H3C S5120-SI Series Command Reference Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. S5120-SI Series
  6. Command reference manual

H3C S5120-SI Series Command Reference Manual

Hide thumbs Also See for S5120-SI Series:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Operating Manual
H3C S5120-SI Series Ethernet Switches
Command Reference
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: 6W105-20110810
Product Version: Release 1101

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5120-SI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5120-SI Series

Summary of Contents for H3C S5120-SI Series

  • Page 1 H3C S5120-SI Series Ethernet Switches Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 6W105-20110810 Product Version: Release 1101...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
  • Page 3 Preface The H3C S5120-SI Series Ethernet Switches Command Reference, Release 1101 describes the commands available in the H3C S5120-SI series software release 1101. This preface includes: About This Document Audience Organization Conventions Documentation Guide Related Documentation Obtaining Documentation Technical Support...
  • Page 4 This documentation is intended for: Network planners Field technical support and servicing engineers Network administrators working with the S5120-SI series Organization The H3C S5120-SI Series Ethernet Switches Command Reference, Release 1101 comprises these chapters: Chapter Content 01-CLI CLI Configuration Commands...
  • Page 5 Chapter Content FTP Server Configuration Commands 15-FTP and TFTP FTP Client Configuration Commands TFTP Client Configuration Commands 16-IP Routing Basics Routing-table Display and Reset Commands Configuration 17-Static Routing Static Routing Configuration Commands IGMP Snooping Configuration Commands 18-Mulitcast Multicast VLAN Configuration Commands Class Configuration Commands Traffic Behavior Configuration Commands QoS Policy Configuration and Application Commands...
  • Page 6 Chapter Content 41-IP Source Guard IP Source Guard Configuration Commands 42-Appendix Command Index Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. italic Italic text represents arguments that you replace with actual values.
  • Page 7 Convention Description Means techniques helpful for you to make configuration with ease.
  • Page 8 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at this URL: http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...
  • Page 9 [Technical Support & Documents > Software Download] – Provides the documentation released with the software version. Technical Support customer_service@h3c.com http://www.h3c.com Documentation Feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 10: Table Of Contents

    Table of Contents 1 CLI Commands ··········································································································································1-1 CLI Commands ·······································································································································1-1 display history-command·················································································································1-1 quit ···················································································································································1-1 return ···············································································································································1-2 screen-length disable ······················································································································1-3 system-view·····································································································································1-3...

  • Page 11: Cli Commands

    CLI Commands CLI Commands display history-command Syntax display history-command View Any view Default Level 1: Monitor level Parameters None Description Use the display history-command command to display commands saved in the history buffer. The system will save validated history commands performed last in current user view to the history buffer, which can save up to ten commands by default.

  • Page 12: Return

    Default Level 0: Visit level (in user view) 2: System level (in other views) Parameters None Description Use the quit command to exit to a lower-level view. If the current view is user view, the quit command terminates the current connection and quits the system. Examples # Switch from GigabitEthernet1/0/1 interface view to system view, and then to user view.

  • Page 13: Screen-Length Disable

    screen-length disable Syntax screen-length disable undo screen-length disable View User view Default Level 1: Monitor level Parameters None Description Use the screen-length disable command to disable the multiple-screen output function of the current user. Use the undo screen-length disable command to enable the multiple-screen output function of the current user.
  • Page 14 Description Use the system-view command to enter system view from the current user view. Related commands: quit, return. Examples # Enter system view from the current user view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname]...
  • Page 15 Table of Contents 1 Commands for Logging into an Ethernet Switch···················································································1-1 Commands for Logging into an Ethernet Switch ····················································································1-1 activation-key···································································································································1-1 authentication-mode ························································································································1-2 auto-execute command ···················································································································1-3 databits ············································································································································1-4 display telnet client configuration ····································································································1-5 display user-interface ······················································································································1-5 display users····································································································································1-7 display web users ····························································································································1-8 escape-key ······································································································································1-9 flow-control ····································································································································1-10 free user-interface ·························································································································1-11...

  • Page 16: Commands For Logging Into An Ethernet Switch

    Commands for Logging into an Ethernet Switch Commands for Logging into an Ethernet Switch activation-key Syntax activation-key character undo activation-key View AUX interface view Default Level 3: Manage level Parameters character: Shortcut key for starting terminal sessions, a character or its ASCII decimal equivalent in the range 0 to 127;...

  • Page 17: Authentication-Mode

    ************************************************************************** * Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** User interface aux0 is available. Please press ENTER. <Sysname> %Apr 28 04:33:11:611 2005 Sysname SHELL/5/LOGIN: Console login from aux0...

  • Page 18: Auto-Execute Command

    For VTY user interface, if you want to set the login authentication mode to none or password, you must first verify that the SSH protocol is not supported by the user interface. Otherwise, your configuration will fail. Refer to protocol inbound.

  • Page 19: Databits

    The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution. Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration. Examples # Configure the telnet 10.110.100.1 command to be executed automatically after users log into VTY 0.

  • Page 20: Display Telnet Client Configuration

    H3C S5120-SI Switch Series only supports data bits 7 and 8. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly. Examples # Set the data bits to 7.
  • Page 21 Default Level 1: Monitor level Parameters type: User interface type. number: Absolute or relative index of the user interface. This argument can be an absolute user interface index (if you do not provide the type argument) or a relative user interface index (if you provide the type argument).

  • Page 22: Display Users

    Filed Description Modem Indicates whether or not a modem is used. Privi The available command level Auth The authentication mode The physical position of the user interface display users Syntax display users [ all ] View Any view Default Level 1: Monitor level Parameters all: Displays the information about all user interfaces.

  • Page 23: Display Web Users

    : Current operation user work in async mode. Table 1-2 Descriptions on the fields of the display users command Field Description The information displayed is about the current user interface. The information is about the current user interface, and the current user interface operates in asynchronous mode.

  • Page 24: Escape-Key

    Field Description LinkCount Number of tasks that the web user runs LoginTime Time when the web user logged in LastTime Last time when the web user accessed the switch escape-key Syntax escape-key { default | character } undo escape-key View User interface view Default Level 3: Manage level...

  • Page 25: Flow-Control

    By default, the value is none. That is, no flow control will be performed. H3C S5120-SI Switch Series only supports none keyword. Examples # Configure software flow control on AUX port.

  • Page 26: Free User-Interface

    free user-interface Syntax free user-interface [ type ] number View User view Default Level 3: Manage level Parameters type: User interface type. number: Absolute user interface index or relative user interface index. Relative user interface index: If you provide the type argument, number indicates the user interface index of the type.

  • Page 27: Idle-Timeout

    Parameters value: Size of the history command buffer. This argument ranges from 0 to 256 and defaults to 10. That is, the history command buffer can store 10 commands by default. Description Use the history-command max-size command to set the size of the history command buffer. Use the undo history-command max-size command to revert to the default history command buffer size.

  • Page 28: Ip Http Enable

    ip http enable Syntax ip http enable undo ip http enable View System view Parameter None Description Use the ip http enable command to launch the Web server. Use the undo ip http enable command to shut down the Web server. By default, the Web server is enable.

  • Page 29: Parity

    By default, the system will not lock the current user interface automatically. Examples # Lock the current user interface. <Sysname> lock Please input password<1 to 16> to lock current user terminal interface: Password: Again: locked ! # Cancel the lock. Password: Again: <Sysname>...

  • Page 30: Protocol Inbound

    H3C S5120-SI switch series supports the even, none, and odd check modes only. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly. Examples # Set to perform mark checks.

  • Page 31: Screen-Length

    Examples # Configure VTY 0 to support only SSH protocol. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface vty 0 [Sysname-ui-vty0] protocol inbound ssh screen-length Syntax screen-length screen-length undo screen-length View User interface view Default Level 2: System level Parameters screen-length: Number of lines the screen can contain.

  • Page 32: Set Authentication Password

    Parameters all: Specifies to send messages to all user interfaces. type: User interface type. number: Absolute user interface index or relative user interface index. Relative user interface index: If you provide the type argument, the number argument indicates the user interface index of the type. When the type is AUX, number is 0; when the type is VTY, number ranges from 0 to 15.

  • Page 33: Shell

    password: Password. The password must be in plain text if you specify the simple keyword in the set authentication password command. If you specify the cipher keyword, the password can be in either encrypted text or plain text. Whether the password is in encrypted text or plain text depends on the password string entered.

  • Page 34: Speed

    By default, terminal services are available in all user interfaces. Note the following when using the undo shell command: This command is available in all user interfaces except the AUX user interface, because the AUX port (also the Console) is exclusively used for configuring the switch. This command is unavailable in the current user interface.

  • Page 35: Stopbits

    Use the undo stopbits command to revert to the default stop bits. By default, the stop bits is 1. The S5120-SI series do not support communication with a terminal emulation program with stopbits set to 1.5. Changing the stop bits value of the switch to a value different from that of the terminal emulation utility does not affect the communication between them.

  • Page 36: Sysname

    Default Level 2: System level Parameters string: System name of the switch. This argument can contain 1 to 30 characters and defaults to H3C. Description Use the sysname command to set a system name for the switch. Use the undo sysname command to revert to the default system name.

  • Page 37: Telnet Client Source

    Trying 129.102.0.1 ... Press CTRL+K to abort Connected to 129.102.0.1 ... ************************************************************************** * Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <Sysname2>...

  • Page 38: Telnet Server Enable

    Examples # Specify the source IP address for Telnet packets. <Sysname> system-view [Sysname] telnet client source ip 129.102.0.2 # Remove the source IP address configured for Telnet packets. [Sysname] undo telnet client source telnet server enable Syntax telnet server enable undo telnet server enable View System view...

  • Page 39: User-Interface

    Default Level 2: System level Parameters ansi: Specifies the terminal display type to ANSI. vt100: Specifies the terminal display type to VT100. Description Use the terminal type command to configure the type of terminal display . Use the undo terminal type command to restore the default. Currently, the system support two types of terminal display : ANSI and VT100.

  • Page 40: User Privilege Level

    [Sysname-ui-vty0] user privilege level Syntax user privilege level level undo user privilege level View User interface view Default Level 3: Manage level Parameters level: Command level ranging from 0 to 3. Description Use the user privilege level command to configure the command level available to the users logging into the user interface.
  • Page 41 # You can verify the above configuration by Telnetting to VTY 0 and displaying the available commands, as listed in the following. <Sysname> ? User view commands: ping Ping function quit Exit from current command view super Set the current user priority level telnet Establish one TELNET connection tracert...

  • Page 42: Commands For Controlling Login Users

    Commands for Controlling Login Users Commands for Controlling Login Users Syntax acl acl-number { inbound | outbound } undo acl { inbound | outbound } View User interface view Default Level 2: System level Parameters acl-number: ACL number ranging from 2000 to 4999, where: 2000 to 2999 for basic IPv4 ACLs 3000 to 3999 for advanced IPv4 ACLs 4000 to 4999 for Layer 2 ACLs...

  • Page 43: Free Web-Users

    free web-users Syntax free web-users { all | user-id userid | user-name username } View User view Parameter userid: Web user ID. username: User name of the Web user. This argument can contain 1 to 80 characters. all: Specifies all Web users. Description Use the free web-users command to disconnect a specified Web user or all Web users by force.
  • Page 44 Table of Contents 1 Ethernet Port Configuration Commands·································································································1-1 Ethernet Port Configuration Commands ·································································································1-1 broadcast-suppression ····················································································································1-1 description ·······································································································································1-2 display brief interface·······················································································································1-3 display loopback-detection ··············································································································1-5 display interface·······························································································································1-6 display port-group manual ·············································································································1-10 display storm-constrain··················································································································1-11 duplex ············································································································································1-12 flow-control ····································································································································1-13 flow-interval ···································································································································1-13 group-member ·······························································································································1-14 interface·········································································································································1-15 jumboframe enable························································································································1-15 loopback ········································································································································1-16 loopback-detection control enable·································································································1-17...

  • Page 45: Ethernet Port Configuration Commands

    Ethernet Port Configuration Commands Ethernet Port Configuration Commands broadcast-suppression Syntax broadcast-suppression { ratio | pps max-pps | kbps max-bps } undo broadcast-suppression View Ethernet port view, port group view Default Level 2: System level Parameters ratio: Maximum percentage of broadcast traffic to the total transmission capability of an Ethernet port. The smaller the ratio, the less broadcast traffic is allowed to pass through the interface.

  • Page 46: Description

    If you set different suppression ratios in Ethernet port view or port-group view for multiple times, the latest configuration takes effect. Do not use the broadcast-suppression command along with the storm-constrain command. Otherwise, the broadcast storm suppression ratio configured may get invalid. Examples # For Ethernet port GigabitEthernet 1/0/1, allow broadcast traffic equivalent to 20% of the total transmission capability of GigabitEthernet 1/0/1 to pass.

  • Page 47: Display Brief Interface

    A port description can be the mixture of English characters and other Unicode characters. The mixed description cannot exceed the specified length. To use a type of Unicode characters or symbols in a port description, you need to install the corresponding Input Method Editor (IME) and log in to the device through remote login software that supports this character type.
  • Page 48 exclude: Displays the lines that do not match the regular expression. include: Displays the lines that match the regular expression. regular-expression: Regular expression, a string of 1 to 256 characters. Note that this argument is case-sensitive. Description Use the display brief interface command to display brief interface information. If neither interface type nor interface number is specified, all interface information will be displayed.

  • Page 49: Display Loopback-Detection

    Loop0 UP(spoofing) LOOP 5.5.5.5 NULL0 UP(spoofing) NULL Vlan999 ETHERNET 10.1.1.1 The brief information of interface(s) under bridge mode: Interface Link Speed Duplex Link-type PVID GE1/0/7 100M(a) full(a) trunk GE1/0/9 100M(a) full(a) access # Display the brief information of all interfaces excluding Ethernet ports. <Sysname>...

  • Page 50: Display Interface

    If loopback detection is already enabled, this command will also display the detection interval and information on the ports currently detected with a loopback. Examples # Display loopback detection information on a port. <Sysname> display loopback-detection Loopback-detection is running Detection interval time is 30 seconds No port is detected with loopback display interface Syntax...
  • Page 51 The Maximum Frame Length is 10240 Broadcast MAX-ratio: 100% Unicast MAX-ratio: 100% Multicast MAX-ratio: 100% PVID: 1 Mdi type: auto Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Port priority: 0 Peak value of input: 0 bytes/sec, at 00-00-00 00:00:00 Peak value of output: 0 bytes/sec, at 00-00-00 00:00:00 Last 300 seconds input: 0 packets/sec 0 bytes/sec...
  • Page 52 Field Description Multicast storm suppression ratio (the maximum ratio of Multicast MAX-ratio allowed number of multicast packets to overall traffic through an interface) PVID Default VLAN ID Mdi type Cable type Port link-type Interface link type, which could be access, trunk, and hybrid. VLANs whose packets are sent through the port with VLAN tag Tagged VLAN ID kept...
  • Page 53 Field Description Total number of illegal packets received, including: Fragment frames: Frames that were shorter than 64 bytes (with an integral or non-integral length) and contained checksum errors Jabber frames: Frames that were longer than the maximum frame length supported on the Ethernet port and contained checksum errors (the frame lengths in bytes may or may not be integers).

  • Page 54: Display Port-Group Manual

    Field Description Number of times frames were delayed due to Ethernet collisions collisions detected during the transmission Number of times frames were delayed due to the detection of late collisions collisions after the first 512 bits of the frames were already on the network Number of times the carrier was lost during transmission.

  • Page 55: Display Storm-Constrain

    Member of group2: None # Display details of the port group named group1. <Sysname> display port-group manual name group1 Member of group1: GigabitEthernet1/0/6 GigabitEthernet1/0/7 GigabitEthernet1/0/8 Table 1-3 display port-group manual command output description Field Description Member of group Member of the manual port group display storm-constrain Syntax display storm-constrain [ broadcast | multicast | unicast ] [ interface interface-type...

  • Page 56: Duplex

    Table 1-4 display storm-constrain command output description Field Description Flow Statistic Interval Interval for generating storm constrain statistics PortName Abbreviated port name Type of the packets for which storm constrain function is enabled, StormType which can be broadcast (for broadcast packets), multicast (for multicast packets), and unicast (for unicast packets).

  • Page 57: Flow-Control

    Examples # Configure the interface GigabitEthernet 1/0/1 to work in full-duplex mode. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] duplex full flow-control Syntax flow-control undo flow-control View Ethernet port view Default Level 2: System level Parameters None Description Use the flow-control command to enable flow control on an Ethernet port. Use the undo flow-control command to disable flow control on an Ethernet port.

  • Page 58: Group-Member

    View Ethernet port view Default Level 2: System level Parameters interval: Interval at which the interface collects statistics. It ranges from 5 to 300 seconds and must be a multiple of 5. The default value is 300 seconds. Description Use the flow-interval command to configure the time interval for collecting interface statistics. Use the undo flow-interval command to restore the default interval.

  • Page 59: Interface

    <Sysname> system-view [Sysname] port-group manual group1 [Sysname-port-group-manual-group1] group-member gigabitethernet 1/0/1 interface Syntax interface interface-type interface-number View System view Default Level 2: System level Parameters interface-type: Interface type. interface-number: Interface number. Description Use the interface command to enter interface view. Examples # Enter GigabitEthernet 1/0/1 interface view.

  • Page 60: Loopback

    Use the undo jumboframe enable command to prevent jumbo frames from passing through an Ethernet port. By default, the device allows frames no larger than 10240 bytes to pass through an Ethernet port. Examples # Enable jumbo frames to pass through all the Ethernet ports. <Sysname>...

  • Page 61: Loopback-Detection Control Enable

    loopback-detection control enable Syntax loopback-detection control enable undo loopback-detection control enable View Ethernet port view Default Level 2: System level Parameters None Description Use the loopback-detection control enable command to enable loopback detection for a trunk port or hybrid port. Use the undo loopback-detection control enable command to restore the default.

  • Page 62: Loopback-Detection Interval-Time

    View System view, Ethernet port view Default Level 2: System level Parameters None Description Use the loopback-detection enable command to enable loopback detection globally or on a specified port. Use the undo loopback-detection enable command to disable loopback detection globally or on a specified port.

  • Page 63: Loopback-Detection Per-Vlan Enable

    undo loopback-detection interval-time View System view Default Level 2: System level Parameters time: Time interval for performing port loopback detection, in the range 5 to 300 (in seconds). Description Use the loopback-detection interval-time command to configure time interval for performing port loopback detection.

  • Page 64: Mdi

    Examples # Enable loopback detection in all the VLANs to which the hybrid port GigabitEthernet 1/0/1 belongs. <Sysname> system-view [Sysname] loopback-detection enable [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] loopback-detection enable [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] loopback-detection per-vlan enable Syntax mdi { across | auto | normal } undo mdi View Ethernet port view...

  • Page 65: Multicast-Suppression

    multicast-suppression Syntax multicast-suppression { ratio | pps max-pps | kbps max-bps } undo multicast-suppression View Ethernet port view, port group view Default Level 2: System level Parameters ratio: Maximum percentage of multicast traffic to the total transmission capability of an Ethernet port, in the range 1 to 100.

  • Page 66: Port Auto-Power-Down

    Examples # For Ethernet port GigabitEthernet 1/0/1, allow multicast traffic equivalent to 20% of the total transmission capability of GigabitEthernet 1/0/1 to pass. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/1] multicast-suppression 20 # For all the ports of the manual port group group1, allow multicast traffic equivalent to 20% of the total transmission capability of each port to pass.

  • Page 67: Port-Group Manual

    port-group manual Syntax port-group manual port-group-name undo port-group manual port-group-name View System view Default Level 2: System level Parameters port-group-name: Specifies name of a port group, a string of 1 to 32 characters. Description Use the port-group manual command to create a port group and enter port group view. Use the undo port-group manual command to remove a port group.

  • Page 68: Reset Counters Interface

    The destination MAC addresses of the received packets are already in the MAC address table of the device. The egress interfaces in the corresponding MAC address table entries are the receiving interface. Use the undo port bridge enable command to disable bridging on an Ethernet port. By default, bridging is not enabled on an Ethernet port.

  • Page 69: Shutdown

    shutdown Syntax shutdown undo shutdown View Ethernet port view Default Level 2: System level Parameters None Description Use the shutdown command to shut down an Ethernet port. Use the undo shutdown command to bring up an Ethernet port. By default, an Ethernet port is in the up state. In certain circumstances, modification to the interface parameters does not immediately take effect, and therefore, you need to shut down the relative interface to make the modification work.

  • Page 70: Speed Auto

    Parameters 10: Specifies the interface rate as 10 Mbps. The optical interface of a SFP port does not support the 10 keyword. 100: Specifies the interface rate as 100 Mbps. The optical interface of a SFP port does not support the 100 keyword.

  • Page 71: Storm-Constrain

    Use the undo speed command to restore the default. The default value of the command varies with your device models. If you repeatedly use the speed command and the speed auto command to configure the rate of an interface, only the latest configuration takes effect. For example, if you configure speed 100 after configuring speed auto 100 1000 on an interface, the rate is 100 Mbps by force, with no negotiation performed between the interface and the peer end;...
  • Page 72 View Ethernet port view Default Level 2: System level Parameters all: Disables the storm constrain function for all types of packets (that is, unicast packets, multicast packets, and broadcast packets). broadcast: Enables/Disables the storm constrain function for broadcast packets. multicast: Enables/Disables the storm constrain function for multicast packets. unicast: Enables/Disables the storm constrain function for unicast packets.

  • Page 73: Storm-Constrain Control

    storm-constrain control Syntax storm-constrain control { block | shutdown } undo storm-constrain control View Ethernet port view Default Level 2: System level Parameters block: Blocks the traffic of a specific type on a port when the traffic detected exceeds the upper threshold.

  • Page 74: Storm-Constrain Enable Trap

    Description Use the storm-constrain enable log command to enable log sending. With log sending enabled, the system sends logs when traffic reaching a port exceeds the corresponding threshold or when the traffic drops down below the lower threshold after exceeding the upper threshold. Use the undo storm-constrain enable log command to disable log sending.

  • Page 75: Storm-Constrain Interval

    storm-constrain interval Syntax storm-constrain interval seconds undo storm-constrain interval View System view Default Level 2: System level Parameters seconds: Interval for generating traffic statistics, in the range 1 to 300 (in seconds). Description Use the storm-constrain interval command to set the interval for generating traffic statistics. Use the undo storm-constrain interval command to restore the default.
  • Page 76 Parameters ratio: Maximum percentage of unicast traffic to the total transmission capability of an Ethernet port, in the range of 1 to 100. The smaller the ratio is, the less unicast traffic is allowed through the interface. pps max-pps: Specifies the maximum number of unknown unicast packets passing through an Ethernet port per second.

  • Page 77: Virtual-Cable-Test

    virtual-cable-test Syntax virtual-cable-test View Ethernet port view Default Level 2: System level Parameters None Description Use the virtual-cable-test command to test the cable connected to the Ethernet port once and to display the testing result. The tested items include: Note that: When the cable is functioning properly, the cable length in the test result represents the total cable length;...
  • Page 78 Near-end crosstalk: - db 1-34...
  • Page 79 Table of Contents 1 Loopback Interface and Null Interface Configuration Commands·······················································1-1 Loopback Interface and Null Interface Configuration Commands ··························································1-1 description ·······································································································································1-1 display interface loopback ···············································································································1-2 display interface null ························································································································1-3 interface loopback ···························································································································1-4 interface null ····································································································································1-5 reset counters interface ···················································································································1-6 shutdown ·········································································································································1-6...

  • Page 80: Loopback Interface And Null Interface Configuration Commands

    Loopback Interface and Null Interface Configuration Commands Loopback Interface and Null Interface Configuration Commands description Syntax description text undo description View Loopback interface view, Null 0 interface view Default Level 2: System level Parameters text: Description of the interface, a string of 1 to 80 characters. Currently, the device supports the following types of characters or symbols: standard English characters (numbers and case-sensitive letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard.

  • Page 81: Display Interface Loopback

    By default, the description of an interface is the interface name followed by the word interface, Loopback1 interface for example. Related commands: display interface. Examples # Configure the description of loopback interface Loopback 1 as loopback1. <Sysname> system-view [Sysname] interface loopback 1 [Sysname- loopback1] description loopback1 display interface loopback Syntax...

  • Page 82: Display Interface Null

    Table 1-1 display interface loopback command output description Field Description current state Physical state of the interface (up or administratively down) Line protocol current state State of the data link layer protocol: up Description Description string of the interface The Maximum Transmit Unit Maximum transmit unit (MTU) of the interface Internet protocol processing State of the network layer protocol (enabled or disabled)

  • Page 83: Interface Loopback

    View Any view Default Level 1: Monitor level Parameters 0: Specifies the Null interface. This null interface number is fixed to 0. Description Use the display interface null command to display the information about the null interface. As Null 0 interface is the only null interface on a device, this command displays the information about Null 0 interface even if you do not specify the 0 keyword.

  • Page 84: Interface Null

    View System view Default Level 2: System level Parameters interface-number: Loopback interface number, ranging from 0 to 7. Description Use the interface loopback command to create a Loopback interface or enter Loopback interface view. Use the undo interface loopback command to remove a Loopback interface. Related commands: display interface loopback.

  • Page 85: Reset Counters Interface

    [Sysname-NULL0] reset counters interface Syntax reset counters interface [ interface-type [ interface-number ] ] View User view Default Level 2: System level Parameters interface-type: Logical interface type. interface-number: Logical interface number. Description Use the reset counters interface command to clear the statistics of a logical interface. Before collecting traffic statistics within a specific period of time on a logical interface, you need to clear the existing statistics.
  • Page 86 Description Use the shutdown command to shut down the current loopback interface. Use the undo shutdown command to bring up the current loopback interface. By default, a loopback interface is up. Examples # Shut down loopback interface Loopback 1. <Sysname> system-view [Sysname] interface loopback 1 [Sysname-Loopback1] shutdown...
  • Page 87 Table of Contents 1 Ethernet Link Aggregation Configuration Commands ··········································································1-1 Ethernet Link Aggregation Configuration Commands ············································································1-1 description ·······································································································································1-1 display lacp system-id ·····················································································································1-1 display link-aggregation member-port ·····························································································1-2 display link-aggregation summary···································································································1-4 display link-aggregation verbose·····································································································1-6 enable snmp trap updown ···············································································································1-8 interface bridge-aggregation ···········································································································1-9 lacp port-priority·······························································································································1-9 lacp system-priority························································································································1-10 link-aggregation mode ···················································································································1-10...

  • Page 88: Ethernet Link Aggregation Configuration Commands

    Ethernet Link Aggregation Configuration Commands Ethernet Link Aggregation Configuration Commands description Syntax description text undo description View Layer 2 aggregate interface view Default Level 2: System level Parameters text: Description of the interface, a string of 1 to 80 characters. Description Use the description command to configure a description for an interface.

  • Page 89: Display Link-Aggregation Member-Port

    Default Level 1: Monitor level Parameters None Description Use the display lacp system-id command to display the system ID of the local system. The system ID comprises the system LACP priority and the system MAC address. You can use the lacp system-priority command to change the LACP priority of the local system. When you do that, the LACP priority value you specify in the command is in decimal format.
  • Page 90 For a member port in a static aggregation group, only its port number and operational key are displayed, because it is not aware of the information of the partner. Examples # Display the detailed link aggregation information of GigabitEthernet 1/0/1, a member port of a static aggregation group.

  • Page 91: Display Link-Aggregation Summary

    Table 1-2 display link-aggregation member-port command output description Field Description One-octet LACP state flags field. From the least to the most significant bit, they are represented by A through H as follows: A indicates whether LACP is enabled. 1 for enabled and 0 for disabled.
  • Page 92 Parameters None Description Use the display link-aggregation summary command to display the summary information of all aggregation groups. You may find that information about the remote system for a static link aggregation group is either displayed as none or not displayed at all. This is normal because this type of aggregation group is not aware of its partner.

  • Page 93: Display Link-Aggregation Verbose

    Field Description Share Type Load sharing type display link-aggregation verbose Syntax display link-aggregation verbose [ bridge-aggregation [ interface-number ] ] View Any view Default Level 1: Monitor level Parameters bridge-aggregation: Displays detailed information about the Layer 2 aggregate groups corresponding to Layer 2 aggregate interfaces.
  • Page 94 Aggregation Mode: Dynamic Loadsharing Type: Shar System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Oper-Key Flag ------------------------------------------------------------------------------- GE1/0/2 32768 {ACDEF} GE1/0/3 32768 {ACDEF} Remote: Actor Partner Priority Oper-Key SystemID Flag ------------------------------------------------------------------------------- GE1/0/2 32768 {ACDEF} GE1/0/3 32768 {ACDEF} Table 1-4 display link-aggregation verbose command output description Field Description Loadsharing type:...

  • Page 95: Enable Snmp Trap Updown

    Field Description Status Port state: selected or unselected Priority Port LACP priority Oper-Key Operational key Flag LACP protocol state flag Remote Information about the remote end Actor Local port type and number Partner Remote port index enable snmp trap updown Syntax enable snmp trap updown undo enable snmp trap updown...

  • Page 96: Interface Bridge-Aggregation

    [Sysname-Bridge-Aggregation1] enable snmp trap updown interface bridge-aggregation Syntax interface bridge-aggregation interface-number undo interface bridge-aggregation interface-number View System view Default Level 2: System level Parameters interface-number: Layer 2 aggregate interface number, in the range of 1 to 26. Description Use the interface bridge-aggregation command to create a Layer 2 aggregate interface and enter the Layer 2 aggregate interface view.

  • Page 97: Lacp System-Priority

    Parameters port-priority: Port LACP priority, in the range of 0 to 65535. The smaller this value, the higher the LACP priority. Description Use the lacp port-priority command to set the LACP priority of a port. Use the undo lacp port-priority command to restore the default. The default LACP priority of a port is 32768.

  • Page 98: Port Link-Aggregation Group

    undo link-aggregation mode View Layer 2 aggregate interface view Default Level 2: System level Parameters None Description Use the link-aggregation mode dynamic command to configure an aggregation group to work in dynamic aggregation mode. Use the undo link-aggregation mode command to restore the default. By default, an aggregation group works in static aggregation mode.

  • Page 99: Reset Counters Interface

    Use the undo port link-aggregation group command to remove the current Ethernet interface from the aggregation group to which it currently belongs. Note that, an Ethernet port can belong to only one aggregation group. To achieve better load sharing results for data traffic among the member ports of a link aggregation group, you are recommended to assign ports of the same type (all GE ports or all 10-GE optical ports) to the link aggregation group.

  • Page 100: Reset Lacp Statistics

    If the bridge-aggregation interface-number keyword and argument combination is specified, this command clears the statistics of the specified Layer 2 aggregate interface. The bridge-aggregation keyword becomes available only after you create Layer 2 aggregate interfaces on the device. Examples # Clear the statistics of Layer 2 aggregate interface Bridge-Aggregation 1. <Sysname>...
  • Page 101 Parameters None Description Use the shutdown command to shut down the current aggregate interface/subinterface. Use the undo shutdown command to bring up the current aggregate interface/subinterface. By default, aggregate interfaces are up. Examples # Shut down Layer 2 aggregate interface Bridge-Aggregation 1. <Sysname>...
  • Page 102 Table of Contents 1 Port Isolation Configuration Commands ································································································1-1 Port Isolation Configuration Commands ·································································································1-1 display port-isolate group ················································································································1-1 port-isolate enable ···························································································································1-2 port-isolate group·····························································································································1-3...
  • Page 103 Port Isolation Configuration Commands Port Isolation Configuration Commands display port-isolate group Syntax display port-isolate group [ group-number ] View Any view Default Level 1: Monitor level Parameters group-number: Specifies an isolation group number. Description Use the display port-isolate group command to display information about one or all isolation groups. If an isolation group is specified, this command displays information about the specified isolation group;...
  • Page 104 GigabitEthernet1/0/1 Table 1-1 display port-isolate group command output description Field Description Port-isolate group information Display the information of a port-isolation group Uplink port support Indicates whether the uplink port is supported. Group ID Isolation group number Group members Isolated ports in the isolation group port-isolate enable Syntax port-isolate enable group group-number...
  • Page 105 <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port-isolate enable group 2 [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface GigabitEthernet 1/0/2 [Sysname-GigabitEthernet1/0/2] port-isolate enable group 2 port-isolate group Syntax port-isolate group group-number undo port-isolate group { group-number | all } View System view Default Level 2: System level Parameters group-number: Specifies the number of the isolation group, the value ranges from 1 to 26.
  • Page 106 Table of Contents 1 Port Mirroring Configuration Commands ·······························································································1-1 Port Mirroring Configuration Commands ································································································1-1 display mirroring-group····················································································································1-1 mirroring-group ································································································································1-2 mirroring-group mirroring-port ·········································································································1-2 mirroring-group monitor-port ···········································································································1-3 mirroring-port ···································································································································1-4 monitor-port ·····································································································································1-5...

  • Page 107: Port Mirroring Configuration Commands

    Port Mirroring Configuration Commands Port Mirroring Configuration Commands display mirroring-group Syntax display mirroring-group { group-id | local } View Any view Default Level 2: System level Parameters group-id: Number of the mirroring group to be displayed, which can only be 1. local: Displays local mirroring groups.

  • Page 108: Mirroring-Group

    mirroring-group Syntax mirroring-group group-id local undo mirroring-group { group-id | local } View System view Default Level 2: System level Parameters group-id: Specifies the number of the mirroring group to be created or removed. Its value can only be 1. local: Creates a local mirroring group or removes a local mirroring group with the undo command.

  • Page 109: Mirroring-Group Monitor-Port

    both: Mirrors both inbound and outbound packets on the specified port(s). inbound: Mirrors only inbound packets on the specified port(s). outbound: Mirrors only outbound packets on the specified port(s). Description Use the mirroring-group mirroring-port command to assign ports to a local mirroring group as mirroring ports.

  • Page 110: Mirroring-Port

    monitor-port-id: Port to be assigned to the specified mirroring group as the monitor port. The argument takes the form of interface-type interface-number, where interface-type specifies the port type and interface-number specifies the port number. Description Use the mirroring-group monitor-port command to assign a port to a local mirroring group as the monitor port.

  • Page 111: Monitor-Port

    Description Use the mirroring-port command to assign the current port to a local mirroring group as a mirroring port. Use the undo mirroring-port command to remove the current port from the mirroring group. By default, a port does not serve as a mirroring port for any mirroring group. When assigning a port to a mirroring group as a mirroring port, note that: If no mirroring group is specified, the port is assigned to mirroring group 1.
  • Page 112 Related commands: mirroring-group. Examples # Configure GigabitEthernet 1/0/1 as the monitor port in local mirroring group numbered 1. <Sysname> system-view [Sysname] mirroring-group 1 local [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] monitor-port...
  • Page 113 Table of Contents 1 LLDP Configuration Commands ··············································································································1-1 LLDP Configuration Commands ·············································································································1-1 display lldp local-information ···········································································································1-1 display lldp neighbor-information·····································································································1-5 display lldp statistics ························································································································1-9 display lldp status ··························································································································1-10 display lldp tlv-config ·····················································································································1-12 lldp admin-status ···························································································································1-14 lldp check-change-interval·············································································································1-14 lldp compliance admin-status cdp ·································································································1-15 lldp compliance cdp ·······················································································································1-16 lldp enable ·····································································································································1-16 lldp encapsulation snap ·················································································································1-17...

  • Page 114: Lldp Configuration Commands

    LLDP Configuration Commands LLDP Configuration Commands display lldp local-information Syntax display lldp local-information [ global | interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters global: Displays the global LLDP information to be sent. interface interface-type interface-number: Displays the LLDP information to be sent out the port specified by its type and number.
  • Page 115 SoftwareRev : 5.20 Alpha 2101 SerialNum : NONE Manufacturer name : Manufacturer Model name : Model Asset tracking identifier : Unknown LLDP local-information of port 1[GigabitEthernet1/0/1]: Port ID subtype : Interface name Port ID : GigabitEthernet1/0/1 Port description : GigabitEthernet1/0/1 Interface Management address type : ipv4 Management address...
  • Page 116 Field Description Chassis ID Bridge MAC address of the device Supported capabilities, which can be: System capabilities supported Bridge, indicating switching Router, indicating routing Currently enabled capabilities, which can be: System capabilities enabled Bridge, indicating switching is currently enabled. Router, indicating routing is currently enabled. MED device class, which can be: Connectivity device, indicating a network device.
  • Page 117 Field Description PoE device type, which can be : Power port class PSE: power sourcing equipment PD: powered device PSE power supported Indicates whether the device can operate as a PSE. PSE power enabled Indicates whether the device is operating as a PSE. PSE pairs control ability Indicates whether the PSE-PD pair control is available.

  • Page 118: Display Lldp Neighbor-Information

    Field Description PoE power supply priority of PSE ports, which can be: Unknown Port PSE Priority Critical High Port available power value Available PoE power on PSE ports, in watts display lldp neighbor-information Syntax display lldp neighbor-information [ brief | interface interface-type interface-number [ brief ] | list [ system-name system-name ] ] View Any view...
  • Page 119 Chassis ID : 000f-0055-0002 Port ID type : Interface name Port ID : GigabitEthernet1/0/1 Port description : GigabitEthernet1/0/1 Interface System name : Sysname System description : System System capabilities supported : Bridge,Router System capabilities enabled : Bridge,Router Management address type : ipv4 Management address : 192.168.1.55...
  • Page 120 Table 1-2 display lldp neighbor-information command output description Field Description LLDP neighbor-information of port 1 LLDP information received through port 1 Time when the LLDP information about a neighboring device is latest Update time updated. Chassis information, which can be: Chassis component Interface alias Port component...
  • Page 121 Field Description PoE device type, which can be: Power port class PSE: power sourcing equipment PD: powered device PSE power supported Indicates whether the device can operate as a PSE. PSE power enabled Indicates whether the device is operating as a PSE. PSE pairs control ability Indicates whether the PSE-PD pair control is available.

  • Page 122: Display Lldp Statistics

    display lldp statistics Syntax display lldp statistics [ global | interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters global: Displays the global LLDP statistics. interface interface-type interface-number: Specifies a port by its type and number. Description Use the display lldp statistics command to display the global LLDP statistics or the LLDP statistics of a port.

  • Page 123: Display Lldp Status

    Table 1-3 display lldp statistics command output description Field Description LLDP statistics global information Global LLDP statistics LLDP neighbor information last change time Time the neighbor information is latest updated The number of LLDP neighbor information inserted Number of times of adding neighbor information The number of LLDP neighbor information deleted Number of times of removing neighbor information Number of times of dropping neighbor information due...
  • Page 124 Examples # Display the global LLDP status as well as the LLDP status information of all ports. <Sysname> display lldp status Global status of LLDP: Enable The current number of LLDP neighbors: 0 The current number of CDP neighbors: 0 LLDP neighbor information last changed time: 0 days,0 hours,4 minutes,40 seconds Transmit interval : 30s...

  • Page 125: Display Lldp Tlv-Config

    Field Description LLDP mode of the port, which can be: TxRx. A port in this mode sends and receives LLDPDUs. Rx_Only. A port in this mode receives LLDPDUs only. Admin status Tx_Only. A port in this mode sends LLDPDUs only. Disable.
  • Page 126 Management Address TLV IEEE 802.1 extend TLV: Port VLAN ID TLV Port And Protocol VLAN ID TLV VLAN Name TLV IEEE 802.3 extend TLV: MAC-Physic TLV Power via MDI TLV Link Aggregation TLV Maximum Frame Size TLV LLDP-MED extend TLV: Capabilities TLV Network Policy TLV Location Identification TLV...

  • Page 127: Lldp Admin-Status

    lldp admin-status Syntax lldp admin-status { disable | rx | tx | txrx } undo lldp admin-status View Layer 2 Ethernet port view, port group view Default level 2: System level Parameters disable: Specifies the Disable mode. A port in this mode does not send or receive LLDPDUs. rx: Specifies the Rx mode.

  • Page 128: Lldp Compliance Admin-Status Cdp

    Description Use the lldp check-change-interval command to enable LLDP polling and set the polling interval. Use the undo lldp check-change-interval command to restore the default. By default, LLDP polling is disabled. Examples # Enable LLDP polling on GigabitEthernet 1/0/1, setting the polling interval to 30 seconds. <Sysname>...

  • Page 129: Lldp Compliance Cdp

    lldp compliance cdp Syntax lldp compliance cdp undo lldp compliance cdp View System view Default Level 2: System level Parameters None Description Use the lldp compliance cdp command to enable CDP compatibility globally. Use the undo lldp compliance cdp command to restore the default. By default, CDP compatibility is disabled globally.

  • Page 130: Lldp Encapsulation Snap

    Description Use the lldp enable command to enable LLDP. Use the undo lldp enable command to disable LLDP. By default, LLDP is disabled globally and enabled on a port. Note that LLDP takes effect on a port only when LLDP is enabled both globally and on the port. Examples # Disable LLDP on GigabitEthernet 1/0/1.

  • Page 131: Lldp Fast-Count

    lldp fast-count Syntax lldp fast-count count undo lldp fast-count View System view Default level 2: System level Parameters count: Number of the LLDPDUs sent each time fast LLDPDU transmission is triggered. This argument ranges from 1 to 10. Description Use the lldp fast-count command to set the number of the LLDPDUs sent each time fast LLDPDU transmission is triggered.

  • Page 132: Lldp Management-Address-Format String

    The TTL multiplier defaults to 4. You can set the TTL of the local device information by configuring the TTL multiplier. The TTL of the information about a device is determined by the following expression: TTL multiplier × LLDPDU transmit interval Note that the TTL can be up to 65535 seconds.

  • Page 133: Lldp Notification Remote-Change Enable

    undo lldp management-address-tlv View Layer 2 Ethernet port view, port group view Default level 2: System level Parameters ip-address: Management address to be advertised in LLDPDUs. Description Use the lldp management-address-tlv command to enable management address advertising and set the management address. Use the undo lldp management-address-tlv command to disable management address advertising in LLDPDUs.

  • Page 134: Lldp Timer Notification-Interval

    Use the undo lldp notification remote-change enable command to restore the default. By default, LLDP trapping is disabled on a port. Examples # Enable LLDP trapping for GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lldp notification remote-change enable lldp timer notification-interval Syntax lldp timer notification-interval interval...

  • Page 135: Lldp Timer Tx-Delay

    Parameters delay: LLDP re-initialization delay to be set, in the range 1 to 10 (in seconds). Description Use the lldp timer reinit-delay command to set the LLDP re-initialization delay. Use the undo lldp timer reinit-delay command to restore the default. By default, the LLDP re-initialization delay is 2 seconds.

  • Page 136: Lldp Tlv-Enable

    View System view Default level 2: System level Parameters interval: LLDPDU transmit interval, in the range 5 to 32768 (in seconds). Description Use the lldp timer tx-interval command to set the LLDPDU transmit interval. Use the undo lldp timer tx-interval command to restore the default. By default, the LLDPDU transmit interval is 30 seconds.
  • Page 137 system-capability: Advertises system capabilities TLVs. system-description: Advertises system description TLVs. system-name: Advertises system name TLVs. dot1-tlv: Advertises IEEE 802.1 organizationally specific LLDP TLVs. port-vlan-id: Advertises port VLAN ID TLVs. protocol-vlan-id: Advertises port and protocol VLAN ID TLVs. vlan-name: Advertises VLAN name TLVs. vlan-id: ID of the VLAN in the TLVs to be advertised.
  • Page 138 To enable LLDP-MED TLV advertising , you must enable LLDP-MED capabilities TLV advertising first. Conversely, to disable LLDP-MED capabilities TLV advertising , you must disable the advertising of other LDP-MED TLV. To disable MAC/PHY configuration/status TLV advertising , you must disable LLDP-MED capabilities TLV advertising first.
  • Page 139 Table of Contents 1 VLAN Configuration Commands··············································································································1-1 VLAN Configuration Commands·············································································································1-1 description ·······································································································································1-1 display interface vlan-interface········································································································1-2 display vlan······································································································································1-3 interface vlan-interface ····················································································································1-5 ip address ········································································································································1-6 name················································································································································1-6 shutdown ·········································································································································1-7 vlan ··················································································································································1-8 Port-Based VLAN Configuration Commands··························································································1-9 display port ······································································································································1-9 port·················································································································································1-10 port access vlan·····························································································································1-11 port hybrid pvid ······························································································································1-12 port hybrid vlan ······························································································································1-13 port link-type ··································································································································1-14 port trunk permit vlan·····················································································································1-16...

  • Page 140: Vlan Configuration Commands

    VLAN Configuration Commands VLAN Configuration Commands description Syntax description text undo description View VLAN view, VLAN interface view Default Level 2: System level Parameters text: Description of a VLAN or VLAN interface. Currently, the device supports the following types of characters or symbols: standard English characters (numbers and case-sensitive letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard.

  • Page 141: Display Interface Vlan-Interface

    Description Use the description command to configure the description of the current VLAN or VLAN interface. Use the undo description command to restore the default. For a VLAN, the default description is the VLAN ID, for example, VLAN 0001; for a VLAN interface, the default description is the name of the interface, for example, Vlan-interface 1 Interface.

  • Page 142: Display Vlan

    The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e249-8050 Last clearing of counters: Never Last 300 seconds input: 0 bytes/sec 0 packets/sec Last 300 seconds output: 0 bytes/sec 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops Table 1-1 display interface vlan-interface command output description...
  • Page 143 View Any view Default Level 1: Monitor level Parameters vlan-id1: Displays the information of a VLAN specified by VLAN ID in the range of 1 to 4094. vlan-id1 to vlan-id2: Displays the information of a range of VLANs specified by a VLAN ID range. all: Displays all current VLAN information except for the reserved VLANs.

  • Page 144: Interface Vlan-Interface

    Table 1-2 display vlan command output description Field Description VLAN Type VLAN type (static or dynamic) Whether a VLAN interface is configured for the VLAN: not configured Route interface or configured Description Description of the VLAN Name Name configured for the VLAN Primary IP address of the VLAN interface (available only on a VLAN interface configured with an IP address).

  • Page 145: Ip Address

    [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ip address Syntax ip address ip-address { mask | mask-length } undo ip address [ ip-address { mask | mask-length } ] View VLAN interface view Default Level 2: System level Parameters ip-address: IP address to be assigned to the current VLAN interface, in dotted decimal format.

  • Page 146: Shutdown

    Default Level 2: System level Parameters text: VLAN name, a string of 1 to 32 characters. Spaces and special characters can be included in the name. Description Use the name command to configure a name for the current VLAN. Use the undo name command to restore the default name of the VLAN. The default name of a VLAN is its VLAN ID, VLAN 0001 for example.

  • Page 147: Vlan

    The state of any Ethernet port in a VLAN is independent of the VLAN interface state. Examples # Shut down VLAN interface 2 and then bring it up. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] shutdown [Sysname-Vlan-interface2] undo shutdown vlan Syntax vlan { vlan-id1 [ to vlan-id2 ] } undo vlan { vlan-id1 [ to vlan-id2 ] | all }...

  • Page 148: Port-Based Vlan Configuration Commands

    Examples # Enter VLAN 2 view. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] # Create VLAN 4 through VLAN 100. <Sysname> system-view [Sysname] vlan 4 to 100 Please wait..... Done. Port-Based VLAN Configuration Commands display port Syntax display port { hybrid | trunk } View Any view Default Level...

  • Page 149: Port

    Table 1-3 display port command output description Field Description Interface Port name PVID Default VLAN ID of the port VLAN passing VLANs whose packets are allowed to pass through the port. Tagged VLANs whose packets are required to pass through the port tagged. Untagged VLANs whose packets are required to pass through the port untagged.

  • Page 150: Port Access Vlan

    [Sysname-vlan2] port gigabitethernet 1/0/1 to gigabitethernet 1/0/3 # Assign Layer 2 aggregate interface Bridge-aggregation 1 to VLAN 2. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] port bridge-aggregation 1 port access vlan Syntax port access vlan vlan-id undo port access vlan View Ethernet interface view, port group view, Layer 2 aggregate interface view Default Level 2: System level...

  • Page 151: Port Hybrid Pvid

    [Sysname] vlan 3 [Sysname-vlan3] quit [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port access vlan 3 port hybrid pvid Syntax port hybrid pvid vlan vlan-id undo port hybrid pvid View Ethernet interface view, port group view, Layer 2 aggregate interface view Default Level 2: System level Parameters vlan-id: VLAN ID, in the range of 1 to 4094.

  • Page 152: Port Hybrid Vlan

    [Sysname-GigabitEthernet1/0/1] port link-type hybrid [Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan 100 # Configure VLAN 100 as the default VLAN of the hybrid Layer 2 aggregate interface Bridge-aggregation 1. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port link-type hybrid [Sysname-Bridge-Aggregation1] port hybrid pvid vlan 100 port hybrid vlan Syntax port hybrid vlan vlan-id-list { tagged | untagged }...

  • Page 153: Port Link-Type

    Examples # Assign the hybrid port GigabitEthernet1/0/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100, and configure GigabitEthernet1/0/1 to send packets of these VLANs with tags kept. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type hybrid [Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged # Assign hybrid ports in port group 2 to VLAN 2, and configure these hybrid ports to send packets of VLAN 2 with VLAN tags removed.
  • Page 154 Parameters access: Configures the link type of a port as access. hybrid: Configures the link type of a port as hybrid. trunk: Configures the link type of a port as trunk. Description Use the port link-type command to configure the link type of a port. Use the undo port link-type command to restore the default link type of a port.

  • Page 155: Port Trunk Permit Vlan

    port trunk permit vlan Syntax port trunk permit vlan { vlan-id-list | all } undo port trunk permit vlan { vlan-id-list | all } View Ethernet interface view, port group view, Layer 2 aggregate interface view Default Level 2: System level Parameters vlan-id-list: VLANs that the trunk port(s) will be assigned to.

  • Page 156: Port Trunk Pvid

    Please wait... Done. # Assign the trunk Layer 2 aggregate interface Bridge-aggregation 1 to VLAN 2, assuming that Bridge-aggregation 1 does not have member ports. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port link-type trunk [Sysname-Bridge-Aggregation1] port trunk permit vlan 2 Please wait...
  • Page 157 In port group view, this command applies to all ports in the port group. For information about port groups, refer to Ethernet Interface Configuration. In Layer 2 aggregate interface view, this command applies to the Layer 2 aggregate interface and all its member ports.

  • Page 158: Voice Vlan Configuration Commands

    Voice VLAN Configuration Commands Voice VLAN Configuration Commands display voice vlan oui Syntax display voice vlan oui View Any view Default Level 1: Monitor level Parameters None Description Use the display voice vlan oui command to display the currently supported organizationally unique identifier (OUI) addresses, the OUI address masks, and the description strings.

  • Page 159: Display Voice Vlan State

    0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone Table 2-1 display voice vlan oui command output description Field Description Oui Address OUI addresses supported Mask Masks of the OUI addresses supported Description Description strings of the OUI addresses supported display voice vlan state Syntax display voice vlan state...

  • Page 160: Voice Vlan Aging

    Table 2-2 display voice vlan state command output description Field Description Voice VLAN system capacity Maximum number of voice VLANs supported by the system Current Voice VLAN Count Number of existing voice VLANs Security mode of the voice VLAN: Security for security mode; Voice VLAN security mode Normal for normal mode Voice VLAN aging time...

  • Page 161: Voice Vlan Enable

    voice vlan enable Syntax voice vlan vlan-id enable undo voice vlan enable View Ethernet interface view Default Level 2: System level Parameters vlan-id: VLAN to be configured as the voice VLAN for the current port. Description Use the voice vlan enable command to enable the voice VLAN feature and configure a VLAN as the voice VLAN for the current Ethernet port.
  • Page 162 mask oui-mask: Specifies the valid length of the OUI address by a mask in the format of H-H-H, formed by consecutive fs and 0s, for example, ffff-0000-0000. To filter the voice device of a specific vendor, set the mask to ffff-ff00-0000. description text: Specifies a string that describes the OUI address.

  • Page 163: Voice Vlan Mode Auto

    00e0-bb00-0000 ffff-ff00-0000 3com phone 1234-1200-0000 ffff-ff00-0000 PhoneA # Remove the OUI address 1234-1200-0000. <Sysname> system-view [Sysname] undo voice vlan mac-address 1234-1200-0000 voice vlan mode auto Syntax voice vlan mode auto undo voice vlan mode auto View Ethernet interface view Default Level 2: System level Parameters None...
  • Page 164 Default Level 2: System level Parameters None Description Use the voice vlan security enable command to enable voice VLAN security mode. Use the undo voice vlan security enable command to disable voice VLAN security mode. After you enable the security mode for a voice VLAN, only voice traffic can be transmitted in the voice VLAN.
  • Page 165 Table of Contents 1 MSTP Configuration Commands ·············································································································1-1 MSTP Configuration Commands ············································································································1-1 active region-configuration ··············································································································1-1 check region-configuration ··············································································································1-2 display stp········································································································································1-3 display stp abnormal-port ················································································································1-8 display stp down-port·······················································································································1-9 display stp history ··························································································································1-10 display stp ignored-vlan·················································································································1-11 display stp region-configuration·····································································································1-11 display stp root ······························································································································1-12 display stp tc··································································································································1-13 instance ·········································································································································1-14 region-name ··································································································································1-15...
  • Page 166 stp timer-factor·······························································································································1-39 stp transmit-limit ····························································································································1-40 vlan-mapping modulo ····················································································································1-41...

  • Page 167: Mstp Configuration Commands

    MSTP Configuration Commands MSTP Configuration Commands active region-configuration Syntax active region-configuration View MST region view Default Level 2: System level Parameters None Description Use the active region-configuration command to activate your MST region configuration. Note that: The configuration of MST region–related parameters, especially the VLAN-to-instance mapping table, will cause MSTP to launch a new spanning tree calculation process, which may result in network topology instability.

  • Page 168: Check Region-Configuration

    check region-configuration Syntax check region-configuration View MST region view Default Level 2: System level Parameters None Description Use the check region-configuration command to view MST region pre-configuration information, including the region name, revision level, and VLAN-to-instance mapping settings. Note that: Two or more MSTP-enabled devices belong to the same MST region only if they are configured to have the same format selector, MST region name, the same VLAN-to-instance mapping entries in the MST region and the same MST region revision level, and they are interconnected via a physical...

  • Page 169: Display Stp

    Table 1-1 check region-configuration command output description Field Description Format selector of the MST region, which defaults to 0 and Format selector is not configurable. Region name MST region name Revision level Revision level of the MST region Instance Vlans Mapped VLAN-to-instance mappings in the MST region display stp Syntax...
  • Page 170 CIST global parameters: Protocol work mode, device priority in the CIST (Priority), MAC address, hello time, max age, forward delay, maximum hops, common root of the CIST, external path cost from the device to the CIST common root, regional root, the internal path cost from the device to the regional root, CIST root port of the device, and status of the BPDU guard function (enabled or disabled).
  • Page 171 Field Description MSTP status on the port, which can be: FORWARDING: The port learns MAC addresses and forwards user traffic STP State DISCARDING: The port does not learn MAC addresses or forward user traffic LEARNING: The port learns MAC addresses but does not forward user traffic Protection type on the port, which can be: ROOT: Root guard...
  • Page 172 -------[MSTI 1 Global Info]------- MSTI Bridge ID :0.000f-e23e-9ca4 MSTI RegRoot/IRPC :0.000f-e23e-9ca4 / 0 MSTI RootPortId :0.0 MSTI Root Type :PRIMARY root Master Bridge :32768.000f-e23e-9ca4 Cost to Master TC received # View the MSTP status and statistics when STP is not enabled. <Sysname>...
  • Page 173 Field Description [LEARNING] The port learns MAC addresses but does not forward user traffic Port Protocol Indicates whether STP is enabled on the port Port role, which can be Alternate, Backup, Root, Designated, Master, or Port Role Disabled Port Priority Port priority Path cost of the port.

  • Page 174: Display Stp Abnormal-Port

    Field Description Protocol Status MSTP protocol status Protocol Std. MSTP protocol standard Version MSTP protocol version CIST Bridge-Prio. The device’s priority in the CIST MAC address MAC address of the device Max age(s) Aging timer for BPDUs (in seconds) Forward delay(s) Port state transition delay (in seconds) Hello time(s) Interval for the root bridge to send BPDUs (in seconds)

  • Page 175: Display Stp Down-Port

    Table 1-4 display stp abnormal-port command output description Field Description MSTID ID of the MSTI to which an abnormally blocked port belongs Blocked Port Name of an abnormally blocked port Reason that caused abnormal blocking of the port. ROOT-Protected: root guard function Reason LOOP-Protected: loop guard function Formatcompatibility-Protected: MSTP BPDU format incompatibility...

  • Page 176: Display Stp History

    display stp history Syntax display stp [ instance instance-id ] history View Any view Default Level 0: Visit level Parameters instance instance-id: Displays the historic port role calculation information of a particular MSTI. The minimum value of instance-id is 0, representing the common internal spanning tree (CIST), and the maximum value of instance-id is 3.

  • Page 177: Display Stp Ignored-Vlan

    Field Description A role change of the port (“Age” means that the change was caused by Role change expiry of the received configuration BPDU) Time Time of port role calculation Port priority Port priority display stp ignored-vlan Syntax display stp ignored-vlan View Any view Default Level...

  • Page 178: Display Stp Root

    Parameters None Description Use the display stp region-configuration command to view the currently effective configuration information of the MST region, including the region name, revision level, and user-configured VLAN-to-instance mappings. Related commands: instance, region-name, revision-level, vlan-mapping modulo. Examples # View the currently effective MST region configuration information. <Sysname>...

  • Page 179: Display Stp

    Description Use the display stp root command to view the root bridge information of all MSTIs. Examples # View the root bridge information of all MSTIs. <Sysname> display stp root MSTID Root Bridge ID ExtPathCost IntPathCost Root Port 0.00e0-fc0e-6554 200200 GigabitEthernet1/0/1 Table 1-9 display stp root command output description Field...

  • Page 180: Instance

    If you specify an MSTI ID, this command will display the statistics of TC/TCN BPDUs received and sent by all ports in the specified MSTI, in port name order. Examples # View the statistics of TC/TCN BPDUs received and sent by all ports in MSTI 0. <Sysname>...

  • Page 181: Region-Name

    You cannot map the same VLAN to different MSTIs. If you map a VLAN that has been mapped to an MSTI to a new MSTI, the old mapping will be automatically removed. After configuring this command, you need to run the active region-configuration command to activate the VLAN-to-instance mapping.

  • Page 182: Reset Stp

    reset stp Syntax reset stp [ interface interface-list ] View User view Default Level 1: Monitor level Parameters interface interface-list: Clears the MSTP statistics of the ports specified in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> indicates that you can specify up to 10 ports or port ranges.

  • Page 183: Stp Bpdu-Protection

    Description Use the region-level command to configure the MSTP revision level. Use the undo region-level command to restore the default MSTP revision level. By default, the MSTP revision level is 0. Note that: The MSTP revision level, the MST region name and the VLAN-to-instance mapping table of a device jointly determine the MST region to which the device belongs.

  • Page 184: Stp Bridge-Diameter

    stp bridge-diameter Syntax stp bridge-diameter diameter undo stp bridge-diameter View System view Default Level 2: System level Parameters diameter: Specifies the switched network diameter, in the range of 2 to 7. Description Use the stp bridge-diameter command to specify the network diameter, namely the maximum possible number of stations between any two terminal devices on the switched network.

  • Page 185: Stp Config-Digest-Snooping

    Default Level 2: System level Parameters auto: Configures the port(s) to recognize the MSTP BPDU format automatically and accordingly determine the format of MSTP BPDUs to send. dot1s: Configures the port(s) to receive and send only standard-format (802.1s-compliant) MSTP BPDUs. legacy: Configures the port(s) to receive and send only compatible-format MSTP BPDUs.

  • Page 186: Stp Cost

    Description Use the stp config-digest-snooping command to enable Digest Snooping. Use the undo stp config-digest-snooping command to disable Digest Snooping. The feature is disabled by default. Note that: Configured in system view, the setting takes effect globally; configured in Layer 2 Ethernet port view, the setting takes effect on the current port only;...

  • Page 187: Stp Edged-Port

    With the private standard selected for path cost calculation, the cost argument ranges from 1 to 200000. Description Use the stp cost command to set the path cost of the port(s) in the specified MSTI or all MSTIs. Use the undo stp cost command to restore the system default. By default, the device automatically calculates the path costs of ports in each MSTI based on the corresponding standard.

  • Page 188: Stp Enable

    Use the stp edged-port disable command to configure the port(s) as a non-edge port or non-edge ports. Use the undo stp edged-port command to restore the default. All ports are non-edge ports by default. Note that: Configured in Layer 2 Ethernet port view, the setting takes effect on the current port only; configured in port group view, the setting takes effect on all ports in the port group.

  • Page 189: Stp Ignored Vlan

    Description Use the stp enable command to enable MSTP globally in system view, on a port in port view, or on multiple ports in port group view. Use the undo stp enable command to disable MSTP globally or on the port(s). The device is globally MSTP-disabled by default.

  • Page 190: Stp Loop-Protection

    Description Use the stp ignored vlan command to enable VLAN Ignore for the specified VLAN(s). Use the undo stp ignored vlan command to disable VLAN Ignore for the specified VLAN(s). Examples # Enable VLAN Ignore for VLAN 2. <Sysname> system-view [Sysname] stp ignored vlan 2 # Enable VLAN Ignore for VLAN 1 through VLAN 10.

  • Page 191: Stp Max-Hops

    [Sysname-GigabitEthernet1/0/1] stp loop-protection stp max-hops Syntax stp max-hops hops undo stp max-hops View System view Default Level 2: System level Parameters hops: Maximum hops, in the range of 1 to 40 Description Use the stp max-hops command to set the maximum hops of the MST region on the device. Use the undo stp max-hops command to restore the maximum hops to the default setting.

  • Page 192: Stp Mode

    If a port on a device running MSTP (or RSTP) connects to a device running STP, this port will automatically migrate to the STP-compatible mode. However, it will not be able to migrate automatically back to the MSTP (or RSTP) mode, but will remain working in the STP-compatible mode under the following circumstances: The device running STP is shut down or removed.

  • Page 193: Stp No-Agreement-Check

    Use the undo stp mode command to restore the MSTP work mode to the default setting. By default, an MSTP-enabled device works in MSTP mode. Related commands: stp mcheck, stp enable. Examples # Configure the MSTP-enabled device to work in STP-compatible mode. <Sysname>...

  • Page 194: Stp Pathcost-Standard

    stp pathcost-standard Syntax stp pathcost-standard { dot1d-1998 | dot1t | legacy } undo stp pathcost-standard View System view Default Level 2: System level Parameters dot1d-1998: The device calculates the default path cost for ports based on IEEE 802.1d-1998. dot1t: The device calculates the default path cost for ports based on IEEE 802.1t. legacy: The device calculates the default path cost for ports based on a private standard.

  • Page 195: Stp Point-To-Point

    Path cost in Path cost in Path cost in Link speed Duplex state 802.1d-1998 IEEE 802.1t private standard standard standard Single Port 20,000 Aggregate Link 2 Ports 10,000 1000 Mbps Aggregate Link 3 Ports 6,666 Aggregate Link 4 Ports 5,000 Single Port 2,000 Aggregate Link 2 Ports...

  • Page 196: Stp Port Priority

    Configured in Layer 2 aggregate port view, the setting takes effect only on the aggregate port. Configured on a member port in an aggregation group, the setting can take effect only after the port leaves the aggregation group. When connecting to a non-point-to-point link, a port is incapable of rapid state transition. If the current port is a Layer 2 aggregate port or if it works in full duplex mode, the link to which the current port connects is a point-to-point link.

  • Page 197: Stp Port-Log

    Configured in Layer 2 aggregate port view, the setting takes effect only on the aggregate port. Configured on a member port in an aggregation group, the setting can take effect only after the port leaves the aggregation group. Setting different priorities for the same port in different MSTIs allows VLAN traffic flows to be forwarded along different physical links, thus to achieve VLAN-based load balancing.

  • Page 198: Stp Priority

    %Aug 16 00:49:41:856 2006 Sysname MSTP/3/PFWD: Instance 2's GigabitEthernet1/0/2 has been set to forwarding state! // The information above shows that in MSTI 2 the state of GigabitEthernet 1/0/1 has changed to discarding and that of GigabitEthernet 1/0/2 has changed to forwarding. stp priority Syntax stp [ instance instance-id ] priority priority...

  • Page 199: Stp Root Primary

    Parameters None Description Use the stp region-configuration command to enter MST region view. Use the undo stp region-configuration command to restore the default MST region configurations. By default, the default settings are used for all the three MST region parameters. Namely, the device’s MST region name is the device’s MAC address, all VLANs are mapped to the CIST, and the MSTP revision level is 0.

  • Page 200: Stp Root Secondary

    Related commands: stp priority, stp root secondary. Examples # Specify the current device as the root bridge of MSTI 0. <Sysname> system-view [Sysname] stp instance 0 root primary stp root secondary Syntax stp [ instance instance-id ] root secondary undo stp [ instance instance-id ] root View System view Default Level...

  • Page 201: Stp Tc-Protection

    undo stp root-protection View Layer 2 Ethernet port view, port group view, Layer 2 aggregate port view Default Level 2: System level Parameters None Description Use the stp root-protection command to enable the root guard function on the port(s). Use the undo stp root-protection command to restore the default. By default, the root guard function is disabled.

  • Page 202: Stp Tc-Protection Threshold

    Description Use the stp tc-protection enable command to enable the TC-BPDU attack guard function for the device. Use the stp tc-protection disable command to disable the TC-BPDU attack guard function for the device. By default, the TC-BPDU attack guard function is enabled. Examples # Disable the TC-BPDU attack guard function for the device.

  • Page 203: Stp Timer Forward-Delay

    stp timer forward-delay Syntax stp timer forward-delay time undo stp timer forward-delay View System view Default Level 2: System level Parameters time: Forward delay in centiseconds, ranging form 400 to 3000 at the step of 100. Description Use the stp timer forward-delay command to set the forward delay timer of the device. Use the undo stp timer forward-delay command to restore the system default.

  • Page 204: Stp Timer Max-Age

    View System view Default Level 2: System level Parameters time: Hello time in centiseconds, ranging from 100 to 1000 at the step of 100. Description Use the stp timer hello command to set the hello time of the device. Use the undo stp timer hello command to restore the system default. By default, the hello time is set to 200 centiseconds.
  • Page 205 Description Use the stp timer max-age command to set the max age timer of the device. Use the undo stp timer max-age command to restore the system default. By default, the max age is set to 2,000 centiseconds. MSTP can detect link failures and automatically restore the forwarding state of the redundant link. In the CIST, the device determines whether a configuration BPDU received on a port has expired based on the max age timer.
  • Page 206 Note that: After the network topology is stabilized, each non-root-bridge device forwards configuration BPDUs to the surrounding devices at the interval of hello time to check whether any link is faulty. Typically, if a device does not receive a BPDU from the upstream device within nine times the hello time, it will assume that the upstream device has failed and start a new spanning tree calculation process.
  • Page 207 using excessive bandwidth resources during network topology changes. You are recommended to use the default value. Examples # Set the maximum transmission rate of port GigabitEthernet 1/0/1 to 5. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp transmit-limit 5 vlan-mapping modulo Syntax vlan-mapping modulo modulo View...
  • Page 208 Table of Contents 1 IP Addressing Configuration Commands ·······························································································1-1 IP Addressing Configuration Commands································································································1-1 display ip interface···························································································································1-1 display ip interface brief···················································································································1-3 ip address ········································································································································1-4...
  • Page 209 IP Addressing Configuration Commands IP Addressing Configuration Commands display ip interface Syntax display ip interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display ip interface command to display information about a specified or all Layer 3 interfaces.
  • Page 210 Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 1-1 display ip interface command output description Field Description Current physical state of the interface, which can be Administrative DOWN: Indicates that the interface is administratively down;...
  • Page 211 Field Description ICMP packet input number: Total number of ICMP packets received on the interface (the Echo reply: statistics start at the device startup), including the following packets: Unreachable: Echo reply packets Source quench: Unreachable packets Routing redirect: Source quench packets Echo request: Routing redirect packets Router advert:...
  • Page 212 <Sysname> display ip interface brief vlan-interface *down: administratively down (s): spoofing Interface Physical Protocol IP Address Description Vlan-interface1 6.6.6.6 Vlan-inte... Vlan-interface2 7.7.7.7 VLAN2 Table 1-2 display ip interface brief command output description Field Description The interface is administratively shut down with the shutdown *down: administratively down command.
  • Page 213 mask: Subnet mask in dotted decimal notation. mask-length: Subnet mask length, the number of consecutive ones in the mask. Description Use the ip address command to assign an IP address and mask to the interface. Use the undo ip address command to remove all IP addresses from the interface. By default, no IP address is assigned to any interface.
  • Page 214 Table of Contents 1 IP Performance Optimization Configuration Commands ······································································1-1 IP Performance Optimization Configuration Commands ········································································1-1 display fib·········································································································································1-1 display fib ip-address·······················································································································1-3 display icmp statistics ······················································································································1-4 display ip socket ······························································································································1-5 display ip statistics···························································································································1-8 display tcp statistics·························································································································1-9 display tcp status ···························································································································1-12 display udp statistics······················································································································1-13 ip forward-broadcast (interface view) ····························································································1-14 ip forward-broadcast (system view)·······························································································1-14 ip ttl-expires enable ·······················································································································1-15...

  • Page 215: Ip Performance Optimization Configuration Commands

    If the specified IP prefix list does not exist, all FIB entries are displayed. Currently, the S5120-SI series Ethernet switches do not support the ip-prefix keyword. That is, they do not display FIB entries matching a specified IP prefix list.
  • Page 216 Description Use the display fib command to display FIB entries. If no parameters are specified, all FIB entries will be displayed. Examples # Display all FIB entries. <Sysname> display fib Destination count: 4 FIB entry count: 4 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic...

  • Page 217: Display Fib Ip-Address

    Table 1-1 display fib command output description Field Description Destination count Total number of destination addresses FIB entry count Total number of FIB entries Destination/Mask Destination address/length of mask Nexthop Address of next hop Flags of routes: “U”—Usable route “G”—Gateway route “H”—Host route Flag “B”—Blackhole route...
  • Page 218 <Sysname> display fib 10.2.1.1 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token 10.2.1.1/32 127.0.0.1 InLoop0 Null Invalid For description about the above output, refer to Table 1-1. display icmp statistics Syntax display icmp statistics...

  • Page 219: Display Ip Socket

    Table 1-2 display icmp statistics command output description Field Description bad formats Number of input wrong format packets bad checksum Number of input wrong checksum packets echo Number of input/output echo packets destination unreachable Number of input/output destination unreachable packets source quench Number of input/output source quench packets redirects...
  • Page 220 Task = VTYD(38), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_REUSEPORT SO_SENDVPNID(3073) SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = HTTP(36), socketid = 1, Proto = 6, LA = 0.0.0.0:80, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,...
  • Page 221 socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RDSO(56), socketid = 1, Proto = 17, LA = 0.0.0.0:1024, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = TRAP(52), socketid = 1, Proto = 17, LA = 0.0.0.0:1025, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 0, sb_cc = 0, rb_cc = 0,...

  • Page 222: Display Ip Statistics

    sndbuf = 4194304, rcvbuf = 4194304, sb_cc = 0, rb_cc = 0, socket option = 0, socket state = SS_PRIV SS_NBIO SS_ASYNC Table 1-3 display ip socket command output description Field Description SOCK_STREAM TCP socket SOCK_DGRAM UDP socket SOCK_RAW Raw IP socket Task Task number socketid...

  • Page 223: Display Tcp Statistics

    <Sysname> display ip statistics Input: 7120 local bad protocol bad format bad checksum bad options Output: forwarding local dropped no route compress fails 0 Fragment:input output dropped fragmented couldn't fragment 0 Reassembling:sum timeouts Table 1-4 display ip statistics command output description Field Description Total number of packets received...
  • Page 224 Default Level 1: Monitor level Parameters None Description Use the display tcp statistics command to display statistics of TCP traffic. Related commands: display tcp status, reset tcp statistics. Examples # Display statistics of TCP traffic. <Sysname> display tcp statistics Received packets: Total: 8457 packets in sequence: 3660 (5272 bytes) window probe packets: 0, window update packets: 0...
  • Page 225 Table 1-5 display tcp statistics command output description Field Description Total Total number of packets received packets in sequence Number of packets arriving in sequence window probe packets Number of window probe packets received window update packets Number of window update packets received checksum error Number of checksum error packets received offset error...

  • Page 226: Display Tcp Status

    Field Description Number of connections closed; in brackets are connections closed accidentally (before receiving SYN Closed connections from the peer) and connections closed initiatively (after receiving SYN from the peer) Packets dropped with MD5 authentication Number of packets dropped by MD5 authentication Packets permitted with MD5 authentication Number of packets permitted by MD5 authentication display tcp status...
  • Page 227 display udp statistics Syntax display udp statistics View Any view Default Level 1: Monitor level Parameters None Description Use the display udp statistics command to display statistics of UDP packets. Related commands: reset udp statistics. Examples # Display statistics of UDP packets. <Sysname>...

  • Page 228: Ip Forward-Broadcast (Interface View)

    Field Description Sent Total Total number of UDP packets sent packets: ip forward-broadcast (interface view) Syntax ip forward-broadcast [ acl acl-number ] undo ip forward-broadcast View Interface view Default Level 2: System level Parameters acl acl-number: Access control list number, in the range 2000 to 3999. From 2000 to 2999 are numbers for basic ACLs, and from 3000 to 3999 are numbers for advanced ACLs.

  • Page 229: Ip Ttl-Expires Enable

    Use the undo ip forward-broadcast command to disable the device from receiving directed broadcasts. By default, the device is enabled from receiving directed broadcasts. Currently, this command is ineffective on the S5120-SI series Ethernet switches. That is, the switches cannot be disabled from receiving directed broadcasts. Examples # Enable the device to receive directed broadcasts.

  • Page 230: Ip Unreachables Enable

    If the feature is disabled, the device will not send TTL timeout ICMP packets, but still send “reassembly timeout” ICMP packets. Examples # Enable sending of ICMP timeout packets. <Sysname> system-view [Sysname] ip ttl-expires enable ip unreachables enable Syntax ip unreachables enable undo ip unreachables View System view...

  • Page 231: Reset Tcp Statistics

    Parameters None Description Use the reset ip statistics command to clear statistics of IP packets. Related commands: display ip interface in IP Addressing Commands; display ip statistics. Examples # Clear statistics of IP packets. <Sysname> reset ip statistics reset tcp statistics Syntax reset tcp statistics View...

  • Page 232: Tcp Anti-Naptha Enable

    Description Use the reset udp statistics command to clear statistics of UDP traffic. Examples # Display statistics of UDP traffic. <Sysname> reset udp statistics tcp anti-naptha enable Syntax tcp anti-naptha enable undo tcp anti-naptha enable View System view Default Level 2: System level Parameters None...

  • Page 233: Tcp Syn-Cookie Enable

    Default Level 2: System level Parameters closing: CLOSING state of a TCP connection. established: ESTABLISHED state of a TCP connection. fin-wait-1: FIN_WAIT_1 state of a TCP connection. fin-wait-2: FIN_WAIT_2 state of a TCP connection. last-ack: LAST_ACK state of a TCP connection. syn-received: SYN_RECEIVED state of a TCP connection.

  • Page 234: Tcp Timer Check-State

    Parameters None Description Use the tcp syn-cookie enable command to enable the SYN Cookie feature to protect the device against SYN Flood attacks. Use the undo tcp syn-cookie enable command to disable the SYN Cookie feature. By default, the SYN Cookie feature is disabled. Examples # Enable the SYN Cookie feature.

  • Page 235: Tcp Timer Fin-Timeout

    [Sysname] tcp timer check-state 40 tcp timer fin-timeout Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout View System view Default Level 2: System level Parameters time-value: Length of the TCP finwait timer in seconds, in the range 76 to 3,600. Description Use the tcp timer fin-timeout command to configure the length of the TCP finwait timer.

  • Page 236: Tcp Window

    Description Use the tcp timer syn-timeout command to configure the length of the TCP synwait timer. Use the undo tcp timer syn-timeout command to restore the default. By default, the value of the TCP synwait timer is 75 seconds. Related commands: tcp timer fin-timeout, tcp window. Examples # Set the length of the TCP synwait timer to 80 seconds.
  • Page 237 Table of Contents 1 ARP Configuration Commands················································································································1-1 ARP Configuration Commands···············································································································1-1 arp check enable ·····························································································································1-1 arp max-learning-num ·····················································································································1-1 arp static ··········································································································································1-2 arp timer aging·································································································································1-3 display arp ·······································································································································1-4 display arp ip-address ·····················································································································1-5 display arp timer aging ····················································································································1-6 reset arp ··········································································································································1-6 Gratuitous ARP Configuration Commands ·····························································································1-7 gratuitous-arp-sending enable·········································································································1-7 gratuitous-arp-learning enable ········································································································1-7 2 ARP Attack Defense Configuration Commands·····················································································2-1...

  • Page 238: Arp Configuration Commands

    ARP Configuration Commands ARP Configuration Commands arp check enable Syntax arp check enable undo arp check enable View System view Default Level 2: System level Parameters None Description Use the arp check enable command to enable ARP entry check. With this function enabled, the device cannot learn any ARP entry with a multicast MAC address.

  • Page 239: Arp Static

    Default Level 2: System level Parameters number: Maximum number of dynamic ARP entries that an interface can learn. The value is in the range 0 to 256. Description Use the arp max-learning-num command to configure the maximum number of dynamic ARP entries that an interface can learn.

  • Page 240: Arp Timer Aging

    Note that: A static ARP entry is effective when the device works normally. However, when the VLAN or VLAN interface to which an ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and if non-permanent and resolved, will become unresolved. The vlan-id argument is used to specify the corresponding VLAN of an ARP entry and must be the ID of an existing VLAN.

  • Page 241: Display Arp

    display arp Syntax display arp [ [ all | dynamic | static ] | vlan vlan-id | interface interface-type interface-number ] [ [ | { begin | exclude | include } regular-expression ] | count ] View Any view Default Level 1: Monitor level Parameters all: Displays all ARP entries.

  • Page 242: Display Arp Ip-Address

    Field Description MAC Address MAC address in an ARP entry VLAN ID VLAN ID contained a static ARP entry Interface Outbound interface in an ARP entry Aging time for a dynamic ARP entry in minutes (“N/A” means unknown Aging aging time or no aging time) Type ARP entry type: D for dynamic, S for static.

  • Page 243: Display Arp Timer Aging

    display arp timer aging Syntax display arp timer aging View Any view Default Level 2: System level Parameters None Description Use the display arp timer aging command to display the aging time for dynamic ARP entries. Related commands: arp timer aging. Examples # Display the aging time for dynamic ARP entries.

  • Page 244: Gratuitous Arp Configuration Commands

    Examples # Clear all static ARP entries. <Sysname> reset arp static Gratuitous ARP Configuration Commands gratuitous-arp-sending enable Syntax gratuitous-arp-sending enable undo gratuitous-arp-sending enable View System view Default Level 2: System level Parameters None Description Use the gratuitous-arp-sending enable command to enable a device to send gratuitous ARP packets when receiving ARP requests from another network segment.
  • Page 245 Parameters None Description Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function. Use the undo gratuitous-arp-learning enable command to disable the function. By default, the function is enabled. With this function enabled, a device receiving a gratuitous ARP packet can add the source IP and MAC addresses carried in the packet to its own dynamic ARP table if it finds no ARP entry in the cache corresponding to the source IP address of the ARP packet exists;...

  • Page 246: Arp Attack Defense Configuration Commands

    ARP Attack Defense Configuration Commands ARP Active Acknowledgement Configuration Commands arp anti-attack active-ack enable Syntax arp anti-attack active-ack enable undo arp anti-attack active-ack enable View System view Default Level 2: System level Parameters None Description Use the arp anti-attack active-ack enable command to enable the ARP active acknowledgement function.

  • Page 247: Source Mac Address Based Arp Attack Detection Configuration Commands

    <Sysname> system-view [Sysname] arp anti-attack active-ack enable Source MAC Address Based ARP Attack Detection Configuration Commands arp anti-attack source-mac Syntax arp anti-attack source-mac { filter | monitor } undo arp anti-attack source-mac [ filter | monitor ] View System view Default Level 2: System level Parameters...

  • Page 248: Arp Anti-Attack Source-Mac Exclude-Mac

    undo arp anti-attack source-mac aging-time View System view Default Level 2: System level Parameters time: Aging timer for protected MAC addresses, in the range of 60 to 6000 seconds. Description Use the arp anti-attack source-mac aging-time command to configure the aging timer for protected MAC addresses.

  • Page 249: Arp Anti-Attack Source-Mac Threshold

    Note that: If no MAC address is specified in the undo arp anti-attack source-mac exclude-mac command, all the configured protected MAC addresses are removed. Examples # Configure a protected MAC address. <Sysname> system-view [Sysname] arp anti-attack source-mac exclude-mac 2-2-2 arp anti-attack source-mac threshold Syntax arp anti-attack source-mac threshold threshold-value undo arp anti-attack source-mac threshold...
  • Page 250 Parameters interface interface-type interface-number: Displays attacking MAC addresses detected on the interface. Description Use the display arp anti-attack source-mac command to display attacking MAC addresses detected by source MAC address based ARP attack detection. If no interface is specified, the display arp anti-attack source-mac command displays attacking MAC addresses detected on all the interfaces.

  • Page 251: Arp Detection Configuration Commands

    Examples # Specify the ARP packet rate on GigabitEthernet1/0/1 as 50 pps, and exceeded packets will be discarded. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] arp rate-limit rate 50 drop ARP Detection Configuration Commands arp detection enable Syntax arp detection enable undo arp detection enable View VLAN view...

  • Page 252: Arp Detection Static-Bind

    Default Level 2: System level Parameters dhcp-snooping: Implements ARP attack detection based on DHCP snooping entries. This mode is mainly used to prevent source address spoofing attacks. dot1x: Implements ARP attack detection based on 802.1X security entries. This mode is mainly used to prevent source address spoofing attacks.

  • Page 253: Arp Detection Trust

    With ARP detection based on static IP-to-MAC bindings configured, the device, upon receiving an ARP packet from an ARP trusted/untrusted port, compares the source IP and MAC addresses of the ARP packet against the static IP-to-MAC bindings. If an entry with a matching IP address but different MAC address is found, the ARP packet is considered invalid and discarded.

  • Page 254: Display Arp Detection

    undo arp detection validate [ dst-mac | ip | src-mac ] * View System view Default Level 2: System level Parameters dst-mac: Checks the target MAC address of ARP responses. If the target MAC address is all-zero, all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid and discarded.

  • Page 255: Display Arp Detection Statistics

    Description Use the display arp detection command to display the VLAN(s) enabled with ARP detection. Related commands: arp detection enable. Examples # Display the VLANs enabled with ARP detection. <Sysname> display arp detection ARP detection is enabled in the following VLANs: 1, 2, 4-5 Table 2-1 display arp detection command output description Field...

  • Page 256: Reset Arp Detection Statistics

    GE1/0/6(U) Table 2-2 display arp detection statistics command output description Field Description Interface(State) State T or U identifies a trusted or untrusted port. Number of ARP packets discarded due to invalid source and destination IP addresses Src-MAC Number of ARP packets discarded due to invalid source MAC address Number of ARP packets discarded due to invalid destination MAC Dst-MAC address...
  • Page 257 View VLAN interface view Default Level 2: System level Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent. The value ranges 200 to 5000, in milliseconds. The default value is 2000 ms. Description Use the arp anti-attack send-gratuitous-arp command to enable periodic sending of gratuitous ARP packets and set the sending interval.
  • Page 258 Table of Contents 1 DHCP Relay Agent Configuration Commands ·······················································································1-1 DHCP Relay Agent Configuration Commands ·······················································································1-1 dhcp relay address-check················································································································1-1 dhcp relay information circuit-id format-type ···················································································1-1 dhcp relay information circuit-id string·····························································································1-2 dhcp relay information enable ·········································································································1-3 dhcp relay information format··········································································································1-4 dhcp relay information remote-id format-type ·················································································1-5 dhcp relay information remote-id string ···························································································1-5 dhcp relay information strategy ·······································································································1-6 dhcp relay release ip ·······················································································································1-7...
  • Page 259 display dhcp-snooping information··································································································3-9 display dhcp-snooping packet statistics ························································································3-10 display dhcp-snooping trust···········································································································3-10 reset dhcp-snooping ······················································································································3-11 reset dhcp-snooping packet statistics ···························································································3-12 4 BOOTP Client Configuration Commands ·······························································································4-1 BOOTP Client Configuration Commands ·······························································································4-1 display bootp client ··························································································································4-1 ip address bootp-alloc ·····················································································································4-2...

  • Page 260: Dhcp Relay Agent Configuration Commands

    DHCP Relay Agent Configuration Commands DHCP Relay Agent Configuration Commands dhcp relay address-check Syntax dhcp relay address-check { disable | enable } View Interface view Default Level 2: System level Parameters disable: Disables IP address match check on the relay agent. enable: Enables IP address match check on the relay agent.

  • Page 261: Dhcp Relay Information Circuit-Id String

    undo dhcp relay information circuit-id format-type View Interface view Default Level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex. Description Use the dhcp relay information circuit-id format-type command to configure the code type for the non-user-defined circuit ID sub-option.

  • Page 262: Dhcp Relay Information Enable

    Description Use the dhcp relay information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option. Use the undo dhcp relay information circuit-id string command to restore the default. By default, the padding content for the circuit ID sub-option depends on the padding format of Option Note that: After you configure the padding content for the circuit ID sub-option using this command, ASCII is adopted as the code type.

  • Page 263: Dhcp Relay Information Format

    dhcp relay information format Syntax dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } undo dhcp relay information format [ verbose node-identifier ] View Interface view Default Level 2: System level Parameters normal: Specifies the normal padding format.

  • Page 264: Dhcp Relay Information Remote-Id Format-Type

    <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information enable [Sysname-Vlan-interface1] dhcp relay information strategy replace [Sysname-Vlan-interface1] dhcp relay information format verbose dhcp relay information remote-id format-type Syntax dhcp relay information remote-id format-type { ascii | hex } undo dhcp relay information remote-id format-type View Interface view Default Level...

  • Page 265: Dhcp Relay Information Strategy

    View Interface view Default Level 2: System level Parameters remote-id: Padding content for the user-defined remote ID sub-option, a case sensitive string of 1 to 63 characters. sysname: Specifies the device name as the padding content for the remote ID sub-option. Description Use the dhcp relay information remote-id string command to configure the padding content for the user-defined remote ID sub-option.

  • Page 266: Dhcp Relay Release

    Default Level 2: System level Parameters drop: Specifies to drop messages containing Option 82. keep: Specifies to forward messages containing Option 82 without any change. replace: Specifies to forward messages containing Option 82 after replacing the original Option 82 with the Option 82 padded in the specified padding format.

  • Page 267: Dhcp Relay Security Static

    dhcp relay security static Syntax dhcp relay security static ip-address mac-address [ interface interface-type interface-number ] undo dhcp relay security { ip-address | all | dynamic | interface interface-type interface-number | static } View System view Default Level 2: System level Parameters ip-address: Client IP address for creating a static binding.

  • Page 268: Dhcp Relay Security Refresh Enable

    dhcp relay security refresh enable Syntax dhcp relay security refresh enable undo dhcp relay security refresh enable View System view Default Level 2: System level Parameters None Description Use the dhcp relay security refresh enable command to enable the DHCP relay agent to periodically refresh dynamic client entries.

  • Page 269: Dhcp Relay Server-Detect

    Parameters interval: Refreshing interval in seconds, in the range of 1 to 120. auto: Specifies the auto refreshing interval, which is the value of 60 seconds divided by the number of binding entries. Thus, the more entries are, the shorter interval is, but the shortest interval is no less than 500 ms.

  • Page 270: Dhcp Relay Server-Group

    Examples # Enable unauthorized DHCP server detection. <Sysname> system-view [Sysname] dhcp relay server-detect dhcp relay server-group Syntax dhcp relay server-group group-id ip ip-address undo dhcp relay server-group group-id [ ip ip-address ] View System view Default Level 2: System level Parameters group-id: DHCP server group number, in the range of 0 to 19.

  • Page 271: Dhcp Select Relay

    View Interface view Default Level 2: System level Parameters group-id: DHCP server group number to be correlated, in the range of 0 to 19. Description Use the dhcp relay server-select command to correlate specified interface(s) to a specified DHCP server group. Use the undo dhcp relay server-select command to remove a configured correlation.

  • Page 272: Display Dhcp Relay

    Description Use the dhcp select relay command to enable the relay agent on the current interface. Upon receiving requests from an enabled interface, the relay agent will forward these requests to outside DHCP servers for IP address allocation. Use the undo dhcp select relay command to restore the default. After DHCP is enabled, the DHCP server is enabled on an interface by default.

  • Page 273: Display Dhcp Relay Information

    Table 1-1 display dhcp relay all command output description Field Description Server-group DHCP server group number correlated to the interface. display dhcp relay information Syntax display dhcp relay information { all | interface interface-type interface-number } View Any view Default Level 1: Monitor level Parameters all: Displays the Option 82 configuration information of all interfaces.

  • Page 274: Display Dhcp Relay Security

    Table 1-2 display dhcp relay information all command output description Field Description Interface Interface name Status Option 82 state, which can be Enable or Disable. Handling strategy for requesting messages containing Option 82, Strategy which can be Drop, Keep, or Replace. Format Padding format of Option 82, which can be Normal or Verbose.

  • Page 275: Display Dhcp Relay Security Statistics

    Table 1-3 display dhcp relay security command output description Field Description IP Address Client IP address MAC Address Client MAC address Type Type of binding, including dynamic, static, and temporary. Layer 3 interface connecting to the DHCP client. If no interface is recorded in Interface the binding entry, “N/A”...

  • Page 276: Display Dhcp Relay Security Tracker

    display dhcp relay security tracker Syntax display dhcp relay security tracker View Any view Default Level 1: Monitor level Parameters None Description Use the display dhcp relay security tracker command to display the interval for refreshing dynamic bindings on the relay agent. Examples # Display the interval for refreshing dynamic bindings on the relay agent.

  • Page 277: Display Dhcp Relay Statistics

    Group IP 1.1.1.1 1.1.1.2 Table 1-5 display dhcp relay server-group command output description Field Description Sequence number Group IP IP address in the server group display dhcp relay statistics Syntax display dhcp relay statistics [ server-group { group-id | all } ] View Any view Default Level...
  • Page 278 DHCPOFFER packets received: DHCPACK packets received: DHCPNAK packets received: BOOTPREPLY packets received: DHCP packets relayed to servers: DHCPDISCOVER packets relayed: DHCPREQUEST packets relayed: DHCPINFORM packets relayed: DHCPRELEASE packets relayed: DHCPDECLINE packets relayed: BOOTPREQUEST packets relayed: DHCP packets relayed to clients: DHCPOFFER packets relayed: DHCPACK packets relayed: DHCPNAK packets relayed:...

  • Page 279: Reset Dhcp Relay Statistics

    reset dhcp relay statistics Syntax reset dhcp relay statistics [ server-group group-id ] View User view Default Level 1: Monitor level Parameters server-group group-id: Specifies a server group ID (in the range of 0 to 19) about which to remove statistics from the relay agent.

  • Page 280: Dhcp Client Configuration Commands

    DHCP Client Configuration Commands When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be the Windows 2000 Server or Windows 2003 Server. DHCP Client Configuration Commands display dhcp client Syntax display dhcp client [ verbose ] [ interface interface-type interface-number ]...
  • Page 281 <Sysname> display dhcp client verbose Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59 2005.08.16 15:37:59 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2 Classless static route: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16...

  • Page 282: Ip Address Dhcp-Alloc

    Field Description Transaction ID, a random number chosen by the client to Transaction ID identify an IP address allocation. Default router The gateway address assigned to the client Classless static route Classless static routes assigned to the client Static route Classful static routes assigned to the client DNS server The DNS server address assigned to the client...
  • Page 283 <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address dhcp-alloc...

  • Page 284: Dhcp Snooping Configuration Commands

    DHCP Snooping Configuration Commands The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.

  • Page 285: Dhcp-Snooping Information Circuit-Id Format-Type

    dhcp-snooping information circuit-id format-type Syntax dhcp-snooping information circuit-id format-type { ascii | hex } undo dhcp-snooping information circuit-id format-type View Layer 2 Ethernet port view, Layer 2 aggregation interface view Default Level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex.

  • Page 286: Dhcp-Snooping Information Enable

    Parameters vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. Description Use the dhcp-snooping information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option.

  • Page 287: Dhcp-Snooping Information Format

    By default, DHCP snooping does not support Option 82. Related commands: display dhcp-snooping information. Examples # Configure DHCP snooping to support Option 82. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information enable dhcp-snooping information format Syntax dhcp-snooping information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } undo dhcp-snooping information format [ verbose node-identifier ] View...

  • Page 288: Dhcp-Snooping Information Remote-Id Format-Type

    [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp-snooping information enable [Sysname-GigabitEthernet1/0/1] dhcp-snooping information strategy replace [Sysname-GigabitEthernet1/0/1] dhcp-snooping information format verbose dhcp-snooping information remote-id format-type Syntax dhcp-snooping information remote-id format-type { ascii | hex } undo dhcp-snooping information remote-id format-type View Layer 2 Ethernet port view, Layer 2 aggregation interface view Default Level 2: System level Parameters...
  • Page 289 View Layer 2 Ethernet port view, Layer 2 aggregation interface view Default Level 2: System level Parameters vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. remote-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 1 to 63 characters.

  • Page 290: Dhcp-Snooping Information Strategy

    dhcp-snooping information strategy Syntax dhcp-snooping information strategy { drop | keep | replace } undo dhcp-snooping information strategy View Layer 2 Ethernet interface view, Layer 2 aggregation interface view Default Level 2: System level Parameters drop: Drops the requesting message containing Option 82. keep: Forwards the requesting message containing Option 82 without changing Option 82.

  • Page 291: Display Dhcp-Snooping

    Parameters no-user-binding: Specifies the port not to record the clients’ IP-to-MAC bindings in DHCP requests it receives. The command without this keyword records the IP-to-MAC bindings of clients. Description Use the dhcp-snooping trust command to configure a port as a trusted port. Use the undo dhcp-snooping trust command to restore the default state of a port.

  • Page 292: Display Dhcp-Snooping Information

    Examples # Display all DHCP snooping entries. <Sysname> display dhcp-snooping DHCP Snooping is enabled. The client binding table for all untrusted ports. Type : D--Dynamic , S--Static Type IP Address MAC Address Lease VLAN Interface ==== =============== =============== ========== ==== ================= 10.1.1.1 00e0-fc00-0006 GigabitEthernet1/0/1...

  • Page 293: Display Dhcp-Snooping Packet Statistics

    Examples # Display the Option 82 configuration information of all interfaces. <Sysname> display dhcp-snooping information all Interface: GigabitEthernet1/0/1 Status: Enable Strategy: Replace Format: Verbose Circuit ID format-type: HEX Remote ID format-type: ASCII Node identifier: aabbcc User defined: Circuit ID: company001 display dhcp-snooping packet statistics Syntax display dhcp-snooping packet statistics...

  • Page 294: Reset Dhcp-Snooping

    View Any view Default Level 1: Monitor level Parameters None Description Use the display dhcp-snooping trust command to display information about trusted ports. Related commands: dhcp-snooping trust. Examples # Display information about trusted ports. <Sysname> display dhcp-snooping trust DHCP Snooping is enabled. DHCP Snooping trust becomes active.

  • Page 295: Reset Dhcp-Snooping Packet Statistics

    Examples # Clear all DHCP snooping entries. <Sysname> reset dhcp-snooping all reset dhcp-snooping packet statistics Syntax reset dhcp-snooping packet statistics View User view Default Level 2: System level Parameters None Description Use the reset dhcp-snooping packet statistics command to clear DHCP packet statistics on the DHCP snooping device.

  • Page 296: Bootp Client Configuration Commands

    BOOTP Client Configuration Commands If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server. BOOTP Client Configuration Commands display bootp client Syntax display bootp client [ interface interface-type interface-number ] View...

  • Page 297: Ip Address Bootp-Alloc

    Table 4-1 display bootp client command output description Field Description Ethernet1/1 BOOTP client information or Information of the interface serving as a BOOTP Vlan-interface1 BOOTP client information client BOOTP client’s IP address allocated by the BOOTP Allocated IP server Value of the XID field in a BOOTP message, namely, a random number chosen while the BOOTP client sends a BOOTP request to the BOOTP server.
  • Page 298 Table of Contents 1 FTP Configuration Commands·················································································································1-1 FTP Server Configuration Commands····································································································1-1 display ftp-server ·····························································································································1-1 display ftp-user ································································································································1-2 free ftp user ·····································································································································1-3 ftp server acl ····································································································································1-3 ftp server enable······························································································································1-4 ftp timeout········································································································································1-4 ftp update·········································································································································1-5 FTP Client Configuration Commands ·····································································································1-6 ascii··················································································································································1-6 binary ···············································································································································1-7 bye ···················································································································································1-7 cd ·····················································································································································1-8 cdup ·················································································································································1-9...

  • Page 300: Ftp Configuration Commands

    FTP Configuration Commands FTP Server Configuration Commands display ftp-server Syntax display ftp-server View Any view Default Level 3: Manage level Parameters None Description Use the display ftp-server command to display the FTP server configuration. After configuring FTP server parameters, you may verify them with this command. Related commands: ftp server enable, ftp timeout, ftp update.

  • Page 301: Display Ftp-User

    Field Description File update method of the FTP server, including: Put Method fast: Fast update normal: Normal update display ftp-user Syntax display ftp-user View Any view Default Level 3: Manage level Parameters None Description Use the display ftp-user command to display the detailed information of current FTP users. Examples # Display the detailed information of FTP users.

  • Page 302: Free Ftp User

    free ftp user Syntax free ftp user username View User view Default Level 3: Manage level Parameters username: Username. You can use the display ftp-user command to view the logged-in user name of the current FTP connection. Description Use the free ftp user command to manually release the FTP connection established with the specified username.

  • Page 303: Ftp Server Enable

    Associated with an ACL, the FTP server can deny the FTP requests of some FTP clients and only permit the access of clients allowed by the ACL rules. This configuration only filters the FTP connections to be established, and has no effect on the established FTP connections and operations. If you execute the command for multiple times, the last specified ACL takes effect.

  • Page 304: Ftp Update

    View System view Default Level 3: Manage level Parameters minute: Idle-timeout timer in minutes, in the range 1 to 35791. Description Use the ftp timeout command to set the idle-timeout timer. Use the undo ftp timeout command to restore the default. By default, the FTP idle time is 30 minutes.

  • Page 305: Ftp Client Configuration Commands

    The carriage return characters vary with operating systems. For example, to indicate the end of a line and transfer to the next line, the H3C device system and Windows system use characters /r/n, and the Linux system uses characters /n. Therefore, after the file transmission between two systems that use different carriage return characters, such as Linux system and H3C device system, the FTP transmission mode must be applied to ensure the correct resolution of the files.

  • Page 306: Binary

    Related commands: binary. Examples # Set the file transfer mode to ASCII. [ftp] ascii 200 Type set to A. binary Syntax binary View FTP client view Default Level 3: Manage level Parameters None Description Use the binary command to set the file transfer mode to binary (also called flow mode). By default, the transfer mode is ASCII mode.
  • Page 307 Description Use the bye command to disconnect from the remote FTP server and return to user view. If the device establishes no connection with the remote FTP server, you will return to user view directly. Related commands: close, disconnect, quit. Examples # Terminate the connection with the remote FTP server and return to user view.

  • Page 308: Cdup

    cdup Syntax cdup View FTP client view Default Level 3: Manage level Parameters None Description Use the cdup command to exit the current directory and enter the upper directory of the FTP server. Execution of this command will not change the working directory if the current directory is already the authorized directory (that is, work-directory).

  • Page 309: Debugging

    Examples # Terminate the connection to the FTP server and remain in FTP client view. [ftp] close 221 Server closing. [ftp] debugging Syntax debugging undo debugging View FTP client view Default Level 3: Manage level Parameters None Description Use the debugging command to enable FTP client debugging. Use the undo debugging command to disable FTP client debugging.

  • Page 310: Delete

    ---> PORT 192,168,1,44,4,21 200 Port command okay. The parsed reply is 200 ---> RETR sample.file 150 Opening ASCII mode data connection for /sample.file. The parsed reply is 150 FTPC: File transfer started with the signal light turned on. FTPC: File transfer completed with the signal light turned off. .226 Transfer complete.

  • Page 311: Dir

    Examples # Delete file temp.c. [ftp] delete temp.c 250 DELE command successful. Syntax dir [ remotefile [ localfile ] ] View FTP client view Default Level 3: Manage level Parameters remotefile: Name of the file or directory on the remote FTP server. localfile: Name of the local file to save the displayed information.

  • Page 312: Disconnect

    -rwxrwxrwx 1 noone nogroup 4001 Dec 08 2007 config.cfg -rwxrwxrwx 1 noone nogroup 3608 Jun 13 2007 startup.cfg drwxrwxrwx 1 noone nogroup 0 Dec 03 2007 test -rwxrwxrwx 1 noone nogroup 299 Oct 15 2007 key.pub 226 Transfer complete. FTP: 394 byte(s) received in 0.189 second(s), 2.00K byte(s)/sec. [ftp] # View the information of the file ar-router.cfg, and save the result to aa.txt.
  • Page 313 View Any view Default Level 1: Monitor level Parameters None Description Use the display ftp client configuration command to display the configuration information of the FTP client. Currently this command displays the configured source IP address or source interface of the FTP client. Related commands: ftp client source.

  • Page 314: Ftp Client Source

    ip source-ip-address: The source IP address of the current FTP client. This source address must be the one that has been configured on the device. Description Use the ftp command to log in to the remote FTP server and enter FTP client view. Note that: This command applies to IPv4 networks.

  • Page 315: Get

    Parameters interface interface-type interface-number: Source interface for the FTP connection, including interface type and interface number. The primary IP address configured on the source interface is the source IP address of the packets sent by FTP. If no primary IP address is configured on the source interface, the connection fails.

  • Page 316: Lcd

    Parameters remotefile: Name of the file to be downloaded. localfile: File name used after a file is downloaded and saved locally. If this argument is not specified, the file is saved locally using the source file name to the current working directory, namely the directory where the user executes the ftp command.
  • Page 317 View FTP client view Default Level 3: Manage level Parameters remotefile: Filename or directory on the remote FTP server. localfile: Name of a local file used to save the displayed information. Description Use the ls command to view the information of all the files and subdirectories under the current directory of the remote FTP server.

  • Page 318: Mkdir

    ..226 Transfer complete. FTP: 20 byte(s) received in 3.962 second(s), 5.00 byte(s)/sec. # View the content of file aa.txt. [ftp] quit <Sysname> more aa.txt logfile.log mkdir Syntax mkdir directory View FTP client view Default Level 3: Manage level Parameters directory: Name of the directory to be created. Description Use the mkdir command to create a subdirectory under the current directory on the remote FTP server.

  • Page 319: Passive

    service-port: Port number of the remote FTP server, in the range 0 to 65535, with the default value of Description Use the open command to log in to the IPv4 FTP server under FTP client view. At login, you will be asked to enter the username and password for accessing the FTP server. If your input is correct, the login succeeds;...

  • Page 320: Put

    Data transmission modes fall into the passive mode and the active mode. The active mode means that the data connection request is initiated by a server. The passive mode means that the data connection request is initiated by a client. This command is mainly used in conjunction with a firewall to restrict the FTP session connection between private and public network users.

  • Page 321: Quit

    Default Level 3: Manage level Parameters None Description Use the pwd command to display the currently accessed directory on the remote FTP server. Examples # Display the currently accessed directory on the remote FTP server. [ftp] cd servertemp [ftp] pwd 257 "/servertemp"...
  • Page 322 STAT* HELP NOOP* XCUP XCWD XMKD XPWD XRMD 214 Direct comments to H3C company. # Display the help information for the user command. [ftp] remotehelp user 214 Syntax: USER <sp> <username>. [ftp] Table 1-4 remotehelp command output description Field Description 214-Here is a list of available ftp commands The following is an available FTP command list.
  • Page 323 Field Description PORT Port number PASV Passive mode TYPE Request type STRU* File structure MODE* Transmission mode RETR Download a file STOR Upload a file STOU* Store unique APPE* Appended file ALLO* Allocation space REST* Restart RNFR* Rename the source RNTO* Rename the destination ABOR*...

  • Page 324: Rmdir

    rmdir Syntax rmdir directory View FTP client view Default Level 3: Manage level Parameters directory: Directory name on the remote FTP server. Description Use the rmdir command to remove a specified directory from the FTP server. Note that only authorized users are allowed to use this command. Note that: The directory to be deleted must be empty, meaning you should delete all files and subdirectories under the directory before you delete a directory.

  • Page 325: Verbose

    Description Use the user command to relog in to the currently accessed FTP server with another username. Before using this command, you must configure the corresponding username and password on the FTP server; otherwise, your login fails and the FTP connection is closed. Examples # User ftp1 has logged in to the FTP server.
  • Page 326 [ftp] verbose FTP: verbose is on # Disable the protocol information function and perform the Get operation. [ftp] undo verbose FTP: verbose is off [ftp] get startup.cfg bb.cfg FTP: 3608 byte(s) received in 0.052 second(s), 69.00K byte(s)/sec. [ftp] # Enable the protocol information function and perform the Get operation. [ftp] verbose FTP: verbose is on [ftp] get startup.cfg aa.cfg...

  • Page 327: Tftp Configuration Commands

    TFTP Configuration Commands TFTP Client Configuration Commands display tftp client configuration Syntax display tftp client configuration View Any view Default Level 1: Monitor level Parameters None Description Use the display tftp client configuration command to display the configuration information of the TFTP client.

  • Page 328: Tftp

    View System view Default Level 3: Manage level Parameters acl-number: Number of a basic ACL, in the range 2000 to 2999. Description Use the tftp server acl command to control the device’s access to a specific TFTP server using an ACL.

  • Page 329: Tftp Client Source

    source-filename: Source file name. destination-filename: Destination file name. source: Configures parameters for source address binding. interface interface-type interface-number: Specifies the source interface by its type and number. The primary IP address configured on the source interface is the source IP address of the packets sent by TFTP.
  • Page 330 View System view Default Level 2: System level Parameters interface interface-type interface-number: Specifies the source interface by its type and number. The primary IP address configured on the source interface is the source IP address of the packets sent by TFTP.
  • Page 331 Table of Contents 1 IP Routing Basics Configuration Commands·························································································1-1 IP Routing Basics Configuration Commands··························································································1-1 display ip routing-table·····················································································································1-1 display ip routing-table acl···············································································································1-5 display ip routing-table ip-address···································································································1-7 display ip routing-table protocol·······································································································1-9 display ip routing-table statistics····································································································1-10 reset ip routing-table statistics protocol ·························································································1-11...
  • Page 332 IP Routing Basics Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing Basics Configuration Commands display ip routing-table Syntax display ip routing-table [ verbose | | { begin | exclude | include } regular-expression ] View Any view Default Level...
  • Page 333 Use the display ip routing-table verbose command to display detailed information about all routes in the routing table. This command displays detailed information about all active and inactive routes, including the statistics of the entire routing table and information for each route. Examples # Display brief information about active routes in the routing table.
  • Page 334 Preference: 0 Cost: 0 NextHop: 127.0.0.1 Interface: InLoopBack0 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL State: Active NoAdv Age: 04h20m03s Tag: 0 Destination: 127.0.0.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 NextHop: 127.0.0.1 Interface: InLoopBack0 BkNextHop: 0.0.0.0 BkInterface:...
  • Page 335 Field Description Interface Outbound interface for packets to be forwarded along the route BkNexthop Backup next hop BkInterface Backup outbound interface RelyNextHop The next hop address obtained through routing recursion Neighbour Neighboring address determined by Routing Protocol Tunnel ID Tunnel ID Label Label Route status:...
  • Page 336 display ip routing-table acl Syntax display ip routing-table acl acl-number [ verbose ] View Any view Default Level 1: Monitor level Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. verbose: Displays detailed routing table information, including that for inactive routes. With this argument absent, the command displays only brief information about active routes.
  • Page 337 10.1.3.1/32 Direct 0 127.0.0.1 InLoop0 For detailed description of the above output, see Table 1-1. # Display detailed information about both active and inactive routes permitted by basic ACL 2000. <Sysname> display ip routing-table acl 2000 verbose Routes Matched by Access list : 2000 Summary Count: 6 Destination: 10.1.1.0/24 Protocol: Direct...
  • Page 338 RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 1d00h05m31s Tag: 0 Destination: 10.1.3.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 NextHop: 127.0.0.1 Interface: InLoopBack0 RelyNextHop: 0.0.0.0 Neighbour: 0.0.0.0 Tunnel ID: 0x0 Label: NULL State: Active NoAdv Age: 1d00h05m32s Tag: 0...
  • Page 339 The system ANDs the input destination IP address with the input subnet mask; and ANDs the destination IP address in each route entry with the input subnet mask. If the two operations yield the same result for an entry and the entry is active with a subnet mask less than or equal to the input subnet mask, the entry is displayed.
  • Page 340 Destination/Mask Proto Cost NextHop Interface 11.0.0.0/8 Static 60 0.0.0.0 NULL0 11.1.0.0/16 Static 60 0.0.0.0 NULL0 11.1.1.0/24 Static 60 0.0.0.0 NULL0 # Display route entries by specifying a destination IP address and mask and the longer-match keyword. [Sysname] display ip routing-table 11.1.1.1 24 longer-match Routing Table : Public Summary Count : 1 Destination/Mask...
  • Page 341 Description Use the display ip routing-table protocol command to display routing information of a specified routing protocol. Examples # Display brief information about direct routes. <Sysname> display ip routing-table protocol direct Public Routing Table : Direct Summary Count : 6 Direct Routing table Status : <...
  • Page 342 Default Level 1: Monitor level Parameters None Description Use the display ip routing-table statistics command to display the route statistics of the network routing table. Examples # Display route statistics in the routing table. <Sysname> display ip routing-table statistics Proto route active added...
  • Page 343 Description Use the reset ip routing-table statistics protocol command to clear routing statistics for the routing table. Examples # Clear all routing statistics information. <Sysname> reset ip routing-table statistics protocol all 1-12...
  • Page 344 Table of Contents 1 Static Routing Configuration Commands·······························································································1-1 Static Routing Configuration Commands································································································1-1 delete static-routes all······················································································································1-1 ip route-static ···································································································································1-2 ip route-static default-preference·····································································································1-3...
  • Page 345 Static Routing Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Static Routing Configuration Commands delete static-routes all Syntax delete static-routes all View System view Default Level 2: System level Parameters None Description...
  • Page 346 ip route-static Syntax ip route-static dest-address { mask | mask-length } { next-hop-address | interface-type interface-number next-hop-address } [ preference preference-value ] [ description description-text ] undo ip route-static dest-address { mask | mask-length } [ next-hop-address | interface-type interface-number [ next-hop-address ] ] [ preference preference-value ] View System view Default Level...
  • Page 347 When configuring a static route, you can specify the output interface or the next hop address based on the actual requirement. Note that the next hop address must not be the IP address of the local interface; otherwise, the route configuration will not take effect. For interfaces that support network address to link layer address resolution or point-to-point interfaces, you can specify the output interface or next hop address.
  • Page 348 Description Use the ip route-static default-preference command to configure the default preference for static routes. Use the undo ip route-static default-preference command to restore the default. By default, the default preference of static routes is 60. Note that: If no preference is specified when configuring a static route, the default preference is used. When the default preference is re-configured, it applies to newly added static routes only.
  • Page 349 Table of Contents 1 IGMP Snooping Configuration Commands ····························································································1-1 IGMP Snooping Configuration Commands·····························································································1-1 display igmp-snooping group ··········································································································1-1 display igmp-snooping statistics······································································································1-2 dot1p-priority····································································································································1-3 fast-leave (IGMP-Snooping view)····································································································1-4 group-policy (IGMP-Snooping view)································································································1-5 host-aging-time (IGMP-Snooping view) ··························································································1-6 igmp-snooping ·································································································································1-6 igmp-snooping dot1p-priority···········································································································1-7 igmp-snooping drop-unknown ·········································································································1-8 igmp-snooping enable ·····················································································································1-8 igmp-snooping fast-leave ················································································································1-9 igmp-snooping general-query source-ip························································································1-10 igmp-snooping group-limit ·············································································································1-11...
  • Page 350 port (multicast VLAN view) ··············································································································2-2 port multicast-vlan ···························································································································2-3...

  • Page 351: Igmp Snooping Configuration Commands

    IGMP Snooping Configuration Commands IGMP Snooping Configuration Commands display igmp-snooping group Syntax display igmp-snooping group [ vlan vlan-id ] [ verbose ] View Any view Default Level 1: Monitor level Parameters vlan vlan-id: Displays the IGMP snooping multicast group information in the specified VLAN, where vlan-id is in the range of 1 to 4094.

  • Page 352: Display Igmp-Snooping Statistics

    Attribute: Host Port Host port(s):total 1 port. GE1/0/2 (D) ( 00:03:23 ) MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 1 port. GE1/0/2 Table 1-1 display igmp-snooping group command output description Field Description Total 1 IP Group(s). Total number of IP multicast groups Total 1 IP Source(s).

  • Page 353: Dot1P-Priority

    Examples # View the statistics information of IGMP messages learned by IGMP snooping. <Sysname> display igmp-snooping statistics Received IGMP general queries:0. Received IGMPv1 reports:0. Received IGMPv2 reports:19. Received IGMP leaves:0. Received IGMPv2 specific queries:0. Sent IGMPv2 specific queries:0. Received IGMPv3 reports:1. Received IGMPv3 reports with right and wrong records:0.

  • Page 354: Fast-Leave (Igmp-Snooping View)

    Description Use the dot1p-priority command to configure 802.1p precedence for IGMP messages globally. Use the undo dot1p-priority command to restore the default. The default 802.1p precedence for IGMP messages is 0. Examples # Set 802.1p precedence for IGMP messages to 3 globally. <Sysname>...

  • Page 355: Group-Policy (Igmp-Snooping View)

    [Sysname] igmp-snooping [Sysname-igmp-snooping] fast-leave vlan 2 group-policy (IGMP-Snooping view) Syntax group-policy acl-number [ vlan vlan-list ] undo group-policy [ vlan vlan-list ] View IGMP-Snooping view Default Level 2: System level Parameters acl-number: Basic or advanced ACL number, in the range of 2000 to 3999. The source address or address range specified in the advanced ACL rule is used to match the multicast source address(es) specified in IGMPv3 reports, rather than the source address in the IP packets.

  • Page 356: Host-Aging-Time (Igmp-Snooping View)

    [Sysname-acl-basic-2000] rule permit source 225.1.1.1 0 [Sysname-acl-basic-2000] quit [Sysname] igmp-snooping [Sysname-igmp-snooping] group-policy 2000 vlan 2 host-aging-time (IGMP-Snooping view) Syntax host-aging-time interval undo host-aging-time View IGMP-Snooping view Default Level 2: System level Parameters interval: Dynamic member port aging time, in seconds. The effective range is 200 to 1,000. Description Use the host-aging-time command to configure the aging time of dynamic member ports globally.

  • Page 357: Igmp-Snooping Dot1P-Priority

    Parameters None Description Use the igmp-snooping command to enable IGMP snooping globally and enter IGMP-Snooping view. Use the undo igmp-snooping command to disable IGMP snooping globally. By default, IGMP snooping is disabled. Related commands: igmp-snooping enable. Examples # Enable IGMP snooping globally and enter IGMP-Snooping view. <Sysname>...

  • Page 358: Igmp-Snooping Drop-Unknown

    [Sysname] igmp-snooping [Sysname-igmp-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping dot1p-priority 3 igmp-snooping drop-unknown Syntax igmp-snooping drop-unknown undo igmp-snooping drop-unknown View VLAN view Default Level 2: System level Parameters None Description Use the igmp-snooping drop-unknown command to enable the function of dropping unknown multicast data in the current VLAN.

  • Page 359: Igmp-Snooping Fast-Leave

    View VLAN view Default Level 2: System level Parameters None Description Use the igmp-snooping enable command to enable IGMP snooping in the current VLAN. Use the undo igmp-snooping enable command to disable IGMP snooping in the current VLAN. By default, IGMP snooping is disabled in a VLAN. IGMP snooping must be enabled globally before it can be enabled in a VLAN.

  • Page 360: Igmp-Snooping General-Query Source

    Use the undo igmp-snooping fast-leave command to disable fast leave processing on the current port or group of ports. By default, fast leave processing is disabled. Note that: This command works on IGMP snooping–enabled VLANs. If you do not specify any VLAN when using this command in Ethernet interface view or Layer 2 aggregate interface view, the command will take effect for all VLANs the interface belongs to;...

  • Page 361: Igmp-Snooping Group-Limit

    Related commands: igmp-snooping enable. Examples # In VLAN 2, enable IGMP snooping and specify 10.1.1.1 as the source IP address of IGMP general queries. <Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping general-query source-ip 10.1.1.1 igmp-snooping group-limit Syntax igmp-snooping group-limit limit [ vlan vlan-list ]...

  • Page 362: Igmp-Snooping Group-Policy

    Examples # Specify to allow a maximum of 10 multicast groups to be joined on GigabitEthernet 1/0/1 in VLAN 2. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-Gigabitethernet1/0/1] igmp-snooping group-limit 10 vlan 2 igmp-snooping group-policy Syntax igmp-snooping group-policy acl-number [ vlan vlan-list ] undo igmp-snooping group-policy [ vlan vlan-list ] View Ethernet interface view, Layer 2 aggregate interface view, port group view...

  • Page 363: Igmp-Snooping Host-Aging-Time

    You can configure different ACL rules for a port in different VLANs; for a given VLAN, a newly configured ACL rule will override the existing one. Related commands: group-policy. Examples # Apply ACL 2000 as a multicast group filter so that hosts on GigabitEthernet 1/0/1 in VLAN 2 can join 225.1.1.1 only.

  • Page 364: Igmp-Snooping Host-Join

    igmp-snooping host-join Syntax igmp-snooping host-join group-address [ source-ip source-address ] vlan vlan-id undo igmp-snooping host-join group-address [ source-ip source-address ] vlan vlan-id View Ethernet interface view, Layer 2 aggregate interface view, port group view Default Level 2: System level Parameters group-address: Address of the multicast group that the simulated host is to join, in the range of 224.0.1.0 to 239.255.255.255.

  • Page 365: Igmp-Snooping Last-Member-Query-Interval

    [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping version 3 [Sysname-vlan2] quit [Sysname] interface gigabitethernet 1/0/1 [Sysname-Gigabitethernet1/0/1] igmp-snooping host-join 232.1.1.1 source-ip 1.1.1.1 vlan 2 igmp-snooping last-member-query-interval Syntax igmp-snooping last-member-query-interval interval undo igmp-snooping last-member-query-interval View VLAN view Default Level 2: System level Parameters interval: Interval between IGMP last-member queries, in seconds. The effective range is 1 to 5. Description Use the igmp-snooping last-member-query-interval command to configure the interval between IGMP last-member queries in the VLAN.

  • Page 366: Igmp-Snooping Max-Response-Time

    View VLAN view Default Level 2: System level Parameters ip-address: Specifies a source address for the IGMP leave messages sent by the IGMP Snooping proxy, which can be any legal IP address. current-interface: Specifies the IP address of the current VLAN interface as the source address of IGMP leave messages sent by the IGMP Snooping proxy.

  • Page 367: Igmp-Snooping Overflow-Replace

    View VLAN view Default Level 2: System level Parameters interval: Maximum response time to IGMP general queries, in seconds. The effective range is 1 to 25. Description Use the igmp-snooping max-response-time command to configure the maximum response time to IGMP general queries in the VLAN. Use the undo igmp-snooping max-response-time command to restore the default setting.

  • Page 368: Igmp-Snooping Proxying Enable

    Description Use the igmp-snooping overflow-replace command to enable the multicast group replacement function on the current port(s). Use the undo igmp-snooping overflow-replace command to disable the multicast group replacement function on the current port(s). By default, the multicast group replacement function is disabled. Note that: This command works on IGMP snooping–enabled VLANs.

  • Page 369: Igmp-Snooping Querier

    Before configuring this command in a VLAN, enable IGMP snooping in the VLAN. Related commands: igmp-snooping enable. Examples # Enable IGMP Snooping and then IGMP Snooping Proxying in VLAN 2. <Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping proxying enable igmp-snooping querier Syntax...

  • Page 370: Igmp-Snooping Query-Interval

    igmp-snooping query-interval Syntax igmp-snooping query-interval interval undo igmp-snooping query-interval View VLAN view Default Level 2: System level Parameters interval: Interval between IGMP general queries, in seconds. The effective range is 2 to 300. Description Use the igmp-snooping query-interval command to configure the interval between IGMP general queries.

  • Page 371: Igmp-Snooping Router-Aging-Time

    Parameters ip-address: Specifies a source address for the IGMP reports sent by the IGMP Snooping proxy, which can be any legal IP address. current-interface: Specifies the IP address of the current VLAN interface as the source address of IGMP reports sent by the IGMP Snooping proxy. If no IP address has been assigned to the current VLAN interface, the default IP address 0.0.0.0 is used.

  • Page 372: Igmp-Snooping Special-Query Source

    Description Use the igmp-snooping router-aging-time command to configure the aging time of dynamic router ports in the current VLAN. Use the undo igmp-snooping router-aging-time command to restore the default setting. By default, the aging time of dynamic router ports is 105 seconds. This command takes effect only if IGMP snooping is enabled in the VLAN.

  • Page 373: Igmp-Snooping Static-Group

    Examples # In VLAN 2, enable IGMP snooping and specify 10.1.1.1 as the source IP address of IGMP group-specific queries. <Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping special-query source-ip 10.1.1.1 igmp-snooping static-group Syntax igmp-snooping static-group group-address [ source-ip source-address ] vlan vlan-id undo igmp-snooping static-group group-address [ source-ip source-address ] vlan vlan-id View...

  • Page 374: Igmp-Snooping Static-Router-Port

    Examples # Configure GigabitEthernet 1/0/1 in VLAN 2 to be a static member port for (1.1.1.1, 232.1.1.1). <Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping version 3 [Sysname-vlan2] quit [Sysname] interface gigabitethernet 1/0/1 [Sysname-Gigabitethernet1/0/1] igmp-snooping static-group 232.1.1.1 source-ip 1.1.1.1 vlan igmp-snooping static-router-port Syntax igmp-snooping static-router-port vlan vlan-id...

  • Page 375: Igmp-Snooping Version

    [Sysname-Gigabitethernet1/0/1] igmp-snooping static-router-port vlan 2 igmp-snooping version Syntax igmp-snooping version version-number undo igmp-snooping version View VLAN view Default Level 2: System level Parameters version-number: IGMP snooping version, in the range of 2 to 3. Description Use the igmp-snooping version command to configure the IGMP snooping version. Use the undo igmp-snooping version command to restore the default setting.

  • Page 376: Max-Response-Time (Igmp-Snooping View)

    Parameters interval: Interval between IGMP last-member queries, in seconds. The effective range is 1 to 5. Description Use the last-member-query-interval command to configure the interval between IGMP last-member queries globally. Use the undo last-member-query-interval command to restore the default setting. By default, the interval between IGMP last-member queries is 1 second.

  • Page 377: Overflow-Replace (Igmp-Snooping View)

    overflow-replace (IGMP-Snooping view) Syntax overflow-replace [ vlan vlan-list ] undo overflow-replace [ vlan vlan-list ] View IGMP-Snooping view Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.

  • Page 378: Reset Igmp-Snooping Group

    Default Level 2: System level Parameters None Description Use the report-aggregation command to enable IGMP report suppression. Use the undo report-aggregation command to disable IGMP report suppression. By default, IGMP report suppression is enabled. This command works on IGMP snooping–enabled VLANs. Examples # Disable IGMP report suppression.

  • Page 379: Reset Igmp-Snooping Statistics

    reset igmp-snooping statistics Syntax reset igmp-snooping statistics View User view Default Level 2: System level Parameters None Description Use the reset igmp-snooping statistics command to clear the statistics information of IGMP messages learned by IGMP snooping. Examples # Clear the statistics information of all kinds of IGMP messages learned by IGMP snooping. <Sysname>...
  • Page 380 Examples # Set the aging time of dynamic router ports globally to 100 seconds. <Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] router-aging-time 100 1-30...

  • Page 381: Multicast Vlan Configuration Commands

    Multicast VLAN Configuration Commands Multicast VLAN Configuration Commands display multicast-vlan Syntax display multicast-vlan [ vlan-id ] View Any view Default Level 1: Monitor level Parameters vlan-id: VLAN ID of a multicast VLAN, in the range of 1 to 4094. If this argument is not provided, the information about all multicast VLANs will be displayed.

  • Page 382: Multicast-Vlan

    multicast-vlan Syntax multicast-vlan vlan-id undo multicast-vlan { all | vlan-id } View System view Default Level 2: System level Parameters vlan-id: Specifies a VLAN by its ID, in the range of 1 to 4094. all: Deletes all multicast VLANs. Description Use the multicast-vlan command to configure the specified VLAN as a multicast VLAN and enter multicast VLAN view.
  • Page 383 View Multicast VLAN view Default Level 2: System level Parameters interface-list: Specifies a port in the form of interface-type interface-number, or a port range in the form of interface-type start-interface-number to interface-type end-interface-number, where the end interface number must be greater than the start interface number. all: Deletes all the ports in the current multicast VLAN.
  • Page 384 Use the undo port multicast-vlan command to restore the system default. By default, a port does not belong to any multicast VLAN. Note that a port can belong to only one multicast VLAN. Examples # Assign GigabitEthernet 1/0/1 to multicast VLAN 100. <Sysname>...
  • Page 385 Table of Contents 1 QoS Policy Configuration Commands ····································································································1-1 Class Configuration Commands ·············································································································1-1 display traffic classifier·····················································································································1-1 if-match············································································································································1-2 traffic classifier·································································································································1-5 Traffic Behavior Configuration Commands ·····························································································1-6 display traffic behavior·····················································································································1-6 filter ··················································································································································1-7 redirect·············································································································································1-8 traffic behavior ·································································································································1-8 QoS Policy Configuration and Application Commands···········································································1-9 classifier behavior····························································································································1-9 display qos policy ··························································································································1-10 display qos policy interface ···········································································································1-11 qos apply policy ·····························································································································1-12...

  • Page 386: Qos Policy Configuration Commands

    QoS Policy Configuration Commands Class Configuration Commands display traffic classifier Syntax display traffic classifier user-defined [ tcl-name ] View Any view Default Level 1: Monitor level Parameters user-defined: Displays user-defined classes. tcl-name: Class name, a string of 1 to 31 characters. Description Use the display traffic classifier command to display information about classes.

  • Page 387: If-Match

    Field Description Rule(s) Match criteria if-match Syntax if-match match-criteria undo if-match match-criteria undo if-match acl { acl-number | name acl-name } [ update acl { acl-number | name acl-name } ] View Class view Default Level 2: System level Parameters match-criteria: Match criterion.
  • Page 388 Form Description Specifies to match packets by IP precedence. The ip-precedence ip-precedence-list argument is a list of IP precedence values in ip-precedence-list the range of 0 to 7. Specifies to match the packets of a specified protocol. The protocol protocol-name protocol-name argument can be IP.
  • Page 389 You can configure up to eight DSCP values in one command line. If multiple identical DSCP values are specified, the system considers them as one. If a packet matches one of the defined DSCP values, it is considered matching the if-match clause. To delete a criterion matching DSCP values, the specified DSCP values must be identical with those defined in the rule (sequence may be different).

  • Page 390: Traffic Classifier

    [Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2 # Define a match criterion for class class1 to match ACL 3101. <Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl 3101 # Define a match criterion for class class1 to match the ACL named flow. <Sysname>...

  • Page 391: Traffic Behavior Configuration Commands

    Default Level 2: System level Parameters tcl-name: Class name, a string of 1 to 31 characters. and: Specifies the relationship between the match criteria in the class as logical AND. That is, the packets that match all the criteria belong to this class. or: Specifies the relationship between the criteria in the class as logical OR.

  • Page 392: Filter

    User Defined Behavior Information: Behavior: 2 Redirect enable: Redirect type: interface Redirect destination: GigabitEthernet1/0/4 Behavior: 1 Filter enable: deny Table 1-3 display traffic behavior user-defined command output description Field Description User Defined Behavior Information User-defined behavior information. Behavior Name of a behavior. Redirect enable Traffic redirecting configuration information.

  • Page 393: Redirect

    Examples # Configure the traffic filtering action as deny for traffic behavior database. <Sysname> system-view [Sysname] traffic behavior database [Sysname-behavior-database] filter deny redirect Syntax redirect interface interface-type interface-number undo redirect interface interface-type interface-number View Traffic behavior view Default Level 2: System level Parameters interface: Redirects traffic to the specified interface.

  • Page 394: Qos Policy Configuration And Application Commands

    View System view Default Level 2: System level Parameters behavior-name: Behavior name, a string of 1 to 31 characters. Description Use the traffic behavior command to create a traffic behavior and enter traffic behavior view. Use the undo traffic classifier command to remove a traffic behavior. Related commands: qos policy, qos apply policy, classifier behavior.

  • Page 395: Classifier Behavior

    Related commands: qos policy. Examples # Associate traffic class database with traffic behavior test in QoS policy user1. <Sysname> system-view [Sysname] qos policy user1 [Sysname-qospolicy-user1] classifier database behavior test [Sysname-qospolicy-user1] display qos policy Syntax display qos policy user-defined [ policy-name [ classifier tcl-name ] ] View Any view Default Level...
  • Page 396 Field Description Class name A policy can contain multiple classes, and each class is associated with a traffic behavior. A Classifier class can be configured with multiple match criteria. Refer to the traffic classifier command for related information. Behavior associated with the class. A behavior is associated with a class.

  • Page 397: Qos Apply Policy

    Table 1-5 display qos policy interface command output description Field Description Interface Interface type and interface number The direction in which the policy is applied to the Direction interface Policy Name of the policy applied to the interface Class name and corresponding configuration Classifier information Logical relationship between match criteria in the...

  • Page 398: Qos Policy

    qos policy Syntax qos policy policy-name undo qos policy policy-name View System view Default Level 2: System level Parameters policy-name: Policy name, a string of 1 to 31 characters. Description Use the qos policy command to create a policy and enter policy view. Use the undo qos policy command to remove a policy.

  • Page 399: Priority Mapping Configuration Commands

    Priority Mapping Configuration Commands Priority Mapping Table Configuration Commands display qos map-table Syntax display qos map-table [ dot1p-dot1p | dot1p-dscp | dot1p-lp | dscp-dot1p| dscp-dscp | dscp-lp ] View Any view Default Level 1: Monitor level Parameters dot1p-dot1p: 802.1p-precedence-to-802.1p-precedence mapping table. dot1p-dscp: 802.1p-precedence-to-DSCP mapping table.

  • Page 400: Import

    Table 2-1 display qos map-table command output description Field Description MAP-TABLE NAME Name of the mapping table TYPE Type of the mapping table IMPORT Input values of the mapping table EXPORT Output values of the mapping table import Syntax import import-value-list export export-value undo import { import-value-list | all } View Priority mapping table view...

  • Page 401: Port Priority Configuration Commands

    View System view Default Level 2: System level Parameters dot1p-dot1p: 802.1p-precedence-to-802.1p-precedence mapping table. dot1p-dscp: 802.1p-precedence-to-DSCP mapping table. dot1p-lp: 802.1p-precedence-to-local-precedence mapping table. dscp-dot1p: DSCP-to-802.1p-precedence mapping table. dscp-dscp: DSCP-to-DSCP mapping table. dscp-lp: DSCP-to-local-precedence mapping table. Description Use the qos map-table command to enter the specified priority mapping table view. Related commands: display qos map-table.

  • Page 402: Trusted Precedence Type Configuration Commands

    The default port priority is 0. Examples # Set the priority of GigabitEthernet 1/0/1 to 2 <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] qos priority 2 Trusted Precedence Type Configuration Commands display qos trust interface Syntax display qos trust interface [ interface-type interface-number ] View Any view Default Level...

  • Page 403: Qos Trust

    qos trust Syntax qos trust { dot1p | dscp } undo qos trust View Interface view, port group view Default Level 2: System level Parameters dot1p: Trusts the 802.1p precedence and uses this priority for priority mapping. dscp: Trusts the DSCP values and uses DSCP values for priority mapping. Description Use the qos trust command to configure the trusted precedence type on an interface.

  • Page 404: Line Rate Configuration Commands

    Line Rate Configuration Commands Line Rate Configuration Commands display qos lr interface Syntax display qos lr interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display qos lr interface command to view the line rate configuration information and operational statistics on a specified interface or all the interfaces.
  • Page 405 Field Description The direction in which the line rate configuration Direction is applied: inbound or outbound Committed information rate (CIR) in kbps qos lr Syntax qos lr { inbound | outbound } cir committed-information-rate undo qos lr { inbound | outbound } View Interface view, port group view Default Level...

  • Page 406: Congestion Management Configuration Commands

    Congestion Management Configuration Commands Congestion Management Configuration Commands display qos wrr interface Syntax display qos wrr interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display qos wrr interface command to display the queuing configuration on an interface.

  • Page 407: Qos Wrr

    Field Description Queue ID ID of a queue Number of the group a queue is assigned to. By Group default, all queues belong to group SP. Queue weight based on which queues are Weight scheduled. N/A indicates that the queue adopts the SP queue scheduling algorithm.
  • Page 408 <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] qos wrr 0 group sp [Sysname-GigabitEthernet1/0/1] qos wrr 1 group 1 weight 20 [Sysname-GigabitEthernet1/0/1] qos wrr 2 group 2 weight 10 [Sysname-GigabitEthernet1/0/1] qos wrr 3 group 2 weight 50...
  • Page 409 Table of Contents 1 802.1X Configuration Commands ············································································································1-1 802.1X Configuration Commands···········································································································1-1 display dot1x····································································································································1-1 dot1x ················································································································································1-4 dot1x auth-fail vlan ··························································································································1-5 dot1x authentication-method ···········································································································1-6 dot1x guest-vlan ······························································································································1-7 dot1x handshake ·····························································································································1-8 dot1x mandatory-domain·················································································································1-9 dot1x max-user······························································································································1-10 dot1x multicast-trigger ···················································································································1-11 dot1x port-control···························································································································1-11 dot1x port-method ·························································································································1-12 dot1x quiet-period··························································································································1-13 dot1x re-authenticate·····················································································································1-14 dot1x retry······································································································································1-15...

  • Page 410: 802.1X Configuration Commands

    802.1X Configuration Commands 802.1X Configuration Commands display dot1x Syntax display dot1x [ sessions | statistics ] [ interface interface-list ] View Any view Default Level 1: Monitor level Parameters sessions: Displays 802.1X session information. statistics: Displays 802.1X statistics. interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &...
  • Page 411 Reauth Period 3600 s The maximal retransmitting times The maximum 802.1X user resource number is 1024 per slot Total current used 802.1X resource number is 1 GigabitGigabitEthernet1/0/0/1 is link-up 802.1X protocol is enabled Handshake is disabled Periodic reauthentication is disabled The port is an authenticator Authenticate Mode is Auto Port Control Type is Mac-based...
  • Page 412 Field Description Maximum number of attempts for the device to The maximal retransmitting times send authentication requests to the client The maximum 802.1X user resource number per Maximum number of clients supported per board slot Total current used 802.1X resource number Total number of online users GigabitEthernet1/0/1 is link-up Status of port GigabitEthernet1/0/1...

  • Page 413: Dot1X

    dot1x Syntax In system view: dot1x [ interface interface-list ] undo dot1x [ interface interface-list ] In Ethernet interface view: dot1x undo dot1x View System view, Ethernet interface view Default Level 2: System level Parameters interface interface-list: Specifies a port list, which can contain multiple ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &...

  • Page 414: Dot1X Auth-Fail Vlan

    <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dot1x [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface gigabitethernet 1/0/5 [Sysname-GigabitEthernet1/0/5] dot1x [Sysname-GigabitEthernet1/0/5] quit [Sysname] interface gigabitethernet 1/0/6 [Sysname-GigabitEthernet1/0/6] dot1x [Sysname-GigabitEthernet1/0/6] quit [Sysname] interface gigabitethernet 1/0/7 [Sysname-GigabitEthernet1/0/7] dot1x # Enable 802.1X globally. <Sysname> system-view [Sysname] dot1x dot1x auth-fail vlan Syntax dot1x auth-fail vlan authfail-vlan-id...

  • Page 415: Dot1X Authentication-Method

    After a PAFV takes effect, if you change the port access method from portbased to macbased, the port will leave the Auth-Fail VLAN. It is not allowed to delete a VLAN that is configured as an Auth-Fail VLAN directly. To delete such a VLAN, you need to remove the Auth-Fail VLAN configuration first by using the undo dot1x auth-fail vlan command.

  • Page 416: Dot1X Guest-Vlan

    Local authentication supports PAP and CHAP. For RADIUS authentication, the RADIUS server must be configured accordingly to support PAP, CHAP, or EAP authentication. Related commands: display dot1x. Examples # Set the 802.1X authentication method to PAP. <Sysname> system-view [Sysname] dot1x authentication-method pap dot1x guest-vlan Syntax In system view:...

  • Page 417: Dot1X Handshake

    In system view, this command configures a guest VLAN for all Layer 2 Ethernet ports if you do not specify the interface-list argument, and configures a guest VLAN for specified ports if you specify the interface-list argument. In interface view, you cannot specify the interface-list argument and can only configure guest VLAN for the current port.

  • Page 418: Dot1X Mandatory-Domain

    Examples # Enable online user handshake. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/4 [Sysname-GigabitEthernet1/0/4] dot1x handshake dot1x mandatory-domain Syntax dot1x mandatory-domain domain-name undo dot1x mandatory-domain View Ethernet Interface view Default Level 2: System level Parameters domain-name: ISP domain name, a case-insensitive string of 1 to 24 characters. Description Use the dot1x mandatory-domain command to specify the mandatory authentication domain for users accessing the port.

  • Page 419: Dot1X Max-User

    [Sysname-GigabitEthernet1/0/1] display connection interface gigabitethernet 1/0/1 Index=68 ,Username=usera@my-domian MAC=0015-e9a6-7cfe ,IP=3.3.3.3 Total 1 connection(s) matched. dot1x max-user Syntax In system view: dot1x max-user user-number [ interface interface-list ] undo dot1x max-user [ interface interface-list ] In Ethernet interface view: dot1x max-user user-number undo dot1x max-user View System view, Ethernet interface view...

  • Page 420: Dot1X Multicast-Trigger

    <Sysname> system-view [Sysname] dot1x max-user 32 interface gigabitethernet 1/0/1 <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dot1x max-user 32 dot1x multicast-trigger Syntax dot1x multicast-trigger undo dot1x multicast-trigger View Ethernet Interface view Default Level 2: System level Parameters None Description Use the dot1x multicast-trigger command to enable the multicast trigger function of 802.1X to send multicast trigger messages to the clients periodically.

  • Page 421: Dot1X Port-Method

    View System view, Ethernet interface view Default Level 2: System level Parameters authorized-force: Places the specified or all ports in the authorized state, allowing users of the ports to access the network without authentication. auto: Places the specified or all ports in the unauthorized state initially to allow only EAPOL packets to pass, and turns the ports into the authorized state to allow access to the network after the users pass authentication.

  • Page 422: Dot1X Quiet-Period

    In Ethernet interface view: dot1x port-method { macbased | portbased } undo dot1x port-method View System view, Ethernet interface view Default Level 2: System level Parameters macbased: Specifies to use the macbased authentication method. With this method, each user of a port must be authenticated separately, and when an authenticated user goes offline, no other users are affected.

  • Page 423: Dot1X Re-Authenticate

    undo dot1x quiet-period View System view Default Level 2: System level Parameters None Description Use the dot1x quiet-period command to enable the quiet timer. Use the undo dot1x quiet-period command to disable the timer. By default, the timer is disabled. After a client fails the authentication, the device refuses further authentication requests from the client in the period dictated by the quiet timer.

  • Page 424: Dot1X Retry

    configured by the dot1x timer reauth-period command). This is intended to track the connection status of online users and update the authorization attributes assigned by the server, such as the ACL, VLAN, and QoS Profile, ensuring that the users are in normal online state. Related commands: dot1x timer reauth-period.

  • Page 425: Dot1X Timer

    dot1x timer Syntax dot1x timer { handshake-period handshake-period-value | quiet-period quiet-period-value | reauth-period reauth-period-value server-timeout server-timeout-value supp-timeout supp-timeout-value | tx-period tx-period-value } undo dot1x timer { handshake-period | quiet-period | reauth-period | server-timeout | supp-timeout | tx-period } View System view Default Level 2: System level Parameters...

  • Page 426: Reset Dot1X Statistics

    Server timeout timer (server-timeout): Once the device sends a RADIUS Access-Request packet to the authentication server, it starts this timer. If this timer expires but it receives no response from the server, it retransmits the request. Client timeout timer (supp-timeout): Once the device sends an EAP-Request/MD5 Challenge packet to a client, it starts this timer.
  • Page 427 Examples # Clear 802.1X statistics on port GigabitEthernet 1/0/1. <Sysname> reset dot1x statistics interface gigabitethernet 1/0/1 1-18...
  • Page 428 Table of Contents 1 AAA Configuration Commands················································································································1-1 AAA Configuration Commands ···············································································································1-1 aaa nas-id profile ·····························································································································1-1 access-limit······································································································································1-1 access-limit enable ··························································································································1-2 accounting default ···························································································································1-3 accounting lan-access ·····················································································································1-4 accounting login·······························································································································1-5 accounting optional··························································································································1-5 authentication default ······················································································································1-6 authentication lan-access ················································································································1-7 authentication login··························································································································1-8 authorization command ···················································································································1-9 authorization default ························································································································1-9 authorization lan-access················································································································1-10 authorization login ·························································································································1-11...
  • Page 429 display radius scheme ·····················································································································2-4 display radius statistics····················································································································2-6 display stop-accounting-buffer ········································································································2-9 key (RADIUS scheme view) ··········································································································2-10 nas-ip (RADIUS scheme view)······································································································2-11 primary accounting (RADIUS scheme view) ·················································································2-11 primary authentication (RADIUS scheme view) ············································································2-12 radius client ···································································································································2-13 radius nas-ip ··································································································································2-14 radius scheme ·······························································································································2-15 radius trap······································································································································2-16 reset radius statistics ·····················································································································2-16 reset stop-accounting-buffer··········································································································2-17...

  • Page 430: Aaa Configuration Commands

    AAA Configuration Commands AAA Configuration Commands aaa nas-id profile Syntax aaa nas-id profile profile-name undo aaa nas-id profile profile-name View System view Default Level 2: System level Parameters profile-name: Name of the NAS ID profile, a case-insensitive string of 1 to 16 characters. Description Use the aaa nas-id profile command to create a NAS ID profile and enter its view.

  • Page 431: Access-Limit Enable

    Parameters max-user-number: Maximum number of users using the current username, in the range 1 to 1024. Description Use the access-limit command to enable the limit on the number of user s using the current username and set the allowed maximum number. Use the undo access-limit command to remove the limitation.

  • Page 432: Accounting Default

    Examples # Set a limit of 500 user connections for ISP domain test. <Sysname> system-view [Sysname] domain test [Sysname-isp-test] access-limit enable 500 accounting default Syntax accounting default { local | none | radius-scheme radius-scheme-name [ local ] } undo accounting default View ISP domain view Default Level...

  • Page 433: Accounting Lan-Access

    # Configure ISP domain test to use RADIUS accounting scheme rd for all types of users and use local accounting as the backup. <Sysname> system-view [Sysname] domain test [Sysname-isp-test] accounting default radius-scheme rd local accounting lan-access Syntax accounting lan-access { local | none | radius-scheme radius-scheme-name [ local ] } undo accounting lan-access View ISP domain view...

  • Page 434: Accounting Login

    accounting login Syntax accounting login { local | none | radius-scheme radius-scheme-name [ local ] } undo accounting login View ISP domain view Default Level 2: System level Parameters local: Performs local accounting. It is not used for charging purposes, but for collecting statistics on and limiting the number of local user connections.

  • Page 435: Authentication Default

    View ISP domain view Default Level 2: System level Parameters None Description Use the accounting optional command to enable the accounting optional feature. Use the undo accounting optional command to disable the feature. By default, the feature is disabled. Note that with the accounting optional command configured for a domain: A user that will be disconnected otherwise can use the network resources even when there is no accounting server available or communication with the current accounting server fails.

  • Page 436: Authentication Lan-Access

    Description Use the authentication default command to configure the default authentication method for all types of users. Use the undo authentication default command to restore the default. By default, the authentication method is local. Note that: The RADIUS scheme specified for the current ISP domain must have been configured. The authentication method specified with the authentication default command is for all types of users and has a priority lower than that for a specific access mode.
  • Page 437 By default, the default authentication method is used for LAN access users. Note that the RADIUS scheme specified for the current ISP domain must have been configured. Related commands: authentication default, radius scheme. Examples # Configure the default ISP domain system to use local authentication for LAN access users. <Sysname>...

  • Page 438: Authorization Command

    [Sysname-isp-system] authentication login local # Configure ISP domain test to use RADIUS authentication scheme rd for login users and use local authentication as the backup. <Sysname> system-view [Sysname] domain test [Sysname-isp-test] authentication login radius-scheme rd local authorization command Syntax authorization command { local | none } undo authorization command View ISP domain view...

  • Page 439: Authorization Lan-Access

    View ISP domain view Default Level 2: System level Parameters local: Performs local authorization. none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the corresponding default rights. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.

  • Page 440: Authorization Login

    View ISP domain view Default Level 2: System level Parameters local: Performs local authorization. none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the default rights. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.

  • Page 441: Authorization-Attribute

    Default Level 2: System level Parameters local: Performs local authorization. none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the default rights. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.
  • Page 442 Default Level 3: Manage level Parameters acl: Specifies the authorization ACL of the local user(s). acl-number: Authorization ACL for the local user(s), in the range 2000 to 5999. callback-number: Specifies the authorization PPP callback number of the local user(s). callback-number: Authorization PPP callback number for the local user(s), a case-sensitive string of 1 to 64 characters.

  • Page 443: Bind-Attribute

    command in Login Commands. If the authentication method requires users to provide usernames and passwords, the levels of commands that a user can access after login depends on the level of the user. For an SSH user authenticated with an RSA public key, which commands are available depends on the level specified on the user interface.

  • Page 444: Cut Connection

    Note that: Binding attributes are checked upon authentication of a local user. If the binding attributes of a local user do not match the configured ones, the checking will fail and the user will fail the authentication as a result. In addition, such binding attribute checking does not take the service types of the users into account.

  • Page 445: Display Connection

    vlan vlan-id: Specifies user connections of a VLAN, with vlan-id ranging from 1 to 4094. Description Use the cut connection command to tear down the specified connections forcibly. At present, this command applies to only LAN access user connections. Related commands: display connection, service-type. Examples # Tear down all connections of ISP domain test.
  • Page 446 Note that: With no parameter specified, the command displays brief information about all AAA user connections. If you specify the ucibindex ucib-index combination, the command displays detailed information; otherwise, the command displays brief information. This command does not apply to FTP user connections. Related commands: cut connection.
  • Page 447 <Sysname> display domain Domain = system State = Active Access-limit = Disable Accounting method = Required Default authentication scheme : local Default authorization scheme : local Default accounting scheme : local Domain User Template: Idle-cut = Disabled Self-service = Disabled Domain = test State = Active Access-limit = Disable...

  • Page 448: Display Local-User

    Field Description Default Domain Name Default ISP domain name Total 2 domain(s). 2 ISP domains in total display local-user Syntax display local-user [ idle-cut { disable | enable } | service-type { ftp | lan-access | ssh | telnet | terminal } | state { active | block } | user-name user-name | vlan vlan-id ] View Any view...

  • Page 449: Display User-Group

    Bind attributes: IP address: 1.2.3.4 Bind location: 0/4/1 (SLOT/SUBSLOT/PORT) MAC address: 0001-0002-0003 Vlan ID: Authorization attributes: Idle TimeOut: 10(min) Work Directory: flash:/ User Privilege: Acl ID: 2000 Vlan ID: User Profile: prof1 Expiration date: 12:12:12-2018/09/16 Total 1 local user(s) matched. Table 1-3 display local-user command output description Field Description...

  • Page 450: Domain

    Default Level 2: System level Parameters group-name: User group name, a case-insensitive string of 1 to 32 characters. Description Use the display user-group command to display configuration information about one or all user groups. Related commands: user-group. Examples # Display configuration information about user group abc. <Sysname>...

  • Page 451: Domain Default Enable

    Note that: If the specified ISP domain does not exist, the system will create a new ISP domain. All the ISP domains are in the active state when they are created. The default domain cannot be deleted and can only be changed. Related commands: state, display domain.

  • Page 452: Expiration-Date

    [Sysname] domain default enable test expiration-date Syntax expiration-date time undo expiration-date View Local user view Default Level 3: Manage level Parameters time: Expiration time local user, format HH:MM:SS-MM/DD/YYYY HH:MM:SS-YYYY/MM/DD. HH:MM:SS indicates the time, where HH ranges from 0 to 23, MM and SS range from 0 to 59.

  • Page 453: Idle-Cut Enable

    View Local user view Default Level 3: Manage level Parameters group-name: User group name, a case-insensitive string of 1 to 32 characters. Description Use the group command to assign a local user to a user group. Use the undo group command to restore the default. By default, a local user belongs to the system default user group system.

  • Page 454: Local-User

    effect; if you disable the function on the device, the setting of the maximum idle duration parameter on the server will take effect. The user idle threshold parameter can only be set on the device. The server always assigns a user idle threshold of 10240 bytes to a user.

  • Page 455: Local-User Password-Display-Mode

    Examples # Add a local user named user1. <Sysname> system-view [Sysname] local-user user1 [Sysname-luser-user1] local-user password-display-mode Syntax local-user password-display-mode { auto | cipher-force } undo local-user password-display-mode View System view Default Level 2: System level Parameters auto: Displays the password of a user based on the configuration of the user by using the password command.

  • Page 456: Password

    View NAS ID profile view Default Level 2: System level Parameters nas-identifier: NAS ID, a case-sensitive string of 1 to 20 characters vlan-id: ID of the VLAN to be bound with the NAS ID, in the range 1 to 4094. Description Use the nas-id bind vlan command to bind a NAS ID with a VLAN.

  • Page 457: Self-Service-Url Enable

    In cipher text, it must be a string of 24 or 88 characters, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!. With the simple keyword, you must specify the password in simple text. With the cipher keyword, you can specify the password in either simple or cipher text. Description Use the password command to configure a password for a local user.

  • Page 458: Service-Type

    A self-service RADIUS server, for example, iMC, is required for the self-service server location function. With the self-service function, a user can manage and control his or her accounting information or card number. A server with self-service software is a self-service server. After you configure the self-service-url enable command, a user can locate the self-service server by selecting [Service/Change Password] from the 802.1X client.

  • Page 459: State

    Examples # Authorize user user1 to use the Telnet service. <Sysname> system-view [Sysname] local-user user1 [Sysname-luser-user1] service-type telnet state Syntax state { active | block } undo state View ISP domain view, local user view Default Level 2: System level Parameters active: Places the current ISP domain or local user in the active state, allowing the users in the current ISP domain or the current local user to request network services.

  • Page 460: User-Group

    user-group Syntax user-group group-name undo user-group group-name View System view Default Level 3: Manage level Parameters group-name: User group name, a case-insensitive string of 1 to 32 characters. Description Use the user-group command to create a user group and enter its view. Use the undo user-group command to remove a user group.

  • Page 461: Radius Configuration Commands

    RADIUS Configuration Commands RADIUS Configuration Commands accounting-on enable Syntax accounting-on enable undo accounting-on enable View RADIUS scheme view Default Level 2: System level Parameters None Description Use the accounting-on enable command to enable the accounting-on feature. After doing so, when the device reboots, an accounting-on message will be sent to the RADIUS server to log out the online users of the device.

  • Page 462: Accounting-On Enable Interval

    accounting-on enable interval Syntax accounting-on enable interval seconds undo accounting-on interval View RADIUS scheme view Default Level 2: System level Parameters seconds: Time interval to retransmit accounting-on packet in seconds, ranging from 1 to 15. Description Use the accounting-on enable interval command to configure the retransmission interval of accounting-on packets.

  • Page 463: Data-Flow-Format (Radius Scheme View)

    Parameters send-times: Maximum number of accounting-on packet transmission attempts, ranging from 1 to 255. Description Use the accounting-on enable send command to set the maximum number of accounting-on packet transmission attempts. Use the undo accounting-on enable send command to restore the default. By default, the maximum number of accounting-on packet transmission attempts is 5.

  • Page 464: Display Radius Scheme

    Use the undo data-flow-format command to restore the default. By default, the unit for data flows is byte and that for data packets is one-packet. Note that: The specified unit of data flows sent to the RADIUS server must be consistent with the traffic statistics unit of the RADIUS server.
  • Page 465 Primary Acct Server: IP: 1.1.1.1 Port: 1813 State: block Second Auth Server: IP: N/A Port: 1812 State: block Second Acct Server: IP: N/A Port: 1813 State: block Auth Server Encryption Key : 123 Acct Server Encryption Key : Not configured Accounting-On packet disable, send times : 5 , interval : 3s Interval for timeout(second) Retransmission times for timeout...
  • Page 466 Field Description Retransmission times for timeout Times of retransmission in case of timeout Interval for realtime accounting(minute) Interval for realtime accounting in minutes Retransmission times of realtime-accounting Retransmission times of realtime-accounting packet packet Retransmission times of stop-accounting packet Retransmission times of stop-accounting packet Quiet-interval(min) Quiet interval for the primary server Username format...
  • Page 467 Total 1016 RADIUS received packets statistic: Code = Num = 15 Err = 0 Code = Num = 4 Err = 0 Code = Num = 4 Err = 0 Code = 11 Num = 0 Err = 0 Running statistic: RADIUS received messages statistic: Normal auth request Num = 24...
  • Page 468 Field Description RLTWait Number of users waiting for real-time accounting Number of users in the state of accounting AcctStop waiting stopped OnLine Number of online users Stop Number of users in the state of stop Received and Sent packets statistic Statistics of packets received and sent Sent PKT total Number of packets sent...
  • Page 469 Field Description RecError_MSG_sum Number of received packets in error SndMSG_Fail_sum Number of packets that failed to be sent out Timer_Err Number of timer errors Alloc_Mem_Err Number of memory errors State Mismatch Number of errors for mismatching status Other_Error Number of errors of other types Number of times that no response was received No-response-acct-stop packet for stop-accounting packets...

  • Page 470: Key (Radius Scheme View)

    Examples # Display information about the buffered stop-accounting requests from 0:0:0 to 23:59:59 on August 31, 2006. <Sysname> display stop-accounting-buffer time-range 0:0:0-08/31/2006 23:59:59-08/31/2006 Total find 0 record (0) key (RADIUS scheme view) Syntax key { accounting | authentication } string undo key { accounting | authentication } View RADIUS scheme view...

  • Page 471: Nas-Ip (Radius Scheme View)

    nas-ip (RADIUS scheme view) Syntax nas-ip ip-address undo nas-ip View RADIUS scheme view Default Level 2: System level Parameters ip-address: IPv4 address in dotted decimal notation. It must be an address of the device and cannot be 0.0.0.0, 255.255.255.255, a class D address, a class E address, or a loopback address. Description Use the nas-ip command to specify the IP address for the device to use as the source address of the RADIUS packets to be sent to the server.

  • Page 472: Primary Authentication (Radius Scheme View)

    View RADIUS scheme view Default Level 2: System level Parameters ip-address: IPv4 address of the primary accounting server. port-number: UDP port number of the primary accounting server, which ranges from 1 to 65535 and defaults to 1813. Description Use the primary accounting command to specify the primary RADIUS accounting server. Use the undo primary accounting command to remove the configuration.

  • Page 473: Radius Client

    port-number: UDP port number of the primary authentication/authorization server, which ranges from 1 to 65535 and defaults to 1812. Description Use the primary authentication command to specify the primary RADIUS authentication/authorization server. Use the undo primary authentication command to remove the configuration. By default, no primary RADIUS authentication/authorization server is specified.

  • Page 474: Radius Nas

    Note that when the listening port of the RADIUS client is disabled: The RADIUS client can either accept authentication, authorization or accounting requests or process timer messages. However, it fails to transmit and receive packets to and from the RADIUS server.
  • Page 475 The nas-ip command in RADIUS scheme view is only for the current RADIUS scheme, while the radius nas-ip command in system view is for all RADIUS schemes. However, the nas-ip command in RADIUS scheme view overwrites the configuration of the radius nas-ip command. Related commands: nas-ip.

  • Page 476: Radius Trap

    radius trap Syntax radius trap { accounting-server-down | authentication-server-down } undo radius trap { accounting-server-down | authentication-server-down } View System view Default Level 2: System level Parameters accounting-server-down: RADIUS trap for accounting servers. authentication-server-down: RADIUS trap for authentication servers. Description Use the radius trap command to enable the RADIUS trap function.

  • Page 477: Reset Stop-Accounting-Buffer

    Parameters None Description Use the reset radius statistics command to clear RADIUS statistics. Related commands: display radius scheme. Examples # Clear RADIUS statistics. <Sysname> reset radius statistics reset stop-accounting-buffer Syntax reset stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name } View User view Default Level...

  • Page 478: Retry

    <Sysname> reset stop-accounting-buffer time-range 0:0:0-08/31/2006 23:59:59-08/31/2006 retry Syntax retry retry-times undo retry View RADIUS scheme view Default Level 2: System level Parameters retry-times: Maximum number of transmission attempts, in the range 1 to 20. Description Use the retry command to set the maximum number of RADIUS transmission attempts. Use the undo retry command to restore the default.

  • Page 479: Retry Realtime-Accounting

    retry realtime-accounting Syntax retry realtime-accounting retry-times undo retry realtime-accounting View RADIUS scheme view Default Level 2: System level Parameters retry-times: Maximum number of accounting request transmission attempts. It ranges from 1 to 255 and defaults to 5. Description Use the retry realtime-accounting command to set the maximum number of accounting request transmission attempts.

  • Page 480: Retry Stop-Accounting (Radius Scheme View)

    retry stop-accounting (RADIUS scheme view) Syntax retry stop-accounting retry-times undo retry stop-accounting View RADIUS scheme view Default Level 2: System level Parameters retry-times: Maximum number of stop-accounting request transmission attempts. It ranges from 10 to 65,535 and defaults to 500. Description Use the retry stop-accounting command to set the maximum number of stop-accounting request transmission attempts.

  • Page 481: Secondary Authentication (Radius Scheme View)

    View RADIUS scheme view Default Level 2: System level Parameters ip-address: IPv4 address of the secondary accounting server, in dotted decimal notation. The default is 0.0.0.0. port-number: UDP port number of the secondary accounting server, which ranges from 1 to 65535 and defaults to 1813.

  • Page 482: Server-Type

    Parameters ip-address: IPv4 address of the secondary authentication/authorization server, in dotted decimal notation. The default is 0.0.0.0. port-number: UDP port number of the secondary authentication/authorization server, which ranges from 1 to 65535 and defaults to 1812. Description secondary authentication command specify secondary RADIUS...
  • Page 483 standard: Specifies the standard RADIUS server, which requires the RADIUS client end and RADIUS server to interact according to the regulation and packet format of the standard RADIUS protocol (RFC 2865/2866 or newer). Description Use the server-type command to specify the RADIUS server type supported by the device. Use the undo server-type command to restore the default.

  • Page 484: Stop-Accounting-Buffer Enable (Radius Scheme View)

    Once the primary server fails, the primary server turns into the blocked state, and the device turns to the secondary server. In this case, if the secondary server is available, the device triggers the primary server quiet timer. After the quiet timer times out, the status of the primary server is active again and the status of the secondary server remains the same.

  • Page 485: Timer Quiet (Radius Scheme View)

    getting no response in the specified period of time, the NAS buffers and resends the packet until it receives a response or the number of transmission retries reaches the configured limit. In the latter case, the NAS discards the packet. Note that you can use the commands to change the setting only when no user is using the RADIUS scheme.

  • Page 486: Timer Realtime-Accounting (Radius Scheme View)

    timer realtime-accounting (RADIUS scheme view) Syntax timer realtime-accounting minutes undo timer realtime-accounting View RADIUS scheme view Default Level 2: System level Parameters minutes: Real-time accounting interval in minutes, zero or a multiple of 3 in the range 3 to 60. The default is 12.

  • Page 487: Timer Response-Timeout (Radius Scheme View)

    [Sysname-radius-radius1] timer realtime-accounting 51 timer response-timeout (RADIUS scheme view) Syntax timer response-timeout seconds undo timer response-timeout View RADIUS scheme view Default Level 2: System level Parameters seconds: RADIUS server response timeout period in seconds. It ranges from 1 to 10 and defaults to 3. Description Use the timer response-timeout command to set the RADIUS server response timeout timer.
  • Page 488 Default Level 2: System level Parameters keep-original: Sends the username to the RADIUS server as it is input. with-domain: Includes the ISP domain name in the username sent to the RADIUS server. without-domain: Excludes the ISP domain name from the username sent to the RADIUS server. Description Use the user-name-format command to specify the format of the username to be sent to a RADIUS server.
  • Page 489 Table of Contents 1 PKI Configuration Commands ·················································································································1-1 PKI Configuration Commands ················································································································1-1 attribute············································································································································1-1 ca identifier ······································································································································1-2 certificate request entity···················································································································1-3 certificate request from ····················································································································1-3 certificate request mode ··················································································································1-4 certificate request polling·················································································································1-5 certificate request url ·······················································································································1-5 common-name·································································································································1-6 country·············································································································································1-7 crl check ··········································································································································1-7 crl update-period······························································································································1-8 crl url ················································································································································1-9 display pki certificate ·······················································································································1-9 display pki certificate access-control-policy···················································································1-11...

  • Page 490: Pki Configuration Commands

    PKI Configuration Commands PKI Configuration Commands attribute Syntax attribute id { alt-subject-name { fqdn | ip } | { issuer-name | subject-name } { dn | fqdn | ip } } { ctn | equ | nctn | nequ} attribute-value undo attribute { id | all } View Certificate attribute group view...

  • Page 491: Ca Identifier

    Note that the attribute of the alternative certificate subject name does not appear as a distinguished name, and therefore the dn keyword is not available for the attribute. Examples # Create a certificate attribute rule, specifying that the DN in the subject name includes the string of abc. <Sysname>...

  • Page 492: Certificate Request Entity

    certificate request entity Syntax certificate request entity entity-name undo certificate request entity View PKI domain view Default Level 2: System level Parameters entity-name: Name of the entity for certificate request, a case-insensitive string of 1 to 15 characters. Description Use the certificate request entity command to specify the entity for certificate request. Use the undo certificate request entity command to remove the configuration.

  • Page 493: Certificate Request Mode

    Use the undo certificate request from command to remove the configuration. By default, no authority is specified for certificate request.. Examples # Specify that the entity requests a certificate from the CA. <Sysname> system-view [Sysname] pki domain 1 [Sysname-pki-domain-1] certificate request from ca certificate request mode Syntax certificate request mode { auto [ key-length key-length | password { cipher | simple } password ]* |...

  • Page 494: Certificate Request Polling

    [Sysname-pki-domain-1] certificate request mode auto certificate request polling Syntax certificate request polling { count count | interval minutes } undo certificate request polling { count | interval } View PKI domain view Default Level 2: System level Parameters count count: Specifies the maximum number of attempts to poll the status of the certificate request, in the range 1 to 100.

  • Page 495: Common-Name

    Default Level 2: System level Parameters url-string: URL of the server for certificate request, a case-insensitive string of 1 to 127 characters. It comprises the location of the server and the location of CGI command interface script in the format of http: //server_location/ca_script_location, where server_location must be an IP address and does not support domain name resolution currently.

  • Page 496: Country

    Examples # Configure the common name of an entity as test. <Sysname> system-view [Sysname] pki entity 1 [Sysname-pki-entity-1] common-name test country Syntax country country-code-str undo country View PKI entity view Default Level 2: System level Parameters country-code-str: Country code for the entity, a 2-character case-insensitive string. Description Use the country command to specify the code of the country to which an entity belongs.

  • Page 497: Crl Update-Period

    Parameters disable: Disables CRL checking. enable: Enables CRL checking. Description Use the crl check command to enable or disable CRL checking. By default, CRL checking is enabled. CRLs are files issued by the CA to publish all certificates that have been revoked. Revocation of a certificate may occur before the certificate expires.

  • Page 498: Crl Url

    crl url Syntax crl url url-string undo crl url View PKI domain view Default Level 2: System level Parameters url-string: URL of the CRL distribution point, a case-insensitive string of 1 to 127 characters in the format of ldap://server_location or http://server_location, where server_location must be an IP address and does not support domain name resolution currently.
  • Page 499 request-status: Displays the status of a certificate request. Description Use the display pki certificate command to display the contents or request status of a certificate. Related commands: pki retrieval-certificate, pki domain and certificate request polling. Examples # Display the local certificate. <Sysname>...

  • Page 500: Display Pki Certificate Access-Control-Policy

    Table 1-1 display pki certificate command output description Field Description Version Version of the certificate Serial Number Serial number of the certificate Signature Algorithm Signature algorithm Issuer Issuer of the certificate Validity Validity period of the certificate Subject Entity holding the certificate Subject Public Key Info Public key information of the entity X509v3 extensions...

  • Page 501: Display Pki Certificate Attribute-Group

    Field Description rule number Number of the access control rule display pki certificate attribute-group Syntax display pki certificate attribute-group { group-name | all } View Any view Default Level 1: Monitor level Parameters group-name: Name of a certificate attribute group, a string of 1 to 16 characters. all: Specifies all certificate attribute groups.

  • Page 502: Display Pki Crl Domain

    display pki crl domain Syntax display pki crl domain domain-name View Any view Default Level 2: System level Parameters domain-name: Name of the PKI domain, a string of 1 to 15 characters. Description Use the display pki crl domain command to display the locally saved CRLs. Related commands: pki retrieval-crl, pki domain.

  • Page 503: Fqdn

    Field Description Issuer CA issuing the CRLs Last Update Last update time Next Update Next update time CRL extensions Extensions of CRL CA issuing the CRLs. The certificate version is X509v3 Authority Key Identifier X.509 v3. ID of the public key A CA may have multiple key pairs.

  • Page 504: Ip (Pki Entity View)

    ip (PKI entity view) Syntax ip ip-address undo ip View PKI entity view Default Level 2: System level Parameters ip-address: IP address for an entity. Description Use the ip command to configure the IP address of an entity. Use the undo ip command to remove the configuration. By default, no IP address is specified for an entity.

  • Page 505: Locality

    Use the undo ldap-server command to remove the configuration. By default, no LDP server is specified for a PKI domain. Examples # Specify an LDAP server for PKI domain 1. <Sysname> system-view [Sysname] pki domain 1 [Sysname-pki-domain-1] ldap-server ip 169.254.0.30 locality Syntax locality locality-name...

  • Page 506: Organization-Unit

    Default Level 2: System level Parameters org-name: Organization name, a case-insensitive string of 1 to 31 characters. No comma can be included. Description Use the organization command to configure the name of the organization to which the entity belongs. Use the undo organization command to remove the configuration. By default, no organization name is specified for an entity.

  • Page 507: Pki Certificate Access-Control-Policy

    pki certificate access-control-policy Syntax pki certificate access-control-policy policy-name undo pki certificate access-control-policy { policy-name | all } View System view Default Level 2: System level Parameters policy-name: Name of the certificate attribute-based access control policy, a case-insensitive string of 1 to 16 characters.

  • Page 508: Pki Delete-Certificate

    all: Specifies all certificate attribute groups. Description Use the pki certificate attribute-group command to create a certificate attribute group and enter its view. Use the undo pki certificate attribute-group command to delete one or all certificate attribute groups. By default, no certificate attribute group exists. Examples # Create a certificate attribute group named mygroup and enter its view.

  • Page 509: Pki Entity

    View System view Default Level 2: System level Parameters domain-name: PKI domain name, a case-insensitive string of 1 to 15 characters. Description Use the pki domain command to create a PKI domain and enter PKI domain view or enter the view of an existing PKI domain.

  • Page 510: Pki Import-Certificate

    <Sysname> system-view [Sysname] pki entity en [Sysname-pki-entity-en] pki import-certificate Syntax pki import-certificate { ca | local } domain domain-name { der | p12 | pem } [ filename filename ] View System view Default Level 2: System level Parameters ca: Specifies the CA certificate. local: Specifies the local certificate.

  • Page 511: Pki Retrieval-Certificate

    Default Level 2: System level Parameters domain-name: Name of the PKI domain name, a string of 1 to 15 characters. password: Password for certificate revocation, a case-sensitive string of 1 to 31 characters. pkcs10: Displays the BASE64-encoded PKCS#10 certificate request information, which can be used to request a certification by an out-of-band means, like phone, disk, or email.

  • Page 512: Pki Retrieval-Crl Domain

    Parameters ca: Retrieves the CA certificate. local: Retrieves the local certificate. domain-name: Name of the PKI domain used for certificate request. Description Use the pki retrieval-certificate command to retrieve a certificate from the server for certificate distribution. Related commands: pki domain. Examples # Retrieve the CA certificate from the certificate issuing server.

  • Page 513: Root-Certificate Fingerprint

    View System view Default Level 2: System level Parameters ca: Verifies the CA certificate. local: Verifies the local certificate. domain-name: Name of the PKI domain to which the certificate to be verified belongs, a string of 1 to 15 characters. Description Use the pki validate-certificate command to verify the validity of a certificate.

  • Page 514: Rule (Pki Cert Acp View)

    Use the undo root-certificate fingerprint command to remove the configuration. By default, no fingerprint is configured for verifying the validity of the CA root certificate. Examples # Configure an MD5 fingerprint for verifying the validity of the CA root certificate. <Sysname>...

  • Page 515: State

    <Sysname> system-view [Sysname] pki certificate access-control-policy mypolicy [Sysname-pki-cert-acp-mypolicy] rule 1 permit mygroup state Syntax state state-name undo state View PKI entity view Default Level 2: System level Parameters state-name: State or province name, a case-insensitive string of 1 to 31 characters. No comma can be included.
  • Page 516 Table of Contents 1 SSL Configuration Commands ················································································································1-1 SSL Configuration Commands ···············································································································1-1 ciphersuite ·······································································································································1-1 client-verify enable···························································································································1-2 close-mode wait·······························································································································1-2 display ssl client-policy ····················································································································1-3 display ssl server-policy···················································································································1-4 handshake timeout ··························································································································1-5 pki-domain ·······································································································································1-6 prefer-cipher ····································································································································1-6 session ············································································································································1-7 ssl client-policy ································································································································1-8 ssl server-policy·······························································································································1-9 version ·············································································································································1-9...

  • Page 517: Ssl Configuration Commands

    SSL Configuration Commands SSL Configuration Commands ciphersuite Syntax ciphersuite [ rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha ] * View SSL server policy view Default Level 2: System level Parameters rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA.

  • Page 518: Client-Verify Enable

    client-verify enable Syntax client-verify enable undo client-verify enable View SSL server policy view Default Level 2: System level Parameters None Description Use the client-verify enable command to enable certificate-based SSL client authentication, that is, to enable the SSL server to authenticate the client by the client’s certificate during the SSL handshake process.

  • Page 519: Display Ssl Client-Policy

    Description Use the close-mode wait command to set the SSL connection close mode to wait mode. In this mode, after sending a close-notify alert message to a client, the server does not close the connection until it receives a close-notify alert message from the client. Use the undo close-mode wait command to restore the default.

  • Page 520: Display Ssl Server-Policy

    Table 1-1 display ssl client-policy command output description Field Description SSL Client Policy SSL client policy name SSL Version Version of the protocol used by the SSL client policy, SSL 3.0 or TLS 1.0. PKI Domain PKI domain of the SSL client policy Prefer Ciphersuite Preferred cipher suite of the SSL client policy display ssl server-policy...

  • Page 521: Handshake Timeout

    Table 1-2 display ssl server-policy command output description Field Description SSL Server Policy SSL server policy name PKI Domain PKI domain used by the SSL server policy Ciphersuite Cipher suites supported by the SSL server policy Handshake Timeout Handshake timeout time of the SSL server policy, in seconds Close mode of the SSL server policy, which can be: wait disabled: In this mode, the server sends a close-notify alert message to the client and then closes the connection immediately...

  • Page 522: Pki-Domain

    [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] handshake timeout 3000 pki-domain Syntax pki-domain domain-name undo pki-domain View SSL server policy view, SSL client policy view Default Level 2: System level Parameters domain-name: Name of a PKI domain, a case-insensitive string of 1 to 15 characters. Description Use the pki-domain command to specify a PKI domain for an SSL server policy or SSL client policy.

  • Page 523: Session

    Parameters rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA. rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of DES_CBC, and the MAC algorithm of SHA. rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit RC4, and the MAC algorithm of MD5.

  • Page 524: Ssl Client-Policy

    The process of the session parameters negotiation and session establishment by using the SSL handshake protocol is quite complicated. SSL allows reusing the negotiated session parameters to establish sessions. Therefore, the SSL server needs to maintain information about existing sessions. Note that the number of cached sessions and the session information caching time are limited: If the number of sessions in the cache reaches the maximum, SSL rejects to cache new sessions.

  • Page 525: Ssl Server-Policy

    ssl server-policy Syntax ssl server-policy policy-name undo ssl server-policy { policy-name | all } View System view Default Level 2: System level Parameters policy-name: SSL server policy name, a case-insensitive string of 1 to 16 characters, which cannot be “a”, “al” and “all”. all: Specifies all SSL server policies.
  • Page 526 Description Use the version command to specify the SSL protocol version for an SSL client policy. Use the undo version command to restore the default. By default, the SSL protocol version for an SSL client policy is TLS 1.0. Related commands: display ssl client-policy. Examples # Specify the SSL protocol version for SSL client policy policy1 as SSL 3.0.
  • Page 527 Table of Contents 1 SSH2.0 Configuration Commands ···········································································································1-1 SSH2.0 Server Configuration Commands ······························································································1-1 display ssh server····························································································································1-1 display ssh user-information············································································································1-2 ssh server authentication-retries ·····································································································1-3 ssh server authentication-timeout ···································································································1-4 ssh server compatible-ssh1x enable ·······························································································1-5 ssh server enable ····························································································································1-6 ssh server rekey-interval ·················································································································1-6 ssh user ···········································································································································1-7 SSH2.0 Client Configuration Commands································································································1-8 display ssh client source··················································································································1-8...

  • Page 528: Ssh2.0 Configuration Commands

    SSH2.0 Configuration Commands SSH2.0 Server Configuration Commands display ssh server Syntax display ssh server { session | status } View Any view Default Level 1: Monitor level Parameters session: Displays the session information of the SSH server. status: Displays the status information of the SSH server. Description Use the display ssh server command on an SSH server to display SSH server status information or session information.

  • Page 529: Display Ssh User-Information

    SFTP Server: Disable SFTP Server Idle-Timeout: 10 minute(s) Table 1-1 display ssh server status command output description Field Description SSH Server Whether the SSH server function is enabled SSH protocol version SSH version When the SSH supports SSH1, the protocol version is 1.99. Otherwise, the protocol version is 2.0.

  • Page 530: Ssh Server Authentication-Retries

    Parameters username: SSH username, a string of 1 to 80 characters. Description Use the display ssh user-information command on an SSH server to display information about one or all SSH users. Note that: This command displays only information about SSH users configured through the ssh user command on the SSH server.

  • Page 531: Ssh Server Authentication-Timeout

    View System view Default Level 2: System level Parameters times: Maximum number of authentication attempts, in the range 1 to 5. Description Use the ssh server authentication-retries command to set the maximum number of SSH connection authentication attempts. Use the undo ssh server authentication-retries command to restore the default. By default, the maximum number of SSH connection authentication attempts is 3.

  • Page 532: Ssh Server Compatible-Ssh1X Enable

    Description Use the ssh server authentication-timeout command to set the SSH user authentication timeout period on the SSH server. Use the undo ssh server authentication-timeout command to restore the default. By default, the authentication timeout period is 60 seconds. Related commands: display ssh server. Examples # Set the SSH user authentication timeout period to 10 seconds.

  • Page 533: Ssh Server Enable

    ssh server enable Syntax ssh server enable undo ssh server enable View System view Default Level 2: System level Parameters None Description Use the ssh server enable command to enable the SSH server function. Use the undo ssh server enable command to disable the SSH server function. By default, SSH server is disabled.
  • Page 534 Related commands: display ssh server. This command is only available to SSH users using SSH1 client software. The system does not update any DSA key pair periodically. Examples # Set the RSA server key pair update interval to 3 hours. <Sysname>...

  • Page 535: Ssh2.0 Client Configuration Commands

    assign publickey keyname: Assigns an existing public key to an SSH user. keyname indicates the name of the client public key and is a string of 1 to 64 characters. work-directory directory-name: Specifies the working directory for an SFTP user. directory-name indicates the name of the working directory and is a string of 1 to 135 characters.

  • Page 536: Display Ssh Server-Info

    Parameters None Description Use the display ssh client source command to display the source IP address or source interface currently set for the SSH client. If neither source IP address nor source interface is specified for the SSH client, the system will display such a message “Neither source IP address nor source interface was specified for the STelnet client.”...

  • Page 537: Ssh Client Authentication Server

    Examples # Display the mappings between host public keys and SSH servers saved on the client. <Sysname> display ssh server-info Server Name(IP) Server public key name ______________________________________________________ 192.168.0.1 abc_key01 192.168.0.2 abc_key02 Table 1-4 display ssh server-info command output description Field Description Server Name(IP) Name or IP address of the server...

  • Page 538: Ssh Client First-Time Enable

    Examples # Configure the public key of the server with the IP address of 192.168.0.1 to be key1. <Sysname> system-view [Sysname] ssh client authentication server 192.168.0.1 assign publickey key1 ssh client first-time enable Syntax ssh client first-time enable undo ssh client first-time View System view Default Level...

  • Page 539: Ssh2

    View System view Default Level 3: Manage level Parameters ip ip-address: Specifies a source IPv4 address. interface interface-type interface-number: Specifies a source interface by its type and number. Description Use the ssh client source command to specify the source IPv4 address or source interface of the SSH client.

  • Page 540: Sftp Server Configuration Commands

    aes128: Encryption algorithm aes128-cbc des: Encryption algorithm des-cbc. prefer-ctos-hmac: Preferred HMAC algorithm from client to server, defaulted to sha1-96. md5: HMAC algorithm hmac-md5. md5-96: HMAC algorithm hmac-md5-96. sha1: HMAC algorithm hmac-sha1. sha1-96: HMAC algorithm hmac-sha1-96. prefer-kex: Preferred key exchange algorithm, defaulted to dh-group-exchange. dh-group-exchange: Key exchange algorithm diffie-hellman-group-exchange-sha1.

  • Page 541: Sftp Server Idle-Timeout

    Default Level 2: System level Parameters None Description Use the sftp server enable command to enable SFTP server. Use the undo sftp server enable command to disable SFTP server. By default, SFTP server is disabled. Related commands: display ssh server. Examples # Enable SFTP server.

  • Page 542: Sftp Client Configuration Commands

    SFTP Client Configuration Commands Syntax View SFTP client view Default Level 3: Manage level Parameters None Description Use the bye command to terminate the connection with a remote SFTP server and return to user view. This command functions as the exit and quit commands. Examples # Terminate the connection with the remote SFTP server.

  • Page 543: Cdup

    You can use the cd .. command to return to the upper-level directory. You can use the cd / command to return to the root directory of the system. Examples # Change the working path to new1. sftp-client> cd new1 Current Directory is: /new1 cdup...

  • Page 544: Dir

    Default Level 3: Manage level Parameters remote-file&<1-10>: Names of files on the server. &<1-10> means that you can provide up to 10 filenames, which are separated by space. Description Use the delete command to delete the specified file(s) from a server. This command functions as the remove command.

  • Page 545: Display Sftp Client Source

    With the remote-path not specified, the command displays information about the files and sub-directories of the current working directory. This command functions as the ls command. Examples # Display detailed information about the files and sub-directories under the current working directory in the form of a list.

  • Page 546: Exit

    exit Syntax exit View SFTP client view Default Level 3: Manage level Parameters None Description Use the exit command to terminate the connection with a remote SFTP server and return to user view. This command functions as the bye and quit commands. Examples # Terminate the connection with the remote SFTP server.

  • Page 547: Help

    Examples # Download file temp1.c and save it as temp.c locally. sftp-client> get temp1.c temp.c Remote file:/temp1.c ---> Local file: temp.c Downloading file successfully ended help Syntax help [ all | command-name ] View SFTP client view Default Level 3: Manage level Parameters all: Displays a list of all commands.

  • Page 548: Mkdir

    -l: Displays in a list form detailed information of the files and folders of the specified directory remote-path: Name of the directory to be queried. Description Use the ls command to display file and folder information under a specified directory. With the –a and –l keyword not specified, the command displays detailed information of files and folders under the specified directory in a list form.

  • Page 549: Put

    Syntax put local-file [ remote-file ] View SFTP client view Default Level 3: Manage level Parameters local-file: Name of a local file. remote-file: Name for the file on a remote SFTP server. Description Use the put command to upload a local file to a remote SFTP server. If you do not specify the remote-file argument, the file will be saved remotely with the same name as the local one.

  • Page 550: Quit

    sftp-client> pwd quit Syntax quit View SFTP client view Default Level 3: Manage level Parameters None Description Use the quit command to terminate the connection with a remote SFTP server and return to user view. This command functions as the bye and exit commands. Examples # Terminate the connection with the remote SFTP server.

  • Page 551: Rename

    Examples # Delete file temp.c from the server. sftp-client> remove temp.c The following files will be deleted: /temp.c Are you sure to delete it? [Y/N]:y This operation may take a long time.Please wait... File successfully Removed rename Syntax rename oldname newname View SFTP client view Default Level...

  • Page 552: Sftp

    Parameters remote-path&<1-10>: Names of the directoris on the remote SFTP server. &<1-10> means that you can provide up to 10 directory names that are separated by space. Description Use the rmdir command to delete the specified directories from an SFTP server. Examples # On the SFTP server, delete directory temp1 in the current directory.

  • Page 553: Sftp Client Source

    prefer-stoc-cipher: Preferred encryption algorithm from server to client, defaulted to aes128. prefer-stoc-hmac: Preferred HMAC algorithm from server to client, defaulted to sha1-96. Description Use the sftp command to establish a connection to a remote IPv4 SFTP server and enter SFTP client view.
  • Page 554 Examples # Specify the source IP address of the SFTP client as 192.168.0.1. <Sysname> system-view [Sysname] sftp client source ip 192.168.0.1 1-27...
  • Page 555 Table of Contents 1 Public Key Configuration Commands ·····································································································1-1 Public Key Configuration Commands ·····································································································1-1 display public-key local public ·········································································································1-1 display public-key peer ····················································································································1-2 peer-public-key end ·························································································································1-3 public-key-code begin······················································································································1-4 public-key-code end ························································································································1-5 public-key local create ·····················································································································1-6 public-key local destroy ···················································································································1-7 public-key local export dsa ··············································································································1-8 public-key local export rsa ···············································································································1-9 public-key peer ······························································································································1-10 public-key peer import sshkey·······································································································1-10...

  • Page 556: Public Key Configuration Commands

    Public Key Configuration Commands Public Key Configuration Commands display public-key local public Syntax display public-key local { dsa | rsa } public View Any view Default Level 1: Monitor level Parameters dsa: DSA key pair. rsa: RSA key pair. Description Use the display public-key local public command to display the public key information of the local key pairs.

  • Page 557: Display Public-Key Peer

    Key name: SERVER_KEY Key type: RSA Encryption Key ===================================================== Key code: 307C300D06092A864886F70D0101010500036B003068026100C51AF7CA926962284A4654B2AACC7B2AE12B2B 1EABFAC1CDA97E42C3C10D7A70D1012BF23ADE5AC4E7AAB132CFB6453B27E054BFAA0A85E113FBDE751EE0EC EF659529E857CF8C211E2A03FD8F10C5BEC162B2989ABB5D299D1E4E27A13C7DD10203010001 # Display the public key information of the local DSA key pair. <Sysname> display public-key local dsa public ===================================================== Time of Key pair created: 20:00:16 2007/10/25 Key name: HOST_KEY Key type: DSA Encryption Key =====================================================...

  • Page 558: Peer-Public-Key End

    View Any view Default Level 1: Monitor level Parameters brief: Displays brief information about all the host public keys of peers. name publickey-name: Displays information about a peer's host public key. publickey-name specifies a host public key by its name, which is a case-sensitive string of 1 to 64 characters. Description Use the display public-key peer command to display information about the specified or all locally saved public keys of peers.

  • Page 559: Public-Key-Code Begin

    View Public key view Default Level 2: System level Parameters None Description Use the peer-public-key end command to return from public key view to system view. Related commands: public-key peer. Examples # Exit public key view. <Sysname> system-view [Sysname] public-key peer key1 [Sysname-pkey-public-key] peer-public-key end [Sysname] public-key-code begin...

  • Page 560: Public-Key-Code End

    Examples # Enter public key code view and input the key. <Sysname> system-view [Sysname] public-key peer key1 [Sysname-pkey-public-key] public-key-code begin [Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC801 4F82515F6335A0A [Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D164313 5877E13B1C531B4 [Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80 EB5F52698FCF3D6 [Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE 675AC30CB020301 [Sysname-pkey-key-code]0001 public-key-code end Syntax public-key-code end View Public key code view Default Level 2: System level Parameters None...

  • Page 561: Public-Key Local Create

    [Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80 EB5F52698FCF3D6 [Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE 675AC30CB020301 [Sysname-pkey-key-code]0001 [Sysname-pkey-key-code] public-key-code end [Sysname-pkey-public-key] public-key local create Syntax public-key local create { dsa | rsa } View System view Default Level 2: System level Parameters dsa: DSA key pair. rsa: RSA key pair. Description Use the public-key local create command to create local key pair(s). Note that: When using this command to create DSA or RSA key pairs, you will be prompted to provide the length of the key modulus.

  • Page 562: Public-Key Local Destroy

    ++++++++ ++++++++ # Create a local DSA key pair. <Sysname> system-view [Sysname] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort.

  • Page 563: Public-Key Local Export Dsa

    public-key local export dsa Syntax public-key local export dsa { openssh | ssh2 } [ filename ] View System view Default Level 1: Monitor level Parameters openssh: Uses the format of OpenSSH. ssh2: Uses the format of SSH2.0. filename: Name of the file for storing the local public key. For detailed information about file name, see File System Management.

  • Page 564: Public-Key Local Export Rsa

    ssh-dss AAAAB3NzaC1kc3MAAACBANdXJixFhMRMIR8YvZbl8GHE8KQj9/5ra4WzTO9yzhSg06UiL+CM7OZb5sJlhUiJ3B7b 0T7IsnTan3W6Jsy5h3I2Anh+kiuoRCHyLDyJy5sG/WD+AZQd3Xf+axKJPadu68HRKNl/BnjXcitTQchQbzWCFLFq L6xLNolQOHgRx9ozAAAAFQDHcyGMc37I7pk7Ty3tMPSO2s6RXwAAAIEAgiaQCeFOxHS68pMuadOx8YUXrZWUGEzN /OrpbsTV75MTPoS0cJPFKyDNNdAkkrOVnsZJliW8T6UILiLFs3ThbdABMs5xsCAhcJGscXthI5HHbB+y6IMXwb2B cdQey4PiEMA8ybMugQVhwhYhxz1tqsAo9LFYXaf0JRlxjMmwnu8AAACBANVcLNEKdDt6xcatpRjxsSrhXFVIdRjx w59qZnKhl87GsbgP4ccUp3KmcRzuqpz1qNtfgoZOLzHnG1YGxPp7Q2k/uRuuHN0bJfBkOLo2/RyGqDJIqB4FQwmr kwJuauYGqQy+mgE6dmHn0VG4gAkx9MQxDIBjzbZRX0bvxMdNKR22 dsa-key public-key local export rsa Syntax public-key local export rsa { openssh | ssh1 | ssh2 } [ filename ] View System view Default Level 1: Monitor level Parameters openssh: Uses the format of OpenSSH. ssh1: Uses the format of SSH1.5.

  • Page 565: Public-Key Peer

    AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5N Ic5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpO pzh3W768/+u1riz+1LcwVTs51Q== ---- END SSH2 PUBLIC KEY ---- # Display the local RSA public key in OpenSSH format. <Sysname> system-view [Sysname] public-key local export rsa openssh ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5N Ic5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpO pzh3W768/+u1riz+1LcwVTs51Q== rsa-key public-key peer Syntax public-key peer keyname undo public-key peer keyname View System view Default Level...
  • Page 566 undo public-key peer keyname View System view Default Level 2: System level Parameters keyname: Public key name, a case-sensitive string of 1 to 64 characters. filename: Name of the file that saves a peer's public key. For detailed information about file name, see File System Management.
  • Page 567 Table of Contents 1 HABP Configuration Commands ·············································································································1-1 HABP Configuration Commands ············································································································1-1 display habp ····································································································································1-1 display habp table····························································································································1-2 display habp traffic···························································································································1-2 habp enable·····································································································································1-3 habp server vlan ······························································································································1-4 habp timer········································································································································1-4...

  • Page 568: Habp Configuration Commands

    HABP Configuration Commands HABP Configuration Commands display habp Syntax display habp View Any view Default Level 1: Monitor level Parameters None Description Use the display habp command to display HABP configuration information. If the HABP function is not enabled on the device, this command does not display the HABP configuration but only the running status of the HABP function.

  • Page 569: Display Habp Table

    display habp table Syntax display habp table View Any view Default Level 1: Monitor level Parameters None Description Use the display habp table command to display HABP MAC address table entries. Note that this command is only applicable on an HABP server to display the MAC address entries collected by the HABP server.

  • Page 570: Habp Enable

    Parameters None Description Use the display habp traffic command to display HABP packet statistics. Examples # Display HABP packet statistics. <Sysname> display habp traffic HABP counters : Packets output: 0, Input: 0 ID error: 0, Type error: 0, Version error: 0 Sent failed: 0 Table 1-3 display habp traffic command output description Field...

  • Page 571: Habp Server Vlan

    Examples # Enable HABP. <Sysname> system-view [Sysname] habp enable habp server vlan Syntax habp server vlan vlan-id undo habp server View System view Default Level 2: System level Parameters vlan-id: ID of the VLAN in which HABP packets are to be transmitted, in the range 1 to 4094. Description Use the habp server vlan command to configure HABP to work in server mode and specify the VLAN in which HABP packets are to be transmitted.
  • Page 572 Default Level 2: System level Parameters interval: Interval (in seconds) at which the switch sends HABP request packets, in the range 5 to 600. Description Use the habp timer command to set the interval at which the switch sends HABP request packets. Use the undo habp timer command to restore the default.
  • Page 573 Table of Contents 1 ACL Configuration Commands ················································································································1-1 ACL Configuration Commands ···············································································································1-1 acl ····················································································································································1-1 acl copy ···········································································································································1-2 acl name ··········································································································································1-3 description ·······································································································································1-3 display acl········································································································································1-4 display acl resource·························································································································1-5 display time-range ···························································································································1-6 packet-filter ······································································································································1-7 reset acl counter ······························································································································1-8 rule (advanced ACL view) ···············································································································1-8 rule (basic ACL view)·····················································································································1-13 rule (Ethernet frame header ACL view)·························································································1-14 rule comment·································································································································1-16...

  • Page 574: Acl Configuration Commands

    ACL Configuration Commands ACL Configuration Commands Syntax acl number acl-number [ name acl-name ] [ match-order { auto | config } ] undo acl { all | name acl-name | number acl-number } View System view Default Level 2: System level Parameters number acl-number: Specifies the number of an access control list (ACL): 2000 to 2999 for basic ACLs...

  • Page 575: Acl Copy

    The name of an ACL must be unique among ACLs. If you specify both an ACL number and an ACL name in one command to enter the view of an existing ACL, be sure that the ACL number and ACL name identify the same ACL. You can change match order only for ACLs that do not contain any rules.

  • Page 576: Acl Name

    Description Use the acl copy command to create an IPv4 ACL by copying an IPv4 ACL that already exists. Except the number and name (if any), the new ACL has the same configuration as the source ACL. You can assign a name for an IPv4 ACL only when you create it. After it is created, you can neither rename it nor remove its name, if any.

  • Page 577: Display Acl

    Default Level 2: System level Parameters text: ACL description, a case-sensitive string of 1 to 127 characters. Description Use the description command to configure a description for an ACL. Use the undo description command to remove the ACL description. By default, an ACL has no ACL description. Related commands: display acl.
  • Page 578 Basic ACL 2001, named flow, 1 rule, ACL's step is 5 rule 5 permit source 1.1.1.1 0 (5 times matched) rule 5 comment This rule is used on GE1/0/1 Table 1-1 display acl command output description Field Description Category and number of the ACL. The following Basic ACL 2001 field information is about basic ACL 2001.

  • Page 579: Display Time-Range

    ---------------------------------------------------- 1024 Meter ---------------------------------------------------- GE1/0/25..GE1/0/48 GE1/0/51 GE1/0/52 ---------------------------------------------------- Type Total Reserved Configured Remaining ---------------------------------------------------- 1024 Meter Table 1-2 display acl resource command output description Field Description Resource type. Possible values are as follows: Type METER for traffic policing resources, ACL for rule resources, Total Total number of ACL rules supported Reserved...
  • Page 580 <Sysname> display time-range trname Current time is 10:45:15 4/14/2005 Thursday Time-range : trname ( Inactive ) from 08:00 12/1/2005 to 23:59 12/31/2100 Table 1-3 display time-range command output description Field Description Current time Current system time Configuration and status of the time range, including the Time-range name of the time range, its status (active or inactive), and its start time and end time.

  • Page 581: Reset Acl Counter

    [Sysname-GigabitEtherhet1/0/1] packet-filter 2001 inbound # Apply Ethernet frame header ACL 4001 to the inbound direction of interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEtherhet1/0/1] packet-filter 4001 inbound reset acl counter Syntax reset acl counter { acl-number | all | name acl-name } View User view Default Level...
  • Page 582 undo rule rule-id [ { established | { ack | fin | psh | rst | syn | urg } * } | destination | destination-port | dscp | fragment | icmp-type | logging | precedence | reflective | source | source-port | time-range | tos ] * View Advanced ACL view...
  • Page 583 Parameters Function Description Specifies to log matched This function requires that the module logging packets. using the ACL support logging. Specifies that the rule be reflective Not supported. reflective. Indicates that the rule Without this keyword, the rule applies to all applies to only non-first fragment fragments and non-fragments.
  • Page 584 Parameters Function Description { ack ack-value | fin fin-value | psh Parameters specific to TCP. psh-value | rst Specifies one or more The value for each argument can be 0 or 1. rst-value | syn TCP flags The TCP flags in one rule are ANDed. syn-value | urg urg-value } * Specifies the TCP flags...
  • Page 585 ICMP message name Type Code source-route-failed timestamp-reply timestamp-request ttl-exceeded Description Use the rule command to create or edit an advanced ACL rule. Use the undo rule command to delete an entire advanced ACL rule or some attributes in the rule. By default, an advanced ACL does not contain any rule.

  • Page 586: Rule (Basic Acl View)

    rule (basic ACL view) Syntax rule [ rule-id ] { deny | permit } [ fragment | logging | source { sour-addr sour-wildcard | any } | time-range time-range-name ] * undo rule rule-id [ fragment | logging | source | time-range ] * View Basic ACL view Default Level...

  • Page 587: Rule (Ethernet Frame Header Acl View)

    You can only modify the existing rules of an ACL that uses the match order of config. When modifying a rule of such an ACL, you may choose to change just some of the settings, in which case the other settings remain the same.
  • Page 588 dest-mac dest-addr dest-mask: Matches a destination MAC address range. The dest-addr and dest-mask arguments represent a destination MAC address and mask in H-H-H format. lsap lsap-type lsap-type-mask: Matches the DSAP and SSAP fields in LLC encapsulation. The lsap-type argument is a 16-bit hexadecimal number that represents the encapsulation format. The lsap-type-mask argument is a 16-bit hexadecimal number that represents the LSAP mask.

  • Page 589: Rule Comment

    rule comment Syntax rule rule-id comment text undo rule rule-id comment View Basic ACL view, advanced ACL view, Ethernet frame header ACL view Default Level 2: System level Parameters rule-id: Specifies the ID of an existing ACL rule. The ID ranges from 0 to 65534. text: Provides a description for the ACL rule, a case sensitive string of 1 to 127 characters.

  • Page 590: Time-Range

    Description Use the step command to set a rule numbering step for an ACL. Use the undo step command to restore the default. By default, the rule numbering step is 5. Related commands: display acl. Examples # Set the rule numbering step to 2 for basic ACL 2000. <Sysname>...
  • Page 591 A digit in the range 0 to 6, respectively for Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, and Saturday. A day of a week in words, sun, mon, tue, wed, thu, fri, and sat. working-day for Monday through Friday. off-day for Saturday and Sunday. daily for the whole week.
  • Page 592 # Create an absolute time range t2, setting it to be active in the whole year of 2010. <Sysname> system-view [Sysname] time-range t1 from 0:0 1/1/2010 to 23:59 12/31/2010 # Create a compound time range t3, setting it to be active from 08:00 to 12:00 on Saturdays and Sundays of the year 2010.
  • Page 593 Table of Contents 1 Device Management Commands ·············································································································1-1 Device Management Commands············································································································1-1 boot-loader ······································································································································1-1 bootrom ···········································································································································1-2 bootrom-update security-check enable ···························································································1-2 display boot-loader ··························································································································1-3 display cpu-usage····························································································································1-3 display cpu-usage history················································································································1-5 display device ··································································································································1-7 display device manuinfo ··················································································································1-8 display environment·························································································································1-9 display fan ·····································································································································1-10 display memory ·····························································································································1-10 display power·································································································································1-11 display reboot-type ························································································································1-11 display schedule job ······················································································································1-12...

  • Page 594: Device Management Commands

    Device Management Commands Device Management Commands boot-loader Syntax boot-loader file file-url { main | backup } View User view Default Level 2: System level Parameters file file-url: Specifies a file name, a string of 1 to 63 characters, If you enter a relative path here, the system automatically converts it to an absolute path.

  • Page 595: Bootrom

    bootrom Syntax bootrom update file file-url View User view Default Level 2: System level Parameters update file file-url: Upgrades Boot ROM, where file-url is a string of 1 to 63 characters and represents name of the file to be upgraded. See boot-loader. Description Use the bootrom command to upgrade the Boot ROM program on a device(s).

  • Page 596: Display Boot-Loader

    After the validity check function is enabled, the device will strictly check whether the Boot ROM upgrade files are valid and can match the hardware. Examples # Enable the validity check function when upgrading Boot ROM. <Sysname> system-view [Sysname] bootrom-update security-check enable display boot-loader Syntax display boot-loader...
  • Page 597 View Any view Default Level 1: Monitor level Parameters entry-number: Number of entries to be displayed, in the range of 1 to 60. offset: Offset between the serial number of the first CPU usage statistics record to be displayed and that of the last CPU usage record to be displayed.

  • Page 598: Display Cpu-Usage History

    Actual Stat. Cycle : 0x0(CPU Tick High) 0x95030517(CPU Tick Low) ===== CPU usage info (no: idx: 57) ===== CPU Usage Stat. Cycle: 60 (Second) CPU Usage : 3% CPU Usage Stat. Time : 2006-07-10 10:55:55 CPU Usage Stat. Tick : 0x1d9c(CPU Tick High) 0xa50e5351(CPU Tick Low) Actual Stat.
  • Page 599 Default Level 1: Monitor level Parameters task task-id: Displays the history statistics of the CPU usage of the specified task, where task-id represents the task number. If the task-id argument is not provided, the system displays the history statistics of the CPU usage of the entire system (the CPU usage of the entire system is the sum of CPU usages of all tasks).

  • Page 600: Display Device

    ######## ------------------------------------------------------------ (minutes) cpu-usage last 60 minutes(SYSTEM) The above output information indicates the CPU usage of the whole system in the last 60 minutes: 5% in the twelfth minute, 10% in the thirteenth minute, 15% in the fourteenth minute, 10% in the fifteenth minute, 5% in the sixteenth and seventeenth minute, 10% in the eighteenth minute, 5% in the nineteenth minute, and 2% or lower than 2% at other times.

  • Page 601: Display Device Manuinfo

    View Any view Default Level 2: System level Parameters verbose: Displays detailed information. Description Use the display device command to display information about the device. Examples # Display information of the device. (The output of this command varies with devices.) <Sysname>...

  • Page 602: Display Environment

    # Display electrical label information. (The output of this command varies with devices.) DEVICE_NAME : S5120-28P-SI DEVICE_SERIAL_NUMBER : DPPMWWB123456 MAC_ADDRESS : 000F-E26A-58EA MANUFACTURING_DATE : 2007-11-10 VENDOR_NAME : H3C Table 1-4 display device manuinfo command output description Field Description DEVICE_NAME Device name DEVICE_SERIAL_NUMBER Device serial number MAC_ADDRESS...

  • Page 603: Display Fan

    Sensor Temperature LowerLimit WarningLimit AlarmLimit ShutdownLimit hotspot 1 display fan Syntax display fan [ fan-id ] View Any view Default Level 1: Monitor level Parameters fan-id: Displays the operating state of the specified fan, where fan-id represents the built-in fan number. Description Use the display fan command to display the operating state of built-in fans.

  • Page 604: Display Power

    Used Rate: 16% Table 1-5 display memory command output description Field Description System Total Memory(bytes) Total size of the system memory (in bytes) Total Used Memory(bytes) Size of the memory used (in bytes) Used Rate Percentage of the memory used to the total memory display power Syntax display power [ power-id ]...

  • Page 605: Display Schedule Job

    View Any view Default Level 2: System level Parameters None Description Use the display reboot-type command to display the reboot mode of the device. Examples # Display the reboot mode of the device. <Sysname> display reboot-type The rebooting type this time is: Cold The above information indicates that the last reboot mode of the device is Cold boot (cold boot is to restart a device by powering it on).

  • Page 606: Display Schedule Reboot

    If you modify the system time within 16 minutes, the configurations of scheduled automatic execution of the batch file will become invalid, and then when you execute the display schedule job command again, the system displays nothing. display schedule reboot Syntax display schedule reboot View...

  • Page 607: Display Transceiver Alarm

    Examples # Display the exception handling method. <Sysname> display system-failure System failure handling method: reboot display transceiver alarm Syntax display transceiver alarm interface [ interface-type interface-number ] View Any view Default Level 2: System level Parameters interface [ interface-type interface-number ]: Displays the current alarm information of the pluggable transceiver plugged in the specified interface.
  • Page 608 Field Remarks Voltage low Voltage is low. Transceiver info I/O error Transceiver information read and write error Transceiver info checksum error Transceiver information checksum error Transceiver type and port configuration Transceiver type does not match port configuration. mismatch Transceiver type not supported by port Transceiver type is not supported on the port.
  • Page 609 Field Remarks PMA/PMD (Physical Medium Attachment/Physical PMA/PMD receiver local fault Medium Dependent) receiver local fault PCS receive local fault PCS (Physical Coding Sublayer) receiver local fault PHY XS receive local fault PHY XS (PHY Extended Sublayer) receive local fault RX power high RX power is high.

  • Page 610: Display Transceiver Diagnosis

    H3C customized anti-spoofing pluggable optical transceivers. Examples # Display the currently measured value of the digital diagnosis parameters of the H3C customized anti-spoofing pluggable optical transceiver plugged in interface GigabitEthernet1/0/25. (The output of this command varies with devices.) <Sysname>...

  • Page 611: Display Transceiver

    : 1000_BASE_SX_SFP Connector Type : LC Wavelength(nm) : 850 Transfer Distance(m) : 550(50um),270(62.5um) Digital Diagnostic Monitoring : YES Vendor Name : H3C Ordering Name : SFP-GE-SX-MM850 Table 1-10 display transceiver command output description Field Description transceiver information Pluggable transceiver information 1-18...

  • Page 612: Display Transceiver Manuinfo

    2: System level Parameters interface [ interface-type interface-number ]: Displays part of the electrical label information of the H3C customized anti-spoofing pluggable transceiver plugged in the specified interface. interface-type interface-number represents interface type and interface number. If it is not specified, the command...
  • Page 613 H3C customized anti-spoofing pluggable transceiver(s) in all the interfaces. Description Use the display transceiver manuinfo command to display part of the electrical label information of a single or all H3C customized anti-spoofing pluggable transceivers.

  • Page 614: Reset Unused Porttag

    Device reboot may result in the interruption of the ongoing services. Use these commands with caution. If a main boot file fails or does not exist, the device cannot be rebooted with the reboot command. In this case, you can re-specify a main boot file to reboot the device, or you can power off the device, then power it on and the system automatically uses the backup boot file to restart the device.

  • Page 615: Schedule Job

    <Sysname> reset unused porttag Current operation will delete all unused port tag(s). Continue? [Y/N]:y <Sysname> schedule job Syntax schedule job { at time1 [ date ] | delay time2 } view view command undo schedule job View User view Default Level 3: Manage level Parameters at time1 [ date ]: Specifies the execution time of a specified command.

  • Page 616: Schedule Reboot

    At present, you can specify only user view and system view. To automatically execute the specified commands in other views or automatically execute multiple commands at a time, you can configure the system to automatically execute a batch file at a specified time (note that you must provide a complete file path for the system to execute the batch file.).
  • Page 617 Parameters hh:mm: Reboot time of a device, in the format of hh:mm (hours:minutes). The value of the hh argument ranges from 0 to 23, and the value of the mm argument ranges from 0 to 59. date: Reboot date of a device, in the format mm/dd/yyyy (month/day/year) or in the format yyyy/mm/dd (year/month/day) The yyyy value ranges from 2000 to 2035, the mm value ranges from 1 to 12, and the dd value depends on a specific month.

  • Page 618: Schedule Reboot Delay

    # If you have used the terminal logging command to enable the log display function on the terminal before setting a reboot time, the system will automatically display related log information after you enter <y>. By default, the log display function is enabled. <Sysname>...

  • Page 619: System-Failure

    This command reboots the device after the specified delay time, thus resulting in service interruption. Please use it with caution. Examples # Configure the device to reboot in 88 minutes (supposing the current time is 11:48). <Sysname> schedule reboot delay 88 Reboot system at 13:16 06/06/2006(in 1 hour(s) and 28 minute(s)).
  • Page 620 1-27...
  • Page 621 Table of Contents 1 NTP Configuration Commands ················································································································1-1 NTP Configuration Commands ···············································································································1-1 display ntp-service sessions············································································································1-1 display ntp-service status ················································································································1-5 display ntp-service trace··················································································································1-7 ntp-service access···························································································································1-8 ntp-service authentication enable····································································································1-9 ntp-service authentication-keyid······································································································1-9 ntp-service broadcast-client ··········································································································1-10 ntp-service broadcast-server·········································································································1-11 ntp-service in-interface disable······································································································1-12 ntp-service max-dynamic-sessions ·······························································································1-12 ntp-service multicast-client ············································································································1-13 ntp-service multicast-server ··········································································································1-14 ntp-service reliable authentication-keyid ·······················································································1-15...
  • Page 622 NTP Configuration Commands NTP Configuration Commands display ntp-service sessions Syntax display ntp-service sessions [ verbose ] View Any view Default Level 1: Monitor level Parameters verbose: Displays the detailed information of all NTP sessions. If you do not specify this keyword, only the brief information of the NTP sessions will be displayed.
  • Page 623 Table 1-1 display ntp-service sessions command output description Field Description source IP address of the clock source Reference clock ID of the clock source If the reference clock is the local clock, the value of this field is related to the value of the stra field: When the value of the stra field is 0 or 1, this field will be “LOCL”;...
  • Page 624 local mode: client, local poll: 6 peer mode: server, peer poll: 6 offset: 0.0000 ms,delay: 0.00 ms, disper: 0.02 ms root delay: 0.00 ms, root disper: 10.00 ms reach: 1, sync dist: 0.010, sync state: 2 precision: 2^18, version: 3, peer interface: InLoopBack0 reftime: 10:56:22.442 UTC Aug 7 2009(CE2686D6.71484513) orgtime: 10:56:22.442 UTC Aug 7 2009(CE2686D6.71484513) rcvtime: 10:56:22.442 UTC Aug 7 2009(CE2686D6.7149E881)
  • Page 625 Field Description Reference clock ID of the clock source If the reference clock is the local clock, the value of this field is related to the stratum level of the clock source: When the stratum level of the clock source is 0 or 1, this field will be “LOCL”;...

  • Page 626: Display Ntp-Service Status

    Field Description State of the state machine sync state The displayed value is an integral that ranges from 0 to 5. precision Precision of the system clock NTP version version The displayed value is an integral that ranges from 1 to 3. Source interface peer interface If the source interface is not specified, this field will be...
  • Page 627 Examples # View the NTP service status information. <Sysname> display ntp-service status Clock status: unsynchronized Clock stratum: 16 Reference clock ID: none Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: 0.0000 ms Root delay: 0.00 ms Root dispersion: 0.00 ms Peer dispersion: 0.00 ms Reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)

  • Page 628: Display Ntp-Service Trace

    display ntp-service trace Syntax display ntp-service trace View Any view Default Level 1: Monitor level Parameters None Description Use the display ntp-service trace command view the brief information of each NTP server along the NTP server chain from the local device back to the primary reference source. The display ntp-service trace command takes effect only if routes are available between the local device and all the devices on the NTP server chain;...

  • Page 629: Ntp-Service Access

    ntp-service access Syntax ntp-service access { peer | query | server | synchronization } acl-number undo ntp-service access { peer | query | server | synchronization } View System view Default Level 2: System level Parameters peer: Specifies to permit full access. This level of right permits the peer devices to perform synchronization and control query to the local device and also permits the local device to synchronize its clock to that of a peer device.

  • Page 630: Ntp-Service Authentication Enable

    Examples # Configure the peer devices on subnet 10.10.0.0/16 to have the full access right to the local device. <Sysname> system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255 [Sysname-acl-basic-2001] quit [Sysname] ntp-service access peer 2001 ntp-service authentication enable Syntax ntp-service authentication enable undo ntp-service authentication enable...

  • Page 631: Ntp-Service Broadcast-Client

    Parameters keyid: Authentication key ID, in the range of 1 to 4294967295. authentication-mode md5 value: Specifies to use the MD5 algorithm for key authentication, where value represents authentication key and is a string of 1 to 32 characters. Description Use the ntp-service authentication-keyid command to set the NTP authentication key. Use the undo ntp-service authentication-keyid command to remove the set NTP authentication key.

  • Page 632: Ntp-Service Broadcast-Server

    Parameters None Description Use the ntp-service broadcast-client command to configure the device to work in the NTP broadcast client mode and use the current interface to receive NTP broadcast packets. Use the undo ntp-service broadcast-client command to remove the configuration. By default, the device does not work in any NTP operation mode.

  • Page 633: Ntp-Service In-Interface Disable

    [Sysname-Vlan-interface1] ntp-service broadcast-server authentication-keyid 4 version 3 ntp-service in-interface disable Syntax ntp-service in-interface disable undo ntp-service in-interface disable View Interface view Default Level 2: System level Parameters None Description Use the ntp-service in-interface disable command to disable an interface from receiving NTP messages.

  • Page 634: Ntp-Service Multicast-Client

    Description Use the ntp-service max-dynamic-sessions command to set the maximum number of dynamic NTP sessions that are allowed to be established locally. Use the undo ntp-service max-dynamic-sessions command to restore the maximum number of dynamic NTP sessions to the system default. By default, the number is 100.

  • Page 635: Ntp-Service Multicast-Server

    Examples # Configure the device to work in the multicast client mode and receive NTP multicast messages on VLAN-interface 1, and set the multicast address to 224.0.1.1. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.1 ntp-service multicast-server Syntax ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] * undo ntp-service multicast-server [ ip-address ]...

  • Page 636: Ntp-Service Reliable Authentication-Keyid

    ntp-service reliable authentication-keyid Syntax ntp-service reliable authentication-keyid keyid undo ntp-service reliable authentication-keyid keyid View System view Default Level 2: System level Parameters keyid: Authentication key number, in the range of 1 to 4294967295. Description Use the ntp-service reliable authentication-keyid command to specify that the created authentication key is a trusted key.

  • Page 637: Ntp-Service Unicast-Peer

    Description Use the ntp-service source-interface command to specify the source interface for NTP messages. Use the undo ntp-service source-interface command to restore the default. By default, no source interface is specified for NTP messages, and the system uses the IP address of the interface determined by the matched route as the source IP address of NTP messages.

  • Page 638: Ntp-Service Unicast-Server

    No symmetric-passive peer is designated for the device by default. Examples # Designate the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the device, configure the device to run NTP version 3, and specify the source interface of NTP messages as VLAN-interface 1.
  • Page 639 Table of Contents 1 SNMP Configuration Commands ·············································································································1-1 SNMP Configuration Commands············································································································1-1 display snmp-agent community·······································································································1-1 display snmp-agent group ···············································································································1-2 display snmp-agent local-engineid ··································································································1-3 display snmp-agent mib-view ··········································································································1-4 display snmp-agent statistics ··········································································································1-5 display snmp-agent sys-info ············································································································1-7 display snmp-agent trap queue ·······································································································1-8 display snmp-agent trap-list ············································································································1-8 display snmp-agent usm-user ·········································································································1-9 enable snmp trap updown ·············································································································1-10 snmp-agent····································································································································1-11...
  • Page 640 SNMP Configuration Commands SNMP Configuration Commands display snmp-agent community Syntax display snmp-agent community [ read | write ] View Any view Default Level 1: Monitor level Parameters read: Displays the information of communities with read-only access right. write: Displays the information of communities with read and write access right. Description Use the display snmp-agent community command to display community information for SNMPv1 or SNMPv2c.

  • Page 641: Display Snmp-Agent Group

    Table 1-1 display snmp-agent community command output description Field Description Community name. If a community name is created by using the snmp-agent community command, the community name will be Community name displayed. If a community name is created by using the snmp-agent usm-user { v1 | v2c } command, the user name will be displayed.

  • Page 642: Display Snmp-Agent Local-Engineid

    Examples # Display the information of all SNMP agent groups. <Sysname> display snmp-agent group Group name: groupv3 Security model: v3 noAuthnoPriv Readview: ViewDefault Writeview: <no specified> Notifyview: <no specified> Storage-type: nonVolatile Table 1-2 display snmp-agent group command output description Field Description Group name SNMP group name...

  • Page 643: Display Snmp-Agent Mib-View

    Examples # Display the local SNMP agent engine ID. <Sysname> display snmp-agent local-engineid SNMP local EngineID: 800007DB7F0000013859 display snmp-agent mib-view Syntax display snmp-agent mib-view [ exclude | include | viewname view-name ] View Any view Default Level 1: Monitor level Parameters exclude: Displays MIB view information of the excluded type.

  • Page 644: Display Snmp-Agent Statistics

    Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active ViewDefault is the default view of the device. When you access the device through the ViewDefault view, you can access all the MIB objects of the iso subtree except for the MIB objects under the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees.
  • Page 645 Examples # Display the statistics on the current SNMP. <Sysname> display snmp-agent statistics 1684 Messages delivered to the SNMP entity 5 Messages which were for an unsupported version 0 Messages which used a SNMP community name not known 0 Messages which represented an illegal operation for the community supplied 0 ASN.1 or BER errors in the process of decoding 1679 Messages passed from the SNMP entity 0 SNMP PDUs which had badValue error-status...

  • Page 646: Display Snmp-Agent Sys-Info

    Use the display snmp-agent sys-info command to display the current SNMP system information. If no keyword is specified, all SNMP agent system information will be displayed. Examples # Display the current SNMP agent system information. <Sysname> display snmp-agent sys-info The contact person for this managed node: Hangzhou H3C Technologies Co., Ltd.

  • Page 647: Display Snmp-Agent Trap Queue

    The physical location of this node: Hangzhou, China SNMP version running in the system: SNMPv3 display snmp-agent trap queue Syntax display snmp-agent trap queue View Any view Default Level 1: Monitor level Parameters None Description Use the display snmp-agent trap queue command to display basic information of the trap queue, including trap queue name, queue length and the number of traps in the queue currently.

  • Page 648: Display Snmp-Agent Usm-User

    View Any view Default Level 1: Monitor level Parameters None Description Use the display snmp-agent trap-list command to display the modules that can generate traps and whether their trap function is enabled or not. If a module comprises multiple sub-modules, then as long as one sub-module has the trap function enabled, the whole module will be displayed as being enabled with the trap function.

  • Page 649: Enable Snmp Trap Updown

    group group-name: Displays SNMPv3 user information for a specified SNMP group name. It is case sensitive. Description Use the display snmp-agent usm-user command to display SNMPv3 user information. Examples # Display SNMPv3 information of all created users. <Sysname> display snmp-agent usm-user User name: userv3 Group name: mygroupv3 Engine ID: 800063A203000FE240A1A6...

  • Page 650: Snmp-Agent

    Default Level 2: System level Parameters None Description Use the enable snmp trap updown command to enable the trap function for interface state changes. Use the undo enable snmp trap updown command to disable the trap function for interface state changes.

  • Page 651: Snmp-Agent Calculate-Password

    By default, SNMP agent is disabled. You can enable SNMP agent through any commands that begin with snmp-agent. Examples # Enable SNMP agent on the device. <Sysname> system-view [Sysname] snmp-agent snmp-agent calculate-password Syntax snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid } View System view...

  • Page 652: Snmp-Agent Community

    specified-engineid: Uses user-defined engine ID to calculate cipher text password. engineid: The engine ID string, an even number of hexadecimal characters, in the range 10 to 64. Its length must not be an odd number, and the all-zero and all-F strings are invalid. Description Use the snmp-agent calculate-password command to convert the user-defined plain text password to a cipher text password.
  • Page 653 mib-view view-name: S Specifies MIB objects that the NMS can access, view-name represents the MIB view name, a string of 1 to 32 characters. If no keyword is specified, the default view is ViewDefault (The view created by the system after SNMP agent is enabled). Description Use the snmp-agent community command to create a new SNMP community.

  • Page 654: Snmp-Agent Group

    Fill in the write community name writeaccess; namely, the NMS can perform read-only operations to the MIB objects in the ViewDefault view on the device # Create a community with the name of wr-sys-acc. The NMS can perform the read and write operations to the MIB objects of the system subtree (with the OID of 1.3.6.1.2.1.1).

  • Page 655: Snmp-Agent Local-Engineid

    acl acl-number: Associates a basic ACL with the group. acl-number is in the range 2000 to 2999. By using a basic ACL, you can restrict the source IP address of SNMP packets, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to restrict the intercommunication between the NMS and the agent.

  • Page 656: Snmp-Agent Log

    In SNMPv3, the user name and cipher text password are associated with the engine ID. Therefore, if the engine ID changes, the user name and cipher text password configured under the engine ID become invalid. Typically, the device uses its default engine ID. For ease of remembrance, you can set engine IDs for the devices according to the network planning.

  • Page 657: Snmp-Agent Mib-View

    <Sysname> system-view [Sysname] snmp-agent log set-operation snmp-agent mib-view Syntax snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ] undo snmp-agent mib-view view-name View System view Default Level 3: Manage level Parameters excluded: Indicates that no nodes of the MIB tree are included in current view, which means the access to all nodes of this MIB subtree is forbidden.

  • Page 658: Snmp-Agent Packet Max-Size

    [Sysname] snmp-agent mib-view excluded mibtest ip [Sysname] snmp-agent community read public mib-view mibtest If the SNMP version on the NMS is set to SNMPv1, when the NMS uses the community name public to access the device, it cannot access all objects of the ip subtree (such as the ipForwarding node, the ipDefaultTTL node, and so on), but it can access all objects of the mib-2 subtree.
  • Page 659 Use the undo snmp-agent sys-info version command to disable use of the SNMP function of the specified version. By default, the location information is Hangzhou China, version is SNMPv3, and the contact is Hangzhou H3C Technologies Co., Ltd. Successful interaction between an NMS and the agents requires consistency of SNMP versions configured on them.

  • Page 660: Snmp-Agent Target-Host

    snmp-agent target-host Syntax snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain ip-address params securityname security-string View System view Default Level 3: Manage level Parameters...

  • Page 661: Snmp-Agent Trap Enable

    Sends linkup traps when the port is in a linkup status. It should be configured globally. warmstart: Sends warmstart traps when the SNMP restarts. system: Sends H3C-SYS-MAN-MIB (a private MIB) traps. Description Use the snmp-agent trap enable command to enable the trap function globally.

  • Page 662: Snmp-Agent Trap If-Mib Link Extended

    To enable an interface to generate Linkup/Linkdown traps when its state changes, you need to enable the linkUp/linkDown trap function on the interface and globally. Use the enable snmp trap updown command to enable this function on an interface, and use the snmp-agent trap enable [ standard [ linkdown | linkup ] * ] command to enable this function globally.

  • Page 663: Snmp-Agent Trap Life

    An extended linkDown trap is in the following format: #Apr 24 11:42:54:314 2008 AR29.46 IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983555 Down, ifAdminStatus ifOperStatus is 2, ifDescr is GigabitEthernet1/0/1, ifType is 6 The format of an extended linkup/ linkDown trap is the standard format followed with the ifDescr and ifType information, facilitating problem location.

  • Page 664: Snmp-Agent Trap Queue-Size

    snmp-agent trap queue-size Syntax snmp-agent trap queue-size size undo snmp-agent trap queue-size View System view Default Level 3: Manage level Parameters size: Number of traps that can be stored in the trap sending queue, in the range 1 to 1,000. Description Use the snmp-agent trap queue-size command to set the size of the trap sending queue.

  • Page 665: Snmp-Agent Usm-User { V1 | V2C

    Description Use the snmp-agent trap source command to specify the source IP address contained in the trap. Use the undo snmp-agent trap source command to restore the default. By default, SNMP chooses the IP address of an interface to be the source IP address of the trap. Upon the execution of this command, the system uses the primary IP address of the specified interface as the source IP address of the traps, and the NMS will use this IP address to uniquely identify the agent.

  • Page 666: Snmp-Agent Usm-User V3

    allow or prohibit SNMP packets with a specific source IP address, so as to allow or prohibit the specified NMS to access the agent by using this user name. Description Use the snmp-agent usm-user { v1 | v2c } command to add a user to an SNMP group. Use the undo snmp-agent usm-user { v1 | v2c } command to delete a user from an SNMP group.
  • Page 667 View System view Default Level 3: Manage level Parameters user-name: User name, a string of 1 to 32 characters. It is case sensitive. group-name: Group name, a string of 1 to 32 characters. It is case sensitive. cipher: Specifies that auth-password and priv-password are cipher text passwords, which can be calculated by using the snmp-agent calculate-password command.
  • Page 668 The user name configured by using this command is applicable to the SNMPv3 networking environments, If the agent and the NMS use SNMPv3 packets to communicate with each other, you need to create an SNMPv3 user. To make the configured user valid, create an SNMP group first. Configure the authentication and encryption modes when you create a group, and configure the authentication and encryption passwords when you create a user.
  • Page 669 # Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication and privacy, the authentication protocol as MD5, the privacy protocol as DES56, the plain-text authentication password as authkey, and the plain-text privacy password as prikey. <Sysname>...

  • Page 670: Mib Configuration Commands

    Related commands: mib-style. Examples # After getting the device ID from node sysObjectID, you find that it is an H3C device, and hope to know the current MIB style or the MIB style after next boot of the device. <Sysname> display mib-style...
  • Page 671 3: Manage level Parameters new: Specifies the MIB style of the device as H3C new; that is, both sysOID and private MIB of the device are located under the H3C enterprise ID 25506. compatible: Specifies the MIB style of the device as H3C compatible; that is, sysOID of the device is located under the H3C enterprise ID 25506, and private MIB is located under the enterprise ID 2011.
  • Page 672 Table of Contents 1 RMON Configuration Commands ············································································································1-1 RMON Configuration Commands ···········································································································1-1 display rmon alarm ··························································································································1-1 display rmon event ··························································································································1-2 display rmon eventlog······················································································································1-3 display rmon history·························································································································1-5 display rmon prialarm ······················································································································1-7 display rmon statistics ·····················································································································1-9 rmon alarm ····································································································································1-11 rmon event·····································································································································1-13 rmon history···································································································································1-14 rmon prialarm ································································································································1-15 rmon statistics································································································································1-17...

  • Page 673: Rmon Configuration Commands

    RMON Configuration Commands RMON Configuration Commands display rmon alarm Syntax display rmon alarm [ entry-number ] View Any view Default Level 1: Monitor level Parameters entry-number: Index of an RMON alarm entry, in the range 1 to 65535. If no entry is specified, the configuration of all alarm entries is displayed.

  • Page 674: Display Rmon Event

    Field Description owner: Owner of the entry, corresponding to the MIB node alarmOwner. Status: Status of the entry identified by the index (VALID means entry valid, UNDERCREATION means invalid. You can use the display rmon command to view the invalid entry, while with the display current-configuration and display this commands you cannot view the corresponding rmon commands.), corresponding to...

  • Page 675: Display Rmon Eventlog

    Displayed information includes event index, event owner, event description, action triggered by the event (such as sending log or trap messages), and last time the event occurred (the elapsed time since system initialization/startup) in seconds. Related commands: rmon event. Examples # Display the configuration of RMON event table.
  • Page 676 Parameters entry-number: Index of an event entry, in the range 1 to 65535. Description Use the display rmon eventlog command to display log information for the specified or all event entries. If entry-number is not specified, the log information for all event entries is displayed. If you use the rmon event command to configure the system to log an event when the event is triggered, the event is recorded into the RMON log.
  • Page 677 display rmon history Syntax display rmon history [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display rmon history command to display RMON history control entry and history sampling information.
  • Page 678 dropevents , octets packets , broadcast packets multicast packets : 0 , CRC alignment errors : 0 undersize packets : 0 , oversize packets fragments , jabbers collisions , utilization Sampled values of record 4 : dropevents , octets packets , broadcast packets multicast packets : 0 , CRC alignment errors : 0...

  • Page 679: Display Rmon Prialarm

    Field Description Dropped packets during the sampling period, dropevents corresponding to the MIB node etherHistoryDropEvents. Number of octets received during the sampling period, octets corresponding to the MIB node etherHistoryOctets. Number of packets received during the sampling period, packets corresponding to the MIB node etherHistoryPkts. Number of broadcasts received during the sampling broadcastpackets period, corresponding to the MIB node...
  • Page 680 Description Use the display rmon prialarm command to display the configuration of the specified or all private alarm entries. Related commands: rmon prialarm. Examples # Display the configuration of all private alarm entries. <Sysname> display rmon prialarm PrialarmEntry 1 owned by user1 is VALID. Samples type : absolute Variable formula...
  • Page 681 display rmon statistics Syntax display rmon statistics [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display rmon statistics command to display RMON statistics. This command displays the interface statistics during the period from the time the statistics entry is created to the time the command is executed.
  • Page 682 Field Description Number of octets received by the interface during the statistical etherStatsOctets period, corresponding to the MIB node etherStatsOctets. Number of packets received by the interface during the etherStatsPkts statistical period, corresponding to the MIB node etherStatsPkts. Number of broadcast packets received by the interface during etherStatsBroadcastPkts the statistical period, corresponding to the MIB node etherStatsBroadcastPkts.

  • Page 683: Rmon Alarm

    rmon alarm Syntax rmon alarm entry-number alarm-variable sampling-interval { absolute | delta } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ] undo rmon alarm entry-number View System view Default Level 2: System level Parameters entry-number: Alarm entry index, in the range 1 to 65535. alarm-variable: Alarm variable, a string of 1 to 256 characters.
  • Page 684 value of the monitored alarm variable at specified interval, and compares the sampled values with the predefined threshold and does the following: If the rising threshold is reached, triggers the event specified by the event-entry1 argument. If the falling threshold is reached, triggers the event specified by the event-entry2 argument. Note the following: Before creating an alarm entry, define the events to be referenced in the event table with the rmon event command;...

  • Page 685: Rmon Event

    rmon event Syntax rmon event entry-number [ description string ] { log | log-trap log-trapcommunity | none | trap trap-community } [ owner text ] undo rmon event entry-number View System view Default Level 2: System level Parameters entry-number: Event entry index, in the range 1 to 65,535. description string: Event description, a string of 1 to 127 characters.

  • Page 686: Rmon History

    Examples # Create event 10 in the RMON event table. <Sysname> system-view [Sysname] rmon event 10 log owner user1 rmon history Syntax rmon history entry-number buckets number interval sampling-interval [ owner text ] undo rmon history entry-number View Ethernet interface view Default Level 2: System level Parameters...

  • Page 687: Rmon Prialarm

    An entry cannot be created if the value of the specified sampling interval (interval sampling-interval) is identical to that of the existing history entry in the system. You can create up to 100 history entries. Related commands: display rmon history. Examples # Create RMON history control entry 1 for interface GigabitEthernet 1/0/1.
  • Page 688 from 0 to 65,535, with 0 meaning no corresponding event is triggered and no event action is taken when an alarm is triggered. falling-threshold threshold-value2 event-entry2: Sets the falling threshold, where threshold-value2 represents the falling threshold, in the range –2,147,483,648 to +2,147,483,647 and event-entry2 represents the index of the event triggered when the falling threshold is reached.

  • Page 689: Rmon Statistics

    broadcast packets received on the interface/total number of packets received on the interface; the formula is customized by users.) <Sysname> system-view [Sysname] rmon event 1 log [Sysname] rmon event 2 none [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] rmon statistics 1 [Sysname-GigabitEthernet1/0/1] quit [Sysname] rmon prialarm...
  • Page 690 To display information for the RMON statistics table, use the display rmon statistics command. Only one statistics entry can be created on one interface. You can create up to 100 statistics entries. Examples # Create an entry in the RMON statistics table for interface GigabitEthernet 1/0/1. The index of the entry is 20, and the owner of the entry is user1.
  • Page 691 Table of Contents 1 File System Management Commands ·····································································································1-1 File System Management Commands····································································································1-1 cd ·····················································································································································1-1 copy ·················································································································································1-2 delete ···············································································································································1-2 dir·····················································································································································1-3 display nandflash file-location ·········································································································1-4 display nandflash badblock-location································································································1-5 display nandflash page-data ···········································································································1-6 execute ············································································································································1-7 file prompt········································································································································1-7 fixdisk···············································································································································1-8 format···············································································································································1-9 mkdir ················································································································································1-9 more···············································································································································1-10 move ··············································································································································1-11 pwd ················································································································································1-11 rename ··········································································································································1-12...
  • Page 692 File System Management Commands The current working directory is the root directory of the storage medium on the device in the examples in this manual. For the qualified filename formats, refer to File System Management Configuration. File System Management Commands Syntax cd { directory | ..

  • Page 693: Copy

    <Sysname> cd .. # Return to the root directory. <Sysname> cd / After you change the current directory using the cd command, you can use the pwd command to view the path of the current working directory. copy Syntax copy fileurl-source fileurl-dest View User view Default Level...

  • Page 694: Dir

    file-url: Name of the file to be deleted. Asterisks (*) are acceptable as wildcards. For example, to remove files with the extension of .txt in the current directory, you may use the delete *.txt command. Description Use the delete file-url command to temporarily delete a file. The deleted file is saved in the recycle bin. To restore it, use the undelete command.

  • Page 695: Display Nandflash File-Location

    Use the dir /all command to display information about all files and folders in the current directory, including hidden files, hidden sub-folders and the files in the recycle bin that originally belong to the current directory. The names of these deleted files are enclosed in pairs of brackets [ ]. The dir file-url command displays information about a file or folder.

  • Page 696: Display Nandflash Badblock-Location

    Description Use the display nandflash file-location command to display the location of the specified file in the NAND flash memory. The displayed information includes all the physical pages corresponding to the logical pages of the specified file. Examples # Display the location of the file test.cfg in the NAND flash memory. <Sysname>...

  • Page 697: Display Nandflash Page-Data

    Physical block ------------------------------ badblock(0) 1234 badblock(1) 1235 badblock(2) 1236 3200 block(s) total, 3 block(s) bad. Table 1-3 display nandflash badblock-location command output description Field Description Serial number of the bad blocks Serial number of the physical pages on which there are bad Physical block blocks 3200 block(s) total, 3 block(s)

  • Page 698: Execute

    20, Alpha 1011.. 0020: 23 0D 0A 20 73 79 73 6E 61 6D 65 20 48 33 43 0D #.. sysname H3C. 0030: 0A 23 0D 0A 20 70 61 73 73 77 6F 72 64 2D 63 6F .#..

  • Page 699: Fixdisk

    Default Level 3: Manage level Parameters alert: Enables the system to warn you about operations that may bring undesirable results such as file corruption or data loss. quiet: Disables the system from warning you about any operation. Description Use the file prompt command to set a prompt mode for file operations. By default, the prompt mode is alert.

  • Page 700: Format

    format Syntax format device View User view Default Level 3: Manage level Parameters device: Name of a storage medium Description Use the format command to format a storage medium. Formatting a storage medium results in loss of all the files on the storage medium and these files cannot be restored.
  • Page 701 So far, this command is valid only for text files. Examples # Display the contents of file test.txt. <Sysname> more test.txt Welcome to H3C. # Display the contents of file testcfg.cfg. <Sysname> more testcfg.cfg version 5.20, Beta 1201, Standard 1-10...

  • Page 702: Move

    sysname Sysname vlan 2 return <Sysname> move Syntax move fileurl-source fileurl-dest View User view Default Level 3: Manage level Parameters fileurl-source: Name of the source file. fileurl-dest: Name of the target file or folder. Description Use the move command to move a file. If you specify a target folder, the system will move the source file to the specified folder, with the file name unchanged.

  • Page 703: Rename

    View User view Default Level 3: Manage level Parameters None Description Use the pwd command to display the current path. Examples # Display the current path. <Sysname> pwd flash: rename Syntax rename fileurl-source fileurl-dest View User view Default Level 3: Manage level Parameters fileurl-source: Name of the source file or folder.

  • Page 704: Reset Recycle-Bin

    reset recycle-bin Syntax reset recycle-bin [ /force ] View User view Default Level 3: Manage level Parameters /force: Deletes all files in the recycle bin, including files that cannot be deleted by the command without the /force keyword. Description Use the reset recycle-bin command to permanently delete the files in the recycle bin in the current directory.
  • Page 705 //The above information indicates that the current directory is flash:, and there are two files a.cfg and b.cfg in the recycle bin. Delete file b.cfg under the current directory and in the recycle bin. <Sysname> reset recycle-bin Clear flash:/~/a.cfg ?[Y/N]:n Clear flash:/~/b.cfg ?[Y/N]:y Clearing files from flash may take a long time.

  • Page 706: Rmdir

    rmdir Syntax rmdir directory View User view Default Level 3: Manage level Parameters directory: Name of the folder. Description Use the rmdir command to remove a folder. The folder must be an empty one. If not, you need to delete all files and subfolders under it with the delete command.
  • Page 707 Examples # Restore file a.cfg in directory flash: from the recycle bin. <Sysname> undelete a.cfg Undelete flash:/a.cfg?[Y/N]:y ..%Undeleted file flash:/a.cfg. # Restore file b.cfg in directory flash:/test from the recycle bin. <Sysname> undelete flash:/test/b.cfg Undelete flash:/test/b.cfg?[Y/N]:y ..%Undeleted file flash:/test/b.cfg. Or, you can use the following steps to restore file flash:/test/b.cfg.

  • Page 708: Configuration File Management Commands

    Configuration File Management Commands Configuration File Management Commands archive configuration Syntax archive configuration View User view Default Level 3: Manage level Parameters None Description Use the archive configuration command to save the current running configuration manually. After the execution of this command, the system saves the current running configuration with the specified filename (filename prefix + serial number) to the specified path.

  • Page 709: Archive Configuration Location

    Default Level 3: Manage level Parameters minutes: Specifies the interval for automatically saving the current running configuration, in minutes. The value ranges from 10 to 525,600 (365 days). Description Use the archive configuration interval command to enable the automatic saving of the current running configuration and set the interval.

  • Page 710: Archive Configuration Max

    Parameters directory: The path of the folder for saving the saved configuration file, a case insensitive string of 1 to 63 characters, in the format of storage medium name:/[folder name]/subfolder name. The folder must be created before the configuration. filename-prefix: The filename prefix of a saved configuration file, a case insensitive string of 1 to 30 characters (can include letters, numbers, _, and - only).

  • Page 711: Backup Startup-Configuration

    Parameters file-number: The maximum number of configuration files that can be saved, in the range 1 to 10. The value of the file-number argument is determined by the memory space. You are recommended to set a comparatively small value for this argument if the available memory space is small. Description Use the archive configuration max command to set the maximum number of configuration files that can be saved.

  • Page 712: Configuration Replace File

    Description Use the backup startup-configuration command to back up the startup configuration file (used at the next system startup) to a specified TFTP server. If you do not specify this filename, the original filename is used. This command only backs up the main startup configuration file. Presently, the device uses TFTP to back up configuration files.
  • Page 713 display archive configuration Syntax display archive configuration View Any view Default Level 1: Monitor level Parameters None Description Use the display archive configuration command to display the information about configuration rollback. Examples # Display the information about configuration rollback. <Sysname> display archive configuration Location: flash:/archive Filename prefix: my_archive Archive interval in minutes: 120...
  • Page 714 View Any view Default Level 2: System level Parameters by-linenum: Identifies each line of displayed information with a line number. Description Use the display saved-configuration command to display the contents of the configuration file saved for the next startup of the device. During device management and maintenance, you can use this command to check whether important configurations are saved to the configuration file to be used for the next startup of the device.
  • Page 715 interface NULL0 ---- More ---- The configurations are displayed in the order of global, port, and user interface. “ ---- More ----” means that all information on this screen has been displayed, and if you press the Space key, the next screen will be displayed.

  • Page 716: Reset Saved-Configuration

    Parameters None Description Use the display startup command to display the configuration files used at the current system startup. Related commands: startup saved-configuration. Examples # Display the configuration file used at the current system startup and the one to be used at the next system startup.

  • Page 717: Restore Startup-Configuration

    not delete the configuration file but only set the corresponding startup configuration file (main or backup, according to which one you specified in the command) to NULL. For a device that supports the main and backup keywords, the execution of the reset saved-configuration command and that of the reset saved-configuration main command have the same effect, that is, they will delete the main startup configuration file.

  • Page 718: Save

    save Syntax save file-url save [ safely ] [ backup | main ] View Any view Default Level 2: System level Parameters file-url: File path, where the extension of the file name must be .cfg. safely: Sets the configuration saving mode to safe. If this argument is not specified, the configuration file is saved in fast mode.

  • Page 719: Startup Saved-Configuration

    <Sysname> display startup Current startup saved-configuration file: flash:/hmr.cfg Next main startup saved-configuration file: flash:/aa.cfg Next backup startup saved-configuration file: NULL // The above information indicates that the main startup configuration file for the next system startup is aa.cfg. <Sysname> save The current configuration will be written to the device.
  • Page 720 The startup saved-configuration and startup saved-configuration main commands have the same effect: Both of them are used to specify the main startup configuration file. The main and backup startup configuration files can be specified as the same file. However, it is recommended you use different files, or, save the same configuration as two files using different file names, one specified as the main startup configuration file, and the other specified as the backup.
  • Page 721 Table of Contents 1 System Maintaining and Debugging Commands···················································································1-1 System Maintaining Commands ·············································································································1-1 ping ··················································································································································1-1 tracert···············································································································································1-4 System Debugging Commands ··············································································································1-6 debugging········································································································································1-6 display debugging····························································································································1-7...

  • Page 722: System Maintaining And Debugging Commands

    System Maintaining and Debugging Commands System Maintaining Commands ping Syntax ping [ ip ] [ -a source-ip | -c count | -f | -h ttl | -i interface-type interface-number | -m interval | -n | -p pad | -q | -r | -s packet-size | -t timeout | -tos tos | -v ] * host View Any view Default Level...
  • Page 723 extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets will be padded with 0x0000002f repeatedly to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, like 0x010203…feff01….
  • Page 724 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/41/205 ms The above information indicates the following: The destination was reachable. All ICMP echo requests sent by the source got responses. The minimum time, average time, and maximum time for the packet’s roundtrip time are 1 ms, 41 ms, and 205 ms respectively.

  • Page 725: Tracert

    Reply from 1.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms Record Route: 1.1.2.1 1.1.2.2 1.1.1.2 1.1.1.1 --- 1.1.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/11/53 ms The above information indicates the following: The destination was reachable. The route is 1.1.1.1 <->...
  • Page 726 View Any view Default Level 0: Visit level Parameters -a source-ip: Specifies the source IP address of a tracert packet. It must be a legal IP address configured on the device. If this parameter is not provided, the source IP address of an ICMP echo request is the primary IP address of the outbound interface of the tracert packet.

  • Page 727: System Debugging Commands

    Field Description Maximum number of hops of the probe packets, which can be hops max set through the -m keyword bytes packet Number of bytes of a probe packet During the execution of the command, you can press Ctrl+C to press CTRL_C to break abort the tracert operation.

  • Page 728: Display Debugging

    Output of the debugging information may degrade system efficiency, so you are recommended to enable the debugging of the corresponding module for diagnosing network failure, and not to enable the debugging of multiple modules at the same time. Default Level describes the default level of the debugging all command. Different debugging commands may have different default levels.
  • Page 729 Table of Contents 1 Basic Configuration Commands··············································································································1-1 Basic Configuration Commands ·············································································································1-1 clock datetime··································································································································1-1 clock summer-time one-off ··············································································································1-2 clock summer-time repeating ··········································································································1-3 clock timezone·································································································································1-4 command-privilege ··························································································································1-5 copyright-info enable ·······················································································································1-6 display clipboard······························································································································1-7 display clock ····································································································································1-8 display current-configuration ···········································································································1-9 display default-configuration··········································································································1-10 display diagnostic-information ·······································································································1-10 display hotkey································································································································1-12 display this·····································································································································1-13 display version·······························································································································1-14...

  • Page 730: Clock Datetime

    Basic Configuration Commands Basic Configuration Commands clock datetime Syntax clock datetime time date View User view Default Level 3: Manage level Parameters time: Configured time, in the format of HH:MM:SS, where HH is hours in the range 00 to 23, MM is minutes in the range 00 to 59, and SS is seconds in the range 00 to 59.

  • Page 731: Clock Summer-Time One-Off

    clock summer-time one-off Syntax clock summer-time zone-name one-off start-time start-date end-time end-date add-time undo clock summer-time View System view Default Level 3: Manage level Parameters zone-name: Name of the daylight saving time, a string of 1 to 32 characters. It is case sensitive. start-time: Start time, in the format of HH:MM:SS (hours/minutes/seconds).

  • Page 732: Clock Summer-Time Repeating

    <Sysname> system-view [Sysname] clock summer-time abc1 one-off 6 08/01/2006 6 09/01/2006 1 clock summer-time repeating Syntax clock summer-time zone-name repeating start-time start-date end-time end-date add-time undo clock summer-time View System view Default Level 3: Manage level Parameters zone-name: Name of the daylight saving time, a string of 1 to 32 characters. start-time: Start time, in the format of HH:MM:SS (hours/minutes/seconds).

  • Page 733: Clock Timezone

    For example, when start-date and start-time are set to 2007/6/6 and 00:00:00, end-date and end-time to 2007/10/01 and 00:00:00, and add-time to 01:00:00, it specifies to adopt daylight saving time from 00:00:00 of June 6 until 00:00:00 of October 1 each year from 2007 (2007 inclusive). The daylight saving time adds one hour to the current device time.
  • Page 734 After the configuration takes effect, use the display clock command to view the result. The information such as log file and debug adopts the local time modified by time-zone and daylight saving time. Related commands: clock datetime, clock summer-time one-off, clock summer-time repeating, display clock.

  • Page 735: Copyright-Info Enable

    When you configure the command-privilege command, the value of the command argument must be a complete form of the specified command, that is, you must enter all needed keywords and arguments of the command. The argument should be in the value range. For example, the default level of the tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ] command is 3;...

  • Page 736: Display Clipboard

    If a user logs in to the device through Telnet, the following information is displayed: **************************************************************************** * Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 737: Display Clock

    Parameters None Description Use the display clipboard command to view the contents of the clipboard. To copy the specified content to the clipboard: Move the cursor to the starting position of the content and press the <Esc+Shift+,> combination (“,” is an English comma).

  • Page 738: Display Current-Configuration

    display current-configuration Syntax display current-configuration [ [ configuration [ configuration ] | interface [ interface-type ] [ interface-number ] ] [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ] View Any view Default Level 2: System level Parameters configuration [ configuration ]: Specifies to display non-interface configuration.

  • Page 739: Display Default-Configuration

    <Sysname> display current-configuration | begin user-interface user-interface aux 0 user-interface vty 0 15 authentication-mode none user privilege level 3 return # Display the current valid SNMP configuration on the device (the output information depends on the device model and the current configuration). <Sysname>...
  • Page 740 View Any view Default Level 1: Monitor level Parameters None Description Use the display diagnostic-information command to display or save the statistics of the running status of multiple modules in the system. During daily maintenance or when the system is out of order, you need to display the running information of each functional module to locate the problem.

  • Page 741: Display Hotkey

    display hotkey Syntax display hotkey View Any view Default Level 1: Monitor level Parameters None Description Use the display hotkey command to display hotkey information. Examples # Display hotkey information. <Sysname> display hotkey ----------------- HOTKEY ----------------- =Defined hotkeys= Hotkeys Command CTRL_G display current-configuration CTRL_L...

  • Page 742: Display This

    CTRL_W Delete the word left of the cursor. CTRL_X Delete all characters up to the cursor. CTRL_Y Delete all characters after the cursor. CTRL_Z Return to the User View. CTRL_] Kill incoming connection or redirect connection. ESC_B Move the cursor one word back. ESC_D Delete remainder of word.
  • Page 743 Examples # Display system version information (The system version information varies with devices.). <Sysname> display version H3C Comware Platform Software Comware Software, Version 5.20, Release 1101P09 Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. 1-14...

  • Page 744: Header

    H3C S5120-52P-SI uptime is 0 week, 0 day, 0 hour, 50 minutes H3C S5120-52P-SI 128M bytes DRAM 128M bytes Nand Flash Memory Config Register points to Nand Flash Hardware Version is REV.B CPLD Version is 001 Bootrom Version is 119 [SubSlot 0] 48GE+4SFP Hardware Version is REV.B...
  • Page 745 # Test the configuration remotely using Telnet. (only when login authentication is configured can the login banner be displayed). ****************************************************************************** * Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 746: Hotkey

    hotkey Syntax hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } View System view Default Level 2: System level Parameters CTRL_G: Assigns the hot key Ctrl+G to a command. CTRL_L: Assigns the hot key Ctrl+L to a command.

  • Page 747: Super

    =Undefined hotkeys= Hotkeys Command CTRL_U NULL =System hotkeys= Hotkeys Function CTRL_A Move the cursor to the beginning of the current line. CTRL_B Move the cursor one character left. CTRL_C Stop current command function. CTRL_D Erase current character. CTRL_E Move the cursor to the end of the current line. CTRL_F Move the cursor one character right.

  • Page 748: Super Password

    Description Use the super command to switch from the current user privilege level to a specified user privilege level. If you do not provide the level argument, the current user privilege level will be switched to 3. Login users are classified into four levels that correspond to the four command levels. After users at different levels log in, they can only use commands at their own, or lower, levels.

  • Page 749: Sysname

    password: Password, a string of characters. It is case-sensitive. For simple password, it is a string of 1 to 16 characters. For cipher password, it is a string of 1 to 16 characters in plain text or 24 characters in cipher text. example, simple text...
  • Page 750 Use the sysname command to set the name of the device. Use the undo sysname demand to restore the device name to the default. The default name is H3C. Modifying device name affects the prompt of the CLI. For example, if the device name is Sysname, the prompt of user view is <Sysname>.
  • Page 751 Table of Contents 1 Information Center Configuration Commands ·······················································································1-1 Information Center Configuration Commands ························································································1-1 display channel································································································································1-1 display info-center ···························································································································1-2 display logbuffer ······························································································································1-4 display logbuffer summary ··············································································································1-6 display logfile buffer·························································································································1-7 display logfile summary ···················································································································1-8 display trapbuffer ·····························································································································1-9 enable log updown ························································································································1-10 info-center channel name··············································································································1-11 info-center console channel ··········································································································1-11 info-center enable··························································································································1-12...

  • Page 752: Display Channel

    Information Center Configuration Commands Information Center Configuration Commands display channel Syntax display channel [ channel-number | channel-name ] View Any view Default Level 1: Monitor level Parameters channel-number: Displays information of the channel with a specified number, where channel-number represents the channel number, in the range 0 to 9. channel-name: Displays information of the channel with a specified name, where channel-name represents the channel name, which could be a default name or a self-defined name.
  • Page 753 Examples # Display information for channel 0. <Sysname> display channel 0 channel number:0, channel name:console MODU_ID NAME ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL ffff0000 default warnings debugging debugging The above information indicates to output log information with the severity from 0 to 4, trap information with the severity from 0 to 7 and debugging information with the severity from 0 to 7 to the console.
  • Page 754 Parameters None Description Use the display info-center command to display the information of each output destination. Examples # Display configurations on each output destination. <Sysname> display info-center Information Center:enabled Log host: 1.1.1.1, port number : 514, host facility : local2, channel number : 8, channel name : channel8 Console: channel number : 0, channel name : console...

  • Page 755: Display Logbuffer

    Field Description Configurations on the console destination, Console: including the channel number and channel name channel number : 0, channel name : console used Configurations on the monitor terminal Monitor: destination, including the channel number and channel number : 1, channel name : monitor channel name used SNMP Agent: Configurations on the SNMP module destination,...
  • Page 756 Parameters reverse: Displays log entries chronologically, with the most recent entry at the top. If this keyword is not specified, the log entries will be displayed chronologically, with the oldest entry at the top. level severity: Displays information of the log with specified level, where severity represents information level, in the range 0 to 7.

  • Page 757: Display Logbuffer Summary

    Current messages : 512 %Jun 17 15:57:09:578 2006 Sysname IC/7/SYS_RESTART: System restarted -- The rest is omitted here. # Display the state of the log buffer and the log information recorded. <Sysname> display logbuffer Logging buffer configuration and contents:enabled Allowed max buffer size : 1024 Actual buffer size : 512 Channel number : 4 , Channel name : logbuffer Dropped messages : 0...

  • Page 758: Display Logfile Buffer

    Default Level 1: Monitor level Parameters level severity: Displays the summary of the log buffer, where severity represents information level, in the range 0 to 7. Description Use the display logbuffer summary command to display the summary of the log buffer. Examples # Display the summary of the log buffer.

  • Page 759: Display Logfile Summary

    include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters. Description Use the display logfile buffer command to display contents of the log file buffer. Note that all contents in the log file buffer will be cleared after they are successfully saved into the log file automatically or manually.

  • Page 760: Display Trapbuffer

    Log file size quota : 5 MB Log file directory : flash:/logfile Writing frequency : 24 hour 0 min 10 sec Table 1-7 display logfile summary command output description Field Description The current state of a log file, which could be enabled or Log file is disabled.

  • Page 761: Enable Log Updown

    #Aug 7 14:47:35:636 2008 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983041 Down, ifAdminStatus ifOperStatus is 2 #Aug 7 14:47:47:724 2008 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.4<linkUp>: Interface 983041 is Up, ifAdminStatus is 1, ifOperStatus is 1 Table 1-8 display trapbuffer command output description Field Description Indicates the current state of the trap buffer and its...

  • Page 762: Info-Center Channel Name

    By default, all the ports are allowed to generate port link up/down logging information when the port state changes. Examples # Disable port Vlan-interface1 from generating link up/down logging information. <Sysname> system-view [Sysname] interface vlan-interface1 [Sysname- Vlan-interface1] undo enable log updown info-center channel name Syntax info-center channel channel-number name channel-name...

  • Page 763: Info-Center Enable

    Default Level 2: System level Parameters channel-number: Specifies a channel number, in the range 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. The user needs to specify a channel name first before using it as a self-defined channel name. For more information, refer to the info-center channel name command.

  • Page 764: Info-Center Logbuffer

    By default, the information center is enabled. Examples # Enable the information center. <Sysname> system-view [Sysname] info-center enable Info: Information center is enabled. info-center logbuffer Syntax info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ] * undo info-center logbuffer [ channel | size ] View System view...

  • Page 765: Info-Center Logfile Enable

    info-center logfile enable Syntax info-center logfile enable undo info-center logfile enable View System view Default Level 2: System level Parameters None Description Use the info-center logfile enable command to enable the output of system information to the log file. Use the undo info-center logfile enable command to disable the output of system information to the log file.

  • Page 766: Info-Center Logfile Size-Quota

    Use the undo info-center logfile frequency command to restore the default frequency. By default, the frequency with which the system saves the log file is 86,400. Examples # Configure the frequency with which the system saves the log file as 60,000 seconds. <Sysname>...

  • Page 767: Info-Center Loghost

    Parameters dir-name: The name of the directory where a log file is saved, which is a string of 1 to 64 characters. Description Use the info-center logfile switch-directory command to configure the directory where a log file is saved. Ensure that the directory is created first before saving a log file into it. By default, the directory to save a log file is the log file directory under the logfile directory of the Flash.

  • Page 768: Info-Center Loghost Source

    Use the undo info-center loghost command to restore the default configurations on a log host. By default, output of system information to the log host is disabled. When it is enabled, the default channel name will be loghost and the default channel number will be 2. Note that: The info-center loghost command takes effect only after the information center is enabled with the info-center enable command.

  • Page 769: Info-Center Monitor Channel

    The IP address of the specified source interface must be configured; otherwise, although the info-center loghost source command can be configured successfully, the log host will not receive any log information. Examples When the source IP address for log information is not specified, the status of interface GigabitEthernet 1/0/1 is up, and the log information in the following format is displayed on the log host: <187>Jul 22 05:58:06 2008 Sysname %%10IFNET/3/LINK UPDOWN(l): GigabitEthernet1/0/1 link status is UP.

  • Page 770: Info-Center Snmp Channel

    By default, output of system information to the monitor is enabled with a default channel name of monitor and a default channel number of 1. Note that the info-center monitor channel command takes effect only after the information center is enabled with the info-center enable command.

  • Page 771: Info-Center Source

    info-center source Syntax info-center source { module-name | default } channel { channel-number | channel-name } [ debug { level severity | state state } * | log { level severity | state state } * | trap { level severity | state state } * ] * undo info-center source { module-name | default } channel { channel-number | channel-name } View...
  • Page 772 If you do not use the module-name argument to set output rules for a module, the module uses the default output rules or the output rules set by the default keyword; otherwise the module uses the output rules separately set for it. If you use the default keyword to set the output rules for all the modules without specifying the debug, log, and trap keywords, the default output rules for the modules are used.

  • Page 773: Info-Center Synchronous

    Examples # Set the output channel for the log information of VLAN module to snmpagent and to output information with severity being emergency. Log information of other modules cannot be output to this channel; other types of information of this module may or may not be output to this channel. <Sysname>...

  • Page 774: Info-Center Syslog Channel

    If system information, such as log information, is output before you input any information under a current command line prompt, the system will not display the command line prompt after the system information output. If system information is output when you are inputting some interactive information (non Y/N confirmation information), then after the system information output, the system will not display the command line prompt but your previous input in a new line.

  • Page 775: Info-Center Timestamp

    undo info-center syslog channel View System view Default Level 2: System level Parameters channel-number: Specifies a channel number, in the range 0 to 9. channel-name: Specifies a channel name, which could be a default name or a self-defined name. You need to specify a channel name first before using it as a self-defined channel name.

  • Page 776: Info-Center Timestamp Loghost

    Mmm: The abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec. dd: The date, starting with a space if less than 10, for example “ 7”. hh:mm:ss:sss: The local time, with hh ranging from 00 to 23, mm and ss ranging from 00 to 59, and sss ranging from 0 to 999.

  • Page 777: Info-Center Trapbuffer

    Default Level 2: System level Parameters date: Indicates the current system date and time, in the format of "Mmm dd hh:mm:ss:ms yyyy". However, the display format depends on the log host. no-year-date: Indicates the current system date and time (year exclusive). none: Indicates that no time stamp information is provided.

  • Page 778: Logfile Save

    By default, information output to the trap buffer is enabled with channel 3 (trapbuffer) as the default channel and a maximum buffer size of 256. Note that the info-center trapbuffer command takes effect only after the information center is enabled with the info-center enable command.

  • Page 779: Reset Trapbuffer

    Default Level 3: Manage level Parameters None Description Use the reset logbuffer command to reset the log buffer contents. Examples # Reset the log buffer contents. <Sysname> reset logbuffer reset trapbuffer Syntax reset trapbuffer View User view Default Level 3: Manage level Parameters None Description...

  • Page 780: Terminal Logging

    Parameters None Description Use the terminal debugging command to enable the display of debugging information on the current terminal. Use the undo terminal debugging command to disable the display of debugging information on the current terminal. By default, the display of debugging information on the current terminal is disabled. Note that: The debugging information is displayed (using the terminal debugging command) only after the monitoring of system information is enabled on the current terminal first (using the terminal...

  • Page 781: Terminal Monitor

    The log information is displayed (using the terminal logging command) only after the monitoring of system information is enabled on the current terminal first (using the terminal monitor command). The configuration of this command is valid for only the current connection between the terminal and the device.

  • Page 782: Terminal Trapping

    Info: Current terminal monitor is on. terminal trapping Syntax terminal trapping undo terminal trapping View User view Default Level 1: Monitor level Parameters None Description Use the terminal trapping command to enable the display of trap information on the current terminal. Use the undo terminal trapping command to disable the display of trap information on the current terminal.
  • Page 783 Table of Contents 1 MAC Address Table Configuration Commands ·····················································································1-1 MAC Address Table Configuration Commands······················································································1-1 display mac-address························································································································1-1 display mac-address aging-time······································································································1-2 display mac-address statistics·········································································································1-3 mac-address (Interface view) ··········································································································1-4 mac-address (system view)·············································································································1-5 mac-address max-mac-count (Interface view) ················································································1-6 mac-address timer···························································································································1-7...
  • Page 784 MAC Address Table Configuration Commands Currently, interfaces involved in MAC address table configuration can only be Layer 2 Ethernet ports and Layer 2 aggregate interfaces. MAC Address Table Configuration Commands display mac-address Syntax display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] View Any view...

  • Page 785: Display Mac-Address Aging-Time

    Description Use the display mac-address command to display information about the MAC address table. Note that: If you execute this command without specifying any parameters, this command displays information of all MAC address entries on the device, including unicast MAC address entries and static multicast MAC address entries.

  • Page 786: Display Mac-Address Statistics

    Default Level 1: Monitor level Parameters None Description Use the display mac-address aging-time command to display the aging time of dynamic entries in the MAC address table. Related commands: mac-address (system view), mac-address (Ethernet interface view), mac-address timer, display mac-address. Examples # Display the aging time of dynamic entries in the MAC address table.

  • Page 787: Mac-Address (Interface View)

    Table 1-2 display mac-address statistics command output description Field Description MAC address type: Dynamic Unicast Static Unicast MAC TYPE Total Unicast Dynamic Multicast Static Multicast Total Multicast LEARNED Dynamically learned MAC addresses USER-DEFINED User defined MAC addresses (dynamic and static) SYSTEM-DEFINED MAC addresses generated by the system (for example, 802.1x) IN-USE...

  • Page 788: Mac-Address (System View)

    Related commands: display mac-address. Examples # Add a static entry for MAC address 000f-e201-0101 on port GigabitEthernet1/0/1 that belongs to VLAN 2. <Sysname> system-view [Sysname] interface GigabitEthernet1/0/1 [Sysname- GigabitEthernet1/0/1] mac-address static 000f-e201-0101 vlan 2 # Add a static entry for MAC address 000f-e201-0102 on port Bridge-Aggregation 1 that belongs to VLAN 1.

  • Page 789: Mac-Address Max-Mac-Count (Interface View)

    interface interface-type interface-number: Outbound interface, with interface-type interface-number representing the interface type and number. Description Use the mac-address command to add or modify a MAC address entry. Use the undo mac-address command to remove one or all MAC address entries. Note that: A static or blackhole MAC address entry will not be overwritten by a dynamic MAC address entry, but a dynamic MAC address entry can be overwritten by a static or blackhole MAC address entry.

  • Page 790: Mac-Address Timer

    Description Use the mac-address max-mac-count count command to configure the maximum number of MAC addresses that can be learned on a port. Use the mac-address max-mac-count disable-forwarding command to configure not to forward frames with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit.
  • Page 791 Description Use the mac-address timer command to configure the aging timer for dynamic MAC address entries. Use the undo mac-address timer command to restore the default. The default of this command is 300 seconds. Set the aging timer appropriately: a long aging interval may cause the MAC address table to retain outdated entries and fail to accommodate the latest network changes;...
  • Page 792 Table of Contents 1 Cluster Management Configuration Commands····················································································1-1 NDP Configuration Commands···············································································································1-1 display ndp ······································································································································1-1 ndp enable·······································································································································1-4 ndp timer aging································································································································1-5 ndp timer hello ·································································································································1-5 reset ndp statistics···························································································································1-6 NTDP Configuration Commands ············································································································1-7 display ntdp ·····································································································································1-7 display ntdp device-list ····················································································································1-8 display ntdp single-device ···············································································································1-9 ntdp enable····································································································································1-11 ntdp explore···································································································································1-12 ntdp hop·········································································································································1-12...
  • Page 793 ip-pool ············································································································································1-40 logging-host ···································································································································1-40 management-vlan··························································································································1-41 management-vlan synchronization enable····················································································1-42 nm-interface vlan-interface ············································································································1-43 reboot member ······························································································································1-43 snmp-host······································································································································1-44 tftp-server ······································································································································1-45 timer···············································································································································1-45 topology accept ·····························································································································1-46 topology restore-from ····················································································································1-47 topology save-to ····························································································································1-48...
  • Page 794 Cluster Management Configuration Commands NDP Configuration Commands display ndp Syntax display ndp [ interface interface-list ] View Any view Default Level 1: Monitor level Parameters interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &...
  • Page 795 Neighbor 1: Aging Time: 122(s) MAC Address : 00e0-fc00-2579 Host Name : Sysname Port Name : GigabitEthernet1/0/4 Software Ver: ESS 11011101 Device Name : S5120 Port Duplex : AUTO Product Ver : ESS 1101 BootROM Ver : 105BootROM Ver : 107 Interface: GigabitEthernet1/0/5 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/6...
  • Page 796 Interface: GigabitEthernet1/0/15 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/16 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/17 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/18 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/19 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0...

  • Page 797: Ndp Enable

    ndp enable Syntax In Ethernet interface view or Layer 2 aggregate interface view: ndp enable undo ndp enable In system view: ndp enable [ interface interface-list ] undo ndp enable [ interface interface-list ] View System view, Ethernet interface view, Layer 2 aggregate interface view Default Level 2: System level Parameters...

  • Page 798: Ndp Timer Aging

    [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ndp enable ndp timer aging Syntax ndp timer aging aging-time undo ndp timer aging View System view Default Level 2: System level Parameters aging-time: Time for a device to keep the NDP packets it receives, in the range 5 to 255 seconds. Description Use the ndp timer aging command to specify the time that a device should keep the NDP packets it received from the adjacent device.

  • Page 799: Reset Ndp Statistics

    Parameters hello-time: Interval to send NDP packets, in the range 5 to 254 seconds. Description Use the ndp timer hello command to set the interval to send NDP packets. Use the undo ndp timer hello command to restore the default. By default, the interval to send NDP packets is 60 seconds.

  • Page 800: Ntdp Configuration Commands

    NTDP Configuration Commands display ntdp Syntax display ntdp View Any view Default Level 1: Monitor level Parameters None Description Use the display ntdp command to display NTDP configuration information. Examples # Display NTDP configuration information. <Sysname> display ntdp NTDP is running. Hops Timer : 1 min...
  • Page 801 display ntdp device-list Syntax display ntdp device-list [ verbose ] View Any view Default Level 1: Monitor level Parameters verbose: Displays the detailed device information collected through NTDP. Description Use the display ntdp device-list command to display the device information collected through NTDP. Note that the information displayed may not be that of the latest device if you do not execute the ntdp explore command before using this command.

  • Page 802: Display Ntdp Single-Device

    : H3C S5120 : 192.168.1.5/24 Version H3C Comware Platform Software Comware Software, Version 5.20, Alpha 1101 Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved. H3C S5120 Cluster Administrator switch of cluster aaa Peer MAC Peer Port ID...
  • Page 803 : S5120 : 16.168.1.2/24 Version H3C Comware Platform Software Comware Software, Version 5.20, Alpha 1101 Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved. H3C S5120 Cluster Member switch of cluster aaa , Administrator MAC: 00e0-fc00-5175 Peer MAC...

  • Page 804: Ntdp Enable

    Field Description Role of the device in the cluster: Member switch of cluster aaa: The device is a member device of the cluster aaa. Administrator switch of cluster aaa: The device is the management device of the cluster aaa. Cluster Candidate switch: The device is a candidate device of cluster aaa.

  • Page 805: Ntdp Explore

    quit the aggregation group. For description of aggregation configurations, refer to Link Aggregation Configuration. Examples # Enable NTDP globally. <Sysname> system-view [Sysname] ntdp enable # Enable NTDP for port GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ntdp enable ntdp explore Syntax ntdp explore...

  • Page 806: Ntdp Timer

    Parameters hop-value: Maximum hop for collecting topology information, in the range 1 to 16. Description Use the ntdp hop command to set maximum hop for collecting topology information. Use the undo ntdp hop command to restore the default. By default, the value is 3. Note that this command is only applicable to the topology-collecting device.

  • Page 807: Ntdp Timer Hop-Delay

    ntdp timer hop-delay Syntax ntdp timer hop-delay delay-time undo ntdp timer hop-delay View System view Default Level 2: System level Parameters delay-time: Delay time (in milliseconds) for a device receiving topology-collection requests to forward them through its first port. This argument ranges from 1 to 1,000. Description Use the ntdp timer hop-delay command to set the delay time for the device to forward topology-collection requests through the first port.

  • Page 808: Cluster Configuration Commands

    Use the undo ntdp timer port-delay command to restore the default delay time, or 20 ms. Examples # Set the delay time for the device to forward topology-collection requests through the successive ports to 40 ms. <Sysname> system-view [Sysname] ntdp timer port-delay 40 Cluster Configuration Commands add-member Syntax...

  • Page 809: Administrator-Address

    administrator-address Syntax administrator-address mac-address name cluster-name undo administrator-address View Cluster view Default Level 2: System level Parameters mac-address: MAC address of the management device (in hexadecimal form of H-H-H). cluster-name: Name of an existing cluster, a string of 1 to 8 characters, which can only be letters, numbers, subtraction sign (-), and underline (_).
  • Page 810 Parameters recover: Automatically reestablishes communication with all the member devices. Description Use the auto-build command to establish a cluster automatically. Note that: This command can be executed on a candidate device or the management device. If you execute this command on a candidate device, you will be required to enter the cluster name to build a cluster.

  • Page 811: Black-List Add-Mac

    black-list add-mac Syntax black-list add-mac mac-address View Cluster view Default Level 2: System level Parameters mac-address: MAC address of the device to be added into the blacklist, in the form of H-H-H. Description Use the black-list add-mac command to add a device to the blacklist. Note that this command can be executed on the management device only.

  • Page 812: Build

    Examples # Delete a device with the MAC address of 0EC0-FC00-0001 from the blacklist on the management device. <aaa_0.Sysname> system-view [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] black-list delete-mac 0ec0-fc00-0001 # Delete all devices in the blacklist on the management device. [aaa_0.Sysname-cluster] black-list delete-mac all build Syntax build cluster-name...

  • Page 813: Cluster

    Restore topology from local flash file,for there is no base topology. (Please confirm in 30 seconds, default No). (Y/N) Begin get base topology file from local flash..Get file error, can not finish base topology recover #Sep 18 19:56:03:804 2006 Sysname IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.4: Interface 3276899 is Up, ifAdminStatus is 1, ifOperSt atus is 1 #Sep 18 19:56:03:804 2006 Sysname CLST/4/Cluster_Trap:...
  • Page 814 View System view Default Level 2: System level Parameters None Description Use the cluster enable command to enable the cluster function. Use the undo cluster enable command to disable the cluster function. By default, the cluster function is enabled. Note that: When you execute the undo cluster enable command on a management device, you remove the cluster and its members, and the device stops operating as a management device.

  • Page 815: Cluster-Local-User

    Description Use the cluster switch-to command to switch between the management device and member devices. Examples # Switch from the operation interface of the management device to that of the member device numbered 6 and then switch back to the operation interface of the management device. <aaa_0.Sysname>...

  • Page 816: Cluster-Mac

    cluster-mac Syntax cluster-mac mac-address undo cluster-mac View Cluster view Default Level 2: System level Parameters mac-address: Multicast MAC address (in hexadecimal in the format of H-H-H), which can be 0180-C200-0000, 0180-C200-000A, 0180-C200-0020 through 0180-C200-002F, or 010F-E200-0002. Description Use the cluster-mac command to configure the destination MAC address for cluster management protocol packets.

  • Page 817: Cluster-Snmp-Agent Community

    Parameters interval: Interval (in minutes) to send MAC address negotiation broadcast packets, which ranges from 0 to 30. If the interval is set to 0, the management device does not send broadcast packets to the member devices. Description Use the cluster-mac syn-interval command to set the interval for a management device to send MAC address negotiation broadcast packets for cluster management.

  • Page 818: Cluster-Snmp-Agent Group V3

    The command used to configure the SNMP community with read-only or read-and-write authority can only be executed once on the management device. This configuration will be synchronized to the member devices in the whitelist, which is equal to configuring multiple member devices at one time.

  • Page 819: Cluster-Snmp-Agent Mib-View

    Note that: The command can be executed once on the management device only. This configuration will be synchronized to the member devices in the whitelist, which is equal to configuring multiple member devices at one time. SNMPv3 group name will be retained if a cluster is dismissed or a member device is deleted from the whitelist.

  • Page 820: Cluster-Snmp-Agent Usm-User V3

    The MIB view will be retained if a cluster is dismissed or a member device is deleted from the whitelist. If the same view name as the current one has been configured on a member device, the current view will replace the original one on the member device. Examples # Create a view including all objects of mib2.

  • Page 821: Delete-Member

    The command can be executed once on the management device only. This configuration will be synchronized to member devices on the whitelist, which is equal to configuring multiple member devices at one time. SNMPv3 group user will be retained if a cluster is dismissed or a member device is deleted from the whitelist.

  • Page 822: Display Cluster

    display cluster Syntax display cluster View Any view Default Level 1: Monitor level Parameters None Description Use the display cluster command to display the information of the cluster to which the current device belongs. Note that this command can be executed on the management device and member devices only. Examples # Display the information of the cluster to which the current device belongs on the management device.

  • Page 823: Display Cluster Base-Topology

    Administrator device mac address:00e0-fc00-1d00 Administrator status:Up Table 1-5 display cluster command output description Field Description Cluster name Name of the cluster Role of the switch in the cluster" Administrator: The current device is a management Role device. Member: The current device is a member device. Member number Member number of the switch in the cluster Management-vlan...
  • Page 824 Examples # Display the standard topology of a cluster. <aaa_0.Sysname> display cluster base-topology -------------------------------------------------------------------- (PeerPort) ConnectFlag (NativePort) [SysName:DeviceMac] -------------------------------------------------------------------- [aaa_0.Sysname:00e0-fc00-1400] ├-(P_4/1)<-->(P_1/7)[Sysname:00e0-fc00-3333] ├-(P_1/7)<-->(P_4/1)[aaa_3.Sysname:00e0-fc00-0000] ├-(P_4/1)<-->(P_4/1)[aaa_0.Sysname:00e0-fc00-1400] ├-(P_4/1)<-->(P_1/9)[Sysname:00e0-fc00-5500] └-(P_4/1)<-->(P_1/11)[Sysname:00e0-fc00-7000] ├-(P_1/7)<-->(P_1/9)[Sysname:00e0-fc00-5500] ├-(P_1/9)<-->(P_4/1)[aaa_0.H3C:00e0-fc00-1400] └-(P_1/9)<-->(P_1/11)[Sysname:00e0-fc00-7000] └-(P_1/7)<-->(P_1/11)[Sysname:00e0-fc00-7000] ├-(P_1/3)<-->(P_1/2)[aaa_2.Sysname:00e0-fd00-5500] ├-(P_1/10)<-->(P_4/1)[Sysname:00e0-fc05-4300] ├-(P_1/11)<-->(P_4/1)[aaa_0.Sysname:00e0-fc00-1400] └-(P_1/8)<-->(P_1/12)[aaa_1.Sysname:00e0-fc00-7016] ├-(P_4/1)<-->(P_4/1)[aaa_3.Sysname:00e0-fc00-0000] ├-(P_4/1)<-->(P_1/9)[Sysname:00e0-fc00-5500] └-(P_4/1)<-->(P_1/11)[Sysname:00e0-fc00-7000] ├-(P_4/1)<-->(P_1/9)[Sysname:00e0-fc00-5500] └-(P_1/9)<-->(P_1/11)[Sysname:00e0-fc00-7000] └-(P_4/1)<-->(P_1/11)[Sysname:00e0-fc00-7000] ├-(P_1/3)<-->(P_1/2)[aaa_2.Sysname:00e0-fd00-5500]...

  • Page 825: Display Cluster Black-List

    ├-(P_1/10)<-->(P_4/1)[Sysname:00e0-fc05-4300] └-(P_1/8)<-->(P_1/12)[aaa_1.Sysname:00e0-fc00-7016] Table 1-6 display cluster base-topology command output description Field Description PeerPort Peer port ConnectFlag Connection flag: <--> NativePort Local port SysName System name of the peer device DeviceMac MAC address of the peer device display cluster black-list Syntax display cluster black-list View Any view...

  • Page 826: Display Cluster Candidates

    display cluster candidates Syntax display cluster candidates [ mac-address mac-address | verbose ] View Any view Default Level 1: Monitor level Parameters mac-address mac-address: Specifies the MAC address of a candidate device, in the format of H-H-H. verbose: Displays the detailed information about a candidate device. Description Use the display cluster candidates command to display the information about the candidate devices of a cluster.

  • Page 827: Display Cluster Current-Topology

    Device : S5120 : 31.31.31.56/24 Table 1-8 display cluster candidates command output description Field Description Hostname System name of a candidate device MAC address of a candidate device Hops from a candidate device to the management device IP address of a candidate device Device Product model of a candidate device display cluster current-topology...
  • Page 828 ---> odd connect **** in blacklist ???? lost device ++++ new device -||- STP discarding -------------------------------------------------------------------- [aaa_0.Sysname:00e0-fc00-7016] └-(P_1/12)++++(P_1/8)[Sysname:00e0-fc00-7000] |-(P_1/11)++++(P_1/9)[Sysname:00e0-fc00-5500] |-(P_1/9)++++(P_4/1)[aaa_2.Sysname:00e0-fc00-0000] └-(P_1/9)++++(P_1/7)[Sysname:00e0-fc00-3333] |-(P_1/11)++++(P_4/1)[bbb_2.H3C:00e0-fc00-0000] └-(P_4/1)++++(P_1/7)[Sysname:00e0-fc00-3333] └-(P_1/11)++++(P_1/7)[Sysname:00e0-fc00-3333] Table 1-9 display cluster current-topology command output description Field Description PeerPort Peer port ConnectFlag Connection flag NativePort...
  • Page 829 A new device in the topology information is identified based on the standard topology. After you add a device into a cluster, if you do not use the topology accept command to confirm the current topology and save it as the standard topology, this device is still regarded as a new device. display cluster members Syntax display cluster members [ member-number | verbose ]...
  • Page 830 MAC Address:00e0-fc00-1400 Member status:Admin Hops to administrator device:0 Version: H3C Comware Platform Software Comware Software, Version 5.20, Alpha 1101 Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved. H3C S5120 Member number:1 Name:aaa_1.Sysname Device:H3C S5120 MAC Address:00e0-fc00-7016 Member status:Up Hops to administrator device:2 IP: 192.168.100.245/24...

  • Page 831: Ftp-Server

    Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved. H3C S5120 Table 1-11 display cluster members verbose command output description Field Description Member number Device member number Name of a member device, composed of the cluster name and the system name of the member device, in the format of cluster name.systemname...

  • Page 832: Holdtime

    Description Use the ftp-server command to configure a public FTP server (by setting its IP address, username, and password) on the management device for the member devices in the cluster. Use the undo ftp-server command to remove the FTP server configured for the member devices in the cluster.

  • Page 833: Ip-Pool

    [Sysname-cluster] ip-pool 10.1.1.1 24 [Sysname-cluster] build aaa [aaa_0.Sysname-cluster] holdtime 30 ip-pool Syntax ip-pool ip-address { mask | mask-length } undo ip-pool View Cluster view Default Level 2: System level Parameters ip-address: Private IP address of the management device in a cluster. { mask | mask-length }: Mask of the IP address pool of a cluster.

  • Page 834: Management-Vlan

    View Cluster view Default Level 2: System level Parameters ip-address: IP address of the logging host. Description Use the logging-host command to configure a logging host shared by a cluster. Use the undo logging-host command to remove the logging host configuration. By default, no logging host is configured for a cluster.

  • Page 835: Management-Vlan Synchronization Enable

    Use the undo management-vlan command to restore the default. By default, VLAN 1 is the management VLAN. Note that: The management VLAN must be specified before a cluster is created. Once a member device is added to a cluster, the management VLAN configuration cannot be modified. To modify the management VLAN for a device belonging to a cluster, you need to cancel the cluster-related configurations on the device, specify the desired VLAN to be the management VLAN, and then re-create the cluster.

  • Page 836: Nm-Interface Vlan-Interface

    [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] management-vlan synchronization enable nm-interface vlan-interface Syntax nm-interface vlan-interface interface-name View Cluster view Default Level 2: System level Parameters interface-name: ID of the VLAN interface. The value range is the same as that of the existing VLAN interface ID. Description Use the nm-interface vlan-interface command to configure the VLAN interface of the access management device (including FTP/TFTP server, management host and log host) as the network...

  • Page 837: Snmp-Host

    Description Use the reboot member command to reboot a specified member device. Note that this command can be executed only on the management device. Examples # Reboot the member device numbered 2 on the management device. <Sysname> system-view [Sysname] cluster [Sysname-cluster] ip-pool 10.1.1.1 24 [Sysname-cluster] build aaa [aaa_0.Sysname-cluster] reboot member 2...

  • Page 838: Tftp-Server

    tftp-server Syntax tftp-server ip-address undo tftp-server View Cluster view Default Level 2: System level Parameters ip-address: IP address of a TFTP server. Description Use the tftp-server command to configure a shared TFTP server for a cluster. Use the undo tftp-server command to cancel the TFTP server of the cluster. By default, no TFTP server is configured.

  • Page 839: Topology Accept

    Description Use the timer command to set the interval to send handshake packets. Use the undo timer command to restore the default. By default, the interval to send handshake packets is 10 seconds. Note that: This command can be executed on the management device only. This configuration is valid for all member devices in a cluster.

  • Page 840: Topology Restore-From

    The file used to save standard topology on the FTP server or the local flash is named “topology.top”, which includes both the information of blacklist and whitelist. A blacklist contains the devices that are prohibited to be added to a cluster. A whitelist contains devices that can be added to a cluster. Examples # Take the current topology as the standard topology on the management device.
  • Page 841 topology save-to Syntax topology save-to { ftp-server | local-flash } View Cluster view Default Level 2: System level Parameters ftp-server: Saves the standard topology information to the FTP server. local-flash: Saves the standard topology information to the local flash. Description Use the topology save-to command to save the standard topology information to the FTP server or the local flash.
  • Page 842 Table of Contents 1 HTTP Configuration Commands ··············································································································1-1 HTTP Configuration Commands·············································································································1-1 display ip http···································································································································1-1 ip http acl ·········································································································································1-2 ip http enable ···································································································································1-2 ip http port········································································································································1-3 2 HTTPS Configuration Commands············································································································2-1 HTTPS Configuration Commands ··········································································································2-1 display ip https·································································································································2-1 ip https acl ·······································································································································2-2 ip https certificate access-control-policy··························································································2-2 ip https enable ·································································································································2-3 ip https port······································································································································2-4...
  • Page 843 HTTP Configuration Commands HTTP Configuration Commands display ip http Syntax display ip http View Any view Default Level 1: Monitor level Parameters None Description Use the display ip http command to display information about HTTP. Examples # Display information about HTTP.. <Sysname>...

  • Page 844: Ip Http Acl

    ip http acl Syntax ip http acl acl-number undo ip http acl View System view Default Level 2: System level Parameters acl-number: ACL number, in the range 2000 to 2999 (basic IPv4 ACL). Description Use the ip http acl command to associate the HTTP service with an ACL. Use the undo ip http acl command to remove the association.

  • Page 845: Ip Http Port

    Parameters None Description Use the ip http enable command to enable the HTTP service. Use the undo ip http enable command to disable the HTTP service. The device can act as the HTTP server and the users can access and control the device through the Web function only after the HTTP service is enabled.

  • Page 846: Https Configuration Commands

    HTTPS Configuration Commands HTTPS Configuration Commands display ip https Syntax display ip https View Any view Default Level 1: Monitor level Parameters None Description Use the display ip https command to display information about HTTPS. Examples # Display information about HTTPS. <Sysname>...

  • Page 847: Ip Https Acl

    Field Description Operation status, which takes the following values: Operation status Running: The HTTPS service is enabled. Stopped: The HTTPS service is disabled. ip https acl Syntax ip https acl acl-number undo ip https acl View System view Default Level 3: Manage level Parameters acl-number: ACL number, in the range 2000 to 2999 (basic IPv4 ACL).

  • Page 848: Ip Https Enable

    View System view Default Level 3: Manage level Parameters policy-name: Name of the certificate attribute access control policy, a string of 1 to 16 characters. Description Use the ip https certificate access-control-policy command to associate the HTTPS service with a certificate attribute access control policy.

  • Page 849: Ip Https Port

    Note that enabling of the HTTPS service triggers an SSL handshake negotiation process. During the process, if a local certificate of the device already exists, the SSL negotiation is successfully performed, and the HTTPS service can be started normally. If no local certificate exists, a certificate application process will be triggered by the SSL negotiation.

  • Page 850: Ip Https Ssl-Server-Policy

    ip https ssl-server-policy Syntax ip https ssl-server-policy policy-name undo ip https ssl-server-policy View System view Default Level 3: Manage level Parameters policy-name: Name of an SSL server policy, a string of 1 to 16 characters. Description Use the ip https ssl-server-policy command to associate the HTTPS service with an SSL server-end policy.
  • Page 851 Table of Contents 1 Stack Management Configuration Commands·······················································································1-1 Stack Management Configuration Commands ·······················································································1-1 display stack ····································································································································1-1 stack ip-pool ····································································································································1-3 stack role master ·····························································································································1-3 stack stack-port ·······························································································································1-4 stack switch-to ·································································································································1-5...

  • Page 852: Stack Management Configuration Commands

    Stack Management Configuration Commands Stack Management Configuration Commands display stack Syntax display stack [ members ] View Any view Default Level 1: Monitor level Parameters members: Displays stack information of the stack members, including the master device and the slave devices.
  • Page 853 Table 1-1 display stack command output description Field Description Role of the device in the stack. Master indicates that the device is the master device of Role the stack. Slave indicates that the device is a slave device of the stack.

  • Page 854: Stack Ip-Pool

    stack ip-pool Syntax stack ip-pool ip-address { mask | mask-length } undo stack ip-pool View System view Default Level 2: System level Parameters ip-address: Start IP address of the stack IP address pool. mask: IP address mask, in dotted decimal notation. The system ANDs the mask with the specified IP address to get a network segment address, which will be the private IP address pool providing IP addresses for the slave devices.

  • Page 855: Stack Stack-Port

    Parameters None Description Use the stack role master command to create a stack. Use the undo stack role master command to remove a stack. After you execute the stack role master command on a stack-supporting device, the device becomes the master device of a stack and automatically adds the devices connected with its stack ports to the stack.
  • Page 856 <Sysname> system-view [Sysname] stack stack-port 1 gigabitethernet 1/0/1 stack switch-to Syntax stack switch-to member-id View User view Default Level 2: System level Parameters member-id: ID of the slave device which you want to switch to. The value ranges from 1 to 8. Description Use the stack switch-to command to switch from the master device to a slave device to perform configurations.
  • Page 857 Table of Contents 1 PoE Configuration Commands ················································································································1-1 PoE Configuration Commands ···············································································································1-1 apply poe-profile ······························································································································1-1 apply poe-profile interface ···············································································································1-2 display poe device ···························································································································1-2 display poe interface························································································································1-3 display poe interface power·············································································································1-6 display poe pse································································································································1-8 display poe-profile ···························································································································1-9 display poe-profile interface ··········································································································1-10 poe disconnect ······························································································································1-11 poe enable·····································································································································1-12 poe legacy enable ·························································································································1-13...
  • Page 858 PoE Configuration Commands PoE Configuration Commands apply poe-profile Syntax apply poe-profile { index index | name profile-name } undo apply poe-profile { index index | name profile-name } View PoE interface view Default Level 2: System level Parameters index index: Index number of the PoE configuration file, in the range 1 to 100. name profile-name: Name of the PoE configuration file, a string of 1 to 15 characters.

  • Page 859: Apply Poe-Profile Interface

    apply poe-profile interface Syntax apply poe-profile { index index | name profile-name } interface interface-range undo apply poe-profile { index index | name profile-name } interface interface-range View System view Default Level 2: System level Parameters index index: Index number of the PoE configuration file, in the range 1 to 100. name profile-name: Name of the PoE configuration file, a string of 1 to 15 characters.

  • Page 860: Display Poe Interface

    Default Level 1: Monitor level Parameters None Description Use the display poe device command to display information about power sourcing equipments (PSEs). Examples # Display the PSE information. <Sysname> display poe device PSE ID SlotNo SubSNo PortNum MaxPower(W) State Model LSW124POED Table 1-1 display poe device command output description Field...
  • Page 861 Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display poe interface command to display the power information of the specified interface. If no interface is specified, the power information of all PoE interfaces is displayed. Examples # Display the power state of GigabitEthernet 1/0/1.
  • Page 862 Field Description Port operating status varies with devices. PD power class: 0, 1, 2, 3, 4, and - Port IEEE class - indicates not supported. Power detection state of a PoE interface: disabled: The PoE function is disabled. searching: The PoE interface is searching for the PD.

  • Page 863: Display Poe Interface Power

    Field Description PoE state: enabled/disabled Status enabled: PoE is enabled. disabled: PoE is disabled. Power priority of a PoE interface: critical (highest) Priority high CurPower Current power of a PoE interface Operating state of a PoE interface off: PoE is disabled. on: Power is supplied for a PoE interface normally.
  • Page 864 Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display poe interface power command to display the power information of a PoE interface(s). If no interface is specified, the power information of all PoE interfaces will be displayed. Examples # Display the power information of GigabitEthernet 1/0/1.
  • Page 865 display poe pse Syntax display poe pse View Any view Default Level 1: Monitor level Parameters None Description Use the display poe pse command to display the information of PSE(s). Examples # Display the information of the PSE. <Sysname> display poe pse PSE ID PSE Slot No PSE SubSlot No...

  • Page 866: Display Poe-Profile

    Field Description PSE Peak Power Peak power of the PSE PSE Max Power Maximum power of the PSE Guaranteed remaining power of the PSE = Guaranteed maximum power of the PSE– the PSE Remaining Guaranteed sum of the maximum power of the critical PoE interfaces of the PSE PSE CPLD Version PSE CPLD version...
  • Page 867 GE1/0/9 GE1/0/10 forAP GE1/0/11 poe enable GE1/0/12 poe max-power 14000 --- 2 poe-profile(s) created, 8 port(s) applied --- # Display the information of the PoE configuration file with index number being 1. <Sysname> display poe-profile index 1 Poe-profile Index ApplyNum Interface Configuration forIPphone GE1/0/5...

  • Page 868: Poe Disconnect

    View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display poe-profile interface command to display all information of the configurations and applications of the PoE configuration file that currently takes effect on the specified PoE interface. Examples # Display all information of the configurations and applications of the current PoE configuration file applied to GigabitEthernet1/0/1.

  • Page 869: Poe Enable

    Examples # Set the PD disconnection detection mode to dc. <Sysname> system-view [Sysname] poe disconnect dc poe enable Syntax poe enable undo poe enable View PoE interface view, PoE-profile file view Default Level 2: System level Parameters None Description Use the poe enable command to enable PoE on a PoE interface. Use the undo poe enable command to disable PoE on a PoE interface.

  • Page 870: Poe Legacy Enable

    [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] apply poe-profile name abc poe legacy enable Syntax poe legacy enable undo poe legacy enable View System view Default Level 2: System level Parameters pse pse-id: Specifies a PSE ID. Description Use the poe legacy enable command to enable the PSE to detect nonstandard PDs. Use the undo poe legacy enable command to disable the PSE from detecting nonstandard PDs.

  • Page 871: Poe Mode

    By default, the maximum power of the PoE interface is 30000 milliwatts. Examples # Set the maximum power of GigabitEthernet 1/0/1 to 12000 milliwatts. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] poe max-power 12000 poe mode Syntax poe mode signal undo poe mode View PoE interface view, PoE-profile file view...

  • Page 872: Poe Priority

    Parameters text: Description of the PD connected to a PoE interface, a string of 1 to 80 characters. Description Use the poe pd-description command to configure a description for the PD connected to a PoE interface. Use the undo poe pd-description command to restore the default. By default, no description is available for the PD connected to a PoE interface.

  • Page 873: Poe Update

    If a PoE configuration file is applied to a PoE interface, you need to remove the application of the file to the PoE interface before configuring the interface in PoE interface view. If two PoE interfaces have the same priority level, the PoE interface with a smaller ID has the higher priority level.

  • Page 874: Poe Utilization-Threshold

    The full mode is used only in the case that anomalies occur when you use the refresh mode to upgrade the PSE processing software. Do not use the full mode in other circumstances. You can use the full mode to upgrade the PSE processing software to restore the PSE firmware when the PSE processing software is unavailable (it means that none of the PoE commands are executed successfully).

  • Page 875: Poe-Profile

    poe-profile Syntax poe-profile profile-name [ index ] undo poe-profile { index index | name profile-name } View System view Default Level 2: System level Parameters profile-name: Name of a PoE configuration file, a string of 1 to 15 characters. A PoE configuration file name begins with a letter (a through z or A through Z) and must not contain reserved keywords such as undo, all, name, interface, user, poe, disable, max-power, mode, priority and enable.
  • Page 876 Table of Contents 1 IP Source Guard Configuration Commands ···························································································1-1 IP Source Guard Configuration Commands ···························································································1-1 display ip check source ···················································································································1-1 display user-bind ·····························································································································1-2 ip check source································································································································1-3 user-bind··········································································································································1-4...
  • Page 877 IP Source Guard Configuration Commands IP Source Guard Configuration Commands display ip check source Syntax display ip check source [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ] View Any view Default Level 1: Monitor level Parameters interface interface-type interface-number: Displays the dynamic bindings of the interface specified by its type and number.
  • Page 878 Field Description MAC address of the dynamic binding. N/A means that no MAC address is bound in the entry. IP address of the dynamic binding. N/A means that no IP address is bound in the entry. VLAN to which the obtained binding entry belongs. N/A means that no Vlan VLAN is bound in the entry.
  • Page 879 Table 1-2 display user-bind command output description Field Description Total entries found Total number of found entries MAC address of the binding. N/A means that no MAC address is bound in the entry. IP address of the binding. N/A means that no IP address is bound in the entry.
  • Page 880 user-bind Syntax user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ] undo user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ] View Layer-2 Ethernet interface view Default Level 2: System level Parameters...
  • Page 881 Appendix A Command Index The command index includes all the commands in the Command Manual, which are arranged alphabetically. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z aaa nas-id profile 21-AAA Commands access-limit...
  • Page 882 arp anti-attack active-ack enable 13-ARP Commands arp anti-attack send-gratuitous-arp 13-ARP Commands 2-11 arp anti-attack source-mac 13-ARP Commands arp anti-attack source-mac aging-time 13-ARP Commands arp anti-attack source-mac exclude-mac 13-ARP Commands arp anti-attack source-mac threshold 13-ARP Commands arp check enable 13-ARP Commands arp detection enable 13-ARP Commands arp detection mode...
  • Page 883 binary 15-FTP and TFTP Commands bind-attribute 21-AAA Commands 1-14 black-list add-mac 37-Cluster Management Commands 1-18 black-list delete-mac 37-Cluster Management Commands 1-18 boot-loader 28-Device Management Commands bootrom 28-Device Management Commands bootrom-update security-check enable 28-Device Management Commands broadcast-suppression 03-Ethernet Port Commands build 37-Cluster Management Commands 1-19 15-FTP and TFTP Commands...
  • Page 884 close 15-FTP and TFTP Commands close-mode wait 23-SSL Commands cluster 37-Cluster Management Commands 1-20 cluster enable 37-Cluster Management Commands 1-20 cluster switch-to 37-Cluster Management Commands 1-21 cluster-local-user 37-Cluster Management Commands 1-22 cluster-mac 37-Cluster Management Commands 1-23 cluster-mac syn-interval 37-Cluster Management Commands 1-23 cluster-snmp-agent community 37-Cluster Management Commands...
  • Page 885 delete static-routes all 17-Static Routing Commands delete-member 37-Cluster Management Commands 1-28 description 03-Ethernet Port Commands description 04-Loopback Interface and Null Interface Commands description 05-Ethernet Link Aggregation Commands description 09-VLAN Commands description 27-ACL Commands dhcp relay address-check 14-DHCP Commands dhcp relay information circuit-id format-type 14-DHCP Commands dhcp relay information circuit-id string 14-DHCP Commands...
  • Page 886 dhcp-snooping information remote-id string 14-DHCP Commands dhcp-snooping information strategy 14-DHCP Commands dhcp-snooping trust 14-DHCP Commands 15-FTP and TFTP Commands 1-12 24-SSH2.0 Commands 1-17 32-File System Management Commands disconnect 15-FTP and TFTP Commands 1-13 display acl 27-ACL Commands display acl resource 27-ACL Commands display archive configuration 32-File System Management Commands...
  • Page 887 display current-configuration 34-Basic System Configuration Commands display debugging 33-System Maintaining and Debugging Commands display default-configuration 34-Basic System Configuration Commands 1-10 display device 28-Device Management Commands display device manuinfo 28-Device Management Commands display dhcp client 14-DHCP Commands display dhcp relay 14-DHCP Commands 1-13 display dhcp relay information 14-DHCP Commands...
  • Page 888 display hotkey 34-Basic System Configuration Commands 1-12 display icmp statistics 12-IP Performance Optimization Commands display igmp-snooping group 18-Mulitcast Commands display igmp-snooping statistics 18-Mulitcast Commands display info-center 35-Information Center Commands display interface 03-Ethernet Port Commands display interface loopback 04-Loopback Interface and Null Interface Commands display interface null 04-Loopback Interface and Null Interface...
  • Page 889 display local-user 21-AAA Commands 1-19 display logbuffer 35-Information Center Commands display logbuffer summary 35-Information Center Commands display logfile buffer 35-Information Center Commands display logfile summary 35-Information Center Commands display loopback-detection 03-Ethernet Port Commands display mac-address 36-MAC Address Table Commands display mac-address aging-time 36-MAC Address Table Commands display mac-address statistics 36-MAC Address Table Commands...
  • Page 890 display poe-profile 40-PoE Commands display poe-profile interface 40-PoE Commands 1-10 display port 09-VLAN Commands display port-group manual 03-Ethernet Port Commands 1-10 display port-isolate group 06-Port Isolation Commands display power 28-Device Management Commands 1-11 display public-key local public 25-Public Key Commands display public-key peer 25-Public Key Commands display qos lr interface...
  • Page 891 display snmp-agent statistics 30-SNMP Commands display snmp-agent sys-info 30-SNMP Commands display snmp-agent trap queue 30-SNMP Commands display snmp-agent trap-list 30-SNMP Commands display snmp-agent usm-user 30-SNMP Commands display ssh client source 24-SSH2.0 Commands display ssh server 24-SSH2.0 Commands display ssh server-info 24-SSH2.0 Commands display ssh user-information 24-SSH2.0 Commands...
  • Page 892 display traffic classifier 19-QoS Commands display transceiver 28-Device Management Commands 1-18 display transceiver alarm 28-Device Management Commands 1-14 display transceiver diagnosis 28-Device Management Commands 1-17 display transceiver manuinfo 28-Device Management Commands 1-19 display trapbuffer 35-Information Center Commands display udp statistics 12-IP Performance Optimization Commands 1-13 display user-bind...
  • Page 893 dot1x retry 20-802.1X Commands 1-15 dot1x timer 20-802.1X Commands 1-16 duplex 03-Ethernet Port Commands 1-12 enable log updown 35-Information Center Commands 1-10 enable snmp trap updown 05-Ethernet Link Aggregation Commands enable snmp trap updown 30-SNMP Commands 1-10 escape-key 02-Login Commands execute 32-File System Management Commands exit...
  • Page 894 ftp-server 37-Cluster Management Commands 1-38 15-FTP and TFTP Commands 1-16 24-SSH2.0 Commands 1-19 gratuitous-arp-learning enable 13-ARP Commands gratuitous-arp-sending enable 13-ARP Commands group 21-AAA Commands 1-23 group-member 03-Ethernet Port Commands 1-14 group-policy (IGMP-Snooping view) 18-Mulitcast Commands habp enable 26-HABP Commands habp server vlan 26-HABP Commands habp timer 26-HABP Commands...
  • Page 895 igmp-snooping general-query source-ip 18-Mulitcast Commands 1-10 igmp-snooping group-limit 18-Mulitcast Commands 1-11 igmp-snooping group-policy 18-Mulitcast Commands 1-12 igmp-snooping host-aging-time 18-Mulitcast Commands 1-13 igmp-snooping host-join 18-Mulitcast Commands 1-14 igmp-snooping last-member-query-interval 18-Mulitcast Commands 1-15 igmp-snooping leave source-ip 18-Mulitcast Commands 1-15 igmp-snooping max-response-time 18-Mulitcast Commands 1-16 igmp-snooping overflow-replace 18-Mulitcast Commands...
  • Page 896 info-center source 35-Information Center Commands 1-20 info-center synchronous 35-Information Center Commands 1-22 info-center syslog channel 35-Information Center Commands 1-23 info-center timestamp 35-Information Center Commands 1-24 info-center timestamp loghost 35-Information Center Commands 1-25 info-center trapbuffer 35-Information Center Commands 1-26 instance 10-MSTP Commands 1-14 interface 03-Ethernet Port Commands...
  • Page 897 ip route-static 17-Static Routing Commands ip route-static default-preference 17-Static Routing Commands ip ttl-expires enable 12-IP Performance Optimization Commands 1-15 ip unreachables enable 12-IP Performance Optimization Commands 1-16 ip-pool 37-Cluster Management Commands 1-40 jumboframe enable 03-Ethernet Port Commands 1-15 key (RADIUS scheme view) 21-AAA Commands 2-10 lacp port-priority...
  • Page 898 lldp timer tx-delay 08-LLDP Commands 1-22 lldp timer tx-interval 08-LLDP Commands 1-22 lldp tlv-enable 08-LLDP Commands 1-23 locality 22-PKI Commands 1-16 local-user 21-AAA Commands 1-25 local-user password-display-mode 21-AAA Commands 1-26 lock 02-Login Commands 1-13 logfile save 35-Information Center Commands 1-27 logging-host 37-Cluster Management Commands 1-40...
  • Page 899 mkdir 24-SSH2.0 Commands 1-21 mkdir 32-File System Management Commands monitor-port 07-Port Mirroring Commands more 32-File System Management Commands 1-10 move 32-File System Management Commands 1-11 multicast-suppression 03-Ethernet Port Commands 1-21 multicast-vlan 18-Mulitcast Commands name 09-VLAN Commands nas-id bind vlan 21-AAA Commands 1-26 nas-ip (RADIUS scheme view) 21-AAA Commands...
  • Page 900 ntp-service source-interface 29-NTP Commands 1-15 ntp-service unicast-peer 29-NTP Commands 1-16 ntp-service unicast-server 29-NTP Commands 1-17 open 15-FTP and TFTP Commands 1-19 organization 22-PKI Commands 1-16 organization-unit 22-PKI Commands 1-17 overflow-replace (IGMP-Snooping view) 18-Mulitcast Commands 1-27 packet-filter 27-ACL Commands parity 02-Login Commands 1-14 passive 15-FTP and TFTP Commands...
  • Page 901 poe max-power 40-PoE Commands 1-13 poe mode 40-PoE Commands 1-14 poe pd-description 40-PoE Commands 1-14 poe priority 40-PoE Commands 1-15 poe update 40-PoE Commands 1-16 poe utilization-threshold 40-PoE Commands 1-17 poe-profile 40-PoE Commands 1-18 port 09-VLAN Commands 1-10 port (multicast VLAN view) 18-Mulitcast Commands port access vlan 09-VLAN Commands...
  • Page 902 public-key peer import sshkey 25-Public Key Commands 1-10 public-key-code begin 25-Public Key Commands public-key-code end 25-Public Key Commands 15-FTP and TFTP Commands 1-21 24-SSH2.0 Commands 1-22 15-FTP and TFTP Commands 1-21 24-SSH2.0 Commands 1-22 32-File System Management Commands 1-11 qos apply policy 19-QoS Commands 1-12 qos lr...
  • Page 903 rename 24-SSH2.0 Commands 1-24 rename 32-File System Management Commands 1-12 report-aggregation (IGMP-Snooping view) 18-Mulitcast Commands 1-27 reset acl counter 27-ACL Commands reset arp 13-ARP Commands reset arp detection statistics 13-ARP Commands 2-11 reset counters interface 03-Ethernet Port Commands 1-24 reset counters interface 04-Loopback Interface and Null Interface Commands reset counters interface...
  • Page 904 retry realtime-accounting 21-AAA Commands 2-19 retry stop-accounting (RADIUS scheme view) 21-AAA Commands 2-20 return 01-CLI Command revision-level 10-MSTP Commands 1-16 rmdir 15-FTP and TFTP Commands 1-25 rmdir 24-SSH2.0 Commands 1-24 rmdir 32-File System Management Commands 1-15 rmon alarm 31-RMON Commands 1-11 rmon event 31-RMON Commands...
  • Page 905 server-type 21-AAA Commands 2-22 service-type 21-AAA Commands 1-29 session 23-SSL Commands set authentication password 02-Login Commands 1-17 sftp 24-SSH2.0 Commands 1-25 sftp client source 24-SSH2.0 Commands 1-26 sftp server enable 24-SSH2.0 Commands 1-13 sftp server idle-timeout 24-SSH2.0 Commands 1-14 shell 02-Login Commands 1-18 shutdown...
  • Page 906 speed 02-Login Commands 1-19 speed 03-Ethernet Port Commands 1-25 speed auto 03-Ethernet Port Commands 1-26 ssh client authentication server 24-SSH2.0 Commands 1-10 ssh client first-time enable 24-SSH2.0 Commands 1-11 ssh client source 24-SSH2.0 Commands 1-11 ssh server authentication-retries 24-SSH2.0 Commands ssh server authentication-timeout 24-SSH2.0 Commands ssh server compatible-ssh1x enable...
  • Page 907 stp bpdu-protection 10-MSTP Commands 1-17 stp bridge-diameter 10-MSTP Commands 1-18 stp compliance 10-MSTP Commands 1-18 stp config-digest-snooping 10-MSTP Commands 1-19 stp cost 10-MSTP Commands 1-20 stp edged-port 10-MSTP Commands 1-21 stp enable 10-MSTP Commands 1-22 stp ignored vlan 10-MSTP Commands 1-23 stp loop-protection 10-MSTP Commands...
  • Page 908 sysname 02-Login Commands 1-21 sysname 34-Basic System Configuration Commands 1-20 system-failure 28-Device Management Commands 1-26 system-view 01-CLI Command tcp anti-naptha enable 12-IP Performance Optimization Commands 1-18 tcp state 12-IP Performance Optimization Commands 1-18 tcp syn-cookie enable 12-IP Performance Optimization Commands 1-19 tcp timer check-state 12-IP Performance Optimization Commands...
  • Page 909 topology restore-from 37-Cluster Management Commands 1-47 topology save-to 37-Cluster Management Commands 1-48 tracert 33-System Maintaining and Debugging Commands traffic behavior 19-QoS Commands traffic classifier 19-QoS Commands undelete 32-File System Management Commands 1-15 unicast-suppression 03-Ethernet Port Commands 1-31 user 15-FTP and TFTP Commands 1-25 user privilege level 02-Login Commands...
  • Page 910 A-30...

Table of Contents