Page 1
HP MSR Router Series Layer 3—IP Services Command Reference(V7) Part number: 5998-7741b Software version: CMW710-R0304 Document version: 6PW104-20150914...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Page 6
display ipv6 dns server ······································································································································· 128 dns domain ·························································································································································· 129 dns dscp ······························································································································································· 130 dns proxy enable ················································································································································· 130 dns server ····························································································································································· 131 dns source-interface ············································································································································· 132 dns spoofing ························································································································································ 132 dns spoofing track ··············································································································································· 133 ...
ARP commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check.
Use undo arp check log enable to disable the ARP logging function. Syntax arp check log enable undo arp check log enable Default ARP logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This function enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The device can log the following ARP events: On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the •...
Page 17
Default The following matrix shows the default values for the number argument: Hardware Default MSR1002-4/1003-8S 4096 MSR2003 4096 MSR2004-24/2004-48 4096 MSR3012/3024/3044/3064 4096 MSR4060/4080 16384 Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Layer 3 Ethernet interface/subinterface view Layer 3 aggregate interface/aggregate subinterface view VLAN interface view Predefined user roles network-admin...
Predefined user roles network-admin Parameters number: Specifies the maximum number of dynamic ARP entries for a device. The following matrix shows the value ranges for the number argument: Hardware Value range MSR1002-4/1003-8S 0 to 4096 MSR2003 0 to 4096 MSR2004-24/2004-48 0 to 4096 MSR3012/3024/3044/3064 0 to 4096...
Predefined user roles network-admin Parameters ip-address: Specifies an IP address for the static ARP entry. mac-address: Specifies a MAC address for the static ARP entry, in the format of H-H-H. vlan-id: Specifies the ID of a VLAN to which the static ARP entry belongs. The value range is 1 to 4094. The VLAN and VLAN interface must already exist.
Syntax arp timer aging aging-time undo arp timer aging Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer.
Page 22
Predefined user roles network-admin network-operator Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ARP entries for the active MPU.
[No Vrf] 0x0000 192.168.0.39 0012-a990-2241 GE2/0/3 [No Vrf] 0x0000 22.1.1.1 000c-299d-c041 [No Vrf] 0x0000 # Display the number of all ARP entries. <Sysname> display arp all count Total number of entries : 5 Table 1 Command output Field Description IP Address IP address in an ARP entry.
Syntax display arp timer aging Views Any view Predefined user roles network-admin network-operator Examples # Display the aging timer of dynamic ARP entries. <Sysname> display arp timer aging Current ARP aging time is 10 minute(s) Related commands arp timer aging display arp vpn-instance Use display arp vpn-instance to display the ARP entries for a VPN instance.
VLAN interface view Predefined user roles network-admin Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This function takes effect only when the enabled interface is up and an IP address has been assigned to the interface.
Usage guidelines The learning of gratuitous ARP packets function allows a device to maintain its ARP table by creating or updating ARP entries based on received gratuitous ARP packets. When this function is disabled, the device uses received gratuitous ARP packets to update existing ARP entries only.
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The local ARP proxy status can be enabled or disabled.
Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The proxy ARP status can be enabled or disabled. If an interface is specified, this command displays proxy ARP status for the specified interface. If no interface is specified, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on GigabitEthernet 2/0/1.
Local proxy ARP allows communication between hosts that connect to the same Layer 3 interface and reside in different broadcast domains. Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on GigabitEthernet 2/0/1. <Sysname>...
ARP fast-reply commands arp fast-reply enable Use arp fast-reply enable to enable ARP fast-reply for a VLAN. Use undo arp fast-reply enable to disable ARP fast-reply for a VLAN. Syntax arp fast-reply enable undo arp fast-reply enable Default ARP fast-reply is disabled on a VLAN. Views VLAN view Predefined user roles...
ARP PnP commands arp pnp Use arp pnp to enable the ARP plug and play (PnP) feature. Use undo arp pnp to restore the default. Syntax arp pnp undo arp pnp Default The ARP PnP feature is disabled. Views Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Predefined user roles network-admin Usage guidelines...
display arp pnp Use display arp pnp to display ARP PnP mappings. Syntax display arp pnp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays ARP PnP mappings for all interfaces.
ARP suppression commands arp suppression enable Use arp suppression enable to enable ARP suppression. Use undo arp suppression enable to disable ARP suppression. Syntax arp suppression enable undo arp suppression enable Default ARP suppression is disabled. Views Cross-connect view Predefined user roles network-admin Usage guidelines You must enable L2VPN before you enter cross-connect view.
Views System view Predefined user roles network-admin Parameters interval: Specifies a push interval for ARP suppression, in the range of 1 to 1440 minutes. Usage guidelines The ARP suppression push function pushes ARP suppression entries at intervals by broadcasting gratuitous ARP packets. Examples # Configure the device to push ARP suppression entries every 2 minutes.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ARP suppression entries for the master device. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Page 40
Examples # Clear ARP suppression entries for all cross-connect groups. <Sysname> reset arp suppression xconnect-group Related commands display arp suppression xconnect-group...
IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays information about all Layer 3 interfaces.
Page 43
Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 4 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown command.
Field Description ICMP packet input number: Total number of ICMP packets received on the interface (statistics start at the Echo reply: device startup): • Echo reply packets. Unreachable: • Unreachable packets. Source quench: • Source quench packets. Routing redirect: • Routing redirect packets.
Page 45
Usage guidelines Information displayed by the command includes the state of the physical and link layer protocols, IP address, and interface descriptions. If you do not specify the interface type and interface number, the command displays brief IP configuration for all Layer 3 interfaces. If you specify only the interface type, the command displays brief IP configuration for all Layer 3 interfaces of the specified type.
Field Description Interface description information. If no description is configured, this field displays Description hyphens (--). Related commands display ip interface • ip address • ip address Use ip address to assign an IP address to the interface. Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ]...
The primary and secondary IP addresses assigned to the interface can be located on the same network segment. Different interfaces on your device must reside on different network segments. Examples # Assign GigabitEthernet 2/0/1 a primary IP address 129.102.0.1 and a secondary IP address 202.38.160.1, with the subnet masks both 255.255.255.0.
Page 48
You cannot enable a dynamic routing protocol on the interface that has no IP address configured. To enable the interface to communicate with other devices, you must configure a static route to the peer device on the interface. Examples # Configure the tunnel interface Tunnel 0 to borrow the IP address of the interface GigabitEthernet 2/0/1.
DHCP commands Common DHCP commands dhcp client-detect Use dhcp client-detect to enable client offline detection on the DHCP server or DHCP relay agent. Use undo dhcp client-detect to disable client offline detection. Syntax dhcp client-detect undo dhcp client-detect Default Client offline detection is disabled. Views Interface view Predefined user roles...
Default The DSCP value in DHCP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
Use undo dhcp log enable to disable DHCP logging. Syntax dhcp log enable undo dhcp log enable Default DHCP logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCP server to generate DHCP logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.
proxy: Enables DHCP server proxy on the relay agent. server: Enables the DHCP server on the interface. Usage guidelines Before enabling the DHCP relay agent on an interface, use the reset dhcp server ip-in-use command to remove address bindings and authorized ARP entries. These authorized ARP entries might conflict with ARP entries that are created after the DHCP relay agent is enabled.
Usage guidelines If no IP address range is specified, all IP addresses in the subnet specified by the network command in address pool view are assignable. If an IP address range is specified, only the IP addresses in the IP address range are assignable.
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. The DHCP client uses the shared key to encrypt packets sent to the BIMS server.
<Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] class user option-group 1 Related commands dhcp option group class range Use class range to specify an IP address range for a DHCP user class. Use undo class range to remove the IP address range for the DHCP user class. Syntax class class-name range start-ip-address end-ip-address undo class class-name range...
[Sysname-dhcp-pool-1] class user range 192.168.8.1 192.168.8.150 Related commands • address range dhcp class • • display dhcp server pool dhcp class Use dhcp class to create a DHCP user class and enter the DHCP user class view. Use undo dhcp class to remove the specified user class. Syntax dhcp class class-name undo dhcp class class-name...
Syntax dhcp option-group option-group-number undo dhcp option-group option-group-number Default No DHCP option group exists. Views System view Predefined user roles network-admin Parameters option-group-number: Assigns a number to the DHCP option group, in the range of 0 to 32768. Usage guidelines You can use this command to enter the view of an existing DHCP option group.
The DHCP server always unicasts a response in the following situations, regardless of whether this command is executed: The DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0). • The DHCP request is forwarded by a DHCP relay agent from a DHCP client (the giaddr field is not •...
dhcp server bootp ignore Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests. Use undo dhcp server bootp ignore to restore the default. Syntax dhcp server bootp ignore undo dhcp server bootp ignore Default The DHCP server does not ignore BOOTP requests. Views System view Predefined user roles...
This command enables the DHCP server to fill the Vend field in RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients. This command takes effect only when the BOOTP clients request statically bound addresses. Examples # Enable the DHCP server to send BOOTP responses in RFC 1048 format upon receiving BOOTP requests incompliant with RFC 1048.
When the backup file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password: If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, • where the port number is optional. If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, •...
Parameters seconds: Sets the waiting time in seconds in the range of 60 to 864000. Usage guidelines The waiting time does not take effect if you do not configure the DHCP binding auto backup by using the dhcp server database filename command. When a DHCP binding is created, updated, or removed, the waiting period starts.
dhcp server database update stop Use dhcp server database update stop to terminate the download of DHCP bindings from the backup file. Syntax dhcp server database update stop Views System view Predefined user roles network-admin Usage guidelines The DHCP server does not provide services during the binding download process. If the connection disconnects during the process, the waiting timeout timer is 60 minutes.
Parameters start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If you do not specify this argument, only the start-ip-address is excluded from dynamic allocation. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters.
Usage guidelines You can also use this command to enter the view of an existing DHCP address pool. A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients. Examples # Create a DHCP address pool named pool1. <Sysname>...
reset dhcp server conflict • dhcp server ping timeout Use dhcp server ping timeout to set the ping response timeout time on the DHCP server. Use undo dhcp server ping timeout to restore the default. Syntax dhcp server ping timeout milliseconds undo dhcp server ping timeout Default The ping response timeout time is 500 milliseconds.
Default The DHCP server handles Option 82. Views System view Predefined user roles network-admin Usage guidelines Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82. Examples # Configure the DHCP server to ignore Option 82.
<Sysname> display dhcp server conflict IP address Detect time 4.4.4.1 Apr 25 16:57:20 2007 4.4.4.2 Apr 25 17:00:10 2007 Table 6 Command output Field Description IP address Conflicted IP address. Detect time Time when the conflict was discovered. Related commands reset dhcp server conflict display dhcp server database Use display dhcp server database to display information about DHCP binding auto backup.
Field Description Status of the update: • Writing—The backup file is being updated. Status • Last write succeeded—The backup file was successfully updated. • Last write failed—The backup file failed to be updated. display dhcp server expired Use display dhcp server expired to display the lease expiration information. Syntax display dhcp server expired [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views...
Related commands reset dhcp server expired display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses. Syntax display dhcp server free-ip [ pool pool-name | vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters...
Field Description Secondary networks Assignable secondary networks. Related commands address range • dhcp server ip-pool • network • display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about assigned IP addresses. Syntax display dhcp server ip-in-use [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views Any view Predefined user roles...
Table 10 Command output Field Description IP address IP address assigned. Client identifier/Hardware Client ID or hardware address. address Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire. • Lease expiration Not used—The IP address of the static binding has not been assigned to the specific client.
Page 74
Examples # Display information about all DHCP address pools. <Sysname> display dhcp server pool Pool name: 0 Network 20.1.1.0 mask 255.255.255.0 class a range 20.1.1.50 20.1.1.60 bootfile-name abc.cfg dns-list 20.1.1.66 20.1.1.67 20.1.1.68 domain-name www.aabbcc.com bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU= option 2 ip-address 1.1.1.1 expired 1 2 3 0 Pool name: 1...
expired unlimited Table 11 Command output Field Description Pool name Name of an address pool. Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range. class class-name range DHCP user class and its address range. static bindings Static IP-to-MAC/client ID bindings.
Page 76
network-operator Parameters pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command displays information about all address pools. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters.
Field Description DHCP packets received from clients: • DHCPDISCOVER. • DHCPREQUEST. • DHCPDECLINE. Messages received • DHCPRELEASE. • DHCPINFORM. • BOOTPREQUEST. This field is not displayed if you display statistics for a specific address pool. DHCP packets sent to clients: •...
If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.254 Related commands display dhcp server pool...
Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles network-admin Parameters day day: Sets the number of days, in the range of 0 to 365.
Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies a space-separated list of up to eight excluded IP addresses. Usage guidelines The excluded IP addresses in an address pool are still assignable in other address pools. You can exclude a maximum of 4096 IP addresses in an address pool.
export-route: Binds the gateways to the device's MAC address in the address management module. The ARP module will use the entries to reply to ARP requests from the DHCP clients. This feature ensures the clients to obtain different gateway IP addresses but the same MAC address. Usage guidelines If you use this command multiple times, the most recent configuration takes effect.
Page 82
mask mask: Specifies the mask for the match operation, in the hex format. The mask length must be the same as the hex-string length. The mask is used for ANDing the selected string in the option and the specified hexadecimal string. The packet matches the rule if the two AND operation results are the same. offset offset: Specifies the offset in bytes after which the match operation starts.
[Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 2 option 82 hex 13ae92 offset 0 length 3 # Configure match rule 3 to match DHCP requests that contain Option 82. Option 82's highest bit of the fourth byte is 1 for the DHCP user class exam. <Sysname>...
[Sysname-dhcp-pool-p1] ip-in-use threshold 85 nbns-list Use nbns-list to specify WINS server addresses in a DHCP address pool. Use undo nbns-list to remove the specified WINS server addresses. Syntax nbns-list ip-address&<1-8> undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles...
Views DHCP address pool view Predefined user roles network-admin Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.
Parameters network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified, the natural mask will be used. mask-length: Specifies the mask length in the range of 1 to 30. mask mask: Specifies the mask in dotted decimal format. export-route: Advertises the subnet assigned to DHCP clients.
undo next-server Default No server's IP address is specified in a DHCP address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a server. Usage guidelines Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information.
hex hex-string: Specifies a hexadecimal string as the option content. The string length must be an even number in the range of 2 to 256. ip-address ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses as the option content.
Parameters ip ip-address: Clears conflict information about the specified IP address. If you do not specify this option, this command clears all address conflict information. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To clear conflict information about IP addresses on the public network, do not specify this option.
reset dhcp server ip-in-use Use reset dhcp server ip-in-use to clear binding information about assigned IP addresses. Syntax reset dhcp server ip-in-use [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears binding information about the specified assigned IP address.
Examples # Clear DHCP server statistics. <Sysname> reset dhcp server statistics Related commands display dhcp server statistics static-bind Use static-bind to statically bind a client ID or MAC address to an IP address. Use undo static-bind to remove a static binding. Syntax static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] }...
You can specify multiple static bindings in an address pool. The total number of static bindings in all address pools cannot exceed 8192. You cannot modify bindings. To change the binding for a DHCP client, you must delete the existing binding first and create a new binding.
tftp-server ip-address Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool. Use undo tftp-server ip-address to remove the TFTP server address from a DHCP address pool. Syntax tftp-server ip-address ip-address undo tftp-server ip-address Default No TFTP server address is specified. Views DHCP address pool view Predefined user roles...
Predefined user roles network-admin Parameters class-name&<1-8>: Specifies a space-separated list of up to eight DHCP user classes by their names, a case-insensitive string of 1 to 63 characters. Usage guidelines For this command to take effect, you must enable the DHCP user class whitelist. Examples # Add DHCP user classes test1 and test2 to the whitelist in DHCP address pool 0.
Related commands valid class voice-config Use voice-config to configure the content for Option 184 in a DHCP address pool. Use undo voice-config to remove the Option 184 content from a DHCP address pool. Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] Default...
vpn-instance Use vpn-instance to apply a DHCP address pool to a VPN instance. Use undo vpn-instance to remove the application. Syntax vpn-instance vpn-instance-name undo vpn-instance Default The DHCP address pool is not applied to any VPN instance. Views DHCP address pool view Predefined user roles network-admin Parameters...
undo dhcp relay check mac-address Default The MAC address check function is disabled. Views Interface view Predefined user roles network-admin Usage guidelines This function enables the DHCP relay agent to compare the chaddr field of a received DHCP request with the source MAC address in the frame header.
Parameters time: Sets the aging time for MAC address check entries in seconds, in the range of 30 to 600. Usage guidelines This command takes effect only after you execute the dhcp relay check mac-address command. Examples # Set the aging time to 60 seconds for MAC address check entries on the DHCP relay agent. <Sysname>...
Syntax dhcp relay client-information refresh [ auto | interval interval ] undo dhcp relay client-information refresh Default The refresh interval is automatically calculated based on the number of relay entries. Views System view Predefined user roles network-admin Parameters auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh interval. The shortest interval is 50 ms.
Usage guidelines A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client. With this feature, the DHCP relay agent uses a client's IP address and the relay interface's MAC address to periodically send a DHCP-REQUEST message to the DHCP server.
Usage guidelines The DHCP relay agent uses the specified IP address instead of the primary IP address of the relay interface as the gateway address for DHCP clients. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify 10.1.1.1 as the gateway address for DHCP clients on GigabitEthernet 2/0/1.
Page 102
NOTE: If sysname is used as the node identifier, do not include any spaces when you set the device name. Otherwise, the DHCP relay agent fails to add or replace Option 82. user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. •...
Related commands dhcp relay information enable • dhcp relay information strategy • • display dhcp relay information dhcp relay information enable Use dhcp relay information enable to enable the relay agent to support Option 82. Use undo dhcp relay information enable to disable Option 82 support. Syntax dhcp relay information enable undo dhcp relay information enable...
Use undo dhcp relay information remote-id to restore the default. Syntax dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname } undo dhcp relay information remote-id Default The padding mode is normal and the padding format is hex. Views Interface view Predefined user roles...
Use undo dhcp relay information strategy to restore the default handling strategy. Syntax dhcp relay information strategy { drop | keep | replace } undo dhcp relay information strategy Default The handling strategy for messages that contain Option 82 is replace. Views Interface view Predefined user roles...
Predefined user roles network-admin Parameters client-ip: Specifies the IP address to be released. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance of the IP address. The vpn-instance-name is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command releases the IP address in the public network.
Examples # Specify the DHCP server 1.1.1.1 on the relay agent interface GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp relay server-address 1.1.1.1 Related commands dhcp select relay • display dhcp relay interface • display dhcp relay check mac-address Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.
Page 108
Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance.
Related commands dhcp relay client-information record • reset dhcp relay client-information • display dhcp relay information Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent. Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles...
Table 16 Command output Field Description Interface Interface name. Option 82 states: • Status Enable—DHCP relay agent support for Option 82 is enabled. • Disable—DHCP relay agent support for Option 82 is disabled. Handling strategy for request messages containing Option 82, Drop, Strategy Keep, or Replace.
Table 17 Command output Field Description Interface name Interface name. Server IP address DHCP server IP address. Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent. Syntax display dhcp relay statistics [ interface interface-type interface-number ] Views...
DHCPDECLINE: BOOTPREQUEST: DHCP packets relayed to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: DHCP packets sent to servers: DHCPDISCOVER: DHCPREQUEST: DHCPINFORM: DHCPRELEASE: DHCPDECLINE: BOOTPREQUEST: DHCP packets sent to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: Related commands reset dhcp relay statistics gateway-list Use gateway-list to specify a list of gateways for DHCP clients in the relay address pool. Use undo gateway-list to remove the specified gateway addresses from a DHCP relay address pool.
specify the gateway for clients matching the same relay address pool and bind the gateway address to the device's MAC address. Upon receiving a DHCP DISCOVER or REQUEST from a client that matches a relay address pool, the relay agent processes the packet as follows: Fills the giaddr field of the packet with the specified gateway address.
DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply. This makes the client unable to use the IP address assigned by the server. HP recommends that you disable duplicate address detection when ARP attacks exist on the network.
Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
Examples # Use the MAC address of GigabitEthernet 2/0/2 as the DHCP client ID for GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp client identifier mac gigabitethernet 2/0/2 Related commands display dhcp client display dhcp client Use display dhcp client to display DHCP client information. Syntax display dhcp client [ verbose ] [ interface interface-type interface-number ] Views...
Field Description Domain name Domain name suffix assigned to the client. PXE server addresses (up to 16 addresses) specified for the DHCP Boot servers client, which are obtained through Option 43. ACS parameter Parameters about the ACS. URL of the ACS. Username Username for logging in to the ACS.
Usage guidelines When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. This situation can occur when a subinterface obtained an IP address through DHCP, and the shutdown command is executed on its primary interface.
Page 121
Syntax dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } key ] ] } undo dhcp snooping binding database filename Default The DHCP snooping device does not back up DHCP snooping entries. Views System view Predefined user roles...
Examples # Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp. <Sysname> system-view [Sysname] dhcp snooping binding database filename database.dhcp # Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp in the working directory of the FTP server at 10.1.1.1.
Usage guidelines This command enables DHCP snooping on the port directly connecting to the clients to record client information in DHCP snooping entries. Examples # Enable recording of client information in DHCP snooping entries. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp snooping binding record dhcp snooping check mac-address Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.
Default This function is disabled. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This function prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server.
Examples # Enable DHCP snooping. <Sysname> system-view [Sysname] dhcp snooping enable dhcp snooping information circuit-id Use dhcp snooping information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option. Use undo dhcp snooping information circuit-id to restore the default. Syntax dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }...
format: Sets the padding format for the Circuit ID sub-option. ascii: Sets the padding format to ASCII. hex: Sets the padding format to hex. Usage guidelines The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.
Syntax dhcp snooping information enable undo dhcp snooping information enable Default DHCP snooping does not support Option 82. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines This command enables DHCP snooping to add Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server.
Predefined user roles network-admin Parameters vlan vlan-id: Specifies the VLAN ID as the Remote ID sub-option. string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option. sysname: Specifies the sysname mode that uses the device name as the Remote ID sub-option.
Predefined user roles network-admin Parameters drop: Drops DHCP messages that contain Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only on DHCP requests that contain Option 82. For DHCP requests that do not contain Option 82, the DHCP snooping device always adds Option 82 into the requests before forwarding them to the DHCP server.
Examples # Configure the Layer 2 Ethernet interface GigabitEthernet 2/0/1 to learn a maximum of 1000 DHCP snooping entries. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] dhcp snooping max-learning-num 1000 dhcp snooping trust Use dhcp snooping trust to configure a port as a trusted port. Use undo dhcp snooping trust to restore the default state of a port.
network-operator Parameters ip ip-address: Displays the DHCP snooping entry for the specified IP address. vlan vlan-id: Specifies the VLAN ID where the IP address resides. Usage guidelines If you do not specify any parameters, this command displays all DHCP snooping entries. Examples # Display all DHCP snooping entries.
Predefined user roles network-admin network-operator Examples # Display information about DHCP snooping entry auto backup. <Sysname> display dhcp snooping binding database File name database.dhcp Username Password Update interval 600 seconds Latest write time Feb 27 18:48:04 2012 Status Last write succeeded. Table 21 Command output Field Description...
Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by the slot number. If you do not specify a card, this command clears DHCP packet statistics for the active MPU. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears DHCP packet statistics for the master device.
Allocated IP: 169.254.0.2 255.255.0.0 Transaction ID: 0x3d8a7431 MAC Address: 00e0-fc0a-c3ef Table 23 Command output Field Description GigabitEthernet2/0/1 BOOTP client Information about the interface that acts as a BOOTP client. information Allocated IP BOOTP client's IP address allocated by the BOOTP server. Value of the XID field in a BOOTP message.
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.
display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries.
Field Description Time in seconds that a mapping can be stored in the cache. For a static mapping, a hyphen (-) is displayed. Query type Query type, type A or type AAAA. Replied IP address: • IP addresses For type A query, the replied IP address is an IPv4 address. •...
Table 26 Command output Field Description Sequence number. DNS server type: • Type S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information.
Field Description DNS server type: • S—A manually configured DNS server. Type • D—DNS server information dynamically obtained through DHCP or other protocols. IPv6 address IPv6 address of the DNS server. Outgoing Interface Output interface. Related commands ipv6 dns server dns domain Use dns domain to configure a domain name suffix.
<Sysname> system-view [Sysname] dns domain com Related commands display dns domain dns dscp Use dns dscp to set the DSCP value for DNS packets sent by a DNS client or DNS proxy. Use undo dns dscp to restore the default. Syntax dns dscp dscp-value undo dns dscp...
Predefined user roles network-admin Usage guidelines This configuration applies to both IPv4 DNS and IPv6 DNS. Examples # Enable DNS proxy. <Sysname> system-view [Sysname] dns proxy enable dns server Use dns server to specify the IPv4 address of a DNS server. Use undo dns server to remove the specified IPv4 address of a DNS server.
dns source-interface Use dns source-interface to specify the source interface for DNS packets. Use undo dns source-interface to restore the default. Syntax dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] undo dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] Default No source interface for DNS packets is specified.
Syntax dns spoofing ip-address [ vpn-instance vpn-instance-name ] undo dns spoofing ip-address [ vpn-instance vpn-instance-name ] Default DNS spoofing is disabled. Views System view Predefined user roles network-admin Parameters ip-address: Specifies the IPv4 address used to spoof DNS requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters.
Views System view Predefined user roles network-admin Parameters controller interface-type interface-number: Specifies an output interface by its type and number. Usage guidelines The DNS spoofing device spoofs DNS requests if the network mode of the output interface is 2G. This command takes effect on the cellular interface when the interface acts as the output interface to reach the DNS server.
Usage guidelines By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attack.
On the public network or a VPN, each host name maps to only one IPv4 address. If you use the command multiple times, the most recent configuration takes effect. Exclude the ping command parameters ip, -a, -c, -f, -h, -i, -m, -n, -p, -q, -r, -s, -t, -tos, -v, and -vpn-instance from the host name.
Syntax ipv6 dns server ipv6-address [ interface-type interface-number ] [ vpn-instance vpn-instance-name ] undo ipv6 dns server [ ipv6-address [ interface-type interface-number ] ] [ vpn-instance vpn-instance-name ] Default No DNS server IPv6 address is specified. Views System view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of a DNS server.
Default DNS spoofing is disabled. Views System view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address used to spoof DNS requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. To enable DNS spoofing on the public network, do not use this option. Usage guidelines Use the ipv6 dns spoofing command together with the dns proxy enable command.
Predefined user roles network-admin Parameters host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include letters, digits, hyphens (-), underscores (_), and dots (.). ipv6-address: Specifies the IPv6 address of the host. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters.
Page 154
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN, this command clears the domain name-to-IPv6 address mapping on the public network. Usage guidelines If you do not specify the ip and ipv6 keywords, the reset dns host command clears dynamic DNS cache information about all query types.
DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update. Syntax ddns apply policy policy-name [ fqdn domain-name ] undo ddns apply policy policy-name...
ddns dscp Use ddns dscp to set the DSCP value for outgoing DDNS packets. Use undo ddns dscp to restore the default. Syntax ddns dscp dscp-value undo ddns dscp Default The DSCP value for outgoing DDNS packets is 0. Views System view Predefined user roles network-admin...
Usage guidelines You can create up to 16 DDNS policies on the device. Examples # Create a DDNS policy steven_policy and enter its view. <Sysname> system-view [Sysname] ddns policy steven_policy Related commands ddns apply policy • display ddns policy • display ddns policy Use display ddns policy to display information about DDNS policies.
undo interval Default The DDNS update request interval is one hour. Views DDNS policy view Predefined user roles network-admin Parameters days: Days in the range of 0 to 365. hours: Hours in the range of 0 to 23. minutes: Minutes in the range of 0 to 59. Usage guidelines A DDNS update request is initiated immediately if either of the following conditions occurs: •...
Default The method http-get applies. Views DDNS policy view Predefined user roles network-admin Parameters http-get: Uses the get operation. http-post: Uses the post operation. Usage guidelines This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server.
Parameters cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies a case-sensitive password string. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters. Usage guidelines For security purposes, all passwords, including passwords configured in plain text, are saved in ciphertext.
Examples # Associate the SSL client policy ssl_policy with the DDNS policy steven_policy. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] ssl-client-policy ssl_policy Related commands ddns policy • display ddns policy • ssl-client-policy (Security Command Reference) • Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address.
Page 163
No username or password is included in the URL address. To configure the username and password, use the username command and the password command. HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain name or IP address of the service provider's server using one of the update protocols.
NAT commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. address Use address to add an address range to a NAT address group. Use undo address to remove an address range from a NAT address group.
Related commands nat address-group block-size Use block-size to set the port block size. Use undo block-size to restore the default. Syntax block-size block-size undo block-size Default The port block size is 256. Views NAT port block group view Predefined user roles network-admin Parameters block-size: Sets the number of ports for a port block.
Page 167
Examples # (Centralized devices in standalone mode.) Display all NAT configuration information. <Sysname> display nat all NAT address group information: Totally 5 NAT address groups. Address group 1: Port range: 1-65535 Address information: Start address End address 202.110.10.10 202.110.10.15 Address group 2: Port range: 1-65535 Address information: Start address...
Page 168
Interface: GigabitEthernet2/0/2 ACL: 2038 Address group: 2 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn_nat Config status: Active NAT outbound information: Totally 2 NAT outbound rules. Interface: GigabitEthernet2/0/1 ACL: 2036 Address group: 1 Port-preserved: Y NO-PAT: N Reversible: N Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: address group, and ACL.
Page 169
Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and ACL. Static NAT mappings: Totally 2 inbound static NAT mappings. Net-to-net: Global IP : 2.2.2.1 – 2.2.2.255 Local IP : 1.1.1.0 Netmask : 255.255.255.0 Global VPN : vpn2 Local VPN : vpn1...
Page 170
Interfaces enabled with static NAT: Totally 2 interfaces enabled with static NAT. Interface: GigabitEthernet2/0/2 Config status: Active Interface: GigabitEthernet2/0/3 Config status: Active NAT DNS mappings: Totally 2 NAT DNS mappings. Domain name : www.server.com Global IP : 6.6.6.6 Global port : 23 Protocol : TCP(6)
Page 172
NAT outbound port block group information: Totally 2 outbound port block group items. Interface: GigabitEthernet2/0/2 Port block group: 2 Config status : Active Interface: GigabitEthernet2/0/2 Port block group: 10 Config status : Inactive Reasons for inactive status: The following items don't exist or aren't effective: port block group. # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display all NAT configuration information.
Page 173
Start address End address NAT server group information: Totally 3 NAT server groups. Group Number Inside IP Port Weight 192.168.0.26 192.168.0.27 192.168.0.26 NAT inbound information: Totally 1 NAT inbound rules. Interface: GigabitEthernet2/0/1 ACL: 2038 Address group: 2 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn_nat...
Page 174
Interface: GigabitEthernet2/0/2 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23-30 Local IP/port : 192.168.10.15-192.168.10.22/23 Global VPN : vpn1 Local VPN : vpn3 Config status : Active Global flow-table status: Active Local flow-table status: Active Interface: GigabitEthernet2/0/3 Protocol: 255(Reserved) Global IP/port: 50.1.1.100/--- Local IP/port : 192.168.10.150/--- Global VPN : vpn2 Local VPN...
Page 175
Local flow-table status: Active Totally 2 outbound static NAT mappings. Net-to-net: Local IP : 1.1.1.1 - 1.1.1.255 Global IP : 2.2.2.0 Netmask : 255.255.255.0 Local VPN : vpn1 Global VPN : vpn2 : 2000 Reversible Config status: Active Global flow-table status: Active Local flow-table status: Active IP-to-IP: Local IP...
Page 176
Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: interface IP address. NAT logging: Log enable : Enabled(ACL 2000) Flow-begin : Disabled Flow-end : Disabled Flow-active : Enabled(10 minutes) Port-block-assign : Disabled Port-block-withdraw : Disabled Alarm : Disabled NAT hairpinning:...
Page 177
Local IP address information: Start address End address VPN instance 172.16.1.1 172.16.1.254 192.168.1.1 192.168.1.254 vpna 192.168.3.1 192.168.3.254 vpna Global IP pool information: Start address End address 201.1.1.1 201.1.1.10 201.1.1.21 201.1.1.25 Port block group 2: Port range: 10001-30000 Block size: 500 Local IP address information: Start address End address...
Page 178
NAT address group information: Totally 5 NAT address groups. Address group 1: Port range: 1-65535 Address information: Start address End address 202.110.10.10 202.110.10.15 Address group 2: Port range: 1-65535 Address information: Start address End address 202.110.10.20 202.110.10.25 202.110.10.30 202.110.10.35 Address group 3: Port range: 1024-65535 Address information: Start address...
Page 179
VPN instance: vpn_nat Config status: Active Global flow-table status: Active NAT outbound information: Totally 2 NAT outbound rules. Interface: GigabitEthernet1/2/0/2 ACL: 2036 Address group: 1 Port-preserved: Y NO-PAT: N Reversible: N Config status: Active Global flow-table status: Active Interface: GigabitEthernet1/2/0/2 ACL: 2037 Address group: 1 Port-preserved: N...
Page 180
Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and ACL. Global flow-table status: Active Local flow-table status: Active Interface: GigabitEthernet1/2/1/5 Protocol: 17(UDP) Global IP/port: 50.1.1.2/23 Local IP/port : server group 1 192.168.0.26/23 (Connections: 10) 192.168.0.27/23 (Connections: 20) Global VPN...
Page 181
Netmask : 255.255.255.0 Local VPN : vpn1 Global VPN: vpn2 : 2000 Reversible: Y Config status: Active Global flow-table status: Active Local flow-table status: Active IP-to-IP: Local IP : 4.4.4.4 Global IP : 5.5.5.5 Local VPN : vpn1 Global VPN: vpn2 ACL: : 2001 Reversible: Y...
Page 183
Start address End address 201.1.1.1 201.1.1.10 201.1.1.21 201.1.1.25 Port block group 2: Port range: 10001-30000 Block size: 500 Local IP address information: Start address End address VPN instance 10.1.1.1 10.1.10.255 vpnb Global IP pool information: Start address End address 202.10.10.101 202.10.10.120 Port block group 3: Port range: 1-65535...
Field Description Information about the internal server group. See Table 42 for output NAT server group information description. Inbound dynamic NAT configuration. See Table 34 for output NAT inbound information: description. Outbound dynamic NAT configuration. See Table 37 for output NAT outbound information description.
Page 185
Syntax display nat address-group [ group-number ] Views Any view Predefined user roles network-admin network-operator Parameters group-number: Specifies the ID of a NAT address group. The value range for this argument is 0 to 65535. If you do not specify this argument, this command displays information about all NAT address groups. Examples # Display information about all NAT address groups.
Start address End address # Display information about NAT address group 1. <Sysname> display nat address-group 1 Address group 1: Port range: 1-65535 Address information: Start address End address 202.110.10.10 202.110.10.15 Table 31 Command output Field Description Address group ID of the NAT address group. Port range Port range for public IP addresses.
Totally 2 NAT DNS mappings. Domain name : www.server.com Global IP : 6.6.6.6 Global port : 23 Protocol : TCP(6) Config status: Active Domain name : www.service.com Global IP : --- Global port : 12 Protocol : TCP(6) Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: interface IP address.
Page 188
display nat eim [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays EIM entry information for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID.
Page 189
Local IP/port: 192.168.100.100/1024 Global IP/port: 200.100.1.100/2048 Local VPN: vpn1 Global VPN: vpn2 Protocol: TCP(6) Local IP/port: 192.168.100.200/2048 Global IP/port: 200.100.1.200/4096 Protocol: UDP(17) Total entries found: 2 # (Centralized devices in IRF mode.) Display information about NAT EIM entries for IRF member device <Sysname>...
Field Description MPLS L3VPN instance to which the private IP address belongs. If no VPN is Local VPN specified, this field is not displayed. MPLS L3VPN instance to which the public IP address belongs. If no VPN is Global VPN specified, this field is not displayed.
Page 191
NAT inbound information: Totally 2 NAT inbound rules. Interface: GigabitEthernet2/0/2 ACL: 2038 Address group: 2 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn1 Config status: Active Global flow-table status: Active Interface: GigabitEthernet2/0/3 ACL: 2037 Address group: 1 Add route: Y NO-PAT: Y Reversible: N VPN instance: vpn2...
Field Description Whether NO-PAT or PAT is used: • NO-PAT Y—NO-PAT is used. • N—PAT is used. Reversible Whether reverse address translation is allowed. MPLS L3VPN instance to which the NAT address group belongs. If the group VPN instance does not belong to any VPN, the field is not displayed. Config status Status of the inbound dynamic NAT configuration: Active or Inactive.
Table 35 Command output Field Description NAT logging NAT logging configuration. Whether NAT logging is enabled. Log enable If an ACL is specified for NAT logging, this field also displays the ACL number. Flow-begin Whether logging is enabled for NAT session establishment events. Flow-end Whether logging is enabled for NAT session removal events.
Page 194
Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays NO-PAT entry information for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays NO-PAT entry information for all member devices.
Page 195
Global VPN: vpn2 Local VPN: vpn1 Reversible: N Type : Inbound Local IP: 192.168.100.200 Global IP: 200.100.1.200 Reversible: Y Type : Outbound Total entries found: 2 # (Centralized devices in IRF mode.) Display information about NO-PAT entries for IRF member device 1. <Sysname>...
Table 36 Command output Field Description Local IP Private IP address. Global IP Public IP address. MPLS L3VPN instance to which the private IP address belongs. If the IP address does Local VPN not belong to any VPN, this field is not displayed. MPLS L3VPN instance to which the public IP address belongs.
Page 197
Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: global VPN, and ACL Interface: GigabitEthernet2/0/1 DS-Lite B4 ACL: 2100 Address group: 0 Port-preserved: N NO-PAT: N Reversible: N Config status: Active # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display information about outbound dynamic NAT.
The following items don't exist or aren't effective: global VPN, and ACL. Global flow-table status: Active Interface: GigabitEthernet1/2/0/1 DS-Lite B4 ACL: 2100 Address group: 0 Port-preserved: N NO-PAT: N Reversible: N Config status: Active Table 37 Command output Field Description NAT outbound information Information about outbound dynamic NAT.
Page 199
Views Any view Predefined user roles network-admin network-operator Examples # Display information about port block group application for NAT444. <Sysname> display nat outbound port-block-group NAT outbound port block group information: Totally 2 outbound port block group items. Interface: GigabitEthernet2/0/2 Port block group: 2 Config status : Active Global flow-table status: Active...
# Display dynamic NAT444 mappings. <Sysname> display nat port-block dynamic Slot 0: Local VPN Local IP Global IP Port block Connections 101.1.1.12 192.168.135.201 10001-11024 Total entries found: 1 # Display DS-Lite NAT444 mappings. <Sysname> display nat port-block dynamic ds-lite-b4 Slot 0: Local VPN DS-Lite B4 addr Global IP...
Page 202
NAT port block group information: Totally 3 NAT port block groups. Port block group 1: Port range: 1-65535 Block size: 256 Local IP address information: Start address End address VPN instance 172.16.1.1 172.16.1.254 192.168.1.1 192.168.1.254 vpna 192.168.3.1 192.168.3.254 vpna Global IP pool information: Start address End address 201.1.1.1...
Table 40 Command output Field Description Port block group ID of the NAT port block group. Port range Port range for the public IP addresses. Block size Number of ports in a port block. Local IP address information Information about private IP addresses. Global IP pool information Information about public IP addresses.
Page 204
Global IP/port: 50.1.1.1/23-30 Local IP/port : 192.168.10.15-192.168.10.22/23 Global VPN : vpn1 Local VPN : vpn3 Config status : Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN. Interface: GigabitEthernet2/0/3 Protocol: 255(Reserved) Global IP/port: 50.1.1.100/--- Local IP/port : 192.168.10.150/--- Global VPN : vpn2...
Page 205
Local VPN : vpn4 Config status : Active Global flow-table status: Active Local flow-table status: Active # (Distributed devices in IRF mode.) Display NAT Server configuration. <Sysname> display nat server NAT internal server information: Totally 3 internal servers. Interface: GigabitEthernet1/2/0/1 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23 Local IP/port : 192.168.10.15/23...
Field Description Public IP address and port number of the internal server. • Global IP—A single IP address or an address pool of consecutive addresses. If you use Easy IP, this field displays the address of the specified interface. If you do not specify an address for the interface, the Global IP/port Global IP field displays hyphens (---).
Views Any view Predefined user roles network-admin network-operator Parameters group-number: Specifies the ID of the internal server group. The value range for this argument is 0 to 65535. If you do not specify this argument, this command displays configuration about all internal server groups.
Source security zone: DestZone State: TCP_SYN_SENT Application: SSH Start time: 2011-07-29 19:12:36 TTL: 28s Initiator->Responder: 1 packets 48 bytes Responder->Initiator: 0 packets 0 bytes Total sessions found: 1 Table 43 Command output Field Description Initiator Session information about an initiator. Responder Session information about a responder.
Page 212
Predefined user roles network-admin network-operator Examples # (Centralized devices in standalone mode.) Display static NAT mappings. <Sysname> display nat static Static NAT mappings: Totally 2 inbound static NAT mappings. Net-to-net: Global IP : 1.1.1.1 - 1.1.1.255 Local IP : 2.2.2.0 Netmask : 255.255.255.0 Global VPN...
Page 213
Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and global VPN. Interfaces enabled with static NAT: Totally 2 interfaces enabled with static NAT. Interface: GigabitEthernet2/0/2 Config status: Active Interface: GigabitEthernet2/0/3 Config status: Active # (Distributed devices in standalone mode/centralized devices in IRF mode.) Display static NAT mappings.
Page 214
Global VPN : vpn2 : 2000 Reversible Config status: Active Global flow-table status: Active Local flow-table status: Active IP-to-IP: Local IP : 4.4.4.4 Global IP : 5.5.5.5 Local VPN : vpn4 Global VPN : vpn3 ACL: : 2000 Reversible Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN, and global VPN.
Page 215
Local VPN : vpn4 : 2001 Reversible Config status: Inactive Reasons for inactive status: The following items don't exist or aren't effective: local VPN, global VPN, and ACL. Global flow-table status: Active Local flow-table status: Active Totally 2 outbound static NAT mappings. Net-to-net: Local IP : 1.1.1.1 - 1.1.1.255...
Field Description IP-to-IP One-to-one static NAT mapping. Local IP Private IP address or address pool. Global IP Public IP address or address pool. Netmask Network mask. MPLS L3VPN instance to which the private IP address belongs. Local VPN If no VPN instance is specified, this field is not displayed. MPLS L3VPN instance to which the public IP address belongs.
Page 217
Views Any view Predefined user roles network-admin network-operator Parameters summary: Displays NAT statistics summary. If you do not specify this keyword, this command displays detailed NAT statistics. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays NAT statistics for all cards.
Page 218
Total EIM entries: 1 Total inbound NO-PAT entries: 0 Total outbound NO-PAT entries: 0 Total static port block entries: 10 Total dynamic port block entries: 15 Active static port block entries: 0 Active dynamic port block entries: 0 Slot 1 in chassis 1: Total session entries: 100 Total EIM entries: 1 Total inbound NO-PAT entries: 0...
ASPB: Active static port block entries. ADPB: Active dynamic port block entries. Slot Sessions ASPB ADPB 1572720 # (Distributed devices in IRF mode.) Display summary information about all NAT statistics. <Sysname> display nat statistics summary EIM: Total EIM entries. SPB: Total static port block entries. DPB: Total dynamic port block entries.
Predefined user roles network-admin Parameters start-address end-address: Specifies the start IP address and end IP address of a public IP address range. The end IP address cannot be smaller than the start IP address. If the start and end IP addresses are the same, only one public IP address is specified.
weight weight-value: Specifies the weight of the internal server. The value range is 1 to 1000, and the default value is 100. An internal server with a larger weight receives a larger percentage of connections in the internal server group. Examples # Add a member with IP address 10.1.1.2 and port number 30 to internal server group 1.
[Sysname] nat port-block-group 1 [Sysname-port-block-group-1] local-ip-address 172.16.1.1 172.16.1.255 vpn-instance vpn1 Related commands nat port-block-group nat address-group Use nat address-group to create a NAT address group and enter its view. Use undo nat address-group to remove a NAT address group. Syntax nat address-group group-number undo nat address-group group-number Default...
Page 223
Syntax nat alg { all | dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp } undo nat alg { all | dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet |tftp | xdmcp } Default NAT with ALG for all protocols is enabled.
Related commands display nat all nat dns-map Use nat dns-map to configure a DNS mapping for NAT. The mapping maps the domain name of an internal server to the public IP address, public port number, and protocol type of the internal server. Use undo nat dns-map to remove a DNS mapping for NAT.
Examples # Configure a NAT with DNS mapping between the domain name www.server.com, the public IP address 202.1 12.0.1, and the public port number 12345. Specify the protocol type as TCP. <Sysname> system-view [Sysname] nat dns-map domain www.server.com protocol tcp ip 202.112.0.1 port 12345 Related commands display nat all •...
Page 226
The output interface is the NAT interface and the next-hop is the source address before translation. If you do not specify this keyword, you must manually add the route. Because automatic route adding is slow, HP recommends that you add routes manually. Usage guidelines Inbound dynamic NAT translates the source IP addresses of incoming packets permitted by the ACL into IP addresses in the address group.
Outbound dynamic NAT (the nat outbound command). • • The NAT Server feature (the nat server command). Outbound static NAT (the nat static command). • An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be used by the nat inbound command in both PAT and NO-PAT modes.
undo nat log enable Default NAT logging is disabled. Views System view Predefined user roles network-admin Parameters acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999. Usage guidelines You must enable NAT logging before you enable NAT session logging. The acl acl-number option takes effect only for NAT session logging.
Parameters time-value: Specifies the interval for logging active NAT flows, in the range of 10 to 120 minutes. Usage guidelines This function helps track active NAT flows. Logging for active flows takes effect only after you enable NAT logging. Examples # Enable logging for active NAT flows and set the logging interval to 10 minutes.
Parameters acl: Specifies an ACL. Applies the NAT mapping behavior to packets that are permitted by the ACL. If you do not specify an ACL, the Endpoint-Independent Mapping applies to all packets. acl-number: Specifies an ACL by its number in the range of 2000 to 3999. name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters.
Page 232
PAT: nat outbound [ acl-number | name acl-name ] [ address-group group-number ] [ vpn-instance vpn-instance-name ] [ port-preserved ] undo nat outbound [ acl-number | name acl-name ] Default No outbound dynamic NAT rule is configured. Views Interface view Predefined user roles network-admin Parameters...
Page 233
An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be used by the nat outbound command in both PAT and NO-PAT modes. An ACL can be used by only one outbound dynamic NAT rule an interface. You can configure multiple outbound dynamic NAT rules on an interface.
# Set the port block size to 256. [Sysname-nat-address-group-1] port-block block-size 256 [Sysname-nat-address-group-1] quit # Configure DS-Lite NAT444 on GigabitEthernet 2/0/1 to use address group 1 to translate packets permitted by ACL 2100. [Sysname] interface ethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] nat outbound ds-lite-b4 2100 address-group 1 Related commands display nat outbound nat outbound port-block-group...
nat port-block-group • nat port-block-group Use nat port-block-group to create a port block group and enter its view. Use undo nat port-block-group to delete a port block group. Syntax nat port-block-group group-number undo nat port-block-group group-number Default No port block group exists. Views System view Predefined user roles...
port-range • nat server Use nat server to create a mapping from the private IP address and port of an internal server to a public address and port for an internal server. Use undo nat server to remove a mapping. Syntax Common NAT Server: A single public address with no or a single public port:...
Page 238
nat server global { global-acl-number | name global-acl-name } inside local-address [ local-port ] [ vpn-instance local-name ] undo nat server global { global-acl-number | name global-acl-name } inside local-address [ local-port ] [ vpn-instance local-name ] Default The NAT Server feature is not configured. Views Interface view Predefined user roles...
Page 239
global-port: Specifies the public port number. The default value and value range are the same as those for the local-port argument. local-address: Specifies the private IP address. vpn-instance global-name: Specifies the MPLS L3VPN instance to which the advertised public IP addresses belong.
Page 240
External network Internal network N consecutive public addresses and a public port number A private address Public addresses matching an ACL A private address and a private port You can configure a maximum of 256 nat server commands on an interface. The number of internal servers that each command can define equals the difference between global-port2 and global-port1.
nat static enable Use nat static enable to enable static NAT on an interface. Use undo nat static enable to disable static NAT on an interface. Syntax nat static enable undo nat static enable Default Static NAT is disabled. Views Interface view Predefined user roles network-admin...
Page 243
Views System view Predefined user roles network-admin Parameters global-ip: Specifies a public IP address. vpn-instance global-name: Specifies the MPLS L3VPN instance to which the public IP address belongs. The global-name argument is a case-sensitive string of 1 to 31 characters. If the public IP address does not belong to any VPN instance, do not specify this option.
Examples # Configure an inbound static NAT mapping between public IP address 2.2.2.2 and private IP address 192.168.1.1. <Sysname> system-view [Sysname] nat static inbound 2.2.2.2 192.168.1.1 Related commands display nat all • • display nat static nat static enable • nat static inbound net-to-net Use nat static inbound net-to-net to configure a net-to-net mapping for inbound static NAT.
Page 245
name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters. reversible: Allows reverse address translation. Reverse address translation applies to connections actively initiated by internal hosts to the external hosts. It uses the mapping to translate destination addresses for packets of these connections if the packets are permitted by ACL reverse matching.
ACL reverse matching works as follows: • Compares the source IP address/port of a packet with the destination IP addresses/ports in the ACL. Translates the destination IP address of the packet according to the mapping, and then compares • the translated destination IP address/port with the source IP address/port in the ACL. Static NAT takes precedence over dynamic NAT when both are configured on an interface.
Page 248
Parameters local-start-address local-end-address: Specifies a private address range which can contain a maximum of 255 addresses. The local-end-address must not be lower than local-start-address. If they are the same, only one private address is specified. global-network: Specifies a public network address. mask-length: Specifies the mask length of the public network address, in the range of 8 to 31.
Examples # Configure an outbound static NAT mapping between private network address 192.168.1.0/24 and public network address 2.2.2.0/24. <Sysname> system-view [Sysname] nat static outbound net-to-net 192.168.1.1 192.168.1.255 global 2.2.2.0 24 # Configure outbound static NAT. Allow internal users on subnet 192.168.1.0/24 to access the external subnet 3.3.3.0/24 by using public IP addresses on subnet 2.2.2.0/24.
Examples # Set the port block size to 256 and the number of extended port blocks to 1 for NAT address group 2. <Sysname> system-view [Sysname] nat address-group 2 [Sysname-address-group-2] port-block block-size 256 extended-block-number 1 Related commands nat address-group port-range Use port-range to specify a port range for public IP addresses.
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ topology topo-name | vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters topology topo-name: Specifies a topology by its name, a case-sensitive string of 1 to 31 characters.
Page 253
Destination/Mask Nexthop Flag OutInterface/Token Label 0.0.0.0/32 127.0.0.1 InLoop0 Null 127.0.0.0/8 127.0.0.1 InLoop0 Null 127.0.0.0/32 127.0.0.1 InLoop0 Null 127.0.0.1/32 127.0.0.1 InLoop0 Null 127.255.255.255/32 127.0.0.1 InLoop0 Null 224.0.0.0/4 0.0.0.0 NULL0 Null 224.0.0.0/24 0.0.0.0 NULL0 Null 255.255.255.255/32 127.0.0.1 InLoop0 Null # Display all FIB entries of the public network. <Sysname>...
Page 254
Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay F:FRR Destination/Mask Nexthop Flag OutInterface/Token Label 10.2.1.1/32 127.0.0.1 InLoop0 Null Table 48 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of FIB entries. Destination/Mask Destination address and the mask length.
Load sharing commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. bandwidth-based-sharing Use bandwidth-based-sharing to enable IPv4 load sharing based on bandwidth. Use undo bandwidth-based-sharing to disable IPv4 load sharing based on bandwidth.
Page 256
Syntax Centralized devices in standalone mode: ip load-sharing mode per-flow [ dest-ip | dest-port | ip-pro | src-ip | src-port ] * ] undo ip load-sharing mode Distributed devices in standalone mode/centralized devices in IRF mode: ip load-sharing mode per-flow [ dest-ip | dest-port | ip-pro | src-ip | src-port ] * ] [ slot slot-number ] undo ip load-sharing mode [ slot slot-number ] Distributed devices in IRF mode: ip load-sharing mode { per-flow [ algorithm algorithm-number | [ dest-ip | dest-port | ip-pro | src-ip |...
Fast forwarding commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ip fast-forwarding aging-time Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries. Syntax display ip fast-forwarding aging-time Views...
Page 258
Views Any view Predefined user roles network-admin network-operator Parameters ip-address: Specifies an IP address. If you do not specify an IP address, this command displays all fast forwarding entries. slot slot-number: Specifies a card by the slot number. If you do not specify a card, this command displays fast forwarding entries for all cards.
Field Description DPort Destination port number. Protocol number. Input interface type and number. Input_If If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-). Output interface type and number. Output_If If no interface is involved in fast forwarding, this field displays N/A.
of the card. If you do not specify a card, this command displays fast forwarding entries for fragmented packets on all cards. (Distributed devices in IRF mode.) Usage guidelines This command displays fast forwarding entries for fragmented packets. Each entry includes the source IP address, source port number, destination IP address, destination port number, protocol number, input interface, and fragment ID.
Views System view Predefined user roles network-admin Parameters aging-time: Specifies the aging time in the range of 10 to 300 seconds. Examples # Set the aging time to 20 seconds for fast forwarding entries. <Sysname> system-view [Sysname] ip fast-forwarding aging-time 20 Related commands display ip fast-forwarding aging-time ip fast-forwarding load-sharing...
Page 262
Syntax Centralized devices in standalone mode: reset ip fast-forwarding cache Distributed devices in standalone mode/centralized devices in IRF mode: reset ip fast-forwarding cache [ slot slot-number ] Distributed devices in IRF mode: reset ip fast-forwarding cache [ chassis chassis-number slot slot-number ] Views User view Predefined use roles...
Flow classification commands forwarding policy Use forwarding policy to specify a flow classification policy. Use undo forwarding policy to restore the default. Syntax forwarding policy { per-flow | per-packet } undo forwarding policy Default The flow-based policy is used. Views System view Predefined user roles network-admin...
IPv4 adjacency table commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display adjacent-table Use display adjacent-table to display IPv4 adjacency entries. Syntax Distributed devices in standalone mode/centralized devices in standalone or IRF mode: display adjacent-table { all | physical-interface interface-type interface-number | routing-interface...
Page 265
Examples # Display detailed information about all IPv4 adjacency entries. <Sysname> display adjacent-table all verbose IP address : 0.0.0.0 Routing interface : Pos2/2/0 Physical interface : Pos2/2/0 Logical interface : N/A Service type : PPP Action type : Forwarding Link media type : P2P Slot VPN index...
Page 266
Field Description VPN index Index of the VPN. Information about the virtual circuit, such as PVC or DLCI. If the entry has no Virtual circuit information virtual circuit, this field displays N/A. Link head information(IP) Link layer header for IPv4. Link head information(MPLS) Link layer header for MPLS.
IPv6 adjacency table commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ipv6 adjacent-table Use display ipv6 adjacent-table to display IPv6 adjacency entries. Syntax Distributed devices in standalone mode/centralized devices in standalone or IRF mode: display ipv6 adjacent-table { all | physical-interface interface-type interface-number | routing-interface...
Page 268
Examples # Display detailed information about all IPv6 adjacency entries. <Sysname> display ipv6 adjacent-table all verbose IPv6 address : N/A Routing interface : Pos2/2/0 Physical interface : Pos2/2/0 Logical interface : N/A Service type : PPP Action type : Forwarding Link media type : P2P Slot...
Page 269
Field Description Information about the virtual circuit, such as PVC or DLCI. If the entry has no Virtual circuit information virtual circuit, this field displays N/A. Link head information(IPv6) Link layer header for IPv6.
IRDP commands ip irdp Use ip irdp to enable IRDP on an interface. Use undo ip irdp to disable IRDP on an interface. Syntax ip irdp undo ip irdp Default IRDP is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines This command validates the IRDP settings on the interface.
Predefined user roles network-admin Parameters ip-address: Specifies an IP address in dotted decimal notation. preference-value: Specifies the preference for the IP address, in the range of –2147483648 to 2147483647. Usage guidelines You can specify a maximum of four IP addresses for an interface to proxy-advertise. An RA sent on the interface includes the interface IP addresses and the proxy-advertised IP addresses.
IP addresses for the interface to proxy-advertise. • Examples # Set the lifetime of IP addresses advertised on GigabitEthernet 2/0/1 to 2000 seconds. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ip irdp lifetime 2000 Related commands ip irdp • ip irdp interval •...
ip irdp multicast Use ip irdp multicast to specify the multicast address 224.0.0.1 as the destination IP address for RAs sent on an interface. Use undo ip irdp multicast to restore the default. Syntax ip irdp multicast undo ip irdp multicast Default The destination IP address is 255.255.255.255.
Page 274
Parameters preference-value: Specifies the preference in the range of –2147483648 to 2147483647. A larger value represents a higher preference. To request that neighboring hosts do not use any advertised IP address as the default gateway, set the value to the minimum value. Examples # Specify preference 1 for IP addresses advertised on GigabitEthernet 2/0/1.
IP performance optimization commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax Centralized devices in standalone mode: display icmp statistics...
<Sysname> display icmp statistics Input: bad formats bad checksum echo destination unreachable 0 source quench 0 redirects echo replies parameter problem timestamp information requests mask requests 0 mask replies time exceeded 0 invalid type router advert 0 router solicit broadcast/multicast echo requests ignored broadcast/multicast timestamp requests ignored Output: echo destination unreachable 0...
Page 277
slot number of the card. If you do not specify a card, this command displays IP packet statistics for all cards. (Distributed devices in IRF mode.) Usage guidelines IP statistics include information about received and sent packets and reassembly. Examples # Display IP packet statistics.
0.0.0.0 0.0.0.0 0x0000000000000008 0.0.0.0 0.0.0.0 0x0000000000000002 # (Distributed devices in IRF mode.) Display brief information about RawIP connections. <Sysname> display rawip Local Addr Foreign Addr Protocol Chassis Slot 0.0.0.0 0.0.0.0 0x0000000000000009 0.0.0.0 0.0.0.0 0x0000000000000008 0.0.0.0 0.0.0.0 0x0000000000000002 Table 54 Command output Field Description Local Addr...
Page 280
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about RawIP connections for all member devices. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Page 282
Field Description Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Receiving buffer • state—Buffer state: (cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag. N/A—None of the above states.
Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Page 284
Syntax Centralized devices in standalone mode: display tcp Distributed devices in standalone mode/centralized devices in IRF mode: display tcp [ slot slot-number ] Distributed devices in IRF mode: display tcp [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
<Sysname> display tcp *: TCP MD5 Connection Local Addr:port Foreign Addr:port State Chassis Slot *0.0.0.0:21 0.0.0.0:0 LISTEN 0x00000000 0000c387 192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 0x00000000 00000009 192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 0x00000000 00000002 Table 56 Command output Field Description Indicates that the TCP connection uses MD5 authentication. Local Addr:port Local IP address and port number.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about TCP proxy for all member devices. (Centralized devices in IRF mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device.
Page 287
Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays TCP traffic statistics for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays TCP traffic statistics for all member devices.
reply failures: 0 successfully build new socket: 12 bucket overflows: 0 zone failures: 0 syncache entries removed due to RST: 0 syncache entries removed due to timed out: 0 ACK checked by syncache or syncookie failures: 0 syncache entries aborted: 0 syncache entries removed due to bad ACK: 0 syncache entries removed due to ICMP unreachable: 0 SYN cookies sent: 0...
Page 291
Inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) Connection state: ESTABLISHED TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR NSR state: READY(M) Send VRF: 0x0 Receive VRF: 0x0 Table 58 Command output Field Description TCP inpcb number Number of TCP IP PCBs. tcpcb number Number of TCP PCBs.
Page 292
Field Description Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. • 2—SOCK_DGRAM. This socket uses UDP to provide datagram Type transmission. • 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. •...
Field Description IP version flags in the Internet PCB: • INP_IPV4—IPv4 protocol. • INP_TIMEWAIT—In TIMEWAIT state. • INP_ONESBCAST—Sends broadcast packets. Inpcb vflag • INP_DROPPED—Protocol dropped flag. • INP_SOCKREF—Strong socket reference. • INP_DONTBLOCK—Do not block synchronization of the Internet PCB. • N/A—None of the above flags.
slot number of the card. If you do not specify a card, this command displays brief information about UDP connections for all cards. (Distributed devices in IRF mode.) Usage guidelines Brief UDP connection information includes local IP address and port number, and peer IP address and port number.
Distributed devices in IRF mode: display udp statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays UDP traffic statistics for all cards.
Page 296
display udp verbose [ slot slot-number [ pcb pcb-index ] ] Distributed devices in IRF mode: display udp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The value range for the pcb-index argument is 1 to 16.
Page 298
Field Description Slot number of the card. (Distributed devices–In standalone mode–In IRF Slot mode.) Slot ID of the IRF member device. (Centralized devices in IRF mode.) Name of the operation that created the socket. The number in brackets is Creator the process number of the creator.
Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Syntax ip forward-broadcast undo ip forward-broadcast Default An interface cannot forward directed broadcasts destined for the directly connected network. Views Interface view Predefined user roles network-admin Usage guidelines A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
Views System view Predefined user roles network-admin Parameters milliseconds: Sets the interval for tokens to arrive in the bucket. The value range is 0 to 2147483647 milliseconds, and the default is 100 milliseconds. To disable the ICMP rate limit, set the value to 0. bucketsize: Specifies the maximum number of tokens allowed in the bucket.
ip-address: Specifies an IP address. Usage guidelines It is a good practice to specify the IP address of the loopback interface as the source IP address for outgoing ping echo request and ICMP error messages. This feature helps users to locate the sending device easily.
ip reassemble local enable Use ip reassemble local enable to enable IPv4 local fragment reassembly. Use undo ip reassemble local enable to restore the default. Syntax ip reassemble local enable undo ip reassemble local enable Default IPv4 local fragment reassembly is disabled. Views System view Predefined user roles...
A host that has only one route destined for the default gateway sends all packets to the default gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next hop by following these rules: •...
ip unreachables enable Use ip unreachables enable to enable sending ICMP destination unreachable messages. Use undo ip unreachables enable to disable sending ICMP destination unreachable messages. Syntax ip unreachables enable undo ip unreachables enable Default Sending ICMP destination unreachable messages is disabled. Views System view Predefined user roles...
reset ip statistics Use reset ip statistics to clear IP traffic statistics. Syntax Centralized devices in standalone mode: reset ip statistics Distributed devices in standalone mode/centralized devices in IRF mode: reset ip statistics [ slot slot-number ] Distributed devices in IRF mode: reset ip statistics [ chassis chassis-number slot slot-number ] Views User view...
Usage guidelines This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist. This configuration is effective only on IP packets. If MPLS is enabled on the interface, do not configure the TCP MSS on the interface.
Examples # Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes. <Sysname> system-view [Sysname] tcp path-mtu-discovery aging 20 tcp syn-cookie enable Use tcp syn-cookie enable to enable SYN Cookie to protect the device from SYN flood attacks. Use undo tcp syn-cookie enable to disable SYN Cookie.
Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP FIN wait timer is 675 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds. Usage guidelines TCP starts the FIN wait timer when the state changes to FIN_WAIT_2.
Examples # Set the TCP SYN wait timer to 80 seconds. <Sysname> system-view [Sysname] tcp timer syn-timeout 80 tcp window Use tcp window to configure the size of the TCP receive/send buffer. Use undo tcp window to restore the default. Syntax tcp window window-size undo tcp window...
UDP helper commands display udp-helper interface Use display udp-helper interface to display information about broadcast to unicast conversion by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines This command displays information about destination servers and total number of unicast packets converted from UDP broadcast packets by UDP helper.
reset udp-helper statistics Use reset udp-helper statistics to clear packet statistics for UDP helper. Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the packet statistics for UDP helper. <Sysname> reset udp-helper statistics Related commands display udp-helper interface udp-helper broadcast-map Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast to...
You can configure a maximum of 20 unicast and multicast addresses for UDP helper to convert broadcast packets. Examples # Configure UDP helper to convert received broadcast packets on GigabitEthernet 2/0/1 to multicast packets destined for 225.0.0.1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] udp-helper broadcast-map 225.0.0.1 udp-helper enable Use udp-helper enable to enable UDP helper.
udp-helper multicast-map Use udp-helper multicast-map to map a multicast address to a directed broadcast or a unicast address for UDP helper. Use undo udp-helper multicast-map to restore the default. Syntax udp-helper multicast-map multicast-address ip-address [ global | vpn-instance vpn-instance-name ] [ acl acl-number ] undo udp-helper...
[Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] udp-helper multicast-map 225.0.0.1 192.168.1.255 # Configure UDP helper to convert the multicast packets destined for 225.0.0.1 to unicast packets destined for 192.168.1.3 in VPN instance a. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname- GigabitEthernet2/0/1] udp-helper multicast-map 225.0.0.1 192.168.1.3 vpn-instance a udp-helper port Use udp-helper port to specify a UDP port number for UDP helper.
udp-helper server Use udp-helper server to specify a destination server for UDP helper to convert broadcast to unicast. Use undo udp-helper server to remove a destination server. Syntax udp-helper server ip-address [ global | vpn-instance vpn-instance-name ] undo udp-helper server [ ip-address [ global | vpn-instance vpn-instance-name ] ] Default No destination server is specified for UDP helper.
Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ICMPv6 packet statistics for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ICMPv6 packet statistics for all member devices.
Page 321
network-operator Parameters interface-type: Specifies an interface by its type. interface-number: Specifies an interface by its number. brief: Displays brief information. Usage guidelines If you specify the brief keyword, this command displays brief IPv6 interface information, including physical status, link-layer protocols, and IPv6 address. If you do not specify the brief keyword, this command displays detailed IPv6 interface information, including IPv6 configuration and operating information, and IPv6 packet statistics.
Page 322
InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: Table 63 Command output Field Description Physical state of the interface: • Administratively DOWN—The interface has been administratively shut down by using the shutdown command. GigabitEthernet2/0/1 current •...
Page 323
Field Description Global unicast addresses of the interface. IPv6 address states: • TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. • DUPLICATE—The address is not unique on the link. • PREFERRED—The address is preferred and can be used as the source or destination address of a packet.
Page 324
Field Description InBadOptions Received IPv6 packets with incorrect extension headers. ReasmReqds Received IPv6 fragments. ReasmOKs Number of reassembled IPv6 packets. InFragDrops Received IPv6 fragments that are discarded because of certain errors. Received IPv6 fragments that are discarded because the amount of time InFragTimeouts they stay in the system buffer exceeds the specified interval.
Field Description Spoofing attribute of the interface. The link protocol state of the interface is (s): spoofing up, but the link is temporarily established on demand or does not exist. Interface Name of the interface. Physical state of the interface: •...
Prefix: 3001::/64 Origin: RA Age: Flag: Lifetime(Valid/Preferred): - Table 65 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: • STATIC—Manually configured by using the ipv6 nd ra prefix command. Origin • RA—Advertised in RA messages after stateless autoconfiguration is enabled. •...
Parameters name group-name: Specifies a cross-connect group by its name, a case-sensitive string of 1 to 31 characters excluding hyphens. count: Specifies the total number of ND suppression entries. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ND suppression entries for all cards.
Vpn-instance: vpn1 NickName : 0x0001 Table 67 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link Layer Link layer address (MAC address) of a neighbor. VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. State of a neighbor: •...
Predefined user roles network-admin network-operator Parameters vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN must already exist. count: Displays the total number of neighbor entries in the specified VPN. Examples # Display neighbor information about the VPN vpn1.
Page 332
Syntax display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | { all | dynamic | static } [ count ] } Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Related commands ipv6 pathmtu • reset ipv6 pathmtu • display ipv6 prefix Use display ipv6 prefix to display information about IPv6 prefixes, including dynamic and static prefixes. Syntax display ipv6 prefix [ prefix-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
Field Description Preferred lifetime 90 Preferred lifetime in seconds. For a static IPv6 prefix, this field is not displayed. valid lifetime 120 sec Valid lifetime in seconds. For a static IPv6 prefix, this field is not displayed. Related commands ipv6 dhcp client pd •...
2001:2002:2003:2 3001:3002:3003:3 0x0000000000000009 004:2005:2006:20 004:3005:3006:30 07:2008 07:3008 2002::100 2002::138 x0000000000000008 0x0000000000000002 Table 71 Command output Field Description Local Addr Local IPv6 address. Foreign Addr Peer IPv6 address. Protocol Protocol number. Chassis ID of the IRF member device. Slot Number of the slot that holds the card. PCB index.
Page 336
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays detailed information about IPv6 RawIP connections for all cards.
Page 338
Field Description Displays send buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Sending • state—Buffer state: buffer(cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag. N/A—None of the above states.
Page 339
Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Field Description Hop limit in the Internet PCB. The minimum number of hops is displayed in the Hop limit(minimum hop limit) parentheses. Send VRF Sent instances. Receive VRF Received instances. display ipv6 statistics Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics. Syntax Centralized devices in standalone mode: display ipv6 statistics...
Sent packets: Total: Sent locally: Forwarded: Raw packets: Discarded: Fragments: Fragments failed: Routing failed: Received packets: Total: Received locally: Hop limit exceeded: Fragments: Reassembled: Reassembly failures: Reassembly timeout: Format errors: Option errors: Protocol errors: ICMPv6 statistics: Sent packets: Total: Unreachable: Too big: Hop limit exceeded: Reassembly timeouts: 0...
Field Description State IPv6 TCP connection state. Type of services that the IPv6 TCP proxy is used for: • LB—Load balancing services. Service type • WAAS—Wide area application services. • SSL VPN—SSL VPN services. display ipv6 tcp Use display ipv6 tcp to display brief information about IPv6 TCP connections. Syntax Centralized devices in standalone mode: display ipv6 tcp...
*2001:2002:2003:2 3001:3002:3003:3 ESTABLISHED 1 0x000000000000c387 004:2005:2006:20 004:3005:3006:30 07:2008->1200 07:3008->1200 2001::1->23 2001::5->1284 ESTABLISHED 1 0x0000000000000008 2003::1->25 2001::2->1283 LISTEN 0x0000000000000009 Table 74 Command output Field Description Indicates that the TCP connection uses MD5 authentication. LAddr->port Local IPv6 address and port number. FAddr->port Peer IPv6 address and port number.
Page 345
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays detailed information about IPv6 TCP connections for all cards.
Page 346
Inpcb extflag: N/A Inpcb vflag: INP_IPV6 Hop limit: 255 (minimum hop limit: 0) Connection state: ESTABLISHED TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR NSR state: READY(M) Send VRF: 0x0 Receive VRF: 0x0 # (Distributed devices in IRF mode.) Display detailed information about an IPv6 TCP connection. <Sysname>...
Page 347
Field Description Options Socket options. Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Receiving • state—Buffer state: buffer(cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. CANTRCVMORE—Unable to receive data from the peer. RCVATMARK—Receiving tag.
Page 348
Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Field Description TCP connection state: • CLOSED—The server receives a disconnection request's reply from the client. • LISTEN—The server is waiting for connection requests. • SYN_SENT—The client is waiting for the server to reply to the connection request. • SYN_RCVD—The server receives a connection request. •...
Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about IPv6 UDP connections for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about IPv6 UDP connections for all member devices.
Page 351
Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 UDP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about IPv6 UDP connections for all cards.
Page 353
Field Description Creator Task name of the socket. The progress number is in the square brackets. State Socket state. Options Socket options. Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space.
Page 354
Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
Field Description Receive VRF Received instances. ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove an IPv6 address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface.
Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast Default No IPv6 anycast address is configured for an interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 anycast address. prefix-length: Specifies a prefix length in the range of 1 to 128.
Usage guidelines After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically. To remove the global unicast address and the link-local address that are automatically generated, use either of the following commands: undo ipv6 address auto •...
If you first use automatic generation and then manual assignment, the manually assigned link-local • address overwrites the automatically generated address. If you first use manual assignment and then automatic generation, both of the following occur: • The automatically generated link-local address does not take effect. The link-local address of an interface is still the manually assigned address.
[Sysname-GigabitEthernet2/0/1] ipv6 address fe80::1 link-local Related commands ipv6 address auto link-local ipv6 bandwidth-based-sharing Use ipv6 bandwidth-based-sharing to enable IPv6 load sharing based on bandwidth. Use undo ipv6 bandwidth-based-sharing to disable IPv6 loading sharing based on bandwidth. Syntax ipv6 bandwidth-based-sharing undo ipv6 bandwidth-based-sharing Default IPv6 load sharing based on bandwidth is disabled.
Predefined user roles network-admin Parameters value: Specifies the number of hops, in the range of 1 to 255. Usage guidelines The hop limit determines the number of hops that an IPv6 packet generated by the device can travel. The device advertises the hop limit in RA messages. All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent.
ipv6 icmpv6 error-interval Use ipv6 icmpv6 error-interval to set the bucket size and the interval for tokens to arrive in the bucket for ICMPv6 error messages. Use undo ipv6 icmpv6 error-interval to restore the default. Syntax ipv6 icmpv6 error-interval milliseconds [ bucketsize ] undo ipv6 icmpv6 error-interval Default The bucket allows a maximum of 10 tokens, and a token is placed in the bucket at an interval of 100...
undo ipv6 icmpv6 multicast-echo-reply enable Default The device is disabled from replying to multicast echo requests. Views System view Predefined user roles network-admin Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host.
Examples # Specify IPv6 address 1::1 as the source address for outgoing ICMPv6 packets. <Sysname> system-view [Sysname] ipv6 icmpv6 source 1::1 ipv6 mtu Use ipv6 mtu to set the MTU of IPv6 packets sent over an interface. Use undo ipv6 mtu to restore the default MTU. Syntax ipv6 mtu mtu-size undo ipv6 mtu...
Default The M flag is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6 addresses through stateless autoconfiguration. Views Interface view Predefined user roles network-admin Usage guidelines The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain IPv6 addresses.
If the O flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to • obtain configuration information other than IPv6 addresses. Examples # Set the O flag to 0 in RA advertisements to be sent. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] undo ipv6 nd autoconfig other-flag ipv6 nd dad attempts...
ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. Use undo ipv6 nd ns retrans-timer to restore the default. Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0.
Views Interface view Predefined user roles network-admin Parameters value: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds. Usage guidelines If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device must send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable.
ipv6 nd ra hop-limit unspecified Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages. Use undo ipv6 nd ra hop-limit unspecified to restore the default. Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default The maximum number of hops in the RA messages is limited to 64.
Parameters max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Specifies the minimum interval for advertising RA messages, in the range of 3 seconds to three-fourths of the maximum interval. Usage guidelines The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval.
ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages. Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Default...
[Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra router-lifetime Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default. Syntax ipv6 nd ra router-lifetime value undo ipv6 nd ra router-lifetime...
Default The ND direct route advertisement feature is disabled. Views L3VE interface view Predefined user roles network-admin Examples # Enable ND direct route advertisement for L3VE interface VE-L3VPN 1. <Sysname> system-view [Sysname] interface ve-l3vpn 1 [Sysname-VE-L3VPN1] ipv6 nd route-direct advertise ipv6 nd router-preference Use ipv6 nd router-preference to set a router preference in RA messages.
Parameters interval: Specifies the push interval for ND suppression entries, in the range of 1 to 1440 minutes. Usage guidelines The ND suppression push function pushes ND suppression entries at intervals by advertising NA messages. Examples # Enable the device to push ND suppression entries every 2 minutes. <Sysname>...
The device uniquely identifies a static neighbor entry by the neighbor's IPv6 address and the local Layer 3 interface number. You can configure a static neighbor entry by using either of the following methods: Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of •...
Usage guidelines Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries that contain link-local addresses. By default, the device assigns all ND entries to the driver. With this function enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route to the driver.
Page 378
Use undo ipv6 neighbors max-learning-num to restore the default. Syntax ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num Default The following matrix shows the default values for the number argument: Hardware Default MSR1002-4/1003-8S 2048 MSR2003 2048 MSR2004-24/2004-48 2048 MSR3012/3024/3044/3064 4096 MSR4060/4080 4096 Views...
ipv6 pathmtu Use ipv6 pathmtu to configure a static Path MTU for an IPv6 address. Use undo ipv6 pathmtu to remove the Path MTU configuration for an IPv6 address. Syntax ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address value undo ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address Default No static Path MTU is configured.
Default The aging time for dynamic Path MTU is 10 minutes. Views System view Predefined user roles network-admin Parameters age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100. Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU.
Usage guidelines The temporary address function enables the system to generate and preferentially use the temporary IPv6 address of the sending interface as the source address of a packet. If the temporary IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address. Examples # Enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of the packet.
Related commands display ipv6 prefix ipv6 reassemble local enable Use ipv6 reassemble local enable to enable IPv6 local fragment reassembly. Use undo ipv6 reassemble local enable to restore the default. Syntax ipv6 reassemble local enable undo ipv6 reassemble local enable Default IPv6 local fragment reassembly is disabled.
Sending ICMPv6 redirect messages enables hosts that hold few routes to establish routing tables and find the best route. Because this function adds host routes into the routing tables, host performance degrades when there are too many host routes. As a result, sending ICMPv6 redirect messages is disabled by default.
When the valid lifetime of a temporary IPv6 address expires, the system removes the address and generates a new one. This enables the system to send packets with different source addresses through the same interface. The preferred lifetime and valid lifetime for a temporary IPv6 address are determined as follows: •...
Predefined user roles network-admin Parameters all: Clears static and dynamic neighbor information for all interfaces. dynamic: Clears dynamic neighbor information for all interfaces. interface interface-type interface-number: Clears dynamic neighbor information for the interface specified by its type and number. slot slot-number: Specifies a card by its slot number. If you do not specify a cad, this command clears dynamic neighbor information for all cards.
DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).
Parameters dscp-value: Sets the DSCP value for DHCPv6 packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.
Syntax ipv6 dhcp select { relay | server } undo ipv6 dhcp select Default An interface discards DHCPv6 packets from DHCPv6 clients. Views Interface view Predefined user roles network-admin Parameters relay: Enables the DHCPv6 relay agent on the interface. server: Enables the DHCPv6 server on the interface. Usage guidelines Before changing the DHCPv6 server mode to the DHCPv6 relay agent mode on an interface, use the following commands to remove IPv6 address/prefix bindings:...
Syntax address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo address range Default No non-temporary IPv6 address range is configured. Views DHCPv6 address pool view Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime for the non-temporary IPv6 addresses.
Page 394
Syntax display ipv6 dhcp option-group [ option-group-number ] Views Any view Predefined user roles network-admin network-operator Parameters option-group-number: Specifies a static or dynamic DHCPv6 option group by its ID. The value range for the option group ID is 1 to 100. If you do not specify an option group, this command displays information about all DHCPv6 option groups.
display ipv6 dhcp pool Use display ipv6 dhcp pool to display information about a DHCPv6 address pool. Syntax display ipv6 dhcp pool [ pool-name | vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters pool-name: Displays information about the specified DHCPv6 address pool. The pool name is a case-insensitive string of 1 to 63 characters.
DUID: 0003000100e0fc00cff1 IAID: 00000001 Address: 3FFE:501:FFFF:2001::1/64 Preferred lifetime 604800, valid lifetime 2592000 DNS server addresses: 2::2 Domain name: aaa.com SIP server addresses: 5::1 SIP server domain names: bbb.com Table 79 Command output Field Description DHCPv6 pool Name of the DHCPv6 address pool. Network IPv6 subnet for dynamic IPv6 address allocation.
Syntax display ipv6 dhcp prefix-pool [ prefix-pool-number ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters prefix-pool-number: Displays detailed information about a prefix pool specified by its number in the range of 1 to 128. If you do not specify a prefix pool, this command displays brief information about all prefix pools.
Syntax display ipv6 dhcp server [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCPv6 server configuration information for the specified interface. If you do not specify an interface, this command displays DHCPv6 server configuration information for all interfaces.
Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays conflict information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays information about all IPv6 address conflicts. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters.
network-operator Examples # Display information about DHCPv6 binding auto backup. <Sysname> display ipv6 dhcp server database File name database.dhcp Username Password Update interval 600 seconds Latest write time 8 16:02:23 2014 Status Last write succeeded. Table 83 Command output Field Description File name Name of the DHCPv6 binding backup file.
pool pool-name: Displays lease expiration information for the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines If you do not specify any parameters, this command displays lease expiration information for all IPv6 address pools.
Page 403
Usage guidelines If you do not specify any parameters, this command displays binding information for all assigned IPv6 addresses. Examples # Display binding information for all assigned IPv6 address. <Sysname> display ipv6 dhcp server ip-in-use Pool: 1 IPv6 address Type Lease expiration 2:1::1 Auto(O)
Field Description IPv6 address binding types: • Static(F)—Free static binding whose IPv6 address has not been assigned. • Static(O)—Offered static binding whose IPv6 address has been selected and sent by the DHCPv6 server in a DHCPv6 OFFER packet to the client. •...
Page 405
prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix. The value range for the prefix length is 1 to 128. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To display binding information for IPv6 prefixes on the public network, do not specify this option.
Field Description Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned. • Static(O)—Offered static binding whose IPv6 prefix has been selected and sent by the DHCPv6 server in a DHCPv6 OFFER packet to the client. •...
Page 407
Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays DHCPv6 packet statistics for all address pools. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name.
Field Description Number of messages received by the DHCPv6 server. The message types include: • Solicit. • Request. • Confirm. • Renew. Packets received • Rebind. • Release. • Decline. • Information-request. • Relay-forward. If statistics about an address pool are displayed, this field is not displayed. Number of packets discarded.
Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1. <Sysname>...
Use undo ipv6 dhcp option-group to delete the specified static DHCPv6 option group. Syntax ipv6 dhcp option-group option-group-number undo ipv6 dhcp option-group option-group-number Default No static DHCPv6 option group exists on the device. Views System view Predefined user roles network-admin Parameters option-group-number: Assigns an ID to the static option group, in the range of 1 to 100.
Parameters pool-name: Specifies a name for the DHCPv6 address pool, a case-insensitive string of 1 to 63 characters. Usage guidelines You can also use this command to enter the view of an existing DHCPv6 address pool. A DHCPv6 address pool stores IPv6 address/prefix and other configuration parameters to be assigned to DHCPv6 clients.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To create a prefix pool for the public network, do not specify this option. Usage guidelines Different prefix pools cannot overlap.
another client, the server assigns the client a free address or a prefix. If the allow-hint keyword is not specified, the server ignores the desired address or prefix, and selects an address or prefix from a global address pool. If you use the ipv6 dhcp server and ipv6 dhcp server apply pool commands on the same interface, the ipv6 dhcp server apply pool command takes effect.
The allow-hint keyword enables the server to assign the desired address or prefix to the client. If the desired address or prefix does not exist or is already assigned to another client, the server assigns a free address or prefix. If allow-hint is not specified, the server ignores the desired address or prefix, and assigns a free address or prefix.
simple: Sets a plaintext password. key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters. Usage guidelines For security purposes, all passwords, including passwords configured in plaintext, are saved in ciphertext.
Use undo ipv6 dhcp server database update interval to restore the default. Syntax ipv6 dhcp server database update interval seconds undo ipv6 dhcp server database update interval Default The DHCPv6 server waits 300 seconds after a DHCPv6 binding change to update the backup file. If no DHCPv6 binding changes, the backup file is not updated.
Usage guidelines This command does not take effect if you do not configure the DHCPv6 auto backup by using the ipv6 dhcp server database filename command. Examples # Manually save the DHCPv6 bindings to the backup file. <Sysname> system-view [Sysname] ipv6 dhcp server database update now Related commands ipv6 dhcp server database filename •...
Use undo ipv6 dhcp server forbidden-address to remove the configuration. Syntax ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] [ vpn-instance vpn-instance-name ] undo ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] [ vpn-instance vpn-instance-name ] Default Except for the DHCPv6 server address, all IPv6 addresses in a DHCPv6 address pool are assignable. Views System view Predefined user roles...
Syntax ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ] [ vpn-instance vpn-instance-name ] undo ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ] [ vpn-instance vpn-instance-name ] Default No IPv6 prefixes in the DHCPv6 prefix pool are excluded from dynamic allocation. Views System view Predefined user roles...
Syntax network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] [ export-route ] undo network Default No IPv6 subnet is specified in a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles network-admin Parameters prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation. The value range for prefix-length is 1 to 128.
Page 421
Syntax option code hex hex-string undo option code Default No self-defined DHCPv6 option is configured in a DHCPv6 address pool. Views DHCPv6 address pool view, DHCPv6 option group view Predefined user roles network-admin Parameters code: Specifies a number for the self-defined option, in the range of 21 to 65535, excluding 25 through 26, 37 through 40, and 43 through 48.
prefix-pool Use prefix-pool to apply a prefix pool to a DHCPv6 address pool, so the DHCPv6 server can dynamically select a prefix from the prefix pool for a client. Use undo prefix-pool to remove the configuration. Syntax prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo prefix-pool prefix-pool-number Default No prefix pool is applied to a DHCPv6 address pool.
reset ipv6 dhcp server conflict Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information. Syntax reset ipv6 dhcp server conflict [ address ipv6-address ] [ vpn-instance vpn-instance-name ] Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears conflict information for the specified IPv6 address. If you do not specify an IPv6 address, this command clears all IPv6 address conflict information.
pool pool-name: Clears binding information for lease-expired IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines If you do not specify any parameters, this command clears binding information for all lease-expired IPv6 addresses.
Related commands display ipv6 dhcp server ip-in-use reset ipv6 dhcp server pd-in-use Use reset ipv6 dhcp server pd-in-use to clear binding information for assigned IPv6 prefixes. Syntax reset ipv6 dhcp server pd-in-use [ pool pool-name | [ prefix prefix/prefix-len ] [ vpn-instance vpn-instance-name ] ] Views User view...
Views User view Predefined user roles network-admin Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name. The MPLS L3VPN instance name is a case-sensitive string of 1 to 31 characters. To clear DHCPv6 server statistics for the public network, do not specify this option. Examples # Clear DHCPv6 server statistics.
# Specify the SIP server domain name bbb.com in DHCPv6 address pool 1. [Sysname-dhcp6-pool-1] sip-server domain-name bbb.com Related commands display ipv6 dhcp pool static-bind Use static-bind to statically bind a client DUID or client IAID to an IPv6 address or prefix in the DHCPv6 address pool.
Examples # In DHCPv6 address pool 1, configure a temporary IPv6 address range from 3ffe:501:ffff:100::50 to 3ffe:501:ffff:100::60. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 [Sysname-dhcp6-pool-1] temporary address range 3ffe:501:ffff:100::50 3ffe:501:ffff:100::60 Related commands display ipv6 dhcp pool • address range •...
Field Description Output interface of DHCPv6 packets. If no output interface is specified, Outgoing Interface the device searches the routing table for the output interface. Related commands ipv6 dhcp relay server-address • ipv6 dhcp select • display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display DHCPv6 packet statistics on the DHCPv6 relay agent.
Page 432
# Display DHCPv6 packet statistics on the DHCPv6 relay agent on GigabitEthernet 2/0/1. <Sysname> display ipv6 dhcp relay statistics interface gigabitethernet 2/0/1 Packets dropped Packets received Solicit Request Confirm Renew Rebind Release Decline Information-request Relay-forward Relay-reply Packets sent Advertise Reconfigure Reply Relay-forward Relay-reply...
Related commands reset ipv6 dhcp relay statistics gateway-list Use gateway-list to specify a list of gateway addresses for DHCPv6 clients in the relay address pool. Use undo gateway-list to remove the specified gateway addresses from a DHCPv6 relay address pool. Syntax gateway-list ipv6-address&<1-8>...
Syntax ipv6 dhcp relay gateway ipv6-address undo ipv6 dhcp relay gateway Default The first IPv6 address of the relay interface is used as the gateway address for DHCPv6 clients. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies a gateway address. The IPv6 address must be an IPv6 address of the relay interface.
interface: Specifies the interface name mode. This mode pads the Interface-ID option in ASCII code with the interface name and VLAN ID of the interface. Usage guidelines Before executing this command, enable the DHCPv6 relay agent on the interface. Examples # Specify the BAS mode as the padding mode for the Interface-ID option on GigabitEthernet 2/0/1.
If you do not specify an IPv6 address, the undo ipv6 dhcp relay server-address command removes all DHCPv6 server addresses specified on the interface. Do not enable the DHCPv6 client and the DHCPv6 relay agent on the same interface. Examples # Enable the DHCPv6 relay agent on GigabitEthernet 2/0/1 and specify the DHCPv6 server address 2001:1::3.
<Sysname> system-view [Sysname] ipv6 dhcp pool 0 [Sysname-dhcp6-pool-0] remote-server 10::1 reset ipv6 dhcp relay statistics Use reset ipv6 dhcp relay statistics to clear packets statistics on the DHCPv6 relay agent. Syntax reset ipv6 dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles...
Page 438
<Sysname> display ipv6 dhcp client interface gigabitethernet 2/0/1 GigabitEthernet2/0/1: Type: Stateful client requesting address and prefix State: OPEN Client DUID: 0003000100e002000000 Preferred server Reachable via address: FE80::2E0:1FF:FE00:18 Server DUID: 0003000100e001000000 IA_NA: IAID 0x00000642, T1 50 sec, T2 80 sec Address: 1:1::2/128 Preferred lifetime 100 sec, valid lifetime 200 sec Will expire on Feb 4 2014 at 15:37:20(288 seconds left) IA_PD: IAID 0x00000642, T1 50 sec, T2 80 sec...
Page 439
Field Description Current states of the DHCPv6 client: • IDLE—The client is in idle state. • SOLICIT—The client is locating a DHCPv6 server. • REQUEST—The client is requesting an IPv6 address or prefix. • OPEN—The client has obtained an IPv6 address or prefix. •...
Field Description Invalid Number of invalid packets. Packets sent Number of sent packets. Solicit Number of sent Solicit packets. Request Number of sent Request packets. Renew Number of sent Renew packets. Rebind Number of sent Rebind packets. Information-request Number of sent Information-request packets. Release Number of sent Release packets.
undo ipv6 dhcp client pd Default An interface does not use DHCPv6 for IPv6 prefix acquisition. Views Layer 3 Ethernet interface/subinterface view Layer 3 aggregate interface/subinterface view VLAN interface view Predefined user roles network-admin Parameters prefix-number: Specifies an IPv6 prefix ID in the range of 1 to 1024. After obtaining an IPv6 prefix, the client assigns the ID to the IPv6 prefix.
Predefined user roles network-admin Usage guidelines Stateless DHCPv6 enables the interface to send an Information-request message to the multicast address of all DHCPv6 servers and DHCPv6 relay agents for configuration parameters. Examples # Enable stateless DHCPv6 on GigabitEthernet 2/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 dhcp client stateless enable ipv6 dhcp client stateful...
Examples # Configure GigabitEthernet 2/0/1 to use DHCPv6 for IPv6 address and prefix acquisition. Specify IDs for the dynamic IPv6 prefix and dynamic DHCPv6 option group, and configure the client to support rapid address and prefix assignment. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 dhcp client stateful prefix 1 rapid-commit option-group 1 Related commands...
DHCPv6 snooping works between the DHCPv6 client and the DHCPv6 server or between the DHCPv6 client and DHCPv6 the relay agent. DHCPv6 snooping does not work between the DHCPv6 server and the DHCPv6 relay agent. Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S.
Field Description When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the outer VLAN tag. VLAN Otherwise, it identifies the VLAN where the port connecting the DHCPv6 client resides. When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 SVLAN packet contains two VLAN tags, this field identifies the inner VLAN tag.
Field Description Latest write time Time of the latest update. Status of the update: • Writing—The backup file is being updated. Status • Last write succeeded—The backup file was successfully updated. • Last write failed—The backup file failed to be updated. display ipv6 dhcp snooping packet statistics Use display ipv6 dhcp snooping packet statistics to display DHCPv6 packet statistics for DHCPv6 snooping.
Related commands reset ipv6 dhcp snooping packet statistics display ipv6 dhcp snooping trust Use display ipv6 dhcp snooping trust to display information about trusted ports. Syntax display ipv6 dhcp snooping trust Views Any view Predefined user roles network-admin network-operator Examples # Display information about trusted ports.
Page 450
Parameters filename: Specifies the name of a local file. For information about the filename argument, see Fundamentals Configuration Guide. url url: Specifies the URL of a remote file. Do not include a username or password in the URL. Case sensitivity and the supported path format type vary by server. username username: Specifies the username for logging in to the remote device.
# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file database.dhcp in the working directory of the TFTP server at 2::1. <Sysname> system-view [Sysname] ipv6 dhcp snooping binding database filename tftp://[2::1]/database.dhcp Related commands ipv6 dhcp snooping binding database update interval ipv6 dhcp snooping binding database update interval Use ipv6 dhcp snooping binding database update interval to set the waiting time after a DHCPv6 snooping entry change for the DHCPv6 snooping device to update the backup file.
Syntax ipv6 dhcp snooping binding database update now Views System view Predefined user roles network-admin Usage guidelines This command does not take effect if you do not configure the DHCPv6 snooping entry auto backup by using the ipv6 dhcp snooping binding database filename command. Examples # Manually save DHCPv6 snooping entries to the backup file.
ipv6 dhcp snooping check request-message Use ipv6 dhcp snooping check request-message to enable the DHCPv6-REQUEST check function for the received DHCPv6-RENEW, DHCPv6-DECLINE, and DHCPv6-RELEASE messages. Use undo ipv6 dhcp snooping check request-message to disable the DHCPv6-REQUEST check function. Syntax ipv6 dhcp snooping check request-message undo ipv6 dhcp snooping check request-message Default DHCPv6-REQUEST check is disabled.
Views System view Predefined user roles network-admin Usage guidelines Use the DHCPv6 snooping function together with trusted port configuration. Before trusted ports are configured, all ports on the DHCPv6 snooping device are untrusted and discard all responses sent from DHCPv6 servers. When DHCPv6 snooping is disabled, the device forwards all responses from DHCPv6 servers.
ipv6 dhcp snooping option interface-id enable Use ipv6 dhcp snooping option interface-id enable to enable support for the interface-ID option (also called Option 18). Use undo ipv6 dhcp snooping option interface-id enable to restore the default. Syntax ipv6 dhcp snooping option interface-id enable undo ipv6 dhcp snooping option interface-id enable Default The Option 18 is not supported.
ipv6 dhcp snooping option remote-id string Use ipv6 dhcp snooping option remote-id string to specify the content as the remote ID for Option 37. Use undo ipv6 dhcp snooping option remote-id string to restore the default. Syntax ipv6 dhcp snooping option remote-id [ vlan vlan-id ] string remote-id undo ipv6 dhcp snooping option remote-id [ vlan vlan-id ] Default The DHCPv6 snooping device uses its DUID as the content for Option 37.
Predefined user roles network-admin Usage guidelines Specify the port facing the DHCP server as trusted and specify the other ports as untrusted so DHCP clients can obtain valid IP addresses. Examples # Specify GigabitEthernet 2/0/1 as a trusted port. <Sysname> system-view [Sysname] interface gigabitethernet 2/0/1 [Sysname-GigabitEthernet2/0/1] ipv6 dhcp snooping trust Related commands...
Page 459
reset ipv6 dhcp snooping packet statistics Distributed devices in standalone mode/centralized devices in IRF mode: reset ipv6 dhcp snooping packet statistics [ slot slot-number ] Distributed devices in IRF mode: reset ipv6 dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views User view Predefined user roles...
IPv6 fast forwarding commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. display ipv6 fast-forwarding aging-time Use display ipv6 fast-forwarding aging-time to display the aging time of IPv6 fast forwarding entries. Syntax display ipv6 fast-forwarding aging-time Views...
Page 461
display ipv6 fast-forwarding cache [ ipv6-address ] [ slot slot-number ] Distributed devices in IRF mode: display ipv6 fast-forwarding cache [ ipv6-address ] [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all IPv6 fast forwarding entries.
Protocol: 58 VPN instance: vpn2 Input interface: GE2/0/1 Output interface: GE2/0/2 Table 95 Command output Field Description Total number of IPv6 fast-forwarding Number of IPv6 fast forwarding entries. items Src IP Source IPv6 address. Src port Source port number. Dst IP Destination IPv6 address.
Parameters aging-time: Sets the aging time in the range of 10 to 300 seconds. Examples # Set the aging time to 20 seconds for IPv6 fast forwarding entries. <Sysname> system-view [Sysname] ipv6 fast-forwarding aging-time 20 Related commands display ipv6 fast-forwarding aging-time ipv6 fast-forwarding load-sharing Use ipv6 fast-forwarding load-sharing to enable IPv6 fast forwarding load sharing.
Page 464
reset ipv6 fast-forwarding cache [ slot slot-number ] Distributed devices in IRF mode: reset ipv6 fast-forwarding cache [ chassis chassis-number slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears the IPv6 fast forwarding table for all cards.
Tunneling commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. bandwidth Use bandwidth to set the expected bandwidth for an interface. Use undo bandwidth to restore the default.
Syntax default Views Tunnel interface view Predefined user roles network-admin Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions.
<Sysname> system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] description tunnel1 Related commands display interface tunnel destination Use destination to specify the destination address for a tunnel interface. Use undo destination to remove the configured tunnel destination address. Syntax destination { ip-address | ipv6-address } undo destination Default No tunnel destination address is configured.
[Sysname2-Tunnel1] source 192.100.1.1 [Sysname2-Tunnel1] destination 193.101.1.1 Related commands display interface tunnel • interface tunnel • source • display ds-lite b4 information Use display ds-lite b4 information to display information about the connected B4 routers on the AFTR, including the IPv6 addresses of the B4 routers, and the assigned tunnel IDs. Syntax display ds-lite b4 information Views...
B4 address Tunnel ID Tunnel interface Idle time Chassis 2 Slot 0 Cpu 0: B4 address Tunnel ID Tunnel interface Idle time Chassis 2 Slot 1 Cpu 0: B4 address Tunnel ID Tunnel interface Idle time Chassis 2 Slot 2 Cpu 0: B4 address Tunnel ID Tunnel interface...
Page 470
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions. down: Displays information about interfaces in the physical state of DOWN and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.
Page 471
Field Description State of the tunnel interface: • Administratively DOWN—The interface has been shut down by using the shutdown command. • DOWN—The interface is administratively up but its physical state is down. Current state • DOWN (Tunnel-Bundle administratively down)—The tunnel bundle interface to which the interface belongs has been shut down by using the shutdown command.
Page 472
Field Description Tunnel mode and transport protocol: • CR_LSP—MPLS TE tunnel mode. • DSLITE—DS-Lite tunnel mode on the AFTR. • GRE/IP—GRE/IPv4 tunnel mode. • GRE/IPv6—GRE/IPv6 tunnel mode. • GRE_ADVPN/IP—GRE-encapsulated IPv4 ADVPN tunnel mode. • GRE_ADVPN/IPv6—GRE-encapsulated IPv6 ADVPN tunnel mode. • GRE_EVI/IP—GRE-encapsulated IPv4 EVI tunnel mode.
Page 473
Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Description Tun1 1.1.1.1 aaaaaaaaaaaaaaaaaaaaaaaaaaa # Display brief information about interface Tunnel 1, including the complete interface description. <Sysname> display interface tunnel 1 brief description Brief information on interface(s) under route mode: Link: ADM - administratively down;...
Field Description Description Description for the interface. Causes for the physical state of DOWN: • Administratively—The link has been shut down by using the shutdown command. To bring it up, use the undo shutdown command. Cause • Not connected—The tunnel is not established. •...
Page 475
Use undo interface tunnel to delete a tunnel interface. Syntax interface tunnel number [ mode { advpn { gre | udp } [ ipv6 ] | ds-lite-aftr | evi | gre [ ipv6 ] | ipv4-ipv4 | ipv6 | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | mpls-te | nve } ] undo interface tunnel number Default No tunnel interface is created on the device.
mode mpls-te: Specifies the MPLS TE tunnel mode. mode nve: Specifies the NVE tunnel mode. Usage guidelines To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the view of an existing tunnel interface, you do not need to specify the tunnel mode. A tunnel interface number is locally significant.
service Use service to specify a primary traffic processing unit for a tunnel interface. Use undo service to restore the default. Syntax Distributed devices in standalone mode/centralized devices in IRF mode: service slot slot-number undo service slot Distributed devices in IRF mode: service chassis chassis-number slot slot-number undo service chassis Default...
Examples # (Distributed devices in standalone mode.) Specify the card in slot 2 as the primary traffic processing unit for interface Tunnel 200. <Sysname> system-view [Sysname] interface tunnel 200 [Sysname-Tunnel200] service slot 2 # (Centralized devices in IRF mode.) Specify IRF member device 2 as the primary traffic processing unit for interface Tunnel 200.
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.) Usage guidelines The backup traffic processing unit can be a card on a distributed device or a member device on an IRF fabric of centralized devices.
undo shutdown Default The tunnel interface is up. Views Tunnel interface view Predefined user roles network-admin Usage guidelines This command disconnects all links set up on the interface. Make sure you fully understand the impact of the command on your network. Examples # Shut down interface Tunnel 1.
Usage guidelines The specified source address or the address of the specified source interface is used as the source address of tunneled packets. To display the configured tunnel source address, use the display interface tunnel command. The source address of the local tunnel interface must be the destination address of the peer tunnel interface, and vice versa.
Examples # Set the DF bit for tunneled packets on interface Tunnel 1. <Sysname> system-view [Sysname] interface tunnel 1 mode gre [Sysname-Tunnel1] tunnel dfbit enable tunnel discard ipv4-compatible-packet Use tunnel discard ipv4-compatible-packet to enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.
Predefined user roles network-admin Parameters tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255. Usage guidelines After you configure this command, all the tunneled packets of different services sent on the tunnel interface will use the same configured ToS. For more information about ToS, see ACL and QoS Configuration Guide.
Related commands display interface tunnel tunnel vpn-instance Use tunnel vpn-instance to specify the VPN instance to which the tunnel destination belongs. Use undo tunnel vpn-instance to restore the default. Syntax tunnel vpn-instance vpn-instance-name undo tunnel vpn-instance Default The tunnel destination belongs to the public network. Views Tunnel interface view Predefined user roles...
GRE commands gre checksum Use gre checksum to enable GRE checksum. Use undo gre checksum to disable GRE checksum. Syntax gre checksum undo gre checksum Default GRE checksum is disabled. Views Tunnel interface view Predefined user roles network-admin Usage guidelines GRE checksum verifies packet integrity.
Syntax gre key key-number undo gre key Default No key is configured for a GRE tunnel interface. Views Tunnel interface view Predefined user roles network-admin Parameters key-number: Specifies the key for the GRE tunnel interface, in the range of 0 to 4294967295. Usage guidelines You can configure a GRE key to check for the validity of packets received on a GRE tunnel interface.
Page 488
times: Sets the keepalive number in the range of 1 to 255. The default value is 3. Usage guidelines This command enables the tunnel interface to send keepalive packets at the specified interval. If the device receives no response from the peer within the timeout time, it shuts down the local tunnel interface. The device brings the local tunnel interface up if it receives a keepalive acknowledgment packet from the peer.
ADVPN commands VAM server commands authentication-algorithm Use authentication-algorithm to specify the algorithms for VAM protocol packet authentication and their priorities. Use undo authentication-algorithm to restore the default. Syntax authentication-algorithm { aes-xcbc-mac | md5 | none | sha-1 | sha-256 } * undo authentication-algorithm Default SHA- 1 is used for protocol packet authentication.
authentication-method Use authentication-method to specify an authentication mode that the VAM server uses to authenticate clients. Use undo authentication-method to restore the default. Syntax authentication-method { none | { chap | pap } [ domain isp-name ] } undo authentication-method Default The authentication method is CHAP, and the default domain is used.
Page 491
Predefined user roles network-admin network-operator Parameters advpn-domain domain-name: Displays IPv4 address mapping information for VAM clients in the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can include only letters, digits, and dots (.). If you do not specify this option, the command displays address mapping information for VAM clients in all ADVPN domains.
Page 492
# Display IPv4 address mapping information for the VAM client with private IPv4 address 10.0.0.1 in ADVPN domain 1. <Sysname> display vam server address-map advpn-domain 1 private-address 10.0.0.1 Group Private address Public address Type Holding time 10.0.0.1 2001::1 0H 13M 34S Table 99 Command output Field Description...
Page 493
Holding time : 0H 0M 2S Link protocol : GRE Public address : 113.124.136.1 Registered address: 113.124.136.1 Behind NAT : No ADVPN domain name : 4 Private address : 40.0.0.1 Hub group Holding time : 1H 8M 22S Link protocol : IPsec-UDP Public address : 4001::1...
Page 494
Registered port : 2158 Behind NAT : Yes # Display detailed IPv4 address mapping information for the VAM client with private IPv4 address 10.0.0.1 in ADVPN domain 1. <Sysname> display vam server address-map advpn-domain 1 private-address 10.0.0.1 verbose ADVPN domain name : 1 Private address : 10.0.0.1 Type...
Related commands reset vam server address-map display vam server ipv6 address-map Use display vam server ipv6 address-map to display IPv6 private-public address mapping information for VAM clients registered with the VAM server. Syntax display vam server ipv6 address-map [ advpn-domain domain-name [ private-address private-ipv6-address ] ] [ verbose ] Views Any view...
Page 496
1004::1:0:0:1 202.108.231.125 1H 8M 22S ADVPN domain name: 5 Total private address mappings: 1 Group Private address Public address Type Holding time 1005::1:0:0:1 5001::1 132H 41M 29S # Display IPv6 address mapping information for VAM clients in ADVPN domain 1. <Sysname>...
Page 497
Private address : 1000::2:0:0:1 Link local address: FE80::60:4 Type : Spoke Hub group Holding time : 0H 4M 21S Link protocol : UDP Public address : 220.181.111.85 Public port : 10018 Registered address: 10.158.26.14 Registered port : 2694 Behind NAT : Yes ADVPN domain name : 3 Private address...
Page 498
Link local address: FE80::50:4 Type : Hub Hub group Holding time : 0H 13M 34S Link protocol : UDP Public address : 2001::1 Public port : 2098 Registered address: 2001::1 Registered port : 2098 Behind NAT : No ADVPN domain name : 1 Private address : 1000::2:0:0:1 Link local address: FE80::60:4...
Field Description Duration time that elapses since the VAM client successfully registered with Holding time the server, in the format of xH yM zS. Link layer protocol used by the VAM client for ADVPN tunnel establishment: • UDP. • Link protocol GRE.
Page 500
private-address private-ipv6-address: Displays IPv6 private networks for the VAM client with the specified private IPv6 address. Examples # Display IPv6 private networks for VAM clients in all ADVPN domains. <Sysname> display vam server ipv6 private-network ADVPN domain name: 1 Total private networks: 5 Network/Prefix Private address Preference...
display vam server private-network Use display vam server private-network to display IPv4 private networks for VAM clients registered with the VAM server. Syntax display server private-network advpn-domain domain-name private-address private-ip-address ] ] Views Any view Predefined user roles network-admin network-operator Parameters advpn-domain domain-name: Displays IPv4 private networks for VAM clients in the specified ADVPN domain.
Data flow information request: 0 Logout response Keepalive : 642 Error notification Table 105 Command output Field Description Server status Whether the VAM server is enabled, Enabled or Disabled. Duration time that elapses after the VAM service is enabled, in the format of xH Holding time yM zS.
aes-cbc-256: Uses the AES-CBC encryption algorithm, with a key length of 256 bits. aes-ctr-128: Uses the AES-CTR encryption algorithm, with a key length of 128 bits. aes-ctr-192: Uses the AES-CTR encryption algorithm, with a key length of 192 bits. aes-ctr-256: Uses the AES-CTR encryption algorithm, with a key length of 256 bits. des-cbc: Uses the DES-CBC encryption algorithm.
The server matches the private address of the client against the private addresses of hubs in different hub groups in lexicographic order. If a match is found, the server assigns the client to the hub group as a hub. If no match is found, the server matches the client's private address against the private addresses of spokes in different hub groups in lexicographic order.
Usage guidelines For a hub to traverse a NAT gateway, configure a static mapping between the hub's registered public address/ADVPN port number and a NATed address/port number on the NAT gateway. To use this command to add the hub to a hub group, specify the NATed address and port number as the public address and ADVPN port number.
Usage guidelines For a hub to traverse a NAT gateway, configure a static mapping between the hub's registered public address/ADVPN port number and a NATed address/port number on the NAT gateway. To use this command to add the hub to a hub group, specify the NATed address and port number as the public address and ADVPN port number.
If a device configured with dynamic NAT exists between the VAM server and VAM clients, configure the keepalive interval to be shorter than the aging time of NAT entries. Examples # Set the keepalive interval for VAM clients in ADVPN domain 1 to 30 seconds, and the maximum number of keepalive retries to 5.
retry interval Use retry interval to set the retry timer for the VAM server. Use undo retry interval to restore the default. Syntax retry interval time-interval undo retry interval Default The retry timer is 5 seconds. Views ADVPN domain view Predefined user roles network-admin Parameters...
include only letters, digits, and dots (.). If you do not specify this option, the command clears address mapping information for VAM clients in all ADVPN domains. private-address private-ip-address: Clears IPv4 address mapping information for the VAM client with the specified private IPv4 address.
Examples # Clear IPv6 address mapping information for clients in all ADVPN domains. <Sysname> reset vam server ipv6 address-map # Clear IPv6 address mapping information for clients in ADVPN domain 1. <Sysname> reset vam server ipv6 address-map advpn-domain 1 # Clear IPv6 address mapping information for the client with private IPv6 address 1000::1:0:0:1 in ADVPN domain 1.
Default The VAM server is disabled for an ADVPN domain. Views ADVPN domain view Predefined user roles network-admin Usage guidelines You can also execute the vam server enable command in system view to enable the VAM server for one or all ADVPN domains. Examples # Enable the VAM server for ADVPN domain 1.
Usage guidelines The VAM server assigns the specified ACL to an online hub. When receiving an IPv4 spoke-to-spoke packet from a spoke, the hub sends a redirect packet to the spoke if all is specified or if the packet matches an ACL rule. Then, the spoke sends the VAM server the destination address of the packet, obtains the remote spoke information, and establishes a direct tunnel to the remote spoke.
all: Allows establishing IPv6 spoke-to-spoke tunnels between all spokes in different hub groups. Usage guidelines The VAM server assigns the specified ACL to an online hub. When receiving an IPv6 spoke-to-spoke packet from a spoke, the hub sends a redirect packet to the spoke if all is specified or if the packet matches an ACL rule.
Usage guidelines If you specify a prefix and prefix length, the system automatically transforms them to a start address and an end address. You can configure multiple spoke private IPv6 address ranges in a hub group. The ranges are listed from low to high.
Examples # Configure a spoke private IPv4 address range in IPv4 network address format as 1.1.1.0/24 for hub group 1. <Sysname> system-view [Sysname] vam server advpn-domain 1 [Sysname-vam-server-domain-1] hub-group 1 [Sysname-vam-server-domain-1-hub-group-1] spoke private-address network 1.1.1.0 255.255.255.0 vam server advpn-domain Use vam server advpn-domain to create an ADVPN domain and enter its view. If the specified ADVPN domain already exists, this command opens the ADVPN domain view.
Syntax vam server enable [ advpn-domain domain-name ] undo vam server enable [ advpn-domain domain-name ] Default The VAM server is disabled for an ADVPN domain. Views System view Predefined user roles network-admin Parameters advpn-domain domain-name: Enables the VAM server for the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can include only letters, digits, and dots (.).
Predefined user roles network-admin Parameters port-number: Specifies the port number in the range of 1025 to 65535. Usage guidelines The port number of the VAM server must be the same as the port configured on the VAM clients. Examples # Set the port number to 10000. <Sysname>...
client enable Use client enable to enable a VAM client. Use undo client enable to disable a VAM client. Syntax client enable undo client enable Default The VAM client is disabled. Views VAM client view Predefined user roles network-admin Usage guidelines You can also execute the vam client enable command in system view to enable one or all VAM clients.
Page 522
Examples # Display FSM information for all VAM clients. <Sysname> display vam client fsm Client name : abc Status : Enabled ADVPN domain name: 1 Primary server: abc.com (28.1.1.23) Private address: 10.0.0.12 Interface : Tunnel1 Current state : Online (active) Client type : Hub Holding time...
Page 523
Primary server: 202.159.36.24 Private address: 10.0.0.12 Interface : Tunnel20 Current state : Online (active) Client type : Hub Holding time : 0H 0M 47S Encryption algorithm : AES-CBC-128 Authentication algorithm: SHA1 Keepalive : 30 seconds, 3 times Number of hubs Client name : spoke Status...
Table 108 Command output Field Description VAM client type: • Hub. Client type • Spoke. • Unknown. ACL rules Number of ACL rules received by the VAM client. n represents the number of an ACL rule. Rule operation: Rule n: operation •...
Page 528
Client name: abc Status : Enabled Primary server: abc.com Packets sent: Initialization request Initialization complete Register request Authentication information Address resolution request Network registration request Update request Logout request Hub information response Data flow information response: 0 Keepalive : 35 Error notification Packets received: Initialization response...
Page 529
Authentication request Address resolution response Network registration response: 0 Update response Hub information request Data flow information request: 0 Logout response Keepalive Error notification Unkonwn Client name: hub Status : Disabled Client name: spoke Status : Enabled Primary server: test.com Packets sent: Initialization request Initialization complete...
Network registration response: 0 Update response Hub information request Data flow information request: 0 Logout response Keepalive Error notification Unkonwn Table 109 Command output Field Description Status VAM client status: Enabled or Disabled. Primary server Public address or domain name of the primary VAM server. Secondary server Public address or domain name of the secondary VAM server.
pre-shared-key (VAM client view) Use pre-shared-key to configure a pre-shared key for a VAM client. Use undo pre-shared-key to remove the configuration. Syntax pre-shared-key { cipher cipher-string | simple simple-string } undo pre-shared-key Default No pre-shared key is configured for a VAM client. Views VAM client view Predefined user roles...
Views User view Predefined user roles network-admin Parameters name client-name: Resets the FSM for the specified VAM client. The client-name argument is a case-insensitive string of 1 to 63 characters that can include only letters, digits, and dots (.). If you do not specify this option, the command resets the FSM for all VAM clients.
Related commands display vam client fsm reset vam client statistics Use reset vam client statistics to clear VAM client statistics. Syntax reset vam client statistics [ name client-name ] Views User view Predefined user roles network-admin Parameters name client-name: Clears statistics for the specified VAM client. The client-name argument is a case-insensitive string of 1 to 63 characters that can include only letters, digits, and dots (.).
count retry-times: Specifies the number of retry times, in the range of 1 to 6. Usage guidelines A VAM client starts a retry timer after sending a request to the server. If the client receives no response before the retry timer expires, it resends the request. If the client fails to receive a response after maximum attempts (retry times), the client considers the server is unreachable.
If the specified primary and secondary VAM servers have the same address or name, only the primary VAM server takes effect. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify the domain name of the primary VAM server as abc.com and port number as 2000 for VAM client abc.
name host-name: Specifies a domain name of a secondary VAM server. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), and underscores (_). The domain name can include at most 253 characters, and each separated string includes no more than 63 characters. port port-number: Specifies a port number for the secondary VAM server, in the range of 1025 to 65535.
Predefined user roles network-admin Parameters username: Specifies a username, a case-sensitive string of 1 to 253 characters. It cannot include slashes (/), back slashes (\), colons (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), quotation marks (”), vertical bars (|), and at signs (@). password: Sets a password.
<Sysname> system-view [Sysname] vam client enable # Enable VAM client abc. <Sysname> system-view [Sysname] vam client enable name abc Related commands client enable vam client name Use vam client name to create a VAM client and enter its view. If the specified VAM client already exists, this command opens the VAM client view.
Default No private IPv6 network is configured. Views Tunnel interface view Predefined user roles network-admin Parameters prefix prefix-length: Specifies the prefix and prefix length of the private IPv6 network address. The value range for prefix-length is 0 to 128. preference preference-value: Specifies a preference for the route to the private network, in the range of 1 to 255.
Views Tunnel interface view Predefined user roles network-admin Parameters ip-address: Specifies the private IPv4 network address. mask-length: Specifies the mask length of the private IPv4 network address, in the range of 0 to 32. mask: Specifies the mask of the private IPv4 network address. preference preference-value: Specifies a preference for the route to the private network, in the range of 1 to 255.
Views Tunnel interface view Predefined user roles network-admin Parameters time-interval: Specifies the dumb time in the range of 10 to 600 seconds. Usage guidelines The new dumb time setting only applies to subsequently established tunnels. Examples # Set the dumb time to 100 seconds. <Sysname>...
advpn source-port Use advpn source-port to set the source UDP port number for ADVPN packets. Use undo advpn source-port to restore the default. Syntax advpn source-port port-number undo advpn source-port Default The source UDP port number is 18001. Views Tunnel interface view Predefined user roles network-admin Parameters...
Page 544
Parameters interface tunnel number: Displays information about IPv6 ADVPN tunnels on an IPv6 ADVPN tunnel interface specified by the interface number. If you do not specify this option, the command displays information about all IPv6 ADVPN tunnels. private-address private-ipv6-address: Displays information about the IPv6 ADVPN tunnel with the specified peer private IPv6 address.
Page 545
Table 110 Command output Field Description Interface ADVPN tunnel interface. Number of sessions Number of ADVPN tunnels established on the tunnel interface. Private address Private address of the ADVPN tunnel peer. Public address Public address of the ADVPN tunnel peer. Port Port number of the ADVPN tunnel peer.
Page 546
0 multicasts, 0 errors Interface : Tunnel2 Client name : vpn2 ADVPN domain name : 2 Link protocol : GRE Number of sessions: 1 Private address: 1002::4 Public address : 202.0.180.137 Session type : Spoke-Hub State : Establish Holding time : 0H 0M 2S Input: 0 packets, 0 data packets, 0 control packets...
Page 547
Holding time : 10H 48M 19S Input : 2201 packets, 2198 data packets, 3 control packets 2191 multicasts, 0 errors Output: 2169 packets, 2168 data packets, 1 control packets 2163 multicasts, 0 errors Interface : Tunnel5 Client name : vpn5 ADVPN domain name : 5 Link protocol : UDP...
Input : 2201 packets, 2198 data packets, 3 control packets 2191 multicasts, 0 errors Output: 2169 packets, 216 data packets, 1 control packets 2163 multicasts, 0 errors Table 111 Command output Field Description Interface ADVPN tunnel interface. Client name Name of the VAM client bound to the tunnel interface. Link layer protocol for the ADVPN tunnel: •...
Page 549
Syntax display advpn session [ interface tunnel number [ private-address private-ip-address ] ] [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters interface tunnel number: Displays information about IPv4 ADVPN tunnels on an IPv4 ADVPN tunnel interface specified by the interface number. If you do not specify this option, the command displays information about all IPv4 ADVPN tunnels.
Page 550
Number of sessions: 2 Private address Public address Port Type State Holding time 10.0.0.3 192.168.180.136 1139 Success 5H 38M 8S 10.0.1.4 192.168.180.137 3546 Dumb 0H 0M 27S # Display brief information about the IPv4 ADVPN tunnel with peer private IP address 10.0.1.3 on interface Tunnel 1.
Page 551
2163 multicasts, 0 errors Private address: 10.0.1.4 Public address : 192.168.180.137 ADVPN port : 3546 Behind NAT : No Session type : Hub-Spoke State : Dumb Holding time : 0H 0M 27S Input : 1 packets, 0 data packets, 1 control packets 0 multicasts, 0 errors Output: 16 packets, 0 data packets, 16 control packets 0 multicasts, 0 errors...
Page 552
0 multicasts, 0 errors Interface : Tunnel4 Client name : vpn4 ADVPN domain name : 4 Link protocol : IPsec-GRE Number of sessions: 1 Private address: 40.0.0.3 Public address : 4::4 SA's SPI Inbound: 187199087 (0xb286e6f) [ESP] Outbound: 3562274487 (0xd453feb7) [ESP] Behind NAT : No Session type...
Page 553
Behind NAT : No Session type : Hub-Spoke State : Dumb Holding time : 0H 0M 27S Input : 1 packets, 0 data packets, 1 control packets 0 multicasts, 0 errors Output: 16 packets, 0 data packets, 16 control packets 0 multicasts, 0 errors # Display detailed information about the IPv4 ADVPN tunnel with peer private IP address 10.0.1.3 on interface Tunnel 1.
Field Description ADVPN tunnel state: • Success—The tunnel has been already established. State • Establishing—The tunnel is being established. • Dumb—The tunnel failed to be established and is now quiet. Holding time Duration time since the tunnel stayed in the current state, in the format of xH yM zS. Statistics for incoming packets, including the numbers of all packets, data packets, Input control packets, multicast packets, and erroneous packets.
Parameters interface tunnel number: Clears statistics for IPv6 ADVPN tunnels on an IPv6 ADVPN tunnel interface specified by the interface number. If you do not specify this option, the command clears statistics for all IPv6 ADVPN tunnels. private-address private-ipv6-address: Clears statistics for the IPv6 ADVPN tunnel with the specified peer private IPv6 address.
Parameters client-name: Specifies a VAM client by its name, a case-insensitive string of 1 to 63 characters that can include only letters, digits, and dots (.). compatible advpn0: Specifies ADVPN V0 packet format. If you do not specify this keyword, packets are not compatible with ADVPN V0 format.
Page 559
Usage guidelines After a VAM client is bound to an IPv6 ADVPN tunnel interface, the client registers IPv6 private networks for the tunnel interface with the VAM server. A VAM client can be bound to only one IPv6 ADVPN tunnel interface. Examples # Bind VAM client abc to IPv6 ADVPN tunnel interface Tunnel 1.
You can also use this command to arrange existing WAAS classes in a WAAS policy. A WAAS class without any actions is not used to match packets. HP recommends that you configure a WAAS class by modifying a predefined WAAS class. Examples # Use predefined WAAS class AFS in WAAS policy waas_global, and enter the view of WAAS class AFS.
<Sysname> system-view [Sysname] waas policy waas_global [Sysname-waaspolicy-waas_global] class AFS [Sysname-waaspolicy-waas_global-AFS] # Use predefined WAAS class AOL in WAAS policy waas_global, insert it before AFS, and enter the view of WAAS class AOL. <Sysname> system-view [Sysname] waas policy waas_global [Sysname-waaspolicy-waas_global] class AOL insert-before AFS [Sysname-waaspolicy-waas_global-AOL] # Change the position of WAAS class AOL in WAAS policy waas_global by inserting it before AFS, and enter the view of WAAS class AOL.
Table 114 Command output Field Description Match Match criterion of the WAAS class. Related commands match tcp • waas class • display waas policy Use display waas policy to display WAAS policies. Syntax display waas policy [ policy-name ] Views Any view Predefined user roles network-admin...
Field Description passthrough Action that does not perform any optimization. Related commands class • optimize • passthrough • • waas policy display waas session Use display waas session to display WAAS session information. Syntax Centralized devices in standalone mode: display waas session { ipv4 | ipv6 } [ client-ip client-ip ] [ client-port client-port ] [ server-ip server-ip ] [ server-port server-port ] [ peer-id peer-id ] [ verbose ] Distributed devices in standalone mode/centralized devices in IRF mode: display waas session { ipv4 | ipv6 } [ client-ip client-ip ] [ client-port client-port ] [ server-ip server-ip ]...
Page 564
verbose: Displays detailed information about WAAS sessions. If you do not specify this keyword, the command displays brief information about WAAS sessions. slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays WAAS session information for all cards.
Page 565
Average Latency: 0 usec Decode status: Bytes in: 329 Bytes out: 393 Bypass bytes: 63 Space saved: 16% Average Latency: 2 usec DRE section: Encode status: Bytes in: 0 Bytes out: 0 Bypass bytes: 314 Space saved: 0% Average latency: 0 usec Decode status: Bytes in: 399 Bytes out: 332...
Page 566
Bytes in: 0 Bytes out: 0 Bypass bytes: 314 Space saved: 0% Average latency: 0 usec Decode status: Bytes in: 399 Bytes out: 332 Bypass bytes: 0 Space saved: 0% Chunk miss: 0 Collision: 0 Average latency 23 usec Total 2 sessions found. Table 116 Command output Field Description...
Field Description Bytes in Number of input bytes. Bytes out Number of output bytes. Bypass bytes Number of bytes bypassed by DRE. • Compression ratio: (1–Bytes out/Bytes in) x 100. Space saved • Decompression ratio: (1–Bytes in/Bytes out) x 100. Average latency in milliseconds for the last compression or decompression.
Page 568
Examples # Display DRE statistics for all peer devices. <Sysname> display waas statistics dre Peer-ID: 0016-9d38-ca1d Peer version: 1.0 Cache in storage: 19426304 bytes Index number: 75884 Age: 00 weeks, 00 days, 00 hours, 00 minutes, 33 seconds Total connections: 1 Active connections: 0 Encode Statistics Dre msgs: 2...
Page 569
# Display DRE statistics for a specific peer device. <Sysname> display waas statistics dre peer 0016-9d38-ca1d Peer-ID: 0016-9d38-ca1d Peer version: 1.0 Cache in storage: 33554944 bytes Index number: 131074 Age: 00 weeks, 00 days, 00 hours, 21 minutes, 31 seconds Total connections: 2 Active connections: 0 Encode Statistics...
Field Description • Compression ratio: (1–Bytes out/Bytes in) x 100. Space saved • Decompression ratio: (1–Bytes in/Bytes out) x 100. Average latency in milliseconds for the last compression or Average Latency decompression. When multiple CPUs are available on a card, the average latency is the latency time divided by the number of CPUs.
Field Description Total Active Total number of active WAAS connections. connections Total data storage Disk space used by all metadata. Metadata are original data that have indexes in the size dictionary. Total index number Total number of dictionary indexes. Blacklist Hold-time Aging time for blacklist entries.
ip-address ip-address: Specifies an IPv4 address for matching TCP packets. mask-length: Specifies the mask length for the IPv4 address, in the range of 0 to 32. The default is 32. mask: Specifies the mask for the IPv4 address. The default is 255.255.255.255. ipv6-address ipv6-address: Specifies an IPv6 address for matching TCP packets.
Default No optimization actions are configured for a WAAS class. Views WAAS policy class view Predefined user roles network-admin Parameters tfo: Specifies TFO. dre: Specifies DRE. lz: Specifies LZ compression. Usage guidelines If you configure both this command and the passthrough command, the most recent configuration takes effect.
Views WAAS policy class view Predefined user roles network-admin Usage guidelines The pass-through action allows packets to pass through unoptimized. If you configure both this command and the optimize command, the most recent configuration takes effect. Examples # Configure the pass-through action for WAAS class AFS. <Sysname>...
reset waas statistics dre Use reset waas statistics dre to clear DRE statistics. Syntax reset waas statistics dre [ peer-id peer-id ] Views User view Predefined user roles network-admin network-operator Parameters peer-id peer-id: Specifies a peer device by its bridge MAC address in the format of H-H-H. If you do not specify a peer device, this command clears DRE statistics for all peer devices.
waas apply policy Use waas apply policy to apply a WAAS policy to an interface. Use undo waas apply policy to restore the default. Syntax waas apply policy [ policy-name ] undo waas apply policy Default No WAAS policy is applied to an interface. Views Interface view Predefined user roles...
Specifies a name for the WAAS class, a case-insensitive string of 1 to 63 characters. Usage guidelines If the WAAS class to be created already exists, this command enters its view directly. HP recommends that you configure a WAAS class by modifying a predefined WAAS class (see Table 120).
waas config restore-default Use waas config restore-default to restore predefined WAAS settings. Syntax waas config restore-default Views System view Predefined user roles network-admin Usage guidelines This command restores the predefined WAAS policy and WAAS classes to their configurations when the WAAS process starts for the first time.
Page 580
HP recommends that you configure a WAAS policy by entering the predefined WAAS policy view and modifying the predefined WAAS policy. The predefined WAAS policy is created by the system when the WAAS process starts for the first time. The predefined WAAS policy uses all predefined WAAS classes.
Default The aging time for autodiscovery blacklist entries is 5 minutes. Views System view Predefined user roles network-admin Parameters minutes: Specifies the aging time for autodiscovered blacklist entries, in the range of 1 to 10080 minutes. Usage guidelines An aging timer is started when a blacklist entry is created. The system automatically deletes an autodiscovered blacklist entry to make room for a new blacklist entry when the aging timer expires.
Predefined user roles network-admin Usage guidelines The DRE optimization action configured in a WAAS policy takes effect only when DRE is enabled. Examples # Disable DRE. <Sysname> system-view [Sysname] undo waas tfo optimize dre Related commands display waas status waas tfo optimize lz Use waas tfo optimize lz to enable LZ compression.
Page 589
Syntax waas tfo receive-buffer buffer-size undo waas tfo receive-buffer Default The TFO receiving buffer size is 64 KB. Views System view Predefined user roles network-admin Parameters buffer-size: Specifies the TFO receiving buffer size in the range of 32 to 16384 KB. Usage guidelines The TFO receiving buffer size affects network throughput.
AFT commands Commands and descriptions for centralized devices apply to the following routers: MSR1002-4/1003-8S. • MSR2003. • MSR2004-24/2004-48. • • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. address Use address to add an address range to an AFT address group. Use address to remove an address range from an AFT address group.
Related commands aft address-group aft address-group Use aft address-group to create an AFT address group and enter its view. Use undo aft address-group to delete an AFT address group. Syntax aft address-group group-number undo aft address-group group-number Default No AFT address group exists. Views System view Predefined user roles...
undo aft enable Default AFT is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines You must enable AFT on interfaces connected to the IPv4 network and interfaces connected to the IPv6 network. Examples # Enable AFT on GigabitEthernet 2/0/1. <Sysname>...
[Sysname] aft log enable Related commands display aft configuration aft prefix-ivi Use aft prefix-ivi to configure an IVI prefix. Use undo aft prefix-ivi to delete an IVI prefix. Syntax aft prefix-ivi prefix-ivi undo aft prefix-ivi prefix-ivi Default No IVI prefix exists. Views System view Predefined user roles...
undo aft prefix-nat64 prefix-nat64 prefix-length Default No NAT64 prefix exists. Views System view Predefined user roles network-admin Parameters prefix-nat64: Specifies a NAT64 prefix. prefix-length: Specifies the NAT64 prefix length. The value for this argument can be 32, 40, 48, 56, 64, or 96.
Predefined user roles network-admin Examples # Set the ToS field to 0 for IPv4 packets translated from IPv6 packets. <Sysname> system-view [Sysname] aft turn-off tos aft turn-off traffic-class Use aft turn-off traffic-class to set the Traffic Class field to 0 for IPv6 packets translated from IPv4 packets. Use undo aft turn-off traffic-class to restore the default.
Predefined user roles network-admin Parameters acl: Identifies IPv4 packets for address translation. AFT translates destination addresses for IPv4 packets permitted by the ACL. number acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 3999. name acl-name: Specifies an IPv4 ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.
Page 597
Default The device does not have IPv4-to-IPv6 source address translation policies. Views System view Predefined user roles network-admin Parameters ipv4-address: Specifies an IPv4 address. vpn-instance vpn-instance-name4: Specifies an MPLS L3VPN instance to which the IPv4 address belongs. The vpn-instance-name4 argument is a case-sensitive string of 1 to 31 characters. To specify the IPv4 address on the public network, do not specify this option.
no-pat: Specifies the NO-PAT mode. If you do not specify the keyword, AFT uses the PAT mode. port-block-size blocksize: Specifies the port block size in the range of 100 to 64512. If you specify this option, this command divides the port range (1024 to 65535) by the port block size. For example, if you set the port block size to 1000, the port range is divided into port blocks 1024 to 2023, 2024 to 3023, and so on.
There are 3 AFT address groups. Group number Start address End address 202.110.10.10 202.110.10.15 202.110.10.20 202.110.10.25 202.110.10.30 202.110.10.35 # Display information about AFT address group 1. <Sysname> display aft address-group 1 Group number Start address End address 202.110.10.10 202.110.10.15 Table 121 Command output Field Description There are n AFT address groups...
Page 602
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card on the device. If you do not specify an IRF member device or card, this command displays AFT mappings for all cards in the IRF fabric.
Field Description Member ID of the device in the IRF fabric. (Centralized devices in IRF Slot 0 mode.) Slot number of the card and the member ID of the device in the IRF fabric. Slot 0 in chassis 1 (Distributed devices in IRF mode.) IPv4 IPv4 address information.
Field Description VPN instance to which the original IPv6 address belongs. If the IPv6 IPv6 VPN address does not belong to a VPN instance, this field is not displayed. Total entries found Total number of AFT port block mapping entries. display aft session Use display aft session to display information about AFT sessions.
Page 609
destination-ip destination-ipv6-address: Specifies the destination IPv6 address of the packets that initiate AFT sessions. vpn-instance vpn-instance-name6: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. To displays AFT sessions for the public network, do not specify this option. slot slot-number: Specifies a card by its slot number.
Field Description Member ID of the device in the IRF fabric. (Centralized devices in IRF Slot 0 mode.) Slot number of the card and the member ID of the device in the IRF Slot 0 in chassis 1 fabric. (Distributed devices in IRF mode.) Initiator Session information about the initiator.
Page 612
Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays AFT statistics for all cards. (Distributed devices in standalone mode.) slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays AFT statistics for all member devices.
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 617
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 618
Index A B C D E F G H I K L M N O P R S T U V W...