H3C S9500 Series Command Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S9500 Series
  6. Command manual
H3C S9500 Series Command Manual

H3C S9500 Series Command Manual

Routing switches
Hide thumbs Also See for S9500 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C S9500 Series Routing Switches
Command Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-08194S-20081225-C-1.24
Product Version: S9500-CMW310-R1648

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S9500 Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S9500 Series

Summary of Contents for H3C S9500 Series

  • Page 1 H3C S9500 Series Routing Switches Command Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08194S-20081225-C-1.24 Product Version: S9500-CMW310-R1648...
  • Page 2 Copyright © 2007-2008, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 About This Manual Organization H3C S9500 Series Routing Switches Command Manual is organized as follows: Part Contents 00 Feature List and includes Feature List and Command Index. Command Index includes Ethernet Port Commands, Port Configuration Commands, Link Aggregation Configuration Commands, Port Isolation Configuration...
  • Page 4 Part Contents includes Command Line Interface Commands, Login and User Interface Commands, FTP and TFTP Commands, Commands, Commands, NetStream Commands, NTP Commands, RMON Commands, SNMP Commands, Packet Statistics Accounting Commands, Device Management 08 System Volume Commands, Configuration File Management Commands, File System Management Commands, Cluster Management Commands, System Maintenance Debugging Commands,...
  • Page 5 Means reader be careful. Improper operation may cause Caution data loss or damage to equipment. Note Means a complementary description. Related Documentation In addition to this manual, each H3C S9500 Series Routing Switches documentation set includes the following: Manual Description introduces installation...
  • Page 6 [Technical Support & Document > Product Support > Software]: Provides the documentation released with the software version. Documentation Feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 7 Command Manual H3C S9500 Series Routing Switches IP Services Volume Organization Manual Version T2-08194S-20081225-C-1.24 Product Version S9500-CMW310-R1648 Organization The IP Services Volume is organized as follows: Features (command Description manual) Introduces the commands for ARP configuration. IP Address Introduces the commands for IP address configuration.
  • Page 8 Command Manual – ARP H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 ARP Configuration Commands .................. 1-1 1.1 ARP Configuration Commands..................1-1 1.1.1 arp check......................... 1-1 1.1.2 arp non-flooding ...................... 1-1 1.1.3 arp proxy enable...................... 1-2 1.1.4 arp local-proxy enable.....................
  • Page 9 Command Manual – ARP H3C S9500 Series Routing Switches Table of Contents 3.3.5 display anti-attack arp ..................... 3-7 Chapter 4 IP Packet Attack Prevention Configuration Commands.......... 4-1 4.1 IP Packet Attack Prevention Configuration Commands ............ 4-1 4.1.1 anti-attack ip ......................4-1...
  • Page 10 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands Chapter 1 ARP Configuration Commands 1.1 ARP Configuration Commands 1.1.1 arp check Syntax arp check enable undo arp check enable View System view Parameters None Description Use the arp check enable command to enable the ARP entry checking function, that is, to disable the switch from creating multicast MAC address ARP entries.
  • Page 11 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands Parameters None Description Use the arp non-flooding enable command to configure the port not to broadcast received ARP packets in the VLAN to which it belongs.
  • Page 12 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands II. In VLAN interface view: By default, proxy ARP is disabled. After receiving an ARP request, the device directly sends back an ARP response if the...
  • Page 13 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands Use the undo arp local-proxy enable command to disable local proxy ARP. After enabled with local proxy ARP, when receiving an ARP request, the device sends back an ARP response directly if the sender and target IP addresses of the ARP request are on the same network segment as the receiving interface.
  • Page 14 Examples # Configure an ARP entry with the MAC address 000f-e201-0000 and IP address 202.38.10.2. This static ARP entry is on Ethernet 2/1/1 in VLAN 1. [H3C] arp static 202.38.0.10 000f-e201-0000 1 ethernet2/1/1 1.1.6 arp static multi-port Syntax arp static ip-address mac-address vlan-id multi-port interface-type interface-number...
  • Page 15 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands Parameters ip-address: IP address of the ARP entry. mac-address: MAC address of the ARP entry, in the format of H-H-H. For a multi-outgoing-port ARP entry, this is a multicast MAC address.
  • Page 16 0150-0098-0098. Add the outgoing ports Ethernet 6/1/1, Ethernet 6/1/2 and Ethernet 11/1/3 to the ARP entry. [H3C] arp static 10.10.10.98 0150-0098-0098 20 multi-port Ethernet 6/1/1 [H3C] arp static 10.10.10.98 0150-0098-0098 20 multi-port Ethernet 6/1/2 [H3C] arp static 10.10.10.98 0150-0098-0098 20 multi-port Ethernet 11/1/3 1.1.7 arp timer aging...
  • Page 17 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands 1.1.8 debugging arp Syntax debugging arp { error | info | packet } undo debugging arp { error | info | packet } View User view Parameters error: Enables ARP error debugging.
  • Page 18 Examples # Enable the debugging for ARP packets whose source IP address is 8.8.8.1, destination address is 8.8.8.26 and source MAC address is 000a-ebf2-51a8. <H3C> debugging arp packet dip 8.8.8.26 sip 8.8.8.1 smac 000a-ebf2-51a8 dmac 0-0-0 # Disable the debugging.
  • Page 19 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands 1.1.10 display arp Syntax display arp [ ip-address | [ dynamic | static | vlan vlan-id | interface interface-type interface-number ] [ | { begin | include | exclude } text ] ]...
  • Page 20 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands Note: The character “.” in a regular expression is a wildcard. So, as for “2.2.2.231”, “2.2.1” matches its sub-string “2.231” and thus the ARP entry with an IP address of 2.2.2.231 is displayed as a matched entry.
  • Page 21 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands Mac Address :0150-0098-0098 VLAN ARP Port-List : Ethernet6/1/2 Ethernet6/1/3 Ethernet6/1/4 *Ethernet6/1/5 Ethernet6/1/6 Ethernet6/1/7 Ethernet6/1/8 Ethernet6/1/9 Ethernet6/1/1 VPN-Name :Public-ARP When a “*” precedes a port, the port is in the Up state; otherwise, the port is in the Down state.
  • Page 22 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands View Any view Parameters None Description Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer. Related commands: arp timer aging.
  • Page 23 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands Table 1-3 Description on the fields of the display debugging arp command Field Description ARP packet debugging switch State of ARP packet debugging Source IP Address...
  • Page 24 Command Manual – ARP H3C S9500 Series Routing Switches Chapter 1 ARP Configuration Commands 1.1.16 reset arp Syntax reset arp [ dynamic | static | interface { interface-type interface-number } | all ] View User view Parameters dynamic: Clears the dynamic ARP mapping entries.
  • Page 25 Command Manual – ARP Chapter 2 ARP Table Size Configuration H3C S9500 Series Routing Switches Commands Chapter 2 ARP Table Size Configuration Commands 2.1 ARP Table Size Configuration Commands 2.1.1 arp max-entry Syntax arp max-entry slot-num max-num undo arp max-entry slot-num...
  • Page 26 Command Manual – ARP Chapter 2 ARP Table Size Configuration H3C S9500 Series Routing Switches Commands 2.1.2 arp max-aggregation-entry Syntax arp max-aggregation-entry max-aggnum undo arp max-aggregation-entry View System view Parameters max-aggnum: Maximum number of ARP entries with aggregated ports (that is, aggregation ARP entries) supported by each LPU.
  • Page 27 Command Manual – ARP Chapter 2 ARP Table Size Configuration H3C S9500 Series Routing Switches Commands View System view Parameters 4: Configures the maximum number of ARP entries of the whole switch as 4K (1K = 1024). 64: Configure the maximum number of ARP entries of the whole switch as 64K.
  • Page 28 Command Manual – ARP Chapter 2 ARP Table Size Configuration H3C S9500 Series Routing Switches Commands Parameters None Description Use the display arp max-entry command to display the maximum numbers of current ARP entries and entries that will take effect after the switch restarts.
  • Page 29 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands Chapter 3 ARP Attack Prevention Configuration Commands 3.1 ARP Spoofing Attack Prevention Configuration Commands 3.1.1 arp entry-check Syntax arp entry-check { fixed-mac | fixed-all | send-ack }...
  • Page 30 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands undo debugging arp entry-check View User view Parameters None Description Use the debugging arp entry-check command to enable ARP spoofing attack prevention debugging. Use the undo debugging arp entry-check command to disable ARP spoofing attack prevention debugging.
  • Page 31 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands 3.2 ARP Duplicate Gateway Attack Prevention Configuration Commands 3.2.1 anti-attack gateway-duplicate Syntax anti-attack gateway-duplicate { enable | disable } View System view Parameters enable: Enables ARP duplicate gateway attack prevention. With this function enabled, the switch generates an attack prevention entry after detecting a duplicate gateway address in an ARP packet.
  • Page 32 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands View Any view Parameters slotid: Number of the slot where the LPU is located. Description Use the display anti-attack gateway-duplicate command to display information...
  • Page 33 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands 3.3 ARP Packet Attack Prevention Configuration Commands 3.3.1 anti-attack arp Syntax anti-attack arp { enable | monitor | disable } View System view Parameters enable: Enables ARP packet attack prevention.
  • Page 34 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands View System view Parameters time: Aging time, in seconds, for ARP packet attack prevention entries, in the range of 60 to 6000. Description Use the anti-attack arp aging-time command to configure the aging time for ARP packet attack prevention entries.
  • Page 35 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands Examples # Specify the protected MAC address for ARP packet attack prevention as 00-11-43-C2-6D-EF. <H3C> system-view System View: return to User View with Ctrl+Z.
  • Page 36 Command Manual – ARP Chapter 3 ARP Attack Prevention Configuration H3C S9500 Series Routing Switches Commands Parameters slot slotid: Number of the slot where the LPU is located. Description Use the display anti-attack arp command to display information about the ARP packet attack prevention entries of a specified LPU, including the MAC address, VLAN, and port name of the attacker as well as state of the entries.
  • Page 37 Command Manual – ARP Chapter 4 IP Packet Attack Prevention Configuration H3C S9500 Series Routing Switches Commands Chapter 4 IP Packet Attack Prevention Configuration Commands 4.1 IP Packet Attack Prevention Configuration Commands 4.1.1 anti-attack ip Syntax anti-attack ip { disable | enable }...
  • Page 38 Command Manual – ARP Chapter 4 IP Packet Attack Prevention Configuration H3C S9500 Series Routing Switches Commands Description Use the anti-attack ttl1 enable command to prevent the delivery of IP packets with the TTL field being 1 to the CPU, thus avoiding such packet attacks.

  • Page 39: Table Of Contents

    Command Manual – IP Address H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 IP Address Configuration Commands............... 1-1 1.1 IP Address Configuration Commands ................1-1 1.1.1 display ip host......................1-1 1.1.2 display ip interface ....................1-2 1.1.3 ip address........................

  • Page 40: Chapter 1 Ip Address Configuration Commands

    Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands Chapter 1 IP Address Configuration Commands 1.1 IP Address Configuration Commands 1.1.1 display ip host Syntax display ip host View Any view Parameters None...

  • Page 41: Display Ip Interface

    Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands 1.1.2 display ip interface Syntax display ip interface [ brief ] [ interface-type interface-number ] View Any view Parameters interface-type interface-number: Specifies a port.
  • Page 42 Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: DHCP packet deal mode:...

  • Page 43: Ip Address

    Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands Field Description ICMP packet input number Echo reply: Unreachable: Source quench: Total received ICMP packets, including: Routing redirect: Echo reply packets, unreachable Echo request:...
  • Page 44 Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands forward: Forwards directed broadcasts in the VLAN where the configured IP address resides. drop: Drops directed broadcasts destined for the VLAN where the configured IP address resides.

  • Page 45: Ip Host

    Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands Note: If you re-configure an IP address for a VLAN-interface and the new IP address is not in the same network segment as the previous one, the system will display whether to continue.

  • Page 46: Ip-Protect Enable

    Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands View System view Parameters hostname: Name of the host. It is a character string that consists of 1 to 20 characters, including letters, numbers, "_", or ",", and it must contain at least one letter.
  • Page 47 Command Manual – IP Address H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Commands By default, IP address protection is disabled. You can use the display this command to view the status of IP address protection (enabled/disabled) for the current VLAN interface.
  • Page 48 Command Manual – VRRP H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 VRRP Configuration Commands ................1-1 1.1 VRRP Configuration Commands ..................1-1 1.1.1 debugging vrrp ......................1-1 1.1.2 display vrrp ......................1-1 1.1.3 display vrrp ifm ......................1-3 1.1.4 display vrrp statistics ....................

  • Page 49: Chapter 1 Vrrp Configuration Commands

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands Chapter 1 VRRP Configuration Commands 1.1 VRRP Configuration Commands 1.1.1 debugging vrrp Syntax debugging vrrp { state | packet [ interface number ] | error }...
  • Page 50 Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands Parameters vlan-interface: Displays the VRRP status information of a specified interface. interface-number: Specifies an interface by its number. virtual-route-identifier: VRRP virtual router ID. ifm: Displays the configuration information of the IP forwarding module (IFM) device that runs VRRP.

  • Page 51: Display Vrrp Ifm

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands Initialize NONE 16.16.16.192 Initialize NONE 17.17.17.192 Table 1-1 Description on the fields of the display vrrp command Field Description Run Method Mapping mode (real/virtual MAC) Virtual IP ping...

  • Page 52: Display Vrrp Statistics

    If the interface name and virtual router ID are specified, the statistics information about the specified virtual router on the interface will be displayed. Examples # Display the VRRP statistics information on VLAN-interface 2. <H3C> display vrrp statistics interface vlan-interface 2 Interface : Vlan-interface2 VRID...

  • Page 53: Display Vrrp Verbose

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands Table 1-2 Description on the fields of the display vrrp statistics command Field Description Interface Interface to which the virtual router is attached VRID ID of the virtual router...
  • Page 54 Examples # Display the VRRP status information on VLAN-interface 1 of the switch. [H3C-Vlan-interface1] display vrrp verbose interface vlan-interface 1 Run Method : VIRTUAL-MAC Virtual Ip Ping : Disable...

  • Page 55: Reset Vrrp Statistics

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands Field Description Auth Type Type of authentication Virtual IP Virtual IP address list of the virtual router Master IP IP address of the master of the VRRP group 1.1.6 reset vrrp statistics...

  • Page 56: Vrrp Method

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands Parameters None Description Use the vrrp log-state command to enable the logging of VRRP group state changes. Use the undo vrrp log-state command to disable the logging.

  • Page 57: Vrrp Ping-Enable

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands Note that: You should specify the mapping mode before configuring the virtual router. Otherwise, you cannot specify the mapping mode. Examples # Specify the mapping mode between the real MAC address of the interface and the virtual IP address of the virtual router.

  • Page 58: Vrrp Un-Check Ttl

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands [H3C] vrrp ping-enable 1.1.10 vrrp un-check ttl Syntax vrrp un-check ttl undo vrrp un-check ttl View VLAN interface view Parameters None Description Use the vrrp un-check ttl command to disable the check of the TTL value of VRRP packets.

  • Page 59: Vrrp Vrid Fast-Switch

    By default, no authentication is configured. Note that an authentication key is case sensitive. Examples # Set authentication mode simple and authentication key H3C for VRRP virtual router 1 on VLAN-interface 2. <H3C> system-view [H3C] interface vlan-interface 2 [H3C-Vlan-interface2] vrrp vrid 1 authentication-mode simple H3C 1.1.12 vrrp vrid fast-switch...

  • Page 60: Vrrp Vrid Monitor

    Command Manual – VRRP H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Commands By default, the fast switch function for a virtual router in backup state is disabled. Note: After the vrrp vrid fast-switch command is executed, the vrrp vrid virtual-router-id preempt-mode timer command does not take effect.

  • Page 61: Vrrp Vrid Preempt-Mode

    # Enable monitoring interface GigabitEthernet1/1/1 of virtual router 1. <H3C> system-view [H3C] interface vlan-interface 30 [H3C-Vlan-interface30] vrrp vrid 1 monitor interface gigabitethernet 1/1/1 # Enable monitoring link aggregation group 2 of virtual router 1. <H3C> system-view [H3C] interface vlan-interface 30...

  • Page 62: Vrrp Vrid Priority

    # Configure the switch to preempt. [H3C-vlan-interface2] vrrp vrid 1 preempt-mode # Set a delay. [H3C-vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5 # Configure the switch not to preempt. [H3C-vlan-interface2] undo vrrp vrid 1 preempt-mode 1.1.15 vrrp vrid priority...

  • Page 63: Vrrp Vrid Timer

    The same interval must be set for members in a VRRP group. Examples # Configure the master to transmit VRRP packets every 15 seconds. [H3C-vlan-interface2] vrrp vrid 1 timer advertise 15 1.1.17 vrrp vrid track Syntax vrrp vrid virtual-router-id track { ifm [ increased value-increased ] | interface...

  • Page 64: Vrrp Vrid Virtual-Ip

    1 on VLAN-interface 2 will be reduced by 50. <H3C> system-view [H3C] interface vlan-interface 2 [H3C-Vlan-interface2] vrrp vrid 1 track interface vlan-interface 1 reduced 50 1.1.18 vrrp vrid virtual-ip Syntax vrrp vrid virtual-router-id virtual-ip ip-address...
  • Page 65 # Add a virtual IP address for the virtual router. [H3C-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11 # Delete a virtual IP address. [H3C-vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10 # Delete a virtual router. [H3C-vlan-interface2] undo vrrp vrid 1 1-17...
  • Page 66 Command Manual – DHCP H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 DHCP Configuration Commands ................1-1 1.1 General DHCP Configuration Commands................. 1-1 1.1.1 dhcp enable......................1-1 1.1.2 dhcp select ......................1-1 1.1.3 dhcp server detect....................1-3 1.2 DHCP Server Configuration Commands ................
  • Page 67 Command Manual – DHCP H3C S9500 Series Routing Switches Table of Contents 1.3.1 debugging dhcp relay.................... 1-32 1.3.2 dhcp relay release....................1-34 1.3.3 dhcp relay security ....................1-35 1.3.4 dhcp relay security address-check................ 1-35 1.3.5 dhcp relay security tracker ..................1-36 1.3.6 dhcp relay security tracker enable ................

  • Page 68: Chapter 1 Dhcp Configuration Commands

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Chapter 1 DHCP Configuration Commands 1.1 General DHCP Configuration Commands 1.1.1 dhcp enable Syntax dhcp enable undo dhcp enable View System view Parameters None Description Use the dhcp enable command to enable DHCP.
  • Page 69 Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands undo dhcp select { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } View VLAN interface view, system view Parameters global: Specifies to forward DHCP packets to the local DHCP server and let the local server assign IP addresses in global address pools to DHCP clients.

  • Page 70: Dhcp Server Detect

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands System View: return to User View with Ctrl+Z. [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] dhcp select global 1.1.3 dhcp server detect Syntax dhcp server detect undo dhcp server detect...

  • Page 71: Display Dhcp Server Forbidden-Ip

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands error: Enables/disables error debugging for the DHCP server, including errors that occur when the DHCP server processes DHCP packets or assigns IP addresses. event: Enables/disables event debugging for the DHCP server, including the assigning of IP addresses and timing out of ping packets.

  • Page 72: Dhcp Server Dns-List

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Forbidden IP Range from 17.9.0.8 17.9.255.254 1.2.3 dhcp server dns-list Syntax In VLAN interface view: dhcp server dns-list ip-address [ ip-address ] undo dhcp server dns-list { ip-address | all }...

  • Page 73: Dhcp Server Domain-Name

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Examples # Configure the DNS server address 1.1.1.254 for the DHCP address pool of VLAN-interface 1. <H3C> system-view System View: return to User View with Ctrl+Z.

  • Page 74: Dhcp Server Expired

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Examples # Configure the DHCP client domain name of the DHCP address pool of the current VLAN interface as vlan-interface1.com. <H3C> system-view System View: return to User View with Ctrl+Z.

  • Page 75: Dhcp Server Forbidden-Ip

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Related commands: expired. Examples # Set the unlimited IP address lease time for the DHCP address pool of VLAN-interface 1. <H3C> system-view System View: return to User View with Ctrl+Z.

  • Page 76: Dhcp Server Ip-Pool

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands 1.2.7 dhcp server ip-pool Syntax dhcp server ip-pool pool-name undo dhcp server ip-pool pool-name View System view Parameters pool-name: Name of the address pool, a string that is of 1 to 64 characters in length. An address pool name uniquely identifies an address pool.

  • Page 77: Dhcp Server Netbios-Type

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands View VLAN interface view, system view Parameters ip-address: NetBIOS server IP address. You can specify up to eight IP addresses (separated by spaces) in one command.

  • Page 78: Dhcp Server Option

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } undo dhcp server netbios-type { interface vlan-interface vlan-id [ to vlan-interface...
  • Page 79 Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address [ ip-address ] } undo dhcp server option code In system view: dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address...

  • Page 80: Dhcp Server Ping

    Chapter 1 DHCP Configuration Commands System View: return to User View with Ctrl+Z. [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] dhcp server option 100 hex 11 22 1.2.11 dhcp server ping Syntax dhcp server ping { packets number | timeout milliseconds }...

  • Page 81: Dhcp Server Static-Bind

    VLAN interface address pool only supports one-to-one MAC-IP binding. Examples # Statically bind the IP address 10.1.1.1 to the MAC address 0000-e03f-0305. <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] dhcp server static-bind ip-address 10.1.1.1 mac-address 0000-e03f-0305 1-14...

  • Page 82: Display Dhcp Server Conflict

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands 1.2.13 display dhcp server conflict Syntax display dhcp server conflict { all | ip ip-address } View Any view Parameters all: Specifies all IP addresses. ip ip-address: Specifies an IP address.

  • Page 83: Display Dhcp Server Free-Ip

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands pool [ pool-name ]: Specifies a global address pool. If you do not input a pool-name, all global address pools are included. interface [ vlan-interface vlan-id ]: Specifies a VLAN interface address pool. If you do not input a vlan-id, all VLAN interface address pools are included.

  • Page 84: Display Dhcp Server Ip-In-Use

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Parameters None Description Use the display dhcp server free-ip command to display the ranges of available (unassigned) IP addresses in DHCP address pools. Examples # Display the ranges of available (unassigned) IP addresses in DHCP address pools.

  • Page 85: Display Dhcp Server Statistics

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands <H3C> display dhcp server ip-in-use all Global pool: IP address Hardware address Lease expiration Type 2.2.2.2 4444-4444-4444 NOT Used Manual Interface pool: IP address Hardware address...
  • Page 86 Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Global Pool: Pool Number: Binding Auto: Manual: Expire: Interface Pool: Pool Number: Binding Auto: Manual: Expire: Boot Request: Dhcp Discover: Dhcp Request: Dhcp Decline: Dhcp Release:...

  • Page 87: Display Dhcp Server Tree

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Field Description Boot Reply: Dhcp Offer: Total and categorized DHCP packets sent by the DHCP server Dhcp Ack: Dhcp Nak: Bad Messages Number of bad DHCP packets 1.2.18 display dhcp server tree...
  • Page 88 Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Pool name: 6 static-bind ip-address 10.10.1.2 mask 255.0.0.0 static-bind mac-address 00e0-00fc-0001 Parent node:5 option 1 ip-address 255.255.0. expired 1 0 0 option 58 hex 00 00 A8 C0...

  • Page 89: Dns-List

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Field Description The address pool named 6 is a child node of the one named 5 Based on the node position of the address pool named 5,...

  • Page 90: Domain-Name

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Description Use the dns-list command to configure one or more DNS server IP addresses for a global DHCP address pool. Use the undo dns-list command to remove one or all DNS server IP addresses configured for a global DHCP address pool.

  • Page 91: Expired

    # Set the IP address lease time of the global DHCP address pool 0 to one day plus two hours and three minutes. <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] dhcp server ip-pool 0 [H3C-dhcp-0] expired day 1 hour 2 minute 3 1-24...

  • Page 92: Gateway-List

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands 1.2.22 gateway-list Syntax gateway-list ip-address [ ip-address ] undo gateway-list { ip-address | all } View DHCP address pool view Parameters ip-address: IP address of an outbound gateway. You can specify up to eight IP addresses (separated by spaces) in one command.

  • Page 93: Netbios-Type

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Parameters ip-address: IP address of a NetBIOS server. You can specify up to eight IP addresses (separated by spaces) in one command. all: Specifies all configured NetBIOS server IP addresses.

  • Page 94: Network

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands m-node: Specifies the NetBIOS node type of DHCP clients to be m-node (m stands for mixed). Nodes of this type are p nodes which take some broadcast features.
  • Page 95 Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Description Use the network command to configure an address range for dynamic IP address assignment. Use the undo network command to remove the address range configured for dynamic IP address assignment.

  • Page 96: Reset Dhcp Server Conflict

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Use the undo option command to remove a custom DHCP option configured for the global DHCP address pool. If you execute the option command multiple times, the new configurations overwrite the corresponding old ones Related commands: dhcp server ip-pool, dhcp server option.

  • Page 97: Reset Dhcp Server Statistics

    DHCP addresses. Related commands: display dhcp server ip-in-use. Examples # Clear the binding entries that contain the IP address of 10.110.1.1. <H3C> reset dhcp server ip-in-use ip 10.110.1.1 1.2.29 reset dhcp server statistics Syntax reset dhcp server statistics...

  • Page 98: Static-Bind Ip-Address

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands <H3C> reset dhcp server statistics 1.2.30 static-bind ip-address Syntax static-bind ip-address ip-address [ { mask netmask } | mask-length ] undo static-bind ip-address View DHCP address pool view Parameters ip-address: IP address to be bound.

  • Page 99: Static-Bind Mac-Address

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands 1.2.31 static-bind mac-address Syntax static-bind mac-address mac-address undo static-bind mac-address View DHCP address pool view Parameters mac-address: MAC address to be bound. Description Use the static-bind mac-address command to specify the MAC address to be statically bound.
  • Page 100 Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands View User view Parameters all: Enables all types of debugging. packet: Enables debugging for packets. error: Enables debugging for error messages. event: Enables debugging for events.

  • Page 101: Dhcp Relay Release

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Table 1-6 Description on the fields of the debugging dhcp-relay command Field Description Interface The VLAN interface that forwards DHCP packets Type Type of the forwarded DHCP packet...

  • Page 102: Dhcp Relay Security

    # Configure a user address entry for a DHCP server, with an IP address of 1.1.1.1 and a MAC address of 0005-5D02-F2B3. <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] dhcp relay security 1.1.1.1 0005-5D02-F2B3 static 1.3.4 dhcp relay security address-check Syntax dhcp relay security address-check { enable | disable }...

  • Page 103: Dhcp Relay Security Tracker

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Description Use the dhcp relay security address-check enable command to enable security address checking on a VLAN interface. Use the dhcp relay security address-check disable command to disable security address checking on a VLAN interface.

  • Page 104: Dhcp Relay Security Tracker Enable

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands <H3C>system-view System View: return to User View with Ctrl+Z. [H3C] dhcp relay security tracker 100 1.3.6 dhcp relay security tracker enable Syntax dhcp relay security tracker enable...

  • Page 105: Display Dhcp Relay Address

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Description Use the dhcp server detect command to enable fake DHCP server detecting. Use the undo dhcp server detect command to disable fake DHCP server detecting.

  • Page 106: Display Dhcprelay-Security

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands <H3C> display dhcp relay address interface vlan 192 Vlan-interface192 DHCP Relay Address Relay Address [0] : 193.193.1.1 Relay Address [1] : 1.1.1.1 1.3.9 display dhcprelay-security Syntax...

  • Page 107: Ip Relay Address

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands View Any view Parameters None Description Use the display dhcp relay security tracker command to display information about whether the function of handshake between the DHCP relay agent and the DHCP server is enabled and the interval at which DHCP relay agent dynamic user address entries are refreshed.

  • Page 108: Reset Dhcp Relay Statistics

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Use the undo ip relay address command to remove the DHCP server configured for the VLAN interface to forward DHCP packets. No DHCP server is configured for a VLAN interface by default.

  • Page 109: Dhcp Option 82 Configuration Commands

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands 1.4 DHCP Option 82 Configuration Commands 1.4.1 dhcp relay information enable Syntax To enable the Option 82 function on a VLAN interface in VLAN interface view:...

  • Page 110: Dhcp Relay Information Format

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands [H3C-Vlan-interface1] undo dhcp relay information enable 1.4.2 dhcp relay information format Syntax dhcp relay information format { normal | verbose } undo dhcp relay information format...

  • Page 111: Dhcp Relay Information Strategy

    <H3C> system-view System View: return to User View with Ctrl+Z [H3C]interface vlan1 [H3C-Vlan-interface1] dhcp relay information format verbose node-identifier sysname # Restore the default node identifier of the user when the mode of relay agent Option 82 on VLAN-interface 1 is fixed network mode.

  • Page 112: Dhcp Server Relay Information Enable

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands keep: Indicates that the DHCP relay agent does not change Option 82 in packets. replace: Indicates that the DHCP relay agent replaces Option 82 in packets with its own Option 82.

  • Page 113: Dhcp Snooping Configuration Commands

    [H3C] dhcp server relay information enable # Disable the DHCP server from returning Option 82 carried in the request packets to the DHCP relay agent. [H3C] undo dhcp server relay information enable 1.5 DHCP Snooping Configuration Commands 1.5.1 debugging dhcp-snooping...

  • Page 114: Display Dhcp-Snooping Entry

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Description Use the debugging dhcp-snooping command to enable DHCP snooping debugging. Use the undo debugging dhcp-snooping command to disable DHCP snooping debugging. By default, DHCP snooping debugging is disabled.

  • Page 115: Display Dhcp-Snooping Trust

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands T - Dynamic Temporary Item D - Dynamic Valid Item S - Static Item Interface: - Ethernet - GigabitEthernet - Link Aggregation group IpAddress MacAddress Lease(sec)

  • Page 116: Dhcp-Snooping Enable

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands DHCP snooping is enabled globally. The number of DHCP snooping trusted ports is 2. -------------------------------------------------------------------------- GigabitEthernet0/1/1 GigabitEthernet0/1/2 1.5.4 dhcp-snooping enable Syntax dhcp-snooping enable undo dhcp-snooping enable...

  • Page 117: Dhcp-Snooping Enable Vlan

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands [H3C] dhcp-snooping enable 1.5.5 dhcp-snooping enable vlan Syntax Enable DHCP snooping on a VLAN in VLAN view: dhcp-snooping enable undo dhcp-snooping enable Enable DHCP snooping on the specified VLAN in system view:...

  • Page 118: Dhcp-Snooping Entry

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Caution: The DHCP snooping configuration on a VLAN, and DHCP relay agent or DHCP server configuration on the corresponding VLAN interface are mutually exclusive. You need to disable the DHCP relay agent or DHCP server function on the VLAN interface to make the DHCP snooping function take effect.

  • Page 119: Dhcp-Snooping Information Enable

    # Configure a static DHCP snooping entry, including IP address 10.15.178.30, MAC address 00e0-f000-030d, VLAN 10, and physical port Ethernet 3/1/4. <H3C> system-view [H3C] dhcp-snooping entry ip 10.15.178.30 mac 00e0-f000-030d vlan 10 interface ethernet 3/1/4 1.5.7 dhcp-snooping information enable Syntax...

  • Page 120: Dhcp-Snooping Information Format

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Caution: This command can be executed only after DHCP snooping is enabled on the VLAN. Examples # Configure DHCP snooping to support Option 82 for VLAN 2.

  • Page 121: Dhcp-Snooping Information Format Verbose Node-Identifier

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Caution: This command can be used only after the DHCP snooping Option 82 support is enabled for the VLAN. If the Option 82 is padded with the device name (sysname), the sysname must contain no spaces or special characters (such as forward slashes).

  • Page 122: Dhcp-Snooping Information Strategy

    [H3C] vlan 2 [H3C-vlan2] dhcp-snooping enable [H3C-vlan2] dhcp-snooping information enable [H3C-vlan2] dhcp-snooping information format verbose [H3C-vlan2] dhcp-snooping information format verbose node-identifier sysname 1.5.10 dhcp-snooping information strategy Syntax dhcp-snooping information strategy { drop | keep | replace } undo dhcp-snooping information strategy...

  • Page 123: Dhcp-Snooping Security Check Enable

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Use the undo dhcp-snooping information strategy command to restore the default. By default, the handling strategy for Option 82 in DHCP requests for the VLAN is replace.

  • Page 124: Dhcp-Snooping Trust

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Description Use the dhcp-snooping security check enable command to enable the DHCP snooping security check function. Use the undo dhcp-snooping security check enable command to disable the function.

  • Page 125: Reset Dhcp-Snooping Entry

    Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Parameters None Description Use the dhcp-snooping trust command to configure the port as a trusted port. Use the undo dhcp-snooping trust command to restore the default state.
  • Page 126 Command Manual – DHCP H3C S9500 Series Routing Switches Chapter 1 DHCP Configuration Commands Parameters mac-address: MAC address. vlan-id: VLAN ID. ip-address: IP address. port-type port-number: Specifies a port by its type and number. group-id: Aggregation group ID. dynamic: Dynamic DHCP snooping entries.
  • Page 127 Command Manual – DNS H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 DNS Configuration Commands .................. 1-1 1.1 Static DNS Configuration Commands ................1-1 1.1.1 ip host........................1-1 1.1.2 display ip host......................1-1 1.2 Dynamic DNS Configuration Commands ................1-2 1.2.1 debugging dns......................

  • Page 128: Chapter 1 Dns Configuration Commands

    Command Manual – DNS H3C S9500 Series Routing Switches Chapter 1 DNS Configuration Commands Chapter 1 DNS Configuration Commands 1.1 Static DNS Configuration Commands 1.1.1 ip host Syntax ip host hostname ip-address undo ip host hostname [ ip-address ] View...

  • Page 129: Dynamic Dns Configuration Commands

    Command Manual – DNS H3C S9500 Series Routing Switches Chapter 1 DNS Configuration Commands Parameters None Description Use the display ip host command to view all the host names and the corresponding IP addresses. Examples # Display all host names and the corresponding IP addresses of the hosts.

  • Page 130: Display Dns Domain

    Command Manual – DNS H3C S9500 Series Routing Switches Chapter 1 DNS Configuration Commands By default, DNS debugging is disabled. Examples # Enable DNS debugging <H3C> debugging dns 1.2.2 display dns domain Syntax display dns domain View Any view Parameters...

  • Page 131: Display Dns Server

    Command Manual – DNS H3C S9500 Series Routing Switches Chapter 1 DNS Configuration Commands Parameters None Description Use the display dns dynamic-host command to view the dynamic domain name buffer. Examples # View the dynamic domain name buffer. <H3C> display dns dynamic-host...

  • Page 132: Dns Domain

    Command Manual – DNS H3C S9500 Series Routing Switches Chapter 1 DNS Configuration Commands Examples # View the related information of the domain name server. <H3C> display dns server Domain-server Ipaddress 172.16.1.1 172.16.1.2 Table 1-4 Description on the fields of the display dns server command...

  • Page 133: Dns Resolve

    Command Manual – DNS H3C S9500 Series Routing Switches Chapter 1 DNS Configuration Commands 1.2.6 dns resolve Syntax dns resolve undo dns resolve View System view Parameters None Description Use the dns resolve command to enable the dynamic domain name resolution function.

  • Page 134: Reset Dns Dynamic-Host

    Command Manual – DNS H3C S9500 Series Routing Switches Chapter 1 DNS Configuration Commands The system supports up to six domain name server. To delete the domain name server, input the IP address, and the specific server is deleted. Otherwise, all of the servers are deleted.
  • Page 135 Command Manual – UDP Helper H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 UDP Helper Configuration Commands..............1-1 1.1 UDP Helper Configuration Commands................1-1 1.1.1 debugging udp-helper ..................... 1-1 1.1.2 display udp-helper....................1-1 1.1.3 udp-helper enable ....................1-2 1.1.4 udp-helper port ......................

  • Page 136: Chapter 1 Udp Helper Configuration Commands

    Command Manual – UDP Helper H3C S9500 Series Routing Switches Chapter 1 UDP Helper Configuration Commands Chapter 1 UDP Helper Configuration Commands 1.1 UDP Helper Configuration Commands 1.1.1 debugging udp-helper Syntax debugging udp-helper { event | packet [ receive | send ] }...

  • Page 137: Udp-Helper Enable

    Use the display udp-helper port command to display the configuration of the global UDP ports. Examples # Display the information of the destination server corresponding to VLAN-interface 1. <H3C> display udp-helper server interface vlan-interface 1 interface name server address packets sent Vlan-interface1 192.1.1.2...

  • Page 138: Udp-Helper Port

    Command Manual – UDP Helper H3C S9500 Series Routing Switches Chapter 1 UDP Helper Configuration Commands Examples # Enable the function of forwarding UDP broadcast packets. <H3C>system-view System View: return to User View with Ctrl+Z. [H3C] udp-helper enable 1.1.4 udp-helper port...

  • Page 139: Udp-Helper Server

    Command Manual – UDP Helper H3C S9500 Series Routing Switches Chapter 1 UDP Helper Configuration Commands [H3C] udp-helper port dns 1.1.5 udp-helper server Syntax udp-helper server ip-address undo udp-helper server [ ip-address ] View VLAN interface view Parameters ip-address: IP address of the destination server, in dotted decimal notation. This argument can be the address of a host or the broadcast address of a subnet.
  • Page 140 Command Manual – NAT H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 NAT Configuration Commands .................. 1-1 1.1 NAT Configuration Commands..................1-1 1.1.1 display nat address-group..................1-1 1.1.2 display nat aging-time ..................... 1-1 1.1.3 display nat all......................1-2 1.1.4 display nat auto-reset-session ................

  • Page 141: Chapter 1 Nat Configuration Commands

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands Chapter 1 NAT Configuration Commands Note: The line processing units (LPU) mentioned in this chapter refer to LSB1NATB0. 1.1 NAT Configuration Commands 1.1.1 display nat address-group...

  • Page 142: Display Nat All

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands View Any view Parameters None Description Use the display nat aging-time command to display the aging time of a NAT entry. Examples # View the aging times of the NAT entries of various protocols.

  • Page 143: Display Nat Auto-Reset-Session

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands --0 entry found-- NAT outbound information: No interfaces have been configured for NAT --0 entry found-- Server in private network information: No internal servers have been configured...

  • Page 144: Display Nat Blacklist

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands 1.1.5 display nat blacklist Syntax display nat blacklist { all | [ vpn-instance vpn-name ] ip [ ip-address ] slot slot-no } View Any view Parameters all: Displays all blacklist configurations.

  • Page 145: Display Nat Outbound

    Rate control limit uses special configuration. # Display the blacklist configurations and operation states for IP address 100.0.0.3 in VPN1. <H3C> display nat blacklist vpn-instance vpn1 ip 100.0.0.3 slot 4 Blacklist function global configuration: Blacklist function is started. Connection amount control is enabled.

  • Page 146: Display Nat Server

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands [address-group] 1 [type] pat [slot] 5 Vlan-interface3 : [acl] 2000 [address-group] 0 -- teacher [type] no-pat [slot] 5 Vlan-interface4 : [acl] 2001 [address-group] interface [type] pat...

  • Page 147: Display Nat Static

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands 1.1.8 display nat static Syntax display nat static View Any view Parameters None Description Use the display nat static command to display all static address translation entries.

  • Page 148: Display Nat Vpn Limit

    STATIC NAT session table count entries Note: In PTA mode, hardware of S9500 series switches creates a positive stream and a reversed stream (which is used for reversed PAT) when creating a stream. However, the NAT log exports the positive stream only.

  • Page 149: Nat Address-Group

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands vpn-instance: Queries the maximum number of users and connections of the specified VPN. vpn-name: Name of a VPN instance. Description Use the display nat vpn limit command to display the maximum number of users and connections of all the VPNs or the specified VPN of NAT.
  • Page 150 # Configure address pool 2 with addresses 203.110.10.10 to 203.110.10.110, and the description character string is teacher. <H3C> system-view [H3C] nat address-group 2 203.110.10.10 203.110.10.110 description teacher # Modify the description character string of address group 2 to teacher&student. <H3C> system-view [H3C] nat address-group 2 description teacher&student...

  • Page 151: Nat Aging-Time

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands 1.1.12 nat aging-time Syntax nat aging-time alg time-value undo nat aging-time alg View System view Parameters alg time-value: Aging time of NAT entries requiring application level gateway (ALG) processing in seconds.

  • Page 152: Nat Blacklist Start

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands Parameters None Description Use the nat auto-reset-session command to enable the NAT session table auto-reset function when a NAT enabled VLAN interface goes up or down.

  • Page 153: Nat Blacklist Mode

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands Examples # Enable the blacklist function for the whole system. <H3C> system-view [H3C] nat blacklist start 1.1.15 nat blacklist mode Syntax nat blacklist mode { amount | rate | all }...

  • Page 154: Nat Blacklist Limit Amount

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands 1.1.16 nat blacklist limit amount Syntax nat blacklist limit amount [ [ vpn-instance vpn-name ] source user-ip ] max-amount undo nat blacklist limit amount [ [ vpn-instance vpn-name ] source user-ip ]...

  • Page 155: Nat Blacklist Limit Rate

    # Set the threshold value for the number of connections to the IP address 100.0.0.1 in the private network VPN1. <H3C> system-view [H3C] nat blacklist limit amount vpn-instance vpn1 source 100.0.0.1 2222 1.1.17 nat blacklist limit rate Syntax nat blacklist limit rate [ source ip ] cir cir-value [ cbs burst-size ] [ ebs burst-size ]...

  • Page 156: Nat Blacklist Limit Rate Source

    [H3C] nat blacklist limit rate cir 20 cbs 1799 ebs 40 # Set the special threshold value for the rate of link set-up <H3C> system-view [H3C] nat blacklist limit rate source ip cir 20 cbs 1799 ebs 40 1.1.18 nat blacklist limit rate source Syntax...
  • Page 157 [H3C] nat blacklist limit rate source 2.2.2.2 # Use the special threshold value to control the rate of link set-up of the user 200.0.0.1 in the private network VPN1. <H3C> system-view [H3C] nat blacklist limit rate vpn-instance vpn1 source 200.0.0.1 1-17...

  • Page 158: Nat Outbound

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands 1.1.19 nat outbound Syntax nat outbound acl-number [ address-group group-number [ no-pat ] ] slot slot-no undo nat outbound acl-number [ address-group group-number [ no-pat ] ] slot...
  • Page 159 NAT. The address will be translated into one of address pool 1. [H3C] interface Vlan-interface 2 [H3C-Vlan-interface2] nat outbound 3000 address-group 1 slot 3 # Configure to use one-to-one NAT (do not use TCP/UDP port information for NAT). [H3C-Vlan-interface2] nat outbound 3000 address-group 1 no-pat slot 3 1-19...
  • Page 160 # Customize a flow template, and then apply it to Ethernet 4/1/1. The interface card is located in slot 4. For details about flow template, refer to Defining and Applying Flow Template in ACL Configuration of the QoS ACL Volume. [H3C] flow-template user-defined slot 4 sip 0.0.0.0 dip 0.0.0.0 dmac 0-0-0 vlanid [H3C] interface Ethernet4/1/1...

  • Page 161: Nat Server

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands 1.1.20 nat server Syntax nat server protocol { tcp | udp } global global-addr global-port inside [ vpn-name ] host-addr host-port slot slot-no undo nat server protocol { tcp | udp } global global-addr global-port inside...
  • Page 162 Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands host-addr1 host-addr2: Specifies an address scope of internal hosts that corresponds to the address range of external service port numbers. host-addr2 must be bigger than host-addr1. The number of the address scope must be the same as the number of external service ports.
  • Page 163 202.110.10.12. Suppose that VLAN-interface 2 is connected to the ISP. <H3C> system-view [H3C] interface Vlan-interface 2 [H3C-Vlan-interface2] nat server protocol tcp global 202.110.10.10 8080 inside VPN1 10.110.10.10 www slot 3 [H3C-Vlan-interface2] nat server protocol tcp global 202.110.10.10 ftp inside VPN1 10.110.10.10 ftp slot 3...

  • Page 164: Nat Static

    [H3C-acl-adv-3001] quit # Customize a flow template, and then apply the flow template to Ethernet 4/1/1. The interface card is located in slot 4. [H3C] flow-template user-defined slot 4 sip 0.0.0.0 dip 0.0.0.0 dmac 0-0-0 vlanid [H3C] interface Ethernet4/1/1 [H3C-Ethernet4/1/1] flow-template user-defined # Reference the ACLs to redirect the packets that needs to be translated to the NAT LPU.
  • Page 165 Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands undo nat static global global-addr inside [ vpn-name ] host-addr slot slot-no nat static global global-addr1 global-addr2 inside [ vpn-name ] host-addr1 host-addr2 slot slot-no undo nat static global global-addr1 global-addr2 inside [ vpn-name ] host-addr1...
  • Page 166 10.110.10.10 slot 3 # Configure ACL 3001. [H3C] acl number 3001 [H3C-acl-adv-3001] rule permit ip source 10.110.10.10 0.0.0.0 [H3C-acl-adv-3001] quit # Reference ACL 3001 to redirect packets that are to be serviced by NAT to the NAT board. Ethernet 4/1/1 is connected to the private network, and 192 is the corresponding VLAN ID.

  • Page 167: Nat Vpn Limit

    Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands Caution: You need to configure QACL redirection after binding VLAN 192 to the VPN. 1.1.22 nat vpn limit Syntax nat vpn limit [ vpn-instance vpn-name ] user-limit flow-limit...

  • Page 168: Reset Nat Session

    The maximum numbers of users and connections in a VPN does not apply to the NO-PAT mode. Examples # Configure the maximum numbers of users and connections in a VPN. . <H3C> system-view [H3C] nat vpn limit vpn-instance test 5000 5500 1.1.23 reset nat session Syntax reset nat session slot slot-no View...

  • Page 169: Ip Userlog Nat

    Use the display ip userlog export command to display configurations and statistics of system logging. Examples # Display configurations of NAT logging. <H3C> display ip userlog export slot 3 NAT: IP userlog export is not enabled Version 1 export is enabled Export logs to 0.0.0.0 (Port: 0)

  • Page 170: Ip Userlog Nat Active-Time

    The ACL for NAT logging supports the SIP and DIP fields only. Examples # Employ ACL 2000 as the logging rule, and enable NAT logging. <H3C> system-view [H3C] ip userlog nat slot 3 acl 2000 1.2.3 ip userlog nat active-time Syntax ip userlog nat active-time minutes...

  • Page 171: Ip Userlog Nat Export Host

    # Set the destination address and UDP port number of log packets to 169.254.1.1 and 200 respectively. <H3C> system-view [H3C] ip userlog nat export host 169.254.1.1 200 1.2.5 ip userlog nat export source-ip Syntax ip userlog nat export source-ip src-address...

  • Page 172: Ip Userlog Nat Export Version

    IP address of log packets. Examples # Set the source IP address of log packets to 169.254.1.1. <H3C> system-view [H3C] ip userlog nat export source-ip 169.254.1.1 1.2.6 ip userlog nat export version Syntax ip userlog nat export version version-number undo ip userlog nat export version...
  • Page 173 Command Manual – NAT H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Commands Parameters None Description Use the ip userlog nat mode flow-begin command to enable the NAT server logging when an NAT connection is established and deleted. Use the undo ip userlog nat mode flow-begin command to restore the default logging mode.
  • Page 174 Command Manual – IP Performance H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 IP Performance Configuration Commands ............... 1-1 1.1 IP Performance Configuration Commands................ 1-1 1.1.1 display fib ........................ 1-1 1.1.2 display fib [ all ] ip-address [ longer ]............... 1-2 1.1.3 display fib acl......................

  • Page 175: Chapter 1 Ip Performance Configuration Commands

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Chapter 1 IP Performance Configuration Commands 1.1 IP Performance Configuration Commands 1.1.1 display fib Syntax display fib [ all ] View Any view Parameters all: Displays all the entries, including inactive ones, in the forwarding information base (FIB).

  • Page 176: Display Fib [ All ] Ip-Address [ Longer ]

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands 8.8.8.2/32 8.8.8.2 t[0] Vlan-interface10 8.8.8.1/32 127.0.0.1 t[0] InLoopBack0 8.8.8.0/24 8.8.8.1 t[0] Vlan-interface10 127.0.0.0/8 127.0.0.1 t[0] InLoopBack0 Table 1-1 Description on the fields of the display fib command...

  • Page 177: Display Fib Acl

    Nexthop Flag TimeStamp Interface 169.253.0.0/16 2.1.1.1 t[0] Vlan-interface1 # Display the FIB entries whose destination addresses are in the range of 169.254.0.0/16 to 169.254.0.6/16. <H3C> display fib 169.254.0.0 255.255.0.0 169.254.0.6 255.255.0.0 Destination/Mask Nexthop Flag TimeStamp Interface 169.254.0.1/16 2.1.1.1 t[0] Vlan-interface1...

  • Page 178: Display Fib

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Parameters all: Displays all the entries, including inactive ones, in the FIB. number: ACL in number form, in the range 2000 to 2999 name: ACL in name form, a string of 1 to 32 characters.

  • Page 179: Display Fib Ip-Prefix

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands <H3C> display fib | begin 169.254.0.0 Destination/Mask Nexthop Flag TimeStamp Interface 169.254.0.0/16 2.1.1.1 t[0] Vlan-interface1 2.0.0.0/16 2.1.1.1 t[0] Vlan-interface1 For the descriptions of the displayed fields, refer to Table 1-1.

  • Page 180: Display Icmp Statistics

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Parameters all: Specifies to display all the entries, including inactive ones, in the FIB. Description Use the display fib [ all ] statistics command to display the total number of FIB entries.

  • Page 181: Display Ip Socket

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Output:echo destination unreachable 0 source quench 0 redirects echo reply parameter problem timestamp information reply mask requests 0 mask replies time exceeded 0 Table 1-2 Description on the fields of the display icmp statistics command...
  • Page 182 Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands socket-id: The ID of a socket, with the value ranging from 0 to 3072. Description Use the display ip socket command to display the information about the sockets in the current system.

  • Page 183: Display Ip Statistics

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Field Description socket option The option of the socket socket state The state of the socket 1.1.9 display ip statistics Syntax display ip statistics...

  • Page 184: Display Tcp Statistics

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Table 1-4 Description on the fields of the display ip statistics command Field Description Sum of input packets Number of received packets whose destination is...
  • Page 185 Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Description Use the display tcp statistics command to view the statistics information about TCP packets. Related commands: display tcp status, reset tcp statistics. Examples # View statistics about TCP packets.
  • Page 186 Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Table 1-5 Description on the fields of the display tcp statistics command Field Description Received packets Information followed is about received packets Total:753 Total number of received packets: 753...

  • Page 187: Display Tcp Status

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Field Description Number of retransmitted timeout events: 0 Retransmitted timeout: 0, Number of connections dropped due to the connections dropped in number of retransmitted timeout events...

  • Page 188: Display Udp Statistics

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands 03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening 04217174 100.0.0.204:23 100.0.0.253:65508 Established The displayed information indicates that a TCP connection is established. The local IP address of this TCP connection is 100.0.0.204, and the local port number is 23. The remote IP address is 100.0.0.253, and the remote port number is 65508.
  • Page 189 Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Table 1-6 Description on the fields of the display udp statistics command Field Description Received packet: Total received UDP packets: 0 Total: 0 checksum error: 0...

  • Page 190: Reset Ip Statistics

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Examples # Configure the switch to send a “time exceeded” ICMP error packet to the IP packet sender when the switch receives a packet whose TTL is “1”.

  • Page 191: Reset Udp Statistics

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands Examples # Clear the TCP statistics information. <H3C> reset tcp statistics 1.1.16 reset udp statistics Syntax reset udp statistics View User view Parameters None Description Use the reset udp statistics command to can clear the UDP statistics information.

  • Page 192: Tcp Timer Syn-Timeout

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer is enabled. If the switch does not receive FIN packets before the finwait timer times out, the TCP connection is terminated.

  • Page 193: Tcp Window

    Command Manual – IP Performance Chapter 1 IP Performance Configuration H3C S9500 Series Routing Switches Commands 1.1.19 tcp window Syntax tcp window window-size undo tcp window View System view Parameters window-size: The size of the sending and receiving buffers measured in kilobytes (KB), whose value ranges from 1 to 32.
  • Page 194 Command Manual – URPF H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 URPF Configuration Commands................1-1 1.1 URPF Configuration Commands ..................1-1 1.1.1 display urpf ......................1-1 1.1.2 reset urpf statistic ....................1-2 1.1.3 urpf enable ......................1-2...
  • Page 195 Command Manual – URPF H3C S9500 Series Routing Switches Chapter 1 URPF Configuration Commands Chapter 1 URPF Configuration Commands Note: The service processor boards mentioned in this chapter refer to LSBM1NAMB0 boards. 1.1 URPF Configuration Commands 1.1.1 display urpf Syntax...
  • Page 196 Command Manual – URPF H3C S9500 Series Routing Switches Chapter 1 URPF Configuration Commands 1.1.2 reset urpf statistic Syntax reset urpf statistic View VLAN interface view Parameters None Description Use the reset urpf statistic command to clear URPF statistical counters to zero.
  • Page 197 Command Manual – URPF H3C S9500 Series Routing Switches Chapter 1 URPF Configuration Commands After the urpf enable command is configured, you need to configure packet redirection in Ethernet port view to redirect the packets needing URPF check to boards with URPF function (the LSBM1NAMB0 board).

Table of Contents