Ruijie RG-S2600G-I Series Cli Reference Manual

Ruijie RG-S2600G-I Series Cli Reference Manual

Rgos 10.4
Table of Contents

Advertisement

Quick Links

CLI Reference Guide
RG-S2600G-I Series Switches
RGOS 10.4(3b16)
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RG-S2600G-I Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Ruijie RG-S2600G-I Series

  • Page 1 CLI Reference Guide RG-S2600G-I Series Switches RGOS 10.4(3b16)
  • Page 2 This document is provided “as is”. The contents of this document are subject to change without any notice. Please obtain the latest information through the Ruijie Networks website. Ruijie Networks endeavors to ensure content accuracy and will not shoulder any responsibility for...
  • Page 3 Preface Version Description ® This manual matches the software version RGOS 10.4(3b16). Target Readers This manual is intended for the following readers:  Network engineers  Technical salespersons  Network administrators Conventions in this Document 1. Universal Format Convention Arial: Arial with the point size 10 is used for the body. Note: A line is added respectively above and below the prompts such as caution and note to separate them from the body.
  • Page 4 Warning, danger or alert in the operation. Caution Descript, prompt, tip or any other necessary supplement or explanation for the operation. Note The port types mentioned in the examples of this manual may not be consistent with the actual ones. In real network environments, you need configure port types according to the support on various products.
  • Page 6 System Configuration 1. CLI Authorization Configuration Commands 2. Basic Configuration Management 3. HTTP Service Configuration Commands 4. UPGRADE Configuration Commands 5. LINE Configuration Commands 6. File System Configuration Commands 7. Configuration Commands of Configuration File Management 8. CPU-LOG Configuration Commands 9.
  • Page 7 CLI Reference Guide CLI Authorization Configuration Commands CLI Authorization Configuration Commands alias You can use the alias command to configure an alias of a command in the global configuration mode. Use the no form of the command to remove the alias of a specified command or all the aliases under one mode. alias mode command-alias original-command no alias mode command-alias Parameter...
  • Page 8 CLI Reference Guide CLI Authorization Configuration Commands global configuration mode, you can use alias ? to list all the modes under which you can configure alias for commands. Ruijie(config)# alias ? aaa-gs AAA server group mode acl configure mode Configure bgp Protocol...
  • Page 9 CLI Authorization Configuration Commands In the global configuration mode, use def-route to represent the default route setting of ip route 0.0.0.0 0.0.0.0 192.168.1.1: Ruijie# configure terminal Ruijie(config)# alias config def-route ip route 0.0.0.0 0.0.0.0 192.168.1.1 Ruijie(config)#def-route? Examples *def-route="ip route 0.0.0.0 0.0.0.0 192.168.1.1"...
  • Page 10 You can use the key word all to attribute all sub-commands of reload to level-1 users: Ruijie(config)# privilege exec all level 1 reload After the above setting, you can access the CLI window as level-1 user to use all sub commands of the reload command: Ruijie>reload ?
  • Page 11: Show Aliases

    EXEC mode. Show all the configuration of aliases if the command mode Usage has not been input. guidelines Following example shows the command alias in the EXEC mode: Ruijie#show aliases exec exec mode alias: help Examples ping show undebug undebug...
  • Page 12: Banner Login

    This command sets the logging banner message, which is displayed upon login. All characters Usage Guide behind the terminating symbol will be discarded by the system. Configuration The following example shows the configuration of logging banner: Ruijie(config)# banner login $ enter your password $ Examples Related Command Description...
  • Page 13: Boot System

    This command sets the MOTD, which is displayed upon login. The letters entered after the Usage Guide separator will be discarded. The following example shows the configuration of MOTD: Configuration Ruijie(config)# banner motd $ hello,world $ Examples Related Command Description...
  • Page 14 Example 1: Configure the name of the main program to “flash:/rgos.bin” and the name of the backup main program to “flash:/rgos_bak.bin”. Ruijie(config)# boot system 5 flash:/rgos.bin Ruijie(config)# boot system 8 flash:/rgos_bak.bin As “flash:/rgos.bin” is of a higher priority lever, the device will first boot this file. If Configuration “flash:/rgos.bin”...
  • Page 15: Clock Set

    Example 5: Delete all configured filenames of boot main programs. Ruijie(config)# no boot system Clear ALL boot system config? [no] yes Example 6: Configure the boot path and priority of the specified device in VSU mode. Ruijie(config)# boot system switch 3 1 flash:/rgos.bin Related Command Description...
  • Page 16 CLI Reference Guide Basic Configuration Management Configuration The example below configures the current time as 10:20:30AM March 17 2003. Examples Ruijie# clock set 10:20:30 Mar 17 2003 Ruijie# show clock clock: 2003-3-17 10:20:32 Command Description Related Commands show clock Show current clock.
  • Page 17 The privilege level following the disable command must be lower than the current level. The example below lowers the current privilege level of the device down to level 10: Configuration Ruijie# disable 10 Examples Command Description Related...
  • Page 18: Enable Password

    EXEC mode. A lost password that has been encrypted with any method cannot be restored. The only way is to reconfigure the device password. Configuration The example below configures the password as pw10: Ruijie(config)# enable password pw10 Examples Related Command Description...
  • Page 19 "security" password, an alert is provided. The password must be saved in encrypted manner, with simple encryption for the "password" type password and security encryption for the "security" type password. Configuration The example below configures the security password as pw10: Ruijie(config)# enable secret 0 pw10 Examples Command Description Related...
  • Page 20 If the key word http follows the command, only http service is enabled. If the key word https follows the command, only https service is enabled. Configuration The example below enables the SSH Server: Ruijie(Config)# enable service ssh-sesrver Examples Command Description Related...
  • Page 21 If there is no input/output information for this connection within specified time, this connection will Usage Guide be interrupted, and this LINE will be restored to the free status. The example below specifies the connection timeout is 5’30“. Configuration Ruijie(config-line)#exec-timeout 5 30 Examples Related Command Description...
  • Page 22 Ruijie# execute flash:line_rcms_script.text Examples executing script file line_rcms_script.text ..executing done Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# line tty 1 16 Ruijie(config-line)# transport input all Ruijie(config-line)# no exec Ruijie(config-line)# end Related Command Description...
  • Page 23 This command is used to set the mode of Web logon authentication. Use the no ip http Usage Guide authentication command to restore it to the default setting. Configuration The example below sets the mode of Web logon authentication as local: Ruijie(Config)# ip http authentication local Examples Related Command Description...
  • Page 24 This command is used to set the port of the HTTP service. Use the no ip http port command to Usage Guide restore it to the default setting. Configuration The example below set the port of the HTTP service as 8080: Ruijie(Config)# ip http port 8080 Examples Related Command Description...
  • Page 25 The example below specifies the IP address of the interface Loopback1 as the source address Configuration for the global Telnet connection. Examples Ruijie(Config)# ip telnet source-interface Loopback 1 Related Command Description Commands...
  • Page 26 To use the terminal locked function at the terminal, execute the lockable command in the line configuration mode, and enable the characteristic to support the terminal lock in corresponding line. The example below locks a terminal interface: Ruijie(config-line)# lockable Ruijie(config-line)# end Ruijie# lock Configuration Password: <password>...
  • Page 27 CLI Reference Guide Basic Configuration Management Ruijie(config)# line console 0 Examples Ruijie(config-line)# lockable Ruijie(config-line)# end Ruijie# lock Password: <password> Again: <password> Locked Password: <password> Command Description Related Commands lock Lock the terminal. Platform Description login In case the AAA is disabled, to enable simple logon password authentication on the interface, execute the interface configuration command login.
  • Page 28 The example below shows how to associate method list on VTY and perform logon authentication with radius. Ruijie(config)# aaa new-model Configuration Ruijie(config)# aaa authentication login default radius Examples Ruijie(config)# line vty 0 Ruijie(config-line)# login authentication default Command...
  • Page 29 The user here means the one configured with the username command. The example below shows how to set the local user authentication on VTY. Ruijie(config)# no aaa new-model Configuration Ruijie(config)# username test password 0 test Examples Ruijie(config)# line vty 0 Ruijie(config-line)# login local...
  • Page 30: Password Policy

    This command is used to configure safety policy check for local passwords. Configuration Example 1 configures the minimum length of the password to 8. Ruijie(config)# password policy min-size 8 Examples Example 2 configures strong password check. Ruijie(config)# password policy strong Example 3 restricts using the passwords configured in the last five times repeatedly.
  • Page 31 CLI Reference Guide Basic Configuration Management Commands Platform Description privilege mode Please refer to the chapter of configure CLI authorization commands. Parameter Parameter Description Description Defaults Please refer to the chapter of configure CLI authorization commands. Command Mode Please refer to the chapter of configure CLI authorization commands. Usage Guide Please refer to the chapter of configure CLI authorization commands.
  • Page 32 This command is used to restart the device at specified time, which may facilitate the Usage Guide management. Configuration Example 1 configures to restart the system in 10 minutes. Ruijie# reload in 10 Examples Router will reload in 600 seconds Related Command...
  • Page 33 After you execute the service password-encryption and show running or write command to save the configuration, the password transforms into cipher text. If you disable the command, the password in cipher text cannot be restored to plain text. Configuration The example below encrypts the password: Ruijie(config)# service password-encryption Examples Related Command Description...
  • Page 34: Show Boot

    Usage Guide LINE within specified time, this connection will be interrupted, and this LINE will be restored to the free status. Configuration The example below specifies the timeout of session is 5 minutes. Ruijie(config-line)#exec-timeout 5 output Examples Related Command Description...
  • Page 35 When perform the show boot system command, if the corresponding main program does not exist, the size and modified time of the file are also shown as “N/A” Configuration 1.The example below shows the configuration of the startup-config filename: Ruijie# show boot config Examples Boot config file: [/config_main.text] Service config: [Disabled] 2.The example below shows the configuration of network startup-config filename:...
  • Page 36: Show Clock

    CLI Reference Guide Basic Configuration Management 5.The example below shows the main program file name and boot priority of the specified device in VSU mode: Ruijie# show boot system switch 3 Switch 3: Boot system config: ================================================== Prio Size Modified Name ---- --------- ------------------- ------------------ N/A usb1:/rgos.bin...
  • Page 37: Show Line

    Number of the line Command Mode Privileged EXEC mode. Usage Guide This command shows the configuration information of a line. The following example shows the configuration of console port: Ruijie# show line console 0 Type speed Overruns 9600 45927 Line 0, Location: "", Type: "vt100"...
  • Page 38: Show Reload

    Parameter Description Defaults Command Mode Privileged EXEC mode Usage Guide This command is used to show the current filename of the boot main program. Configuration Ruijie# show mainfile Examples MainFile name: /rgos.bin Related Command Description Commands boot system Set the filename of the boot main program.
  • Page 39 CLI Reference Guide Basic Configuration Management Reload scheduled in 595 seconds. At 2003-12-29 11:37:42 Reload reason: test. Related Command Description Commands Platform Description show running-config To show the configuration information current device system is running, execute the privileged user command show running-config. show running-config Parameter Parameter...
  • Page 40 CLI Reference Guide Basic Configuration Management Parameter Parameter Description Description Defaults Command Mode Privileged EXEC mode. The configuration of device stored in the NVRAM is that executed when the device is startup. On devices that do not support the boot config command, startup-config indicates the configuration stored in the default configuration file “/config.text”...
  • Page 41: Show Version

    ,etc. The example below shows the system information. Ruijie# show clock detail clock: 2003-3-17 10:27:21 Configuration Clock read from calendar when system boot. Examples Ruijie# show version System description : Ruijie Dual Stack Multi-Layer Switch(S3760-24) By...
  • Page 42 Defaults Command Mode Privileged EXEC mode Usage Guide The example below is an execution result of the show web-server status command: Ruijie# show web-server status http server status : enabled Configuration http server port : 80 Examples https server status: enabled...
  • Page 43 Usage Guide This command sets the speed at which the terminal transmits packets. The following example shows how to configure the rate of the serial port to 57600 bps: Configuration Ruijie(config)# line console 0 Examples Ruijie(config-line)# speed 57600 Related Command...
  • Page 44 This command is used to log in a telnet server. Example 1 commands telnet to 192.168.1.11, the port uses the default value, and the source interface is specified as Gi 0/1, the queried VRF route table is specified as vpn1. Ruijie# telnet 192.168.1.11 /source-interface gigabitEthernet 0/1 /vrf Configuration vpn1...
  • Page 45 7 only when the encrypted password is copied and pasted. The example below configures a username and password and bind the user to level 15. Configuration Ruijie(config)# username test privilege 15 password 0 pw15 Examples Command Description...
  • Page 46 Basic Configuration Management Example 2 forbids the user test to process all files and catalogs: Ruijie(config)# username test permission null / Example 3 configures the user test to have permissions to read, write and execute all files and catalogs except for the file config.text.
  • Page 47 Use no enable service web-server to disable the HTTP service. The following example enables both HTTP and HTTPS service functions. Ruijie#configure terminal Configuration Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)#enable service web-server Command Description Related show service Shows the system's current service status.
  • Page 48 You can use this command to check files that should be upgraded. Files detected on the server are Usage Guide the latest. The following example checks HTTP upgrade version. Ruijie#http check-version Files need to be updated: web. app name:web version...
  • Page 49 The following example changes the upgrade mode to auto detect mode. Ruijie#configure terminal Configuration Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)#http update mode auto-detect Related Command Description Commands Platform...
  • Page 50 Server address does not support IPV6. The following example configures the server address and port number for HTTP upgrade. Ruijie#configure terminal Configuration Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)#http update server 10.83.132.1 port 90 Related Command Description Commands Platform...
  • Page 51 Mode You can use this command to configure the HTTP auto detect time. The device will connect to Web server (rgos.ruijie.com.cn) on the configured time everyday to detect files that can be upgraded. Usage Guide Information of files acquired can be viewed on the Web interface.
  • Page 52 The following example sets the verification mode as local. Ruijie#configure terminal Configuration Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)#ip http authentication local Related Command Description...
  • Page 53 You can use this command to set HTTP service's port. The following example sets HTTP service's port number as 8080. Ruijie#configure terminal Configuration Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)#ip http port 8080 Command Description Related enable service web-server Enables the HTTP service.
  • Page 54 You can use this command to set HTTPS service's port. The following example sets HTTPS service's port number as 4443. Ruijie#configure terminal Configuration Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)#ip http secure-port 4443 Command Description Related Enables the HTTP service. enable service web-server...
  • Page 55 Username and password have three authority levels; each authority level can configure 20 usernames and passwords at most. The following example configures the username and password for the Web login verification. Configuration Ruijie#configure terminal Examples Enter configuration commands, one per line. End with CNTL/Z.
  • Page 56 CLI Reference Guide HTTP Service Configuration Commands Ruijie(config)#webmaster level 0 username ruijie password admin Related Command Description Commands enable service web-server Enables the HTTP service. Platform Description...
  • Page 57 File [chars] is not an install package(version 2.0). Specifically, [chars] indicates the name of the current main program file in the system. Configuration Example: Run the upgrade system command to upgrade the system. Ruijie#upgrade system rgos.bin Examples These images in linecard will be updated: Slot...
  • Page 58 The file synchronized to a non-master device is a file with the same name in the same path as the specified file on the master device. Configuration Example: Run the synchronize filename command to synchronize the rgos.bin file from the master device to each non-master device. Examples Ruijie#synchronize flash:rgos.bin Synchornize file /rgos.bin to slave:/ Device(6): download...
  • Page 59 CLI Reference Guide UPGRADE Configuration Commands file!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!![OK - 10,414,752 bytes] Synchornize file to slave devices successfully! Related Command Description Commands Platform Description...
  • Page 60 Use the show running command to view configuration information under Line. In line vty 0 4, configure access-list for the accepted connections to Examples Ruijie# configure terminal Ruijie(config)# line vty 0 4 Ruijie(config-line)# access-class 10 in Command Description Related...
  • Page 61: Line Vty

    Usage guidelines Access to the specified LINE mode. Enter the LINE mode from LINE VTY 1 to 3: Examples Ruijie(config)# line vty 1 3 Related commands N/A. line vty This command can be used to increase the number of VTY connections currently available. The number of currently available VTY connections can be decreased by using the no form of this command.
  • Page 62 Increase the number of available VTY connections to 20. The available VTY connections are numbered 0--19. Ruijie(config)# line vty 19 Examples Decrease the number of available VTY connections to 10. The available VTY connections are numbered 0-9.
  • Page 63 The setting result is the same as that of transport input none. Specify that only the Telnet protocol is allowed to login in line vty 0 4: Ruijie# configure terminal Examples Ruijie(config)# line vty 0 4 Ruijie(config-line)# transport input telnet Command Description...
  • Page 64: File System Configuration Commands

    Change the above parameter to the directory you want to enter. Use the pwd command to view the present directory. Configuration Example 1: The following example sets usb0 root directory as the present directory: Ruijie# cd usb0:/ Examples Example 1: The following example sets sd root directory as the present directory: Ruijie# cd sd0:/...
  • Page 65 The use of the command depends on the real situations. For the details of the supported file system services of the current commands, refer to the help information in the command lines. Configuration Example 1: Download the file from the tftp server: Ruijie# copy tftp://192.168.201.54/rgos.bin flash:/ Examples...
  • Page 66 CLI Reference Guide File System Configuration Commands Example 2: Upload the file to the tftp server: Ruijie# copy flash:/rgos.bin tftp://192.168.201.54/rgos.bin Example 3: Use the xmodem protocol to download the file: Ruijie# copy xmodem: flash:/config.text Example 4: Copy the file to the U disk: Ruijie#copy flash:/config.text usb0:/config.text...
  • Page 67 If the prefix is not specified in the URL, it indicates to delete the file in the system. This command does not support the wildcard. Example 1: Delete the tmpfile from the present directory: Configuration Ruijie# delete tmpfile Examples Example 2: Delete the rgos.bin.bak from the secondary board: Ruijie# delete slave:/rgos.bin.bak Example 3: Delete the aaa.bin form the SD card:...
  • Page 68 This command does not support the wildcard. Configuration Example 1: Show the file information of the root directory in the slave board: Ruijie# dir slave0:/ Examples Directory of slave:/ Mode Link...
  • Page 69 The solution is that the directory of flash:/backup shall be created before the creation of the directory of flash:/backup/temp. Configuration Example 1: Create the test directory at the root directory: Ruijie# mkdir test Examples Example 2: Create the test2 directory at the root directory of the SD card: Ruijie# mkdir sd0:/test2...
  • Page 70 Ruijie# rename log.txt log.txt.bak Example 4: Move the rgos.bin in the SD card to the flash: Ruijie# rename sd0:/rgos.bin flash:/rgos_bak.bin Example 5: Move the test.txt in the U disk to the SD card: Ruijie# rename usb0:/test.txt sd0:/test2.txt config-interface-vfc)#bind mac-address 001d.0928.b62f Related Command...
  • Page 71 Configuration If there is tmp directory in the present directory and the directory does not contain any files: Ruijie# rmdir tmp Examples Ruijie# ls Related...
  • Page 72: Show File Systems

    Mode Usage Guide Use this command to show the file systems supported in the present devices and the available space condition in the file system. Configuration Show the file system information: Ruijie# show file systems Examples Related Command Description Commands...
  • Page 73 Use the end command or enter CTRL+C to return to the privileged guidelines EXEC mode. Use the exit command to return to the global configuration mode. The following example switches to the archive configuration mode: Ruijie# configure terminal Examples Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# archive Command...
  • Page 74 Archive log management configuration mode Usage N/A. guidelines The following example prohibits showing the passwords in the configuration log: Ruijie# configure terminal Examples Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# archive Ruijie(config-archive)# log config Ruijie(config-archive-log-config)# hidekeys Command...
  • Page 75: Logging Enable

    EXEC mode. Use the exit command to return to the archive configuration mode. The following example switches to the archive log management configuration mode: Ruijie# configure terminal Examples Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# archive Ruijie(config-archive)# log config...
  • Page 76 CLI Reference Guide Configuration Commands of Configuration File Management The following example enables the function of logging the configuration change: Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)# archive Ruijie(config-archive)# log config Ruijie(config-archive-log-config)# logging enable...
  • Page 77 CLI Reference Guide Configuration Commands of Configuration File Management Ruijie(config)# archive Ruijie(config-archive)# log config Ruijie(config-archive-log-config)# logging size 50 Command Description Enter the archive configuration Related archive mode. commands Enter archive log config management configuration mode. notify syslog Use this command to allow sending the configuration change notification to the remote log server. The no form of this command can be used to prohibit sending the configuration change notification to the remote log server.
  • Page 78 CLI Reference Guide Configuration Commands of Configuration File Management Enter the archive log management log config configuration mode. Enable the function of logging the logging enable configuration change. show archive log config Use this command to show the entry information of the configuraiton log. show archive log config {{all | start-num [end-num]} [provisioning | contenttype [plaintext]] | statistics} Parameter...
  • Page 79 If the provisioning is specified, show the configuraitons in the format that is in the configuration files. The following example shows the configuration logs numbered 1 to 2: Ruijie# show archive log config 1 2 idx sess user@line datetime...
  • Page 80 CLI Reference Guide Configuration Commands of Configuration File Management Config Log Session Info: Number of sessions being tracked: 1 Memory being held: 1270 bytes Total memory allocated for session tracking: 1270 bytes Total memory freed from session tracking: 0 bytes Config Log log-queue Info: Number of entries in the log-queue: 3 Memory being held in the log-queue: 671 bytes...
  • Page 81: Show Cpu

    Usage information in 5sec, 1 min and 5 min, and the CPU guidelines utilization of every task in 5sec, 1 min and 5 min. Ruijie# show cpu ======================================= CPU Using Rate Information CPU utilization in five seconds: 25% CPU utilization in one minute : 20%...
  • Page 82 CLI Reference Guide CPU-LOG Configuration Commands dhcpa_task dhcpsnp_task igmp_snp mstp_event GVRP_EVENT rldp_task rerp_task reup_event_handler tpp_task ip6timer rtadvd tnet6 tnet Tarptime gra_arp Ttcptimer ef_res ef_rcv_msg ef_inconsistent_daemon ip6_tunnel_rcv_pkt res6t tunrt6 ef6_rcv_msg ef6_inconsistent_daemon imid nsmd ripd ripngd ospfd ospf6d bgpd pimd pim6d pdmd dvmrpd vty_connect aaa_task...
  • Page 83 CLI Reference Guide CPU-LOG Configuration Commands psnpd igsnpd coa_recv co_oper co_mac radius_task tac+_acct_task tac+_task dhcpd_task dhcps_task dhcpping_task dhcpc_task uart_debug_file_task ssp_init_task rl_listen ikl_msg_operate_thread bcmDPC bcmL2X.0 bcmL2X.0 bcmCNTR.0 bcmTX bcmXGS3AsyncTX bcmLINK.0 bcmRX mngpkt_rcv_thread mngpkt_recycle_thread stack_task stack_disc_task redun_sync_task conf_dispatch_task devprob_task rdp_snd_thread rdp_rcv_thread rdp_slot_change_thread datapkt_rcv_thread keepalive_link_notify rerp_msg_recv_thread...
  • Page 84 CLI Reference Guide CPU-LOG Configuration Commands rl_con idle In the list above, the first 3 lines indicates the system CPU utilization in 5sec, 1min and 5min, including LISR, HISR and task. Then, it describes the detailed CPU utilization distribution:  No:Sequence number ...
  • Page 85 This example shows how to set the low and high threshold of the cpu log utilization limit to 70% and 80% respectively. Ruijie(config)# cpu-log log-limit 70 80 The console prompts as follows when the CPU utilization rate is more than 80%: Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: CPU utilization in one minute : 95% ,Using most cpu's task is ktimer : 94%...
  • Page 86 CLI Reference Guide Memory Configuration Commands Memory Configuration Commands memory-lack exit-policy Use this command to set the exit-policy of the upper routing protocol when the memory reaches the lower threshold. The upper routing protocol includes BGP,OSPF,RIP,PIM-SM. memory-lack exit-policy {bgp | ospf | pim-sm | rip} no memory-lack exit-policy Parameter Description...
  • Page 87: Show Memory

    2 minutes later, the routing protocol will be attempting to restart. This example shows how to enable the BGP to exit from Examples the policy prior to other protocols: Ruijie(config)# memory-lack exit-policy bgp Command Description Related Show the current memory usage...
  • Page 88 This example shows the running result of the command show memory Ruijie#show memory System Memory Statistic: Free pages: 1079 watermarks : min 379, lower 758, low 1137, high 1516 System Total Memory : 128MB, Current Free Memory : 5283KB...
  • Page 89 The main  Note routing protocols are BGP, OSPF, RIP, LDP, PIM, ISIS, and ect. This example shows the result of the command show memory protocols: Ruijie(config)# show memory protocols ==================================================== protocol |memory(byte) Examples 102000000 OSPF 24000000...
  • Page 90: Clear Logging

    This command clears the log packets from the memory buffer. You cannot clear the statistics of the Usage Guide log packets. Configuration The following example clears the log packets from the memory buffer. Ruijie# clear logging Examples Command Function Related logging on Record logs on different devices.
  • Page 91 CLI Reference Guide Syslog Configuration Commands Size of the buffer is related to the specific device: Description For the kernel / aggregation switches, 4K to 10M bytes. buffer-size For the access switches, 4K to 1M Bytes. For other devices, 4K to 128K Bytes. Severity of logs, 0 to 7.
  • Page 92: Logging Console

    The configuration example below allows logs at and below severity 6 to be recorded in the memory Configuration buffer sized 10,000 bytes. Examples Ruijie(config)# logging buffered 10000 6 Command Description Related logging on Record logs on different devices.
  • Page 93: Logging Facility

    This command enables the log statistics function. The statistics begins when the function is Usage Guide enabled. If you run no logging count, the statistics function is disabled and the statistics data is deleted. Enable the log statistics function: Configuration Ruijie(config)# logging count Examples Command Description Related show logging count Show the log statistics.
  • Page 94 CLI Reference Guide Syslog Configuration Commands no logging facility Parameter Description Parameter Syslog device value. For detailed configuration value, refer to the Description facility-type usage guidelines. Local7(23). Defaults Command Global configuration mode. Mode The following table (Table-2) is the possible device value of Syslog: Table-2 Numerical Code Facility...
  • Page 95 CLI Reference Guide Syslog Configuration Commands Configuration Following is to set the device value of Syslog as kernel: Ruijie(config)# logging facility kern Examples Command Description Related Set the severity of logs that are allowed to be displayed on the Commands logging console console.
  • Page 96: Logging File Flash

    The example below records the logs into the expansion FLASH, with the name trace.txt, file size Configuration 128K and log severity 6. Examples Ruijie(config)# logging file flash:trace Command Description logging on Record logs on different devices. Related...
  • Page 97: Logging Monitor

    The log level defined with "Logging monitor" is for all VTY windows. Configuration The example below sets the severity of log that is allowed to be printed on the VTY window as 6: Ruijie(config)# logging monitor informational Examples Command Description Record logs on different devices.
  • Page 98 If this switch is turned off, no log will be displayed or recorded unless the severity level is greater than 1. Configuration The following example disables the log switch in the equipment. Ruijie(config)# no logging on Examples Command Description Record logs to an internal buffer.
  • Page 99 The example below sets the number of the logs (including debug) processed in a second as 10. Configuration However, the logs with warning or higher severity level are not controlled: Examples Ruijie(config)#logging rate-limit all 10 except warnings Command Description Show the log statistics.
  • Page 100 The following example sets the number of logs, including debug, allowed to be redirected from the Configuration slave device to the host per second to 10. The limit is not imposed on logs on the warning or higher error level: Examples Ruijie(config)#logging rd rate-limit 10 except warnings Related Command Description...
  • Page 101: Logging Server

    The example below specifies a syslog server at address 202.101.11.1: Ruijie(config)# logging server 202.101.11.1 Configuration The example below specifies an ipv6 address as AAAA:BBBB:FFFF: Examples Ruijie(config)# logging server ipv6 AAAA:BBBB:FFFF Command Description logging on Record logs on different devices. Related...
  • Page 102 IP address of the source interface is configured, the source IP address of the log message is still that of the interface from which the message is sent. Configuration The example below specifies loopback 0 as the source address of the syslog messages: Ruijie(config)# logging source interface loopback 0 Examples Related Command...
  • Page 103 IP address of the log message is still that of the interface from which the message is sent. Configuration The example below specifies the 192.168.1.1 as the source address of the syslog messages: Ruijie(config)# logging source ip 192.168.1.1 Examples Command...
  • Page 104 This command enables synchronization function of user input and log output, preventing the user Usage Guide from interrupting when keying in the characters. Ruijie(config)#line console 0 Ruijie(config-line)#logging synchronous Print UP-DOWN logs on the port when keying in the command, the input command will be output...
  • Page 105: Logging Trap

    The show logging command displays the related setting parameters and statistics of the log. The example below enables logs at severity 6 to be sent to the Syslog Server at address Configuration 202.101.11.22: Ruijie(config)# logging 202.101.11.22 Examples Ruijie(config)# logging trap informational Command Description logging on Reocrd logs on different devicds. Related Record logs to the Syslog server.
  • Page 106 The following example shows the results of the log files in the FLASH as you can see: Ruijie# more flash://f2/log.txt Configuration look up file in the extended flash://f2/log.txt Examples 00004 2004-11-17 4:1:32 Ruijie: %5:Reload requested by Administrator. Reload Reason :Reload command Command Function Related...
  • Page 107 In the private log format, there is no “*” before the timestamp and no “:” after it and no “%” before the identification string. Configuration The following example adjusts the log format to the private one: Ruijie(config)# service private-syslog Examples Command Description...
  • Page 108 The difference between the standard and default log format lies in the timestamp. In the standard log format, there is no “*” before the timestamp and no “:” after it. Configuration The following example adjusts the log format to the standard one: Ruijie(config)# service standard-syslog Examples Command Description...
  • Page 109: Service Timestamps

    This command allows you to decide whether to add system name in the log information. Add system name in the log information: Mar 22 15:28:02 %SYS-5-CONFIG: Configured from console by console Ruijie #config terminal Enter configuration commands, one per line. End with CNTL/Z. Configuration...
  • Page 110: Show Logging

    Ruijie(config)# service timestamps debug datetime msec Configuration Ruijie(config)# service timestamps log datetime msec Examples Ruijie(config)# end Ruijie(config)# Oct 8 23:04:58.301 %SYS-5-CONFIG I: configured from console by console Command Description Related logging on Record logs on different devices.
  • Page 111 Trap logging: level informational, 15242 message lines logged,0 fail logging to 202.101.11.22 logging to 192.168.200.112 Log Buffer (Total 131072 Bytes): have written 1336, 015487: *Sep 19 02:46:13: Ruijie %LINK-3-UPDOWN: Interface FastEthernet 0/24, Configuration changed state to up. Examples 015488: *Sep 19 02:46:13: Ruijie %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet 0/24, changed state to up.
  • Page 112 You can use show logging command to check whether the log statistics function is enabled. The following is the execution result of show logging count: Configuration Ruijie# show logging count Examples Module Name Message Name Sev Occur...
  • Page 113: Terminal Monitor

    This command can be also used on the console, but it does not take effect. Configuration The following example configures to allow printing log information on the current VTY window: Ruijie# terminal monitor Examples Related Command...
  • Page 114: Cluster Management Configuration Commands

    The following example sets the MAC address of the commander as 00d0.f800.aaac: Ruijie(config)# cluster commander-address 00d0.f800.aaac Examples The following example removes the device from the cluster and clear the cluster related information on this device:...
  • Page 115 Input the show cluster command in the Privileged EXEC mode to guidelines show the related configurations. The following example sets the cluster topology discovery hop-count as 4. Examples Ruijie(config)# cluster discovery hop-count 4 Command Description Related Show the basic information of commands...
  • Page 116: Cluster Enable

    CLI Reference Guide Cluster Management Configuration Commands show cluster Show the candidate devices. candidates show cluster Show the member devices. member cluster enable Use this command to create a cluster, set the cluster name and specify a serial number for the commander device.
  • Page 117: Cluster Holdtime

    CLI Reference Guide Cluster Management Configuration Commands The following example creates a cluster named clus0, with the serial of commander device 3. Examples Ruijie(config)# cluster enable clus0 3 Command Description Show the basic information of the show cluster cluster which device belongs.
  • Page 118: Cluster Member

    CLI Reference Guide Cluster Management Configuration Commands The following example sets the holdtime as 120. Examples Ruijie(config)# cluster holdtime 120 Command Description Show the basic information of the show cluster cluster which device belongs. Related commands show cluster Show the candidate devices.
  • Page 119: Cluster Run

    The following example adds the device with MAC address 00d0.f8fe.1007 to the cluster, and specify the serial number as 1. Examples Ruijie(config)# cluster member 1 mac-address 00d0.f8fe.1007 Command Description Show the basic information of the...
  • Page 120 Input the command show cluster in the Privileged EXEC mode to show the related configurations. The following example disables the cluster function Examples Ruijie(config)# no cluster run Command Description Show the basic information of the cluster...
  • Page 121: Cluster Timer

    Privileged EXEC mode to show guidelines the related configurations. The following example sets the IP address of the cluster-shared TFTP server as 172.10.1.1 Examples Ruijie(config)# cluster tftp-server 172.10.1.1 Command Description Show the basic information of the show cluster cluster...
  • Page 122 This command can be executed on the commander device only. Input guidelines the command show cluster to show the related configurations. The following example sets the timer as 80. Examples Ruijie(config)# cluster holdtime 80 Command Description Show the basic information of the show cluster...
  • Page 123 Ruijie(config)# cluster tftp-server 172.10.1.1 Examples Ruijie(config)# exit Ruijie# rcommand 1 Ruijie-1# //Enter the command line interface of the member device. Ruijie-1# copy cluster-tftp:config.text flash: //Use the cluster TFTP proxy. Command Description Show the basic information of the show cluster cluster...
  • Page 124: Show Cluster

    CLI Reference Guide Cluster Management Configuration Commands Parameter Description The number of the member device to be number logged on, in the range of 0 to 255. Parameter Log on the commander device from the description commander member device. The MAC address of the member device mac-address H.H.H to be logged on.
  • Page 125 MAC address of the commander device are displayed on the member device. The following example shows the basic information of the cluster on the commander device. Ruijie# show cluster Cluster: clus0<Command switch> Member number: Command switch mac address: 00d0.f822.33ac...
  • Page 126: Show Cluster Candidates

    CLI Reference Guide Cluster Management Configuration Commands members cluster, including the commander device and member device. Status Cluster member status. Time since last Time since the last status change. status change Cluster timer Set the cluster timer. Cluster holdtime Set the cluster holdtimer. Cluster discovery Set the cluster discovery hop...
  • Page 127: Show Cluster Member

    CLI Reference Guide Cluster Management Configuration Commands The following example shows the candidate devices on the commander devices. Ruijie# show cluster candidates Hops LcPort UpSN UpMAC UpPort --------------- ---- ------ ---- --------------- ------- 00d0.f8fe.43d2 1 Fa0/2 00d0.f8fe.1007 Fa0/3 00d0.f8fe.a861 2 Fa0/5 00d0.f8fe.43d2 Fa0/12...
  • Page 128 2 00d0.f8fe.a861 switch-3 2 up Fa0/5 1 00d0.f8fe.43d2 Fa0/12 The following example shows the details of member devices on the commander. Examples Ruijie# show cluster member detail Device 'switch-1' with member number 0 (Command Switch) Device type: S2628G MAC address: 00d0.f8fe.1007...
  • Page 129 Upstream port: Fa0/12 Hops from command device: 2 The following example shows the member devices on the member device2. Ruijie# show cluster member SN MAC Name Hops State LcPort UpSN UpMAC UpPort -- -------------- ------- -- ---- ------- ---- --------- ------ 0 00d0.f8fe.1007 switch-1 0 up<Cmdr>...
  • Page 130 CLI Reference Guide Cluster Management Configuration Commands Cluster member number of the UpSN uplink device. UpMAC MAC address of the uplink device. Port connecting with the member UpPort device on the uplink device. Command Description cluster enable Create a cluster. Related Add a member device into the cluster member...
  • Page 131 Examples The following example synchronizes all the files other than the starup-config files. Ruijie(config)# redundancy Ruijie(config-red)# no auto-sync startup-config Ruijie(config-red)# exit auto-sync time-period Use this command to configure the auto-sync time-period of runing-config and startup-config when the dual supervisor engines is redundant. Use the no form of this command to disable the function.
  • Page 132 Ruijie(config-red)# exit Examples The following example disables auto-sync: Ruijie(config)# redundancy Ruijie(config-red)# no auto-sync time-period Redundancy auto-sync time-period: disabled. Ruijie(config-red)# exit redundancy Use this command to enter redundancy configuration mode in the global configuration mode. redundancy Command mode Global configuration mode.
  • Page 133: Redundancy Reload

    The redundancy reload peer does not affect the data transfer. Usage During the resetting of the Slave, the data transfer is not guidelines disconnected and the user session information is not lost. Ruijie# redundancy reload peer Examples Reload peer? [confirm] y Preparing to reload peer Command...
  • Page 134 Ruijie# redundancy forceswitch Examples Proceed with switchover to standby PRE? [confirm]y Command...
  • Page 135 CLI Reference Guide Redundancy Configuration Commands Ruijie# config terminal Ruijie(config)# redundancy Ruijie(config-red)# Examples Ruijie(config-red)# switchover timeout 4000 Ruijie(config-red)# exit Ruijie(config)# exit Ruijie(config)# show redundancy auto-sync Use command show redundancy auto-sync to show the current redundancy auto-sync mode in user EXEC or privileged EXEC mode. For the detailed information, please refer to auto-sync description in previous text.
  • Page 136 Usage guidelines N/A. Ruijie> enable Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie# show redundancy states Examples Redundancy states: My state = 19 -ACTIVE peer state = 37 -STANDBY HOT show redundancy switchtimeout Use show redundancy switchtimeout command to show current redundanct switchover timeout time in user EXEC or privileged EXEC mode.
  • Page 137 Default Command srm-policy configuration mode mode Usage guidelines Example 1: In the srm-policy configuration mode, execute "cpu" command to enter the owner-cpu Examples configuration mode. Ruijie(config-srm-policy)#cpu Ruijie(config-owner-cpu)# Command Description resource Enter the SRM configuration mode. Related manager commands policy Create the monitoring policy and...
  • Page 138 Example 1: Configure a resource user group named rgos_group and add the snmpd into the group, and finally apply the monitoring policy to the group. Examples Ruijie#configure terminal Ruijie(config)#resource manager Ruijie(config-srm)#user group rgos_group Router(config-res-group)#instance snmpd Command Description Related resource commands Enter the SRM configuration mode.
  • Page 139 CLI Reference Guide SRM Configuration Commands Usage guidelines Example 1: In the srm-policy configuration mode, execute "memory" command to enter the owner-memory Examples configuration mode. Ruijie(config-srm-policy)#memory Ruijie(config-owner-memory)# Command Description resource Enter the SRM configuration mode. Related manager commands policy Create the monitoring policy and enter policy-name the SRM-policy configuration mode.
  • Page 140 CLI Reference Guide SRM Configuration Commands rgos_policy. Ruijie(config)#resource manager Ruijie(config-srm)#policy rgos_policy global Ruijie(config-srm-policy)# Example 2: Configure a user monitoring policy named rgos_policy. Ruijie(config)#resource manager Ruijie(config-srm)#policy rgos_policy Ruijie(config-srm-policy)# Command Description Related Enter commands resource manager configuration mode. policy policy-name In the config-res-group configuration mode, execute "policy policy-name" command to associate the group with monitoring policy.
  • Page 141 "show version" command. Default Command Global configuration mode. mode Usage guidelines Example: Enter the SRM configuration mode. Ruijie(config)#resource manager Examples Ruijie(config-srm)# Command Description Related commands rising In the owner-memory or owner-cpu configuration mode, execute rising command to configure monitoring waterlines.
  • Page 142 Caution be greater than that of major. Example 1: Configure critical waterline. Ruijie(config-srm-policy)#memory Examples Ruijie(config-owner-memory)#critical rising 80 falling 15 interval 10 Command Description Enter configuration resource manager mode.
  • Page 143 Example 1: Configure a user monitoring policy named rgos_policy and apply to snmpd. Ruijie#configure terminal Examples Ruijie(config)#resource manager Ruijie(config-srm)#policy rgos_policy Ruijie(config-srm-policy)#exit Ruijie(config-srm)#user snmpd rgos_policy Command Description Enter the SRM configuration resource manager Related mode. commands Create the monitoring policy...
  • Page 144 Usage guidelines Example 1: Configure a global monitoring policy named rgos_policy and apply to the global resource user group. Ruijie#configure terminal Examples Ruijie(config)#resource manager Ruijie(config-srm)#policy rgos_policy global Ruijie(config-srm-policy)#exit Ruijie(config-srm)#user global rgos_policy Command Description Enter resource manager configuration mode. Related...
  • Page 145: User Group

    Command SRM configuration mode. mode Usage guidelines Example 1: Configure a resource user group named rgos_group. Ruijie#configure terminal Examples Ruijie(config)#resource manager Ruijie(config-srm)#user group rgos_group Router(config-res-group)# Command Description Related resource commands Enter the SRM configuration mode. manager show resource database Display the SRM database information, including information about resource owner, resource user group and resource users.
  • Page 146 CLI Reference Guide SRM Configuration Commands subsystem Subsystem id (range: 0-1), equivalent to the subsystem-i cpu id displayed after executing "show version" command. Default Command Global configuration mode. mode Usage guidelines...
  • Page 147 CLI Reference Guide SRM Configuration Commands Example 1: Display the information of all SRM databases. Ruijie#show resource database Resource Owners ------------------------------------------------------- --------- Memory Resource Users Priority ------------------------------------------------------- --------- Ktimer PROT_TASK Atimer APP_TASK printk_task APP_TASK_TS waitqueue_process PROT_TASK tasklet_task PROT_TASK Examples cmic_pause_detect...
  • Page 148 Subsystem id (range: 0-1), equivalent to subsystem the cpu id displayed after executing "show subsystem-id version" command. Default Command Global configuration mode. mode Usage guidelines Example 1: Display statistics of all SRM monitoring Examples notifications. Ruijie#show resource notification owner all...
  • Page 149 CLI Reference Guide SRM Configuration Commands Owner: cpu Global Global Notif.(cr(U/D):ma(U/D):mi(U/D)) ----------------------------------------------------- -------- global Not in monitored Multi-User Group User Notif.(cr(U/D):ma(U/D):mi(U/D)) ----------------------------------------------------- -------- rgnos_group (cr(0/0):ma(0/0):mi(0/0)) Single-User Group User Notif.(cr(U/D):ma(U/D):mi(U/D)) ----------------------------------------------------- -------- ktimer (cr(0/0):ma(0/0):mi(0/0)) Owner: memory Global Global Notif.(cr(U/D):ma(U/D):mi(U/D)) ----------------------------------------------------- ---------- global Not in monitored Multi-User...
  • Page 150 CLI Reference Guide SRM Configuration Commands ---------- ktimer (cr(0/0):ma(0/0):mi(0/0)) Field Description Global Global resource usage Multi-User Group Multi-user resource user group Single-User Group Single-user resource user group Notifications of global policy Global Notif. monitoring waterline Notifications user policy User Notif. monitoring waterline Times of passing critical, major and minor waterlines;...
  • Page 151 SRM Configuration Commands Command Global configuration mode. mode Usage guidelines Example 1: Display SRM resource usage status. Ruijie#show resource owner all Resource Owner: CPU Used Ratio(%): 5Sec -- 93, 1Min -- 93, 5Min – 93 RU Group Runtime(ms) 5Sec 1Min...
  • Page 152 CLI Reference Guide SRM Configuration Commands datapkt_rcv_thread 1604700 rdp_slot_change_thread 1604700 printk_task 2172590 idle 2172590 Resource Owner: memory Total Size(B): 536870912 Used Size(B): 143081472 Used Ratio(%): 27 RU Group Allocated Size(B) Alloc Cnt Free Cnt ----------------------------------------------------- ---------- local-1 Allocated Size(B) Alloc Cnt Free Cnt ----------------------------------------------------- ----------...
  • Page 153 CLI Reference Guide SRM Configuration Commands gc_task context kswapd bdflush kupdate Field Description Total Size(B) Total memory size (byte) Used Size(B) Used memory size (byte) Used Ratio(%) Resource utilization. RU Group Resource user group Resource user Allocated memory size Allocated Size(B) (byte) Alloc Cnt Memory allocation count...
  • Page 154 Default Command Global configuration mode mode Usage guidelines Example 1: Display all SRM policy information. Ruijie#show resource policy all policy Name: rgnos_global_policy ----------------------------------------------------- ----------- Type: Global In Use: No RO memory: critical rising 98 interval 2600 falling 40 interval 2600...
  • Page 155 CLI Reference Guide SRM Configuration Commands critical rising 89 interval 2900 falling 20 interval 2900 major rising 86 interval 3800 falling 40 interval 3800 minor rising 61 interval 5900 falling 10 interval 5900 Policy Name: rgnos_policy3 ----------------------------------------------------- ----------- Type: User In Use: No RO memory: critical rising 92 interval 2500 falling 20 interval 2500...
  • Page 156 CLI Reference Guide SRM Configuration Commands Command Global configuration mode. mode Usage guidelines Example 1: Display all SRM association information Ruijie#show resource relationship Policy Resource User User Type ----------------------------------------------------- ---------- global global Global Group rgnos_policy1 rgnos_group Multi-User Group rgnos_policy ktimer...
  • Page 157 Default Command Global configuration mode. mode Usage guidelines Example 1: Display all RU group information. Ruijie#show resource user all Total resource user group: 2. Multi-User Group: rgnos_group ----------------------------------------------------- ----- Policy: rgnos_policy1 User: Resource Owner: memory Allocated Size(B): 0...
  • Page 158 CLI Reference Guide SRM Configuration Commands Alloc Cnt: Free Cnt: Resource Owner: cpu Runtime(ms) 5Sec 1Min 5Min 3685640 Field Description Multi-user resource user Multi-User Group group Single-user resource user Single-User Group group Policy Monitoring policy User Resource user Resource Owner Resource owner Allocated memory...
  • Page 159 Command Privileged EXEC mode Mode Usage Guide The following example configures the maximum number of policy-based routes to 100: Configuration Ruijie(config)# initialization route pbr ? Examples <1-256> Max number of policy-based route entry Ruijie(config)# initialization route pbr 100 Related Command...
  • Page 160 Privileged EXEC mode Mode Usage Guide The following example configures the maximum number of IPv6 tunnel interface to 100: Configuration Ruijie(config)# initialization route tunnel-termination ? Examples <1-128> Max number of tunnel termination entry Ruijie(config)# initialization route tunnel-termination 100 Related Command...
  • Page 161 Use this command to show the configuration value, the current running value and the default value of all types of hardware entry capacities. The following example displays the hardware entry capacity: Configuration Ruijie #show initialization route Examples config running default policy-based route entry:...
  • Page 162 Ethernet Switching Configuration Commands 1. Interface Configuration Commands 2. MAC Address Configuration Commands 3. Aggregate Port Configuration Commands 4. LACP Configuration Commands 5. VLAN Configuration Commands 6. Protocol VLAN Configuration Commands 7. Private VLAN Configuration Commands 8. Share VLAN Configuration Commands 9.
  • Page 163: Interface Configuration Commands

    DCD carrier interruption period is shorter than the time used for route aggregation, you should raise the parameter to avoid unnecessary route oscillation. The following example shows how to configure the carrier delay of serial interface Configuration as 5 seconds: Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config)# carrier-delay 5 Related Command...
  • Page 164: Clear Counters

    In the privileged EXEC mode, use the show interfaces command to display If no interface is Usage Guide counters or the clear counters command to clear counters. specified, the counters on all interfaces will be cleared. Configuration Ruijie# clear counters gigabitethernet 1/1 Examples Command Description Related Commands show interfaces Show the interface information.
  • Page 165 CLI ReferenceInterface Configuration Commands Interface Configuration Commands port, routing port, and member port of the L3 aggregate port. This command is equivalent to the shutdown and no shutdown commands. Configuration Ruijie# clear interface gigabitethernet 1/1 Examples Command Description Related Commands shutdown Shutdown the interface.
  • Page 166 Auto. Command Mode Interface configuration mode. The duplex mode is associated with the interface type. Use show interfaces to Usage Guide display the interface duplex mode. Configuration Ruijie(config-if)# duplex full Examples Related Command Description Commands show interfaces Show the interface information.
  • Page 167 Command Mode Interface configuration mode. Usage Guide Use show interfaces to display the flow control configurations. This example shows how to enable flow control on fastEthernet port 1/1: Configuration Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# flowcontrol on Related Command Description Commands Show the interface information.
  • Page 168 Usage Guide with the ones of the aggregate port. You can use show interfaces or show interfaces aggregateport commands to display the interface configuration. Ruijie(config)#interface aggregateport 3 Configuration Ruijie(config-if)# Examples...
  • Page 169: Interface Fastethernet

    Global configuration mode. The command does not support the no parameter, so this interface type cannot be Usage Guide deleted. Use show interfaces or show interfaces fastEthernet to display the interface configuration. Ruijie(config)# interface fastEthernet 1/2 Configuration Ruijie(config-if)# Examples Related...
  • Page 170: Interface Vlan

    Interface Configuration Commands The command does not support the no parameter, so this interface type cannot be Usage Guide deleted. Use show interfaces or show interfaces gigabitEthernet to display the interface configuration. Ruijie(config)# interface gigabitEthernet 1/2 Configuration Ruijie(config-if)# Examples Related...
  • Page 171 VLAN ID. Its range depends by products. Defaults Command Mode Global configuration mode. Use show interfaces or show interfaces vlan to display the interface Usage Guide configuration. Ruijie(config)# interface vlan 2 Configuration Ruijie(config-if)# Examples Command Description Related Commands show interfaces Show the interface information.
  • Page 172 Interface configuration mode. This command is used to show the line status and locate the cause of a line failure; Usage Guide for example, the line is broken. Ruijie(config)#interface gigabitEthernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)#line-detect Interface : GigabitEthernet 0/1 start cable-diagnoses,please wait...
  • Page 173 CLI ReferenceInterface Configuration Commands Interface Configuration Commands The number of line pairs included. For example, pairs the twisted pair comprises four pairs of lines. Status of the current line pair: OK, Short or Open. In general, the 100 Mbit/s twisted pairs A state and B are OK, C and D are Short.
  • Page 174 CLI ReferenceInterface Configuration Commands Interface Configuration Commands type is changed, the attributes of the new port type take default values, which can be modified as needed. Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# medium-type copeer Examples Command Description Related Commands show interfaces Show the interface information.
  • Page 175 Usage Guide If you use the script to run no shutdown frequently, the system may display the interface status reversal. Shut down Ap 1: Ruijie(config)# interface aggregateport 1 Ruijie(config-if)# shutdown Configuration Enable Ap 1: Examples Ruijie(config)# interface aggregateport 1...
  • Page 176 SNMP sends the LinkTrap when the link status of the interface changes. Do not send LinkTrap on the interface: Ruijie(config)# interface gigabitEthernet 1/1 Ruijie(config-if)# no snmp trap link-status Configuration Following configuration shows how to configure the interface to forwarding Link Examples...
  • Page 177 Use the show interfaces command to display the configuration. The rate allowed to be set varies with the interface type. For example, you cannot set the rate of an SFP interface to 10 Mbps. Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# speed 100...
  • Page 178 In this status, the device will send the Usage Guide information to indicate the connect status. If the interface switches from Layer 2 to Layer 3 mode, all the attributes in Layer 2 mode will be cleared. Configuration Ruijie(config-if)# switchport Examples Related Command Description Commands Show the interface information.
  • Page 179 VLAN. If the port is a trunk port, the operation does not take effect. Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# switchport access vlan 2 Examples Command Description Set up the interface to work in Layer 2 mode (switch port...
  • Page 180 VLAN list of the interface determines the VLANs of the interface. The trunk port is the member of all the VLANs on the allowed VLAN list. Use switchport trunk to define the allowed-VLANs list. Configuration Ruijie(config-if)# switchport mode trunk Examples Command Description...
  • Page 181 By default, a trunk port receives and sends traffic from or to all VLANs (ID 1 to 4094). However, you can prevent the traffic from passing through the trunk by configuring allowed VLAN lists. Use show interfaces switchport to display configuration. Configuration The example below removes port 1/15 from VLAN 2: Ruijie(config)# interface fastethernet 1/15 Examples...
  • Page 182: Show Interfaces

    CLI ReferenceInterface Configuration Commands Interface Configuration Commands Ruijie(config-if)# switchport trunk allowed vlan remove 2 Ruijie(config-if)# end Ruijie# show interfaces fastethernet1/15 switchport Switchport is enabled Mode is trunk port Access vlan is 1,Native vlan is 1 Protected is disabled Vlan lists is...
  • Page 183 CLI ReferenceInterface Configuration Commands Interface Configuration Commands module-id specified modules. Display the status statistics of all member ports in the specified status vlan vlan-id vlans. switchport Information about Layer 2 interface. trunk Trunk port, which applies to physical and aggregate ports. transceiver Basic optical module information.
  • Page 184 CLI ReferenceInterface Configuration Commands Interface Configuration Commands admin duplex mode is AUTO, oper duplex is Unknown admin speed is AUTO, oper speed is Unknown flow receive control admin status is OFF,flow send control admin status is OFF,flow receive control oper status is Unknown,flow send control oper status is Unknown broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm Control is OFF...
  • Page 185 CLI ReferenceInterface Configuration Commands Interface Configuration Commands Port-type: access Vlan id : 2 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer, 0 dropped Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort 0 packets output, 0 bytes, 0 underruns , 0 dropped 0 output errors, 0 collisions, 0 interface resets...
  • Page 186 -40.00(alarm) Example 7 shows the current failure warning information of the optical module on the Gi0/1port. Ruijie# show interfaces gigabitEthernet 0/1 transceiver alarm RX power low TX power low Example 8 shows the packet statistics (0 excluded) information on ports (only...
  • Page 187 CLI ReferenceInterface Configuration Commands Interface Configuration Commands InUcastPkts InMulticastPkts InBroadcastPkts OutOctets : 408 OutUcastPkts OutMulticastPkts OutBroadcastPkts Undersize packets Oversize packets collisions Fragments Jabbers CRC alignment errors : 0 AlignmentErrors FCSErrors dropped packet events (due to lack of resources): 0 packets received of length (in octets): 64 : 0 65-127 : 4 128-255 : 0...
  • Page 188 Example 9 shows the packet statistics of the ports on Module 1/0 (only displays the information of parts of the ports, not the information of all ports). Ruijie# show interfaces counters module 1/0 Interface : GigabitEthernet 1/0/1 5 minutes input rate :0 bits/sec, 0 packets/sec...
  • Page 189 Example 10 shows the packet statistics of all member ports on VLAN 1 (only shows the information of parts of the ports, not the information of all ports). Ruijie# show interfaces counters vlan 1 Interface : GigabitEthernet 1/0/1 5 minutes input rate :0 bits/sec, 0 packets/sec...
  • Page 190 128-255 : 0 256-511 : 0 512-1023 : 0 1024-1518 : 0 Example 11 shows the MTU statistics of the specified GigabitEthernet 0/1 port. Ruijie# show interfaces gigabitethernet 0/1 mtu Interface -------------------------------- ------ GigabitEthernet 0/1 1500 Example 12 shows the status statistics of all ports on Module1/0 (only displays the information of parts of the ports, not the information of all ports).
  • Page 191 Unknown Unknown copper Example 13 shows the status statistics of all member ports in VLAN 1 (only displays the information of parts of the ports, not the information of all ports). Ruijie# show interfaces status vlan 1 Interface Status Vlan...
  • Page 192 CLI ReferenceInterface Configuration Commands Interface Configuration Commands Platform Description...
  • Page 193 IP address but guidelines different source MAC address. This is an example of binding the IP address 3.3.3.3 and the MAC Examples address 00d0.f811.1112. Ruijie(config)# address-bind 3.3.3.3 00d0.f811.1112 Command Description Related Show the IP address-MAC address commands show address-bind binding table.
  • Page 194 Usage If you have installed the exceptional port, you can run this command guidelines to make installation policy take effect. Install fa 0/1 port: Ruijie(config)# address-bind uplink fa0/1 Examples Ruijie(config)# address-bind install Command Function Related Show the exceptional port of the...
  • Page 195 CLI ReferenceInterface Configuration Commands MAC Address Configuration Commands Show the IP address-MAC address commands show address-bind binding table. Platform description address-bind ipv6-mode Use this command to set the IP mode of IP address binding. Set the compatible mode: address-bind ipv6-mode compatible Set the loose mode: address-bind ipv6-mode loose Set the compatible mode:...
  • Page 196 CLI ReferenceInterface Configuration Commands MAC Address Configuration Commands 00do.f822.33aa and forward the corresponding packets: Ruijie# configure t Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# address-bind 00d0.f822.33aa ip 192.168.5.2 Ruijie(config)# address-bind ipv6-mode compatible Command Function Related show address-bind...
  • Page 197 Privileged EXEC mode. Usage Use show mac-address-table dynamic to display all the dynamic guidelines MAC addresses. Clear all the dynamic MAC addresses: Examples Ruijie# clear mac-address-table dynamic Command Description Related show Use this command to display commands mac-address-table dynamic MAC address.
  • Page 198 Usage guidelines Use show mac-address-table dynamic to display the dynamic MAC address table. Examples Ruijie(config)# mac-address-table aging-time 150 Command Description show Use this command to display the aging time mac-address-table Related of the dynamic MAC address. aging-time...
  • Page 199 Global configuration mode. The filtering MAC address shall not be a multicast address. Use Usage show mac-address-table filtering to display the filtering MAC guidelines addresses. Examples Ruijie(config)# mac-address-table filtering 00d0f8000000 vlan 1 Command Description clear Clear filtering mac-address-table Related address.
  • Page 200 MAC address trap message. Ruijie(config)# mac-address-table notification Examples Ruijie(config)# mac-address-table notification interval 40 Ruijie(config)# mac-address-table notification history-size 100 Command Description Set the method of handling...
  • Page 201 MAC address. When the packet destined to 00d0 f800 073c arrives at VLAN4, it will be forwarded to the specified port gigabitethernet 1/1: Examples Ruijie(config)# mac-address-table static 00d0.f800.073c vlan 4 interface gigabitethernet 1/1 Command Description...
  • Page 202 CLI ReferenceInterface Configuration Commands MAC Address Configuration Commands commands show Show the static MAC address. mac-address-table static clear mac-address-table Clear the static MAC address. static Platform description mac-manage-learning dispersive Use this command to set the management and learning mode of the dynamic MAC address to the dispersive mode.
  • Page 203 CLI ReferenceInterface Configuration Commands MAC Address Configuration Commands mode Setting the management and learning mode of the dynamic MAC address to the uniform mode can improve the L2 switching efficiency. Usage After changing the MAC learning mode, you must save it and restart guidelines before the new mode takes effect.
  • Page 204 Use this command to show the exceptional port. show address-bind uplink Command mode Privileged EXEC mode. Usage N/A. guidelines Ruijie# show address-bind uplink Ports State ------------ ------ Examples Fa0/1 Disabled Fa0/2 Disabled …… Command...
  • Page 205 Description address mac-addr Specified MAC address. Parameter description interface interface-id Interface ID vlan vlan-id VLAN ID Command mode Privileged EXEC mode. Ruijie# show mac-address-table address 00d0.f800.1001 Command Vlan MAC Address Type Interface mode ---------- -------------------- -------- 00d0.f800.1001 STATIC Gi1/1 Command...
  • Page 206 Use this command to display the aging time of the dynamic MAC address. show mac-address-table aging-time Command mode Privileged EXEC mode. Ruijie# show mac-address-table aging-time Examples Aging time : 300 Command Description Related Specify the aging time of the dynamic MAC...
  • Page 207 (It may be a physical port or an aggregate port) Default configuration All the MAC addresses are displayed by default. Command mode Privileged EXEC mode. Ruijie# show mac-address-table dynamic Vlan MAC Address Type Interface ------------------------- -------- ------------------- 0000.0000.0001 DYNAMIC gigabitethernet 1/1 Examples 0001.960c.a740...
  • Page 208 Description Parameter mac-addr Destination MAC address of the entry description vlan-id VLAN ID of the entry Command mode Privileged EXEC mode. Ruijie# show mac-address-table filtering Vlan MAC Address Type Interface Examples ------- ----------------- ------- ----------- 0000.2222.2222 FILTER Not available Command...
  • Page 209 CLI ReferenceInterface Configuration Commands MAC Address Configuration Commands Command Privileged EXEC mode. mode Ruijie# show mac-address-table interface gigabitethernet 1/1 Vlan MAC Address Type Interface ----- ------------- -------- ---------------- Examples 00d0.f800.1001 STATIC gigabitethernet 1/1 00d0.f800.1002 STATIC gigabitethernet 1/1 00d0.f800.1003 STATIC gigabitethernet 1/1 00d0.f800.1004 STATIC...
  • Page 210 Show the MAC address notification history history. Default The MAC address notification configuration is shown by default. configuration Command Privileged EXEC mode. mode Ruijie# show mac-address-table notification interface Interface MAC Added Trap MAC Removed Trap --------- -------------- -------------- Examples GigabitEthernet1/14 Disabled...
  • Page 211 CLI ReferenceInterface Configuration Commands MAC Address Configuration Commands Maximum Number of entries configured in History Table:1 Current History Table Length: 0 Ruijie# show mac-address-table notification history History Index: 0 MAC Changed Message: Operation:ADD Vlan: 1 MAC Addr: 00f8.d012.3456 GigabitEthernet 3/1...
  • Page 212 Use this command to show all types of MAC addresses of the specified VLAN show mac-address-table vlan [vlan-id] Parameter Description Parameter description vlan-id VLAN ID of the entry Command mode Privileged EXEC mode. Ruijie# show mac-address-table vlan 1 Vlan MAC Address Type Interface ---------- -------------------- -------- --------- Examples 00d0.f800.1001 STATIC gigabitethernet 1/1 00d0.f800.1002...
  • Page 213 Command mode Interface configuration mode. Usage Use show mac-address-table notification interface to display guidelines configuration. Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# snmp trap mac-notification added Command Description mac-address-table Enable MAC address notification. Related notification commands show Show the MAC address notification...
  • Page 214 CLI ReferenceInterface Configuration Commands Aggregate Port Configuration Commands Aggregate Port Configuration Commands aggregateport load-balance Use this command to configure the load-balancing algorithm for an aggregate port (AP). Use the no form of this command to restore the default load-balancing configuration. aggregateport load-balance { dst-mac | src-mac | src-dst-mac | dst-ip | src-ip | src-dst-ip | src-port | src--dst-ip-l4port } no aggregateport load-balance...
  • Page 215 Command Global configuration mode. Mode Usage Guide Use show aggregateport load-balance command to display load-balancing algorithm configuration. Configuration Configure the MAC address-based load-balancing. Ruijie(config)# aggregateport load-balance dst-mac Examples Related Command Description Commands show aggregateport load-balance Use this command to display aggregateport configurations.
  • Page 216 Usage Guide Information of all aggregate ports will be displayed unless you specify an interface number of the aggregate port. Configuration See the configuration information of Aggregate Port 1. Ruijie# show aggregateport 1 summary Examples AggregatePort MaxPorts SwitchPort Mode Ports...
  • Page 217 Default configuration By default, the LACP function is disabled on the interface. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# port-group 1 mode active Command Description Related commands lacp port-priority Set the LACP port priority.
  • Page 218 AggregatePort 1. In this case, please modify the configuration to cancel the related configuration of forbidding the member ports to leave the AP, otherwise the normal packets transmission on the AP will be influenced. Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# lacp port-priority 4096 Command...
  • Page 219 MAC address is, the higher the priority is. All LACP groups on the switch share the system priority. Changing the system priority may influence the whole aggregation groups on the switch. Examples Ruijie(config)# lacp system-priority 4096 Command Description Enable the LACP on the port...
  • Page 220 Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show LACP summary Flags:S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode.
  • Page 221 CLI ReferenceInterface Configuration Commands LACP Configuration Commands Show the system port ID. Port Show the port state flag: ―S‖ indicates that the LACP is stable and in the state of periodically sending Flags LACPPDU; ―A‖ indicates that the port is in the active mode.
  • Page 222: Vlan Configuration Commands

    The following example adds the interface GigabitEthernet 0/10 into the VLAN20. Ruijie# configure terminal Examples SwitchA(config)#vlan 20 SwitchA(config-vlan)#add interface GigabitEthernet 0/10 Ruijie# show interface GigabitEthernet 0/10 switchport Interface Switchport Mode Access Native Protected VLAN lists ---------- -------- ----- ----- ---- ---------- -------...
  • Page 223 Gi0/6,Gi0/7,Gi0/8,Gi0/9,Gi0/10 The following example adds the AggregatePort10 into the VLAN20. Ruijie# configure terminal SwitchA(config)#vlan 20 SwitchA(config-vlan)#add interface aggregateport 10 Ruijie# show interface aggregateport 10 switchport Interface Switchport Mode Access Native Protected VLAN lists ---------- -------- ----- ----- ---- ---------- -------...
  • Page 224: Show Vlan

    Command Privileged EXEC mode. mode Usage Guide To return to the privileged EXEC mode, input end or pressing Ctrl+C. To return to the global configuration mode, input exit. Ruijie# show vlan id 1 Configuration VLAN Name Status Ports Examples ----------- ------------- ------------...
  • Page 225 VLAN ID. If the VLAN ID already exists, the command adds the port to the VLAN. If the port is a trunk port, the operation does not take effect. Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# switchport access vlan 2 Examples Related Command...
  • Page 226 VLAN list of the interface determines the VLANs to which the interface may belong. The trunk port is the member of all the VLANs in the allowed VLAN list. Use the switchport trunk command to define the allowed-VLANs list. Ruijie(config-if)# switchport mode trunk Configuration Examples...
  • Page 227 The example below removes port 1/15 from VLAN 2: Configuration Ruijie(config)# interface fastethernet 1/15 Examples Ruijie(config-if)# switchport trunk allowed vlan remove 2 Ruijie(config-if)# end Ruijie# show interfaces fastethernet1/15 switchport Interface Switchport Mode Access Native Protected VLAN lists --------- --------- --------- ---------...
  • Page 228 Default VLAN (VLAN 1) cannot be removed. Defaults Command Global configuration mode. mode Usage Guide To return to the privileged EXEC mode, input end or pressing Ctrl+C. To return to the global configuration mode, input exit. Ruijie(config)# vlan 1 Configuration Ruijie(config-vlan)# Examples Related Command Description Commands Show member ports of the VLAN.
  • Page 229 Description Description Profile indexes type Type of message and Ethernet Defaults Command Global configuration mode. mode Usage Guide Ruijie(config)# protocol-vlan profile 1 frame-type Configuration ETHERII ether-type aarp Examples Related Command Description Commands show protocol-vlan profile show protocol-vlan profile num no protocol-vlan profile...
  • Page 230 Description Description Profile indexes VLAN ID, the maximal VLAN the product supports. Defaults Command Interface mode. mode Usage Guide Ruijie(config-if)# protocol-vlan profile 1 vlan 101 Configuration Examples Related Command Description Commands show protocol-vlan profile show protocol-vlan profile num no protocol-vlan profile...
  • Page 231 CLI ReferenceInterface Configuration Commands Protocol VLAN Configuration Commands Examples Related Command Description Commands Platform Description...
  • Page 232 Configure it as the primary VLAN. Delete the corresponding private VLAN configuration. Default configuration No private VLAN is configured. Command mode VLAN configuration Mode. Ruijie(config)# vlan 22 Examples Ruijie(config-vlan)# private-vlan primary Command Description Related commands show vlan private-vlan Platform description The software version must be RGOS10.1 and later.
  • Page 233 VLAN and all the secondary VLANs. Default configuration No association. Command mode Primary VLAN configuration Mode. Ruijie(config)# vlan 22 Examples Ruijie(config-vlan)# private-vlan association add 24-26 Command Description Related commands show vlan private-vlan Platform description The software version must be RGOS10.1 and later. private-vlan mapping Use this command to map the secondary VLAN to the L3 SVI interface.
  • Page 234 Parameter Description p_vid Primary VID. Parameter s_vid Secondary VID description Delete the host port from the private VLAN. Command mode Interface configuration mode. Ruijie(config)# interface gigabitEthernet 0/1 Examples Ruijie(config-if)# switchport mode private-vlan host Ruijie(config-if)# switchport private-vlan host-association 22 23...
  • Page 235 Delete the host port from the private VLAN. Command mode Interface configuration mode. Ruijie(config)# interface gigabitEthernet 0/2 Ruijie(config-if)# switchport mode trunk Examples Ruijie(config-if)# switchport private-vlan association trunk 202 Command Description Related commands show vlan private-vlan Platform description The software version must be RGOS10.4 (3) and later.
  • Page 236 No promiscuous secondary VLAN is configured. Command mode Hybrid interface configuration mode of private VLAN Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode private-vlan Examples promiscuous Ruijie(config-if)# switchport private-vlan mapping 22 add 23-25 Command Description Related commands show vlan private-vlan Platform description The software version must be RGOS10.1 and later.
  • Page 237 CLI ReferenceInterface Configuration Commands Private VLAN Configuration Commands Ruijie(config-if)# switchport private-vlan promiscuous trunk 202 Command Description Related commands Platform The software version must be RGOS10.4 (3) and later. description Showing Related Commands  show vlan private-vlan show vlan private-vlan Show the configuration of private VLAN.
  • Page 238 Default configuration No default VLAN is configured. Command mode Interface mode. Ruijie(config-if)# switchport hybrid native vlan 3 Examples Platform description The software version must be RGOS10.1 and later. switchport hybrid allowed vlan Use this command to configure the output rules of a hybrid port.
  • Page 239 Restore the output rules of the hybrid port to the description default settings. Default configuration No output rules are configured. Command mode Interface mode. Examples Ruijie(config-if)# switchport hybrid allowed vlan add untagged 3-5 Platform description The software version must be RGOS10.1 and later.
  • Page 240 Use the no share command to cancel the share vlan. Enter the end command or Ctrl+C to return to the Usage privileged EXEC mode. guidelines Enter the exit command to return to the global configuration mode. Ruijie(config)# vlan 2 Examples Ruijie(config-vlan)# share Command Description Related commands...
  • Page 241 Enter the end command or Ctrl+C to return to the privileged EXEC mode. Usage guidelines Enter the exit command to return to the global configuration mode. Ruijie# show mac-address-table share Vlan MAC Address Type Interface Status Examples ---- -------------- ------- ----------- ---------- 0040.4650.1e1e DYNAMIC Gigabit 0/1 original...
  • Page 242: Voice Vlan Configuration Commands

    5) RSPAN Remote VLAN and Voice VLAN cannot be the same VLAN, or it influences the remote port mirror and the Voice VLAN function. The following example shows how to set the VLAN2 as the Voice VLAN: Examples Ruijie(config)# vlan 2...
  • Page 243  Note The aging time is valid for the auto-mode only. The following example shows how to set the Voice VLAN aging time Examples as 10 minutes: Ruijie(config)# voice vlan aging 10 Command Description Related Show Voice VLAN configurations commands show voice vlan and the current state.
  • Page 244 Voice VLAN CoS and guidelines DSCP value. The following example shows how to set the Voice VLAN CoS value as 5: Examples Ruijie(config)# voice vlan cos 5 Command Description Related Show Voice VLAN configurations commands show voice vlan and the current state.
  • Page 245 Voice VLAN CoS and DHCP value. The following example shows how to set the Voice VLAN DSCP value as 40: Examples Ruijie(config)# voice vlan dscp 40 Command Description Related Show Voice VLAN configurations commands show voice vlan and the current state.
  • Page 246 CLI ReferenceInterface Configuration Commands Voice VLAN Configuration Commands Ruijie(config-if)# voice vlan enable Command Description Related Show Voice VLAN configurations commands show voice vlan and the current state. voice vlan mac-address Use this command to set the recognizable Voice VLAN OUI address. Use the no form of this command to remove the OUI address.
  • Page 247 VLAN of the port cannot be set as the Voice VLAN for the normal function performance. The Trunk Port/Hybrid Port on the Ruijie product can transmit the packets in all VLANs by default. First remove the Voice VLAN from the allowed VLAN list for the port,...
  • Page 248 Voice Vlan by using the command. The following example shows how to set the Voice VLAN on the interface FastEthernet 0/1 work in the auto mode: Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-vlan)# voice vlan mode auto Command Description Related Show Voice VLAN configurations...
  • Page 249 VLAN rule. The following example shows how to enable the Voice VLAN security Examples mode: Ruijie(config)# voice vlan security enable Command Description Related Show Voice VLAN configurations commands show voice vlan and the current state.
  • Page 250: Show Voice Vlan Oui

    Voice VLAN Configuration Commands Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie(config)# show voice vlan Voice VLAN status: ENABLE Voice VLAN ID: 2 Voice VLAN security mode: Security Voice VLAN aging time: 5 minutes Voice VLAN cos: 6 Examples...
  • Page 251 Settings N/A. Command mode Privileged EXEC mode. Usage N/A. guidelines Ruijie(config)# show voice vlan oui Mask Description --------------- --------------- --------------- 0001.e300.0000 ffff.ff00.0000 Siemens phone 0003.6b00.0000 ffff.ff00.0000 Cisco phone 0004.0d00.0000 ffff.ff00.0000 Avaya phone 0060.b900.0000 ffff.ff00.0000 Philips/NEC phone 00d0.1e00.0000 ffff.ff00.0000 Pingtel phone 00e0.7500.0000 ffff.ff00.0000 Polycom phone...
  • Page 252 VLAN to the voice VLAN. The following example shows the MAC address of the voice device learnt on the current device. Ruijie(config)# show voice vlan mac-address MAC Address Interface Descriptoin 0012.3456.7890...
  • Page 253 CLI ReferenceInterface Configuration Commands Voice VLAN Configuration Commands commands voice vlan Set the OUI address for the mac-address voice packet recognized by the mac-addr mask Voice VLAN. oui-mask [description text]...
  • Page 254 MAC VLAN function is enabled on this port. guidelines The MAC VLAN function can be enabled on the hybrid port only. Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# interface fastethernet 0/10 Examples Ruijie(config-if)# mac-vlan enable Ruijie(config-if)# no mac-vlan enable Ruijie(config-if)# end...
  • Page 255 MAC address and VLAN. Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# mac-vlan mac-address 0001.0001.0001 vlan 100 priority 3 Ruijie(config)# mac-vlan mac-address 0002.0002.0000 mask ffff.ffff.0000 vlan 200 priority 5...
  • Page 256 MAC-VLAN entry of the single MAC address is shown. Usage guidelines If the parameters mac-address and mask are both specified, the MAC-VLAN entries in the specified MAC address range are shown. Ruijie# show mac-vlan all The following MAC VLAN addresses exist: S: Static D: Dynamic MAC ADDR...
  • Page 257 Privileged EXEC mode. Usage With the MAC VLAN function enabled on the port, use this command to verify whether the configuration is successful. guidelines Ruijie# show mac-vlan interface MAC VLAN is enabled on following interface: Examples --------------------------------------- fastethernet 0/3 fastethernet 0/10...
  • Page 258: Mstp Configuration Commands

    Description Indicates that the BPDU frames from any MAC address are received. Defaults Disabled Interface configuration mode Command Mode Usage Guide Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# bpdu src-mac-check 00d0.f800.1e2f Examples Command Description Related Commands Platform Description clear spanning-tree counters This command is used to clear statistics of STP receiving/transmitting packets.
  • Page 259 CLI ReferenceInterface Configuration Commands MSTP Configuration Commands Command Mode Privileged EXEC mode. Usage Guide Configuration Ruijie# clear spanning-tree counters Examples Command Description show spanning-tree Show statistics of Related Commands STP receiving/transmitting counters packets Platform Description clear spanning-tree detected-protocols This command is used to force the interface to send the RSTP BPDU frames and check the BPDU frames.
  • Page 260 Show the method used for calculating path cost. pathcost counters Show statistics of STP receiving/transmitting packets. Defaults Command Mode Privileged EXEC mode Usage Guide Configuration Ruijie# show spanning-tree hello-time Examples Command Description spanning-tree pathcost Set the pathcost calculation method. method spanning-tree forward-time Set BridgeForwardDelay.
  • Page 261 Show the link type of an interface. Defaults Command Mode Privileged EXEC mode Usage Guide Configuration Ruijie# show spanning-tree interface gigabitethernet 1/5 Examples Command Description spanning-tree bpdufilter Enable the BPDU filter feature on an interface. Enable the portfast on an interface.
  • Page 262 If the values do not meet the condition, the settings will fail. Example 1: Enable the spanning-tree function: Ruijie(config)# spanning-tree Configuration Examples Example 2: Configure the BridgeForwardDelay: Ruijie(config)# spanning-tree forward-time 10 Command Description Show the global STP configuration. Related Commands show spanning-tree spanning-tree mst cost Set the PathCost of an STP interface.
  • Page 263 Description disabled Disable the Autoedge of an interface. Enabled Defaults Command Mode Interface configuration mode Usage Guide Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# spanning-tree autoedge disabled Examples Command Function Related Commands Show the STP configuration information of an show spanning-tree interface interface.
  • Page 264 CLI ReferenceInterface Configuration Commands MSTP Configuration Commands Command Mode Interface configuration mode Usage Guide Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# spanning-tree bpduguard enable Examples Command Description Related Commands show spanning-tree interface Show the STP configuration of an interface. Platform Description spanning-tree bpduguard This command is used to enable the BPDU guard function on an interface.
  • Page 265 Description Disabled Defaults Command Mode Interface configuration mode Usage Guide Configuration Ruijie(config)# spanning-tree compatible enable Examples Command Description Related Commands Platform Description spanning-tree guard loop This command is used to enable loop guard on an interface to prevent the root port or backup port from generating loop as the result that they cannot receive bpdu.
  • Page 266 Description Defaults Disabled Interface configuration mode Command Mode Usage Guide Configuration Ruijie(config)# spanning-tree guard none Examples Command Description Related Commands Platform Description spanning-tree guard root This command is used to enable the root guard on an interface to prevent the change of current root bridge position because of error configuration and illegal message attacks.
  • Page 267 CLI ReferenceInterface Configuration Commands MSTP Configuration Commands Usage Guide Configuration Ruijie(config)# spanning-tree guard root Examples Command Description Related Commands Platform Description spanning-tree ignore tc This command is used to enable the tc filtering switch on an interface. You can use the no option of this command to disable the tc filtering switch on the interface.
  • Page 268 For a full-duplex interface, its link type is point-to-point link by default; for a half-duplex Defaults interface, its link type is shared by default. Command Mode Interface configuration mode Usage Guide Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# spanning-tree link-type Examples point-to-point Command...
  • Page 269 This example shows how to set the max-hops of the spanning tree to 10 for all MST instances: Configuration Ruijie(config)# spanning-tree max-hops 10 Examples You can verify your setting by entering the show spanning-tree mst command in privileged EXEC mode.
  • Page 270 Rapid spanning tree protocol (IEEE 802.1w) mstp Multiple spanning tree protocol (IEEE 802.1s) Defaults MSTP version Command Mode Global configuration mode Usage Guide Configuration Ruijie(config)# spanning-tree mode stp Examples Command Description Related Commands show spanning-tree Show the spanning-tree configuration. Platform Description spanning-tree mst configure This command is used to enter the MST configuration mode in the global configuration mode and configure the MSTP region.
  • Page 271 This example shows how to enter the MST configuration mode, and map VLANs 3, 5 to 10 to MST instance 1: Ruijie(config)# spanning-tree mst configuration Ruijie(config-mst)# instance 1 vlan 3, 5-10 Ruijie(config-mst)# name region 1 Ruijie(config-mst)# revision 1 Ruijie(config-mst)# show spanning-tree mst configuration...
  • Page 272 This example shows how to set the path cost to 400 on an interface associated with instances 3: Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# spanning-tree mst 3 cost 400 Examples You can verify your settings by entering the show spanning-tree mst interface interface-id command in privileged EXEC mode.
  • Page 273 This example shows how to set the priority of gigabitethernet 1/1 to 10 in instance 20: Ruijie(config)# interface gigabitethernet 1/1 Configuration Ruijie(config-if)# spanning-tree mst 20 port-priority 0 Examples You can verify your settings by entering the privileged command ―show spanning-tree mst instance-id ‖...
  • Page 274 CLI ReferenceInterface Configuration Commands MSTP Configuration Commands no spanning-tree [ mst instance-id ] priority Parameter Description instance-id Instance ID in the range of 0 to 64 Parameter Device priority, for which sixteen integers are available: Description 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, priority 32768, 36864, 40960, 45056, 49152,53248, 57344 and 61440, all of which are multiples of 4096.
  • Page 275 CLI ReferenceInterface Configuration Commands MSTP Configuration Commands The following example sets the device priority of Instance 20 to 8192. Ruijie(config-if)# spanning-tree mst 20 priority 8192 Configuration You can verify your settings by entering the privileged command ―show spanning-tree mst Examples instance interface instance-id‖.
  • Page 276 Command Mode Global configuration mode Once the BPDU filter is enabled, the BPDU message is neither received nor sent on the Usage Guide interface. You can use the show spanning-tree command to display the configuration. Ruijie(config)# spanning-tree portfast bpdufilter default Configuration...
  • Page 277 Once the BPDU guard is enabled on the interface, you will enter the error-disabled status if Usage Guide the BPDU message is received at the interface. You can use the show spanning-tree command to display the configuration. Configuration Ruijie(config)# spanning-tree portfast bpduguard default Examples Command Description Related Commands show spanning-tree interface Show the global STP configuration.
  • Page 278 CLI ReferenceInterface Configuration Commands MSTP Configuration Commands Description Defaults Disabled Command Mode Global configuration mode Usage Guide Configuration Ruijie(config)# spanning-tree portfast default Examples Command Description Related Commands show spanning-tree interface Show the global STP configuration. Platform Description spanning-tree reset This command is used to restore the spanning-tree configuration to default. This command does not have the no option.
  • Page 279 Description Description Disabled Defaults Command Mode Interface configuration mode Usage Guide Configuration Ruijie(config-if)# spanning-tree tc-guard Examples Command Description Related Commands Platform Description spanning-tree tc-protection This command is used to enable tc-protection globally. You can use the no option of this command to disable tc- protection globally.
  • Page 280 Parameter Description Defaults Disabled Global configuration mode Command Mode Usage Guide Configuration Ruijie(config)# spanning-tree tc-protection tc-guard Examples Command Description Related Commands Platform Description spanning-tree tx-hold-count This command is used to configure the TxHoldCount of the STP in the global configuration mode and the maximum number of the BPDU messages sent in one second.
  • Page 281 CLI ReferenceInterface Configuration Commands MSTP Configuration Commands Usage Guide Configuration Ruijie(config)# spanning-tree tx-hold-count 5 Examples Command Description Related Commands show spanning-tree Show the global MSTP configuration. Platform Description...
  • Page 282 Guidelines Examples Example 1: Enable transparent transmission of BPDU frames on a device. Ruijie(config)# bridge-frame forwarding protocol bpdu Example 2: Disable transparent transmission of BPDU frames on the device. Ruijie(config)# no bridge-frame forwarding protocol bpdu Related Command Description Commands Platform...
  • Page 283 Guidelines Examples Example 1: Enable transparent transmission of GVRP frames on a device. Ruijie(config)# bridge-frame forwarding protocol gvrp Example 2: Disable transparent transmission of GVRP frames on a device. Ruijie(config)# no bridge-frame forwarding protocol gvrp Related Command Description Commands Platform Description bridge-frame forwarding protocol 802.1x...
  • Page 284 CLI ReferenceInterface Configuration CommandsProtocol Frames Transparent Transmission Configuration Commands Ruijie(config)# bridge-frame forwarding protocol 802.1x Example 2: Disable transparent transmission of 802.1X frames on the device. Ruijie(config)# no bridge-frame forwarding protocol 802.1x Related Command Description Commands Platform Description bridge-frame forwarding protocol reserved-multicast Use the bridge-frame forwarding protocol reserved-multicast command to enable transparent transmission of reserved multicast frames.
  • Page 285 Guidelines Examples Example 1: Enable transparent transmission of PVST frames on a device. Ruijie(config)# bridge-frame forwarding protocol cisco-pvst Example 2: Disable transparent transmission of PVST frames on a device. Ruijie(config)# no bridge-frame forwarding protocol cisco-pvst Related Command Description Commands Platform...
  • Page 286: Gvrp Configuration Commands

    Command mode Interface configuration mode. Usage show gvrp configuration show related guidelines configurations. Ruijie(config-if)# gvrp applicant state normal Examples Command Description Related show gvrp commands Show the GVRP configurations. configuration gvrp dynamic-vlan-creation Use this command to control whether to allow creating the vlan dynamically. Use the no form of this command to restore it to the default setting.
  • Page 287 Command mode Global configuration mode. Usage show gvrp configuration show related guidelines configurations. Ruijie(config)# gvrp dynamic-vlan-creation enable Examples Command Description Related show gvrp commands Show the GVRP configurations. configuration gvrp enable Use this command to enable the GVRP function. Use the no form of this command to restore it to the default setting.
  • Page 288 Command mode Interface configuration mode. Usage show gvrp configuration show related guidelines configurations. Ruijie(config-if)# gvrp registration mode normal Examples Command Description Related show gvrp commands Show the GVRP configurations. configuration gvrp timer Use this command to set the GVRP timer. Use the no form of this command to restore it to the default setting.
  • Page 289 Leaveall timer: 10000ms. Command mode Global configuration mode. Usage show gvrp configuration show related guidelines configurations. Ruijie(config)# gvrp timer join 200 Examples Command Description Related show gvrp commands Show the GVRP configurations. configuration Showing Related Commands clear gvrp statistic Use this command to clear the GVRP statistics for re-counting.
  • Page 290: Show Gvrp Configuration

    GVRP Configuration Commands Default Command mode Privileged EXEC mode. Usage guidelines Use the show gvrp statistics to show the statistics. Examples Ruijie# clear gvrp statistics all Command Description Related show gvrp commands Show the GVRP statistics. statistics show gvrp configuration Use this command to show the GVRP configurations.
  • Page 291: Show Gvrp Statistics

    Interface id. Default Command mode Privileged EXEC mode. Usage Use the show gvrp statistics to show the statistics of one interface guidelines or all interfaces. Ruijie# show gvrp statistics gigabitethernet 1/1 Interface GigabitEthernet 3/1 RecValidGvrpPdu RecInvalidGvrpPdu Examples RecJoinEmpty RecJoinIn RecEmpty...
  • Page 292 Use this command to show the GVRP status. show gvrp status Parameter Description Parameter description Default Command mode Privileged EXEC mode. Usage guidelines Use the show gvrp status command to show the GVRP status. Examples Ruijie# show gvrp status Command Description Related commands...
  • Page 293: Lldp Configuration Commands

    CLI ReferenceInterface Configuration Commands LLDP Configuration Commands LLDP Configuration Commands civic-location Configure common LLDP address information. Use no form of this command to delete the address information. civic-location { country | state | county | city | division | neighborhood | street-group | leading-street-dir | trailing-street-suffix | street-suffix | number | street-number-suffix | landmark | additional-location-information | name | postal-code | building | unit | floor | room | type-of-place | postal-community-name | post-office-box | additional-code} ca-word...
  • Page 294: Clear Lldp Statistics

    LLDP statistics of the specified interface. guidelines Examples Clear LLDP statistics of interface 1: Ruijie# clear lldp statistics interface GigabitEthernet 0/1 Ruijie# show lldp statistics interface GigabitEthernet 0/1 Lldp statistics information of port [GigabitEthernet 0/1] ------------------------------------------------------------...
  • Page 295: Clear Lldp Table

    If the interface parameter is not specified, clear the LLDP neighbor information of all interfaces. Examples Clear the LLDP neighbor information of Interface 1. Ruijie# show lldp neighbors interface GigabitEthernet 0/1 Lldp statistics information of port [GigabitEthernet 0/1] ------------------------------------------------------------ The number of lldp frames transmitted...
  • Page 296 Usage address information. guidelines Examples Configure the information of lldp Civic Address (ID: 1): device type: Switch. Ruijie#config Ruijie(config)# lldp location civic-location identifier 1 Ruijie(config-lldp-civic)# device-type 1 Related Command Description commands show lldp location civic-location { identifier id | interface...
  • Page 297: Lldp Enable

    LLDP takes effect on an interface only when LLDP is enabled globally. guidelines Examples Disable LLDP globally and on the interface: Ruijie#configure terminal Ruijie(config)#no lldp enable Ruijie(config)#interface gigabitethernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)# no lldp enable Related Command Description commands show lldp status Display LLDP status information Platform Only supported by switch products.
  • Page 298 To guarantee the normal communication between local device and neighbor device, the same LLDP packet encapsulation format must be used. Examples Configure LLDP packet encapsulation format to SNAP: Ruijie# configure terminal Ruijie(config)#interface gigabitethernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)#lldp encapsulation snap Related Command Description commands show lldp status Display LLDP status information.
  • Page 299 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands Examples Configure LLDP error detection: Ruijie# configure terminal Ruijie(config)#interface gigabitethernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)#lldp error-detect Related Command Description commands show interface status Display LLDP status information. Platform Only supported by switch products. description lldp fast-count...
  • Page 300 The value of Time To Live (TLV) in LLDP packet = TTL multiplier × LLDP packet transmit interval + 1. guidelines Therefore, the TTL of local device information on the neighbor device can be controlled by adjusting TTL multiplier. Configure TTL multiplier to 5. Examples Ruijie# configure terminal Ruijie(config)#lldp hold-multiplier 5 Related Command Description commands show lldp status Display LLDP status information.
  • Page 301 Global configuration mode mode Usage Use this command to enter the LLDP Civic Address configuration mode. guidelines Examples Configure the Civic Address information of LLDP MED-TLV. ID: 1. Ruijie#config Ruijie(config)#lldp location civic-location identifier 1 Ruijie(config-lldp-civic)# Related Command Description commands Show LLDP...
  • Page 302 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands Ruijie(config)#lldp location elin identifier 1 elin-location 085283671111 Related Command Description commands show lldp location elin-location { identifier id | Show the LLDP urgent phone number interface interface-name | static } information. Platform Only supported by switch products.
  • Page 303: Lldp Mode

    The precondition for enabling LLDP on the interface is that LLDP has been enabled globally and LLDP operates in tx, rx or txrx mode. Examples Configure LLDP operating mode as tx on the interface: Ruijie# configure terminal Ruijie(config)#interface gigabitethernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)#lldp mode tx Related Command Description commands show lldp status...
  • Page 304 After entering the LLDP network-policy configuration mode, run the { voice | voice-signaling } vlan command to configure a specific network policy. Examples Create an LLDP network-policy. ID: 1 Ruijie#config Ruijie(config)#lldp network-policy profile 1 Ruijie(config-lldp-network-policy)# Related Command Description commands show lldp network-policy profile [ profile-num ] Show the LLDP network policy.
  • Page 305 The administrator can monitor the network operation status according to such information. Examples Configure LLDP Trap: Ruijie# configure terminal Ruijie(config)#interface gigabitethernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)#lldp notification remote-change enable Related Command Description commands show lldp status Display LLDP status information.
  • Page 306 To prevent LLDP from being initialized too frequently due to the frequent operating mode change, you guidelines can configure port initialization delay. Examples Configure LLDP port initialization delay to 3 seconds: Ruijie# configure terminal Ruijie(config)#lldp timer reinit-delay 3 Related Command Description commands show lldp status Display LLDP status information.
  • Page 307 LLDP packets due to the frequent local device information change, configure the LLDP packet transmission delay to control the frequent transmission of LLDP packets. Examples Configure LLDPDU transmission delay to 3 seconds: Ruijie# configure terminal Ruijie(config)#lldp timer tx-delay 3 Related Command Description commands Display LLDP status information.
  • Page 308 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands Ruijie# configure terminal Ruijie(config)#lldp timer tx-interval 10 Related Command Description commands show lldp status Display LLDP status information. Platform Only supported by switch products. description lldp tlv-enable Configure the types of advertisable TLVs. Use no form of this command to cancel the advertising of specific TLV types.
  • Page 309 Ruijie(config-if-GigabitEthernet 0/1)#lldp tlv-enable dot1-tlv all Apply the LLDP network policy to the interface 0/1. Ruijie#config Ruijie(config)#interface gigabitethernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)#lldp tlv-enable med-tlv network-policy profile 1 Apply the LLDP Civic Address configuration information (ID=1) to the interface 0/1. Ruijie#config Ruijie(config)#interface gigabitethernet 0/1...
  • Page 310 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands identifier 1 Apply the emergency telephone number information (ID=1) to the interface 0/1. Ruijie#config Ruijie(config)#interface gigabitethernet 0/1 Ruijie(config-if-GigabitEthernet 0/1)#lldp location elin identifier 1 Related Command Description commands show lldp tlv-config interface Display the attributes of advertisable TLVs Platform Only supported by switch products.
  • Page 311 Configure the lldp network-policy (profile-num: 1): voice application type; ID: untagged; voice-signaling application type; VLAN ID: 3; COS: 4; DSCP: 6. Ruijie#config Ruijie(config)#lldp network-policy profile 1 Ruijie(config-lldp-network-policy)# voice vlan untagged Ruijie(config-lldp-network-policy)# voice-signaling vlan 3 cos 4 Ruijie(config-lldp-network-policy)# voice-signaling vlan 3 dscp 6 Related Command Description...
  • Page 312 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands System capabilities enabled : Repeater, Bridge, Router LLDP-MED capabilities : LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI–PD, Inventory Device class : Network Connectivity HardwareRev : 1.0 FirmwareRev SoftwareRev : RGOS 10.4(3) Release(94786) SerialNum : 1234942570001 Manufacturer name...
  • Page 313 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands LLDP-MED organizationally information Power-via-MDI device type : PD Power-via-MDI power source : Local Power-via-MDI power priority Power-via-MDI power value Model name : Model name show lldp local-information command output description: Field Description Chassis ID type Chassis ID type for identifying the Chassis ID field Used to identify the device, and is generally represented with Chassis ID...
  • Page 314 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands Interface numbering subtype Type of the interface identified by the management address Interface number ID of the interface identified by the management address Object identifier ID of the object identified by the management address Port VLAN ID Port VLAN ID Port and protocol VLAN ID...
  • Page 315 If an interface name is specified, show the address information or urgent phone number information of the interface.  If no parameter is specified, show all address information or urgent phone number information. Show all address information: Examples Ruijie# show lldp location civic-location static LLDP Civic location information -------------------------- Identifier : testt County...
  • Page 316: Show Lldp Neighbors

    CLI ReferenceInterface Configuration Commands LLDP Configuration Commands Ports : Gi0/1 -------------------------- Identifier -------------------------- Show all urgent phone number information. Ruijie# show lldp location elin static Elin location information -------------------------- Identifier : Elin iiiiiiiiii Ports Gi1/0/3 -------------------------- Related Command Description commands Platform Only supported by switch products.
  • Page 317 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands Device type : LLDP Device Update time : 1hour 53minutes 30seconds Aging time : 5seconds Chassis ID type : MAC address Chassis id : 00d0.f822.33cd System name : System name System description : System description System capabilities supported : Repeater, Bridge, Router System capabilities enabled...
  • Page 318 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands PoE support : NO Link aggregation supported : YES Link aggregation enabled : NO Aggregation port ID Maximum frame Size : 1500 LLDP-MED organizationally information Power-via-MDI device type Power-via-MDI power source Power-via-MDI power priority Power-via-MDI power value Run the show lldp neighbors command to show the information description table.
  • Page 319 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands Asset tracking identifier Asset tracking ID Port ID type Port ID type Port ID Port ID Port description Port description Port VLAN ID Port VLAN ID Port and protocol VLAN ID Port and protocol VLAN ID PPVID Supported Whether to support port protocol VLAN PPVID Enabled...
  • Page 320: Show Lldp Statistics

    Usage If no parameter is specified, show all network-policy information. guidelines Examples Show all network-policy information. Ruijie# show lldp network-policy profile Network Policy Profile 1 voice vlan 2 cos 4 dscp 6 voice-signaling vlan 2000 cos 4 dscp 6 Interface:...
  • Page 321 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands The number of neighbor information dropped : 0 The number of neighbor information age out : 1 ------------------------------------------------------------ Lldp statistics information of port [GigabitEthernet 0/1] ------------------------------------------------------------ The number of lldp frames transmitted : 26 The number of frames discarded The number of error frames The number of lldp frames received...
  • Page 322 LLDP status information of the specified interface. guidelines Examples Display LLDP status information of all ports: Ruijie# show lldp status Global status of LLDP : Enable Neighbor information last changed time : 1hour 52minute 22second Transmit interval...
  • Page 323 Interface name Default Command Privileged EXEC mode mode Usage Interface parameter: display the LLDP TLV configuration of the specified interface. guidelines Examples Display TLV information of port 1: Ruijie# show lldp tlv-config interface GigabitEthernet 0/1 LLDP tlv-config of port [GigabitEthernet 0/1]...
  • Page 324 CLI ReferenceInterface Configuration Commands LLDP Configuration Commands ---------------------------------------------------- NAME STATUS DEFAULT --------------------------------- ------ ----------- Basic optional TLV: Port Description TLV System Name TLV System Description TLV System Capabilities TLV Management Address TLV IEEE 802.1 extend TLV: Port VLAN ID TLV Port And Protocol VLAN ID TLV VLAN Name TLV IEEE 802.3 extend TLV:...
  • Page 325: Qinq Configuration Commands

    Here is an example of configuring vid in the tag of input message as 4-22,adding the vid in the tag as 3: Ruijie#configure Examples Ruijie(config)#interface gigabitEthernet 0/1 Ruijie(config-if)#switchport mode dot1q-tunnel Ruijie(config-if)#dot1q outer-vid 3 register inner-vid 4-22 Ruijie(config-if)#end Command Description show Related...
  • Page 326 Here is an example of configuring vid in the outer tag of input message as 10-20,modifying the vid as 100: Ruijie(config)# interface gigabitEthernet 0/1 Examples Ruijie(config-if)# switchport mode access Ruijie(config-if)# dot1q relay-vid 100 translate local-vid 10-20 Ruijie(config-if)# end Command Description Related...
  • Page 327 Here is an example of configuring vid in the outer tag of input message as 10-20,modifying the vid as 100: Ruijie(config)# interface gigabitEthernet 0/1 Examples Ruijie(config-if)# switchport mode access Ruijie(config-if)# dot1q relay-vid 100 translate inner-vid 10-20 Ruijie(config-if)# end Command Description Related...
  • Page 328 Command mode Interface configuration mode. Usage guideline N/A. Here is an example of configuring the priority mapping from the outer tag to the inner tag: ruijie# configure Examples ruijie(config)# interface gigabitEthernet 0/2 ruijie(config-if)# dot1q-tunnel cos 3 remark-cos 5 ruijie(config-if)# end...
  • Page 329 Parameter Description Parameter description Remove the setting. tpid manufacturer ID Command mode Interface configuration mode. Ruijie(config)# interface g0/3 Ruijie(config-if)# frame-tag tpid 0x9100 Ruijie(config-if)# end Examples Ruijie# show frame-tag tpid Port tpid ------ --------- Gi0/3 0x9100 Command Description Related...
  • Page 330 CLI ReferenceInterface Configuration Commands QinQ Configuration Commands Command mode Interface configuration mode. Ruijie(config)# interface gigabitEthernet 0/2 Examples Ruijie(config-if)# inner-priority-trust enable Command Description Related show commands inner-priority-trust Platform description The software version is RGOS10.1 and later. mac-address-mapping index-id source-vlan src-vlan-list destination-vlan dst-vlan-id Use this command to copy the MAC address dynamically-learned from the source VLAN to the destination VLAN.
  • Page 331 No dot1q-tunnel interface is configured. Command mode Interface configuration mode. Here is an example of configuring the interface as the dot1q-tunnel interface: Ruijie(config)# interface gi 0/1 Examples Ruijie(config-if)# switchport access vlan 22 Ruijie(config-if)# switchport mode dot1q-tunnel Ruijie(config)# end Command Description Related commands show vlan...
  • Page 332 Remove the settings. Default configuration No uplink port is configured. Command mode Interface configuration mode. Here is an example of configuring the interface as a uplink port. Ruijie(config)# interface gigabitEthernet 0/1 Examples Ruijie(config-if)# switchport mode up-link Ruijie(config)# end Command Description Related commands...
  • Page 333 CLI ReferenceInterface Configuration Commands QinQ Configuration Commands Here is an example of configuring vlan 3-6 of dot1q-tunnel port as allowed VLAN and outputting the frame with tag: Examples Ruijie(config)#interface gigabitEthernet 0/1 Ruijie(config-if)#switchport dot1q-tunnel allowed vlan tagged 3-6 Ruijie(config)#end Command Description Related show interface...
  • Page 334 1.1.1.1 as 3: Ruijie# configure Ruijie(config)#ip access-list standard 2 Ruijie(config-std-nacl)# permit host 1.1.1.1 Examples Ruijie(config-std-nacl)# exit Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode trunk Ruijie(config-if)# traffic-redirect access-group 2 outer-vlan 3 in Ruijie(config-if)# end Command Description Related show traffic-redirect commands Platform The software version must be RGOS10.3 and later.
  • Page 335 1.1.1.2 as 6: Ruijie#configure Ruijie(config)#ip access-list standard to_6 Ruijie(config-std-nacl)#permit host 1.1.1.2 Examples Ruijie(config-std-nacl)#exit Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode trunk Ruijie(config-if)# traffic-redirect access-group to_6 inner-vlan 6 out Ruijie(config-if)# end Command Description Related show traffic-redirect commands...
  • Page 336 1.1.1.3 as 9: Ruijie#configure Ruijie(config)#ip access-list standard 20 Ruijie(config-std-nacl)#permit host 1.1.1.3 Examples Ruijie(config-std-nacl)#exit Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode dot1q-tunnel Ruijie(config-if)# traffic-redirect access-group 20 nested-vlan 10 Ruijie(config-if)# end Command Description Related show traffic-redirect commands Platform The software version must be RGOS10.1 and later.
  • Page 337 3 to 7 as 4 and forwarding it: Ruijie# configure Ruijie(config)# vlan range 3-8 Ruijie(config-vlan-range)# exit Examples Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode trunk Ruijie(config-if)# vlan-mapping-in vlan 3-7 remark 8 Ruijie(config-if)# end Command Description Related show interface[ intf-id ] commands...
  • Page 338 CLI ReferenceInterface Configuration Commands QinQ Configuration Commands Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode trunk Ruijie(config-if)# vlan-mapping-out vlan 3 remark 4 Ruijie(config-if)# end Command Description Related show interface [ intf-id ] commands vlan-mapping Platform description The software version must be RGOS10.4 and later.
  • Page 339 Remove the settings. Command mode Intereface configuration mode. Here is an example of enabling transparent transmission of L2 protocol message Ruijie#configure Examples Ruijie(config)# interface fa 0/1 Ruijie(config-if)# l2protocol-tunnel gvrp enable Ruijie(config-if)#end Command Description Related show l2protocol-tunnel commands {gvrp|stp} Platform The software version must be RGOS10.3 and later.
  • Page 340 01d0f8, and the latest three bytes are (stp: 000005; grip: 000006 ) Command mode Global configuration mode. Here is an example of setting the MAC address for the L2-protocol transparent transmission function Examples Ruijie(config-if)# l2protocol-tunnel gvrp tunnel-dmac 011AA9 000005 Ruijie(config-if)#end Command Description Related show l2protocol-tunnel commands...
  • Page 341 Parameter description intf-id Specific Interface Default The tpid is not modified. configuration Command Privileged EXEC mode. mode Ruijie# show frame-tag tpid Ports tpid Examples ----- --------- Gi0/1 0x9100 Platform description The software version must be RGOS10.1 and later. show inner-priority-trust Use this command to show the priority copy configuration.
  • Page 342 Use this command to show the priority mapping configurations. show interface intf-name remark Parameter Description Parameter description Default configuration N/A. Command mode Privileged EXEC mode. Ruijie# show interface intf-name remark Examples Ports Type From value To value...
  • Page 343 MAC address copy policy ID. Default configuration N/A. Command Privileged EXEC mode. mode ruijie# show interface mac-address-mapping 1 Ports Destination-VID Source-VID-list Examples ------------ ---------------- --------------- Gi0/1 Platform description The software version must be RGOS10.1 and later. show interface vlan-mapping Use this command to show the VLAN mapping configurations.
  • Page 344 CLI ReferenceInterface Configuration Commands QinQ Configuration Commands ruijie# show interface vlan-mapping Ports Type Status Destination-VID Source-VID-list Examples ------------ ------ ----- ---------------- --------------- Gi0/1 active Gi0/1 active Platform description The software version must be RGOS10.4 and later. show registration-table Use this command to show vid add policy list of protocol-based dot1q-tunnel port.
  • Page 345 CLI ReferenceInterface Configuration Commands QinQ Configuration Commands Command Privileged EXEC mode. mode Ruijie# show traffic-redirect Ports Type Match-filter ------------ ----------- ---- ------------ Gi0/3 Mod-outer Examples Gi0/3 Mod-outer Gi0/3 Mod-outer Gi0/3 Mod-inner inner-to-8 Gi0/6 Mod-inner Gi0/7 Nested-vid nest-13 Platform The software version must be RGOS10.3 and later.
  • Page 346 Show configuration of transparently transmitting stp protocol. Default N/A . configuration Command Privileged EXEC mode. mode Ruijie# show l2protocol-tunnel stp L2protocol-tunnel: Stp Enable Examples Ruijie# show l2protocol-tunnel gvrp L2protocol-tunnel: gvrp Disable Platform The software version must be RGOS10.3 and later. description...
  • Page 347 IP Address and Application Configuration Commands 1. IP Address Configuration Commands 2. IPv6 Configuration Commands 3. DHCP Configuration Commands 4. DHCPv6 Configuration Commands 5. DNS Module Configuration Commands 6. FTP Server Configuration Commands 7. FTP CLIENT Configuration Commands 8. Network Connectivity Test Tool Configuration Commands 9.
  • Page 348: Ip Address Configuration Commands

    CLI Reference IP Address Configuration Commands IP Address Configuration Commands Use this command to add a permanent IP address and MAC address mapping to the ARP cache table. The no form of this command deletes the static MAC address mapping. arp ip-address MAC-address type [ alias ] no arp ip-address MAC-address type [ alias ] Parameter...
  • Page 349 Configuration The following configuration sets the IP message number that triggers to set the Examples discarding entry as 5. Ruijie(config)# arp anti-ip-attack 5 The following configuration disables the ARP anti-ip-attack function.
  • Page 350 The following configuration sets to send one free ARP request to SVI 1 per Examples second. Ruijie(config)# interface vlan 1 Ruijie(config-if)# arp gratuitous-send interval 1 The following configuration stops sending the free ARP request to SVI 1. Ruijie(config)# interface vlan 1 Ruijie(config-if)# no arp gratuitous-send...
  • Page 351 CLI Reference IP Address Configuration Commands Platform Description arp retry interval Use this command to set the frequency for sending the arp request message locally, namely, the time interval between two continuous ARP requests sent for resolving one IP address. The no form of this command is used to restore the default value, that is, retry an ARP request per second.
  • Page 352: Arp Timeout

    CLI Reference IP Address Configuration Commands arp retry times number no arp retry times Parameter Parameter Description Description number The times of sending the same ARP request in the range 1 to100..When it is set as 1, it indicates that the ARP request is not retransmitted, only 1 ARP request message is sent.
  • Page 353 CLI Reference IP Address Configuration Commands Defaults The default timeout is 3600 seconds. Interface configuration mode. Command Mode The ARP timeout setting is only applicable to the IP address and the MAC address Usage Guide mapping that are learned dynamically. The shorter the timeout, the truer the mapping table saved in the ARP cache, but the more network bandwidth occupied by the ARP.
  • Page 354 CLI Reference IP Address Configuration Commands Configuration The following configuration sets 1000 trusted ARPs. arp trusted 1000 Examples Related Command Description Commands service trustedarp Enable the trusted ARP function. Platform This command is not supported by routers. Description arp trusted aging Use this command to set trusted ARP aging.
  • Page 355 CLI Reference IP Address Configuration Commands no arp unresolve Parameter Parameter Description Description number The maximum number of the unresolved ARP entries in the range of 1 to 8192. The default value is 8192. Defaults The ARP cache table can contain up to 8192 unresolved entries. Command Global configuration mode.
  • Page 356: Clear Ip Route

    CLI Reference IP Address Configuration Commands On a NFPP-based(Network Foundation Protection Policy) device, it receives one ARP packet for every mac/ip address per second by default. If the interval of two clear arp times is within 1s, the second response packet will be filtered and the ARP packet will not be resolved for a short time.
  • Page 357 CLI Reference IP Address Configuration Commands Configuration The example below refreshes only the route of 192.168.12.0. clear ip route 192.168.12.0 Examples Related Command Description Commands show ip route Show the IP routing table. Platform This command is not supported on the Layer 2 switch. Description ip-address Use this command to configure the IP address of an interface.
  • Page 358 CLI Reference IP Address Configuration Commands Class A IP address is “255.0.0.0”. You can divide a network into different subnets using the network mask. Subnet division means to use the bits in the host address part as the network address part, so as to reduce the capacity of a host and increase the number of networks.
  • Page 359 CLI Reference IP Address Configuration Commands Commands Show detailed information of the show interface interface. Platform For the Layer 2 switch, the IP address can be configured only for the Layer 3 Description interface. The Level-2 address is not supported, that is, the secondary option is unavailable.
  • Page 360 CLI Reference IP Address Configuration Commands ip directed-broadcast Use this command to enable the conversion from IP directed broadcast to physical broadcast in the interface configuration mode. The no form of this command is used to remove the configuration. ip directed-broadcast [ access-list-number ] no ip directed-broadcast Parameter Parameter...
  • Page 361 CLI Reference IP Address Configuration Commands interface fastEthernet 0/1 ip directed-broadcast Related Command Description Commands Platform This command is not supported on the Layer 2 switch. Description ip mask-reply Use this command to configure the RGOS software to respond the ICMP mask request and send an ICMP response message in the interface configuration mode.
  • Page 362 CLI Reference IP Address Configuration Commands ip mtu Use this command to set the Maximum Transmission Unit (MTU) for an IP packet in the interface configuration mode. The no form of this command is used to restore it to the default configuration. ip mtu bytes no ip mtu Parameter...
  • Page 363 CLI Reference IP Address Configuration Commands Parameter Parameter Description Description Defaults Disabled on the version higher than 10.2(3). Command Interface configuration mode. Mode Usage Guide Proxy ARP helps those hosts without routing message obtain MAC address of other networks or subnet IP address. For example, a device receives an ARP request.
  • Page 364 CLI Reference IP Address Configuration Commands one interface and send it though the same interface. If the device sends the packet through the interface through which this packet is received, the device will send an ICMP redirection message to the data source, telling the data source that the gateway for the destination address is another device in the subnet.
  • Page 365 CLI Reference IP Address Configuration Commands Configuration The following is an example of disabling the IP source route. no ip source-route Examples Related Command Description Commands This command is supported on the Layer 2 switch only. Platform Description ip unnumbered Use this command to configure an unnumbered interface.
  • Page 366 CLI Reference IP Address Configuration Commands  The network cannot be started using an unnumbered interface. In the example below the local interface is configured as an unnumbered interface, Configuration and the associated interface is FastEthernet 0/1. An IP address must be configured Examples for the associated interface.
  • Page 367 CLI Reference IP Address Configuration Commands Platform This command is not supported on the Layer 2 switch. Description service trustedarp Use this command to enable the trusted ARP function. The no form of this command disables the trusted ARP function. service trustedarp no service trustedarp Parameter...
  • Page 368: Show Arp

    Show the ARP entry with the specified mac address. Defaults Command Mode Usage Guide Configuration The following is the output result of the show arp command: Ruijie# show arp Examples Total Numbers of Arp: 7 Protocol Address Age(min) Hardware Type Interface Internet 192.168.195.68...
  • Page 369: Show Arp Counter

    Protocol Address Age(min) Hardware Type Interface Internet 192.168.195.68 0013.20a5.7a5f arpa VLAN 1 The following is the output result of show arp 192.168.195.0 255.255.255.0 Ruijie# show arp 192.168.195.0 255.255.255.0 Protocol Address Age(min) Hardware Type Interface Internet 192.168.195.64 0018.8b7b.9106 arpa VLAN 1 Internet 192.168.195.2...
  • Page 370 Mode Usage Guide Configuration The following is the output result of the show arp counter command: Ruijie# show arp counter Examples The Arp Entry counter:0 The Unresolve Arp Entry:0 The meaning of each field in the ARP cache table is described in Table 1.
  • Page 371 Use this command to show the ARP details, such as the ARP type (Dynamic, Static, Local, Trust), the information on the layer2 port. Configuration The following is the output result of the show arp detail command: Ruijie# show arp detail Examples IP Address MAC Address...
  • Page 372 CLI Reference IP Address Configuration Commands hardware address corresponding to the IP MAC Address address Age (min) Age of the ARP learning, in minutes Port Layer2 port associated with the ARP ARP type, includes the Static, Dynamic, Trust, Type Local. Layer interface associated...
  • Page 373: Show Arp Timeout

    Command Any. Mode Usage Guide N/A. Configuration The following is the output of the show arp timeout command: Ruijie# show arp timeout Examples Interface arp timeout(sec) ---------------------- ---------------- VLAN 1 3600 The meaning of each field in the ARP cache table is described in Table 1.
  • Page 374: Show Ip Arp

    N/A. N/A. Defaults N/A. Command Privileged EXEC mode. Mode N/A. Usage Guide Configuration RThe following is the output of show ip arp: Ruijie# show ip arp Examples Protocol Address Age(min)Hardware Type Interface Internet 192.168.7.233 0007.e9d9.0488 ARPA FastEthernet Internet 192.168.7.112 0050.eb08.6617 ARPA FastEthernet Internet 192.168.7.79...
  • Page 375: Show Ip Interface

    CLI Reference IP Address Configuration Commands Field Description Network address protocol, always Protocol Internet. The IP address corresponding to the Address hardware address. Age of the ARP cache record, in minutes; If it is not locally or statically Age (min) configured, the value of the field is represented with “-”.
  • Page 376 “UP”. The results shown may vary with the interface type, because some contents are the interface-specific options Configuration Presented below is the output of the show ip interface brirf command: Ruijie#show ip interface brief Examples Interface IP-Address(Pri) IP-Address(Sec) Status Protocol GigabitEthernet 0/10 2.2.2.2/24...
  • Page 377 CLI Reference IP Address Configuration Commands Routing redirect: Description of fields in the results: Field Description The network interface is available, and both its interface hardware IP interface state is: status and line protocol status are “UP”. Show the interface type, such as IP interface type is: broadcast, point-to-point, etc.
  • Page 378 CLI Reference IP Address Configuration Commands packet: invalid packet Show the TTL invalid packet number: number ICMP packet input number: 0 Echo request: Show the total number of ICMP packets received on the interface, Echo reply: including: Echo request packet Unreachable: Echo reply packet Unreachable packet...
  • Page 379: Show Ip Redirects

    CLI Reference IP Address Configuration Commands Usage Guide N/A. Configuration Examples Related Command Description Commands ip default-gateway Configure the default gateway, which is only supported on the Layer 2 switch. Platform N/A. Description show ip redirects Use this command to show the default gateway show arp timeout Parameter Parameter...
  • Page 380 CLI Reference IP Address Configuration Commands Configuration The following is the output of the show ip redirectes command: Ruijie# show ip redirects Examples Default Gateway: 192.168.195.1 Related Command Description Commands ip default-gateway Configure the default gateway, which is only supported on the Layer 2 switch.
  • Page 381 CLI Reference IP Address Configuration Commands trusted-arp user-vlan Use this command to execute the VLAN transformation while setting the trusted ARP entries. The no form of this command deletes an ARP entry. trusted-arp user-vlan vid1 translated-vlan vid2 no trusted-arp user-vlan vid1 Parameter Parameter Description...
  • Page 382: Ipv6 Configuration Commands

    Privileged EXEC mode. Command Mode This command can be used to clear all the neighbors dynamically learned by the neighbor Usage Guide discovering. Note that the static neighbors will not be cleared. Ruijie# clear ipv6 neighbors Configuration Examples Related Command Description...
  • Page 383 Ruijie(config-if)# ipv6 address 2001:1::1/64 Configuration Ruijie(config-if)# no ipv6 address 2001:1::1/64 Examples Ruijie(config-if)# ipv6 address 2002:1::1/64 eui-64 Ruijie(config-if)# no ipv6 address 2002:1::1/64 eui-64 Related Command Description Commands...
  • Page 384: Ipv6 Address Autoconfig

    DHCPv6. The “other configurations” usually means the IPv6 address of the DNS server, the IPv6 address of the NTP server, etc. Use the no ipv6 address autoconfig command to delete the IPv6 address. Ruijie(config-if)# ipv6 address autoconfig default Configuration Ruijie(config-if)# no ipv6 address autoconfig...
  • Page 385 The IPv6 function of an interface can be enabled by configuring ipv6 enable or by configuring IPv6 address for the interface. If an IPv6 address is configured for the interface, the IPv6 function will be enabled automatically on the interface and cannot be disabled with no ipv6 enable. Ruijie(config-if)# ipv6 enable Configuration Examples Related...
  • Page 386 A general prefix could contain multiple prefixes. These longer specified prefixes is usually used for the Ipv6 address configuration on the interface. Configuration The following example configures manually a general prefix as my-prefix. Ruijie(config)# ipv6 general-prefix my-prefix 2001:1111:2222::/48 Examples Related Command...
  • Page 387: Ipv6 Mtu

    CLI Reference IPv6 Configuration Commands Related Command Description Commands Platform Description ipv6 mtu Parameter Parameter Description Description Defaults Command Mode Usage Guide Configuration Examples Related Command Description Commands Platform Description ipv6 neighbor Use this command to configure a static neighbor. Use the no form of this command to remove the setting.
  • Page 388: Ipv6 Nd Dad Attempts

    Reachable status. Use clear ipv6 neighbors to clear all the neighbors dynamically learned through NDP. Use show ipv6 neighbors to view the neighbor information. Ruijie(config)# ipv6 neighbor 2001::1 vlan 1 00d0.f811.1111 Configuration Examples Related...
  • Page 389 Whenever the state of an interface changes from down to up, the address collision check function of the interface will be enabled. Ruijie(config-if)# ipv6 nd dad attempts 3 Configuration Examples...
  • Page 390 CLI Reference IPv6 Configuration Commands Ruijie(config-if)# ipv6 nd managed-config-flag Configuration Examples Related Command Description Commands show ipv6 interface Show the interface information. ipv6 nd other-config-flag Set the flag for obtaining all information except IP address through stateful auto configuration. Platform...
  • Page 391: Ipv6 Nd Prefix

    Interface configuration mode. mode Usage Guide The configured value will be advertised through RA and will be used by the device itself. It is not recommended to set a too short interval. Ruijie(conifig-if)# ipv6 nd ns-interval 2000 Configuration Examples Related Command...
  • Page 392 The following example adds a prefix for SVI 1. Ruijie(config)# interface vlan 1 Examples 2592000 Ruijie(conifig-if)# ipv6 nd prefix 2001::/64 infinite The following example sets the default prefix parameters for SVI 1 (they cannot be used for auto address configuration): Ruijie(config)# interface vlan 1...
  • Page 393 Hopcount Defaults The default value is 64. Interface configuration mode. Command Mode It is used to set the hopcount of the RA message. Usage Guide Ruijie(config -if)# ipv6 nd ra-hoplimit 110 Configuration Examples Related Command Description Commands show ipv6 interface Show the interface information.
  • Page 394 If the key word min-max is specified, the actual interval for sending the packet will be chosen between the range of minimum value and maximum value. Ruijie(conifig-if)# ipv6 nd ra-interval 110 Configuration Ruijie(config-if)# ipv6 nd ra-interval min-max 110 120 Examples Related Command...
  • Page 395 If the value is set to 0, the device will not serve as the default device any longer. If it is not set to 0, it shall be larger than or equal to the interval of sending the RA (ra-interval Ruijie(conifig-if)# ipv6 nd ra-lifetime 2000 Configuration Examples...
  • Page 396 CLI Reference IPv6 Configuration Commands Ruijie(config -if)# ipv6 nd ra-mtu 1400 Configuration Examples Related Command Description Commands show ipv6 interface Show the interface information. ipv6 nd ra-lifetime Set the lifetime of the device. ipv6 nd ra-interval Set the interval of sending the RA message.
  • Page 397 The RA message is not sent on the IPv6 interface by default. Command Interface configuration mode. Mode Usage Guide This command suppresses the sending of the RA message on an interface. Ruijie(config-if)# ipv6 nd suppress-ra Configuration Examples Related Command Description...
  • Page 398: Ipv6 Redirects

    IPv6 Configuration Commands Defaults The local address of the link is always used as the source address to send neighbor requests. Command Global configuration mode. Mode Usage Guide None. Ruijie(config)# no ipv6 ns-linklocal-src Configuration Examples Related Command Description Commands Platform...
  • Page 399 CLI Reference IPv6 Configuration Commands Platform Description ipv6 route Use this command to configure an IPv6 static route. Use the no form of this command to remove the setting. ipv6 route [ vrf vrf-name ] ipv6-prefix/prefix-length {ipv6-address [ nexthop-vrf { vrf-name1 | default } ] | interface-id [ ipv6-address [ nexthop-vrf { vrf-name1 | default } ] ] } [distance ] [ weight number ] Parameter...
  • Page 400 IP address shall not be a multicast address. If both the next hop IP address and the outgoing interface are specified, the outgoing interface of the direct route that matches the next hop shall be the same as the configured outgoing interface. Ruijie(config)# ipv6 route 2001::/64 vlan 1 2005::1 Configuration Examples...
  • Page 401 The source IP address of the packet is not selected. The network interface is in the Down status, or the IPv6 function is disabled on the the interface (for example, IP address collision is detected). Unknown error Ruijie# ping ipv6 fec0::1 Configuration Examples Related...
  • Page 402: Show Ipv6 Address

    CLI Reference IPv6 Configuration Commands show ipv6 address Use this command to show the IPv6 addresses. show ipv6 address [ interface-name ] Parameter Parameter Description Description Interface name nterface-name Defaults Command Privileged EXEC mode. Mode Usage Guide Configuration The following example shows all IPv6 address configured on the device. Examples The following example shows the IPv6 address configured on the GigabitEthernet 0/1.
  • Page 403: Show Ipv6 Interface

    Use this command to show the information of the general prefix including the manually configured and learned from the DHCPv6 agent. The following example shows the information of the general prefix Configuration Ruijie# show ipv6 general-prefix Examples There is 1 general prefix. IPv6 general prefix my-prefix, acquired via Manual configuration...
  • Page 404 Mode Usage Guide Use this command to show the address configuration, ND configuration and other information of an IPv6 interface. Configuration Ruijie# show ipv6 interface vlan 1 Examples Interface vlan 1 is Up, ifindex: 2001 address(es): Mac Address: 00:00:00:00:00:01 INET6: fe80::200:ff:fe00:1 , subnet is fe80::/64...
  • Page 405 Indicate that the interface ID of the address is AUTOIFID automatically generated by the system, which is usually an EUI-64 ID. Ruijie# show ipv6 interface vlan 1 ra-info vlan 1: DOWN RA timer is stopped waits: 0, initcount: 3 statistics: RA(out/in/inconsistent): 4/0/0, RS(input): 0...
  • Page 406: Show Ipv6 Neighbors

    CLI Reference IPv6 Configuration Commands Physical MTU Link MTU of the interface. !M indicates the managed-config-flag bit in the !M | M RA is not set. M: Conversely !O indicates the other-config-flag bit in the RA !O | O is not set. O: Conversely Description of the fields of the prefix list in ra-info: Field...
  • Page 407 Show the neighbors of the specified IPv6 address. Defaults Privileged EXEC mode. Command Mode Show the neighbors on the SVI 1 interface: Usage Guide Ruijie# show ipv6 neighbors vlan 1 IPv6 Address Linklayer Addr Interface fa::1 00d0.0000.0002 vlan 1 fe80::200:ff:fe00:2 00d0.0000.0002 vlan 1...
  • Page 408 NUD. The number of the NSs that are sent to the Asked neighbor for the resolution of the link address of the neighbor. Ruijie# show ipv6 neighbors Configuration Examples Related Command Description Commands Configure a neighbor.
  • Page 409 CLI Reference IPv6 Configuration Commands show ipv6 neighbors statistics Use the following command to show the statistics of one IPv6 neighbors. show ipv6 neighbors [ vrf vrf-name ] statistics Use the following command to show the statistics of all IPv6 neighbors. show ipv6 neighbors statistics all Parameter Parameter...
  • Page 410 CLI Reference IPv6 Configuration Commands Supported on all platforms. Platform Description show ipv6 packet statistics Use this command to show the statistics of IPv6 packets. show ipv6 packet statistics [ total | interface-name ] Parameter Parameter Description Description total Show total statistics of all interfaces. interface-name Interface name Defaults...
  • Page 411 Usage Guide Use this command to view the routing table. Configuration Ruijie# show ipv6 route Examples Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP I1 - ISIS L1, I2 - ISIS L2, IA - IIS interarea...
  • Page 412: Show Ipv6 Route Summary

    CLI Reference IPv6 Configuration Commands via ::, loopback 0 2001::/64 via ::, vlan 2 2001::1/128 via ::, loopback 0 fe80::/10 via ::1, Null0 fe80::/64 via ::, vlan 1 fe80::200:ff:fe00:1/128 via ::, loopback 0 fe80::/64 via ::, vlan 2 Related Command Description Commands ipv6 route...
  • Page 413 CLI Reference IPv6 Configuration Commands The following example shows the statistics of all route tables. Related Command Description Commands ipv6 route Configure a static route. Platform Description show ipv6 routers In the IPv6 network, some neighbor routers send out the advertisement messages. Use this command to show the neighbor routers and the advertisement.
  • Page 414: Tunnel Destination

    Configuration The following example shows the IPv6 router Ruijie# show ipv6 routers Examples Router FE80::2D0:F8FF:FEC1:C6E1 on VLAN 2, last update 62 sec Hops 64, Lifetime 1800 sec, ManagedFlag=0, OtherFlag=0, MTU=1500...
  • Page 415 Note: For auto tunnel 6to4 and isatap , the destination address shall not be configured. Configuration The following example configures an IPv6 manual tunnel. Ruijie(config)# interface tunnel 1 Examples Ruijie(config-if)# tunnel mode ipv6ip Ruijie(config-if)# tunnel source vlan 1 Ruijie(config-if)# tunnel destination 192.168.5.1 Related Command Description Commands tunnel source Configure the source IP address of the tunnel.
  • Page 416 CLI Reference IPv6 Configuration Commands Ruijie(config)# interface tunnel 1 Examples Ruijie(config-if)# tunnel mode gre ip Ruijie(config-if)# tunnel source vlan 1 Ruijie(config-if)# tunnel destination 1.1.1.1 Related Command Description Commands tunnel source Configure the source address of the tunnel. tunnel destination Configure the destination address of a tunnel.
  • Page 417: Tunnel Mode Ipv6Ip

    For an auto tunnel, no destination address is specified. The following example configures a 6to4 tunnel. Configuration Ruijie(config)# interface tunnel 1 Examples Ruijie(config-if)# tunnel mode ipv6ip 6to4 Related Command Description Commands tunnel source Configure the source address of the tunnel.
  • Page 418 If there are multiple auto tunnels, their source addresses shall be different. Configuration The following example configures an IPv6 manual tunnel. Ruijie(config)# interface tunnel 1 Examples Ruijie(config-if)# tunnel mode ipv6ip Ruijie(config-if)# tunnel source vlan 1 Ruijie(config-if)# tunnel destination 192.168.5.1 Related Command Description Commands tunnel mode Configure the mode of a tunnel.
  • Page 419 The default value is 128. Command Interface configuration mode. Mode Usage Guide This command is used to specify the TTL value of the IPv4 header in the encapsulated IPv6 messages. Ruijie(config)# interface tunnel 1 Configuration Ruijie(config-if)# tunnel ttl 64 Examples Related Command Description...
  • Page 420 CLI Reference IPv6 Configuration Commands Configuration Example 1: Specify the outer-layer VRF of a manually IPv6 over IPv4 tunnel as IPv4 VRF red. Ruijie(config)# ip vrf red Examples Ruijie(config-vrf)#exit Ruijie(config)# interface tunnel 1 Ruijie(config-tunnel1)# tunnel mode ipv6ip Ruijie(config-tunnel1)# tunnel vrf red...
  • Page 421 CLASS is same as the range of the address pool where this CLASS is. The example below configures the network segment of class1 associated with address pool mypool0 ranging from 172.16.1.1 to 172.16.1.8. Ruijie(config)# ip dhcp pool mypool0 Examples Ruijie(dhcp-config)# class class1 Ruijie (config-dhcp-pool-class)# address range 172.16.1.1 172.16.1.8...
  • Page 422 CLI Reference DHCP Configuration Commands bootfile Use this command to define the startup mapping file name of the DHCP client in the DHCP address pool configuration mode.The no form of this command can be used to remove the definition. bootfile file-name no bootfile Parameter Description...
  • Page 423 CLASS is. The example below configures the address mypool0 to associate with class1. Examples Ruijie(config)# ip dhcp pool mypool0 Ruijie(dhcp-config)# class class1 Command Description Related...
  • Page 424 CLI Reference DHCP Configuration Commands 0100.d0f8.2233.b467.6967.6162.6974.45 74.6865.726e.6574.302f.31. Default N/A. Command mode DHCP address pool configuration mode. When some DHCP clients request the DHCP server to assign IP addresses, they use their client IDs rather then their hardware addresses. The client ID consists of media type, MAC address and interface name.
  • Page 425 CLI Reference DHCP Configuration Commands Parameter Description Name of DHCP client, a set of standards-based Parameter ASCII characters.The name should not include the description client-name suffix domain name. For instance, you can define the name of the DHCP client as river, not river.i-net.com.cn.
  • Page 426 CLI Reference DHCP Configuration Commands In general, the DHCP client should get the information of the default Usage gateway from the DHCP server. The DHCP server should specify one guidelines gateway address for the client at least, and this address should be of the same network segment as the address assigned to the client.
  • Page 427 CLI Reference DHCP Configuration Commands Command Description Define the suffix domain name of the DHCP domain-name client. Related Enable the DHCP client on the interface to ip address dhcp commands obtain the IP address information. Define the name of the DHCP address pool ip dhcp pool enter DHCP...
  • Page 428 CLI Reference DHCP Configuration Commands Parameter Description Define the MAC address of the DHCP hardware-address client. To indicate the hardware platform protocol of the DHCP client, use the character string or numeric to define. Parameter Character string: description  Ethernet type ...
  • Page 429: Ip Address Dhcp

    CLI Reference DHCP Configuration Commands network mask for the DHCP client. host ip-address [ netmask ] no host Parameter Description Parameter ip-address Define the IP address of DHCP client. description netmask Define the network mask of DHCP client. No IP address or network mask of the host is defined. Default Command mode...
  • Page 430 By default, the class is not configured. Command mode Global configuration mode. After executing this command, it enters the global CLASS configuration mode which is shown as Usage guidelines Ruijie (config-dhcp-class)# In this configuration mode, users can configure the Option82...
  • Page 431 FLASH files to prevent the loss of guidelines user information after restarting the device. The example below sets the interval at which the switch writes the Examples information into FLASH as 3600s. Ruijie(config)# ip dhcp database write-delay 3600 Command Description Related commands ip dhcp database write-to-flash Use this command to write the information of DHCP lease binding data into FLASH files in the real-time..
  • Page 432 By configuring this command, you can write the information of DHCP guidelines lease binding database into the FLASH files in real-time. The example below writes the binding database information into Examples FLASH manually. Ruijie(config)# ip dhcp database write-to-flash Command Description Related commands ip dhcp excluded-address Use this command to define some IP addresses and make the DHCP server not assign them to the DHCP client in global configuration mode.
  • Page 433 CLI Reference DHCP Configuration Commands to assign the IP addresses within 192.168.12.100~150. ip dhcp excluded-address 192.168.12.100 192.168.12.150 Command Description Define the name of the DHCP address pool and Related ip dhcp pool enter the DHCP address pool configuration mode. commands Define the network number and network mask of network (DHCP) the DHCP address pool.
  • Page 434: Ip Dhcp Ping Timeout

    CLI Reference DHCP Configuration Commands show ip dhcp Show the DHCP server detects address conflict when it assigns an IP address. conflict ip dhcp ping timeout Use this command to configure the timeout that the DHCP server waits for response when it uses the ping operation to detect the address conflict in global configuration mode.
  • Page 435 Global configuration mode. Execute the command to enter the DHCP address pool configuration mode: Usage Ruijie(dhcp-config)# guidelines In this configuration mode, configure the IP address range, the DNS server and the default gateway. The configuration example below defines a DHCP address pool with the Examples name mypool0.
  • Page 436 CLI Reference DHCP Configuration Commands The configuration example below enables the CLASS to allocate Examples addresses. Ruijie(config)# ip dhcp use class Command Description Related commands lease Use this command to define the lease time of the IP address that the DHCP server assigns to the client in the DHCP address pool configuration mode.
  • Page 437 CLI Reference DHCP Configuration Commands Define the name of the DHCP ip dhcp pool address pool and enter the DHCP address pool configuration mode. Define the node type of netbios for netbios-node-type the client host. netbios-name-server Use this command to configure the WINS name server of the Microsoft DHCP client NETBIOS in the DHCP address pool configuration mode.
  • Page 438 CLI Reference DHCP Configuration Commands netbios-node-type type no netbios-node-type Parameter Description Type of node in two modes: Digit in hexadecimal form in the range of 0 to FF. Only the following numerals are available:  1: b-node.  2: p-node. Parameter ...
  • Page 439 CLI Reference DHCP Configuration Commands commands Define the name of DHCP address pool and ip dhcp pool enter the DHCP address pool configuration mode. Configure the WINS name server of the netbios-name-server Microsoft DHCP client NETBIOS. network (DHCP) Use this command to define the network number and network mask of the DHCP address pool in the DHCP address pool configuration mode.
  • Page 440 CLI Reference DHCP Configuration Commands Define the name of the DHCP address ip dhcp pool pool and enter the DHCP address pool configuration mode. next-server Use this command to define the startup sever list that the DHCP client accesses during startup in the DHCP address configuration mode.
  • Page 441 0 indicates to disable the IP packet forwarding, and 1 indicates to enable the IP packet forwarding. The configuration below enable the IP packet forwarding on the DHCP client. Ruijie(dhcp-config)# option 19 hex 1 Examples The configuration example below defines the option code 33, which provides the DHCP client with the static route information.
  • Page 442 In this configuration mode, user can configure the class matching multiple Option82 information. The configuration example below configures a global CLASS and enter the Option82 matching information configuration mode. Ruijie(config)# ip dhcp class myclass Examples Ruijie(config-dhcp-class)# relay agent information Ruijie(config-dhcp-class-relayinfo)#...
  • Page 443 Command mode Global CLASS configuration mode. Usage guidelines The configuration example below configures a global CLASS which can match multiple Option82 infomration. Ruijie(config)# ip dhcp class myclass Ruijie(config-dhcp-class)# relay agent information Ruijie(config-dhcp-class-relayinfo)# relay-information hex 0102256535 Examples Ruijie(config-dhcp-class-relayinfo)# relay-information hex 010225654565...
  • Page 444: Service Dhcp

    Usage guidelines The configuration example below configures the identification information for a global CLASS. Examples Ruijie(config)# ip dhcp class myclass Ruijie(config-dhcp-class)# remark used in #1 build Command Description Related Define a CLASS and enter the global CLASS commands ip dhcp class configuration mode.
  • Page 445: Clear Ip Dhcp Conflict

    CLI Reference DHCP Configuration Commands Parameter Description Parameter Delete all DHCP bindings. description ip-address Delete the binding of the specified IP addresses. Default N/A. Command mode Privileged mode. This command can only clear the automatic DHCP binding, but the Usage manual DHCP binding can be deleted by the no ip dhcp pool guidelines command.
  • Page 446: Clear Ip Dhcp Server Statistics

    CLI Reference DHCP Configuration Commands clear ip dhcp conflict * Command Description Define the number of the data packets sent by the ping ip dhcp ping Related operation for the detection of the address conflict packets commands when the DHCP server assigns an IP address. show ip dhcp Show the address conflict that the DHCP server conflict...
  • Page 447: Debug Ip Dhcp Server

    The example below turns on the debugging switch of the DHCP Examples server in the equipment. Ruijie# debug ip dhcp server packet show dhcp lease Use this command to show the lease information of the IP address obtained by the DHCP client.
  • Page 448: Show Ip Dhcp Binding

    Display the lease information of the ip address obtained by the client. The following is the result of the show dhcp lease. Ruijie# show dhcp lease Temp IP addr: 192.168.5.71 for peer on Interface: FastEthernet0/0 Temp sub net mask: 255.255.255.0 DHCP Lease server: 192.168.5.70, state: 3 Bound...
  • Page 449: Show Ip Dhcp Conflict

    CLI Reference DHCP Configuration Commands The following is the result of the show ip dhcp binding. Ruijie# show ip dhcp binding IP address Client-Identifier/ Lease expiration Type Hardware address 192.168.1.2 00d0.f866.4777 IDLE Manual The meaning of various fields in the show result is described as follows.
  • Page 450: Show Ip Dhcp Server Statistics

    Default N/A. Command mode Privileged mode. Usage guidelines This command shows the statistics of the DHCP server. The following is the output result of the show ip dhcp server statistics command. Examples Ruijie# show ip dhcp server statistics Lease count...
  • Page 451 CLI Reference DHCP Configuration Commands Address pools Automatic bindings Manual bindings Expired bindings Malformed messages 2 Message Received BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Message Sent BOOTREPLY DHCPOFFER DHCPACK DHCPNAK The meaning of various fields in the show result is described as follows.
  • Page 452 CLI Reference DHCP Configuration Commands commands clear ip dhcp Delete the DHCP server statistics. server statistics...
  • Page 453: Clear Ipv6 Dhcp Client

    Privileged EXEC mode. Command Mode Usage Guide This command is used to reset the DHCPv6 client, which may lead the client to request for the configurations from the server again. Ruijie# clear ipv6 dhcp client vlan 1 Configuration Examples Related Command Description Commands N/A.
  • Page 454 If the * parameter is not specified, all conflicts of IPv6 addresses or prefixes will be deleted. If the ipv6-address parameter is specified, only the specified address conflict will be deleted. Configuration The following example shows how to clear a DHCPv6 address conflict: Ruijie# clear ipv6 dhcp conflict 2008:50::2 Examples Related Command...
  • Page 455 Privileged EXEC mode. Mode Usage Guide This command is used to clear the DHCPv6 server statistics. Configuration The following example shows how to clear the DHCPv6 server statistics: Ruijie(config)# clear ipv6 dhcp server statistics Examples Related Command Description Commands Platform...
  • Page 456 DHCPv6 pool configuration mode. Mode Usage Guide To configure several DNS Server addresses, use the dns-server command for several times. The newly-configured DNS Server address will not overwrite the former ones. Configuration Ruijie(config-dhcp)# dns-server 2008:1::1 Examples Related Command Description Commands domain-name Set the DHCPv6 domain name information.
  • Page 457 The Server attempts to allocate a usable address within the IA_NA address prefix range to the client upon receiving the IA_NA address request from the client. That address will be allocated to other clients if the client no longer uses that address again. Ruijie(config-dhcp)# iana-address prefix...
  • Page 458: Ipv6 Dhcp Client Pd

    The following example shows how to enable the prefix information request on the interface: Configuration Ruijie(config)# interface fastethernet 0/1 Examples Ruijie(config-if)# ipv6 dhcp client pd pd_name Related Command Description Commands...
  • Page 459: Ipv6 Dhcp Relay Destination

    DNS Server information, ect. After creating the DHCPv6 Server configuration pool, use the ipv6 dhcp server command to associate the pool and the DHCPv6 Server on one interface. Ruijie# configure terminal Configuration Ruijie(config)# ipv6 dhcp pool pool1 Examples Ruijie(config-dhcp)# Related Command...
  • Page 460: Ipv6 Dhcp Server

    The relay reply message can be forwarded without the relay function enabled on the interface. Configuration The following example shows how to set the relay destination address on the interface: Ruijie(config)# interface fastethernet 0/1 Examples Ruijie(config-if)# ipv6 dhcp relay destination 2008:1::1 Related Command Description Commands Show the DHCPv6 interface information.
  • Page 461 255, the client sends the request message to the server to obtain the configurations. DHCPv6 Client, Server and Relay functions are exclusive, and only one of the functions can be configured on the interface. Ruijie(config)# interface fastethernet 0/1 Configuration Ruijie(config-if)# ipv6 dhcp server pool1 Examples Related Command Description...
  • Page 462 Before receiving the request message for the address prefix from the client, DHCPv6 Server searches for the corresponding static binding first. If it succeeds, the server returns to the static binding; otherwise, the server will attempt to allocate the address prefix from other prefix information sources. Ruijie(config-dhcp)# prefix-delegation 2008:2::/64 0003000100d0f82233ac Configuration Examples Related...
  • Page 463: Show Ipv6 Dhcp

    The Server attempts to allocate a usable prefix from the prefix pool to the client upon receiving the prefix request from the client. That prefix will be allocated to other clients if the client no longer uses that prefix again. Ruijie(config-dhcp)# prefix-delegation pool client-prefix-pool lifetime 2000 Configuration 1000...
  • Page 464: Show Ipv6 Dhcp Binding

    If the ipv6-address is not specified, all prefixes dynamically assigned to the client and IANA address binding information are shown. If the ipv6-address is specified, the binding information for the specified address is shown. Ruijie# show ipv6 dhcp binding Configuration Client DUID: 00:03:00:01:00:d0:f8:22:33:ac...
  • Page 465: Show Ipv6 Dhcp Interface

    CLI Reference DHCPv6 Configuration Commands Mode Usage Guide Ruijie# show ipv6 dhcp conflict Configuration 2008:50::2 declined Examples 2108:50::2 declined 2008:50::3 declined 2008:50::4 declined 2108:50::4 declined 2008:50::5 declined Related Command Description Commands clear ipv6 dhcp conflict Clear address conflicts. Platform Description show ipv6 dhcp interface Use this command to show the DHCPv6 interface information.
  • Page 466: Show Ipv6 Dhcp Pool

    Privileged EXEC mode. Mode Usage Guide If the poolname is not specified, all DHCPv6 interface information is shown. If the poolname is specified, the specified interface information is shown. Ruijie# show ipv6 dhcp pool Configuration DHCPv6 pool: dhcp-pool Examples DNS server: 2011:1::1 DNS server: 2011:1::2 Domain name: example.com...
  • Page 467 DHCPv6 packets on the client to the specified destination addresses through specified interfaces (optional). Configuration Example 1: Display the destination address configuration information of all relay client Ruijie# show ipv6 dhcp relay destination all Examples Interface: Vlan1 // enable relay port...
  • Page 468 CLI Reference DHCPv6 Configuration Commands Packets dropped Examples Error Excess of rate limit Packets received : 28 SOLICIT REQUEST CONFIRM RENEW REBIND RELEASE DECLINE INFORMATION-REQUEST : 14 RELAY-FORWARD RELAY-REPLY : 14 Packets sent : 16 ADVERTISE RECONFIGURE REPLY RELAY-FORWARD RELAY-REPLY Related Command Description...
  • Page 469 CLI Reference DHCPv6 Configuration Commands Ruijie# show ipv6 dhcp server statistics Configuration DHCPv6 server statistics: Examples Packet statistics: DHCPv6 packets received: Solicit received: Request received: Confirm received: Renew received: Rebind received: Release received: Decline received: Relay-forward received: Information-request received: Unknown message type received:...
  • Page 470 Global configuration mode. Usage guidelines This command enables the domain name resolution function. The following example enables the DNS domain name resolution Examples function. Ruijie(config)# ip domain-lookup Command Description Related commands Show the DNS related configuration information. show hosts ip host Use this command to configure the mapping of the host name and the IP address by manual.
  • Page 471 CLI Reference DNS Module Configuration Commands Examples Ruijie(config)# ip host switch 192.168.5.243 Command Description Related Show the DNS related configuration commands show hosts information. ip name-server Use this command to configure the IP address of the domain name server. Use the no form of this command to delete the configured domain name server.
  • Page 472: Ipv6 Host

    Command mode Global configuration mode. Usage To delete the host list, use the no ipv6 host host-name ipv6-address guidelines command. Examples Ruijie(config)# ipv6 host switch 2001:0DB8:700:20:1::12 Command Description Related Show the DNS related configuration commands show hosts information. clear host Use this command to clear the dynamically learned host name in the privileged user mode.
  • Page 473: Show Hosts

    Use this command to display DNS configuration. show hosts [hostname] Command mode Privileged EXEC mode. Usage guidelines Show the DNS related configuration information. Ruijie# show hosts Name servers are: 192.168.5.134 static Examples Host type Address TTL(sec) switch static 192.168.5.243...
  • Page 474: Ftp Server Configuration Commands

    FTPSRV_DEBUG:(REPLY) 200 PORT Command okay. The following example shows how to disable outputting the debugging messages in the FTP Server: Ruijie# no debug ftpserver Platform description ftp-server enable Use this command to enable the FTP server. Use the no form of this command to disable the FTP server.
  • Page 475 The following example shows how to enable the FTP Server and make the FTP client access to the syslog content only: Ruijie(config)# ftp-server topdir /syslog Ruijie(config)# ftp-server enable Examples The following example shows how to disable the FTP Server:...
  • Page 476 The following example shows how to set the plain-text password as pass: Ruijie(config)# ftp-server password pass Ruijie(config)# ftp-server password 0 pass Examples The following example shows how to set the cipher-text password as 8001: Ruijie(config)# ftp-server password 7 8001...
  • Page 477 FTP server. The following example shows how to enable the FTP Server and make the FTP client access to the syslog content only: Ruijie(config)# ftp-server topdir /syslog Ruijie(config)# ftp-server enable Examples The following example shows how to remove the top-directory...
  • Page 478 The session idle time refers to the time for the FTP session between two FTP operations. The following example shows how to set the session idle timeout as Ruijie(config)# ftp-server timeout 5 Examples The following example shows how to restore the session idle timeout...
  • Page 479 The client fails to pass the identity verification if the username is removed. The following example shows how to set the username as user: Ruijie(config)# ftp-server username user Examples The following example shows how to remove the username configuration:...
  • Page 480  The FTP server top directory  The session idle timeout setting The following example shows the related status information of the FTP server: Ruijie# show ftp-server ftp-server information ======================================= enable : Y topdir : / timeout: 20min username config : Y...
  • Page 481: Ftp Client Configuration Commands

    CLI Reference FTP CLIENT Configuration Commands FTP CLIENT Configuration Commands copy ftp This section introduces how to use the copy ftp command to transfer files at the CLI in the main program. To use the FTP client to download files to the device, execute the copy ftp:url flash:url command in the privileged mode.
  • Page 482 The data connection mode is passive (PASV), file transfer mode is binary, and no local source IP address is specified. Command Global configuration mode Modes Usage Use this command to restore the default setting of the FTP client. Guidelines Examples Restore the default setting of the FTP client. Ruijie (config)# default ftp-client...
  • Page 483 Command Global configuration mode Modes This command sets the file transfer mode to the text (ASCII) mode. Usage Guidelines Set the file transfer mode to ASCII. Examples Ruijie (config)# ftp-client ascii Related Command Description Commands Platform Description ftp-client port Use the ftp-client port command to set the FTP data connection mode to active (PORT). Use the no form of this command to restore the passive mode, in which the client initiates a connection to the server for data transmission.
  • Page 484 You can use this command to set the active mode for data connection, in which the server initiates a Guidelines connection to the client. Examples Set the active mode for FTP connection. Ruijie (config)# ftp-client port Related Command Description Commands...
  • Page 485 FTP CLIENT Configuration Commands Modes This command configures a source IP address for a client to connect to the server. Usage Guidelines Set the active mode for FTP connection. Examples Ruijie (config)# ftp-client source-address 192.168.23.236 Related Command Description Commands Platform Description...
  • Page 486 CLI Reference Network Connectivity Test Tool Configuration Commands Network Connectivity Test Tool Configuration Commands ping Use this command to test the connectivity of a network to locate the network connectivity problem. The command format is as follows: ping [vrf vrf-name | ip] [ip-address [length length ] [ntimes times] [timeout seconds] [data data] [source source] [df-bit] [validate]] Parameter Description...
  • Page 487 = 1/2/10 ms The example below shows the extension ping. Examples Ruijie# ping 192.168.5.197 length 1500 ntimes 100 timeout Sending 100, 1500-byte ICMP Echoes to 192.168.5.197, timeout is 3 seconds, data ffff source 192.168.4.10: < press Ctrl+C to break >...
  • Page 488 < press Ctrl+C to break > !!!!! Examples Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms The example below shows the extension ping ipv6. Ruijie# ping ipv6 2000::1 length 1500 ntimes 100 timeout 3 data ffff source 192.168.4.10:...
  • Page 489 The following is two examples of the application bout traceroute, the one is of the smooth network, and the other is the network in which some gateways aren‟t connected successfully. Examples 1. When the network is connected smoothly: Ruijie# traceroute 61.154.22.36 < press Ctrl+C to break >...
  • Page 490 IP address of 61.154.22.36 (gateways 1~6) and the spent time are displayed. Such information is helpful for network analysis. 2. When some gateways in the network fail: Ruijie# traceroute 202.108.37.42 < press Ctrl+C to break > Tracing the route to 202.108.37.42 192.168.12.1...
  • Page 491: Traceroute Ipv6

    Examples 1. When the network is connected smoothly: Ruijie# traceroute ipv6 3004::1 < press Ctrl+C to break > Tracing the route to 3004::1...
  • Page 492 IP address of 3004::1 (gateways 1~4) and the spent time are displayed. Such information is helpful for network analysis. 2. When some gateways in the network fail: Ruijie# traceroute ipv6 3004::1 < press Ctrl+C to break > Tracing the route to 3004::1 3000::1...
  • Page 493 CLI Reference TCP Configuration Commands TCP Configuration Commands ip tcp adjust-mss Use this command to change the MSS option value of SYN packets sent and received on the interface. Use the no form of this command to remove the configuration. ip tcp adjust-mss max-segment-size no ip tcp adjust-mss Parameter...
  • Page 494 SYN+ACK packet. This command takes effect on the subsequently established TCP session instead of the established TCP session. This command only applies to IPv4 TCP. Ruijie(config-if)# ip tcp adjust-mss 1000 Examples Command Description Related commands ip tcp mss Use this command to configure the upper limit of MSS value.
  • Page 495 MSS for the TCP session to be created. The negotiated Usage MSS cannot exceed the configured value. You can use guidelines this command to reduce the maximum value of MSS, however, this configuration is not needed in general. Ruijie(config)# ip tcp mss 1300 Examples Command Description Related commands ip tcp not-send-rst Use this command to prohibit sending the reset packet when the port-unreachable packet is received.
  • Page 496 CLI Reference TCP Configuration Commands Ruijie(config)# ip tcp not-send-rst Examples Command Description Related commands ip tcp path-mtu-discovery Use this command to enable PMTU(Path Maximum Transmission Unit) discovery function for TCP in global configuration mode. Use the no form of this command to disable this function.
  • Page 497 SYN timeout value can shorten the time for the user to wait, such as telnet. For the bad network, the timeout value can be increased properly. Ruijie(config)# ip tcp syntime-out 10 Examples Command Description Related...
  • Page 498 This command is used to change the size of receiving buffer and sending buffer for TCP session. This command changes both the receiving buffer and sending buffer, and only applies to the newly established session. Ruijie(config)# ip tcp window-size 16386 Examples Command Description Related...
  • Page 499 Use this command to display basic information about the current TCP sessions. show tcp connect Parameter Description Parameter description Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines Ruijie#sh tcp connect tcp connect status: Local Address Foreign Address State cf25000 0.0.0.0.2650 0.0.0.0.0 LISTEN c441000 0.0.0.0.23 0.0.0.0.0 LISTEN c441800 1.1.1.1.23...
  • Page 500 CLI Reference TCP Configuration Commands “192.168.195.212.23” “23” is the port number. Foreign Address The remote address and port number. number after the last “.” is the port number. For example, “2002::2.23” “192.168.195.212.23” “23” is the port number. State There eleven possible states of the current TCP session: CLOSED: The session...
  • Page 501 Use this command to display information about TCP PMTU. show tcp pmtu Parameter Description Parameter description Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines Ruijie# show tcp pmtu Local Address Foreign Address Examples PMTU 2002::1.18946 2002::2.23...
  • Page 502 CLI Reference TCP Configuration Commands 1440 192.168.195.212.23 192.168.195.112.13560 1440 The following table lists the field description : Field Description Sequence number. Local Address The local address and the port number. The number after the last . is the port number. For “2002::2.23”...
  • Page 503 CLI Reference TCP Configuration Commands guidelines Ruijie#sh tcp port tcp port status: Tcpv4 listen on 2650 have connections: Foreign Address Port State Tcpv4 listen on 2650 have total 0 connections. Tcpv4 listen on 23 have connections: Foreign Address Port State c340800 1.1.1.2...
  • Page 504 CLI Reference TCP Configuration Commands three-way handshake phase when the SYN packets have been sent out. SYNRCVD: three-way handshake phase when the SYN packets have been received. ESTABLISHED: session been established. FINWAIT1: local end has sent out the FIN packet. FINWAIT2: packet sent by the local been...
  • Page 505 CLI Reference TCP Configuration Commands Command Description Related commands...
  • Page 506: Configuration Commands

    LAN. This command takes effect for the routes excluding the routes which have been configured to hardware. Therefore, save the configuration and restart the switch in order to unify all routes. Ruijie(config)# ip ref broadcast-in-vlan Configuratio WARNING: will take...
  • Page 507 On condition that the software forwarding table is not consistent with the hardware forwarding table, execute this command to perform the synchronization. The Usage guide following message is printed to inform users of synchronization finished: “IPv4 express forward reports that synchronization finished”. Ruijie# ip ref synchronize all Configuratio 20:09:08 IPv4 express...
  • Page 508 Description Default None configuratio Command Privilege mode mode This command can be used to display current packet statistics of REF. Usage guide Ruijie# show ip ref -----------statistic information-----------: current routes: 5 alloc weight_nodes: 5 alloc bal_tables: 0 alloc adj_nodes: 5...
  • Page 509 CLI Reference IPv4 REF Configuration Commands commands Platform description Version Description Command history show ip ref adjacency This command can be used to display a special adjacent node or all the current adjacent nodes. This command is as follows: show ip ref adjacency [glean | local | ip | interface interface_type interface_number] Parameter Description glean...
  • Page 510 0.0.0.0 0000.0000.0000 Loopback 0 forward_adj 192.168.17.1 0000.2004.094f FastEthernet 1/1 Example 2: Display the adjacent information associated with the specified interface. Ruijie# show ip ref adjacency interface fastEthernet 1/1 adj_type next_hop interface forward_adj 192.168.17.1 0000.2004.094f FastEthernet 1/1 Example 3: Display the adjacent node information associated with the specified IP.
  • Page 511 Display the related routing information in the current REF table, and specify the Usage guide default route and all the routing information matching IP/MASK. Example 1: Display all the routing information in the REF table. Ruijie#show ip ref route Codes: * - default route # - zero route Configuratio...
  • Page 512 *0.0.0.0/0 forward_adj 192.168.17.1 0000.2004.094f FastEthernet 1/1 Example 3: Display all the routing information matching the IP/MASK in the REF table. Ruijie# show ip ref route 192.168.17.0 255.255.255.0 IP/MASK s/res adj_type next_hop interface 192.168.17.0/24 glean_adj 0.0.0.0 0000.0000.0000 FastEthernet 1/1...
  • Page 513 CLI Reference IPv4 REF Configuration Commands Platform description Version Description Command history...
  • Page 514 IP Routing Configuration Commands 1. IP Routing Configuration Commands...
  • Page 515 CLI Reference IP Routing Configuration Commands IP Routing Configuration Commands ip route Use this command to configure an IPv4 static route. Use the no form of this command to remove the configured route. ip route network net-mask { ip-address | interface [ ip-address ] } [ distance ] [ tag tag ] [ permanent ] [ disable | enable ] no ip route network net-mask { ip-address | interface [ ip-address ] } [ distance ] [ tag tag ] [ permanent ] [ disable | enable ]...
  • Page 516 0, and the host route with the mask being 32. The following example configures a default route whose next hop is 192.168.12.1. Ruijie(config)# ip route 0.0.0.0 0.0.0.0 192.168.12.1 If the static route has not a specific interface, data flows may be sent Examples thought other interface in case of interface failure.
  • Page 517 CLI Reference IP Routing Configuration Commands ip routing Use this command to enable IPv4 routing in global configuration mode. Use the no form of this command to disable the function. ip routing no ip routing Default Enabled configuration Command Global configuration mode. mode IP routing is not necessary when the switch serves as bridge or VoIP gateway.
  • Page 518 CLI Reference IP Routing Configuration Commands ip static route-limit number no ip static route-limit number Parameter Description Parameter Upeer threshold of static routes, ranging from description number 1 to 32. Default configuration Command Global configuration mode. mode The goal is to control the number of static routes. Usage guidelines The S2600-I series products support up to 32 IPv4 static...
  • Page 519 0, and the host route with the mask being 128. The following example configures a default route whose next hop is 2002::2. Ruijie(config)#ipv6 route 0::/0 2002::2 If the static route has not a specific interface, data flows may be sent Examples thought other interface in case of interface failure.
  • Page 520 The S2600-I series products support up to 16 IPv6 static routes. The following example sets the upper threshold of the ipv6 static routes to 10 and then restores the setting to the default value. Examples Ruijie# ipv6 static route-limit 10 Ruijie# no ipv6 static route-limit Command Description Related...
  • Page 521 Configure the static route to obtain the IPv4 or IPv6 static route. Configure the IP address of the SVI to obtain the IPv4 or IPv6 directly connected route. The example disables the IPv6 route function of RGOS Examples Ruijie# no ipv6 unicast-routing Command Description Configure the IPv6 static Related...
  • Page 522: Show Ip Route

    Usage guidelines This command can show route information flexibly. Ruijie# show ip route Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external...
  • Page 523 L1: IS-IS level-1 route L2: IS-IS level-2 route ia: IS-IS area internal route Network address and mask 20.0.0.0/8 of the destination network [1/0] Manage metric Via 20.0.0.1 Next hop IP address. Forwarding interface of next VLAN 1 Ruijie# show ip route 30.0.0.0...
  • Page 524 Descriptor interface, source routing protocol Blocks and type of route information Ruijie# show ip route count --------- route info ---------- the num of active route: 5 Ruijie# show ip route weight ------------[distance/metric/weight]----------- 23.0.0.0/8 [1/0/2] via 192.1.1.20 172.0.0.0/16 [1/0/4] via 192.0.0.1 show ipv6 route Use the command to display the configuration of the IPv6 routing table.
  • Page 525 This command can show route information flexibly. The following is the output of this command: Ruijie(config)# show ipv6 route IPv6 routing table name is Default(0) global scope - 7 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B...
  • Page 526 CLI Reference IP Routing Configuration Commands Route type, which may be: E1: OSPF external route type E2: OSPF external route type N1: OSPF NSSA external type 1 N2: OSPF NSSA external type 2 IA: OSPF area internal route SU: IS-IS summary route L1: IS-IS level-1 route L2: IS-IS level-2 route ia: IS-IS area internal route...
  • Page 527 Multicast Configuration Commands 1. IGMP Snooping Configuration Commands 2. MLD Snooping Configuration Commands...
  • Page 528: Igmp Snooping Configuration Commands

    The following is an example of deny the forwarding of the multicast stream 224.2.2.2: Examples Ruijie(config)# ip igmp profile 1 Ruijie(config-profile)# range 224.2.2.2 Ruijie(config-profile)# deny Command Description ip igmp Related Create a profile.
  • Page 529 If the aging guidelines time is set too short, the routes may be added and deleted frequently. Set the aging time of the routing interface that the switch learns dynamically to 100 s: Examples Ruijie(config)# ip igmp snooping dyn-mr-aging-time 100...
  • Page 530 IGMP leave message. The following example shows how to enable the fast leave function on the switch: Examples Ruijie(config)# ip igmp snooping fast-leave Command Function Related commands ip igmp snooping filter To configure a port to receive a specific set of multicast streams, execute the ip igmp snooping filter command in the interface configuration mode to associate the port to a specific profile.
  • Page 531 If yes, this port will be added and processed then. A specific profile must be created before association. The following example demonstrates how to associate profile 1 to a megabit port 0/1: Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip igmp snooping filter 1 Command Description Related ip igmp commands Create a profile.
  • Page 532 CLI Reference IGMP Snooping Configuration Commands to 30s: Ruijie(config)# ip igmp snooping host-aging-time 30 Command Description Related commands ip igmp snooping ivgl To enable IGMP snooping and enter the IVGL mode, execute the ip igmp snooping ivgl command in the global configuration mode. The no form of this command is used to disable IGMP snooping.
  • Page 533 After this mode is set, IVGL and SVGL coexist. guidelines The following example demonstrates how to enable IGMP snooping Examples and enter the ivgl-svgl mode on the device: Ruijie(config)# ip igmp snooping ivgl-svgl Command Description ip igmp Enable igmp snooping...
  • Page 534 The source IP address check function must be enabled before an entry can be added. guidelines The following is an example of adding an entry to the multicast source IP address check table. Examples Ruijie(config)# ip igmp snooping limit-ipmc vlan 1 address 224.0.0.1 server 192.168.4.243 Command Description ip igmp Related...
  • Page 535 IGMP snooping. The following example demonstrates how to enable the dynamic Examples routing interface learning function on the equipment: Ruijie(config)# ip igmp snooping mrouter learn pim-dvmrp...
  • Page 536 The following example associates the profile 1 to the 100M port 0/1 and associates multicast preview with profile 2: Examples Ruijie(config)# ip igmp snooping preview 2 Ruijie(config-if)# int fa 0/1 Ruijie(config-if)# ip igmp snooping filter 1 Command Description...
  • Page 537 The default value is 60 seconds. Command Global configuration mode. mode Usage guidelines The following example sets the multicast preview interval as 100 seconds on the 100M port of 0/1: Examples Ruijie(config)# ip igmp snooping preview interval Command Description Related igmp snooping Enable multicast commands preview preview.
  • Page 538 If the IGMP querier function is disabled globally, the IGMP querier will be disabled in all VLANs. The following example enables the IGMP querier function on the device: Examples Ruijie(config)# ip igmp snooping querier Command Description Related ip igmp snooping vlan...
  • Page 539 VLAN, the source IP configured in the relevant VLAN will be used first. The following example specifies the source IP of query packets on the device: Examples Ruijie(config)# ip igmp snooping querier address 1.1.1.1 Command Description Related ip igmp snooping vlan...
  • Page 540 If the maximum response time has been specified in the corresponding VLAN, the value specified in VLAN will be used first. The following example specifies the maximum response time to query packets on the device: Examples Ruijie(config)# igmp snooping querier max-response-time 15 Command...
  • Page 541 Usage guidelines If expiration timer has been configured in the corresponding VLAN, the value specified in VLAN will be used first. The following example configures the non-querier Examples expiration timer on the device: Ruijie(config)# ip igmp snooping querier timer...
  • Page 542 VLAN, the value guidelines specified in VLAN will be used first. The following example configures IGMP querier version on the device: Examples Ruijie(config)# ip igmp snooping querier version 1 Command Description Related commands Platform Supported after release 10.4(3).
  • Page 543 Set the aging time of the routing interface that the switch learns dynamically to 100s. Examples Ruijie(config)# ip igmp snooping query-max-response-time 100 Command Function Related Configure a multicast routing...
  • Page 544 IP address check function is enabled. The following example shows how to enable the multicast source IP address check function and configure a default source IP address. Examples Ruijie(config)# ip igmp snooping source-check default-server 192.168.4.243 Command Description Related...
  • Page 545 IPMC streams from the specified port are permitted. guidelines The following example shows how to enable the source port check Examples function of IGMP snooping. Ruijie(config)# ip igmp snooping source-check port Command Description Related Ip igmp snooping...
  • Page 546 The SVGL works only when the multicast IP address range is Usage guidelines configured. The following example demonstrates how to enable IGMP snooping Examples and enter the SVGL mode: Ruijie(config)# ip igmp snooping svgl Command Description Enable igmp ip igmp snooping snooping and enter the Related ivgl IVGL mode.
  • Page 547 VLANs while the member ports of the multicast forwarding entry in the other multicast address range must belong to the same VLAN. By default, no profile is associated. Examples Ruijie(config)# ip igmp snooping svgl profile 1 Command Description ip igmp snooping Enable igmp snooping...
  • Page 548 CLI Reference IGMP Snooping Configuration Commands Ruijie(config)# ip igmp snooping svgl vlan 2,5-7 Command Description Enable igmp snooping and configure ip igmp snooping svgl the svgl mode. Related Enable igmp commands igmp snooping snooping and configure ivgl-svgl the IVGL-SVGL mode.
  • Page 549 CLI Reference IGMP Snooping Configuration Commands ip igmp snooping tunnel Configure the relationship between IGMP Snooping and QinQ: ip igmp snooping tunnel no ip igmp snooping tunnel Parameter Description Parameter description Default IGMP Passthrough is disabled. Command Global configuration mode. mode After IGMP Snooping is enabled and dot1q-tunnel port is configured on the device, IGMP packets...
  • Page 550 Caution disable the pim snooping first and this execution fails. The following example enables the igmp snooping on the vlan2. Examples Ruijie(config)# ip igmp snooping vlan 2 Command Description Related...
  • Page 551 The following example demonstrates how to configure a multicast routing interface on the equipment: Examples Ruijie(config)# ip igmp snooping vlan 1 mrout erinterface fastEthernet 0/1 Command Description Related ip igmp snooping...
  • Page 552 IGMP snooping. The following example demonstrates how to enable the dynamic Examples routing interface learning function on the equipment: Ruijie(config)# ip igmp snooping vlan 1 mrouter learn pim-dvmrp Command Description Enable the dynamic Related ip igmp snooping...
  • Page 553 If the IGMP querier function is disabled globally, the IGMP querier will be disabled in all VLANs. The following example enables the IGMP querier for the VLAN on the device: Examples Ruijie(config)# ip igmp snooping vlan 2 querier Command Description Related igmp...
  • Page 554 VLAN, the source IP configured in the relevant VLAN will be used first. The following example specifies the source IP of query packets in the specific VLAN on the device: Examples Ruijie(config)# ip igmp snooping vlan 3 querier address 1.1.1.1 Command Description Related...
  • Page 555 CLI Reference IGMP Snooping Configuration Commands response time advertised in query packets of a specific VLAN: Ruijie(config)# ip igmp snooping vlan 3 querier max-response-time 15 Command Description Related Globally configure the igmp snooping commands querier maximum response max-response-time time to query packets.
  • Page 556 CLI Reference IGMP Snooping Configuration Commands Ruijie(config)# ip igmp snooping vlan 3 querier query-interval 100 Command Description Related igmp snooping Globally configure the commands querier query-interval query interval Platform Supported after release 10.4(3). description ip igmp snooping vlan querier timer expiry To specify the expiration timer for non-querier, execute the global configuration command of "ip igmp snooping vlan querier timer expiry".
  • Page 557 VLAN, the value guidelines specified in VLAN will be used first. The following example configures the IGMP querier version on the device: Examples Ruijie(config)# ip igmp snooping vlan 3 querier version 1 Command Description Related commands Platform Supported after release 10.4(3).
  • Page 558 By default, no static member ports are configured. Command mode Global configuration mode. Usage guidelines Multiple multicast IP addresses can be configured for an interface. Ruijie(config)# ip igmp snooping vlan 1 static 224.1.1.1 interface Examples GigabitEthernet 0/1 Command Description Related ip igmp snooping...
  • Page 559 The following is an example of allowing the forwarding of the multicast stream 224.2.2.2: Examples Ruijie(config)# ip igmp profile 1 Ruijie(config-profile)# range 224.2.2.2 Ruijie(config-profile)# permit Command Description ip igmp Related Create a profile.
  • Page 560 CLI Reference IGMP Snooping Configuration Commands Ruijie(config)# ip igmp profile 1 Ruijie(config-profile)# range 224.2.2.2 224.2.2.244 Command Description ip igmp Create a profile. profile Related Deny the forwarding of the multicast commands deny streams in the range specified by the profile.
  • Page 561 Show configuration information profile-number of the designated profile. Command Privileged EXEC mode. mode Ruijie(config-if)# show ip igmp profile Profile Examples Permit range 224.0.1.0, 239.255.255.255 show ip igmp snooping Use this command to show related information of igmp snooping.
  • Page 562 CLI Reference IGMP Snooping Configuration Commands The following example demonstrates how to process 100 multicast group on the interface fa0/1: Ruijie(config-if)# ip igmp snooping gda-table Abbr:M - mrouter D – dynamic Examples S – static VLAN Address Member ports ------------------------------------------- 233.3.3.3...
  • Page 563 To this end, to make the profile effective, the profile and the specific function shall be associated. The following example shows how the profile 1 enter the profile configuration mode: Examples Ruijie(config)# ipv6 mld profile 1 Ruijie(config-profile)# Command Description Set the profile multicast address...
  • Page 564 The following example shows how to create the multicast flow profile within the range of FF77::1~FF77::100: Examples Ruijie(config)# ipv6 mld profile 1 Ruijie(config-profile)# range FF77::1 FF77::100 Command Description ipv6 mld profile Create one profile.
  • Page 565 Before configuring this command, use the range guidelines command to set the multicast range first. The following example shows how to prevent the multicast flow profile within the range of FF77::100 from being forwarded: Ruijie(config)# ipv6 mld profile 1 Examples Ruijie(config-profile)# range FF77::100 Ruijie(config-profile)# deny Command...
  • Page 566 VLAN. The following example shows how to enable the mld snooping and set the ivgl mode: Examples Ruijie(config)# ipv6 mld snooping ivgl Command Description ipv6 Enable the mld snooping and set...
  • Page 567 The following example shows how to enable the mld snooping and set the svgl mode(the specified profile1 group address belongs to the Examples SVGL application range): Ruijie(config)# ipv6 mld snooping svgl profile 1 Command Description Enable the mld snooping and set...
  • Page 568 SVGL mode. The following example shows how to specify the SVGL mode application range as the profie1 group address range: Examples Ruijie(config)# ipv6 mld snooping svgl profile 1 Command Description ipv6 Enable the mld snooping and set...
  • Page 569 The following example shows how to enable the mld snooping and set the ivgl-svgl mode(the specified profile1 group address belongs to the SVGL application range): Examples Ruijie(config)# ipv6 mld snooping ivgl-svgl Ruijie(config)# ipv6 mld snooping svgl profile 1 Command Description Enable the mld snooping and set ipv6 Related the ivgl mode.
  • Page 570 The following example shows how to set the aging time of Examples the dynamic multicast route port as 500s: Ruijie(config)# ipv6 mld snooping dyn-mr-aging-time 500 ipv6 mld snooping query-max-response-time Use this command to set t the maximum response time of the MLD general query packet. Use the no form of this command to restore it to the default value.
  • Page 571 The following example shows how to disable the mld snooping Examples function in vlan1: Ruijie(config)# no ipv6 mld snooping vlan 1 ipv6 mld snooping vlan mrouter learn Use this command to enable the switch to dynamically learn MLD query or PIM packets to identify the mrouter interface automatically.
  • Page 572 With the source port check function enabled, use the dynamically-learned mroute interfaces to improve the mld snooping flexibility. The following example shows how to enable the dynamic multicast Examples route port learn function: Ruijie(config)# ipv6 mld snooping vlan 1 mrouter learn Command Description Related ipv6 commands...
  • Page 573 The following example shows how to set a multicast routing port: Examples Ruijie(config)# ipv6 mld snooping vlan 1 mrouter interface fastEthernet 0/1 Command Description ipv6 Related...
  • Page 574 The following example shows how to set the interface fastEthernet 0/1 as the static member port of the FF88::1 group: Examples Ruijie(config)# ipv6 mld snooping vlan 1 static FF88::1 interface fastEthernet 0/1 Command Description Related...
  • Page 575 The following example shows how to enable mld snooping suppression: Examples Ruijie(config-if)# ipv6 mld snooping suppression ipv6 mld source-check port The source-check port is used to allow the multicast flow to enter through the mrouter interface. Use this command to enable the mld source-check port in the global configuration mode. Use the no form of this command to disable this function.
  • Page 576 The following example shows how to enable mld snooping source-check port: Examples Ruijie(config-if)# ipv6 mld snooping source-check port ipv6 mld snooping filter Use this command to filter the specific multicast flow in the interface configuration mode. Use the no form of this command to delete the associated profile.
  • Page 577 MLD Profile. The specified profile must be created before using this command. The following example shows how to associate profile1 with the interface fastEthernet 0/1: Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ipv6 mld snooping filter 1 Command Description Related commands ipv6 mld profile Create a profile.
  • Page 578 The following example shows how to clear the forwarding Examples table information learned dynamically: Ruijie# clear ipv6 mld snooping gda-table debug mld-snp Use this command to enable the mld service debugging switch. debug mld-snp undebug mld-snp...
  • Page 579 SVGL profile number Examples Source check port : Disabled Query max respone time : 10(Seconds) The following example shows the mrouter interface of the mld snooping using the show ipv6 mld snooping statistics command: Ruijie# show ipv6 mld snooping statistics...
  • Page 580 VLAN Address Member ports --------------------------------------------------------- FF88::1 GigabitEthernet 0/7(S) The following example shows the mld snooping filtering configuration using the show ipv6 mld snooping mrouter command: Ruijie# show ipv6 mld snooping interface GigabitEthernet 0/7 Interface Filter Profile number max-groups ---------- ---------------------- -----------...
  • Page 581 Privileged EXEC mode. Usage Use this command to show the related MLD profile guidelines configurations. The following example shows the MLD profile configurations: Ruijie# show ipv6 mld profile 1 MLD Profile 1 Examples permit range FF77::1 FF77::100 range FF88::123...
  • Page 582 Security Configuration Commands 1. AAA Configuration Commands 2. RADIUS Configuration Commands 3. TACACS+ Configuration Commands 4. 802.1X Configuration Commands 5. Web Authentication Configuration Commands 6. SSH Configuration Commands 7. GSN Configuration Commands 8. Port-based Flow Control Configuration Commands 9. CPU Protection Configuration Commands 10.
  • Page 583: Aaa Configuration Commands

    CLI Reference AAA Configuration Commands AAA Configuration Commands aaa authentication dot1x Use this command to enable AAA authentication 802.1x and configure the 802.1x user authentication method list. The no form of this command is used to delete the 802.1x user authentication method list. aaa authentication dot1x {default | list-name} method1 [method2...] no aaa authentication dot1x {default | list-name} Parameter...
  • Page 584: Aaa Authentication Enable

    AAA Configuration Commands security server is used for authentication. If the RADIUS security server does not respond, the local user database is used for authentication. Ruijie(config)# aaa authentication dot1x rds_d1x group radius local Command Description aaa new-model Enable the AAA security service.
  • Page 585: Aaa Authentication Login

    In the authentication method list, first the RADIUS security server is used for authentication. If the RADIUS security server does not Examples respond, the local user database is used for authentication. Ruijie(config)# aaa authentication enable default group radius local Command Description aaa new-model Enable the AAA security service.
  • Page 586 If the RADIUS security Examples server does not respond, the local user database is used for authentication. Ruijie(config)# aaa authentication login list-1 group radius local Command Description aaa new-model Enable the AAA security service.
  • Page 587 RADIUS security server is used for authentication. If the RADIUS Examples security server does not respond, the local user database is used for authentication. Ruijie(config)# aaa authentication ppp rds_ppp group radius local Command Description aaa new-model Enable the AAA security service.
  • Page 588 In the authentication method list, first the local user database is used for authentication. Then apply this method to VTY Examples 0-4. Ruijie(config)# aaa authentication login list-1 local Ruijie(config)# line vty 0 4 Ruijie(config-line)# login authentication list-1 Command Description Enable the AAA security service.
  • Page 589 Otherwise, the configured command authorization method is ineffective. The following example uses the TACACS+ server to authorize the Examples level 15 command: Ruijie(config)# aaa authorization commands 15 default group tacacs+ Command Description Related commands Enable the AAA security service.
  • Page 590 The following example enables the configuration command Examples authorization function: Ruijie(config)# aaa authorization config-commands Command Description Enable the AAA security service. aaa new-model Related commands...
  • Page 591 The following example enables the aaa authorization console function: Examples Ruijie(config)# aaa authorization console Command Description Enable the AAA security service. aaa new-model...
  • Page 592: Aaa Authorization Network

    You must apply the exec authorization method to the terminal line; otherwise the configured method is ineffective. The following example uses the RADIUS server to authorize Exec: Examples Ruijie(config)# aaa authorization exec default group radius Command Description aaa new-model Enable the AAA security service.
  • Page 593 RADIUS authorization. RADIUS authorization is performed only when the user passes the RADIUS authorization. The following example uses the RADIUS server to authorize network Examples services: Ruijie(config)# aaa authorization network default group radius Command Description Related aaa new-model Enable the AAA security service.
  • Page 594 TACACS+ server. If the security server does not response, it does perform authorization. After configuration, Examples authorization command is applied to VTY 0-4 lines: Ruijie(config)# aaa authorization commands 15 cmd group tacacs+ none Ruijie(config)# line vty 0 4 Ruijie(config-line)# authorization commands 15 cmd...
  • Page 595 RADIUS server. If the security server does not response, it does not perform authorization. After configuration, the authorization command is applied to VTY 0-4 lines: Examples Ruijie(config)# aaa authorization exec exec-1 group radius none Ruijie(config)# line vty 0 4 Ruijie(config-line)# authorization exec exec-1...
  • Page 596: Aaa Accounting Commands

    CLI Reference AAA Configuration Commands Command Description Enable the AAA security service. aaa new-model Related commands Define the method list of AAA Exec authorization authorization. commands aaa accounting commands Use this command to account users in order to count the network access fees or manage user activities. The no form of this command is used to disable the accounting function.
  • Page 597: Aaa Accounting Exec

    The following example performs accounting of the network service requests from users using TACACS+, and configures the accounting command level to 15: Examples Ruijie(config)# aaa accounting commands 15 default start-stop group tacacs+ Command Description Enable the AAA security service.
  • Page 598 The following example performs accounting of the network service requests from users using RADIUS, and sends the accounting Examples messages at the start and end time of access: Ruijie(config)# aaa accounting network start-stop group radius Command Description Enable the AAA security service.
  • Page 599: Aaa Accounting Update

    The following example performs accounting of the network service requests from users using RADIUS, and sends the accounting Examples messages at the start and end time of access: Ruijie(config)# aaa accounting network start-stop group radius Command Description aaa new-model Enable the AAA security service.
  • Page 600 This command is used to set the accounting guidelines interval if the AAA security service has been enabled. The following example demonstrates how to set the interval of accounting update to 1 minute. Examples Ruijie(config)# aaa new-model Ruijie(config)# aaa accounting update Ruijie(config)# aaa accounting update periodic 1...
  • Page 601: Accounting Commands

    CLI Reference AAA Configuration Commands Command Description Enable the AAA security service. new-model Related commands Define a network accounting method accounting list. network accounting commands Use this command to apply the accounting command list to the specified terminal lines. The no form of this command is used to disable the accounting function.
  • Page 602: Accounting Exec

    CLI Reference AAA Configuration Commands Ruijie(config)# aaa accounting commands 15 cmd group tacacs+ none Ruijie(config)# line vty 0 4 Ruijie(config-line)# accounting commands 15 cmd Command Description aaa new-model Enable the AAA security service. Related commands Define the method list of AAA...
  • Page 603 CLI Reference AAA Configuration Commands Ruijie(config-line)# accounting exec exec-1 Command Description aaa new-model Enable the AAA security service. Related commands accouting Define the method list of AAA commands Exec accouting. aaa domain Use this command to configure the domain attributes.The no form of this command is used to remove the setting.
  • Page 604 Global configuration mode. Usage To perform the domain-name-based AAA service configuration, guidelines enable this service. The following example enables the domain-name-based AAA Examples service. Ruijie(config)# aaa domain enable Command Description Related Enable security aaa new-model commands service. show aaa doamin Show the domain configuration.
  • Page 605 This command limits the number of users for the domain. The following example sets the number of users as 20 for the domain named ruijie.com. Examples Ruijie(config)# aaa domain ruijie.com Ruijie(config-aaa-domain)# access-limit 20 Command Description aaa new-model Enable the AAA security service.
  • Page 606: Authentication Dot1X

    CLI Reference AAA Configuration Commands The following example sets the Network accounting method list for the specified domain. Examples Ruijie(config)# aaa domain ruijie.com Ruijie(config-aaa-domain)# accounting network default Command Description aaa new-model Enable the AAA security service. Related domain Enable the domain-name-based...
  • Page 607 Usage guidelines Specify an authorization method list for the domain. The following example sets an authorization method list for the specified domain. Examples Ruijie(config)# aaa domain ruijie.com Ruijie(config-aaa-domain)# authorization network default Command Description aaa new-model Enable the AAA security service.
  • Page 608 Privileged EXEC mode. Usage If no domain-name is specified, all domain information will be guidelines displayed. The following example shows the domain named domain.com Ruijie(config)# show aaa domain domain.com =============Domain domain.com============= State: Active Username format: Without-domain Examples Access limit: No limit 802.1X Access statistic: 0...
  • Page 609 Use this command to set whether the specified configured domain is guidelines valid. The following example set the configured domain to be invalid Examples Ruijie(config)# aaa domain ruijie.com Ruijie(config-aaa-domain)# state block Command Description aaa new-model Enable the AAA security service.
  • Page 610: Aaa Group Server

    This command is used to configure the AAA server group. Currently, guidelines the RADIUS and TACACS+ server groups are supported. The following example configures an AAA server group. Ruijie(config)# aaa group server radius ss Ruijie(config-gs-radius)# end Examples Ruijie#show aaa group...
  • Page 611: Ip Vrf Forwarding

    Server group configuration mode. Usage guidelines This command selects VRF for the specified server groups. The following example selects the VRF for the server group. Ruijie(config)# aaa group server radius ss Ruijie(config-gs-radius)# server 192.168.4.12 Examples Ruijie(config-gs-radius)# server 192.168.4.13 Ruijie(config-gs-radius)# ip vrf forwarding vrf_name...
  • Page 612 Add a server to the specified server group. The default value is used Usage if no port is specified. guidelines The following example adds a server to the server group. Ruijie(config)# aaa group server radius ss Ruijie(config-gs-radius)# server 192.168.4.12 acct-port 5 authen-port 6 Ruijie(config-gs-radius)# end Ruijie# show aaa group...
  • Page 613 Command mode Privileged EXEC mode. Usage guidelines N/A. The following example shows all the server groups configured for AAA. Ruijie# show aaa group Group Name: ss Group Type: radius Examples Referred: Server List: IP Address: 192.168.217.64 Authentication Port: 1812 Accounting Port: 1813...
  • Page 614 AAA Configuration Commands Command mode Global configuration mode. Usage guidelines Use this command to configure login attempt times. Ruijie #configure terminal Examples Ruijie (config)#aaa local authentication attempts 6 Command Description show Show the current configuration of the switch. Related running-config commands show...
  • Page 615: Clear Aaa Local User Lockout

    Use this command to enable AAA. If AAA is not enabled, none of the guidelines AAA commands can be configured. The following example shows how to enable the AAA security Examples service. Ruijie(config)# aaa new-model Command Description Define a user authentication method authentication list.
  • Page 616: Debug Aaa

    Command mode Privileged EXEC mode. Usage guidelines Use this command to clear all the user lists or the specified user list. Examples Ruijie(config)# clear aaa local user lockout all Command Description show Show the current configuration of the Related running-config switch.
  • Page 617 {all | user-name <word>} Parameter Description Parameter description word User ID. N/A. Default Command mode Privileged EXEC mode. Usage Use this command to show the lockout user list and show how long guidelines the lockout-time is. Examples Ruijie# show aaa user lockout all...
  • Page 618 CLI Reference AAA Configuration Commands Command Description Show the current configuration of the show Related running-config switch. commands show Show lockout configuration lockout parameter of current login.
  • Page 619: Radius Configuration Commands

    The following example specifies that the RADIUS packet obtains an IP address from the fastEthernet 0/0 interface and uses it as the Examples source IP address of the RADIUS packet: Ruijie(config)# ip radius source-interface fastEthernet 0/0 Command Description radius-server Define the RADIUS server.
  • Page 620 RADIUS Calling-Station-ID attribute shall be set as the IETF format type. The following example shows how to define the RADIUS Examples Calling-Station-ID attribute as IETF format: Ruijie(config)# radius-server attribute 31 mac format ietf Command Description Related radius-server commands Define the RADIUS server.
  • Page 621 CLI Reference RADIUS Configuration Commands Parameter Description DNS name of the RADIUS security hostname server host. IP address of the RADIUS security ip-address server host. port used RADIUS auth-port authentication. Number of the UDP port used for RADIUS authentication. If it is set to port-number this host...
  • Page 622 IPv4 environment, enable the active detection with the detection interval 60 minutes and disable the accounting UDP port detection: Examples Ruijie(config)# radius-server host 192.168.100.1 test username viven idle-time 60 ignore-acct-port The following example defines a RADIUS security server host in the...
  • Page 623 RADIUS security server. The following example defines the shared password aaa for the Examples RADIUS security server: Ruijie(config)# radius-server key aaa Command Description radius-server Define the RADIUS security server. host Related...
  • Page 624 CLI Reference RADIUS Configuration Commands that the security sever does not respond. The following example sets the number of retransmissions to 4: Examples Ruijie(config)# radius-server retransmit 4 Command Description radius-server Define the RADIUS security server. host Related Define a shared password for the RADIUS...
  • Page 625 This command is used to guidelines adjust the parameter conditions of timeout and timeout times. The following example sets the timeout to 120s and timeout times to Examples Ruijie(config)# radius-server dead-criteria time 120 tries 20 Command Description Related...
  • Page 626 Otherwise, the Radius server becomes reachable when the duration set by this command is shorted than the unreachable time.. The following example sets the duration when the device stops Examples sending requests to 1 min. Ruijie(config)# radius-server deadtime 1 Command Description Related radius-server Define the RADIUS security server.
  • Page 627 {id |down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type Parameter Description Parameter Function ID in the range 1 to 255 description type Private attribute type Only the default configuration of private attributes in Ruijie is recognized. Function Type max down-rate user ip vlan-id version to client net ip...
  • Page 628 Command mode Global configuration mode. Usage Use this command to configure the type value of a private attribute. guidelines The following example sets the type of max up-rate to 211: Examples Ruijie(config)# radius attribute 16 vendor-type 211...
  • Page 629 Use this command to extend RADIUS not to differentiate the IDs of private vendors. Use the no form of this command to disable the function. radius vendor-specific extend no radius vendor-specific extend Parameter N/A. description Default Only the private vendor IDs of Ruijie are recognized.
  • Page 630: Debug Radius

    Use this command to identify the attributes of all vendor IDs by type. The following example extends RADIUS not to differentiate the IDs of Examples private vendors: Ruijie(config)# radius vendor-specific extend Command Description Related radius attribute Configure vendor type.
  • Page 631 CLI Reference RADIUS Configuration Commands Usage guidelines N/A. Ruijie# show radius server erver IP: 192.168.4.12 Accounting Port: 23 Authen Port: Test Username: viven Test Idle Time: 10 Minutes Test Ports: Authen Server State: Active Current duration 765s, previous duration 0s...
  • Page 632 Parameter description N/A. N/A. Default Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show radius parameter Server Timout: 5 Seconds Server Deadtime: 0 Minute Server Retries: Examples Server Dead Critera: Time: 10 Seconds Tries: Command Description radius-server Define the RADIUS security server.
  • Page 633 CLI Reference RADIUS Configuration Commands Default N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie#show radius vendor-specific vendor-specific type-value ----- -------------------- ---------- max-down-rate port-priority user-ip vlan-id last-supplicant-vers 5 net-ip user-name password file-directory file-count file-name-0 file-name-1 Examples file-name-2 file-name-3 file-name-4...
  • Page 634 CLI Reference RADIUS Configuration Commands Command Description radius-server Define the RADIUS security server. host Define the number of RADIUS packet radius-server Related retransmit retransmissions. commands Define a shared password for the RADIUS radius-server key server. radius-server Define the packet transmission timeout. timeout...
  • Page 635 The following example configures a TACACS+ server group named tac1 and a TACACS+ server address 1.1.1.1 in this group: Ruijie(config)#aaa group server tacacs+ tac1 Examples Ruijie(config-gs-tacacs+)# server 1.1.1.1 Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1 Command...
  • Page 636 The following example configures a TACACS+ server group named tac1 and a TACACS+ server address 1.1.1.1 in this group: Examples Ruijie(config)#aaa group server tacacs+ tac1 Ruijie(config-gs-tacacs+)#server 1.1.1.1 Command Description aaa group Configure TACACS+ server group.
  • Page 637 TACACS+ group server configuration mode. Usage guidelines Specify vrf name to the specified TACACS+ server. The following example specifies VRF name as vpn1 to TACACS+ server group: Ruijie(config)# aaa group server tacacs+ tac1 Examples Ruijie(config-gs-tacacs+)# server 1.1.1.1 Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1 Command Description...
  • Page 638 TACACS+ packet and is used on L3 devices. The following example specifies TACACS+ packet to obtain ip address from fastEthernet 0/0 as the source address of TACACS+ Examples packet : Ruijie(config)# ip tacacs source-interface fastEthernet 0/0 Command Description Related tacacs-server Define TACACS+ server.
  • Page 639 CLI Reference TACACS+ Configuration Commands The following example defines a TACACS+ secure server host: Ruijie(config)# tacacs-server host 192.168.12.1 Examples Ruijie(config)# tacacs-server host 2001::1 Command Description Define AAA identity authentication method list. authentication Related tacacs-server Define the shared password of TACACS+ commands secure server globally.
  • Page 640 CLI Reference TACACS+ Configuration Commands secure server as aaa: Ruijie(config)# tacacs-server key aaa Command Description Related tacacs-server host Define TACACS+ secure server host. commands tacacs-server Define the timeout timer of TACACS+ timeout packet. tacacs-server timeout Use this command to configure the global timeout time waiting for the server when communicatin with...
  • Page 641: Debug Tacacs

    Privileged EXEC mode. Usage Use this command to show the interoperation condition with each guidelines TACACS+ server. Ruijie# show tacacs Tacacs+ Server : 172.19.192.80/49 Socket Opens: 0 Socket Closes: 0 Examples Total Packets Sent: 0 Total Packets Recv: 0...
  • Page 642 CLI Reference TACACS+ Configuration Commands host...
  • Page 643: X Configuration Commands

    Usage Guide auth-address table command to show the authentication address table. The following example shows how to add an authentication address on the interface. Ruijie# configure terminal Configuration Ruijie(config)# dot1x auth-address-table address Examples 00d0f8000000 interface ehternet 1/1 Ruijie(config)# end Ruijie# Command...
  • Page 644 The following example shows how to associate a method list on an interface and use the group radius for authentication. Ruijie# configure terminal Ruijie(config)# aaa new-model Configuration Ruijie(config)# aaa authentication dot1x default group radius Examples Ruijie(config)# interface fastEthernet0/1 Ruijie(config-if)# dot1x authentication default Ruijie(config-if)# end...
  • Page 645 Use the show dot1x command to show the setting. The following example shows how to set the maximum number of failed attempts before entering VLAN. Ruijie# configure terminal Configuration Ruijie(config)# dot1x auth-fail max-attempt 5 Examples Ruijie(config)# end Ruijie# Command Description...
  • Page 646 Global configuration mode Usage Guide Use the show dot1x command to show the 802.1X setting. This example shows how to set the 802.1X authentication mode: Ruijie# configure terminal Configuration Ruijie(config)# dot1x auth-mode chap Examples Ruijie(config)# end Ruijie# Command Description Related Commands show dot1x This command is used to show the 802.1x setting.
  • Page 647 The following example shows how to enable active 802.1x authentication: Ruijie# configure terminal Ruijie(config)# dot1x auto-req Ruijie(config)# end Ruijie# show dot1x auto-req Configuration Ruijie(config)# dot1x auto-req Examples Auto-Req: Enabled User-Detect : Enabled...
  • Page 648 Use the show dot1x auto-req command to show the setting of this function. The following example shows how to enable a device to initiate 802.1x authentication actively and continuously: Ruijie# configure terminal Ruijie(config)# dot1x auto-req packet-num 0 Ruijie(config)# end Configuration Ruijie# show dot1x auto-req Examples...
  • Page 649 CLI Reference 802.1X Configuration Commands Ruijie# show dot1x auto-req Auto-Req: Enabled User-Detect : Enabled Packet-Num : 0 Req-Interval: 60 Second Command Description Related Commands show dot1x The command is used to show the setting of the active auto-req authentication. Platform...
  • Page 650 Use this command to configure the online probe function for the client. Usage Guide The following example shows to how to enable the online probe function for the client. Ruijie# configure terminal Ruijie(config)# dot1x client-probe enable Ruijie(config)# end Ruijie# show dot1x 802.1X Status: Enabled...
  • Page 651: Dot1X Critical

    AAA multi-domain authentication will fail on this interface. Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Configuration Ruijie(config)# interface fa 0/10 Examples Ruijie(config-if)# dot1x port-control auto Ruijie(config-if)# dot1x critical...
  • Page 652 CLI Reference 802.1X Configuration Commands Ruijie(config-if)# end...
  • Page 653: Dot1X Critical Vlan

    Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# interface fa 0/10 Configuration Ruijie(config-if)# dot1x port-control auto Examples Ruijie(config-if)# dot1x critical recovery action reinitialize Ruijie(config-if)# end Command Description Related Commands Platform Description dot1x critical vlan Use this command to configure the port to switch to the specified failed vlan when IAB is enabled.
  • Page 654: Dot1X Default

    VLAN after IAB is enabled. Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# interface fa 0/10 Configuration Ruijie(config-if)# dot1x port-control auto Examples Ruijie(config-if)# dot1x critical vlan 100 Ruijie(config-if)# end Command Description Related Commands Platform Description dot1x default Use this command to restore the default setting of part of the 802.1x parameters.
  • Page 655 Global configuration mode Usage Guide Use the show dot1x dynamic-vlan command to view the setting of 802.1X. The following example shows how to enable dynamic VLAN switch: Ruijie# configure terminal Ruijie(config)# interface gigabitEthernet 4/5 Configuration Ruijie(config-if)# dot1x dynamic-vlan enable Examples Ruijie(config)# end...
  • Page 656 Command Mode Global configuration mode. Usage Guide Use the show dot1x command to view the 802.1X setting. The following example shows how to enable the EAPOL frame tagging function: Ruijie# configure terminal Configuration Ruijie(config)# dot1x eapol-tag Examples Ruijie(config)# end Ruijie#...
  • Page 657 CLI Reference 802.1X Configuration Commands The following example shows how to set 802.1x guest vlan jumping: Ruijie# configure terminal Ruijie(config)# interface gigabitEthernet 4/5 Configuration Ruijie(config-if)# dot1x guest-vlan 10 Examples Ruijie(config)# end Ruijie#...
  • Page 658 Command Mode Usage Guide Use the show dot1x port-control interface command to view the setting. The following example shows how to set the 802.1x MAC bypass authentication: Ruijie# configure terminal Ruijie(config)# interface fa 0/1 Configuration Ruijie(config)# dot1x mac-auth-bypass Examples Ruijie(config)# end...
  • Page 659 Use the show run command to view the 802.1X setting. The following example shows how to set the 802.1x MAC bypass authentication online time: Ruijie# configure terminal Configuration Ruijie(config)# interface fa0/1 Examples Ruijie(config)# dot1x mac-auth-bypass timeout-activity Ruijie(config)# end Ruijie#write Command Description Related Commands show...
  • Page 660 If this function is disabled, the user can not access the network Usage Guide after moving to the new port. Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Configuration Ruijie(config)# dot1x mac-move permit Examples Ruijie(config)# end Command Description Related Commands show dot1x The command is used to view the 802.1x configuration.
  • Page 661 CLI Reference 802.1X Configuration Commands dot1x max-req During interaction between dot1x and a server, another request will be sent by dot1x to the server if the server fails to respond within a specified period of time. Use this command to set the maximum number of authentication requests sent to the server.
  • Page 662 CLI Reference 802.1X Configuration Commands The following example shows how to set the maximum number of authentication requests to 7: Ruijie# configure terminal Configuration Ruijie(config)# dot1x max-req 7 Examples Ruijie(config)# end Ruijie# Command Description Related Commands show dot1x The command is used to view the 802.1x setting.
  • Page 663 Use the show dot1x command to show the 802.1X setting. The following example shows how to set the port to participate in authentication: Ruijie# configure terminal Ruijie(config)# interface g0/1 Configuration Ruijie(config-if)# dot1x port-control auto Examples Ruijie(config-if)# end Ruijie# Command Description...
  • Page 664 Example 1 shows how to set the port to participate in 802.1x authentication: Ruijie(config)# interface g0/1 Ruijie(config-if)# dot1x port-control auto Ruijie(config-if)# dot1x port-control-mode port-based Ruijie(config-if)# end...
  • Page 665 Supported Command Mode Global configuration mode Usage Guide Use show dot1x private-supplicant-only to view the 802.1x setting. The following example shows how to set to use private clients only: Ruijie# configure t Configuration Ruijie(config)# dot1x private-supplicant-only Examples Ruijie(config)# end Ruijie#...
  • Page 666 802.1x setting. The following example shows how to set the Hello message sending interval to 30 seconds and the alive interval to 120 seconds: Ruijie# configure terminal Ruijie(config)# dot1x probe-timer interval 30 Configuration Ruijie(config)# dot1x probe-timer alive 120 Examples Ruijie(config)# end...
  • Page 667 CLI Reference 802.1X Configuration Commands Ruijie# configure terminal Examples Ruijie(config)# dot1x re-authentication Ruijie(config)# end Ruijie# show dot1x 802.1X Status: Enabled Authentication mode: EAP-MD5 Authed User Number: Re-authen Enabled: Enabled Re-authen Period: 1000 sec Quiet Timer Period: 1000 sec Tx Timer Period:...
  • Page 668 Usage Guide attempts. Use show dot1x command to show the 802.1X setting. The following example shows how to set the maximum number of re-authentication attempts: Ruijie# configure terminal Ruijie(config)# dot1x reauth-max 5 Ruijie(config)# end Ruijie# show dot1x 802.1X Status: Enabled...
  • Page 669 This command must be configured before user authentication. Otherwise, all users Usage Guide must be re-authenticated The following example shows how to stop users from transiting from 802.1X port to other ports: Ruijie# configure terminal Configuration Ruijie(config)# dot1x stationarity enable Examples Ruijie(config)# end Ruijie# Command Description Related Commands...
  • Page 670 CLI Reference 802.1X Configuration Commands The following example shows how to set the waiting time for re-authentication to 1000s: Ruijie# configure terminal Ruijie(config)# dot1x timeout quiet-period 1000 Ruijie(config)# end Ruijie# show dot1x 802.1X Status: Enabled Authentication mode: EAP-MD5 Authed User Number:...
  • Page 671 CLI Reference 802.1X Configuration Commands The following example shows how to set the re-authentication interval to 1000s: Ruijie# configure terminal Ruijie(config)# dot1x timeout re-authperiod 1000 Ruijie(config)# end Ruijie# show dot1x 802.1X Status: Enabled Authentication mode EAP-MD5 Authed User Number: Re-authen Enabled:...
  • Page 672 Usage Guide Use show dot1x command to view the 802.1X setting. The following example shows how to set the authentication timeout period to 10s: Ruijie# configure terminal Ruijie(config)# dot1x timeout server-timeout 10 Ruijie(config)# end Ruijie# show dot1x 802.1X Status: Enabled...
  • Page 673 Use show dot1x command to view the 802.1X setting. The following example shows how to set the authentication timeout period between a device and applicants to 10s: Ruijie# configure terminal Ruijie(config)# dot1x timeout supp-timeout 10 Ruijie(config)# end Ruijie# show dot1x 802.1X Status:...
  • Page 674 Usage Guide Use show dot1x command to view the 802.1X setting. The following example shows how to set the interval of re-transmission to 10s: Ruijie# configure terminal Ruijie(config)# dot1x timeout tx-period 10 Ruijie(config)# end Ruijie# show dot1x 802.1X Status: Enabled...
  • Page 675: Show Dot1X

    Use this command to view 802.1x settings. show dot1x Parameter Description Defaults Command Mode Privileged mode Usage Guide The following example shows how to view 802.1x settings: Ruijie# show dot1x 802.1X Status: Enabled Authentication Mode: EAP-MD5 Authed User Number: Re-authen Enabled: Disabled Re-authen Period:...
  • Page 676 It specifies the interface number. Defaults Command Mode Privileged mode Usage Guide The following example shows how to display the table of 802.1x addresses that can be authenticated: Ruijie# show dot1x auth-address-table Configuration interface:g3/1 Examples ----------------------------------- mac-addr 00D0.F800.0001 Ruijie#...
  • Page 677 CLI Reference 802.1X Configuration Commands Command Description It is used to set the 802.1x authentication mode. dot1x auth-mode It is used to set the maximum number of authentication dot1x max-req request re-transmission times. dot1x port-control It is used to set a port to participate in authentication. auto It is used to set the maximum number of applicant dot1x reauth-max...
  • Page 678 CLI Reference 802.1X Configuration Commands The following example shows how to view the setting of the automatic 802.1x authentication: Ruijie# show dot1x auto-req Auto-Req: Disabled Configuration User-Detect : Enabled Examples Packet-Num : 0 Req-Interval: 30 Seconds Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode.
  • Page 679 CLI Reference 802.1X Configuration Commands Usage Guide The following example shows how to display the maximum number of authentication request re-transmission attempts: Configuration Ruijie# show dot1x max-req Examples max-req: 2 times Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode.
  • Page 680 CLI Reference 802.1X Configuration Commands Usage Guide The following example shows how to view ports that participate in the authentication: Ruijie# show dot1x port-control Interface Mode Dynamic-User Static-User Max-User Authened Mab Configuration --------- ---------- ------------ ----------- -------- -------- Examples ---------...
  • Page 681 Parameter Description Defaults Privileged mode Command Mode Usage Guide The following example shows how to view the client filtering function: Ruijie# show dot1x private-supplicant-only Configuration private-supplicant-only:: disabled Examples Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode.
  • Page 682 Description Defaults Command Mode Privileged mode Usage Guide The following example shows how to view the configuration of the client online probe timer: Ruijie# show dot1x probe-timer Configuration Hello Interval: 20 Seconds Examples Hello Alive: 250 Seconds Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode.
  • Page 683 Parameter Description Defaults Command Mode Privileged mode Usage Guide The following example shows how to view the re-authentication setting: Ruijie# show dot1x re-authentication Configuration eauth-enabled: disabled Examples Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode.
  • Page 684 Defaults Command Mode Privileged mode Usage Guide The following example shows how to view the maximum number of re-authentication attempts: Configuration Ruijie# show dot1x reauth-max Examples reauth-max: 2 times Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode.
  • Page 685: Show Dot1X Summary

    Defaults Command Mode Privileged mode Usage Guide The following example shows how to display information about the 802.1x authentication configuration table: Ruijie# show dot1x summary User Interface VLAN Auth-State Backend-State Port-Status User-Type Time Configuration -------- ---------- -------------- --------- ---- ---------------...
  • Page 686 Defaults Command Mode Privileged mode Usage Guide -The command is used to view configuration of timeout parameters. The following example shows how to view the timeout configuration: Ruijie# show dot1x timeout quiet-period Configuration quiet-period: 60 sec Examples Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode.
  • Page 687 -The command is used to view the information of a specific user. Usage Guide The following example shows how to view the information about the 802.1x authentication configuration table: Ruijie# show dot1x user id 1 User name: caikov id: 1 Type: static Mac address is 0013.2049.8272...
  • Page 688 CLI Reference 802.1X Configuration Commands Ruijie# Command Description dot1x auth-mode It is used to set the 802.1x authentication mode. It is used to set the maximum number of authentication dot1x max-req request re-transmission times. dot1x port-control It is used to set a port to participate in authentication.
  • Page 689 Parameter Description Description Defaults Privileged EXEC mode Command Mode Usage Guide Configuration The following example shows how to enable the global client download function. Ruijie# configure terminal Examples Ruijie(config)# dot1x redirect Related Command Description Commands Platform Description http redirect This command is used to set the IP address for special access of the HTTP redirection, which is usually the server IP address of HTTP redirection.
  • Page 690 HTTP, the access device redirects the user's access request in the client download page to guide the user to download, install and authenticate the client. Example 1: Set the IP address for special access of the HTTP redirection to 172.16.0.1. Configuration Ruijie(config)# http redirect 172.16.0.1 Examples Related Command...
  • Page 691 All users can access the Web sites free of authentication. Up to 50 network resource ranges can be free of authentication. Configuration Example 1: Set the Web site with the IP address as 172.16.0.1 free of authentication. Ruijie(config)# http redirect direct-site 172.16.0.1 Examples Related Command...
  • Page 692 Example 1: Set the address of HTTP redirection to http://www.web-auth.net/login. Ruijie(config)# Examples http redirect homepage http://www.web-auth.net/login Example 2: Set the address of client download service homepage to www.su-download.net/. Ruijie# configure terminal Ruijie(config)# http redirect homepage www.su-download.net/ Related Command Description Commands show http redirect View the HTTP redirection configuration.
  • Page 693 CLI Reference Web Authentication Configuration Commands Example 2: Do not redirect users’ HTTP requests with port 80. Ruijie(config)# no http redirect port 80 Related Command Description Commands show http redirect View the HTTP redirection configuration. Platform Description http redirect session-limit...
  • Page 694 HTTP GET/HEAD packet and the system returns an HTTP redirection packet. This timeout is set to prevent users from occupying TCP connections for long without sending any GET/HEAD packets. Example 1: Set the timeout for the redirection connection maintenance to 4. Configuration Ruijie(config)# http redirect timeout 4 Examples Related Command...
  • Page 695 CLI Reference Web Authentication Configuration Commands Defaults Privileged EXEC mode Command Mode Usage Guide Example 1: Display the HTTP redirection configuration. Ruijie# show http redirect HTTP redirection settings: server: 192.168.32.123 port: 80 8000 homepage: http://192.168.32.123:8888/ePortal/index.jsp session-limit: 10 timeout: Direct sites:...
  • Page 696 CLI Reference Web Authentication Configuration Commands IP address mask of the network resource free Mask of authentication ARP Binding Enable/Disable ARP binding Users free authentication: Address IP address of the user free of authentication IP address mask of the user free of Mask authentication Access device port that is bound with the...
  • Page 697 Web Authentication Configuration Commands Command Privileged EXEC mode Mode Usage Guide Configuration Example 1: View the VLAN list supporting VLAN-based Web authentication. Ruijie# show web-auth allow-vlan Examples Allow-vlan list : 1-3,5 Related Command Description Commands Set VLAN-based Web authentication function web-auth allow-vlan and the authenticated VLAN list.
  • Page 698 Parameter Description Description Defaults Command Privileged EXEC mode Mode Usage Guide Example 1: Display the authentication configuration and statistics of an interface. Configuration Ruijie# show web-auth port-control Examples Port Control ----------------- --------- FastEthernet 0/1 FastEthernet 0/2 FastEthernet 0/3 ..Field...
  • Page 699 0d 01:00:00 0d 00:15:10 Active 192.168.0.13 0d 00:00:59 Active 192.168.0.25 Create 192.168.0.46 0d 01:00:00 0d 01:00:00 Destroy Ruijie# show web-auth user 192.168.0.11 Address 192.168.0.11 00d0.f800.2233 Port Fa0/2 Online Time Limit 0d 01:00:00 Time Used 0d 00:15:10 Time Start 2009-02-22 20:05:10...
  • Page 700 To enable VLAN-based authentication, you need to enable Web authentication on the downlink port of the device and turn the port to the TRUNK mode. Configuration Example 1: Set authenticated VLANs to VLAN 1, VLAN 2, VLAN 3, and VLAN 5. Ruijie(config)# web-auth allow-vlan 1-3,5 Examples...
  • Page 701 Usage Guide Web authentication. Up to 50 users can be set to be free of authentication. Configuration Example 1: Set the user using the IP address 172.16.0.1 to be free of authentication. Ruijie(config)# web-auth direct-host 172.16.0.1 Examples Related Command Description...
  • Page 702 This command is used to enable the check for on status based on the user traffic. Configuration Example 1: Enable user's online status check based on traffic. Ruijie(config)# web-auth offline-detect flow Examples Related Command Description...
  • Page 703 To use the Web authentication function, the communication key between the access device and the authentication server must be set. Example 1: Set the communication key between the access device and the authentication server to Configuration web-auth. Examples Ruijie(config)# web-auth portal key web-auth Related Command Description Commands http redirect Set the IP address of the authentication server.
  • Page 704 Interface configuration mode Mode Usage Guide To use the Web function, the address of the authentication homepage must be configured. Configuration Example 1: Enable Web authentication on port FastEthernet 0/14. Ruijie(config)# interface FastEthernet 0/14 Examples Ruijie(config-if)# web-auth port-control Related Command Description...
  • Page 705 Web Authentication Configuration Commands This command is used to change the interval at which the online user information is updated. Example 1: Set the interval at which the online user information is updated to 30s. Configuration Ruijie(config)# web-auth update-interval 30 Examples Related Command...
  • Page 706: Ssh Configuration Commands

    It is recommended to specify the modules of the host key as or larger than 768 bits when configure the RSA and DSA host keys. A key can be deleted by using the crypto key zeroize command. The no crypto key generate command is not available. Ruijie# configure terminal Configuration...
  • Page 707: Disconnect Ssh

    CLI Reference SSH Configuration Commands Ruijie(config)# crypto key generate rsa Examples Related Command Description Commands show ipssh Show the current status of the SSH Server. Delete DSA and RSA keys and disable the crypto key zeroize { rsa | dsa } SSH Server function.
  • Page 708 SSH connection by entering the specified VTY connection ID. Only connections of the SSH type can be disconnected. Ruijie# disconnect ssh 1 Configuration Examples Ruijie# disconnect ssh vty 1 Related Command Description Commands Show the information about the established show ssh SSH connection.
  • Page 709 SSH server is exceeded. Use the show ipssh command to view the configuration of the SSH Server Configuration The following example sets the authentication retry times to 2: Ruijie# configure terminal Examples Ruijie(config)# ipssh authentication-retries 2 Related Command Description Commands Show the current status of the SSH Server.
  • Page 710 Mode Usage Guide Configuration The following example sets the associated RSA and DSA public-key files of User Test. Ruijie# configure terminal Examples Ruijie(config)# ipssh peer test public-key rsaflash:rsa.pub Ruijie(config)# ipssh peer test public-key dsaflash:dsa.pub Related Command Description Commands show ipssh Show the current status of the SSH Server.
  • Page 711: Ip Ssh Version

    Use the show ipssh command to view the configuration of the SSH server. Configuration The following example sets the timeout value as 100s: Ruijie# configure terminal Examples Ruijie(config)# ipssh time-out 100 Related Command Description Commands Show the current status of the SSH Server.
  • Page 712: Show Crypto Key Mypubkey

    This command is used to show the information about the public key part of the generated public key on the SSH Server, including key generation time, key name, contents in the public key part. Ruijie# show crypto key mypubkeyrsa Configuration...
  • Page 713: Show Ssh

    This command is used to show the information of the SSH Server, including version, enablement state, authentication timeout, and authentication retry times. If no key is generated for the SSH Server, the SSH version is still unavailable even if this SSH version has been configured. Ruijie# show ip ssh Configuration Examples Related...
  • Page 714 CLI Reference SSH Configuration Commands connection status, and user name. Ruijie# show ssh Configuration Examples Related Command Description Commands N/A. N/A. Platform Description...
  • Page 715 Interface configuration mode, support L2 switch port excluding AP Command mode and AP member port. Usage It is worth mentioning that this command takes effect only after the guidelines GSN function is enabled. Ruijie(config-if)# security address-bind enable Examples Command Description Related security commands Enable the global GSN switch.
  • Page 716 For the detailed information, please refer to SNMP command reference. The following example shows how to set the v1 community: Ruijie(config)# security v1 community public Examples The following example shows how to set the v3 username to start:...
  • Page 717 Use this command to enable the device to support GSN. The following example shows how to enable GSN: Examples Ruijie(config)# security gsn enable smp-server host Use this command to configure the IP address for the corresponding smp-server. smp-server host ip-address...
  • Page 718 Use this command to show the minimum interval of security event. show security event interval Command mode Privileged EXEC mode. Ruijie# show security event interval Examples Event sending interval(seconds): 5 Command Description Related security event...
  • Page 719 CLI Reference GSN Configuration Commands Examples Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show main status commands view gsn configuration information modules.
  • Page 720 After setting some ports as the protected ports, they can route on L3. Use this Usage command to deny the L3 communication between protected ports. Use show guidelines running-config to display configuration. Examples Ruijie(config)# protected-ports route-deny Command Description Related Show whether the route-deny between protected show running-config commands ports has been configured.
  • Page 721 GigabitEthernet 1/1 and sets the allowed rate to 4M. Ruijie# configure terminal Examples Ruijie(config)# interface GigabitEthernet 1/1 Ruijie(config-if)# storm-control multicast 4096 Ruijie(config-if)# end Command Description Related commands show storm-control Show storm suppression information. Platform...
  • Page 722: Switchport Protected

    After these ports are set as the protected ports, they cannot switch on L2 but Usage can route on L3. A protected port can communicate with an unprotected port. Use guidelines show interfaces to display configuration. Ruijie(config)#interface gigabitethernet 1/1 Examples Ruijie(config-if)# switchport protected Command Description...
  • Page 723 This example shows how to enable port security on interface gigabitethernet 1/1, and the way to deal with violation is shutdown: Examples Ruijie(config)#interface gigabitethernet 1/1 Ruijie(config-if)# switchport port-security Ruijie(config-if)# switchport port-security violation shutdown Command Description Related commands show port-security Show port security settings.
  • Page 724 Use show port-security to display configuration. Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# switchport port-security aging time 8 Ruijie(config-if)# switchport port-security aging static Command Description Related commands show port-security Show port security settings.
  • Page 725 1.This example shows how to bind the IP address 192.168.1.100 on the interface g 0/10: Ruijie(config)#inter g0/10 Ruijie(config-if)# switchport port-security binding 192.168.1.100 Examples 2.This example shows how to bind the IP address 192.168.1.100 and MAC address 00d0.f800.5555 with vlan id 1 on the interface g 0/10 Ruijie(config)#inter g0/10 Ruijie(config-if)# switchport port-security binding 00d0.f800.5555...
  • Page 726 Usage guidelines 1.This example shows how to bind the IP address 192.168.1.100 on the interface g 0/10: Ruijie(config)# switchport port-security binding interface g 0/10 192.168.1.100 Examples 2.This example shows how to bind the IP address 192.168.1.100 and MAC address 00d0.f800.5555 with vlan id 1 on the interface g 0/10 Ruijie(config)# switchport port-security binding interface g 0/10 00d0.f800.5555 vlan 1 192.168.1.100...
  • Page 727 N/A. The example below describes how to configure a static secure address 00d0.f800.5555 with VID 2 for interface g 0/10: Examples Ruijie(config)#inter g0/10 Ruijie(config-if)# switchport port-security mac-address 00d0.f800.5555 vlan 2 Command Description show port-security Show port security settings. switchport Enable the port-security.
  • Page 728 Usage guidelines N/A. The example below describes how to configure a static secure address 00d0.f800.5555 with VID 2 for interface g 0/10: Examples Ruijie(config)# switchport port-security interface g0/10 mac-address 00d0.f800.5555 vlan 2 Command Description show port-security Show port security settings.
  • Page 729 Ruijie(config-if)# switchport port-security mac-address 00d0.f800.5555 vlan 2 Examples The example below describes how to enable the Sticky MAC address learning on the interface g0/10 Ruijie(config)#inter g0/10 Ruijie(config-if)# switchport port-security sticky mac-address Command Description show port-security Show port security settings. Related...
  • Page 730 The example below describes how to set the maximum number of the secure address as 2 for interface g 0/10 Examples Ruijie(config)#inter g0/10 Ruijie(config-if)# switchport port-security maximum 2 Command Description Related show port-security...
  • Page 731 If the limited number of the IP address you set is less than bound number, it will guidelines prompt this setting fails. The example below describes how to set the limited number of the port IP address as 100 Examples Ruijie(config)#inter f 0/1 Ruijie(config-if)#nac-author-user maximum 100 Command Description Related Show the limited and...
  • Page 732 Default All information is shown by default. configuration Command mode Privileged EXEC mode. Usage guidelines Examples Ruijie#show nac-author-user Command Description Related nac-auth-user Set the limited number of port IP commands maximum value address. show port-security Use this command to show port security settings.
  • Page 733 Interface on which the storm suppression description is enabled Default configuration All information is displayed. Command mode Privileged EXEC mode. Ruijie# show storm-control gigabitethernet 1/1 Interface Broadcast Control Multicast Control Unicast Control Examples ----------- --------------- ---------------- --------------- Gi1/1 Disabled Disabled Disabled Command Description Related commands storm-control Enable storm suppression.
  • Page 734 CLI Reference CPU Protection Configuration Commands CPU Protection Configuration Commands cpu-protect type packet-type traffic-class traffic-class-num Use this command to set the traffic class for the corresponding packet type. cpu-protect type { bpdu | arp | tpp | dot1x | gvrp | rdlp | dhcp | unknown-ipv6-mc | known-ipv6-mc | unknown-ipv4-mc | known-ipv4-mc | udp-helper | dvmrp | igmp | icmp | ospf | pim | rip | vrrp | error-ttl | error-hop-limit | local-telnet | local-snmp | local-http | local-tftp | local-other | ipv4-uc | ipv6-uc | mld| ns | other } traffic-class...
  • Page 735 CLI Reference CPU Protection Configuration Commands BPDU IGMP 802.1X GVRP DHCP Unicast Known_ mc Unknown_ mc Broadcast Error_ttl Route RIPv1 IPv4-ctrl Error_Hop_Limit IPv6-ctrl Route6 Other For the S5760 series: Packet Type Queue ID BPDU 802.1X GVRP RLDP DHCP Unknow_IPv6_mc Know_IPv6_mc Unknow_IPv4_mc Know_IPv4_mc UDP-Helper...
  • Page 736 Command mode Global configuration mode. The following example sets the traffic class for the BPDU packet: Ruijie(config)# cpu-protect type bpdu traffic-class 5 Ruijie(config)# end Examples Ruijie # show cpu-protect type bpdu traffic-class %**********packet type traffic-class********** bpdu Command Description cpu-protect Related...
  • Page 737 For S3760 series, the default bandwidth of all queues is 1000kbps. Command Global configuration mode. mode The following example sets the the maximum rate for queue 7 as 312kbps: Ruijie#configure terminal Ruijie(config)# cpu-protect traffic-class id 7 bandwidth 312 Examples Ruijie(config)#end Ruijie# show cpu-protect traffic-class id 7 %*********traffic class bandwidth(kbps)********** Command...
  • Page 738 For S3760 series, the default bandwidth of all queues is 1000kbps. Command Global configuration mode. mode The following example sets the the maximum rate for all queues as 312kbps: Examples Ruijie#configure terminal Ruijie(config)# cpu-protect traffic-class all bandwidth 312 Ruijie(config)#end Command Description cpu-protect type packet-type Set the traffic class for the traffic-class corresponding packet type.
  • Page 739 For S3760 series, the default bandwidth of the CPU port is 3000kbps. Command mode Global configuration mode. The following example sets the maximum rate for the CPU port as 2000kbps: Ruijie#configure terminal Examples Ruijie(config)# cpu-protect cpu bandwidth 2000 Ruijie(config)#end Ruijie#show cpu-protect cpu %cpu port bandwidth: 2000(kpbs) Command Description cpu-protect type...
  • Page 740 Global configuration mode. The following example sets the the maximum rate for the CPU port as 2000kbps: Ruijie#configure terminal Ruijie(config)# cpu-protect mac-address storm-control enable 3000 Examples Ruijie(config)#end Ruijie# show cpu-protect mac-address storm-control %MAC address storm control state: enable %MAC address storm control rate: 3000(address/second) This command is not supported on S3760 series.
  • Page 741 In the range of 0-7. Command mode Privileged EXEC mode. Usage guidelines This command shows the maximum rate for each queue. The following example shows the cpu protection information for queue1: Ruijie#show cpu-protect traffic-class id 1 Examples %*********traffic class bandwidth(kbps)********** 1000...
  • Page 742 Command mode Privileged EXEC mode. Usage guidelines This command shows the maximum rate for all queues. The following example shows the maximum rate for all queues: Ruijie# show cpu-protect traffic-class all %*********traffic class bandwidth(kbps)********** 1000 1000 Examples 1000 1000...
  • Page 743 Usage This command shows the mac-address number generated per guidelines second. The following example shows the maximum rate for the CPU port: Ruijie# show cpu-protect mac-address storm-control Examples %MAC address storm control state: enable %MAC address storm control rate: 2000(address/second)
  • Page 744 CLI Reference CPU Protection Configuration Commands This command is not supported on S3760 series. Caution...
  • Page 745 The following example shows how to enable the anti-attack of the self-consumption: Ruijie(config)# ip deny invalid-l4port Examples The following example shows how to disable the anti-attack of the self-consumption: Ruijie(config)# no ip deny invalid-l4port Command Description Related show deny Show the state of anti-attack of...
  • Page 746 The following example shows how to enable the anti-attack of the invalid TCP packets: Ruijie(config)# ip deny invalid-tcp Examples The following example shows how to disable the anti-attack of the invalid TCP packets: Ruijie(config)# no ip deny invalid-tcp Command Description Related Show the state of anti-attack of show...
  • Page 747 Usage guidelines N/A. The following example shows how to enable the anti-land-attack: Ruijie(config)# ip deny land Examples The following example shows how to disable the anti-land-attack: Ruijie(config)# no ip deny land Command Description Related show deny commands Show the anti-land-attack state.
  • Page 748 Ruijie(config)# int Fa 0/5 Ruijie(config-if-FastEthernet)# ip deny spoofing-source The following example shows how to disable the ingress filtering on the routed port Fa 0/5: Ruijie(config)# int fa 0/5 Ruijie(config-if- FastEthernet)# no ip deny spoofing-source Command Description Related commands show ip deny invalid-l4port Use this command to show the state of the anti-consumption-attack.
  • Page 749 Parameter Description Parameter description Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines Ruijie# show ip deny invalid-tcp DoS Protection Mode State Examples ------------------------------------- ----- protect against invalid tcp attack Command Description Related (no) ip deny Enable/Disable the anti-attack commands of the invalid TCP packets.
  • Page 750 CLI Reference DoS Protection Configuration Commands Command mode Privileged EXEC mode. Usage guidelines Ruijie# show ip deny land DoS Protection Mode State Examples ------------------------------ ----- protect against land attack Command Description Related (no) ip deny land Enable/Disable commands anti-land-attack function.
  • Page 751: Dhcp Snooping Configuration Commands

    The following is an example of enabling the DHCP snooping function. Ruijie# configure terminal Ruijie(config)# ip dhcp snooping Ruijie(config)# end Ruijie# show ip dhcp snooping Switch DHCP snooping status: ENABLE Examples DHCP snooping Verification of hwaddr field status: DISABLE DHCP snooping database write-delay time: 0 seconds...
  • Page 752: Ip Dhcp Snooping Vlan

    Use this command to configure effective DHCP snooping VLAN by character Usage string. guidelines The following example enables the DHCP snooping function in VLAN1000. Ruijie# configure terminal Examples Ruijie(config)# ip dhcp snooping vlan 1000 Ruijie(config)# end Command Description Related commands ip dhcp snooping Global switch of DHCP snooping.
  • Page 753 DHCP Snooping adds the Bootp user to the static binding database. The following example enables the DHCP snooping bootp bind function. Ruijie# configure terminal Ruijie(config)# ip dhcp snooping bootp-bind Ruijie(config)# end Ruijie# show ip dhcp snooping Switch DHCP snooping status :ENABLE...
  • Page 754: Ip Dhcp Snooping Information Option

    The following is an example of enabling the check of the source MAC address of the DHCP request message. Ruijie# configure terminal Ruijie(config)# ip dhcp snooping verify mac-address Ruijie(config)# end Ruijie# show ip dhcp snooping Examples Switch DHCP snooping status: ENABLE...
  • Page 755 CLI Reference DHCP Snooping Configuration Commands Ruijie# configure terminal Ruijie(config)# ip dhcp snooping information option Ruijie(config)# end Ruijie# show ip dhcp snooping Switch DHCP snooping status ENABLE DHCP snooping Verification of hwaddr status ENABLE DHCP snooping database write-delay time DHCP snooping option 82 status...
  • Page 756 CLI Reference DHCP Snooping Configuration Commands Ruijie# configure terminal Ruijie(config)# ip dhcp snooping information option format remote-id hostname Command Description Related commands ip dhcp snooping database write-delay Use this command to configure the switch to write the dynamic user information of the DHCP snooping binding database into the flash periodically.
  • Page 757 The following is an example of writing the dynamic user information of the DHCP binding database into flash. Ruijie# configure terminal Examples Ruijie(config)# ip dhcp snooping database write-to-flash Ruijie(config)# end Ruijie# Related N/A. commands ip dhcp snooping suppression Use this command to set the port to be the suppression status.
  • Page 758: Ip Dhcp Snooping Trust

    DHCP. The following is an example of setting fastethernet 0/2 to be suppression status: Ruijie# configure terminal Examples Ruijie(config)# interface fastEthernet 0/2 Ruijie(config-if)# ip dhcp snooping suppression Ruijie(config-if)# end Command Description Related show dhcp View the configuration information of the...
  • Page 759 The following is an example of adding the option82 to the DHCP request packets and changing the VLAN4094 in the option82’s sub-option circuit-id to VLAN93: Ruijie# configure terminal Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip dhcp snooping vlan 4094 information option change-vlan-to vlan 4093 Ruijie(config-if)# end Command Description Related...
  • Page 760 The following is an example of adding the option82 to the DHCP request packets with the content of the sub-option circuit-id being port-name: Ruijie# configure terminal Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip dhcp snooping vlan 4094 information option format-type circuit-id string port-name Ruijie(config-if)# end Command Description...
  • Page 761: Ip Dhcp Snooping Limit Rate

    Note that S86 does not support rate limit of DHCP packets on an interface. The following example sets rate limit of port 1 as 100: Ruijie# configure terminal Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip dhcp snooping limit rate 100 Ruijie(config-if)# end Ruijie# show ip dhcp snooping Switch DHCP snooping status: ENABLE...
  • Page 762: Show Ip Dhcp Snooping

    Privileged EXEC mode. Usage guidelines N/A. Show the information of DHCP Snooping. Ruijie# show ip dhcp snooping Switch DHCP snooping status :ENABLE Verification of hwaddr field status :DISABLE Examples DHCP snooping database write-delay time: 0 seconds DHCP snooping option 82 status: ENABLE...
  • Page 763: Show Ip Dhcp Snooping Binding

    Privileged EXEC mode. Usage N/A. guidelines Show the information of the DHCP Snooping binding database. Ruijie# show ip dhcp snooping binding Examples Total number of bindings: 1 MacAddress IpAddress Lease Type VLAN Interface 00d0.f801.0101 192.168.1.1 - static 1 fastethernet 0/1...
  • Page 764: Debug Ip Dhcp Snooping

    CLI Reference DHCP Snooping Configuration Commands The following example demonstrates how to clear the dynamic database information from the DHCP snooping binding database. Ruijie# clear ip dhcp snooping binding Examples Ruijie# show ip dhcp snooping binding Total number of bindings: 0...
  • Page 765 This command is used to import the flash file information to the DHCP Usage guidelines Snooping database in real time. The following example demonstrates how to import the flash file information Examples to the DHCP Snooping database. Ruijie# renew ip dhcp snooping database Command Description Related commands Platform description This command is supported on all switches.
  • Page 766: Ip Arp Inspection Trust

    To execute this command, enable the DAI function firstly. guidelines The following configuration is to check the ARP message received from VLAN 1. Examples Ruijie(config)# ip arp inspection Ruijie(config)# ip arp inspection vlan 1 Command Description Related show ip arp Show the information of the DAI inspection...
  • Page 767 ARP message received by this interface is legal. The configuration example below sets the gigabitEthernet 0/19 interface as the trusted port. Examples Ruijie(config)# interface gigabitEthernet 0/19 Ruijie(config-if)# ip arp inspection trust Command Description Show related DAI information Related...
  • Page 768 Examples Ruijie(config)# ip arp inspection Ruijie(config)# interface gigabitEthernet 0/2 Ruijie(config-if)# ip arp inspection limit-rate 10 DHCP Snooping Database Related Configuration When the corresponding DAI funciton of the VLAN is enabled and the L2 port which receives the ARP message is configured to be a untrusted port, the validity of the ARP message is needed to check based on the DHCP Snooping database.
  • Page 769: Ip Source Binding

    No static binding user. Command Global configuration mode. mode The following example shows how to configure a static user: Ruijie# configure terminal Ruijie(config)# ip source binding 0000.0000.0001 vlan 1 1.1.1.1 interface FastEthernet 0/1 Ruijie(config)# end Examples Ruijie# show ip source binding MacAddress...
  • Page 770: Ip Verify Source

    Trust port or the port which is not controlled by DHCP Snooping. The following example configures IP Source Guard on fastEthernet 0/1: Ruijie# configure terminal Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip verify source Ruijie(config-if)# end Command Description Related...
  • Page 771: Show Ip Source Binding

    Interface-id corresponding interface. Default configuration N/A. Command Privileged EXEC mode. mode Usage guidelines N/A. Ruijie# show ip source binding static MacAddress IpAddress Lease(sec) Type VLAN Interface ------------- --------- ---------- ---- ---- ------------ Examples 0000.0000.0001 1.0.0.1 infinite static 1 FastEthernet 0/1...
  • Page 772: Show Ip Verify Source

    DHCP Snooping and IP Source Guard is inactive. Active:the interface is the untrusted port ontrolled by DHCP Snooping and IP Source Guard is active. Ruijie # show ip verify source Interface Filter-type Filter-mode Ip-address Mac-address VLAN --------- ----------- ----------- ---------- -------------- ----...
  • Page 773 CLI Reference IPSource Guard Configuration Commands Platform description This command is supported on all switches.
  • Page 774 Usage Guide Configuration The following example shows how to enable the IPv6 ND Snooping function: Ruijie# configure terminal Examples Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# ipv6 nd snooping Related Command Description Commands show ipv6 nd snooping Show the ipv6 nd snooping configurations.
  • Page 775 The following example shows how to set the interface FastEthernet 0/1 as the Trust port: Ruijie# configure terminal Examples Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# interface fastethernet 0/1 Ruijie(config-if)# ipv6 nd snooping trust Related Command Description Commands show ipv6 nd snooping Show the ipv6 nd snooping configurations.
  • Page 776 CLI Reference ND Snooping Configuration Commands...
  • Page 777: Dhcpv6 Snooping Configuration Commands

    DHCPv6 snooping function is enabled. The following is an example of enabling the DHCPv6 snooping Examples function. Ruijie(config)# ipv6 dhcp snooping Command Description Related show ipv6 dhcp View the configuration information...
  • Page 778 DHCPv6 guidelines Snooping binding entries are added to the hardware filtering list. Examples Ruijie(config)# ipv6 dhcp snooping binding-delay 10 Platform description This command is supported on all switches. ipv6 dhcp snooping database write-delay Use this command to configure the switch to write the dynamic user information of the DHCPv6 snooping binding database into the flash periodically.
  • Page 779 CLI Reference DHCPv6 Snooping Configuration Commands writes the user information into the flash as 100s: Ruijie(config)# ip dhcp snooping database write-delay 100 Command Description Related View the configuration information of the show ipv6 dhcp commands DHCPv6 snooping. snooping Platform description This command is supported on all switches.
  • Page 780 The following is an example of filtering all DHCPv6 request packets on the interface fastethernet 0/1: Examples Ruijie(config)# interface fastethernet 0/1 Ruijie(config-if)# ipv6 dhcp snooping filter-dhcp-pkt Platform This command is supported on all switches. description ipv6 dhcp snooping ignore dest-not-found Use this command to ignore the destination port not found.
  • Page 781 MAC address learning delays prompts ”DHCPV6_SNOOPING-5-DEST_NOT_FOUND: Could find destination port. Destination MAC [mac-address]”. Examples Ruijie(config)# ipv6 dhcp snooping ignore dest-not-found Command Description Related show ipv6 dhcp View the configuration information of the commands snooping DHCPv6 snooping.
  • Page 782 CLI Reference DHCPv6 Snooping Configuration Commands Ruijie(config)# ipv6 dhcp snooping information option Ruijie(config)# end Ruijie# show ipv6 dhcp snooping Switch DHCPv6 snooping status :ENABLE DHCPv6 snooping vlan: 1-4094 DHCPv6 snooping database write-delay time: 0 seconds DHCPv6 snooping option 18/37 status: ENABLE...
  • Page 783 The following example adds the option37 remote-id into the DHCPv6 request packets with the content being hostname. Examples Ruijie# configure terminal Ruijie(config)# ipv6 dhcp snooping information option format remote-id hostname Platform description This command is supported on all switches.
  • Page 784: Ipv6 Dhcp Snooping Trust

    The following is an example of setting fastEthernet 0/1 as a trust port: Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ipv6 dhcp snooping trust Command Description Related show ipv6 dhcp View the configuration information of the...
  • Page 785: Ipv6 Dhcp Snooping Vlan

    VLANs by default. guidelines The following example disables the DHCPv6 snooping function in Examples VLAN1. Ruijie(config)# no ipv6 dhcp snooping vlan 1 Platform This command is supported on all switches. description ipv6 dhcp snooping vlan vlan-id information option change-vlan-to vlan 35..1...
  • Page 786 The following example adds the option18 interface-id into the DHCPv6 request packets and changes the VLAN4094 in the option to VLAN4093. Ruijie# configure terminal Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ipv6 dhcp snooping vlan 4094...
  • Page 787 The following example adds the option18 interface-id into the DHCPv6 request packets with the content being port-name. Ruijie# configure terminal Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ipv6 dhcp snooping vlan 4094 information option format-type interface-id string port-name Ruijie(config-if)# end Platform description This command is supported on all switches.
  • Page 788: Ipv6 Verify Source

    The following example shows how to add the static binding entry manually. Examples Ruijie(config)# ipv6 source binding 00d0.f866.4777 vlan 10 2001:2002::2003 interface fastethernet 0/10 Command Description Related View all munually-added static binding...
  • Page 789 DHCPv6 Snooping database in real time. guidelines The following example imports the flash file information to the Examples DHCPv6 Snooping database. Ruijie# renew ipv6 dhcp snooping database Platform description This command is supported on all switches. Showing Related Commands The DHCPv6 Snooping showing related commands include: ...
  • Page 790: Show Ipv6 Dhcp Snooping

    Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show ipv6 dhcp snooping Switch DHCPv6 snooping status :ENABLE DHCPv6 snooping vlan: 1-4094 DHCPv6 snooping database write-delay time: 0 seconds DHCPv6 snooping option 18/37 status: ENABLE Examples DHCPv6 ignore dest-not-found :DISABLE...
  • Page 791 N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. Show the information of the DHCP Snooping binding database. Ruijie# show ipv6 dhcp snooping binding Total number of bindings: 1 Examples Mac Address Ipv6 Address Lease(s) VLAN Interface ------------- ---------- ------- ---- ----------- 00d0.f801.0101 2001::10...
  • Page 792: Show Ipv6 Dhcp Snooping Statistics

    DHCPv6 Snooping Configuration Commands interface_name N/A. Default Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show ipv6 dhcp snooping prefix Total number of prefix: 1 Mac Address IPv6 Prefix Lease(s) VLAN Interface Examples ------------- ---------- ------- ---- ----------- 00d0.f801.0101 2001:2002::/64 42368...
  • Page 793 CLI Reference DHCPv6 Snooping Configuration Commands No binding entry Binding fail Unknown packet Unknown output interface No enough memory Admin filter-dhcpv6-pkt Field Description discarded server Received untrusted response packets on the ports untrust port. The packets that have been relayed once are Relay forward discarded.
  • Page 794: Show Ipv6 Source Binding

    Show the static binding entry. Default N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show ipv6 source binding Total number of bindings: 1 Mac Address Ipv6 Address Lease(s) type Vlan Interface Examples ------------- -------------- -------- ---- ----- 00d0.f866.4777 2001:2002::2003 57 dynamic 10 fa 0/10...
  • Page 795: Clear Ipv6 Dhcp Snooping Binding

    Usage This command is used to clear the generated user information in the guidelines dhcpv6 snooping binding database. Examples Ruijie# clear ipv6 dhcp snooping binding Platform description This command is supported on all switches. clear ipv6 dhcp snooping prefix Use this command to clear all the user information in the dhcpv6 snooping prefix list.
  • Page 796: Clear Ipv6 Dhcp Snooping Statistics

    This command is used to clear the generated user information in the Usage guidelines dhcpv6 snooping prefix list. Examples Ruijie# clear ipv6 dhcp snooping prefix Platform This command is supported on all switches. description clear ipv6 dhcp snooping statistics Use this command to clear the statistical information of the dhcpv6 packets.
  • Page 797 CLI Reference DHCPv6 Snooping Configuration Commands Examples Ruijie# clear ipv6 dhcp snooping statistics Platform description This command is supported on all switches. debug ipv6 dhcp snooping Use this command to trurn on the debugging switch of the DHCPv6 snooping. debug ipv6 dhcp snooping {event | packet}...
  • Page 798 IP address for the gateway. Disabled. Default Command mode Interface configuration mode. Usage guidelines Use the show anti-arp-spoofing command to view the configuration. Ruijie(config)#interface fastEthernet 0/1 Examples Ruijie(config-if)#anti-arp-spoofing ip 192.168.1.1 Command Description Related View anti-arp-spoofing show commands anti-arp-spoofing information on all interfaces.
  • Page 799 CLI Reference Anti-arp-spoofing Configuration Commands Command Description Related anti-arp-spoofing commands Configure the anti-arp-spoofing.
  • Page 800 The default traffic bandwidths of each type of packets are: Manage packets: 3000pps; Default Route packets: 3000pps; Protocol packets: 3000pps. Command Global configuration mode. mode Ruijie(config)# cpu-protect sub-interface manage pps 200 Examples Command Description cpu-protect Related sub-interface Configure the percent value of each...
  • Page 801 The default percent values of each type of packets occupied in the buffer area are: Manage packets: 30; Default Route packets: 20; Protocol packets: 45. Command mode Global configuration mode. Ruijie(config)# cpu-protect sub-interface manage Examples percent 60 Command Description cpu-protect Related sub-interface Configure the traffic bandwidth of...
  • Page 802 NFPP configuration mode. Usage The attack threshold shall be equal to or greater than the guidelines rate-limit threshold. Ruijie(config)# nfpp Ruijie(config-nfpp)# arp-guard attack-threshold per-src-ip 2 Examples Ruijie(config-nfpp)# arp-guard attack-threshold per-src-mac 3 Ruijie(config-nfpp)# arp-guard attack-threshold per-port 50 Command Description nfpp...
  • Page 803 Settings The default isolate time is 0, which means no isolation. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# arp-guard isolate-period 180 Command Description nfpp arp-guard Set the isolate time on the Related isolate-period interface. commands show nfpp arp-guard summary Show the configurations.
  • Page 804 If the isolate period has changed to be 0, the attackers on the interface will be removed rather than being monitored by the software. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# arp-guard monitor-period 180 Command Description show nfpp arp-guard summary Show the configurations.
  • Page 805 NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit remind the administrator. of 1000 monitored hosts.to Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# arp-guard monitored-host-limit 200 Command Description Related show nfpp arp-guard commands summary Show the configurations. arp-guard rate-limit Use this command to set the arp guard rate limit.
  • Page 806 Settings 4pps; the default rate limit for each port is 100pps. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# arp-guard rate-limit per-src-ip 2 Examples Ruijie(config-nfpp)# arp-guard rate-limit per-src-mac 3 Ruijie(config-nfpp)# arp-guard rate-limit per-port 50 Command Description nfpp arp-guard...
  • Page 807 IP address is uncertain; the source MAC and IP address for the link layer is constant while the destination IP address is uncertain. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# arp-guard scan-threshold 20 Command Description nfpp arp-guard Set the scan threshold on the scan-threshold port.
  • Page 808 NFPP Configuration Commands Command mode Privileged EXEC mode. Usage Use this command without the parameter to clear all guidelines monitored hosts. Ruijie# clear nfpp arp-guard hosts vlan 1 interface g0/1 Examples Command Description arp-guard Set the global attack threshold. attack-threshold nfpp...
  • Page 809 The anti-ARP attack function is not enabled on the interface. Command mode Interface configuration mode. Usage The interface anti-ARP attack configuration is prior to the guidelines global configuration. Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp arp-guard enable Command Description Related Enable anti-ARP attack commands arp-guard enable function.
  • Page 810 Settings By default, the isolate period is not configured. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp arp-guard isolate-period 180 Command Description arp-guard Set the global isolate period. Related isolate-period commands show nfpp Show the configurations.
  • Page 811 The attack threshold value shall be equal to or greater guidelines than the rate-limit threshold. Ruijie(config)# interface G 0/1 Ruijie(config-if)# nfpp arp-guard policy per-src-ip 2 10 Examples Ruijie(config-if)# nfpp arp-guard policy per-src-mac 3 10 Ruijie(config-if)# nfpp arp-guard policy per-port 50 100...
  • Page 812 Set the scan threshold with the valid description pkt-cnt range of [1, 9999]. Default Settings By default, the sport-based scan threshold is not configured. Command Interface configuration mode. mode Usage guidelines Ruijie(config)# interface G 0/1 Examples Ruijie(config-if)# nfpp arp-guard scan-threshold 20 Command Description Related...
  • Page 813 By default, the attack threshold for each source MAC address is Default Settings 10pps; and the attack threshold for each port is 300pps. Command mode NFPP configuration mode. Usage guidelines N/A. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcp-guard attack-threshold per-src-mac 15 Ruijie(config-nfpp)# dhcp-guard attack-threshold per-port 200 Command Description Related...
  • Page 814 Disabled Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcp-guard enable dhcp-guard isolate-period Use this command to set the isolate time globally. dhcp-guard isolate-period {seconds | permanent} Parameter Description seconds Set the isolate time, in seconds. The Parameter valid range is 0, or [30, 86400].
  • Page 815 Usage set based on the interface, the global value shall be guidelines adopted; or the interface-based isolate period shall be adopted. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcp-guard isolate-period 180 Command Description nfpp dhcp-guard Set the isolate time on the Related isolate-period interface.
  • Page 816 If the isolate period has changed to be 0, the attackers on the interface will be removed rather than being monitored by the software. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcp-guard monitor-period 180 Command Description show nfpp dhcp-guard summary Show the configurations.
  • Page 817 The default rate limit for each source MAC address is 5pps; the Default Settings default rate limit for each port is 150pps. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# dhcp-guard rate-limit per-src-mac 8 Examples Ruijie(config-nfpp)# dhcp-guard rate-limit per-port 100...
  • Page 818 N/A. Command mode Privileged EXEC mode. Usage Use this command without the parameter to clear all guidelines monitored hosts. Ruijie# clear nfpp dhcp-guard hosts vlan 1 interface g0/1 Examples Command Description dhcp-guard Set the global attack threshold. attack-threshold Related nfpp...
  • Page 819 The DHCP anti-attack function is not enabled on the interface. Command Interface configuration mode. mode Usage The interface DHCP anti- attack configuration is prior to guidelines the global configuration. Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp dhcp-guard enable Command Description Enable anti-ARP attack dhcp-guard enable function. Related commands...
  • Page 820 Settings By default, the isolate period is not configured. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp dhcp-guard isolate-period 180 Command Description dhcp-guard Set the global isolate period. Related isolate-period commands show nfpp Show the configurations.
  • Page 821 Interface configuration mode. Usage The attack threshold value shall be equal to or greater guidelines than the rate-limit threshold. Ruijie(config)# interface G 0/1 Ruijie(config-if)# nfpp dhcp-guard policy per-src-mac 3 10 Examples Ruijie(config-if)# nfpp dhcp-guard policy per-port 50 100 Command Description dhcp...
  • Page 822 10pps; and the attack threshold for each port is 300pps. Command mode NFPP configuration mode. Usage guidelines N/A. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-src-mac 15 Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-port 200 Command Description nfpp dhcpv6-g Show the rate-limit threshold uard and attack threshold.
  • Page 823 Settings Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcpv6-guard enable dhcpv6-guard isolate-period Use this command to set the isolate time globally. dhcpv6-guard isolate-period {seconds | permanent} Parameter Description seconds Set the isolate time, in seconds. The Parameter valid range is 0, or [30, 86400].
  • Page 824 CLI Reference NFPP Configuration Commands adopted; or the interface-based isolate period shall be adopted. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcpv6-guard isolate-period 180 Command Description nfpp dhcpv6-guard Set the isolate time on the Related isolate-period interface. commands show nfpp dhcpv6-guard summary Show the configurations.
  • Page 825 CLI Reference NFPP Configuration Commands Ruijie(config-nfpp)# dhcpv6-guard monitor-period 180 Command Description show nfpp dhcpv6-guard summary Show the configurations. Related commands show nfpp  dhcpv6-guard hosts Show the monitored host list. clear nfpp  dhcpv6-guard hosts Clear the isolated host. dhcpv6-guard monitored-host-limit Use this command to set the maxmum monitored host number.
  • Page 826 Settings default rate limit for each port is 150pps. Command NFPP configuration mode. mode Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-src-mac 8 Examples Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-port 100 Command Description nfpp dhcpv6-guard Set the rate limit and the policy attack threshold.
  • Page 827 N/A. Command mode Privileged EXEC mode. Usage Use this command without the parameter to clear all guidelines monitored hosts. Ruijie# clear nfpp dhcpv6-guard hosts vlan 1 interface g0/1 Examples Command Description dhcpv6-guard Set the global attack threshold. attack-threshold nfpp dhcp...
  • Page 828 The DHCPv6 anti-attack function is not enabled on the interface. Command mode Interface configuration mode. The interface DHCPv6 anti- attack configuration is prior to Usage the global configuration. guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp dhcpv6-guard enable Command Description dhcpv6-guard Enable anti-ARP attack enable function. Related...
  • Page 829 Default Settings By default, the isolate period is not configured. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp dhcpv6-guard isolate-period 180 Command Description dhcpv6-guard Set the global isolate period. Related isolate-period commands show nfpp dhcpv6-guard Show the configurations.
  • Page 830 Interface configuration mode. Usage The attack threshold value shall be equal to or greater guidelines than the rate-limit threshold. Ruijie(config)# interface G 0/1 Ruijie(config-if)# nfpp dhcpv6-guard policy per-src-mac 3 10 Examples Ruijie(config-if)# nfpp dhcpv6-guard policy per-port 50 100 Command Description dhcp...
  • Page 831 Command mode NFPP configuration mode. Usage guidelines N/A. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# icmp-guard attack-threshold per-src-ip 600 Ruijie(config-nfpp)# icmp-guard attack-threshold per-port 1200 Command Description nfpp Show the rate-limit threshold icmp-guar and attack threshold. d policy...
  • Page 832 CLI Reference NFPP Configuration Commands Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# icmp-guard enable Command Description Enable the ICMP anti-attack  Related nffp icmp-guard enable function on the interface. commands show nfpp icmp-guard  summary Show the configurations.
  • Page 833 CLI Reference NFPP Configuration Commands Ruijie(config-nfpp)# icmp-guard isolate-period 180 Command Description nfpp icmp-guard Set the isolate time on the Related isolate-period interface. commands show nfpp icmp-guard summary Show the configurations. icmp-guard monitor-period Use this command to configure the monitor time.
  • Page 834 When the maximum monitored host number has been exceeded, prompts message that NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit remind the administrator. of 1000 monitored hosts.to Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# icmp-guard monitored-host-limit 200 Command Description Related show nfpp icmp-guard commands summary Show the configurations.
  • Page 835 Settings For the S2600G-I series, the default value is 400. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# icmp-guard rate-limit per-src-ip 500 Examples Ruijie(config-nfpp)# icmp-guard rate-limit per-port 800 Command Description nfpp icmp-guard Set the rate limit and the...
  • Page 836 Usage warning configuration. Configure the mask to set all hosts guidelines in one network segment free from monitoring. UP to 500 trusted hosts are supported. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# icmp-guard trusted-host 1.1.1.0 255.255.255.0 Command Description nfpp Related icmp commands Show the configurations.
  • Page 837 N/A. Command mode Privileged EXEC mode. Usage Use this command without the parameter to clear all guidelines monitored hosts. Ruijie# clear nfpp icmp-guard hosts vlan 1 interface g0/1 Examples Command Description icmp-guard Set the global attack threshold. attack-threshold nfpp icmp...
  • Page 838 NFPP Configuration Commands Command mode Interface configuration mode. Usage The interface ICMP anti- attack configuration is prior to the guidelines global configuration. Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp icmp-guard enable Command Description Enable anti-ARP attack icmp-guard enable function. Related commands...
  • Page 839 CLI Reference NFPP Configuration Commands guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp icmp-guard isolate-period 180 Command Description icmp-guard Set the global isolate period. Related isolate-period commands show nfpp icmp-guard Show the configurations. summary nfpp icmp-guard policy Use this command to set the rate-limit threshold and the attack threshold.
  • Page 840 CLI Reference NFPP Configuration Commands Ruijie(config)# interface G 0/1 Ruijie(config-if)# nfpp icmp-guard policy per-src-ip 5 10 Examples Ruijie(config-if)# nfpp icmp-guard policy per-port 100 200 Command Description icmp -guar attac Set the global attack threshold. k-thr esho icmp -guar Related Set the global rate-limit threshold.
  • Page 841 NFPP configuration mode. Usage The attack threshold shall be equal to or larger than the guidelines rate-limit threshold. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# ip-guard attack-threshold per-src-ip 2 Ruijie(config-nfpp)# ip-guard attack-threshold per-port 50 Command Description nfpp Show the rate-limit threshold ip-guard policy and attack threshold.
  • Page 842 Set the isolate time, in seconds. The Parameter valid range is 0, or [30, 86400]. description permanent Permanent isolation. Default Settings The default isolate time is 0, which means no isolation. Command mode NFPP configuration mode. Usage guidelines N/A. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# ip-guard isolate-period 180...
  • Page 843  If the isolate period has changed to be 0, the attackers on the interface will be removed rather than being monitored by the software. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# ip-guard monitor-period 180 Command Description show nfpp ip-guard Related summary Show the configurations.
  • Page 844 When the maximum monitored host number has been exceeded, prompts message that NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit remind the administrator. of 1000 monitored hosts.to Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# ip-guard monitored-host-limit 200 Command Description Related show nfpp ip-guard commands summary Show the configurations.
  • Page 845 Settings each port is 20pps and 100pps respectively. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# ip-guard rate-limit per-src-ip 2 Examples Ruijie(config-nfpp)# ip-guard rate-limit per-port 50 Command Description Set the rate limit and the Related nfpp ip-guard policy attack threshold.
  • Page 846 The default scan threshold is 100, in 10 seconds. Command mode NFPP configuration mode. Usage guidelines N/A. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# ip-guard scan-threshold 20 Command Description nfpp ip-guard Set the scan threshold on the Related scan-threshold port. commands show nfpp ip-guard Show the configurations.
  • Page 847 Set the interface name and number. ip-address Set the IP address. Default Settings N/A. Command mode Privileged EXEC mode. Usage Use this command without the parameter to clear all monitored hosts. guidelines Ruijie# clear nfpp ip-guard hosts vlan 1 interface g0/1 Examples...
  • Page 848 The IP anti-scan function is not enabled on the interface. Command mode Interface configuration mode. The interface IP anti-scan configuration is prior to the Usage global configuration. guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp ip-guard enable Command Description Related Enable anti-ARP attack commands ip-guard enable function.
  • Page 849 Settings By default, the isolate period is not configured. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp ip-guard isolate-period 180 Command Description ip-guard Related Set the global isolate period. isolate-period commands show nfpp Show the configurations.
  • Page 850 Interface configuration mode. Usage The attack threshold value shall be equal to or greater guidelines than the rate-limit threshold. Ruijie(config)# interface G 0/1 Ruijie(config-if)# nfpp ip-guard policy per-src-ip 2 10 Examples Ruijie(config-if)# nfpp ip-guard policy per-port 50 100 Command Description ip-gu attac Set the global attack threshold.
  • Page 851 Settings By default, the sport-based scan threshold is not configured. Command Interface configuration mode. mode Usage guidelines Ruijie(config)# interface G 0/1 Examples Ruijie(config-if)# nfpp ip-guard scan-threshold 20 Command Description ip-gu attac Related Set the global attack threshold. k-thr commands esho show nfpp Show the configurations.
  • Page 852 NFPP configuration mode. The attack threshold shall be equal to or larger than the Usage guidelines rate-limit threshold. Ruijie(config)# nfpp Ruijie(config-nfpp)# nd-guard attack-threshold per-port ns-na 20 Examples Ruijie(config-nfpp)# nd-guard attack-threshold per-port rs 10 Ruijie(config-nfpp)# nd-guard attack-threshold per-port ra-redirect 10 Command...
  • Page 853 Parameter description Default Enabled Settings Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# nd-guard enable Command Description Enable the ND anti-attack  Related nffp nd-guard enable function on the interface. commands show nfpp nd-guard  summary Show the configurations.
  • Page 854 Settings Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# nd-guard rate-limit per-port ns-na 10 Examples Ruijie(config-nfpp)# nd-guard rate-limit per-port rs 5 Ruijie(config-nfpp)# nd-guard rate-limit per-port ra-redirect 5 Command Description Set the rate limit and the nfpp nd-guard policy Related attack threshold.
  • Page 855 CLI Reference NFPP Configuration Commands guidelines global configuration. Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp nd-guard enable Command Description Enable anti- attack nd-guard enable function. Related commands nfpp Show the configurations. nd-g uard mary nfpp nd-guard policy Use this command to set the rate-limit threshold and the attack threshold.
  • Page 856 800pps and 900pps respectively. Ruijie(config)# interface G 0/1 Ruijie(config-if)# nfpp nd-guard policy per-port ns-na 50 100 Examples Ruijie(config-if)# nfpp nd-guard policy per-port rs 10 20 Ruijie(config-if)# nfpp nd-guard policy per-port ra-redirect 10 20...
  • Page 857 Privileged EXEC mode. Usage Use this command without the parameter to clear all guidelines monitored hosts. Examples Ruijie# clear nfpp define tcp hosts vlan 1 interface g 0/1 Command Description Related commands show nfpp define hosts Show the isolated hosts.
  • Page 858 Settings Command mode NFPP configuration mode. This command takes effect only after the match, rate-out, Usage guidelines rate-limit and attack-threshold have been configured. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)#define tcp enable Command Description Related show nfpp define  Show user-defined commands summary...
  • Page 859 CLI Reference NFPP Configuration Commands guidelines exceeding the attack threshold will be isolated and the packets sent by this host will be discarded. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# nfpp define tcp Ruijie(config-nfpp-define)#isolate-period permanent Command Description Related show nfpp define Show user-defined...
  • Page 860 Use this command to create a new user-defined Usage anti-attack type and specify the message fileds to be guidelines matched. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# nfpp define tcp Ruijie(config-nfpp-define)#match etype 0x0800 protocol 0x06 Command Description Related show nfpp define  Show...
  • Page 861 When the maximum monitored host number has been exceeded, prompts message that NFPP_DEFINE-4-SESSION_LIMIT: Attempt to exceed limit of . to remind the administrator. name’s 1000 monitored hosts Ruijie(config)# nfpp Ruijie(config-nfpp)# nfpp define tcp Examples Ruijie(config-nfpp-define)#monitored-host-limit 500 Command Description Related show nfpp define...
  • Page 862 0.  If the isolate period has changed to be 0, the attackers on the interface will be removed rather than being monitored by the software. Ruijie(config)# nfpp Ruijie(config-nfpp)# nfpp define tcp Examples Ruijie(config-nfpp-define)#monitor-period 1000 Command Description Related show...
  • Page 863 CLI Reference NFPP Configuration Commands Command Description Related show nfpp define Show user-defined commands summary anti-attack configurations trusted-host Use this command to set the trusted hosts free form monitoring. trusted-host {mac mac_mask | ip mask | IPv6/prefixlen} no trusted-host {all | ip mask | IPv6/prefixlen } Parameter Description Set the IP address.
  • Page 864 CLI Reference NFPP Configuration Commands trusted addresses are not allowed. Ruijie(config)# nfpp Ruijie(config-nfpp)# define tcp Examples Ruijie(config-nfpp-define)#trusted-host 1.1.1.1 255.255.255.255 Command Description Related nfpp Show trusted host defin commands configurations. trust ed-h global-policy Use this command to set the rate-limit threshold and attack threshold based on the host or port.
  • Page 865 For the classification based on the user, the user will be isolated according to the isolate period. Ruijie(config)# nfpp Ruijie(config-nfpp)# nfpp define tcp Examples Ruijie(config-nfpp-define)# global-policy per-src-ip 10 20 Ruijie(config-nfpp-define)# global-policy per-port 100 200 Command Description nfpp defin...
  • Page 866 This command takes effect only after the name of the Usage user-defined anti-attack and the match, rate-count, guidelines rate-limit and the attack-threshold have been configured. Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp define tcp enable Command Description Related nfpp Show the user-defined anti-attack commands...
  • Page 867 By default, the rate-limit threshold and the attack threshold are not Settings configured. Command Interface configuration mode. mode Usage The attack threshold value shall be equal to or greater guidelines than the rate-limit threshold. Ruijie(config)# interface G 0/1 Examples Ruijie(config-if)# nfpp define tcp policy per-src-ip 2 10...
  • Page 868 CLI Reference NFPP Configuration Commands Ruijie(config-if)# nfpp define tcp policy per-port 50 100 Command Description defin Set the global rate-limit threshold Related e-pol and attack threshold. commands show nfpp define Show the user-defined anti-attack summary configurations.
  • Page 869 Parameter Description Parameter description Default Settings Command mode Privileged EXEC mode. Usage guidelines Ruijie# clear nfpp log Examples 32 log-buffer entries were cleared. Command Description Related Show NFPP commands show nfpp log configurations or the log buffer area.
  • Page 870 CLI Reference NFPP Configuration Commands Default Settings 256. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# log-buffer entries 50 Command Description Related...
  • Page 871 CLI Reference NFPP Configuration Commands commands...
  • Page 872 CLI Reference NFPP Configuration Commands...
  • Page 873 By default, the number_of_message is 1 and the length_in_seconds Settings is 30. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# log-buffer logs 2 interval 12 Command Description Related Set the NFPP log buffer log-buffer ent commands ries number area size.
  • Page 874 VLAN 1,VLAN 2,VLAN 3 and VLAN 5 only: Ruijie(config)# nfpp Ruijie(config-nfpp)# logging vlan 1-3,5 Examples The following example shows the administrator how to record the logs on the interface GigabitEthernet 0/1 only: Ruijie(config)# nfpp Ruijie(config-nfpp)# logging interface G 0/1 Command Description Related Show NFPP nfpp...
  • Page 875 Syslog rate : 1 entry per 2 seconds Logging: VLAN 1-3, 5 Examples interface Gi 0/1 interface Gi 0/2 The following example shows the log number in the buffer area: Ruijie#show nfpp log buffer statistics There are 6 logs in buffer.
  • Page 876 CLI Reference NFPP Configuration Commands The following example shows the NFPP log buffer area: Ruijie#show nfpp log buffer Protocol VLAN Interface IP address MAC address Reason Timestamp ------- ---- -------- --------- ----------- ------ --------- Gi0/1 1.1.1.1 2009-0 5-30 16:23:10 Gi0/1 1.1.1.1...
  • Page 877 N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. The following example shows the statistical information of the monitored host: Ruijie# show nfpp arp-guard hosts statistics success fail total ------- ---- ----- The following example shows the monitored host: Examples Ruijie# show nfpp arp-guard hosts If column 1 shows '*', it means "hardware do not isolate user"...
  • Page 878 IP address MAC address timestamp ---- -------- ---------- ----------- --------- Gi0/1 0000.0000.0001 2008-01-23 16:23:10 Gi0/2 1.1.1.1 0000.0000.0002 2008-01-23 Examples 16:24:10 Gi0/3 0000.0000.0003 2008-01-23 16:25:10 Gi0/4 0000.0000.0004 2008-01-23 16:26:10 Total:4 record(s) Ruijie# show nfpp arp-guard scan vlan 1 interface G 0/1 0000.0000.0001...
  • Page 879 Default N/A. Settings Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show nfpp arp-guard summary Format of column Rate-limit and Attack-threshold is per-src-ip /per-src-mac/per-port. Interface Status Isolate-period Rate-limit Attack-threshold Sc an-threshold Examples Global Enable 300 4/5/60 8/10/100 Gi 0/1...
  • Page 880 CLI Reference NFPP Configuration Commands Maximum count of monitored hosts: 1000 Monitor period:300s Field Description Interface(Global) Global configuration Status Enable/Disable anti-attack function. Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit threshold for the source MAC address/ the rate-limit threshold for the port Attack-threshold...
  • Page 881 N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. The following example shows the statistical information of the monitored host: Ruijie# show nfpp dhcp-guard hosts statistics success fail total ------- ---- ----- Examples The following example shows the monitored host: Ruijie# show nfpp dhcp-guard hosts If column 1 shows '*', it means "hardware failed to isolate host".
  • Page 882 Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show nfpp dhcp-guard summary Format of column Rate-limit and Attack-threshold is per-src-ip/ per-src-mac/per-port. Interface Status Isolate-period Rate-limit Attack-threshold Global Enable 300 -/5/150 -/10/300 Gi 0/1 Enable 180...
  • Page 883 CLI Reference NFPP Configuration Commands Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit threshold for the source MAC address/ the rate-limit threshold for the port Attack-threshold In the same format as the rate-limit. No configuration.
  • Page 884 N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. The following example shows the statistical information of the monitored host: Ruijie# show nfpp dhcpv6-guard hosts statistics success fail total ------- ---- ----- The following example shows the monitored host: Examples Ruijie# show nfpp dhcpv6-guard hosts If column 1 shows '*', it means "hardware failed to isolate host".
  • Page 885 Default Settings N/A. Command mode Privileged EXEC mode. Usage N/A. guidelines Ruijie# show nfpp dhcpv6-guard summary Format of column Rate-limit and Attack-threshold is per-src-ip/ per-src-mac/per-port. Interface Status Isolate-period Rate-limit Attack-threshold Global Enable 300 -/5/150 -/10/300 Gi 0/1 Enable 180...
  • Page 886 CLI Reference NFPP Configuration Commands commands dhcpv6-guard Set the global attack threshold. attack-threshold Enable the DHCPv6 anti-attack dhcpv6-guard function. enable dhcpv6-guard Set the global isolate time. isolate-period dhcpv6-guard Set the monitor period. monitor-period dhcpv6-guard Set the maximum number of the monitored-host-li monitored hosts.
  • Page 887 NFPP Configuration Commands Command mode Privileged EXEC mode. Usage guidelines N/A. The following example shows the statistical information of the monitored host: Ruijie# show nfpp icmp-guard hosts statistics success fail total ------- ---- ----- The following example shows the monitored host: Examples Ruijie# show nfpp icmp-guard hosts If column 1 shows '*', it means "hardware failed to isolate host".
  • Page 888 CLI Reference NFPP Configuration Commands Usage guidelines N/A. Ruijie# show nfpp icmp-guard summary Format of column Rate-limit and Attack-threshold is per-src-ip/ per-src-mac/per-port. Interface Status Isolate-period Rate-limit Attack-threshold Global Enable 300 4/-/60 8/-/100 Gi 0/1 Enable 180 5/-/- 8/-/- Gi 0/2...
  • Page 889 Parameter Description Parameter description Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show nfpp icmp-guard trusted-host IP address mask --------- ------ Examples 1.1.1.0 255.255.255.0 1.1.2.0 255.255.255.0 Total:2 record(s) Command Description Related icmp-guard commands Set the trusted host.
  • Page 890 N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. The following example shows the statistical information of the monitored host: Ruijie# show nfpp ip-guard hosts statistics success fail total ------- ---- ----- Examples Ruijie#show nfpp ip-guard hosts If column 1 shows '*', it means "hardware do not isolate host" .
  • Page 891 Parameter Description Parameter description Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show nfpp ip-guard summary Format column Rate-limit Attack-threshold per-src-ip/per-src-mac/per-port. Interface Status Isolate-period Rate-limit Attack-threshold Scan -threshold Global Enable 300 4/-/60 8/-/100 Gi 0/1 Enable 180...
  • Page 892 CLI Reference NFPP Configuration Commands the rate-limit threshold for the source MAC address/ the rate-limit threshold for the port Attack-threshold In the same format as the rate-limit. No configuration. Command Description ip-guard Set the global attack threshold. attack-threshold ip-guard enable Enable the IP anti-scan function.
  • Page 893 CLI Reference NFPP Configuration Commands Usage guidelines N/A. Ruijie# show nfpp ip-guard trusted-host IP address mask --------- ------ Examples 1.1.1.0 255.255.255.0 1.1.2.0 255.255.255.0 Total:2 record(s) Command Description Related ip-guard commands Set the trusted host. trusted-host show nfpp nd-guard trusted-host Use this command to show the configurations.
  • Page 894 CLI Reference NFPP Configuration Commands Field Description Interface(Global) Global configuration Status Enable/Disable anti-attack function. Rate-limit In the format of the rate-limit threshold NS-NA/RS/RA-REDIRECT. Attack-threshold In the same format as the rate-limit. No configuration. Command Description nd-guard Set the global attack threshold. attack-threshold Enable anti-attack...
  • Page 895 NFPP Configuration Commands Command mode Privileged EXEC mode. Usage This command allows filtering the hosts with parameters guidelines specified. Ruijie#show nfpp define hosts tcp statistics Define tcp: success fail total ------- ---- ----- The command execution as shown below means that there are 120 hosts monitored totally, wherein 100 hosts are isolated successfully, and 20 hosts fails.
  • Page 896 This command can be used to show the configurations. Usage Without the name specified, all user-defined anti-attack guidelines types will be shown. Ruijie# show nfpp define summary tcp Define tcp summary: match etype 0x0800 protocol 0x06 Maximum count of monitored hosts: 1000 Monitor period:300s Format of column Rate-limit and Attack-threshold is per-src-ip /per-src-mac/per-port.
  • Page 897 Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines The following example shows the trusted host configurations. Ruijie# show nfpp define trusted-host tcp Define tcp: IP address mask Examples --------- ------ 1.1.1.0 255.255.255.0 1.1.2.0 255.255.255.0 Total:2 record(s)
  • Page 898 CLI Reference NFPP Configuration Commands Default Settings N/A. Command mode Interface configuration mode. Usage guidelines Examples Note: Use the language {Chinese| English} command in the privileged EXEC mode to switchover the Chinese/English interface. Command Description Related commands nfpp arp-guard policy help Use this command to show the example information of the command beginning with the nfpp arp-guard policy in the interface configuration mode.
  • Page 899 CLI Reference NFPP Configuration Commands Command mode Interface configuration mode. Usage guidelines Examples Note: Use the language {Chinese| English} command in the privileged EXEC mode to switchover the Chinese/English interface. Command Description Related commands nfpp help Use this command to show the example information of the command beginning with the nfpp in the interface configuration mode.
  • Page 900 CLI Reference NFPP Configuration Commands Usage guidelines Examples Note: Use the language {Chinese| English} command in the privileged EXEC mode to switchover the Chinese/English interface. Command Description Related commands Show typical NFPP nfpp help configuration.
  • Page 901 CLI Reference NFPP Configuration Commands...
  • Page 902 ACL&QOS Configuration Commands 1. ACL Configuration Commands 2. QoS Configuration Commands...
  • Page 903: Acl Configuration Commands

    CLI Reference Guide ACL Configuration Commands ACL Configuration Commands command ID table For IDs used in the following commands, refer to the command ID table below: Meaning Number of access list. Range: Standard IP ACL: 1 to 99, 1300 to 1999 Extended IP ACL: 100 to 199,2000 to 2699 Extended MAC ACL: 700 to 799 Extended expert ACL: 2700 to 2899...
  • Page 904 CLI Reference Guide ACL Configuration Commands precedence Packet precedence value (0 to 7) range The layer 4 port number range of the packet. time-range tm-rng-name Time range of packet filtering, named tm-rng-name Type of service (0 to 15) Class of service (0-7) cos inner cos COS of the packet tag icmp-type...
  • Page 905 CLI Reference Guide ACL Configuration Commands VLAN tag field Source IP address DSAP (Destination Service Destination IP address Access Point) field SSAP (Source Service Access TCP soure port Point) field Ctrl field TCP destination port Org Code field Sequence number Encapsulated data type Confirmation field IP header length and...
  • Page 906 CLI Reference Guide ACL Configuration Commands upper] [time-range time-range-name] Extended expert ACLs of some important protocols: Internet Control Message Protocol (ICMP) access-list id {deny | permit} icmp [VID [out][inner in]] {source source-wildcard | host source | any} {host source-mac-address | any } {destination destination-wildcard | host destination | any} {host destination-mac-address | any} [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ] [precedence precedence] [tos tos] [fragment] [time-range time-range-name] Transmission Control Protocol (TCP)
  • Page 907 CLI Reference Guide ACL Configuration Commands Specify type of service. ToS value (0 to 15) icmp-type ICMP message type (0 to 255) icmp-code ICMP message type code (0 to 255) icmp-message ICMP message type name operator Operator (lt-smaller, eq-equal, gt-greater, neq-unequal, range-range) Port number;...
  • Page 908 CLI Reference Guide ACL Configuration Commands  flash  flash-override  immediate  internet  network  priority  routine The service types are as below:  max-reliability  max-throughput  min-delay  min-monetary-cost  normal The ICMP message types are as below: ...
  • Page 909 CLI Reference Guide ACL Configuration Commands  precedence-unreachable  protocol-unreachable  redirect  device-advertisement  device-solicitation  source-quench  source-route-failed  time-exceeded  timestamp-reply  timestamp-request  ttl-exceeded  unreachable The TCP ports are as follows. A port can be specified by port name and port number: ...
  • Page 910 CLI Reference Guide ACL Configuration Commands  whois  The UDP ports are as follows. A UDP port can be specified by port name and port number.  biff  bootpc  bootps  discard  dnsix  domain  echo ...
  • Page 911 2. Example of the extended IP ACL The following extended IP ACL allows the DNS messages and ICMP messages to pass: Ruijie(config)#access-list 102 permit tcp any any eq domain log Ruijie(config)#access-list 102 permit udp any any eq domain log Ruijie(config)#access-list 102 permit icmp any any echo log Ruijie(config)#access-list 102 permit icmp any any echo-reply 3.
  • Page 912 20 deny tcp any any eq login any any (33455 matches) 30 permit tcp any any host 192.168.6.9 any (10 matches) Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# clear expert access-list counters 2700 Ruijie(config)# end Ruijie #show access-lists 2700 expert access-list extended 2700 10 permit ip VID 4 host 192.168.3.55 any host 192.168.99.6 any...
  • Page 913 40 permit tcp host 192.168.21.59 any eq ftp log 50 permit ip host 192.168.21.59 any log Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# clear ip access-list counters 101 Ruijie(config)# end Ruijie #show access-lists 101 ip access-list extended 10 deny ip any host 11.1.1.2 log...
  • Page 914 ::192.168.4.12 any log (100 matches) deny any any log (9 matches) Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# clear ipv6 access-list counters v6-list Ruijie(config)# end Ruijie #show access-lists v6-list ipv6 access-list extended v6-list petmit ipv6 ::192.168.4.12 any log...
  • Page 915 10 permit host 0023.56ac.8965 any arp (1985 matches) 20 deny any any etype-any cos 6 (459678 matches) Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# clear mac access-list counters 700 Ruijie(config)# end Ruijie #show access-lists 700 mac access-list extended mac-acl 10 permit host 0023.56ac.8965 any arp...
  • Page 916 CLI Reference Guide ACL Configuration Commands [sn] deny protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ log ] Extended IP ACLs of some important protocols: Internet Control Message Prot (ICMP) [sn] deny icmp {source source-wildcard | host source | any} {destination destination-wildcard | host destination | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-message]] [precedence precedence] [tos tos] [fragment] [time-range time-range-name] Transmission Control Protocol (TCP)
  • Page 917 CLI Reference Guide ACL Configuration Commands source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination | any}{host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] Address Resolution Protocol (ARP) [sn] deny arp {vid vlan-id}[ source-mac-address source-wildcard |host source-mac-address | any] [host destination –mac-address | any] {sender-ip sender-ip–wildcard | host sender-ip | any} {sender-mac sender-mac-wildcard | host sender-mac | any} {target-ip target-ip–wildcard | host...
  • Page 918 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to Interface gigabitethernet 1/1. The configuration procedure is as below: Ruijie(config)# ip access-list extended ip-ext-acl Ruijie(config-ext-nacl)# deny tcp host 192.168.4.12 eq 100 any Ruijie(config-ext-nacl)# show access-lists ip access-list extended ip-ext-acl 10 deny tcp host 192.168.4.12 eq 100 any...
  • Page 919 This example shows how to use the extended IPV6 ACL. The purpose is to deny the host with the IP address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1. The configuration procedure is as below: Ruijie(config)#ipv6 access-list extended v6-acl Ruijie(config-ipv6-nacl)#11 deny ipv6 host 192.168.4.12 any Ruijie(config-ipv6-nacl)#show access-lists ipv6 access-list extended v6-acl 11 deny ipv6 host 192.168.4.12 any...
  • Page 920 Use the show access-group command to view the setting. Configuration The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit interface 0/1: Examples Ruijie(config)# interface GigaEthernet 0/1 Ruijie(config-if)# expert access-group accept_00d0f8xxxxxx_only in Related Command...
  • Page 921 Use show access-lists to display the ACL configurations. Create an extended expert ACL: Configuration Ruijie(config)# expert access-list extended exp-acl Examples Ruijie(config-exp-nacl)# show access-lists expert access-list extended exp-acl Ruijie(config-exp-nacl)# Create an extended expert ACL: Ruijie(config)# expert access-list extended 2704 Ruijie(config-exp-nacl)# show access-lists access-list extended 2704...
  • Page 922 Usage Guide Use the show expert access-lists command to view the configuration of this command. Configuration Example 1 enables the packet matching counter of the extended expert ACL: Ruijie(config)# expert access-list counter exp-acl Examples Ruijie(config)# show access-lists expert access-list extended 2700 10 permit ip VID 4 host 192.168.3.55 any host 192.168.99.6 any (16 matches)
  • Page 923 Use the ip access-group command to apply the specified ACL to the interface, when the firewall is enabled. Configuration The following example applies the ACL 120 on the fastEthernet0/0 to filter the incoming packets: Ruijie(config)# interface fastEthernet 0/0 Examples Ruijie(config-if)# ip access-group 120 in...
  • Page 924 There are differences between a standard ACL and an extended ACL. The extended ACL is more precise. Refer to deny or permit in the two modes. Use show access-lists to display the ACL configurations. Configuration Create a standard ACL: Ruijie(config)# ip access-list extended 123 Examples Ruijie(config-ext-nacl)# show access-lists ip access-list extended 123 Ruijie(config-ext-nacl)#...
  • Page 925 The following example configures the minimum interval for packet matching log updating of IPv4 ACL Examples to 10 minutes: Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# ip access-list log-update interval 10 Related Command Description Commands ip access-list It indicates the definition of the IPv4 ACL.
  • Page 926 Usage Guide Use the show access-lists command to view the setting of ACL. Example 1 enables the packet counter for the standard ACL: Configuration Ruijie(config)# ip access-list counter std-acl Examples Ruijie(config-std-nacl)# show access-lists ip access-list standard std-acl 10 permit 195.168.6.0 0.0.0.255 (999 matches) 20 deny host 5.5.5.5 time-range tm (2000 matches)
  • Page 927 Use the show running command to view the setting. Configuration The following example switches the fragmentation packet matching mode of the ACL No.100 from the Examples default mode to a new mode: Ruijie(config)#ip access-list new-fragment-mode 100 Related Command Description Commands Platform This command is supported only in 10.4 (3b16), 10.4 (3b17), 10.4 (5b1) and later versions.
  • Page 928 Ruijie# show access-lists Examples ip access-list standard 1 10 permit host 192.168.4.12 20 deny any any Ruijie# config Ruijie(config)# ip access-list resequence 1 21 43 Ruijie(config)# exit Ruijie# show access-lists ip access-list standard 1 21 permit host 192.168.4.12 64 deny any any...
  • Page 929 Command mode Usage Guide Use the show access-lists command to view the configuration of this command. Configuration The following example creates an extended IPv6 ACL: Ruijie(config)# ipv6 access-list v6-acl Examples Ruijie(config-ipv6-nacl)# show access-lists ipv6 access-list extended v6-acl Ruijie(config-ipv6-nacl)# Related Command...
  • Page 930 The following example configures the minimum interval for packet matching log updating of the IPv6 Examples ACL to 10 minutes: Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# ipv6 access-list log-update interval 9 Related Command Description Commands ipv6 access-list It indicates the definition of the IPv6 ACL.
  • Page 931 Apply the specified IPV6 ACL on the specified interface to control the interface traffic. You can view the configuration by command show ipv6 traffic-filter. Configuration The following example shows how to apply the access-list v6-acl to Gigabit interface Gigabit 0/1: Ruijie(config)# interface GigaEthernet 0/1 Examples Ruijie(config-if)# ipv6 traffic-filter v6-acl in Related Command Description Commands show access-group Show the ACL configurations.
  • Page 932 ACL. When an ACE is deleted, the remarks between this ACE and the preceding one are deleted. Ruijie# ip access-list extended 102 Configuration Ruijie(config-ext-nacl)# list-remark this acl is to filter the host Examples 192.168.4.12 Ruijie(config-ext-nacl)# show access-lists ip access-list extended 102 deny ip host 192.168.4.12 any...
  • Page 933 Usage Guide You can use the show running-config command to show the configuration result. Configuration The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit interface 1: Examples Ruijie(config)#interface GigaEthernet 1/1 Ruijie(config-if)#mac access-group accept__00d0f8xxxxxx_only in Related Command Description...
  • Page 934 Use the show access-lists command to display the ACL configurations. Configuration Create an extended MAC ACL: Ruijie(config)# mac access-list extended mac-acl Examples Ruijie(config-mac-nacl)# show access-lists mac access-list extended mac-acl Create an extended ACL: Ruijie(config)# mac access-list extended 704 Ruijie(config-mac-nacl)# show access-lists mac access-list extended 704 Related...
  • Page 935 CLI Reference Guide ACL Configuration Commands Ruijie(config)#no mac access-list extended mac-acl counter Ruijie(config-mac-nacl)# show access-lists mac access-list extended mac-acl 10 permit host 0023.56ac.8965 any 20 deny any any etype-any cos 6 Related Command Description Commands show access-lists It is used to view extended MAC ACL.
  • Page 936 CLI Reference Guide ACL Configuration Commands Show all the ACLs. show access-lists Define the IP ACL. ip access-list ipv6 access-list Define the extended IPV6 ACL. deny Define the deny rule. permit Define the permit rule. Platform Description permit One or multiple permit conditions are used to determine whether to forward or discard the packet. In ACL configuration mode, you can modify the existent ACL or configure according to the protocol details.
  • Page 937 CLI Reference Guide ACL Configuration Commands source | any} {host source-mac-address | any } {destination destination-wildcard | host destination | any} {host destination-mac-address | any} [time-range time-range-name] When you select the protocol field: [sn] permit protocol [VID [out][inner in]] {source source-wildcard | host Source | any} {host source-mac-address | any } {destination destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name]...
  • Page 938 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to interface gigabitethernet 1/1. The configuration procedure is as below: Ruijie(config)# ip access-list extended 102 Ruijie(config-ext-nacl)# permit tcp host 192.168.4.12 eq 100 any Ruijie(config-ext-nacl)# show access-lists ip access-list extended 102 10 permit tcp host 192.168.4.12 eq 100 any...
  • Page 939 This example shows how to use the extended IPV6 ACL. The purpose is to permit the host with the IP address 192.168.4.12 and apply the ACL to interface gigabitethernet 1/1. The configuration procedure is as below: Ruijie(config)#ipv6 access-list extended v6-acl Ruijie(config-ipv6-nacl)#11 permit ipv6 host ::192.168.4.12 any Ruijie(config-ipv6-nacl)# show access-lists ipv6 access-list extended v6-acl 11 permit ipv6 host ::192.168.4.12 any...
  • Page 940 2 same ACE remarks in 1 ACL is not allowed. Ruijie# ip access-list extended 102 Configuration Ruijie(config-ext-nacl)# remark first_remark Examples Ruijie(config-ext-nacl)# permit tcp 1.1.1.1 0.0.0.0 2.2.2.2 0.0.0.0 Ruijie(config-ext-nacl)# remark second_remark Ruijie(config-ext-nacl)# permit tcp 3.3.3.3 0.0.0.0 4.4.4.4 0.0.0.0 Ruijie(config-ext-nacl)# end Ruijie#...
  • Page 941 ACL ID name ACL name Defaults Global configuration mode Command mode Usage Guide Use this command to configure the global security channel. Configuration Ruijie# security global access-group 1 Examples Related Command Description Commands show running Show configuration of current system.
  • Page 942 Description Defaults Command Interface configuration mode. mode Usage Guide Use this command to configure the uplink port of the security channel on the interface. Configuration Ruijie(config-if)#security uplink enable Examples Related Command Description Commands show running Show configuration of current system.
  • Page 943 Privileged EXEC mode mode Usage Guide Use this command to show the specified ACL. If no ID or name is specified, all the ACLs will be shown. Ruijie# show access-lists n_acl Configuration ip access-list standard n_acl Examples Ruijie# show access-lists 102...
  • Page 944 Usage Guide Show the expert ACL configured on the interface. If no interface is specified, the associated expert ACLs of all the interfaces will be shown. Ruijie# show expert access-group interface gigabitethernet 0/2 Configuration expert access-group ee in Examples...
  • Page 945 Usage Guide Show the IP ACL configured of the interface. If no interface is specified, the associated IP ACLs of all the interfaces will be shown. Ruijie# show ip access-group interface gigabitethernet 0/1 Configuration ip access-group aaa in Examples Applied On interface GigabitEthernet 0/1.
  • Page 946 Usage Guide Show the IPv6 ACL associated with the interface. If no interface is specified, the associated IPv6 ACLs of all the interfaces will be shown. Ruijie# show ipv6 traffic-filter interface gigabitethernet 0/4 Configuration ipv6 access-group v6 in Examples Applied On interface GigabitEthernet 0/4.
  • Page 947 Layer-3 devices. Use the no form of this command to disable this function. svi router-acls enable no svi router-acls enable Parameter Parameter Description Description Disable the svi router-acls function. Defaults Disabled. Global configuration mode Command mode Usage Guide Ruijie(config)#svi router-acls enable Configuration Examples Related Command Description Commands Platform Description...
  • Page 948: Qos Configuration Commands

    CLI Reference Guide QoS Configuration Commands QoS Configuration Commands Default Configuration Before configuring QoS, you must have a full knowledge of these items related to QoS: 1. One interface can only be associated with one policy map at most. 2. One policy map may own many class maps 3.
  • Page 949: Mls Qos Trust

    N/A. Command mode Interface configuration mode. Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# mls qos trust cos Related show mls qos interface interface-id commands Platform description mls qos cos Use this command to configure the CoS value of an interface. Use the no form of this command to restore it to the...
  • Page 950 The CoS value is 0. Command mode Interface configuration mode. Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# mls qos cos 7 Related show mls qos interface interface-id commands interface rate-limit Use this command to set the rate limit on the port.
  • Page 951: Policy Maps

    CLI Reference Guide QoS Configuration Commands Ruijie(config)# interface fastEthernet 0/1 Examples Ruijie(config-if)# rate-limit input 1000000 4096 Command Description Related show mls qos commands interface policy maps Use the following command to create a policy map and enter the policy map configuration mode...
  • Page 952 Ruijie(config-pmap-c)# set ip dscp 10 Set the bandwidth as 1M, the burst traffic as 4096k, and the method for handing the excessive part to assign the new DSCP value of 16. Ruijie(config-pmap-c)# police 1000000 4096 exceed-action dscp 16 Related show policy-map...
  • Page 953 CLI Reference Guide QoS Configuration Commands Ruijie(config-if)# service-policy input po Ruijie(config)# virtual-group 3 Ruijie(config-if)# service-policy input po Related show mls qos interface. commands Platform description The parameter output is not supported in the virtual-group. priority-queue Use this command to configure the output queue scheduling algorithm.
  • Page 954 For the number of weights description and its range, see the default settings. Restore to the default value. Default configuration weight1: ...: weightn = 1:..:1 Command mode Global configuration mode Examples Ruijie(config)# wrr-queue bandwidth 1 2 3 4 5 6 7 8...
  • Page 955 Restore to the default value. Default configuration See the default configuration. Command mode Global configuration mode Examples Ruijie(config)# mls qo map cos-dscp 8 10 16 18 24 26 32 34 Command Description Related show mls qos Show DSCP-COS, COS-DSCP and commands maps IP-prec-DSCP maps.
  • Page 956 QoS Configuration Commands Default configuration See the default configuration. Command mode Global configuration mode. Examples Ruijie(config)# mls qos map dscp-cos 8 10 16 18 to 0 Command Description Related show mls qos Show DSCP-COS, COS-DSCP and commands maps IP-prec-DSCP maps.
  • Page 957 Command mode Global configuration mode. Examples Ruijie(config)# mls qos scheduler sp Related show mls qos scheduler. commands drr-queue bandwidth Use this command to set the queue weight in the DRR scheduling mode. Use the no form of the command to restore it to the default.
  • Page 958 Restore to the default value. Default configuration See the default configuration. Command Global configuration mode. mode Examples Ruijie(config)# mls qo map ip-prec -dscp 8 10 16 18 24 26 32 34 Command Description Related show mls qos Show the DSCP-COS, COS-DSCP and commands maps IP-prec-DSCP maps.
  • Page 959 The following example sets the queue to use wfq schedule algorithm: Ruijie(config)# mls qos scheduler wfq Ruijie(config)# show mls qos scheduler The following example configures the minimum and maximum Examples bandwidth: Ruijie(config-if)# wfq-queue 2 bandwidth 10 10240 Ruijie(config-if)# wfq-queue 4 bandwidth 7 10240 Ruijie(config-if)# show running Command Description Related show mls qos Show QOS schedule method.
  • Page 960 The following example enables the queue to use wfq schedule algorithm: Ruijie(config)# mls qos scheduler wfq Ruijie(config)# show mls qos scheduler Examples The following example configures queue 1 and queue 3 to use SP: Ruijie(config)# wfq-queue 1 sp...
  • Page 961 24 ports or the latter 24 ports. The following example sets the interface gigabitEthernet 1/3 as the member of virtual group 3: Examples Ruijie(config)# interface gigabitethernet 1/3 Ruijie(config-if)# virtual-group 3 Command Description Related show Show the virtual-group settings.
  • Page 962: Show Mls Qos Interface

    [interface-id] [policers] Parameter Description Parameter interface-id Interface ID description policers Show the police associated with the interface Default The QoS information of all ports is shown. configuration Command mode Privileged EXEC mode. Examples Ruijie# show mls qos interface fastEthernet 0/1...
  • Page 963 This command is used to show the police information associated with the virtual group. configuration Command mode Privileged EXEC mode. Ruijie# show mls qos virtual-group 1 Examples Ruijie# show mls qos virtual-group policerss show mls qos queuing Use this command to show the QoS queuing information. show mls qos queueing...
  • Page 964: Show Mls Qos Maps

    All QoS maps are shown by default. Command mode Privileged EXEC mode. Examples Ruijie# show mls qos maps show mls qos rate-limit Use this command to show the information about rate limit on the interface. show mls qos rate-limit [interface interface-id...
  • Page 965 CLI Reference Guide QoS Configuration Commands summary Show the information on all virtual groups. Command mode Privileged EXEC mode. Ruijie# show virtual-group 1 Examples Ruijie# show virtual-group summary Command Description Related commands virtual-group Enable the virtual group.
  • Page 966 Reliability Configuration Commands 1. CFM Configuration Commands 2. REUP Configuration Commands 3. RLDP Configuration Command 4. DLDP Configuration Commands 5. TPP Configuration Commands 6. BFD Configuration Commands 7. RNS&Track Configuration Commands 8. GRTD Configuration Commands 9. SEM Configuration Commands 10. VSU Configuration Commands...
  • Page 967 44, or it’ll fail to create guidelines the maintenance association. Besides, the maintenance domain shall be created before the creation of the maintenance association. Ruijie(config)#cfm ma MA_A_MD_A md MD_A Examples Ruijie(config)#no cfm ma MA_A_MD_A md MD_A Command Description Related show cfm ma Show...
  • Page 968 0-7. Delete the maintenance domain. Default N/A. Command Configuration mode. mode Usage guidelines N/A. Ruijie(config)#ethernet cfm md MD_A level 5 Examples Ruijie(config)# no ethernet cfm md MD_A Command Description Related Show maintenance domain commands show cfm md information.
  • Page 969 Configuration mode. The maintenance association must be created before the creation of Usage guidelines the service instance, or it’ll fail to create the service instance. Ruijie(config)#cfm service-instance 10 vlan 1 md MD_A ma MA_A_MD_A Examples Ruijie(config)#no cfm service-instance 10 Command Description...
  • Page 970 MEP list will be removed. Default N/A. Command mode Configuration mode. Usage guidelines N/A. Examples Ruijie(config)# cfm mep-list 1-3 service-instance 1 Command Description Related Show MEP(maintenance show cfm mep-list commands association point) list service-instance information.
  • Page 971 CLI Reference CFM Configuration Commands Default N/A. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# cfm mep 100 service-instance 1 inward Command Description Show MEP(maintenance show cfm mep Related association end point) information. service-instance commands Show...
  • Page 972 CLI Reference CFM Configuration Commands Default N/A. Command mode Configuration mode. Usage guidelines N/A. Examples Ruijie# cfm mip-rule explicit service-instance 1 Command Description Related Show maintenance point commands show cfm mp information. cfm cc interval service-instance Use this command to set interval of transmitting CCM. The no form of this command can be used to restore the interval to the default value.
  • Page 973 CLI Reference CFM Configuration Commands Command mode Configuration mode. Usage guidelines N/A. Examples Ruijie(config)#cfm cc interval 5 service-instance 1 Command Description Enable the function of transmitting service-instance Related CCM. enable commands Show service instance show information, including the interval service-instance of transmitting the CCM.
  • Page 974 CLI Reference CFM Configuration Commands Examples Ruijie(config)#cfm cc service-instance 1 enable Command Description cfm cc interval Set the interval of transmitting CCM. service-instance Related Show (maintenance commands association end point) information, show cfm mep service-instance including the status of transmitting CCM.
  • Page 975 By default, the ttl-value is 64 and the hw-only is disabled. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# cfm linktrace service-instance 1 mep 100 remote-mep 200 ttl 80 hw-only Examples Ruijie#cfm linktrace service-instance 1 mep 100 remote-mac 00d0.f800.1e2f ttl 30...
  • Page 976 Disable the linktrace auto-detection function. By default, the entries-count value is 5. Default Command mode Configuration mode. Usage guidelines N/A. Examples Ruijie(config)# cfm linktrace atuto-detection Command Description show Related linktrance Show the response information of the commands auto-detection linktrace auto-detection. size cfm loopback service-instance mep count Use this command to execute the loopback function.
  • Page 977: Show Cfm Md

    The default count is 5. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# cfm loopback service-instance 1 mep 100 remote-mep 200 count Examples show cfm md Use this command to show the maintenance domain configurations. show cfm md Parameter Description...
  • Page 978 Privileged EXEC mode. Usage guidelines N/A. The example below shows the MD_A MA_A_MD_A configuration. Ruijie# show cfm ma MA_A_MD_A md MD_A The example below shows the MD_A MA configuration. Examples cfm ma md MD_A Ruijie# show The example below shows the MA configurations.
  • Page 979 Service instance id, in the range of instance-id 1-32767. Default N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show cfm mep 100 service-instance 1 Examples Command Description Related Show the MEP(maintenance association end cfm mep commands point). service-instance show cfm mep-list service-instance Use this command to show the MEP(maintenance association end point) list information.
  • Page 980: Show Cfm Mp

    CLI Reference CFM Configuration Commands Usage guidelines N/A. Examples Ruijie# show cfm mep-list service-instance 1 Command Description (maintenance Related service-instance association end point). commands Set the rule of generating the mip-rule maintenance domain intermediate service-instance point. show cfm mp Use this command to show the MP(maintenance point) information.
  • Page 981 Command mode Privileged EXEC mode. Usage guidelines N/A. Examples Ruijie# show cfm remote-mep service-instance 1 mep 100 show cfm service-instance Use this command to show the service instance configurations. show cfm service-instance [instance-id] Parameter Description Parameter Service instance id, in the range of...
  • Page 982 N/A. The example below shows the linktrace information of one MEP(maintenance association end point). Ruijie# show cfm linktrace-info service-instance 1 mep 100 The example below shows all linktrace information of all Examples MEP(maintenance association end point)s in a service instance.
  • Page 983 The example below shows all the auto-detected linktrace information. Ruijie# show cfm linktrace-info auto-detection Examples The example below shows the linktrace information auto-detected for 10 times. Ruijie# show cfm linktrace-info auto-detection size 10 Command Description Related linktrace Set the linktrace auto-detection...
  • Page 984: Link State Track

    First create a link state track group and then add a port into the specified Usage link state track group. guidelines The following example shows how to create a link state track group: Examples Ruijie(config)# link state track 1 Command Description Related Add the port to the specified link state commands link state group track group.
  • Page 985 The following example shows how to add the port fa0/2 into the link state track group: Ruijie(config)# link state track 1 Examples Ruijie(config)# interface fa 0/2 Ruijie(config-if)# link state group 1 upstream Command Description Related commands link state track Enable a link state track group.
  • Page 986 The following example shows how to configure the maximum number of MAC address update packets sent per second: Examples Ruijie(config)# mac-address-table move update max-update-rate 20 Command Description Related commands switchport backup interface interface-id Use this command to configure the REUP dual link backup interface.
  • Page 987 0/1 and fa 0/2 as the primary interface and backup interface, set the bandwidth preemption mode and 40s preemption delay: Ruijie(config)# interface fa 0/1 Examples Ruijie(config-if)# switchport backup interface fa 0/2 preemption mode bandwitdh Ruijie(config-if)# switchport backup interface fa 0/2 preemption delay 40...
  • Page 988 L2 data flow. You need to enable the switch of receiving the MAC address update messages on the uplink switch. Ruijie(config)# mac-address-table move update receive Examples Command Description...
  • Page 989 MAC address update packets, but the capability to provide convergence on link failure will be degraded. The following example configures VLANs processing MAC address update packets: Examples Ruijie(config)# no mac-address-table move update receive vlan 20 Command Description Related mac-address-table...
  • Page 990 When a link is switched, the VLAN enabled to transmit MAC address Usage update packets will send MAC address update packets to its uplink guidelines device. The following example configures VLANs transmitting MAC address update packets: Examples Ruijie(config)# mac-address-table move update transit Command Description Related mac-address-table Enable REUP receive...
  • Page 991 Interface configuration mode. In order to reduce the flood due to the MAC address update and the influence on the normal data transmission of the switch, Ruijie Usage products add a configuration of MAC address update group. Only if all...
  • Page 992: Show Link State Group

    REUP Configuration Commands guidelines an instance and a VLAN. The following example configures VLAN load balancing on dual links. Ruijie(config)# interface gigabitEthernet 0/1 Examples Ruijie(config-if)# switchport backup interface gigabitEthernet 0/2 prefer instance 1 Command Description show interface Show the configuration of dual-link...
  • Page 993 Show the detailed information about the dual link backup. Default Show the dual link backup information on all interfaces. Command mode Privileged EXEC mode. Ruijie # show interfaces switchport backup detail Switch Backup Interface Pairs: Active Interface Backup Interface State ---------------------------------------------------- Gi0/23...
  • Page 994 CLI Reference REUP Configuration Commands Ruijie # show mac-address-table update group detail Mac-address-table Update Group:1 Received mac-address-table update message count:7 Group member Receive Count Last Receive Switch-ID Receive Time ---------------------------------------------------------- GigabitEthernet 0/3 0 0000.0000.0000 GigabitEthernet 0/4 0 0000.0000.0000...
  • Page 995 Usage You can enable RLDP on the interface only when the global RLDP is guidelines enabled. The following example shows how to enable RLDP: Examples Ruijie(config)# rldp enable Command Description Related commands rldp port Enable the RLDP function on the port.
  • Page 996 STP. The following example shows how to set the detection interval as 5s: Examples Ruijie(config)# rldp detect-interval 5 Command Description Related commands rldp detect-max Set the maximum number of detections.
  • Page 997 The following example demonstrates how to configure RLDP detection on fas 0/1, specify the detection type as loop detection, and Examples troubleshooting method as block. Ruijie(config)# interface fas 0/1 Ruijie(config-if)# rldp port loop-detect block Command Description Related commands rldp enable Enable RLDP globally.
  • Page 998 N/A. Default N/A. Command mode Privileged EXEC mode. The example below demonstrates how to use this command: Examples Ruijie# rldp reset Command Description Related commands rldp eanble Enable RIDP globally. show rldp Use this command to show the RLDP information.
  • Page 999 CLI Reference RLDP Configuration Command Command mode Privileged EXEC mode.
  • Page 1000: Dldp Configuration Commands

    Interface configuration mode. Usage Use this command to enable the DLDP detection function for the guidelines rapid detection of the Ethernet link error. Example 1: enable the DLDP function for the device 10.83.132.10: Ruijie(config)# interface fastethernet 1/0 Examples Ruijie(config-if)# dldp 10.83.132.1 Ruijie(config-if)#...
  • Page 1001 20.1.1.1 with the nexthop ip 10.1.1.1: Ruijie(config)# dldp 20.1.1.1 10.1.1.1 Example 4: set the resume as 3: Ruijie(config)# dldp 1.1.1.1 resume 3 Version description dldp passive Use this command to set the DLDP detection in the passive mode. Use the no form of this command to return to the default active DLDP detection mode.

Table of Contents