H3C SecPath F50X0-D Command Reference Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Firewall
  5. SecPath F50X0-D Series
  6. Command reference manual

H3C SecPath F50X0-D Command Reference Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SecPath F50X0-D[F5000-AK]
Firewall Series
Comware 7 VXLAN Command Reference
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: F9620
Document version: 6W401-20200901

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath F50X0-D and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C SecPath F50X0-D

Summary of Contents for H3C SecPath F50X0-D

  • Page 1 H3C SecPath F50X0-D[F5000-AK] Firewall Series Comware 7 VXLAN Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: F9620 Document version: 6W401-20200901...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3 Preface • This command reference describes configuration commands for VXLAN. • CLI. • RBAC, device login, and device access control. • Management of the device, file systems, configuration files, and licenses. • FTP and TFTP. • Tcl and Python. • ISSU and common software upgrade.
  • Page 4 GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window opens; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > > Folder.
  • Page 5 It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device. Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents VXLAN commands ························································································ 1 Basic VXLAN commands ··································································································································· 1 description ·················································································································································· 1 display l2vpn interface ································································································································ 1 display l2vpn mac-address ························································································································· 3 display l2vpn vsi ········································································································································· 4 display vxlan tunnel ···································································································································· 7 flooding disable ·········································································································································· 8 l2vpn enable ··············································································································································· 9 mac-address static vsi ································································································································...

  • Page 7: Vxlan Commands

    VXLAN commands Basic VXLAN commands description to configure a description for a VSI. description to restore the default. undo description Syntax description text undo description Default A VSI does not have a description. Views VSI view Predefined user roles network-admin context-admin Parameters : Specifies a description, a case-sensitive string of 1 to 80 characters.
  • Page 8 network-operator context-admin context-operator Parameters : Specifies a VSI name, a case-sensitive string of 1 to 31 characters. vsi vsi-name : Specifies an interface by its type and number. interface-type interface-number : Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, verbose the command displays brief information about Layer 3 interfaces.

  • Page 9: Display L2Vpn Mac-Address

    Table 2 Command output Field Description Interface Layer 3 interface name. Owner VSI name. Link ID The interface's link ID on the VSI. Physical state of the interface: • Up—The interface is physically up. State • Down—The interface is physically down. Type L2VPN type of the interface.

  • Page 10: Display L2Vpn Vsi

    <Sysname> display l2vpn mac-address count 3 mac address(es) found Table 3 Command output Field Description Entry state: • State Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. • Static—Static remote-MAC entry. For a local MAC address, this field displays the AC's link ID on the VSI. Link ID/Name For a remote MAC address, this field displays the tunnel interface name.
  • Page 11 Table 4 Command output Field Description MTU on the VSI. VSI state: • Up—The VSI is up. • State Down—The VSI is down. • Admin down—The VSI has been manually shut down by using the shutdown command. # Display detailed information about all VSIs. <Sysname>...
  • Page 12 Field Description This field is not supported in the current software version. Broadcast Restrain Broadcast restraint bandwidth (in kbps). This field is not supported in the current software version. Multicast Restrain Multicast restraint bandwidth (in kbps). This field is not supported in the current software version. Unknown Unicast Restrain Unknown unicast restraint bandwidth (in kbps).

  • Page 13: Display Vxlan Tunnel

    display vxlan tunnel to display VXLAN tunnel information for VXLANs. display vxlan tunnel Syntax display vxlan tunnel [ vxlan-id vxlan-id [ tunnel tunnel-number ] ] Views Any view Predefined user roles network-admin network-operator context-admin context-operator Parameters : Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this vxlan-id command displays VXLAN tunnel information for all VXLANs.

  • Page 14: Flooding Disable

    Table 6 Command output Field Description Link ID Tunnel's link ID in the VXLAN. Tunnel state: • Up—The tunnel is operating correctly. • Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. State •...

  • Page 15: L2Vpn Enable

    • All VXLAN tunnel interfaces. To confine unknown unicast traffic to the site-facing interfaces, use this command to disable flooding for the VSI bound to the VXLAN. The VSI will not flood unknown unicast frames to VXLAN tunnel interfaces. Examples # Disable flooding for VSI vsi1.

  • Page 16: Mtu

    Views System view Predefined user roles network-admin context-admin Parameters : Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.

  • Page 17: Reserved Vxlan

    Parameters : Specifies an MTU value. The value range for this argument is 300 to 65535. size Usage guidelines The MTU set by using this command limits the maximum length of the packets that a VSI receives from ACs and forwards through VXLAN tunnels. The MTU does not limit the maximum length of other packets in the VXLAN VSI.

  • Page 18: Reset L2Vpn Mac-Address

    reset l2vpn mac-address to clear dynamic MAC address entries on VSIs. reset l2vpn mac-address Syntax reset l2vpn mac-address [ vsi vsi-name ] Views User view Predefined user roles network-admin context-admin Parameters : Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do vsi vsi-name not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.

  • Page 19: Shutdown

    Usage guidelines This command excludes a remote MAC address from the flood suppression done by using the command. The VTEP will flood the frames destined for the specified MAC flooding disable address to remote sites when unknown-unicast floods are confined to the local site. Examples # Enable selective flood for 000f-e201-0101 on VSI vsi1.

  • Page 20: Tunnel Global Source-Address

    Syntax tunnel tunnel-number undo tunnel tunnel-number Default A VXLAN does not contain VXLAN tunnels. Views VXLAN view Predefined user roles network-admin context-admin Parameters er: Specifies a tunnel interface number. The value range for this argument is 0 to tunnel-numb 1023.The tunnel must be a VXLAN tunnel. Usage guidelines This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites.

  • Page 21: Vsi

    Predefined user roles network-admin context-admin Parameters : Specifies an IP address. ip-address Usage guidelines A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel. Examples # Specify 1.1.1.1 as the global source address for VXLAN tunnels. <Sysname>...

  • Page 22: Vxlan

    vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN. vxlan to restore the default. undo vxlan Syntax vxlan vxlan-id undo vxlan Default No VXLANs exist. Views VSI view Predefined user roles network-admin context-admin Parameters : Specifies a VXLAN ID in the range of 0 to 16777215.

  • Page 23: Vxlan Invalid-Udp-Checksum Discard

    context-admin Usage guidelines VXLAN fast forwarding enables the device to bypass QoS and security services when the device forwards data traffic over VXLAN tunnels based on the software. As a best practice, enable this feature to improve forwarding speed only when QoS and security services are not configured on the following interfaces: •...

  • Page 24: Vxlan Tunnel Mac-Learning Disable

    to disable local-MAC logging. undo vxlan local-mac report Syntax vxlan local-mac report undo vxlan local-mac report Default Local-MAC logging is disabled. Views System view Predefined user roles network-admin context-admin Usage guidelines When the local-MAC logging feature is enabled, the VXLAN module immediately sends a log message with its local MAC addresses to the information center.

  • Page 25: Vxlan Udp-Port

    Examples # Disable remote-MAC address learning. <Sysname> system-view [Sysname] vxlan tunnel mac-learning disable vxlan udp-port to set the destination UDP port number for VXLAN packets. vxlan udp-port to restore the default. undo vxlan udp-port Syntax vxlan udp-port port-number undo vxlan udp-port Default The destination UDP port number is 4789 for VXLAN packets.

  • Page 26: Vxlan Ip Gateway Commands

    Predefined user roles network-admin context-admin Parameters : Specifies the VSI name, a case-sensitive string of 1 to 31 characters. vsi-name : Specifies a space-separated list of up to three track track track-entry-number&<1-3> entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry is in positive state.

  • Page 27: Bandwidth

    Usage guidelines When local proxy ARP is enabled on distributed VXLAN IP gateways, each gateway learns ARP information independently. A gateway does not forward ARP packets destined for its local VSI interfaces to other gateways. For distributed VXLAN IP gateways to have the same ARP entries, you must enable dynamic ARP entry synchronization.

  • Page 28: Description

    Syntax default Views VSI interface view Predefined user roles network-admin context-admin Usage guidelines CAUTION: default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.

  • Page 29: Display Interface Vsi-Interface

    Examples # Configure the description as gateway for VXLAN 10 for VSI-interface 100. <Sysname> system-view [Sysname] interface vsi-interface 100 [Sysname-Vsi-interface100] description gateway for VXLAN 10 display interface vsi-interface to display information about VSI interfaces. display interface vsi-interface Syntax display interface [ vsi-interface [ vsi-interface-id ] ] [ brief [ description | down ] ] Views...
  • Page 30 Physical: Unknown, baudrate: 1000000 kbps Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops Table 7 Command output Field Description...
  • Page 31 Field Description baudrate Interface baudrate in kbps. reset counters interface Last time when the vsi-interface command was used to clear interface statistics. Last clearing of counters reset counters interface This field displays Never if the vsi-interface command has never been used on the interface since the device startup.

  • Page 32: Distributed-Gateway Local

    Field Description • DOWN—The interface is physically down. • shutdown ADM—The interface has been shut down by using the command. To restore the physical state of the interface, use the undo shutdown command. Data link layer protocol state of the interface: •...

  • Page 33: Gateway Subnet

    <Sysname> system-view [Sysname] interface vsi-interface 100 [Sysname-Vsi-interface100] distributed-gateway local gateway subnet to assign a subnet to a VSI. gateway subnet to remove a subnet from a VSI. undo gateway subnet Syntax gateway subnet ipv4-address wildcard-mask ipv6-address prefix-length } undo gateway subnet { ipv4-address wildcard-mask...

  • Page 34: Gateway Vsi-Interface

    gateway vsi-interface to specify a gateway interface for a VSI. gateway vsi-interface to restore the default. undo gateway vsi-interface Syntax gateway vsi-interface vsi-interface-id undo gateway vsi-interface Default No gateway interface is specified for a VSI. Views VSI view Predefined user roles network-admin context-admin Parameters...

  • Page 35: Mac-Address

    Predefined user roles network-admin context-admin Parameters : Specifies a VSI interface number. The value range for this argument is 0 to vsi-interface-id 8191. Examples # Create VSI-interface 100 and enter VSI interface view. <Sysname> system-view [Sysname] interface vsi-interface 100 [Sysname-Vsi-interface100] Related commands gateway vsi-interface mac-address...

  • Page 36: Reset Counters Interface Vsi-Interface

    Syntax mtu size undo mtu Default The MTU is 1500 bytes. Views VSI interface view Predefined user roles network-admin context-admin Parameters : Specifies an MTU value in the range of 46 to 1560 bytes. size Examples # Set the MTU to 1430 bytes for VSI-interface 100. <Sysname>...

  • Page 37: Shutdown

    Related commands display interface vsi-interface shutdown to shut down a VSI interface. shutdown to bring up a VSI interface. undo shutdown Syntax shutdown undo shutdown Default A VSI interface is not manually shut down. Views VSI interface view Predefined user roles network-admin context-admin Examples...

  • Page 38: Vtep Group Member Remote

    : Specifies the member VTEP IP address for the local VTEP. The IP address must member-ip already exist on the local VTEP. Usage guidelines Member VTEPs in a VTEP group cannot use the group IP address or share an IP address. Examples # Assign the local VTEP to VTEP group 1.1.1.1, and specify 2.2.2.2 as the member VTEP IP address of the local VTEP.
  • Page 39 Syntax vxlan tunnel arp-learning disable undo vxlan tunnel arp-learning disable Default Remote ARP learning is enabled for VXLANs. Views System view Predefined user roles network-admin context-admin Usage guidelines By default, the device learns ARP information of remote VMs from packets received on VXLAN tunnel interfaces.

This manual is also suitable for:

Secpath f5000-ak

Table of Contents