Page 1: Command Reference Guide
3Com Switch 4510G Family Command Reference Guide Switch 4510G 24-Port Switch 4510G 48-Port Product Version: Release 2202 Manual Version: 6W100-20100112 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...
Page 2 Copyright © 2010, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
Page 3: Security Volume
About This Manual Organization 3Com Switch 4510G Family Command Reference Guide is organized as follows: Volume 00-Command Command Index Index Ethernet Port 01-Access LLDP Volume GVRP IP Addressing 02-IP DHCP Relay Agent Services Volume sFlow IP Routing Table 03-IP Routing...
Page 4 Conventions The manual uses the following conventions: Command conventions Convention Boldface italic { x | y | ... } [ x | y | ... ] { x | y | ... } * [ x | y | ... ] * &<1-n>...
Page 5 Related Documentation In addition to this manual, each 3com Switch 4510G documentation set includes the following: Manual 3Com Switch 4510G Family Configuration Guide-Release 2202 3Com Switch 4510G Family Getting Started Guide Obtaining Documentation You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL: http://www.3com.com.
Page 6 Appendix A Command Index The command index includes all the commands in the Command Manual, which are arranged alphabetically. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z access-limit access-limit enable accounting...
Page 7 apply ipv6 next-hop apply preference apply tag archive configuration archive configuration interval archive configuration location archive configuration max arp anti-attack active-ack enable arp anti-attack source-mac arp anti-attack source-mac aging-time arp anti-attack source-mac exclude-mac arp anti-attack source-mac threshold arp anti-attack valid-ack enable arp check enable arp detection enable arp detection mode...
Page 8 authentication-mode authorization command authorization default authorization lan-access authorization login authorization-attribute auto-build auto-execute command backup startup-configuration binary bind-attribute black-list add-mac black-list delete-mac boot-loader file bootrom bootrom-update security-check enable bpdu-drop any bpdu-tunnel dot1q bpdu-tunnel tunnel-dmac broadcast-suppression build ca identifier System Volume Security Volume Security Volume Security Volume Security Volume...
Page 9 cdup cdup certificate request entity certificate request from certificate request mode certificate request polling certificate request url cfd cc enable cfd cc interval cfd enable cfd linktrace cfd linktrace auto-detection cfd loopback cfd ma cfd md cfd mep cfd mep enable cfd mip-rule cfd remote-mep cfd service-instance...
Page 10 enable...
Page 11 data-flow-format (RADIUS scheme view) data-size debugging debugging default cost (RIP view) default cost (RIPng view) default-route delete delete delete delete ipv6 static-routes all delete static-routes all delete-member description description description description (any NQA test type view) description (for IPv4) description (for IPv6) destination ip destination port dhcp relay address-check...
Page 12 dhcp relay security tracker dhcp relay server-detect dhcp relay server-group dhcp relay server-select dhcp select relay dhcp-snooping dhcp-snooping information circuit-id format-type dhcp-snooping information circuit-id string dhcp-snooping information enable dhcp-snooping information format dhcp-snooping information remote-id format-type dhcp-snooping information remote-id string dhcp-snooping information strategy dhcp-snooping trust disconnect display acl...
Page 13 display brief interface display cfd linktrace-reply display cfd linktrace-reply auto-detection display cfd ma display cfd md display cfd mep display cfd mp display cfd remote-mep display cfd service-instance display cfd status display channel display clipboard display clock display cluster display cluster base-topology display cluster black-list display cluster candidates display cluster current-topology...
Page 14 display dhcp relay security display dhcp relay security statistics display dhcp relay security tracker display dhcp relay server-group display dhcp relay statistics display dhcp-snooping display dhcp-snooping information display dhcp-snooping packet statistics display dhcp-snooping trust display diagnostic-information display dldp display dldp statistics display dns domain display dns dynamic-host display dns ipv6 dynamic-host...
Page 15 display gvrp status display gvrp vlan-operation interface display habp display habp table display habp traffic display history-command display hotkey display hwtacacs display icmp statistics display igmp-snooping group display igmp-snooping statistics display info-center display interface display interface vlan-interface display ip check source display ip host display ip http display ip https...
Page 16 display ipc link display ipc multicast-group display ipc node display ipc packet display ipc performance display ipc queue display ip-subnet-vlan interface display ip-subnet-vlan vlan display ipv6 fib display ipv6 host display ipv6 interface display ipv6 neighbors display ipv6 neighbors count display ipv6 pathmtu display ipv6 routing-table display ipv6 routing-table acl...
Page 17 display link-aggregation summary display link-aggregation verbose display lldp local-information display lldp neighbor-information display lldp statistics display lldp status display lldp tlv-config display local-proxy-arp display local-user display logbuffer display logbuffer summary display loopback-detection display mac-address display mac-address aging-time display mac-authentication display mac-vlan display mac-vlan interface display memory display mib-style...
Page 18 display ntdp device-list display ntdp single-device mac-address display ntp-service sessions display ntp-service status display ntp-service trace display oam display oam configuration display oam critical-event display oam link-event display packet-drop interface display packet-drop summary display patch information display pki certificate display pki certificate access-control-policy display pki certificate attribute-group display pki crl domain display port...
Page 19 display qos map-table display qos policy display qos policy global display qos policy interface display qos sp interface display qos trust interface display qos vlan-policy display qos wfq interface display qos wrr interface display radius scheme display radius statistics display reboot-type display rip display rip database display rip interface...
Page 20 display rrpp verbose display saved-configuration display schedule job display schedule reboot display sflow display sftp client source display smart-link flush display smart-link group display snmp-agent community display snmp-agent group display snmp-agent local-engineid display snmp-agent mib-view display snmp-agent statistics display snmp-agent sys-info display snmp-agent trap queue display snmp-agent trap-list display snmp-agent usm-user...
Page 21 display stp region-configuration display stp root display stp tc display switchover state display system-failure display tcp ipv6 statistics display tcp ipv6 status display tcp statistics display tcp status display telnet client configuration display tftp client configuration display this display time-range display track display traffic behavior display traffic classifier...
Page 22 display voice vlan oui display voice vlan state display web users dldp authentication-mode dldp delaydown-timer dldp enable dldp interval dldp reset dldp unidirectional-shutdown dldp work-mode dns domain dns proxy enable dns resolve dns server dns server ipv6 domain domain default enable domain ring dot1x dot1x authentication-method...
Page 23 dot1x timer dot1x timer ead-timeout dot1x url duplex enable log updown enable snmp trap updown enable snmp trap updown escape-key execute exit expiration-date fast-leave (IGMP-Snooping view) fast-leave (MLD-Snooping view) file prompt filename filter filter-policy export filter-policy export (RIP view) filter-policy import (RIP view) filter-policy import (RIPng view) fixdisk flow-control...
Page 24 free user-interface free web-users frequency ftp client source ftp ipv6 ftp server acl ftp server enable ftp timeout ftp update ftp-server garp timer hold garp timer join garp timer leave garp timer leaveall gratuitous-arp-learning enable gratuitous-arp-sending enable group group-member group-policy (IGMP-Snooping view) group-policy (MLD-Snooping view) gvrp gvrp registration...
Page 25 handshake timeout header help history-command max-size history-records holdtime host-aging-time (IGMP-Snooping view) host-aging-time (MLD-Snooping view) host-route hotkey http-version hwtacacs nas-ip hwtacacs scheme idle-cut enable idle-timeout if-match if-match acl if-match cost if-match interface if-match ip if-match ip-prefix if-match ipv6 if-match tag igmp-snooping igmp-snooping drop-unknown igmp-snooping enable igmp-snooping fast-leave...
Page 26 igmp-snooping host-aging-time igmp-snooping host-join igmp-snooping last-member-query-interval igmp-snooping max-response-time igmp-snooping overflow-replace igmp-snooping querier igmp-snooping query-interval igmp-snooping router-aging-time igmp-snooping source-deny igmp-snooping special-query source-ip igmp-snooping static-group igmp-snooping static-router-port igmp-snooping version import import-route import-route (RIP view) info-center channel name info-center console channel info-center enable info-center logbuffer info-center loghost info-center loghost source...
Page 27 interface bridge-aggregation interface vlan-interface ip (PKI entity view) ip address ip address ip address bootp-alloc ip address dhcp-alloc ip check source ip forward-broadcast (interface view) ip forward-broadcast (system view) ip host ip http acl ip http enable ip http port ip https acl ip https certificate access-control-policy ip https enable...
Page 28: System Volume
IP Services Volume IP Services Volume IP Services Volume IP Services Volume IP Services Volume...
Page 29 jumboframe enable key (HWTACACS scheme view) key (RADIUS scheme view) lacp port-priority lacp system-priority last-listener-query-interval (MLD-Snooping view) last-member-query-interval (IGMP-Snooping view) ldap-server link-aggregation load-sharing mode (aggregate interface view) link-aggregation load-sharing mode (system view) link-aggregation mode link-delay lldp admin-status lldp check-change-interval lldp compliance admin-status cdp lldp compliance cdp lldp enable lldp encapsulation snap...
Page 30 lldp timer tx-delay lldp timer tx-interval lldp tlv-enable locality local-proxy-arp enable local-user local-user password-display-mode lock logging-host loopback loopback-detection control enable loopback-detection enable loopback-detection interval-time loopback-detection per-vlan enable mac-address (Interface view) mac-address (system view) mac-address information enable (Ethernet interface view) mac-address information enable (system view) mac-address information interval mac-address information mode mac-address information queue-length...
Page 31 mac-authentication user-name-format mac-vlan enable mac-vlan mac-address management-vlan management-vlan synchronization enable max-response-time (IGMP-Snooping view) max-response-time (MLD-Snooping view) mib-style mirroring-group mirroring-group mirroring-port mirroring-group monitor-egress mirroring-group monitor-port mirroring-group remote-probe vlan mirroring-port mirror-to mkdir mkdir mkdir mld-snooping mld-snooping enable mld-snooping fast-leave mld-snooping general-query source-ip mld-snooping group-limit mld-snooping group-policy mld-snooping host-aging-time...
Page 32 mld-snooping query-interval mld-snooping router-aging-time mld-snooping source-deny mld-snooping special-query source-ip mld-snooping static-group mld-snooping static-router-port mld-snooping version monitor-link group monitor-port more move multicast-suppression multicast-vlan multicast-vlan ipv6 name nas-ip (HWTACACS scheme view) nas-ip (RADIUS scheme view) ndp enable ndp timer aging ndp timer hello nest network next-hop...
Page 33 nqa server udp-echo ntdp enable ntdp explore ntdp hop ntdp timer ntdp timer hop-delay ntdp timer port-delay ntp-service access ntp-service authentication enable ntp-service authentication-keyid ntp-service broadcast-client ntp-service broadcast-server ntp-service in-interface disable ntp-service max-dynamic-sessions ntp-service multicast-client ntp-service multicast-server ntp-service reliable authentication-keyid ntp-service source-interface ntp-service unicast-peer ntp-service unicast-server...
Page 34 oam mode open open ipv6 operation (FTP test type view) operation (HTTP test type view) operation interface organization organization-unit output-delay overflow-replace (IGMP-Snooping view) overflow-replace (MLD-Snooping view) packet-filter packet-filter ipv6 parity passive password password (FTP test type view) patch active patch deactive patch delete patch install patch load...
Page 35 pki delete-certificate pki domain pki entity pki import-certificate pki request-certificate domain pki retrieval-certificate pki retrieval-crl domain pki validate-certificate pki-domain port port port port (IPv6 multicast VLAN view) port (multicast VLAN view) port access vlan port hybrid ip-subnet-vlan vlan port hybrid protocol-vlan port hybrid pvid vlan port hybrid vlan port link-aggregation group...
Page 36 port-security intrusion-mode port-security mac-address security port-security max-mac-count port-security ntk-mode port-security oui port-security port-mode port-security timer disableport port-security trap preemption delay preemption mode prefer-cipher preference preference primary accounting (HWTACACS scheme view) primary accounting (RADIUS scheme view) primary authentication (HWTACACS scheme view) primary authentication (RADIUS scheme view) primary authorization probe count...
Page 37 public-key local export rsa public-key peer public-key peer import sshkey public-key-code begin public-key-code end qinq enable qinq ethernet-type qinq vid qos apply policy qos apply policy global qos bandwidth queue qos gts qos lr outbound qos map-table qos policy qos priority qos sp qos trust qos vlan-policy...
Page 38 quit radius client radius nas-ip radius scheme radius trap raw-vlan-id inbound reaction reaction trap reboot reboot member redirect region-name remark dot1p remark drop-precedence remark dscp remark ip-precedence remark local-precedence remotehelp remove rename rename report-aggregation (IGMP-Snooping view) report-aggregation (MLD-Snooping view) reset acl counter reset acl ipv6 counter reset arp reset arp detection statistics...
Page 39 reset dhcp-snooping reset dhcp-snooping packet statistics reset dldp statistics reset dns dynamic-host reset dns ipv6 dynamic-host reset dot1x statistics reset garp statistics reset hwtacacs statistics reset igmp-snooping group reset igmp-snooping statistics reset ip ip-prefix reset ip ipv6-prefix reset ip routing-table statistics protocol reset ip statistics reset ipc performance reset ipv6 neighbors...
Page 40 reset rip statistics reset rrpp statistics reset saved-configuration reset smart-link statistics reset stop-accounting-buffer reset stop-accounting-buffer reset stp reset tcp ipv6 statistics reset tcp statistics reset trapbuffer reset udp ipv6 statistics reset udp statistics reset udp-helper packet reset unused porttag restore startup-configuration retry retry realtime-accounting retry stop-accounting (HWTACACS scheme view)
Page 41 rip poison-reverse rip split-horizon rip summary-address rip version ripng ripng default-route ripng enable ripng metricin ripng metricout ripng poison-reverse ripng split-horizon ripng summary-address rmdir rmdir rmdir rmon alarm rmon event rmon history rmon prialarm rmon statistics root-certificate fingerprint route-option bypass-route route-policy router-aging-time (IGMP-Snooping view) router-aging-time (MLD-Snooping view)
Page 42 rule (basic IPv4 ACL view) rule (basic IPv6 ACL view) rule (Ethernet frame header ACL view) rule comment (for IPv4) rule comment (for IPv6) save schedule job schedule reboot at schedule reboot delay screen-length screen-length disable secondary accounting (HWTACACS scheme view) secondary accounting (RADIUS scheme view) secondary authentication (HWTACACS scheme view)
Page 43 sftp sftp client ipv6 source sftp client source sftp ipv6 sftp server enable sftp server idle-timeout shell shutdown shutdown shutdown shutdown-interval silent-interface (RIP view) slave auto-update config smart-link flush enable smart-link group snmp-agent snmp-agent calculate-password snmp-agent community snmp-agent group snmp-agent local-engineid snmp-agent log snmp-agent mib-view snmp-agent packet max-size...
Page 44 snmp-agent usm-user v3 snmp-host source interface source ip source port source-deny (IGMP-Snooping view) source-deny (MLD-Snooping view) speed speed speed auto ssh client authentication server ssh client first-time enable ssh client ipv6 source ssh client source ssh server authentication-retries ssh server authentication-timeout ssh server compatible-ssh1x enable ssh server enable ssh server rekey-interval...
Page 45 statistics max-group step (for IPv4) step (for IPv6) stop-accounting-buffer enable (HWTACACS scheme view) stop-accounting-buffer enable (RADIUS scheme view) stopbits storm-constrain storm-constrain control storm-constrain enable log storm-constrain enable trap storm-constrain interval stp bpdu-protection stp bridge-diameter stp compliance stp config-digest-snooping stp cost stp edged-port stp enable stp loop-protection...
Page 46: Access Volume
stp root secondary stp root-protection stp tc-protection stp tc-protection threshold stp timer forward-delay stp timer hello stp timer max-age stp timer-factor stp transmit-limit subvlan (IPv6 multicast VLAN view) subvlan (multicast VLAN view) summary super super password sysname sysname system-failure system-view tcp ipv6 timer fin-timeout tcp ipv6 timer syn-timeout tcp ipv6 window...
Page 47 terminal monitor terminal trapping terminal type tftp tftp client source tftp ipv6 tftp-server tftp-server acl timer timer timer quiet (HWTACACS scheme view) timer quiet (RADIUS scheme view) timer realtime-accounting (HWTACACS scheme view) timer realtime-accounting (RADIUS scheme view) timer response-timeout (HWTACACS scheme view) timer response-timeout (RADIUS scheme view) time-range timers...
Page 48: Table Of Contents
udp-helper enable udp-helper port udp-helper server undelete unicast-suppression user user privilege level user-bind user-group user-interface username (FTP test type view) user-name-format (HWTACACS scheme view) user-name-format (RADIUS scheme view) user-profile user-profile enable validate-source-address verbose version version virtual-cable-test vlan vlan precedence vlan-mapping modulo voice vlan aging voice vlan enable voice vlan mac-address...
Page 49: System Volume
voice vlan security enable vpn-instance (ICMP echo test type view) Access Volume System Volume A-44 18-38...
Page 50 1 Ethernet Port Configuration Commands·································································································1-1 Ethernet Port Configuration Commands ·································································································1-1 broadcast-suppression ····················································································································1-1 description ·······································································································································1-2 display brief interface·······················································································································1-3 display interface·······························································································································1-6 display loopback-detection ············································································································1-10 display packet-drop interface ········································································································1-11 display packet-drop summary ·······································································································1-11 display port combo ························································································································1-12 display port-group manual ·············································································································1-13 display storm-constrain··················································································································1-14 duplex ············································································································································1-15 flow-control ····································································································································1-16 flow-interval ···································································································································1-17...
Page 51 display link-aggregation load-sharing mode····················································································2-2 display link-aggregation member-port ·····························································································2-4 display link-aggregation summary···································································································2-6 display link-aggregation verbose·····································································································2-8 enable snmp trap updown ·············································································································2-10 interface bridge-aggregation ·········································································································2-10 lacp port-priority·····························································································································2-11 lacp system-priority························································································································2-12 link-aggregation load-sharing mode (system view)·······································································2-12 link-aggregation load-sharing mode (aggregate interface view) ···················································2-13 link-aggregation mode ···················································································································2-14 port link-aggregation group ···········································································································2-15 reset counters interface ·················································································································2-16 reset lacp statistics ························································································································2-16...
Page 52 stp pathcost-standard ····················································································································4-27 stp point-to-point····························································································································4-28 stp port priority·······························································································································4-29 stp port-log·····································································································································4-30 stp priority ······································································································································4-31 stp region-configuration ·················································································································4-32 stp root primary······························································································································4-32 stp root secondary ·························································································································4-33 stp root-protection··························································································································4-34 stp tc-protection ·····························································································································4-34 stp tc-protection threshold ·············································································································4-35 stp timer forward-delay ··················································································································4-36 stp timer hello ································································································································4-37 stp timer max-age··························································································································4-38 stp timer-factor·······························································································································4-38 stp transmit-limit ····························································································································4-39...
Page 53 name················································································································································6-6 shutdown ·········································································································································6-7 vlan ··················································································································································6-7 Port-Based VLAN Configuration Commands··························································································6-9 display port ······································································································································6-9 port·················································································································································6-10 port access vlan·····························································································································6-10 port hybrid pvid vlan ······················································································································6-11 port hybrid vlan ······························································································································6-12 port link-type ··································································································································6-14 port trunk permit vlan·····················································································································6-15 port trunk pvid vlan ························································································································6-17 MAC Address-Based VLAN Configuration Commands ········································································6-18 display mac-vlan····························································································································6-18 display mac-vlan interface·············································································································6-19 mac-vlan enable ····························································································································6-20...
Page 54 display gvrp state·····························································································································9-3 display gvrp statistics·······················································································································9-4 display gvrp status···························································································································9-5 display gvrp vlan-operation interface·······························································································9-5 garp timer hold·································································································································9-6 garp timer join··································································································································9-6 garp timer leave·······························································································································9-7 garp timer leaveall ···························································································································9-8 gvrp··················································································································································9-9 gvrp registration·······························································································································9-9 reset garp statistics························································································································9-10 10 QinQ Configuration Commands···········································································································10-1 QinQ Configuration Commands············································································································10-1 nest ················································································································································10-1 raw-vlan-id inbound ·······················································································································10-2 qinq enable ····································································································································10-3 qinq ethernet-type··························································································································10-4...
Page 55: Ethernet Port Configuration Commands
Ethernet Port Configuration Commands Ethernet Port Configuration Commands broadcast-suppression Syntax broadcast-suppression { ratio | pps max-pps } undo broadcast-suppression View Ethernet port view, port group view Default Level 2: System level Parameters ratio: Maximum percentage of broadcast traffic to the total transmission capability of an Ethernet port. The smaller the ratio, the less broadcast traffic is allowed to pass through the interface.
Page 56: Description
If you execute this command in Ethernet port view, the configuration takes effect only on the current interface. If you execute this command in port-group view, the configuration takes effect on all the ports in the port group. When broadcast traffic exceeds the broadcast traffic threshold, the system begins to discard broadcast packets until the broadcast traffic drops below the threshold to ensure operation of network services.
Page 57: Display Brief Interface
letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard. A port description can be the mixture of English characters and other Unicode characters. The mixed description cannot exceed the specified length. To use a type of Unicode characters or symbols in a port description, you need to install the corresponding Input Method Editor (IME) and log in to the device through remote login software that supports this character type.
Page 58: System Volume
|: Uses a regular expression to filter output information. For detailed description on regular expression, refer to Basic System Configuration in the System Volume. begin: Displays the line that matches the regular expression and all the subsequent lines. exclude: Displays the lines that do not match the regular expression. include: Displays the lines that match the regular expression.
Page 59 The brief information of interface(s) under route mode: Interface Link Protocol-link Protocol type Loop0 UP(spoofing) NULL0 UP(spoofing) Vlan999 # Display the brief information of all UP interfaces. <Sysname> display brief interface | include UP The brief information of interface(s) under route mode: Interface Link Protocol-link Protocol type...
Page 60: Display Interface
Field Duplex PVID display interface Syntax display interface [ interface-type [ interface-number ] ] View Any view Default Level 1: Monitor level Parameters interface-type: Type of a specified interface. interface-number: Number of a specified interface. Description Use the display interface command to display the current state of a specified interface and related information.
Page 61 Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 100 Mdi type: auto Link delay is 0(sec) Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 100 Port priority: 0 Peak value of input: 96132560 bytes/sec, at 2007-10-26 07:05:06 Peak value of output: 0 bytes/sec, at 2000-04-26 12:00:12 Last 300 seconds input: 6 packets/sec 678 bytes/sec Last 300 seconds output: 1 packets/sec 179 bytes/sec...
Page 62 Field Multicast MAX-ratio PVID Mdi type Link delay Port link-type Tagged VLAN ID Untagged VLAN ID Peak value of input Peak value of output Last 300 seconds input: 0 packets/sec 0 bytes/sec Last 300 seconds output: 0 packets/sec 0 bytes/sec Input (total): 61745144 packets, 12152212250 bytes 0 unicasts, 47519150...
Page 63 Field aborts - ignored - parity errors Output (total): 1395522 packets, 183608303 bytes 0 unicasts, 13 broadcasts, 1273860 multicasts, 0 pauses Output (normal): 1395522 packets, - bytes 0 unicasts, 13 broadcasts, 1273860 multicasts, 0 pauses output errors - underruns - buffer failures aborts deferred collisions...
Page 64: Display Loopback-Detection
Field lost carrier - no carrier “-“ indicates that the corresponding entry is not supported. display loopback-detection Syntax display loopback-detection View Any view Default Level 1: Monitor level Parameters None Description Use the display loopback-detection command to display loopback detection information on a port. If loopback detection is already enabled, this command will also display the detection interval and information on the ports currently detected with a loopback.
Page 65: Display Packet-Drop Interface
display packet-drop interface Syntax display packet-drop interface [ interface-type [ interface-number ] ] View Any view Default Level 1: Monitor level Parameters interface-type: Type of a specified interface. interface-number: Number of a specified interface. Description Use the display packet-drop interface command to display information about dropped packets on an interface or multiple interfaces.
Page 66: Display Port Combo
Description Use the display packet-drop summary command to display information about dropped packets on all interfaces. Examples # Display information about dropped packets on all interfaces. <Sysname> display packet-drop summary All interfaces: Packets dropped by GBP full or insufficient bandwidth: 301 Packets dropped by FFP: 261 Packets dropped by STP non-forwarding state: 321 Packets dropped by Rate-limit: 143...
Page 67: Display Port-Group Manual
GigabitEthernet1/0/47 GigabitEthernet1/0/48 Table 1-5 display port combo command output description Field Combo ports of the device, represented by Combo port number, which is Combo-group generated by the system. Active Inactive Ports of the Combo ports that are inactive As for the optical port and the electrical port of a Combo port, the one with the smaller port number is active by default.
Page 68: Display Storm-Constrain
Member of group1: GigabitEthernet1/0/3 GigabitEthernet1/0/6 Member of group2: None Table 1-6 display port-group manual command output description Field Member of group display storm-constrain Syntax display storm-constrain [ broadcast | multicast ] [ interface interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters broadcast: Displays the information about storm constrain for broadcast packets.
Page 69: Duplex
Field PortName Abbreviated port name Type of the packets for which storm constrain function is enabled, which Type can be broadcast (for broadcast packets), and multicast (for multicast packets). LowerLimit Lower threshold (in pps, Kbps or percentage) UpperLimit Upper threshold (in pps, Kbps or percentage) Action to be taken when the upper threshold is reached, which can be CtrMode block, shutdown, and N/A.
Page 70: Flow-Control
Related commands: speed. 10-Gigabit Ethernet ports do not support this command. Examples # Configure the interface GigabitEthernet 1/0/1 to work in full-duplex mode. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] duplex full flow-control Syntax flow-control undo flow-control View Ethernet port view Default Level 2: System level Parameters...
Page 71: Flow-Interval
[Sysname] interface GigabitEthernet 1/0/1 [Sysname- GigabitEthernet1/0/1] flow-control flow-interval Syntax flow-interval interval undo flow-interval View Ethernet port view Default Level 2: System level Parameters interval: Interval at which the interface collects statistics. It ranges from 5 to 300 seconds and must be a multiple of 5.
Page 72: Interface
Description Use the group-member command to assign an Ethernet port or a list of Ethernet ports to the manual port group. Use the undo group-member command to remove an Ethernet port or a list of Ethernet ports from the manual port group. By default, there is no Ethernet port in a manual port group.
Page 73: Link-Delay
Default Level 2: System level Parameters .None Description Use the jumboframe enable command to allow jumbo frames with the length of 9216 bytes to pass through an Ethernet port. Use the undo jumboframe enable command to prevent frames longer than 1522 bytes from passing through an Ethernet port.
Page 74: Loopback
Description Use the link-delay command to configure the suppression time of physical-link-state changes on an Ethernet port. Use the undo link-delay command to restore the default suppression time. By default, the physical-link-state change suppression time is not configured. Examples # Set the up/down suppression time of the physical connection of an Ethernet port to 8 seconds. <Sysname>...
Page 75: Loopback-Detection Control Enable
<Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] loopback internal loopback-detection control enable Syntax loopback-detection control enable undo loopback-detection control enable View Ethernet port view Default Level 2: System level Parameters None Description Use the loopback-detection control enable command to enable loopback detection for a Trunk port or Hybrid port.
Page 76: Loopback-Detection Interval-Time
View System view, Ethernet port view Default Level 2: System level Parameters None Description Use the loopback-detection enable command to enable loopback detection globally or on a specified port. Use the undo loopback-detection enable command to disable loopback detection globally or on a specified port.
Page 77: Loopback-Detection Per-Vlan Enable
View System view Default Level 2: System level Parameters time: Time interval for performing port loopback detection, in the range 5 to 300 (in seconds). Description Use the loopback-detection interval-time command to configure time interval for performing port loopback detection. Use the undo loopback-detection interval-time command to restore the default time interval for port loopback detection, which is 30 seconds.
Page 78: Mdi
Examples # Enable loopback detection in all the VLANs to which the Hybrid port GigabitEthernet 1/1 belongs. <Sysname> system-view [Sysname] loopback-detection enable [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] loopback-detection enable [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] loopback-detection per-vlan enable Syntax mdi { across | auto | normal } undo mdi View Ethernet port view...
Page 79: Multicast-Suppression
multicast-suppression Syntax multicast-suppression { ratio | pps max-pps } undo multicast-suppression View Ethernet port view, port group view Default Level 2: System level Parameters ratio: Maximum percentage of multicast traffic to the total transmission capability of an Ethernet port, in the range 1 to 100.
Page 80: Port-Group Manual
If you set different suppression ratios in Ethernet port view or port-group view for multiple times, the latest configuration takes effect. Do not use the multicast-suppression command along with the storm-constrain command. Otherwise, the multicast storm suppression ratio configured may get invalid. Examples # For Ethernet port GigabitEthernet 1/0/1, allow multicast traffic equivalent to 20% of the total transmission capability of GigabitEthernet 1/0/1 to pass.
Page 81: Reset Counters Interface
<Sysname> system-view [Sysname] port-group manual group1 [Sysname-port-group-manual-group1] reset counters interface Syntax reset counters interface [ interface-type [ interface-number ] ] View User view Default Level 2: System level Parameters interface-type: Interface type. interface-number: Interface number. Description Use the reset counters interface command to clear the statistics of an interface. Before sampling network traffic within a specific period of time on an interface, you need to clear the existing statistics.
Page 82: Shutdown
interface-number: Number of a specified interface. Description Use the reset packet-drop interface command to clear statistics of dropped packets on an interface or multiple interfaces. Sometimes when you want to collect the statistics of dropped packets on an interface, you need to clear the old statistics on the interface first. If you do not specify an interface type or interface number, this command clears statistics of dropped packets on all the interfaces on the device.
Page 83: Speed
Examples # Shut down interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] shutdown # Bring up interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo shutdown speed Syntax speed { 10 | 100 | 1000 | auto } undo speed View Ethernet port view...
Page 84: Speed Auto
Examples # Configure the interface rate as 100 Mbps for interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] speed 100 speed auto Syntax speed auto [ 10 | 100 | 1000 ] * undo speed View Ethernet port view Default Level 2: System level Parameters...
Page 85: Storm-Constrain
If the auto negotiation rate range specified on the local port and that on the peer are the same, for example, 100 Mbps and 1000 Mbps are specified on both ends, the result of the interface rate auto negotiation is the larger value, that is, 1000 Mbps in the example. This function is available for auto-negotiation-capable Gigabit Layer-2 Ethernet electrical ports only..
Page 86: Storm-Constrain Control
For a 10-Gigabit port, the value range is 1 to 14881000. When the threshold is set in kbps: For a Gigabit port, the value range is 1 to 1000000. For a 10-Gigabit port, the value range is 1 to 10000000. When the threshold is set in percentages, that is, keyword ratio is used, the value range is 1 to 100.
Page 87: Storm-Constrain Enable Log
undo storm-constrain control View Ethernet port view Default Level 2: System level Parameters block: Blocks the traffic of a specific type on a port when the traffic detected exceeds the upper threshold. shutdown: Shuts down a port when a type of traffic exceeds the corresponding upper threshold. A port shut down by the storm constrain function stops forwarding all types of packets.
Page 88: Storm-Constrain Enable Trap
Use the undo storm-constrain enable log command to disable log sending. By default, log sending is enabled. Examples # Disable log sending for GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo storm-constrain enable log storm-constrain enable trap Syntax storm-constrain enable trap undo storm-constrain enable trap View...
Page 89: Unicast-Suppression
Default Level 2: System level Parameters seconds: Interval for generating traffic statistics, in the range 1 to 300 (in seconds). Description Use the storm-constrain interval command to set the interval for generating traffic statistics. Use the undo storm-constrain interval command to restore the default. By default, the interval for generating traffic statistics is 10 seconds.
Page 90 Note that: When a suppression granularity larger than 1 is specified on the device, the value of the pps keyword should be no smaller than and an integral multiple of the granularity. The unicast suppression threshold value configured through this keyword on an Ethernet port may not be the one that actually takes effect.
Page 91: Virtual-Cable-Test
virtual-cable-test Syntax virtual-cable-test View Ethernet port view Default Level 2: System level Parameters None Description Use the virtual-cable-test command to test the cable connected to the Ethernet port once and to display the testing result. The tested items include: Note that: When the cable is functioning properly, the cable length in the test result represents the total cable length;...
Page 92: Link Aggregation Configuration Commands
Link Aggregation Configuration Commands Link Aggregation Configuration Commands description Syntax description text undo description View Layer-2 aggregate interface view Default Level 2: System level Parameters text: Description of an Ethernet interface, a string of 1 to 80 characters. Currently, the device supports the following types of characters or symbols: standard English characters (numbers and case-sensitive letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard.
Page 93: Display Lacp System-Id
Examples # Set the description of interface Bridge-aggregation 1 to link-aggregation interface. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] description link-aggregation interface display lacp system-id Syntax display lacp system-id View Any view Default Level 1: Monitor level Parameters None Description Use the display lacp system-id command to display the system ID of the local system (that is, the actor).
Page 94 View Any view Default Level 1: Monitor level Parameters bridge-aggregation: Displays the load sharing mode of the aggregation group corresponding to the specified Layer 2 aggregate interface. interface-number: Specifies the number of an existing aggregate interface. Description Use the display link-aggregation load-sharing mode command to display load sharing mode for link aggregation groups.
Page 95: Display Link-Aggregation Member-Port
Bridge-Aggregation1 Load-Sharing Mode: destination-mac address, source-mac address # Display the link aggregation load sharing mode of each aggregation group. <Sysname> display link-aggregation load-sharing mode interface Bridge-Aggregation10 Load-Sharing Mode: destination-ip address, source-ip address Bridge-Aggregation20 Load-Sharing Mode: Layer 2 traffic: destination-mac address, source-mac address Layer 3 traffic: destination-ip address, source-ip address Table 2-2 display link-aggregation load-sharing mode command output description Field...
Page 96 Description Use the display link-aggregation member-port command to display the detailed link aggregation information of the specified interface(s) or all interfaces if no interface is specified. For an interface in a static aggregation group, only its port number and operational key are displayed, because it is not aware of the information of the partner.
Page 97: Display Link-Aggregation Summary
Table 2-3 display link-aggregation member-port command output description Field Flags Aggregation Interface Local: Port Number Port Priority Oper-key Flag Remote: System ID Port Number Port Priority Oper-key Flag Received LACP Packets Illegal Sent LACP Packets display link-aggregation summary Syntax display link-aggregation summary View Any view Description...
Page 98 Default Level 1: Monitor level Parameters None Description Use the display link-aggregation summary command to display the summary information of all aggregation groups. You may find out that information about the remote system for a static link aggregation group is either replaced by none or not displayed at all.
Page 99: Display Link-Aggregation Verbose
Field Select Ports Unselect Ports Share Type display link-aggregation verbose Syntax display link-aggregation verbose [ bridge-aggregation [ interface-number ] ] View Any view Default Level 1: Monitor level Parameters bridge-aggregation: Displays detailed information about the Layer-2 aggregate groups corresponding to Layer-2 aggregate interfaces. interface-number: Aggregate interface number.
Page 100 Aggregation Mode: Dynamic Loadsharing Type: Shar System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Oper-Key Flag ------------------------------------------------------------------------- GE1/0/6 32768 GE1/0/12 32768 Remote: Actor Partner Priority Oper-Key SystemID ------------------------------------------------------------------------- GE1/0/6 32768 GE1/0/12 32768 Table 2-5 display link-aggregation verbose command output description Field Loadsharing type: Loadsharing Type...
Page 101: Enable Snmp Trap Updown
Field Remote: Actor Partner Priority Oper-Key SystemID Flag enable snmp trap updown Syntax enable snmp trap updown undo enable snmp trap updown View Layer-2 aggregate interface view Default Level 2: System level Parameters None Description Use the enable snmp trap updown command to enable linkUp/linkDown trap generation for the current aggregate interface.
Page 102: Lacp Port-Priority
undo interface bridge-aggregation interface-number View System view Default Level 2: System level Parameters interface-number: Layer-2 aggregate interface number. The value range is 1 to 128 Description Use the interface bridge-aggregation command to create a Layer-2 aggregate interface and enter the Layer-2 aggregate interface view. Use the undo interface bridge-aggregation command to remove a Layer-2 aggregate interface.
Page 103: Lacp System-Priority
Examples # Set the LACP priority of GigabitEthernet 1/0/1 to 64. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lacp port-priority 64 lacp system-priority Syntax lacp system-priority system-priority undo lacp system-priority View System view Default Level 2: System level Parameters system-priority: LACP priority of the local system, in the range of 0 to 65535. Description Use the lacp system-priority command to set the LACP priority of the local system.
Page 104: Link-Aggregation Load-Sharing Mode (Aggregate Interface View)
Parameters destination-ip: Specifies to perform load sharing in link aggregation groups based on destination IP address. destination-mac: Specifies to perform load sharing in load-sharing link aggregation groups based on destination MAC address. destination-port: Specifies to perform load sharing in load-sharing link aggregation groups based on destination port.
Page 105: Link-Aggregation Mode
View Layer 2 aggregate interface view Default Level 2: System level Parameters destination-ip: Specifies to perform load sharing in link aggregation groups based on destination IP address. destination-mac: Specifies to perform load sharing in load-sharing link aggregation groups based on destination MAC address.
Page 106: Port Link-Aggregation Group
Default Level 2: System level Parameters None Description Use the link-aggregation mode dynamic command to configure an aggregation group to work in dynamic aggregation mode. Use the undo link-aggregation mode command to restore the default. By default, an aggregation group works in static aggregation mode. If there is any member port in an aggregation group, you cannot modify the aggregation mode of the aggregation group.
Page 107: Reset Counters Interface
Examples # Assign GigabitEthernet 1/0/1 to aggregation group 22. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-aggregation group 22 reset counters interface Syntax reset counters interface [ bridge-aggregation [ interface-number ] ] View User view Default Level 2: System level Parameters bridge-aggregation: Clears statistics for Layer 2 aggregate interfaces.
Page 108: Shutdown
View User view Default Level 1: Monitor level Parameters interface-type interface-number: Interface type and interface number. to: Specifies an interface range in the form of interface-type interface-number to interface-type interface-number, where the start interface number must be smaller than the end interface number. Note that both the start interface and the end interface are inclusive.
Page 109 [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] shutdown 2-18...
Page 110: Port Isolation Configuration Commands
Port Isolation Configuration Commands Port Isolation Configuration Commands display port-isolate group Syntax display port-isolate group View Any view Default Level 1: Monitor level Parameters None Description Use the display port-isolate group command to display information about the default isolation group (isolation group 1).
Page 111: Port-Isolate Enable
port-isolate enable Syntax port-isolate enable undo port-isolate enable View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters None Description Use the port-isolate enable command to add a port in Ethernet interface view or a group of ports in port group view to an isolation group as isolated ports.
Page 112 # Assign Layer-2 aggregate interface Bridge-aggregation 1 and its member ports to the isolation group on a single-isolation-group device. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] quit [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-aggregation group 1 [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface GigabitEthernet 1/0/2 [Sysname-GigabitEthernet1/0/2] port link-aggregation group 1 [Sysname-GigabitEthernet1/0/2] quit [Sysname] interface bridge-aggregation 1...
Page 113: Mstp Configuration Commands
MSTP Configuration Commands MSTP Configuration Commands active region-configuration Syntax active region-configuration View MST region view Default Level 2: System level Parameters None Description Use the active region-configuration command to activate your MST region configuration. Note that: The configuration of MST region–related parameters, especially the VLAN-to-instance mapping table, will cause MSTP to launch a new spanning tree calculation process, which may result in network topology instability.
Page 114: Bpdu-Drop Any
In order to avoid this problem, you can enable BPDU dropping on Ethernet ports. Once the function is enabled on a port, the port will not receive or forward any BPDU packets. In this way, the switch is protected against the BPDU packet attack and the STP calculation correctness is ensured.
Page 115: Display Stp
Description Use the check region-configuration command to view MST region configuration information not activated yet, including the region name, revision level, and VLAN-to-instance mapping settings. Note that: Two or more MSTP-enabled devices belong to the same MST region only if they are configured to have the same format selector, MST region name, the same VLAN-to-instance mapping entries in the MST region and the same MST region revision level, and they are interconnected via a physical link.
Page 116 Default Level 1: Monitor level Parameters instance instance-id: Displays the status and statistics information of a particular MSTI. The minimum value of instance-id is 0, representing the common internal spanning tree (CIST), and the maximum value of instance-id is 32. interface interface-list: Displays the MSTP status and statistics information on the ports specified by a port list, in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10>...
Page 117 MSTI global parameters: MSTI ID, bridge priority of the MSTI, regional root, internal path cost, MSTI root port, and master bridge. MSTI port parameters: Port status, role, priority, path cost, designated bridge, designated port, remaining hops, and whether rapid state transition enabled (for designated ports). The statistics information includes: The number of TCN BPDUs, configuration BPDUs, RST BPDUs and MST BPDUs sent from each port...
Page 118 <Sysname> display stp -------[CIST Global Info][Mode MSTP]------- CIST Bridge :32768.000f-e200-2200 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0.00e0-fc0e-6554 / 200200 CIST RegRoot/IRPC :32768.000f-e200-2200 / 0 CIST RootPortId :128.48 BPDU-Protection :disabled Bridge Config- Digest-Snooping :disabled TC or TCN received :2 Time since last TC :0 days 0h:5m:42s ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---- Port Protocol...
Page 119 CIST Bridge-Prio. :32768 MAC address :000f-e200-8048 Max age(s) Forward delay(s) Hello time(s) Max hops Table 4-3 display stp command output description Field CIST Bridge CIST bridge ID Major parameters for the bridge: Hello: Hello timer Bridge Times MaxAge: Max Age timer FWDly: Forward delay timer Max Hop: Max hops within the MST region CIST Root/ERPC...
Page 120: Display Stp Abnormal-Port
Field Protection Type MST BPDU Format Port Config- Digest-Snooping Rapid transition Num of Vlans Mapped PortTimes BPDU Sent BPDU Received MSTI RegRoot/IRPC MSTI RootPortId MSTI Root Type Master Bridge Cost to Master TC received Protocol Status Protocol Std. Version CIST Bridge-Prio. MAC address Max age(s) Forward delay(s)
Page 121: Display Stp Down-Port
View Any view Default Level 1: Monitor level Parameters None Description Use the display stp abnormal-port command to view the information about abnormally blocked ports. Any of the following reasons may cause a port to be abnormally blocked: Root guard function Loop guard function MSTP BPDU format incompatibility protection function Examples...
Page 122: Display Stp History
Parameters None Description Use the display stp down-port command to display the information about ports blocked by STP protection functions. These functions include: BPDU attack guard function MSTP BPDU format frequent change protection function Examples # View the information about ports blocked by STP protection functions. <Sysname>...
Page 123: Display Stp Region-Configuration
Description Use the display stp history command to view the historic port role calculation information of the specified MSTI or all MSTIs. Note that: If you do not specify an MSTI ID, this command will display the historic port role calculation information of all MSTIs.
Page 124: Display Stp Root
Parameters None Description Use the display stp region-configuration command to view the currently effective configuration information of the MST region, including the region name, revision level, and user-configured VLAN-to-instance mappings. Related commands: instance, region-name, revision-level, vlan-mapping modulo. Examples # View the currently effective MST region configuration information. <Sysname>...
Page 125: Display Stp
Description Use the display stp root command to view the root bridge information of all MSTIs. Examples # View the root bridge information of all MSTIs. <Sysname> display stp root MSTID Root Bridge ID 0.00e0-fc0e-6554 Table 4-8 display stp root command output description Field MSTID Root Bridge ID...
Page 126: Instance
Description Use the display stp tc command to view the statistics of TC/TCN BPDUs received and sent by all ports in an MSTI or all MSTIs. Note that: If you do not specify an MSTI ID, this command will display the statistics of TC/TCN BPDUs received and sent by all ports in all MSTIs.
Page 127: Region-Name
Description Use the instance command to map the specified VLANs to the specified MSTI. Use the undo instance command to remap the specified VLAN or all VLANs to the CIST (MSTI 0). By default, all VLANs are mapped to the CIST. Notice that: If you specify no VLAN in the undo instance command, all VLANs mapped to the specified MSTI will be remapped to the CIST.
Page 128: Reset Stp
Related commands: region-configuration, check region-configuration, active region-configuration. Examples # Set the MST region name of the device to hello. <Sysname> system-view [Sysname] stp region-configuration [Sysname-mst-region] region-name hello reset stp Syntax reset stp [ interface interface-list ] View User view Default Level 1: Monitor level Parameters interface interface-list: Specifies a port list, in the format of interface-list = { interface-type...
Page 129: Stp Bpdu-Protection
View MST region view Default Level 2: System level Parameters level: MSTP revision level, in the range of 0 to 65535. Description Use the region-level command to configure the MSTP revision level. Use the undo region-level command to restore the default MSTP revision level. By default, the MSTP revision level is 0.
Page 130: Stp Bridge-Diameter
Description Use the stp bpdu-protection command to enable the BPDU guard function. Use the undo stp bpdu-protection command to disable the BPDU guard function. By default, the BPDU guard function is disabled. Examples # Enable the BPDU guard function. <Sysname> system-view [Sysname] stp bpdu-protection stp bridge-diameter Syntax...
Page 131: Stp Compliance
stp compliance Syntax stp compliance { auto | dot1s | legacy } undo stp compliance View Ethernet interface view, port group view, Layer 2 aggregate interface view Default Level 2: System level Parameters auto: Configures the port(s) to recognize the MSTP BPDU format automatically and accordingly determine the format of MSTP BPDUs to send.
Page 132: Stp Cost
View System view, Ethernet interface view, port group view, Layer 2 aggregate interface view Default Level 2: System level Parameters None Description Use the stp config-digest-snooping command to enable Digest Snooping. Use the undo stp config-digest-snooping command to disable Digest Snooping. The feature is disabled by default.
Page 133: Stp Edged-Port
Parameters instance instance-id: Sets the path cost of the port(s) in a particular MSTI. The minimum value of instance-id is 0, representing the CIST, and the maximum value of instance-id is 32. cost: Path cost of the port, the effective range of which depends on the path cost calculation standard adopted.
Page 134: Stp Enable
Default Level 2: System level Parameters enable: Configures the current port(s) to be an edge port or edge ports. disable: Configures the current port(s) to be a non-edge port or non-edge ports. Description Use the stp edged-port enable command to configure the port(s) as an edge port or ports. Use the undo stp edged-port command to restore the default.
Page 135: Stp Loop-Protection
Parameters None Description Use the stp enable command to enable MSTP globally in system view, on a port in interface view, or on multiple ports in port group view. Use the undo stp enable command to disable MSTP globally or on the port(s). By default, MSTP is enabled on all ports and globally.
Page 136: Stp Max-Hops
Description Use the stp loop-protection command to enable the loop guard function on the port(s). Use the undo stp loop-protection command to restore the system default. By default, the loop guard function is disabled. Note that: Configured in Ethernet interface view, the setting takes effect on the current interface only; configured in port group view, the setting takes effect on all ports in the port group.
Page 137: Stp Mcheck
stp mcheck Syntax stp mcheck View System view, Ethernet interface view, Layer 2 aggregate interface view Default Level 2: System level Parameters None Description Use the stp mcheck command to carry out the mCheck operation globally or on the current port. If a port on a device running MSTP (or RSTP) connects to a device running STP, this port will automatically migrate to the STP-compatible mode.
Page 138: Stp No-Agreement-Check
undo stp mode View System view Default Level 2: System level Parameters stp: Configures the MSTP-enabled device to work in STP-compatible mode. rstp: Configures an MSTP-enabled device to work in RSTP mode. mstp: Configures an MSTP-enabled device to work in MSTP mode. Description Use the stp mode command to configure the MSTP work mode of the device.
Page 139: Stp Pathcost-Standard
Configured in Ethernet interface view, the setting takes effect on the current interface only; configured in port group view, the setting takes effect on all member ports in the port group. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface;...
Page 140: Stp Point-To-Point
Table 4-10 Link speed vs. path cost Link speed Duplex state — Single Port Aggregate Link 2 Ports 10 Mbps Aggregate Link 3 Ports Aggregate Link 4 Ports Single Port Aggregate Link 2 Ports 100 Mbps Aggregate Link 3 Ports Aggregate Link 4 Ports Single Port Aggregate Link 2 Ports...
Page 141: Stp Port Priority
Description Use the stp point-to-point command to configure the link type of the current port(s). Use the undo stp point-to-point command to restore the system default. The default setting is auto; namely the MSTP-enabled device automatically detects whether a port connects to a point-to-point link.
Page 142: Stp Port-Log
Description Use the stp port priority command to set the priority of the port(s). Use the undo stp port priority command to restore the system default. Port priority affects the role of a port in an MSTI. By default, the port priority is 128. Note that: Configured in Ethernet interface view, the setting takes effect on the current interface only;...
Page 143: Stp Priority
Use the undo stp port-log command to disable output of port state transition information for the specified MSTI or all MSTIs. This function is enabled by default. Examples # Enable output of port state transition information for MSTI 2. <Sysname> system-view [Sysname] stp port-log instance 2 %Aug 16 00:49:41:856 2006 Sysname MSTP/3/PDISC: Instance 2's GigabitEthernet1/0/1 has been set to discarding state!
Page 144: Stp Region-Configuration
stp region-configuration Syntax stp region-configuration undo stp region-configuration View System view Default Level 2: System level Parameters None Description Use the stp region-configuration command to enter MST region view. Use the undo stp region-configuration command to restore the default MST region configurations. By default, the default settings are used for all the three MST region parameters.
Page 145: Stp Root Secondary
Description Use the stp root primary command to configure the current device as the root bridge. Use the undo stp root command to restore the system default. By default, a device is not a root bridge in any MSTI. Note that: There is only one root bridge in effect in an MSTI.
Page 146: Stp Root-Protection
After specifying the current device as a secondary root bridge, you cannot change the priority of the device. Related commands: stp priority, stp root primary. Examples # Specify the current device as a secondary root bridge of MSTI 0. <Sysname> system-view [Sysname] stp instance 0 root secondary stp root-protection Syntax...
Page 147: Stp Tc-Protection Threshold
2: System level Parameters number: Maximum number of immediate forwarding address entry flushes that the switch can perform within a certain period of time after it receives the first TC-BPDU. The value range for the argument is 1 to 255.
Page 148: Stp Timer Forward-Delay
By default, the device can perform a maximum of six forwarding address entry flushes within 10 seconds after it receives the first TC-BPDU. Examples # Set the maximum number of forwarding address entry flushes that the device can perform within 10 seconds after it receives the first TC-BPDU to 10.
Page 149: Stp Timer Hello
Examples # Set the forward delay timer of the device to 2,000 centiseconds. <Sysname> system-view [Sysname] stp timer forward-delay 2000 stp timer hello Syntax stp timer hello time undo stp timer hello View System view Default Level 2: System level Parameters time: Hello time in centiseconds, ranging from 100 to 1000 at the step of 100.
Page 150: Stp Timer Max-Age
stp timer max-age Syntax stp timer max-age time undo stp timer max-age View System view Default Level 2: System level Parameters time: Max age in centiseconds, ranging from 600 to 4000 at the step of 100. Description Use the stp timer max-age command to set the max age timer of the device. Use the undo stp timer max-age command to restore the system default.
Page 151: Stp Transmit-Limit
View System view Default Level 2: System level Parameters factor: Timeout factor, in the range of 1 to 20. Description Use the stp timer-factor command to set the timeout factor, which decides the timeout time. Timeout time = timeout factor × 3 × hello time. Use the undo stp timer-factor command to restore the default.
Page 152: Vlan-Mapping Modulo
Description Use the stp transmit-limit command to set the maximum transmission rate of the port(s), that is, the maximum number of BPDUs the port(s) can send within each hello time. Use the undo stp transmit-limit command to restore the system default. By default, the maximum transmission rate of all ports of the device is 10, that is, each port can send up to 10 BPDUs within each hello time.
Page 153 This command maps each VLAN to the MSTI whose ID is (VLAN ID–1) %modulo + 1, where (VLAN ID-1) %modulo is the modulo operation for (VLAN ID–1). If the modulo value is 15, for example, then VLAN 1 will be mapped to MSTI 1, VLAN 2 to MSTI 2, VLAN 15 to MSTI 15, VLAN 16 to MSTI 1, and so on.
Page 154: Lldp Configuration Commands
LLDP Configuration Commands LLDP Configuration Commands display lldp local-information Syntax display lldp local-information [ global | interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters global: Displays the global LLDP information to be transmitted. interface interface-type interface-number: Displays the LLDP information to be sent out the interface specified by its type and number.
Page 155 FirmwareRev : 109 SoftwareRev : 5.20 Alpha 2101 SerialNum : NONE Manufacturer name : Manufacturer name Model name : Model name Asset tracking identifier : Unknown LLDP local-information of port 1[GigabitEthernet1/0/1]: Port ID subtype : Interface name Port ID : GigabitEthernet1/0/1 Port description : GigabitEthernet1/0/1 Interface Management address type Management address...
Page 156 Table 5-1 display lldp local-information command output description Field Global LLDP local-information Chassis ID System name System description System capabilities supported System capabilities enabled MED information Device class MED inventory information of master board HardwareRev FirmwareRev SoftwareRev SerialNum Manufacturer name Model name Asset tracking identifier LLDP local-information of port 1...
Page 157 Field Management address interface ID Management address OID Port VLAN ID(PVID) Port and protocol VLAN ID(PPVID) Port and protocol VLAN supported Port and protocol VLAN enabled VLAN name of VLAN 1 Auto-negotiation supported Auto-negotiation enabled OperMau PoE supported Link aggregation supported Link aggregation enabled Aggregation port ID Maximum frame Size...
Page 158: Display Lldp Neighbor-Information
display lldp neighbor-information Syntax display lldp neighbor-information [ brief | interface interface-type interface-number [ brief ] | list [ system-name system-name ] ] View Any view Default level 1: Monitor level Parameters brief: Displays the brief LLDP information sent by the neighboring devices. If the brief keyword is not specified, this command displays the detailed LLDP information sent by the neighboring devices.
Page 159 System capabilities enabled Management address type Management address Management address interface type : IfIndex Management address interface ID Management address OID Port VLAN ID(PVID): 1 Port and protocol VLAN ID(PPVID) : 1 Port and protocol VLAN supported : Yes Port and protocol VLAN enabled VLAN name of VLAN 1: VLAN 0001 Auto-negotiation supported : Yes Auto-negotiation enabled...
Page 160 Management address Management address interface type : IfIndex Management address interface ID Management address OID Port VLAN ID(PVID): 1 Port and protocol VLAN ID(PPVID) : 1 Port and protocol VLAN supported : Yes Port and protocol VLAN enabled VLAN name of VLAN 1: VLAN 0001 Auto-negotiation supported : Yes Auto-negotiation enabled : Yes...
Page 161 Field Chassis type Chassis ID Port ID type Port ID Port description System name System description System capabilities supported System capabilities enabled Management address type Management address Management address interface type Management address interface ID Management address OID Port VLAN ID Port and protocol VLAN ID(PPVID) Port and protocol VLAN supported...
Page 162 Field Auto-negotiation supported Auto-negotiation enabled OperMau Power port class PSE power supported PSE power enabled PSE pairs control ability Power pairs Port power classification Link aggregation supported Link aggregation enabled Aggregation port ID Maximum frame Size Location format Location Information PoE PSE power source PoE service type Port PSE Priority...
Page 163: Display Lldp Statistics
Field Unknown organizationally-defined TLV OUI TLV subtype Index TLV information Local Interface display lldp statistics Syntax display lldp statistics [ global | interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters global: Displays the global LLDP statistics. interface interface-type interface-number: Specifies a port by its type and number.
Page 164: Display Lldp Status
The number of LLDP TLVs discarded The number of LLDP TLVs unrecognized The number of LLDP neighbor information aged out : 0 The number of CDP frames transmitted The number of CDP frames received The number of CDP frames discarded The number of CDP error frames Table 5-3 display lldp statistics command output description Field...
Page 165 Default level 1: Monitor level Parameters interface interface-type interface-number: Specifies a port by its type and number. Description Use the display lldp status command to display the LLDP status of a port. If no port is specified, this command displays the LLDP status of all the ports. Examples # Display the LLDP status of all the ports.
Page 166: Display Lldp Tlv-Config
Field Reinit delay Transmit delay Trap interval Fast start times Port 1 Port status of LLDP Admin status Trap Flag Rolling interval Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown display lldp tlv-config Syntax display lldp tlv-config [ interface interface-type interface-number ]...
Page 167 Examples # Display the advertisable TLVs of port GigabitEthernet1/0/1. <Sysname> display lldp tlv-config interface GigabitEthernet 1/0/1 LLDP tlv-config of port 1[GigabitEthernet1/0/1]: NAME Basic optional TLV: Port Description TLV System Name TLV System Description TLV System Capabilities TLV Management Address TLV IEEE 802.1 extend TLV: Port VLAN ID TLV Port And Protocol VLAN ID TLV...
Page 168: Lldp Admin-Status
Field IEEE 802.3 extended TLV LLDP-MED extend TLV lldp admin-status Syntax lldp admin-status { disable | rx | tx | txrx } undo lldp admin-status View Ethernet interface view, port group view Default level 2: System level Parameters disable: Specifies the Disable mode. A port in this mode does not send or receive LLDPDUs. rx: Specifies the Rx mode.
Page 169: Lldp Check-Change-Interval
lldp check-change-interval Syntax lldp check-change-interval interval undo lldp check-change-interval View Ethernet interface view, port group view Default level 2: System level Parameters interval: LLDP polling interval to be set, in the range 1 to 30 (in seconds). Description Use the lldp check-change-interval command to enable LLDP polling and set the polling interval. Use the undo lldp check-change-interval command to restore the default.
Page 170: Lldp Compliance Cdp
Description Use the lldp compliance admin-status cdp command to configure the operation mode of CDP-compatible LLDP on a port or port group. By default, CDP-compatible LLDP operates in disable mode. To have your device work with Cisco IP phones, you must enable CDP-compatible LLDP globally and then configure CDP-compatible LLDP to work in TxRx mode on the specified port(s).
Page 171: Lldp Enable
lldp enable Syntax lldp enable undo lldp enable View System view, Ethernet interface view, port group view Default level 2: System level Parameters None Description Use the lldp enable command to enable LLDP. Use the undo lldp enable command to disable LLDP. By default, LLDP is disabled globally and enabled on a port.
Page 172: Lldp Fast-Count
Use the undo lldp encapsulation command to restore the default encapsulation format for LLDPDUs. By default, Ethernet II encapsulation applies. The command does not apply to LLDP-CDP packets, which use only SNAP encapsulation. Examples # Configure the encapsulation format for LLDPDUs as SNAP on GigabitEthernet1/0/1. <Sysname>...
Page 173: Lldp Hold-Multiplier
lldp hold-multiplier Syntax lldp hold-multiplier value undo lldp hold-multiplier View System view Default level 2: System level Parameters value: TTL multiplier, in the range 2 to 10. Description Use the lldp hold-multiplier command to set the TTL multiplier. Use the undo lldp hold-multiplier command to restore the default. The TTL multiplier defaults to 4.
Page 174: Lldp Management-Address-Tlv
Parameters None Description Use the lldp management-address-format string command to configure the encapsulation format of the management address as strings in TLVs. Use the undo lldp management-address-format command to restore the default. By default, the management address is encapsulated in the form of numbers in TLVs. Examples # Configure GigabitEthernet1/0/1 to encapsulate the management address in the form of strings in management address TLVs.
Page 175: Lldp Notification Remote-Change Enable
[Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lldp management-address-tlv 192.6.0.1 lldp notification remote-change enable Syntax lldp notification remote-change enable undo lldp notification remote-change enable View Ethernet interface view, port group view Default level 2: System level Parameters None Description Use the lldp notification remote-change enable command to enable trap for a port or all the ports in a port group.
Page 176: Lldp Timer Reinit-Delay
Description Use the lldp timer notification-interval command to set the interval to send LLDP trap messages. Use the undo lldp timer notification-interval command to restore the default. By default, the interval to send LLDP trap messages is 5 seconds. Examples # Set the interval to send LLDP trap messages to 8 seconds.
Page 177: Lldp Timer Tx-Interval
Default level 2: System level Parameters delay: Delay period to send LLDPDUs, in the range 1 to 8192 (in seconds). Description Use the lldp timer tx-delay command to set the delay period to send LLDPDUs. Use the undo lldp timer tx-delay command to restore the default. By default, the delay period to send LLDPDUs is 2 seconds.
Page 178: Lldp Tlv-Enable
lldp tlv-enable Syntax lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id | protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] } | dot3-tlv { all | link-aggregation | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | location-id { civic-address device-type country-code { ca-type ca-value }&<1-10>...
Page 179 Inserts the address information about the intermediate device in location identification TLVs . device-type: Device type value. A value of 0 specifies DHCP server; a value of 1 specifies switch, and a value of 2 specifies LLDP-MED endpoint. country-code: Country code, confirming to ISO 3166.
Page 180: Vlan Configuration Commands
VLAN Configuration Commands VLAN Configuration Commands description Syntax description text undo description View VLAN view, VLAN interface view Default Level 2: System level Parameters text: Case-sensitive string that describes the current VLAN or VLAN interface. Spaces can be included in the description. For a VLAN, this is a string of 1 to 32 characters.
Page 181: Display Interface Vlan-Interface
display interface vlan-interface Syntax display interface vlan-interface [ vlan-interface-id ] View Any view Default Level 1: Monitor level Parameters vlan-interface-id: VLAN interface number, in the range of the numbers of existing VLANs on the device. Description Use the display interface vlan-interface command to display information about a specified or all VLAN interfaces if no interface is specified.
Page 182: Display Vlan
Field Description The Maximum Transmit Unit Internet protocol processing : IP Packet Frame Type Hardware address IPv6 Packet Frame Type display vlan Syntax display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] View Any view Default Level...
Page 183: Interface Vlan-Interface
Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: GigabitEthernet1/0/11 Untagged Ports: none # Display VLAN 3 information. <Sysname> display vlan 3 VLAN ID: 3 VLAN Type: static Route Interface: configured IP Address: 1.1.1.1 Subnet Mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: none...
Page 184: Ip Address
Default Level 2: System level Parameters vlan-interface-id: VLAN interface number, in the range of 1 to 4094. Description Use the interface vlan-interface command to create a VLAN interface and enter its view or enter the view of an existing VLAN interface. Before you can create the VLAN interface of a VLAN, create the VLAN first.
Page 185: Name
VLAN configuration to ports that have passed the authentication. Some servers can send IDs or names of the issued VLANs to the switch. When there are a large number of VLANs, you can use VLAN names rather than VLAN IDs to better locate VLANs.
Page 186: Shutdown
Examples # Configure the name of VLAN 2 as test vlan. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] name test vlan shutdown Syntax shutdown undo shutdown View VLAN interface view Default Level 2: System level Parameters None Description Use the shutdown command to shut down a VLAN interface. Use the undo shutdown command to bring up a VLAN interface.
Page 187 View System view Default Level 2: System level Parameters vlan-id1, vlan-id2: VLAN ID, in the range 1 to 4094. vlan-id1 to vlan-id2: Specifies a VLAN range. A VLAN ID is in the range 1 to 4094. Note that vlan-id2 must be equal to or greater than vlan-id1. all: Creates or removes all VLANs except reserved VLANs.
Page 188: Port-Based Vlan Configuration Commands
Port-Based VLAN Configuration Commands display port Syntax display port { hybrid | trunk } View Any view Default Level 1: Monitor level Parameters hybrid: Displays hybrid ports. trunk: Displays trunk ports. Description Use the display port command to display information about the hybrid or trunk ports on the device, including the port names, default VLAN IDs, and allowed VLAN IDs.
Page 189: Port
port Syntax port interface-list undo port interface-list View VLAN view Default Level 2: System level Parameters interface interface-list: Specifies an Ethernet port list or Layer-2 aggregate interface list, in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10>...
Page 190: Port Hybrid Pvid Vlan
Parameters vlan-id: VLAN ID, in the range of 1 to 4094. Be sure that the VLAN specified by the VLAN ID already exists. Description Use the port access vlan command to assign the current access port(s) to the specified VLAN. Use the undo port access vlan command to restore the default.
Page 191: Port Hybrid Vlan
Parameters vlan-id: VLAN ID, in the range of 1 to 4094. Description Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port. Use the undo port hybrid pvid command to restore the default. By default, the default VLAN of a hybrid port is VLAN 1.
Page 192 View Ethernet interface view, port group view, Layer-2 aggregate interface view Default Level 2: System level Parameters vlan-id-list: VLANs that the hybrid ports will be assigned to. This argument is expressed in the format of [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where vlan-id ranges from 1 to 4094 and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges.
Page 193: Port Link-Type
[Sysname-port-group-manual-2] port link-type hybrid [Sysname-port-group-manual-2] port hybrid vlan 2 untagged Configuring GigabitEthernet1/0/1... Done. Configuring GigabitEthernet1/0/2... Done. Configuring GigabitEthernet1/0/3... Done. Configuring GigabitEthernet1/0/4... Done. Configuring GigabitEthernet1/0/5... Done. Configuring GigabitEthernet1/0/6... Done. # Assign the hybrid Layer-2 aggregate interface Bridge-aggregation 1 and its member ports to VLAN 2, and configure them to send packets of VLAN 2 with tags removed.
Page 194: Port Trunk Permit Vlan
configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.
Page 195 all: Permits all VLANs to pass through the trunk port(s). On GVRP-enabled trunk ports, you must configure the port trunk permit vlan all command to ensure that the traffic of all dynamically registered VLANs can pass through. However, When GVRP is disabled on a port, you are discouraged to configure the command on the port.
Page 196: Port Trunk Pvid Vlan
Configuring GigabitEthernet1/0/3... Done. Among the output fields above, the message “Please wait... Done” indicates that the configuration on Bridge-aggregation 1 succeeded; “Error: Failed to configure on interface GigabitEthernet1/0/2! This port is not a Trunk port!” indicates that the configuration failed on GigabitEthernet 1/0/2 because GigabitEthernet 1/0/2 was not a trunk port;...
Page 197: Mac Address-Based Vlan Configuration Commands
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk pvid vlan 100 # Configure VLAN 100 as the default VLAN of the trunk Layer-2 aggregate interface Bridge-aggregation 1, assuming Bridge-aggregation 1 does not have member ports. <Sysname>...
Page 198: Display Mac-Vlan Interface
If mac-address mac-addr is specified while mask is not specified, only the MAC address-to-VLAN entry containing the specified MAC address is displayed. Examples # Display all the MAC address-to-VLAN entries. <Sysname> display mac-vlan all The following MAC-VLAN address exist: S: Static D: Dynamic MAC ADDR MASK...
Page 199: Mac-Vlan Enable
Description Use the display mac-vlan interface command to display all the ports with MAC address-based VLAN enabled. Related commands: mac-vlan enable. Examples # Display all the interfaces with MAC address-based VLAN enabled. <Sysname> display mac-vlan interface MAC VLAN is enabled on following ports: --------------------------------------- GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 mac-vlan enable...
Page 200: Vlan Precedence
View System view Default Level 2: System level Parameters mac-address mac-address: Specifies a MAC address. vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. priority pri: Specifies the 802.1p priority value corresponding to the specified MAC address. This argument is in the range of 0 to 7.
Page 201: Protocol-Based Vlan Configuration Commands
created on a port, MAC address-to-VLAN entries configured with the mask keyword specified are matched preferentially, and the left VLAN entries (VLAN entries based on a single MAC address and IP subnet-based VLANs) are matched as configured by the vlan precedence command. Examples # Configure to match VLANs based on MAC addresses preferentially on GigabitEthernet 1/0/1.
Page 202: Display Protocol-Vlan Vlan
Field Protocol Type display protocol-vlan vlan Syntax display protocol-vlan vlan { vlan-id1 [ to vlan-id2 ] | all } View Any view Default Level 2: System level Parameters vlan-id1: ID of the protocol-based VLAN for which information is to be displayed, in the range of 1 to 4094.
Page 203: Port Hybrid Protocol-Vlan
port hybrid protocol-vlan Syntax port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all } undo port hybrid protocol-vlan { vlan vlan-id { protocol-index [ to protocol-end ] | all } | all } View Ethernet interface view, port group view, Layer-2 aggregate interface view Default Level 2: System level Parameters...
Page 204: Protocol-Vlan
[Sysname-vlan2] quit [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type hybrid [Sysname-GigabitEthernet1/0/1] port hybrid vlan 2 untagged Please wait... Done [Sysname-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 2 0 # Associate the hybrid Layer-2 aggregate interface Bridge-aggregation 1 with protocol 0 in VLAN 2, assuming that Bridge-aggregation 1 does not have member ports.
Page 205 Default Level 2: System level Parameters at: Specifies the AppleTalk based VLAN. ipv4: Specifies the IPv4 based VLAN. ipv6: Specifies the IPv6 based VLAN. ipx: Specifies the IPX based VLAN. The keywords ethernetii, llc, raw, and snap are encapsulation formats for IPX. mode: Configures a user-defined protocol template for the VLAN, which could also have four encapsulation formats, namely, ethernetii, llc, raw, and snap.
Page 206: Ip Subnet-Based Vlan Configuration Commands
Use the undo protocol-vlan command to remove the configured protocol template. By default, no VLAN is bound with any protocol template. Related commands: display protocol-vlan vlan. Do not configure a VLAN as both a protocol-based VLAN and a voice VLAN. Examples # Configure VLAN 3 as an IPv4 based VLAN.
Page 207: Display Ip-Subnet-Vlan Vlan
Parameters interface-list: Specifies an Ethernet port list in the format of interface-list = { interface-type interface-number interface-number represents the port type and port number and &<1-10> indicates that you can specify up to 10 ports or port ranges. all: Displays IP subnet-based VLAN information about all the ports with IP subnet-based VLAN configured.
Page 208: Ip-Subnet-Vlan
all: Specifies all the VLANs. Description Use the display ip-subnet-vlan vlan command to display the IP subnet information and IP subnet indexes on the specified VLAN(s). Related commands: display vlan. Examples # Display the IP subnet information of all VLANs. <Sysname>...
Page 209: Port Hybrid Ip-Subnet-Vlan Vlan
ip-subnet-end: End IP subnet index, in the range of 0 to 11. This argument must be greater than or equal to the beginning IP subnet index. all: Removes all the associations between VLANs and IP subnets or IP addresses. Description Use the ip-subnet-vlan command to associate the current VLAN with a specified IP subnet or IP address.
Page 210 configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.
Page 211 Configuring GigabitEthernet1/0/2... Done. Configuring GigabitEthernet1/0/3... Done. [Sysname-Bridge-Aggregation1] port hybrid ip-subnet-vlan vlan 3 6-32...
Page 212: Isolate-User-Vlan Configuration Commands
Isolate-User-VLAN Configuration Commands Isolate-User-VLAN Configuration Commands display isolate-user-vlan Syntax display isolate-user-vlan [ isolate-user-vlan-id ] View Any view Default Level 1: Monitor level Parameters isolate-user-vlan-id: Isolate-user-VLAN ID, in the range of 1 to 4094. Description Use the display isolate-user-vlan command to display the mapping between an isolate-user-vlan and secondary VLAN(s), and the information of these VLANs.
Page 213: Isolate-User-Vlan
Isolate-user-VLAN type : secondary Route Interface: configured IP Address: 2.2.2.2 Subnet Mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/2 VLAN ID: 4 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0004 Name: VLAN 0004 Tagged Ports: none...
Page 214 View System view Default Level 2: System level Parameters isolate-user-vlan-id: Isolate-user-VLAN ID, in the range 1 to 4094. secondary secondary-vlan-id [ to secondary-vlan-id ]: Specifies a secondary VLAN ID or a secondary VLAN ID range. The secondary-vlan-id argument is a secondary VLAN ID, in the range 1 to 4094. Description Use the isolate-user-vlan command to associate an isolate-user-VLAN with the specified secondary VLAN(s).
Page 215: Isolate-User-Vlan Enable
[Sysname-vlan4] port gigabitethernet 1/0/4 [Sysname-vlan4] quit [Sysname] isolate-user-vlan 2 secondary 3 to 4 isolate-user-vlan enable Syntax isolate-user-vlan enable undo isolate-user-vlan enable View VLAN view Default Level 2: System level Parameters None Description Use the isolate-user-vlan enable command to configure the current VLAN as an isolate-user-VLAN. Use the undo isolate-user-vlan enable command to remove the isolate-user-VLAN configuration for the current VLAN.
Page 216: Voice Vlan Configuration Commands
Voice VLAN Configuration Commands Voice VLAN Configuration Commands display voice vlan oui Syntax display voice vlan oui View Any view Default Level 1: Monitor level Parameters None Description Use the display voice vlan oui command to display the currently supported organizationally unique identifier (OUI) addresses, the OUI address masks, and the description strings.
Page 217: Display Voice Vlan State
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone Table 8-1 display voice vlan oui command output description Field Oui Address Mask Description display voice vlan state Syntax display voice vlan state View Any view Default Level 1: Monitor level Parameters None...
Page 218: Voice Vlan Aging
Table 8-2 display voice vlan state command output description Field Maximum of Voice VLANs Current Voice VLANs Voice VLAN security mode Voice VLAN aging time Voice VLAN enabled port and its mode PORT VLAN MODE voice vlan aging Syntax voice vlan aging minutes undo voice vlan aging View System view...
Page 219: Voice Vlan Enable
You can enable the voice VLAN feature on a hybrid or trunk port operating in automatic voice VLAN assignment mode but not on an access port operating in automatic voice VLAN assignment mode. You can configure different voice VLANs for different ports. An Switch 4510G ts up to eight voice VLANs globally.
Page 220 Parameters mac-address: Source MAC address of voice traffic, in the format of H-H-H, such as 1234-1234-1234. mask oui-mask: Specifies the valid length of the OUI address by a mask in the format of H-H-H, formed by consecutive Fs and 0s, for example, FFFF-0000-0000. To filter the voice device of a specific vendor, set the mask to FFFF-FF00-0000.
Page 221: Voice Vlan Mode Auto
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone 1234-1200-0000 ffff-ff00-0000 PhoneA # Remove the OUI address 1234-1200-0000. <Sysname> system-view [Sysname] undo voice vlan mac-address 1234-1200-0000 voice vlan mode auto Syntax voice vlan mode auto undo voice vlan mode auto View Ethernet interface view...
Page 222 View System view Default Level 2: System level Parameters None Description Use the voice vlan security enable command to enable voice VLAN security mode. Use the undo voice vlan security enable command to disable voice VLAN security mode. By default, voice VLAN security mode is not enabled. Examples # Disable voice VLAN security mode.
Page 223: Gvrp Configuration Commands
GVRP Configuration Commands GVRP Configuration Commands display garp statistics Syntax display garp statistics [ interface interface-list ] View Any view Default Level 1: Monitor level Parameters interface interface-list: Defines one or multiple Ethernet ports for which the GARP statistics will be displayed.
Page 224: Display Garp Timer
GARP statistics on port GigabitEthernet1/0/1 Number of GVRP Frames Received Number of GVRP Frames Transmitted Number of Frames Discarded GARP statistics on port GigabitEthernet1/0/2 Number of GVRP Frames Received Number of GVRP Frames Transmitted Number of Frames Discarded display garp timer Syntax display garp timer [ interface interface-list ] View...
Page 225: Display Gvrp Local-Vlan Interface
display gvrp local-vlan interface Syntax display gvrp local-vlan interface interface-type interface-number View Any view Default Level 0: Visit level Parameters interface interface-type interface-number: Specifies an interface by its type and number. Description Use the display gvrp local-vlan interface command to display the local VLAN information maintained by GVRP on the specified port.
Page 226: Display Gvrp Statistics
GVRP state of VLAN 2 on port GigabitEthernet1/0/1 Applicant state machine Registrar state machine display gvrp statistics Syntax display gvrp statistics [ interface interface-list ] View Any view Default Level 1: Monitor level Parameters interface interface-list: Defines one or multiple Ethernet ports. You can provide up to 10 Ethernet port lists, by each of which you can specify an individual port in the form of interface-type interface-number, or a port range in the form of interface-type interface-number1 to interface-type interface-number2, where the end-port number specified by interface-number2 must be greater than the start-port number...
Page 227: Display Gvrp Status
display gvrp status Syntax display gvrp status View Any view Default Level 1: Monitor level Parameters None Description Use the display gvrp status command to display the global enable/disable state of GVRP. Examples # Display the global GVRP enable/disable state. <Sysname>...
Page 228: Garp Timer Hold
Operations of adding VLAN to TRUNK Operations of deleting VLAN from TRUNK garp timer hold Syntax garp timer hold timer-value undo garp timer hold View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters timer-value: Hold timer setting (in centiseconds), which must be a multiple of 5 in the range of 10 (inclusive) and half of the Join timer setting (inclusive).
Page 229: Garp Timer Leave
View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters timer-value: Join timer setting (in centiseconds), which must be a multiple of 5 in the range of two times the Hold timer (inclusive) and half of the Leave timer (inclusive). When the Hold timer and the Leave timer are set to their default, the value range for the Join timer is 20 (inclusive) to 25 (inclusive).
Page 230: Garp Timer Leaveall
aggregate interface, or all ports in a port group. Use the undo garp timer leave command to restore the default of the GARP Leave timer. This may fail if the default is beyond the valid value range for the Leave timer. By default, the Leave timer is set to 60 centiseconds.
Page 231: Gvrp
gvrp Syntax gvrp undo gvrp View System view, Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters None Description Use the gvrp command to enable GVRP globally (in system view), on a port (in Ethernet or Layer-2 aggregate interface view), or on all ports in a port group (in port group view).
Page 232: Reset Garp Statistics
Parameters fixed: Sets the registration type to fixed. forbidden: Sets the registration type to forbidden. normal: Sets the registration type to normal. Description Use the gvrp registration command to configure the GVRP registration type on a port (in Ethernet or Layer-2 aggregate interface view) or all ports in a port group (in port group view).
Page 233 The cleared statistics include the statistics about GVRP packets sent, received and dropped. You can use this command in conjunction with the display garp statistics command to display GARP statistics. Related commands: display gvrp statistics. Examples # Clear the GARP statistics on all ports. <Sysname>...
Page 234: Qinq Configuration Commands
(SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers. The selective QinQ feature of the Switch 4510G series can be achieved through the cooperation between QoS policies. For the configuration commands of traffic classes, traffic behaviors, and other QoS policy-related functions, see QoS Commands in the QoS Volume.
Page 235: Raw-Vlan-Id Inbound
The nest action cannot be applied to a VLAN or globally. Related commands: qos policy, traffic behavior, classifier behavior. Examples # Configure an outer VLAN tag for a traffic behavior. <Sysname> system-view [Sysname] traffic behavior database [Sysname-behavior-database] nest top-most vlan-id 100 raw-vlan-id inbound Syntax raw-vlan-id inbound { all | vlan-list }...
Page 236: Qinq Enable
Examples # Configure GigabitEthernet 1/0/1 to tag frames of VLAN 3, VLAN 5, and VLAN 20 through VLAN 100 with SVLAN 100. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] qinq vid 100 [Sysname-GigabitEthernet1/0/1-vid-100] raw-vlan-id inbound 3 5 20 to 100 qinq enable Syntax qinq enable...
Page 237: Qinq Ethernet-Type
[Sysname] port-group manual 1 [Sysname-port-group-manual-1] group-member gigabitethernet 1/0/1 to gigabitethernet 1/0/6 [Sysname-port-group-manual-1] qinq enable qinq ethernet-type Syntax qinq ethernet-type hex-value undo qinq ethernet-type View System view Default Level 2: System level Parameters hex-value: Hexadecimal protocol type value, in the range of 0x0001 to 0xFFFF. However, do not set it to any of the protocol type values listed in Table 10-1 Common protocol type values Protocol type...
Page 238: Qinq Vid
Configuration made in system view takes effect on all ports. Examples # Set the TPID value to 0x8200 globally. <Sysname> system-view [Sysname] qinq ethernet-type 8200 qinq vid Syntax qinq vid vlan-id undo qinq vid vlan-id View Ethernet interface view, Layer-2 aggregate interface view, port group view Default Level 2: System level Parameters...
Page 239 [Sysname] port-group manual 1 [Sysname-port-group-manual-1] group-member gigabitethernet 1/0/1 to gigabitethernet 1/0/6 [Sysname-port-group-manual-1] qinq vid 10 10-6...
Page 240: Bpdu Tunneling Configuration Commands
BPDU Tunneling Configuration Commands BPDU Tunneling Configuration Commands bpdu-tunnel dot1q Syntax In Ethernet interface view or port group view: bpdu-tunnel dot1q { cdp | dldp | eoam | gvrp | hgmp | lacp | lldp | pagp | pvst | stp | udld | vtp } undo bpdu-tunnel dot1q { cdp | dldp | eoam | gvrp | hgmp | lacp | lldp | pagp | pvst | stp | udld | vtp } In Layer 2 aggregate interface view:...
Page 241: Bpdu-Tunnel Tunnel-Dmac
Use the undo bpdu-tunnel dot1q command to disable BPDU tunneling for a protocol on the port or ports. By default, BPDU tunneling for any protocol is disabled. Note that: Settings made in Ethernet interface view or Layer 2 aggregate interface view take effect only on the current port;...
Page 242 Parameters mac-address: Destination multicast MAC address for BPDUs, in the format of H-H-H. The allowed values 0x0100-0CCD-CDD0, 0x010F-E200-0003. Description Use the bpdu-tunnel tunnel-dmac command to configure the destination multicast MAC address for BPDUs. Use the undo bpdu-tunnel tunnel-dmac command to restore the default value. By default, the destination multicast MAC address for BPDUs is 0x010F-E200-0003.
Page 243: Port Mirroring Configuration Commands
Port Mirroring Configuration Commands Port Mirroring Configuration Commands display mirroring-group Syntax display mirroring-group { groupid | all | local | remote-destination | remote-source } View Any view Default Level 2: System level Parameters groupid: Number of the port mirroring group to be displayed, in the range of 1 to 4. all: Displays all port mirroring groups.
Page 244: Mirroring-Group
monitor egress port: GigabitEthernet1/0/11 remote-probe vlan: 200 Table 12-1 Description on the fields of the display mirroring-group command Field mirroring-group type status mirroring port monitor port monitor egress port remote-probe vlan mirroring-group Syntax mirroring-group groupid { local | remote-destination | remote-source } undo mirroring-group { groupid | all | local | remote-destination | remote-source } View System view...
Page 245: Mirroring-Group Mirroring-Port
create the remote source mirroring group on the device where the mirroring port is located and create the remote destination mirroring group on the device where the monitor port is located. Examples # Create a local port mirroring group numbered 1. <Sysname>...
Page 246: Mirroring-Group Monitor-Egress
You cannot add a mirroring port for a remote destination mirroring group. When removing a mirroring port from a mirroring group, make sure the traffic direction you specified in the undo mirroring-group mirroring-port command matches the actual monitored direction of the port. Examples # Configure mirroring ports in port mirroring group 1, assuming that the mirroring group already exists.
Page 247: Mirroring-Group Monitor-Port
The outbound port cannot be a member port of the current mirroring group. It is not recommended to configure STP, RSTP, MSTP, 802.1X, IGMP Snooping, static ARP and MAC address learning on the outbound mirroring port; otherwise, the mirroring function may be affected.
Page 248: Mirroring-Group Remote-Probe Vlan
The destination mirroring port can be an access, trunk, or hybrid port. It must be assigned to the remote mirroring VLAN. A remote source port mirroring group cannot contain destination ports. Before configuring the destination port for a port mirroring group, make sure the port mirroring group exists.
Page 249: Mirroring-Port
Examples # Specify VLAN 2 as the remote probe VLAN of port mirroring group 1, assuming that VLAN 2 already exists. <Sysname> system-view [Sysname] mirroring-group 1 remote-source [Sysname] mirroring-group 1 remote-probe vlan 2 mirroring-port Syntax [ mirroring-group groupid ] mirroring-port { inbound | outbound | both } undo [ mirroring-group groupid ] mirroring-port { inbound | outbound | both } View Ethernet port view...
Page 250: Monitor-Port
monitor-port Syntax [ mirroring-group groupid ] monitor-port undo [ mirroring-group groupid ] monitor-port View Ethernet port view Default Level 2: System level Parameters groupid: Number of a local or remote destination mirroring group, in the range of 1 to 4. Description Use the monitor-port command to assign the current port to a local or remote destination mirroring group as the monitor port.
Page 251 1 IP Addressing Configuration Commands ·······························································································1-1 IP Addressing Configuration Commands································································································1-1 display ip interface···························································································································1-1 display ip interface brief···················································································································1-3 ip address ········································································································································1-4 2 ARP Configuration Commands················································································································2-1 ARP Configuration Commands···············································································································2-1 arp check enable ·····························································································································2-1 arp max-learning-num ·····················································································································2-1 arp static ··········································································································································2-2 arp timer aging·································································································································2-3 display arp ·······································································································································2-3 display arp ip-address ·····················································································································2-5 display arp timer aging ····················································································································2-6...
Page 252 arp rate-limit·····································································································································4-8 ARP Detection Configuration Commands·······························································································4-9 arp detection enable ························································································································4-9 arp detection mode························································································································4-10 arp detection static-bind ················································································································4-10 arp detection trust··························································································································4-11 arp detection validate ····················································································································4-12 display arp detection······················································································································4-13 display arp detection statistics·······································································································4-13 reset arp detection statistics··········································································································4-14 5 DHCP Relay Agent Configuration Commands ·······················································································5-1 DHCP Relay Agent Configuration Commands ·······················································································5-1 dhcp relay address-check ···············································································································5-1 dhcp relay information circuit-id format-type ···················································································5-2...
Page 253 dhcp-snooping information remote-id string ····················································································7-6 dhcp-snooping information strategy ································································································7-7 dhcp-snooping trust ·························································································································7-7 display dhcp-snooping·····················································································································7-8 display dhcp-snooping information··································································································7-9 display dhcp-snooping packet statistics ························································································7-10 display dhcp-snooping trust···········································································································7-11 reset dhcp-snooping ······················································································································7-11 reset dhcp-snooping packet statistics ···························································································7-12 8 BOOTP Client Configuration Commands ·······························································································8-1 BOOTP Client Configuration Commands ·······························································································8-1 display bootp client ··························································································································8-1 ip address bootp-alloc ·····················································································································8-2 9 DNS Configuration Commands················································································································9-1...
Page 254 11 UDP Helper Configuration Commands································································································11-1 UDP Helper Configuration Commands ·································································································11-1 display udp-helper server ··············································································································11-1 reset udp-helper packet·················································································································11-1 udp-helper enable··························································································································11-2 udp-helper port ······························································································································11-2 udp-helper server ··························································································································11-3 12 IPv6 Basics Configuration Commands ·······························································································12-1 IPv6 Basics Configuration Commands ·································································································12-1 display dns ipv6 dynamic-host ······································································································12-1 display dns ipv6 server ··················································································································12-2 display ipv6 fib ·······························································································································12-3 display ipv6 host ····························································································································12-4...
Page 255 reset ipv6 pathmtu ·······················································································································12-40 reset ipv6 statistics ······················································································································12-41 reset tcp ipv6 statistics ················································································································12-41 reset udp ipv6 statistics ···············································································································12-42 tcp ipv6 timer fin-timeout ·············································································································12-42 tcp ipv6 timer syn-timeout ···········································································································12-43 tcp ipv6 window ···························································································································12-43 13 sFlow Configuration Commands ·········································································································13-1 sFlow Configuration Commands···········································································································13-1 display sflow ··································································································································13-1 sflow agent ip·································································································································13-2 sflow collector ip ····························································································································13-3...
Page 256: Ip Addressing Configuration Commands
IP Addressing Configuration Commands IP Addressing Configuration Commands display ip interface Syntax display ip interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display ip interface command to display information about a specified or all Layer 3 interfaces.
Page 257 Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 1-1 display ip interface command output description Field current state Line protocol current state Internet Address Broadcast address The Maximum Transmit Unit input packets, bytes, multicasts...
Page 258: Display Ip Interface Brief
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: display ip interface brief Syntax display ip interface brief [ interface-type [ interface-number ] ] View...
Page 259: Ip Address
<Sysname> display ip interface brief vlan-interface *down: administratively down (s): spoofing Interface Vlan-interface1 Vlan-interface2 Table 1-2 display ip interface brief command output description Field *down: administratively down (s) : spoofing Interface Physical Protocol IP Address Description ip address Syntax ip address ip-address { mask | mask-length } [ sub ] undo ip address [ ip-address { mask | mask-length } [ sub ] ] View Interface view...
Page 260 mask-length: Subnet mask length, the number of consecutive ones in the mask. sub: Secondary IP address for the interface. Description Use the ip address command to assign an IP address and mask to the interface. Use the undo ip address command to remove all IP addresses from the interface. Use the undo ip address ip-address { mask | mask-length } command to remove the primary IP address.
Page 261: Arp Configuration Commands
ARP Configuration Commands ARP Configuration Commands arp check enable Syntax arp check enable undo arp check enable View System view Default Level 2: System level Parameters None Description Use the arp check enable command to enable ARP entry check. With this function enabled, the device cannot learn any ARP entry with a multicast MAC address.
Page 262: Arp Static
Default Level 2: System level Parameters number: Maximum number of dynamic ARP entries that a interface can learn. The value is in the range 0 to 256. Description Use the arp max-learning-num command to configure the maximum number of dynamic ARP entries that a interface can learn.
Page 263: Arp Timer Aging
The vlan-id argument is used to specify the corresponding VLAN of an ARP entry and must be the ID of an existing VLAN. In addition, the Ethernet interface following the argument must belong to that VLAN. The VLAN interface of the VLAN must have been created. Related commands: reset arp, display arp.
Page 264 Default Level 1: Monitor level Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. slot slot-number: Displays the ARP entries for the specified device. If the device is in an IRF, the slot-number argument represents the member ID of the device; if the device is not in any IRF, the slot-number argument represents the device ID.
Page 265: Display Arp Ip-Address
Field Aging Type Vpn-instance Name # Display the number of all ARP entries. <Sysname> display arp all count Total entry(ies): 4 display arp ip-address Syntax display arp ip-address [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default Level...
Page 266: Display Arp Timer Aging
display arp timer aging Syntax display arp timer aging View Any view Default Level 2: System level Parameters None Description Use the display arp timer aging command to display the aging time for dynamic ARP entries. Related commands: arp timer aging. Examples # Display the aging time for dynamic ARP entries.
Page 267: Gratuitous Arp Configuration Commands
Description Use the reset arp command to clear ARP entries except authorized ARP entries from the ARP mapping table. With interface interface-type interface-number or slot slot-number specified, the command clears only dynamic ARP entries of the interface or the specified device in the IRF. Related commands: arp static, display arp.
Page 268 View System view Default Level 2: System level Parameters None Description Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function. Use the undo gratuitous-arp-learning enable command to disable the function. By default, the function is enabled. With this function enabled, a device receiving a gratuitous ARP packet can add the source IP and MAC addresses carried in the packet to its own dynamic ARP table if it finds no ARP entry in the cache corresponding to the source IP address of the ARP packet exists;...
Page 269: Proxy Arp Configuration Commands
Proxy ARP Configuration Commands Proxy ARP Configuration Commands display local-proxy-arp Syntax display local-proxy-arp [ interface vlan-interface vlan-id ] View Any view Default Level 2: System level Parameters interface vlan-interface vlan-id: Displays the local proxy ARP status of the specified VLAN interface. Description Use the display local-proxy-arp command to display the status of the local proxy ARP.
Page 270: Local-Proxy-Arp Enable
Description Use the display proxy-arp command to display the proxy ARP status. If an interface is specified, proxy ARP status of the specified interface is displayed; if no interface is specified, proxy ARP status of all interfaces is displayed. Related commands: proxy-arp enable. Examples # Display the proxy ARP status on VLAN-interface 1.
Page 271 View VLAN interface view Default Level 2: System level Parameters None Description Use the proxy-arp enable command to enable proxy ARP. Use the undo proxy-arp enable command to disable proxy ARP. By default, proxy ARP is disabled. Related commands: display proxy-arp. Examples # Enable proxy ARP on VLAN-interface 2.
Page 272: Arp Attack Defense Configuration Commands
ARP Attack Defense Configuration Commands ARP Source Suppression Configuration Commands arp source-suppression enable Syntax arp source-suppression enable undo arp source-suppression enable View System view Default Level 2: System level Parameters None Description Use the arp source-suppression enable command to enable the ARP source suppression function. Use the undo arp source-suppression enable command to disable the function.
Page 273: Display Arp Source-Suppression
Parameters limit-value: Specifies the maximum number of packets with the same source IP address but unresolvable destination IP addresses that the device can receive in five seconds. It ranges from 2 to 1024. Description Use the arp source-suppression limit command to set the maximum number of packets with the same source IP address but unresolvable destination IP addresses that the device can receive in five seconds.
Page 274: Arp Defense Against Ip Packet Attack Configuration Commands
Table 4-1 display arp source-suppression command output description Field ARP source suppression is enabled Current suppression limit Current cache length ARP Defense Against IP Packet Attack Configuration Commands arp resolving-route enable Syntax arp resolving-route enable undo arp resolving-route enable View System view Default Level 2: System level...
Page 275: Source Mac Address Based Arp Attack Detection Configuration Commands
View System view Default Level 2: System level Parameters None Description Use the arp anti-attack active-ack enable command to enable the ARP active acknowledgement function. Use the undo arp anti-attack active-ack enable command to restore the default. By default, the ARP active acknowledgement function is disabled. Typically, this feature is configured on gateway devices to identify invalid ARP packets.
Page 276: Arp Anti-Attack Source-Mac Aging-Time
Default Level 2: System level Parameters filter: Specifies the filter mode. monitor: Specifies the monitor mode. Description Use the arp anti-attack source-mac command to enable source MAC address based ARP attack detection and specify the detection mode. Use the undo arp anti-attack source-mac command to restore the default. By default, source MAC address based ARP attack detection is disabled.
Page 277: Arp Anti-Attack Source-Mac Exclude-Mac
By default, the aging timer for protected MAC addresses is 300 seconds (five minutes). Examples # Configure the aging timer for protected MAC addresses as 60 seconds. <Sysname> system-view [Sysname] arp anti-attack source-mac aging-time 60 arp anti-attack source-mac exclude-mac Syntax arp anti-attack source-mac exclude-mac mac-address&<1-n>...
Page 278: Display Arp Anti-Attack Source-Mac
Default Level 2: System level Parameters threshold-value: Threshold for source MAC address based ARP attack detection, in the range 10 to 100. Description Use the arp anti-attack source-mac threshold command to configure the threshold for source MAC address based ARP attack detection. If the number of ARP packets sent from a MAC address within five seconds exceeds this threshold, the device considers this an attack.
Page 279: Arp Packet Source Mac Address Consistency Check Configuration Commands
<Sysname> display arp anti-attack source-mac slot 1 Source-MAC VLAN-ID 23f3-1122-3344 4094 23f3-1122-3355 4094 23f3-1122-33ff 4094 23f3-1122-33ad 4094 23f3-1122-33ce 4094 ARP Packet Source MAC Address Consistency Check Configuration Commands arp anti-attack valid-ack enable Syntax arp anti-attack valid-check enable undo arp anti-attack valid-check enable View System view Default Level...
Page 280: Arp Detection Configuration Commands
undo arp rate-limit View Layer 2 Ethernet port view Default Level 2: System level Parameters disable: Disables ARP packet rate limit. rate pps: ARP packet rate in pps, in the range 50 to 500. drop: Discards the exceeded packets. Description Use the arp rate-limit command to configure or disable ARP packet rate limit.
Page 281: Arp Detection Mode
By default, ARP detection is disabled for a VLAN. Examples # Enable ARP detection for VLAN 1. <Sysname> system-view [Sysname] vlan 1 [Sysname-Vlan1] arp detection enable arp detection mode Syntax arp detection mode { dhcp-snooping | dot1x | static-bind } undo arp detection mode { dhcp-snooping | dot1x | static-bind } View System view...
Page 282: Arp Detection Trust
undo arp detection static-bind [ ip-address ] View System view Default Level 2: System level Parameters ip-address: IP address of the static binding. mac-address: MAC address of the static binding, in the format of H-H-H. Description Use the arp detection static-bind command to configure a static IP-to-MAC binding. Use the undo arp detection static-bind command to remove the configure static binding.
Page 283: Arp Detection Validate
Parameters None Description Use the arp detection trust command to configure the port as an ARP trusted port. Use the undo arp detection trust command to configure the port as an ARP untrusted port. By default, the port is an ARP untrusted port. Examples # Configure GigabitEthernet 1/0/1 as an ARP trusted port.
Page 284: Display Arp Detection
Examples # Enable the checking of the MAC addresses and IP addresses of ARP packets. <Sysname> system-view [Sysname] arp detection validate dst-mac src-mac ip display arp detection Syntax display arp detection View Any view Default Level 1: Monitor level Parameters None Description Use the display arp detection command to display the VLAN(s) enabled with ARP detection.
Page 285: Reset Arp Detection Statistics
Parameters interface interface-type interface-number: Displays the ARP detection statistics of a specified interface. Description Use the display arp detection statistics command to display statistics about ARP detection. This command only displays numbers of discarded packets. If no interface is specified, the statistics of all the interfaces will be displayed.
Page 286 Description Use the reset arp detection statistics command to clear ARP detection statistics of a specified interface. If no interface is specified, the statistics of all the interfaces will be cleared. Examples # Clear the ARP detection statistics of all the interfaces. <Sysname>...
Page 287: Dhcp Relay Agent Configuration Commands
DHCP Relay Agent Configuration Commands The DHCP relay agent configuration is supported only on VLAN interfaces. DHCP Relay Agent Configuration Commands dhcp relay address-check Syntax dhcp relay address-check { disable | enable } View Interface view Default Level 2: System level Parameters disable: Disables IP address match check on the relay agent.
Page 288: Dhcp Relay Information Circuit-Id Format-Type
[Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay address-check enable dhcp relay information circuit-id format-type Syntax dhcp relay information circuit-id format-type { ascii | hex } undo dhcp relay information circuit-id format-type View Interface view Default Level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii.
Page 289: Dhcp Relay Information Enable
Default Level 2: System level Parameters circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. Description Use the dhcp relay information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option. Use the undo dhcp relay information circuit-id string command to restore the default.
Page 290: Dhcp Relay Information Format
Examples # Enable Option 82 support on the relay agent. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information enable dhcp relay information format Syntax dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } undo dhcp relay information format [ verbose node-identifier ] View...
Page 291: Dhcp Relay Information Remote-Id Format-Type
Using the undo dhcp relay information format command without the keyword verbose node-identifier restores the default normal padding format, or with the keyword verbose node-identifier restores the mac mode of the verbose padding format. If configuring the handling strategy of the DHCP relay agent as replace, you need to configure a padding format of Option 82.
Page 292: Dhcp Relay Information Remote-Id String
This command applies to configuring the non-user-defined remote ID sub-option only. After you configure the padding content for the remote ID sub-option using the dhcp relay information remote-id string command, ASCII is adopted as the code type. Examples # Configure the code type for the non-user-defined remote ID sub-option as ascii. <Sysname>...
Page 293: Dhcp Relay Information Strategy
Examples # Configure the padding content for the remote ID sub-option as device001. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay information remote-id string device001 dhcp relay information strategy Syntax dhcp relay information strategy { drop | keep | replace } undo dhcp relay information strategy View Interface view...
Page 294: Dhcp Relay Security Static
Default Level 2: System level Parameters client-ip: DHCP client IP address. Description Use the dhcp relay release ip command to request the DHCP server to release a specified client IP address. Examples # Request the DHCP server to release the IP address 1.1.1.1. <Sysname>...
Page 295: Dhcp Relay Security Tracker
When using the dhcp relay security static command to bind an interface to a static client entry, make sure that the interface is configured as a DHCP relay agent; otherwise, entry conflicts may occur. The undo dhcp relay security interface command is used to remove all the dynamic client entries from the interface.
Page 296: Dhcp Relay Server-Detect
dhcp relay server-detect Syntax dhcp relay server-detect undo dhcp relay server-detect View System view Default Level 2: System level Parameters None Description Use the dhcp relay server-detect command to enable unauthorized DHCP server detection. Use the undo dhcp relay server-detect command to disable unauthorized DHCP server detection. By default, unauthorized DHCP server detection is disabled.
Page 297: Dhcp Relay Server-Select
ip ip-address: DHCP server IP address. Description Use the dhcp relay server-group command to specify a DHCP server for a DHCP server group. Use the undo dhcp relay server-group command to remove a DHCP server from a DHCP server group, if no ip ip-address is specified, all servers in the DHCP server group and the server group itself will be removed.
Page 298: Dhcp Select Relay
The DHCP server group referenced in this command should have been configured by using the dhcp relay server-group command. Related commands: dhcp relay server-group. Examples # Correlate VLAN-interface 1 to DHCP server group 1. <Sysname> system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] dhcp relay server-select 1 dhcp select relay Syntax...
Page 299: Display Dhcp Relay
display dhcp relay Syntax display dhcp relay { all | interface interface-type interface-number } View Any view Default Level 1: Monitor level Parameters all: Displays information of DHCP server groups that all interfaces correspond to. interface interface-type interface-number: Displays information of the DHCP server group that a specified interface corresponds to.
Page 300: Display Dhcp Relay Security
interface interface-type interface-number: Displays the Option 82 configuration information of a specified interface. Description Use the display dhcp relay information command to display Option 82 configuration information on the DHCP relay agent. Examples # Display the Option 82 configuration information of all interfaces. <Sysname>...
Page 301: Display Dhcp Relay Security Statistics
Examples # Display information about all bindings. <Sysname> display dhcp relay security IP Address MAC Address 10.1.1.1 00e0-0000-0001 Static 10.1.1.5 00e0-0000-0000 Static 2 dhcp-security item(s) found Table 5-2 display dhcp relay security command output description Field IP Address Client IP address MAC Address Client MAC address Type...
Page 302: Display Dhcp Relay Security Tracker
Table 5-3 display dhcp relay security statistics command output description Field Static Items Dynamic Items Temporary Items All Items display dhcp relay security tracker Syntax display dhcp relay security tracker View Any view Default Level 1: Monitor level Parameters None Description Use the display dhcp relay security tracker command to display the interval for refreshing dynamic bindings on the relay agent.
Page 303: Display Dhcp Relay Statistics
all: Displays the information of all DHCP server groups. Description Use the display dhcp relay server-group command to display the configuration information of a specified or all DHCP server groups. Examples # Display IP addresses of DHCP servers in DHCP server group 1. <Sysname>...
Page 304 Bad packets received: DHCP packets received from clients: DHCPDISCOVER packets received: DHCPREQUEST packets received: DHCPINFORM packets received: DHCPRELEASE packets received: DHCPDECLINE packets received: BOOTPREQUEST packets received: DHCP packets received from servers: DHCPOFFER packets received: DHCPACK packets received: DHCPNAK packets received: BOOTPREPLY packets received: DHCP packets relayed to servers: DHCPDISCOVER packets relayed:...
Page 305: Reset Dhcp Relay Statistics
BOOTPREQUEST Server -> Client: DHCPOFFER DHCPACK DHCPNAK BOOTPREPLY reset dhcp relay statistics Syntax reset dhcp relay statistics [ server-group group-id ] View User view Default Level 1: Monitor level Parameters server-group group-id: Specifies a server group ID (in the range of 0 to 19) about which to remove statistics from the relay agent.
Page 306: Dhcp Client Configuration Commands
DHCP Client Configuration Commands The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be the Windows 2000 Server or Windows 2003 Server.
Page 307 Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds DHCP server: 40.1.1.2 # Display verbose DHCP client information. <Sysname> display dhcp client verbose Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59...
Page 308: Ip Address Dhcp-Alloc
Field DNS server Domain name Boot server Client ID T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. ip address dhcp-alloc Syntax ip address dhcp-alloc [ client-identifier mac interface-type interface-number ] undo ip address dhcp-alloc View Interface view Default Level 2: System level Parameters...
Page 309 [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address dhcp-alloc...
Page 310: Dhcp Snooping Configuration Commands
DHCP Snooping Configuration Commands The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
Page 311: Dhcp-Snooping Information Circuit-Id Format-Type
<Sysname> system-view [Sysname] dhcp-snooping dhcp-snooping information circuit-id format-type Syntax dhcp-snooping information circuit-id format-type { ascii | hex } undo dhcp-snooping information circuit-id format-type View Layer 2 Ethernet port view Default Level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex.
Page 312: Dhcp-Snooping Information Enable
Default Level 2: System level Parameters vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. Description Use the dhcp-snooping information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option.
Page 313: Dhcp-Snooping Information Format
Description Use the dhcp-snooping information enable command to configure DHCP snooping to support Option 82. Use the undo dhcp-snooping information enable command to disable this function. By default, DHCP snooping does not support Option 82. Examples # Configure DHCP snooping to support Option 82. <Sysname>...
Page 314: Dhcp-Snooping Information Remote-Id Format-Type
Note that when you use the undo dhcp-snooping information format command, if the verbose node-identifier argument is not specified, the padding format will be restored to normal; if the verbose node-identifier argument is specified, the padding format will be restored to verbose with MAC address as the node identifier.
Page 315: Dhcp-Snooping Information Remote-Id String
dhcp-snooping information remote-id string Syntax dhcp-snooping information [ vlan vlan-id ] remote-id string { remote-id | sysname } undo dhcp-snooping information [ vlan vlan-id ] remote-id string View Layer 2 Ethernet port view Default Level 2: System level Parameters vlan vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. remote-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 1 to 63 characters.
Page 316: Dhcp-Snooping Information Strategy
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabiEthernet1/0/1] dhcp-snooping information remote-id string device001 dhcp-snooping information strategy Syntax dhcp-snooping information strategy { drop | keep | replace } undo dhcp-snooping information strategy View Layer 2 Ethernet interface view Default Level 2: System level Parameters drop: Drops the requesting message containing Option 82.
Page 317: Display Dhcp-Snooping
Default Level 2: System level Parameters no-user-binding: Specifies the port not to record the clients’ IP-to-MAC bindings in DHCP requests it receives. The command without this keyword records the IP-to-MAC bindings of clients. Description Use the dhcp-snooping trust command to configure a port as a trusted port. Use the undo dhcp-snooping trust command to restore the default state of a port.
Page 318: Display Dhcp-Snooping Information
Examples # Display all DHCP snooping entries. <Sysname> display dhcp-snooping DHCP Snooping is enabled. The client binding table for all untrusted ports. Type : D--Dynamic , S--Static Type IP Address ==== =============== 10.1.1.1 00e0-fc00-0006 1 dhcp-snooping item(s) found Table 7-1 display dhcp snooping command output description Field Type IP Address...
Page 319: Display Dhcp-Snooping Packet Statistics
<Sysname> display dhcp-snooping information all Interface: GigabiEthernet 1/0/1 Status: Enable Strategy: Replace Format: Verbose Circuit ID format-type: HEX Remote ID format-type: ASCII Node identifier: aabbcc User defined: Circuit ID: company001 Interface: GigabiEthernet 1/0/2 Status: Disable Strategy: Keep Format: Normal Circuit ID format-type: HEX Remote ID format-type: ASCII User defined: Circuit ID: company001...
Page 320: Display Dhcp-Snooping Trust
Examples # Display DHCP packet statistics on the DHCP snooping device. <Sysname> display dhcp-snooping packet statistics DHCP packets received DHCP packets sent Packets dropped due to rate limitation : 20 Dropped invalid packets display dhcp-snooping trust Syntax display dhcp-snooping trust View Any view Default Level...
Page 321: Reset Dhcp-Snooping Packet Statistics
Default Level 1: Monitor level Parameters all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entries of the specified IP address. Description Use the reset dhcp-snooping command to clear DHCP snooping entries. For an IRF, DHCP snooping entries on all devices will be cleared after you execute this command. Examples # Clear all DHCP snooping entries.
Page 322: Bootp Client Configuration Commands
BOOTP Client Configuration Commands BOOTP client configuration can only be used on VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server. You are not recommended to enable both the DHCP client and the DHCP snooping on the same device.
Page 323: Ip Address Bootp-Alloc
Vlan-interface1 BOOTP client information: Allocated IP: 169.254.0.2 255.255.0.0 Transaction ID = 0x3d8a7431 Mac Address 00e0-fc0a-c3ef Table 8-1 display bootp client command output description Field Vlan-interface1 BOOTP client information Allocated IP Transaction ID Mac Address ip address bootp-alloc Syntax ip address bootp-alloc undo ip address bootp-alloc View Interface view...
Page 324 [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address bootp-alloc...
Page 325: Dns Configuration Commands
DNS Configuration Commands This document only covers IPv4 DNS configuration commands. For introduction to IPv6 DNS configuration commands, refer to IPv6 Basics Commands in the IP Services Volume. DNS Configuration Commands display dns domain Syntax display dns domain [ dynamic ] View Any view Default Level...
Page 326: Display Dns Dynamic-Host
Table 9-1 display dns domain command output description Field Sequence number Type of domain name suffix: S represents a statically configured domain Type name suffix, and D represents a domain name suffix obtained dynamically through DHCP. Domain-name Domain name suffix display dns dynamic-host Syntax display dns dynamic-host...
Page 327: Display Dns Server
A domain name in the display dns dynamic-host command contains 21 characters at most. If a domain name consists of more than 21 characters, only the first 21 characters are displayed. display dns server Syntax display dns server [ dynamic ] View Any view Default Level...
Page 328: Display Ip Host
display ip host Syntax display ip host View Any view Default Level 1: Monitor level Parameters None Description Use the display ip host command to display the host names and corresponding IP addresses in the static domain name resolution table. Examples # Display the host names and corresponding IP addresses in the static domain name resolution table.
Page 329: Dns Proxy Enable
Default Level 2: System level Parameters domain-name: Domain name suffix, consisting of character strings separated by a dot (for example, aabbcc.com). Each separated string contains no more than 63 characters. A domain name suffix may include case-insensitive letters, digits, hyphens (-), underscores (_), and dots (.), with a total length of 238 characters.
Page 330: Dns Resolve
<Sysname> system-view [Sysname] dns proxy enable dns resolve Syntax dns resolve undo dns resolve View System view Default Level 2: System level Parameters None Description Use the dns resolve command to enable dynamic domain name resolution. Use the undo dns resolve command to disable dynamic domain name resolution. Dynamic domain name resolution is disabled by default.
Page 331: Ip Host
No DNS server is specified by default. You can configure a maximum of six DNS servers, including those with IPv6 addresses. Related commands: display dns server. Examples # Specify the DNS server 172.16.1.1. <Sysname> system-view [Sysname] dns server 172.16.1.1 ip host Syntax ip host hostname ip-address undo ip host hostname [ ip-address ]...
Page 332 View User view Default Level 2: System level Parameters None Description Use the reset dns dynamic-host command to clear the dynamic domain name resolution information. Related commands: display dns dynamic-host. Examples # Clear the dynamic domain name resolution information. <Sysname> reset dns dynamic-host...
Page 333: Ip Performance Optimization Configuration Commands
IP Performance Optimization Configuration Commands IP Performance Optimization Configuration Commands display fib Syntax display fib [ | { begin | include | exclude } regular-expression | acl acl-number | ip-prefix ip-prefix-name ] View Any view Default Level 1: Monitor level Parameters |: Uses a regular expression to match FIB entries.
Page 334 U:Useable G:Gateway H:Host R:Relay Destination/Mask Nexthop 10.2.0.0/16 10.2.1.1 10.2.1.1/32 127.0.0.1 127.0.0.0/8 127.0.0.1 127.0.0.1/32 127.0.0.1 # Display FIB information passing ACL 2000. <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.255 [Sysname-acl-basic-2000] display fib acl 2000 Destination count: 2 FIB entry count: 2 Flag: U:Useable...
Page 335: Display Fib Ip-Address
Table 10-1 display fib command output description Field Destination count FIB entry count Destination/Mask Nexthop Flag OutInterface InnerLabel Token display fib ip-address Syntax display fib ip-address [ mask | mask-length ] View Any view Default Level 1: Monitor level Parameters ip-address: Destination IP address, in dotted decimal notation.
Page 336: Display Icmp Statistics
<Sysname> display fib 10.2.1.1 Destination count: 1 Flag: U:Useable G:Gateway R:Relay Destination/Mask Nexthop 10.2.1.1/32 127.0.0.1 For description about the above output, refer to display icmp statistics Syntax display icmp statistics [ slot slot-number ] View Any view Default Level 1: Monitor level Parameters slot slot-number: Displays the ICMP statistics on the specified device.
Page 337: Display Ip Socket
time exceeded 0 Table 10-2 display icmp statistics command output description Field bad formats bad checksum echo destination unreachable source quench redirects echo reply parameter problem timestamp information request mask requests mask replies information reply time exceeded display ip socket Syntax display ip socket [ socktype sock-type ] [ task-id socket-id ] [ slot slot-number ] View...
Page 338 Examples # Display the TCP socket information. <Sysname> display ip socket SOCK_STREAM: Task = VTYD(38), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_REUSEPORT SO_SENDVPNID(3073) SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = HTTP(36), socketid = 1, Proto = 6, LA = 0.0.0.0:80, FA = 0.0.0.0:0,...
Page 339 Task = AGNT(51), socketid = 1, Proto = 17, LA = 0.0.0.0:161, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM SO_SENDVPNID(3073), socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RDSO(56), socketid = 1, Proto = 17, LA = 0.0.0.0:1024, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, socket option = SO_UDPCHECKSUM,...
Page 340: Display Ip Statistics
socket state = SS_PRIV SS_NBIO SS_ASYNC Task = RSVP(73), socketid = 1, Proto = 46, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 4194304, rcvbuf = 4194304, sb_cc = 0, rb_cc = 0, socket option = 0, socket state = SS_PRIV SS_NBIO SS_ASYNC Table 10-3 display ip socket command output description Field SOCK_STREAM...
Page 341 Description Use the display ip statistics command to display statistics of IP packets. Related commands: display ip interface (in IP Addressing Commands of the IP Services Volume), reset ip statistics. Examples # Display statistics of IP packets. <Sysname> display ip statistics Input: bad protocol bad checksum...
Page 342: Display Tcp Statistics
display tcp statistics Syntax display tcp statistics View Any view Default Level 1: Monitor level Parameters None Description Use the display tcp statistics command to display statistics of TCP traffic. Related commands: display tcp status, reset tcp statistics. Examples # Display statistics of TCP traffic. <Sysname>...
Page 343 Initiated connections: 0, accepted connections: 22, established connections: 22 Closed connections: 49 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 10-5 display tcp statistics command output description Field Total packets in sequence window probe packets window update packets checksum error...
Page 344: Display Tcp Status
Field Initiated connections accepted connections established connections Closed connections Packets dropped with MD5 authentication Packets permitted with MD5 authentication display tcp status Syntax display tcp status View Any view Default Level 1: Monitor level Parameters None Description Use the display tcp status command to display status of all TCP connections for monitoring TCP connections.
Page 345: Display Udp Statistics
Field State display udp statistics Syntax display udp statistics View Any view Default Level 1: Monitor level Parameters None Description Use the display udp statistics command to display statistics of UDP packets. Related commands: reset udp statistics. Examples # Display statistics of UDP packets. <Sysname>...
Page 346: Ip Forward-Broadcast (Interface View)
Field broadcast/multicast(no socket on port) not delivered, input socket full input packets missing pcb cache Sent Total packets: ip forward-broadcast (interface view) Syntax ip forward-broadcast [ acl acl-number ] undo ip forward-broadcast View Interface view Default Level 2: System level Parameters acl acl-number: Access control list number, in the range 2000 to 3999.
Page 347: Ip Forward-Broadcast (System View)
ip forward-broadcast (system view) Syntax ip forward-broadcast undo ip forward-broadcast View System view Default Level 1: Monitor level Parameters None Description Use the ip forward-broadcast command to enable the device to receive directed broadcasts. Use the undo ip forward-broadcast command to disable the device from receiving directed broadcasts.
Page 348: Ip Ttl-Expires Enable
Examples # Enable sending of ICMP redirect packets. <Sysname> system-view [Sysname] ip redirects enable ip ttl-expires enable Syntax ip ttl-expires enable undo ip ttl-expires View System view Default Level 2: System level Parameters None Description Use the ip ttl-expires enable command to enable the sending of ICMP timeout packets. Use the undo ip ttl-expires command to disable sending ICMP timeout packets.
Page 349: Reset Ip Statistics
Parameters None Description Use the ip unreachables enable command to enable the sending of ICMP destination unreachable packets. Use the undo ip unreachables command to disable sending ICMP destination unreachable packets. Sending ICMP destination unreachable packets is disabled by default. Examples # Enable sending ICMP destination unreachable packets.
Page 350: Reset Udp Statistics
View User view Default Level 2: System level Parameters None Description Use the reset tcp statistics command to clear statistics of TCP traffic. Related commands: display tcp statistics. Examples # Display statistics of TCP traffic. <Sysname> reset tcp statistics reset udp statistics Syntax reset udp statistics View...
Page 351: Tcp Timer Syn-Timeout
Default Level 2: System level Parameters time-value: Length of the TCP finwait timer in seconds, in the range 76 to 3,600. Description Use the tcp timer fin-timeout command to configure the length of the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default. By default, the length of the TCP finwait timer is 675 seconds.
Page 352: Tcp Window
[Sysname] tcp timer syn-timeout 80 tcp window Syntax tcp window window-size undo tcp window View System view Default Level 2: System level Parameters window-size: Size of the send/receive buffer in KB, in the range 1 to 32. Description Use the tcp window command to configure the size of the TCP send/receive buffer. Use the undo tcp window command to restore the default.
Page 353: Udp Helper Configuration Commands
UDP Helper Configuration Commands UDP Helper Configuration Commands display udp-helper server Syntax display udp-helper server [ interface interface-type interface-number ] View Any view Default Level 2: System level Parameters interface interface-type interface-number: Displays information of forwarded UDP packets on the specified interface.
Page 354: Udp-Helper Enable
Default Level 2: System level Parameters None Description Use the reset udp-helper packet command to clear the statistics of UDP packets forwarded. Related commands: display udp-helper server. Examples # Clear the statistics of the forwarded UDP packets. <Sysname> reset udp-helper packet udp-helper enable Syntax udp-helper enable...
Page 355: Udp-Helper Server
undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } View System view Default Level 2: System level Parameters port-number: UDP port number with which packets need to be forwarded, in the range of 1 to 65535 (except 67 and 68).
Page 356 Parameters ip-address: IP address of the destination server, in dotted decimal notation. Description Use the udp-helper server command to specify the destination server which UDP packets need to be forwarded to. Use the undo udp-helper server command to remove the destination server. No destination server is configured by default.
Page 357: Ipv6 Basics Configuration Commands
IPv6 Basics Configuration Commands IPv6 Basics Configuration Commands display dns ipv6 dynamic-host Syntax display dns ipv6 dynamic-host View Any view Default Level 1: Monitor level Parameters None Description Use the display dns ipv6 dynamic-host command to display IPv6 dynamic domain name information, including the domain name, IPv6 address, and TTL of the DNS entries.
Page 358: Display Dns Ipv6 Server
For a domain name displayed with the display dns ipv6 dynamic-host command, no more than 21 characters can be displayed. If the domain name exceeds the maximum length, the first 21 characters will be displayed. display dns ipv6 server Syntax display dns ipv6 server [ dynamic ] View Any view...
Page 359: Display Ipv6 Fib
display ipv6 fib Syntax display ipv6 fib [ slot-number ] [ ipv6-address ] View Any view Default Level 1: Monitor level Parameters ipv6-address: Displays the IPv6 FIB entries for an IPv6 address. slot-number: Displays the IPv6 forwarding information base (FIB) entries of a specified device in an IRF.
Page 360: Display Ipv6 Host
Field Flag Label Tunnel ID TimeStamp Interface display ipv6 host Syntax display ipv6 host View Any view Default Level 1: Monitor level Parameters None Description Use the display ipv6 host command to display the mappings between host names and IPv6 addresses in the static domain name resolution table.
Page 361: Display Ipv6 Interface
Field Flag indicating the type of mapping between a host name and an IPv6 Flags address. Static indicates a static mapping. IPv6Address IPv6 address of a host display ipv6 interface Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ verbose ] View Any view Default Level...
Page 362 InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: Table 12-5 display ipv6 interface verbose command output description (on a switch) Field Vlan-interface2 current state Line protocol current state Description Physical state of the interface: Administratively DOWN: Indicates that the VLAN interface is administratively down;...
Page 363 Field IPv6 is enabled link-local address Global unicast address(es) Joined group address(es) ND DAD is enabled, number of DAD attempts ND reachable time ND retransmit interval Hosts use stateless autoconfig for addresses InReceives InTooShorts InTruncatedPkts InHopLimitExceeds InBadHeaders InBadOptions ReasmReqds ReasmOKs InFragDrops InFragTimeouts OutFragFails...
Page 364 Field InTooBigErrors OutFragOKs OutFragCreates InMcastPkts InMcastNotMembers OutMcastPkts InAddrErrors InDiscards OutDiscards # Display the brief IPv6 information of all interfaces for which IPv6 addresses can be configured. <Sysname> display ipv6 interface *down: administratively down (s): spoofing Interface Vlan-interface1 Vlan-interface2 Vlan-interface100 Table 12-6 display ipv6 interface command output description Field *down: The interface is down, that is, the interface is closed by using the shutdown...
Page 365: Display Ipv6 Neighbors
Field Link protocol state of the interface: Protocol IPv6 address of the interface. Only the first of configured IPv6 addresses is IPv6 Address displayed. (If no address is configured for the interface, “Unassigned” will be displayed.) display ipv6 neighbors Syntax display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ | { begin | exclude | include } regular-expression ] View...
Page 366: Display Ipv6 Neighbors Count
You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Related commands: ipv6 neighbor, reset ipv6 neighbors. Examples # Display all neighbor information. <Sysname> display ipv6 neighbors all Type: S-Static IPv6 Address FE80::200:5EFF:FE32:B800 Table 12-7 display ipv6 neighbors command output description Field IPv6 Address Link-layer...
Page 367: Display Ipv6 Pathmtu
Parameters all: Displays the total number of all neighbor entries, including neighbor entries acquired dynamically and configured statically. dynamic: Displays the total number of all neighbor entries acquired dynamically. static: Displays the total number of neighbor entries configured statically. slot slot-number: Displays the total number of neighbor entries of a specified device in an IRF. If no IRF is formed, the total number of neighbor entries of the current device is displayed only.
Page 368: Display Ipv6 Socket
<Sysname> display ipv6 pathmtu all IPv6 Destination Address fe80::12 2222::3 Table 12-8 display ipv6 pathmtu command output description Field IPv6 Destination Address ZoneID PathMTU Type display ipv6 socket Syntax display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] [ slot slot-number ] View Any view Default Level...
Page 369 SOCK_STREAM: Task = VTYD(14), socketid = 4, Proto = 6, LA = ::->22, FA = ::->0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID, socket state = SS_PRIV SS_ASYNC Task = VTYD(14), socketid = 3, Proto = 6, LA = ::->23, FA = ::->0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,...
Page 370: Display Ipv6 Statistics
Field sb_cc rb_cc socket option socket state display ipv6 statistics Syntax display ipv6 statistics [ slot slot-number ] View Any view Default Level 1: Monitor level Parameters slot slot-number: Displays statistics of IPv6 packets and ICMPv6 packets on a specified device in an IRF.
Page 371 reassembly timeout: 0 ICMPv6 protocol: Sent packets: Total: unreached: hopcount exceeded: parameter problem: echo request: neighbor solicit: router solicit: 0 redirected: Send failed: ratelimited: Received packets: Total: checksum error: 0 bad code: unreached: hopcount exceeded: parameter problem: echoed: neighbor solicit: router solicit: 0 redirected: unknown info type:...
Page 372 Field Received packets: Total: local host: 0 hopcount exceeded: format error: 0 option error: protocol error: 0 fragments: reassembled: 0 reassembly failed: 0 reassembly timeout: 0 ICMPv6 protocol: Sent packets: Total: unreached: 0 too big: hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 0 echo replied:...
Page 373: Display Tcp Ipv6 Statistics
Field Received packets: Total: checksum error: bad code unreached: hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 unknown error type: echoed: neighbor solicit: router solicit: redirected: router renumbering 0 unknown info type: Deliver failed: bad length: display tcp ipv6 statistics Syntax display tcp ipv6 statistics View...
Page 374 Total: 0 packets in sequence: 0 (0 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 0 (0 bytes)
Page 375 Table 12-11 display tcp ipv6 statistics command output description Field Received packets: Total: 0 packets in sequence: window probe packets: window update packets: 0 checksum error: offset error: short error: duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: packets with data after window: bytes)
Page 376: Display Tcp Ipv6 Status
Field dropped initiated dropped display tcp ipv6 status Syntax display tcp ipv6 status View Any view Default Level 1: Monitor level Parameters None Description Use the display tcp ipv6 command to display the IPv6 TCP connection status, including IP address of the IPv6 TCP control block, local and peer IPv6 addresses, and status of the IPv6 TCP connection.
Page 377: Display Udp Ipv6 Statistics
Field State display udp ipv6 statistics Syntax display udp ipv6 statistics View Any view Default Level 1: Monitor level Parameters None Description Use the display udp ipv6 statistics command to display the statistics of IPv6 UDP packets. You can use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets. Examples # Display the statistics information of IPv6 UDP packets.
Page 378: Dns Server Ipv6
Table 12-13 display udp ipv6 statistics command output description Field Total checksum error shorter than header data length larger than packet unicast(no socket on port) broadcast/multicast(no socket on port) not delivered, input socket full input packet missing pcb cache dns server ipv6 Syntax dns server ipv6 ipv6-address [ interface-type interface-number ] undo dns server ipv6 ipv6-address [ interface-type interface-number ]...
Page 379: Ipv6
ipv6 Syntax ipv6 undo ipv6 View System view Default Level 2: System level Parameters None Description Use the ipv6 command to enable IPv6. Use the undo ipv6 command to disable IPv6. By default, IPv6 is disabled. Examples # Enable IPv6. <Sysname>...
Page 380: Ipv6 Address Auto Link-Local
By default, no site-local address or global unicast address is configured for an interface. Note that except the link-local address automatically configured, all IPv6 addresses will be removed from the interface if you carry out the undo ipv6 address command without any parameter specified. Examples # Set the aggregatable global IPv6 unicast address of VLAN-interface 100 to 2001::1 with prefix length Method I:...
Page 381: Ipv6 Address Eui-64
aggregatable global unicast address configured, the interface still has a link-local address. If the interface has no IPv6 site-local address or aggregatable global unicast address configured, it will have no link-local address. Manual assignment takes precedence over automatic generation. That is, if you first adopt automatic generation and then manual assignment, the manually assigned link-local address will overwrite the automatically generated one.
Page 382: Ipv6 Address Link-Local
Examples # Configure an IPv6 address in the EUI-64 format for VLAN-interface 100. The prefix length of the address is the same as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device. <Sysname>...
Page 383: Ipv6 Hoplimit-Expires Enable
ipv6 hoplimit-expires enable Syntax ipv6 hoplimit-expires enable undo ipv6 hoplimit-expires View System view Default Level 2: System level Parameters None Description Use the ipv6 hoplimit-expires enable command to enable the sending of ICMPv6 time exceeded packets. Use the undo ipv6 hoplimit-expires command to disable the sending of ICMPv6 time exceeded packets.
Page 384: Ipv6 Icmp-Error
ipv6-address: IPv6 address. Description Use the ipv6 host command to configure the mappings between host names and IPv6 addresses. Use the undo ipv6 host command to remove the mappings between host names and IPv6 addresses. Each host name can correspond to only one IPv6 address. Related commands: display ipv6 host.
Page 385: Ipv6 Nd Autoconfig Managed-Address-Flag
undo ipv6 icmpv6 multicast-echo-reply View System view Default Level 2: System level Parameters None Description Use the ipv6 icmpv6 multicast-echo-reply enable command to enable the sending of multicast echo replies. Use the undo ipv6 icmpv6 multicast-echo-reply command to disable the sending of multicast echo replies.
Page 386: Ipv6 Nd Autoconfig Other-Flag
Examples # Configure the host to acquire an IPv6 address through stateful autoconfiguration. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag Syntax ipv6 nd autoconfig other-flag undo ipv6 nd autoconfig other-flag View Interface view Default Level 2: System level Parameters...
Page 387: Ipv6 Nd Hop-Limit
Default Level 2: System level Parameters value: Number of attempts to send an NS message for DAD, in the range of 0 to 600. The default value is “1”. When it is set to 0, DAD is disabled. Description Use the ipv6 nd dad attempts command to configure the number of attempts to send an NS message for DAD.
Page 388: Ipv6 Nd Ns Retrans-Timer
ipv6 nd ns retrans-timer Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer View Interface view Default Level 2: System level Parameters value: Interval for retransmitting an NS message in milliseconds, in the range of 1,000 to 4,294,967,295. Description Use the ipv6 nd ns retrans-timer command to set the interval for retransmitting an NS message.
Page 389: Ipv6 Nd Ra Halt
Description Use the ipv6 nd nud reachable-time command to configure the neighbor reachable time on an interface. This time value serves as not only the neighbor reachable time on the local interface, but also the value of the Reachable Timer field in RA messages sent by the local interface. Use the undo ipv6 nd nud reachable-time command to restore the default neighbor reachable time and to specify the value of the Reachable Timer field in RA messages as 0, so that the number of hops is determined by the requesting device itself.
Page 390: Ipv6 Nd Ra Interval
ipv6 nd ra interval Syntax ipv6 nd ra interval max-interval-value min-interval-value undo ipv6 nd ra interval View Interface view Default Level 2: System level Parameters max-interval-value: Maximum interval for advertising RA messages in seconds, in the range of 4 to 1,800.
Page 391: Ipv6 Nd Ra Router-Lifetime
View Interface view Default Level 2: System level Parameters ipv6-address: IPv6 address or IPv6 address prefix. prefix-length: Prefix length of the IPv6 address. ipv6-prefix: IPv6 address prefix. valid-lifetime: Valid lifetime of a prefix in seconds, in the range of 0 to 4,294,967,295. preferred-lifetime: Preferred lifetime of a prefix used for stateless autoconfiguration in seconds, in the range of 0 to 4,294,967,295.
Page 392: Ipv6 Neighbor
Parameters value: Router lifetime in seconds, in the range of 0 to 9,000. When it is set to 0, the device does not serve as the default router. Description Use the ipv6 nd ra router-lifetime command to configure the router lifetime in RA messages. Use the undo ipv6 nd ra router-lifetime command to restore the default.
Page 393: Ipv6 Neighbors Max-Learning-Num
If the first method is used, the neighbor entry is in the INCMP state. After the device obtains the corresponding Layer 2 port information through resolution, the neighbor entry will go into the REACH state. If the second method is used, the corresponding VLAN interface must exist and the port specified by port-type port-number must belong to the VLAN specified by vlan-id.
Page 394: Ipv6 Pathmtu
ipv6 pathmtu Syntax ipv6 pathmtu ipv6-address [ value ] undo ipv6 pathmtu ipv6-address View System view Default Level 2: System level Parameters ipv6-address: IPv6 address. value: PMTU of a specified IPv6 address in bytes. It ranges from 1280 to 10000. Description Use the ipv6 pathmtu command to configure a static PMTU for a specified IPv6 address.
Page 395: Reset Dns Ipv6 Dynamic-Host
By default, the aging time is 10 minutes. Note that the aging time is invalid for a static PMTU. Related commands: display ipv6 pathmtu. Examples # Set the aging time for a dynamic PMTU to 40 minutes. <Sysname> system-view [Sysname] ipv6 pathmtu age 40 reset dns ipv6 dynamic-host Syntax reset dns ipv6 dynamic-host...
Page 396: Reset Ipv6 Pathmtu
Parameters all: Clears static and dynamic neighbor information on all interfaces. dynamic: Clears dynamic neighbor information on all interfaces. interface interface-type interface-number: Clears dynamic neighbor information on a specified interface. slot slot-number: Clears dynamic neighbor information on a specified device in an IRF. If no IRF is formed, only the dynamic neighbor information of the current device is cleared.
Page 397: Reset Ipv6 Statistics
reset ipv6 statistics Syntax reset ipv6 statistics [ slot slot-number ] View User view Default Level 2: System level Parameters slot slot number: Clears the statistics of IPv6 packets and ICMPv6 packets on a specified device in an IRF. If no IRF is formed, related information on the current device is cleared only. The slot-number argument indicates the member ID of the device.
Page 398: Reset Udp Ipv6 Statistics
<Sysname> reset tcp ipv6 statistics reset udp ipv6 statistics Syntax reset udp ipv6 statistics View User view Default Level 2: System level Parameters None Description Use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets. You can use the display udp ipv6 statistics command to display the statistics of IPv6 UDP packets.
Page 399: Tcp Ipv6 Timer Syn-Timeout
<Sysname> system-view [Sysname] tcp ipv6 timer fin-timeout 800 tcp ipv6 timer syn-timeout Syntax tcp ipv6 timer syn-timeout wait-time undo tcp ipv6 timer syn-timeout View System view Default Level 2: System level Parameters wait-time: Length of the synwait timer for IPv6 TCP connections in seconds, in the range of 2 to 600. Description Use the tcp ipv6 timer syn-timeout command to set the synwait timer for IPv6 TCP connections Use the undo tcp ipv6 timer syn-timeout command to restore the default.
Page 400 By default, the size of the IPv6 TCP send/receive buffer is 8 KB. Examples # Set the size of the IPv6 TCP send/receive buffer to 4 KB. <Sysname> system-view [Sysname] tcp ipv6 window 4 12-44...
Page 401: Sflow Configuration Commands
sFlow Configuration Commands sFlow Configuration Commands display sflow Syntax display sflow [slot slot-number ] View Any view Default Level 2: System level Parameters slot slot-number: Displays the sFlow configuration information of the specified IRF member device. The slot-number argument is the member number of the device in the IRF, which you can display with the display irf command.
Page 402: Sflow Agent Ip
Field sFlow Global Information Agent Collector Interval(s) sFlow Port Information Interface Direction Rate Mode Status sflow agent ip Syntax sflow agent ip ip-address undo sflow agent ip View System view Default Level 2: System level Parameters ip-address: IP address of the sFlow agent. Description Use the sflow agent ip command to configure the IP address of the sFlow agent.
Page 403: Sflow Collector Ip
sFlow does not work if the sFlow agent has no IP address configured, or the IP address of the sFlow agent is removed. Examples # Configure the IP address of the sFlow agent. <Sysname> system-view [Sysname] sflow agent ip 10.10.10.1 sflow collector ip Syntax sflow collector ip ip-address [ port portnum ]...
Page 404: Sflow Interval
undo sflow enable { inbound | outbound } View Ethernet port view Default Level 2: System level Parameters inbound: Samples inbound packets. outbound: Samples outbound packets. Description Use the sflow enable command to enable sFlow in the inbound or outbound direction on the port. Use the undo sflow enable command to disable sFlow in the inbound or outbound direction on the port.
Page 405: Sflow Sampling-Mode
By default, the packet sampling mode is random. Note that this command should be used after sFlow is enabled on the current port. Currently, the determine mode is not supported on Switch 4510G Family. Examples # Configure the interface to sample a fixed number of inbound packets.
Page 406: Sflow Sampling-Rate
sflow sampling-rate Syntax sflow sampling-rate rate undo sflow sampling-rate View Ethernet port view Default Level 2: System level Parameters rate: Number of packets, in the range of 1000 to 500000. Description Use the sflow sampling-rate command to specify the number of packets out of which the interface will sample a packet.
Page 407 1 IP Routing Table Commands····················································································································1-1 IP Routing Table Commands··················································································································1-1 display ip routing-table·····················································································································1-1 display ip routing-table acl···············································································································1-4 display ip routing-table ip-address···································································································1-7 display ip routing-table ip-prefix·······································································································1-9 display ip routing-table protocol·····································································································1-10 display ip routing-table statistics····································································································1-11 display ipv6 routing-table···············································································································1-12 display ipv6 routing-table acl ·········································································································1-13 display ipv6 routing-table ipv6-address ·························································································1-14 display ipv6 routing-table ipv6-address1 ipv6-address2 ·······························································1-15 display ipv6 routing-table ipv6-prefix ·····························································································1-16...
Page 408 rip default-route ·····························································································································3-17 rip input··········································································································································3-18 rip metricin ·····································································································································3-19 rip metricout···································································································································3-20 rip mib-binding ·······························································································································3-21 rip output········································································································································3-21 rip poison-reverse··························································································································3-22 rip split-horizon ······························································································································3-22 rip summary-address·····················································································································3-23 rip version ······································································································································3-24 silent-interface (RIP view) ·············································································································3-25 summary········································································································································3-26 timers ·············································································································································3-26 validate-source-address ················································································································3-27 version ···········································································································································3-28 4 IPv6 Static Routing Configuration Commands ······················································································4-1 IPv6 Static Routing Configuration Commands ·······················································································4-1 delete ipv6 static-routes all··············································································································4-1 ipv6 route-static ·······························································································································4-2...
Page 409 if-match interface ·····························································································································6-4 if-match tag······································································································································6-5 route-policy ······································································································································6-6 IPv4 Route Policy Configuration Commands··························································································6-7 apply ip-address next-hop ···············································································································6-7 display ip ip-prefix····························································································································6-7 if-match acl ······································································································································6-8 if-match ip ········································································································································6-9 if-match ip-prefix ····························································································································6-10 ip ip-prefix ······································································································································6-10 reset ip ip-prefix ·····························································································································6-12 IPv6 Route Policy Configuration Commands························································································6-12 apply ipv6 next-hop ·······················································································································6-12 display ip ipv6-prefix ······················································································································6-13 if-match ipv6 ··································································································································6-14...
Page 410: Ip Routing Table Commands
IP Routing Table Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing Table Commands display ip routing-table Syntax display ip routing-table [ verbose | | { begin | exclude | include } regular-expression ]...
Page 411 Use the display ip routing-table verbose command to display detailed information about all routes in the routing table. This command displays detailed information about all active and inactive routes, including the statistics of the entire routing table and information for each route. Examples # Display brief information about active routes in the routing table.
Page 412 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Destination: 127.0.0.0/8 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Destination: 127.0.0.1/32 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Displayed first are statistics for the whole routing table, followed by detailed description of each route...
Page 413: Display Ip Routing-Table Acl
Field Route status: Active Delete Gateway Holddown NoAdv State NotInstall Reject Static Unicast Inactive Invalid WaitQ TunE GotQ Time for which the route has been in the routing table, in the sequence of hour, minute, and second from left to right. Route tag display ip routing-table acl Syntax...
Page 414: Ip Routing Volume
Default Level 1: Monitor level Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. verbose: Displays detailed routing table information, including that for inactive routes. With this argument absent, the command displays only brief information about active routes. Description Use the display ip routing-table acl command to display information about routes permitted by a specified basic ACL.
Page 415 Summary Count: 6 Destination: 10.1.1.0/24 Protocol: Direct Preference: 0 NextHop: 10.1.1.2 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active Adv Tag: 0 Destination: 10.1.1.2/32 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 Destination: 10.1.2.0/24 Protocol: Direct Preference: 0 NextHop: 10.1.2.1...
Page 416: Display Ip Routing-Table Ip-Address
Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0 For the description of the command output above, see display ip routing-table ip-address Syntax display ip routing-table ip-address [ mask-length | mask ] [ longer-match ] [ verbose ] display ip routing-table ip-address1 { mask-length | mask } ip-address2 { mask-length | mask } [ verbose ] View...
Page 417 display ip routing-table ip-address longer-match The system ANDs the input destination IP address with the subnet mask in each route entry; and ANDs the destination IP address in each route entry with its corresponding subnet mask. If the two operations yield the same result for multiple entries that are active, the one with longest mask length is displayed.
Page 418: Display Ip Routing-Table Ip-Prefix
# Display route entries by specifying a destination IP address and mask and the longer-match keyword. [Sysname] display ip routing-table 11.1.1.1 24 longer-match Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost 11.1.1.0/24 Static 60 For detailed description of the above output, see # Display route entries for destination addresses in the range 1.1.1.0 to 5.5.5.0.
Page 419: Display Ip Routing-Table Protocol
# Display brief information about active routes permitted by the prefix list test. [Sysname] display ip routing-table ip-prefix test Routes Matched by Prefix list : test Summary Count : 2 Destination/Mask Proto Pre Cost 2.2.2.0/24 Direct 0 2.2.2.1/32 Direct 0 For detailed description of the above output, see # Display detailed information about both active and inactive routes permitted by IP prefix list test.
Page 420: Display Ip Routing-Table Statistics
inactive: Displays information about only inactive routes. With this argument absent, the command displays information about both active and inactive routes. verbose: Displays detailed routing table information. With this argument absent, the command displays brief routing table information. Description Use the display ip routing-table protocol command to display routing information of a specified routing protocol.
Page 421: Display Ipv6 Routing-Table
View Any view Default Level 1: Monitor level Parameters None Description Use the display ip routing-table statistics command to display the route statistics of the routing table. Examples # Display route statistics in the routing table. <Sysname> display ip routing-table statistics Proto route active...
Page 422: Display Ipv6 Routing-Table Acl
Parameters None Description Use the display ipv6 routing-table command to display brief routing table information, including destination IP address and prefix, protocol type, priority, metric, next hop and outbound interface. The command displays only active routes, namely, the brief information about the current optimal routes.
Page 423: Display Ipv6 Routing-Table Ipv6-Address
Description Use the display ipv6 routing-table acl command to display routing information permitted by the IPv6 ACL. If the specified IPv6 ACL is not available, all routing information is displayed. Examples # Display brief routing information permitted by ACL 2000. <Sysname>...
Page 424: Display Ipv6 Routing-Table Ipv6-Address1 Ipv6-Address2
If the two operations yield the same result for an entry and the entry is active with a prefix length less than or equal to the input prefix length, the entry is displayed. Only route entries that exactly match the input destination address and prefix length are displayed. display ipv6 routing-table ipv6-address prefix-length longer-match The system ANDs the input destination IPv6 address with the input prefix length;...
Page 425: Display Ipv6 Routing-Table Ipv6-Prefix
Parameters ipv6-address1/ipv6-address2: An IPv6 address range from IPv6 address1 to IPv6 address2. prefix-length1/prefix-length2: Prefix length, in the range 0 to 128. verbose: Displays both active and inactive verbose routing information. Without this keyword, only brief active routing information is displayed. Description Use the display ipv6 routing-table ipv6-address1 ipv6-address2 command to display routes with destinations falling into the specified IPv6 address range.
Page 426: Display Ipv6 Routing-Table Protocol
Description Use the display ipv6 routing-table ipv6-prefix command to display routes permitted by the IPv6 prefix list. Examples # Display brief active routing information permitted by the IPv6 prefix list test2. <Sysname> display ipv6 routing-table ipv6-prefix test2 Routes Matched by Prefix list test2 : Summary Count : 1 Destination: 100::/64 NextHop...
Page 427: Display Ipv6 Routing-Table Statistics
Destination: ::1/128 NextHop : ::1 Interface : InLoop0 Direct Routing Table's Status : < Inactive > Summary Count : 0 Refer to Table 1-4 for description about the above output. display ipv6 routing-table statistics Syntax display ipv6 routing-table statistics View Any view Default Level 1: Monitor level...
Page 428: Display Ipv6 Routing-Table Verbose
display ipv6 routing-table verbose Syntax display ipv6 routing-table verbose View Any view Default Level 1: Monitor level Parameters None Description Use the display ipv6 routing-table verbose command to display detailed information about all active and inactive routes, including the statistics of the entire routing table and information for each route. Examples # Display detailed information about all active and inactive routes.
Page 429: Reset Ip Routing-Table Statistics Protocol
Field Protocol State of the route, Active, Inactive, Adv (advertised), or NoAdv (not State advertised) Cost Cost of the route Tunnel ID Tunnel ID Label Label Time that has elapsed since the route was generated reset ip routing-table statistics protocol Syntax reset ip routing-table statistics protocol { protocol | all } View...
Page 430 Parameters protocol: Clears statistics for the routing protocol, which can be direct, ripng, or static. all: Clears statistics for all IPv6 routing protocols. Description Use the reset ipv6 routing-table statistics command to clear the route statistics of the routing table. Examples # Clear statistics for all routing protocols.
Page 431: Static Routing Configuration Commands
Static Routing Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Static Routing Configuration Commands delete static-routes all Syntax delete static-routes all View System view Default Level 2: System level Parameters None.
Page 432: Ip Route-Static
ip route-static Syntax ip route-static dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] | interface-type interface-number next-hop-address] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] undo ip route-static dest-address { mask | mask-length } [ next-hop-address | interface-type interface-number [ next-hop-address ] ] [ preference preference-value ] View System view...
Page 433: Ip Route-Static Default-Preference
Related commands: display ip routing-table, ip route-static default-preference. To configure track monitoring for an existing static route, simply associate the static route with a track entry. For a non-existent static route, configure it and associate it with a Track entry. If a static route needs route recursion, the associated track entry must monitor the nexthop of the recursive route instead of that of the static route;...
Page 434 Examples # Set the default preference of static routes to 120. <Sysname> system-view [Sysname] ip route-static default-preference 120...
Page 435: Rip Configuration Commands
RIP Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. RIP Configuration Commands checkzero Syntax checkzero undo checkzero View RIP view Default Level 2: System level Parameters None Description Use the checkzero command to enable the zero field check on RIPv1 messages.
Page 436: Default Cost (Rip View)
default cost (RIP view) Syntax default cost value undo default cost View RIP view Default Level 2: System level Parameters value: Default metric of redistributed routes, in the range of 0 to 16. Description Use the default cost command to configure the default metric for redistributed routes. Use the undo default cost command to restore the default.
Page 437: Display Rip
Description Use the default-route originate cost command to configure all the interfaces under the RIP process to advertise a default route with the specified metric to RIP neighbors. Use the undo default-route command to disable all the interfaces under the RIP process from sending a default route.
Page 438 Maximum number of balanced paths : 1 Update time 30 sec(s) Timeout time Suppress time : 120 sec(s) Garbage-collect time : 120 sec(s) update output delay : TRIP retransmit time : TRIP response packets retransmit count : Silent interfaces : None Default routes : Only Default route cost : 3 Verify-source : Enabled Networks :...
Page 439: Display Rip Database
Field Default route cost Verify-source Networks Configured peers Triggered updates sent Number of routes changes Number of replies to queries display rip database Syntax display rip process-id database View Any view Default Level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. Description Use the display rip database command to display active routes in the database of the specified RIP process, which are sent in normal RIP routing updates.
Page 440: Display Rip Interface
Field Rip-interface imported display rip interface Syntax display rip process-id interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. interface-type interface-number: Specifies an interface. Description Use the display rip interface command to display the RIP interface information of the RIP process.
Page 441: Display Rip Route
Field MetricOut MetricOut route policy Split-horizon Poison-reverse Input/Output Current packets number/Maximum packets number display rip route Syntax display rip process-id route [ ip-address { mask | mask-length } | peer ip-address | statistics ] View Any view Default Level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535.
Page 442 34.0.0.0/8 21.0.0.23 # Display routing information for network 56.0.0.0/8 of RIP process 1. <Sysname> display rip 1 route 56.0.0.0 8 Route Flags: R-RIP, T-TRIP P-Permanent, A-Aging, S-Suppressed, G-Garbage-collect -------------------------------------------------------------------------- Peer 21.0.0.23 on Vlan-interface1 Destination/Mask NextHop 56.0.0.0/8 21.0.0.23 # Display RIP process1 routing information learned from the specified neighbor. <Sysname>...
Page 443: Filter-Policy Export (Rip View)
Table 3-5 display rip route statistics command output description Field Peer IP address of a neighbor Aging Total number of aging routes learned from the specified neighbor Permanent Total number of permanent routes learned from the specified neighbor Total number of routes in the garbage-collection state learned from the specified Garbage neighbor Total...
Page 444: Filter-Policy Import (Rip View)
Related commands: acl, import-route, and ip ip-prefix. Examples # Reference ACL 2000 to filter outbound routes. <Sysname> system-view [Sysname] rip 1 [Sysname-rip-1] filter-policy 2000 export # Reference IP prefix list abc to filter outbound routes on Vlan-interface1. [Sysname-rip-1] filter-policy ip-prefix abc export Vlan-interface 1 filter-policy import (RIP view) Syntax filter-policy { acl-number | gateway ip-prefix-name | ip-prefix ip-prefix-name [ gateway...
Page 445: Host-Route
host-route Syntax host-route undo host-route View RIP view Default Level 2: System level Parameters None Description Use the host-route command to enable host route reception. Use the undo host-route command to disable host route reception. By default, receiving host routes is enabled. In some cases, a router may receive many host routes from the same network segment.
Page 446: Network
Default Level 2: System level Parameters protocol: Specifies a routing protocol from which to redistribute routes. At present, it can be direct, rip, or static. process-id: Process ID, in the range of 1 to 65535. The default is 1. It is available only when the protocol is rip.
Page 447: Output-Delay
Default Level 2: System level Parameters network-address: IP address of a network segment, which can be the IP network address of any interface. Description Use the network command to enable RIP on the interface attached to the specified network. Use the undo network command to disable RIP on the interface attached to the specified network. RIP is disabled on an interface by default.
Page 448: Peer
By default, an interface sends up to three RIP packets every 20 milliseconds. Examples # Configure all the interfaces under RIP process 1 to send up to 10 RIP packets every 30 milliseconds. <Sysname> system-view [Sysname] rip 100 [Sysname-rip-1] output-delay 30 output-count 10 peer Syntax peer ip-address...
Page 449: Reset Rip Statistics
View RIP view Default Level 2: System level Parameters route-policy-name: Routing policy name with 1 to 19 characters. value: Priority for RIP route, in the range of 1 to 255. The smaller the value, the higher the priority. Description Use the preference command to specify the RIP route priority. Use the undo preference route-policy command to restore the default.
Page 450: Rip
Examples # Clear statistics in RIP process 100. <Sysname> reset rip 100 statistics Syntax rip [ process-id ] undo rip [ process-id ] View System view Default Level 2: System level Parameters process-id: RIP process ID, in the range of 1 to 65535. The default is 1. Description Use the rip command to create a RIP process and enter RIP view.
Page 451: Rip Default-Route
Parameters md5: MD5 authentication mode. rfc2453: Uses the message format defined in RFC 2453 (IETF standard). rfc2082: Uses the message format defined in RFC 2082. key-id: MD5 key number, in the range of 1 to 255. key-string: MD5 key string with 1 to 16 characters in plain text format, or 1 to 24 characters in cipher text format.
Page 452: Rip Input
Description Use the rip default-route command to configure the RIP interface to advertise a default route with the specified metric. Use the undo rip default-route command to disable the RIP interface from sending a default route. By default, a RIP interface can advertise a default route if the RIP process is configured with default route advertisement.
Page 453: Rip Metricin
<Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] undo rip input rip metricin Syntax rip metricin [ route-policy route-policy-name ] value undo rip metricin View Interface view Default Level 2: System level Parameters route-policy route-policy-name: Specifies the name of a routing policy used to add an additional metric for the routes matching it.
Page 454: Rip Metricout
[Sysname-route-policy] apply cost 6 [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] rip metricin route-policy abc 2 rip metricout Syntax rip metricout [ route-policy route-policy-name ] value undo rip metricout View Interface view Parameters value: Additional metric of sent routes, in the range of 1 to 16. Description Use the rip metricout command to add a metric to sent routes.
Page 455: Rip Mib-Binding
rip mib-binding Syntax rip mib-binding process-id undo rip mib-binding View System view Default Level 2: System level Parameters process-id: RIP process ID, in the range of 1 to 65535. Description Use the rip mib-binding command to bind MIB operations with a specified RIP process, so that the RIP process can receive SNMP requests.
Page 456: Rip Poison-Reverse
Use the undo rip output command to disable the interface from sending RIP messages. Sending RIP messages is enabled on an interface by default. Related commands: rip input. Examples # Disable VLAN-interface 10 from receiving RIP messages. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] undo rip output rip poison-reverse Syntax...
Page 457: Rip Summary-Address
Default Level 2: System level Parameters None Description Use the rip split-horizon command to enable the split horizon function. Use the undo rip split-horizon command to disable the split horizon function. The split horizon function is enabled by default. The split horizon function is necessary for preventing routing loops. Therefore, you are not recommended to disable it.
Page 458: Rip Version
Description Use the rip summary-address command to configure RIPv2 to advertise a summary route through the interface. Use the undo rip summary-address command to remove the configuration. Note that the summary address is valid only when the automatic summarization is disabled. Related commands: summary.
Page 459: Silent-Interface (Rip View)
Send RIPv2 broadcast messages Receive RIPv1 broadcast messages Receive RIPv1 unicast messages Receive RIPv2 broadcast messages Receive RIPv2 multicast messages Receive RIPv2 unicast messages When RIPv2 runs on the interface in multicast mode, the interface will: Send RIPv2 multicast messages Receive RIPv2 broadcast messages Receive RIPv2 multicast messages Receive RIPv2 unicast messages...
Page 460: Summary
[Sysname-rip-100] network 131.108.0.0 summary Syntax summary undo summary View RIP view Default Level 2: System level Parameters None Description Use the summary command to enable automatic RIPv2 summarization. Natural masks are used to advertise summary routes so as to reduce the size of routing tables. Use the undo summary command to disable automatic RIPv2 summarization so that all subnet routes can be broadcast.
Page 461: Validate-Source-Address
Parameters garbage-collect-value: Garbage-collect timer time in seconds, in the range of 1 to 3600. suppress-value: Suppress timer time in seconds, in the range of 0 to 3600. timeout-value: Timeout timer time in seconds, in the range of 1 to 3600. update-value: Update timer time in seconds, in the range of 1 to 3600.
Page 462: Version
Default Level 2: System level Parameters None Description Use the validate-source-address command to enable the source IP address validation on incoming RIP routing updates. Use the undo validate-source-address command to disable the source IP address validation. The source IP address validation is enabled by default. RIP checks whether the source IP address of the packet is on the same network segment as the interface IP address;...
Page 463 If an interface has an RIP version specified, the RIP version takes precedence over the global RIP version. If no RIP version is specified for the interface and the global version is RIPv1, the interface inherits RIPv1, and it can send RIPv1 broadcasts, and receive RIPv1 broadcasts and unicasts. If no RIP version is specified for the interface and the global version is RIPv2, the interface operates in the RIPv2 multicast mode, and it can send RIPv2 multicasts, and receive RIPv2 broadcasts, multicasts and unicasts.
Page 464: Ipv6 Static Routing Configuration Commands
IPv6 Static Routing Configuration Commands Throughout this chapter, the term “router” refers to a router in a generic sense or a Layer 3 switch running routing protocols. IPv6 Static Routing Configuration Commands delete ipv6 static-routes all Syntax delete ipv6 static-routes all...
Page 465: Ipv6 Route-Static
ipv6 route-static Syntax ipv6 route-static ipv6-address prefix-length [ interface-type interface-number ] nexthop-address [ preference preference-value ] undo ipv6 route-static [ nexthop-address ] [ preference preference-value ] View System view Default Level 2: System level Parameters ipv6-address prefix-length: IPv6 address and prefix length. interface-type interface-number: Interface type and interface number of the output interface.
Page 466: Ripng Configuration Commands
RIPng Configuration Commands The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. RIPng Configuration Commands checkzero Syntax checkzero undo checkzero View RIPng view Default Level 2: System level Parameters None Description Use the checkzero command to enable the zero field check on RIPng packets.
Page 467: Default Cost (Ripng View)
default cost (RIPng view) Syntax default cost cost undo default cost View RIPng view Default Level 2: System level Parameters cost: Default metric of redistributed routes, in the range of 0 to 16. Description Use the default cost command to specify the default metric of redistributed routes. Use the undo default cost command to restore the default.
Page 468: Display Ripng Database
Description Use the display ripng command to display the running status and configuration information of a RIPng process. If process-id is not specified, information of all RIPng processes will be displayed. Examples # Display the running status and configuration information of all configured RIPng processes. <Sysname>...
Page 469 Parameters process-id: RIPng process ID, in the range of 1 to 65535. Description Use the display ripng database command to display all active routes in the advertising database of the specified RIPng process, which are sent in normal RIPng update messages. Examples # Display the active routes in the database of RIPng process 100.
Page 470: Display Ripng Interface
display ripng interface Syntax display ripng process-id interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. interface-type interface-number: Specifies an interface. Description Use the display ripng interface command to display the interface information of the RIPng process. If no interface is specified, information about all interfaces of the RIPng process will be displayed.
Page 471: Display Ripng Route
Field Default route Summary address The summarized IPv6 prefix and the summary IPv6 prefix on the interface display ripng route Syntax display ripng process-id route View Any view Default Level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. Description Use the display ripng route command to display all RIPng routes and timers associated with each route of a RIPng process.
Page 472: Filter-Policy Export
Table 5-4 display ripng route command output description Field Peer Dest cost “A” “S” “G” filter-policy export Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol [ process-id ] ] undo filter-policy export [ protocol [ process-id ] ] View RIPng view Default Level...
Page 473: Filter-Policy Import (Ripng View)
Examples # Use IPv6 prefix list Filter 2 to filter advertised RIPng updates. <Sysname> system-view [Sysname] ripng 100 [Sysname-ripng-100] filter-policy ipv6-prefix Filter2 export filter-policy import (RIPng view) Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import undo filter-policy import View RIPng view Default Level 2: System level...
Page 474: Preference
Default Level 2: System level Parameters protocol: Specifies a routing protocol from which to redistribute routes. Currently, it can be direct or static. process-id: Process ID, in the range of 1 to 65535. The default is 1.This argument is available only when the protocol is ripng.
Page 475: Ripng
Use the undo preference route-policy command to restore the default. By default, the priority of a RIPng route is 100. Using the route-policy keyword can set a priority for routes filtered in by the routing policy: If a priority is set in the routing policy, the priority applies to matched routes, and the priority set by the preference command applies to routes not matched.
Page 476: Ripng Default-Route
ripng default-route Syntax ripng default-route { only | originate } [ cost cost ] undo ripng default-route View Interface view Default Level 2: System level Parameters only: Indicates that only the IPv6 default route (::/0) is advertised through the interface. originate: Indicates that the IPv6 default route (::/0) is advertised without suppressing other routes.
Page 477: Ripng Metricin
Default Level 2: System level Parameters process-id: RIPng process ID, in the range of 1 to 65535. Description Use the ripng enable command to enable RIPng on the specified interface. Use the undo ripng enable command to disable RIPng on the specified interface. By default, RIPng is disabled on an interface.
Page 478: Ripng Metricout
ripng metricout Syntax ripng metricout value undo ripng metricout View Interface view Default Level 2: System level Parameters value: Additional metric to advertised routes, in the range of 1 to 16. Description Use the ripng metricout command to configure an additional metric for RIPng routes advertised by an interface.
Page 479: Ripng Split-Horizon
Use the undo rip poison-reverse command to disable the poison reverse function. By default, the poison reverse function is disabled. Examples Enable the poison reverse function for RIPng update messages on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ripng poison-reverse ripng split-horizon Syntax ripng split-horizon...
Page 480: Ripng Summary-Address
[Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ripng split-horizon ripng summary-address Syntax ripng summary-address ipv6-address prefix-length undo ripng summary-address ipv6-address prefix-length View Interface view Default Level 2: System level Parameters ipv6-address: Destination IPv6 address of the summary route. prefix-length: Prefix length of the destination IPv6 address of the summary route, in the range of 0 to 128.
Page 481 Default Level 2: System level Parameters garbage-collect-value: Interval of the garbage-collect timer in seconds, in the range of 1 to 86400. suppress-value: Interval of the suppress timer in seconds, in the range of 0 to 86400. timeout-value: Interval of the timeout timer in seconds, in the range of 1 to 86400. update-value: Interval of the update timer in seconds, in the range of 1 to 86400.
Page 482: Route Policy Configuration Commands
Route Policy Configuration Commands The common configuration commands of route policy are applicable to both IPv4 and IPv6. Common Route Policy Configuration Commands apply cost Syntax apply cost [ + | - ] value undo apply cost View Route policy view Default Level 2: System level Parameters...
Page 483: Apply Preference
[Sysname-route-policy] apply cost 120 apply preference Syntax apply preference preference undo apply preference View Route policy view Default Level 2: System level Parameters preference: Routing protocol preference, in the range of 1 to 255. Description Use the apply preference command to set a preference for a routing protocol. Use the undo apply preference command to remove the clause configuration.
Page 484: Display Route-Policy
Parameters value: Tag value, in the range 0 to 4294967295. Description Use the apply tag command to set a specified tag value for RIP routing information. Use the undo apply tag command to remove the clause configuration. No routing tag is set for RIP routing information by default. Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip-address next-hop, apply cost.
Page 485: If-Match Cost
Table 6-1 display route-policy command output description. Field Route-policy Permit if-match ip-prefix abc apply cost 120 if-match cost Syntax if-match cost value undo if-match cost View Route policy view Default Level 2: System level Parameters cost: Cost in the range 0 to 4294967295. Description Use the if-match cost command to match routing information having the specified cost.
Page 486: If-Match Tag
View Route policy view Default Level 2: System level Parameters interface-type: Interface type interface-number: Interface number &<1-16>: Indicates the argument before it can be entered up to 16 times. Description Use the if-match interface command to specify interface(s) for matching against the outbound interface of routing information.
Page 487: Route-Policy
Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, route-policy, apply ip-address next-hop, apply cost, apply tag. Examples # Configure node 10 in permit mode of route policy policy1 to permit RIP routing information with a tag of 8.
Page 488: Ipv4 Route Policy Configuration Commands
Examples # Configure node 10 in permit mode of route policy policy1 and enter route policy view. <Sysname> system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] IPv4 Route Policy Configuration Commands apply ip-address next-hop Syntax apply ip-address next-hop ip-address undo apply ip-address next-hop View Route policy view Default Level...
Page 489: If-Match Acl
View Any view Default Level 1: Monitor level Parameters ip-prefix-name: IP prefix list name, a string of 1 to 19 characters. Description Use the display ip ip-prefix command to display the statistics of an IPv4 prefix list. If no ip-prefix-name is specified, statistics for all IPv4 prefix lists will be displayed. Related commands: ip ip-prefix.
Page 490: If-Match Ip
Default Level 2: System level Parameters acl-number: ACL number from 2000 to 3999. Description Use the if-match acl command to configure an ACL match criterion. Use the undo if-match acl command to remove the match criterion. No ACL match criterion is configured by default. Related commands: if-match interface, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip-address next-hop, apply cost, apply tag.
Page 491: If-Match Ip-Prefix
Examples # Configure node 10 of route policy policy1 to permit routing information whose next hop address matches IP prefix list p1. <Sysname> system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match ip next-hop ip-prefix p1 if-match ip-prefix Syntax if-match ip-prefix ip-prefix-name undo if-match ip-prefix View Route policy view...
Page 492 Default Level 2: System level Parameters ip-prefix-name: IPv4 prefix list name, a string of 1 to 19 characters. index-number: Index number, in the range 1 to 65535, for uniquely specifying an item of the IPv4 prefix list. An index with a smaller number is matched first. permit: Specifies the matching mode for the IPv4 prefix list item as permit, that is, if a route matches the item, the route passes the IPv4 prefix list without needing to match against the next item;...
Page 493: Reset Ip Ip-Prefix
reset ip ip-prefix Syntax reset ip ip-prefix [ ip-prefix-name ] View User view Default Level 2: System level Parameters ip-prefix-name: IP prefix list name, a string of 1 to 19 characters. Description Use the reset ip ip-prefix command to clear the statistics of a specified IPv4 prefix list. If no ip-prefix-name is specified, the statistics of all IPv4 prefix lists will be cleared.
Page 494: Display Ip Ipv6-Prefix
Examples # Configure node 10 of route policy policy1 to set next hop 3ff3:506::1 for IPv6 routing information matching exsting ACL 2000. <Sysname> system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match acl 2000 [Sysname-route-policy] apply ipv6 next-hop 3ffe:506::1 display ip ipv6-prefix Syntax display ip ipv6-prefix [ ipv6-prefix-name ] View...
Page 495: If-Match Ipv6
Field if-match ipv6 Syntax if-match ipv6 { address | next-hop | route-source } { acl acl6-number | prefix-list ipv6-prefix-name } undo if-match ipv6 { address | next-hop | route-source } [ acl | prefix-list ] View Route policy view Default Level 2: System level Parameters address: Matches the destination address of IPv6 routing information.
Page 496 undo ip ipv6-prefix ipv6-prefix-name [ index index-number ] View System view Default Level 2: System level Parameters ipv6-prefix-name: IPv6 prefix list name, a string of 1 to 19 characters, for uniquely specifying an IPv6 prefix list. index-number: Index number, in the range 1 to 65535, for uniquely specifying an IPv6 prefix list item. An item with a smaller index-number will be matched first.
Page 497: Reset Ip Ipv6-Prefix
<Sysname> system-view [Sysname] ip ipv6-prefix abc permit :: 0 greater-equal 32 less-equal 64 # Deny IPv6 addresses with the prefix being 3FFE:D00::/32, and prefix length being greater than or equal to 32 bits. <Sysname> system-view [Sysname] ip ipv6-prefix abc deny 3FEE:D00:: 32 less-equal 128 reset ip ipv6-prefix Syntax reset ip ipv6-prefix [ ipv6-prefix-name ]...
Page 498 1 IGMP Snooping Configuration Commands ····························································································1-1 IGMP Snooping Configuration Commands·····························································································1-1 display igmp-snooping group ··········································································································1-1 display igmp-snooping statistics······································································································1-2 fast-leave (IGMP-Snooping view)····································································································1-3 group-policy (IGMP-Snooping view)································································································1-4 host-aging-time (IGMP-Snooping view) ··························································································1-5 igmp-snooping ·································································································································1-6 igmp-snooping drop-unknown ·········································································································1-6 igmp-snooping enable ·····················································································································1-7 igmp-snooping fast-leave ················································································································1-8 igmp-snooping general-query source-ip··························································································1-9 igmp-snooping group-limit ···············································································································1-9 igmp-snooping group-policy ··········································································································1-10 igmp-snooping host-aging-time ·····································································································1-11...
Page 499 3 MLD Snooping Configuration Commands ······························································································3-1 MLD Snooping Configuration Commands ······························································································3-1 display mld-snooping group ············································································································3-1 display mld-snooping statistics········································································································3-2 fast-leave (MLD-Snooping view) ·····································································································3-3 group-policy (MLD-Snooping view) ·································································································3-4 host-aging-time (MLD-Snooping view) ····························································································3-5 last-listener-query-interval (MLD-Snooping view) ···········································································3-6 max-response-time (MLD-Snooping view) ······················································································3-7 mld-snooping ···································································································································3-7 mld-snooping enable ·······················································································································3-8 mld-snooping fast-leave ··················································································································3-9 mld-snooping general-query source-ip····························································································3-9...
Page 500: Igmp Snooping Configuration Commands
IGMP Snooping Configuration Commands IGMP Snooping Configuration Commands display igmp-snooping group Syntax display igmp-snooping group [ vlan vlan-id ] [ slot slot-number ] [ verbose ] View Any view Default Level 1: Monitor level Parameters vlan vlan-id: Displays the IGMP Snooping multicast group information in the specified VLAN, where vlan-id is in the range of 1 to 4094.
Page 501: Display Igmp-Snooping Statistics
Router port(s):total 1 port. GE1/0/1 IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.1): Attribute: Host port(s):total 1 port. GE1/0/2 MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 1 port. GE1/0/2 Table 1-1 display igmp-snooping group command output description Field Total 1 IP Group(s).
Page 502: Fast-Leave (Igmp-Snooping View)
Parameters None Description Use the display igmp-snooping statistics command to view the statistics information of IGMP messages learned by IGMP Snooping. Examples # View the statistics information of IGMP messages learned by IGMP Snooping. <Sysname> display igmp-snooping statistics Received IGMP general queries:0. Received IGMPv1 reports:0.
Page 503: Group-Policy (Igmp-Snooping View)
Description Use the fast-leave command to enable fast leave processing globally. With this function enabled, when the switch receives an IGMP leave message on a port, it directly removes that port from the multicast forwarding entry of the specific group.
Page 504: Host-Aging-Time (Igmp-Snooping View)
vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID. The effective range of a VLAN ID is 1 to 4094.
Page 505: Igmp-Snooping
Use the undo host-aging-time command to restore the default setting. By default, the aging time of dynamic member ports is 260 seconds. This command works on IGMP Snooping–enabled VLANs. Related commands: igmp-snooping host-aging-time. Examples # Set the aging time of dynamic member ports globally to 300 seconds. <Sysname>...
Page 506: Igmp-Snooping Enable
View VLAN view Default Level 2: System level Parameters None Description Use the igmp-snooping drop-unknown command to enable the function of dropping unknown multicast data in the current VLAN,so that such multicast data will only be forwarded to router ports. Use the undo igmp-snooping drop-unknown command to disable the function of dropping unknown multicast data in the current VLAN.
Page 507: Igmp-Snooping Fast-Leave
Use the igmp-snooping fast-leave command to enable fast leave processing on the current port or group of ports. With this function enabled, when the switch receives an IGMP leave message on a port, it directly removes that port from the multicast forwarding entry of the specific group.
Page 508: Igmp-Snooping General-Query Source-Ip
Examples # Enable fast leave processing on GigabitEthernet1/0/1 in VLAN 2. <Sysname> system-view [Sysname] interface gigabitethernet1/0/1 [Sysname-GigabitEthernet1/0/1] igmp-snooping fast-leave vlan 2 igmp-snooping general-query source-ip Syntax igmp-snooping general-query source-ip { current-interface | ip-address } undo igmp-snooping general-query source-ip View VLAN view Default Level 2: System level Parameters...
Page 509: Igmp-Snooping Group-Policy
View Ethernet port view, Layer 2 aggregate port view, port group view Default Level 2: System level Parameters limit: Maximum number of multicast groups that can be joined on a port. The effective range is 1 to 1000. vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.
Page 510: Igmp-Snooping Host-Aging-Time
Parameters acl-number: Basic or advanced ACL number, in the range of 2000 to 3999. The source address or address range specified in the advanced ACL rule is used to match the multicast source address(es) specified in IGMPv3 reports, rather than the source address in the IP packets. The system assumes that an IGMPv1 or IGMPv2 report or an IGMPv3 IS_EX and TO_EX report that does not carry a multicast source address carries a multicast source address of 0.0.0.0.
Page 511: Igmp-Snooping Host-Join
undo igmp-snooping host-aging-time View VLAN view Default Level 2: System level Parameters interval: Dynamic member port aging time, in seconds. The effective range is 200 to 1,000. Description Use the igmp-snooping host-aging-time command to configure the aging time of dynamic member ports in the current VLAN.
Page 512: Igmp-Snooping Last-Member-Query-Interval
Description Use the igmp-snooping host-join command to configure the current port(s) as simulated member host(s), namely configure the current port as a member host for the specified multicast group or source and group. Use the undo igmp-snooping host-join command to remove the current port(s) as simulated member host(s) for the specified multicast group or source and group.
Page 513: Igmp-Snooping Max-Response-Time
Description Use the igmp-snooping last-member-query-interval command to configure the interval between IGMP last-member queries in the VLAN. Use the undo igmp-snooping last-member-query-interval command to restore the default setting. By default, the IGMP last-member query interval is 1 second. This command takes effect only if IGMP Snooping is enabled in the VLAN. Related commands: last-member-query-interval.
Page 514: Igmp-Snooping Overflow-Replace
igmp-snooping overflow-replace Syntax igmp-snooping overflow-replace [ vlan vlan-list ] undo igmp-snooping overflow-replace [ vlan vlan-list ] View Ethernet port view, Layer 2 aggregate port view, port group view Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.
Page 515: Ip Multicast Volume
undo igmp-snooping querier View VLAN view Default Level 2: System level Parameters None Description Use the igmp-snooping querier command to enable the IGMP Snooping querier function. Use the undo igmp-snooping querier command to disable the IGMP Snooping querier function. By default, the IGMP Snooping querier function is disabled. Note that: This command takes effect only if IGMP Snooping is enabled in the VLAN.
Page 516: Igmp-Snooping Router-Aging-Time
By default, the IGMP general query interval is 60 seconds. This command takes effect only if IGMP Snooping is enabled in the VLAN. Related commands: max-response-time. Examples # Set the interval between IGMP general queries to 20 seconds in VLAN 2. <Sysname>...
Page 517: Igmp-Snooping Special-Query Source-Ip
View Ethernet port view, port group view Default Level 2: System level Parameters None Description Use the igmp-snooping source-deny command to enable multicast source port filtering. Use the undo igmp-snooping source-deny command to disable multicast source port filtering. By default, multicast source port filtering is disabled. This command works on IGMP Snooping–enabled VLANs.
Page 518: Igmp-Snooping Static-Group
This command takes effect only if IGMP Snooping is enabled in the VLAN. Examples # In VLAN 2 specify 10.1.1.1 as the source IP address of IGMP group-specific queries. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping special-query source-ip 10.1.1.1 igmp-snooping static-group Syntax igmp-snooping static-group group-address [ source-ip source-address ] vlan vlan-id undo igmp-snooping static-group group-address [ source-ip source-address ] vlan vlan-id...
Page 519: Igmp-Snooping Static-Router-Port
<Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] igmp-snooping enable [Sysname-vlan2] igmp-snooping version 3 [Sysname-vlan2] quit [Sysname] interface gigabitethernet1/0/1 [Sysname-GigabitEthernet1/0/1] igmp-snooping static-group 232.1.1.1 source-ip 1.1.1.1 vlan igmp-snooping static-router-port Syntax igmp-snooping static-router-port vlan vlan-id undo igmp-snooping static-router-port vlan vlan-id View Ethernet port view, Layer 2 aggregate port view, port group view Default Level...
Page 520: Igmp-Snooping Version
igmp-snooping version Syntax igmp-snooping version version-number undo igmp-snooping version View VLAN view Default Level 2: System level Parameters version-number: IGMP snooping version, in the range of 2 to 3. Description Use the igmp-snooping version command to configure the IGMP Snooping version. Use the undo igmp-snooping version command to restore the default setting.
Page 521: Max-Response-Time (Igmp-Snooping View)
Parameters interval: Interval between IGMP last-member queries, in seconds. The effective range is 1 to 5. Description Use the last-member-query-interval command to configure the interval between IGMP last-member queries globally. Use the undo last-member-query-interval command to restore the default setting. By default, the interval between IGMP last-member queries is 1 second.
Page 522: Overflow-Replace (Igmp-Snooping View)
overflow-replace (IGMP-Snooping view) Syntax overflow-replace [ vlan vlan-list ] undo overflow-replace [ vlan vlan-list ] View IGMP-Snooping view Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.
Page 523: Reset Igmp-Snooping Group
Default Level 2: System level Parameters None Description Use the report-aggregation command to enable IGMP report suppression. Use the undo report-aggregation command to disable IGMP report suppression. By default, IGMP report suppression is enabled. This command works on IGMP Snooping–enabled VLANs. Examples # Disable IGMP report suppression.
Page 524: Reset Igmp-Snooping Statistics
reset igmp-snooping statistics Syntax reset igmp-snooping statistics View User view Default Level 2: System level Parameters None Description Use the reset igmp-snooping statistics command to clear the statistics information of IGMP messages learned by IGMP Snooping. Examples # Clear the statistics information of all kinds of IGMP messages learned by IGMP Snooping. <Sysname>...
Page 525: Source-Deny (Igmp-Snooping View)
<Sysname> system-view [Sysname] igmp-snooping [Sysname-igmp-snooping] router-aging-time 100 source-deny (IGMP-Snooping view) Syntax source-deny port interface-list undo source-deny port interface-list View IGMP-Snooping view Default Level 2: System level Parameters interface-list: Specifies one or multiple ports. You can provide up to ten port lists, by each of which you can specify an individual port in the form of interface-type interface-number, or a port range in the form of interface-type start-interface-number to interface-type end-interface-number, where the end interface number must be greater than the start interface number.
Page 526: Multicast Vlan Configuration Commands
Multicast VLAN Configuration Commands Multicast VLAN Configuration Commands display multicast-vlan Syntax display multicast-vlan [ vlan-id ] View Any view Default Level 1: Monitor level Parameters vlan-id: VLAN ID of a multicast VLAN, in the range of 1 to 4094. If this argument is not provided, the information about all multicast VLANs will be displayed.
Page 527: Multicast-Vlan
multicast-vlan Syntax multicast-vlan vlan-id undo multicast-vlan { all | vlan-id } View System view Default Level 2: System level Parameters vlan-id: Specifies a VLAN by its ID, in the range of 1 to 4094. all: Deletes all multicast VLANs. Description Use the multicast-vlan command to configure the specified VLAN as a multicast VLAN and enter multicast VLAN view.
Page 528: Port Multicast-Vlan
undo port { all | interface-list } View Multicast VLAN view Default Level 2: System level Parameters interface-list: Specifies a port in the form of interface-type interface-number, or a port range in the form of interface-type start-interface-number to interface-type end-interface-number, where the end interface number must be greater than the start interface number.
Page 529: Subvlan (Multicast Vlan View)
Description Use the port multicast-vlan command to assign the current port(s) to the specified multicast VLAN. Use the undo port multicast-vlan command to restore the system default. By default, a port does not belong to any multicast VLAN. Note that a port can belong to only one multicast VLAN. Examples # Assign GigabitEthernet1/0/1 to multicast VLAN 100.
Page 530 [Sysname-mvlan-100] subvlan 10 to 15...
Page 531: Mld Snooping Configuration Commands
MLD Snooping Configuration Commands MLD Snooping Configuration Commands display mld-snooping group Syntax display mld-snooping group [ vlan vlan-id ] [ slot slot-number ] [ verbose ] View Any view Default Level 1: Monitor level Parameters vlan vlan-id: Displays the MLD Snooping multicast group information in the specified VLAN, where vlan-id is in the range of 1 to 4094.
Page 532: Display Mld-Snooping Statistics
Total 1 MAC Group(s). Router port(s):total 1 port. GE1/0/1 IP group(s):the following ip group(s) match to one mac group. IP group address:FF1E::101 (::, FF1E::101): Attribute: Host Port Host port(s):total 1 port. GE1/0/2 MAC group(s): MAC group address:3333-0000-0101 Host port(s):total 1 port. GE1/0/2 Table 3-1 display mld-snooping group command output description Field...
Page 533: Fast-Leave (Mld-Snooping View)
Parameters None Description Use the display mld-snooping statistics command to view the statistics information of MLD messages learned by MLD Snooping. Examples # View the statistics information of all kinds of MLD messages learned by MLD Snooping. <Sysname> display mld-snooping statistics Received MLD general queries:0.
Page 534: Group-Policy (Mld-Snooping View)
Description Use the fast-leave command to enable fast leave processing globally. With this function enabled, when the switch receives an MLD leave message on a port, it directly removes that port from the forwarding table entry for the specific group.
Page 535: Host-Aging-Time (Mld-Snooping View)
vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID. The effective range of a VLAN ID is 1 to 4094.
Page 536: Last-Listener-Query-Interval (Mld-Snooping View)
Description Use the host-aging-time command to configure the aging time of dynamic member ports globally. Use the undo host-aging-time command to restore the default setting. By default, the aging time of dynamic member ports is 260 seconds. This command works on MLD Snooping–enabled VLANs Related commands: mld-snooping host-aging-time.
Page 537: Max-Response-Time (Mld-Snooping View)
max-response-time (MLD-Snooping view) Syntax max-response-time interval undo max-response-time View MLD-Snooping view Default Level 2: System level Parameters interval: Maximum response time for MLD general queries, in units of seconds. The effective range is 1 to 25. Description Use the max-response-time command to configure the maximum response time for MLD general queries globally.
Page 538: Mld-Snooping Enable
Description Use the mld-snooping command to enable MLD Snooping globally and enter MLD-Snooping view. Use the undo mld-snooping command to disable MLD Snooping globally. By default, MLD Snooping is disabled. Related commands: mld-snooping enable. Examples # Enable MLD Snooping globally and enter MLD-Snooping view. <Sysname>...
Page 539: Mld-Snooping Fast-Leave
Use the mld-snooping fast-leave command to enable fast leave processing on the current port or group of ports. With this function enabled, when the switch receives an MLD leave message on a port, it directly removes that port from the forwarding table entry for the specific group.
Page 540: Mld-Snooping Group-Limit
undo mld-snooping general-query source-ip View VLAN view Default Level 2: System level Parameters current-interface: Sets the source IPv6 link-local address of MLD general queries to the IPv6 address of the current VLAN interface. If the current VLAN interface does not have an IPv6 address, the default IPv6 address FE80::02FF:FFFF:FE00:0001 will be used as the source IPv6 address of MLD general queries.
Page 541: Mld-Snooping Group-Policy
to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID. The effective range of a VLAN ID is 1 to 4094. Description Use the mld-snooping group-limit command to configure the maximum number of IPv6 multicast groups that can be joined on a port.
Page 542: Mld-Snooping Host-Aging-Time
Description Use the mld-snooping group-policy command to configure an IPv6 multicast group filter on the current port(s), namely to control the IPv6 multicast groups hosts on the port(s) can join. Use the undo mld-snooping group-policy command to remove the configured IPv6 multicast group filter on the current port(s).
Page 543: Mld-Snooping Host-Join
Description Use the mld-snooping host-aging-time command to configure the aging time of dynamic member ports in the current VLAN. Use the undo mld-snooping host-aging-time command to restore the system default. By default, the dynamic member port aging time is 260 seconds. This command takes effect only if MLD Snooping is enabled in the VLAN.
Page 544: Mld-Snooping Last-Listener-Query-Interval
The source-ip ipv6-source-address option in the command is meaningful only for MLD Snooping version 2. If MLD Snooping version 1 is running, although you can include source-ip ipv6-source-address in your command, the simulated host responses with only an MLDv1 report when receiving a query message.
Page 545: Mld-Snooping Max-Response-Time
Examples # Set the MLD last-listener query interval to 3 seconds in VLAN 2. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] mld-snooping last-listener-query-interval 3 mld-snooping max-response-time Syntax mld-snooping max-response-time interval undo mld-snooping max-response-time View VLAN view Default Level 2: System level Parameters interval: Maximum response time for MLD general queries, in units of seconds.
Page 546: Mld-Snooping Querier
Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.
Page 547: Mld-Snooping Query-Interval
Parameters None Description Use the mld-snooping querier command to enable the MLD Snooping querier function. Use the undo mld-snooping querier command to disable the MLD Snooping querier function. By default, the MLD Snooping querier function is disabled. Note that: This command takes effect only if MLD Snooping is enabled in the VLAN. This command does not take effect in a sub-VLAN of an IPv6 multicast VLAN.
Page 548: Mld-Snooping Router-Aging-Time
Examples # Set the MLD query interval to 20 seconds in VLAN 2. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] mld-snooping query-interval 20 mld-snooping router-aging-time Syntax mld-snooping router-aging-time interval undo mld-snooping router-aging-time View VLAN view Default Level 2: System level Parameters interval: Dynamic router port aging time, in seconds.
Page 549: Mld-Snooping Special-Query Source-Ip
Default Level 2: System level Parameters None Description Use the mld-snooping source-deny command to enable IPv6 multicast source port filtering. Use the undo mld-snooping source-deny command to disable IPv6 multicast source port filtering. By default, IPv6 multicast source port filtering is disabled. Examples # Enable source port filtering for IPv6 multicast data on GigabitEthernet 1/0/1.
Page 550: Mld-Snooping Static-Group
Examples # In VLAN 2, specify FE80:0:0:1::1 as the source IPv6 address of MLD multicast-address-specific queries. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] mld-snooping special-query source-ip fe80:0:0:1::1 mld-snooping static-group Syntax mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id undo mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id View Ethernet port view, Layer 2 aggregate port view, port group view Default Level...
Page 551: Mld-Snooping Static-Router-Port
Examples # Configure GigabitEthernet 1/0/1 in VLAN 2 to be a static member port for (2002::22, FF3E::101). <Sysname> system-view [Sysname] mld-snooping [Sysname-mld-snooping] quit [Sysname] vlan 2 [Sysname-vlan2] mld-snooping enable [Sysname-vlan2] mld-snooping version 2 [Sysname-vlan2] quit [Sysname] interface gigabitethernet 1/0/1 [Sysname- GigabitEthernet 1/0/1] mld-snooping static-group ff3e::101 source-ip 2002::22 vlan mld-snooping static-router-port Syntax mld-snooping static-router-port vlan vlan-id...
Page 552: Mld-Snooping Version
Examples # Enable the static router port function on GigabitEthernet 1/0/1 in VLAN 2. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname- GigabitEthernet 1/0/1] mld-snooping static-router-port vlan 2 mld-snooping version Syntax mld-snooping version version-number undo mld-snooping version View VLAN view Default Level 2: System level Parameters version-number: MLD snooping version, in the range of 1 to 2.
Page 553: Report-Aggregation (Mld-Snooping View)
View MLD-Snooping view Default Level 2: System level Parameters vlan vlan-list: Defines one or multiple VLANs. You can provide up to 10 VLAN lists, by each of which you can specify an individual VLAN in the form of vlan-id, or a VLAN range in the form of start-vlan-id to end-vlan-id, where the end VLAN ID must be greater than the start VLAN ID.
Page 554: Reset Mld-Snooping Group
Description Use the mld-snooping report-aggregation command to enable MLD report suppression. Use the undo mld-snooping report-aggregation command to disable MLD report suppression. By default, MLD report suppression is enabled. This command works on MLD Snooping–enabled VLANs. Examples # Disable MLD report suppression. <Sysname>...
Page 555: Router-Aging-Time (Mld-Snooping View)
View User view Default Level 2: System level Parameters None Description Use the reset mld-snooping statistics command to clear the statistics information of MLD messages learned by MLD Snooping. Examples # Clear the statistics information of all kinds of MLD messages learned by MLD Snooping. <Sysname>...
Page 556: Source-Deny (Mld-Snooping View)
source-deny (MLD-Snooping view) Syntax source-deny port interface-list undo source-deny port interface-list View MLD-Snooping view Default Level 2: System level Parameters interface-list: Port list. You can specify multiple ports or port ranges by providing the this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] }, where interface-type is port type and interface-number is port number.
Page 557: Ipv6 Multicast Vlan Configuration Commands
IPv6 Multicast VLAN Configuration Commands IPv6 Multicast VLAN Configuration Commands display multicast-vlan ipv6 Syntax display multicast-vlan ipv6 [ vlan-id ] View Any view Default Level 1: Monitor level Parameters vlan-id: VLAN ID of an IPv6 multicast VLAN, in the range of 1 to 4094. If this argument is not provided, the information about all IPv6 multicast VLANs will be displayed.
Page 558: Multicast-Vlan Ipv6
multicast-vlan ipv6 Syntax multicast-vlan ipv6 vlan-id undo multicast-vlan ipv6 { all | vlan-id } View System view Default Level 2: System level Parameters vlan-id: Specifies a VLAN by its ID, in the range of 1 to 4094. all: Deletes all IPv6 multicast VLANs. Description Use the multicast-vlan ipv6 command to configure the specified VLAN as an IPv6 multicast VLAN and enter IPv6 multicast VLAN view.
Page 559: Port (Ipv6 Multicast Vlan View)
port (IPv6 multicast VLAN view) Syntax port interface-list undo port { all | interface-list } View IPv6 multicast VLAN view Default Level 2: System level Parameters interface-list: Specifies a port in the form of interface-type interface-number, or a port range in the form of interface-type start-interface-number to interface-type end-interface-number, where the end interface number must be greater than the start interface number.
Page 560: Subvlan (Ipv6 Multicast Vlan View)
Parameters vlan-id: VLAN ID of the IPv6 multicast VLAN you want to assign the current port(s) to, in the range of 1 to 4094. Description Use the port multicast-vlan ipv6 command to assign the current port(s) to the specified IPv6 multicast VLAN.
Page 561 Examples # Configure VLAN 10 through VLAN 15 as sub-VLANs of IPv6 multicast VLAN 100. <Sysname> system-view [Sysname] multicast-vlan ipv6 100 [Sysname-ipv6-mvlan-100] subvlan 10 to 15...
Page 562 1 QoS Policy Configuration Commands ····································································································1-1 Commands for Defining Classes ············································································································1-1 display traffic classifier·····················································································································1-1 if-match············································································································································1-2 traffic classifier·································································································································1-5 Traffic Behavior Configuration Commands ·····························································································1-6 accounting ·······································································································································1-6 car····················································································································································1-6 display traffic behavior·····················································································································1-8 filter ··················································································································································1-9 redirect·············································································································································1-9 remark dot1p ·································································································································1-10 remark drop-precedence ···············································································································1-11 remark dscp···································································································································1-11 remark ip-precedence····················································································································1-13 remark local-precedence ···············································································································1-13 traffic behavior ·······························································································································1-14 QoS Policy Configuration Commands ··································································································1-15...
Page 563 Line Rate Configuration Commands·······································································································3-2 display qos lr interface·····················································································································3-2 qos lr outbound································································································································3-3 4 Congestion Management Configuration Commands ············································································4-1 Congestion Management Configuration Commands··············································································4-1 display qos sp interface ···················································································································4-1 display qos wfq interface ·················································································································4-1 display qos wrr interface··················································································································4-2 qos bandwidth queue ······················································································································4-4 qos sp ··············································································································································4-4 qos wfq ············································································································································4-5 qos wfq weight·································································································································4-6 qos wrr ·············································································································································4-6...
Page 564: Qos Policy Configuration Commands
QoS Policy Configuration Commands Commands for Defining Classes display traffic classifier Syntax display traffic classifier user-defined [ classifier-name ] View Any view Default Level 1: Monitor level Parameters classifier-name: Class name. Description Use the display traffic classifier command to display the information about a class. If no class name is provided, this command displays the information about all the user-defined classes.
Page 565: If-Match
0 to 7. Even though you can provide up to eight space-separated CoS values for this argument, the Switch 4510G series switches support only one CoS value in a rule. If you configure multiple CoS values in a rule, the rule cannot be issued.
Page 566 1-4. Even though you can provide up to eight space-separated DSCP values for this argument, the Switch 4510G series switches support only one DSCP value in a rule. If you configure multiple DSCP values in a rule, the rule cannot be issued.
Page 567 Suppose the logical relationship between classification rules is and. Note the following when using the if-match command to define matching rules. If multiple matching rules with the acl or acl ipv6 keyword specified are defined in a class, the actual logical relationship between these rules is or when the policy is applied. If multiple matching rules with the customer-vlan-id or service-vlan-id keyword specified are defined in a class, the actual logical relationship between these rules is or when the policy is applied.
Page 568: Traffic Classifier
<Sysname> system-view [Sysname] traffic classifier class8 [Sysname-classifier-class8] if-match protocol ip # Define a rule for class9 to match the packets with the customer network 802.1p precedence 2. <Sysname> system-view [Sysname] traffic classifier class9 [Sysname-classifier-class9] if-match customer-dot1p 2 # Define a rule for class10 to match the packets with the service provider network 802.1p precedence <Sysname>...
Page 569: Traffic Behavior Configuration Commands
Examples # Create a class named class 1. <Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] Traffic Behavior Configuration Commands accounting Syntax accounting undo accounting View Traffic behavior view Default Level 2: System Level Parameters None Description Use the accounting command to configure the traffic accounting action for a traffic behavior. Use the undo accounting command to remove the traffic accounting action.
Page 570 Parameters cir committed-information-rate: Specifies the committed information rate (CIR) in kbps. The committed-information-rate argument ranges from 64 to 32000000 and must be a multiple of 64. committed-burst-size: committed-burst-size argument ranges from 4000 to 16000000, the default is 4000. ebs excess-burst-size: Specifies excess burst size (EBS) in bytes. The excess-burst-size argument ranges from 0 to 16000000, the default is 4000.
Page 571: Display Traffic Behavior
[Sysname] traffic behavior database [Sysname-behavior-database] car cir 6400 red discard display traffic behavior Syntax display traffic behavior user-defined [ behavior-name ] View Any view Default Level 1: Monitor level Parameters behavior-name: Name of a user defined traffic behavior. Description Use the display traffic behavior command to display the information about a user defined traffic behavior.
Page 572: Filter
Field Green Action Red Action Yellow Action filter Syntax filter { deny | permit } undo filter View Traffic behavior view Default Level 2: System Level Parameters deny: Drops packets. permit: Forwards packets. Description Use the filter command to configure traffic filtering action for a traffic behavior. Use the undo filter command to remove the traffic filtering action.
Page 573: Remark Dot1P
Default Level 2: System Level Parameters cpu: Redirects traffic to the CPU. interface interface-type interface-number: Redirects traffic to an interface identified by its type and number. Description Use the redirect command to configure traffic redirecting action for a traffic behavior. Use the undo redirect command to remove the traffic redirecting action.
Page 574: Remark Drop-Precedence
<Sysname> system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark dot1p 2 remark drop-precedence Syntax remark drop-precedence drop-precedence-value undo remark drop-precedence View Traffic behavior view Default Level 2: System Level Parameters drop-precedence-value: Drop precedence to be set for packets, in the range 0 to 2. Description Use the remark drop-precedence command to configure the action of setting drop precedence for a traffic behavior.
Page 575 Table 1-4 DSCP keywords and values Keyword default af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 Description Use the remark dscp command to configure the action of setting DSCP precedence for a traffic behavior. Use the undo remark dscp command to remove the action of setting DSCP precedence. Related commands: qos policy, traffic behavior, classifier behavior.
Page 576: Remark Ip-Precedence
remark ip-precedence Syntax remark ip-precedence ip-precedence-value undo remark ip-precedence View Traffic behavior view Default Level 2: System Level Parameters ip-precedence-value: IP precedence to be set for packets, in the range of 0 to 7. Description Use the remark ip-precedence command to configure the action of setting IP precedence for a traffic behavior.
Page 577: Traffic Behavior
Use the undo remark local-precedence command to remove the action of remarking local precedence. Note that, when the remark dot1p command is used together with the remark local-precedence command, the 802.1p precedence to be set for packets must be the same as the local precedence to be set for packets.
Page 578: Qos Policy Configuration Commands
QoS Policy Configuration Commands classifier behavior Syntax classifier classifier-name behavior behavior-name undo classifier classifier-name View Policy view Default Level 2: System Level Parameters classifier-name: Name of an existing class, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a class name.
Page 579: Display Qos Policy Global
Parameters policy-name: Policy name, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a policy name. If no policy is specified, the configuration of all user defined policies is displayed. classifier-name: Name of a class in the policy, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a class name.
Page 580 Parameters inbound: Displays the QoS policy applied globally in the inbound direction of all ports. slot slot-number: Displays the global QoS policy configuration of the specified device in the IRF. If the slot-number argument is not specified, the global QoS policy configuration of all devices in the IRF is displayed.
Page 581: Display Qos Policy Interface
Field Green Action Red Action Yellow Action Green display qos policy interface Syntax display qos policy interface [ interface-type interface-number ] [ inbound ] View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. inbound: Specifies the inbound direction. Description Use the display qos policy interface command to display the configuration and statistics information about the policy applied on a port.
Page 582: Display Qos Vlan-Policy
Green Action: pass Red Action: discard Yellow Action: pass Green : 0(Packets) Table 1-7 display qos policy interface command output description Field Interface Direction Policy Classifier Operator Rule(s) Behavior display qos vlan-policy Syntax display qos vlan-policy { name policy-name | vlan [ vlan-id ] } [ slot slot-number ] [ inbound ] View Any view Default Level...
Page 583 Policy test Vlan 300: inbound Table 1-8 display qos vlan-policy command output description Field Policy Vlan 300 inbound # Display the information about the VLAN policy applied to VLAN 300. <Sysname> display qos vlan-policy vlan 300 Vlan 300 Direction: Inbound Policy: test Classifier: test Operator: AND...
Page 584: Qos Apply Policy
Field Green Action Red Action Yellow Action Green qos apply policy Syntax qos apply policy policy-name inbound undo qos apply policy inbound View Ethernet interface view, port group view Default Level 2: System Level Parameters inbound: Specifies the inbound direction. policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters.
Page 585: Qos Policy
Default Level 2: System Level Parameters policy-name: Policy name, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a QoS policy name. inbound: Applies the QoS policy to the incoming packets on all ports. Description Use the qos apply policy global command to apply a QoS policy globally. A QoS policy applied globally takes effect on all inbound traffic depending on the direction in which the policy is applied.
Page 586: Qos Vlan-Policy
qos vlan-policy Syntax qos vlan-policy policy-name vlan vlan-id-list inbound undo qos vlan-policy vlan vlan-id-list inbound View System view Default Level 2: System Level Parameters policy-name: Policy name, a case-sensitive string of 1 to 31 characters. No spaces are allowed in a policy name.
Page 587: Reset Qos Vlan-Policy
Parameters inbound: Specifies the inbound direction. Description Use the reset qos vlan-policy command to clear the statistics of a global QoS policy. If no direction is specified, all global QoS policy statistics are cleared. Examples # Clear the statistics of the global QoS policy in the inbound direction. <Sysname>...
Page 588: Priority Mapping Configuration Commands
Priority Mapping Configuration Commands Priority Mapping Table Configuration Commands display qos map-table Syntax display qos map-table [ dot1p-dp | dot1p-lp | dscp-dot1p | dscp-dp | dscp-dscp ] View Any view Default Level 1: Monitor level Parameters dot1p-lp: Specifies the 802.1p precedence-to-local precedence mapping table. dot1p-dp: Specifies the 802.1p precedence-to-drop precedence mapping table.
Page 589: Qos Map-Table
Table 2-1 display qos map-table command output description Field MAP-TABLE NAME TYPE IMPORT EXPORT qos map-table Syntax qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p | dscp-dp | dscp-dscp } View System view Default Level 2: System Level Parameters dot1p-lp: Specifies the 802.1p precedence-to-local precedence mapping table. dot1p-dp: Specifies the 802.1p precedence-to-drop precedence mapping table.
Page 590: Port Priority Configuration Commands
Default Level 2: System Level Parameters import-value-list: List of input parameters, in the range of 0 to 7. export-value: Output parameter in the mapping table, in the range of 0 to 2. all: Removes all the parameters in the priority mapping table. Description Use the import command to configure entries for a priority mapping table, that is, to define one or more mapping rules.
Page 591: Port Priority Trust Mode Configuration Commands
Note that, if a port receives packets without an 802.1q tag, the switch takes the priority of the receiving port as the 802.1p precedence of the packets and then searches the dot1p-dp/lp mapping table for the local/drop precedence for the packets according to the priority of the receiving port.
Page 592: Qos Trust
Field Port priority trust type qos trust Syntax qos trust { dot1p | dscp } undo qos trust View Ethernet interface view, port group view Default Level 2: System Level Parameters dscp: Specifies to trust DSCP precedence carried in the packet and adopt this priority for priority mapping.
Page 593: Traffic Shaping Configuration Commands
Traffic Shaping and Line Rate Configuration Commands Traffic Shaping Configuration Commands display qos gts interface Syntax display qos gts interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos gts interface command to display traffic shaping configuration information.
Page 594: Qos Gts
qos gts Syntax qos gts queue queue-number cir committed-information-rate [ cbs committed-burst-size ] undo qos gts queue queue-number View Ethernet interface view, port group view Default Level 2: System level Parameters queue queue-number: Specifies a queue by its number, which ranges from 0 to 7. cir committed-information-rate: Specifies the committed information rate (CIR) in kbps, which must be a multiple of 64, and CIR ranges from 64 to 16777216.
Page 595: Qos Lr Outbound
View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos lr interface command to display the line rate configuration information of the specified port or all ports if no port is specified. Examples # Display the line rate configuration and statistics information of all the interfaces.
Page 596 GigabitEthernet port: 64 to 1000000 Ten-GigabitEthernet port: 64 to 10000000 Note that the committed-information-rate argument must be a multiple of 64. cbs committed-burst-size: Specifies the committed burst size in bytes. The committed-burst-size argument ranges from 4000 to 16000000. If the cbs keyword is not used, the system uses the default committed burst size, that is, 62.5 ms x committed-information-rate, or 16000000 if the multiplication is more than 16000000.
Page 597: Congestion Management Configuration Commands
Congestion Management Configuration Commands Congestion Management Configuration Commands display qos sp interface Syntax display qos sp interface [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos sp interface command to display the strict priority (SP) queuing configuration on a specified port.
Page 598: Display Qos Wrr Interface
Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos wfq interface command to display the configuration of Weighted Fair Queuing (WFQ) queues of a port. If no port number is specified, the command displays the configurations of WFQ queues of all ports. Related commands: qos wfq.
Page 599 View Any view Default Level 1: Monitor level Parameters interface-type: Port type. interface-number: Port number. Description Use the display qos wrr interface command to display the configuration of weighted round robin (WRR) queues of a port. If no port number is specified, the command displays the configurations of WRR queues of all ports. Related commands: qos wrr.
Page 600: Qos Bandwidth Queue
qos bandwidth queue Syntax qos bandwidth queue queue-id min bandwidth-value undo qos bandwidth queue queue-id [ min bandwidth-value ] View Ethernet interface view, port group view Default Level 2: System level Parameters queue-id: Queue ID, in the range of 0 to 7. bandwidth-value: Minimum guaranteed bandwidth (in kbps), that is, the minimum bandwidth guaranteed for a queue when the port is congested.
Page 601: Qos Wfq
Default Level 2: System Level Parameters None Description Use the qos sp command to configure SP queuing on the current port. Use the undo qos sp command to restore the default queuing algorithm on the port. By default, all the ports adopt the WRR queue scheduling algorithm, with the weight values assigned to queue 0 through queue 7 being 1, 2, 3, 4, 5, 9, 13, and 15.
Page 602: Qos Wfq Weight
[Sysname-GigabitEthernet1/0/1] qos wfq qos wfq weight Syntax qos wfq queue-id weight schedule-value undo qos wfq queue-id weight View Ethernet interface view, port group view Default Level 2: System Level Parameters queue-id: ID of the queue, in the range of 0 to 7. weight schedule-value: Specifies the scheduling weight of a queue, ranges from 0 to 15, and each queue is allocated with part of the allocable bandwidth based on its scheduling weight.
Page 603: Qos Wrr Group
View Ethernet interface view, port group view Default Level 2: System Level Parameters None Description Use the qos wrr command to enable weighted round robin (WRR) on a port or port group. Use the undo qos wrr command to restore the default. By default, all the ports adopt the WRR queue scheduling algorithm, with the weight values assigned to queue 0 through queue 7 being 1, 2, 3, 4, 5, 9, 13, and 15.
Page 604 By default, all the ports adopt the WRR queue scheduling algorithm, with the weight values assigned to queue 0 through queue 7 being 1, 2, 3, 4, 5, 9, 13, and 15. As required, you can configure part of the queues on the port to adopt the SP queue-scheduling algorithm and parts of queues to adopt the WRR queue-scheduling algorithm.
Page 605: Traffic Mirroring Configuration Commands
Traffic Mirroring Configuration Commands Traffic Mirroring Configuration Commands mirror-to Syntax mirror-to { cpu | interface interface-type interface-number } undo mirror-to { cpu | interface interface-type interface-number } View Traffic behavior view Default Level 2: System Level Parameters cpu: Redirects packets to the CPU. interface interface-type interface-number: Port type and port number of the destination port for the traffic mirroring action.
Page 606: User Profile Configuration Commands
User Profile Configuration Commands User Profile Configuration Commands display user-profile Syntax display user-profile View Any view Default Level 2: System level Parameters None Description Use the display user-profile command to display information of all the user profiles that have been created.
Page 607: User-Profile Enable
user-profile enable Syntax user-profile profile-name enable undo user-profile profile-name enable View System view Default Level 2: System level Parameters profile-name: Use profile name, a string of 1 to 31 characters, case sensitive. It can only contain English letters, numbers, underlines, and must start with an English letter. Description Use the user-profile enable command to enable a user profile.
Page 608: Security Volume
Parameters profile-name: Use profile name, a string of 1 to 31 characters, case sensitive. It can only contain English letters, numbers, underlines, and must start with an English letter. A user profile name must be globally unique. dot1x: Uses 802.1X authentication when users access the device. Refer to 802.1X Configuration in the Security Volume for the detailed information about 802.1X.
Page 609 1 AAA Configuration Commands················································································································1-1 AAA Configuration Commands ···············································································································1-1 access-limit enable ··························································································································1-1 access-limit······································································································································1-1 accounting command ······················································································································1-2 accounting default ···························································································································1-3 accounting lan-access ·····················································································································1-4 accounting login·······························································································································1-5 accounting optional··························································································································1-6 authentication default ······················································································································1-6 authentication lan-access················································································································1-7 authentication login··························································································································1-8 authorization command ···················································································································1-9 authorization default ······················································································································1-10 authorization lan-access················································································································1-11 authorization login ·························································································································1-12 authorization-attribute····················································································································1-13 bind-attribute··································································································································1-15...
Page 610 primary accounting (RADIUS scheme view) ···················································································2-9 primary authentication (RADIUS scheme view) ············································································2-10 radius client ···································································································································2-11 radius nas-ip ··································································································································2-12 radius scheme ·······························································································································2-13 radius trap······································································································································2-14 reset radius statistics ·····················································································································2-14 reset stop-accounting-buffer··········································································································2-15 retry················································································································································2-16 retry realtime-accounting ···············································································································2-17 retry stop-accounting (RADIUS scheme view) ··············································································2-18 secondary accounting (RADIUS scheme view) ············································································2-18 secondary authentication (RADIUS scheme view) ·······································································2-19 security-policy-server·····················································································································2-20 server-type·····································································································································2-21...
Page 611 dot1x ················································································································································4-4 dot1x authentication-method ···········································································································4-5 dot1x guest-vlan ······························································································································4-6 dot1x handshake ·····························································································································4-8 dot1x mandatory-domain·················································································································4-8 dot1x max-user································································································································4-9 dot1x multicast-trigger ···················································································································4-10 dot1x port-control···························································································································4-11 dot1x port-method ·························································································································4-12 dot1x quiet-period··························································································································4-13 dot1x re-authenticate·····················································································································4-14 dot1x retry······································································································································4-14 dot1x timer·····································································································································4-15 reset dot1x statistics ······················································································································4-16 5 EAD Fast Deployment Configuration Commands··················································································5-1 EAD Fast Deployment Configuration Commands ··················································································5-1 dot1x free-ip·····································································································································5-1 dot1x timer ead-timeout···················································································································5-2...
Page 612 port-security port-mode ·················································································································8-12 port-security timer disableport ·······································································································8-13 port-security trap····························································································································8-14 9 IP Source Guard Configuration Commands ···························································································9-1 IP Source Guard Configuration Commands ···························································································9-1 display ip check source ···················································································································9-1 display user-bind ·····························································································································9-2 ip check source································································································································9-3 user-bind··········································································································································9-4 10 SSH2.0 Configuration Commands ·······································································································10-1 SSH2.0 Server Configuration Commands ····························································································10-1 display ssh server··························································································································10-1 display ssh user-information··········································································································10-2 ssh server authentication-retries ···································································································10-3...
Page 613 rename ········································································································································10-25 rmdir·············································································································································10-25 sftp ···············································································································································10-26 sftp client ipv6 source ··················································································································10-27 sftp client source··························································································································10-27 sftp ipv6 ·······································································································································10-28 11 PKI Configuration Commands ·············································································································11-1 PKI Configuration Commands ··············································································································11-1 attribute··········································································································································11-1 ca identifier ····································································································································11-2 certificate request entity·················································································································11-3 certificate request from ··················································································································11-3 certificate request mode ················································································································11-4 certificate request polling···············································································································11-5 certificate request url ·····················································································································11-5 common-name·······························································································································11-6...
Page 614 close-mode wait·····························································································································12-2 display ssl client-policy ··················································································································12-3 display ssl server-policy·················································································································12-4 handshake timeout ························································································································12-5 pki-domain ·····································································································································12-6 prefer-cipher ··································································································································12-6 session ··········································································································································12-7 ssl client-policy ······························································································································12-8 ssl server-policy·····························································································································12-9 version ···········································································································································12-9 13 Public Key Configuration Commands ·································································································13-1 Public Key Configuration Commands ···································································································13-1 display public-key local public ·······································································································13-1 display public-key peer ··················································································································13-2 peer-public-key end ·······················································································································13-3 public-key-code begin····················································································································13-4...
Page 615 rule (basic IPv6 ACL view) ··········································································································14-25 rule (advanced IPv6 ACL view) ···································································································14-26 rule comment (for IPv6) ···············································································································14-30 step (for IPv6) ······························································································································14-31 ACL Application Commands ···············································································································14-32 acl logging frequence ··················································································································14-32 acl ipv6 logging frequence···········································································································14-32 packet-filter ··································································································································14-33 packet-filter ipv6 ··························································································································14-34...
Page 616: Aaa Configuration Commands
AAA Configuration Commands AAA Configuration Commands access-limit enable Syntax access-limit enable max-user-number undo access-limit enable View ISP domain view Default Level 2: System level Parameters max-user-number: Maximum number of user connections for the current ISP domain. The valid range from 1 to 2147483646. Description Use the access-limit enable command to enable the limit on the number of user connections in an ISP domain and set the allowed maximum number.
Page 617: Accounting Command
View Local user view Default Level 3: Manage level Parameters max-user-number: Maximum number of user connections using the current username, in the range 1 to 1024. Description Use the access-limit command to enable the limit on the number of user connections using the current username and set the allowed maximum number.
Page 618: Accounting Default
By default, the default accounting method that the accounting default command prescribes is used for command line users. Note that: The HWTACACS scheme specified for the current ISP domain must have been configured. Currently, only HWTACACS schemes support command line accounting. Related commands: accounting default, hwtacacs scheme.
Page 619: Accounting Lan-Access
Local accounting is only for managing the local user connection number; it does not provide the statistics function. The local user connection number management is only for local accounting; it does not affect local authentication and authorization. Related commands: authentication default, authorization default, hwtacacs scheme, radius scheme.
Page 620: Accounting Login
<Sysname> system-view [Sysname] domain system [Sysname-isp-system] accounting lan-access local # Configure the default ISP domain system to use RADIUS accounting scheme rd for LAN access users and use local accounting as the backup. <Sysname> system-view [Sysname] domain system [Sysname-isp-system] accounting lan-access radius-scheme rd local accounting login Syntax accounting login { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none |...
Page 621: Accounting Optional
[Sysname-isp-system] accounting login local # Configure the default ISP domain system to use RADIUS accounting scheme rd for login users and use local accounting as the backup. <Sysname> system-view [Sysname] domain system [Sysname-isp-system] accounting login radius-scheme rd local accounting optional Syntax accounting optional undo accounting optional...
Page 622: Authentication Lan-Access
undo authentication default View ISP domain view Default Level 2: System level Parameters hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, which is a string of 1 to 32 characters. local: Performs local authentication. none: Does not perform any authentication. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.
Page 623: Authentication Login
View ISP domain view Default Level 2: System level Parameters local: Performs local authentication. none: Does not perform any authentication. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters. Description Use the authentication lan-access command to configure the authentication method for LAN access users.
Page 624: Authorization Command
Parameters hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, which is a string of 1 to 32 characters. local: Performs local authentication. none: Does not perform any authentication. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.
Page 625: Authorization Default
none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the corresponding default rights. Description Use the authorization command command to configure the authorization method for command line users. Use the undo authorization command command to restore the default. By default, the default authorization method is used for command line users.
Page 626: Authorization Lan-Access
none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the corresponding default rights. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters. Description Use the authorization default command to configure the authorization method for all types of users. Use the undo authorization default command to restore the default.
Page 627: Authorization Login
Parameters local: Performs local authorization. none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the default rights. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters. Description Use the authorization lan-access command to configure the authorization method for LAN access users.
Page 628: Authorization-Attribute
Parameters hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, which is a string of 1 to 32 characters. local: Performs local authorization. none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the default rights. radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.
Page 629 Default Level 3: Manage level Parameters acl: Specifies the authorized ACL of the local user(s). acl-number: Authorized ACL for the local user(s), in the range 2000 to 5999. callback-number: Specifies the authorization PPP callback number of the local user(s). callback-number: Authorization PPP callback number for the local user(s), a case-sensitive string of 1 to 64 characters.
Page 630: Bind-Attribute
command in Login Commands of the System Volume. If the authentication method requires users to provide usernames and passwords, the levels of commands that a user can access after login depends on the level of the user. For an SSH user authenticated with an RSA public key, available commands depend on the level specified on the user interface.
Page 631: Cut Connection
Use the undo bind-attribute command to remove binding attributes of a local user. By default, no binding attribute is configured for a local user. Note that: Binding attributes are checked upon authentication of a local user. If the binding attributes of a local user do not match the configured ones, the checking will fail and the user will fail the authentication as a result.
Page 632: Display Connection
mac mac-address: Specifies a user connection by MAC address. The MAC address must be in the format of H-H-H. ucibindex ucib-index: Specifies a user connection by connection index. The value ranges from 0 to 4294967295. user-name user-name: Specifies a user connection by username. The user-name argument is a case-sensitive string of 1 to 80 characters and must contain the domain name.
Page 633: Display Domain
ucibindex ucib-index: Specifies all user connections using the specified connection index. The value ranges from 0 to 4294967295. user-name user-name: Specifies all user connections using the specified username. The user-name argument is a case-sensitive string of 1 to 80 characters and must contain the domain name. If you enter a username without any domain name, the system assumes that the default domain name is used for the username.
Page 634 Default Level 1: Monitor level Parameters isp-name: Name of an existing ISP domain, a string of 1 to 24 characters. Description Use the display domain command to display the configuration information of a specified ISP domain or all ISP domains. Related commands: access-limit enable, domain, state.
Page 635: Display Local-User
Field State Access-limit Accounting method Default authentication scheme Default authorization scheme Default accounting scheme Lan-access authentication scheme Lan-access authorization scheme Lan-access accounting scheme Domain User Template Idle-cut Self-service Default Domain Name Total 2 domain(s). display local-user Syntax display local-user [ idle-cut { disable | enable } | service-type { ftp | lan-access | ssh | telnet | terminal } | state { active | block } | user-name user-name | vlan vlan-id ] [ slot slot-number ] View Any view...
Page 636 slot slot-number: Specifies all local users on a specified member device in an IRF. The slot-number argument indicates the member device ID. Description Use the display local-user command to display information about specified or all local users. Related commands: local-user. Examples # Display the information of local user bbb on the specified Unit ID.
Page 637: Display User-Group
Field Authorization attributes Idle TimeOut Callback-number Work Directory VLAN ID Expiration date display user-group Syntax display user-group [ group-name ] View Any view Default Level 2: System level Parameters group-name: User group name, a case-insensitive string of 1 to 32 characters. Description Use the display user-group command to display configuration information about one or all user groups.
Page 638: Domain
domain Syntax domain isp-name undo domain isp-name View System view Default Level 3: Manage level Parameters isp-name: ISP domain name, a case-insensitive string of 1 to 24 characters that cannot contain any forward slash (/), colon (:), asterisk (*), question mark (?), less-than sign (<), greater-than sign (>), or Description Use the domain isp-name command to create an ISP domain and/or enter ISP domain view.
Page 639: Expiration-Date
Parameters isp-name: Name of the default ISP domain, a string of 1 to 24 characters. Description Use the domain default enable command to configure the system default ISP domain. Use the undo domain default enable command to restore the default. By default, there is a default ISP domain named system.
Page 640: Group
When some users need to access the network temporarily, you can create a guest account and specify an expiration time for the account. When a user uses the guest account for local authentication and passes the authentication, the access device checks whether the current system time is within the expiration time.
Page 641: Local-User
View ISP domain view Default Level 2: System level Parameters minute: Maximum idle duration allowed, in the range 1 to 120 minutes. Description Use the idle-cut enable command to enable the idle cut function and set the maximum idle duration allowed.
Page 642: Local-User Password-Display-Mode
telnet refers to users using Telnet. terminal refers to users logging in through the console port or AUX port. Description Use the local-user command to add a local user and enter local user view. Use the undo local-user command to remove the specified local users. By default, no local user is configured.
Page 643: Password
Examples # Specify to display the passwords of all users in cipher text. <Sysname> system-view [Sysname] local-user password-display-mode cipher-force password Syntax password { cipher | simple } password undo password View Local user view Default Level 2: System level Parameters cipher: Specifies to display the password in cipher text.
Page 644: Self-Service-Url Enable
[Sysname-luser-user1] password simple 123456 self-service-url enable Syntax self-service-url enable url-string undo self-service-url enable View ISP domain view Default Level 2: System level Parameters url-string: URL of the self-service server for changing user password, a string of 1 to 64 characters. It must start with http:// and contain no question mark.
Page 645: Service-Type
service-type Syntax service-type { ftp | lan-access | { ssh | telnet | terminal } * } undo service-type { ftp | lan-access | { ssh | telnet | terminal } * } View Local user view Default Level 3: Manage level Parameters ftp: Authorizes the user to use the FTP service.
Page 646: User-Group
Parameters active: Places the current ISP domain or local user in the active state, allowing the users in the current ISP domain or the current local user to request network services. block: Places the current ISP domain or local user in the blocked state, preventing users in the current ISP domain or the current local user from requesting network services.
Page 647 A user group consists of a group of local users and has a set of local user attributes. You can configure local user attributes for a user group to implement centralized management of user attributes for the local users in the group. Currently, you can configure authorization attributes for a user group. Note that: A user group with one or more local users cannot be removed.
Page 648: Radius Configuration Commands
RADIUS Configuration Commands RADIUS Configuration Commands data-flow-format (RADIUS scheme view) Syntax data-flow-format { data { byte | giga-byte | kilo-byte | mega-byte } | packet { giga-packet | kilo-packet | mega-packet | one-packet } } * undo data-flow-format { data | packet } View RADIUS scheme view Default Level...
Page 649: Display Radius Scheme
display radius scheme Syntax display radius scheme [ radius-scheme-name ] [ slot slot-number ] View Any view Default Level 2: System level Parameters radius-scheme-name: RADIUS scheme name. slot slot-number: Specifies the specified member device in an IRF. The slot-number argument indicates the member device ID.
Page 650 Packet unit ------------------------------------------------------------------ Total 1 RADIUS scheme(s) Table 2-1 display radius scheme command output description Field SchemeName Index Type Primary Auth IP/ Port/ State Primary Acct IP/ Port/ State Second Auth IP/ Port/ State Second Acct IP/ Port/ State Auth Server Encryption Key Acct Server Encryption Key Accounting-On packet disable send times...
Page 651: Display Radius Statistics
display radius statistics Syntax display radius statistics [ slot slot-number ] View Any view Default Level 2: System level Parameters slot slot-number: Specifies the specified member device in an IRF. The slot-number argument indicates the member device ID. Description Use the display radius statistics command to display statistics about RADIUS packets. Related commands: radius scheme.
Page 652 PKT acct_timeout Num = 1509 Realtime Account timer Num = 0 PKT response Num = 23 Session ctrl pkt Num = 0 Normal author request Num = 0 Set policy result Num = 0 RADIUS sent messages statistic: Auth accept Num = 10 Auth reject Num = 14...
Page 653 Field Resend total Total RADIUS received packets statistic Code Running statistic RADIUS received messages statistic Normal auth request EAP auth request Account request Account off request PKT auth timeout PKT acct_timeout Realtime Account timer PKT response Session ctrl pkt Normal author request Succ Set policy result RADIUS sent messages statistic...
Page 654: Display Stop-Accounting-Buffer
Field Discarded No-response-acct-stop packet for buffer overflow display stop-accounting-buffer Syntax display stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name } [ slot slot-number ] View Any view Default Level 2: System level Parameters radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.
Page 655: Key (Radius Scheme View)
key (RADIUS scheme view) Syntax key { accounting | authentication } string undo key { accounting | authentication } View RADIUS scheme view Default Level 2: System level Parameters accounting: Sets the shared key for RADIUS accounting packets. authentication: Sets the shared key for RADIUS authentication/authorization packets. string: Shared key, a case-sensitive string of 1 to 64 characters.
Page 656: Primary Accounting (Radius Scheme View)
undo nas-ip View RADIUS scheme view Default Level 2: System level Parameters ip-address: IP address in dotted decimal notation. It must be an address of the device and cannot be all 0s address, all 1s address, a class D address, a class E address or a loopback address. Description Use the nas-ip command to set the IP address for the device to use as the source address of the RADIUS packets to be sent to the server.
Page 657: Primary Authentication (Radius Scheme View)
Parameters ip-address: IP address of the primary accounting server. port-number: UDP port number of the primary accounting server, which ranges from 1 to 65535 and defaults to 1813. Description Use the primary accounting command to specify the primary RADIUS accounting server. Use the undo primary accounting command to remove the configuration.
Page 658: Radius Client
Use the undo primary authentication command to remove the configuration. By default, no primary RADIUS authentication/authorization server is specified. Note that: After creating a RADIUS scheme, you are supposed to configure the IP address and UDP port of each RADIUS server (primary/secondary authentication/authorization or accounting server). Ensure that at least one authentication/authorization server and one accounting server are configured, and that the RADIUS service port settings on the device are consistent with the port settings on the RADIUS servers.
Page 659: Radius Nas-Ip
The end account packets of online users cannot be sent out and buffered. This may cause a problem that the RADIUS server still has the user record after a user goes offline for a period of time. The authentication, authorization and accounting turn to the local scheme after the RADIUS request fails if the RADIUS scheme and the local authentication, authorization and accounting scheme are configured.
Page 660: Radius Scheme
Examples # Set the IP address for the device to use as the source address of the RADIUS packets to 129.10.10.1. <Sysname> system-view [Sysname] radius nas-ip 129.10.10.1 radius scheme Syntax radius scheme radius-scheme-name undo radius scheme radius-scheme-name View System view Default Level 3: Manage level Parameters...
Page 661: Radius Trap
radius trap Syntax radius trap { accounting-server-down | authentication-server-down } undo radius trap { accounting-server-down | authentication-server-down } View System view Default Level 2: System level Parameters accounting-server-down: RADIUS trap for accounting servers. authentication-server-down: RADIUS trap for authentication servers. Description Use the radius trap command to enable the RADIUS trap function.
Page 662: Reset Stop-Accounting-Buffer
Parameters slot slot-number: Specifies the specified member device in an IRF. The slot-number argument indicates the member device ID. Description Use the reset radius statistics command to clear RADIUS statistics. Related commands: display radius scheme. Examples # Clear RADIUS statistics. <Sysname>...
Page 663: Retry
<Sysname> reset stop-accounting-buffer user-name user0001@aabbcc.net # Clear the buffered stop-accounting requests in the time range from 0:0:0 to 23:59:59 on August 31, 2006. <Sysname> reset stop-accounting-buffer time-range 0:0:0-08/31/2006 23:59:59-08/31/2006 retry Syntax retry retry-times undo retry View RADIUS scheme view Default Level 2: System level Parameters retry-times: Maximum number of transmission attempts, in the range 1 to 20.
Page 664: Retry Realtime-Accounting
[Sysname-radius-radius1] retry 5 retry realtime-accounting Syntax retry realtime-accounting retry-times undo retry realtime-accounting View RADIUS scheme view Default Level 2: System level Parameters retry-times: Maximum number of accounting request transmission attempts. It ranges from 1 to 255 and defaults to 5. Description Use the retry realtime-accounting command to set the maximum number of accounting request transmission attempts.
Page 665: Retry Stop-Accounting (Radius Scheme View)
retry stop-accounting (RADIUS scheme view) Syntax retry stop-accounting retry-times undo retry stop-accounting View RADIUS scheme view Default Level 2: System level Parameters retry-times: Maximum number of stop-accounting request transmission attempts. It ranges from 10 to 65,535 and defaults to 500. Description Use the retry stop-accounting command to set the maximum number of stop-accounting request transmission attempts.
Page 666: Secondary Authentication (Radius Scheme View)
View RADIUS scheme view Default Level 2: System level Parameters ip-address: IP address of the secondary accounting server, in dotted decimal notation. The default is 0.0.0.0. port-number: UDP port number of the secondary accounting server, which ranges from 1 to 65535 and defaults to 1813.
Page 667: Security-Policy-Server
Parameters ip-address: IP address of the secondary authentication/authorization server, in dotted decimal notation. The default is 0.0.0.0. port-number: UDP port number of the secondary authentication/authorization server, which ranges from 1 to 65535 and defaults to 1812. Description secondary authentication/authorization server. Use the undo secondary authentication command to remove the configuration.
Page 668 By default, no security policy server is specified. Note that: You can specify up to eight security policy servers for a RADIUS scheme. You can use the commands to change the settings only when no user is using the RADIUS scheme.
Page 669: State
[Sysname-radius-radius1] server-type standard state Syntax state { primary | secondary } { accounting | authentication } { active | block } View RADIUS scheme view Default Level 2: System level Parameters primary: Sets the status of the primary RADIUS server. secondary: Sets the status of the secondary RADIUS server.
Page 670: Stop-Accounting-Buffer Enable (Radius Scheme View)
Examples # Set the status of the secondary server in RADIUS scheme radius1 to active. <Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] state secondary authentication active stop-accounting-buffer enable (RADIUS scheme view) Syntax stop-accounting-buffer enable undo stop-accounting-buffer enable View RADIUS scheme view Default Level 2: System level Parameters...
Page 671: Timer Quiet (Radius Scheme View)
timer quiet (RADIUS scheme view) Syntax timer quiet minutes undo timer quiet View RADIUS scheme view Default Level 2: System level Parameters minutes: Primary server quiet period, in minutes. It ranges from 1 to 255 and defaults to 5. Description Use the timer quiet command to set the quiet timer for the primary server, that is, the duration that the status of the primary server stays blocked before resuming the active state.
Page 672: Timer Response-Timeout (Radius Scheme View)
Note that: For real-time accounting, a NAS must transmit the accounting information of online users to the RADIUS accounting server periodically. This command is for setting the interval. The setting of the real-time accounting interval somewhat depends on the performance of the NAS and the RADIUS server: a shorter interval requires higher performance.
Page 673: User-Name-Format (Radius Scheme View)
so that the user has more opportunity to obtain the RADIUS service. The NAS uses the RADIUS server response timeout timer to control the transmission interval. A proper value for the RADIUS server response timeout timer can help improve the system performance.
Page 674 When 802.1X users use EAP authentication, the user-name-format command configured for a RADIUS scheme does not take effect and the device does not change the usernames from clients when forwarding them to the RADIUS server. If the RADIUS scheme is for wireless users, specify the keep-original keyword. Otherwise, authentication of the wireless users may fail.
Page 675: Hwtacacs Configuration Commands
HWTACACS Configuration Commands HWTACACS Configuration Commands data-flow-format (HWTACACS scheme view) Syntax data-flow-format { data { byte | giga-byte | kilo-byte | mega-byte } | packet { giga-packet | kilo-packet | mega-packet | one-packet } } * undo data-flow-format { data | packet } View HWTACACS scheme view Default Level...
Page 676 View Any view Default Level 2: System level Parameters hwtacacs-scheme-name: HWTACACS scheme name. statistics: Displays complete statistics about the HWTACACS server. slot slot-number: Specifies the specified member device in an IRF. The slot-number argument indicates the member device ID. Description Use the display hwtacacs command to display configuration information or statistics of the specified or all HWTACACS schemes.
Page 677 Packet traffic-unit -------------------------------------------------------------------- Table 3-1 display hwtacacs command output description Field HWTACACS-server template name Primary-authentication-server Primary-authorization-server Primary-accounting-server Secondary-authentication-server Secondary-authorization-server Secondary-accounting-server Current-authentication-server Current-authorization-server Current-accounting-server NAS-IP-address key authentication key authorization key accounting Quiet-interval Realtime-accounting-interval Response-timeout-interval Acct-stop-PKT retransmit times Username format Data traffic-unit Packet traffic-unit : one-packet Description...
Page 678: Display Stop-Accounting-Buffer
display stop-accounting-buffer Syntax display stop-accounting-buffer hwtacacs-scheme hwtacacs-scheme-name [ slot slot-number ] View Any view Default Level 2: System level Parameters hwtacacs-scheme hwtacacs-scheme-name: Specifies a HWTACACS scheme by its name, a string of 1 to 32 characters. slot slot-number: Specifies the specified member device in an IRF. The slot-number argument indicates the member device ID.
Page 679: Hwtacacs Scheme
Description Use the hwtacacs nas-ip command to set the IP address for the device to use as the source address of the HWTACACS packets to be sent to the server. Use the undo hwtacacs nas-ip command to remove the configuration. By default, the source IP address of a packet sent to the server is the IP address of the outbound port.
Page 680: Key (Hwtacacs Scheme View)
Examples # Create an HWTACACS scheme named hwt1 and enter HWTACACS scheme view. <Sysname> system-view [Sysname] hwtacacs scheme hwt1 [Sysname-hwtacacs-hwt1] key (HWTACACS scheme view) Syntax key { accounting | authentication | authorization } string undo key { accounting | authentication | authorization } string View HWTACACS scheme view Default Level...
Page 681: Primary Accounting (Hwtacacs Scheme View)
Default Level 2: System level Parameters ip-address: IP address in dotted decimal notation. It must be an address of the device and cannot be all 0s address, all 1s address, a class D address, a class E address or a loopback address. Description Use the nas-ip command to set the IP address for the device to use as the source address of the HWTACACS packets to be sent to the server.
Page 682: Primary Authentication (Hwtacacs Scheme View)
port-number: Port number of the server. It ranges from 1 to 65535 and defaults to 49. Description Use the primary accounting command to specify the primary HWTACACS accounting server. Use the undo primary accounting command to remove the configuration. By default, no primary HWTACACS accounting server is specified. Note that: The IP addresses of the primary and secondary accounting servers cannot be the same.
Page 683: Primary Authorization
The HWTACACS service port configured on the device and that of the HWTACACS server must be consistent. If you configure the command for more than one time, the last configuration takes effect. You can remove an authentication server only when no active TCP connection for sending authentication packets is using it.
Page 684: Reset Hwtacacs Statistics
Examples # Configure the primary authorization server. <Sysname> system-view [Sysname] hwtacacs scheme hwt1 [Sysname-hwtacacs-hwt1] primary authorization 10.163.155.13 49 reset hwtacacs statistics Syntax reset hwtacacs statistics { accounting | all | authentication | authorization } [ slot slot-number ] View User view Default Level 1: Monitor level Parameters...
Page 685: Retry Stop-Accounting (Hwtacacs Scheme View)
Parameters hwtacacs-scheme hwtacacs-scheme-name: Specifies a HWTACACS scheme by its name, a string of 1 to 32 characters. slot slot-number: Specifies the specified member device in an IRF. The slot-number argument indicates the member device ID. Description Use the reset stop-accounting-buffer command to clear the buffered stop-accounting requests that get no responses.
Page 686: Secondary Accounting (Hwtacacs Scheme View)
secondary accounting (HWTACACS scheme view) Syntax secondary accounting ip-address [ port-number ] undo secondary accounting View HWTACACS scheme view Default Level 2: System level Parameters ip-address: IP address of the server, a valid unicast address in dotted decimal notation. The default is 0.0.0.0.
Page 687: Secondary Authorization
Default Level 2: System level Parameters ip-address: IP address of the server, a valid unicast address in dotted decimal notation. The default is 0.0.0.0. port-number: Port number of the server. It ranges from 1 to 65535 and defaults to 49. Description Use the secondary authentication command to specify the secondary HWTACACS authentication server.
Page 688: Stop-Accounting-Buffer Enable (Hwtacacs Scheme View)
Description Use the secondary authorization command to specify the secondary HWTACACS authorization server. Use the undo secondary authorization command to remove the configuration. By default, no secondary HWTACACS authorization server is specified. Note that: The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise, the configuration fails.
Page 689: Timer Quiet (Hwtacacs Scheme View)
until it receives a response or the number of transmission retries reaches the configured limit. In the latter case, the NAS discards the packet. Related commands: stop-accounting-buffer. Examples # In HWTACACS scheme hwt1, enable the device to buffer the stop-accounting requests getting no responses.
Page 690: Timer Response-Timeout (Hwtacacs Scheme View)
View HWTACACS scheme view Default Level 2: System level Parameters minutes: Real-time accounting interval in minutes. It is a multiple of 3 in the range 3 to 60 and defaults to 12. Description Use the timer realtime-accounting command to set the real-time accounting interval. Use the undo timer realtime-accounting command to restore the default.
Page 691: User-Name-Format (Hwtacacs Scheme View)
Default Level 2: System level Parameters seconds: HWTACACS server response timeout period in seconds. It ranges from 1 to 300 and defaults to 5. Description Use the timer response-timeout command to set the HWTACACS server response timeout timer. Use the undo timer command to restore the default. As HWTACACS is based on TCP, the timeout of the server response timeout timer and/or the TCP timeout timer will cause the device to be disconnected from the HWTACACS server.
Page 692 domain name. This command is thus provided for you to decide whether to include a domain name in a username to be sent to a HWTACACS server. If a HWTACACS scheme defines that the username is sent without the ISP domain name, do not apply the HWTACACS scheme to more than one ISP domain, thus avoiding the confused situation where the HWTACACS server regards two users in different ISP domains but with the same userid as one.
Page 693: 802.1X Configuration Commands
802.1X Configuration Commands 802.1X Configuration Commands display dot1x Syntax display dot1x [ sessions | statistics ] [ interface interface-list ] View Any view Default Level 1: Monitor level Parameters sessions: Displays 802.1X session information. statistics: Displays 802.1X statistics. interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &...
Page 694 Reauth Period The maximal retransmitting times EAD quick deploy configuration: URL: http://192.168.19.23 Free IP: 192.168.19.0 255.255.255.0 EAD timeout: The maximum 802.1X user resource number is 1024 per slot Total current used 802.1X resource number is 1 GigabitEthernet1/0/1 is link-up 802.1X protocol is enabled Handshake is disabled Handshake secure is disabled Periodic reauthentication is disabled...
Page 695 Field Quiet Period Quiet Period Timer is disabled Supp Timeout Server Timeout The maximal retransmitting times EAD quick deploy configuration Free IP EAD timeout The maximum 802.1X user resource number per slot Total current used 802.1X resource number GigabitEthernet1/0/1 is link-up 802.1X protocol is disabled Handshake is disabled Handshake secure is disabled...
Page 696: Dot1X
Field EAP Response/Identity Packets EAP Response/Challenge Packets Error Packets Authenticated user Controlled User(s) amount dot1x Syntax In system view: dot1x [ interface interface-list ] undo dot1x [ interface interface-list ] In Ethernet interface view: dot1x undo dot1x View System view, interface view Default Level 2: System level Parameters...
Page 697: Dot1X Authentication-Method
802.1X must be enabled both globally in system view and for the intended ports in system view or interface view. Otherwise, it does not function. You can configure 802.1X parameters either before or after enabling 802.1X. Related commands: display dot1x. Examples # Enable 802.1X for ports GigabitEthernet 1/0/1, and GigabitEthernet 1/0/5 to GigabitEthernet 1/0/7.
Page 698: Dot1X Guest-Vlan
Description Use the dot1x authentication-method command to set the 802.1X authentication method. Use the undo dot1x authentication-method command to restore the default. By default, CHAP is used. The password authentication protocol (PAP) transports passwords in clear text. The challenge handshake authentication protocol (CHAP) transports only usernames over the network.
Page 699: Access Volume
interface interface-list: Specifies a port list. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument.
Page 700: Dot1X Handshake
dot1x handshake Syntax dot1x handshake undo dot1x handshake View Interface view Default Level 2: System level Parameters None Description Use the dot1x handshake command to enable the online user handshake function so that the device can periodically send handshake messages to the client to check whether a user is online. Use the undo dot1x handshake command to disable the function.
Page 701: Dot1X Max-User
Description Use the dot1x mandatory-domain command to specify the mandatory authentication domain for users accessing the port. Use the undo dot1x mandatory-domain command to remove the mandatory authentication domain. By default, no mandatory authentication domain is specified. Note that: When authenticating an 802.1X user trying to access the port, the system selects an authentication domain in the following order: the mandatory domain, the ISP domain specified in the username, and the default ISP domain.
Page 702: Dot1X Multicast-Trigger
Default Level 2: System level Parameters user-number: Maximum number of users to be supported simultaneously. The valid settings and the default may vary by device. interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &...
Page 703: Dot1X Port-Control
Description Use the dot1x multicast-trigger command to enable the multicast trigger function of 802.1X to send multicast trigger messages to the clients periodically. Use the undo dot1x multicast-trigger command to disable this function. By default, the multicast trigger function is enabled. Related commands: display dot1x.
Page 704: Dot1X Port-Method
Description Use the dot1x port-control command to set the access control mode for specified or all ports. Use the undo dot1x port-control command to restore the default. The default access control mode is auto. Related commands: display dot1x. Examples # Set the access control mode of port GigabitEthernet 1/0/1 to unauthorized-force. <Sysname>...
Page 705: Dot1X Quiet-Period
Description Use the dot1x port-method command to set the access control method for specified or all ports. Use the undo dot1x port-method command to restore the default. The default access control method is macbased. Related commands: display dot1x. Examples # Set the access control method to portbased for port GigabitEthernet 1/0/1. <Sysname>...
Page 706: Dot1X Re-Authenticate
dot1x re-authenticate Syntax dot1x re-authenticate undo dot1x re-authenticate View Ethernet interface view Default Level 2: System level Parameters None Description Use the dot1x re-authenticate command to enable the periodic re-authentication function. Use the undo dot1x re-authenticate command to restore the default. By default, this function is disabled.
Page 707: Dot1X Timer
Parameters max-retry-value: Maximum number of attempts to send an authentication request to a supplicant, in the range 1 to 10. Description Use the dot1x retry command to set the maximum number of attempts to send an authentication request to a supplicant. Use the undo dot1x retry command to restore the default.
Page 708: Reset Dot1X Statistics
tx-period-value: Setting for the username request timeout timer in seconds. It ranges from 10 to 120 and defaults to 30. Description Use the dot1x timer command to set 802.1X timers. Use the undo dot1x timer command to restore the defaults. Several timers are used in the 802.1X authentication process to guarantee that the supplicants, the authenticators, and the RADIUS server interact with each other in a reasonable manner.
Page 709 View User view Default Level 2: System level Parameters interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and &...
Page 710: Ead Fast Deployment Configuration Commands
EAD Fast Deployment Configuration Commands EAD Fast Deployment Configuration Commands dot1x free-ip Syntax dot1x free-ip ip-address { mask-address | mask-length } undo dot1x free-ip { ip-address { mask | mask-length } | all } View System view Default Level 2: System level Parameters ip-address: IP address of the freely accessible network segment, also called a free IP.
Page 711: Dot1X Timer Ead-Timeout
dot1x timer ead-timeout Syntax dot1x timer ead-timeout ead-timeout-value undo dot1x timer ead-timeout View System view Default Level 2: System level Parameters ead-timeout-value: EAD rule timeout time, in the range 1 minute to 1440 minutes. Description Use the dot1x timer ead-timeout command to set the EAD rule timeout time. Use the undo dot1x timer ead-timeout command to restore the default.
Page 712 By default, no redirect URL is defined. Note that: The redirect URL and the free IP must be in the same network segment; otherwise, the URL may be inaccessible. You can configure the dot1x url command for more than once but only the last one takes effect. Related commands: display dot1x, dot1x free-ip.
Page 713: Habp Configuration Commands
HABP Configuration Commands HABP Configuration Commands display habp Syntax display habp View Any view Default Level 1: Monitor level Parameters None Description Use the display habp command to display HABP configuration information. Examples # Display HABP configuration information. <Sysname> display habp Global HABP information: HABP Mode: Server Sending HABP request packets every 20 seconds...
Page 714: Display Habp Traffic
View Any view Default Level 1: Monitor level Parameters None Description Use the display habp table command to display HABP MAC address table entries. Examples # Display HABP MAC address table entries. <Sysname> display habp table Holdtime Receive Port 001f-3c00-0030 53 Table 6-2 display habp table command output description Field MAC address...
Page 715: Habp Enable
<Sysname> display habp traffic HABP counters : Packets output: 0, Input: 0 ID error: 0, Type error: 0, Version error: 0 Sent failed: 0 Table 6-3 display habp traffic command output description Field Packets output Input ID error Type error Version error Sent failed habp enable...
Page 716: Habp Server Vlan
habp server vlan Syntax habp server vlan vlan-id undo habp server View System view Default Level 2: System level Parameters vlan-id: ID of the VLAN in which HABP packets are to be transmitted, in the range 1 to 4094. Description Use the habp server vlan command to configure HABP to work in server mode and specify the VLAN in which HABP packets are to be transmitted.
Page 717 This command is required only on the HABP server. Examples # Set the interval to send HABP request packets to 50 seconds. <Sysname> system-view [Sysname] habp timer 50...
Page 718: Mac Authentication Configuration Commands
MAC Authentication Configuration Commands MAC Authentication Configuration Commands display mac-authentication Syntax display mac-authentication [ interface interface-list ] View Any view Default Level 2: System level Parameters interface interface-list: Specifies an Ethernet port list, in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10>...
Page 719 GigabitEthernet1/0/1 is link-up MAC address authentication is enabled Authenticate success: 0, failed: 0 Current online user number is 0 MAC Addr Authenticate state ……(part of the output omitted) Table 7-1 display mac-authentication command output description Field MAC address authentication is enabled User name format is MAC address, like xxxxxxxxxxxx Fixed username:...
Page 720: Mac-Authentication
mac-authentication Syntax In system view: mac-authentication [ interface interface-list ] undo mac-authentication [ interface interface-list ] In Ethernet interface view: mac-authentication undo mac-authentication View System view, Ethernet interface view Default Level 2: System level Parameters interface interface-list: Specifies an Ethernet port list, in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10>...
Page 721: Mac-Authentication Domain
<Sysname> system-view [Sysname] mac-authentication interface GigabitEthernet 1/0/1 Mac-auth is enabled on port GigabitEthernet1/0/1. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] mac-authentication Mac-auth is enabled on port GigabitEthernet1/0/1. mac-authentication domain Syntax mac-authentication domain isp-name undo mac-authentication domain View System view Default Level 2: System level Parameters isp-name: ISP domain name, a case-insensitive string of 1 to 24 characters that cannot contain any...
Page 722: Mac-Authentication User-Name-Format
View System view Default Level 2: System level Parameters offline-detect offline-detect-value: Specifies the offline detect interval, in the range 60 to 65,535 seconds. quiet quiet-value: Specifies the quiet period, in the range 1 to 3,600 seconds. server-timeout server-timeout-value: Specifies the server timeout period, in the range 100 to 300 seconds.
Page 723 Default Level 2: System level Parameters fixed: Uses the MAC authentication username type of fixed username. account name: Specifies the fixed username. The name argument is a case-insensitive string of 1 to 55 characters and defaults to mac. password { cipher | simple } password: Specifies the password for the fixed username. Specify the cipher keyword to display the password in cipher text or the simple keyword to display the password in plain text.
Page 724: Reset Mac-Authentication Statistics
reset mac-authentication statistics Syntax reset mac-authentication statistics [ interface interface-list ] View User view Default Level 2: System level Parameters interface interface-list: Specifies an Ethernet port list, in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> indicates that you can specify up to 10 port ranges.
Page 725: Port Security Configuration Commands
Port Security Configuration Commands Port Security Configuration Commands display port-security Syntax display port-security [ interface interface-list ] View Any view Default Level 2: System level Parameters interface-list: Ethernet port list, in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10>...
Page 726 Index is 2, OUI value is 003c12 GigabitEthernet1/0/1 is link-down Port mode is UserloginWithOUI NeedtoKnow mode is needtoknowonly Intrusion mode is disableport Max MAC address number is 50 Stored MAC address number is 0 Authorization is ignored GigabitEthernet1/0/2 is link-down Port mode is noRestriction NeedtoKnow mode is disabled Intrusion mode is no action...
Page 727: Display Port-Security Mac-Address Block
display port-security mac-address block Syntax display port-security mac-address block [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] View Any view Default Level 2: System level Parameters interface interface-type interface-number: Specifies a port by its type and number. vlan vlan-id: Specifies a VLAN by its number, which is in the range 1 to 4094.
Page 728: Display Port-Security Mac-Address Security
# Display information about all blocked MAC addresses of port GigabitEthernet 1/0/1. <Sysname> display port-security mac-address block interface GigabitEthernet1/0/1 MAC ADDR From Port 000d-88f8-0577 GigabitEthernet1/0/1 --- On slot 2, 1 mac address(es) found --- --- 1 mac address(es) found --- # Display information about all blocked MAC addresses of port GigabitEthernet 1/0/1 in VLAN 1.
Page 729 With no keyword or argument specified, the command displays information about all secure MAC addresses. Related commands: port-security mac-address security. Examples # Display information about all secure MAC addresses. <Sysname> display port-security mac-address security MAC ADDR VLAN ID 0002-0002-0002 1 000d-88f8-0577 1 --- 2 mac address(es) found --- # Display only the count of the secure MAC addresses.
Page 730: Port-Security Authorization Ignore
Field xxx mac address(es) found port-security authorization ignore Syntax port-security authorization ignore undo port-security authorization ignore View Layer 2 Ethernet interface view Default Level 2: System level Parameters None Description Use the port-security authorization ignore command to configure a port to ignore the authorization information from the RADIUS server.
Page 731: Port-Security Intrusion-Mode
Parameters None Description Use the port-security enable command to enable port security. Use the undo port-security enable command to disable port security. By default, port security is disabled. Note that: Port security cannot be enabled when 802.1X or MAC authentication is enabled globally. Enabling port security resets the following configurations on a port to the defaults bracketed, making them dependent completely on the port security mode: 802.1X (disabled), port access control method (macbased), and port access control mode (auto)
Page 732: Port-Security Mac-Address Security
disableport-temporarily: Disables the port for a specified period of time whenever it receives an illegal frame. Use the port-security timer disableport command to set the period. Description Use the port-security intrusion-mode command to configure the intrusion protection feature, so that the interface performs configured security policies in response to received illegal packets.
Page 733: Port-Security Max-Mac-Count
By default, no secure MAC address is configured. Note that: The port must belong to the specified VLAN. You can configure a secure MAC address only if port security is enabled and the specified port operates in autoLearn mode. The undo port-security mac-address security command can be used in system view only. Related commands: display port-security.
Page 734: Port-Security Ntk-Mode
Description Use the port-security max-mac-count command to set the maximum number of secure MAC addresses allowed on the port. Use the undo port-security max-mac-count command to restore the default setting. By default, the maximum number of secure MAC addresses is not limited. Note that: You cannot change the maximum number of secure MAC addresses for a port working in the autoLearn mode.
Page 735: Port-Security Oui
The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow frames to be sent to only devices passing authentication, thus preventing illegal devices from intercepting network traffic. Related commands: display port-security. Examples # Set the NTK mode of port GigabitEthernet 1/0/1 to ntkonly, allowing the port to forward received packets to only devices passing authentication.
Page 736: Port-Security Port-Mode
port-security port-mode Syntax port-security port-mode { autolearn | mac-authentication | mac-else-userlogin-secure | mac-else-userlogin-secure-ext | secure | userlogin | userlogin-secure | userlogin-secure-ext | userlogin-secure-or-mac | userlogin-secure-or-mac-ext | userlogin-withoui } undo port-security port-mode View Interface view Default Level 2: System level Parameters autolearn: Operates in autoLearn mode.
Page 737: Port-Security Timer Disableport
Examples # Enable port security and configure the port security mode of port GigabitEthernet 1/0/1 as secure. <Sysname> system-view [Sysname] port-security enable [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port-security port-mode secure # Change the port security mode of port GigabitEthernet 1/0/1 to userLogin. [Sysname-GigabitEthernet1/0/1] undo port-security port-mode [Sysname-GigabitEthernet1/0/1] port-security port-mode userlogin port-security timer disableport...
Page 738: Port-Security Trap
port-security trap Syntax port-security trap { addresslearned | dot1xlogfailure | dot1xlogoff | dot1xlogon | intrusion | ralmlogfailure | ralmlogoff | ralmlogon } undo port-security trap { addresslearned | dot1xlogfailure | dot1xlogoff | dot1xlogon | intrusion | ralmlogfailure | ralmlogoff | ralmlogon } View System view Default Level...
Page 739 <Sysname> system-view [Sysname] port-security trap addresslearned 8-15...
Page 740: Ip Source Guard Configuration Commands
IP Source Guard Configuration Commands IP Source Guard Configuration Commands display ip check source Syntax display ip check source [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ] View Any view Default Level 1: Monitor level Parameters interface interface-type interface-number: Displays the dynamic bindings of the interface specified by its type and number.
Page 741: Display User-Bind
Table 9-1 display ip check source command output description Field Total entries found Vlan Port Status display user-bind Syntax display user-bind [ interface interface-type interface-number | ip-address ip-address | mac-address mac-address ] View Any view Default Level 1: Monitor level Parameters interface interface-type interface-number: Displays the static bindings of the interface specified by its type and number.
Page 742: Ip Check Source
Table 9-2 display user-bind command output description Field Total entries found Vlan Port Status ip check source Syntax ip check source { ip-address | ip-address mac-address | mac-address } undo ip check source View Ethernet interface view, VLAN interface view Default Level 2: System level Parameters...
Page 743: User-Bind
user-bind Syntax user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ] undo user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } [ vlan vlan-id ] View Layer-2 Ethernet interface view Default Level 2: System level Parameters...
Page 744: Ssh2.0 Configuration Commands
SSH2.0 Configuration Commands SSH2.0 Server Configuration Commands display ssh server Syntax display ssh server { session | status } View Any view Default Level 1: Monitor level Parameters session: Displays the session information of the SSH server. status: Displays the status information of the SSH server. Description Use the display ssh server command on an SSH server to display SSH server status information or session information.
Page 745: Display Ssh User-Information
SFTP server Idle-Timeout: 10 minute(s) Table 10-1 display ssh server status command output description Field SSH Server SSH version SSH authentication-timeout SSH server key generating interval SSH authentication retries SFTP server SFTP server Idle-Timeout # Display the SSH server session information. <Sysname>...
Page 746: Ssh Server Authentication-Retries
Parameters username: SSH username, a string of 1 to 80 characters. Description Use the display ssh user-information command on an SSH server to display information about one or all SSH users. With the username argument not specified, the command displays information about all SSH users. Related commands: ssh user.
Page 747: Ssh Server Authentication-Timeout
Parameters times: Maximum number of authentication attempts, in the range 1 to 5. Description Use the ssh server authentication-retries command to set the maximum number of SSH connection authentication attempts, which takes effect at next login. Use the undo ssh server authentication-retries command to restore the default. By default, the maximum number of SSH connection authentication attempts is 3.
Page 748: Ssh Server Compatible-Ssh1X Enable
Examples # Set the SSH user authentication timeout period to 10 seconds. <Sysname> system-view [Sysname] ssh server authentication-timeout 10 ssh server compatible-ssh1x enable Syntax ssh server compatible-ssh1x enable undo ssh server compatible-ssh1x View System view Default Level 2: System level Parameters None Description...
Page 749: Ssh Server Rekey-Interval
Parameters None Description Use the ssh server enable command to enable SSH server. Use the undo ssh server enable command to disable SSH server. By default, SSH server is disabled. Examples # Enable SSH server. <Sysname> system-view [Sysname] ssh server enable ssh server rekey-interval Syntax ssh server rekey-interval hours...
Page 750: Ssh User
[Sysname] ssh server rekey-interval 3 ssh user Syntax ssh user username service-type stelnet authentication-type { password | { any | password-publickey | publickey } assign publickey keyname } ssh user username service-type { all | sftp } authentication-type { password | { any | password-publickey | publickey } assign publickey keyname work-directory directory-name } undo ssh user username View...
Page 751: Ssh2.0 Client Configuration Commands
Authentication method and public key configuration takes effect only for users logging in after the configuration. If an SFTP user has been assigned a public key, it is necessary to set a working folder for the user. The working folder of an SFTP user is subject to the user authentication method. For a user using only password authentication, the working folder is the AAA authorized one.
Page 752: Display Ssh Server-Info
display ssh server-info Syntax display ssh server-info View Any view Default Level 1: Monitor level Parameters None Description Use the display ssh server-info command on a client to display mappings between SSH servers and their host public keys saved on the client. When an SSH client needs to authenticate the SSH server, it uses the locally saved public key of the server for the authentication.
Page 753: Ssh Client Authentication Server
ssh client authentication server Syntax ssh client authentication server server assign publickey keyname undo ssh client authentication server server assign publickey View System view Default Level 2: System level Parameters server: IP address or name of the server, a string of 1 to 80 characters. keyname: Name of the host public key of the server, a string of 1 to 64 characters.
Page 754: Ssh Client Ipv6 Source
Parameters None Description Use the ssh client first-time enable command to enable the first authentication function. Use the undo ssh client first-time command to disable the function. By default, the function is enabled. With first-time authentication, when an SSH client not configured with the server host public key accesses the server for the first time, the user can continue accessing the server, and save the host public key on the client.
Page 755: Ssh Client Source
Related commands: display ssh client source. Examples # Specify the source IPv6 address as 2:2::2:2 for the SSH client. <Sysname> system-view [Sysname] ssh client ipv6 source ipv6 2:2::2:2 ssh client source Syntax ssh client source { ip ip-address | interface interface-type interface-number } undo ssh client source View System view...
Page 756 Default Level 0: Visit level Parameters server: IPv4 address or host name of the server, a case-insensitive string of 1 to 20 characters. port-number: Port number of the server, in the range 0 to 65535. The default is 22. identity-key: Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa. prefer-ctos-cipher: Preferred encryption algorithm from client to server, defaulted to aes128.
Page 757: Ssh2 Ipv6
ssh2 ipv6 Syntax ssh2 ipv6 server [ port-number ] [ identity-key { dsa | rsa } | prefer-ctos-cipher { aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * View...
Page 758: Sftp Server Configuration Commands
Preferred encryption algorithm from server to client: AES128 Preferred HMAC algorithm from client to server: MD5 Preferred HMAC algorithm from server to client: SHA1-96. <Sysname> ssh2 ipv6 2000::1 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96 SFTP Server Configuration Commands sftp server enable Syntax sftp server enable...
Page 759: Sftp Client Configuration Commands
Parameters time-out-value: Timeout period in minutes. It ranges from 1 to 35,791. Description Use the sftp server idle-timeout command to set the idle timeout period for SFTP user connections. Use the undo sftp server idle-timeout command to restore the default. By default, the idle timeout period is 10 minutes.
Page 760: Cdup
View SFTP client view Default Level 3: Manage level Parameters remote-path: Name of a path on the server. Description Use the cd command to change the working path on a remote SFTP server. With the argument not specified, the command displays the current working path. You can use the cd ..
Page 761: Delete
Current Directory is: delete Syntax delete remote-file&<1-10> View SFTP client view Default Level 3: Manage level Parameters remote-file&<1-10>: Name of a file on the server. &<1-10> means that you can provide up to 10 filenames, which are separated by space. Description Use the delete command to delete the specified file(s) from a server.
Page 762: Display Sftp Client Source
Description Use the dir command to display file and folder information under a specified directory. With the –a and –l keyword not specified, the command displays detailed information of files and folders under the specified directory in a list form. With the remote-path not specified, the command displays the file and folder information of the current working directory.
Page 763: Exit
exit Syntax exit View SFTP client view Default Level 3: Manage level Parameters None Description Use the exit command to terminate the connection with a remote SFTP server and return to user view. This command functions as the bye and quit commands. Examples # Terminate the connection with the remote SFTP server.
Page 764: Help
sftp-client> get temp1.c temp.c Remote file:/temp1.c ---> Local file: temp.c Downloading file successfully ended help Syntax help [ all | command-name ] View SFTP client view Default Level 3: Manage level Parameters all: Displays a list of all commands. command-name: Name of a command. Description Use the help command to display a list of all commands or the help information of an SFTP client command.
Page 765: Mkdir
Description Use the ls command to display file and folder information under a specified directory. With the –a and –l keyword not specified, the command displays detailed information of files and folders under the specified directory in a list form. With the remote-path not specified, the command displays the file and folder information of the current working directory.
Page 766: Pwd
View SFTP client view Default Level 3: Manage level Parameters local-file: Name of a local file. remote-file: Name for the file on a remote SFTP server. Description Use the put command to upload a local file to a remote SFTP server. If you do not specify the remote-file argument, the file will be saved remotely with the same name as the local one.
Page 767: Quit
quit Syntax quit View SFTP client view Default Level 3: Manage level Parameters None Description Use the quit command to terminate the connection with a remote SFTP server and return to user view. This command functions as the bye and exit commands. Examples # Terminate the connection with the remote SFTP server.
Page 768: Rename
/temp.c Are you sure to delete it? [Y/N]:y This operation may take a long time.Please wait... File successfully Removed rename Syntax rename oldname newname View SFTP client view Default Level 3: Manage level Parameters oldname: Original file name or directory name. newname: New file name or directory name.
Page 769: Sftp
Examples # On the SFTP server, delete directory temp1 in the current directory. sftp-client> rmdir temp1 Directory successfully removed sftp Syntax sftp server [ port-number ] [ identity-key { dsa | rsa } | prefer-ctos-cipher { aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *...
Page 770: Sftp Client Ipv6 Source
an algorithm (by using the identity-key keyword) in order to get the correct data for the local private key. By default, the encryption algorithm is DSA. Examples # Connect to SFTP server 10.1.1.2, using the following algorithms: Preferred key exchange algorithm: dh-group1. Preferred encryption algorithm from server to client: aes128.
Page 771: Sftp Ipv6
undo sftp client source View System view Default Level 3: Manage level Parameters ip ip-address: Specifies a source IPv4 address. interface interface-type interface-number: Specifies a source interface by its type and number. Description Use the sftp client source command to specify the source IPv4 address or interface of an SFTP client.
Page 772 des: Encryption algorithm des-cbc. prefer-ctos-hmac: Preferred HMAC algorithm from client to server, defaulted to sha1. md5: HMAC algorithm hmac-md5. md5-96: HMAC algorithm hmac-md5-96. sha1: HMAC algorithm hmac-sha1. sha1-96: HMAC algorithm hmac-sha1-96. prefer-kex: Preferred key exchange algorithm, defaulted to dh-group-exchange. dh-group-exchange: Key exchange algorithm diffie-hellman-group-exchange-sha1. dh-group1: Key exchange algorithm diffie-hellman-group1-sha1.
Page 773: Pki Configuration Commands
PKI Configuration Commands PKI Configuration Commands attribute Syntax attribute id { alt-subject-name { fqdn | ip } | { issuer-name | subject-name } { dn | fqdn | ip } } { ctn | equ | nctn | nequ} attribute-value undo attribute { id | all } View Certificate attribute group view...
Page 774: Ca Identifier
Note that the attribute of the alternative certificate subject name does not appear as a distinguished name, and therefore the dn keyword is not available for the attribute. Examples # Create a certificate attribute rule, specifying that the DN in the subject name includes the string of abc.
Page 775: Certificate Request Entity
certificate request entity Syntax certificate request entity entity-name undo certificate request entity View PKI domain view Default Level 2: System level Parameters entity-name: Name of the entity for certificate request, a case-insensitive string of 1 to 15 characters. Description Use the certificate request entity command to specify the entity for certificate request. Use the undo certificate request entity command to remove the configuration.
Page 776: Certificate Request Mode
Use the undo certificate request from command to remove the configuration. By default, no authority is specified for a PKI domain view. Examples # Specify that the entity requests a certificate from the CA. <Sysname> system-view [Sysname] pki domain 1 [Sysname-pki-domain-1] certificate request from ca certificate request mode Syntax...
Page 777: Certificate Request Polling
certificate request polling Syntax certificate request polling { count count | interval minutes } undo certificate request polling { count | interval } View PKI domain view Default Level 2: System level Parameters count: Maximum number of attempts to poll the status of the certificate request, in the range 1 to 100. minutes: Polling interval, in the range 5 to 168 minutes.
Page 778: Common-Name
Parameters url-string: URL of the server for certificate request, a case-insensitive string of 1 to 127 characters. It comprises the location of the server and the location of CGI command interface script in the format of http: //server_location/ca_script_location, where server_location must be an IP address and does not support domain name resolution currently.
Page 779: Country
[Sysname-pki-entity-1] common-name test country Syntax country country-code-str undo country View PKI entity view Default Level 2: System level Parameters country-code-str: Country code for the entity, a 2-character case-insensitive string. Description Use the country command to specify the code of the country to which an entity belongs. It is a standard 2-character code, for example, CN for China.
Page 780: Crl Update-Period
By default, CRL checking is enabled. CRLs are files issued by the CA to publish all certificates that have been revoked. Revocation of a certificate may occur before the certificate expires. CRL checking is intended for checking whether a certificate has been revoked. A revoked certificate is no longer trusted. Examples # Disable CRL checking.
Page 781: Display Pki Certificate
View PKI domain view Default Level 2: System level Parameters url-string: URL of the CRL distribution point, a case-insensitive string of 1 to 127 characters in the format of ldap://server_location or http://server_location, where server_location must be an IP address and does not support domain name resolution currently. Description Use the crl url command to specify the URL of the CRL distribution point.
Page 782: Serial Number
Examples # Display the local certificate. <Sysname> display pki certificate local domain 1 Certificate: Data: Version: 3 (0x2) Serial Number: 10B7D4E3 00010000 0086 Signature Algorithm: md5WithRSAEncryption Issuer: emailAddress=myca@aabbcc.net C=CN ST=Country A L=City X O=abc OU=bjs CN=new-ca Validity Not Before: Jan 13 08:57:21 2004 GMT Not After : Jan 20 09:07:21 2005 GMT Subject: C=CN...
Page 783: Display Pki Certificate Access-Control-Policy
Field Validity Subject Subject Public Key Info X509v3 extensions X509v3 CRL Distribution Points display pki certificate access-control-policy Syntax display pki certificate access-control-policy { policy-name | all } View Any view Default Level 1: Monitor level Parameters policy-name: Name of the certificate attribute-based access control policy, a string of 1 to 16 characters.
Page 784: Display Pki Certificate Attribute-Group
display pki certificate attribute-group Syntax display pki certificate attribute-group { group-name | all } View Any view Default Level 1: Monitor level Parameters group-name: Name of a certificate attribute group, a string of 1 to 16 characters. all: Specifies all certificate attribute groups. Description Use the display pki certificate attribute-group command to display information about a specified or all certificate attribute groups.
Page 785 View Any view Default Level 2: System level Parameters domain-name: Name of the PKI domain, a string of 1 to 15 characters. Description Use the display pki crl domain command to display the locally saved CRLs. Related commands: pki retrieval-crl, pki domain. Examples # Display the locally saved CRLs.
Page 786: Fqdn
Field X509v3 Authority Key Identifier keyid Revoked Certificates Serial Number Revocation Date fqdn Syntax fqdn name-str undo fqdn View PKI entity view Default Level 2: System level Parameters name-str: Fully qualified domain name (FQDN) of an entity, a case-insensitive string of 1 to 127 characters.
Page 787: Ldap-Server
View PKI entity view Default Level 2: System level Parameters ip-address: IP address for an entity. Description Use the ip command to configure the IP address of an entity. Use the undo ip command to remove the configuration. By default, no IP address is specified for an entity. Examples # Configure the IP address of an entity as 11.0.0.1.
Page 788: Locality
[Sysname] pki domain 1 [Sysname-pki-domain-1] ldap-server ip 169.254.0.30 locality Syntax locality locality-name undo locality View PKI entity view Default Level 2: System level Parameters locality-name: Name for the geographical locality, a case-insensitive string of 1 to 31 characters. No comma can be included. Description Use the locality command to configure the geographical locality of an entity, which can be, for example, a city name.
Page 789: Organization-Unit
Description Use the organization command to configure the name of the organization to which the entity belongs. Use the undo organization command to remove the configuration. By default, no organization name is specified for an entity. Examples # Configure the name of the organization to which an entity belongs as org-name. <Sysname>...
Page 790: Pki Certificate Attribute-Group
View System view Default Level 2: System level Parameters policy-name: Name of the certificate attribute-based access control policy, a case-insensitive string of 1 to 16 characters. It cannot be “a”, “al” or “all”. all: Specifies all certificate attribute-based access control policies. Description Use the pki certificate access-control-policy command to create a certificate attribute-based access control policy and enter its view.
Page 791: Pki Delete-Certificate
Use the undo pki certificate attribute-group command to delete one or all certificate attribute groups. By default, no certificate attribute group exists. Examples # Create a certificate attribute group named mygroup and enter its view. <Sysname> system-view [Sysname] pki certificate attribute-group mygroup [Sysname-pki-cert-attribute-group-mygroup] pki delete-certificate Syntax...
Page 792: Pki Entity
Parameters domain-name: PKI domain name, a case-insensitive string of 1 to 15 characters. Description Use the pki domain command to create a PKI domain and enter PKI domain view or enter the view of an existing PKI domain. Use the undo pki domain command to remove a PKI domain. By default, no PKI domain exists.
Page 793: Pki Import-Certificate
pki import-certificate Syntax pki import-certificate { ca | local } domain domain-name { der | p12 | pem } [ filename filename ] View System view Default Level 2: System level Parameters ca: Specifies the CA certificate. local: Specifies the local certificate. domain-name: Name of the PKI domain, a string of 1 to 15 characters.
Page 794: Pki Retrieval-Certificate
password: Password for certificate revocation, a case-sensitive string of 1 to 31 characters. pkcs10: Displays the BASE64-encoded PKCS#10 certificate request. filename: Name of the file for saving the PKCS#10 certificate request, a case-insensitive string of 1 to 127 characters. Description Use the pki request-certificate domain command to request a local certificate from a CA through SCEP.
Page 795: Pki Retrieval-Crl Domain
Related commands: pki domain. Examples # Retrieve the CA certificate from the certificate issuing server. <Sysname> system-view [Sysname] pki retrieval-certificate ca domain 1 pki retrieval-crl domain Syntax pki retrieval-crl domain domain-name View System view Default Level 2: System level Parameters domain-name: Name of the PKI domain, a string of 1 to 15 characters.
Page 796: Root-Certificate Fingerprint
domain-name: Name of the PKI domain to which the certificate to be verified belongs, a string of 1 to 15 characters. Description Use the pki validate-certificate command to verify the validity of a certificate. The focus of certificate validity verification is to check that the certificate is signed by the CA and that the certificate has neither expired nor been revoked.
Page 797: Rule (Access Control Policy View)
[Sysname-pki-domain-1] D1526110AAD7527FB093ED7FC037B0B3CDDDAD93 rule (access control policy view) Syntax rule [ id ] { deny | permit } group-name undo rule { id | all } View Access control policy view Default Level 2: System level Parameters id: Number of the certificate attribute access control rule, in the range 1 to 16. The default is the smallest unused number in this range.
Page 798 View PKI entity view Default Level 2: System level Parameters state-name: State or province name, a case-insensitive string of 1 to 31 characters. No comma can be included. Description Use the state command to specify the name of the state or province where an entity resides. Use the undo state command to remove the configuration.
Page 799: Ssl Configuration Commands
SSL Configuration Commands SSL Configuration Commands ciphersuite Syntax ciphersuite [ rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha ] * View SSL server policy view Default Level 2: System level Parameters rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA.
Page 800: Client-Verify Enable
client-verify enable Syntax client-verify enable undo client-verify enable View SSL server policy view Default Level 2: System level Parameters None Description Use the client-verify enable command to enable certificate-based SSL client authentication, that is, to enable the SSL server to perform certificate-based authentication of the client during the SSL handshake process.
Page 801: Display Ssl Client-Policy
Description Use the close-mode wait command to set the SSL connection close mode to wait. In this mode, after sending a close-notify message to a client, the server does not close the connection until it receives a close-notify message from the client. Use the undo close-mode wait command to restore the default.
Page 802: Display Ssl Server-Policy
Table 12-1 display ssl client-policy command output description Field SSL Client Policy SSL Version PKI Domain Prefer Ciphersuite display ssl server-policy Syntax display ssl server-policy { policy-name | all } View Any view Default Level 1: Monitor level Parameters policy-name: SSL server policy name, a case-insensitive string of 1 to 16 characters. all: Displays information about all SSL server policies.
Page 803: Handshake Timeout
Table 12-2 display ssl server-policy command output description Field SSL Server Policy PKI Domain Ciphersuite Handshake Timeout Close-mode Session Timeout Session Cachesize Client-verify handshake timeout Syntax handshake timeout time undo handshake timeout View SSL server policy view Default Level 2: System level Parameters time: Handshake timeout time in seconds, in the range 180 to 7,200.
Page 804: Prefer-Cipher
<Sysname> system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] handshake timeout 3000 pki-domain Syntax pki-domain domain-name undo pki-domain View SSL server policy view, SSL client policy view Default Level 2: System level Parameters domain-name: Name of a PKI domain, a case-insensitive string of 1 to 15 characters. Description Use the pki-domain command to specify a PKI domain for an SSL server policy or SSL client policy.
Page 805: Session
Default Level 2: System level Parameters rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA. rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of DES_CBC, and the MAC algorithm of SHA.
Page 806: Ssl Client-Policy
By default, the maximum number of cached sessions is 500 and the caching timeout time is 3,600 seconds. The process of the session parameters negotiation and session establishment by using the SSL handshake protocol is quite complicated. SSL allows reusing the negotiated session parameters to establish sessions.
Page 807: Ssl Server-Policy
ssl server-policy Syntax ssl server-policy policy-name undo ssl server-policy { policy-name | all } View System view Default Level 2: System level Parameters policy-name: SSL server policy name, a case-insensitive string of 1 to 16 characters, which cannot be “a”, “al” and “all”. all: Specifies all SSL server policies.
Page 808 Description Use the version command to specify the SSL protocol version for an SSL client policy. Use the undo version command to restore the default. By default, the SSL protocol version for an SSL client policy is TLS 1.0. Related commands: display ssl client-policy. Examples # Specify the SSL protocol version for SSL client policy policy1 as SSL 3.0.
Page 809: Public Key Configuration Commands
Public Key Configuration Commands Public Key Configuration Commands display public-key local public Syntax display public-key local { dsa | rsa } public View Any view Default Level 1: Monitor level Parameters dsa: DSA key pair. rsa: RSA key pair. Description Use the display public-key local public command to display the public key information of the local key pair(s).
Page 810: Display Public-Key Peer
Key type: RSA Encryption Key ===================================================== Key code: 307C300D06092A864886F70D0101010500036B003068026100C51AF7CA926962284A4654B2AACC7B2AE12B2B 1EABFAC1CDA97E42C3C10D7A70D1012BF23ADE5AC4E7AAB132CFB6453B27E054BFAA0A85E113FBDE751EE0EC EF659529E857CF8C211E2A03FD8F10C5BEC162B2989ABB5D299D1E4E27A13C7DD10203010001 # Display the public key information of the local DSA key pair. <Sysname> display public-key local dsa public ===================================================== Time of Key pair created: 20:00:16 2007/10/25 Key name: HOST_KEY Key type: DSA Encryption Key ===================================================== Key code:...
Page 811: Peer-Public-Key End
With neither the brief keyword nor the name publickey-name combination specified, the command displays detailed information about all locally saved public keys of peers. You can use the public-key peer command or the public-key peer import sshkey command to get a local copy of the public keys of a peer.
Page 812: Public-Key-Code Begin
<Sysname> system-view [Sysname] public-key peer key1 [Sysname-pkey-public-key] peer-public-key end [Sysname] public-key-code begin Syntax public-key-code begin View Public key view Default Level 2: System level Parameters None Description Use the public-key-code begin command to enter public key code view. After entering public key code view, you can input the key in a correct format. Spaces and carriage returns are allowed between characters.
Page 813: Public-Key Local Create
View Public key code view Default Level 2: System level Parameters None Description Use the public-key-code end command to return from public key code view to public key view and to save the configured public key. The system verifies the key before saving it. If the key contains invalid characters, the system displays an error message and discards the key.
Page 814: Public-Key Local Destroy
rsa: RSA key pair. Description Use the public-key local create command to create local key pair(s). Note that: When using this command to create DSA or RSA key pairs, you will be prompted to provide the length of the key modulus. The modulus length is in the range 512 to 2048 bits, and defaults to 1024 bits.
Page 815: System Volume
Default Level 2: System level Parameters dsa: DSA key pair. rsa: RSA key pair. Description Use the public-key local destroy command to destroy the local key pair(s). Related commands: public-key local create. Examples # Destroy the local RSA key pairs. <Sysname>...
Page 816: Public-Key Local Export Rsa
Related commands: public-key local create, public-key local destroy. Examples # Export the local DSA public key in OpenSSH format to a file named key.pub. <Sysname> system-view [Sysname] public-key local export dsa openssh key.pub # Display the local DSA public key in SSH2.0 format. <Sysname>...
Page 817: System Volume
filename: Name of the file for storing the public key. For detailed information about file name, refer to File System Management in the System Volume. Description Use the public-key local export rsa command to display the local RSA public key on the screen or export them to a specified file.
Page 818: System Volume
Parameters keyname: Public key name, a case-sensitive string of 1 to 64 characters. Description Use the public-key peer command to configure the public key name and enter public key view. Use the undo public-key peer command to remove a configured peer public key. After entering public key view, you can configure the public key of the peer with the public-key-code begin and public-key-code end commands.
Page 819 <Sysname> system-view [Sysname] public-key peer key2 import sshkey key.pub 13-11...
Page 820: Acl Configuration Commands
IRF. Description Use the display acl resource command to display the usage of ACL resources on a switch. Examples # Display the ACL uses on the switch.
Page 821: Display Time-Range
GE1/0/1 to GE1/0/28, XGE1/2/1 -------------------------------------------------------------------------------- Type Total Reserved Configured Remaining -------------------------------------------------------------------------------- VFP ACL 1024 IFP ACL 4096 IFP Meter 2048 IFP Counter 2048 EFP ACL EFP Meter EFP Counter 512 Interface: GE2/0/1 to GE2/0/32, GE2/0/1 -------------------------------------------------------------------------------- Type Total Reserved Configured Remaining -------------------------------------------------------------------------------- VFP ACL 1024...
Page 822: Time-Range
View Any view Default Level 1: Monitor level Parameters time-range-name: Time range name, a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be the English word of all to avoid confusion. all: Specifies all existing time ranges.
Page 823 Parameters time-range-name: Time range name, a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be the English word of all to avoid confusion. start-time: Start time of a periodic time range, in hh:mm format (24-hour clock), where hh is hours and mm is minutes.
Page 824: Ipv4 Acl Configuration Commands
December 31, 2004 23:59, you may use the time-range test 12:00 to 14:00 wednesday from 00:00 01/01/2004 to 23:59 12/31/2004 command. You may create individual time ranges identified with the same name. They are regarded as one time range whose active period is the result of ORing periodic ones, ORing absolute ones, and ANDing periodic and absolute ones.
Page 825: Acl Copy
Description Use the acl command to enter IPv4 ACL view. If the ACL does not exist, it is created first. Use the undo acl command to remove a specified IPv4 ACL or all IPv4 ACLs. By default, the match order is config. Note that: You can specify a name for an IPv4 ACL only when you create the ACL.
Page 826: Acl Name
View System view Default Level 2: System level Parameters source-acl-number: Number of an existing IPv4 ACL, which must be in the following ranges: 2000 to 2999 for basic IPv4 ACLs 3000 to 3999 for advanced IPv4 ACLs 4000 to 4999 for Ethernet frame header ACLs name source-acl-name: Name of an existing IPv4 ACL, a case insensitive string of 1 to 32 characters.
Page 827: Description (For Ipv4)
Parameters acl-name: Name of the IPv4 ACL, a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be the English word of all to avoid confusion. Description Use the acl name command to enter the view of an existing IPv4 ACL by specifying its name. Examples # Enter the view of the IPv4 ACL named flow.
Page 828: Display Acl
[Sysname] acl number 4000 [Sysname-acl-ethernetframe-4000] description This acl is used in geth 1/0/1 display acl Syntax display acl { acl-number | all | name acl-name } View Any view Default Level 1: Monitor level Parameters acl-number: IPv4 ACL number, which must be in the following ranges: 2000 to 2999 for basic IPv4 ACLs 3000 to 3999 for advanced IPv4 ACLs 4000 to 4999 for Ethernet frame header ACLs...
Page 829: Reset Acl Counter
Field rule 5 comment This rule is used in geth 1/0/1 reset acl counter Syntax reset acl counter { acl-number | all | name acl-name } View User view Default Level 2: System level Parameters acl-number: IPv4 ACL number, which must be in the following ranges: 2000 to 2999 for basic IPv4 ACLs 3000 to 3999 for advanced IPv4 ACLs 4000 to 4999 for Ethernet frame header ACLs...
Page 830 Default Level 2: System level Parameters rule-id: Basic IPv4 ACL rule number, in the range 0 to 65534. deny: Drops matched packets. permit: Allows matched packets to pass. fragment: Indicates that the rule applies to only non-first fragments. A rule without this keyword applies to all fragments and non-fragments.
Page 831: Rule (Advanced Ipv4 Acl View)
For a basic IPv4 ACL rule to be referenced by a QoS policy for traffic classification, the logging keyword is not supported. Related commands: display acl. Examples # Create a rule to deny packets with the source IP address 1.1.1.1. <Sysname>...
Page 832 Table 14-4 Match criteria and other rule information for advanced IPv4 ACL rules Parameters source { sour-addr Specifies a source sour-wildcard | any } address. destination { dest-addr Specifies a destination dest-wildcard | any } address. Specifies an IP precedence precedence precedence value.
Page 833 If the two values are the same, the switch will convert the operator range to eq. Note that if you specify a combination of lt 1 or gt 65534, the switch will convert it to eq 0 or eq 65535. Parameters specific to TCP.
Page 834 Table 14-6 ICMP-specific parameters for advanced IPv4 ACL rules Parameters icmp-type { icmp-type icmp-code | icmp-message } Table 14-7 ICMP message names supported in advanced IPv4 ACL rules ICMP message name echo echo-reply fragmentneed-DFset host-redirect host-tos-redirect host-unreachable information-reply information-request net-redirect net-tos-redirect net-unreachable parameter-problem...
Page 835: Rule (Ethernet Frame Header Acl View)
If you specify no optional keywords, the undo rule command removes the entire ACL rule; otherwise, the command removes only the specified criteria. Before performing the undo rule command, you may use the display acl command to view the ID of the rule. When defining ACL rules, you do not need to assign them IDs;...
Page 836 Default Level 2: System level Parameters rule-id: Ethernet frame header ACL rule number, in the range 0 to 65534. deny: Drops matched packets. permit: Allows matched packets to pass. cos vlan-pri: Defines an 802.1p priority. The vlan-pri argument can be a number in the range 0 to 7 or in words, best-effort (0), background (1), spare (2), excellent-effort (3), controlled-load (4), video (5), voice (6), or network-management (7).
Page 837: Rule Comment (For Ipv4)
If the ACL match order is auto, rules are displayed in the depth-first match order rather than by rule number. For an Ethernet frame header ACL to be referenced by a QoS policy for traffic classification, the lsap keyword is not supported. Related commands: display acl.
Page 838: Step (For Ipv4)
[Sysname-acl-basic-2000] rule 0 comment This rule is used in geth 1/0/1 # Create a rule in ACL 3000 and define the rule description. <Sysname> system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 0 permit ip source 1.1.1.1 0 [Sysname-acl-adv-3000] rule 0 comment This rule is used in geth 1/0/1 # Create a rule in ACL 4000 and define the rule description.
Page 839: Ipv6 Acl Configuration Commands
IPv6 ACL Configuration Commands acl ipv6 Syntax acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ] undo acl ipv6 { all | name acl6-name | number acl6-number } View System view Default Level 2: System level Parameters number acl6-number: Specifies the number of the IPv6 ACL, which must be in the following ranges:...
Page 840: Acl Ipv6 Copy
# Create IPv6 ACL 2002, giving the ACL a name of flow. <Sysname> system-view [Sysname] acl ipv6 number 2002 name flow [Sysname-acl6-basic-2002-flow] # Enter the view of an IPv6 ACL that has no name by specifying its number. <Sysname> system-view [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] # Enter the view of an IPv6 ACL that has a name by specifying its number.
Page 841: Acl Ipv6 Name
Description Use the acl ipv6 copy command to create an IPv6 ACL by copying an existing IPv6 ACL. The new ACL is of the same ACL type and has the same match order, rules, rule numbering step and descriptions. Note that: The source IPv6 ACL and the destination IPv6 ACL must be of the same type.
Page 842: Display Acl Ipv6
Default Level 2: System level Parameters text: ACL description, a case-sensitive string of 1 to 127 characters. Description Use the description command to configure a description for an IPv6 ACL to, for example, describe the purpose of the ACL. Use the undo description command to remove the IPv6 ACL description. By default, an IPv6 ACL has no ACL description.
Page 843: Reset Acl Ipv6 Counter
Examples # Display information about IPv6 ACL 2001. <Sysname> display acl ipv6 2001 Basic IPv6 ACL 2001, named flow, 1 rule, ACL's step is 5 rule 0 permit source 1::2/128 (5 times matched) rule 0 comment This rule is used in geth 1/0/1 Table 14-8 display acl ipv6 command output description Field Basic IPv6 ACL 2001...
Page 844: Rule (Basic Ipv6 Acl View)
Description Use the reset acl ipv6 counter command to clear statistics on a specified IPv6 ACL or all basic and advanced IPv6 ACLs. Examples # Clear the statistics on IPv6 ACL 2001, which is referenced by upper layer software. <Sysname> reset acl ipv6 counter 2001 # Clear the statistics on IPv6 ACL flow, which is referenced by upper layer software.
Page 845: Rule (Advanced Ipv6 Acl View)
When defining ACL rules, you do not need to assign them IDs; the system can automatically assign rule IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the smallest multiple of the step that is bigger than the current biggest number. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the next rule will be numbered 30.
Page 846 Parameters rule-id: IPv6 ACL rule number, in the range 0 to 65534. deny: Drops matched packets. permit: Allows matched packets to pass. protocol: Protocol carried over IPv6. It can be a number in the range 0 to 255, or in words, gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6), or udp (17).
Page 847 Note that if you specify a combination of lt 1 or gt 65534, the switch will convert it to eq 0 or eq 65535. Parameters specific to TCP.
Page 848 Table 14-11 ICMPv6-specific parameters for advanced IPv6 ACL rules Parameters icmpv6-type { icmpv6-type icmpv6-code | icmpv6-message } Table 14-12 ICMPv6 message names supported in advanced IPv6 ACL rules ICMPv6 message name redirect echo-request echo-reply err-Header-field frag-time-exceeded hop-limit-exceeded host-admin-prohib host-unreachable neighbor-advertisement neighbor-solicitation network-unreachable packet-too-big...
Page 849: Rule Comment (For Ipv6)
When defining ACL rules, you do not need to assign them IDs; the system can automatically assign rule IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the smallest multiple of the step that is bigger than the current biggest number. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the next rule will be numbered 30.
Page 850: Step (For Ipv6)
Description Use the rule comment command to configure a description for an existing IPv6 ACL rule or modify the description of an IPv6 ACL rule. You may use the rule description to, for example, describe the purpose of the ACL rule. Use the undo rule comment command to remove the IPv6 ACL rule description.
Page 851: Acl Application Commands
<Sysname> system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] step 2 ACL Application Commands acl logging frequence Syntax acl logging frequence frequence undo acl logging frequence View System view Default Level 2: System level Parameters frequence: Interval in minutes for packet filtering statistics. It must be an integer in the range of 0 to 1440 and a multiple of five.
Page 852: Packet-Filter
Parameters frequence: Interval in minutes for packet filtering statistics. It must be an integer in the range of 0 to 1440 and a multiple of five. Description Use the acl ipv6 logging frequence command to set the interval for IPv6 packet filtering statistics. At the specified interval, the device outputs the statistics information, including the number of filtered packets, and the ACL rules used.
Page 853: Packet-Filter Ipv6
Note that you can apply only one IPv4 ACL or one Ethernet frame header ACL on an interface. To modify the ACL configured on an interface, you need to remove the previous configuration first and then configure a new ACL. Examples # Apply basic IPv4 ACL 2001 to the inbound direction of interface GigabitEthernet 1/0/1.
Page 854 <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] packet-filter ipv6 2500 outbound # Apply advanced IPv6 ACL 3000 to the outbound direction of interface VLAN interface 20 <Sysname> system-view [Sysname] interface Vlan-interface 20 [Sysname-Vlan-interface20] packet-filter ipv6 3000 outbound 14-35...
Page 855 1 Smart Link Configuration Commands·····································································································1-1 Smart Link Configuration Commands ·····································································································1-1 display smart-link flush ····················································································································1-1 display smart-link group···················································································································1-2 flush enable ·····································································································································1-3 port···················································································································································1-3 port smart-link group························································································································1-4 preemption delay ·····························································································································1-5 preemption mode·····························································································································1-6 protected-vlan··································································································································1-7 reset smart-link statistics ·················································································································1-8 smart-link flush enable·····················································································································1-8 smart-link group·······························································································································1-9 2 Monitor Link Configuration Commands··································································································2-1 Monitor Link Configuration Commands···································································································2-1 display monitor-link group ···············································································································2-1 monitor-link group····························································································································2-2...
Page 856 dldp interval ·····································································································································4-6 dldp reset·········································································································································4-7 dldp unidirectional-shutdown···········································································································4-8 dldp work-mode ·······························································································································4-8 reset dldp statistics ··························································································································4-9 5 Ethernet OAM Configuration Commands ·······························································································5-1 OAM Configuration Commands ··············································································································5-1 display oam ·····································································································································5-1 display oam configuration················································································································5-4 display oam critical-event ················································································································5-6 display oam link-event ·····················································································································5-7 oam enable······································································································································5-9 oam errored-frame period ·············································································································5-10 oam errored-frame threshold·········································································································5-10 oam errored-frame-period period ··································································································5-11...
Page 857 7 Track Configuration Commands··············································································································7-1 Track Configuration Commands ·············································································································7-1 display track·····································································································································7-1 track nqa··········································································································································7-2...
Page 858: Smart Link Configuration Commands
Smart Link Configuration Commands Smart Link Configuration Commands display smart-link flush Syntax display smart-link flush View Any view Default Level 1: Monitor level Parameters None Description Use the display smart-link flush command to display information about the received flush messages. Examples # Display information about the received flush messages.
Page 859: Display Smart-Link Group
display smart-link group Syntax display smart-link group { group-id | all } View Any view Default Level 1: Monitor level Parameters group-id: Smart link group ID. The minimum value is 1, while the maximum value is 26. all: Displays information about all smart link groups. Description Use the display smart-link group command to display information about the specified or all smart link groups.
Page 860: Flush Enable
Field State Flush-count Last-flush-time flush enable Syntax flush enable [ control-vlan vlan-id ] undo flush enable View Smart link group view Default Level 2: System level Parameters control-vlan vlan-id: Specifies the control VLAN used for transmitting flush messages. The vlan-id argument ranges from 1 to 4094.
Page 861: Port Smart-Link Group
Default Level 2: System level Parameters interface-type interface-number: Port type and port number. master: Specifies a port as the master port. slave: Specifies a port as the slave port. Description Use the port command to assign the specified port as the master or slave port of the current smart link group.
Page 862: Preemption Delay
master: Specifies the port as the master port. slave: Specifies the port as the slave port. Description Use the port smart-link group command to configure the current port as a member of the specified smart link group. Use the port smart-link group command to remove the port from the specified smart link group. Note that: Disable STP and RRPP on the ports you want to add to the smart link group, and make sure that the ports are not member ports of any aggregation group or service loopback group.
Page 863: Preemption Mode
Parameters delay-time: Preemption delay (in seconds), in the range of 0 to 300. Description Use the preemption delay command to set the preemption delay. When role preemption is enabled, after the preemption delay is set, the master port waits for some time before taking over, so as to collaborate with the switchover of upstream devices.
Page 864: Protected-Vlan
[Sysname-smlk-group1] preemption mode role protected-vlan Syntax protected-vlan reference-instance instance-id-list undo protected-vlan [ reference-instance instance-id-list ] View Smart link group view Default Level 2: System level Parameters reference-instance instance-id-list: Specifies the MSTIs to be referenced in the form of instance-id-list = { instance-id [ to instance-id ] }&<1-10>, where the range of the instance-id argument is as specified in the command configuring MSTIs and &<1-10>...
Page 865: Reset Smart-Link Statistics
[Sysname] smart-link group 1 [Sysname-smlk-group1] protected-vlan reference-instance 1 to 10 12 reset smart-link statistics Syntax reset smart-link statistics View User view Default Level 2: System level Parameters None Description Use the reset smart-link statistics command to clear the statistics about flush messages. Examples # Clear the statistics about flush messages.
Page 866: Smart-Link Group
Note that: If no VLAN is specified, VLAN 1 applies. This command cannot be used on member port of an aggregation group or service loopback group. Related commands: flush enable. Examples # Enable GigabitEthernet 1/0/1 to process the flush messages received in VLAN 1. <Sysname>...
Page 867: Monitor Link Configuration Commands
Monitor Link Configuration Commands Monitor Link Configuration Commands display monitor-link group Syntax display monitor-link group { group-id | all } View Any view Default Level 1: Monitor level Parameters group-id: Monitor link group ID, in the range 1 to 16. all: Specifies all monitor link groups.
Page 868: Monitor-Link Group
Field Member Role Status monitor-link group Syntax monitor-link group group-id undo monitor-link group group-id View System view Default Level 2: System level Parameters group-id: Monitor link group ID, in the range 1 to 16. Description Use the monitor-link group command to create a monitor link group and enter monitor link group view. If the specified monitor link group already exists, you enter monitor link group view directly.
Page 869: Port Monitor-Link Group
Default Level 2: System level Parameters interface-type interface-number: Port type and port number. uplink: Specifies an uplink port. downlink: Specifies a downlink port. Description Use the port command to assign a port to the monitor link group. Use the undo port command to remove a port from the monitor link group. Both Ethernet ports and Layer-2 aggregate interfaces can be assigned to a monitor link group.
Page 870 downlink: Specifies a downlink port. Description Use the port monitor-link group command to assign the port to the specified monitor link group. Use the undo port monitor-link group command to remove the port from the specified monitor link group. Both Ethernet ports and Layer-2 aggregate interfaces can be assigned to a monitor link group. A port can be assigned to only one monitor link group.
Page 871: Rrpp Configuration Commands
RRPP Configuration Commands RRPP Configuration Commands control-vlan Syntax control-vlan vlan-id undo control-vlan View RRPP domain view Default Level 2: System level Parameters vlan-id: Specifies a VLAN as the primary control VLAN for the RRPP domain, in the range 2 to 4093. This VLAN must be one not created yet.
Page 872: Display Rrpp Brief
[Sysname-rrpp-domain1] control-vlan 100 display rrpp brief Syntax display rrpp brief View Any view Default Level 1: Monitor level Parameters None Description Use the display rrpp brief command to display the brief RRPP information. Examples # Display the brief RRPP information. <Sysname>...
Page 873: Display Rrpp Ring-Group
Table 3-1 display rrpp brief command output description Field Flags for Node Mode RRPP Protocol Status Number of RRPP Domains Domain ID Control VLAN Protected VLAN Hello Timer Fail Timer Ring ID Ring Level Node Mode Primary/Common Port Secondary/Edge Port Enable Status display rrpp ring-group Syntax...
Page 874: Display Rrpp Statistics
Default Level 1: Monitor Level Parameters ring-group-id: RRPP ring group ID, in the range 1 to 8. Description Use the display rrpp ring-group command to display the RRPP ring group configuration. If no ring group ID is specified, the configuration of all ring groups is displayed. If an RRPP ring ID is specified, the configuration of the specified RRPP ring group on the current device is displayed.
Page 875 Parameters domain-id: RRPP domain ID, in the range 1 to 8. ring-id: RRPP ring ID, in the range 1 to 64. Description Use the display rrpp statistics command to display RRPPDU statistics. Note that: If an RRPP ring ID is specified, the RRPPDU statistics for the specified RRPP ring in the specified RRPP domain on the current device are displayed.
Page 876 Secondary port: GigabitEthernet1/0/4 Packet Link Common Direct Hello Down Flush FDB Flush FDB Hello ------------------------------------------------------------------------------ Send 16878 Ring ID Ring Level Node Mode : Edge Active Status : No Common port : GigabitEthernet1/0/3 Packet Link Common Direct Hello Down Flush FDB Flush FDB Hello ------------------------------------------------------------------------------ Send Common port...
Page 877: Display Rrpp Verbose
Field Secondary Port Common Port Edge Port Packet Direct Hello Link-Down Common Flush FDB Complete Flush FDB Edge Hello Major Fault Packet Total display rrpp verbose Syntax display rrpp verbose domain domain-id [ ring ring-id ] View Any view Default Level 1: Monitor level Parameters domain-id: RRPP domain ID, in the range 1 to 8.
Page 878 Examples # Display the detailed information of ring 1 in RRPP domain 1. <Sysname> display rrpp verbose domain 1 ring 1 Domain ID Control VLAN : Major 5 Protected VLAN: Reference Instance 0 to 2, 4 Hello Timer : 1 sec Fail Timer : 3 sec Ring ID Ring Level Node Mode...
Page 879 Field List of VLANs protected by the RRPP domain. MSTIs are displayed Protected VLAN here. To get the VLANs corresponding to these MSTIs, use the display stp region-configuration command. Hello Timer Hello Timer value in seconds Fail Timer Fail Timer value in seconds Ring ID RRPP ring ID RRPP ring level:...
Page 880: Domain Ring
domain ring Syntax domain domain-id ring ring-id-list undo domain domain-id [ ring ring-id-list ] View RRPP ring group view Default Level 2: System level Parameters domain-id: RRPP domain ID, in the range of 1 to 8. ring-id-list: RRPP subring ID list expressed in the format of ring-id-list={ ring-id [ to ring-id ] }&<1-10>, where the ring-id argument is an RRPP subring ID in the range of 1 to 64 and &<1-10>...
Page 881: Protected-Vlan
Examples # Configure subrings for RRPP ring group 1. <Sysname> system-view [Sysname] rrpp ring-group 1 [Sysname-rrpp-ring-group1] domain 1 ring 1 to 3 5 [Sysname-rrpp-ring-group1] domain 2 ring 1 to 3 5 protected-vlan Syntax protected-vlan reference-instance instance-id-list undo protected-vlan [ reference-instance instance-id-list ] View RRPP domain view Default Level...
Page 882: Reset Rrpp Statistics
<Sysname> system-view [Sysname] rrpp domain 1 [Sysname-rrpp-domain1] control-vlan 100 [Sysname-rrpp-domain1] protected-vlan reference-instance 2 to 3 reset rrpp statistics Syntax reset rrpp statistics domain domain-id [ ring ring-id ] View User view Default Level 1: Monitor level Parameters domain-id: RRPP domain ID, in the range 1 to 8. ring-id: RRPP ring ID, in the range 1 to 64.
Page 883 Parameters ring-id: RRPP ring ID, in the range 1 to 64. master: Specifies the device as the master node of the RRPP ring. transit: Specifies the device as the transit node of the RRPP ring. primary-port: Specifies the port as a primary port. interface-type interface-number: Specifies a port by its type and number.
Page 884 # Specify the device as the transit node of primary ring 10 in RRPP domain 1, GigabitEthernet 1/0/1 as the primary port and GigabitEthernet 1/0/2 as the secondary port. <Sysname> system-view [Sysname] rrpp domain 1 [Sysname-rrpp-domain1] control-vlan 100 [Sysname-rrpp-domain1] protect-vlan reference-instance 0 1 2 [Sysname-rrpp-domain1] ring secondary-port gigabitethernet 1/0/2 level 0...
Page 885: Ring Enable
ring enable Syntax ring ring-id enable undo ring ring-id enable View RRPP domain view Default Level 2: System level Parameters ring-id: RRPP ring ID, in the range 1 to 64. Description Use the ring enable command to enable the RRPP ring. Use the undo ring enable command to disable the RRPP ring.
Page 886: Rrpp Enable
Default Level 2: System level Parameters domain-id: RRPP domain ID, in the range 1 to 8. Description Use the rrpp domain command to create an RRPP domain and enter its view. Use the undo rrpp domain command to remove an RRPP domain. Note that: When you delete an RRPP domain, the control VLANs and protected VLANs of it are deleted at the same time.
Page 887: Rrpp Ring-Group
Examples # Enable the RRPP protocol. <Sysname> system-view [Sysname] rrpp enable rrpp ring-group Syntax rrpp ring-group ring-group-id undo rrpp ring-group ring-group-id View System view Default Level 2: System level Parameters ring-group-id: RRPP ring group ID, in the range 1 to 8. Description Use the rrpp ring-group command to create an RRPP ring group and enter RRPP ring group view.
Page 888 View RRPP domain view Default Level 2: System level Parameters hello-value: Hello timer value, in the range 1 to 10 seconds. fail-value: Fail timer value, in the range 3 to 30 seconds. Description Use the timer command to configure the Hello timer value and the Fail timer value for the RRPP domain.
Page 889: Dldp Configuration Commands
DLDP Configuration Commands DLDP Configuration Commands display dldp Syntax display dldp [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Port type and port number. Description Use the display dldp command to display the DLDP configuration of a port. If you do not provide the interface-type or interface-number arguments, this command displays the DLDP configuration of all the DLDP-enabled ports.
Page 890 Interface GigabitEthernet1/0/51 DLDP port state : advertisement DLDP link state : up The neighbor number of the port is 1. Neighbor mac address : 0000-0000-1100 Neighbor port index : 81 Neighbor state : two way Neighbor aged time : 12 # Display the DLDP configuration of GigabitEthernet 1/0/50.
Page 891: Display Dldp Statistics
display dldp statistics Syntax display dldp statistics [ interface-type interface-number ] View Any view Default Level 1: Monitor level Parameters interface-type interface-number: Port type and port number. Description Use the display dldp statistics command to display the statistics on the DLDP packets passing through a port.
Page 892: Dldp Authentication-Mode
Valid packets received : 3 Table 4-2 display dldp statistics command output description Field Interface Packets sent Packets received Invalid packets received Loop packets received Authentication failed packets received Valid packets received dldp authentication-mode Syntax dldp authentication-mode { md5 md5-password | none | simple simple-password } undo dldp authentication-mode View System view...
Page 893: Dldp Delaydown-Timer
Examples # Configure to perform plain text authentication, setting the password as abc (assuming that Device A and Device B are connected by the DLDP link). Configuration on Device A <DeviceA> system-view [DeviceA] dldp authentication-mode simple abc Configuration on Device B <DeviceB>...
Page 894: Dldp Interval
Default Level 2: System level Parameters None Description Use the dldp enable command to enable DLDP. Use the undo dldp enable command to disable DLDP. By default, DLDP is disabled both globally and on each port. Note that: When executed in system view, these two commands enables/disables DLDP globally; when executed in Ethernet port view, these two commands enables/disables DLDP on the current port;...
Page 895: Dldp Reset
Parameters time: Interval for sending Advertisement packets, in the range 1 to 100 (in seconds). Description Use the dldp interval command to set the interval for sending Advertisement packets. Use the undo dldp interval command to restore the default. By default, the interval for sending Advertisement packets is 5 seconds. Note that: These two commands apply to all DLDP-enabled ports.
Page 896: Dldp Unidirectional-Shutdown
# Reset DLDP state for GigabitEthernet 1/0/50 (assuming that GigabitEthernet 1/0/50 is shut down by DLDP). <Sysname> system-view [Sysname] interface gigabitethernet 1/0/50 [Sysname-GigabitEthernet1/0/50] dldp reset # Reset DLDP state for all the ports in port group 1 shut down by DLDP. <Sysname>...
Page 897: Reset Dldp Statistics
View System view Default Level 2: System level Parameters enhance: Specifies the enhanced DLDP mode. normal: Specifies the normal DLDP mode. Description Use the dldp work-mode command to set the DLDP mode. Use the undo dldp work-mode command to restore the default DLDP mode. By default, a device operates in normal DLDP mode.
Page 898: Ethernet Oam Configuration Commands
Ethernet OAM Configuration Commands OAM Configuration Commands display oam Syntax display oam { local | remote } [ interface interface-type interface-number ] View Any view Default Level 2: System level Parameters local: Displays the Ethernet OAM connection information of the local end. remote: Displays the Ethernet OAM connection information of the remote end.
Page 899 Remote Evaluating : COMPLETE Packets statistic : Packets Send -------------------------------------------------------------------------- OAMPDU OAMInformation OAMEventNotification OAMUniqueEventNotification OAMDuplicateEventNotification -- Table 5-1 display oam local command output description Field Port Link Status EnableStatus Local_oam_mode Local_pdu Local_mux_action Local_par_action OAMLocalFlagsField Link Fault Dying Gasp Critical Event Receive Description Port index...
Page 900 Field Local Evaluating Remote Evaluating Packets statistic OAMPDU OAMInformation OAMEventNotification OAMUniqueEventNotification OAMDuplicateEventNotificatio # Display the Ethernet OAM information of the peer port GigabitEthernet 1/0/1. <Sysname> display oam remote interface gigabitethernet 1/0/1 Port : GigabitEthernet1/0/1 Link Status : Up Information of the latest received OAM packet: OAMRemoteMACAddress : 00e0-fd73-6502 OAMRemotePDUConfiguration : 1500...
Page 901: Display Oam Configuration
Table 5-2 display oam remote port command output description Field Port Link Status Information of the latest received OAM packet OAMRemoteMACAddress OAMRemotePDUConfiguratio OAMRemoteState Remote_mux_action Remote_par_action OAMRemoteConfiguration OAM Mode Unidirectional Support Loopback Support Link Events Variable Retrieval OAMRemoteFlagsField Link Fault Dying Gasp Critical Event Local Evaluating Remote Evaluating...
Page 902 Default Level 2: System level Parameters None Description Use the display oam configuration command to display global Ethernet OAM configuration, including the periods and thresholds for Ethernet OAM link error event detection. Related commands: oam errored-symbol period, oam errored-symbol threshold, oam errored-frame period, oam errored-frame threshold, oam errored-frame-period period, oam errored-frame-period errored-frame-seconds threshold.
Page 903: Display Oam Critical-Event
If you do not specify the interface keyword, this command displays the statistics on the critical Ethernet OAM link events occurred on all the ports of the switch. Examples # Display the statistics on critical Ethernet OAM link events occurred on all the ports.
Page 904: Display Oam Link-Event
display oam link-event Syntax display oam link-event { local | remote } [ interface interface-type interface-number ] View Any view Default Level 2: System level Parameters local: Displays the statistics on the local Ethernet OAM link error events. remote: Displays the statistics on the peer Ethernet OAM link error events. interface interface-type interface-number: Specify a port by its type and number.
Page 905 Errored Frame Second Summary Threshold : 1 Errored Frame Second Summary Error Running Total : 292 Table 5-5 display oam link-event local command output description Field Port Link Status OAMLocalErrFrameEvent OAMLocalErrFramePeriodEve OAMLocalErrFrameSecsSum maryEvent : (ms = milliseconds) # Display Ethernet OAM link event statistics of the remote ends of all the ports. <Sysname>...
Page 906: Oam Enable
--------------------------------------------------------------------- Event Time Stamp Errored Frame Threshold Error Running Total Table 5-6 display oam link-event remote command output description Field Port Link Status OAMLocalErrFrameEvent oam enable Syntax oam enable undo oam enable View Ethernet port view Default Level 2: System level Parameters None Description...
Page 907: Oam Errored-Frame Period
oam errored-frame period Syntax oam errored-frame period period-value undo oam errored-frame period View System view Default Level 2: System level Parameters period-value: Errored frame detection interval, ranging from 1 to 60 (in seconds). Description Use the oam errored-frame period command to set the errored frame detection interval. Use the undo oam errored-frame period command to restore the default.
Page 908: Oam Errored-Frame-Period Period
By default, the errored frame event triggering threshold is 1. Related commands: oam errored-frame period, display oam link-event, display oam configuration. Examples # Set the errored frame event triggering threshold to 100. <Sysname> system-view [Sysname] oam errored-frame threshold 100 oam errored-frame-period period Syntax oam errored-frame-period period period-value undo oam errored-frame-period period...
Page 909: Oam Errored-Frame-Period Threshold
oam errored-frame-period threshold Syntax oam errored-frame-period threshold threshold-value undo oam errored-frame-period threshold View System view Default Level 2: System level Parameters threshold-value: Errored frame period event triggering threshold, ranging from 0 to 4294967295. Description Use the oam errored-frame-period threshold command to set the errored frame period event triggering threshold.
Page 910: Oam Errored-Frame-Seconds Threshold
Use the undo oam errored-frame-seconds period command to restore the default. By default, the errored frame seconds detection interval is 60 seconds. Related commands: oam errored-frame-seconds threshold, display oam link-event, display oam configuration. Examples # Set the errored frame seconds detection interval to 100 seconds. <Sysname>...
Page 911: Oam Errored-Symbol Threshold
View System view Default Level 2: System level Parameters period-value: Errored symbol detection interval, ranging from 1 to 60 (in seconds). Description Use the oam errored-symbol period command to set the errored symbol detection interval. Use the undo oam errored-symbol period command to restore the default. By default, the errored symbol detection interval is one second.
Page 912: Oam Loopback
Examples # Set the errored symbol event triggering threshold to 100. <Sysname> system-view [Sysname] oam errored-symbol threshold 100 oam loopback Syntax oam loopback undo oam loopback View Ethernet port view Default Level 2: System level Parameters None Description Use the oam loopback command to enable Ethernet OAM loopback testing on an Ethernet port. Use the undo loopback command to disable Ethernet OAM remote loopback.
Page 913: Reset Oam
Default Level 2: System level Parameters active: Specifies the active Ethernet OAM mode. passive: Specifies the passive Ethernet OAM mode. Description Use the oam mode command to set the Ethernet OAM operating mode for an Ethernet port. By default, an Ethernet OAM-enabled Ethernet port operates in the active Ethernet OAM mode. Note that, to change the Ethernet OAM operating mode of an Ethernet OAM-enabled Ethernet port, you need to disable Ethernet OAM on the port first..
Page 914 <Sysname> reset oam 5-17...
Page 915: Connectivity Fault Detection Configuration Commands
Connectivity Fault Detection Configuration Commands Connectivity Fault Detection Configuration Commands cfd cc enable Syntax cfd cc service-instance instance-id mep mep-id enable undo cfd cc service-instance instance-id mep mep-id enable View Ethernet port view Default level 2: System level Parameters service-instance instance-id: Specifies the service instance ID, ranging from 1 to 32767. mep mep-id: Specifies the ID of an MEP, ranging from 1 to 8191.
Page 916: Cfd Enable
View System view Default level 2: System level Parameters interval-field-value: Value of the interval field in CCM messages, ranging from 4 to 7. service-instance instance-id: Specifies the service instance ID, ranging from 1 to 32767. Description Use the cfd cc interval command to set the value of the interval field in the CCM messages. Use the undo cfd cc interval command to restore the value to the default value.
Page 917: Cfd Linktrace
Parameters None Description Use the cfd enable command to enable CFD. Use the undo cfd enable command to disable CFD. By default, CFD is disabled. Examples # Enable CFD. <Sysname> system-view [Sysname] cfd enable Note: CFD has been enabled. cfd linktrace Syntax cfd linktrace service-instance instance-id mep mep-id { target-mep target-mep-id | target-mac mac-address } [ ttl ttl-value ] [ hw-only ]...
Page 918: Cfd Linktrace Auto-Detection
[Sysname] cfd linktrace service-instance 1 mep 1101 target-mep 2001 Linktrace to MEP 2001 with the sequence number 1101-43361 : MAC Address 0010-FC00-6512 Table 6-2 cfd linktrace command output description Field Linktrace to MEP mep-id with the sequence number sequence-number MAC Address Forwarded Relay Action cfd linktrace auto-detection...
Page 919: Cfd Loopback
Note that: After LT messages automatic sending is enabled, if a MEP fails to receive the CCMs from the remote MEP, the link between the two is regarded as faulty and LTMs will be sent out. (The destination of the LTMs is the remote MEP, and the maximum value of TTL is 255.) Based on the LTRs that echo back, the fault source can be located.
Page 920: Cfd Ma
Reply from 0010-FC00-6512: sequence number=1101-43404 Reply from 0010-FC00-6512: sequence number=1101-43405 Reply from 0010-FC00-6512: sequence number=1101-43406 Reply from 0010-FC00-6512: sequence number=1101-43407 Reply from 0010-FC00-6512: sequence number=1101-43408 Send:5 Received:5 Table 6-3 cfd loopback command output description Field Loopback to mac-address with the sequence number start from sequence-number Reply from mac-address sequence number...
Page 921: Cfd Md
Related commands: cfd md. Examples # Create an MA named test_ma in an MD named test_md, and configure the MD to serve VLAN 100. <Sysname> system-view [Sysname] cfd md test_md level 3 [Sysname] cfd ma test_ma md test_md vlan 100 cfd md Syntax cfd md md-name level level-value...
Page 922: Cfd Mep Enable
View Ethernet port view Default level 2: System level Parameters mep mep-id: ID of MEP, ranging from 1 to 8191. service-instance instance-id: Specifies the service instance ID, ranging from 1 to 32767. inbound: Creates an inward-facing MEP. outbound: Creates an outward-facing MEP. Description Use the cfd mep command to create a MEP on a port.
Page 923: Cfd Mip-Rule
Use the undo cfd mep enable command to disable the MEP. By default, MEP is disabled on a port and cannot respond to LTM and LBM messages unless you enable it. Related commands: cfd mep. Examples # Enable MEP 3 in service instance 5. <Sysname>...
Page 924: Cfd Remote-Mep
Table 6-4 Rules for generating MIPs MIP exists on low level MA Each of the following actions or cases can cause MIPs to be created or deleted after you have configured this command: Enabling CFD (use the cfd enable command) Creating or deleting the MEPs on a port Changes occur to the VLAN attribute of a port The rule specified in the cfd mip-rule command changes...
Page 925: Cfd Service-Instance
Examples # Configure a remote MEP. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] cfd remote-mep 9 service-instance 5 mep 3 cfd service-instance Syntax cfd service-instance instance-id md md-name ma ma-name undo cfd service-instance instance-id View System view Default level 2: System level Parameters service-instance instance-id: Service instance ID, ranging from 1 to 32767.
Page 926: Display Cfd Linktrace-Reply
display cfd linktrace-reply Syntax display cfd linktrace-reply [ service-instance instance-id [ mep mep-id ] ] View Any view Default level 2: System level Parameters service-instance instance-id: Specifies the service instance ID, ranging from 1 to 32767. mep mep-id: Specifies the ID of a MEP, ranging from 1 to 8191. Description Use the display cfd linktrace-reply command to display the LTR information received by a MEP.
Page 927: Display Cfd Linktrace-Reply Auto-Detection
Field Indicates whether the forwarding device found the destination MAC address in its MAC address table Relay Action display cfd linktrace-reply auto-detection Syntax display cfd linktrace-reply auto-detection [ size size-value ] View Any view Default level 2: System level Parameters size size-value: Specifies the times of recent auto-detections, ranging from 1 to 100.
Page 928: Display Cfd Ma
MAC Address 00E0-FC27-6502 Table 6-6 display cfd linktrace-reply auto-detection command output description Field Service instance MEP ID Time Target MEP ID MAC Address Forwarded Relay Action display cfd ma Syntax display cfd ma [ [ ma-name ] md md-name ] View Any view Default level...
Page 929: Display Cfd Md
If only MD is specified, this command will display the configurations of all MAs in that MD. Examples # Display the MA configuration information. <Sysname> display cfd ma 3 maintenance domain(s) configured. Maintenance domain: mdtest_5 1 maintenance association(s) belong(s) to maintenance domain mdtest_5: Maintenance association: matest_5 Service instance: 5 Maintenance domain: mdtest_6...
Page 930: Display Cfd Mep
Default level 2: System level Parameters None Description Use the display cfd md command to display the MD configuration information. Examples # Display the MD configuration information. <Sysname> display cfd md CFD is enabled. 8 maintenance domain(s) configured: Level: 0 Maintenance domain: mdtest_0 Level: 1 Maintenance domain: mdtest_1...
Page 931 Description Use the display cfd mep command to display the attribute and operating information of MEP(s). Examples # Display the attribute and operating information of MEP 50 in service instance 1. <Sysname> display cfd mep 50 service-instance 1 Interface: GigabitEthernet1/0/2 Maintenance domain: mdtest_1 Maintenance association: matest_1 Level: 1...
Page 932 Field Maintenance domain MD that a MEP belongs to Maintenance association MA that a MEP belongs to Level Level of the MD VLAN VLAN that the MA belongs to Direction Direction of the MEPs Administrative state State of MEP, either Active or Inactive CCM send Whether the MEP sends CCM State of FNG (Fault Notification Generator), which can be:...
Page 933: Display Cfd Mp
Field One or more streams of cross-connect CCMs is received. The last-received CCM: Some other MEPs are transmitting the RDI bit. display cfd mp Syntax display cfd mp [ interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters interface interface-type interface-number: Specifies a port by its type and number.
Page 934: Display Cfd Remote-Mep
MEP ID: 104 Level: 4 Maintenance domain: mdtest4 Maintenance association: mainmd4 MEP ID: 102 Level: 2 Maintenance domain: mdtest2 Maintenance association: mainmd2 Interface GigabitEthernet1/0/4 MEP ID: 9 Level: 6 Maintenance domain: mdtest6 Maintenance association: matest6 Table 6-10 display cfd mp command output description Field Interface GigabitEthernet1/0/1 MEP ID...
Page 935: Display Cfd Service-Instance
Examples # Display the information of remote MEP 10 in service instance 4. <Sysname> display cfd remote-mep service-instance 4 mep 10 MEP ID MAC Address 00E0-FC00-6565 00E0-FC27-6502 00E0-FC00-6510 00E0-FC52-BAA0 0010-FC00-6502 Table 6-11 display cfd remote-mep command output description Field MEP ID MAC Address State Time...
Page 936: Display Cfd Status
Service instance 5: Maintenance domain: mdtest_5 Maintenance association: matest_5 Level: 5 VLAN: 5 Service instance 6: Maintenance domain: mdtest_6 Maintenance association: matest_6 Level: 6 VLAN: 6 <Sysname> display cfd service-instance 7 Service instance 7: Maintenance domain: mdtest_7 Maintenance association: matest_7 Level: 7 VLAN: 7 MEP ID: 731...
Page 937 Parameters None Description Use the display cfd status command to display the status of CFD (enabled or disabled). Examples # Display the status of CFD. <Sysname> display cfd status CFD is enabled. 6-23...
Page 938 Track Configuration Commands Track Configuration Commands display track Syntax display track { track-entry-number | all } View Any view Default Level 1: Monitor level Parameters track-entry-number: Displays information about the specified Track object, in the range 1 to 1024. all: Displays information about all the Track objects. Description Use the display track command to display Track object information.
Page 939: Track Nqa
Field NQA Entry Reaction track nqa Syntax track track-entry-number nqa entry admin-name operation-tag reaction item-num undo track track-entry-number View System view Default Level 2: System level Parameters track-entry-number: Track object ID, in the range 1 to 1024. entry admin-name operation-tag: Specifies the NQA test group to be associated with the Track object. admin-name is the name of the administrator creating the NQA operation, a string of 1 to 32 characters, case-insensitive.
Page 940 1 Commands for Logging into an Ethernet Switch···················································································1-1 Commands for Logging into an Ethernet Switch ····················································································1-1 activation-key···································································································································1-1 authentication-mode ························································································································1-2 auto-execute command ···················································································································1-3 command accounting ······················································································································1-4 command authorization ···················································································································1-5 databits ············································································································································1-5 display telnet client configuration ····································································································1-6 display user-interface ······················································································································1-7 display users····································································································································1-8 display web users ····························································································································1-9...
Page 941 clock timezone·································································································································3-4 command-alias enable ····················································································································3-5 command-alias mapping ·················································································································3-5 command-privilege level··················································································································3-6 copyright-info enable ·······················································································································3-8 display clipboard······························································································································3-9 display clock ····································································································································3-9 display command-alias ··················································································································3-10 display current-configuration ·········································································································3-10 display default-configuration··········································································································3-12 display diagnostic-information ·······································································································3-12 display history-command···············································································································3-13 display hotkey································································································································3-14 display this·····································································································································3-15 display version·······························································································································3-16 header ···········································································································································3-16 hotkey ············································································································································3-18 quit ·················································································································································3-20 return ·············································································································································3-20 screen-length disable ····················································································································3-21...
Page 942 reset unused porttag······················································································································4-25 schedule job ··································································································································4-26 schedule reboot at ·························································································································4-27 schedule reboot delay ···················································································································4-29 shutdown-interval ··························································································································4-30 startup bootrom-access enable ·····································································································4-31 system-failure ································································································································4-32 5 File System Management Commands ·····································································································5-1 File System Configuration Commands ···································································································5-1 cd ·····················································································································································5-1 copy ·················································································································································5-2 delete ···············································································································································5-3 dir·····················································································································································5-4 execute ············································································································································5-5 file prompt········································································································································5-6 fixdisk···············································································································································5-7...
Page 943 ftp timeout········································································································································6-4 ftp update·········································································································································6-5 FTP Client Configuration Commands ·····································································································6-6 ascii··················································································································································6-6 binary···············································································································································6-7 bye ···················································································································································6-7 cd ·····················································································································································6-8 cdup ·················································································································································6-8 close ················································································································································6-9 debugging······································································································································6-10 delete ·············································································································································6-11 dir···················································································································································6-11 disconnect ·····································································································································6-13 display ftp client configuration ·······································································································6-13 ftp···················································································································································6-14 ftp client source ·····························································································································6-15 ftp ipv6 ···········································································································································6-16 get··················································································································································6-17 lcd ··················································································································································6-18 ls ····················································································································································6-18 mkdir ··············································································································································6-20 open···············································································································································6-20...
Page 944 ip https acl ·······································································································································9-2 ip https certificate access-control-policy··························································································9-2 ip https enable ·································································································································9-3 ip https port······································································································································9-4 ip https ssl-server-policy ··················································································································9-4 10 SNMP Configuration Commands ·········································································································10-1 SNMP Configuration Commands··········································································································10-1 display snmp-agent community·····································································································10-1 display snmp-agent group ·············································································································10-2 display snmp-agent local-engineid ································································································10-3 display snmp-agent mib-view ········································································································10-4 display snmp-agent statistics ········································································································10-5 display snmp-agent sys-info··········································································································10-7 display snmp-agent trap queue ·····································································································10-8...
Page 945 rmon event···································································································································12-12 rmon history·································································································································12-13 rmon prialarm ······························································································································12-14 rmon statistics······························································································································12-17 13 MAC Address Table Management Configuration Commands ··························································13-1 MAC Address Table Management Configuration Commands······························································13-1 display mac-address······················································································································13-1 display mac-address aging-time····································································································13-2 mac-address (Interface view) ········································································································13-3 mac-address (system view)···········································································································13-4 mac-address mac-learning disable ·······························································································13-5 mac-address max-mac-count (Interface view) ··············································································13-6 mac-address timer·························································································································13-7 14 MAC Information Configuration Commands ······················································································14-1 MAC Information Configuration Commands ·························································································14-1...
Page 946 info-center timestamp ··················································································································16-19 info-center timestamp loghost ·····································································································16-20 info-center trapbuffer ···················································································································16-21 reset logbuffer······························································································································16-21 reset trapbuffer ····························································································································16-22 terminal debugging ······················································································································16-22 terminal logging ···························································································································16-23 terminal monitor···························································································································16-24 terminal trapping··························································································································16-25 17 Hotfix Configuration Commands ·········································································································17-1 Hotfix Configuration Commands ···········································································································17-1 display patch information···············································································································17-1 patch active ···································································································································17-2 patch deactive ·······························································································································17-2 patch delete ···································································································································17-3 patch install····································································································································17-4...
Page 947 probe packet-timeout···················································································································18-26 probe timeout·······························································································································18-27 reaction········································································································································18-28 reaction trap·································································································································18-29 route-option bypass-route ···········································································································18-30 source interface ···························································································································18-30 source ip ······································································································································18-31 source port···································································································································18-32 statistics hold-time ·······················································································································18-32 statistics max-group·····················································································································18-33 statistics interval ··························································································································18-34 tos ················································································································································18-35 ttl ··················································································································································18-35 type ··············································································································································18-36 url·················································································································································18-37 username (FTP test type view) ···································································································18-37 vpn-instance (ICMP echo test type view) ····················································································18-38 NQA Server Configuration Commands·······························································································18-38 display nqa server status·············································································································18-39 nqa server enable························································································································18-39...
Page 948 Cluster Configuration Commands·······································································································20-14 add-member ································································································································20-14 administrator-address··················································································································20-15 auto-build·····································································································································20-16 black-list add-mac························································································································20-17 black-list delete-mac····················································································································20-18 build ·············································································································································20-18 cluster ··········································································································································20-20 cluster enable ······························································································································20-20 cluster switch-to···························································································································20-21 cluster-local-user ·························································································································20-22 cluster-mac ··································································································································20-22 cluster-mac syn-interval···············································································································20-23 cluster-snmp-agent community ···································································································20-24 cluster-snmp-agent group v3·······································································································20-25 cluster-snmp-agent mib-view included ························································································20-26 cluster-snmp-agent usm-user v3·································································································20-26 delete-member ····························································································································20-28 display cluster······························································································································20-28...
Page 949 ···································································································································21-7 irf mac-address persistent ·············································································································21-8 irf member priority··························································································································21-8 irf member renumber ···················································································································21-10 irf member irf-port ························································································································21-11 irf switch-to ··································································································································21-12 22 IPC Configuration Commands ·············································································································22-1 IPC Configuration Commands ··············································································································22-1 display ipc channel ························································································································22-1 display ipc link ·······························································································································22-2 display ipc multicast-group ············································································································22-3 display ipc node·····························································································································22-4...
Page 950: Commands For Logging Into An Ethernet Switch
Commands for Logging into an Ethernet Switch Commands for Logging into an Ethernet Switch activation-key Syntax activation-key character undo activation-key View AUX interface view Default Level 3: Manage level Parameters character: Shortcut key for starting terminal sessions, a character or its ASCII decimal equivalent in the range 0 to 127;...
Page 951: Authentication-Mode
After you specify to perform local password authentication, when a user logs in through the Console port, a user can log into the switch even if the password is not configured on the switch. But for a VTY user interface, a password is needed for a user to log into the switch through it under the same...
Page 952: Auto-Execute Command
By default, users logging in through the Console port are not authenticated. For VTY user interface, if you want to set the login authentication mode to none or password, you must first verify that the SSH protocol is not supported by the user interface. Otherwise, your configuration will fail.
Page 953: Command Accounting
Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration. Examples # Configure the telnet 10.110.100.1 command to be executed automatically after users log into VTY 0.
Page 954: Command Authorization
Examples # Enable command accounting for VTY 0. Then the HWTACACS server records the commands executed by the users logging in from VTY 0. <Sysname> system-view [Sysname] user-interface vty 0 [Sysname-ui-vty0] command accounting command authorization Syntax command authorization undo command authorization View User interface view Default Level...
Page 955: Display Telnet Client Configuration
Use the undo databits command to revert to the default data bits. The default data bits is 8. 3COM switch 4510G only support data bits 7 and 8. To establish the connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly.
Page 956: Display User-Interface
Description Use the display telnet client configuration command to display the source IP address or source interface configured for the current device. Example # Display the source IP address or source interface configured for the current device. <Sysname> display telnet client configuration The source IP address is 1.1.1.1.
Page 957: Display Users
Privi: The privilege of user-interface. Auth : The authentication mode of user-interface. Int : The physical location of UIs. : Authenticate use AAA. : Authentication use local database. : Current UI need not authentication. : Authenticate use current UI's password. Table 1-1 Descriptions on the fields of the display user-interface command Filed Type...
Page 958: Display Web Users
VTY 0 00:11:45 TEL 3 VTY 1 00:16:35 TEL 3 VTY 2 00:16:54 TEL 3 VTY 3 00:00:00 TEL 3 Following are more details. VTY 0 Location: 192.168.0.123 VTY 1 Location: 192.168.0.43 VTY 2 Location: 192.168.0.2 VTY 3 User name: user Location: 192.168.0.33 : Current operation user.
Page 959: Escape-Key
Login language used by the web user Level of the web user State of the web user Number of tasks that the web user runs Time when the web user logged in Last time when the web user accessed the switch 1-10 08:41:50 08:45:59...
Page 960: Flow-Control
By default, you can use <Ctrl + C> to terminate a task. You can use the display current-configuration command to verify the shortcut key you have defined. Examples # Define <Q> as the escape key. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] escape-key Q To verify the configuration, do the following:...
Page 961: Free User-Interface
Switch 4510G only support none keyword. Examples # Configure software flow control on AUX port. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] flow-control none free user-interface Syntax free user-interface [ type ] number...
Page 962: History-Command Max-Size
history-command max-size Syntax history-command max-size value undo history-command max-size View User interface view Default Level 2: System level Parameters value: Size of the history command buffer. This argument ranges from 0 to 256 and defaults to 10. That is, the history command buffer can store 10 commands by default. Description Use the history-command max-size command to set the size of the history command buffer.
Page 963: Lock
Description Use the idle-timeout command to set the timeout time. The connection to a user interface is terminated if no operation is performed in the user interface within the specified period. Use the undo idle-timeout command to revert to the default timeout time. You can use the idle-timeout 0 command to disable the timeout function.
Page 964: Parity
Use the undo parity command to revert to the default check mode. No check is performed by default. 3COM switch 4510G support the even, none, and odd check modes only. connection again, you need to modify the configuration of the termination emulation utility running on your PC accordingly.
Page 965: Protocol Inbound
protocol inbound Syntax protocol inbound { all | ssh | telnet } View VTY interface view Default Level 3: Manage level Parameters all: Supports both Telnet protocol and SSH protocol. ssh: Supports SSH protocol. telnet: Supports Telnet protocol. Description Use the protocol inbound command to configure the user interface to support specified protocols. Both Telnet and SSH protocols are supported by default.
Page 966: Send
Default Level 2: System level Parameters screen-length: Number of lines the screen can contain. This argument ranges from 0 to 512 and defaults to 24. Description Use the screen-length command to set the number of lines the terminal screen can contain. Use the undo screen-length command to revert to the default number of lines.
Page 967: Set Authentication Password
<Sysname> send all Enter message, end with CTRL+Z or Enter; abort with CTRL+C: hello^Z Send message? [Y/N]y <Sysname> ***Message from vty0 to vty0 hello <Sysname> set authentication password Syntax set authentication password { cipher | simple } password undo set authentication password View User interface view Default Level...
Page 968: Shell
Note the following when using the undo shell command: This command is available in all user interfaces except the AUX user interface, because the AUX port (also the Console) is exclusively used for configuring the switch. This command is unavailable in the current user interface.
Page 969: Speed
After you use the speed command to configure the transmission speed of the AUX user interface, you must change the corresponding configuration of the terminal emulation program running on the PC, to keep the configuration consistent with that on the switch. Examples # Set the transmission speed of the AUX user interface to 9600 bps.
Page 970: Sysname
The switch 4510G do not support communication with a terminal emulation program with stopbits set to 1.5. Changing the stop bits value of the switch to a value different from that of the terminal emulation utility does not affect the communication between them.
Page 971: Telnet
Use the undo sysname command to revert to the default system name. The CLI prompt reflects the system name of a switch. For example, if the system name of a switch is “4510G”, then the prompt of user view is <4510G >.
Page 972: Telnet Ipv6
Connected to 129.102.0.1 ... ****************************************************************************** * Copyright (c) 2004-2009 3Com Corp. and its licensors. All rights reserved. * * This software is protected by copyright law and international treaties. * Without the prior written permission of 3Com Corporation and its licensors,* * any reproduction republication, redistribution, decompiling, reverse * engineering is strictly prohibited.
Page 973: Telnet Client Source
* engineering is strictly prohibited. Any unauthorized use of this software * * or any portion of it may result in severe civil and criminal penalties, and* * will be prosecuted to the maximum extent possible under the applicable law.* ****************************************************************************** <Sysname>...
Page 974: Terminal Type
None Description Use the telnet server enable command to make the switch to operate as a Telnet Server. Use the undo telnet server enable command disable the switch from operating as a Telnet server. By default, a switch does not operate as a Telnet server.
Page 975: User-Interface
<Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface vty 0 [Sysname-ui-vty0] terminal type vt100 user-interface Syntax user-interface [ type ] first-number [ last-number ] View System view Default Level 2: System level Parameters type: User interface type. first-number: User interface index, which identifies the first user interface to be configured.
Page 976 Description Use the user privilege level command to configure the command level available to the users logging into the user interface. Use the undo user privilege level command to revert to the default command level. By default, the commands of level 3 are available to the users logging into the AUX user interface. The commands of level 0 are available to the users logging into VTY user interfaces.
Page 977: Commands For Controlling Login Users
Note that if you use Layer 2 ACL rules, you can only choose the inbound keyword in the command here. Examples # Apply ACL 2000 to filter users Telnetting to the current switch (assuming that ACL 2,000 already exists.) <Sysname> system-view System View: return to User View with Ctrl+Z.
Page 978: Free Web-Users
free web-users Syntax free web-users { all | user-id userid | user-name username } View User view Parameter userid: Web user ID. username: User name of the Web user. This argument can contain 1 to 80 characters. all: Specifies all Web users. Description Use the free web-users command to disconnect a specified Web user or all Web users by force.
Page 979: Basic System Configuration Commands
Basic System Configuration Commands Basic System Configuration Commands clock datetime Syntax clock datetime time date View User view Default Level 3: Manage level Parameters time: Current time in the format of HH:MM:SS, where HH is hours in the range 0 to 23, MM is minutes in the range 0 to 59, and SS is seconds in the range 0 to 59.
Page 980 undo clock summer-time View System view Default Level 3: Manage level Parameters zone-name: Name of the daylight saving time, a string of 1 to 32 characters. It is case sensitive. start-time: Start time, in the format of HH:MM:SS (hours/minutes/seconds). The zeros in the argument can be omitted except for indicating 0 hours.
Page 981: Clock Summer-Time Repeating
clock summer-time repeating Syntax clock summer-time zone-name repeating start-time start-date end-time end-date add-time undo clock summer-time View System view Default Level 3: Manage level Parameters zone-name: Name of the daylight saving time, a string of 1 to 32 characters. start-time: Start time, in the format of HH:MM:SS (hours/minutes/seconds). The zeros in the argument can be omitted except for indicating 0 hours.
Page 982: Clock Timezone
After the configuration takes effect, use the display clock command to view the result. The information such as log file and debug adopts the local time modified by time-zone and daylight saving time. Note that: The time range from “start-time” in “start-date” to “end-time” in “end-date” must be longer than one day and shorter than one year.
Page 983: Command-Alias Enable
Examples # Set the name of the local time zone to Z5, five hours ahead of UTC time. <Sysname> system-view [Sysname] clock timezone z5 add 5 command-alias enable Syntax command-alias enable undo command-alias enable View System view Default Level 2: System level Parameters None Description...
Page 984: Command-Privilege Level
Parameters cmdkey: The complete form of the first keyword of a command for which an alias will be configured. alias: Specifies the command alias, which cannot be the same with the first keyword of an existing command. Description Use the command-alias mapping command to configure command aliases. Use the undo command-alias mapping command to delete command aliases.
Page 985 By default, each command in a view has its specified level. For the details, refer to the related part of Basic System Configuration in this manual. Command level falls into four levels: visit, monitor, system, and manage, which are identified by 0 through 3. The administrator can assign a privilege level for a user according to his need.
Page 986: Copyright-Info Enable
copyright-info enable Syntax copyright-info enable undo copyright-info enable View System view Default Level 3: Manage level Parameters None Description Use the copyright-info enable command to enable the display of copyright information. Use the undo copyright-info enable command to disable the display of copyright information. By default, the display of copyright information is enabled.
Page 987: Display Clipboard
User interface aux0 is available. Please press ENTER. display clipboard Syntax display clipboard View Any view Default Level 1: Monitor level Parameters None Description Use the display clipboard command to view the contents of the clipboard. To copy the specified content to the clipboard: Move the cursor to the starting position of the content and press the <Esc+Shift+,>...
Page 988: Display Command-Alias
Parameters None Description Use the display clock command to view the current system time and date. The current system time and date are decided by the clock datetime, clock summer-time one-off (or clock summer-time repeating), clock timezone. Refer to Configuring the system clock in the operation manual for the detailed rules.
Page 989 View Any view Default Level 2: System level Parameters configuration [ configuration ]: Specifies to display non-interface configuration. If no parameter is used, all the non-interface configuration is displayed; if parameters are used, display the specified information. For example: isp: Displays the ISP configuration. ospf: Displays the ospf configuration.
Page 990: Display Default-Configuration
user privilege level 3 return display default-configuration Syntax display default-configuration View Any view Default Level 2: System level Parameters None Description Use the display default-configuration command to display the factory defaults of a device. The command displays all commands to be executed when the device boots with the factory defaults. Related commands: display current-configuration, display saved-configuration.
Page 991: Display History-Command
each module’s running status in the system. The display diagnostic-information command collects prompt information of the commands display clock, display version, display device, and display current-configuration. Examples # Save the statistics of each module's running status in the system. <Sysname> display diagnostic-information Save or display diagnostic information (Y=save, N=display)?[Y/N]y Please input the file name(*.diag)[flash:/default.diag]:aa.diag Diagnostic information is outputting to flash:/aa.diag.
Page 992: Display Hotkey
quit display hotkey Syntax display hotkey View Any view Default Level 1: Monitor level Parameters None Description Use the display hotkey command to display hotkey information. Examples # Display hotkey information. <Sysname> display hotkey ----------------- HOTKEY ----------------- =Defined hotkeys= Hotkeys Command CTRL_G display current-configuration CTRL_L display ip routing-table CTRL_O undo debug all...
Page 993: Display This
CTRL_V Paste text from the clipboard. CTRL_W Delete the word left of the cursor. CTRL_X Delete all characters up to the cursor. CTRL_Y Delete all characters after the cursor. CTRL_Z Return to the User View. CTRL_] Kill incoming connection or redirect connection. ESC_B Move the cursor one word back.
Page 994: Display Version
user-interface aux 0 user-interface vty 0 history-command max-size 256 user-interface vty 1 4 return display version Syntax display version View Any view Default Level 1: Monitor level Parameters None Description Use the display version command to view system version information. By viewing system version information, you can learn about the current software version, rack type and the information related to the interface boards.
Page 995 login: Sets the login banner at authentication. motd: Banner displayed before login. If authentication is required, the banner is displayed before authentication. shell: Sets the banner displayed when a non Modem login user enters user view. text: Banner message, which can be input in two formats. Refer to Basic System Configuration for the detailed information.
Page 996 * will be prosecuted to the maximum extent possible under the applicable law.* ****************************************************************************** Welcome to legal(header legal) Press Y or ENTER to continue, N to exit. Welcome to motd(header motd) Welcome to login(header login) Login authentication Password: Welcome to shell(header shell) <Sysname>...
Page 997 Ctrl+L corresponds to display ip routing-table Ctrl+O corresponds to undo debugging all You can customize this scheme as needed however. Examples # Assign the hot key Ctrl+T to the display tcp status command. <Sysname> system-view [Sysname] hotkey ctrl_t display tcp status # Display the configuration of hotkeys.
Page 998 Use the quit command to exit to a lower-level view. If the current view is user view, the quit command terminates the current connection and quit the system. Examples # Switch from GigabitEthernet1/0/1 interface view to system view, and then to user view. [Sysname-GigabitEthernet1/0/1] quit [Sysname] quit <Sysname>...
Page 999: Screen-Length Disable
Examples # Return to user view from GigabitEthernet1/0/1 view. [Sysname-GigabitEthernet1/0/1] return <Sysname> screen-length disable Syntax screen-length disable undo screen-length disable View User view Default Level 1: Monitor level Parameters None Description Use the screen-length disable command to disable the multiple-screen output function of the current user.
Page 1000: Super Password
Users can switch to a lower user privilege level unconditionally. However, no password is needed only for AUX login user level switching; to switch to a higher user privilege level, and log in from VTY user interfaces, users need to enter the password needed for the security’s sake. If the entered password is incorrect or no password is configured, the switching fails.

HP E4510-48G Command Reference Manual

Table of Contents

Table of Contents

1 IP Addressing Configuration Commands

2 ARP Configuration Commands

3 Proxy ARP Configuration Commands

4 ARP Attack Defense Configuration Commands

5 DHCP Relay Agent Configuration Commands

6 DHCP Client Configuration Commands

7 DHCP Snooping Configuration Commands

8 BOOTP Client Configuration Commands

9 DNS Configuration Commands

10 IP Performance Optimization Configuration Commands

11 UDP Helper Configuration Commands

12 Ipv6 Basics Configuration Commands

13 Sflow Configuration Commands

Quick Links

Command Reference Guide

Chapters

Related Manuals for HP E4510-48G

Summary of Contents for HP E4510-48G