Page 1 HP MSR Router Series Layer 3—IP Services Command Reference(V7) Part number: 5998-7741b Software version: CMW710-R0304 Document version: 6PW104-20150914...
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Page 3: Table Of Contents
Contents ARP commands ····························································································································································· 1 arp check enable ······················································································································································ 1 arp check log enable ··············································································································································· 1 arp max-learning-num ·············································································································································· 2 arp max-learning-number ········································································································································ 4 arp static ···································································································································································· 5 arp timer aging ························································································································································· 6 display arp ································································································································································...
Page 4 dhcp select ····························································································································································· 37 DHCP server commands ················································································································································ 38 address range ························································································································································ 38 bims-server ····························································································································································· 39 bootfile-name ························································································································································· 40 class option-group ················································································································································· 41 class range ····························································································································································· 42 dhcp class ······························································································································································ 43 dhcp option-group ················································································································································· 43 ...
Page 5 dhcp relay check mac-address aging time ········································································································· 83 dhcp relay client-information record ··················································································································· 84 dhcp relay client-information refresh ··················································································································· 84 dhcp relay client-information refresh enable ······································································································ 85 dhcp relay gateway ·············································································································································· 86 dhcp relay information circuit-id ·························································································································· 87 ...
Page 6 display ipv6 dns server ······································································································································· 128 dns domain ·························································································································································· 129 dns dscp ······························································································································································· 130 dns proxy enable ················································································································································· 130 dns server ····························································································································································· 131 dns source-interface ············································································································································· 132 dns spoofing ························································································································································ 132 dns spoofing track ··············································································································································· 133 ...
Page 7 nat log enable ······················································································································································ 213 nat log flow-active ··············································································································································· 214 nat log flow-begin ··············································································································································· 215 nat log flow-end ··················································································································································· 216 nat mapping-behavior ········································································································································· 216 nat outbound ························································································································································ 217 nat outbound ds-lite-b4 ······································································································································· 220 nat outbound port-block-group ···························································································································...
Page 8 display tcp-proxy ················································································································································· 271 display tcp statistics ············································································································································· 272 display tcp verbose ············································································································································· 274 display udp ·························································································································································· 279 display udp statistics ··········································································································································· 280 display udp verbose ············································································································································ 281 ip forward-broadcast ·········································································································································· 285 ip icmp error-interval ··········································································································································· 286 ...
Page 9 ipv6 address auto link-local ······························································································································· 343 ipv6 address eui-64 ············································································································································ 344 ipv6 address link-local ········································································································································ 345 ipv6 bandwidth-based-sharing ·························································································································· 346 ipv6 hop-limit ······················································································································································· 346 ipv6 hoplimit-expires enable ······························································································································ 347 ipv6 icmpv6 error-interval ·································································································································· 348 ...
Page 10 display ipv6 dhcp server ···································································································································· 384 display ipv6 dhcp server conflict ······················································································································· 385 display ipv6 dhcp server database ··················································································································· 386 display ipv6 dhcp server expired ······················································································································ 387 display ipv6 dhcp server ip-in-use ····················································································································· 388 display ipv6 dhcp server pd-in-use ···················································································································· 390 ...
Page 11 display ipv6 dhcp snooping trust ······················································································································ 435 ipv6 dhcp snooping binding database filename ····························································································· 435 ipv6 dhcp snooping binding database update interval ·················································································· 437 ipv6 dhcp snooping binding database update now ······················································································· 437 ipv6 dhcp snooping binding record ················································································································· 438 ...
Page 12 display vam server private-network ··················································································································· 487 display vam server statistics ······························································································································· 488 encryption-algorithm············································································································································ 491 hub-group ····························································································································································· 492 hub ipv6 private-address ···································································································································· 493 hub private-address ············································································································································· 494 keepalive ······························································································································································ 495 pre-shared-key (ADVPN domain view) ·············································································································· 496 ...
Page 13 ············································································································································· 597 reset aft session ···················································································································································· 599 reset aft statistics ·················································································································································· 600 Support and other resources ·································································································································· 601 Contacting HP ······························································································································································ 601 Subscription service ············································································································································ 601 Related information ······················································································································································ 601 Documents ···························································································································································· 601 ...
Page 14 Websites ······························································································································································· 601 Conventions ·································································································································································· 602 Index ········································································································································································ 604 ...
Page 15: Arp Commands
ARP commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check.
Page 16: Arp Max-Learning-Num
Use undo arp check log enable to disable the ARP logging function. Syntax arp check log enable undo arp check log enable Default ARP logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This function enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The device can log the following ARP events: On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the •...
Page 17 Default The following matrix shows the default values for the number argument: Hardware Default MSR1002-4/1003-8S 4096 MSR2003 4096 MSR2004-24/2004-48 4096 MSR3012/3024/3044/3064 4096 MSR4060/4080 16384 Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Layer 3 Ethernet interface/subinterface view Layer 3 aggregate interface/aggregate subinterface view VLAN interface view Predefined user roles network-admin...
Page 18: Arp Max-Learning-Number
[Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] arp max-learning-num 1000 # Specify Layer 2 aggregate interface Bridge-Aggregation 1 to learn a maximum of 1000 dynamic ARP entries. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] arp max-learning-num 1000 # Specify Layer 3 aggregate interface Route-Aggregation 1 to learn a maximum of 1000 dynamic ARP entries.
Page 19: Arp Static
Predefined user roles network-admin Parameters number: Specifies the maximum number of dynamic ARP entries for a device. The following matrix shows the value ranges for the number argument: Hardware Value range MSR1002-4/1003-8S 0 to 4096 MSR2003 0 to 4096 MSR2004-24/2004-48 0 to 4096 MSR3012/3024/3044/3064 0 to 4096...
Page 20: Arp Timer Aging
Predefined user roles network-admin Parameters ip-address: Specifies an IP address for the static ARP entry. mac-address: Specifies a MAC address for the static ARP entry, in the format of H-H-H. vlan-id: Specifies the ID of a VLAN to which the static ARP entry belongs. The value range is 1 to 4094. The VLAN and VLAN interface must already exist.
Page 21: Display Arp
Syntax arp timer aging aging-time undo arp timer aging Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer.
Page 22 Predefined user roles network-admin network-operator Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ARP entries for the active MPU.
Page 23: Display Arp Ip-Address
[No Vrf] 0x0000 192.168.0.39 0012-a990-2241 GE2/0/3 [No Vrf] 0x0000 22.1.1.1 000c-299d-c041 [No Vrf] 0x0000 # Display the number of all ARP entries. <Sysname> display arp all count Total number of entries : 5 Table 1 Command output Field Description IP Address IP address in an ARP entry.
Page 24: Display Arp Timer Aging
Syntax Centralized devices in standalone mode: display arp ip-address [ verbose ] Distributed devices in standalone mode/centralized devices in IRF mode: display arp ip-address [ slot slot-number ] [ verbose ] Distributed devices in IRF mode: display arp ip-address [ chassis chassis-number slot slot-number ] [ verbose ] Views Any view Predefined user roles...
Page 25: Display Arp Vpn-Instance
Syntax display arp timer aging Views Any view Predefined user roles network-admin network-operator Examples # Display the aging timer of dynamic ARP entries. <Sysname> display arp timer aging Current ARP aging time is 10 minute(s) Related commands arp timer aging display arp vpn-instance Use display arp vpn-instance to display the ARP entries for a VPN instance.
Page 26: Reset Arp
reset arp • reset arp Use reset arp to clear ARP entries from the ARP table. Syntax Centralized devices in standalone mode: reset arp { all | dynamic | interface interface-type interface-number | static } Distributed devices in standalone mode/centralized devices in IRF mode: reset arp { all | dynamic | interface interface-type interface-number | slot slot-number | static } Distributed devices in IRF mode: reset arp { all | chassis chassis-number slot slot-number | dynamic | interface interface-type...
Page 27: Gratuitous Arp Commands
Gratuitous ARP commands arp ip-conflict log prompt Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation. Use undo arp ip-conflict log prompt to restore the default. Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default IP conflict notification is disabled.
Page 28: Gratuitous-Arp-Learning Enable
VLAN interface view Predefined user roles network-admin Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This function takes effect only when the enabled interface is up and an IP address has been assigned to the interface.
Page 29: Gratuitous-Arp-Sending Enable
Usage guidelines The learning of gratuitous ARP packets function allows a device to maintain its ARP table by creating or updating ARP entries based on received gratuitous ARP packets. When this function is disabled, the device uses received gratuitous ARP packets to update existing ARP entries only.
Page 30: Proxy Arp Commands
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The local ARP proxy status can be enabled or disabled.
Page 31: Local-Proxy-Arp Enable
Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The proxy ARP status can be enabled or disabled. If an interface is specified, this command displays proxy ARP status for the specified interface. If no interface is specified, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on GigabitEthernet 2/0/1.
Page 32: Proxy-Arp Enable
Local proxy ARP allows communication between hosts that connect to the same Layer 3 interface and reside in different broadcast domains. Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on GigabitEthernet 2/0/1. <Sysname>...
Page 33 Examples # Enable proxy ARP on GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] proxy-arp enable Related commands display proxy-arp...
Page 34: Arp Fast-Reply Commands
ARP fast-reply commands arp fast-reply enable Use arp fast-reply enable to enable ARP fast-reply for a VLAN. Use undo arp fast-reply enable to disable ARP fast-reply for a VLAN. Syntax arp fast-reply enable undo arp fast-reply enable Default ARP fast-reply is disabled on a VLAN. Views VLAN view Predefined user roles...
Page 35: Arp Pnp Commands
ARP PnP commands arp pnp Use arp pnp to enable the ARP plug and play (PnP) feature. Use undo arp pnp to restore the default. Syntax arp pnp undo arp pnp Default The ARP PnP feature is disabled. Views Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Predefined user roles network-admin Usage guidelines...
Page 36: Display Arp Pnp
display arp pnp Use display arp pnp to display ARP PnP mappings. Syntax display arp pnp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays ARP PnP mappings for all interfaces.
Page 37: Arp Suppression Commands
ARP suppression commands arp suppression enable Use arp suppression enable to enable ARP suppression. Use undo arp suppression enable to disable ARP suppression. Syntax arp suppression enable undo arp suppression enable Default ARP suppression is disabled. Views Cross-connect view Predefined user roles network-admin Usage guidelines You must enable L2VPN before you enter cross-connect view.
Page 38: Display Arp Suppression Xconnect-Group
Views System view Predefined user roles network-admin Parameters interval: Specifies a push interval for ARP suppression, in the range of 1 to 1440 minutes. Usage guidelines The ARP suppression push function pushes ARP suppression entries at intervals by broadcasting gratuitous ARP packets. Examples # Configure the device to push ARP suppression entries every 2 minutes.
Page 39: Reset Arp Suppression Xconnect-Group
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ARP suppression entries for the master device. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Page 40 Examples # Clear ARP suppression entries for all cross-connect groups. <Sysname> reset arp suppression xconnect-group Related commands display arp suppression xconnect-group...
Page 41: Arp Direct Route Advertisement Commands
ARP direct route advertisement commands arp route-direct advertise Use arp route-direct advertise to enable ARP direct route advertisement. Use undo arp route-direct advertise to disable ARP direct route advertisement. Syntax arp route-direct advertise undo arp route-direct advertise Default ARP direct route advertisement is disabled. Views L3VE interface view Predefined user roles...
Page 42: Ip Addressing Commands
IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays information about all Layer 3 interfaces.
Page 43 Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 4 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown command.
Page 44: Display Ip Interface Brief
Field Description ICMP packet input number: Total number of ICMP packets received on the interface (statistics start at the Echo reply: device startup): • Echo reply packets. Unreachable: • Unreachable packets. Source quench: • Source quench packets. Routing redirect: • Routing redirect packets.
Page 45 Usage guidelines Information displayed by the command includes the state of the physical and link layer protocols, IP address, and interface descriptions. If you do not specify the interface type and interface number, the command displays brief IP configuration for all Layer 3 interfaces. If you specify only the interface type, the command displays brief IP configuration for all Layer 3 interfaces of the specified type.
Page 46: Ip Address
Field Description Interface description information. If no description is configured, this field displays Description hyphens (--). Related commands display ip interface • ip address • ip address Use ip address to assign an IP address to the interface. Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ]...
Page 47: Ip Address Unnumbered
The primary and secondary IP addresses assigned to the interface can be located on the same network segment. Different interfaces on your device must reside on different network segments. Examples # Assign GigabitEthernet 2/0/1 a primary IP address 129.102.0.1 and a secondary IP address 202.38.160.1, with the subnet masks both 255.255.255.0.
Page 48 You cannot enable a dynamic routing protocol on the interface that has no IP address configured. To enable the interface to communicate with other devices, you must configure a static route to the peer device on the interface. Examples # Configure the tunnel interface Tunnel 0 to borrow the IP address of the interface GigabitEthernet 2/0/1.
Page 49: Dhcp Commands
DHCP commands Common DHCP commands dhcp client-detect Use dhcp client-detect to enable client offline detection on the DHCP server or DHCP relay agent. Use undo dhcp client-detect to disable client offline detection. Syntax dhcp client-detect undo dhcp client-detect Default Client offline detection is disabled. Views Interface view Predefined user roles...
Page 50: Dhcp Enable
Default The DSCP value in DHCP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
Page 51: Dhcp Select
Use undo dhcp log enable to disable DHCP logging. Syntax dhcp log enable undo dhcp log enable Default DHCP logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCP server to generate DHCP logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.
Page 52: Dhcp Server Commands
proxy: Enables DHCP server proxy on the relay agent. server: Enables the DHCP server on the interface. Usage guidelines Before enabling the DHCP relay agent on an interface, use the reset dhcp server ip-in-use command to remove address bindings and authorized ARP entries. These authorized ARP entries might conflict with ARP entries that are created after the DHCP relay agent is enabled.
Page 53: Bims-Server
Usage guidelines If no IP address range is specified, all IP addresses in the subnet specified by the network command in address pool view are assignable. If an IP address range is specified, only the IP addresses in the IP address range are assignable.
Page 54: Bootfile-Name
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. The DHCP client uses the shared key to encrypt packets sent to the BIMS server.
Page 55: Class Option-Group
[Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bootfile-name boot.cfg # Specify the configuration file URL http://10.1.1.1/boot.cfg in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bootfile-name http://10.1.1.1/boot.cfg Related commands • display dhcp server pool next-server • • tftp-server domain-name tftp-server ip-address •...
Page 56: Class Range
<Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] class user option-group 1 Related commands dhcp option group class range Use class range to specify an IP address range for a DHCP user class. Use undo class range to remove the IP address range for the DHCP user class. Syntax class class-name range start-ip-address end-ip-address undo class class-name range...
Page 57: Dhcp Class
[Sysname-dhcp-pool-1] class user range 192.168.8.1 192.168.8.150 Related commands • address range dhcp class • • display dhcp server pool dhcp class Use dhcp class to create a DHCP user class and enter the DHCP user class view. Use undo dhcp class to remove the specified user class. Syntax dhcp class class-name undo dhcp class class-name...
Page 58: Dhcp Server Always-Broadcast
Syntax dhcp option-group option-group-number undo dhcp option-group option-group-number Default No DHCP option group exists. Views System view Predefined user roles network-admin Parameters option-group-number: Assigns a number to the DHCP option group, in the range of 0 to 32768. Usage guidelines You can use this command to enter the view of an existing DHCP option group.
Page 59: Dhcp Server Apply Ip-Pool
The DHCP server always unicasts a response in the following situations, regardless of whether this command is executed: The DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0). • The DHCP request is forwarded by a DHCP relay agent from a DHCP client (the giaddr field is not •...
Page 60: Dhcp Server Bootp Ignore
dhcp server bootp ignore Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests. Use undo dhcp server bootp ignore to restore the default. Syntax dhcp server bootp ignore undo dhcp server bootp ignore Default The DHCP server does not ignore BOOTP requests. Views System view Predefined user roles...
Page 61: Dhcp Server Database Filename
This command enables the DHCP server to fill the Vend field in RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients. This command takes effect only when the BOOTP clients request statically bound addresses. Examples # Enable the DHCP server to send BOOTP responses in RFC 1048 format upon receiving BOOTP requests incompliant with RFC 1048.
Page 62: Dhcp Server Database Update Interval
When the backup file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password: If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, • where the port number is optional. If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, •...
Page 63: Dhcp Server Database Update Now
Parameters seconds: Sets the waiting time in seconds in the range of 60 to 864000. Usage guidelines The waiting time does not take effect if you do not configure the DHCP binding auto backup by using the dhcp server database filename command. When a DHCP binding is created, updated, or removed, the waiting period starts.
Page 64: Dhcp Server Database Update Stop
dhcp server database update stop Use dhcp server database update stop to terminate the download of DHCP bindings from the backup file. Syntax dhcp server database update stop Views System view Predefined user roles network-admin Usage guidelines The DHCP server does not provide services during the binding download process. If the connection disconnects during the process, the waiting timeout timer is 60 minutes.
Page 65: Dhcp Server Ip-Pool
Parameters start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If you do not specify this argument, only the start-ip-address is excluded from dynamic allocation. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters.
Page 66: Dhcp Server Ping Packets
Usage guidelines You can also use this command to enter the view of an existing DHCP address pool. A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients. Examples # Create a DHCP address pool named pool1. <Sysname>...
Page 67: Dhcp Server Ping Timeout
reset dhcp server conflict • dhcp server ping timeout Use dhcp server ping timeout to set the ping response timeout time on the DHCP server. Use undo dhcp server ping timeout to restore the default. Syntax dhcp server ping timeout milliseconds undo dhcp server ping timeout Default The ping response timeout time is 500 milliseconds.
Page 68: Display Dhcp Server Conflict
Default The DHCP server handles Option 82. Views System view Predefined user roles network-admin Usage guidelines Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82. Examples # Configure the DHCP server to ignore Option 82.
Page 69: Display Dhcp Server Database
<Sysname> display dhcp server conflict IP address Detect time 4.4.4.1 Apr 25 16:57:20 2007 4.4.4.2 Apr 25 17:00:10 2007 Table 6 Command output Field Description IP address Conflicted IP address. Detect time Time when the conflict was discovered. Related commands reset dhcp server conflict display dhcp server database Use display dhcp server database to display information about DHCP binding auto backup.
Page 70: Display Dhcp Server Expired
Field Description Status of the update: • Writing—The backup file is being updated. Status • Last write succeeded—The backup file was successfully updated. • Last write failed—The backup file failed to be updated. display dhcp server expired Use display dhcp server expired to display the lease expiration information. Syntax display dhcp server expired [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views...
Page 71: Display Dhcp Server Free-Ip
Related commands reset dhcp server expired display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses. Syntax display dhcp server free-ip [ pool pool-name | vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters...
Page 72: Display Dhcp Server Ip-In-Use
Field Description Secondary networks Assignable secondary networks. Related commands address range • dhcp server ip-pool • network • display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about assigned IP addresses. Syntax display dhcp server ip-in-use [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views Any view Predefined user roles...
Page 73: Display Dhcp Server Pool
Table 10 Command output Field Description IP address IP address assigned. Client identifier/Hardware Client ID or hardware address. address Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire. • Lease expiration Not used—The IP address of the static binding has not been assigned to the specific client.
Page 74 Examples # Display information about all DHCP address pools. <Sysname> display dhcp server pool Pool name: 0 Network 20.1.1.0 mask 255.255.255.0 class a range 20.1.1.50 20.1.1.60 bootfile-name abc.cfg dns-list 20.1.1.66 20.1.1.67 20.1.1.68 domain-name www.aabbcc.com bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU= option 2 ip-address 1.1.1.1 expired 1 2 3 0 Pool name: 1...
Page 75: Display Dhcp Server Statistics
expired unlimited Table 11 Command output Field Description Pool name Name of an address pool. Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range. class class-name range DHCP user class and its address range. static bindings Static IP-to-MAC/client ID bindings.
Page 76 network-operator Parameters pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command displays information about all address pools. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters.
Page 77: Dns-List
Field Description DHCP packets received from clients: • DHCPDISCOVER. • DHCPREQUEST. • DHCPDECLINE. Messages received • DHCPRELEASE. • DHCPINFORM. • BOOTPREQUEST. This field is not displayed if you display statistics for a specific address pool. DHCP packets sent to clients: •...
Page 78: Domain-Name
If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.254 Related commands display dhcp server pool...
Page 79: Forbidden-Ip
Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles network-admin Parameters day day: Sets the number of days, in the range of 0 to 365.
Page 80: Gateway-List
Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies a space-separated list of up to eight excluded IP addresses. Usage guidelines The excluded IP addresses in an address pool are still assignable in other address pools. You can exclude a maximum of 4096 IP addresses in an address pool.
Page 81: If-Match
export-route: Binds the gateways to the device's MAC address in the address management module. The ARP module will use the entries to reply to ARP requests from the DHCP clients. This feature ensures the clients to obtain different gateway IP addresses but the same MAC address. Usage guidelines If you use this command multiple times, the most recent configuration takes effect.
Page 82 mask mask: Specifies the mask for the match operation, in the hex format. The mask length must be the same as the hex-string length. The mask is used for ANDing the selected string in the option and the specified hexadecimal string. The packet matches the rule if the two AND operation results are the same. offset offset: Specifies the offset in bytes after which the match operation starts.
Page 83: Ip-In-Use Threshold
[Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 2 option 82 hex 13ae92 offset 0 length 3 # Configure match rule 3 to match DHCP requests that contain Option 82. Option 82's highest bit of the fourth byte is 1 for the DHCP user class exam. <Sysname>...
Page 84: Nbns-List
[Sysname-dhcp-pool-p1] ip-in-use threshold 85 nbns-list Use nbns-list to specify WINS server addresses in a DHCP address pool. Use undo nbns-list to remove the specified WINS server addresses. Syntax nbns-list ip-address&<1-8> undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles...
Page 85: Network
Views DHCP address pool view Predefined user roles network-admin Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.
Page 86: Next-Server
Parameters network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified, the natural mask will be used. mask-length: Specifies the mask length in the range of 1 to 30. mask mask: Specifies the mask in dotted decimal format. export-route: Advertises the subnet assigned to DHCP clients.
Page 87: Option
undo next-server Default No server's IP address is specified in a DHCP address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a server. Usage guidelines Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information.
Page 88: Reset Dhcp Server Conflict
hex hex-string: Specifies a hexadecimal string as the option content. The string length must be an even number in the range of 2 to 256. ip-address ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses as the option content.
Page 89: Reset Dhcp Server Expired
Parameters ip ip-address: Clears conflict information about the specified IP address. If you do not specify this option, this command clears all address conflict information. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To clear conflict information about IP addresses on the public network, do not specify this option.
Page 90: Reset Dhcp Server Ip-In-Use
reset dhcp server ip-in-use Use reset dhcp server ip-in-use to clear binding information about assigned IP addresses. Syntax reset dhcp server ip-in-use [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears binding information about the specified assigned IP address.
Page 91: Static-Bind
Examples # Clear DHCP server statistics. <Sysname> reset dhcp server statistics Related commands display dhcp server statistics static-bind Use static-bind to statically bind a client ID or MAC address to an IP address. Use undo static-bind to remove a static binding. Syntax static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] }...
Page 92: Tftp-Server Domain-Name
You can specify multiple static bindings in an address pool. The total number of static bindings in all address pools cannot exceed 8192. You cannot modify bindings. To change the binding for a DHCP client, you must delete the existing binding first and create a new binding.
Page 93: Tftp-Server Ip-Address
tftp-server ip-address Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool. Use undo tftp-server ip-address to remove the TFTP server address from a DHCP address pool. Syntax tftp-server ip-address ip-address undo tftp-server ip-address Default No TFTP server address is specified. Views DHCP address pool view Predefined user roles...
Page 94: Verify Class
Predefined user roles network-admin Parameters class-name&<1-8>: Specifies a space-separated list of up to eight DHCP user classes by their names, a case-insensitive string of 1 to 63 characters. Usage guidelines For this command to take effect, you must enable the DHCP user class whitelist. Examples # Add DHCP user classes test1 and test2 to the whitelist in DHCP address pool 0.
Page 95: Voice-Config
Related commands valid class voice-config Use voice-config to configure the content for Option 184 in a DHCP address pool. Use undo voice-config to remove the Option 184 content from a DHCP address pool. Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] Default...
Page 96: Vpn-Instance
vpn-instance Use vpn-instance to apply a DHCP address pool to a VPN instance. Use undo vpn-instance to remove the application. Syntax vpn-instance vpn-instance-name undo vpn-instance Default The DHCP address pool is not applied to any VPN instance. Views DHCP address pool view Predefined user roles network-admin Parameters...
Page 97: Dhcp Relay Check Mac-Address Aging Time
undo dhcp relay check mac-address Default The MAC address check function is disabled. Views Interface view Predefined user roles network-admin Usage guidelines This function enables the DHCP relay agent to compare the chaddr field of a received DHCP request with the source MAC address in the frame header.
Page 98: Dhcp Relay Client-Information Record
Parameters time: Sets the aging time for MAC address check entries in seconds, in the range of 30 to 600. Usage guidelines This command takes effect only after you execute the dhcp relay check mac-address command. Examples # Set the aging time to 60 seconds for MAC address check entries on the DHCP relay agent. <Sysname>...
Page 99: Dhcp Relay Client-Information Refresh Enable
Syntax dhcp relay client-information refresh [ auto | interval interval ] undo dhcp relay client-information refresh Default The refresh interval is automatically calculated based on the number of relay entries. Views System view Predefined user roles network-admin Parameters auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh interval. The shortest interval is 50 ms.
Page 100: Dhcp Relay Gateway
Usage guidelines A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client. With this feature, the DHCP relay agent uses a client's IP address and the relay interface's MAC address to periodically send a DHCP-REQUEST message to the DHCP server.
Page 101: Dhcp Relay Information Circuit-Id
Usage guidelines The DHCP relay agent uses the specified IP address instead of the primary IP address of the relay interface as the gateway address for DHCP clients. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify 10.1.1.1 as the gateway address for DHCP clients on GigabitEthernet 2/0/1.
Page 102 NOTE: If sysname is used as the node identifier, do not include any spaces when you set the device name. Otherwise, the DHCP relay agent fails to add or replace Option 82. user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. •...
Page 103: Dhcp Relay Information Enable
Related commands dhcp relay information enable • dhcp relay information strategy • • display dhcp relay information dhcp relay information enable Use dhcp relay information enable to enable the relay agent to support Option 82. Use undo dhcp relay information enable to disable Option 82 support. Syntax dhcp relay information enable undo dhcp relay information enable...
Page 104: Dhcp Relay Information Strategy
Use undo dhcp relay information remote-id to restore the default. Syntax dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname } undo dhcp relay information remote-id Default The padding mode is normal and the padding format is hex. Views Interface view Predefined user roles...
Page 105: Dhcp Relay Release Ip
Use undo dhcp relay information strategy to restore the default handling strategy. Syntax dhcp relay information strategy { drop | keep | replace } undo dhcp relay information strategy Default The handling strategy for messages that contain Option 82 is replace. Views Interface view Predefined user roles...
Page 106: Dhcp Relay Server-Address
Predefined user roles network-admin Parameters client-ip: Specifies the IP address to be released. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance of the IP address. The vpn-instance-name is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command releases the IP address in the public network.
Page 107: Display Dhcp Relay Check Mac-Address
Examples # Specify the DHCP server 1.1.1.1 on the relay agent interface GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp relay server-address 1.1.1.1 Related commands dhcp select relay • display dhcp relay interface • display dhcp relay check mac-address Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.
Page 108 Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance.
Page 109: Display Dhcp Relay Information
Related commands dhcp relay client-information record • reset dhcp relay client-information • display dhcp relay information Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent. Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles...
Page 110: Display Dhcp Relay Server-Address
Table 16 Command output Field Description Interface Interface name. Option 82 states: • Status Enable—DHCP relay agent support for Option 82 is enabled. • Disable—DHCP relay agent support for Option 82 is disabled. Handling strategy for request messages containing Option 82, Drop, Strategy Keep, or Replace.
Page 111: Display Dhcp Relay Statistics
Table 17 Command output Field Description Interface name Interface name. Server IP address DHCP server IP address. Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent. Syntax display dhcp relay statistics [ interface interface-type interface-number ] Views...
Page 112: Gateway-List
DHCPDECLINE: BOOTPREQUEST: DHCP packets relayed to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: DHCP packets sent to servers: DHCPDISCOVER: DHCPREQUEST: DHCPINFORM: DHCPRELEASE: DHCPDECLINE: BOOTPREQUEST: DHCP packets sent to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: Related commands reset dhcp relay statistics gateway-list Use gateway-list to specify a list of gateways for DHCP clients in the relay address pool. Use undo gateway-list to remove the specified gateway addresses from a DHCP relay address pool.
Page 113: Remote-Server
specify the gateway for clients matching the same relay address pool and bind the gateway address to the device's MAC address. Upon receiving a DHCP DISCOVER or REQUEST from a client that matches a relay address pool, the relay agent processes the packet as follows: Fills the giaddr field of the packet with the specified gateway address.
Page 114: Reset Dhcp Relay Client-Information
reset dhcp relay client-information Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent. Syntax reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Clears relay entries on the specified interface.
Page 115: Dhcp Client Commands
DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply. This makes the client unable to use the IP address assigned by the server. HP recommends that you disable duplicate address detection when ARP attacks exist on the network.
Page 116: Dhcp Client Identifier
Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
Page 117: Display Dhcp Client
Examples # Use the MAC address of GigabitEthernet 2/0/2 as the DHCP client ID for GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp client identifier mac gigabitethernet 2/0/2 Related commands display dhcp client display dhcp client Use display dhcp client to display DHCP client information. Syntax display dhcp client [ verbose ] [ interface interface-type interface-number ] Views...
Page 118 Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16 DNS servers: 44.1.1.11 44.1.1.12 Domain name: ddd.com Boot servers: 200.200.200.200 1.1.1.1 ACS parameter: URL: http://192.168.1.1:7547/acs Username: bims Password: ****** Client ID type: acsii(type value=00) Client ID value: 000c.29d3.8659-GE2/0/1 Client ID (with type) hex: 0030-3030-632e-3239- 6433-2e38-3635-392d- 4574-6830-2f30-2f32...
Page 119: Ip Address Dhcp-Alloc
Field Description Domain name Domain name suffix assigned to the client. PXE server addresses (up to 16 addresses) specified for the DHCP Boot servers client, which are obtained through Option 43. ACS parameter Parameters about the ACS. URL of the ACS. Username Username for logging in to the ACS.
Page 120: Dhcp Snooping Commands
Usage guidelines When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. This situation can occur when a subinterface obtained an IP address through DHCP, and the shutdown command is executed on its primary interface.
Page 121 Syntax dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } key ] ] } undo dhcp snooping binding database filename Default The DHCP snooping device does not back up DHCP snooping entries. Views System view Predefined user roles...
Page 122: Dhcp Snooping Binding Database Update Interval
Examples # Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp. <Sysname> system-view [Sysname] dhcp snooping binding database filename database.dhcp # Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp in the working directory of the FTP server at 10.1.1.1.
Page 123: Dhcp Snooping Binding Database Update Now
<Sysname> system-view [Sysname] dhcp snooping binding database update interval 600 Related commands dhcp snooping binding database filename dhcp snooping binding database update now Use dhcp snooping binding database update now to manually save DHCP snooping entries to the backup file. Syntax dhcp snooping binding database update now Views...
Page 124: Dhcp Snooping Check Mac-Address
Usage guidelines This command enables DHCP snooping on the port directly connecting to the clients to record client information in DHCP snooping entries. Examples # Enable recording of client information in DHCP snooping entries. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp snooping binding record dhcp snooping check mac-address Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.
Page 125: Dhcp Snooping Enable
Default This function is disabled. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This function prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server.
Page 126: Dhcp Snooping Information Circuit-Id
Examples # Enable DHCP snooping. <Sysname> system-view [Sysname] dhcp snooping enable dhcp snooping information circuit-id Use dhcp snooping information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option. Use undo dhcp snooping information circuit-id to restore the default. Syntax dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }...
Page 127: Dhcp Snooping Information Enable
format: Sets the padding format for the Circuit ID sub-option. ascii: Sets the padding format to ASCII. hex: Sets the padding format to hex. Usage guidelines The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.
Page 128: Dhcp Snooping Information Remote-Id
Syntax dhcp snooping information enable undo dhcp snooping information enable Default DHCP snooping does not support Option 82. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines This command enables DHCP snooping to add Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server.
Page 129: Dhcp Snooping Information Strategy
Predefined user roles network-admin Parameters vlan vlan-id: Specifies the VLAN ID as the Remote ID sub-option. string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option. sysname: Specifies the sysname mode that uses the device name as the Remote ID sub-option.
Page 130: Dhcp Snooping Max-Learning-Num
Predefined user roles network-admin Parameters drop: Drops DHCP messages that contain Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only on DHCP requests that contain Option 82. For DHCP requests that do not contain Option 82, the DHCP snooping device always adds Option 82 into the requests before forwarding them to the DHCP server.
Page 131: Dhcp Snooping Trust
Examples # Configure the Layer 2 Ethernet interface GigabitEthernet 2/0/1 to learn a maximum of 1000 DHCP snooping entries. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp snooping max-learning-num 1000 dhcp snooping trust Use dhcp snooping trust to configure a port as a trusted port. Use undo dhcp snooping trust to restore the default state of a port.
Page 132: Display Dhcp Snooping Binding Database
network-operator Parameters ip ip-address: Displays the DHCP snooping entry for the specified IP address. vlan vlan-id: Specifies the VLAN ID where the IP address resides. Usage guidelines If you do not specify any parameters, this command displays all DHCP snooping entries. Examples # Display all DHCP snooping entries.
Page 133: Display Dhcp Snooping Information
Predefined user roles network-admin network-operator Examples # Display information about DHCP snooping entry auto backup. <Sysname> display dhcp snooping binding database File name database.dhcp Username Password Update interval 600 seconds Latest write time Feb 27 18:48:04 2012 Status Last write succeeded. Table 21 Command output Field Description...
Page 134: Display Dhcp Snooping Packet Statistics
Examples # Display Option 82 configuration on all interfaces. <Sysname> display dhcp snooping information all Interface: Bridge-Aggregation Status: Disable Strategy: Drop Circuit ID: Padding format: User Defined User defined: abcd Format: ASCII Remote ID: Padding format: Normal Format: ASCII VLAN 10: Circuit ID: abcd Remote ID: company Table 22 Command output...
Page 135: Display Dhcp Snooping Trust
Distributed devices in standalone mode/centralized devices in IRF mode: display dhcp snooping packet statistics [ slot slot-number ] Distributed devices in IRF mode: display dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
Page 136: Reset Dhcp Snooping Binding
<Sysname> display dhcp snooping trust DHCP snooping is enabled. Interface Trusted ========================= ============ GigabitEthernet2/0/1 Trusted Related commands dhcp snooping trust reset dhcp snooping binding Use reset dhcp snooping binding to clear DHCP snooping entries. Syntax reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] } Views User view Predefined user roles...
Page 137: Bootp Client Commands
Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by the slot number. If you do not specify a card, this command clears DHCP packet statistics for the active MPU. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears DHCP packet statistics for the master device.
Page 138: Ip Address Bootp-Alloc
Allocated IP: 169.254.0.2 255.255.0.0 Transaction ID: 0x3d8a7431 MAC Address: 00e0-fc0a-c3ef Table 23 Command output Field Description GigabitEthernet2/0/1 BOOTP client Information about the interface that acts as a BOOTP client. information Allocated IP BOOTP client's IP address allocated by the BOOTP server. Value of the XID field in a BOOTP message.
Page 139: Dns Commands
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.
Page 140: Display Dns Host
display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries.
Page 141: Display Dns Server
Field Description Time in seconds that a mapping can be stored in the cache. For a static mapping, a hyphen (-) is displayed. Query type Query type, type A or type AAAA. Replied IP address: • IP addresses For type A query, the replied IP address is an IPv4 address. •...
Page 142: Display Ipv6 Dns Server
Table 26 Command output Field Description Sequence number. DNS server type: • Type S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information.
Page 143: Dns Domain
Field Description DNS server type: • S—A manually configured DNS server. Type • D—DNS server information dynamically obtained through DHCP or other protocols. IPv6 address IPv6 address of the DNS server. Outgoing Interface Output interface. Related commands ipv6 dns server dns domain Use dns domain to configure a domain name suffix.
Page 144: Dns Dscp
<Sysname> system-view [Sysname] dns domain com Related commands display dns domain dns dscp Use dns dscp to set the DSCP value for DNS packets sent by a DNS client or DNS proxy. Use undo dns dscp to restore the default. Syntax dns dscp dscp-value undo dns dscp...
Page 145: Dns Server
Predefined user roles network-admin Usage guidelines This configuration applies to both IPv4 DNS and IPv6 DNS. Examples # Enable DNS proxy. <Sysname> system-view [Sysname] dns proxy enable dns server Use dns server to specify the IPv4 address of a DNS server. Use undo dns server to remove the specified IPv4 address of a DNS server.
Page 146: Dns Source-Interface
dns source-interface Use dns source-interface to specify the source interface for DNS packets. Use undo dns source-interface to restore the default. Syntax dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] undo dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] Default No source interface for DNS packets is specified.
Page 147: Dns Spoofing Track
Syntax dns spoofing ip-address [ vpn-instance vpn-instance-name ] undo dns spoofing ip-address [ vpn-instance vpn-instance-name ] Default DNS spoofing is disabled. Views System view Predefined user roles network-admin Parameters ip-address: Specifies the IPv4 address used to spoof DNS requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters.
Page 148: Dns Trust-Interface
Views System view Predefined user roles network-admin Parameters controller interface-type interface-number: Specifies an output interface by its type and number. Usage guidelines The DNS spoofing device spoofs DNS requests if the network mode of the output interface is 2G. This command takes effect on the cellular interface when the interface acts as the output interface to reach the DNS server.
Page 149: Ip Host
Usage guidelines By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attack.
Page 150: Ipv6 Dns Dscp
On the public network or a VPN, each host name maps to only one IPv4 address. If you use the command multiple times, the most recent configuration takes effect. Exclude the ping command parameters ip, -a, -c, -f, -h, -i, -m, -n, -p, -q, -r, -s, -t, -tos, -v, and -vpn-instance from the host name.
Page 151: Ipv6 Dns Spoofing
Syntax ipv6 dns server ipv6-address [ interface-type interface-number ] [ vpn-instance vpn-instance-name ] undo ipv6 dns server [ ipv6-address [ interface-type interface-number ] ] [ vpn-instance vpn-instance-name ] Default No DNS server IPv6 address is specified. Views System view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of a DNS server.
Page 152: Ipv6 Host
Default DNS spoofing is disabled. Views System view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address used to spoof DNS requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. To enable DNS spoofing on the public network, do not use this option. Usage guidelines Use the ipv6 dns spoofing command together with the dns proxy enable command.
Page 153: Reset Dns Host
Predefined user roles network-admin Parameters host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include letters, digits, hyphens (-), underscores (_), and dots (.). ipv6-address: Specifies the IPv6 address of the host. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters.
Page 154 vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN, this command clears the domain name-to-IPv6 address mapping on the public network. Usage guidelines If you do not specify the ip and ipv6 keywords, the reset dns host command clears dynamic DNS cache information about all query types.
Page 155: Ddns Commands
DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update. Syntax ddns apply policy policy-name [ fqdn domain-name ] undo ddns apply policy policy-name...
Page 156: Ddns Dscp
ddns dscp Use ddns dscp to set the DSCP value for outgoing DDNS packets. Use undo ddns dscp to restore the default. Syntax ddns dscp dscp-value undo ddns dscp Default The DSCP value for outgoing DDNS packets is 0. Views System view Predefined user roles network-admin...
Page 157: Display Ddns Policy
Usage guidelines You can create up to 16 DDNS policies on the device. Examples # Create a DDNS policy steven_policy and enter its view. <Sysname> system-view [Sysname] ddns policy steven_policy Related commands ddns apply policy • display ddns policy • display ddns policy Use display ddns policy to display information about DDNS policies.
Page 158: Interval
SSL client policy: Interval : 0 days 0 hours 30 minutes DDNS policy: tom-policy : http://members.3322.org/dyndns/update?system= dyndns&hostname=<h>&myip=<a> Username Password Method : GET SSL client policy: Interval : 0 days 0 hours 15 minutes DDNS policy: u-policy : oray://phservice2.oray.net Username : username Password Method SSL client policy:...
Page 159: Method
undo interval Default The DDNS update request interval is one hour. Views DDNS policy view Predefined user roles network-admin Parameters days: Days in the range of 0 to 365. hours: Hours in the range of 0 to 23. minutes: Minutes in the range of 0 to 59. Usage guidelines A DDNS update request is initiated immediately if either of the following conditions occurs: •...
Page 160: Password
Default The method http-get applies. Views DDNS policy view Predefined user roles network-admin Parameters http-get: Uses the get operation. http-post: Uses the post operation. Usage guidelines This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server.
Page 161: Ssl-Client-Policy
Parameters cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies a case-sensitive password string. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters. Usage guidelines For security purposes, all passwords, including passwords configured in plain text, are saved in ciphertext.
Page 162: Url
Examples # Associate the SSL client policy ssl_policy with the DDNS policy steven_policy. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] ssl-client-policy ssl_policy Related commands ddns policy • display ddns policy • ssl-client-policy (Security Command Reference) • Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address.
Page 163 No username or password is included in the URL address. To configure the username and password, use the username command and the password command. HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols.
Page 164: Username
Examples # Specify the URL address for DDNS update requests for DDNS policy steven_policy. The device contacts www.3322.org for DDNS update. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] url http:// members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a> Related commands • ddns policy display ddns policy • password •...
Page 165: Nat Commands
NAT commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. address Use address to add an address range to a NAT address group. Use undo address to remove an address range from a NAT address group.
Page 166: Block-Size
Related commands nat address-group block-size Use block-size to set the port block size. Use undo block-size to restore the default. Syntax block-size block-size undo block-size Default The port block size is 256. Views NAT port block group view Predefined user roles network-admin Parameters block-size: Sets the number of ports for a port block.
Page 167 Examples # (Centralized devices in standalone mode.) Display all NAT configuration information. <Sysname> display nat all NAT address group information: Totally 5 NAT address groups. Address group 1: Port range: 1-65535 Address information: Start address End address 202.110.10.10 202.110.10.15 Address group 2: Port range: 1-65535 Address information: Start address...
Page 168 Interface: GigabitEthernet2/0/2 ACL: 2038 Address group: 2 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn_nat Config status: Active NAT outbound information: Totally 2 NAT outbound rules. Interface: GigabitEthernet2/0/1 ACL: 2036 Address group: 1 Port-preserved: Y NO-PAT: N Reversible: N Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: address group, and ACL.
Page 169 Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and ACL. Static NAT mappings: Totally 2 inbound static NAT mappings. Net-to-net: Global IP : 2.2.2.1 – 2.2.2.255 Local IP : 1.1.1.0 Netmask : 255.255.255.0 Global VPN : vpn2 Local VPN : vpn1...
Page 170 Interfaces enabled with static NAT: Totally 2 interfaces enabled with static NAT. Interface: GigabitEthernet2/0/2 Config status: Active Interface: GigabitEthernet2/0/3 Config status: Active NAT DNS mappings: Totally 2 NAT DNS mappings. Domain name : www.server.com Global IP : 6.6.6.6 Global port : 23 Protocol : TCP(6)
Page 171 : Disabled H323 : Enabled ICMP-ERROR : Enabled : Enabled MGCP : Enabled : Enabled PPTP : Enabled : Enabled RTSP : Enabled SCCP : Enabled : Disabled SQLNET : Enabled TFTP : Enabled XDMCP : Enabled NAT port block group information: Totally 3 NAT port block groups.
Page 172 NAT outbound port block group information: Totally 2 outbound port block group items. Interface: GigabitEthernet2/0/2 Port block group: 2 Config status : Active Interface: GigabitEthernet2/0/2 Port block group: 10 Config status : Inactive Reasons for inactive status: The following items don't exist or aren't effective: port block group. # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display all NAT configuration information.
Page 173 Start address End address NAT server group information: Totally 3 NAT server groups. Group Number Inside IP Port Weight 192.168.0.26 192.168.0.27 192.168.0.26 NAT inbound information: Totally 1 NAT inbound rules. Interface: GigabitEthernet2/0/1 ACL: 2038 Address group: 2 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn_nat...
Page 174 Interface: GigabitEthernet2/0/2 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23-30 Local IP/port : 192.168.10.15-192.168.10.22/23 Global VPN : vpn1 Local VPN : vpn3 Config status : Active Global flow-table status: Active Local flow-table status: Active Interface: GigabitEthernet2/0/3 Protocol: 255(Reserved) Global IP/port: 50.1.1.100/--- Local IP/port : 192.168.10.150/--- Global VPN : vpn2 Local VPN...
Page 175 Local flow-table status: Active Totally 2 outbound static NAT mappings. Net-to-net: Local IP : 1.1.1.1 - 1.1.1.255 Global IP : 2.2.2.0 Netmask : 255.255.255.0 Local VPN : vpn1 Global VPN : vpn2 : 2000 Reversible Config status: Active Global flow-table status: Active Local flow-table status: Active IP-to-IP: Local IP...
Page 176 Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: interface IP address. NAT logging: Log enable : Enabled(ACL 2000) Flow-begin : Disabled Flow-end : Disabled Flow-active : Enabled(10 minutes) Port-block-assign : Disabled Port-block-withdraw : Disabled Alarm : Disabled NAT hairpinning:...
Page 177 Local IP address information: Start address End address VPN instance 172.16.1.1 172.16.1.254 192.168.1.1 192.168.1.254 vpna 192.168.3.1 192.168.3.254 vpna Global IP pool information: Start address End address 201.1.1.1 201.1.1.10 201.1.1.21 201.1.1.25 Port block group 2: Port range: 10001-30000 Block size: 500 Local IP address information: Start address End address...
Page 178 NAT address group information: Totally 5 NAT address groups. Address group 1: Port range: 1-65535 Address information: Start address End address 202.110.10.10 202.110.10.15 Address group 2: Port range: 1-65535 Address information: Start address End address 202.110.10.20 202.110.10.25 202.110.10.30 202.110.10.35 Address group 3: Port range: 1024-65535 Address information: Start address...
Page 179 VPN instance: vpn_nat Config status: Active Global flow-table status: Active NAT outbound information: Totally 2 NAT outbound rules. Interface: GigabitEthernet1/2/0/2 ACL: 2036 Address group: 1 Port-preserved: Y NO-PAT: N Reversible: N Config status: Active Global flow-table status: Active Interface: GigabitEthernet1/2/0/2 ACL: 2037 Address group: 1 Port-preserved: N...
Page 180 Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and ACL. Global flow-table status: Active Local flow-table status: Active Interface: GigabitEthernet1/2/1/5 Protocol: 17(UDP) Global IP/port: 50.1.1.2/23 Local IP/port : server group 1 192.168.0.26/23 (Connections: 10) 192.168.0.27/23 (Connections: 20) Global VPN...
Page 181 Netmask : 255.255.255.0 Local VPN : vpn1 Global VPN: vpn2 : 2000 Reversible: Y Config status: Active Global flow-table status: Active Local flow-table status: Active IP-to-IP: Local IP : 4.4.4.4 Global IP : 5.5.5.5 Local VPN : vpn1 Global VPN: vpn2 ACL: : 2001 Reversible: Y...
Page 182 Flow-begin : Disabled Flow-end : Disabled Flow-active : Enabled(10 minutes) Port-block-assign : Disabled Port-block-withdraw : Disabled Alarm : Disabled NAT hairpinning: Totally 2 interfaces enabled with NAT hairpinning. Interface: GigabitEthernet1/2/0/1 Config status: Active Interface: GigabitEthernet1/2/0/2 Config status: Active NAT mapping behavior: Mapping mode : Endpoint-Independent : 2050 Config status: Active...
Page 183 Start address End address 201.1.1.1 201.1.1.10 201.1.1.21 201.1.1.25 Port block group 2: Port range: 10001-30000 Block size: 500 Local IP address information: Start address End address VPN instance 10.1.1.1 10.1.10.255 vpnb Global IP pool information: Start address End address 202.10.10.101 202.10.10.120 Port block group 3: Port range: 1-65535...
Page 184: Display Nat Address-Group
Field Description Information about the internal server group. See Table 42 for output NAT server group information description. Inbound dynamic NAT configuration. See Table 34 for output NAT inbound information: description. Outbound dynamic NAT configuration. See Table 37 for output NAT outbound information description.
Page 185 Syntax display nat address-group [ group-number ] Views Any view Predefined user roles network-admin network-operator Parameters group-number: Specifies the ID of a NAT address group. The value range for this argument is 0 to 65535. If you do not specify this argument, this command displays information about all NAT address groups. Examples # Display information about all NAT address groups.
Page 186: Display Nat Dns-Map
Start address End address # Display information about NAT address group 1. <Sysname> display nat address-group 1 Address group 1: Port range: 1-65535 Address information: Start address End address 202.110.10.10 202.110.10.15 Table 31 Command output Field Description Address group ID of the NAT address group. Port range Port range for public IP addresses.
Page 187: Display Nat Eim
Totally 2 NAT DNS mappings. Domain name : www.server.com Global IP : 6.6.6.6 Global port : 23 Protocol : TCP(6) Config status: Active Domain name : www.service.com Global IP : --- Global port : 12 Protocol : TCP(6) Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: interface IP address.
Page 188 display nat eim [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays EIM entry information for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID.
Page 189 Local IP/port: 192.168.100.100/1024 Global IP/port: 200.100.1.100/2048 Local VPN: vpn1 Global VPN: vpn2 Protocol: TCP(6) Local IP/port: 192.168.100.200/2048 Global IP/port: 200.100.1.200/4096 Protocol: UDP(17) Total entries found: 2 # (Centralized devices in IRF mode.) Display information about NAT EIM entries for IRF member device <Sysname>...
Page 190: Display Nat Inbound
Field Description MPLS L3VPN instance to which the private IP address belongs. If no VPN is Local VPN specified, this field is not displayed. MPLS L3VPN instance to which the public IP address belongs. If no VPN is Global VPN specified, this field is not displayed.
Page 191 NAT inbound information: Totally 2 NAT inbound rules. Interface: GigabitEthernet2/0/2 ACL: 2038 Address group: 2 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn1 Config status: Active Global flow-table status: Active Interface: GigabitEthernet2/0/3 ACL: 2037 Address group: 1 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn2...
Page 192: Display Nat Log
Field Description Whether NO-PAT or PAT is used: • NO-PAT Y—NO-PAT is used. • N—PAT is used. Reversible Whether reverse address translation is allowed. MPLS L3VPN instance to which the NAT address group belongs. If the group VPN instance does not belong to any VPN, the field is not displayed. Config status Status of the inbound dynamic NAT configuration: Active or Inactive.
Page 193: Display Nat No-Pat
Table 35 Command output Field Description NAT logging NAT logging configuration. Whether NAT logging is enabled. Log enable If an ACL is specified for NAT logging, this field also displays the ACL number. Flow-begin Whether logging is enabled for NAT session establishment events. Flow-end Whether logging is enabled for NAT session removal events.
Page 194 Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays NO-PAT entry information for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays NO-PAT entry information for all member devices.
Page 195 Global VPN: vpn2 Local VPN: vpn1 Reversible: N Type : Inbound Local IP: 192.168.100.200 Global IP: 200.100.1.200 Reversible: Y Type : Outbound Total entries found: 2 # (Centralized devices in IRF mode.) Display information about NO-PAT entries for IRF member device 1. <Sysname>...
Page 196: Display Nat Outbound
Table 36 Command output Field Description Local IP Private IP address. Global IP Public IP address. MPLS L3VPN instance to which the private IP address belongs. If the IP address does Local VPN not belong to any VPN, this field is not displayed. MPLS L3VPN instance to which the public IP address belongs.
Page 197 Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: global VPN, and ACL Interface: GigabitEthernet2/0/1 DS-Lite B4 ACL: 2100 Address group: 0 Port-preserved: N NO-PAT: N Reversible: N Config status: Active # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display information about outbound dynamic NAT.
Page 198: Display Nat Outbound Port-Block-Group
The following items don't exist or aren't effective: global VPN, and ACL. Global flow-table status: Active Interface: GigabitEthernet1/2/0/1 DS-Lite B4 ACL: 2100 Address group: 0 Port-preserved: N NO-PAT: N Reversible: N Config status: Active Table 37 Command output Field Description NAT outbound information Information about outbound dynamic NAT.
Page 199 Views Any view Predefined user roles network-admin network-operator Examples # Display information about port block group application for NAT444. <Sysname> display nat outbound port-block-group NAT outbound port block group information: Totally 2 outbound port block group items. Interface: GigabitEthernet2/0/2 Port block group: 2 Config status : Active Global flow-table status: Active...
Page 200: Display Nat Port-Block
display nat port-block Use display nat port-block to display NAT444 mappings. Syntax Centralized devices in standalone mode: display nat port-block { dynamic [ ds-lite-b4 ] | static } Distributed devices in standalone mode/centralized devices in IRF mode: display nat port-block { dynamic [ ds-lite-b4 ] | static } [ slot slot-number ] Distributed devices in IRF mode: display nat port-block { dynamic [ ds-lite-b4 ] | static } [ chassis chassis-number slot slot-number ] Views...
Page 201: Display Nat Port-Block-Group
# Display dynamic NAT444 mappings. <Sysname> display nat port-block dynamic Slot 0: Local VPN Local IP Global IP Port block Connections 101.1.1.12 192.168.135.201 10001-11024 Total entries found: 1 # Display DS-Lite NAT444 mappings. <Sysname> display nat port-block dynamic ds-lite-b4 Slot 0: Local VPN DS-Lite B4 addr Global IP...
Page 202 NAT port block group information: Totally 3 NAT port block groups. Port block group 1: Port range: 1-65535 Block size: 256 Local IP address information: Start address End address VPN instance 172.16.1.1 172.16.1.254 192.168.1.1 192.168.1.254 vpna 192.168.3.1 192.168.3.254 vpna Global IP pool information: Start address End address 201.1.1.1...
Page 203: Display Nat Server
Table 40 Command output Field Description Port block group ID of the NAT port block group. Port range Port range for the public IP addresses. Block size Number of ports in a port block. Local IP address information Information about private IP addresses. Global IP pool information Information about public IP addresses.
Page 204 Global IP/port: 50.1.1.1/23-30 Local IP/port : 192.168.10.15-192.168.10.22/23 Global VPN : vpn1 Local VPN : vpn3 Config status : Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN. Interface: GigabitEthernet2/0/3 Protocol: 255(Reserved) Global IP/port: 50.1.1.100/--- Local IP/port : 192.168.10.150/--- Global VPN : vpn2...
Page 205 Local VPN : vpn4 Config status : Active Global flow-table status: Active Local flow-table status: Active # (Distributed devices in IRF mode.) Display NAT Server configuration. <Sysname> display nat server NAT internal server information: Totally 3 internal servers. Interface: GigabitEthernet1/2/0/1 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23 Local IP/port : 192.168.10.15/23...
Page 206: Display Nat Server-Group
Field Description Public IP address and port number of the internal server. • Global IP—A single IP address or an address pool of consecutive addresses. If you use Easy IP, this field displays the address of the specified interface. If you do not specify an address for the interface, the Global IP/port Global IP field displays hyphens (---).
Page 207: Display Nat Session
Views Any view Predefined user roles network-admin network-operator Parameters group-number: Specifies the ID of the internal server group. The value range for this argument is 0 to 65535. If you do not specify this argument, this command displays configuration about all internal server groups.
Page 208 Syntax Centralized devices in standalone mode: display nat session [ { source-ip source-ip | destination-ip destination-ip } * [ vpn-instance vpn-name ] ] [ verbose ] Distributed devices in standalone mode/centralized devices in IRF mode: display nat session [ { source-ip source-ip | destination-ip destination-ip } * [ vpn-instance vpn -name ] ] [ slot slot-number ] [ verbose ] Distributed devices in IRF mode: display nat session [ { source-ip source-ip | destination-ip destination-ip } * [ vpn-instance vpn -name ] ]...
Page 209 Initiator: Source IP/port: 192.168.1.18/1877 Destination IP/port: 192.168.1.55/22 DS-Lite tunnel peer: - VPN instance/VLAN ID/VLL ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet2/0/1 Source security zone: SrcZone Responder: Source IP/port: 192.168.1.55/22 Destination IP/port: 192.168.1.10/1877 DS-Lite tunnel peer: - VPN instance/VLAN ID/VLL ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet2/0/2 Source security zone: DestZone...
Page 210 Total sessions found: 1 # (Centralized devices in IRF mode.) Display detailed information about NAT sessions for the IRF member device 1. <Sysname> display nat session slot 1 verbose Slot 1: Initiator: Source IP/port: 192.168.1.18/1877 Destination IP/port: 192.168.1.55/22 DS-Lite tunnel peer: - VPN instance/VLAN ID/VLL ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet2/0/1...
Page 211: Display Nat Static
Source security zone: DestZone State: TCP_SYN_SENT Application: SSH Start time: 2011-07-29 19:12:36 TTL: 28s Initiator->Responder: 1 packets 48 bytes Responder->Initiator: 0 packets 0 bytes Total sessions found: 1 Table 43 Command output Field Description Initiator Session information about an initiator. Responder Session information about a responder.
Page 212 Predefined user roles network-admin network-operator Examples # (Centralized devices in standalone mode.) Display static NAT mappings. <Sysname> display nat static Static NAT mappings: Totally 2 inbound static NAT mappings. Net-to-net: Global IP : 1.1.1.1 - 1.1.1.255 Local IP : 2.2.2.0 Netmask : 255.255.255.0 Global VPN...
Page 213 Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and global VPN. Interfaces enabled with static NAT: Totally 2 interfaces enabled with static NAT. Interface: GigabitEthernet2/0/2 Config status: Active Interface: GigabitEthernet2/0/3 Config status: Active # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display static NAT mappings.
Page 214 Global VPN : vpn2 : 2000 Reversible Config status: Active Global flow-table status: Active Local flow-table status: Active IP-to-IP: Local IP : 4.4.4.4 Global IP : 5.5.5.5 Local VPN : vpn4 Global VPN : vpn3 ACL: : 2000 Reversible Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and global VPN.
Page 215 Local VPN : vpn4 : 2001 Reversible Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN, global VPN, and ACL. Global flow-table status: Active Local flow-table status: Active Totally 2 outbound static NAT mappings. Net-to-net: Local IP : 1.1.1.1 - 1.1.1.255...
Page 216: Display Nat Statistics
Field Description IP-to-IP One-to-one static NAT mapping. Local IP Private IP address or address pool. Global IP Public IP address or address pool. Netmask Network mask. MPLS L3VPN instance to which the private IP address belongs. Local VPN If no VPN instance is specified, this field is not displayed. MPLS L3VPN instance to which the public IP address belongs.
Page 217 Views Any view Predefined user roles network-admin network-operator Parameters summary: Displays NAT statistics summary. If you do not specify this keyword, this command displays detailed NAT statistics. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays NAT statistics for all cards.
Page 218 Total EIM entries: 1 Total inbound NO-PAT entries: 0 Total outbound NO-PAT entries: 0 Total static port block entries: 10 Total dynamic port block entries: 15 Active static port block entries: 0 Active dynamic port block entries: 0 Slot 1 in chassis 1: Total session entries: 100 Total EIM entries: 1 Total inbound NO-PAT entries: 0...
Page 219: Global-Ip-Pool
ASPB: Active static port block entries. ADPB: Active dynamic port block entries. Slot Sessions ASPB ADPB 1572720 # (Distributed devices in IRF mode.) Display summary information about all NAT statistics. <Sysname> display nat statistics summary EIM: Total EIM entries. SPB: Total static port block entries. DPB: Total dynamic port block entries.
Page 220: Inside Ip
Predefined user roles network-admin Parameters start-address end-address: Specifies the start IP address and end IP address of a public IP address range. The end IP address cannot be smaller than the start IP address. If the start and end IP addresses are the same, only one public IP address is specified.
Page 221: Local-Ip-Address
weight weight-value: Specifies the weight of the internal server. The value range is 1 to 1000, and the default value is 100. An internal server with a larger weight receives a larger percentage of connections in the internal server group. Examples # Add a member with IP address 10.1.1.2 and port number 30 to internal server group 1.
Page 222: Nat Address-Group
[Sysname] nat port-block-group 1 [Sysname-port-block-group-1] local-ip-address 172.16.1.1 172.16.1.255 vpn-instance vpn1 Related commands nat port-block-group nat address-group Use nat address-group to create a NAT address group and enter its view. Use undo nat address-group to remove a NAT address group. Syntax nat address-group group-number undo nat address-group group-number Default...
Page 223 Syntax nat alg { all | dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp } undo nat alg { all | dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet |tftp | xdmcp } Default NAT with ALG for all protocols is enabled.
Page 224: Nat Dns-Map
Related commands display nat all nat dns-map Use nat dns-map to configure a DNS mapping for NAT. The mapping maps the domain name of an internal server to the public IP address, public port number, and protocol type of the internal server. Use undo nat dns-map to remove a DNS mapping for NAT.
Page 225: Nat Hairpin Enable
Examples # Configure a NAT with DNS mapping between the domain name www.server.com, the public IP address 202.1 12.0.1, and the public port number 12345. Specify the protocol type as TCP. <Sysname> system-view [Sysname] nat dns-map domain www.server.com protocol tcp ip 202.112.0.1 port 12345 Related commands display nat all •...
Page 226 The output interface is the NAT interface and the next-hop is the source address before translation. If you do not specify this keyword, you must manually add the route. Because automatic route adding is slow, HP recommends that you add routes manually. Usage guidelines Inbound dynamic NAT translates the source IP addresses of incoming packets permitted by the ACL into IP addresses in the address group.
Page 227: Nat Log Enable
Outbound dynamic NAT (the nat outbound command). • • The NAT Server feature (the nat server command). Outbound static NAT (the nat static command). • An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be used by the nat inbound command in both PAT and NO-PAT modes.
Page 228: Nat Log Flow-Active
undo nat log enable Default NAT logging is disabled. Views System view Predefined user roles network-admin Parameters acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999. Usage guidelines You must enable NAT logging before you enable NAT session logging. The acl acl-number option takes effect only for NAT session logging.
Page 229: Nat Log Flow-Begin
Parameters time-value: Specifies the interval for logging active NAT flows, in the range of 10 to 120 minutes. Usage guidelines This function helps track active NAT flows. Logging for active flows takes effect only after you enable NAT logging. Examples # Enable logging for active NAT flows and set the logging interval to 10 minutes.
Page 230: Nat Log Flow-End
nat log flow-end Use nat log flow-end to enable logging for NAT session removal events. Use undo nat log flow-end to disable logging for NAT session removal events. Syntax nat log flow-end undo nat log flow-end Default Logging for NAT session removal events is disabled. Views System view Predefined user roles...
Page 231: Nat Outbound
Parameters acl: Specifies an ACL. Applies the NAT mapping behavior to packets that are permitted by the ACL. If you do not specify an ACL, the Endpoint-Independent Mapping applies to all packets. acl-number: Specifies an ACL by its number in the range of 2000 to 3999. name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters.
Page 232 PAT: nat outbound [ acl-number | name acl-name ] [ address-group group-number ] [ vpn-instance vpn-instance-name ] [ port-preserved ] undo nat outbound [ acl-number | name acl-name ] Default No outbound dynamic NAT rule is configured. Views Interface view Predefined user roles network-admin Parameters...
Page 233 An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be used by the nat outbound command in both PAT and NO-PAT modes. An ACL can be used by only one outbound dynamic NAT rule an interface. You can configure multiple outbound dynamic NAT rules on an interface.
Page 234: Nat Outbound Ds-Lite-B4
Related commands display nat eim • display nat outbound • • nat mapping-behavior nat outbound ds-lite-b4 Use nat outbound ds-lite-b4 to configure DS-Lite NAT444. Use undo nat outbound ds-lite-b4 to remove the DS-Lite NAT444 configuration. Syntax nat outbound ds-lite-b4 { ipv6-acl-number | name ipv6-acl-name } address-group group-number undo nat outbound ds-lite-b4 { ipv6-acl-number | name ipv6-acl-name } Default No DS-Lite NAT444 configuration exists.
Page 235: Nat Outbound Port-Block-Group
# Set the port block size to 256. [Sysname-nat-address-group-1] port-block block-size 256 [Sysname-nat-address-group-1] quit # Configure DS-Lite NAT444 on GigabitEthernet 2/0/1 to use address group 1 to translate packets permitted by ACL 2100. [Sysname] interface ethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] nat outbound ds-lite-b4 2100 address-group 1 Related commands display nat outbound nat outbound port-block-group...
Page 236: Nat Port-Block-Group
nat port-block-group • nat port-block-group Use nat port-block-group to create a port block group and enter its view. Use undo nat port-block-group to delete a port block group. Syntax nat port-block-group group-number undo nat port-block-group group-number Default No port block group exists. Views System view Predefined user roles...
Page 237: Nat Server
port-range • nat server Use nat server to create a mapping from the private IP address and port of an internal server to a public address and port for an internal server. Use undo nat server to remove a mapping. Syntax Common NAT Server: A single public address with no or a single public port:...
Page 238 nat server global { global-acl-number | name global-acl-name } inside local-address [ local-port ] [ vpn-instance local-name ] undo nat server global { global-acl-number | name global-acl-name } inside local-address [ local-port ] [ vpn-instance local-name ] Default The NAT Server feature is not configured. Views Interface view Predefined user roles...
Page 239 global-port: Specifies the public port number. The default value and value range are the same as those for the local-port argument. local-address: Specifies the private IP address. vpn-instance global-name: Specifies the MPLS L3VPN instance to which the advertised public IP addresses belong.
Page 240 External network Internal network N consecutive public addresses and a public port number A private address Public addresses matching an ACL A private address and a private port You can configure a maximum of 256 nat server commands on an interface. The number of internal servers that each command can define equals the difference between global-port2 and global-port1.
Page 241: Nat Server-Group
<Sysname> system-view [Sysname] acl advanced 3000 [Sysname-acl-ipv4-adv-3000] rule 5 permit ip destination 192.168.0.0 0.0.0.255 [Sysname-acl-ipv4-adv-3000] quit [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] nat server global 3000 inside 10.0.0.172 Related commands • display nat all display nat server • nat server-group • nat server-group Use nat server-group to create an internal server group.
Page 242: Nat Static Enable
nat static enable Use nat static enable to enable static NAT on an interface. Use undo nat static enable to disable static NAT on an interface. Syntax nat static enable undo nat static enable Default Static NAT is disabled. Views Interface view Predefined user roles network-admin...
Page 243 Views System view Predefined user roles network-admin Parameters global-ip: Specifies a public IP address. vpn-instance global-name: Specifies the MPLS L3VPN instance to which the public IP address belongs. The global-name argument is a case-sensitive string of 1 to 31 characters. If the public IP address does not belong to any VPN instance, do not specify this option.
Page 244: Nat Static Inbound Net-To-Net
Examples # Configure an inbound static NAT mapping between public IP address 2.2.2.2 and private IP address 192.168.1.1. <Sysname> system-view [Sysname] nat static inbound 2.2.2.2 192.168.1.1 Related commands display nat all • • display nat static nat static enable • nat static inbound net-to-net Use nat static inbound net-to-net to configure a net-to-net mapping for inbound static NAT.
Page 245 name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters. reversible: Allows reverse address translation. Reverse address translation applies to connections actively initiated by internal hosts to the external hosts. It uses the mapping to translate destination addresses for packets of these connections if the packets are permitted by ACL reverse matching.
Page 246: Nat Static Outbound
nat static outbound Use nat static outbound to configure a one-to-one mapping for outbound static NAT. Use undo nat static outbound to remove a one-to-one mapping for outbound static NAT. Syntax nat static outbound local-ip [ vpn-instance local-name ] global-ip [ vpn-instance global-name ] [ acl { acl-number | name acl-name } [ reversible ] ] undo nat static outbound local-ip [ vpn-instance local-name ] Default...
Page 247: Nat Static Outbound Net-To-Net
ACL reverse matching works as follows: • Compares the source IP address/port of a packet with the destination IP addresses/ports in the ACL. Translates the destination IP address of the packet according to the mapping, and then compares • the translated destination IP address/port with the source IP address/port in the ACL. Static NAT takes precedence over dynamic NAT when both are configured on an interface.
Page 248 Parameters local-start-address local-end-address: Specifies a private address range which can contain a maximum of 255 addresses. The local-end-address must not be lower than local-start-address. If they are the same, only one private address is specified. global-network: Specifies a public network address. mask-length: Specifies the mask length of the public network address, in the range of 8 to 31.
Page 249: Port-Block
Examples # Configure an outbound static NAT mapping between private network address 192.168.1.0/24 and public network address 2.2.2.0/24. <Sysname> system-view [Sysname] nat static outbound net-to-net 192.168.1.1 192.168.1.255 global 2.2.2.0 24 # Configure outbound static NAT. Allow internal users on subnet 192.168.1.0/24 to access the external subnet 3.3.3.0/24 by using public IP addresses on subnet 2.2.2.0/24.
Page 250: Port-Range
Examples # Set the port block size to 256 and the number of extended port blocks to 1 for NAT address group 2. <Sysname> system-view [Sysname] nat address-group 2 [Sysname-address-group-2] port-block block-size 256 extended-block-number 1 Related commands nat address-group port-range Use port-range to specify a port range for public IP addresses.
Page 251: Reset Nat Session
reset nat session Use reset nat session to clear NAT sessions. Syntax Centralized devices in standalone mode: reset nat session Distributed devices in standalone mode/centralized devices in IRF mode: reset nat session [ slot slot-number ] Distributed devices in IRF mode: reset nat session [ chassis chassis-number slot slot-number ] Views User view...
Page 252: Basic Ip Forwarding Commands
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ topology topo-name | vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters topology topo-name: Specifies a topology by its name, a case-sensitive string of 1 to 31 characters.
Page 253 Destination/Mask Nexthop Flag OutInterface/Token Label 0.0.0.0/32 127.0.0.1 InLoop0 Null 127.0.0.0/8 127.0.0.1 InLoop0 Null 127.0.0.0/32 127.0.0.1 InLoop0 Null 127.0.0.1/32 127.0.0.1 InLoop0 Null 127.255.255.255/32 127.0.0.1 InLoop0 Null 224.0.0.0/4 0.0.0.0 NULL0 Null 224.0.0.0/24 0.0.0.0 NULL0 Null 255.255.255.255/32 127.0.0.1 InLoop0 Null # Display all FIB entries of the public network. <Sysname>...
Page 254 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay F:FRR Destination/Mask Nexthop Flag OutInterface/Token Label 10.2.1.1/32 127.0.0.1 InLoop0 Null Table 48 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of FIB entries. Destination/Mask Destination address and the mask length.
Page 255: Load Sharing Commands
Load sharing commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. bandwidth-based-sharing Use bandwidth-based-sharing to enable IPv4 load sharing based on bandwidth. Use undo bandwidth-based-sharing to disable IPv4 load sharing based on bandwidth.
Page 256 Syntax Centralized devices in standalone mode: ip load-sharing mode per-flow [ dest-ip | dest-port | ip-pro | src-ip | src-port ] * ] undo ip load-sharing mode Distributed devices in standalone mode/centralized devices in IRF mode: ip load-sharing mode per-flow [ dest-ip | dest-port | ip-pro | src-ip | src-port ] * ] [ slot slot-number ] undo ip load-sharing mode [ slot slot-number ] Distributed devices in IRF mode: ip load-sharing mode { per-flow [ algorithm algorithm-number | [ dest-ip | dest-port | ip-pro | src-ip |...
Page 257: Fast Forwarding Commands
Fast forwarding commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ip fast-forwarding aging-time Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries. Syntax display ip fast-forwarding aging-time Views...
Page 258 Views Any view Predefined user roles network-admin network-operator Parameters ip-address: Specifies an IP address. If you do not specify an IP address, this command displays all fast forwarding entries. slot slot-number: Specifies a card by the slot number. If you do not specify a card, this command displays fast forwarding entries for all cards.
Page 259: Display Ip Fast-Forwarding Fragcache
Field Description DPort Destination port number. Protocol number. Input interface type and number. Input_If If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-). Output interface type and number. Output_If If no interface is involved in fast forwarding, this field displays N/A.
Page 260: Ip Fast-Forwarding Aging-Time
of the card. If you do not specify a card, this command displays fast forwarding entries for fragmented packets on all cards. (Distributed devices in IRF mode.) Usage guidelines This command displays fast forwarding entries for fragmented packets. Each entry includes the source IP address, source port number, destination IP address, destination port number, protocol number, input interface, and fragment ID.
Page 261: Ip Fast-Forwarding Load-Sharing
Views System view Predefined user roles network-admin Parameters aging-time: Specifies the aging time in the range of 10 to 300 seconds. Examples # Set the aging time to 20 seconds for fast forwarding entries. <Sysname> system-view [Sysname] ip fast-forwarding aging-time 20 Related commands display ip fast-forwarding aging-time ip fast-forwarding load-sharing...
Page 262 Syntax Centralized devices in standalone mode: reset ip fast-forwarding cache Distributed devices in standalone mode/centralized devices in IRF mode: reset ip fast-forwarding cache [ slot slot-number ] Distributed devices in IRF mode: reset ip fast-forwarding cache [ chassis chassis-number slot slot-number ] Views User view Predefined use roles...
Page 263: Flow Classification Commands
Flow classification commands forwarding policy Use forwarding policy to specify a flow classification policy. Use undo forwarding policy to restore the default. Syntax forwarding policy { per-flow | per-packet } undo forwarding policy Default The flow-based policy is used. Views System view Predefined user roles network-admin...
Page 264: Ipv4 Adjacency Table Commands
IPv4 adjacency table commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display adjacent-table Use display adjacent-table to display IPv4 adjacency entries. Syntax Distributed devices in standalone mode/centralized devices in standalone or IRF mode: display adjacent-table { all | physical-interface interface-type interface-number | routing-interface...
Page 265 Examples # Display detailed information about all IPv4 adjacency entries. <Sysname> display adjacent-table all verbose IP address : 0.0.0.0 Routing interface : Pos2/2/0 Physical interface : Pos2/2/0 Logical interface : N/A Service type : PPP Action type : Forwarding Link media type : P2P Slot VPN index...
Page 266 Field Description VPN index Index of the VPN. Information about the virtual circuit, such as PVC or DLCI. If the entry has no Virtual circuit information virtual circuit, this field displays N/A. Link head information(IP) Link layer header for IPv4. Link head information(MPLS) Link layer header for MPLS.
Page 267: Ipv6 Adjacency Table Commands
IPv6 adjacency table commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ipv6 adjacent-table Use display ipv6 adjacent-table to display IPv6 adjacency entries. Syntax Distributed devices in standalone mode/centralized devices in standalone or IRF mode: display ipv6 adjacent-table { all | physical-interface interface-type interface-number | routing-interface...
Page 268 Examples # Display detailed information about all IPv6 adjacency entries. <Sysname> display ipv6 adjacent-table all verbose IPv6 address : N/A Routing interface : Pos2/2/0 Physical interface : Pos2/2/0 Logical interface : N/A Service type : PPP Action type : Forwarding Link media type : P2P Slot...
Page 269 Field Description Information about the virtual circuit, such as PVC or DLCI. If the entry has no Virtual circuit information virtual circuit, this field displays N/A. Link head information(IPv6) Link layer header for IPv6.
Page 270: Irdp Commands
IRDP commands ip irdp Use ip irdp to enable IRDP on an interface. Use undo ip irdp to disable IRDP on an interface. Syntax ip irdp undo ip irdp Default IRDP is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines This command validates the IRDP settings on the interface.
Page 271: Ip Irdp Lifetime
Predefined user roles network-admin Parameters ip-address: Specifies an IP address in dotted decimal notation. preference-value: Specifies the preference for the IP address, in the range of –2147483648 to 2147483647. Usage guidelines You can specify a maximum of four IP addresses for an interface to proxy-advertise. An RA sent on the interface includes the interface IP addresses and the proxy-advertised IP addresses.
Page 272: Ip Irdp Interval
IP addresses for the interface to proxy-advertise. • Examples # Set the lifetime of IP addresses advertised on GigabitEthernet 2/0/1 to 2000 seconds. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ip irdp lifetime 2000 Related commands ip irdp • ip irdp interval •...
Page 273: Ip Irdp Multicast
ip irdp multicast Use ip irdp multicast to specify the multicast address 224.0.0.1 as the destination IP address for RAs sent on an interface. Use undo ip irdp multicast to restore the default. Syntax ip irdp multicast undo ip irdp multicast Default The destination IP address is 255.255.255.255.
Page 274 Parameters preference-value: Specifies the preference in the range of –2147483648 to 2147483647. A larger value represents a higher preference. To request that neighboring hosts do not use any advertised IP address as the default gateway, set the value to the minimum value. Examples # Specify preference 1 for IP addresses advertised on GigabitEthernet 2/0/1.
Page 275: Ip Performance Optimization Commands
IP performance optimization commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax Centralized devices in standalone mode: display icmp statistics...
Page 276: Display Ip Statistics
<Sysname> display icmp statistics Input: bad formats bad checksum echo destination unreachable 0 source quench 0 redirects echo replies parameter problem timestamp information requests mask requests 0 mask replies time exceeded 0 invalid type router advert 0 router solicit broadcast/multicast echo requests ignored broadcast/multicast timestamp requests ignored Output: echo destination unreachable 0...
Page 277 slot number of the card. If you do not specify a card, this command displays IP packet statistics for all cards. (Distributed devices in IRF mode.) Usage guidelines IP statistics include information about received and sent packets and reassembly. Examples # Display IP packet statistics.
Page 278: Display Rawip
reset ip statistics • display rawip Use display rawip to display brief information about RawIP connections. Syntax Centralized devices in standalone mode: display rawip Distributed devices in standalone mode/centralized devices in IRF mode: display rawip [ slot slot-number ] Distributed device in IRF mode: display rawip [ chassis chassis-number slot slot-number ] Views Any view...
Page 279: Display Rawip Verbose
0.0.0.0 0.0.0.0 0x0000000000000008 0.0.0.0 0.0.0.0 0x0000000000000002 # (Distributed devices in IRF mode.) Display brief information about RawIP connections. <Sysname> display rawip Local Addr Foreign Addr Protocol Chassis Slot 0.0.0.0 0.0.0.0 0x0000000000000009 0.0.0.0 0.0.0.0 0x0000000000000008 0.0.0.0 0.0.0.0 0x0000000000000002 Table 54 Command output Field Description Local Addr...
Page 280 slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about RawIP connections for all member devices. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Page 281 Inpcb extflag: N/A Inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) Send VRF: 0xffff Receive VRF: 0xffff # (Distributed devices in IRF mode.) Display detailed information about RawIP connections. <Sysname> display rawip verbose Total RawIP socket number: 1 Location:chassis 1 slot 0 Creator: ping[320] State: N/A Options: N/A...
Page 282 Field Description Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Receiving buffer • state—Buffer state: (cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag. N/A—None of the above states.
Page 283: Display Tcp
Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Page 284 Syntax Centralized devices in standalone mode: display tcp Distributed devices in standalone mode/centralized devices in IRF mode: display tcp [ slot slot-number ] Distributed devices in IRF mode: display tcp [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
Page 285: Display Tcp-Proxy
<Sysname> display tcp *: TCP MD5 Connection Local Addr:port Foreign Addr:port State Chassis Slot *0.0.0.0:21 0.0.0.0:0 LISTEN 0x00000000 0000c387 192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 0x00000000 00000009 192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 0x00000000 00000002 Table 56 Command output Field Description Indicates that the TCP connection uses MD5 authentication. Local Addr:port Local IP address and port number.
Page 286: Display Tcp Statistics
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about TCP proxy for all member devices. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Page 287 Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays TCP traffic statistics for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays TCP traffic statistics for all member devices.
Page 288: Display Tcp Verbose
reply failures: 0 successfully build new socket: 12 bucket overflows: 0 zone failures: 0 syncache entries removed due to RST: 0 syncache entries removed due to timed out: 0 ACK checked by syncache or syncookie failures: 0 syncache entries aborted: 0 syncache entries removed due to bad ACK: 0 syncache entries removed due to ICMP unreachable: 0 SYN cookies sent: 0...
Page 289 display tcp verbose [ pcb pcb-index ] Distributed devices in standalone mode/centralized devices in IRF mode: display tcp verbose [ slot slot-number [ pcb pcb-index ] ] Distributed devices in IRF mode: display tcp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles...
Page 290 TTL: 255(minimum TTL: 0) Connection state: ESTABLISHED TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR NSR state: READY(M) Send VRF: 0x0 Receive VRF: 0x0 # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display detailed information about TCP connections. <Sysname> display tcp verbose TCP inpcb number: 1(tcpcb number: 1) Location: slot 1 NSR standby: N/A...
Page 291 Inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) Connection state: ESTABLISHED TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR NSR state: READY(M) Send VRF: 0x0 Receive VRF: 0x0 Table 58 Command output Field Description TCP inpcb number Number of TCP IP PCBs. tcpcb number Number of TCP PCBs.
Page 292 Field Description Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. • 2—SOCK_DGRAM. This socket uses UDP to provide datagram Type transmission. • 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. •...
Page 293: Display Udp
Field Description IP version flags in the Internet PCB: • INP_IPV4—IPv4 protocol. • INP_TIMEWAIT—In TIMEWAIT state. • INP_ONESBCAST—Sends broadcast packets. Inpcb vflag • INP_DROPPED—Protocol dropped flag. • INP_SOCKREF—Strong socket reference. • INP_DONTBLOCK—Do not block synchronization of the Internet PCB. • N/A—None of the above flags.
Page 294: Display Udp Statistics
slot number of the card. If you do not specify a card, this command displays brief information about UDP connections for all cards. (Distributed devices in IRF mode.) Usage guidelines Brief UDP connection information includes local IP address and port number, and peer IP address and port number.
Page 295: Display Udp Verbose
Distributed devices in IRF mode: display udp statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays UDP traffic statistics for all cards.
Page 296 display udp verbose [ slot slot-number [ pcb pcb-index ] ] Distributed devices in IRF mode: display udp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The value range for the pcb-index argument is 1 to 16.
Page 297 Receive VRF: 0xffff # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display detailed UDP connection information. <Sysname> display udp verbose Total UDP socket number: 1 Location: slot 1 Creator: sock_test_mips[250] State: N/A Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A Type: 2 Protocol: 17...
Page 298 Field Description Slot number of the card. (Distributed devices–In standalone mode–In IRF Slot mode.) Slot ID of the IRF member device. (Centralized devices in IRF mode.) Name of the operation that created the socket. The number in brackets is Creator the process number of the creator.
Page 299: Ip Forward-Broadcast
Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Page 300: Ip Icmp Error-Interval
Syntax ip forward-broadcast undo ip forward-broadcast Default An interface cannot forward directed broadcasts destined for the directly connected network. Views Interface view Predefined user roles network-admin Usage guidelines A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
Page 301: Ip Icmp Source
Views System view Predefined user roles network-admin Parameters milliseconds: Sets the interval for tokens to arrive in the bucket. The value range is 0 to 2147483647 milliseconds, and the default is 100 milliseconds. To disable the ICMP rate limit, set the value to 0. bucketsize: Specifies the maximum number of tokens allowed in the bucket.
Page 302: Ip Mtu
ip-address: Specifies an IP address. Usage guidelines It is a good practice to specify the IP address of the loopback interface as the source IP address for outgoing ping echo request and ICMP error messages. This feature helps users to locate the sending device easily.
Page 303: Ip Reassemble Local Enable
ip reassemble local enable Use ip reassemble local enable to enable IPv4 local fragment reassembly. Use undo ip reassemble local enable to restore the default. Syntax ip reassemble local enable undo ip reassemble local enable Default IPv4 local fragment reassembly is disabled. Views System view Predefined user roles...
Page 304: Ip Ttl-Expires Enable
A host that has only one route destined for the default gateway sends all packets to the default gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next hop by following these rules: •...
Page 305: Ip Unreachables Enable
ip unreachables enable Use ip unreachables enable to enable sending ICMP destination unreachable messages. Use undo ip unreachables enable to disable sending ICMP destination unreachable messages. Syntax ip unreachables enable undo ip unreachables enable Default Sending ICMP destination unreachable messages is disabled. Views System view Predefined user roles...
Page 306: Reset Ip Statistics
reset ip statistics Use reset ip statistics to clear IP traffic statistics. Syntax Centralized devices in standalone mode: reset ip statistics Distributed devices in standalone mode/centralized devices in IRF mode: reset ip statistics [ slot slot-number ] Distributed devices in IRF mode: reset ip statistics [ chassis chassis-number slot slot-number ] Views User view...
Page 307: Reset Udp Statistics
Predefined user roles network-admin Examples # Clear TCP traffic statistics. <Sysname> reset tcp statistics Related commands display tcp statistics reset udp statistics Use reset udp statistics to clear UDP traffic statistics. Syntax reset udp statistics Views User view Predefined user roles network-admin Examples # Clear UDP traffic statistics.
Page 308: Tcp Path-Mtu-Discovery
Usage guidelines This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist. This configuration is effective only on IP packets. If MPLS is enabled on the interface, do not configure the TCP MSS on the interface.
Page 309: Tcp Syn-Cookie Enable
Examples # Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes. <Sysname> system-view [Sysname] tcp path-mtu-discovery aging 20 tcp syn-cookie enable Use tcp syn-cookie enable to enable SYN Cookie to protect the device from SYN flood attacks. Use undo tcp syn-cookie enable to disable SYN Cookie.
Page 310: Tcp Timer Syn-Timeout
Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP FIN wait timer is 675 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds. Usage guidelines TCP starts the FIN wait timer when the state changes to FIN_WAIT_2.
Page 311: Tcp Window
Examples # Set the TCP SYN wait timer to 80 seconds. <Sysname> system-view [Sysname] tcp timer syn-timeout 80 tcp window Use tcp window to configure the size of the TCP receive/send buffer. Use undo tcp window to restore the default. Syntax tcp window window-size undo tcp window...
Page 312: Udp Helper Commands
UDP helper commands display udp-helper interface Use display udp-helper interface to display information about broadcast to unicast conversion by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines This command displays information about destination servers and total number of unicast packets converted from UDP broadcast packets by UDP helper.
Page 313: Reset Udp-Helper Statistics
reset udp-helper statistics Use reset udp-helper statistics to clear packet statistics for UDP helper. Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the packet statistics for UDP helper. <Sysname> reset udp-helper statistics Related commands display udp-helper interface udp-helper broadcast-map Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast to...
Page 314: Udp-Helper Enable
You can configure a maximum of 20 unicast and multicast addresses for UDP helper to convert broadcast packets. Examples # Configure UDP helper to convert received broadcast packets on GigabitEthernet 2/0/1 to multicast packets destined for 225.0.0.1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] udp-helper broadcast-map 225.0.0.1 udp-helper enable Use udp-helper enable to enable UDP helper.
Page 315: Udp-Helper Multicast-Map
udp-helper multicast-map Use udp-helper multicast-map to map a multicast address to a directed broadcast or a unicast address for UDP helper. Use undo udp-helper multicast-map to restore the default. Syntax udp-helper multicast-map multicast-address ip-address [ global | vpn-instance vpn-instance-name ] [ acl acl-number ] undo udp-helper...
Page 316: Udp-Helper Port
[Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] udp-helper multicast-map 225.0.0.1 192.168.1.255 # Configure UDP helper to convert the multicast packets destined for 225.0.0.1 to unicast packets destined for 192.168.1.3 in VPN instance a. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname- GigabitEthernet2/0/1] udp-helper multicast-map 225.0.0.1 192.168.1.3 vpn-instance a udp-helper port Use udp-helper port to specify a UDP port number for UDP helper.
Page 317: Udp-Helper Server
udp-helper server Use udp-helper server to specify a destination server for UDP helper to convert broadcast to unicast. Use undo udp-helper server to remove a destination server. Syntax udp-helper server ip-address [ global | vpn-instance vpn-instance-name ] undo udp-helper server [ ip-address [ global | vpn-instance vpn-instance-name ] ] Default No destination server is specified for UDP helper.
Page 318: Ipv6 Basics Commands
IPv6 basics commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address [ prefix-length ] ] Views...
Page 319: Display Ipv6 Icmp Statistics
R:Relay F:FRR Destination: ::1 Prefix length: 128 Nexthop : ::1 Flags: UH Time stamp : 0x1 Label: Null Interface : InLoop0 Token: Invalid Table 62 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of IPv6 FIB entries. Destination Destination address.
Page 320: Display Ipv6 Interface
Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ICMPv6 packet statistics for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ICMPv6 packet statistics for all member devices.
Page 321 network-operator Parameters interface-type: Specifies an interface by its type. interface-number: Specifies an interface by its number. brief: Displays brief information. Usage guidelines If you specify the brief keyword, this command displays brief IPv6 interface information, including physical status, link-layer protocols, and IPv6 address. If you do not specify the brief keyword, this command displays detailed IPv6 interface information, including IPv6 configuration and operating information, and IPv6 packet statistics.
Page 322 InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: Table 63 Command output Field Description Physical state of the interface: • Administratively DOWN—The interface has been administratively shut down by using the shutdown command. GigabitEthernet2/0/1 current •...
Page 323 Field Description Global unicast addresses of the interface. IPv6 address states: • TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. • DUPLICATE—The address is not unique on the link. • PREFERRED—The address is preferred and can be used as the source or destination address of a packet.
Page 324 Field Description InBadOptions Received IPv6 packets with incorrect extension headers. ReasmReqds Received IPv6 fragments. ReasmOKs Number of reassembled IPv6 packets. InFragDrops Received IPv6 fragments that are discarded because of certain errors. Received IPv6 fragments that are discarded because the amount of time InFragTimeouts they stay in the system buffer exceeds the specified interval.
Page 325: Display Ipv6 Interface Prefix
Field Description Spoofing attribute of the interface. The link protocol state of the interface is (s): spoofing up, but the link is temporarily established on demand or does not exist. Interface Name of the interface. Physical state of the interface: •...
Page 326: Display Ipv6 Nd Suppression Xconnect-Group
Prefix: 3001::/64 Origin: RA Age: Flag: Lifetime(Valid/Preferred): - Table 65 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: • STATIC—Manually configured by using the ipv6 nd ra prefix command. Origin • RA—Advertised in RA messages after stateless autoconfiguration is enabled. •...
Page 327: Display Ipv6 Neighbors
Parameters name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens. count: Specifies the total number of ND suppression entries. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ND suppression entries for all cards.
Page 328 Distributed devices in IRF mode: display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ chassis chassis-number slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters...
Page 329: Display Ipv6 Neighbors Count
Vpn-instance: vpn1 NickName : 0x0001 Table 67 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link Layer Link layer address (MAC address) of a neighbor. VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. State of a neighbor: •...
Page 330: Display Ipv6 Neighbors Vpn-Instance
display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count Distributed devices in IRF mode: display ipv6 neighbors { { all | dynamic | static } [ chassis chassis-number slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count Views Any view...
Page 331: Display Ipv6 Pathmtu
Predefined user roles network-admin network-operator Parameters vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN must already exist. count: Displays the total number of neighbor entries in the specified VPN. Examples # Display neighbor information about the VPN vpn1.
Page 332 Syntax display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | { all | dynamic | static } [ count ] } Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Page 333: Display Ipv6 Prefix
Related commands ipv6 pathmtu • reset ipv6 pathmtu • display ipv6 prefix Use display ipv6 prefix to display information about IPv6 prefixes, including dynamic and static prefixes. Syntax display ipv6 prefix [ prefix-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
Page 334: Display Ipv6 Rawip
Field Description Preferred lifetime 90 Preferred lifetime in seconds. For a static IPv6 prefix, this field is not displayed. valid lifetime 120 sec Valid lifetime in seconds. For a static IPv6 prefix, this field is not displayed. Related commands ipv6 dhcp client pd •...
Page 335: Display Ipv6 Rawip Verbose
2001:2002:2003:2 3001:3002:3003:3 0x0000000000000009 004:2005:2006:20 004:3005:3006:30 07:2008 07:3008 2002::100 2002::138 x0000000000000008 0x0000000000000002 Table 71 Command output Field Description Local Addr Local IPv6 address. Foreign Addr Peer IPv6 address. Protocol Protocol number. Chassis ID of the IRF member device. Slot Number of the slot that holds the card. PCB index.
Page 336 chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays detailed information about IPv6 RawIP connections for all cards.
Page 337 Send VRF: 0xffff Receive VRF: 0xffff # (Distributed devices in IRF mode.) Display detailed information about an IPv6 RawIP connection. <Sysname> display ipv6 rawip verbose Total RawIP socket number: 1 Chassis: 2 Slot: 6 Creator: ping ipv6[320] State: N/A Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A...
Page 338 Field Description Displays send buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Sending • state—Buffer state: buffer(cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag. N/A—None of the above states.
Page 339 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Page 340: Display Ipv6 Statistics
Field Description Hop limit in the Internet PCB. The minimum number of hops is displayed in the Hop limit(minimum hop limit) parentheses. Send VRF Sent instances. Receive VRF Received instances. display ipv6 statistics Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics. Syntax Centralized devices in standalone mode: display ipv6 statistics...
Page 341: Reset Ipv6 Statistics
Sent packets: Total: Sent locally: Forwarded: Raw packets: Discarded: Fragments: Fragments failed: Routing failed: Received packets: Total: Received locally: Hop limit exceeded: Fragments: Reassembled: Reassembly failures: Reassembly timeout: Format errors: Option errors: Protocol errors: ICMPv6 statistics: Sent packets: Total: Unreachable: Too big: Hop limit exceeded: Reassembly timeouts: 0...
Page 342: Display Ipv6 Tcp-Proxy
display ipv6 tcp-proxy Use display ipv6 tcp-proxy to display brief information about IPv6 TCP proxy. Syntax Centralized devices in standalone mode: display ipv6 tcp-proxy Distributed devices in standalone mode/centralized devices in IRF mode: display ipv6 tcp-proxy slot slot-number Distributed devices in IRF mode: display ipv6 tcp-proxy chassis chassis-number slot slot-number Views Any view...
Page 343: Display Ipv6 Tcp
Field Description State IPv6 TCP connection state. Type of services that the IPv6 TCP proxy is used for: • LB—Load balancing services. Service type • WAAS—Wide area application services. • SSL VPN—SSL VPN services. display ipv6 tcp Use display ipv6 tcp to display brief information about IPv6 TCP connections. Syntax Centralized devices in standalone mode: display ipv6 tcp...
Page 344: Display Ipv6 Tcp Verbose
*2001:2002:2003:2 3001:3002:3003:3 ESTABLISHED 1 0x000000000000c387 004:2005:2006:20 004:3005:3006:30 07:2008->1200 07:3008->1200 2001::1->23 2001::5->1284 ESTABLISHED 1 0x0000000000000008 2003::1->25 2001::2->1283 LISTEN 0x0000000000000009 Table 74 Command output Field Description Indicates that the TCP connection uses MD5 authentication. LAddr->port Local IPv6 address and port number. FAddr->port Peer IPv6 address and port number.
Page 345 chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays detailed information about IPv6 TCP connections for all cards.
Page 346 Inpcb extflag: N/A Inpcb vflag: INP_IPV6 Hop limit: 255 (minimum hop limit: 0) Connection state: ESTABLISHED TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR NSR state: READY(M) Send VRF: 0x0 Receive VRF: 0x0 # (Distributed devices in IRF mode.) Display detailed information about an IPv6 TCP connection. <Sysname>...
Page 347 Field Description Options Socket options. Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Receiving • state—Buffer state: buffer(cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag.
Page 348 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Page 349: Display Ipv6 Udp
Field Description TCP connection state: • CLOSED—The server receives a disconnection request's reply from the client. • LISTEN—The server is waiting for connection requests. • SYN_SENT—The client is waiting for the server to reply to the connection request. • SYN_RCVD—The server receives a connection request. •...
Page 350: Display Ipv6 Udp Verbose
Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about IPv6 UDP connections for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about IPv6 UDP connections for all member devices.
Page 351 Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 UDP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about IPv6 UDP connections for all cards.
Page 352 Total UDP socket number: 1 Slot: 6 Creator: sock_test_mips[250] State: N/A Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A Type: 2 Protocol: 17 Connection info: src = ::->69, dst = ::->0 Inpcb flags: N/A Inpcb extflag: N/A Inpcb vflag: INP_IPV6...
Page 353 Field Description Creator Task name of the socket. The progress number is in the square brackets. State Socket state. Options Socket options. Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space.
Page 354 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Page 355: Ipv6 Address
Field Description Receive VRF Received instances. ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove an IPv6 address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface.
Page 356: Ipv6 Address Auto
Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast Default No IPv6 anycast address is configured for an interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 anycast address. prefix-length: Specifies a prefix length in the range of 1 to 128.
Page 357: Ipv6 Address Auto Link-Local
Usage guidelines After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically. To remove the global unicast address and the link-local address that are automatically generated, use either of the following commands: undo ipv6 address auto •...
Page 358: Ipv6 Address Eui-64
If you first use automatic generation and then manual assignment, the manually assigned link-local • address overwrites the automatically generated address. If you first use manual assignment and then automatic generation, both of the following occur: • The automatically generated link-local address does not take effect. The link-local address of an interface is still the manually assigned address.
Page 359: Ipv6 Address Link-Local
<Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 address 2001::1/64 eui-64 Method 2: <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 address 2001::1 64 eui-64 Related commands display ipv6 interface ipv6 address link-local Use ipv6 address link-local to configure a link-local address for the interface. Use undo ipv6 address link-local to remove the link-local address of the interface.
Page 360: Ipv6 Bandwidth-Based-Sharing
[Sysname-GigabitEthernet2/0/1] ipv6 address fe80::1 link-local Related commands ipv6 address auto link-local ipv6 bandwidth-based-sharing Use ipv6 bandwidth-based-sharing to enable IPv6 load sharing based on bandwidth. Use undo ipv6 bandwidth-based-sharing to disable IPv6 loading sharing based on bandwidth. Syntax ipv6 bandwidth-based-sharing undo ipv6 bandwidth-based-sharing Default IPv6 load sharing based on bandwidth is disabled.
Page 361: Ipv6 Hoplimit-Expires Enable
Predefined user roles network-admin Parameters value: Specifies the number of hops, in the range of 1 to 255. Usage guidelines The hop limit determines the number of hops that an IPv6 packet generated by the device can travel. The device advertises the hop limit in RA messages. All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent.
Page 362: Ipv6 Icmpv6 Error-Interval
ipv6 icmpv6 error-interval Use ipv6 icmpv6 error-interval to set the bucket size and the interval for tokens to arrive in the bucket for ICMPv6 error messages. Use undo ipv6 icmpv6 error-interval to restore the default. Syntax ipv6 icmpv6 error-interval milliseconds [ bucketsize ] undo ipv6 icmpv6 error-interval Default The bucket allows a maximum of 10 tokens, and a token is placed in the bucket at an interval of 100...
Page 363: Ipv6 Icmpv6 Source
undo ipv6 icmpv6 multicast-echo-reply enable Default The device is disabled from replying to multicast echo requests. Views System view Predefined user roles network-admin Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host.
Page 364: Ipv6 Mtu
Examples # Specify IPv6 address 1::1 as the source address for outgoing ICMPv6 packets. <Sysname> system-view [Sysname] ipv6 icmpv6 source 1::1 ipv6 mtu Use ipv6 mtu to set the MTU of IPv6 packets sent over an interface. Use undo ipv6 mtu to restore the default MTU. Syntax ipv6 mtu mtu-size undo ipv6 mtu...
Page 365: Ipv6 Nd Autoconfig Other-Flag
Default The M flag is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6 addresses through stateless autoconfiguration. Views Interface view Predefined user roles network-admin Usage guidelines The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain IPv6 addresses.
Page 366: Ipv6 Nd Dad Attempts
If the O flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to • obtain configuration information other than IPv6 addresses. Examples # Set the O flag to 0 in RA advertisements to be sent. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] undo ipv6 nd autoconfig other-flag ipv6 nd dad attempts...
Page 367: Ipv6 Nd Ns Retrans-Timer
ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. Use undo ipv6 nd ns retrans-timer to restore the default. Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0.
Page 368: Ipv6 Nd Ra Halt
Views Interface view Predefined user roles network-admin Parameters value: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds. Usage guidelines If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device must send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable.
Page 369: Ipv6 Nd Ra Hop-Limit Unspecified
ipv6 nd ra hop-limit unspecified Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages. Use undo ipv6 nd ra hop-limit unspecified to restore the default. Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default The maximum number of hops in the RA messages is limited to 64.
Page 370: Ipv6 Nd Ra No-Advlinkmtu
Parameters max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Specifies the minimum interval for advertising RA messages, in the range of 3 seconds to three-fourths of the maximum interval. Usage guidelines The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval.
Page 371: Ipv6 Nd Ra Prefix
ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages. Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Default...
Page 372: Ipv6 Nd Ra Router-Lifetime
[Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra router-lifetime Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default. Syntax ipv6 nd ra router-lifetime value undo ipv6 nd ra router-lifetime...
Page 373: Ipv6 Nd Router-Preference
Default The ND direct route advertisement feature is disabled. Views L3VE interface view Predefined user roles network-admin Examples # Enable ND direct route advertisement for L3VE interface VE-L3VPN 1. <Sysname> system-view [Sysname] interface ve-l3vpn 1 [Sysname-VE-L3VPN1] ipv6 nd route-direct advertise ipv6 nd router-preference Use ipv6 nd router-preference to set a router preference in RA messages.
Page 374: Ipv6 Nd Suppression Enable
ipv6 nd suppression enable Use ipv6 nd suppression enable to enable IPv6 ND suppression. Use undo ipv6 nd suppression enable to disable IPv6 ND suppression. Syntax ipv6 nd suppression enable undo ipv6 nd suppression enable Default IPv6 ND suppression is disabled. Views Cross-connect view Predefined user roles...
Page 375: Ipv6 Neighbor
Parameters interval: Specifies the push interval for ND suppression entries, in the range of 1 to 1440 minutes. Usage guidelines The ND suppression push function pushes ND suppression entries at intervals by advertising NA messages. Examples # Enable the device to push ND suppression entries every 2 minutes. <Sysname>...
Page 376: Ipv6 Neighbor Link-Local Minimize
The device uniquely identifies a static neighbor entry by the neighbor's IPv6 address and the local Layer 3 interface number. You can configure a static neighbor entry by using either of the following methods: Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of •...
Page 377: Ipv6 Neighbor Stale-Aging
Usage guidelines Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries that contain link-local addresses. By default, the device assigns all ND entries to the driver. With this function enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route to the driver.
Page 378 Use undo ipv6 neighbors max-learning-num to restore the default. Syntax ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num Default The following matrix shows the default values for the number argument: Hardware Default MSR1002-4/1003-8S 2048 MSR2003 2048 MSR2004-24/2004-48 2048 MSR3012/3024/3044/3064 4096 MSR4060/4080 4096 Views...
Page 379: Ipv6 Pathmtu
ipv6 pathmtu Use ipv6 pathmtu to configure a static Path MTU for an IPv6 address. Use undo ipv6 pathmtu to remove the Path MTU configuration for an IPv6 address. Syntax ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address value undo ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address Default No static Path MTU is configured.
Page 380: Ipv6 Prefer Temporary-Address
Default The aging time for dynamic Path MTU is 10 minutes. Views System view Predefined user roles network-admin Parameters age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100. Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU.
Page 381: Ipv6 Prefix
Usage guidelines The temporary address function enables the system to generate and preferentially use the temporary IPv6 address of the sending interface as the source address of a packet. If the temporary IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address. Examples # Enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of the packet.
Page 382: Ipv6 Reassemble Local Enable
Related commands display ipv6 prefix ipv6 reassemble local enable Use ipv6 reassemble local enable to enable IPv6 local fragment reassembly. Use undo ipv6 reassemble local enable to restore the default. Syntax ipv6 reassemble local enable undo ipv6 reassemble local enable Default IPv6 local fragment reassembly is disabled.
Page 383: Ipv6 Temporary-Address
Sending ICMPv6 redirect messages enables hosts that hold few routes to establish routing tables and find the best route. Because this function adds host routes into the routing tables, host performance degrades when there are too many host routes. As a result, sending ICMPv6 redirect messages is disabled by default.
Page 384: Ipv6 Unreachables Enable
When the valid lifetime of a temporary IPv6 address expires, the system removes the address and generates a new one. This enables the system to send packets with different source addresses through the same interface. The preferred lifetime and valid lifetime for a temporary IPv6 address are determined as follows: •...
Page 385: Local-Proxy-Nd Enable
Examples # Enable sending ICMPv6 destination unreachable messages. <Sysname> system-view [Sysname] ipv6 unreachables enable local-proxy-nd enable Use local-proxy-nd enable to enable local ND proxy. Use undo local-proxy-nd enable to restore the default. Syntax local-proxy-nd enable undo local-proxy-nd enable Default Local ND proxy is disabled. Views VLAN interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Predefined user roles...
Page 386: Reset Ipv6 Nd Suppression Xconnect-Group
Examples # Enable common ND proxy on interface GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] proxy-nd enable Related commands local-proxy-nd enable reset ipv6 nd suppression xconnect-group Use reset ipv6 nd suppression xconnect-group to clear ND suppression entries. Syntax reset ipv6 nd suppression xconnect-group [ name group-name ] Views User view...
Page 387: Reset Ipv6 Pathmtu
Predefined user roles network-admin Parameters all: Clears static and dynamic neighbor information for all interfaces. dynamic: Clears dynamic neighbor information for all interfaces. interface interface-type interface-number: Clears dynamic neighbor information for the interface specified by its type and number. slot slot-number: Specifies a card by its slot number. If you do not specify a cad, this command clears dynamic neighbor information for all cards.
Page 388: Reset Ipv6 Statistics
Predefined user roles network-admin Parameters all: Clears all Path MTUs. dynamic: Clears all dynamic Path MTUs. static: Clears all static Path MTUs. Examples # Clear all Path MTUs. <Sysname> reset ipv6 pathmtu all Related commands display ipv6 pathmtu reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics.
Page 389 Related commands display ipv6 statistics...
Page 390: Dhcpv6 Commands
DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).
Page 391: Ipv6 Dhcp Log Enable
Parameters dscp-value: Sets the DSCP value for DHCPv6 packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.
Page 392: Dhcpv6 Server Commands
Syntax ipv6 dhcp select { relay | server } undo ipv6 dhcp select Default An interface discards DHCPv6 packets from DHCPv6 clients. Views Interface view Predefined user roles network-admin Parameters relay: Enables the DHCPv6 relay agent on the interface. server: Enables the DHCPv6 server on the interface. Usage guidelines Before changing the DHCPv6 server mode to the DHCPv6 relay agent mode on an interface, use the following commands to remove IPv6 address/prefix bindings:...
Page 393: Display Ipv6 Dhcp Option-Group
Syntax address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo address range Default No non-temporary IPv6 address range is configured. Views DHCPv6 address pool view Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime for the non-temporary IPv6 addresses.
Page 394 Syntax display ipv6 dhcp option-group [ option-group-number ] Views Any view Predefined user roles network-admin network-operator Parameters option-group-number: Specifies a static or dynamic DHCPv6 option group by its ID. The value range for the option group ID is 1 to 100. If you do not specify an option group, this command displays information about all DHCPv6 option groups.
Page 395 Interface: N/A 1::1 DNS server addresses: Type: Dynamic (DHCPv6 address allocation) Interface: GigabitEthernet2/0/1 1::1 Domain name: Type: Static Interface: N/A aaa.com Domain name: Type: Dynamic (DHCPv6 address allocation) Interface: GigabitEthernet2/0/1 aaa.com Options: Code: 23 Type: Dynamic (DHCPv6 prefix allocation) Interface: GigabitEthernet2/0/1 Length: 2 bytes Hex: ABCD Table 78 Command output...
Page 396: Display Ipv6 Dhcp Pool
display ipv6 dhcp pool Use display ipv6 dhcp pool to display information about a DHCPv6 address pool. Syntax display ipv6 dhcp pool [ pool-name | vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters pool-name: Displays information about the specified DHCPv6 address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Page 397: Display Ipv6 Dhcp Prefix-Pool
DUID: 0003000100e0fc00cff1 IAID: 00000001 Address: 3FFE:501:FFFF:2001::1/64 Preferred lifetime 604800, valid lifetime 2592000 DNS server addresses: 2::2 Domain name: aaa.com SIP server addresses: 5::1 SIP server domain names: bbb.com Table 79 Command output Field Description DHCPv6 pool Name of the DHCPv6 address pool. Network IPv6 subnet for dynamic IPv6 address allocation.
Page 398: Display Ipv6 Dhcp Server
Syntax display ipv6 dhcp prefix-pool [ prefix-pool-number ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters prefix-pool-number: Displays detailed information about a prefix pool specified by its number in the range of 1 to 128. If you do not specify a prefix pool, this command displays brief information about all prefix pools.
Page 399: Display Ipv6 Dhcp Server Conflict
Syntax display ipv6 dhcp server [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCPv6 server configuration information for the specified interface. If you do not specify an interface, this command displays DHCPv6 server configuration information for all interfaces.
Page 400: Display Ipv6 Dhcp Server Database
Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays conflict information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays information about all IPv6 address conflicts. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters.
Page 401: Display Ipv6 Dhcp Server Expired
network-operator Examples # Display information about DHCPv6 binding auto backup. <Sysname> display ipv6 dhcp server database File name database.dhcp Username Password Update interval 600 seconds Latest write time 8 16:02:23 2014 Status Last write succeeded. Table 83 Command output Field Description File name Name of the DHCPv6 binding backup file.
Page 402: Display Ipv6 Dhcp Server Ip-In-Use
pool pool-name: Displays lease expiration information for the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines If you do not specify any parameters, this command displays lease expiration information for all IPv6 address pools.
Page 403 Usage guidelines If you do not specify any parameters, this command displays binding information for all assigned IPv6 addresses. Examples # Display binding information for all assigned IPv6 address. <Sysname> display ipv6 dhcp server ip-in-use Pool: 1 IPv6 address Type Lease expiration 2:1::1 Auto(O)
Page 404: Display Ipv6 Dhcp Server Pd-In-Use
Field Description IPv6 address binding types: • Static(F)—Free static binding whose IPv6 address has not been assigned. • Static(O)—Offered static binding whose IPv6 address has been selected and sent by the DHCPv6 server in a DHCPv6 OFFER packet to the client. •...
Page 405 prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix. The value range for the prefix length is 1 to 128. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To display binding information for IPv6 prefixes on the public network, do not specify this option.
Page 406: Display Ipv6 Dhcp Server Statistics
Field Description Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned. • Static(O)—Offered static binding whose IPv6 prefix has been selected and sent by the DHCPv6 server in a DHCPv6 OFFER packet to the client. •...
Page 407 Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays DHCPv6 packet statistics for all address pools. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name.
Page 408: Dns-Server
Field Description Number of messages received by the DHCPv6 server. The message types include: • Solicit. • Request. • Confirm. • Renew. Packets received • Rebind. • Release. • Decline. • Information-request. • Relay-forward. If statistics about an address pool are displayed, this field is not displayed. Number of packets discarded.
Page 409: Domain-Name
Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1. <Sysname>...
Page 410: Ipv6 Dhcp Pool
Use undo ipv6 dhcp option-group to delete the specified static DHCPv6 option group. Syntax ipv6 dhcp option-group option-group-number undo ipv6 dhcp option-group option-group-number Default No static DHCPv6 option group exists on the device. Views System view Predefined user roles network-admin Parameters option-group-number: Assigns an ID to the static option group, in the range of 1 to 100.
Page 411: Ipv6 Dhcp Prefix-Pool
Parameters pool-name: Specifies a name for the DHCPv6 address pool, a case-insensitive string of 1 to 63 characters. Usage guidelines You can also use this command to enter the view of an existing DHCPv6 address pool. A DHCPv6 address pool stores IPv6 address/prefix and other configuration parameters to be assigned to DHCPv6 clients.
Page 412: Ipv6 Dhcp Server
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To create a prefix pool for the public network, do not specify this option. Usage guidelines Different prefix pools cannot overlap.
Page 413: Ipv6 Dhcp Server Apply Pool
another client, the server assigns the client a free address or a prefix. If the allow-hint keyword is not specified, the server ignores the desired address or prefix, and selects an address or prefix from a global address pool. If you use the ipv6 dhcp server and ipv6 dhcp server apply pool commands on the same interface, the ipv6 dhcp server apply pool command takes effect.
Page 414: Ipv6 Dhcp Server Database Filename
The allow-hint keyword enables the server to assign the desired address or prefix to the client. If the desired address or prefix does not exist or is already assigned to another client, the server assigns a free address or prefix. If allow-hint is not specified, the server ignores the desired address or prefix, and assigns a free address or prefix.
Page 415: Ipv6 Dhcp Server Database Update Interval
simple: Sets a plaintext password. key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters. Usage guidelines For security purposes, all passwords, including passwords configured in plaintext, are saved in ciphertext.
Page 416: Ipv6 Dhcp Server Database Update Now
Use undo ipv6 dhcp server database update interval to restore the default. Syntax ipv6 dhcp server database update interval seconds undo ipv6 dhcp server database update interval Default The DHCPv6 server waits 300 seconds after a DHCPv6 binding change to update the backup file. If no DHCPv6 binding changes, the backup file is not updated.
Page 417: Ipv6 Dhcp Server Database Update Stop
Usage guidelines This command does not take effect if you do not configure the DHCPv6 auto backup by using the ipv6 dhcp server database filename command. Examples # Manually save the DHCPv6 bindings to the backup file. <Sysname> system-view [Sysname] ipv6 dhcp server database update now Related commands ipv6 dhcp server database filename •...
Page 418: Ipv6 Dhcp Server Forbidden-Prefix
Use undo ipv6 dhcp server forbidden-address to remove the configuration. Syntax ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] [ vpn-instance vpn-instance-name ] undo ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] [ vpn-instance vpn-instance-name ] Default Except for the DHCPv6 server address, all IPv6 addresses in a DHCPv6 address pool are assignable. Views System view Predefined user roles...
Page 419: Network
Syntax ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ] [ vpn-instance vpn-instance-name ] undo ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ] [ vpn-instance vpn-instance-name ] Default No IPv6 prefixes in the DHCPv6 prefix pool are excluded from dynamic allocation. Views System view Predefined user roles...
Page 420: Option
Syntax network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] [ export-route ] undo network Default No IPv6 subnet is specified in a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles network-admin Parameters prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation. The value range for prefix-length is 1 to 128.
Page 421 Syntax option code hex hex-string undo option code Default No self-defined DHCPv6 option is configured in a DHCPv6 address pool. Views DHCPv6 address pool view, DHCPv6 option group view Predefined user roles network-admin Parameters code: Specifies a number for the self-defined option, in the range of 21 to 65535, excluding 25 through 26, 37 through 40, and 43 through 48.
Page 422: Prefix-Pool
prefix-pool Use prefix-pool to apply a prefix pool to a DHCPv6 address pool, so the DHCPv6 server can dynamically select a prefix from the prefix pool for a client. Use undo prefix-pool to remove the configuration. Syntax prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo prefix-pool prefix-pool-number Default No prefix pool is applied to a DHCPv6 address pool.
Page 423: Reset Ipv6 Dhcp Server Conflict
reset ipv6 dhcp server conflict Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information. Syntax reset ipv6 dhcp server conflict [ address ipv6-address ] [ vpn-instance vpn-instance-name ] Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears conflict information for the specified IPv6 address. If you do not specify an IPv6 address, this command clears all IPv6 address conflict information.
Page 424: Reset Ipv6 Dhcp Server Ip-In-Use
pool pool-name: Clears binding information for lease-expired IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines If you do not specify any parameters, this command clears binding information for all lease-expired IPv6 addresses.
Page 425: Reset Ipv6 Dhcp Server Pd-In-Use
Related commands display ipv6 dhcp server ip-in-use reset ipv6 dhcp server pd-in-use Use reset ipv6 dhcp server pd-in-use to clear binding information for assigned IPv6 prefixes. Syntax reset ipv6 dhcp server pd-in-use [ pool pool-name | [ prefix prefix/prefix-len ] [ vpn-instance vpn-instance-name ] ] Views User view...
Page 426: Sip-Server
Views User view Predefined user roles network-admin Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To clear DHCPv6 server statistics for the public network, do not specify this option. Examples # Clear DHCPv6 server statistics.
Page 427: Static-Bind
# Specify the SIP server domain name bbb.com in DHCPv6 address pool 1. [Sysname-dhcp6-pool-1] sip-server domain-name bbb.com Related commands display ipv6 dhcp pool static-bind Use static-bind to statically bind a client DUID or client IAID to an IPv6 address or prefix in the DHCPv6 address pool.
Page 428: Temporary Address Range
<Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] static-bind address 2001:0410::/35 duid 0003000100e0fc005552 iaid A1A1A1A1 # In address pool 1, bind prefix 2001:0410::/35 to the client DUID 00030001CA0006A400 and IAID A1A1A1A1. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] static-bind prefix 2001:0410::/35 duid 00030001CA0006A400 iaid A1A1A1A1 Related commands display ipv6 dhcp pool...
Page 429: Vpn-Instance
Examples # In DHCPv6 address pool 1, configure a temporary IPv6 address range from 3ffe:501:ffff:100::50 to 3ffe:501:ffff:100::60. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 [Sysname-dhcp6-pool-1] temporary address range 3ffe:501:ffff:100::50 3ffe:501:ffff:100::60 Related commands display ipv6 dhcp pool • address range •...
Page 430: Dhcpv6 Relay Agent Commands
<Sysname> system-view [Sysname] ipv6 dhcp pool 0 [Sysname-dhcp6-pool-0] vpn-instance abc DHCPv6 relay agent commands display ipv6 dhcp relay server-address Use display ipv6 dhcp relay server-address to display DHCPv6 server addresses specified on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay server-address [ interface interface-type interface-number ] Views Any view Predefined user roles...
Page 431: Display Ipv6 Dhcp Relay Statistics
Field Description Output interface of DHCPv6 packets. If no output interface is specified, Outgoing Interface the device searches the routing table for the output interface. Related commands ipv6 dhcp relay server-address • ipv6 dhcp select • display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display DHCPv6 packet statistics on the DHCPv6 relay agent.
Page 432 # Display DHCPv6 packet statistics on the DHCPv6 relay agent on GigabitEthernet 2/0/1. <Sysname> display ipv6 dhcp relay statistics interface gigabitethernet 2/0/1 Packets dropped Packets received Solicit Request Confirm Renew Rebind Release Decline Information-request Relay-forward Relay-reply Packets sent Advertise Reconfigure Reply Relay-forward Relay-reply...
Page 433: Gateway-List
Related commands reset ipv6 dhcp relay statistics gateway-list Use gateway-list to specify a list of gateway addresses for DHCPv6 clients in the relay address pool. Use undo gateway-list to remove the specified gateway addresses from a DHCPv6 relay address pool. Syntax gateway-list ipv6-address&<1-8>...
Page 434: Ipv6 Dhcp Relay Interface-Id
Syntax ipv6 dhcp relay gateway ipv6-address undo ipv6 dhcp relay gateway Default The first IPv6 address of the relay interface is used as the gateway address for DHCPv6 clients. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies a gateway address. The IPv6 address must be an IPv6 address of the relay interface.
Page 435: Ipv6 Dhcp Relay Server-Address
interface: Specifies the interface name mode. This mode pads the Interface-ID option in ASCII code with the interface name and VLAN ID of the interface. Usage guidelines Before executing this command, enable the DHCPv6 relay agent on the interface. Examples # Specify the BAS mode as the padding mode for the Interface-ID option on GigabitEthernet 2/0/1.
Page 436: Remote-Server
If you do not specify an IPv6 address, the undo ipv6 dhcp relay server-address command removes all DHCPv6 server addresses specified on the interface. Do not enable the DHCPv6 client and the DHCPv6 relay agent on the same interface. Examples # Enable the DHCPv6 relay agent on GigabitEthernet 2/0/1 and specify the DHCPv6 server address 2001:1::3.
Page 437: Reset Ipv6 Dhcp Relay Statistics
<Sysname> system-view [Sysname] ipv6 dhcp pool 0 [Sysname-dhcp6-pool-0] remote-server 10::1 reset ipv6 dhcp relay statistics Use reset ipv6 dhcp relay statistics to clear packets statistics on the DHCPv6 relay agent. Syntax reset ipv6 dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles...
Page 438 <Sysname> display ipv6 dhcp client interface gigabitethernet 2/0/1 GigabitEthernet2/0/1: Type: Stateful client requesting address and prefix State: OPEN Client DUID: 0003000100e002000000 Preferred server Reachable via address: FE80::2E0:1FF:FE00:18 Server DUID: 0003000100e001000000 IA_NA: IAID 0x00000642, T1 50 sec, T2 80 sec Address: 1:1::2/128 Preferred lifetime 100 sec, valid lifetime 200 sec Will expire on Feb 4 2014 at 15:37:20(288 seconds left) IA_PD: IAID 0x00000642, T1 50 sec, T2 80 sec...
Page 439 Field Description Current states of the DHCPv6 client: • IDLE—The client is in idle state. • SOLICIT—The client is locating a DHCPv6 server. • REQUEST—The client is requesting an IPv6 address or prefix. • OPEN—The client has obtained an IPv6 address or prefix. •...
Page 440: Display Ipv6 Dhcp Client Statistics
Related commands ipv6 address dhcp-alloc • ipv6 dhcp client pd • display ipv6 dhcp client statistics Use display ipv6 dhcp client statistics to display DHCPv6 client statistics. Syntax display ipv6 dhcp client statistics [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator...
Page 441: Ipv6 Address Dhcp-Alloc
Field Description Invalid Number of invalid packets. Packets sent Number of sent packets. Solicit Number of sent Solicit packets. Request Number of sent Request packets. Renew Number of sent Renew packets. Rebind Number of sent Rebind packets. Information-request Number of sent Information-request packets. Release Number of sent Release packets.
Page 442: Ipv6 Dhcp Client Dscp
Examples # Configure GigabitEthernet 2/0/1 to use DHCPv6 for IPv6 address acquisition. Configure the DHCPv6 client to support rapid address assignment and create dynamic DHCPv6 option group 1 for the configuration parameters obtained. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 address dhcp-alloc rapid-commit option-group 1 Related commands display ipv6 dhcp client ipv6 dhcp client dscp...
Page 443: Ipv6 Dhcp Client Stateless Enable
undo ipv6 dhcp client pd Default An interface does not use DHCPv6 for IPv6 prefix acquisition. Views Layer 3 Ethernet interface/subinterface view Layer 3 aggregate interface/subinterface view VLAN interface view Predefined user roles network-admin Parameters prefix-number: Specifies an IPv6 prefix ID in the range of 1 to 1024. After obtaining an IPv6 prefix, the client assigns the ID to the IPv6 prefix.
Page 444: Ipv6 Dhcp Client Stateful
Predefined user roles network-admin Usage guidelines Stateless DHCPv6 enables the interface to send an Information-request message to the multicast address of all DHCPv6 servers and DHCPv6 relay agents for configuration parameters. Examples # Enable stateless DHCPv6 on GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 dhcp client stateless enable ipv6 dhcp client stateful...
Page 445: Reset Ipv6 Dhcp Client Statistics
Examples # Configure GigabitEthernet 2/0/1 to use DHCPv6 for IPv6 address and prefix acquisition. Specify IDs for the dynamic IPv6 prefix and dynamic DHCPv6 option group, and configure the client to support rapid address and prefix assignment. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 dhcp client stateful prefix 1 rapid-commit option-group 1 Related commands...
Page 446: Display Ipv6 Dhcp Snooping Binding
DHCPv6 snooping works between the DHCPv6 client and the DHCPv6 server or between the DHCPv6 client and DHCPv6 the relay agent. DHCPv6 snooping does not work between the DHCPv6 server and the DHCPv6 relay agent. Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S.
Page 447: Display Ipv6 Dhcp Snooping Binding Database
Field Description When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the outer VLAN tag. VLAN Otherwise, it identifies the VLAN where the port connecting the DHCPv6 client resides. When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 SVLAN packet contains two VLAN tags, this field identifies the inner VLAN tag.
Page 448: Display Ipv6 Dhcp Snooping Packet Statistics
Field Description Latest write time Time of the latest update. Status of the update: • Writing—The backup file is being updated. Status • Last write succeeded—The backup file was successfully updated. • Last write failed—The backup file failed to be updated. display ipv6 dhcp snooping packet statistics Use display ipv6 dhcp snooping packet statistics to display DHCPv6 packet statistics for DHCPv6 snooping.
Page 449: Display Ipv6 Dhcp Snooping Trust
Related commands reset ipv6 dhcp snooping packet statistics display ipv6 dhcp snooping trust Use display ipv6 dhcp snooping trust to display information about trusted ports. Syntax display ipv6 dhcp snooping trust Views Any view Predefined user roles network-admin network-operator Examples # Display information about trusted ports.
Page 450 Parameters filename: Specifies the name of a local file. For information about the filename argument, see Fundamentals Configuration Guide. url url: Specifies the URL of a remote file. Do not include a username or password in the URL. Case sensitivity and the supported path format type vary by server. username username: Specifies the username for logging in to the remote device.
Page 451: Ipv6 Dhcp Snooping Binding Database Update Interval
# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp in the working directory of the TFTP server at 2::1. <Sysname> system-view [Sysname] ipv6 dhcp snooping binding database filename tftp://[2::1]/database.dhcp Related commands ipv6 dhcp snooping binding database update interval ipv6 dhcp snooping binding database update interval Use ipv6 dhcp snooping binding database update interval to set the waiting time after a DHCPv6 snooping entry change for the DHCPv6 snooping device to update the backup file.
Page 452: Ipv6 Dhcp Snooping Binding Record
Syntax ipv6 dhcp snooping binding database update now Views System view Predefined user roles network-admin Usage guidelines This command does not take effect if you do not configure the DHCPv6 snooping entry auto backup by using the ipv6 dhcp snooping binding database filename command. Examples # Manually save DHCPv6 snooping entries to the backup file.
Page 453: Ipv6 Dhcp Snooping Check Request-Message
ipv6 dhcp snooping check request-message Use ipv6 dhcp snooping check request-message to enable the DHCPv6-REQUEST check function for the received DHCPv6-RENEW, DHCPv6-DECLINE, and DHCPv6-RELEASE messages. Use undo ipv6 dhcp snooping check request-message to disable the DHCPv6-REQUEST check function. Syntax ipv6 dhcp snooping check request-message undo ipv6 dhcp snooping check request-message Default DHCPv6-REQUEST check is disabled.
Page 454: Ipv6 Dhcp Snooping Max-Learning-Num
Views System view Predefined user roles network-admin Usage guidelines Use the DHCPv6 snooping function together with trusted port configuration. Before trusted ports are configured, all ports on the DHCPv6 snooping device are untrusted and discard all responses sent from DHCPv6 servers. When DHCPv6 snooping is disabled, the device forwards all responses from DHCPv6 servers.
Page 455: Ipv6 Dhcp Snooping Option Interface-Id Enable
ipv6 dhcp snooping option interface-id enable Use ipv6 dhcp snooping option interface-id enable to enable support for the interface-ID option (also called Option 18). Use undo ipv6 dhcp snooping option interface-id enable to restore the default. Syntax ipv6 dhcp snooping option interface-id enable undo ipv6 dhcp snooping option interface-id enable Default The Option 18 is not supported.
Page 456: Ipv6 Dhcp Snooping Option Remote-Id Enable
Parameters vlan vlan-id: Specifies the VLAN where the DHCPv6 clients resides. interface-id: Specifies a string of 1 to 128 characters as the interface ID. Examples # Specify company001 as the interface ID. <Sysname> system-view [Sysname] ipv6 dhcp snooping enable [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 dhcp snooping option interface-id enable [Sysname-GigabitEthernet2/0/1] ipv6 dhcp snooping option interface-id string company001 Related commands...
Page 457: Ipv6 Dhcp Snooping Option Remote-Id String
ipv6 dhcp snooping option remote-id string Use ipv6 dhcp snooping option remote-id string to specify the content as the remote ID for Option 37. Use undo ipv6 dhcp snooping option remote-id string to restore the default. Syntax ipv6 dhcp snooping option remote-id [ vlan vlan-id ] string remote-id undo ipv6 dhcp snooping option remote-id [ vlan vlan-id ] Default The DHCPv6 snooping device uses its DUID as the content for Option 37.
Page 458: Reset Ipv6 Dhcp Snooping Binding
Predefined user roles network-admin Usage guidelines Specify the port facing the DHCP server as trusted and specify the other ports as untrusted so DHCP clients can obtain valid IP addresses. Examples # Specify GigabitEthernet 2/0/1 as a trusted port. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 dhcp snooping trust Related commands...
Page 459 reset ipv6 dhcp snooping packet statistics Distributed devices in standalone mode/centralized devices in IRF mode: reset ipv6 dhcp snooping packet statistics [ slot slot-number ] Distributed devices in IRF mode: reset ipv6 dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views User view Predefined user roles...
Page 460: Ipv6 Fast Forwarding Commands
IPv6 fast forwarding commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ipv6 fast-forwarding aging-time Use display ipv6 fast-forwarding aging-time to display the aging time of IPv6 fast forwarding entries. Syntax display ipv6 fast-forwarding aging-time Views...
Page 461 display ipv6 fast-forwarding cache [ ipv6-address ] [ slot slot-number ] Distributed devices in IRF mode: display ipv6 fast-forwarding cache [ ipv6-address ] [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all IPv6 fast forwarding entries.
Page 462: Ipv6 Fast-Forwarding Aging-Time
Protocol: 58 VPN instance: vpn2 Input interface: GE2/0/1 Output interface: GE2/0/2 Table 95 Command output Field Description Total number of IPv6 fast-forwarding Number of IPv6 fast forwarding entries. items Src IP Source IPv6 address. Src port Source port number. Dst IP Destination IPv6 address.
Page 463: Ipv6 Fast-Forwarding Load-Sharing
Parameters aging-time: Sets the aging time in the range of 10 to 300 seconds. Examples # Set the aging time to 20 seconds for IPv6 fast forwarding entries. <Sysname> system-view [Sysname] ipv6 fast-forwarding aging-time 20 Related commands display ipv6 fast-forwarding aging-time ipv6 fast-forwarding load-sharing Use ipv6 fast-forwarding load-sharing to enable IPv6 fast forwarding load sharing.
Page 464 reset ipv6 fast-forwarding cache [ slot slot-number ] Distributed devices in IRF mode: reset ipv6 fast-forwarding cache [ chassis chassis-number slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears the IPv6 fast forwarding table for all cards.
Page 465: Tunneling Commands
Tunneling commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. bandwidth Use bandwidth to set the expected bandwidth for an interface. Use undo bandwidth to restore the default.
Page 466: Description
Syntax default Views Tunnel interface view Predefined user roles network-admin Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions.
Page 467: Destination
<Sysname> system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] description tunnel1 Related commands display interface tunnel destination Use destination to specify the destination address for a tunnel interface. Use undo destination to remove the configured tunnel destination address. Syntax destination { ip-address | ipv6-address } undo destination Default No tunnel destination address is configured.
Page 468: Display Ds-Lite B4 Information
[Sysname2-Tunnel1] source 192.100.1.1 [Sysname2-Tunnel1] destination 193.101.1.1 Related commands display interface tunnel • interface tunnel • source • display ds-lite b4 information Use display ds-lite b4 information to display information about the connected B4 routers on the AFTR, including the IPv6 addresses of the B4 routers, and the assigned tunnel IDs. Syntax display ds-lite b4 information Views...
Page 469: Display Interface Tunnel
B4 address Tunnel ID Tunnel interface Idle time Chassis 2 Slot 0 Cpu 0: B4 address Tunnel ID Tunnel interface Idle time Chassis 2 Slot 1 Cpu 0: B4 address Tunnel ID Tunnel interface Idle time Chassis 2 Slot 2 Cpu 0: B4 address Tunnel ID Tunnel interface...
Page 470 description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions. down: Displays information about interfaces in the physical state of DOWN and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.
Page 471 Field Description State of the tunnel interface: • Administratively DOWN—The interface has been shut down by using the shutdown command. • DOWN—The interface is administratively up but its physical state is down. Current state • DOWN (Tunnel-Bundle administratively down)—The tunnel bundle interface to which the interface belongs has been shut down by using the shutdown command.
Page 472 Field Description Tunnel mode and transport protocol: • CR_LSP—MPLS TE tunnel mode. • DSLITE—DS-Lite tunnel mode on the AFTR. • GRE/IP—GRE/IPv4 tunnel mode. • GRE/IPv6—GRE/IPv6 tunnel mode. • GRE_ADVPN/IP—GRE-encapsulated IPv4 ADVPN tunnel mode. • GRE_ADVPN/IPv6—GRE-encapsulated IPv6 ADVPN tunnel mode. • GRE_EVI/IP—GRE-encapsulated IPv4 EVI tunnel mode.
Page 473 Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Description Tun1 1.1.1.1 aaaaaaaaaaaaaaaaaaaaaaaaaaa # Display brief information about interface Tunnel 1, including the complete interface description. <Sysname> display interface tunnel 1 brief description Brief information on interface(s) under route mode: Link: ADM - administratively down;...
Page 474: Ds-Lite Enable
Field Description Description Description for the interface. Causes for the physical state of DOWN: • Administratively—The link has been shut down by using the shutdown command. To bring it up, use the undo shutdown command. Cause • Not connected—The tunnel is not established. •...
Page 475 Use undo interface tunnel to delete a tunnel interface. Syntax interface tunnel number [ mode { advpn { gre | udp } [ ipv6 ] | ds-lite-aftr | evi | gre [ ipv6 ] | ipv4-ipv4 | ipv6 | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | mpls-te | nve } ] undo interface tunnel number Default No tunnel interface is created on the device.
Page 476: Mtu
mode mpls-te: Specifies the MPLS TE tunnel mode. mode nve: Specifies the NVE tunnel mode. Usage guidelines To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the view of an existing tunnel interface, you do not need to specify the tunnel mode. A tunnel interface number is locally significant.
Page 477: Reset Counters Interface
<Sysname> system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] mtu 10000 Related commands display interface tunnel reset counters interface Use reset counters interface to clear interface statistics. Syntax reset counters interface [ tunnel [ number ] ] Views User view Predefined user roles network-admin Parameters tunnel: Specifies a tunnel interface.
Page 478: Service
service Use service to specify a primary traffic processing unit for a tunnel interface. Use undo service to restore the default. Syntax Distributed devices in standalone mode/centralized devices in IRF mode: service slot slot-number undo service slot Distributed devices in IRF mode: service chassis chassis-number slot slot-number undo service chassis Default...
Page 479: Service Standby
Examples # (Distributed devices in standalone mode.) Specify the card in slot 2 as the primary traffic processing unit for interface Tunnel 200. <Sysname> system-view [Sysname] interface tunnel 200 [Sysname-Tunnel200] service slot 2 # (Centralized devices in IRF mode.) Specify IRF member device 2 as the primary traffic processing unit for interface Tunnel 200.
Page 480: Shutdown
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.) Usage guidelines The backup traffic processing unit can be a card on a distributed device or a member device on an IRF fabric of centralized devices.
Page 481: Source
undo shutdown Default The tunnel interface is up. Views Tunnel interface view Predefined user roles network-admin Usage guidelines This command disconnects all links set up on the interface. Make sure you fully understand the impact of the command on your network. Examples # Shut down interface Tunnel 1.
Page 482: Tunnel Dfbit Enable
Usage guidelines The specified source address or the address of the specified source interface is used as the source address of tunneled packets. To display the configured tunnel source address, use the display interface tunnel command. The source address of the local tunnel interface must be the destination address of the peer tunnel interface, and vice versa.
Page 483: Tunnel Discard Ipv4-Compatible-Packet
Examples # Set the DF bit for tunneled packets on interface Tunnel 1. <Sysname> system-view [Sysname] interface tunnel 1 mode gre [Sysname-Tunnel1] tunnel dfbit enable tunnel discard ipv4-compatible-packet Use tunnel discard ipv4-compatible-packet to enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.
Page 484: Tunnel Ttl
Predefined user roles network-admin Parameters tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255. Usage guidelines After you configure this command, all the tunneled packets of different services sent on the tunnel interface will use the same configured ToS. For more information about ToS, see ACL and QoS Configuration Guide.
Page 485: Tunnel Vpn-Instance
Related commands display interface tunnel tunnel vpn-instance Use tunnel vpn-instance to specify the VPN instance to which the tunnel destination belongs. Use undo tunnel vpn-instance to restore the default. Syntax tunnel vpn-instance vpn-instance-name undo tunnel vpn-instance Default The tunnel destination belongs to the public network. Views Tunnel interface view Predefined user roles...
Page 486: Gre Commands
GRE commands gre checksum Use gre checksum to enable GRE checksum. Use undo gre checksum to disable GRE checksum. Syntax gre checksum undo gre checksum Default GRE checksum is disabled. Views Tunnel interface view Predefined user roles network-admin Usage guidelines GRE checksum verifies packet integrity.
Page 487: Keepalive
Syntax gre key key-number undo gre key Default No key is configured for a GRE tunnel interface. Views Tunnel interface view Predefined user roles network-admin Parameters key-number: Specifies the key for the GRE tunnel interface, in the range of 0 to 4294967295. Usage guidelines You can configure a GRE key to check for the validity of packets received on a GRE tunnel interface.
Page 488 times: Sets the keepalive number in the range of 1 to 255. The default value is 3. Usage guidelines This command enables the tunnel interface to send keepalive packets at the specified interval. If the device receives no response from the peer within the timeout time, it shuts down the local tunnel interface. The device brings the local tunnel interface up if it receives a keepalive acknowledgment packet from the peer.
Page 489: Advpn Commands
ADVPN commands VAM server commands authentication-algorithm Use authentication-algorithm to specify the algorithms for VAM protocol packet authentication and their priorities. Use undo authentication-algorithm to restore the default. Syntax authentication-algorithm { aes-xcbc-mac | md5 | none | sha-1 | sha-256 } * undo authentication-algorithm Default SHA- 1 is used for protocol packet authentication.
Page 490: Authentication-Method
authentication-method Use authentication-method to specify an authentication mode that the VAM server uses to authenticate clients. Use undo authentication-method to restore the default. Syntax authentication-method { none | { chap | pap } [ domain isp-name ] } undo authentication-method Default The authentication method is CHAP, and the default domain is used.
Page 491 Predefined user roles network-admin network-operator Parameters advpn-domain domain-name: Displays IPv4 address mapping information for VAM clients in the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can include only letters, digits, and dots (.). If you do not specify this option, the command displays address mapping information for VAM clients in all ADVPN domains.
Page 492 # Display IPv4 address mapping information for the VAM client with private IPv4 address 10.0.0.1 in ADVPN domain 1. <Sysname> display vam server address-map advpn-domain 1 private-address 10.0.0.1 Group Private address Public address Type Holding time 10.0.0.1 2001::1 0H 13M 34S Table 99 Command output Field Description...
Page 493 Holding time : 0H 0M 2S Link protocol : GRE Public address : 113.124.136.1 Registered address: 113.124.136.1 Behind NAT : No ADVPN domain name : 4 Private address : 40.0.0.1 Hub group Holding time : 1H 8M 22S Link protocol : IPsec-UDP Public address : 4001::1...
Page 494 Registered port : 2158 Behind NAT : Yes # Display detailed IPv4 address mapping information for the VAM client with private IPv4 address 10.0.0.1 in ADVPN domain 1. <Sysname> display vam server address-map advpn-domain 1 private-address 10.0.0.1 verbose ADVPN domain name : 1 Private address : 10.0.0.1 Type...
Page 495: Display Vam Server Ipv6 Address-Map
Related commands reset vam server address-map display vam server ipv6 address-map Use display vam server ipv6 address-map to display IPv6 private-public address mapping information for VAM clients registered with the VAM server. Syntax display vam server ipv6 address-map [ advpn-domain domain-name [ private-address private-ipv6-address ] ] [ verbose ] Views Any view...
Page 496 1004::1:0:0:1 202.108.231.125 1H 8M 22S ADVPN domain name: 5 Total private address mappings: 1 Group Private address Public address Type Holding time 1005::1:0:0:1 5001::1 132H 41M 29S # Display IPv6 address mapping information for VAM clients in ADVPN domain 1. <Sysname>...
Page 497 Private address : 1000::2:0:0:1 Link local address: FE80::60:4 Type : Spoke Hub group Holding time : 0H 4M 21S Link protocol : UDP Public address : 220.181.111.85 Public port : 10018 Registered address: 10.158.26.14 Registered port : 2694 Behind NAT : Yes ADVPN domain name : 3 Private address...
Page 498 Link local address: FE80::50:4 Type : Hub Hub group Holding time : 0H 13M 34S Link protocol : UDP Public address : 2001::1 Public port : 2098 Registered address: 2001::1 Registered port : 2098 Behind NAT : No ADVPN domain name : 1 Private address : 1000::2:0:0:1 Link local address: FE80::60:4...
Page 499: Display Vam Server Ipv6 Private-Network
Field Description Duration time that elapses since the VAM client successfully registered with Holding time the server, in the format of xH yM zS. Link layer protocol used by the VAM client for ADVPN tunnel establishment: • UDP. • Link protocol GRE.
Page 500 private-address private-ipv6-address: Displays IPv6 private networks for the VAM client with the specified private IPv6 address. Examples # Display IPv6 private networks for VAM clients in all ADVPN domains. <Sysname> display vam server ipv6 private-network ADVPN domain name: 1 Total private networks: 5 Network/Prefix Private address Preference...
Page 501: Display Vam Server Private-Network
display vam server private-network Use display vam server private-network to display IPv4 private networks for VAM clients registered with the VAM server. Syntax display server private-network advpn-domain domain-name private-address private-ip-address ] ] Views Any view Predefined user roles network-admin network-operator Parameters advpn-domain domain-name: Displays IPv4 private networks for VAM clients in the specified ADVPN domain.
Page 502: Display Vam Server Statistics
192.168.0.0/28 10.0.0.1 192.168.1.0/24 10.0.0.1 192.168.100.0/24 10.0.0.2 192.168.100.0/24 10.0.0.3 # Display IPv4 private networks for the VAM client with private IPv4 address 10.0.0.1. <Sysname> display vam server private-network advpn-domain 1 private-address 10.0.0.1 Total private networks: 5 Network/Mask Private address Preference 192.168.0.0/28 10.0.0.1 192.168.1.0/24 10.0.0.1...
Page 503 Holding time : 0H 1M 47S Registered spoke number: 98 Registered hub number Packets received: Initialization request : 100 Initialization complete : 100 Register request : 100 Authentication information : 100 Address resolution request : 203 Network registration request : 59 Update request : 196 Logout request...
Page 504 Hub information response Data flow information response: 0 Keepalive : 362 Error notification Unkonwn Packets sent: Initialization response : 24 Initialization complete : 24 Authentication request : 24 Register response : 24 Address resolution response : 23 Network registration response: 0 Update response Hub information request Data flow information request: 0...
Page 505: Encryption-Algorithm
Data flow information request: 0 Logout response Keepalive : 642 Error notification Table 105 Command output Field Description Server status Whether the VAM server is enabled, Enabled or Disabled. Duration time that elapses after the VAM service is enabled, in the format of xH Holding time yM zS.
Page 506: Hub-Group
aes-cbc-256: Uses the AES-CBC encryption algorithm, with a key length of 256 bits. aes-ctr-128: Uses the AES-CTR encryption algorithm, with a key length of 128 bits. aes-ctr-192: Uses the AES-CTR encryption algorithm, with a key length of 192 bits. aes-ctr-256: Uses the AES-CTR encryption algorithm, with a key length of 256 bits. des-cbc: Uses the DES-CBC encryption algorithm.
Page 507: Hub Ipv6 Private-Address
The server matches the private address of the client against the private addresses of hubs in different hub groups in lexicographic order. If a match is found, the server assigns the client to the hub group as a hub. If no match is found, the server matches the client's private address against the private addresses of spokes in different hub groups in lexicographic order.
Page 508: Hub Private-Address
Usage guidelines For a hub to traverse a NAT gateway, configure a static mapping between the hub's registered public address/ADVPN port number and a NATed address/port number on the NAT gateway. To use this command to add the hub to a hub group, specify the NATed address and port number as the public address and ADVPN port number.
Page 509: Keepalive
Usage guidelines For a hub to traverse a NAT gateway, configure a static mapping between the hub's registered public address/ADVPN port number and a NATed address/port number on the NAT gateway. To use this command to add the hub to a hub group, specify the NATed address and port number as the public address and ADVPN port number.
Page 510: Pre-Shared-Key (Advpn Domain View)
If a device configured with dynamic NAT exists between the VAM server and VAM clients, configure the keepalive interval to be shorter than the aging time of NAT entries. Examples # Set the keepalive interval for VAM clients in ADVPN domain 1 to 30 seconds, and the maximum number of keepalive retries to 5.
Page 511: Retry Interval
retry interval Use retry interval to set the retry timer for the VAM server. Use undo retry interval to restore the default. Syntax retry interval time-interval undo retry interval Default The retry timer is 5 seconds. Views ADVPN domain view Predefined user roles network-admin Parameters...
Page 512: Reset Vam Server Ipv6 Address-Map
include only letters, digits, and dots (.). If you do not specify this option, the command clears address mapping information for VAM clients in all ADVPN domains. private-address private-ip-address: Clears IPv4 address mapping information for the VAM client with the specified private IPv4 address.
Page 513: Reset Vam Server Statistics
Examples # Clear IPv6 address mapping information for clients in all ADVPN domains. <Sysname> reset vam server ipv6 address-map # Clear IPv6 address mapping information for clients in ADVPN domain 1. <Sysname> reset vam server ipv6 address-map advpn-domain 1 # Clear IPv6 address mapping information for the client with private IPv6 address 1000::1:0:0:1 in ADVPN domain 1.
Page 514: Shortcut Interest
Default The VAM server is disabled for an ADVPN domain. Views ADVPN domain view Predefined user roles network-admin Usage guidelines You can also execute the vam server enable command in system view to enable the VAM server for one or all ADVPN domains. Examples # Enable the VAM server for ADVPN domain 1.
Page 515: Shortcut Ipv6 Interest
Usage guidelines The VAM server assigns the specified ACL to an online hub. When receiving an IPv4 spoke-to-spoke packet from a spoke, the hub sends a redirect packet to the spoke if all is specified or if the packet matches an ACL rule. Then, the spoke sends the VAM server the destination address of the packet, obtains the remote spoke information, and establishes a direct tunnel to the remote spoke.
Page 516: Spoke Ipv6 Private-Address
all: Allows establishing IPv6 spoke-to-spoke tunnels between all spokes in different hub groups. Usage guidelines The VAM server assigns the specified ACL to an online hub. When receiving an IPv6 spoke-to-spoke packet from a spoke, the hub sends a redirect packet to the spoke if all is specified or if the packet matches an ACL rule.
Page 517: Spoke Private-Address
Usage guidelines If you specify a prefix and prefix length, the system automatically transforms them to a start address and an end address. You can configure multiple spoke private IPv6 address ranges in a hub group. The ranges are listed from low to high.
Page 518: Vam Server Advpn-Domain
Examples # Configure a spoke private IPv4 address range in IPv4 network address format as 1.1.1.0/24 for hub group 1. <Sysname> system-view [Sysname] vam server advpn-domain 1 [Sysname-vam-server-domain-1] hub-group 1 [Sysname-vam-server-domain-1-hub-group-1] spoke private-address network 1.1.1.0 255.255.255.0 vam server advpn-domain Use vam server advpn-domain to create an ADVPN domain and enter its view. If the specified ADVPN domain already exists, this command opens the ADVPN domain view.
Page 519: Vam Server Listen-Port
Syntax vam server enable [ advpn-domain domain-name ] undo vam server enable [ advpn-domain domain-name ] Default The VAM server is disabled for an ADVPN domain. Views System view Predefined user roles network-admin Parameters advpn-domain domain-name: Enables the VAM server for the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can include only letters, digits, and dots (.).
Page 520: Vam Client Commands
Predefined user roles network-admin Parameters port-number: Specifies the port number in the range of 1025 to 65535. Usage guidelines The port number of the VAM server must be the same as the port configured on the VAM clients. Examples # Set the port number to 10000. <Sysname>...
Page 521: Client Enable
client enable Use client enable to enable a VAM client. Use undo client enable to disable a VAM client. Syntax client enable undo client enable Default The VAM client is disabled. Views VAM client view Predefined user roles network-admin Usage guidelines You can also execute the vam client enable command in system view to enable one or all VAM clients.
Page 522 Examples # Display FSM information for all VAM clients. <Sysname> display vam client fsm Client name : abc Status : Enabled ADVPN domain name: 1 Primary server: abc.com (28.1.1.23) Private address: 10.0.0.12 Interface : Tunnel1 Current state : Online (active) Client type : Hub Holding time...
Page 523 Primary server: 202.159.36.24 Private address: 10.0.0.12 Interface : Tunnel20 Current state : Online (active) Client type : Hub Holding time : 0H 0M 47S Encryption algorithm : AES-CBC-128 Authentication algorithm: SHA1 Keepalive : 30 seconds, 3 times Number of hubs Client name : spoke Status...
Page 524: Display Vam Client Shortcut Interest
display vam client shortcut interest Use display vam client shortcut interest to display IPv4 spoke-to-spoke tunnel establishment rules for VAM clients. Syntax display vam client shortcut interest [ name client-name ] Views Any view Predefined user roles network-admin network-operator Parameters name client-name: Displays IPv4 spoke-to-spoke tunnel establishment rules for the specified VAM client.
Page 525: Display Vam Client Shortcut Ipv6 Interest
# Display IPv4 spoke-to-spoke tunnel establishment rules for VAM client abc. <Sysname> display vam client shortcut interest name abc Client name : abc ADVPN domain name: 1 Client type : Spoke ACL rules Table 107 Command output Field Description VAM client type: •...
Page 526 Examples # Display IPv6 spoke-to-spoke tunnel establishment rules for all VAM clients. <Sysname> display vam client shortcut ipv6 interest Client name : abc ADVPN domain name: 1 Client type : Spoke ACL rules Client name : hub ADVPN domain name: 2 Client type : Hub ACL rules...
Page 527: Display Vam Client Statistics
Table 108 Command output Field Description VAM client type: • Hub. Client type • Spoke. • Unknown. ACL rules Number of ACL rules received by the VAM client. n represents the number of an ACL rule. Rule operation: Rule n: operation •...
Page 528 Client name: abc Status : Enabled Primary server: abc.com Packets sent: Initialization request Initialization complete Register request Authentication information Address resolution request Network registration request Update request Logout request Hub information response Data flow information response: 0 Keepalive : 35 Error notification Packets received: Initialization response...
Page 529 Authentication request Address resolution response Network registration response: 0 Update response Hub information request Data flow information request: 0 Logout response Keepalive Error notification Unkonwn Client name: hub Status : Disabled Client name: spoke Status : Enabled Primary server: test.com Packets sent: Initialization request Initialization complete...
Page 530 Primary server: abc.com Packets sent: Initialization request Initialization complete Register request Authentication information Address resolution request Network registration request Update request Logout request Hub information response Data flow information response: 0 Keepalive : 35 Error notification Packets received: Initialization response Initialization complete Authentication request Register response...
Page 531: Dumb-Time
Network registration response: 0 Update response Hub information request Data flow information request: 0 Logout response Keepalive Error notification Unkonwn Table 109 Command output Field Description Status VAM client status: Enabled or Disabled. Primary server Public address or domain name of the primary VAM server. Secondary server Public address or domain name of the secondary VAM server.
Page 532: Pre-Shared-Key (Vam Client View)
pre-shared-key (VAM client view) Use pre-shared-key to configure a pre-shared key for a VAM client. Use undo pre-shared-key to remove the configuration. Syntax pre-shared-key { cipher cipher-string | simple simple-string } undo pre-shared-key Default No pre-shared key is configured for a VAM client. Views VAM client view Predefined user roles...
Page 533: Reset Vam Client Ipv6 Fsm
Views User view Predefined user roles network-admin Parameters name client-name: Resets the FSM for the specified VAM client. The client-name argument is a case-insensitive string of 1 to 63 characters that can include only letters, digits, and dots (.). If you do not specify this option, the command resets the FSM for all VAM clients.
Page 534: Reset Vam Client Statistics
Related commands display vam client fsm reset vam client statistics Use reset vam client statistics to clear VAM client statistics. Syntax reset vam client statistics [ name client-name ] Views User view Predefined user roles network-admin Parameters name client-name: Clears statistics for the specified VAM client. The client-name argument is a case-insensitive string of 1 to 63 characters that can include only letters, digits, and dots (.).
Page 535: Server Primary
count retry-times: Specifies the number of retry times, in the range of 1 to 6. Usage guidelines A VAM client starts a retry timer after sending a request to the server. If the client receives no response before the retry timer expires, it resends the request. If the client fails to receive a response after maximum attempts (retry times), the client considers the server is unreachable.
Page 536: Server Secondary
If the specified primary and secondary VAM servers have the same address or name, only the primary VAM server takes effect. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify the domain name of the primary VAM server as abc.com and port number as 2000 for VAM client abc.
Page 537: User
name host-name: Specifies a domain name of a secondary VAM server. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), and underscores (_). The domain name can include at most 253 characters, and each separated string includes no more than 63 characters. port port-number: Specifies a port number for the secondary VAM server, in the range of 1025 to 65535.
Page 538: Vam Client Enable
Predefined user roles network-admin Parameters username: Specifies a username, a case-sensitive string of 1 to 253 characters. It cannot include slashes (/), back slashes (\), colons (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), quotation marks (”), vertical bars (|), and at signs (@). password: Sets a password.
Page 539: Vam Client Name
<Sysname> system-view [Sysname] vam client enable # Enable VAM client abc. <Sysname> system-view [Sysname] vam client enable name abc Related commands client enable vam client name Use vam client name to create a VAM client and enter its view. If the specified VAM client already exists, this command opens the VAM client view.
Page 540: Advpn Network
Default No private IPv6 network is configured. Views Tunnel interface view Predefined user roles network-admin Parameters prefix prefix-length: Specifies the prefix and prefix length of the private IPv6 network address. The value range for prefix-length is 0 to 128. preference preference-value: Specifies a preference for the route to the private network, in the range of 1 to 255.
Page 541: Advpn Session Dumb-Time
Views Tunnel interface view Predefined user roles network-admin Parameters ip-address: Specifies the private IPv4 network address. mask-length: Specifies the mask length of the private IPv4 network address, in the range of 0 to 32. mask: Specifies the mask of the private IPv4 network address. preference preference-value: Specifies a preference for the route to the private network, in the range of 1 to 255.
Page 542: Advpn Session Idle-Time
Views Tunnel interface view Predefined user roles network-admin Parameters time-interval: Specifies the dumb time in the range of 10 to 600 seconds. Usage guidelines The new dumb time setting only applies to subsequently established tunnels. Examples # Set the dumb time to 100 seconds. <Sysname>...
Page 543: Advpn Source-Port
advpn source-port Use advpn source-port to set the source UDP port number for ADVPN packets. Use undo advpn source-port to restore the default. Syntax advpn source-port port-number undo advpn source-port Default The source UDP port number is 18001. Views Tunnel interface view Predefined user roles network-admin Parameters...
Page 544 Parameters interface tunnel number: Displays information about IPv6 ADVPN tunnels on an IPv6 ADVPN tunnel interface specified by the interface number. If you do not specify this option, the command displays information about all IPv6 ADVPN tunnels. private-address private-ipv6-address: Displays information about the IPv6 ADVPN tunnel with the specified peer private IPv6 address.
Page 545 Table 110 Command output Field Description Interface ADVPN tunnel interface. Number of sessions Number of ADVPN tunnels established on the tunnel interface. Private address Private address of the ADVPN tunnel peer. Public address Public address of the ADVPN tunnel peer. Port Port number of the ADVPN tunnel peer.
Page 546 0 multicasts, 0 errors Interface : Tunnel2 Client name : vpn2 ADVPN domain name : 2 Link protocol : GRE Number of sessions: 1 Private address: 1002::4 Public address : 202.0.180.137 Session type : Spoke-Hub State : Establish Holding time : 0H 0M 2S Input: 0 packets, 0 data packets, 0 control packets...
Page 547 Holding time : 10H 48M 19S Input : 2201 packets, 2198 data packets, 3 control packets 2191 multicasts, 0 errors Output: 2169 packets, 2168 data packets, 1 control packets 2163 multicasts, 0 errors Interface : Tunnel5 Client name : vpn5 ADVPN domain name : 5 Link protocol : UDP...
Page 548: Display Advpn Session
Input : 2201 packets, 2198 data packets, 3 control packets 2191 multicasts, 0 errors Output: 2169 packets, 216 data packets, 1 control packets 2163 multicasts, 0 errors Table 111 Command output Field Description Interface ADVPN tunnel interface. Client name Name of the VAM client bound to the tunnel interface. Link layer protocol for the ADVPN tunnel: •...
Page 549 Syntax display advpn session [ interface tunnel number [ private-address private-ip-address ] ] [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters interface tunnel number: Displays information about IPv4 ADVPN tunnels on an IPv4 ADVPN tunnel interface specified by the interface number. If you do not specify this option, the command displays information about all IPv4 ADVPN tunnels.
Page 550 Number of sessions: 2 Private address Public address Port Type State Holding time 10.0.0.3 192.168.180.136 1139 Success 5H 38M 8S 10.0.1.4 192.168.180.137 3546 Dumb 0H 0M 27S # Display brief information about the IPv4 ADVPN tunnel with peer private IP address 10.0.1.3 on interface Tunnel 1.
Page 551 2163 multicasts, 0 errors Private address: 10.0.1.4 Public address : 192.168.180.137 ADVPN port : 3546 Behind NAT : No Session type : Hub-Spoke State : Dumb Holding time : 0H 0M 27S Input : 1 packets, 0 data packets, 1 control packets 0 multicasts, 0 errors Output: 16 packets, 0 data packets, 16 control packets 0 multicasts, 0 errors...
Page 552 0 multicasts, 0 errors Interface : Tunnel4 Client name : vpn4 ADVPN domain name : 4 Link protocol : IPsec-GRE Number of sessions: 1 Private address: 40.0.0.3 Public address : 4::4 SA's SPI Inbound: 187199087 (0xb286e6f) [ESP] Outbound: 3562274487 (0xd453feb7) [ESP] Behind NAT : No Session type...
Page 553 Behind NAT : No Session type : Hub-Spoke State : Dumb Holding time : 0H 0M 27S Input : 1 packets, 0 data packets, 1 control packets 0 multicasts, 0 errors Output: 16 packets, 0 data packets, 16 control packets 0 multicasts, 0 errors # Display detailed information about the IPv4 ADVPN tunnel with peer private IP address 10.0.1.3 on interface Tunnel 1.
Page 554: Keepalive
Field Description ADVPN tunnel state: • Success—The tunnel has been already established. State • Establishing—The tunnel is being established. • Dumb—The tunnel failed to be established and is now quiet. Holding time Duration time since the tunnel stayed in the current state, in the format of xH yM zS. Statistics for incoming packets, including the numbers of all packets, data packets, Input control packets, multicast packets, and erroneous packets.
Page 555: Reset Advpn Ipv6 Session
<Sysname> system-view [Sysname] interface tunnel 1 mode advpn udp ipv4 [Sysname-Tunnel1] keepalive interval 20 retry 5 reset advpn ipv6 session Use reset advpn ipv6 session to delete IPv6 ADVPN tunnels. Syntax reset advpn ipv6 session [ interface tunnel number [ private-address private-ipv6-address ] ] Views User view Predefined user roles...
Page 556: Reset Advpn Session
Parameters interface tunnel number: Clears statistics for IPv6 ADVPN tunnels on an IPv6 ADVPN tunnel interface specified by the interface number. If you do not specify this option, the command clears statistics for all IPv6 ADVPN tunnels. private-address private-ipv6-address: Clears statistics for the IPv6 ADVPN tunnel with the specified peer private IPv6 address.
Page 557: Reset Advpn Session Statistics
reset advpn session statistics Use reset advpn session statistics to clear statistics for IPv4 ADVPN tunnels. Syntax reset advpn session statistics [ interface tunnel number [ private-address private-ip-address ] ] Views User view Predefined user roles network-admin Parameters interface tunnel number: Clears statistics for IPv4 ADVPN tunnels on an IPv4 ADVPN tunnel interface specified by the interface number.
Page 558: Vam Ipv6 Client
Parameters client-name: Specifies a VAM client by its name, a case-insensitive string of 1 to 63 characters that can include only letters, digits, and dots (.). compatible advpn0: Specifies ADVPN V0 packet format. If you do not specify this keyword, packets are not compatible with ADVPN V0 format.
Page 559 Usage guidelines After a VAM client is bound to an IPv6 ADVPN tunnel interface, the client registers IPv6 private networks for the tunnel interface with the VAM server. A VAM client can be bound to only one IPv6 ADVPN tunnel interface. Examples # Bind VAM client abc to IPv6 ADVPN tunnel interface Tunnel 1.
Page 560: Waas Commands
You can also use this command to arrange existing WAAS classes in a WAAS policy. A WAAS class without any actions is not used to match packets. HP recommends that you configure a WAAS class by modifying a predefined WAAS class. Examples # Use predefined WAAS class AFS in WAAS policy waas_global, and enter the view of WAAS class AFS.
Page 561: Display Waas Class
<Sysname> system-view [Sysname] waas policy waas_global [Sysname-waaspolicy-waas_global] class AFS [Sysname-waaspolicy-waas_global-AFS] # Use predefined WAAS class AOL in WAAS policy waas_global, insert it before AFS, and enter the view of WAAS class AOL. <Sysname> system-view [Sysname] waas policy waas_global [Sysname-waaspolicy-waas_global] class AOL insert-before AFS [Sysname-waaspolicy-waas_global-AOL] # Change the position of WAAS class AOL in WAAS policy waas_global by inserting it before AFS, and enter the view of WAAS class AOL.
Page 562: Display Waas Policy
Table 114 Command output Field Description Match Match criterion of the WAAS class. Related commands match tcp • waas class • display waas policy Use display waas policy to display WAAS policies. Syntax display waas policy [ policy-name ] Views Any view Predefined user roles network-admin...
Page 563: Display Waas Session
Field Description passthrough Action that does not perform any optimization. Related commands class • optimize • passthrough • • waas policy display waas session Use display waas session to display WAAS session information. Syntax Centralized devices in standalone mode: display waas session { ipv4 | ipv6 } [ client-ip client-ip ] [ client-port client-port ] [ server-ip server-ip ] [ server-port server-port ] [ peer-id peer-id ] [ verbose ] Distributed devices in standalone mode/centralized devices in IRF mode: display waas session { ipv4 | ipv6 } [ client-ip client-ip ] [ client-port client-port ] [ server-ip server-ip ]...
Page 564 verbose: Displays detailed information about WAAS sessions. If you do not specify this keyword, the command displays brief information about WAAS sessions. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays WAAS session information for all cards.
Page 565 Average Latency: 0 usec Decode status: Bytes in: 329 Bytes out: 393 Bypass bytes: 63 Space saved: 16% Average Latency: 2 usec DRE section: Encode status: Bytes in: 0 Bytes out: 0 Bypass bytes: 314 Space saved: 0% Average latency: 0 usec Decode status: Bytes in: 399 Bytes out: 332...
Page 566 Bytes in: 0 Bytes out: 0 Bypass bytes: 314 Space saved: 0% Average latency: 0 usec Decode status: Bytes in: 399 Bytes out: 332 Bypass bytes: 0 Space saved: 0% Chunk miss: 0 Collision: 0 Average latency 23 usec Total 2 sessions found. Table 116 Command output Field Description...
Page 567: Display Waas Statistics Dre
Field Description Bytes in Number of input bytes. Bytes out Number of output bytes. Bypass bytes Number of bytes bypassed by DRE. • Compression ratio: (1–Bytes out/Bytes in) x 100. Space saved • Decompression ratio: (1–Bytes in/Bytes out) x 100. Average latency in milliseconds for the last compression or decompression.
Page 568 Examples # Display DRE statistics for all peer devices. <Sysname> display waas statistics dre Peer-ID: 0016-9d38-ca1d Peer version: 1.0 Cache in storage: 19426304 bytes Index number: 75884 Age: 00 weeks, 00 days, 00 hours, 00 minutes, 33 seconds Total connections: 1 Active connections: 0 Encode Statistics Dre msgs: 2...
Page 569 # Display DRE statistics for a specific peer device. <Sysname> display waas statistics dre peer 0016-9d38-ca1d Peer-ID: 0016-9d38-ca1d Peer version: 1.0 Cache in storage: 33554944 bytes Index number: 131074 Age: 00 weeks, 00 days, 00 hours, 21 minutes, 31 seconds Total connections: 2 Active connections: 0 Encode Statistics...
Page 570: Display Waas Status
Field Description • Compression ratio: (1–Bytes out/Bytes in) x 100. Space saved • Decompression ratio: (1–Bytes in/Bytes out) x 100. Average latency in milliseconds for the last compression or Average Latency decompression. When multiple CPUs are available on a card, the average latency is the latency time divided by the number of CPUs.
Page 571: Display Waas Tfo Auto-Discovery Blacklist
Field Description Total Active Total number of active WAAS connections. connections Total data storage Disk space used by all metadata. Metadata are original data that have indexes in the size dictionary. Total index number Total number of dictionary indexes. Blacklist Hold-time Aging time for blacklist entries.
Page 572: Match Tcp
Examples # Display all IPv4 blacklist information. <Sysname> display waas tfo auto-discovery blacklist ipv4 Server IP address/Port Insert Time 1.1.1.1/8080 Fri Mar 21 10:43:05 2014 1.1.1.2/8080 Fri Mar 21 10:43:06 2014 2.2.2.2/443 Fri Mar 21 10:20:37 2014 Total 3 entries found. Table 119 Command output Field Description...
Page 573: Optimize
ip-address ip-address: Specifies an IPv4 address for matching TCP packets. mask-length: Specifies the mask length for the IPv4 address, in the range of 0 to 32. The default is 32. mask: Specifies the mask for the IPv4 address. The default is 255.255.255.255. ipv6-address ipv6-address: Specifies an IPv6 address for matching TCP packets.
Page 574: Passthrough
Default No optimization actions are configured for a WAAS class. Views WAAS policy class view Predefined user roles network-admin Parameters tfo: Specifies TFO. dre: Specifies DRE. lz: Specifies LZ compression. Usage guidelines If you configure both this command and the passthrough command, the most recent configuration takes effect.
Page 575: Reset Waas Cache Dre
Views WAAS policy class view Predefined user roles network-admin Usage guidelines The pass-through action allows packets to pass through unoptimized. If you configure both this command and the optimize command, the most recent configuration takes effect. Examples # Configure the pass-through action for WAAS class AFS. <Sysname>...
Page 576: Reset Waas Statistics Dre
reset waas statistics dre Use reset waas statistics dre to clear DRE statistics. Syntax reset waas statistics dre [ peer-id peer-id ] Views User view Predefined user roles network-admin network-operator Parameters peer-id peer-id: Specifies a peer device by its bridge MAC address in the format of H-H-H. If you do not specify a peer device, this command clears DRE statistics for all peer devices.
Page 577: Waas Apply Policy
waas apply policy Use waas apply policy to apply a WAAS policy to an interface. Use undo waas apply policy to restore the default. Syntax waas apply policy [ policy-name ] undo waas apply policy Default No WAAS policy is applied to an interface. Views Interface view Predefined user roles...
Page 578: Waas Config Remove-All
Specifies a name for the WAAS class, a case-insensitive string of 1 to 63 characters. Usage guidelines If the WAAS class to be created already exists, this command enters its view directly. HP recommends that you configure a WAAS class by modifying a predefined WAAS class (see Table 120).
Page 579: Waas Config Restore-Default
waas config restore-default Use waas config restore-default to restore predefined WAAS settings. Syntax waas config restore-default Views System view Predefined user roles network-admin Usage guidelines This command restores the predefined WAAS policy and WAAS classes to their configurations when the WAAS process starts for the first time.
Page 580 HP recommends that you configure a WAAS policy by entering the predefined WAAS policy view and modifying the predefined WAAS policy. The predefined WAAS policy is created by the system when the WAAS process starts for the first time. The predefined WAAS policy uses all predefined WAAS classes.
Page 581 Source Predefined WAAS class Destination ports actions ports LDAP-Global-Catalog LZ+TFO+DRE 3268 LDAP-Global-Catalog-Secure Passthrough 3269 LDAP-secure Passthrough HP-OpenMail LZ+TFO+DRE 5729, 5755, 5757, 5766, 5767, 5768 Internet-Mail LZ+TFO+DRE 25, 110, 143, 220 Internet-Mail-secure 465, 993, 995 Lotus-Notes LZ+TFO+DRE 1352 MDaemon LZ+TFO+DRE 3000, 3001...
Page 582 WAAS Source Predefined WAAS class Destination ports actions ports Passthrough 531, 6660–6669 Jabber Passthrough 5222, 5269 Lotus-Sametime-Connect Passthrough 1533 MS-Chat Passthrough 6665, 6667 MSN-Messenger Passthrough 1863, 6891–6900 Yahoo-Messenger Passthrough 5000, 5001, 5050, 5100 Passthrough iSNS Passthrough 3205 Service-Location Passthrough WINS Passthrough 42, 137, 1512 Cisco-NetFlow...
Page 583 WAAS Source Predefined WAAS class Destination ports actions ports AppSocket LZ+TFO+DRE 9100 LZ+TFO+DRE SUN-Xprint LZ+TFO+DRE 8100 Unix-Printing LZ+TFO+DRE 170, 515 Altiris-CarbonCopy Passthrough 1680 Apple-NetAssistant Passthrough 3283 Citrix-ICA LZ+TFO+DRE 1494, 2598 ControlIT Danware-NetOp 6502 Laplink-Host 1547 Laplink-PCSync 8444 Laplink-PCSync-secure 8443 MS-Terminal-Services 3389 Netopia-Timbuktu 407, 1417–1420...
Page 584 LZ+TFO+DRE 1755 RTSP LZ+TFO+DRE 554, 8554 VDOLive LZ+TFO+DRE 7000 6161, 6162, 6767, 6768, 8160, BMC-Patrol Passthrough 8161, 10128 HP-OpenView Passthrough 7426–7431, 7501, 7510 HP-Radia LZ+TFO+DRE 3460, 3461, 3464, 3466 IBM-NetView Passthrough 729–731 IBM-Tivoli LZ+TFO+DRE 94, 627, 1580, 1581, 1965 LANDesk LZ+TFO+DRE 9535, 9593–9595...
Page 585: Waas Tfo Auto-Discovery Blacklist Enable
<Sysname> system-view [Sysname] waas policy waas_default [Sysname-waaspolicy-waas_default] Related commands display waas policy waas tfo auto-discovery blacklist enable Use waas tfo auto-discovery blacklist enable to enable the TFO blacklist autodiscovery feature. Use undo waas tfo auto-discovery blacklist enable to disable the TFO blacklist autodiscovery feature. Syntax waas tfo auto-discovery blacklist enable undo waas tfo auto-discovery blacklist enable...
Page 586: Waas Tfo Base-Congestion-Window
Default The aging time for autodiscovery blacklist entries is 5 minutes. Views System view Predefined user roles network-admin Parameters minutes: Specifies the aging time for autodiscovered blacklist entries, in the range of 1 to 10080 minutes. Usage guidelines An aging timer is started when a blacklist entry is created. The system automatically deletes an autodiscovered blacklist entry to make room for a new blacklist entry when the aging timer expires.
Page 587: Waas Tfo Keepalive
Examples # Set the initial congestion window size to three segments. <Sysname> system-view [Sysname] waas tfo base-congestion-window 3 waas tfo keepalive Use waas tfo keepalive to enable TFO keepalives. Use undo waas tfo keepalive to disable TFO keepalives. Syntax waas tfo keepalive undo waas tfo keepalive Default TFO keepalives are disabled.
Page 588: Waas Tfo Optimize Lz
Predefined user roles network-admin Usage guidelines The DRE optimization action configured in a WAAS policy takes effect only when DRE is enabled. Examples # Disable DRE. <Sysname> system-view [Sysname] undo waas tfo optimize dre Related commands display waas status waas tfo optimize lz Use waas tfo optimize lz to enable LZ compression.
Page 589 Syntax waas tfo receive-buffer buffer-size undo waas tfo receive-buffer Default The TFO receiving buffer size is 64 KB. Views System view Predefined user roles network-admin Parameters buffer-size: Specifies the TFO receiving buffer size in the range of 32 to 16384 KB. Usage guidelines The TFO receiving buffer size affects network throughput.
Page 590: Aft Commands
AFT commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. address Use address to add an address range to an AFT address group. Use address to remove an address range from an AFT address group.
Page 591: Aft Address-Group
Related commands aft address-group aft address-group Use aft address-group to create an AFT address group and enter its view. Use undo aft address-group to delete an AFT address group. Syntax aft address-group group-number undo aft address-group group-number Default No AFT address group exists. Views System view Predefined user roles...
Page 592: Aft Log Enable
undo aft enable Default AFT is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines You must enable AFT on interfaces connected to the IPv4 network and interfaces connected to the IPv6 network. Examples # Enable AFT on GigabitEthernet 2/0/1. <Sysname>...
Page 593: Aft Prefix-Ivi
[Sysname] aft log enable Related commands display aft configuration aft prefix-ivi Use aft prefix-ivi to configure an IVI prefix. Use undo aft prefix-ivi to delete an IVI prefix. Syntax aft prefix-ivi prefix-ivi undo aft prefix-ivi prefix-ivi Default No IVI prefix exists. Views System view Predefined user roles...
Page 594: Aft Turn-Off Tos
undo aft prefix-nat64 prefix-nat64 prefix-length Default No NAT64 prefix exists. Views System view Predefined user roles network-admin Parameters prefix-nat64: Specifies a NAT64 prefix. prefix-length: Specifies the NAT64 prefix length. The value for this argument can be 32, 40, 48, 56, 64, or 96.
Page 595: Aft Turn-Off Traffic-Class
Predefined user roles network-admin Examples # Set the ToS field to 0 for IPv4 packets translated from IPv6 packets. <Sysname> system-view [Sysname] aft turn-off tos aft turn-off traffic-class Use aft turn-off traffic-class to set the Traffic Class field to 0 for IPv6 packets translated from IPv4 packets. Use undo aft turn-off traffic-class to restore the default.
Page 596: Aft V4Tov6 Source
Predefined user roles network-admin Parameters acl: Identifies IPv4 packets for address translation. AFT translates destination addresses for IPv4 packets permitted by the ACL. number acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 3999. name acl-name: Specifies an IPv4 ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.
Page 597 Default The device does not have IPv4-to-IPv6 source address translation policies. Views System view Predefined user roles network-admin Parameters ipv4-address: Specifies an IPv4 address. vpn-instance vpn-instance-name4: Specifies an MPLS L3VPN instance to which the IPv4 address belongs. The vpn-instance-name4 argument is a case-sensitive string of 1 to 31 characters. To specify the IPv4 address on the public network, do not specify this option.
Page 598: Aft V6Server
aft v6server Use aft v6server to configure an AFT mapping for an IPv6 internal server. Use undo aft v6server to delete an AFT mapping for an IPv6 internal server. Syntax aft v6server protocol protocol-type ipv4-destination-address ipv4-port-number [ vpn-instance vpn-instance-name4 ] ipv6-destination-address ipv6-port-number [ vpn-instance vpn-instance-name6 ] undo aft v6server protocol protocol-type ipv4-destination-address ipv4-port-number [ vpn-instance vpn-instance-name4 ] Default...
Page 599: Aft V6Tov4 Source
aft v6tov4 source Use aft v6tov4 source to configure an IPv6-to-IPv4 source address translation policy. Use undo aft v6tov4 source to delete an IPv6-to-IPv4 source address translation policy. Syntax Static mapping: aft v6tov4 source ipv6-address [ vpn-instance vpn-instance-name6 ] ipv4-address [ vpn-instance vpn-instance-name4 ] undo aft v6tov4 source ipv6-address [ vpn-instance vpn-instance-name6 ] Dynamic translation policy:...
Page 600: Display Aft Address-Group
no-pat: Specifies the NO-PAT mode. If you do not specify the keyword, AFT uses the PAT mode. port-block-size blocksize: Specifies the port block size in the range of 100 to 64512. If you specify this option, this command divides the port range (1024 to 65535) by the port block size. For example, if you set the port block size to 1000, the port range is divided into port blocks 1024 to 2023, 2024 to 3023, and so on.
Page 601: Display Aft Address-Mapping
There are 3 AFT address groups. Group number Start address End address 202.110.10.10 202.110.10.15 202.110.10.20 202.110.10.25 202.110.10.30 202.110.10.35 # Display information about AFT address group 1. <Sysname> display aft address-group 1 Group number Start address End address 202.110.10.10 202.110.10.15 Table 121 Command output Field Description There are n AFT address groups...
Page 602 chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card on the device. If you do not specify an IRF member device or card, this command displays AFT mappings for all cards in the IRF fabric.
Page 603: Display Aft Configuration
Field Description Member ID of the device in the IRF fabric. (Centralized devices in IRF Slot 0 mode.) Slot number of the card and the member ID of the device in the IRF fabric. Slot 0 in chassis 1 (Distributed devices in IRF mode.) IPv4 IPv4 address information.
Page 604: Display Aft No-Pat
display aft no-pat Use display aft no-pat to display information about AFT NO-PAT entries. Syntax Centralized devices in standalone mode: display aft no-pat Distributed devices in standalone mode/centralized devices in IRF mode: display aft no-pat [ slot slot-number ] Distributed devices in IRF mode: display aft no-pat [ chassis chassis-number slot slot-number ] Views Any view...
Page 605 # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display information about all AFT NO-PAT entries. <Sysname> display aft no-pat Slot 0: IPv6 address: 3006::0002 IPv4 address: 200.100.1.100 IPv4 VPN : vpn2 IPv6 VPN : vpn1 IPv6 address: 4016::1102 IPv4 address: 202.120.12.110 IPv4 VPN : vpn2...
Page 606: Display Aft Port-Block
display aft port-block Use display aft port-block to display information about AFT port block mappings. Syntax Centralized devices in standalone mode: display aft port-block Distributed devices in standalone mode/centralized devices in IRF mode: display aft port-block [ slot slot-number ] Distributed devices in IRF mode: display aft port-block [ chassis chassis-number slot slot-number ] Views...
Page 607 # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display information about AFT port block mappings. <Sysname> display aft port-block Slot 0: IPv6 address: 3006::0002 IPv4 address: 200.100.1.100 Port block : [1024 – 1123] IPv4 VPN : vpn2 IPv6 VPN : vpn1 IPv6 address: 4016::1102 IPv4 address: 202.120.12.110...
Page 608: Display Aft Session
Field Description VPN instance to which the original IPv6 address belongs. If the IPv6 IPv6 VPN address does not belong to a VPN instance, this field is not displayed. Total entries found Total number of AFT port block mapping entries. display aft session Use display aft session to display information about AFT sessions.
Page 609 destination-ip destination-ipv6-address: Specifies the destination IPv6 address of the packets that initiate AFT sessions. vpn-instance vpn-instance-name6: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. To displays AFT sessions for the public network, do not specify this option. slot slot-number: Specifies a card by its slot number.
Page 610 Destination IP/port: 102.128.1.55/22 DS-Lite tunnel peer: - VPN instance/VLAN ID/VLL ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet2/0/1 Responder: Source IP/port: 102.128.1.55/22 Destination IP/port: 192.168.1.18/1877 DS-Lite tunnel peer: - VPN instance/VLAN ID/VLL ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet2/0/2 App: SSH State: TCP_SYN_SENT Start time: 2011-07-29 19:12:36 TTL: 28s...
Page 611: Display Aft Statistics
Field Description Member ID of the device in the IRF fabric. (Centralized devices in IRF Slot 0 mode.) Slot number of the card and the member ID of the device in the IRF Slot 0 in chassis 1 fabric. (Distributed devices in IRF mode.) Initiator Session information about the initiator.
Page 612 Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays AFT statistics for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays AFT statistics for all member devices.
Page 613: Reset Aft Session
reset aft session Use reset aft session to clear AFT sessions. Syntax Centralized devices in standalone mode: reset aft session Distributed devices in standalone mode/centralized devices in IRF mode: reset aft session [ slot slot-number ] Distributed devices in IRF mode: reset aft session [ chassis chassis-number slot slot-number ] Views User view...
Page 614: Reset Aft Statistics
reset aft statistics Use reset aft statistics to clear AFT statistics. Syntax Centralized devices in standalone mode: reset aft statistics Distributed devices in standalone mode/centralized devices in IRF mode: reset aft statistics [ slot slot-number ] Distributed devices in IRF mode: reset aft statistics [ chassis chassis-number slot slot-number ] Views User view...
Page 615: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 616: Command Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 617 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 618 Index A B C D E F G H I K L M N O P R S T U V W...
Page 619 Common DHCP commands,35 advpn session dumb-time,527 Common DHCPv6 commands,376 advpn session idle-time,528 Contacting HP,601 advpn source-port,529 Conventions,602 ADVPN tunnel commands,525 advpn-domain,506 ddns apply policy,141 address-group,577 ddns dscp,142 enable,577 ddns policy,142 aft log...
Page 620 dhcp server bootp reply-rfc- 1 048,46 display bootp client,123 DHCP server commands,38 display ddns policy,143 dhcp server database filename,47 display dhcp client,103 dhcp server database update interval,48 display dhcp relay check mac-address,93 dhcp server database update now,49 display dhcp relay client-information,93 dhcp server database update stop,50...
Page 621 display ipv6 dhcp server expired,387 display nat statistics,202 display ipv6 dhcp server ip-in-use,388 display proxy-arp,16 display ipv6 dhcp server pd-in-use,390 display rawip,264 display ipv6 dhcp server statistics,392 display rawip verbose,265 display ipv6 dhcp snooping binding,432 display tcp,269 display ipv6 dhcp snooping binding database,433 display tcp statistics,272...
Page 622 expired,64 ip unreachables enable,291 ip-in-use threshold,69 ipv6 address,341 forbidden-ip,65 ipv6 address anycast,341 forwarding policy,249 ipv6 address auto,342 ipv6 address auto link-local,343 ipv6 address dhcp-alloc,427 gateway-list,98 ipv6 address eui-64,344 gateway-list,66 ipv6 address link-local,345 gateway-list,419 ipv6 bandwidth-based-sharing,346 global-ip-pool,205 ipv6 dhcp client dscp,428 gratuitous-arp-learning enable,14 ipv6 dhcp client...
Page 623 ipv6 dns dscp,136 local-ip-address,207 ipv6 dns server,136 local-proxy-arp enable,17 ipv6 dns spoofing,137 local-proxy-nd enable,371 ipv6 fast-forwarding aging-time,448 ipv6 fast-forwarding load-sharing,449 match tcp,558 ipv6 hop-limit,346 method,145 ipv6 hoplimit-expires enable,347 mtu,462 ipv6 host,138 ipv6 icmpv6 error-interval,348 ipv6 icmpv6 multicast-echo-reply enable,348 address-group,208 ipv6 icmpv6 source,349 alg,208 ipv6...
Page 624 prefix-pool,408 reset tcp statistics,292 pre-shared-key (ADVPN domain view),496 reset udp statistics,293 pre-shared-key (VAM client view),518 reset udp-helper statistics,299 proxy-arp enable,18 reset vam client fsm,518 proxy-nd enable,371 reset vam client ipv6 fsm,519 reset vam client statistics,520 reset vam server address-map,497 Related information,601 reset vam server ipv6 address-map,498...
Page 625 tunnel ttl,470 tunnel vpn-instance,471 udp-helper broadcast-map,299 udp-helper enable,300 udp-helper multicast-map,301 udp-helper port,302 udp-helper server,303 url,148 user,523 username,150 valid class,79 client,543 VAM client commands,506 vam client enable,524 vam client name,525 vam ipv6 client,544 vam server advpn-domain,504 VAM server commands,475 vam server enable,504 vam server listen-port,505...

HP MSR Series Command Reference Manual

Quick Links

Related Manuals for HP MSR Series

Summary of Contents for HP MSR Series