Page of 1334
Download Print This PagePrint Bookmark Comment

HP E4510-48G Command Reference Manual

4510g series.
Hide thumbs
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990
3Com Switch 4510G Family
Switch 4510G 24-Port
Switch 4510G 48-Port
Product Version:
Release 2202
Manual Version:
6W100-20100112
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064

Advertising

   Summary of Contents for HP E4510-48G

  • Page 1: Command Reference Guide

    3Com Switch 4510G Family Command Reference Guide Switch 4510G 24-Port Switch 4510G 48-Port Product Version: Release 2202 Manual Version: 6W100-20100112 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...

  • Page 2

    Copyright © 2010, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

  • Page 3: Security Volume, Access Volume

    About This Manual Organization 3Com Switch 4510G Family Command Reference Guide is organized as follows: Volume 00-Command Command Index Index Ethernet Port 01-Access LLDP Volume GVRP IP Addressing 02-IP DHCP Relay Agent Services Volume sFlow IP Routing Table 03-IP Routing...

  • Page 4

    Conventions The manual uses the following conventions: Command conventions Convention Boldface italic { x | y | ... } [ x | y | ... ] { x | y | ... } * [ x | y | ... ] * &<1-n>...

  • Page 5

    Related Documentation In addition to this manual, each 3com Switch 4510G documentation set includes the following: Manual 3Com Switch 4510G Family Configuration Guide-Release 2202 3Com Switch 4510G Family Getting Started Guide Obtaining Documentation You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL: http://www.3com.com.

  • Page 6: Table Of Contents

    Appendix A Command Index The command index includes all the commands in the Command Manual, which are arranged alphabetically. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z access-limit access-limit enable accounting...

  • Page 7: Table Of Contents

    apply ipv6 next-hop apply preference apply tag archive configuration archive configuration interval archive configuration location archive configuration max arp anti-attack active-ack enable arp anti-attack source-mac arp anti-attack source-mac aging-time arp anti-attack source-mac exclude-mac arp anti-attack source-mac threshold arp anti-attack valid-ack enable arp check enable arp detection enable arp detection mode...

  • Page 8: Table Of Contents

    authentication-mode authorization command authorization default authorization lan-access authorization login authorization-attribute auto-build auto-execute command backup startup-configuration binary bind-attribute black-list add-mac black-list delete-mac boot-loader file bootrom bootrom-update security-check enable bpdu-drop any bpdu-tunnel dot1q bpdu-tunnel tunnel-dmac broadcast-suppression build ca identifier System Volume Security Volume Security Volume Security Volume Security Volume...

  • Page 9: Table Of Contents

    cdup cdup certificate request entity certificate request from certificate request mode certificate request polling certificate request url cfd cc enable cfd cc interval cfd enable cfd linktrace cfd linktrace auto-detection cfd loopback cfd ma cfd md cfd mep cfd mep enable cfd mip-rule cfd remote-mep cfd service-instance...

  • Page 10: Table Of Contents

    enable...

  • Page 11: Table Of Contents

    data-flow-format (RADIUS scheme view) data-size debugging debugging default cost (RIP view) default cost (RIPng view) default-route delete delete delete delete ipv6 static-routes all delete static-routes all delete-member description description description description (any NQA test type view) description (for IPv4) description (for IPv6) destination ip destination port dhcp relay address-check...

  • Page 12: Table Of Contents

    dhcp relay security tracker dhcp relay server-detect dhcp relay server-group dhcp relay server-select dhcp select relay dhcp-snooping dhcp-snooping information circuit-id format-type dhcp-snooping information circuit-id string dhcp-snooping information enable dhcp-snooping information format dhcp-snooping information remote-id format-type dhcp-snooping information remote-id string dhcp-snooping information strategy dhcp-snooping trust disconnect display acl...

  • Page 13: Table Of Contents

    display brief interface display cfd linktrace-reply display cfd linktrace-reply auto-detection display cfd ma display cfd md display cfd mep display cfd mp display cfd remote-mep display cfd service-instance display cfd status display channel display clipboard display clock display cluster display cluster base-topology display cluster black-list display cluster candidates display cluster current-topology...

  • Page 14: Table Of Contents

    display dhcp relay security display dhcp relay security statistics display dhcp relay security tracker display dhcp relay server-group display dhcp relay statistics display dhcp-snooping display dhcp-snooping information display dhcp-snooping packet statistics display dhcp-snooping trust display diagnostic-information display dldp display dldp statistics display dns domain display dns dynamic-host display dns ipv6 dynamic-host...

  • Page 15: Table Of Contents

    display gvrp status display gvrp vlan-operation interface display habp display habp table display habp traffic display history-command display hotkey display hwtacacs display icmp statistics display igmp-snooping group display igmp-snooping statistics display info-center display interface display interface vlan-interface display ip check source display ip host display ip http display ip https...

  • Page 16: Table Of Contents

    display ipc link display ipc multicast-group display ipc node display ipc packet display ipc performance display ipc queue display ip-subnet-vlan interface display ip-subnet-vlan vlan display ipv6 fib display ipv6 host display ipv6 interface display ipv6 neighbors display ipv6 neighbors count display ipv6 pathmtu display ipv6 routing-table display ipv6 routing-table acl...

  • Page 17: Table Of Contents

    display link-aggregation summary display link-aggregation verbose display lldp local-information display lldp neighbor-information display lldp statistics display lldp status display lldp tlv-config display local-proxy-arp display local-user display logbuffer display logbuffer summary display loopback-detection display mac-address display mac-address aging-time display mac-authentication display mac-vlan display mac-vlan interface display memory display mib-style...

  • Page 18: Table Of Contents

    display ntdp device-list display ntdp single-device mac-address display ntp-service sessions display ntp-service status display ntp-service trace display oam display oam configuration display oam critical-event display oam link-event display packet-drop interface display packet-drop summary display patch information display pki certificate display pki certificate access-control-policy display pki certificate attribute-group display pki crl domain display port...

  • Page 19: Table Of Contents

    display qos map-table display qos policy display qos policy global display qos policy interface display qos sp interface display qos trust interface display qos vlan-policy display qos wfq interface display qos wrr interface display radius scheme display radius statistics display reboot-type display rip display rip database display rip interface...

  • Page 20: Table Of Contents

    display rrpp verbose display saved-configuration display schedule job display schedule reboot display sflow display sftp client source display smart-link flush display smart-link group display snmp-agent community display snmp-agent group display snmp-agent local-engineid display snmp-agent mib-view display snmp-agent statistics display snmp-agent sys-info display snmp-agent trap queue display snmp-agent trap-list display snmp-agent usm-user...

  • Page 21: Table Of Contents

    display stp region-configuration display stp root display stp tc display switchover state display system-failure display tcp ipv6 statistics display tcp ipv6 status display tcp statistics display tcp status display telnet client configuration display tftp client configuration display this display time-range display track display traffic behavior display traffic classifier...

  • Page 22: Table Of Contents

    display voice vlan oui display voice vlan state display web users dldp authentication-mode dldp delaydown-timer dldp enable dldp interval dldp reset dldp unidirectional-shutdown dldp work-mode dns domain dns proxy enable dns resolve dns server dns server ipv6 domain domain default enable domain ring dot1x dot1x authentication-method...

  • Page 23: Table Of Contents

    dot1x timer dot1x timer ead-timeout dot1x url duplex enable log updown enable snmp trap updown enable snmp trap updown escape-key execute exit expiration-date fast-leave (IGMP-Snooping view) fast-leave (MLD-Snooping view) file prompt filename filter filter-policy export filter-policy export (RIP view) filter-policy import (RIP view) filter-policy import (RIPng view) fixdisk flow-control...

  • Page 24: Table Of Contents

    free user-interface free web-users frequency ftp client source ftp ipv6 ftp server acl ftp server enable ftp timeout ftp update ftp-server garp timer hold garp timer join garp timer leave garp timer leaveall gratuitous-arp-learning enable gratuitous-arp-sending enable group group-member group-policy (IGMP-Snooping view) group-policy (MLD-Snooping view) gvrp gvrp registration...

  • Page 25: Table Of Contents

    handshake timeout header help history-command max-size history-records holdtime host-aging-time (IGMP-Snooping view) host-aging-time (MLD-Snooping view) host-route hotkey http-version hwtacacs nas-ip hwtacacs scheme idle-cut enable idle-timeout if-match if-match acl if-match cost if-match interface if-match ip if-match ip-prefix if-match ipv6 if-match tag igmp-snooping igmp-snooping drop-unknown igmp-snooping enable igmp-snooping fast-leave...

  • Page 26: Table Of Contents

    igmp-snooping host-aging-time igmp-snooping host-join igmp-snooping last-member-query-interval igmp-snooping max-response-time igmp-snooping overflow-replace igmp-snooping querier igmp-snooping query-interval igmp-snooping router-aging-time igmp-snooping source-deny igmp-snooping special-query source-ip igmp-snooping static-group igmp-snooping static-router-port igmp-snooping version import import-route import-route (RIP view) info-center channel name info-center console channel info-center enable info-center logbuffer info-center loghost info-center loghost source...

  • Page 27: Table Of Contents

    interface bridge-aggregation interface vlan-interface ip (PKI entity view) ip address ip address ip address bootp-alloc ip address dhcp-alloc ip check source ip forward-broadcast (interface view) ip forward-broadcast (system view) ip host ip http acl ip http enable ip http port ip https acl ip https certificate access-control-policy ip https enable...

  • Page 28: System Volume, Access Volume, Ip Services Volume, Ip Routing Volume

    IP Services Volume IP Services Volume IP Services Volume IP Services Volume IP Services Volume...

  • Page 29: Table Of Contents

    jumboframe enable key (HWTACACS scheme view) key (RADIUS scheme view) lacp port-priority lacp system-priority last-listener-query-interval (MLD-Snooping view) last-member-query-interval (IGMP-Snooping view) ldap-server link-aggregation load-sharing mode (aggregate interface view) link-aggregation load-sharing mode (system view) link-aggregation mode link-delay lldp admin-status lldp check-change-interval lldp compliance admin-status cdp lldp compliance cdp lldp enable lldp encapsulation snap...

  • Page 30: Table Of Contents

    lldp timer tx-delay lldp timer tx-interval lldp tlv-enable locality local-proxy-arp enable local-user local-user password-display-mode lock logging-host loopback loopback-detection control enable loopback-detection enable loopback-detection interval-time loopback-detection per-vlan enable mac-address (Interface view) mac-address (system view) mac-address information enable (Ethernet interface view) mac-address information enable (system view) mac-address information interval mac-address information mode mac-address information queue-length...

  • Page 31: Table Of Contents

    mac-authentication user-name-format mac-vlan enable mac-vlan mac-address management-vlan management-vlan synchronization enable max-response-time (IGMP-Snooping view) max-response-time (MLD-Snooping view) mib-style mirroring-group mirroring-group mirroring-port mirroring-group monitor-egress mirroring-group monitor-port mirroring-group remote-probe vlan mirroring-port mirror-to mkdir mkdir mkdir mld-snooping mld-snooping enable mld-snooping fast-leave mld-snooping general-query source-ip mld-snooping group-limit mld-snooping group-policy mld-snooping host-aging-time...

  • Page 32: Table Of Contents

    mld-snooping query-interval mld-snooping router-aging-time mld-snooping source-deny mld-snooping special-query source-ip mld-snooping static-group mld-snooping static-router-port mld-snooping version monitor-link group monitor-port more move multicast-suppression multicast-vlan multicast-vlan ipv6 name nas-ip (HWTACACS scheme view) nas-ip (RADIUS scheme view) ndp enable ndp timer aging ndp timer hello nest network next-hop...

  • Page 33: Table Of Contents

    nqa server udp-echo ntdp enable ntdp explore ntdp hop ntdp timer ntdp timer hop-delay ntdp timer port-delay ntp-service access ntp-service authentication enable ntp-service authentication-keyid ntp-service broadcast-client ntp-service broadcast-server ntp-service in-interface disable ntp-service max-dynamic-sessions ntp-service multicast-client ntp-service multicast-server ntp-service reliable authentication-keyid ntp-service source-interface ntp-service unicast-peer ntp-service unicast-server...

  • Page 34: Table Of Contents

    oam mode open open ipv6 operation (FTP test type view) operation (HTTP test type view) operation interface organization organization-unit output-delay overflow-replace (IGMP-Snooping view) overflow-replace (MLD-Snooping view) packet-filter packet-filter ipv6 parity passive password password (FTP test type view) patch active patch deactive patch delete patch install patch load...

  • Page 35: Table Of Contents

    pki delete-certificate pki domain pki entity pki import-certificate pki request-certificate domain pki retrieval-certificate pki retrieval-crl domain pki validate-certificate pki-domain port port port port (IPv6 multicast VLAN view) port (multicast VLAN view) port access vlan port hybrid ip-subnet-vlan vlan port hybrid protocol-vlan port hybrid pvid vlan port hybrid vlan port link-aggregation group...

  • Page 36: Table Of Contents

    port-security intrusion-mode port-security mac-address security port-security max-mac-count port-security ntk-mode port-security oui port-security port-mode port-security timer disableport port-security trap preemption delay preemption mode prefer-cipher preference preference primary accounting (HWTACACS scheme view) primary accounting (RADIUS scheme view) primary authentication (HWTACACS scheme view) primary authentication (RADIUS scheme view) primary authorization probe count...

  • Page 37: Table Of Contents

    public-key local export rsa public-key peer public-key peer import sshkey public-key-code begin public-key-code end qinq enable qinq ethernet-type qinq vid qos apply policy qos apply policy global qos bandwidth queue qos gts qos lr outbound qos map-table qos policy qos priority qos sp qos trust qos vlan-policy...

  • Page 38: Table Of Contents

    quit radius client radius nas-ip radius scheme radius trap raw-vlan-id inbound reaction reaction trap reboot reboot member redirect region-name remark dot1p remark drop-precedence remark dscp remark ip-precedence remark local-precedence remotehelp remove rename rename report-aggregation (IGMP-Snooping view) report-aggregation (MLD-Snooping view) reset acl counter reset acl ipv6 counter reset arp reset arp detection statistics...

  • Page 39: Table Of Contents

    reset dhcp-snooping reset dhcp-snooping packet statistics reset dldp statistics reset dns dynamic-host reset dns ipv6 dynamic-host reset dot1x statistics reset garp statistics reset hwtacacs statistics reset igmp-snooping group reset igmp-snooping statistics reset ip ip-prefix reset ip ipv6-prefix reset ip routing-table statistics protocol reset ip statistics reset ipc performance reset ipv6 neighbors...

  • Page 40: Table Of Contents

    reset rip statistics reset rrpp statistics reset saved-configuration reset smart-link statistics reset stop-accounting-buffer reset stop-accounting-buffer reset stp reset tcp ipv6 statistics reset tcp statistics reset trapbuffer reset udp ipv6 statistics reset udp statistics reset udp-helper packet reset unused porttag restore startup-configuration retry retry realtime-accounting retry stop-accounting (HWTACACS scheme view)

  • Page 41: Table Of Contents

    rip poison-reverse rip split-horizon rip summary-address rip version ripng ripng default-route ripng enable ripng metricin ripng metricout ripng poison-reverse ripng split-horizon ripng summary-address rmdir rmdir rmdir rmon alarm rmon event rmon history rmon prialarm rmon statistics root-certificate fingerprint route-option bypass-route route-policy router-aging-time (IGMP-Snooping view) router-aging-time (MLD-Snooping view)

  • Page 42: Table Of Contents

    rule (basic IPv4 ACL view) rule (basic IPv6 ACL view) rule (Ethernet frame header ACL view) rule comment (for IPv4) rule comment (for IPv6) save schedule job schedule reboot at schedule reboot delay screen-length screen-length disable secondary accounting (HWTACACS scheme view) secondary accounting (RADIUS scheme view) secondary authentication (HWTACACS scheme view)

  • Page 43: Table Of Contents

    sftp sftp client ipv6 source sftp client source sftp ipv6 sftp server enable sftp server idle-timeout shell shutdown shutdown shutdown shutdown-interval silent-interface (RIP view) slave auto-update config smart-link flush enable smart-link group snmp-agent snmp-agent calculate-password snmp-agent community snmp-agent group snmp-agent local-engineid snmp-agent log snmp-agent mib-view snmp-agent packet max-size...

  • Page 44: Table Of Contents

    snmp-agent usm-user v3 snmp-host source interface source ip source port source-deny (IGMP-Snooping view) source-deny (MLD-Snooping view) speed speed speed auto ssh client authentication server ssh client first-time enable ssh client ipv6 source ssh client source ssh server authentication-retries ssh server authentication-timeout ssh server compatible-ssh1x enable ssh server enable ssh server rekey-interval...

  • Page 45: Table Of Contents

    statistics max-group step (for IPv4) step (for IPv6) stop-accounting-buffer enable (HWTACACS scheme view) stop-accounting-buffer enable (RADIUS scheme view) stopbits storm-constrain storm-constrain control storm-constrain enable log storm-constrain enable trap storm-constrain interval stp bpdu-protection stp bridge-diameter stp compliance stp config-digest-snooping stp cost stp edged-port stp enable stp loop-protection...

  • Page 46: Access Volume, Ip Routing Volume, System Volume, Ip Services Volume, Ip Multicast Volume

    stp root secondary stp root-protection stp tc-protection stp tc-protection threshold stp timer forward-delay stp timer hello stp timer max-age stp timer-factor stp transmit-limit subvlan (IPv6 multicast VLAN view) subvlan (multicast VLAN view) summary super super password sysname sysname system-failure system-view tcp ipv6 timer fin-timeout tcp ipv6 timer syn-timeout tcp ipv6 window...

  • Page 47: Table Of Contents

    terminal monitor terminal trapping terminal type tftp tftp client source tftp ipv6 tftp-server tftp-server acl timer timer timer quiet (HWTACACS scheme view) timer quiet (RADIUS scheme view) timer realtime-accounting (HWTACACS scheme view) timer realtime-accounting (RADIUS scheme view) timer response-timeout (HWTACACS scheme view) timer response-timeout (RADIUS scheme view) time-range timers...

  • Page 48: Table Of Contents

    udp-helper enable udp-helper port udp-helper server undelete unicast-suppression user user privilege level user-bind user-group user-interface username (FTP test type view) user-name-format (HWTACACS scheme view) user-name-format (RADIUS scheme view) user-profile user-profile enable validate-source-address verbose version version virtual-cable-test vlan vlan precedence vlan-mapping modulo voice vlan aging voice vlan enable voice vlan mac-address...

  • Page 49

    voice vlan security enable vpn-instance (ICMP echo test type view) Access Volume System Volume A-44 18-38...

  • Page 50: Table Of Contents

    1 Ethernet Port Configuration Commands·································································································1-1 Ethernet Port Configuration Commands ·································································································1-1 broadcast-suppression ····················································································································1-1 description ·······································································································································1-2 display brief interface·······················································································································1-3 display interface·······························································································································1-6 display loopback-detection ············································································································1-10 display packet-drop interface ········································································································1-11 display packet-drop summary ·······································································································1-11 display port combo ························································································································1-12 display port-group manual ·············································································································1-13 display storm-constrain··················································································································1-14 duplex ············································································································································1-15 flow-control ····································································································································1-16 flow-interval ···································································································································1-17...

  • Page 51: Table Of Contents

    display link-aggregation load-sharing mode····················································································2-2 display link-aggregation member-port ·····························································································2-4 display link-aggregation summary···································································································2-6 display link-aggregation verbose·····································································································2-8 enable snmp trap updown ·············································································································2-10 interface bridge-aggregation ·········································································································2-10 lacp port-priority·····························································································································2-11 lacp system-priority························································································································2-12 link-aggregation load-sharing mode (system view)·······································································2-12 link-aggregation load-sharing mode (aggregate interface view) ···················································2-13 link-aggregation mode ···················································································································2-14 port link-aggregation group ···········································································································2-15 reset counters interface ·················································································································2-16 reset lacp statistics ························································································································2-16...

  • Page 52: Table Of Contents

    stp pathcost-standard ····················································································································4-27 stp point-to-point····························································································································4-28 stp port priority·······························································································································4-29 stp port-log·····································································································································4-30 stp priority ······································································································································4-31 stp region-configuration ·················································································································4-32 stp root primary······························································································································4-32 stp root secondary ·························································································································4-33 stp root-protection··························································································································4-34 stp tc-protection ·····························································································································4-34 stp tc-protection threshold ·············································································································4-35 stp timer forward-delay ··················································································································4-36 stp timer hello ································································································································4-37 stp timer max-age··························································································································4-38 stp timer-factor·······························································································································4-38 stp transmit-limit ····························································································································4-39...

  • Page 53: Table Of Contents

    name················································································································································6-6 shutdown ·········································································································································6-7 vlan ··················································································································································6-7 Port-Based VLAN Configuration Commands··························································································6-9 display port ······································································································································6-9 port·················································································································································6-10 port access vlan·····························································································································6-10 port hybrid pvid vlan ······················································································································6-11 port hybrid vlan ······························································································································6-12 port link-type ··································································································································6-14 port trunk permit vlan·····················································································································6-15 port trunk pvid vlan ························································································································6-17 MAC Address-Based VLAN Configuration Commands ········································································6-18 display mac-vlan····························································································································6-18 display mac-vlan interface·············································································································6-19 mac-vlan enable ····························································································································6-20...

  • Page 54: Table Of Contents

    display gvrp state·····························································································································9-3 display gvrp statistics·······················································································································9-4 display gvrp status···························································································································9-5 display gvrp vlan-operation interface·······························································································9-5 garp timer hold·································································································································9-6 garp timer join··································································································································9-6 garp timer leave·······························································································································9-7 garp timer leaveall ···························································································································9-8 gvrp··················································································································································9-9 gvrp registration·······························································································································9-9 reset garp statistics························································································································9-10 10 QinQ Configuration Commands···········································································································10-1 QinQ Configuration Commands············································································································10-1 nest ················································································································································10-1 raw-vlan-id inbound ·······················································································································10-2 qinq enable ····································································································································10-3 qinq ethernet-type··························································································································10-4...

  • Page 55: Ethernet Port Configuration Commands

    Ethernet Port Configuration Commands Ethernet Port Configuration Commands broadcast-suppression Syntax broadcast-suppression { ratio | pps max-pps } undo broadcast-suppression View Ethernet port view, port group view Default Level 2: System level Parameters ratio: Maximum percentage of broadcast traffic to the total transmission capability of an Ethernet port. The smaller the ratio, the less broadcast traffic is allowed to pass through the interface.

  • Page 56

    If you execute this command in Ethernet port view, the configuration takes effect only on the current interface. If you execute this command in port-group view, the configuration takes effect on all the ports in the port group. When broadcast traffic exceeds the broadcast traffic threshold, the system begins to discard broadcast packets until the broadcast traffic drops below the threshold to ensure operation of network services.

  • Page 57: Display Brief Interface

    letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard. A port description can be the mixture of English characters and other Unicode characters. The mixed description cannot exceed the specified length. To use a type of Unicode characters or symbols in a port description, you need to install the corresponding Input Method Editor (IME) and log in to the device through remote login software that supports this character type.

  • Page 58

    |: Uses a regular expression to filter output information. For detailed description on regular expression, refer to Basic System Configuration in the System Volume. begin: Displays the line that matches the regular expression and all the subsequent lines. exclude: Displays the lines that do not match the regular expression. include: Displays the lines that match the regular expression.

  • Page 59

    The brief information of interface(s) under route mode: Interface Link Protocol-link Protocol type Loop0 UP(spoofing) NULL0 UP(spoofing) Vlan999 # Display the brief information of all UP interfaces. <Sysname> display brief interface | include UP The brief information of interface(s) under route mode: Interface Link Protocol-link Protocol type...

  • Page 60: Display Interface

    Field Duplex PVID display interface Syntax display interface [ interface-type [ interface-number ] ] View Any view Default Level 1: Monitor level Parameters interface-type: Type of a specified interface. interface-number: Number of a specified interface. Description Use the display interface command to display the current state of a specified interface and related information.

  • Page 61

    Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 100 Mdi type: auto Link delay is 0(sec) Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 100 Port priority: 0 Peak value of input: 96132560 bytes/sec, at 2007-10-26 07:05:06 Peak value of output: 0 bytes/sec, at 2000-04-26 12:00:12 Last 300 seconds input: 6 packets/sec 678 bytes/sec Last 300 seconds output: 1 packets/sec 179 bytes/sec...

  • Page 62

    Field Multicast MAX-ratio PVID Mdi type Link delay Port link-type Tagged VLAN ID Untagged VLAN ID Peak value of input Peak value of output Last 300 seconds input: 0 packets/sec 0 bytes/sec Last 300 seconds output: 0 packets/sec 0 bytes/sec Input (total): 61745144 packets, 12152212250 bytes 0 unicasts, 47519150...

  • Page 63

    Field aborts - ignored - parity errors Output (total): 1395522 packets, 183608303 bytes 0 unicasts, 13 broadcasts, 1273860 multicasts, 0 pauses Output (normal): 1395522 packets, - bytes 0 unicasts, 13 broadcasts, 1273860 multicasts, 0 pauses output errors - underruns - buffer failures aborts deferred collisions...

  • Page 64: Display Loopback-detection

    Field lost carrier - no carrier “-“ indicates that the corresponding entry is not supported. display loopback-detection Syntax display loopback-detection View Any view Default Level 1: Monitor level Parameters None Description Use the display loopback-detection command to display loopback detection information on a port. If loopback detection is already enabled, this command will also display the detection interval and information on the ports currently detected with a loopback.

  • Page 65: Display Packet-drop Interface, Display Packet-drop Summary

    display packet-drop interface Syntax display packet-drop interface [ interface-type [ interface-number ] ] View Any view Default Level 1: Monitor level Parameters interface-type: Type of a specified interface. interface-number: Number of a specified interface. Description Use the display packet-drop interface command to display information about dropped packets on an interface or multiple interfaces.

  • Page 66: Display Port Combo

    Description Use the display packet-drop summary command to display information about dropped packets on all interfaces. Examples # Display information about dropped packets on all interfaces. <Sysname> display packet-drop summary All interfaces: Packets dropped by GBP full or insufficient bandwidth: 301 Packets dropped by FFP: 261 Packets dropped by STP non-forwarding state: 321 Packets dropped by Rate-limit: 143...

  • Page 67: Display Port-group Manual

    GigabitEthernet1/0/47 GigabitEthernet1/0/48 Table 1-5 display port combo command output description Field Combo ports of the device, represented by Combo port number, which is Combo-group generated by the system. Active Inactive Ports of the Combo ports that are inactive As for the optical port and the electrical port of a Combo port, the one with the smaller port number is active by default.

  • Page 68: Display Storm-constrain

    Member of group1: GigabitEthernet1/0/3 GigabitEthernet1/0/6 Member of group2: None Table 1-6 display port-group manual command output description Field Member of group display storm-constrain Syntax display storm-constrain [ broadcast | multicast ] [ interface interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters broadcast: Displays the information about storm constrain for broadcast packets.

  • Page 69

    Field PortName Abbreviated port name Type of the packets for which storm constrain function is enabled, which Type can be broadcast (for broadcast packets), and multicast (for multicast packets). LowerLimit Lower threshold (in pps, Kbps or percentage) UpperLimit Upper threshold (in pps, Kbps or percentage) Action to be taken when the upper threshold is reached, which can be CtrMode block, shutdown, and N/A.

  • Page 70

    Related commands: speed. 10-Gigabit Ethernet ports do not support this command. Examples # Configure the interface GigabitEthernet 1/0/1 to work in full-duplex mode. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] duplex full flow-control Syntax flow-control undo flow-control View Ethernet port view Default Level 2: System level Parameters...

  • Page 71

    [Sysname] interface GigabitEthernet 1/0/1 [Sysname- GigabitEthernet1/0/1] flow-control flow-interval Syntax flow-interval interval undo flow-interval View Ethernet port view Default Level 2: System level Parameters interval: Interval at which the interface collects statistics. It ranges from 5 to 300 seconds and must be a multiple of 5.

  • Page 72: Jumboframe Enable

    Description Use the group-member command to assign an Ethernet port or a list of Ethernet ports to the manual port group. Use the undo group-member command to remove an Ethernet port or a list of Ethernet ports from the manual port group. By default, there is no Ethernet port in a manual port group.

  • Page 73

    Default Level 2: System level Parameters .None Description Use the jumboframe enable command to allow jumbo frames with the length of 9216 bytes to pass through an Ethernet port. Use the undo jumboframe enable command to prevent frames longer than 1522 bytes from passing through an Ethernet port.

  • Page 74

    Description Use the link-delay command to configure the suppression time of physical-link-state changes on an Ethernet port. Use the undo link-delay command to restore the default suppression time. By default, the physical-link-state change suppression time is not configured. Examples # Set the up/down suppression time of the physical connection of an Ethernet port to 8 seconds. <Sysname>...

  • Page 75: Loopback-detection Control Enable, Loopback-detection Enable

    <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] loopback internal loopback-detection control enable Syntax loopback-detection control enable undo loopback-detection control enable View Ethernet port view Default Level 2: System level Parameters None Description Use the loopback-detection control enable command to enable loopback detection for a Trunk port or Hybrid port.

  • Page 76: Loopback-detection Interval-time

    View System view, Ethernet port view Default Level 2: System level Parameters None Description Use the loopback-detection enable command to enable loopback detection globally or on a specified port. Use the undo loopback-detection enable command to disable loopback detection globally or on a specified port.

  • Page 77: Loopback-detection Per-vlan Enable

    View System view Default Level 2: System level Parameters time: Time interval for performing port loopback detection, in the range 5 to 300 (in seconds). Description Use the loopback-detection interval-time command to configure time interval for performing port loopback detection. Use the undo loopback-detection interval-time command to restore the default time interval for port loopback detection, which is 30 seconds.

  • Page 78

    Examples # Enable loopback detection in all the VLANs to which the Hybrid port GigabitEthernet 1/1 belongs. <Sysname> system-view [Sysname] loopback-detection enable [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] loopback-detection enable [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] loopback-detection per-vlan enable Syntax mdi { across | auto | normal } undo mdi View Ethernet port view...

  • Page 79

    multicast-suppression Syntax multicast-suppression { ratio | pps max-pps } undo multicast-suppression View Ethernet port view, port group view Default Level 2: System level Parameters ratio: Maximum percentage of multicast traffic to the total transmission capability of an Ethernet port, in the range 1 to 100.

  • Page 80: Port-group Manual

    If you set different suppression ratios in Ethernet port view or port-group view for multiple times, the latest configuration takes effect. Do not use the multicast-suppression command along with the storm-constrain command. Otherwise, the multicast storm suppression ratio configured may get invalid. Examples # For Ethernet port GigabitEthernet 1/0/1, allow multicast traffic equivalent to 20% of the total transmission capability of GigabitEthernet 1/0/1 to pass.

  • Page 81: Reset Counters Interface

    <Sysname> system-view [Sysname] port-group manual group1 [Sysname-port-group-manual-group1] reset counters interface Syntax reset counters interface [ interface-type [ interface-number ] ] View User view Default Level 2: System level Parameters interface-type: Interface type. interface-number: Interface number. Description Use the reset counters interface command to clear the statistics of an interface. Before sampling network traffic within a specific period of time on an interface, you need to clear the existing statistics.

  • Page 82

    interface-number: Number of a specified interface. Description Use the reset packet-drop interface command to clear statistics of dropped packets on an interface or multiple interfaces. Sometimes when you want to collect the statistics of dropped packets on an interface, you need to clear the old statistics on the interface first. If you do not specify an interface type or interface number, this command clears statistics of dropped packets on all the interfaces on the device.

  • Page 83

    Examples # Shut down interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] shutdown # Bring up interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo shutdown speed Syntax speed { 10 | 100 | 1000 | auto } undo speed View Ethernet port view...

  • Page 84: Speed Auto

    Examples # Configure the interface rate as 100 Mbps for interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] speed 100 speed auto Syntax speed auto [ 10 | 100 | 1000 ] * undo speed View Ethernet port view Default Level 2: System level Parameters...

  • Page 85

    If the auto negotiation rate range specified on the local port and that on the peer are the same, for example, 100 Mbps and 1000 Mbps are specified on both ends, the result of the interface rate auto negotiation is the larger value, that is, 1000 Mbps in the example. This function is available for auto-negotiation-capable Gigabit Layer-2 Ethernet electrical ports only..

  • Page 86: Storm-constrain Control

    For a 10-Gigabit port, the value range is 1 to 14881000. When the threshold is set in kbps: For a Gigabit port, the value range is 1 to 1000000. For a 10-Gigabit port, the value range is 1 to 10000000. When the threshold is set in percentages, that is, keyword ratio is used, the value range is 1 to 100.

  • Page 87: Storm-constrain Enable Log

    undo storm-constrain control View Ethernet port view Default Level 2: System level Parameters block: Blocks the traffic of a specific type on a port when the traffic detected exceeds the upper threshold. shutdown: Shuts down a port when a type of traffic exceeds the corresponding upper threshold. A port shut down by the storm constrain function stops forwarding all types of packets.

  • Page 88: Storm-constrain Enable Trap, Storm-constrain Interval

    Use the undo storm-constrain enable log command to disable log sending. By default, log sending is enabled. Examples # Disable log sending for GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo storm-constrain enable log storm-constrain enable trap Syntax storm-constrain enable trap undo storm-constrain enable trap View...

  • Page 89

    Default Level 2: System level Parameters seconds: Interval for generating traffic statistics, in the range 1 to 300 (in seconds). Description Use the storm-constrain interval command to set the interval for generating traffic statistics. Use the undo storm-constrain interval command to restore the default. By default, the interval for generating traffic statistics is 10 seconds.

  • Page 90

    Note that: When a suppression granularity larger than 1 is specified on the device, the value of the pps keyword should be no smaller than and an integral multiple of the granularity. The unicast suppression threshold value configured through this keyword on an Ethernet port may not be the one that actually takes effect.

  • Page 91

    virtual-cable-test Syntax virtual-cable-test View Ethernet port view Default Level 2: System level Parameters None Description Use the virtual-cable-test command to test the cable connected to the Ethernet port once and to display the testing result. The tested items include: Note that: When the cable is functioning properly, the cable length in the test result represents the total cable length;...

  • Page 92: Link Aggregation Configuration Commands

    Link Aggregation Configuration Commands Link Aggregation Configuration Commands description Syntax description text undo description View Layer-2 aggregate interface view Default Level 2: System level Parameters text: Description of an Ethernet interface, a string of 1 to 80 characters. Currently, the device supports the following types of characters or symbols: standard English characters (numbers and case-sensitive letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard.

  • Page 93: Display Lacp System-id, Display Link-aggregation Load-sharing Mode

    Examples # Set the description of interface Bridge-aggregation 1 to link-aggregation interface. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] description link-aggregation interface display lacp system-id Syntax display lacp system-id View Any view Default Level 1: Monitor level Parameters None Description Use the display lacp system-id command to display the system ID of the local system (that is, the actor).

  • Page 94

    View Any view Default Level 1: Monitor level Parameters bridge-aggregation: Displays the load sharing mode of the aggregation group corresponding to the specified Layer 2 aggregate interface. interface-number: Specifies the number of an existing aggregate interface. Description Use the display link-aggregation load-sharing mode command to display load sharing mode for link aggregation groups.

  • Page 95: Display Link-aggregation Member-port

    Bridge-Aggregation1 Load-Sharing Mode: destination-mac address, source-mac address # Display the link aggregation load sharing mode of each aggregation group. <Sysname> display link-aggregation load-sharing mode interface Bridge-Aggregation10 Load-Sharing Mode: destination-ip address, source-ip address Bridge-Aggregation20 Load-Sharing Mode: Layer 2 traffic: destination-mac address, source-mac address Layer 3 traffic: destination-ip address, source-ip address Table 2-2 display link-aggregation load-sharing mode command output description Field...

  • Page 96

    Description Use the display link-aggregation member-port command to display the detailed link aggregation information of the specified interface(s) or all interfaces if no interface is specified. For an interface in a static aggregation group, only its port number and operational key are displayed, because it is not aware of the information of the partner.

  • Page 97: Display Link-aggregation Summary

    Table 2-3 display link-aggregation member-port command output description Field Flags Aggregation Interface Local: Port Number Port Priority Oper-key Flag Remote: System ID Port Number Port Priority Oper-key Flag Received LACP Packets Illegal Sent LACP Packets display link-aggregation summary Syntax display link-aggregation summary View Any view Description...

  • Page 98

    Default Level 1: Monitor level Parameters None Description Use the display link-aggregation summary command to display the summary information of all aggregation groups. You may find out that information about the remote system for a static link aggregation group is either replaced by none or not displayed at all.

  • Page 99: Display Link-aggregation Verbose

    Field Select Ports Unselect Ports Share Type display link-aggregation verbose Syntax display link-aggregation verbose [ bridge-aggregation [ interface-number ] ] View Any view Default Level 1: Monitor level Parameters bridge-aggregation: Displays detailed information about the Layer-2 aggregate groups corresponding to Layer-2 aggregate interfaces. interface-number: Aggregate interface number.

  • Page 100

    Aggregation Mode: Dynamic Loadsharing Type: Shar System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Oper-Key Flag ------------------------------------------------------------------------- GE1/0/6 32768 GE1/0/12 32768 Remote: Actor Partner Priority Oper-Key SystemID ------------------------------------------------------------------------- GE1/0/6 32768 GE1/0/12 32768 Table 2-5 display link-aggregation verbose command output description Field Loadsharing type: Loadsharing Type...

  • Page 101: Enable Snmp Trap Updown

    Field Remote: Actor Partner Priority Oper-Key SystemID Flag enable snmp trap updown Syntax enable snmp trap updown undo enable snmp trap updown View Layer-2 aggregate interface view Default Level 2: System level Parameters None Description Use the enable snmp trap updown command to enable linkUp/linkDown trap generation for the current aggregate interface.

  • Page 102: Lacp Port-priority

    undo interface bridge-aggregation interface-number View System view Default Level 2: System level Parameters interface-number: Layer-2 aggregate interface number. The value range is 1 to 128 Description Use the interface bridge-aggregation command to create a Layer-2 aggregate interface and enter the Layer-2 aggregate interface view. Use the undo interface bridge-aggregation command to remove a Layer-2 aggregate interface.

  • Page 103: Lacp System-priority, Link-aggregation Load-sharing Mode (system View)

    Examples # Set the LACP priority of GigabitEthernet 1/0/1 to 64. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lacp port-priority 64 lacp system-priority Syntax lacp system-priority system-priority undo lacp system-priority View System view Default Level 2: System level Parameters system-priority: LACP priority of the local system, in the range of 0 to 65535. Description Use the lacp system-priority command to set the LACP priority of the local system.

  • Page 104: Link-aggregation Load-sharing Mode (aggregate Interface View)

    Parameters destination-ip: Specifies to perform load sharing in link aggregation groups based on destination IP address. destination-mac: Specifies to perform load sharing in load-sharing link aggregation groups based on destination MAC address. destination-port: Specifies to perform load sharing in load-sharing link aggregation groups based on destination port.

  • Page 105: Link-aggregation Mode

    View Layer 2 aggregate interface view Default Level 2: System level Parameters destination-ip: Specifies to perform load sharing in link aggregation groups based on destination IP address. destination-mac: Specifies to perform load sharing in load-sharing link aggregation groups based on destination MAC address.

  • Page 106: Port Link-aggregation Group

    Default Level 2: System level Parameters None Description Use the link-aggregation mode dynamic command to configure an aggregation group to work in dynamic aggregation mode. Use the undo link-aggregation mode command to restore the default. By default, an aggregation group works in static aggregation mode. If there is any member port in an aggregation group, you cannot modify the aggregation mode of the aggregation group.

  • Page 107: Reset Lacp Statistics

    Examples # Assign GigabitEthernet 1/0/1 to aggregation group 22. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-aggregation group 22 reset counters interface Syntax reset counters interface [ bridge-aggregation [ interface-number ] ] View User view Default Level 2: System level Parameters bridge-aggregation: Clears statistics for Layer 2 aggregate interfaces.

  • Page 108

    View User view Default Level 1: Monitor level Parameters interface-type interface-number: Interface type and interface number. to: Specifies an interface range in the form of interface-type interface-number to interface-type interface-number, where the start interface number must be smaller than the end interface number. Note that both the start interface and the end interface are inclusive.

  • Page 109

    [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] shutdown 2-18...

  • Page 110: Port Isolation Configuration Commands

    Port Isolation Configuration Commands Port Isolation Configuration Commands display port-isolate group Syntax display port-isolate group View Any view Default Level 1: Monitor level Parameters None Description Use the display port-isolate group command to display information about the default isolation group (isolation group 1).

  • Page 111: Port-isolate Enable

    port-isolate enable Syntax port-isolate enable undo port-isolate enable View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters None Description Use the port-isolate enable command to add a port in Ethernet interface view or a group of ports in port group view to an isolation group as isolated ports.

  • Page 112

    # Assign Layer-2 aggregate interface Bridge-aggregation 1 and its member ports to the isolation group on a single-isolation-group device. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] quit [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-aggregation group 1 [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface GigabitEthernet 1/0/2 [Sysname-GigabitEthernet1/0/2] port link-aggregation group 1 [Sysname-GigabitEthernet1/0/2] quit [Sysname] interface bridge-aggregation 1...

  • Page 113: Mstp Configuration Commands

    MSTP Configuration Commands MSTP Configuration Commands active region-configuration Syntax active region-configuration View MST region view Default Level 2: System level Parameters None Description Use the active region-configuration command to activate your MST region configuration. Note that: The configuration of MST region–related parameters, especially the VLAN-to-instance mapping table, will cause MSTP to launch a new spanning tree calculation process, which may result in network topology instability.

  • Page 114: Bpdu-drop Any, Check Region-configuration

    In order to avoid this problem, you can enable BPDU dropping on Ethernet ports. Once the function is enabled on a port, the port will not receive or forward any BPDU packets. In this way, the switch is protected against the BPDU packet attack and the STP calculation correctness is ensured.

  • Page 115: Display Stp

    Description Use the check region-configuration command to view MST region configuration information not activated yet, including the region name, revision level, and VLAN-to-instance mapping settings. Note that: Two or more MSTP-enabled devices belong to the same MST region only if they are configured to have the same format selector, MST region name, the same VLAN-to-instance mapping entries in the MST region and the same MST region revision level, and they are interconnected via a physical link.

  • Page 116

    Default Level 1: Monitor level Parameters instance instance-id: Displays the status and statistics information of a particular MSTI. The minimum value of instance-id is 0, representing the common internal spanning tree (CIST), and the maximum value of instance-id is 32. interface interface-list: Displays the MSTP status and statistics information on the ports specified by a port list, in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10>...

  • Page 117

    MSTI global parameters: MSTI ID, bridge priority of the MSTI, regional root, internal path cost, MSTI root port, and master bridge. MSTI port parameters: Port status, role, priority, path cost, designated bridge, designated port, remaining hops, and whether rapid state transition enabled (for designated ports). The statistics information includes: The number of TCN BPDUs, configuration BPDUs, RST BPDUs and MST BPDUs sent from each port...

  • Page 118

    <Sysname> display stp -------[CIST Global Info][Mode MSTP]------- CIST Bridge :32768.000f-e200-2200 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0.00e0-fc0e-6554 / 200200 CIST RegRoot/IRPC :32768.000f-e200-2200 / 0 CIST RootPortId :128.48 BPDU-Protection :disabled Bridge Config- Digest-Snooping :disabled TC or TCN received :2 Time since last TC :0 days 0h:5m:42s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---- Port Protocol...

  • Page 119

    CIST Bridge-Prio. :32768 MAC address :000f-e200-8048 Max age(s) Forward delay(s) Hello time(s) Max hops Table 4-3 display stp command output description Field CIST Bridge CIST bridge ID Major parameters for the bridge: Hello: Hello timer Bridge Times MaxAge: Max Age timer FWDly: Forward delay timer Max Hop: Max hops within the MST region CIST Root/ERPC...

  • Page 120: Display Stp Abnormal-port

    Field Protection Type MST BPDU Format Port Config- Digest-Snooping Rapid transition Num of Vlans Mapped PortTimes BPDU Sent BPDU Received MSTI RegRoot/IRPC MSTI RootPortId MSTI Root Type Master Bridge Cost to Master TC received Protocol Status Protocol Std. Version CIST Bridge-Prio. MAC address Max age(s) Forward delay(s)

  • Page 121: Display Stp Down-port

    View Any view Default Level 1: Monitor level Parameters None Description Use the display stp abnormal-port command to view the information about abnormally blocked ports. Any of the following reasons may cause a port to be abnormally blocked: Root guard function Loop guard function MSTP BPDU format incompatibility protection function Examples...

  • Page 122: Display Stp History

    Parameters None Description Use the display stp down-port command to display the information about ports blocked by STP protection functions. These functions include: BPDU attack guard function MSTP BPDU format frequent change protection function Examples # View the information about ports blocked by STP protection functions. <Sysname>...

  • Page 123: Display Stp Region-configuration

    Description Use the display stp history command to view the historic port role calculation information of the specified MSTI or all MSTIs. Note that: If you do not specify an MSTI ID, this command will display the historic port role calculation information of all MSTIs.

  • Page 124: Display Stp Root

    Parameters None Description Use the display stp region-configuration command to view the currently effective configuration information of the MST region, including the region name, revision level, and user-configured VLAN-to-instance mappings. Related commands: instance, region-name, revision-level, vlan-mapping modulo. Examples # View the currently effective MST region configuration information. <Sysname>...

  • Page 125: Display Stp Tc

    Description Use the display stp root command to view the root bridge information of all MSTIs. Examples # View the root bridge information of all MSTIs. <Sysname> display stp root MSTID Root Bridge ID 0.00e0-fc0e-6554 Table 4-8 display stp root command output description Field MSTID Root Bridge ID...

  • Page 126

    Description Use the display stp tc command to view the statistics of TC/TCN BPDUs received and sent by all ports in an MSTI or all MSTIs. Note that: If you do not specify an MSTI ID, this command will display the statistics of TC/TCN BPDUs received and sent by all ports in all MSTIs.

  • Page 127

    Description Use the instance command to map the specified VLANs to the specified MSTI. Use the undo instance command to remap the specified VLAN or all VLANs to the CIST (MSTI 0). By default, all VLANs are mapped to the CIST. Notice that: If you specify no VLAN in the undo instance command, all VLANs mapped to the specified MSTI will be remapped to the CIST.

  • Page 128: Reset Stp

    Related commands: region-configuration, check region-configuration, active region-configuration. Examples # Set the MST region name of the device to hello. <Sysname> system-view [Sysname] stp region-configuration [Sysname-mst-region] region-name hello reset stp Syntax reset stp [ interface interface-list ] View User view Default Level 1: Monitor level Parameters interface interface-list: Specifies a port list, in the format of interface-list = { interface-type...

  • Page 129: Stp Bpdu-protection

    View MST region view Default Level 2: System level Parameters level: MSTP revision level, in the range of 0 to 65535. Description Use the region-level command to configure the MSTP revision level. Use the undo region-level command to restore the default MSTP revision level. By default, the MSTP revision level is 0.

  • Page 130: Stp Bridge-diameter

    Description Use the stp bpdu-protection command to enable the BPDU guard function. Use the undo stp bpdu-protection command to disable the BPDU guard function. By default, the BPDU guard function is disabled. Examples # Enable the BPDU guard function. <Sysname> system-view [Sysname] stp bpdu-protection stp bridge-diameter Syntax...

  • Page 131: Stp Compliance, Stp Config-digest-snooping

    stp compliance Syntax stp compliance { auto | dot1s | legacy } undo stp compliance View Ethernet interface view, port group view, Layer 2 aggregate interface view Default Level 2: System level Parameters auto: Configures the port(s) to recognize the MSTP BPDU format automatically and accordingly determine the format of MSTP BPDUs to send.

  • Page 132: Stp Cost

    View System view, Ethernet interface view, port group view, Layer 2 aggregate interface view Default Level 2: System level Parameters None Description Use the stp config-digest-snooping command to enable Digest Snooping. Use the undo stp config-digest-snooping command to disable Digest Snooping. The feature is disabled by default.

  • Page 133: Stp Edged-port

    Parameters instance instance-id: Sets the path cost of the port(s) in a particular MSTI. The minimum value of instance-id is 0, representing the CIST, and the maximum value of instance-id is 32. cost: Path cost of the port, the effective range of which depends on the path cost calculation standard adopted.

  • Page 134: Stp Enable

    Default Level 2: System level Parameters enable: Configures the current port(s) to be an edge port or edge ports. disable: Configures the current port(s) to be a non-edge port or non-edge ports. Description Use the stp edged-port enable command to configure the port(s) as an edge port or ports. Use the undo stp edged-port command to restore the default.

  • Page 135: Stp Loop-protection

    Parameters None Description Use the stp enable command to enable MSTP globally in system view, on a port in interface view, or on multiple ports in port group view. Use the undo stp enable command to disable MSTP globally or on the port(s). By default, MSTP is enabled on all ports and globally.

  • Page 136: Stp Max-hops

    Description Use the stp loop-protection command to enable the loop guard function on the port(s). Use the undo stp loop-protection command to restore the system default. By default, the loop guard function is disabled. Note that: Configured in Ethernet interface view, the setting takes effect on the current interface only; configured in port group view, the setting takes effect on all ports in the port group.

  • Page 137: Stp Mcheck, Stp Mode

    stp mcheck Syntax stp mcheck View System view, Ethernet interface view, Layer 2 aggregate interface view Default Level 2: System level Parameters None Description Use the stp mcheck command to carry out the mCheck operation globally or on the current port. If a port on a device running MSTP (or RSTP) connects to a device running STP, this port will automatically migrate to the STP-compatible mode.

  • Page 138: Stp No-agreement-check

    undo stp mode View System view Default Level 2: System level Parameters stp: Configures the MSTP-enabled device to work in STP-compatible mode. rstp: Configures an MSTP-enabled device to work in RSTP mode. mstp: Configures an MSTP-enabled device to work in MSTP mode. Description Use the stp mode command to configure the MSTP work mode of the device.

  • Page 139: Stp Pathcost-standard

    Configured in Ethernet interface view, the setting takes effect on the current interface only; configured in port group view, the setting takes effect on all member ports in the port group. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface;...

  • Page 140: Stp Point-to-point

    Table 4-10 Link speed vs. path cost Link speed Duplex state — Single Port Aggregate Link 2 Ports 10 Mbps Aggregate Link 3 Ports Aggregate Link 4 Ports Single Port Aggregate Link 2 Ports 100 Mbps Aggregate Link 3 Ports Aggregate Link 4 Ports Single Port Aggregate Link 2 Ports...

  • Page 141: Stp Port Priority

    Description Use the stp point-to-point command to configure the link type of the current port(s). Use the undo stp point-to-point command to restore the system default. The default setting is auto; namely the MSTP-enabled device automatically detects whether a port connects to a point-to-point link.

  • Page 142: Stp Port-log

    Description Use the stp port priority command to set the priority of the port(s). Use the undo stp port priority command to restore the system default. Port priority affects the role of a port in an MSTI. By default, the port priority is 128. Note that: Configured in Ethernet interface view, the setting takes effect on the current interface only;...

  • Page 143: Stp Priority

    Use the undo stp port-log command to disable output of port state transition information for the specified MSTI or all MSTIs. This function is enabled by default. Examples # Enable output of port state transition information for MSTI 2. <Sysname> system-view [Sysname] stp port-log instance 2 %Aug 16 00:49:41:856 2006 Sysname MSTP/3/PDISC: Instance 2's GigabitEthernet1/0/1 has been set to discarding state!

  • Page 144: Stp Root Primary, Stp Region-configuration

    stp region-configuration Syntax stp region-configuration undo stp region-configuration View System view Default Level 2: System level Parameters None Description Use the stp region-configuration command to enter MST region view. Use the undo stp region-configuration command to restore the default MST region configurations. By default, the default settings are used for all the three MST region parameters.

  • Page 145: Stp Root Secondary

    Description Use the stp root primary command to configure the current device as the root bridge. Use the undo stp root command to restore the system default. By default, a device is not a root bridge in any MSTI. Note that: There is only one root bridge in effect in an MSTI.

  • Page 146: Stp Root-protection, Stp Tc-protection

    After specifying the current device as a secondary root bridge, you cannot change the priority of the device. Related commands: stp priority, stp root primary. Examples # Specify the current device as a secondary root bridge of MSTI 0. <Sysname> system-view [Sysname] stp instance 0 root secondary stp root-protection Syntax...

  • Page 147: Stp Tc-protection Threshold

    2: System level Parameters number: Maximum number of immediate forwarding address entry flushes that the switch can perform within a certain period of time after it receives the first TC-BPDU. The value range for the argument is 1 to 255.

  • Page 148: Stp Timer Forward-delay

    By default, the device can perform a maximum of six forwarding address entry flushes within 10 seconds after it receives the first TC-BPDU. Examples # Set the maximum number of forwarding address entry flushes that the device can perform within 10 seconds after it receives the first TC-BPDU to 10.

  • Page 149: Stp Timer Hello

    Examples # Set the forward delay timer of the device to 2,000 centiseconds. <Sysname> system-view [Sysname] stp timer forward-delay 2000 stp timer hello Syntax stp timer hello time undo stp timer hello View System view Default Level 2: System level Parameters time: Hello time in centiseconds, ranging from 100 to 1000 at the step of 100.

  • Page 150: Stp Timer Max-age, Stp Timer-factor

    stp timer max-age Syntax stp timer max-age time undo stp timer max-age View System view Default Level 2: System level Parameters time: Max age in centiseconds, ranging from 600 to 4000 at the step of 100. Description Use the stp timer max-age command to set the max age timer of the device. Use the undo stp timer max-age command to restore the system default.

  • Page 151: Stp Transmit-limit

    View System view Default Level 2: System level Parameters factor: Timeout factor, in the range of 1 to 20. Description Use the stp timer-factor command to set the timeout factor, which decides the timeout time. Timeout time = timeout factor × 3 × hello time. Use the undo stp timer-factor command to restore the default.

  • Page 152: Vlan-mapping Modulo

    Description Use the stp transmit-limit command to set the maximum transmission rate of the port(s), that is, the maximum number of BPDUs the port(s) can send within each hello time. Use the undo stp transmit-limit command to restore the system default. By default, the maximum transmission rate of all ports of the device is 10, that is, each port can send up to 10 BPDUs within each hello time.

  • Page 153

    This command maps each VLAN to the MSTI whose ID is (VLAN ID–1) %modulo + 1, where (VLAN ID-1) %modulo is the modulo operation for (VLAN ID–1). If the modulo value is 15, for example, then VLAN 1 will be mapped to MSTI 1, VLAN 2 to MSTI 2, VLAN 15 to MSTI 15, VLAN 16 to MSTI 1, and so on.

  • Page 154: Lldp Configuration Commands

    LLDP Configuration Commands LLDP Configuration Commands display lldp local-information Syntax display lldp local-information [ global | interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters global: Displays the global LLDP information to be transmitted. interface interface-type interface-number: Displays the LLDP information to be sent out the interface specified by its type and number.

  • Page 155

    FirmwareRev : 109 SoftwareRev : 5.20 Alpha 2101 SerialNum : NONE Manufacturer name : Manufacturer name Model name : Model name Asset tracking identifier : Unknown LLDP local-information of port 1[GigabitEthernet1/0/1]: Port ID subtype : Interface name Port ID : GigabitEthernet1/0/1 Port description : GigabitEthernet1/0/1 Interface Management address type Management address...

  • Page 156

    Table 5-1 display lldp local-information command output description Field Global LLDP local-information Chassis ID System name System description System capabilities supported System capabilities enabled MED information Device class MED inventory information of master board HardwareRev FirmwareRev SoftwareRev SerialNum Manufacturer name Model name Asset tracking identifier LLDP local-information of port 1...

  • Page 157

    Field Management address interface ID Management address OID Port VLAN ID(PVID) Port and protocol VLAN ID(PPVID) Port and protocol VLAN supported Port and protocol VLAN enabled VLAN name of VLAN 1 Auto-negotiation supported Auto-negotiation enabled OperMau PoE supported Link aggregation supported Link aggregation enabled Aggregation port ID Maximum frame Size...

  • Page 158: Display Lldp Neighbor-information

    display lldp neighbor-information Syntax display lldp neighbor-information [ brief | interface interface-type interface-number [ brief ] | list [ system-name system-name ] ] View Any view Default level 1: Monitor level Parameters brief: Displays the brief LLDP information sent by the neighboring devices. If the brief keyword is not specified, this command displays the detailed LLDP information sent by the neighboring devices.

  • Page 159

    System capabilities enabled Management address type Management address Management address interface type : IfIndex Management address interface ID Management address OID Port VLAN ID(PVID): 1 Port and protocol VLAN ID(PPVID) : 1 Port and protocol VLAN supported : Yes Port and protocol VLAN enabled VLAN name of VLAN 1: VLAN 0001 Auto-negotiation supported : Yes Auto-negotiation enabled...

  • Page 160

    Management address Management address interface type : IfIndex Management address interface ID Management address OID Port VLAN ID(PVID): 1 Port and protocol VLAN ID(PPVID) : 1 Port and protocol VLAN supported : Yes Port and protocol VLAN enabled VLAN name of VLAN 1: VLAN 0001 Auto-negotiation supported : Yes Auto-negotiation enabled : Yes...

  • Page 161

    Field Chassis type Chassis ID Port ID type Port ID Port description System name System description System capabilities supported System capabilities enabled Management address type Management address Management address interface type Management address interface ID Management address OID Port VLAN ID Port and protocol VLAN ID(PPVID) Port and protocol VLAN supported...

  • Page 162

    Field Auto-negotiation supported Auto-negotiation enabled OperMau Power port class PSE power supported PSE power enabled PSE pairs control ability Power pairs Port power classification Link aggregation supported Link aggregation enabled Aggregation port ID Maximum frame Size Location format Location Information PoE PSE power source PoE service type Port PSE Priority...

  • Page 163: Display Lldp Statistics

    Field Unknown organizationally-defined TLV OUI TLV subtype Index TLV information Local Interface display lldp statistics Syntax display lldp statistics [ global | interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters global: Displays the global LLDP statistics. interface interface-type interface-number: Specifies a port by its type and number.

  • Page 164: Display Lldp Status

    The number of LLDP TLVs discarded The number of LLDP TLVs unrecognized The number of LLDP neighbor information aged out : 0 The number of CDP frames transmitted The number of CDP frames received The number of CDP frames discarded The number of CDP error frames Table 5-3 display lldp statistics command output description Field...

  • Page 165

    Default level 1: Monitor level Parameters interface interface-type interface-number: Specifies a port by its type and number. Description Use the display lldp status command to display the LLDP status of a port. If no port is specified, this command displays the LLDP status of all the ports. Examples # Display the LLDP status of all the ports.

  • Page 166: Display Lldp Tlv-config

    Field Reinit delay Transmit delay Trap interval Fast start times Port 1 Port status of LLDP Admin status Trap Flag Rolling interval Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown display lldp tlv-config Syntax display lldp tlv-config [ interface interface-type interface-number ]...

  • Page 167

    Examples # Display the advertisable TLVs of port GigabitEthernet1/0/1. <Sysname> display lldp tlv-config interface GigabitEthernet 1/0/1 LLDP tlv-config of port 1[GigabitEthernet1/0/1]: NAME Basic optional TLV: Port Description TLV System Name TLV System Description TLV System Capabilities TLV Management Address TLV IEEE 802.1 extend TLV: Port VLAN ID TLV Port And Protocol VLAN ID TLV...

  • Page 168: Lldp Admin-status

    Field IEEE 802.3 extended TLV LLDP-MED extend TLV lldp admin-status Syntax lldp admin-status { disable | rx | tx | txrx } undo lldp admin-status View Ethernet interface view, port group view Default level 2: System level Parameters disable: Specifies the Disable mode. A port in this mode does not send or receive LLDPDUs. rx: Specifies the Rx mode.

  • Page 169: Lldp Check-change-interval, Lldp Compliance Admin-status Cdp

    lldp check-change-interval Syntax lldp check-change-interval interval undo lldp check-change-interval View Ethernet interface view, port group view Default level 2: System level Parameters interval: LLDP polling interval to be set, in the range 1 to 30 (in seconds). Description Use the lldp check-change-interval command to enable LLDP polling and set the polling interval. Use the undo lldp check-change-interval command to restore the default.

  • Page 170: Lldp Compliance Cdp

    Description Use the lldp compliance admin-status cdp command to configure the operation mode of CDP-compatible LLDP on a port or port group. By default, CDP-compatible LLDP operates in disable mode. To have your device work with Cisco IP phones, you must enable CDP-compatible LLDP globally and then configure CDP-compatible LLDP to work in TxRx mode on the specified port(s).

  • Page 171: Lldp Enable, Lldp Encapsulation Snap

    lldp enable Syntax lldp enable undo lldp enable View System view, Ethernet interface view, port group view Default level 2: System level Parameters None Description Use the lldp enable command to enable LLDP. Use the undo lldp enable command to disable LLDP. By default, LLDP is disabled globally and enabled on a port.

  • Page 172: Lldp Fast-count

    Use the undo lldp encapsulation command to restore the default encapsulation format for LLDPDUs. By default, Ethernet II encapsulation applies. The command does not apply to LLDP-CDP packets, which use only SNAP encapsulation. Examples # Configure the encapsulation format for LLDPDUs as SNAP on GigabitEthernet1/0/1. <Sysname>...

  • Page 173: Lldp Hold-multiplier, Lldp Management-address-format String

    lldp hold-multiplier Syntax lldp hold-multiplier value undo lldp hold-multiplier View System view Default level 2: System level Parameters value: TTL multiplier, in the range 2 to 10. Description Use the lldp hold-multiplier command to set the TTL multiplier. Use the undo lldp hold-multiplier command to restore the default. The TTL multiplier defaults to 4.

  • Page 174: Lldp Management-address-tlv

    Parameters None Description Use the lldp management-address-format string command to configure the encapsulation format of the management address as strings in TLVs. Use the undo lldp management-address-format command to restore the default. By default, the management address is encapsulated in the form of numbers in TLVs. Examples # Configure GigabitEthernet1/0/1 to encapsulate the management address in the form of strings in management address TLVs.

  • Page 175: Lldp Notification Remote-change Enable, Lldp Timer Notification-interval

    [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lldp management-address-tlv 192.6.0.1 lldp notification remote-change enable Syntax lldp notification remote-change enable undo lldp notification remote-change enable View Ethernet interface view, port group view Default level 2: System level Parameters None Description Use the lldp notification remote-change enable command to enable trap for a port or all the ports in a port group.

  • Page 176: Lldp Timer Reinit-delay, Lldp Timer Tx-delay

    Description Use the lldp timer notification-interval command to set the interval to send LLDP trap messages. Use the undo lldp timer notification-interval command to restore the default. By default, the interval to send LLDP trap messages is 5 seconds. Examples # Set the interval to send LLDP trap messages to 8 seconds.

  • Page 177: Lldp Timer Tx-interval

    Default level 2: System level Parameters delay: Delay period to send LLDPDUs, in the range 1 to 8192 (in seconds). Description Use the lldp timer tx-delay command to set the delay period to send LLDPDUs. Use the undo lldp timer tx-delay command to restore the default. By default, the delay period to send LLDPDUs is 2 seconds.

  • Page 178: Lldp Tlv-enable

    lldp tlv-enable Syntax lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id | protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] } | dot3-tlv { all | link-aggregation | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | location-id { civic-address device-type country-code { ca-type ca-value }&<1-10>...

  • Page 179

    Inserts the address information about the intermediate device in location identification TLVs . device-type: Device type value. A value of 0 specifies DHCP server; a value of 1 specifies switch, and a value of 2 specifies LLDP-MED endpoint. country-code: Country code, confirming to ISO 3166.

  • Page 180: Vlan Configuration Commands

    VLAN Configuration Commands VLAN Configuration Commands description Syntax description text undo description View VLAN view, VLAN interface view Default Level 2: System level Parameters text: Case-sensitive string that describes the current VLAN or VLAN interface. Spaces can be included in the description. For a VLAN, this is a string of 1 to 32 characters.

  • Page 181: Display Interface Vlan-interface

    display interface vlan-interface Syntax display interface vlan-interface [ vlan-interface-id ] View Any view Default Level 1: Monitor level Parameters vlan-interface-id: VLAN interface number, in the range of the numbers of existing VLANs on the device. Description Use the display interface vlan-interface command to display information about a specified or all VLAN interfaces if no interface is specified.

  • Page 182: Display Vlan

    Field Description The Maximum Transmit Unit Internet protocol processing : IP Packet Frame Type Hardware address IPv6 Packet Frame Type display vlan Syntax display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] View Any view Default Level...

  • Page 183: Interface Vlan-interface

    Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: GigabitEthernet1/0/11 Untagged Ports: none # Display VLAN 3 information. <Sysname> display vlan 3 VLAN ID: 3 VLAN Type: static Route Interface: configured IP Address: 1.1.1.1 Subnet Mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: none...

  • Page 184

    Default Level 2: System level Parameters vlan-interface-id: VLAN interface number, in the range of 1 to 4094. Description Use the interface vlan-interface command to create a VLAN interface and enter its view or enter the view of an existing VLAN interface. Before you can create the VLAN interface of a VLAN, create the VLAN first.

  • Page 185: Ip Services Volume

    VLAN configuration to ports that have passed the authentication. Some servers can send IDs or names of the issued VLANs to the switch. When there are a large number of VLANs, you can use VLAN names rather than VLAN IDs to better locate VLANs.

  • Page 186

    Examples # Configure the name of VLAN 2 as test vlan. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] name test vlan shutdown Syntax shutdown undo shutdown View VLAN interface view Default Level 2: System level Parameters None Description Use the shutdown command to shut down a VLAN interface. Use the undo shutdown command to bring up a VLAN interface.

  • Page 187

    View System view Default Level 2: System level Parameters vlan-id1, vlan-id2: VLAN ID, in the range 1 to 4094. vlan-id1 to vlan-id2: Specifies a VLAN range. A VLAN ID is in the range 1 to 4094. Note that vlan-id2 must be equal to or greater than vlan-id1. all: Creates or removes all VLANs except reserved VLANs.

  • Page 188: Display Port, Port-based Vlan Configuration Commands

    Port-Based VLAN Configuration Commands display port Syntax display port { hybrid | trunk } View Any view Default Level 1: Monitor level Parameters hybrid: Displays hybrid ports. trunk: Displays trunk ports. Description Use the display port command to display information about the hybrid or trunk ports on the device, including the port names, default VLAN IDs, and allowed VLAN IDs.

  • Page 189: Port Access Vlan

    port Syntax port interface-list undo port interface-list View VLAN view Default Level 2: System level Parameters interface interface-list: Specifies an Ethernet port list or Layer-2 aggregate interface list, in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10>...

  • Page 190: Port Hybrid Pvid Vlan

    Parameters vlan-id: VLAN ID, in the range of 1 to 4094. Be sure that the VLAN specified by the VLAN ID already exists. Description Use the port access vlan command to assign the current access port(s) to the specified VLAN. Use the undo port access vlan command to restore the default.

  • Page 191: Port Hybrid Vlan

    Parameters vlan-id: VLAN ID, in the range of 1 to 4094. Description Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port. Use the undo port hybrid pvid command to restore the default. By default, the default VLAN of a hybrid port is VLAN 1.

  • Page 192

    View Ethernet interface view, port group view, Layer-2 aggregate interface view Default Level 2: System level Parameters vlan-id-list: VLANs that the hybrid ports will be assigned to. This argument is expressed in the format of [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where vlan-id ranges from 1 to 4094 and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges.

  • Page 193: Port Link-type

    [Sysname-port-group-manual-2] port link-type hybrid [Sysname-port-group-manual-2] port hybrid vlan 2 untagged Configuring GigabitEthernet1/0/1... Done. Configuring GigabitEthernet1/0/2... Done. Configuring GigabitEthernet1/0/3... Done. Configuring GigabitEthernet1/0/4... Done. Configuring GigabitEthernet1/0/5... Done. Configuring GigabitEthernet1/0/6... Done. # Assign the hybrid Layer-2 aggregate interface Bridge-aggregation 1 and its member ports to VLAN 2, and configure them to send packets of VLAN 2 with tags removed.

  • Page 194: Port Trunk Permit Vlan

    configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

  • Page 195

    all: Permits all VLANs to pass through the trunk port(s). On GVRP-enabled trunk ports, you must configure the port trunk permit vlan all command to ensure that the traffic of all dynamically registered VLANs can pass through. However, When GVRP is disabled on a port, you are discouraged to configure the command on the port.

  • Page 196: Port Trunk Pvid Vlan

    Configuring GigabitEthernet1/0/3... Done. Among the output fields above, the message “Please wait... Done” indicates that the configuration on Bridge-aggregation 1 succeeded; “Error: Failed to configure on interface GigabitEthernet1/0/2! This port is not a Trunk port!” indicates that the configuration failed on GigabitEthernet 1/0/2 because GigabitEthernet 1/0/2 was not a trunk port;...

  • Page 197: Mac Address-based Vlan Configuration Commands, Display Mac-vlan

    <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Configure VLAN 100 as the default VLAN of the trunk Layer-2 aggregate interface Bridge-aggregation 1, assuming Bridge-aggregation 1 does not have member ports. <Sysname>...

  • Page 198: Display Mac-vlan Interface

    If mac-address mac-addr is specified while mask is not specified, only the MAC address-to-VLAN entry containing the specified MAC address is displayed. Examples # Display all the MAC address-to-VLAN entries. <Sysname> display mac-vlan all The following MAC-VLAN address exist: S: Static D: Dynamic MAC ADDR MASK...

  • Page 199: Mac-vlan Enable, Mac-vlan Mac-address

    Description Use the display mac-vlan interface command to display all the ports with MAC address-based VLAN enabled. Related commands: mac-vlan enable. Examples # Display all the interfaces with MAC address-based VLAN enabled. <Sysname> display mac-vlan interface MAC VLAN is enabled on following ports: --------------------------------------- GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 mac-vlan enable...

  • Page 200: Vlan Precedence

    View System view Default Level 2: System level Parameters mac-address mac-address: Specifies a MAC address. vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. priority pri: Specifies the 802.1p priority value corresponding to the specified MAC address. This argument is in the range of 0 to 7.

  • Page 201: Protocol-based Vlan Configuration Commands, Display Protocol-vlan Interface

    created on a port, MAC address-to-VLAN entries configured with the mask keyword specified are matched preferentially, and the left VLAN entries (VLAN entries based on a single MAC address and IP subnet-based VLANs) are matched as configured by the vlan precedence command. Examples # Configure to match VLANs based on MAC addresses preferentially on GigabitEthernet 1/0/1.

  • Page 202: Display Protocol-vlan Vlan

    Field Protocol Type display protocol-vlan vlan Syntax display protocol-vlan vlan { vlan-id1 [ to vlan-id2 ] | all } View Any view Default Level 2: System level Parameters vlan-id1: ID of the protocol-based VLAN for which information is to be displayed, in the range of 1 to 4094.

  • Page 203: Port Hybrid Protocol-vlan

    port hybrid protocol-vlan Syntax port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all } undo port hybrid protocol-vlan { vlan vlan-id { protocol-index [ to protocol-end ] | all } | all } View Ethernet interface view, port group view, Layer-2 aggregate interface view Default Level 2: System level Parameters...

  • Page 204

    [Sysname-vlan2] quit [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type hybrid [Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 untagged Please wait... Done [Sysname-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 2 0 # Associate the hybrid Layer-2 aggregate interface Bridge-aggregation 1 with protocol 0 in VLAN 2, assuming that Bridge-aggregation 1 does not have member ports.

  • Page 205

    Default Level 2: System level Parameters at: Specifies the AppleTalk based VLAN. ipv4: Specifies the IPv4 based VLAN. ipv6: Specifies the IPv6 based VLAN. ipx: Specifies the IPX based VLAN. The keywords ethernetii, llc, raw, and snap are encapsulation formats for IPX. mode: Configures a user-defined protocol template for the VLAN, which could also have four encapsulation formats, namely, ethernetii, llc, raw, and snap.

  • Page 206: Ip Subnet-based Vlan Configuration Commands, Display Ip-subnet-vlan Interface

    Use the undo protocol-vlan command to remove the configured protocol template. By default, no VLAN is bound with any protocol template. Related commands: display protocol-vlan vlan. Do not configure a VLAN as both a protocol-based VLAN and a voice VLAN. Examples # Configure VLAN 3 as an IPv4 based VLAN.

  • Page 207: Display Ip-subnet-vlan Vlan

    Parameters interface-list: Specifies an Ethernet port list in the format of interface-list = { interface-type interface-number interface-number represents the port type and port number and &<1-10> indicates that you can specify up to 10 ports or port ranges. all: Displays IP subnet-based VLAN information about all the ports with IP subnet-based VLAN configured.

  • Page 208

    all: Specifies all the VLANs. Description Use the display ip-subnet-vlan vlan command to display the IP subnet information and IP subnet indexes on the specified VLAN(s). Related commands: display vlan. Examples # Display the IP subnet information of all VLANs. <Sysname>...

  • Page 209: Port Hybrid Ip-subnet-vlan Vlan

    ip-subnet-end: End IP subnet index, in the range of 0 to 11. This argument must be greater than or equal to the beginning IP subnet index. all: Removes all the associations between VLANs and IP subnets or IP addresses. Description Use the ip-subnet-vlan command to associate the current VLAN with a specified IP subnet or IP address.

  • Page 210

    configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

  • Page 211

    Configuring GigabitEthernet1/0/2... Done. Configuring GigabitEthernet1/0/3... Done. [Sysname-Bridge-Aggregation1] port hybrid ip-subnet-vlan vlan 3 6-32...

  • Page 212

    Isolate-User-VLAN Configuration Commands Isolate-User-VLAN Configuration Commands display isolate-user-vlan Syntax display isolate-user-vlan [ isolate-user-vlan-id ] View Any view Default Level 1: Monitor level Parameters isolate-user-vlan-id: Isolate-user-VLAN ID, in the range of 1 to 4094. Description Use the display isolate-user-vlan command to display the mapping between an isolate-user-vlan and secondary VLAN(s), and the information of these VLANs.

  • Page 213

    Isolate-user-VLAN type : secondary Route Interface: configured IP Address: 2.2.2.2 Subnet Mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/2 VLAN ID: 4 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0004 Name: VLAN 0004 Tagged Ports: none...

  • Page 214

    View System view Default Level 2: System level Parameters isolate-user-vlan-id: Isolate-user-VLAN ID, in the range 1 to 4094. secondary secondary-vlan-id [ to secondary-vlan-id ]: Specifies a secondary VLAN ID or a secondary VLAN ID range. The secondary-vlan-id argument is a secondary VLAN ID, in the range 1 to 4094. Description Use the isolate-user-vlan command to associate an isolate-user-VLAN with the specified secondary VLAN(s).

  • Page 215: Isolate-user-vlan Enable

    [Sysname-vlan4] port gigabitethernet 1/0/4 [Sysname-vlan4] quit [Sysname] isolate-user-vlan 2 secondary 3 to 4 isolate-user-vlan enable Syntax isolate-user-vlan enable undo isolate-user-vlan enable View VLAN view Default Level 2: System level Parameters None Description Use the isolate-user-vlan enable command to configure the current VLAN as an isolate-user-VLAN. Use the undo isolate-user-vlan enable command to remove the isolate-user-VLAN configuration for the current VLAN.

  • Page 216: Voice Vlan Configuration Commands, Display Voice Vlan Oui

    Voice VLAN Configuration Commands Voice VLAN Configuration Commands display voice vlan oui Syntax display voice vlan oui View Any view Default Level 1: Monitor level Parameters None Description Use the display voice vlan oui command to display the currently supported organizationally unique identifier (OUI) addresses, the OUI address masks, and the description strings.

  • Page 217: Display Voice Vlan State

    00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone Table 8-1 display voice vlan oui command output description Field Oui Address Mask Description display voice vlan state Syntax display voice vlan state View Any view Default Level 1: Monitor level Parameters None...

  • Page 218: Voice Vlan Aging

    Table 8-2 display voice vlan state command output description Field Maximum of Voice VLANs Current Voice VLANs Voice VLAN security mode Voice VLAN aging time Voice VLAN enabled port and its mode PORT VLAN MODE voice vlan aging Syntax voice vlan aging minutes undo voice vlan aging View System view...

  • Page 219: Voice Vlan Enable, Voice Vlan Mac-address

    You can enable the voice VLAN feature on a hybrid or trunk port operating in automatic voice VLAN assignment mode but not on an access port operating in automatic voice VLAN assignment mode. You can configure different voice VLANs for different ports. An Switch 4510G ts up to eight voice VLANs globally.

  • Page 220

    Parameters mac-address: Source MAC address of voice traffic, in the format of H-H-H, such as 1234-1234-1234. mask oui-mask: Specifies the valid length of the OUI address by a mask in the format of H-H-H, formed by consecutive Fs and 0s, for example, FFFF-0000-0000. To filter the voice device of a specific vendor, set the mask to FFFF-FF00-0000.

  • Page 221: Voice Vlan Mode Auto, Voice Vlan Security Enable

    00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone 1234-1200-0000 ffff-ff00-0000 PhoneA # Remove the OUI address 1234-1200-0000. <Sysname> system-view [Sysname] undo voice vlan mac-address 1234-1200-0000 voice vlan mode auto Syntax voice vlan mode auto undo voice vlan mode auto View Ethernet interface view...

  • Page 222

    View System view Default Level 2: System level Parameters None Description Use the voice vlan security enable command to enable voice VLAN security mode. Use the undo voice vlan security enable command to disable voice VLAN security mode. By default, voice VLAN security mode is not enabled. Examples # Disable voice VLAN security mode.

  • Page 223: Gvrp Configuration Commands

    GVRP Configuration Commands GVRP Configuration Commands display garp statistics Syntax display garp statistics [ interface interface-list ] View Any view Default Level 1: Monitor level Parameters interface interface-list: Defines one or multiple Ethernet ports for which the GARP statistics will be displayed.

  • Page 224: Display Garp Timer

    GARP statistics on port GigabitEthernet1/0/1 Number of GVRP Frames Received Number of GVRP Frames Transmitted Number of Frames Discarded GARP statistics on port GigabitEthernet1/0/2 Number of GVRP Frames Received Number of GVRP Frames Transmitted Number of Frames Discarded display garp timer Syntax display garp timer [ interface interface-list ] View...

  • Page 225: Display Gvrp Local-vlan Interface, Display Gvrp State

    display gvrp local-vlan interface Syntax display gvrp local-vlan interface interface-type interface-number View Any view Default Level 0: Visit level Parameters interface interface-type interface-number: Specifies an interface by its type and number. Description Use the display gvrp local-vlan interface command to display the local VLAN information maintained by GVRP on the specified port.

  • Page 226: Display Gvrp Statistics

    GVRP state of VLAN 2 on port GigabitEthernet1/0/1 Applicant state machine Registrar state machine display gvrp statistics Syntax display gvrp statistics [ interface interface-list ] View Any view Default Level 1: Monitor level Parameters interface interface-list: Defines one or multiple Ethernet ports. You can provide up to 10 Ethernet port lists, by each of which you can specify an individual port in the form of interface-type interface-number, or a port range in the form of interface-type interface-number1 to interface-type interface-number2, where the end-port number specified by interface-number2 must be greater than the start-port number...

  • Page 227: Display Gvrp Status, Display Gvrp Vlan-operation Interface

    display gvrp status Syntax display gvrp status View Any view Default Level 1: Monitor level Parameters None Description Use the display gvrp status command to display the global enable/disable state of GVRP. Examples # Display the global GVRP enable/disable state. <Sysname>...

  • Page 228: Garp Timer Hold, Garp Timer Join

    Operations of adding VLAN to TRUNK Operations of deleting VLAN from TRUNK garp timer hold Syntax garp timer hold timer-value undo garp timer hold View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters timer-value: Hold timer setting (in centiseconds), which must be a multiple of 5 in the range of 10 (inclusive) and half of the Join timer setting (inclusive).

  • Page 229: Garp Timer Leave

    View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters timer-value: Join timer setting (in centiseconds), which must be a multiple of 5 in the range of two times the Hold timer (inclusive) and half of the Leave timer (inclusive). When the Hold timer and the Leave timer are set to their default, the value range for the Join timer is 20 (inclusive) to 25 (inclusive).

  • Page 230: Garp Timer Leaveall

    aggregate interface, or all ports in a port group. Use the undo garp timer leave command to restore the default of the GARP Leave timer. This may fail if the default is beyond the valid value range for the Leave timer. By default, the Leave timer is set to 60 centiseconds.

  • Page 231: Gvrp Registration

    gvrp Syntax gvrp undo gvrp View System view, Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters None Description Use the gvrp command to enable GVRP globally (in system view), on a port (in Ethernet or Layer-2 aggregate interface view), or on all ports in a port group (in port group view).

  • Page 232: Reset Garp Statistics

    Parameters fixed: Sets the registration type to fixed. forbidden: Sets the registration type to forbidden. normal: Sets the registration type to normal. Description Use the gvrp registration command to configure the GVRP registration type on a port (in Ethernet or Layer-2 aggregate interface view) or all ports in a port group (in port group view).

  • Page 233

    The cleared statistics include the statistics about GVRP packets sent, received and dropped. You can use this command in conjunction with the display garp statistics command to display GARP statistics. Related commands: display gvrp statistics. Examples # Clear the GARP statistics on all ports. <Sysname>...

  • Page 234: Qos Volume

    (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers. The selective QinQ feature of the Switch 4510G series can be achieved through the cooperation between QoS policies. For the configuration commands of traffic classes, traffic behaviors, and other QoS policy-related functions, see QoS Commands in the QoS Volume.

  • Page 235: Raw-vlan-id Inbound

    The nest action cannot be applied to a VLAN or globally. Related commands: qos policy, traffic behavior, classifier behavior. Examples # Configure an outer VLAN tag for a traffic behavior. <Sysname> system-view [Sysname] traffic behavior database [Sysname-behavior-database] nest top-most vlan-id 100 raw-vlan-id inbound Syntax raw-vlan-id inbound { all | vlan-list }...

  • Page 236: Qinq Enable

    Examples # Configure GigabitEthernet 1/0/1 to tag frames of VLAN 3, VLAN 5, and VLAN 20 through VLAN 100 with SVLAN 100. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] qinq vid 100 [Sysname-GigabitEthernet1/0/1-vid-100] raw-vlan-id inbound 3 5 20 to 100 qinq enable Syntax qinq enable...

  • Page 237: Qinq Ethernet-type

    [Sysname] port-group manual 1 [Sysname-port-group-manual-1] group-member gigabitethernet 1/0/1 to gigabitethernet 1/0/6 [Sysname-port-group-manual-1] qinq enable qinq ethernet-type Syntax qinq ethernet-type hex-value undo qinq ethernet-type View System view Default Level 2: System level Parameters hex-value: Hexadecimal protocol type value, in the range of 0x0001 to 0xFFFF. However, do not set it to any of the protocol type values listed in Table 10-1 Common protocol type values Protocol type...

  • Page 238: Qinq Vid

    Configuration made in system view takes effect on all ports. Examples # Set the TPID value to 0x8200 globally. <Sysname> system-view [Sysname] qinq ethernet-type 8200 qinq vid Syntax qinq vid vlan-id undo qinq vid vlan-id View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters...

  • Page 239

    [Sysname] port-group manual 1 [Sysname-port-group-manual-1] group-member gigabitethernet 1/0/1 to gigabitethernet 1/0/6 [Sysname-port-group-manual-1] qinq vid 10 10-6...

  • Page 240: Bpdu Tunneling Configuration Commands

    BPDU Tunneling Configuration Commands BPDU Tunneling Configuration Commands bpdu-tunnel dot1q Syntax In Ethernet interface view or port group view: bpdu-tunnel dot1q { cdp | dldp | eoam | gvrp | hgmp | lacp | lldp | pagp | pvst | stp | udld | vtp } undo bpdu-tunnel dot1q { cdp | dldp | eoam | gvrp | hgmp | lacp | lldp | pagp | pvst | stp | udld | vtp } In Layer 2 aggregate interface view:...

  • Page 241: Bpdu-tunnel Tunnel-dmac

    Use the undo bpdu-tunnel dot1q command to disable BPDU tunneling for a protocol on the port or ports. By default, BPDU tunneling for any protocol is disabled. Note that: Settings made in Ethernet interface view or Layer 2 aggregate interface view take effect only on the current port;...

  • Page 242

    Parameters mac-address: Destination multicast MAC address for BPDUs, in the format of H-H-H. The allowed values 0x0100-0CCD-CDD0, 0x010F-E200-0003. Description Use the bpdu-tunnel tunnel-dmac command to configure the destination multicast MAC address for BPDUs. Use the undo bpdu-tunnel tunnel-dmac command to restore the default value. By default, the destination multicast MAC address for BPDUs is 0x010F-E200-0003.

  • Page 243

    Port Mirroring Configuration Commands Port Mirroring Configuration Commands display mirroring-group Syntax display mirroring-group { groupid | all | local | remote-destination | remote-source } View Any view Default Level 2: System level Parameters groupid: Number of the port mirroring group to be displayed, in the range of 1 to 4. all: Displays all port mirroring groups.

  • Page 244

    monitor egress port: GigabitEthernet1/0/11 remote-probe vlan: 200 Table 12-1 Description on the fields of the display mirroring-group command Field mirroring-group type status mirroring port monitor port monitor egress port remote-probe vlan mirroring-group Syntax mirroring-group groupid { local | remote-destination | remote-source } undo mirroring-group { groupid | all | local | remote-destination | remote-source } View System view...

  • Page 245: Mirroring-group Mirroring-port

    create the remote source mirroring group on the device where the mirroring port is located and create the remote destination mirroring group on the device where the monitor port is located. Examples # Create a local port mirroring group numbered 1. <Sysname>...

  • Page 246: Mirroring-group Monitor-egress

    You cannot add a mirroring port for a remote destination mirroring group. When removing a mirroring port from a mirroring group, make sure the traffic direction you specified in the undo mirroring-group mirroring-port command matches the actual monitored direction of the port. Examples # Configure mirroring ports in port mirroring group 1, assuming that the mirroring group already exists.

  • Page 247: Mirroring-group Monitor-port

    The outbound port cannot be a member port of the current mirroring group. It is not recommended to configure STP, RSTP, MSTP, 802.1X, IGMP Snooping, static ARP and MAC address learning on the outbound mirroring port; otherwise, the mirroring function may be affected.

  • Page 248: Mirroring-group Remote-probe Vlan

    The destination mirroring port can be an access, trunk, or hybrid port. It must be assigned to the remote mirroring VLAN. A remote source port mirroring group cannot contain destination ports. Before configuring the destination port for a port mirroring group, make sure the port mirroring group exists.

  • Page 249

    Examples # Specify VLAN 2 as the remote probe VLAN of port mirroring group 1, assuming that VLAN 2 already exists. <Sysname> system-view [Sysname] mirroring-group 1 remote-source [Sysname] mirroring-group 1 remote-probe vlan 2 mirroring-port Syntax [ mirroring-group groupid ] mirroring-port { inbound | outbound | both } undo [ mirroring-group groupid ] mirroring-port { inbound | outbound | both } View Ethernet port view...

  • Page 250

    monitor-port Syntax [ mirroring-group groupid ] monitor-port undo [ mirroring-group groupid ] monitor-port View Ethernet port view Default Level 2: System level Parameters groupid: Number of a local or remote destination mirroring group, in the range of 1 to 4. Description Use the monitor-port command to assign the current port to a local or remote destination mirroring group as the monitor port.

  • Page 251: Table Of Contents

    1 IP Addressing Configuration Commands ·······························································································1-1 IP Addressing Configuration Commands································································································1-1 display ip interface···························································································································1-1 display ip interface brief···················································································································1-3 ip address ········································································································································1-4 2 ARP Configuration Commands················································································································2-1 ARP Configuration Commands···············································································································2-1 arp check enable ·····························································································································2-1 arp max-learning-num ·····················································································································2-1 arp static ··········································································································································2-2 arp timer aging·································································································································2-3 display arp ·······································································································································2-3 display arp ip-address ·····················································································································2-5 display arp timer aging ····················································································································2-6...

  • Page 252: Table Of Contents

    arp rate-limit·····································································································································4-8 ARP Detection Configuration Commands·······························································································4-9 arp detection enable ························································································································4-9 arp detection mode························································································································4-10 arp detection static-bind ················································································································4-10 arp detection trust··························································································································4-11 arp detection validate ····················································································································4-12 display arp detection······················································································································4-13 display arp detection statistics·······································································································4-13 reset arp detection statistics··········································································································4-14 5 DHCP Relay Agent Configuration Commands ·······················································································5-1 DHCP Relay Agent Configuration Commands ·······················································································5-1 dhcp relay address-check ···············································································································5-1 dhcp relay information circuit-id format-type ···················································································5-2...

  • Page 253: Table Of Contents

    dhcp-snooping information remote-id string ····················································································7-6 dhcp-snooping information strategy ································································································7-7 dhcp-snooping trust ·························································································································7-7 display dhcp-snooping·····················································································································7-8 display dhcp-snooping information··································································································7-9 display dhcp-snooping packet statistics ························································································7-10 display dhcp-snooping trust···········································································································7-11 reset dhcp-snooping ······················································································································7-11 reset dhcp-snooping packet statistics ···························································································7-12 8 BOOTP Client Configuration Commands ·······························································································8-1 BOOTP Client Configuration Commands ·······························································································8-1 display bootp client ··························································································································8-1 ip address bootp-alloc ·····················································································································8-2 9 DNS Configuration Commands················································································································9-1...

  • Page 254: Ipv6 Address

    11 UDP Helper Configuration Commands································································································11-1 UDP Helper Configuration Commands ·································································································11-1 display udp-helper server ··············································································································11-1 reset udp-helper packet·················································································································11-1 udp-helper enable··························································································································11-2 udp-helper port ······························································································································11-2 udp-helper server ··························································································································11-3 12 IPv6 Basics Configuration Commands ·······························································································12-1 IPv6 Basics Configuration Commands ·································································································12-1 display dns ipv6 dynamic-host ······································································································12-1 display dns ipv6 server ··················································································································12-2 display ipv6 fib ·······························································································································12-3 display ipv6 host ····························································································································12-4...

  • Page 255: Table Of Contents

    reset ipv6 pathmtu ·······················································································································12-40 reset ipv6 statistics ······················································································································12-41 reset tcp ipv6 statistics ················································································································12-41 reset udp ipv6 statistics ···············································································································12-42 tcp ipv6 timer fin-timeout ·············································································································12-42 tcp ipv6 timer syn-timeout ···········································································································12-43 tcp ipv6 window ···························································································································12-43 13 sFlow Configuration Commands ·········································································································13-1 sFlow Configuration Commands···········································································································13-1 display sflow ··································································································································13-1 sflow agent ip·································································································································13-2 sflow collector ip ····························································································································13-3...

  • Page 256: Display Ip Interface

    IP Addressing Configuration Commands IP Addressing Configuration Commands display ip interface Syntax display ip interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display ip interface command to display information about a specified or all Layer 3 interfaces.

  • Page 257

    Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 1-1 display ip interface command output description Field current state Line protocol current state Internet Address Broadcast address The Maximum Transmit Unit input packets, bytes, multicasts...

  • Page 258: Display Ip Interface Brief

    Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: display ip interface brief Syntax display ip interface brief [ interface-type [ interface-number ] ] View...

  • Page 259

    <Sysname> display ip interface brief vlan-interface *down: administratively down (s): spoofing Interface Vlan-interface1 Vlan-interface2 Table 1-2 display ip interface brief command output description Field *down: administratively down (s) : spoofing Interface Physical Protocol IP Address Description ip address Syntax ip address ip-address { mask | mask-length } [ sub ] undo ip address [ ip-address { mask | mask-length } [ sub ] ] View Interface view...

  • Page 260

    mask-length: Subnet mask length, the number of consecutive ones in the mask. sub: Secondary IP address for the interface. Description Use the ip address command to assign an IP address and mask to the interface. Use the undo ip address command to remove all IP addresses from the interface. Use the undo ip address ip-address { mask | mask-length } command to remove the primary IP address.

  • Page 261: Arp Configuration Commands

    ARP Configuration Commands ARP Configuration Commands arp check enable Syntax arp check enable undo arp check enable View System view Default Level 2: System level Parameters None Description Use the arp check enable command to enable ARP entry check. With this function enabled, the device cannot learn any ARP entry with a multicast MAC address.

  • Page 262: Arp Static

    Default Level 2: System level Parameters number: Maximum number of dynamic ARP entries that a interface can learn. The value is in the range 0 to 256. Description Use the arp max-learning-num command to configure the maximum number of dynamic ARP entries that a interface can learn.

  • Page 263: Arp Timer Aging, Display Arp

    The vlan-id argument is used to specify the corresponding VLAN of an ARP entry and must be the ID of an existing VLAN. In addition, the Ethernet interface following the argument must belong to that VLAN. The VLAN interface of the VLAN must have been created. Related commands: reset arp, display arp.

  • Page 264

    Default Level 1: Monitor level Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. slot slot-number: Displays the ARP entries for the specified device. If the device is in an IRF, the slot-number argument represents the member ID of the device; if the device is not in any IRF, the slot-number argument represents the device ID.

  • Page 265: Display Arp Ip-address

    Field Aging Type Vpn-instance Name # Display the number of all ARP entries. <Sysname> display arp all count Total entry(ies): 4 display arp ip-address Syntax display arp ip-address [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default Level...

  • Page 266: Display Arp Timer Aging, Reset Arp

    display arp timer aging Syntax display arp timer aging View Any view Default Level 2: System level Parameters None Description Use the display arp timer aging command to display the aging time for dynamic ARP entries. Related commands: arp timer aging. Examples # Display the aging time for dynamic ARP entries.

  • Page 267: Gratuitous Arp Configuration Commands, Gratuitous-arp-sending Enable, Gratuitous-arp-learning Enable

    Description Use the reset arp command to clear ARP entries except authorized ARP entries from the ARP mapping table. With interface interface-type interface-number or slot slot-number specified, the command clears only dynamic ARP entries of the interface or the specified device in the IRF. Related commands: arp static, display arp.

  • Page 268

    View System view Default Level 2: System level Parameters None Description Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function. Use the undo gratuitous-arp-learning enable command to disable the function. By default, the function is enabled. With this function enabled, a device receiving a gratuitous ARP packet can add the source IP and MAC addresses carried in the packet to its own dynamic ARP table if it finds no ARP entry in the cache corresponding to the source IP address of the ARP packet exists;...

  • Page 269: Proxy Arp Configuration Commands

    Proxy ARP Configuration Commands Proxy ARP Configuration Commands display local-proxy-arp Syntax display local-proxy-arp [ interface vlan-interface vlan-id ] View Any view Default Level 2: System level Parameters interface vlan-interface vlan-id: Displays the local proxy ARP status of the specified VLAN interface. Description Use the display local-proxy-arp command to display the status of the local proxy ARP.

  • Page 270: Local-proxy-arp Enable, Proxy-arp Enable

    Description Use the display proxy-arp command to display the proxy ARP status. If an interface is specified, proxy ARP status of the specified interface is displayed; if no interface is specified, proxy ARP status of all interfaces is displayed. Related commands: proxy-arp enable. Examples # Display the proxy ARP status on VLAN-interface 1.

  • Page 271

    View VLAN interface view Default Level 2: System level Parameters None Description Use the proxy-arp enable command to enable proxy ARP. Use the undo proxy-arp enable command to disable proxy ARP. By default, proxy ARP is disabled. Related commands: display proxy-arp. Examples # Enable proxy ARP on VLAN-interface 2.

  • Page 272: Arp Attack Defense Configuration Commands, Arp Source Suppression Configuration Commands

    ARP Attack Defense Configuration Commands ARP Source Suppression Configuration Commands arp source-suppression enable Syntax arp source-suppression enable undo arp source-suppression enable View System view Default Level 2: System level Parameters None Description Use the arp source-suppression enable command to enable the ARP source suppression function. Use the undo arp source-suppression enable command to disable the function.

  • Page 273: Display Arp Source-suppression

    Parameters limit-value: Specifies the maximum number of packets with the same source IP address but unresolvable destination IP addresses that the device can receive in five seconds. It ranges from 2 to 1024. Description Use the arp source-suppression limit command to set the maximum number of packets with the same source IP address but unresolvable destination IP addresses that the device can receive in five seconds.

  • Page 274: Arp Defense Against Ip Packet Attack Configuration Commands, Arp Resolving-route Enable

    Table 4-1 display arp source-suppression command output description Field ARP source suppression is enabled Current suppression limit Current cache length ARP Defense Against IP Packet Attack Configuration Commands arp resolving-route enable Syntax arp resolving-route enable undo arp resolving-route enable View System view Default Level 2: System level...

  • Page 275: Source Mac Address Based Arp Attack Detection Configuration Commands, Arp Anti-attack Source-mac

    View System view Default Level 2: System level Parameters None Description Use the arp anti-attack active-ack enable command to enable the ARP active acknowledgement function. Use the undo arp anti-attack active-ack enable command to restore the default. By default, the ARP active acknowledgement function is disabled. Typically, this feature is configured on gateway devices to identify invalid ARP packets.

  • Page 276: Arp Anti-attack Source-mac Aging-time

    Default Level 2: System level Parameters filter: Specifies the filter mode. monitor: Specifies the monitor mode. Description Use the arp anti-attack source-mac command to enable source MAC address based ARP attack detection and specify the detection mode. Use the undo arp anti-attack source-mac command to restore the default. By default, source MAC address based ARP attack detection is disabled.

  • Page 277: Arp Anti-attack Source-mac Exclude-mac, Arp Anti-attack Source-mac Threshold

    By default, the aging timer for protected MAC addresses is 300 seconds (five minutes). Examples # Configure the aging timer for protected MAC addresses as 60 seconds. <Sysname> system-view [Sysname] arp anti-attack source-mac aging-time 60 arp anti-attack source-mac exclude-mac Syntax arp anti-attack source-mac exclude-mac mac-address&<1-n>...

  • Page 278: Display Arp Anti-attack Source-mac

    Default Level 2: System level Parameters threshold-value: Threshold for source MAC address based ARP attack detection, in the range 10 to 100. Description Use the arp anti-attack source-mac threshold command to configure the threshold for source MAC address based ARP attack detection. If the number of ARP packets sent from a MAC address within five seconds exceeds this threshold, the device considers this an attack.

  • Page 279: Arp Packet Source Mac Address Consistency Check Configuration Commands, Arp Anti-attack Valid-ack Enable

    <Sysname> display arp anti-attack source-mac slot 1 Source-MAC VLAN-ID 23f3-1122-3344 4094 23f3-1122-3355 4094 23f3-1122-33ff 4094 23f3-1122-33ad 4094 23f3-1122-33ce 4094 ARP Packet Source MAC Address Consistency Check Configuration Commands arp anti-attack valid-ack enable Syntax arp anti-attack valid-check enable undo arp anti-attack valid-check enable View System view Default Level...

  • Page 280: Arp Detection Configuration Commands, Arp Detection Enable

    undo arp rate-limit View Layer 2 Ethernet port view Default Level 2: System level Parameters disable: Disables ARP packet rate limit. rate pps: ARP packet rate in pps, in the range 50 to 500. drop: Discards the exceeded packets. Description Use the arp rate-limit command to configure or disable ARP packet rate limit.

  • Page 281: Arp Detection Mode, Arp Detection Static-bind

    By default, ARP detection is disabled for a VLAN. Examples # Enable ARP detection for VLAN 1. <Sysname> system-view [Sysname] vlan 1 [Sysname-Vlan1] arp detection enable arp detection mode Syntax arp detection mode { dhcp-snooping | dot1x | static-bind } undo arp detection mode { dhcp-snooping | dot1x | static-bind } View System view...

  • Page 282: Arp Detection Trust

    undo arp detection static-bind [ ip-address ] View System view Default Level 2: System level Parameters ip-address: IP address of the static binding. mac-address: MAC address of the static binding, in the format of H-H-H. Description Use the arp detection static-bind command to configure a static IP-to-MAC binding. Use the undo arp detection static-bind command to remove the configure static binding.

  • Page 283: Arp Detection Validate

    Parameters None Description Use the arp detection trust command to configure the port as an ARP trusted port. Use the undo arp detection trust command to configure the port as an ARP untrusted port. By default, the port is an ARP untrusted port. Examples # Configure GigabitEthernet 1/0/1 as an ARP trusted port.

  • Page 284: Display Arp Detection, Display Arp Detection Statistics

    Examples # Enable the checking of the MAC addresses and IP addresses of ARP packets. <Sysname> system-view [Sysname] arp detection validate dst-mac src-mac ip display arp detection Syntax display arp detection View Any view Default Level 1: Monitor level Parameters None Description Use the display arp detection command to display the VLAN(s) enabled with ARP detection.

  • Page 285: Reset Arp Detection Statistics

    Parameters interface interface-type interface-number: Displays the ARP detection statistics of a specified interface. Description Use the display arp detection statistics command to display statistics about ARP detection. This command only displays numbers of discarded packets. If no interface is specified, the statistics of all the interfaces will be displayed.

  • Page 286

    Description Use the reset arp detection statistics command to clear ARP detection statistics of a specified interface. If no interface is specified, the statistics of all the interfaces will be cleared. Examples # Clear the ARP detection statistics of all the interfaces. <Sysname>...

  • Page 287: Dhcp Relay Agent Configuration Commands

    DHCP Relay Agent Configuration Commands The DHCP relay agent configuration is supported only on VLAN interfaces. DHCP Relay Agent Configuration Commands dhcp relay address-check Syntax dhcp relay address-check { disable | enable } View Interface view Default Level 2: System level Parameters disable: Disables IP address match check on the relay agent.

  • Page 288: Dhcp Relay Information Circuit-id Format-type, Dhcp Relay Information Circuit-id String

    [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay address-check enable dhcp relay information circuit-id format-type Syntax dhcp relay information circuit-id format-type { ascii | hex } undo dhcp relay information circuit-id format-type View Interface view Default Level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii.

  • Page 289: Dhcp Relay Information Enable

    Default Level 2: System level Parameters circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. Description Use the dhcp relay information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option. Use the undo dhcp relay information circuit-id string command to restore the default.

  • Page 290: Dhcp Relay Information Format

    Examples # Enable Option 82 support on the relay agent. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information enable dhcp relay information format Syntax dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } undo dhcp relay information format [ verbose node-identifier ] View...

  • Page 291: Dhcp Relay Information Remote-id Format-type

    Using the undo dhcp relay information format command without the keyword verbose node-identifier restores the default normal padding format, or with the keyword verbose node-identifier restores the mac mode of the verbose padding format. If configuring the handling strategy of the DHCP relay agent as replace, you need to configure a padding format of Option 82.

  • Page 292: Dhcp Relay Information Remote-id String

    This command applies to configuring the non-user-defined remote ID sub-option only. After you configure the padding content for the remote ID sub-option using the dhcp relay information remote-id string command, ASCII is adopted as the code type. Examples # Configure the code type for the non-user-defined remote ID sub-option as ascii. <Sysname>...

  • Page 293: Dhcp Relay Information Strategy, Dhcp Relay Release Ip

    Examples # Configure the padding content for the remote ID sub-option as device001. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information remote-id string device001 dhcp relay information strategy Syntax dhcp relay information strategy { drop | keep | replace } undo dhcp relay information strategy View Interface view...

  • Page 294: Dhcp Relay Security Static

    Default Level 2: System level Parameters client-ip: DHCP client IP address. Description Use the dhcp relay release ip command to request the DHCP server to release a specified client IP address. Examples # Request the DHCP server to release the IP address 1.1.1.1. <Sysname>...

  • Page 295: Dhcp Relay Security Tracker

    When using the dhcp relay security static command to bind an interface to a static client entry, make sure that the interface is configured as a DHCP relay agent; otherwise, entry conflicts may occur. The undo dhcp relay security interface command is used to remove all the dynamic client entries from the interface.

  • Page 296: Dhcp Relay Server-detect, Dhcp Relay Server-group

    dhcp relay server-detect Syntax dhcp relay server-detect undo dhcp relay server-detect View System view Default Level 2: System level Parameters None Description Use the dhcp relay server-detect command to enable unauthorized DHCP server detection. Use the undo dhcp relay server-detect command to disable unauthorized DHCP server detection. By default, unauthorized DHCP server detection is disabled.

  • Page 297: Dhcp Relay Server-select

    ip ip-address: DHCP server IP address. Description Use the dhcp relay server-group command to specify a DHCP server for a DHCP server group. Use the undo dhcp relay server-group command to remove a DHCP server from a DHCP server group, if no ip ip-address is specified, all servers in the DHCP server group and the server group itself will be removed.

  • Page 298: Dhcp Select Relay

    The DHCP server group referenced in this command should have been configured by using the dhcp relay server-group command. Related commands: dhcp relay server-group. Examples # Correlate VLAN-interface 1 to DHCP server group 1. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay server-select 1 dhcp select relay Syntax...

  • Page 299: Display Dhcp Relay, Display Dhcp Relay Information

    display dhcp relay Syntax display dhcp relay { all | interface interface-type interface-number } View Any view Default Level 1: Monitor level Parameters all: Displays information of DHCP server groups that all interfaces correspond to. interface interface-type interface-number: Displays information of the DHCP server group that a specified interface corresponds to.

  • Page 300: Display Dhcp Relay Security

    interface interface-type interface-number: Displays the Option 82 configuration information of a specified interface. Description Use the display dhcp relay information command to display Option 82 configuration information on the DHCP relay agent. Examples # Display the Option 82 configuration information of all interfaces. <Sysname>...

  • Page 301: Display Dhcp Relay Security Statistics

    Examples # Display information about all bindings. <Sysname> display dhcp relay security IP Address MAC Address 10.1.1.1 00e0-0000-0001 Static 10.1.1.5 00e0-0000-0000 Static 2 dhcp-security item(s) found Table 5-2 display dhcp relay security command output description Field IP Address Client IP address MAC Address Client MAC address Type...

  • Page 302: Display Dhcp Relay Security Tracker, Display Dhcp Relay Server-group

    Table 5-3 display dhcp relay security statistics command output description Field Static Items Dynamic Items Temporary Items All Items display dhcp relay security tracker Syntax display dhcp relay security tracker View Any view Default Level 1: Monitor level Parameters None Description Use the display dhcp relay security tracker command to display the interval for refreshing dynamic bindings on the relay agent.

  • Page 303: Display Dhcp Relay Statistics

    all: Displays the information of all DHCP server groups. Description Use the display dhcp relay server-group command to display the configuration information of a specified or all DHCP server groups. Examples # Display IP addresses of DHCP servers in DHCP server group 1. <Sysname>...

  • Page 304

    Bad packets received: DHCP packets received from clients: DHCPDISCOVER packets received: DHCPREQUEST packets received: DHCPINFORM packets received: DHCPRELEASE packets received: DHCPDECLINE packets received: BOOTPREQUEST packets received: DHCP packets received from servers: DHCPOFFER packets received: DHCPACK packets received: DHCPNAK packets received: BOOTPREPLY packets received: DHCP packets relayed to servers: DHCPDISCOVER packets relayed:...

  • Page 305: Reset Dhcp Relay Statistics

    BOOTPREQUEST Server -> Client: DHCPOFFER DHCPACK DHCPNAK BOOTPREPLY reset dhcp relay statistics Syntax reset dhcp relay statistics [ server-group group-id ] View User view Default Level 1: Monitor level Parameters server-group group-id: Specifies a server group ID (in the range of 0 to 19) about which to remove statistics from the relay agent.

  • Page 306: Dhcp Client Configuration Commands

    DHCP Client Configuration Commands The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be the Windows 2000 Server or Windows 2003 Server.

  • Page 307

    Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds DHCP server: 40.1.1.2 # Display verbose DHCP client information. <Sysname> display dhcp client verbose Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59...

  • Page 308: Ip Address Dhcp-alloc

    Field DNS server Domain name Boot server Client ID T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. ip address dhcp-alloc Syntax ip address dhcp-alloc [ client-identifier mac interface-type interface-number ] undo ip address dhcp-alloc View Interface view Default Level 2: System level Parameters...

  • Page 309

    [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address dhcp-alloc...

  • Page 310: Dhcp Snooping Configuration Commands

    DHCP Snooping Configuration Commands The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.

  • Page 311: Dhcp-snooping Information Circuit-id Format-type, Dhcp-snooping Information Circuit-id String

    <Sysname> system-view [Sysname] dhcp-snooping dhcp-snooping information circuit-id format-type Syntax dhcp-snooping information circuit-id format-type { ascii | hex } undo dhcp-snooping information circuit-id format-type View Layer 2 Ethernet port view Default Level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex.

  • Page 312: Dhcp-snooping Information Enable

    Default Level 2: System level Parameters vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. Description Use the dhcp-snooping information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option.

  • Page 313: Dhcp-snooping Information Format

    Description Use the dhcp-snooping information enable command to configure DHCP snooping to support Option 82. Use the undo dhcp-snooping information enable command to disable this function. By default, DHCP snooping does not support Option 82. Examples # Configure DHCP snooping to support Option 82. <Sysname>...

  • Page 314: Dhcp-snooping Information Remote-id Format-type

    Note that when you use the undo dhcp-snooping information format command, if the verbose node-identifier argument is not specified, the padding format will be restored to normal; if the verbose node-identifier argument is specified, the padding format will be restored to verbose with MAC address as the node identifier.

  • Page 315: Dhcp-snooping Information Remote-id String

    dhcp-snooping information remote-id string Syntax dhcp-snooping information [ vlan vlan-id ] remote-id string { remote-id | sysname } undo dhcp-snooping information [ vlan vlan-id ] remote-id string View Layer 2 Ethernet port view Default Level 2: System level Parameters vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. remote-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 1 to 63 characters.

  • Page 316: Dhcp-snooping Information Strategy, Dhcp-snooping Trust

    <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabiEthernet1/0/1] dhcp-snooping information remote-id string device001 dhcp-snooping information strategy Syntax dhcp-snooping information strategy { drop | keep | replace } undo dhcp-snooping information strategy View Layer 2 Ethernet interface view Default Level 2: System level Parameters drop: Drops the requesting message containing Option 82.

  • Page 317: Display Dhcp-snooping

    Default Level 2: System level Parameters no-user-binding: Specifies the port not to record the clients’ IP-to-MAC bindings in DHCP requests it receives. The command without this keyword records the IP-to-MAC bindings of clients. Description Use the dhcp-snooping trust command to configure a port as a trusted port. Use the undo dhcp-snooping trust command to restore the default state of a port.

  • Page 318: Display Dhcp-snooping Information

    Examples # Display all DHCP snooping entries. <Sysname> display dhcp-snooping DHCP Snooping is enabled. The client binding table for all untrusted ports. Type : D--Dynamic , S--Static Type IP Address ==== =============== 10.1.1.1 00e0-fc00-0006 1 dhcp-snooping item(s) found Table 7-1 display dhcp snooping command output description Field Type IP Address...

  • Page 319: Display Dhcp-snooping Packet Statistics

    <Sysname> display dhcp-snooping information all Interface: GigabiEthernet 1/0/1 Status: Enable Strategy: Replace Format: Verbose Circuit ID format-type: HEX Remote ID format-type: ASCII Node identifier: aabbcc User defined: Circuit ID: company001 Interface: GigabiEthernet 1/0/2 Status: Disable Strategy: Keep Format: Normal Circuit ID format-type: HEX Remote ID format-type: ASCII User defined: Circuit ID: company001...

  • Page 320: Display Dhcp-snooping Trust, Reset Dhcp-snooping

    Examples # Display DHCP packet statistics on the DHCP snooping device. <Sysname> display dhcp-snooping packet statistics DHCP packets received DHCP packets sent Packets dropped due to rate limitation : 20 Dropped invalid packets display dhcp-snooping trust Syntax display dhcp-snooping trust View Any view Default Level...

  • Page 321: Reset Dhcp-snooping Packet Statistics

    Default Level 1: Monitor level Parameters all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entries of the specified IP address. Description Use the reset dhcp-snooping command to clear DHCP snooping entries. For an IRF, DHCP snooping entries on all devices will be cleared after you execute this command. Examples # Clear all DHCP snooping entries.

  • Page 322: Bootp Client Configuration Commands

    BOOTP Client Configuration Commands BOOTP client configuration can only be used on VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server. You are not recommended to enable both the DHCP client and the DHCP snooping on the same device.

  • Page 323: Ip Address Bootp-alloc

    Vlan-interface1 BOOTP client information: Allocated IP: 169.254.0.2 255.255.0.0 Transaction ID = 0x3d8a7431 Mac Address 00e0-fc0a-c3ef Table 8-1 display bootp client command output description Field Vlan-interface1 BOOTP client information Allocated IP Transaction ID Mac Address ip address bootp-alloc Syntax ip address bootp-alloc undo ip address bootp-alloc View Interface view...

  • Page 324

    [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address bootp-alloc...

  • Page 325: Dns Configuration Commands

    DNS Configuration Commands This document only covers IPv4 DNS configuration commands. For introduction to IPv6 DNS configuration commands, refer to IPv6 Basics Commands in the IP Services Volume. DNS Configuration Commands display dns domain Syntax display dns domain [ dynamic ] View Any view Default Level...

  • Page 326: Display Dns Dynamic-host

    Table 9-1 display dns domain command output description Field Sequence number Type of domain name suffix: S represents a statically configured domain Type name suffix, and D represents a domain name suffix obtained dynamically through DHCP. Domain-name Domain name suffix display dns dynamic-host Syntax display dns dynamic-host...

  • Page 327: Display Dns Server

    A domain name in the display dns dynamic-host command contains 21 characters at most. If a domain name consists of more than 21 characters, only the first 21 characters are displayed. display dns server Syntax display dns server [ dynamic ] View Any view Default Level...

  • Page 328: Display Ip Host, Dns Domain

    display ip host Syntax display ip host View Any view Default Level 1: Monitor level Parameters None Description Use the display ip host command to display the host names and corresponding IP addresses in the static domain name resolution table. Examples # Display the host names and corresponding IP addresses in the static domain name resolution table.

  • Page 329: Dns Proxy Enable

    Default Level 2: System level Parameters domain-name: Domain name suffix, consisting of character strings separated by a dot (for example, aabbcc.com). Each separated string contains no more than 63 characters. A domain name suffix may include case-insensitive letters, digits, hyphens (-), underscores (_), and dots (.), with a total length of 238 characters.

  • Page 330: Dns Resolve, Dns Server

    <Sysname> system-view [Sysname] dns proxy enable dns resolve Syntax dns resolve undo dns resolve View System view Default Level 2: System level Parameters None Description Use the dns resolve command to enable dynamic domain name resolution. Use the undo dns resolve command to disable dynamic domain name resolution. Dynamic domain name resolution is disabled by default.

  • Page 331: Ip Host, Reset Dns Dynamic-host

    No DNS server is specified by default. You can configure a maximum of six DNS servers, including those with IPv6 addresses. Related commands: display dns server. Examples # Specify the DNS server 172.16.1.1. <Sysname> system-view [Sysname] dns server 172.16.1.1 ip host Syntax ip host hostname ip-address undo ip host hostname [ ip-address ]...

  • Page 332

    View User view Default Level 2: System level Parameters None Description Use the reset dns dynamic-host command to clear the dynamic domain name resolution information. Related commands: display dns dynamic-host. Examples # Clear the dynamic domain name resolution information. <Sysname> reset dns dynamic-host...

  • Page 333: Ip Performance Optimization Configuration Commands, Display Fib

    IP Performance Optimization Configuration Commands IP Performance Optimization Configuration Commands display fib Syntax display fib [ | { begin | include | exclude } regular-expression | acl acl-number | ip-prefix ip-prefix-name ] View Any view Default Level 1: Monitor level Parameters |: Uses a regular expression to match FIB entries.

  • Page 334

    U:Useable G:Gateway H:Host R:Relay Destination/Mask Nexthop 10.2.0.0/16 10.2.1.1 10.2.1.1/32 127.0.0.1 127.0.0.0/8 127.0.0.1 127.0.0.1/32 127.0.0.1 # Display FIB information passing ACL 2000. <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.255 [Sysname-acl-basic-2000] display fib acl 2000 Destination count: 2 FIB entry count: 2 Flag: U:Useable...

  • Page 335: Display Fib Ip-address

    Table 10-1 display fib command output description Field Destination count FIB entry count Destination/Mask Nexthop Flag OutInterface InnerLabel Token display fib ip-address Syntax display fib ip-address [ mask | mask-length ] View Any view Default Level 1: Monitor level Parameters ip-address: Destination IP address, in dotted decimal notation.

  • Page 336: Display Icmp Statistics

    <Sysname> display fib 10.2.1.1 Destination count: 1 Flag: U:Useable G:Gateway R:Relay Destination/Mask Nexthop 10.2.1.1/32 127.0.0.1 For description about the above output, refer to display icmp statistics Syntax display icmp statistics [ slot slot-number ] View Any view Default Level 1: Monitor level Parameters slot slot-number: Displays the ICMP statistics on the specified device.

  • Page 337: Display Ip Socket

    time exceeded 0 Table 10-2 display icmp statistics command output description Field bad formats bad checksum echo destination unreachable source quench redirects echo reply parameter problem timestamp information request mask requests mask replies information reply time exceeded display ip socket Syntax display ip socket [ socktype sock-type ] [ task-id socket-id ] [ slot slot-number ] View...

  • Page 338

    Examples # Display the TCP socket information. <Sysname> display ip socket SOCK_STREAM: Task = VTYD(38), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_REUSEPORT SO_SENDVPNID(3073) SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = HTTP(36), socketid = 1, Proto = 6, LA = 0.0.0.0:80, FA = 0.0.0.0:0,...

  • Page 339

    Task = AGNT(51), socketid = 1, Proto = 17, LA = 0.0.0.0:161, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM SO_SENDVPNID(3073), socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RDSO(56), socketid = 1, Proto = 17, LA = 0.0.0.0:1024, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM,...

  • Page 340: Display Ip Statistics

    socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RSVP(73), socketid = 1, Proto = 46, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 4194304, rcvbuf = 4194304, sb_cc = 0, rb_cc = 0, socket option = 0, socket state = SS_PRIV SS_NBIO SS_ASYNC Table 10-3 display ip socket command output description Field SOCK_STREAM...

  • Page 341

    Description Use the display ip statistics command to display statistics of IP packets. Related commands: display ip interface (in IP Addressing Commands of the IP Services Volume), reset ip statistics. Examples # Display statistics of IP packets. <Sysname> display ip statistics Input: bad protocol bad checksum...

  • Page 342: Display Tcp Statistics

    display tcp statistics Syntax display tcp statistics View Any view Default Level 1: Monitor level Parameters None Description Use the display tcp statistics command to display statistics of TCP traffic. Related commands: display tcp status, reset tcp statistics. Examples # Display statistics of TCP traffic. <Sysname>...

  • Page 343

    Initiated connections: 0, accepted connections: 22, established connections: 22 Closed connections: 49 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 10-5 display tcp statistics command output description Field Total packets in sequence window probe packets window update packets checksum error...

  • Page 344: Display Tcp Status

    Field Initiated connections accepted connections established connections Closed connections Packets dropped with MD5 authentication Packets permitted with MD5 authentication display tcp status Syntax display tcp status View Any view Default Level 1: Monitor level Parameters None Description Use the display tcp status command to display status of all TCP connections for monitoring TCP connections.

  • Page 345: Display Udp Statistics

    Field State display udp statistics Syntax display udp statistics View Any view Default Level 1: Monitor level Parameters None Description Use the display udp statistics command to display statistics of UDP packets. Related commands: reset udp statistics. Examples # Display statistics of UDP packets. <Sysname>...

  • Page 346: Ip Forward-broadcast (interface View)

    Field broadcast/multicast(no socket on port) not delivered, input socket full input packets missing pcb cache Sent Total packets: ip forward-broadcast (interface view) Syntax ip forward-broadcast [ acl acl-number ] undo ip forward-broadcast View Interface view Default Level 2: System level Parameters acl acl-number: Access control list number, in the range 2000 to 3999.

  • Page 347: Ip Forward-broadcast (system View), Ip Redirects Enable

    ip forward-broadcast (system view) Syntax ip forward-broadcast undo ip forward-broadcast View System view Default Level 1: Monitor level Parameters None Description Use the ip forward-broadcast command to enable the device to receive directed broadcasts. Use the undo ip forward-broadcast command to disable the device from receiving directed broadcasts.

  • Page 348: Ip Ttl-expires Enable, Ip Unreachables Enable

    Examples # Enable sending of ICMP redirect packets. <Sysname> system-view [Sysname] ip redirects enable ip ttl-expires enable Syntax ip ttl-expires enable undo ip ttl-expires View System view Default Level 2: System level Parameters None Description Use the ip ttl-expires enable command to enable the sending of ICMP timeout packets. Use the undo ip ttl-expires command to disable sending ICMP timeout packets.

  • Page 349: Reset Ip Statistics, Reset Tcp Statistics

    Parameters None Description Use the ip unreachables enable command to enable the sending of ICMP destination unreachable packets. Use the undo ip unreachables command to disable sending ICMP destination unreachable packets. Sending ICMP destination unreachable packets is disabled by default. Examples # Enable sending ICMP destination unreachable packets.

  • Page 350: Reset Udp Statistics, Tcp Timer Fin-timeout

    View User view Default Level 2: System level Parameters None Description Use the reset tcp statistics command to clear statistics of TCP traffic. Related commands: display tcp statistics. Examples # Display statistics of TCP traffic. <Sysname> reset tcp statistics reset udp statistics Syntax reset udp statistics View...

  • Page 351: Tcp Timer Syn-timeout

    Default Level 2: System level Parameters time-value: Length of the TCP finwait timer in seconds, in the range 76 to 3,600. Description Use the tcp timer fin-timeout command to configure the length of the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default. By default, the length of the TCP finwait timer is 675 seconds.

  • Page 352: Tcp Window

    [Sysname] tcp timer syn-timeout 80 tcp window Syntax tcp window window-size undo tcp window View System view Default Level 2: System level Parameters window-size: Size of the send/receive buffer in KB, in the range 1 to 32. Description Use the tcp window command to configure the size of the TCP send/receive buffer. Use the undo tcp window command to restore the default.

  • Page 353: Udp Helper Configuration Commands, Display Udp-helper Server, Reset Udp-helper Packet

    UDP Helper Configuration Commands UDP Helper Configuration Commands display udp-helper server Syntax display udp-helper server [ interface interface-type interface-number ] View Any view Default Level 2: System level Parameters interface interface-type interface-number: Displays information of forwarded UDP packets on the specified interface.

  • Page 354: Udp-helper Enable, Udp-helper Port

    Default Level 2: System level Parameters None Description Use the reset udp-helper packet command to clear the statistics of UDP packets forwarded. Related commands: display udp-helper server. Examples # Clear the statistics of the forwarded UDP packets. <Sysname> reset udp-helper packet udp-helper enable Syntax udp-helper enable...

  • Page 355: Udp-helper Server

    undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } View System view Default Level 2: System level Parameters port-number: UDP port number with which packets need to be forwarded, in the range of 1 to 65535 (except 67 and 68).

  • Page 356

    Parameters ip-address: IP address of the destination server, in dotted decimal notation. Description Use the udp-helper server command to specify the destination server which UDP packets need to be forwarded to. Use the undo udp-helper server command to remove the destination server. No destination server is configured by default.

  • Page 357: Ipv6 Basics Configuration Commands

    IPv6 Basics Configuration Commands IPv6 Basics Configuration Commands display dns ipv6 dynamic-host Syntax display dns ipv6 dynamic-host View Any view Default Level 1: Monitor level Parameters None Description Use the display dns ipv6 dynamic-host command to display IPv6 dynamic domain name information, including the domain name, IPv6 address, and TTL of the DNS entries.

  • Page 358: Display Dns Ipv6 Server

    For a domain name displayed with the display dns ipv6 dynamic-host command, no more than 21 characters can be displayed. If the domain name exceeds the maximum length, the first 21 characters will be displayed. display dns ipv6 server Syntax display dns ipv6 server [ dynamic ] View Any view...

  • Page 359: Display Ipv6 Fib

    display ipv6 fib Syntax display ipv6 fib [ slot-number ] [ ipv6-address ] View Any view Default Level 1: Monitor level Parameters ipv6-address: Displays the IPv6 FIB entries for an IPv6 address. slot-number: Displays the IPv6 forwarding information base (FIB) entries of a specified device in an IRF.

  • Page 360: Display Ipv6 Host

    Field Flag Label Tunnel ID TimeStamp Interface display ipv6 host Syntax display ipv6 host View Any view Default Level 1: Monitor level Parameters None Description Use the display ipv6 host command to display the mappings between host names and IPv6 addresses in the static domain name resolution table.

  • Page 361: Display Ipv6 Interface

    Field Flag indicating the type of mapping between a host name and an IPv6 Flags address. Static indicates a static mapping. IPv6Address IPv6 address of a host display ipv6 interface Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ verbose ] View Any view Default Level...

  • Page 362

    InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: Table 12-5 display ipv6 interface verbose command output description (on a switch) Field Vlan-interface2 current state Line protocol current state Description Physical state of the interface: Administratively DOWN: Indicates that the VLAN interface is administratively down;...

  • Page 363

    Field IPv6 is enabled link-local address Global unicast address(es) Joined group address(es) ND DAD is enabled, number of DAD attempts ND reachable time ND retransmit interval Hosts use stateless autoconfig for addresses InReceives InTooShorts InTruncatedPkts InHopLimitExceeds InBadHeaders InBadOptions ReasmReqds ReasmOKs InFragDrops InFragTimeouts OutFragFails...

  • Page 364

    Field InTooBigErrors OutFragOKs OutFragCreates InMcastPkts InMcastNotMembers OutMcastPkts InAddrErrors InDiscards OutDiscards # Display the brief IPv6 information of all interfaces for which IPv6 addresses can be configured. <Sysname> display ipv6 interface *down: administratively down (s): spoofing Interface Vlan-interface1 Vlan-interface2 Vlan-interface100 Table 12-6 display ipv6 interface command output description Field *down: The interface is down, that is, the interface is closed by using the shutdown...

  • Page 365: Display Ipv6 Neighbors

    Field Link protocol state of the interface: Protocol IPv6 address of the interface. Only the first of configured IPv6 addresses is IPv6 Address displayed. (If no address is configured for the interface, “Unassigned” will be displayed.) display ipv6 neighbors Syntax display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ | { begin | exclude | include } regular-expression ] View...

  • Page 366: Display Ipv6 Neighbors Count

    You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Related commands: ipv6 neighbor, reset ipv6 neighbors. Examples # Display all neighbor information. <Sysname> display ipv6 neighbors all Type: S-Static IPv6 Address FE80::200:5EFF:FE32:B800 Table 12-7 display ipv6 neighbors command output description Field IPv6 Address Link-layer...

  • Page 367: Display Ipv6 Pathmtu

    Parameters all: Displays the total number of all neighbor entries, including neighbor entries acquired dynamically and configured statically. dynamic: Displays the total number of all neighbor entries acquired dynamically. static: Displays the total number of neighbor entries configured statically. slot slot-number: Displays the total number of neighbor entries of a specified device in an IRF. If no IRF is formed, the total number of neighbor entries of the current device is displayed only.

  • Page 368: Display Ipv6 Socket

    <Sysname> display ipv6 pathmtu all IPv6 Destination Address fe80::12 2222::3 Table 12-8 display ipv6 pathmtu command output description Field IPv6 Destination Address ZoneID PathMTU Type display ipv6 socket Syntax display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] [ slot slot-number ] View Any view Default Level...

  • Page 369

    SOCK_STREAM: Task = VTYD(14), socketid = 4, Proto = 6, LA = ::->22, FA = ::->0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID, socket state = SS_PRIV SS_ASYNC Task = VTYD(14), socketid = 3, Proto = 6, LA = ::->23, FA = ::->0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,...

  • Page 370: Display Ipv6 Statistics

    Field sb_cc rb_cc socket option socket state display ipv6 statistics Syntax display ipv6 statistics [ slot slot-number ] View Any view Default Level 1: Monitor level Parameters slot slot-number: Displays statistics of IPv6 packets and ICMPv6 packets on a specified device in an IRF.

  • Page 371

    reassembly timeout: 0 ICMPv6 protocol: Sent packets: Total: unreached: hopcount exceeded: parameter problem: echo request: neighbor solicit: router solicit: 0 redirected: Send failed: ratelimited: Received packets: Total: checksum error: 0 bad code: unreached: hopcount exceeded: parameter problem: echoed: neighbor solicit: router solicit: 0 redirected: unknown info type:...

  • Page 372

    Field Received packets: Total: local host: 0 hopcount exceeded: format error: 0 option error: protocol error: 0 fragments: reassembled: 0 reassembly failed: 0 reassembly timeout: 0 ICMPv6 protocol: Sent packets: Total: unreached: 0 too big: hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 0 echo replied:...

  • Page 373: Display Tcp Ipv6 Statistics

    Field Received packets: Total: checksum error: bad code unreached: hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 unknown error type: echoed: neighbor solicit: router solicit: redirected: router renumbering 0 unknown info type: Deliver failed: bad length: display tcp ipv6 statistics Syntax display tcp ipv6 statistics View...

  • Page 374

    Total: 0 packets in sequence: 0 (0 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 0 (0 bytes)

  • Page 375

    Table 12-11 display tcp ipv6 statistics command output description Field Received packets: Total: 0 packets in sequence: window probe packets: window update packets: 0 checksum error: offset error: short error: duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: packets with data after window: bytes)

  • Page 376: Display Tcp Ipv6 Status

    Field dropped initiated dropped display tcp ipv6 status Syntax display tcp ipv6 status View Any view Default Level 1: Monitor level Parameters None Description Use the display tcp ipv6 command to display the IPv6 TCP connection status, including IP address of the IPv6 TCP control block, local and peer IPv6 addresses, and status of the IPv6 TCP connection.

  • Page 377: Display Udp Ipv6 Statistics

    Field State display udp ipv6 statistics Syntax display udp ipv6 statistics View Any view Default Level 1: Monitor level Parameters None Description Use the display udp ipv6 statistics command to display the statistics of IPv6 UDP packets. You can use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets. Examples # Display the statistics information of IPv6 UDP packets.

  • Page 378: Dns Server Ipv

    Table 12-13 display udp ipv6 statistics command output description Field Total checksum error shorter than header data length larger than packet unicast(no socket on port) broadcast/multicast(no socket on port) not delivered, input socket full input packet missing pcb cache dns server ipv6 Syntax dns server ipv6 ipv6-address [ interface-type interface-number ] undo dns server ipv6 ipv6-address [ interface-type interface-number ]...

  • Page 379: Ipv6 Address

    ipv6 Syntax ipv6 undo ipv6 View System view Default Level 2: System level Parameters None Description Use the ipv6 command to enable IPv6. Use the undo ipv6 command to disable IPv6. By default, IPv6 is disabled. Examples # Enable IPv6. <Sysname>...

  • Page 380: Ipv6 Address Auto Link-local

    By default, no site-local address or global unicast address is configured for an interface. Note that except the link-local address automatically configured, all IPv6 addresses will be removed from the interface if you carry out the undo ipv6 address command without any parameter specified. Examples # Set the aggregatable global IPv6 unicast address of VLAN-interface 100 to 2001::1 with prefix length Method I:...

  • Page 381: Ipv6 Address Eui

    aggregatable global unicast address configured, the interface still has a link-local address. If the interface has no IPv6 site-local address or aggregatable global unicast address configured, it will have no link-local address. Manual assignment takes precedence over automatic generation. That is, if you first adopt automatic generation and then manual assignment, the manually assigned link-local address will overwrite the automatically generated one.

  • Page 382: Ipv6 Address Link-local

    Examples # Configure an IPv6 address in the EUI-64 format for VLAN-interface 100. The prefix length of the address is the same as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device. <Sysname>...

  • Page 383: Ipv6 Hoplimit-expires Enable, Ipv6 Host

    ipv6 hoplimit-expires enable Syntax ipv6 hoplimit-expires enable undo ipv6 hoplimit-expires View System view Default Level 2: System level Parameters None Description Use the ipv6 hoplimit-expires enable command to enable the sending of ICMPv6 time exceeded packets. Use the undo ipv6 hoplimit-expires command to disable the sending of ICMPv6 time exceeded packets.

  • Page 384: Ipv6 Icmp-error, Ipv6 Icmpv6 Multicast-echo-reply Enable

    ipv6-address: IPv6 address. Description Use the ipv6 host command to configure the mappings between host names and IPv6 addresses. Use the undo ipv6 host command to remove the mappings between host names and IPv6 addresses. Each host name can correspond to only one IPv6 address. Related commands: display ipv6 host.

  • Page 385: Ipv6 Nd Autoconfig Managed-address-flag

    undo ipv6 icmpv6 multicast-echo-reply View System view Default Level 2: System level Parameters None Description Use the ipv6 icmpv6 multicast-echo-reply enable command to enable the sending of multicast echo replies. Use the undo ipv6 icmpv6 multicast-echo-reply command to disable the sending of multicast echo replies.

  • Page 386: Ipv6 Nd Dad Attempts, Ipv6 Nd Autoconfig Other-flag

    Examples # Configure the host to acquire an IPv6 address through stateful autoconfiguration. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag Syntax ipv6 nd autoconfig other-flag undo ipv6 nd autoconfig other-flag View Interface view Default Level 2: System level Parameters...

  • Page 387: Ipv6 Nd Hop-limit

    Default Level 2: System level Parameters value: Number of attempts to send an NS message for DAD, in the range of 0 to 600. The default value is “1”. When it is set to 0, DAD is disabled. Description Use the ipv6 nd dad attempts command to configure the number of attempts to send an NS message for DAD.

  • Page 388: Ipv6 Nd Ns Retrans-timer, Ipv6 Nd Nud Reachable-time

    ipv6 nd ns retrans-timer Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer View Interface view Default Level 2: System level Parameters value: Interval for retransmitting an NS message in milliseconds, in the range of 1,000 to 4,294,967,295. Description Use the ipv6 nd ns retrans-timer command to set the interval for retransmitting an NS message.

  • Page 389: Ipv6 Nd Ra Halt

    Description Use the ipv6 nd nud reachable-time command to configure the neighbor reachable time on an interface. This time value serves as not only the neighbor reachable time on the local interface, but also the value of the Reachable Timer field in RA messages sent by the local interface. Use the undo ipv6 nd nud reachable-time command to restore the default neighbor reachable time and to specify the value of the Reachable Timer field in RA messages as 0, so that the number of hops is determined by the requesting device itself.

  • Page 390: Ipv6 Nd Ra Interval, Ipv6 Nd Ra Prefix

    ipv6 nd ra interval Syntax ipv6 nd ra interval max-interval-value min-interval-value undo ipv6 nd ra interval View Interface view Default Level 2: System level Parameters max-interval-value: Maximum interval for advertising RA messages in seconds, in the range of 4 to 1,800.

  • Page 391: Ipv6 Nd Ra Router-lifetime

    View Interface view Default Level 2: System level Parameters ipv6-address: IPv6 address or IPv6 address prefix. prefix-length: Prefix length of the IPv6 address. ipv6-prefix: IPv6 address prefix. valid-lifetime: Valid lifetime of a prefix in seconds, in the range of 0 to 4,294,967,295. preferred-lifetime: Preferred lifetime of a prefix used for stateless autoconfiguration in seconds, in the range of 0 to 4,294,967,295.

  • Page 392: Ipv6 Neighbor

    Parameters value: Router lifetime in seconds, in the range of 0 to 9,000. When it is set to 0, the device does not serve as the default router. Description Use the ipv6 nd ra router-lifetime command to configure the router lifetime in RA messages. Use the undo ipv6 nd ra router-lifetime command to restore the default.

  • Page 393: Ipv6 Neighbors Max-learning-num

    If the first method is used, the neighbor entry is in the INCMP state. After the device obtains the corresponding Layer 2 port information through resolution, the neighbor entry will go into the REACH state. If the second method is used, the corresponding VLAN interface must exist and the port specified by port-type port-number must belong to the VLAN specified by vlan-id.

  • Page 394: Ipv6 Pathmtu, Ipv6 Pathmtu Age

    ipv6 pathmtu Syntax ipv6 pathmtu ipv6-address [ value ] undo ipv6 pathmtu ipv6-address View System view Default Level 2: System level Parameters ipv6-address: IPv6 address. value: PMTU of a specified IPv6 address in bytes. It ranges from 1280 to 10000. Description Use the ipv6 pathmtu command to configure a static PMTU for a specified IPv6 address.

  • Page 395: Reset Dns Ipv6 Dynamic-host, Reset Ipv6 Neighbors

    By default, the aging time is 10 minutes. Note that the aging time is invalid for a static PMTU. Related commands: display ipv6 pathmtu. Examples # Set the aging time for a dynamic PMTU to 40 minutes. <Sysname> system-view [Sysname] ipv6 pathmtu age 40 reset dns ipv6 dynamic-host Syntax reset dns ipv6 dynamic-host...

  • Page 396: Reset Ipv6 Pathmtu

    Parameters all: Clears static and dynamic neighbor information on all interfaces. dynamic: Clears dynamic neighbor information on all interfaces. interface interface-type interface-number: Clears dynamic neighbor information on a specified interface. slot slot-number: Clears dynamic neighbor information on a specified device in an IRF. If no IRF is formed, only the dynamic neighbor information of the current device is cleared.

  • Page 397: Reset Ipv6 Statistics, Reset Tcp Ipv6 Statistics

    reset ipv6 statistics Syntax reset ipv6 statistics [ slot slot-number ] View User view Default Level 2: System level Parameters slot slot number: Clears the statistics of IPv6 packets and ICMPv6 packets on a specified device in an IRF. If no IRF is formed, related information on the current device is cleared only. The slot-number argument indicates the member ID of the device.

  • Page 398: Reset Udp Ipv6 Statistics, Tcp Ipv6 Timer Fin-timeout

    <Sysname> reset tcp ipv6 statistics reset udp ipv6 statistics Syntax reset udp ipv6 statistics View User view Default Level 2: System level Parameters None Description Use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets. You can use the display udp ipv6 statistics command to display the statistics of IPv6 UDP packets.

  • Page 399: Tcp Ipv6 Timer Syn-timeout, Tcp Ipv6 Window

    <Sysname> system-view [Sysname] tcp ipv6 timer fin-timeout 800 tcp ipv6 timer syn-timeout Syntax tcp ipv6 timer syn-timeout wait-time undo tcp ipv6 timer syn-timeout View System view Default Level 2: System level Parameters wait-time: Length of the synwait timer for IPv6 TCP connections in seconds, in the range of 2 to 600. Description Use the tcp ipv6 timer syn-timeout command to set the synwait timer for IPv6 TCP connections Use the undo tcp ipv6 timer syn-timeout command to restore the default.

  • Page 400

    By default, the size of the IPv6 TCP send/receive buffer is 8 KB. Examples # Set the size of the IPv6 TCP send/receive buffer to 4 KB. <Sysname> system-view [Sysname] tcp ipv6 window 4 12-44...

  • Page 401

    sFlow Configuration Commands sFlow Configuration Commands display sflow Syntax display sflow [slot slot-number ] View Any view Default Level 2: System level Parameters slot slot-number: Displays the sFlow configuration information of the specified IRF member device. The slot-number argument is the member number of the device in the IRF, which you can display with the display irf command.

  • Page 402: Sflow Agent Ip

    Field sFlow Global Information Agent Collector Interval(s) sFlow Port Information Interface Direction Rate Mode Status sflow agent ip Syntax sflow agent ip ip-address undo sflow agent ip View System view Default Level 2: System level Parameters ip-address: IP address of the sFlow agent. Description Use the sflow agent ip command to configure the IP address of the sFlow agent.

  • Page 403: Sflow Collector Ip, Sflow Enable

    sFlow does not work if the sFlow agent has no IP address configured, or the IP address of the sFlow agent is removed. Examples # Configure the IP address of the sFlow agent. <Sysname> system-view [Sysname] sflow agent ip 10.10.10.1 sflow collector ip Syntax sflow collector ip ip-address [ port portnum ]...

  • Page 404: Sflow Interval

    undo sflow enable { inbound | outbound } View Ethernet port view Default Level 2: System level Parameters inbound: Samples inbound packets. outbound: Samples outbound packets. Description Use the sflow enable command to enable sFlow in the inbound or outbound direction on the port. Use the undo sflow enable command to disable sFlow in the inbound or outbound direction on the port.

  • Page 405: Sflow Sampling-mode

    By default, the packet sampling mode is random. Note that this command should be used after sFlow is enabled on the current port. Currently, the determine mode is not supported on Switch 4510G Family. Examples # Configure the interface to sample a fixed number of inbound packets.

  • Page 406: Sflow Sampling-rate

    sflow sampling-rate Syntax sflow sampling-rate rate undo sflow sampling-rate View Ethernet port view Default Level 2: System level Parameters rate: Number of packets, in the range of 1000 to 500000. Description Use the sflow sampling-rate command to specify the number of packets out of which the interface will sample a packet.

  • Page 407: Table Of Contents

    1 IP Routing Table Commands····················································································································1-1 IP Routing Table Commands··················································································································1-1 display ip routing-table·····················································································································1-1 display ip routing-table acl···············································································································1-4 display ip routing-table ip-address···································································································1-7 display ip routing-table ip-prefix·······································································································1-9 display ip routing-table protocol·····································································································1-10 display ip routing-table statistics····································································································1-11 display ipv6 routing-table···············································································································1-12 display ipv6 routing-table acl ·········································································································1-13 display ipv6 routing-table ipv6-address ·························································································1-14 display ipv6 routing-table ipv6-address1 ipv6-address2 ·······························································1-15 display ipv6 routing-table ipv6-prefix ·····························································································1-16...

  • Page 408: Table Of Contents

    rip default-route ·····························································································································3-17 rip input··········································································································································3-18 rip metricin ·····································································································································3-19 rip metricout···································································································································3-20 rip mib-binding ·······························································································································3-21 rip output········································································································································3-21 rip poison-reverse··························································································································3-22 rip split-horizon ······························································································································3-22 rip summary-address·····················································································································3-23 rip version ······································································································································3-24 silent-interface (RIP view) ·············································································································3-25 summary········································································································································3-26 timers ·············································································································································3-26 validate-source-address ················································································································3-27 version ···········································································································································3-28 4 IPv6 Static Routing Configuration Commands ······················································································4-1 IPv6 Static Routing Configuration Commands ·······················································································4-1 delete ipv6 static-routes all··············································································································4-1 ipv6 route-static ·······························································································································4-2...

  • Page 409: Table Of Contents

    if-match interface ·····························································································································6-4 if-match tag······································································································································6-5 route-policy ······································································································································6-6 IPv4 Route Policy Configuration Commands··························································································6-7 apply ip-address next-hop ···············································································································6-7 display ip ip-prefix····························································································································6-7 if-match acl ······································································································································6-8 if-match ip ········································································································································6-9 if-match ip-prefix ····························································································································6-10 ip ip-prefix ······································································································································6-10 reset ip ip-prefix ·····························································································································6-12 IPv6 Route Policy Configuration Commands························································································6-12 apply ipv6 next-hop ·······················································································································6-12 display ip ipv6-prefix ······················································································································6-13 if-match ipv6 ··································································································································6-14...

  • Page 410: Ip Routing Table Commands

    IP Routing Table Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing Table Commands display ip routing-table Syntax display ip routing-table [ verbose | | { begin | exclude | include } regular-expression ]...

  • Page 411

    Use the display ip routing-table verbose command to display detailed information about all routes in the routing table. This command displays detailed information about all active and inactive routes, including the statistics of the entire routing table and information for each route. Examples # Display brief information about active routes in the routing table.

  • Page 412

    RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Destination: 127.0.0.0/8 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Destination: 127.0.0.1/32 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Displayed first are statistics for the whole routing table, followed by detailed description of each route...

  • Page 413: Display Ip Routing-table Acl

    Field Route status: Active Delete Gateway Holddown NoAdv State NotInstall Reject Static Unicast Inactive Invalid WaitQ TunE GotQ Time for which the route has been in the routing table, in the sequence of hour, minute, and second from left to right. Route tag display ip routing-table acl Syntax...

  • Page 414: Ip Routing Volume

    Default Level 1: Monitor level Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. verbose: Displays detailed routing table information, including that for inactive routes. With this argument absent, the command displays only brief information about active routes. Description Use the display ip routing-table acl command to display information about routes permitted by a specified basic ACL.

  • Page 415

    Summary Count: 6 Destination: 10.1.1.0/24 Protocol: Direct Preference: 0 NextHop: 10.1.1.2 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active Adv Tag: 0 Destination: 10.1.1.2/32 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Destination: 10.1.2.0/24 Protocol: Direct Preference: 0 NextHop: 10.1.2.1...

  • Page 416: Display Ip Routing-table Ip-address

    Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 For the description of the command output above, see display ip routing-table ip-address Syntax display ip routing-table ip-address [ mask-length | mask ] [ longer-match ] [ verbose ] display ip routing-table ip-address1 { mask-length | mask } ip-address2 { mask-length | mask } [ verbose ] View...

  • Page 417

    display ip routing-table ip-address longer-match The system ANDs the input destination IP address with the subnet mask in each route entry; and ANDs the destination IP address in each route entry with its corresponding subnet mask. If the two operations yield the same result for multiple entries that are active, the one with longest mask length is displayed.

  • Page 418: Display Ip Routing-table Ip-prefix

    # Display route entries by specifying a destination IP address and mask and the longer-match keyword. [Sysname] display ip routing-table 11.1.1.1 24 longer-match Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost 11.1.1.0/24 Static 60 For detailed description of the above output, see # Display route entries for destination addresses in the range 1.1.1.0 to 5.5.5.0.

  • Page 419: Display Ip Routing-table Protocol

    # Display brief information about active routes permitted by the prefix list test. [Sysname] display ip routing-table ip-prefix test Routes Matched by Prefix list : test Summary Count : 2 Destination/Mask Proto Pre Cost 2.2.2.0/24 Direct 0 2.2.2.1/32 Direct 0 For detailed description of the above output, see # Display detailed information about both active and inactive routes permitted by IP prefix list test.

  • Page 420: Display Ip Routing-table Statistics

    inactive: Displays information about only inactive routes. With this argument absent, the command displays information about both active and inactive routes. verbose: Displays detailed routing table information. With this argument absent, the command displays brief routing table information. Description Use the display ip routing-table protocol command to display routing information of a specified routing protocol.

  • Page 421: Display Ipv6 Routing-table

    View Any view Default Level 1: Monitor level Parameters None Description Use the display ip routing-table statistics command to display the route statistics of the routing table. Examples # Display route statistics in the routing table. <Sysname> display ip routing-table statistics Proto route active...

  • Page 422: Display Ipv6 Routing-table Acl

    Parameters None Description Use the display ipv6 routing-table command to display brief routing table information, including destination IP address and prefix, protocol type, priority, metric, next hop and outbound interface. The command displays only active routes, namely, the brief information about the current optimal routes.

  • Page 423: Display Ipv6 Routing-table Ipv6-address

    Description Use the display ipv6 routing-table acl command to display routing information permitted by the IPv6 ACL. If the specified IPv6 ACL is not available, all routing information is displayed. Examples # Display brief routing information permitted by ACL 2000. <Sysname>...

  • Page 424: Display Ipv6 Routing-table Ipv6-address1 Ipv6-address

    If the two operations yield the same result for an entry and the entry is active with a prefix length less than or equal to the input prefix length, the entry is displayed. Only route entries that exactly match the input destination address and prefix length are displayed. display ipv6 routing-table ipv6-address prefix-length longer-match The system ANDs the input destination IPv6 address with the input prefix length;...

  • Page 425: Display Ipv6 Routing-table Ipv6-prefix

    Parameters ipv6-address1/ipv6-address2: An IPv6 address range from IPv6 address1 to IPv6 address2. prefix-length1/prefix-length2: Prefix length, in the range 0 to 128. verbose: Displays both active and inactive verbose routing information. Without this keyword, only brief active routing information is displayed. Description Use the display ipv6 routing-table ipv6-address1 ipv6-address2 command to display routes with destinations falling into the specified IPv6 address range.

  • Page 426: Display Ipv6 Routing-table Protocol

    Description Use the display ipv6 routing-table ipv6-prefix command to display routes permitted by the IPv6 prefix list. Examples # Display brief active routing information permitted by the IPv6 prefix list test2. <Sysname> display ipv6 routing-table ipv6-prefix test2 Routes Matched by Prefix list test2 : Summary Count : 1 Destination: 100::/64 NextHop...

  • Page 427: Display Ipv6 Routing-table Statistics

    Destination: ::1/128 NextHop : ::1 Interface : InLoop0 Direct Routing Table's Status : < Inactive > Summary Count : 0 Refer to Table 1-4 for description about the above output. display ipv6 routing-table statistics Syntax display ipv6 routing-table statistics View Any view Default Level 1: Monitor level...

  • Page 428: Display Ipv6 Routing-table Verbose

    display ipv6 routing-table verbose Syntax display ipv6 routing-table verbose View Any view Default Level 1: Monitor level Parameters None Description Use the display ipv6 routing-table verbose command to display detailed information about all active and inactive routes, including the statistics of the entire routing table and information for each route. Examples # Display detailed information about all active and inactive routes.

  • Page 429: Reset Ip Routing-table Statistics Protocol, Reset Ipv6 Routing-table Statistics

    Field Protocol State of the route, Active, Inactive, Adv (advertised), or NoAdv (not State advertised) Cost Cost of the route Tunnel ID Tunnel ID Label Label Time that has elapsed since the route was generated reset ip routing-table statistics protocol Syntax reset ip routing-table statistics protocol { protocol | all } View...

  • Page 430

    Parameters protocol: Clears statistics for the routing protocol, which can be direct, ripng, or static. all: Clears statistics for all IPv6 routing protocols. Description Use the reset ipv6 routing-table statistics command to clear the route statistics of the routing table. Examples # Clear statistics for all routing protocols.

  • Page 431: Static Routing Configuration Commands

    Static Routing Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Static Routing Configuration Commands delete static-routes all Syntax delete static-routes all View System view Default Level 2: System level Parameters None.

  • Page 432: Ip Route-static

    ip route-static Syntax ip route-static dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] | interface-type interface-number next-hop-address] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] undo ip route-static dest-address { mask | mask-length } [ next-hop-address | interface-type interface-number [ next-hop-address ] ] [ preference preference-value ] View System view...

  • Page 433: Ip Route-static Default-preference

    Related commands: display ip routing-table, ip route-static default-preference. To configure track monitoring for an existing static route, simply associate the static route with a track entry. For a non-existent static route, configure it and associate it with a Track entry. If a static route needs route recursion, the associated track entry must monitor the nexthop of the recursive route instead of that of the static route;...

  • Page 434

    Examples # Set the default preference of static routes to 120. <Sysname> system-view [Sysname] ip route-static default-preference 120...

  • Page 435: Rip Configuration Commands

    RIP Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. RIP Configuration Commands checkzero Syntax checkzero undo checkzero View RIP view Default Level 2: System level Parameters None Description Use the checkzero command to enable the zero field check on RIPv1 messages.

  • Page 436: Default Cost (rip View)

    default cost (RIP view) Syntax default cost value undo default cost View RIP view Default Level 2: System level Parameters value: Default metric of redistributed routes, in the range of 0 to 16. Description Use the default cost command to configure the default metric for redistributed routes. Use the undo default cost command to restore the default.

  • Page 437: Display Rip

    Description Use the default-route originate cost command to configure all the interfaces under the RIP process to advertise a default route with the specified metric to RIP neighbors. Use the undo default-route command to disable all the interfaces under the RIP process from sending a default route.

  • Page 438

    Maximum number of balanced paths : 1 Update time 30 sec(s) Timeout time Suppress time : 120 sec(s) Garbage-collect time : 120 sec(s) update output delay : TRIP retransmit time : TRIP response packets retransmit count : Silent interfaces : None Default routes : Only Default route cost : 3 Verify-source : Enabled Networks :...

  • Page 439: Display Rip Database

    Field Default route cost Verify-source Networks Configured peers Triggered updates sent Number of routes changes Number of replies to queries display rip database Syntax display rip process-id database View Any view Default Level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. Description Use the display rip database command to display active routes in the database of the specified RIP process, which are sent in normal RIP routing updates.

  • Page 440: Display Rip Interface

    Field Rip-interface imported display rip interface Syntax display rip process-id interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. interface-type interface-number: Specifies an interface. Description Use the display rip interface command to display the RIP interface information of the RIP process.

  • Page 441: Display Rip Route

    Field MetricOut MetricOut route policy Split-horizon Poison-reverse Input/Output Current packets number/Maximum packets number display rip route Syntax display rip process-id route [ ip-address { mask | mask-length } | peer ip-address | statistics ] View Any view Default Level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535.

  • Page 442

    34.0.0.0/8 21.0.0.23 # Display routing information for network 56.0.0.0/8 of RIP process 1. <Sysname> display rip 1 route 56.0.0.0 8 Route Flags: R-RIP, T-TRIP P-Permanent, A-Aging, S-Suppressed, G-Garbage-collect -------------------------------------------------------------------------- Peer 21.0.0.23 on Vlan-interface1 Destination/Mask NextHop 56.0.0.0/8 21.0.0.23 # Display RIP process1 routing information learned from the specified neighbor. <Sysname>...

  • Page 443: Filter-policy Export (rip View)

    Table 3-5 display rip route statistics command output description Field Peer IP address of a neighbor Aging Total number of aging routes learned from the specified neighbor Permanent Total number of permanent routes learned from the specified neighbor Total number of routes in the garbage-collection state learned from the specified Garbage neighbor Total...

  • Page 444: Filter-policy Import (rip View)

    Related commands: acl, import-route, and ip ip-prefix. Examples # Reference ACL 2000 to filter outbound routes. <Sysname> system-view [Sysname] rip 1 [Sysname-rip-1] filter-policy 2000 export # Reference IP prefix list abc to filter outbound routes on Vlan-interface1. [Sysname-rip-1] filter-policy ip-prefix abc export Vlan-interface 1 filter-policy import (RIP view) Syntax filter-policy { acl-number | gateway ip-prefix-name | ip-prefix ip-prefix-name [ gateway...

  • Page 445: Import-route (rip View)

    host-route Syntax host-route undo host-route View RIP view Default Level 2: System level Parameters None Description Use the host-route command to enable host route reception. Use the undo host-route command to disable host route reception. By default, receiving host routes is enabled. In some cases, a router may receive many host routes from the same network segment.

  • Page 446

    Default Level 2: System level Parameters protocol: Specifies a routing protocol from which to redistribute routes. At present, it can be direct, rip, or static. process-id: Process ID, in the range of 1 to 65535. The default is 1. It is available only when the protocol is rip.

  • Page 447

    Default Level 2: System level Parameters network-address: IP address of a network segment, which can be the IP network address of any interface. Description Use the network command to enable RIP on the interface attached to the specified network. Use the undo network command to disable RIP on the interface attached to the specified network. RIP is disabled on an interface by default.

  • Page 448

    By default, an interface sends up to three RIP packets every 20 milliseconds. Examples # Configure all the interfaces under RIP process 1 to send up to 10 RIP packets every 30 milliseconds. <Sysname> system-view [Sysname] rip 100 [Sysname-rip-1] output-delay 30 output-count 10 peer Syntax peer ip-address...

  • Page 449: Reset Rip Statistics

    View RIP view Default Level 2: System level Parameters route-policy-name: Routing policy name with 1 to 19 characters. value: Priority for RIP route, in the range of 1 to 255. The smaller the value, the higher the priority. Description Use the preference command to specify the RIP route priority. Use the undo preference route-policy command to restore the default.

  • Page 450: Rip Authentication-mode

    Examples # Clear statistics in RIP process 100. <Sysname> reset rip 100 statistics Syntax rip [ process-id ] undo rip [ process-id ] View System view Default Level 2: System level Parameters process-id: RIP process ID, in the range of 1 to 65535. The default is 1. Description Use the rip command to create a RIP process and enter RIP view.

  • Page 451: Rip Default-route

    Parameters md5: MD5 authentication mode. rfc2453: Uses the message format defined in RFC 2453 (IETF standard). rfc2082: Uses the message format defined in RFC 2082. key-id: MD5 key number, in the range of 1 to 255. key-string: MD5 key string with 1 to 16 characters in plain text format, or 1 to 24 characters in cipher text format.

  • Page 452: Rip Input

    Description Use the rip default-route command to configure the RIP interface to advertise a default route with the specified metric. Use the undo rip default-route command to disable the RIP interface from sending a default route. By default, a RIP interface can advertise a default route if the RIP process is configured with default route advertisement.

  • Page 453: Rip Metricin

    <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] undo rip input rip metricin Syntax rip metricin [ route-policy route-policy-name ] value undo rip metricin View Interface view Default Level 2: System level Parameters route-policy route-policy-name: Specifies the name of a routing policy used to add an additional metric for the routes matching it.

  • Page 454: Rip Metricout

    [Sysname-route-policy] apply cost 6 [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] rip metricin route-policy abc 2 rip metricout Syntax rip metricout [ route-policy route-policy-name ] value undo rip metricout View Interface view Parameters value: Additional metric of sent routes, in the range of 1 to 16. Description Use the rip metricout command to add a metric to sent routes.

  • Page 455: Rip Output, Rip Mib-binding

    rip mib-binding Syntax rip mib-binding process-id undo rip mib-binding View System view Default Level 2: System level Parameters process-id: RIP process ID, in the range of 1 to 65535. Description Use the rip mib-binding command to bind MIB operations with a specified RIP process, so that the RIP process can receive SNMP requests.

  • Page 456: Rip Poison-reverse, Rip Split-horizon

    Use the undo rip output command to disable the interface from sending RIP messages. Sending RIP messages is enabled on an interface by default. Related commands: rip input. Examples # Disable VLAN-interface 10 from receiving RIP messages. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] undo rip output rip poison-reverse Syntax...

  • Page 457: Rip Summary-address

    Default Level 2: System level Parameters None Description Use the rip split-horizon command to enable the split horizon function. Use the undo rip split-horizon command to disable the split horizon function. The split horizon function is enabled by default. The split horizon function is necessary for preventing routing loops. Therefore, you are not recommended to disable it.

  • Page 458: Rip Version

    Description Use the rip summary-address command to configure RIPv2 to advertise a summary route through the interface. Use the undo rip summary-address command to remove the configuration. Note that the summary address is valid only when the automatic summarization is disabled. Related commands: summary.

  • Page 459: Silent-interface (rip View)

    Send RIPv2 broadcast messages Receive RIPv1 broadcast messages Receive RIPv1 unicast messages Receive RIPv2 broadcast messages Receive RIPv2 multicast messages Receive RIPv2 unicast messages When RIPv2 runs on the interface in multicast mode, the interface will: Send RIPv2 multicast messages Receive RIPv2 broadcast messages Receive RIPv2 multicast messages Receive RIPv2 unicast messages...

  • Page 460

    [Sysname-rip-100] network 131.108.0.0 summary Syntax summary undo summary View RIP view Default Level 2: System level Parameters None Description Use the summary command to enable automatic RIPv2 summarization. Natural masks are used to advertise summary routes so as to reduce the size of routing tables. Use the undo summary command to disable automatic RIPv2 summarization so that all subnet routes can be broadcast.

  • Page 461

    Parameters garbage-collect-value: Garbage-collect timer time in seconds, in the range of 1 to 3600. suppress-value: Suppress timer time in seconds, in the range of 0 to 3600. timeout-value: Timeout timer time in seconds, in the range of 1 to 3600. update-value: Update timer time in seconds, in the range of 1 to 3600.

  • Page 462

    Default Level 2: System level Parameters None Description Use the validate-source-address command to enable the source IP address validation on incoming RIP routing updates. Use the undo validate-source-address command to disable the source IP address validation. The source IP address validation is enabled by default. RIP checks whether the source IP address of the packet is on the same network segment as the interface IP address;...

  • Page 463

    If an interface has an RIP version specified, the RIP version takes precedence over the global RIP version. If no RIP version is specified for the interface and the global version is RIPv1, the interface inherits RIPv1, and it can send RIPv1 broadcasts, and receive RIPv1 broadcasts and unicasts. If no RIP version is specified for the interface and the global version is RIPv2, the interface operates in the RIPv2 multicast mode, and it can send RIPv2 multicasts, and receive RIPv2 broadcasts, multicasts and unicasts.

  • Page 464: Ipv6 Static Routing Configuration Commands

    IPv6 Static Routing Configuration Commands Throughout this chapter, the term “router” refers to a router in a generic sense or a Layer 3 switch running routing protocols. IPv6 Static Routing Configuration Commands delete ipv6 static-routes all Syntax delete ipv6 static-routes all...

  • Page 465: Ipv6 Route-static

    ipv6 route-static Syntax ipv6 route-static ipv6-address prefix-length [ interface-type interface-number ] nexthop-address [ preference preference-value ] undo ipv6 route-static [ nexthop-address ] [ preference preference-value ] View System view Default Level 2: System level Parameters ipv6-address prefix-length: IPv6 address and prefix length. interface-type interface-number: Interface type and interface number of the output interface.

  • Page 466: Ripng Configuration Commands

    RIPng Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. RIPng Configuration Commands checkzero Syntax checkzero undo checkzero View RIPng view Default Level 2: System level Parameters None Description Use the checkzero command to enable the zero field check on RIPng packets.

  • Page 467: Default Cost (ripng View), Display Ripng

    default cost (RIPng view) Syntax default cost cost undo default cost View RIPng view Default Level 2: System level Parameters cost: Default metric of redistributed routes, in the range of 0 to 16. Description Use the default cost command to specify the default metric of redistributed routes. Use the undo default cost command to restore the default.

  • Page 468: Display Ripng Database

    Description Use the display ripng command to display the running status and configuration information of a RIPng process. If process-id is not specified, information of all RIPng processes will be displayed. Examples # Display the running status and configuration information of all configured RIPng processes. <Sysname>...

  • Page 469

    Parameters process-id: RIPng process ID, in the range of 1 to 65535. Description Use the display ripng database command to display all active routes in the advertising database of the specified RIPng process, which are sent in normal RIPng update messages. Examples # Display the active routes in the database of RIPng process 100.

  • Page 470: Display Ripng Interface

    display ripng interface Syntax display ripng process-id interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. interface-type interface-number: Specifies an interface. Description Use the display ripng interface command to display the interface information of the RIPng process. If no interface is specified, information about all interfaces of the RIPng process will be displayed.

  • Page 471: Display Ripng Route

    Field Default route Summary address The summarized IPv6 prefix and the summary IPv6 prefix on the interface display ripng route Syntax display ripng process-id route View Any view Default Level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. Description Use the display ripng route command to display all RIPng routes and timers associated with each route of a RIPng process.

  • Page 472: Filter-policy Export

    Table 5-4 display ripng route command output description Field Peer Dest cost “A” “S” “G” filter-policy export Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol [ process-id ] ] undo filter-policy export [ protocol [ process-id ] ] View RIPng view Default Level...

  • Page 473: Filter-policy Import (ripng View)

    Examples # Use IPv6 prefix list Filter 2 to filter advertised RIPng updates. <Sysname> system-view [Sysname] ripng 100 [Sysname-ripng-100] filter-policy ipv6-prefix Filter2 export filter-policy import (RIPng view) Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import undo filter-policy import View RIPng view Default Level 2: System level...

  • Page 474

    Default Level 2: System level Parameters protocol: Specifies a routing protocol from which to redistribute routes. Currently, it can be direct or static. process-id: Process ID, in the range of 1 to 65535. The default is 1.This argument is available only when the protocol is ripng.

  • Page 475

    Use the undo preference route-policy command to restore the default. By default, the priority of a RIPng route is 100. Using the route-policy keyword can set a priority for routes filtered in by the routing policy: If a priority is set in the routing policy, the priority applies to matched routes, and the priority set by the preference command applies to routes not matched.

  • Page 476: Ripng Default-route, Ripng Enable

    ripng default-route Syntax ripng default-route { only | originate } [ cost cost ] undo ripng default-route View Interface view Default Level 2: System level Parameters only: Indicates that only the IPv6 default route (::/0) is advertised through the interface. originate: Indicates that the IPv6 default route (::/0) is advertised without suppressing other routes.

  • Page 477: Ripng Metricin

    Default Level 2: System level Parameters process-id: RIPng process ID, in the range of 1 to 65535. Description Use the ripng enable command to enable RIPng on the specified interface. Use the undo ripng enable command to disable RIPng on the specified interface. By default, RIPng is disabled on an interface.

  • Page 478: Ripng Metricout, Ripng Poison-reverse

    ripng metricout Syntax ripng metricout value undo ripng metricout View Interface view Default Level 2: System level Parameters value: Additional metric to advertised routes, in the range of 1 to 16. Description Use the ripng metricout command to configure an additional metric for RIPng routes advertised by an interface.

  • Page 479: Ripng Split-horizon

    Use the undo rip poison-reverse command to disable the poison reverse function. By default, the poison reverse function is disabled. Examples Enable the poison reverse function for RIPng update messages on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ripng poison-reverse ripng split-horizon Syntax ripng split-horizon...

  • Page 480: Ripng Summary-address

    [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ripng split-horizon ripng summary-address Syntax ripng summary-address ipv6-address prefix-length undo ripng summary-address ipv6-address prefix-length View Interface view Default Level 2: System level Parameters ipv6-address: Destination IPv6 address of the summary route. prefix-length: Prefix length of the destination IPv6 address of the summary route, in the range of 0 to 128.

  • Page 481

    Default Level 2: System level Parameters garbage-collect-value: Interval of the garbage-collect timer in seconds, in the range of 1 to 86400. suppress-value: Interval of the suppress timer in seconds, in the range of 0 to 86400. timeout-value: Interval of the timeout timer in seconds, in the range of 1 to 86400. update-value: Interval of the update timer in seconds, in the range of 1 to 86400.

  • Page 482: Route Policy Configuration Commands, Common Route Policy Configuration Commands, Apply Cost

    Route Policy Configuration Commands The common configuration commands of route policy are applicable to both IPv4 and IPv6. Common Route Policy Configuration Commands apply cost Syntax apply cost [ + | - ] value undo apply cost View Route policy view Default Level 2: System level Parameters...

  • Page 483: Apply Tag, Apply Preference

    [Sysname-route-policy] apply cost 120 apply preference Syntax apply preference preference undo apply preference View Route policy view Default Level 2: System level Parameters preference: Routing protocol preference, in the range of 1 to 255. Description Use the apply preference command to set a preference for a routing protocol. Use the undo apply preference command to remove the clause configuration.

  • Page 484: Display Route-policy

    Parameters value: Tag value, in the range 0 to 4294967295. Description Use the apply tag command to set a specified tag value for RIP routing information. Use the undo apply tag command to remove the clause configuration. No routing tag is set for RIP routing information by default. Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip-address next-hop, apply cost.

  • Page 485: If-match Cost, If-match Interface

    Table 6-1 display route-policy command output description. Field Route-policy Permit if-match ip-prefix abc apply cost 120 if-match cost Syntax if-match cost value undo if-match cost View Route policy view Default Level 2: System level Parameters cost: Cost in the range 0 to 4294967295. Description Use the if-match cost command to match routing information having the specified cost.

  • Page 486: If-match Tag

    View Route policy view Default Level 2: System level Parameters interface-type: Interface type interface-number: Interface number &<1-16>: Indicates the argument before it can be entered up to 16 times. Description Use the if-match interface command to specify interface(s) for matching against the outbound interface of routing information.

  • Page 487

    Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, route-policy, apply ip-address next-hop, apply cost, apply tag. Examples # Configure node 10 in permit mode of route policy policy1 to permit RIP routing information with a tag of 8.

  • Page 488: Ipv4 Route Policy Configuration Commands, Apply Ip-address Next-hop, Display Ip Ip-prefix

    Examples # Configure node 10 in permit mode of route policy policy1 and enter route policy view. <Sysname> system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] IPv4 Route Policy Configuration Commands apply ip-address next-hop Syntax apply ip-address next-hop ip-address undo apply ip-address next-hop View Route policy view Default Level...

  • Page 489: If-match Acl

    View Any view Default Level 1: Monitor level Parameters ip-prefix-name: IP prefix list name, a string of 1 to 19 characters. Description Use the display ip ip-prefix command to display the statistics of an IPv4 prefix list. If no ip-prefix-name is specified, statistics for all IPv4 prefix lists will be displayed. Related commands: ip ip-prefix.

  • Page 490: If-match Ip

    Default Level 2: System level Parameters acl-number: ACL number from 2000 to 3999. Description Use the if-match acl command to configure an ACL match criterion. Use the undo if-match acl command to remove the match criterion. No ACL match criterion is configured by default. Related commands: if-match interface, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip-address next-hop, apply cost, apply tag.

  • Page 491: If-match Ip-prefix, Ip Ip-prefix

    Examples # Configure node 10 of route policy policy1 to permit routing information whose next hop address matches IP prefix list p1. <Sysname> system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match ip next-hop ip-prefix p1 if-match ip-prefix Syntax if-match ip-prefix ip-prefix-name undo if-match ip-prefix View Route policy view...

  • Page 492

    Default Level 2: System level Parameters ip-prefix-name: IPv4 prefix list name, a string of 1 to 19 characters. index-number: Index number, in the range 1 to 65535, for uniquely specifying an item of the IPv4 prefix list. An index with a smaller number is matched first. permit: Specifies the matching mode for the IPv4 prefix list item as permit, that is, if a route matches the item, the route passes the IPv4 prefix list without needing to match against the next item;...

  • Page 493: Reset Ip Ip-prefix, Ipv6 Route Policy Configuration Commands, Apply Ipv6 Next-hop

    reset ip ip-prefix Syntax reset ip ip-prefix [ ip-prefix-name ] View User view Default Level 2: System level Parameters ip-prefix-name: IP prefix list name, a string of 1 to 19 characters. Description Use the reset ip ip-prefix command to clear the statistics of a specified IPv4 prefix list. If no ip-prefix-name is specified, the statistics of all IPv4 prefix lists will be cleared.

  • Page 494: Display Ip Ipv6-prefix

    Examples # Configure node 10 of route policy policy1 to set next hop 3ff3:506::1 for IPv6 routing information matching exsting ACL 2000. <Sysname> system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match acl 2000 [Sysname-route-policy] apply ipv6 next-hop 3ffe:506::1 display ip ipv6-prefix Syntax display ip ipv6-prefix [ ipv6-prefix-name ] View...

  • Page 495: If-match Ipv, Ip Ipv6-prefix

    Field if-match ipv6 Syntax if-match ipv6 { address | next-hop | route-source } { acl acl6-number | prefix-list ipv6-prefix-name } undo if-match ipv6 { address | next-hop | route-source } [ acl | prefix-list ] View Route policy view Default Level 2: System level Parameters address: Matches the destination address of IPv6 routing information.

  • Page 496

    undo ip ipv6-prefix ipv6-prefix-name [ index index-number ] View System view Default Level 2: System level Parameters ipv6-prefix-name: IPv6 prefix list name, a string of 1 to 19 characters, for uniquely specifying an IPv6 prefix list. index-number: Index number, in the range 1 to 65535, for uniquely specifying an IPv6 prefix list item. An item with a smaller index-number will be matched first.

  • Page 497: Reset Ip Ipv6-prefix

    <Sysname> system-view [Sysname] ip ipv6-prefix abc permit :: 0 greater-equal 32 less-equal 64 # Deny IPv6 addresses with the prefix being 3FFE:D00::/32, and prefix length being greater than or equal to 32 bits. <Sysname> system-view [Sysname] ip ipv6-prefix abc deny 3FEE:D00:: 32 less-equal 128 reset ip ipv6-prefix Syntax reset ip ipv6-prefix [ ipv6-prefix-name ]...

  • Page 498: Table Of Contents

    1 IGMP Snooping Configuration Commands ····························································································1-1 IGMP Snooping Configuration Commands·····························································································1-1 display igmp-snooping group ··········································································································1-1 display igmp-snooping statistics······································································································1-2 fast-leave (IGMP-Snooping view)····································································································1-3 group-policy (IGMP-Snooping view)································································································1-4 host-aging-time (IGMP-Snooping view) ··························································································1-5 igmp-snooping ·································································································································1-6 igmp-snooping drop-unknown ·········································································································1-6 igmp-snooping enable ·····················································································································1-7 igmp-snooping fast-leave ················································································································1-8 igmp-snooping general-query source-ip··························································································1-9 igmp-snooping group-limit ···············································································································1-9 igmp-snooping group-policy ··········································································································1-10 igmp-snooping host-aging-time ·····································································································1-11...

  • Page 499: Table Of Contents

    3 MLD Snooping Configuration Commands ······························································································3-1 MLD Snooping Configuration Commands ······························································································3-1 display mld-snooping group ············································································································3-1 display mld-snooping statistics········································································································3-2 fast-leave (MLD-Snooping view) ·····································································································3-3 group-policy (MLD-Snooping view) ·································································································3-4 host-aging-time (MLD-Snooping view) ····························································································3-5 last-listener-query-interval (MLD-Snooping view) ···········································································3-6 max-response-time (MLD-Snooping view) ······················································································3-7 mld-snooping ···································································································································3-7 mld-snooping enable ·······················································································································3-8 mld-snooping fast-leave ··················································································································3-9 mld-snooping general-query source-ip····························································································3-9...

  • Page 500: Igmp Snooping Configuration Commands

    IGMP Snooping Configuration Commands IGMP Snooping Configuration Commands display igmp-snooping group Syntax display igmp-snooping group [ vlan vlan-id ] [ slot slot-number ] [ verbose ] View Any view Default Level 1: Monitor level Parameters vlan vlan-id: Displays the IGMP Snooping multicast group information in the specified VLAN, where vlan-id is in the range of 1 to 4094.

  • Page 501: Display Igmp-snooping Statistics

    Router port(s):total 1 port. GE1/0/1 IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.1): Attribute: Host port(s):total 1 port. GE1/0/2 MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 1 port. GE1/0/2 Table 1-1 display igmp-snooping group command output description Field Total 1 IP Group(s).

  • Page 502: Fast-leave (igmp-snooping View)

    Parameters None Description Use the display igmp-snooping statistics command to view the statistics information of IGMP messages learned by IGMP Snooping. Examples # View the statistics information of IGMP messages learned by IGMP Snooping. <Sysname> display igmp-snooping statistics Received IGMP general queries:0. Received IGMPv1 reports:0.

  • Page 503: Group-policy (igmp-snooping View)

    Description Use the fast-leave command to enable fast leave processing globally. With this function enabled, when the switch receives an IGMP leave message on a port, it directly removes that port from the multicast forwarding entry of the specific group.

  • Page 504: Host-aging-time (igmp-snooping View)

    vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID. The effective range of a VLAN ID is 1 to 4094.

  • Page 505: Igmp-snooping Drop-unknown

    Use the undo host-aging-time command to restore the default setting. By default, the aging time of dynamic member ports is 260 seconds. This command works on IGMP Snooping–enabled VLANs. Related commands: igmp-snooping host-aging-time. Examples # Set the aging time of dynamic member ports globally to 300 seconds. <Sysname>...

  • Page 506: Igmp-snooping Enable

    View VLAN view Default Level 2: System level Parameters None Description Use the igmp-snooping drop-unknown command to enable the function of dropping unknown multicast data in the current VLAN,so that such multicast data will only be forwarded to router ports. Use the undo igmp-snooping drop-unknown command to disable the function of dropping unknown multicast data in the current VLAN.

  • Page 507: Igmp-snooping Fast-leave

    Use the igmp-snooping fast-leave command to enable fast leave processing on the current port or group of ports. With this function enabled, when the switch receives an IGMP leave message on a port, it directly removes that port from the multicast forwarding entry of the specific group.

  • Page 508: Igmp-snooping General-query Source-ip, Igmp-snooping Group-limit

    Examples # Enable fast leave processing on GigabitEthernet1/0/1 in VLAN 2. <Sysname> system-view [Sysname] interface gigabitethernet1/0/1 [Sysname-GigabitEthernet1/0/1] igmp-snooping fast-leave vlan 2 igmp-snooping general-query source-ip Syntax igmp-snooping general-query source-ip { current-interface | ip-address } undo igmp-snooping general-query source-ip View VLAN view Default Level 2: System level Parameters...

  • Page 509: Igmp-snooping Group-policy

    View Ethernet port view, Layer 2 aggregate port view, port group view Default Level 2: System level Parameters limit: Maximum number of multicast groups that can be joined on a port. The effective range is 1 to 1000. vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.

  • Page 510: Igmp-snooping Host-aging-time

    Parameters acl-number: Basic or advanced ACL number, in the range of 2000 to 3999. The source address or address range specified in the advanced ACL rule is used to match the multicast source address(es) specified in IGMPv3 reports, rather than the source address in the IP packets. The system assumes that an IGMPv1 or IGMPv2 report or an IGMPv3 IS_EX and TO_EX report that does not carry a multicast source address carries a multicast source address of 0.0.0.0.

  • Page 511: Igmp-snooping Host-join

    undo igmp-snooping host-aging-time View VLAN view Default Level 2: System level Parameters interval: Dynamic member port aging time, in seconds. The effective range is 200 to 1,000. Description Use the igmp-snooping host-aging-time command to configure the aging time of dynamic member ports in the current VLAN.

  • Page 512: Igmp-snooping Last-member-query-interval

    Description Use the igmp-snooping host-join command to configure the current port(s) as simulated member host(s), namely configure the current port as a member host for the specified multicast group or source and group. Use the undo igmp-snooping host-join command to remove the current port(s) as simulated member host(s) for the specified multicast group or source and group.

  • Page 513: Igmp-snooping Max-response-time

    Description Use the igmp-snooping last-member-query-interval command to configure the interval between IGMP last-member queries in the VLAN. Use the undo igmp-snooping last-member-query-interval command to restore the default setting. By default, the IGMP last-member query interval is 1 second. This command takes effect only if IGMP Snooping is enabled in the VLAN. Related commands: last-member-query-interval.

  • Page 514: Igmp-snooping Overflow-replace, Igmp-snooping Querier

    igmp-snooping overflow-replace Syntax igmp-snooping overflow-replace [ vlan vlan-list ] undo igmp-snooping overflow-replace [ vlan vlan-list ] View Ethernet port view, Layer 2 aggregate port view, port group view Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.

  • Page 515: Ip Multicast Volume, Igmp-snooping Query-interval

    undo igmp-snooping querier View VLAN view Default Level 2: System level Parameters None Description Use the igmp-snooping querier command to enable the IGMP Snooping querier function. Use the undo igmp-snooping querier command to disable the IGMP Snooping querier function. By default, the IGMP Snooping querier function is disabled. Note that: This command takes effect only if IGMP Snooping is enabled in the VLAN.

  • Page 516: Igmp-snooping Router-aging-time, Igmp-snooping Source-deny

    By default, the IGMP general query interval is 60 seconds. This command takes effect only if IGMP Snooping is enabled in the VLAN. Related commands: max-response-time. Examples # Set the interval between IGMP general queries to 20 seconds in VLAN 2. <Sysname>...

  • Page 517: Igmp-snooping Special-query Source-ip

    View Ethernet port view, port group view Default Level 2: System level Parameters None Description Use the igmp-snooping source-deny command to enable multicast source port filtering. Use the undo igmp-snooping source-deny command to disable multicast source port filtering. By default, multicast source port filtering is disabled. This command works on IGMP Snooping–enabled VLANs.

  • Page 518: Igmp-snooping Static-group

    This command takes effect only if IGMP Snooping is enabled in the VLAN. Examples # In VLAN 2 specify 10.1.1.1 as the source IP address of IGMP group-specific queries. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping special-query source-ip 10.1.1.1 igmp-snooping static-group Syntax igmp-snooping static-group group-address [ source-ip source-address ] vlan vlan-id undo igmp-snooping static-group group-address [ source-ip source-address ] vlan vlan-id...

  • Page 519: Igmp-snooping Static-router-port

    <Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping version 3 [Sysname-vlan2] quit [Sysname] interface gigabitethernet1/0/1 [Sysname-GigabitEthernet1/0/1] igmp-snooping static-group 232.1.1.1 source-ip 1.1.1.1 vlan igmp-snooping static-router-port Syntax igmp-snooping static-router-port vlan vlan-id undo igmp-snooping static-router-port vlan vlan-id View Ethernet port view, Layer 2 aggregate port view, port group view Default Level...

  • Page 520: Igmp-snooping Version, Last-member-query-interval (igmp-snooping View)

    igmp-snooping version Syntax igmp-snooping version version-number undo igmp-snooping version View VLAN view Default Level 2: System level Parameters version-number: IGMP snooping version, in the range of 2 to 3. Description Use the igmp-snooping version command to configure the IGMP Snooping version. Use the undo igmp-snooping version command to restore the default setting.

  • Page 521: Max-response-time (igmp-snooping View)

    Parameters interval: Interval between IGMP last-member queries, in seconds. The effective range is 1 to 5. Description Use the last-member-query-interval command to configure the interval between IGMP last-member queries globally. Use the undo last-member-query-interval command to restore the default setting. By default, the interval between IGMP last-member queries is 1 second.

  • Page 522: Overflow-replace (igmp-snooping View), Report-aggregation (igmp-snooping View)

    overflow-replace (IGMP-Snooping view) Syntax overflow-replace [ vlan vlan-list ] undo overflow-replace [ vlan vlan-list ] View IGMP-Snooping view Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.

  • Page 523: Reset Igmp-snooping Group

    Default Level 2: System level Parameters None Description Use the report-aggregation command to enable IGMP report suppression. Use the undo report-aggregation command to disable IGMP report suppression. By default, IGMP report suppression is enabled. This command works on IGMP Snooping–enabled VLANs. Examples # Disable IGMP report suppression.

  • Page 524: Reset Igmp-snooping Statistics, Router-aging-time (igmp-snooping View)

    reset igmp-snooping statistics Syntax reset igmp-snooping statistics View User view Default Level 2: System level Parameters None Description Use the reset igmp-snooping statistics command to clear the statistics information of IGMP messages learned by IGMP Snooping. Examples # Clear the statistics information of all kinds of IGMP messages learned by IGMP Snooping. <Sysname>...

  • Page 525: Source-deny (igmp-snooping View)

    <Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] router-aging-time 100 source-deny (IGMP-Snooping view) Syntax source-deny port interface-list undo source-deny port interface-list View IGMP-Snooping view Default Level 2: System level Parameters interface-list: Specifies one or multiple ports. You can provide up to ten port lists, by each of which you can specify an individual port in the form of interface-type interface-number, or a port range in the form of interface-type start-interface-number to interface-type end-interface-number, where the end interface number must be greater than the start interface number.

  • Page 526: Multicast Vlan Configuration Commands

    Multicast VLAN Configuration Commands Multicast VLAN Configuration Commands display multicast-vlan Syntax display multicast-vlan [ vlan-id ] View Any view Default Level 1: Monitor level Parameters vlan-id: VLAN ID of a multicast VLAN, in the range of 1 to 4094. If this argument is not provided, the information about all multicast VLANs will be displayed.

  • Page 527: Port (multicast Vlan View)

    multicast-vlan Syntax multicast-vlan vlan-id undo multicast-vlan { all | vlan-id } View System view Default Level 2: System level Parameters vlan-id: Specifies a VLAN by its ID, in the range of 1 to 4094. all: Deletes all multicast VLANs. Description Use the multicast-vlan command to configure the specified VLAN as a multicast VLAN and enter multicast VLAN view.

  • Page 528: Port Multicast-vlan

    undo port { all | interface-list } View Multicast VLAN view Default Level 2: System level Parameters interface-list: Specifies a port in the form of interface-type interface-number, or a port range in the form of interface-type start-interface-number to interface-type end-interface-number, where the end interface number must be greater than the start interface number.

  • Page 529: Subvlan (multicast Vlan View)

    Description Use the port multicast-vlan command to assign the current port(s) to the specified multicast VLAN. Use the undo port multicast-vlan command to restore the system default. By default, a port does not belong to any multicast VLAN. Note that a port can belong to only one multicast VLAN. Examples # Assign GigabitEthernet1/0/1 to multicast VLAN 100.

  • Page 530

    [Sysname-mvlan-100] subvlan 10 to 15...

  • Page 531

    MLD Snooping Configuration Commands MLD Snooping Configuration Commands display mld-snooping group Syntax display mld-snooping group [ vlan vlan-id ] [ slot slot-number ] [ verbose ] View Any view Default Level 1: Monitor level Parameters vlan vlan-id: Displays the MLD Snooping multicast group information in the specified VLAN, where vlan-id is in the range of 1 to 4094.

  • Page 532: Display Mld-snooping Statistics

    Total 1 MAC Group(s). Router port(s):total 1 port. GE1/0/1 IP group(s):the following ip group(s) match to one mac group. IP group address:FF1E::101 (::, FF1E::101): Attribute: Host Port Host port(s):total 1 port. GE1/0/2 MAC group(s): MAC group address:3333-0000-0101 Host port(s):total 1 port. GE1/0/2 Table 3-1 display mld-snooping group command output description Field...

  • Page 533: Fast-leave (mld-snooping View)

    Parameters None Description Use the display mld-snooping statistics command to view the statistics information of MLD messages learned by MLD Snooping. Examples # View the statistics information of all kinds of MLD messages learned by MLD Snooping. <Sysname> display mld-snooping statistics Received MLD general queries:0.

  • Page 534: Group-policy (mld-snooping View)

    Description Use the fast-leave command to enable fast leave processing globally. With this function enabled, when the switch receives an MLD leave message on a port, it directly removes that port from the forwarding table entry for the specific group.

  • Page 535: Host-aging-time (mld-snooping View)

    vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID. The effective range of a VLAN ID is 1 to 4094.

  • Page 536: Last-listener-query-interval (mld-snooping View)

    Description Use the host-aging-time command to configure the aging time of dynamic member ports globally. Use the undo host-aging-time command to restore the default setting. By default, the aging time of dynamic member ports is 260 seconds. This command works on MLD Snooping–enabled VLANs Related commands: mld-snooping host-aging-time.

  • Page 537: Max-response-time (mld-snooping View)

    max-response-time (MLD-Snooping view) Syntax max-response-time interval undo max-response-time View MLD-Snooping view Default Level 2: System level Parameters interval: Maximum response time for MLD general queries, in units of seconds. The effective range is 1 to 25. Description Use the max-response-time command to configure the maximum response time for MLD general queries globally.

  • Page 538: Mld-snooping Enable

    Description Use the mld-snooping command to enable MLD Snooping globally and enter MLD-Snooping view. Use the undo mld-snooping command to disable MLD Snooping globally. By default, MLD Snooping is disabled. Related commands: mld-snooping enable. Examples # Enable MLD Snooping globally and enter MLD-Snooping view. <Sysname>...

  • Page 539: Mld-snooping Fast-leave, Mld-snooping General-query Source-ip

    Use the mld-snooping fast-leave command to enable fast leave processing on the current port or group of ports. With this function enabled, when the switch receives an MLD leave message on a port, it directly removes that port from the forwarding table entry for the specific group.

  • Page 540: Mld-snooping Group-limit

    undo mld-snooping general-query source-ip View VLAN view Default Level 2: System level Parameters current-interface: Sets the source IPv6 link-local address of MLD general queries to the IPv6 address of the current VLAN interface. If the current VLAN interface does not have an IPv6 address, the default IPv6 address FE80::02FF:FFFF:FE00:0001 will be used as the source IPv6 address of MLD general queries.

  • Page 541: Mld-snooping Group-policy

    to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID. The effective range of a VLAN ID is 1 to 4094. Description Use the mld-snooping group-limit command to configure the maximum number of IPv6 multicast groups that can be joined on a port.

  • Page 542: Mld-snooping Host-aging-time

    Description Use the mld-snooping group-policy command to configure an IPv6 multicast group filter on the current port(s), namely to control the IPv6 multicast groups hosts on the port(s) can join. Use the undo mld-snooping group-policy command to remove the configured IPv6 multicast group filter on the current port(s).

  • Page 543: Mld-snooping Host-join

    Description Use the mld-snooping host-aging-time command to configure the aging time of dynamic member ports in the current VLAN. Use the undo mld-snooping host-aging-time command to restore the system default. By default, the dynamic member port aging time is 260 seconds. This command takes effect only if MLD Snooping is enabled in the VLAN.

  • Page 544: Mld-snooping Last-listener-query-interval

    The source-ip ipv6-source-address option in the command is meaningful only for MLD Snooping version 2. If MLD Snooping version 1 is running, although you can include source-ip ipv6-source-address in your command, the simulated host responses with only an MLDv1 report when receiving a query message.

  • Page 545: Mld-snooping Max-response-time, Mld-snooping Overflow-replace

    Examples # Set the MLD last-listener query interval to 3 seconds in VLAN 2. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] mld-snooping last-listener-query-interval 3 mld-snooping max-response-time Syntax mld-snooping max-response-time interval undo mld-snooping max-response-time View VLAN view Default Level 2: System level Parameters interval: Maximum response time for MLD general queries, in units of seconds.

  • Page 546: Mld-snooping Querier

    Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.

  • Page 547: Mld-snooping Query-interval

    Parameters None Description Use the mld-snooping querier command to enable the MLD Snooping querier function. Use the undo mld-snooping querier command to disable the MLD Snooping querier function. By default, the MLD Snooping querier function is disabled. Note that: This command takes effect only if MLD Snooping is enabled in the VLAN. This command does not take effect in a sub-VLAN of an IPv6 multicast VLAN.

  • Page 548: Mld-snooping Router-aging-time, Mld-snooping Source-deny

    Examples # Set the MLD query interval to 20 seconds in VLAN 2. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] mld-snooping query-interval 20 mld-snooping router-aging-time Syntax mld-snooping router-aging-time interval undo mld-snooping router-aging-time View VLAN view Default Level 2: System level Parameters interval: Dynamic router port aging time, in seconds.

  • Page 549: Mld-snooping Special-query Source-ip

    Default Level 2: System level Parameters None Description Use the mld-snooping source-deny command to enable IPv6 multicast source port filtering. Use the undo mld-snooping source-deny command to disable IPv6 multicast source port filtering. By default, IPv6 multicast source port filtering is disabled. Examples # Enable source port filtering for IPv6 multicast data on GigabitEthernet 1/0/1.

  • Page 550: Mld-snooping Static-group

    Examples # In VLAN 2, specify FE80:0:0:1::1 as the source IPv6 address of MLD multicast-address-specific queries. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] mld-snooping special-query source-ip fe80:0:0:1::1 mld-snooping static-group Syntax mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id undo mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id View Ethernet port view, Layer 2 aggregate port view, port group view Default Level...

  • Page 551: Mld-snooping Static-router-port

    Examples # Configure GigabitEthernet 1/0/1 in VLAN 2 to be a static member port for (2002::22, FF3E::101). <Sysname> system-view [Sysname] mld-snooping [Sysname-mld-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] mld-snooping enable [Sysname-vlan2] mld-snooping version 2 [Sysname-vlan2] quit [Sysname] interface gigabitethernet 1/0/1 [Sysname- GigabitEthernet 1/0/1] mld-snooping static-group ff3e::101 source-ip 2002::22 vlan mld-snooping static-router-port Syntax mld-snooping static-router-port vlan vlan-id...

  • Page 552: Mld-snooping Version, Overflow-replace (mld-snooping View)

    Examples # Enable the static router port function on GigabitEthernet 1/0/1 in VLAN 2. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname- GigabitEthernet 1/0/1] mld-snooping static-router-port vlan 2 mld-snooping version Syntax mld-snooping version version-number undo mld-snooping version View VLAN view Default Level 2: System level Parameters version-number: MLD snooping version, in the range of 1 to 2.

  • Page 553: Report-aggregation (mld-snooping View)

    View MLD-Snooping view Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.

  • Page 554: Reset Mld-snooping Group, Reset Mld-snooping Statistics

    Description Use the mld-snooping report-aggregation command to enable MLD report suppression. Use the undo mld-snooping report-aggregation command to disable MLD report suppression. By default, MLD report suppression is enabled. This command works on MLD Snooping–enabled VLANs. Examples # Disable MLD report suppression. <Sysname>...

  • Page 555: Router-aging-time (mld-snooping View)

    View User view Default Level 2: System level Parameters None Description Use the reset mld-snooping statistics command to clear the statistics information of MLD messages learned by MLD Snooping. Examples # Clear the statistics information of all kinds of MLD messages learned by MLD Snooping. <Sysname>...

  • Page 556: Source-deny (mld-snooping View)

    source-deny (MLD-Snooping view) Syntax source-deny port interface-list undo source-deny port interface-list View MLD-Snooping view Default Level 2: System level Parameters interface-list: Port list. You can specify multiple ports or port ranges by providing the this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] }, where interface-type is port type and interface-number is port number.

  • Page 557

    IPv6 Multicast VLAN Configuration Commands IPv6 Multicast VLAN Configuration Commands display multicast-vlan ipv6 Syntax display multicast-vlan ipv6 [ vlan-id ] View Any view Default Level 1: Monitor level Parameters vlan-id: VLAN ID of an IPv6 multicast VLAN, in the range of 1 to 4094. If this argument is not provided, the information about all IPv6 multicast VLANs will be displayed.

  • Page 558: Multicast-vlan Ipv

    multicast-vlan ipv6 Syntax multicast-vlan ipv6 vlan-id undo multicast-vlan ipv6 { all | vlan-id } View System view Default Level 2: System level Parameters vlan-id: Specifies a VLAN by its ID, in the range of 1 to 4094. all: Deletes all IPv6 multicast VLANs. Description Use the multicast-vlan ipv6 command to configure the specified VLAN as an IPv6 multicast VLAN and enter IPv6 multicast VLAN view.

  • Page 559: Port (ipv6 Multicast Vlan View), Port Multicast-vlan Ipv

    port (IPv6 multicast VLAN view) Syntax port interface-list undo port { all | interface-list } View IPv6 multicast VLAN view Default Level 2: System level Parameters interface-list: Specifies a port in the form of interface-type interface-number, or a port range in the form of interface-type start-interface-number to interface-type end-interface-number, where the end interface number must be greater than the start interface number.

  • Page 560: Subvlan (ipv6 Multicast Vlan View)

    Parameters vlan-id: VLAN ID of the IPv6 multicast VLAN you want to assign the current port(s) to, in the range of 1 to 4094. Description Use the port multicast-vlan ipv6 command to assign the current port(s) to the specified IPv6 multicast VLAN.

  • Page 561

    Examples # Configure VLAN 10 through VLAN 15 as sub-VLANs of IPv6 multicast VLAN 100. <Sysname> system-view [Sysname] multicast-vlan ipv6 100 [Sysname-ipv6-mvlan-100] subvlan 10 to 15...

  • Page 562: Table Of Contents

    1 QoS Policy Configuration Commands ····································································································1-1 Commands for Defining Classes ············································································································1-1 display traffic classifier·····················································································································1-1 if-match············································································································································1-2 traffic classifier·································································································································1-5 Traffic Behavior Configuration Commands ·····························································································1-6 accounting ·······································································································································1-6 car····················································································································································1-6 display traffic behavior·····················································································································1-8 filter ··················································································································································1-9 redirect·············································································································································1-9 remark dot1p ·································································································································1-10 remark drop-precedence ···············································································································1-11 remark dscp···································································································································1-11 remark ip-precedence····················································································································1-13 remark local-precedence ···············································································································1-13 traffic behavior ·······························································································································1-14 QoS Policy Configuration Commands ··································································································1-15...

  • Page 563: Table Of Contents

    Line Rate Configuration Commands·······································································································3-2 display qos lr interface·····················································································································3-2 qos lr outbound································································································································3-3 4 Congestion Management Configuration Commands ············································································4-1 Congestion Management Configuration Commands··············································································4-1 display qos sp interface ···················································································································4-1 display qos wfq interface ·················································································································4-1 display qos wrr interface··················································································································4-2 qos bandwidth queue ······················································································································4-4 qos sp ··············································································································································4-4 qos wfq ············································································································································4-5 qos wfq weight·································································································································4-6 qos wrr ·············································································································································4-6...

  • Page 564: Qos Policy Configuration Commands, Commands For Defining Classes

    QoS Policy Configuration Commands Commands for Defining Classes display traffic classifier Syntax display traffic classifier user-defined [ classifier-name ] View Any view Default Level 1: Monitor level Parameters classifier-name: Class name. Description Use the display traffic classifier command to display the information about a class. If no class name is provided, this command displays the information about all the user-defined classes.

  • Page 565

    0 to 7. Even though you can provide up to eight space-separated CoS values for this argument, the Switch 4510G series switches support only one CoS value in a rule. If you configure multiple CoS values in a rule, the rule cannot be issued.

  • Page 566

    1-4. Even though you can provide up to eight space-separated DSCP values for this argument, the Switch 4510G series switches support only one DSCP value in a rule. If you configure multiple DSCP values in a rule, the rule cannot be issued.

  • Page 567

    Suppose the logical relationship between classification rules is and. Note the following when using the if-match command to define matching rules. If multiple matching rules with the acl or acl ipv6 keyword specified are defined in a class, the actual logical relationship between these rules is or when the policy is applied. If multiple matching rules with the customer-vlan-id or service-vlan-id keyword specified are defined in a class, the actual logical relationship between these rules is or when the policy is applied.

  • Page 568: Traffic Classifier

    <Sysname> system-view [Sysname] traffic classifier class8 [Sysname-classifier-class8] if-match protocol ip # Define a rule for class9 to match the packets with the customer network 802.1p precedence 2. <Sysname> system-view [Sysname] traffic classifier class9 [Sysname-classifier-class9] if-match customer-dot1p 2 # Define a rule for class10 to match the packets with the service provider network 802.1p precedence <Sysname>...

  • Page 569: Traffic Behavior Configuration Commands

    Examples # Create a class named class 1. <Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] Traffic Behavior Configuration Commands accounting Syntax accounting undo accounting View Traffic behavior view Default Level 2: System Level Parameters None Description Use the accounting command to configure the traffic accounting action for a traffic behavior. Use the undo accounting command to remove the traffic accounting action.

  • Page 570

    Parameters cir committed-information-rate: Specifies the committed information rate (CIR) in kbps. The committed-information-rate argument ranges from 64 to 32000000 and must be a multiple of 64. committed-burst-size: committed-burst-size argument ranges from 4000 to 16000000, the default is 4000. ebs excess-burst-size: Specifies excess burst size (EBS) in bytes. The excess-burst-size argument ranges from 0 to 16000000, the default is 4000.

  • Page 571: Display Traffic Behavior

    [Sysname] traffic behavior database [Sysname-behavior-database] car cir 6400 red discard display traffic behavior Syntax display traffic behavior user-defined [ behavior-name ] View Any view Default Level 1: Monitor level Parameters behavior-name: Name of a user defined traffic behavior. Description Use the display traffic behavior command to display the information about a user defined traffic behavior.

  • Page 572

    Field Green Action Red Action Yellow Action filter Syntax filter { deny | permit } undo filter View Traffic behavior view Default Level 2: System Level Parameters deny: Drops packets. permit: Forwards packets. Description Use the filter command to configure traffic filtering action for a traffic behavior. Use the undo filter command to remove the traffic filtering action.

  • Page 573: Remark Dot1p

    Default Level 2: System Level Parameters cpu: Redirects traffic to the CPU. interface interface-type interface-number: Redirects traffic to an interface identified by its type and number. Description Use the redirect command to configure traffic redirecting action for a traffic behavior. Use the undo redirect command to remove the traffic redirecting action.

  • Page 574: Remark Drop-precedence, Remark Dscp

    <Sysname> system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark dot1p 2 remark drop-precedence Syntax remark drop-precedence drop-precedence-value undo remark drop-precedence View Traffic behavior view Default Level 2: System Level Parameters drop-precedence-value: Drop precedence to be set for packets, in the range 0 to 2. Description Use the remark drop-precedence command to configure the action of setting drop precedence for a traffic behavior.

  • Page 575

    Table 1-4 DSCP keywords and values Keyword default af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 Description Use the remark dscp command to configure the action of setting DSCP precedence for a traffic behavior. Use the undo remark dscp command to remove the action of setting DSCP precedence. Related commands: qos policy, traffic behavior, classifier behavior.

  • Page 576: Remark Ip-precedence, Remark Local-precedence

    remark ip-precedence Syntax remark ip-precedence ip-precedence-value undo remark ip-precedence View Traffic behavior view Default Level 2: System Level Parameters ip-precedence-value: IP precedence to be set for packets, in the range of 0 to 7. Description Use the remark ip-precedence command to configure the action of setting IP precedence for a traffic behavior.

  • Page 577: Traffic Behavior

    Use the undo remark local-precedence command to remove the action of remarking local precedence. Note that, when the remark dot1p command is used together with the remark local-precedence command, the 802.1p precedence to be set for packets must be the same as the local precedence to be set for packets.

  • Page 578: Classifier Behavior, Display Qos Policy

    QoS Policy Configuration Commands classifier behavior Syntax classifier classifier-name behavior behavior-name undo classifier classifier-name View Policy view Default Level 2: System Level Parameters classifier-name: Name of an existing class, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a class name.

  • Page 579: Display Qos Policy Global

    Parameters policy-name: Policy name, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a policy name. If no policy is specified, the configuration of all user defined policies is displayed. classifier-name: Name of a class in the policy, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a class name.

  • Page 580

    Parameters inbound: Displays the QoS policy applied globally in the inbound direction of all ports. slot slot-number: Displays the global QoS policy configuration of the specified device in the IRF. If the slot-number argument is not specified, the global QoS policy configuration of all devices in the IRF is displayed.

  • Page 581: Display Qos Policy Interface

    Field Green Action Red Action Yellow Action Green display qos policy interface Syntax display qos policy interface [ interface-type interface-number ] [ inbound ] View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. inbound: Specifies the inbound direction. Description Use the display qos policy interface command to display the configuration and statistics information about the policy applied on a port.

  • Page 582: Display Qos Vlan-policy

    Green Action: pass Red Action: discard Yellow Action: pass Green : 0(Packets) Table 1-7 display qos policy interface command output description Field Interface Direction Policy Classifier Operator Rule(s) Behavior display qos vlan-policy Syntax display qos vlan-policy { name policy-name | vlan [ vlan-id ] } [ slot slot-number ] [ inbound ] View Any view Default Level...

  • Page 583

    Policy test Vlan 300: inbound Table 1-8 display qos vlan-policy command output description Field Policy Vlan 300 inbound # Display the information about the VLAN policy applied to VLAN 300. <Sysname> display qos vlan-policy vlan 300 Vlan 300 Direction: Inbound Policy: test Classifier: test Operator: AND...

  • Page 584: Qos Apply Policy, Qos Apply Policy Global

    Field Green Action Red Action Yellow Action Green qos apply policy Syntax qos apply policy policy-name inbound undo qos apply policy inbound View Ethernet interface view, port group view Default Level 2: System Level Parameters inbound: Specifies the inbound direction. policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters.

  • Page 585: Qos Policy

    Default Level 2: System Level Parameters policy-name: Policy name, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a QoS policy name. inbound: Applies the QoS policy to the incoming packets on all ports. Description Use the qos apply policy global command to apply a QoS policy globally. A QoS policy applied globally takes effect on all inbound traffic depending on the direction in which the policy is applied.

  • Page 586: Qos Vlan-policy, Reset Qos Policy Global

    qos vlan-policy Syntax qos vlan-policy policy-name vlan vlan-id-list inbound undo qos vlan-policy vlan vlan-id-list inbound View System view Default Level 2: System Level Parameters policy-name: Policy name, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a policy name.

  • Page 587: Reset Qos Vlan-policy

    Parameters inbound: Specifies the inbound direction. Description Use the reset qos vlan-policy command to clear the statistics of a global QoS policy. If no direction is specified, all global QoS policy statistics are cleared. Examples # Clear the statistics of the global QoS policy in the inbound direction. <Sysname>...

  • Page 588: Priority Mapping Configuration Commands, Priority Mapping Table Configuration Commands, Display Qos Map-table

    Priority Mapping Configuration Commands Priority Mapping Table Configuration Commands display qos map-table Syntax display qos map-table [ dot1p-dp | dot1p-lp | dscp-dot1p | dscp-dp | dscp-dscp ] View Any view Default Level 1: Monitor level Parameters dot1p-lp: Specifies the 802.1p precedence-to-local precedence mapping table. dot1p-dp: Specifies the 802.1p precedence-to-drop precedence mapping table.

  • Page 589: Qos Map-table

    Table 2-1 display qos map-table command output description Field MAP-TABLE NAME TYPE IMPORT EXPORT qos map-table Syntax qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p | dscp-dp | dscp-dscp } View System view Default Level 2: System Level Parameters dot1p-lp: Specifies the 802.1p precedence-to-local precedence mapping table. dot1p-dp: Specifies the 802.1p precedence-to-drop precedence mapping table.

  • Page 590: Qos Priority, Port Priority Configuration Commands

    Default Level 2: System Level Parameters import-value-list: List of input parameters, in the range of 0 to 7. export-value: Output parameter in the mapping table, in the range of 0 to 2. all: Removes all the parameters in the priority mapping table. Description Use the import command to configure entries for a priority mapping table, that is, to define one or more mapping rules.

  • Page 591: Port Priority Trust Mode Configuration Commands, Display Qos Trust Interface

    Note that, if a port receives packets without an 802.1q tag, the switch takes the priority of the receiving port as the 802.1p precedence of the packets and then searches the dot1p-dp/lp mapping table for the local/drop precedence for the packets according to the priority of the receiving port.

  • Page 592: Qos Trust

    Field Port priority trust type qos trust Syntax qos trust { dot1p | dscp } undo qos trust View Ethernet interface view, port group view Default Level 2: System Level Parameters dscp: Specifies to trust DSCP precedence carried in the packet and adopt this priority for priority mapping.

  • Page 593: Traffic Shaping Configuration Commands, Display Qos Gts Interface

    Traffic Shaping and Line Rate Configuration Commands Traffic Shaping Configuration Commands display qos gts interface Syntax display qos gts interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos gts interface command to display traffic shaping configuration information.

  • Page 594: Qos Gts, Line Rate Configuration Commands, Display Qos Lr Interface

    qos gts Syntax qos gts queue queue-number cir committed-information-rate [ cbs committed-burst-size ] undo qos gts queue queue-number View Ethernet interface view, port group view Default Level 2: System level Parameters queue queue-number: Specifies a queue by its number, which ranges from 0 to 7. cir committed-information-rate: Specifies the committed information rate (CIR) in kbps, which must be a multiple of 64, and CIR ranges from 64 to 16777216.

  • Page 595: Qos Lr Outbound

    View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos lr interface command to display the line rate configuration information of the specified port or all ports if no port is specified. Examples # Display the line rate configuration and statistics information of all the interfaces.

  • Page 596

    GigabitEthernet port: 64 to 1000000 Ten-GigabitEthernet port: 64 to 10000000 Note that the committed-information-rate argument must be a multiple of 64. cbs committed-burst-size: Specifies the committed burst size in bytes. The committed-burst-size argument ranges from 4000 to 16000000. If the cbs keyword is not used, the system uses the default committed burst size, that is, 62.5 ms x committed-information-rate, or 16000000 if the multiplication is more than 16000000.

  • Page 597: Congestion Management Configuration Commands

    Congestion Management Configuration Commands Congestion Management Configuration Commands display qos sp interface Syntax display qos sp interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos sp interface command to display the strict priority (SP) queuing configuration on a specified port.

  • Page 598: Display Qos Wrr Interface

    Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos wfq interface command to display the configuration of Weighted Fair Queuing (WFQ) queues of a port. If no port number is specified, the command displays the configurations of WFQ queues of all ports. Related commands: qos wfq.

  • Page 599

    View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos wrr interface command to display the configuration of weighted round robin (WRR) queues of a port. If no port number is specified, the command displays the configurations of WRR queues of all ports. Related commands: qos wrr.

  • Page 600: Qos Bandwidth Queue, Qos Sp

    qos bandwidth queue Syntax qos bandwidth queue queue-id min bandwidth-value undo qos bandwidth queue queue-id [ min bandwidth-value ] View Ethernet interface view, port group view Default Level 2: System level Parameters queue-id: Queue ID, in the range of 0 to 7. bandwidth-value: Minimum guaranteed bandwidth (in kbps), that is, the minimum bandwidth guaranteed for a queue when the port is congested.

  • Page 601: Qos Wfq

    Default Level 2: System Level Parameters None Description Use the qos sp command to configure SP queuing on the current port. Use the undo qos sp command to restore the default queuing algorithm on the port. By default, all the ports adopt the WRR queue scheduling algorithm, with the weight values assigned to queue 0 through queue 7 being 1, 2, 3, 4, 5, 9, 13, and 15.

  • Page 602: Qos Wfq Weight, Qos Wrr

    [Sysname-GigabitEthernet1/0/1] qos wfq qos wfq weight Syntax qos wfq queue-id weight schedule-value undo qos wfq queue-id weight View Ethernet interface view, port group view Default Level 2: System Level Parameters queue-id: ID of the queue, in the range of 0 to 7. weight schedule-value: Specifies the scheduling weight of a queue, ranges from 0 to 15, and each queue is allocated with part of the allocable bandwidth based on its scheduling weight.

  • Page 603: Qos Wrr Group

    View Ethernet interface view, port group view Default Level 2: System Level Parameters None Description Use the qos wrr command to enable weighted round robin (WRR) on a port or port group. Use the undo qos wrr command to restore the default. By default, all the ports adopt the WRR queue scheduling algorithm, with the weight values assigned to queue 0 through queue 7 being 1, 2, 3, 4, 5, 9, 13, and 15.

  • Page 604

    By default, all the ports adopt the WRR queue scheduling algorithm, with the weight values assigned to queue 0 through queue 7 being 1, 2, 3, 4, 5, 9, 13, and 15. As required, you can configure part of the queues on the port to adopt the SP queue-scheduling algorithm and parts of queues to adopt the WRR queue-scheduling algorithm.

  • Page 605: Traffic Mirroring Configuration Commands

    Traffic Mirroring Configuration Commands Traffic Mirroring Configuration Commands mirror-to Syntax mirror-to { cpu | interface interface-type interface-number } undo mirror-to { cpu | interface interface-type interface-number } View Traffic behavior view Default Level 2: System Level Parameters cpu: Redirects packets to the CPU. interface interface-type interface-number: Port type and port number of the destination port for the traffic mirroring action.

  • Page 606

    User Profile Configuration Commands User Profile Configuration Commands display user-profile Syntax display user-profile View Any view Default Level 2: System level Parameters None Description Use the display user-profile command to display information of all the user profiles that have been created.

  • Page 607: User-profile Enable

    user-profile enable Syntax user-profile profile-name enable undo user-profile profile-name enable View System view Default Level 2: System level Parameters profile-name: Use profile name, a string of 1 to 31 characters, case sensitive. It can only contain English letters, numbers, underlines, and must start with an English letter. Description Use the user-profile enable command to enable a user profile.

  • Page 608

    Parameters profile-name: Use profile name, a string of 1 to 31 characters, case sensitive. It can only contain English letters, numbers, underlines, and must start with an English letter. A user profile name must be globally unique. dot1x: Uses 802.1X authentication when users access the device. Refer to 802.1X Configuration in the Security Volume for the detailed information about 802.1X.

  • Page 609: Table Of Contents

    1 AAA Configuration Commands················································································································1-1 AAA Configuration Commands ···············································································································1-1 access-limit enable ··························································································································1-1 access-limit······································································································································1-1 accounting command ······················································································································1-2 accounting default ···························································································································1-3 accounting lan-access ·····················································································································1-4 accounting login·······························································································································1-5 accounting optional··························································································································1-6 authentication default ······················································································································1-6 authentication lan-access················································································································1-7 authentication login··························································································································1-8 authorization command ···················································································································1-9 authorization default ······················································································································1-10 authorization lan-access················································································································1-11 authorization login ·························································································································1-12 authorization-attribute····················································································································1-13 bind-attribute··································································································································1-15...

  • Page 610: Table Of Contents

    primary accounting (RADIUS scheme view) ···················································································2-9 primary authentication (RADIUS scheme view) ············································································2-10 radius client ···································································································································2-11 radius nas-ip ··································································································································2-12 radius scheme ·······························································································································2-13 radius trap······································································································································2-14 reset radius statistics ·····················································································································2-14 reset stop-accounting-buffer··········································································································2-15 retry················································································································································2-16 retry realtime-accounting ···············································································································2-17 retry stop-accounting (RADIUS scheme view) ··············································································2-18 secondary accounting (RADIUS scheme view) ············································································2-18 secondary authentication (RADIUS scheme view) ·······································································2-19 security-policy-server·····················································································································2-20 server-type·····································································································································2-21...

  • Page 611: Table Of Contents

    dot1x ················································································································································4-4 dot1x authentication-method ···········································································································4-5 dot1x guest-vlan ······························································································································4-6 dot1x handshake ·····························································································································4-8 dot1x mandatory-domain·················································································································4-8 dot1x max-user································································································································4-9 dot1x multicast-trigger ···················································································································4-10 dot1x port-control···························································································································4-11 dot1x port-method ·························································································································4-12 dot1x quiet-period··························································································································4-13 dot1x re-authenticate·····················································································································4-14 dot1x retry····································································&#x