security log file at the specified interval.

  • Page 409: Info-Center Source

    info-center source Use info-center source to configure a log output rule for a module. Use undo info-center source to restore the default. Syntax info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity } undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }...

  • Page 410: Info-Center Synchronous

    Parameters module-name: Specifies a module by its name. You can use the info-center source ? command to view the modules supported by the device. default: Specifies all supported modules. console: Outputs logs to the console. logbuffer: Outputs logs to the log buffer. logfile: Outputs logs to the log file.

  • Page 411: Info-Center Syslog Min-Age

    Predefined user roles network-admin mdc-admin Usage guidelines System log output interrupts ongoing configuration operations, including obscuring previously entered commands. Synchronous information output shows the obscured commands. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.

  • Page 412: Info-Center Syslog Trap Buffersize

    Views System view Predefined user roles network-admin mdc-admin Parameters min-age: Sets the minimum storage period in hours. The value range is 1 to 8760. Examples # Set the minimum storage period to 168 hours for log files and logs in the log buffer. <Sysname>...

  • Page 413: Info-Center Timestamp

    info-center timestamp Use info-center timestamp to set the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file. Use undo info-center timestamp to restore the default. Syntax info-center timestamp { boot | date | none } undo info-center timestamp Default The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.

  • Page 414: Info-Center Trace-Logfile Quota

    Default The timestamp format for logs sent to log hosts is date. Views System view Predefined user roles network-admin mdc-admin Parameters date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time. iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.

  • Page 415: Logfile Save

    <Sysname> system-view [Sysname] info-center trace-logfile quota 6 logfile save Use logfile save to manually save logs in the log file buffer to the log file. Syntax logfile save Views Any view Predefined user roles network-admin mdc-admin Usage guidelines You can specify the directory to save the log file by using the info-center logfile directory command.

  • Page 416: Security-Logfile Save

    Related commands display logbuffer security-logfile save Use security-logfile save to manually save security logs from the security log file buffer to the security log file. Syntax security-logfile save Views Any view Predefined user roles security-audit Usage guidelines The system clears the security log file buffer after saving the buffered security logs to the security log file automatically or manually.

  • Page 417: Terminal Debugging

    mdc-admin Usage guidelines This command enables the device to send an SNMP notification for each log message it outputs. The device encapsulates logs in SNMP notifications and then sends them to the SNMP module and the log trap buffer. For the SNMP module to send the received SNMP notifications correctly, you must also configure SNMP on the device.

  • Page 418: Terminal Logging Level

    You can also enable display of debug information on the current terminal by executing the terminal logging level 7 command. This command has the following differences from the terminal debugging command: • The terminal logging level 7 command enables log display for all levels (levels 0 through 7) on the current terminal.

  • Page 419: Terminal Monitor

    <Sysname> terminal logging level 7 terminal monitor Use terminal monitor to enable monitoring of logs on the current terminal. Use undo terminal monitor to disable monitoring of logs on the current terminal. Syntax terminal monitor undo terminal monitor Default Monitoring of logs is enabled on the console and disabled on the monitor terminal. Views User view Predefined user roles...

  • Page 420: Gold Commands

    GOLD commands diagnostic event-log size Use diagnostic event-log size to configure the maximum number of GOLD log entries. Use undo diagnostic event-log size to restore the default. Syntax diagnostic event-log size number undo diagnostic event-log size Default GOLD can save up to 512 log entries. Views System view Predefined user roles...

  • Page 421: Diagnostic Monitor Interval

    Default The monitoring diagnostics tests vary in enabling status. To view the enabling status of monitoring diagnositc tests, execute the display diagnostic content command. Views System view Predefined user roles network-admin Parameters chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.) slot slot-number-list: Specifies a space-separated list of up to seven slot number items.

  • Page 422: Diagnostic Simulation

    Default The execution interval varies by monitoring diagnostic test. Use the display diagnostic content command to view the execution interval for a test. Views System view Predefined user roles network-admin Parameters chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.) slot slot-number-list: Specifies a space-separated list of up to seven slot number items.

  • Page 423: Display Diagnostic Content

    undo diagnostic simulation chassis chassis-number slot slot-number-list test test-name Default All diagnostic tests are executed instead of simulated. Views User view Predefined user roles network-admin Parameters chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.) slot slot-number-list: Specifies a space-separated list of up to seven slot number items.
  • Page 424 Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command applies to all cards. (In standalone mode.) chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command applies to all member devices.
  • Page 425 Test name : BoardStatusMonitor Test attributes : **M*PA Test interval : 01:00:00 Min interval : 00:00:06 Correct-action : -NA- Description : A Real-time test, enabled by default that checks board status between local master and other local boards. Exec : -NA- Test name : TaskMonitor Test attributes...

  • Page 426: Display Diagnostic Event-Log

    Field Description Execution interval for the test. If the execution interval for the test is not set, –NA–is Test interval displayed. Minimum execution interval for the test. If the test does not have a minimum execution Min interval interval, –NA–is displayed. Correct-action Correcting action triggered by failure of the test.
  • Page 427 In IRF mode: display diagnostic result [ chassis chassis-number [ slot slot-number [ test test-name ] ] ] [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command applies to all cards.
  • Page 428 Test name : BoardStatusMonitor Total run count : 386 Total failure count Consecutive failure count: 0 Last execution time : Fri Nov 21 23:00:01 2014 First failure time : -NA- Last failure time : -NA- Last pass time : Fri Nov 21 23:00:01 2014 Last execution result : Success Last failure reason...

  • Page 429: Display Diagnostic Result Statistics

    Last execution result : Success Last failure reason : -NA- Next execution time : Fri Nov 21 23:13:55 2014 test result: pass Table 93 Command output Field Description Test name Name of the test. Total run count Total number of executions. Total failure count Total number of failed tests.

  • Page 430: Display Diagnostic Simulation

    test test-name: Specifies a test by its name, a case-sensitive character string. You can use the test ? command to verify the value range of the test name. If you do not specify this option, the command applies to all packet-related diagnostic tests. Examples # (In standalone mode.) Display statistics for test PortMonitor on the specified slot.

  • Page 431: Reset Diagnostic Event-Log

    chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command applies to all member devices. (In IRF mode.) slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command applies to all cards.
  • Page 432 Parameters slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command applies to all cards. (In standalone mode.) chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command applies to all member devices.

  • Page 433: Packet Capture Commands

    Packet capture commands display packet-capture status Use display packet-capture status to display packet capture status information. Syntax display packet-capture status Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display packet capture status information. <Sysname> display packet-capture status Status : Capturing File Name...
  • Page 434 packet-capture interface interface-type interface-number [ capture-filter capt-expression | limit-captured-frames limit | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds | autostop files numbers | capture-ring-buffer filesize kilobytes | capture-ring-buffer duration seconds | capture-ring-buffer files numbers ] * write filepath [ raw | { brief | verbose } ] * Display captured packets: packet-capture interface interface-type interface-number [ capture-filter capt-expression |...
  • Page 435 information about setting a file path, see file system management in Fundamentals Configuration Guide. raw: Displays packet contents in hexadecimal notation. If you do not specify this keyword, the capture displays packet data in a string format. verbose: Displays detailed information about captured packets. brief: Displays brief information about captured packets.

  • Page 436: Packet-Capture Local Interface

    Related commands packet-capture read packet-capture local interface Use packet-capture local interface to capture incoming packets on an interface and save the captured packets to a local file or to a remote file on an FTP server. Syntax packet-capture local interface interface-type interface-number [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write { filepath | url url [ username username [ password { cipher | simple } string ] ] } Views...

  • Page 437: Packet-Capture Read

    Usage guidelines To stop the capture while it is capturing packets, use the packet-capture stop command. If you configure both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits for the stop options is reached. Follow these restrictions and guidelines to specify the URL, username, and password: •...

  • Page 438: Packet-Capture Remote Interface

    more information about setting a file path, see file system management in Fundamentals Configuration Guide. display-filter disp-expression: Specifies an expression to match packets to be displayed, a case-sensitive string of 1 to 256 characters. If you do not specify a display filter expression, this command displays all file contents.

  • Page 439: Packet-Capture Stop

    Related commands display packet-capture status packet-capture stop packet-capture stop Use packet-capture stop to stop the local or remote packet capture. Syntax packet-capture stop Views User view Predefined user roles network-admin mdc-admin Examples # Stop the packet capture. <Sysname> packet-capture stop Related commands packet-capture local interface packet-capture remote interface...

  • Page 440: Vcf Fabric Commands

    VCF fabric commands display vcf-fabric role Use display vcf-fabric role to display the role of the device in the VCF fabric. Syntax display vcf-fabric role Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Usage guidelines Use this command to display the default role and the current role of the device in the VCF fabric. To change the current role of the device, use the vcf-fabric role command.
  • Page 441 Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Usage guidelines This command displays VCF fabric topology information only when it is executed on the master spine node. Before you display VCF fabric topology information, make sure VCF fabric topology discovery and automated underlay network deployment are enabled.

  • Page 442: Display Vcf-Fabric Underlay Autoconfigure

    display vcf-fabric underlay autoconfigure Use display vcf-fabric underlay autoconfigure to display information about automated underlay network deployment. Syntax display vcf-fabric underlay autoconfigure Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Usage guidelines Before you execute this command, make sure automated underlay network deployment is enabled. Examples # Display information about automated underlay network deployment.
  • Page 443 system ntp-service enable ntp-service unicast-peer 172.16.1.136 system netconf soap https enable restful https enable system info-center loghost 172.16.1.136 system local-user aaa password ****** service-type https authorization-attribute user-role network-admin system line vty 0 63 authentication-mode scheme user-role network-admin system bgp 100 graceful-restart address-family l2vpn evpn system...

  • Page 444: Vcf-Fabric Role

    snmp-agent sys-info version all Uplink interface: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Downlink interface: Ten-GigabitEthernet1/0/3 Ten-GigabitEthernet1/0/4 Loopback0 IP Allocation: DEV_MAC LOOPBACK_IP MANAGE_IP STATE a43c-adae-0400 200.1.1.6 172.16.1.193 a43c-9aa7-0100 200.1.1.4 172.16.1.152 Aggregation configurations: AggrID: 7 interface: Ten-GigabitEthernet1/0/5 interface: Ten-GigabitEthernet1/0/6 bgp configure peer: 200.1.1.4 Table 99 Command output Field Description Commands that have been successfully executed during automated...

  • Page 445: Vcf-Fabric Spine-Role Master

    Predefined user roles network-admin mdc-admin Parameters access: Specifies the access node. leaf: Specifies the leaf node. spine: Specifies the spine node. Usage guidelines If you change the role of the device, the new role takes effect after the device restarts. Examples # Specify the device as a spine node.

  • Page 446: Vcf-Fabric Topology Enable

    vcf-fabric topology enable Use vcf-fabric topology enable to enable VCF fabric topology discovery. Use undo vcf-fabric topology enable to disable VCF fabric topology discovery. Syntax vcf-fabric topology enable undo vcf-fabric topology enable Default VCF fabric topology discovery is disabled. Views System view Predefined user roles network-admin...

  • Page 447: Vcf-Fabric Underlay Pause

    Examples # Specify template file vxlan_spine.template for automated underlay network deployment. <Sysname> system-view [Sysname] vcf-fabric underlay autoconfigure vxlan_spine.template vcf-fabric underlay pause Use vcf-fabric underlay pause to pause automated underlay network deployment. Use undo vcf-fabric underlay pause to continue automated underlay network deployment. Syntax vcf-fabric underlay pause undo vcf-fabric underlay pause...

  • Page 448: Cwmp Commands

    CWMP commands cwmp Use cwmp to enter CWMP view. Syntax cwmp Views System view Predefined user roles network-admin mdc-admin Examples # Enter CWMP view. <Sysname> system-view [Sysname] cwmp Related commands cwmp enable cwmp acs default password Use cwmp acs default password to configure a password for authentication to the default ACS URL.

  • Page 449: Cwmp Acs Default Url

    Usage guidelines You can configure only one password for authentication to the default ACS URL. If you execute this command multiple times, the most recent configuration takes effect. For a successful connection, make sure the CPE has the same username and password settings as the ACS.

  • Page 450: Cwmp Acs Default Username

    Related commands cwmp acs default password cwmp acs default username cwmp acs default username Use cwmp acs default username to configure the username for authentication to the default ACS URL. Use undo cwmp acs default username to restore the default. Syntax cwmp acs default username username undo cwmp acs default username...

  • Page 451: Cwmp Acs Url

    Default No password is configured for authentication to the preferred ACS URL. Views CWMP view Predefined user roles network-admin mdc-admin Parameters cipher: Specifies a password in encrypted form. simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

  • Page 452: Cwmp Acs Username

    Parameters url: Specifies the preferred ACS URL, a string of 8 to 255 characters. The URL must use the http://host[:port]/path or https://host[:port]/path format. Usage guidelines The device supports only one preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

  • Page 453: Cwmp Cpe Connect Interface

    Related commands cwmp acs password cwmp cpe connect interface Use cwmp cpe connect interface to specify the CWMP connection interface. Use undo cwmp cpe connect interface to restore the default. Syntax cwmp cpe connect interface interface-type interface-number undo cwmp cpe connect interface Default No CWMP connection interface is specified.

  • Page 454: Cwmp Cpe Inform Interval

    undo cwmp cpe connect retry Default The CPE retries a failed connection until the connection is established with the ACS. Views CWMP view Predefined user roles network-admin mdc-admin Parameters retries: Specifies the maximum number of CWMP connection retries. The value range is 0 to 100. To disable the CPE to retry a CWMP connection, set this argument to 0.

  • Page 455: Cwmp Cpe Inform Interval Enable

    Examples # Set the periodic Inform interval to 3600 seconds. <Sysname> system-view [Sysname] cwmp [Sysname-cwmp] cwmp cpe inform interval enable [Sysname-cwmp] cwmp cpe inform interval 3600 Related commands cwmp cpe inform interval enable cwmp cpe inform interval enable Use cwmp cpe inform interval enable to enable the periodic Inform feature. Use undo cwmp cpe inform interval enable to disable the periodic Inform feature.

  • Page 456: Cwmp Cpe Password

    Default No connection initiation has been scheduled. Views CWMP view Predefined user roles network-admin mdc-admin Parameters time: Specifies the time at which the CPE sends an Inform message. The time format is yyyy-mm-ddThh:mm:ss, and the value range is 1970-01-01T00:00:00 to 2035-12-31T23:59:59. The specified time must be greater than the current system time.

  • Page 457: Cwmp Cpe Provision-Code

    If a password is configured, the ACS must provide the correct password when it initiates a connection to the CPE. If the password is incorrect, the CPE denies the connection request from the ACS. You do not need to configure this command if you want to authenticate the ACS only based on its username.

  • Page 458: Cwmp Cpe Stun Enable

    cwmp cpe stun enable Use cwmp cpe stun enable to enable NAT traversal for the connection requests from the ACS to reach the CPE through a NAT gateway. Use undo cwmp cpe stun enable to disable NAT traversal for the connection requests from the ACS to reach the CPE through a NAT gateway.

  • Page 459: Cwmp Cpe Wait Timeout

    Views CWMP view Predefined user roles network-admin mdc-admin Parameters username: Specifies a username, a case-sensitive string of 1 to 255 characters. Usage guidelines You can configure only one username for the ACS to authenticate to the CPE when it initiates a connection.

  • Page 460: Cwmp Enable

    • It specifies the amount of time the connection to the ACS can be idle before it is terminated. The CPE terminates the connection to the ACS if no traffic is transmitted before the timer expires. • It also specifies the amount of time the CPE waits for the response to a session request. The CPE determines that its session attempt has failed when the timer expires.
  • Page 461 Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display the CWMP configuration after CWMP is enabled. <Sysname> display cwmp configuration CWMP state : Enabled ACS URL : http://www.acs.com:80/acs ACS username : newname ACS default URL : Null ACS default username : defname Periodic inform...

  • Page 462: Display Cwmp Status

    Field Description IP address of the specified CWMP connection interface. This field displays Source IP interface None if you have not specified a CWMP connection interface. STUN state Status of NAT traversal for CWMP: Enabled or Disabled. SSL client policy specified for the CPE to authenticate the ACS for establishing an HTTPS connection.

  • Page 463: Ssl Client-Policy

    Field Description Source from which the CPE obtained the ACS URL: • User—ACS URL assigned by using the cwmp acs url command or by ACS. • DHCP—ACS URL assigned by the DHCP server. ACS information source • Default—ACS URL assigned by using the cwmp acs default url command.
  • Page 464 Usage guidelines CWMP uses HTTP or HTTPS for data transmission. If the ACS uses HTTPS for secure access, its URL begins with https://. You must configure an SSL client policy for the CPE to authenticate the ACS for establishing an HTTPS connection. For more information about configuring SSL client policies, see Security Configuration Guide.

  • Page 465: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.

  • Page 466: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 467: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 468: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 469 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 470: Index

    Index A C D E F H I K L M N O P R S T U V X diagnostic-logfile save,378 display cwmp configuration,450 action cli,241 display cwmp status,452 action reboot,242 display debugging,1 action switchover,243 display diagnostic content,413 action syslog,243 display diagnostic event-log,416...
  • Page 471 display poe pse interface power,149 event syslog,255 display poe-power,150 event track,256 display poe-profile,152 exception filepath,294 display poe-profile interface,153 expect data,39 display process,284 expect ip,40 display process cpu,287 expect ipv6,40 display process log,288 expect status,41 display process memory,289 display process memory heap,290 filename,42 display process memory heap...
  • Page 472 ip netstream export host,344 netconf capability specific-namespace,231 ip netstream export rate,345 netconf idle-timeout,231 ip netstream export source,345 netconf log,232 ip netstream export template refresh-rate,346 netconf soap acl,234 ip netstream export version,347 netconf soap domain,235 ip netstream filter,348 netconf soap dscp,235 ip netstream sampler,349 netconf soap...
  • Page 473 packet-capture local interface,426 reset kernel exception,313 packet-capture read,427 reset kernel reboot,313 packet-capture remote interface,428 reset kernel starvation,314 packet-capture stop,429 reset logbuffer,405 password,57 resolve-target,76 ping,2 resolve-type,77 ping ipv6,5 rmon alarm,223 enable,154 rmon event,225 rmon history,226 poe enable pse,155 poe legacy enable,155 rmon prialarm,227 rmon...
  • Page 474 snmp-agent trap life,204 terminal debugging,407 snmp-agent trap log,204 terminal logging level,408 snmp-agent trap periodical-interval,205 terminal monitor,409 snmp-agent trap queue-size,206 tos,85 snmp-agent usm-user { v1 | v2c },206 tracert,7 snmp-agent usm-user v3,208 tracert ipv6,9 snmp-agent usm-user v3 user-role,213 ttl,85 sntp authentication enable,132 type,86 sntp...

Table of Contents