H3C IE4300 Command Reference Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. SOHO IE4300
  6. Command reference manual

H3C IE4300 Command Reference Manual

Industrial switch series
Hide thumbs Also See for IE4300:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

Download this manual
H3C IE4300 & IE4300-M & IE4320
Industrial Switch Series
Fundamentals Command Reference
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 63xx
Document version: 6W101-20230116

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IE4300 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C IE4300

Summary of Contents for H3C IE4300

  • Page 1 H3C IE4300 & IE4300-M & IE4320 Industrial Switch Series Fundamentals Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 63xx Document version: 6W101-20230116...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3 Preface This command reference describes commands that help you get started with the device. It includes the commands for the following features and tasks: • CLI. • RBAC, device login, and device access control. • Management of the device, file systems, and configuration files. •...
  • Page 4 Convention Description A line that starts with a pound (#) sign is comments. GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window opens; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > >...
  • Page 5 It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device. Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents Basic CLI commands ····················································································· 1 alias ···························································································································································· 1 display [ | [ by-linenum ] { begin | exclude | include } ]················································································ 2 display > ····················································································································································· 4 display >> ··················································································································································· 5 display alias ················································································································································ 6 display history-command ··························································································································· 6 display history-command all ·······················································································································...

  • Page 7: Basic Cli Commands

    Basic CLI commands alias to configure a command alias. alias to delete a command alias. undo alias Syntax alias alias command undo alias alias Default The device has a set of system-defined command aliases, as listed in Table Table 1 System-defined command aliases Command alias Command or command keyword access-list...

  • Page 8: Display [ | [ By-Linenum ] { Begin | Exclude | Include } ]

    For example, if you configure the alias , you can enter shiprt display ip routing-table to execute the command. If you configure the alias shiprt display ip routing-table ship , you can use to execute all commands that start with display ip ship display ip...
  • Page 9 Syntax display command [ | [ by-linenum ] { begin | exclude | include } regular-expression ]&<1-128> Views Any view Predefined user roles network-admin network-operator Parameters command : Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ? [ | [ by-linenum ] { begin | exclude | include } regular-expression ]&<1-128>...

  • Page 10: Display

    %Sep 6 16:44:18:113 2018 Sysname SHELL/5/SHELL_LOGOUT: VTY logged out from 169.254.100.171. # Display the running configuration, starting from the first line that contains user-group and numbering the output lines. <Sysname> display current-configuration | by-linenum begin user-group 114: user-group system 115- 116- return display >...
  • Page 11 display >> to append the output from a command to the end of a file. display >> display Syntax display command >> filename Views Any view Predefined user roles network-admin network-operator Parameters command : Specifies the keywords and arguments of a display command.

  • Page 12: Display Alias

    GigabitEthernet1/0/2 display alias to display command aliases. display alias Syntax display alias [ alias ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a command alias. If you do not specify this argument, the command displays all alias command aliases.

  • Page 13: Display History-Command All

    Views Any view Predefined user roles network-admin network-operator Usage guidelines The system automatically saves commands you have successfully executed to the command history buffer for the current CLI session. You can view them and execute them again. By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size.

  • Page 14: Display Hotkey

    03/16/2017 20:03:33 vty0 192.168.1.26 Cmd:dis his all 03/16/2017 20:03:29 vty0 192.168.1.26 Cmd:sys Table 2 Command output Field Description Date Date when the command was executed. Time Time when the command was executed. Terminal User line used by the user. IP address of the terminal used by the user. Username used by the user if the user login authentication mode is User scheme.

  • Page 15: Hotkey

    CTRL_W Delete the word to the left of the cursor. CTRL_X Delete all characters from the beginning of the line to the cursor. CTRL_Y Delete all characters from the cursor to the end of the line. CTRL_Z Return to the User View. CTRL_] Kill incoming connection or redirect connection.
  • Page 16 display_the_next_command_in_the_history_buffer: Displays the next Ctrl+N command in the history buffer. Ctrl+O undo debugging all : Displays all debugging functions. display_the_previous_command_in_the_history_buffer: Displays the Ctrl+P previous command in the history buffer. Ctrl+R redisplay_the_current_line: Redisplays the current line. Ctrl+T Ctrl+U delete_the_word_to_the_left_of_the_cursor: Deletes the word to the left of Ctrl+W the cursor.

  • Page 17: Quit

    Examples # Assign the command to hotkey Ctrl+T. display tcp statistics <Sysname> system-view [Sysname] hotkey ctrl_t display tcp statistics # Assign move_the_cursor_to_the_beginning_of_the_line function to hotkey Ctrl+U. <Sysname> system-view [Sysname] hotkey ctrl_u function move_the_cursor_to_the_beginning_of_the_line # Disable the configurable command or function assigned to hotkey Ctrl+A. <Sysname>...
  • Page 18 Parameters : Specifies the number of the most recently executed commands in the command history number buffer for the current CLI session that you want to execute. The value range is 1 to 10. The default is : Specifies the number of times that you want to execute the commands. The value count times range is 0 to 4294967295.

  • Page 19: Return

    return to return to user view from any other view (except the Tcl configuration view and return Python shell). Syntax return Views Any view except user view, Tcl configuration view, and Python shell Predefined user roles network-admin network-operator Usage guidelines Pressing Ctrl+Z has the same effect as the command, which can place you in to user view return...

  • Page 20: System-View

    Usage guidelines If you disable pausing between screens of output, all output is displayed. The screen is refreshed continuously until the final screen is displayed. This command takes effect only for the current CLI session. When you are logged out, the default is restored.
  • Page 21 Contents RBAC commands ·························································································· 1 description ·················································································································································· 1 display role ················································································································································· 1 display role feature ····································································································································· 8 display role feature-group ························································································································ 10 feature ······················································································································································ 13 interface policy deny ································································································································ 14 permit interface ········································································································································ 15 permit vlan ················································································································································ 16 permit vpn-instance ·································································································································· 18 role ···························································································································································...

  • Page 22: Rbac Commands

    RBAC commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. description to configure a description for a user role for easy identification.
  • Page 23 Parameters : Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you name role-name do not specify a user role name, the command displays information about all user roles, including the predefined user roles. Examples # Display information about user role 123.
  • Page 24 VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- sys-1 permit command display * sys-2 permit command sys-3 permit command system-view ; probe ; display * sys-4 deny command display history-command all sys-5 deny...
  • Page 25 Description: Predefined level-1 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- sys-1 permit command tracert * sys-2 permit command telnet * sys-3 permit command ping * sys-4 permit command ssh2 *...
  • Page 26 Description: Predefined level-7 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) Role: level-8 Description: Predefined level-8 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) Role: level-9 Description: Predefined level-9 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default)
  • Page 27 VPN instance policy: permit (default) Role: level-14 Description: Predefined level-14 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) Role: level-15 Description: Predefined level-15 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule Perm...
  • Page 28 sys-13 permit command sys-14 permit command rename * sys-15 permit command undelete * sys-16 permit command ftp * sys-17 permit command sftp * R:Read W:Write X:Execute Role: guest-manager Description: Predefined guest manager role can't access to commands VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) -------------------------------------------------------------------...

  • Page 29: Display Role Feature

    Field Description Permitted interfaces Interfaces accessible to the user role. VPN instance policy of the user role: • deny—Denies access to any VPN instances except for VPN instance policy permitted VPN instances. • permit (default)—Default VPN instance policy, which enables the user role to access all VPN instances.
  • Page 30 Parameters : Specifies a feature by feature name. The argument name feature-name feature-name represents the feature name, and all letters must be in lower case. : Displays the commands of each feature. verbose Usage guidelines If you do not specify any parameters, the command displays only the list of features available in the system.

  • Page 31: Display Role Feature-Group

    reset password-control * system-view ; password-control * Table 2 Command output (display role feature name aaa) Field Description Feature Displays the name and brief function description of the feature. domain All commands that start with the keyword in system view, system-view ;...
  • Page 32 Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a feature group. The name feature-group-name feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If you do not specify a feature group, the command displays information about all feature groups. : Displays the commands of each feature in feature groups.
  • Page 33 # Display the commands in each feature group. For more information about the wildcards and marks used in the command list, see Table <Sysname> display role feature-group verbose Feature group: L2 Feature: igmp-snooping (IGMP-Snooping related commands) system-view ; igmp-snooping * system-view ;...

  • Page 34: Feature

    <Sysname> display role feature-group name L3 Feature group: L3 Feature: route (Route management related commands) Feature: staticrt (Unicast static route related commands) Feature: ospf (Open Shortest Path First protocol related commands) Feature: rip (Routing Information Protocol related commands) Feature: lisp (LISP protocol related commands) Feature: route-policy (Routing Policy related commands)

  • Page 35: Interface Policy Deny

    interface policy deny to enter user role interface policy view. interface policy deny to restore the default. undo interface policy deny Syntax interface policy deny undo interface policy deny Default A user role has access to all interfaces. Views User role view Predefined user roles network-admin Usage guidelines...

  • Page 36: Permit Interface

    Related commands display role permit interface role permit interface to configure a list of interfaces accessible to a user role. permit interface undo permit interface to disable the access of a user role to specific interfaces. Syntax permit interface interface-list undo permit interface [ interface-list ] Default No permitted interfaces are configured in user role interface policy view.

  • Page 37: Permit Vlan

    # Permit user role role1 to execute all commands available in interface view and VLAN view. <Sysname> system-view [Sysname] role name role1 [Sysname-role-role1] rule 1 permit command system-view ; interface * [Sysname-role-role1] rule 2 permit command system-view ; vlan * # Permit the user role to access GigabitEthernet 1/0/1, and GigabitEthernet 1/0/3 to GigabitEthernet 1/0/5.
  • Page 38 Parameters : Specifies a space-separated list of up to 10 VLAN items. Each VLAN item vlan-id-list specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to . The value range for the VLAN IDs is 1 to 4094. If you specify a VLAN range, the value vlan-id2 for the argument must be greater than the value for the...

  • Page 39: Permit Vpn-Instance

    Related commands display role role vlan policy deny permit vpn-instance to configure a list of MPLS L3VPN instances accessible to a user permit vpn-instance role. to disable the access of a user role to specific MPLS L3VPN undo permit vpn-instance instances.

  • Page 40: Role

    [Sysname-role-role1] rule 1 permit command system-view ; * # Permit the user role to access VPN instance vpn1. [Sysname-role-role1] vpn policy deny [Sysname-role-role1-vpnpolicy] permit vpn-instance vpn1 [Sysname-role-role1-vpnpolicy] quit [Sysname-role-role1] quit Verify that you cannot use user role role1 to work on any VPN instances except for vpn1: # Verify that you can enter the view of vpn1.

  • Page 41: Role Default-Role Enable

    You cannot delete the predefined user roles or change the permissions assigned to network-admin, network-operator, level-15, or security-audit. You cannot assign the security-audit user role to non-AAA authentication users. The access permissions of the level-0 to level-14 user roles can be modified through user role rules and resource access policies.

  • Page 42: Role Feature-Group

    If you do not specify the argument, the default user role is network-operator. role-name Examples # Enable the default user role feature. <Sysname> system-view [Sysname] role default-role enable Related commands role role feature-group to create a user role feature group and enter its view, or enter the view role feature-group of an existing user role feature group.

  • Page 43: Rule

    rule to create or change a user role rule. rule to delete user role rules. undo rule Syntax rule number { deny | permit } { command command-string | { execute | read | write } * { feature [ feature-name ] | feature-group feature-group-name | oid oid-string | web-menu [ web-string ] | xml-element [ xml-string ] } } undo rule { number | all } Default...
  • Page 44 : Specifies a Web menu. The argument represents the web-menu [ web-string ] web-string ID path of the Web menu, a case-insensitive string of 1 to 255 characters. Use the forward slash (/) to separate ID items, for example, M_DEVICE/I_BASIC_INFO/I_reboot. If you do not specify a Web menu, the rule applies to all Web items.
  • Page 45 • If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For example, a user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands: rule 1 permit read write oid 1.3.6 ...
  • Page 46 Rule Guidelines To control access to a command, you must specify the command immediately behind the view to which the command is assigned. The rules that control command access for any subview do not apply to the command. To control the access to a rule 1 deny command system ;...

  • Page 47: Super

    super to obtain another user role without reconnecting to the device. super Syntax super [ role-name ] Views User view Predefined user roles network-admin Parameters : Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must role-name exist in the system and cannot be security-audit.

  • Page 48: Super Default Role

    Syntax super authentication-mode { local | scheme } * undo super authentication-mode Default Local password authentication applies. Views System view Predefined user roles network-admin Parameters : Enables local password authentication. local : Enables remote AAA authentication. scheme Usage guidelines For local password authentication, use the command to set a password.

  • Page 49: Super Password

    Syntax super default role role-name undo super default role Default The default target user role is network-admin. Views System view Predefined user roles network-admin Parameters : Specifies the name of the default target user role, a case-sensitive string of 1 to 63 role-name characters.

  • Page 50: Super Use-Login-Username

    Parameters : Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role role role-name must exist in the system and cannot be security-audit. If you do not specify a user role, the command sets a password for the default target user role which is set by using the super default role command.

  • Page 51: Vlan Policy Deny

    Syntax super use-login-username undo super use-login-username Default The device prompts for a username when a login user requests temporary user role authorization from a remote authentication server. Views System view Predefined user roles network-admin Usage guidelines This command is applicable only to the login from a user line that uses scheme authentication, which requires a username for login.

  • Page 52: Vpn-Instance Policy Deny

    Usage guidelines CAUTION: vlan policy deny command denies the access of the user role to any VLANs if you do not specify accessible VLANs by using the command. To configure a VLAN, make sure permit vlan the VLAN is permitted by the user role VLAN policy in use. To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks: to enter user role VLAN policy view.
  • Page 53 Predefined user roles network-admin Usage guidelines CAUTION: command denies the access of the user role to any VPN vpn-instance policy deny instances if you do not specify accessible VPN instances by using the permit vpn-instance command. To configure a VPN instance, make sure the VPN instance is permitted by the user role VPN instance policy in use.
  • Page 54 Contents Login management commands ······································································ 1 activation-key ············································································································································· 1 authentication-mode ··································································································································· 3 auto-execute command ······························································································································ 5 command accounting ································································································································· 6 command authorization ······························································································································ 7 databits ······················································································································································· 8 display ip http ············································································································································· 8 display ip https ··········································································································································· 9 display line ··············································································································································· 10 display telnet client ···································································································································...
  • Page 55 user-interface ··········································································································································· 51 user-interface class ·································································································································· 52 user-role ··················································································································································· 54 web captcha ············································································································································· 55 web https-authorization mode ·················································································································· 55 web idle-timeout ······································································································································· 56 webui log enable ······································································································································ 57...

  • Page 56: Login Management Commands

    Login management commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Some login management commands are available in both user line view and user line class view.
  • Page 57 You can use only the specified terminal session activation key to start a terminal session. To display the current terminal session activation key, use the display current-configuration | command. include activation-key Table 1 ASCII code values for combined keys that use the Ctrl key Combined key ASCII code value Ctrl+A...

  • Page 58: Authentication-Mode

    Examples # Configure character s as the terminal session activation key for AUX line 0. <Sysname> system-view [Sysname] line aux 0 [Sysname-line-aux0] activation-key s To verify the configuration: Exit the AUX session. [Sysname-line-aux0] return <Sysname> quit Log in again through the AUX line. The following message appears: Press ENTER to get started.
  • Page 59 : Performs local password authentication. password : Performs AAA authentication. For more information about AAA, see Security Configuration scheme Guide Usage guidelines CAUTION: • When authentication is disabled, users can login without authentication. For security purpose, disable authentication with caution. •...

  • Page 60: Auto-Execute Command

    Related commands set authentication password auto-execute command to specify the command to be automatically executed for a login auto-execute command user. to restore the default. undo auto-execute command Syntax auto-execute command command undo auto-execute command Default No command is specified to be automatically executed for a login user. Views User line view User line class view...

  • Page 61: Command Accounting

    The device automatically Telnets to 192.168.1.41. The following output is displayed on the configuration terminal: C:\> telnet 192.168.1.40 ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <Sysname>...

  • Page 62: Command Authorization

    A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions. After you execute the command in user line class view, you cannot command accounting execute the command in any user line views in the class. undo command accounting Examples # Enable command accounting for VTY line 0.

  • Page 63: Databits

    command accounting databits to specify the number of data bits for a character. databits to restore the default. undo databits Syntax databits { 5 | 6 | 7 | 8 } undo databits Default Eight data bits are used for a character. Views User line view Predefined user roles...

  • Page 64: Display Ip Https

    Examples # Display HTTP service configuration and status information. <Sysname> display ip http HTTP port: 80 Basic ACL: 2222 Operation status: Enabled Table 2 Command output Field Description HTTP port HTTP service port number. Basic ACL ACL used to control HTTP access. If no ACL is used, this field displays 0. Operation status Whether the HTTP service is enabled.

  • Page 65: Display Line

    Field Description Certificate-based access control policy used to control client access Certificate access-control-policy rights. If no certificate-based access control policy is used, this field displays Not configured. ACL used to control HTTPS access. If no ACL is used, this field Basic ACL displays 0.

  • Page 66: Display Telnet Client

    : Absolute index of line. Type : Type and relative index of line. Auth : Login authentication mode. : Physical port of the line. : Authentication use AAA. : No authentication is required. : Password authentication. Table 4 Command output Field Description Whether the modem allows calling in or out.

  • Page 67: Display User-Interface

    Views Any view Predefined user roles network-admin network-operator Usage guidelines This command displays the source IPv4 address or source interface specified for the Telnet client to use in outgoing Telnet packets, depending on the command. telnet client source Examples # Display the packet source setting for the Telnet client. <Sysname>...
  • Page 68 Type Tx/Rx Modem Auth Location AUX 0 9600 : Line is active. : Line is active and in async mode. : Absolute index of line. Type : Type and relative index of line. Auth : Login authentication mode. : Physical port of the line. : Authentication use AAA.

  • Page 69: Display Users

    display users to display online CLI users. display users Syntax display users [ all ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays all user lines supported by the device. Examples # Display online user information. <Sysname> display users Line Idle Time...

  • Page 70: Display Web Menu

    Field Description Username used by the user. User name This field is displayed only if the user provided a username and password for authentication at login. User role list User roles assigned to the user. Location IP address of the user. display web menu display web menu to display Web interface navigation tree information.
  • Page 71 `--Tracert: ID = m_tracert |--Interfaces: ID = m_if |--Interfaces: ID = m_interface |--Link Aggregation: ID = m_lagg |--Storm Constrain: ID = m_stormconstrain `--Isolation: ID = m_isolation |--Links: ID = m_link |--VLAN: ID = m_vlan |--Voice VLAN: ID = m_voicevlan |--MAC: ID = m_mac |--STP: ID = m_stp |--LLDP: ID = m_lldp `--DHCP Snooping: ID = m_dhcpsnooping...

  • Page 72: Display Web Users

    |--Public key: ID = m_publickey `--Public key: ID = m_publickey `--PKI: ID = m_pki |--PKI: ID = m_pki `--Certificate Access Control: ID = m_certificatepolicy |--QoS: ID = m_qos `--QoS: ID = m_qos |--QoS Policies: ID = m_mqc |--Hardware Queuing: ID = m_hardqueue |--Priority Mapping: ID = m_priority `--Rate Limit: ID = m_linerate |--Security: ID = m_security...

  • Page 73: Escape-Key

    UserID Name Type Language JobCount LoginTime LastOperation AB2039483271293 Administrator HTTP Chinese 12:00:23 14:10:05 F09382BA2014AC8 user HTTPS English 13:05:00 14:11:00 Table 9 Command output Field Description UserID ID used to uniquely identify the online Web user. JobCount Number of connections established by the user. escape-key escape-key to set the escape key.

  • Page 74: Flow-Control

    • You press the key while a command is being executed on the remote device. command disables the current escape key. After you execute this undo escape-key undo command, no escape key is available. This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view.

  • Page 75: Free Line

    : Disables flow control. none : Performs software flow control. software Usage guidelines This command is not supported in VTY line view. The device supports flow control in both the inbound and outbound directions. • For flow control in the inbound direction, the local device listens to flow control information from the remote device.

  • Page 76: Free User-Interface

    free user-interface to release a user line. free user-interface Syntax free user-interface { number1 | { aux | usb | vty } number2 } Views User view Predefined user roles network-admin Parameters : Specifies the absolute number of a user line. The value range is 0 to 83. number1 : Specifies the AUX line.

  • Page 77: History-Command Max-Size

    Examples # Log off all online Web users. <Sysname> free web users all Related commands display web users history-command max-size to set the size of the command history buffer for a user line. history-command max-size to restore the default. undo history-command max-size Syntax history-command max-size size-value undo history-command max-size...

  • Page 78: Ip Http Acl

    Syntax idle-timeout minutes [ seconds ] undo idle-timeout Default The CLI connection idle-timeout timer is 10 minutes. Views User line view User line class view Predefined user roles network-admin Parameters : Specifies the number of minutes, in the range of 0 to 35791. minutes : Specifies the number of seconds, in the range of 0 to 59.

  • Page 79: Ip Http Enable

    Parameters : Specifies an ACL by its number. The value range is 2000 to 2999. acl-number : Specifies an ACL by its name. The argument is a case-insensitive name acl-name acl-name string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists and is a basic ACL.

  • Page 80: Ip Http Port

    <Sysname> system-view [Sysname] ip http enable Related commands ip https enable ip http port to specify the HTTP service port number. ip http port to restore the default. undo ip http port Syntax ip http port port-number undo ip http port Default The HTTP service port number is 80.

  • Page 81: Ip Https Certificate Access-Control-Policy

    Predefined user roles network-admin Parameters : Specifies an ACL by its number. The value range is 2000 to 2999. acl-number : Specifies an ACL by its name. The argument is a case-insensitive name acl-name acl-name string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists and is a basic ACL.

  • Page 82: Ip Https Enable

    Parameters : Specifies a certificate-based access control policy by its name, a case-sensitive policy-name string of 1 to 31 characters. Usage guidelines For more information about the certificate-based access control policy, see PKI configuration in Security Configuration Guide. Examples # Use certificate-based access control policy myacl to control HTTPS access. <Sysname>...

  • Page 83: Ip Https Port

    ip https port to specify the HTTPS service port number. ip https port to restore the default. undo ip https port Syntax ip https port port-number undo ip https port Default The HTTPS service port number is 443. Views System view Predefined user roles network-admin Parameters...

  • Page 84: Line

    Usage guidelines If the HTTP service and HTTPS service are enabled, changes to the applied SSL server policy do not take effect. For the changes to take effect, you must disable HTTP and HTTPS, and then apply the policy and enable HTTP and HTTPS again. To restore the default, you must disable HTTP and HTTPS, execute the undo ip https command, and then enable HTTP and HTTPS again.

  • Page 85: Line Class

    Related commands line class line class to enter user line class view. line class Syntax line class { aux | usb | vty } Views System view Predefined user roles network-admin Parameters : Specifies the AUX line class view. : Specifies the USB line. : Specifies the VTY line class view.

  • Page 86: Lock

    • A setting in user line class view does not take effect for current online users. It takes effect only for new login users. Examples # Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view. <Sysname>...

  • Page 87: Lock Reauthentication

    Usage guidelines This command is not supported in FIPS mode. This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.

  • Page 88: Lock-Key

    Related commands lock-key lock-key to set the user line locking key. Pressing this shortcut key locks the current user line lock-key and enables unlocking authentication. to restore the default. undo lock-key Syntax lock-key key-string undo lock-key Default No user line locking key is set. Views User line view User line class view...

  • Page 89: Parity

    Press Enter and enter the login password. Password: [Sysname] Related commands lock reauthentication parity to specify the parity. parity to restore the default. undo parity Syntax parity { even | mark | none | odd | space } undo parity Default The setting is .
  • Page 90 protocol inbound { all| ssh | telnet } undo protocol inbound In FIPS mode: protocol inbound ssh undo protocol inbound Default In non-FIPS mode, both protocols are supported. In FIPS mode, SSH is supported. Views VTY line view VTY line class view Predefined user roles network-admin Parameters...

  • Page 91: Restful Http Enable

    Trying 192.168.1.241 ... Press CTRL+K to abort Connected to 192.168.1.241 ... ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <Server>...

  • Page 92: Restful Https Enable

    Predefined user roles network-admin Usage guidelines This command is not supported in FIPS mode. For users to access the device through the HTTP-based RESTful API, you must enable RESTful access over HTTP. Examples # Enable RESTful access over HTTP. <Sysname> system-view [Sysname] restful http enable restful https enable to enable RESTful access over HTTPS.

  • Page 93: Send

    Views User line view User line class view Predefined user roles network-admin Parameters : Specifies the maximum number of lines to send, in the range of 0 to 512. To send screen-length command output without pausing, set the number to 0 or execute the screen-length disable command.

  • Page 94: Set Authentication Password

    : Specifies the USB line. : Specifies the VTY line. : Specifies the relative number of a user line. The value range is 0 to 9 for AUX and USB number2 lines and 0 to 63 for VTY lines. Usage guidelines You can use this command to send notifications to online users before performing an operation that might affect other online users, for example, before rebooting the device.

  • Page 95: Shell

    : Specifies the password. Its hashed form is a case-sensitive string of 1 to 110 characters. string its plaintext form is a case-sensitive string of 4 to 16 characters, and must contain a minimum of two character types. Usage guidelines This command is not supported in FIPS mode.

  • Page 96: Speed

    Examples # Disable the terminal service for VTY lines VTY 0 through 4 so no user can log in to the device through the user lines. <Sysname> system-view [Sysname] line vty 0 4 [Sysname-line-vty0-4] undo shell Disable ui-vty0-4 , are you sure? [Y/N]:y [Sysname-line-vty0-4] speed to set the transmission rate (also called the baud rate) on a user line.

  • Page 97: Stopbits

    [Sysname] line aux 0 [Sysname-line-aux0] speed 19200 stopbits stopbits to specify the number of stop bits for a character. to restore the default. undo stopbits Syntax stopbits { 1 | 1.5 | 2 } undo stopbits Default One stop bit is used. Views User line view Predefined user roles...

  • Page 98: Telnet Client Source

    Parameters : Specifies the IPv4 address or host name of a remote host. A host name can be a remote-host case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.). : Specifies the TCP port number for the Telnet service on the remote host. The service-port value range is 0 to 65535 and the default is 23.

  • Page 99: Telnet Ipv6

    Predefined user roles network-admin Parameters : Specifies a source interface. The primary interface interface-type interface-number IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets. : Specifies a source IPv4 address. ip ip-address Usage guidelines This command is not supported in FIPS mode.

  • Page 100: Telnet Server Acl

    : Specifies the source interface. The interface interface-type interface-number primary IPv6 address of the interface will be used as the source IPv6 address for outgoing Telnet packets. : Specifies the source IPv6 address for outgoing Telnet packets. ipv6 ipv6-address : Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to dscp dscp-value 63.

  • Page 101: Telnet Server Acl-Deny-Log Enable

    This command does not take effect on existing Telnet connections. Examples # Permit only the user at 1.1.1.1 to Telnet to the device. <Sysname> system-view [Sysname] acl basic 2001 [Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0 [Sysname-acl-ipv4-basic-2001] quit [Sysname] telnet server acl 2001 telnet server acl-deny-log enable to enable logging for Telnet login attempts that telnet server acl-deny-log enable...

  • Page 102: Telnet Server Enable

    Syntax telnet server dscp dscp-value undo telnet server dscp Default IPv4 uses the DSCP value 48 for Telnet packets sent to a Telnet client. Views System view Predefined user roles network-admin Parameters : Specifies a DSCP value in the range of 0 to 63. dscp-value Usage guidelines This command is not supported in FIPS mode.

  • Page 103: Telnet Server Ipv6 Acl

    telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins. telnet server ipv6 acl to restore the default. undo telnet server ipv6 acl Syntax telnet server ipv6 acl { ipv6 | mac } acl-number undo telnet server ipv6 acl Default No IPv6 ACL is used to filter IPv6 Telnet logins.

  • Page 104: Telnet Server Ipv6 Port

    Syntax telnet server ipv6 dscp dscp-value undo telnet server ipv6 dscp Default IPv6 uses the DSCP value 48 for Telnet packets sent to a Telnet client. Views System view Predefined user roles network-admin Parameters : Specifies a DSCP value in the range of 0 to 63. dscp-value Usage guidelines This command is not supported in FIPS mode.

  • Page 105: Telnet Server Port

    <Sysname> system-view [Sysname] telnet server ipv6 port 1026 telnet server port telnet server port to specify the IPv4 Telnet service port number. to restore the default. undo telnet server port Syntax telnet server port port-number undo telnet server port Default The IPv4 Telnet service port number is 23.

  • Page 106: User-Interface

    Parameters : Specifies the ANSI type. ansi : Specifies the VT100 type. vt100 Usage guidelines The device supports two terminal display types: ANSI and VT100. As a best practice, specify the VT100 type on both the device and the configuration terminal. If either side uses the ANSI type, a display problem might occur when a command line has more than 80 characters.

  • Page 107: User-Interface Class

    To configure settings for a single user line, use this command to enter the user line view. To configure the same settings for multiple user lines, use this command to enter multiple user line views. Examples # Enter the view of AUX line 0. <Sysname>...
  • Page 108 • idle-timeout • protocol inbound • screen-length • set authentication password • shell • terminal type • user-role For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to use: •...

  • Page 109: User-Role

    Related commands user-interface user-role to assign a user role to a user line. The device assigns the user role to a user of the user-role line when the user logs in. to remove a user role or restore the default. undo user-role Syntax user-role role-name...

  • Page 110: Web Captcha

    web captcha to specify a fixed verification code for Web login. web captcha to restore the default. undo web captcha Syntax web captcha verification-code undo web captcha Default No fixed verification code is specified for Web login. A Web user must enter the verification code displayed on the login page.

  • Page 111: Web Idle-Timeout

    Parameters : Uses the PKI certificate of an HTTPS client to authenticate the client automatically. auto : Sends the login page to the HTTPS client, and uses the username and password entered manual on the page to authenticate the client. Usage guidelines In auto authentication mode, the device uses the PKI certificate of an HTTPS client to authenticate the client automatically.

  • Page 112: Webui Log Enable

    • Web client IP address. • Web user's username. The following is a sample log message: %Mar 25 14:32:38:802 2013 H3C WEB/6/WEBOPT_SET_TIME: -HostIP=192.168.100.235-User=Admin; Set the system date and time to 2013-05-27T10:00:00. Examples # Enable Web operation logging. <Sysname> system-view [Sysname] webui log enable...
  • Page 113 Contents FTP commands ····························································································· 1 FTP server commands ······································································································································· 1 display ftp-server ········································································································································ 1 display ftp-user ··········································································································································· 1 free ftp user ················································································································································ 2 free ftp user-ip ············································································································································ 3 free ftp user-ip ipv6 ···································································································································· 3 ftp server acl ··············································································································································· 4 ftp server acl-deny-log enable ···················································································································· 5 ftp server dscp ············································································································································...
  • Page 114 tftp client ipv6 source ······························································································································· 41 tftp client source ······································································································································· 41 tftp ipv6 ····················································································································································· 42 tftp-server acl ··········································································································································· 44 tftp-server ipv6 acl ···································································································································· 44...

  • Page 115: Ftp Commands

    FTP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. FTP is not supported in FIPS mode. FTP server commands display ftp-server to display FTP server configuration and status information.

  • Page 116: Free Ftp User

    Views Any view Predefined user roles network-admin network-operator Examples # Display detailed information about online FTP users. <Sysname> display ftp-user UserName HostIP Port HomeDir root 192.168.20.184 46539 flash: A field value is wrapped if its length exceeds the limit. The segments are left justified. The following are the length limits for fields: •...

  • Page 117: Free Ftp User-Ip

    Parameters : Specifies a username. To display online FTP users, execute the username display ftp-user command. Examples # Release the FTP connections established by using user account ftpuser. <Sysname> free ftp user ftpuser Are you sure to free FTP connection? [Y/N]:y <Sysname>...

  • Page 118: Ftp Server Acl

    : Specifies the source port of an FTP connection. To view the source ports of FTP port port connections, execute the command. display ftp-user Examples # Release the FTP connections established from IPv6 address 2000::154. <Sysname> free ftp user-ip ipv6 2000::154 Are you sure to free FTP connection? [Y/N]:y <Sysname>...

  • Page 119: Ftp Server Acl-Deny-Log Enable

    ftp server acl-deny-log enable to enable logging for FTP login attempts that are ftp server acl-deny-log enable denied by the FTP login control ACL. to disable logging for FTP login attempts that undo ftp server acl-deny-log enable are denied by the FTP login control ACL. Syntax ftp server acl-deny-log enable undo ftp server acl-deny-log enable...

  • Page 120: Ftp Server Enable

    Parameters : Specifies a DSCP value in the range of 0 to 63. dscp-value Usage guidelines The DSCP value is carried in the ToS field of an IP packet to indicate the transmission priority of the packet. Examples # Set the DSCP value for IPv4 to use for outgoing FTP packets to 30 on an FTP server. <Sysname>...

  • Page 121: Ftp Server Ssl-Server-Policy

    Predefined user roles network-admin Parameters : Specifies a DSCP value in the range of 0 to 63. dscp-value Usage guidelines The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the transmission priority of the packet. Examples # Set the DSCP value for IPv6 to use for outgoing FTP packets to 30 on an FTP server.

  • Page 122: Ftp Client Commands

    to restore the default. undo ftp timeout Syntax ftp timeout minute undo ftp timeout Default The FTP connection idle-timeout timer is 30 minutes. Views System view Predefined user roles network-admin Parameters : Specifies a time interval in the range of 1 to 35791 minutes. minute Usage guidelines If no data transfer occurs on an FTP connection within the idle-timeout interval, the FTP server...

  • Page 123: Append

    Usage guidelines In FTP client view, entering is the same as executing the command. help Examples # Display all commands supported by the FTP client. ftp> ? Commands may be abbreviated. Commands are: append delete quit rmdir ascii debug mkdir reget status binary...

  • Page 124: Ascii

    ascii to set the file transfer mode to ASCII. ascii Syntax ascii Default The file transfer mode is binary. Views FTP client view Predefined user roles network-admin Usage guidelines You can perform this operation only after you log in to the FTP server. FTP transfers files in either of the following modes: •...

  • Page 125: Bye

    • ASCII mode—Transfers text files. When the device acts as the FTP server, the transfer mode is determined by the FTP client. When the device acts as the FTP client, you can set the transfer mode. The default transfer mode is binary. Examples # Set the file transfer mode to binary.

  • Page 126: Cdup

    : Specifies the upper directory. Executing the command is the same as executing the cd .. cdup command. If the current working directory is the FTP root directory, the command does not cd .. change the current working directory. : Specifies the FTP root directory. Usage guidelines You can perform this operation only after you log in to the FTP server.

  • Page 127: Close

    ftp> pwd 257 "/ftp" is your current location Related commands close to terminate the connection to the FTP server without exiting FTP client view. close Syntax close Views FTP client view Predefined user roles network-admin Usage guidelines You can perform this operation only after you log in to the FTP server. Examples # Terminate the connection to the FTP server without exiting the FTP client view.

  • Page 128: Delete

    Examples # Enable and then disable FTP client debugging. ftp> debug Debugging on (debug=1). ftp> debug Debugging off (debug=0). delete to permanently delete a file from the FTP server. delete Syntax delete remotefile Views FTP client view Predefined user roles network-admin Parameters : Specifies a file on the FTP server.

  • Page 129: Disconnect

    Usage guidelines You can perform this operation only after you log in to the FTP server. To display detailed information about the files and subdirectories in the working directory on the FTP server, use the command. To display detailed information about a file or directory on the FTP server, use the dir remotefile command.

  • Page 130: Display Ftp Client Source

    Predefined user roles network-admin Usage guidelines You can perform this operation only after you log in to the FTP server. Examples # Terminate the connection to the FTP server without exiting the FTP client view. ftp> disconnect 221-Goodbye. You uploaded 0 and downloaded 0 kbytes. 221 Logout.
  • Page 131 Parameters : Specifies the IPv4 address or host name of an FTP server. A host name can be a ftp-server case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.). : Specifies the TCP port number of the FTP server, in the range of 0 to 65535.

  • Page 132: Ftp Client Ipv6 Source

    *Apr 10 09:02:24:139 2017 Sysname FTPC/7/EVENT: PAM initialization result: 0. *Apr 10 09:02:24:150 2017 Sysname FTPC/7/EVENT: PAM: Sent a start-accounting request. Result: 0. *Apr 10 09:02:24:860 2017 Sysname FTPC/7/COMMAND: USER abc 331 Password required for abc. Password: *Apr 10 09:02:25:575 2017 Sysname FTPC/7/COMMAND: PASS XXXX 230 User logged in.

  • Page 133: Ftp Client Source

    <Sysname> system–view [Sysname] ftp client ipv6 source ipv6 2000::1 Related commands ftp ipv6 ftp client source to specify the source IPv4 address for FTP packets sent to an IPv4 FTP ftp client source server. to restore the default. undo ftp client source Syntax ftp client source { interface interface-type interface-number | ip source-ip-address }...

  • Page 134: Ftp Ipv6

    ftp ipv6 to log in to an IPv6 FTP server and enter FTP client view. ftp ipv6 Syntax ftp ipv6 [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { ipv6 source-ipv6-address | interface interface-type interface-number interface-type interface-number ] ]...

  • Page 135: Get

    User (2000::154): root 331 Password required for root. Password: 230 User logged in Remote system type is H3C # Log in to FTP server 2000::154 and enable FTP client debugging. <Sysname> ftp ipv6 2000::154 –d Press CTRL+C to abort. Connected to 2000::154 (2000::154).

  • Page 136: Help

    • Execute the command without specifying the argument. localfile • Specify a file name without any path information for the argument, for example, localfile a.cfg. To save the downloaded file to some other directory, you must specify a fully qualified file name for argument, for example, flash:/subdirectory/a.cfg.

  • Page 137: Lcd

    Examples # Display all commands supported by the FTP client. ftp> help append delete quit rmdir ascii debug mkdir reget status binary newer rstatus system disconnect open rhelp user passive rename verbose cdup help reset close restart # Display the help information for the command.
  • Page 138 Syntax ls [ remotefile [ localfile ] ] Views FTP client view Predefined user roles network-admin Parameters : Specifies a file or directory on the FTP server. remotefile : Specifies the name of the local file used to save the displayed information. localfile Usage guidelines You can perform this operation only after you log in to the FTP server.

  • Page 139: Mkdir

    Related commands mkdir to create a subdirectory in the current directory on the FTP server. mkdir Syntax mkdir directory Views FTP client view Predefined user roles network-admin Parameters : Specifies the name for the directory to be created. directory Usage guidelines You can perform this operation only after you log in to the FTP server.

  • Page 140: Open

    Press CTRL+C to abort. Connected to 192.168.40.7 (192.168.40.7). 220 FTP service ready. User (192.168.40.7:(none)): root 331 Password required for root. Password: 230 User logged in. Remote system type is H3C. ftp> passive to change the FTP operation mode. passive Syntax passive...

  • Page 141: Put

    Default The FTP operation mode is passive. Views FTP client view Predefined user roles network-admin Usage guidelines FTP can operate in either of the following modes: • Active mode—The FTP server initiates the TCP connection. • Passive mode—The FTP client initiates the TCP connection. When the FTP operation mode is passive, executing this command changes the mode to active.

  • Page 142: Pwd

    ftp> put a.txt b.txt local: a.txt remote: b.txt 150 Connecting to port 47461 226 File successfully transferred 1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s) # Upload the a.txt file from the test directory of the local working directory to the FTP server. Save the file as b.txt.

  • Page 143: Reget

    Syntax quit Views FTP client view Predefined user roles network-admin Examples # Terminate the connection to the FTP server and return to user view. ftp> quit 221-Goodbye. You uploaded 0 and downloaded 0 kbytes. 221 Logout. <Sysname> Related commands reget to get the missing part of a file from the FTP server.

  • Page 144: Rename

    rename to rename a file. rename Syntax rename [ oldfilename [ newfilename ] ] Views FTP client view Predefined user roles network-admin Parameters : Specifies the original file name. oldfilename : Specifies the new file name. newfilename Usage guidelines You can perform this operation only after you log in to the FTP server. Examples # Rename the a.txt file as b.txt.

  • Page 145: Restart

    Examples # Clear the reply information received from the FTP server. ftp> reset restart to specify the file retransmission offset. restart Syntax restart marker Views FTP client view Predefined user roles network-admin Parameters : Specifies the retransmission offset, in bytes. marker Usage guidelines Use this command to continue with a file retransmission.
  • Page 146 Predefined user roles network-admin Parameters : Specifies an FTP command. protocol command Usage guidelines You can perform this operation only after you log in to the FTP server. Examples # Display the FTP-related commands supported by the FTP server. ftp> rhelp 214-The following FTP commands are recognized USER PASS NOOP QUIT SYST TYPE HELP CWD...

  • Page 147: Rmdir

    Field Description STOR Uploads files. APPE Appends uploading. DELE Deletes files. Creates folders. XMKD Extended command with the meaning of MKD. Deletes folders. XRMD Extended command with the meaning of RMD. ABOR Aborts the transmission. SIZE Size of the transmission file. RNFR Original name.

  • Page 148: Rstatus

    Related commands delete rstatus to display FTP server status information. rstatus to display detailed information about a directory or file on the FTP rstatus remotefile server. Syntax rstatus [ remotefile ] Views FTP client view Predefined user roles network-admin Parameters : Specifies a directory or file on the FTP server.

  • Page 149: Status

    Filed Description Data connections will be plain text Data connection type is plain text. At session startup, client count was 1 FTP connection number is 1. vsFTPd 2.0.6 - secure, fast, stable FTP version is 2.0.6. 211 End of status End of the display of FTP server status.

  • Page 150: System

    Views FTP client view Predefined user roles network-admin Examples # Display FTP status information. ftp> status Connected to 192.168.1.56. No proxy connection. Not using any security mechanism. Mode: stream; Type: ascii; Form: non-print; Structure: file Verbose: on; Bell: off; Prompting: on; Globbing: off Store unique: off;...

  • Page 151: User

    Examples # Display the system information of the FTP server. ftp> system 215 UNIX Type: L8 user to initiate an FTP authentication on the current FTP connection. user Syntax user username [ password ] Views FTP client view Predefined user roles network-admin Parameters : Specifies the username.
  • Page 152 Default The device displays detailed information about FTP operations. Views FTP client view Predefined user roles network-admin Usage guidelines This command affects only the current FTP session. Examples # Disable the device from displaying detailed information about FTP operations. ftp> verbose Verbose mode off.

  • Page 153: Tftp Commands

    TFTP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. TFTP is not supported in FIPS mode. tftp to download a file from a TFTP server or upload a file to a TFTP server in an IPv4 network.
  • Page 154 • : Specifies an interface by its type interface interface-type interface-number and number. The device will use the interface's primary IPv4 address as the source IPv4 address. For successful TFTP packet transmission, make sure the interface is up and has the primary IPv4 address configured.

  • Page 155: Tftp Client Ipv6 Source

    tftp client ipv6 source to specify the source IPv6 address for TFTP packets sent to an tftp client ipv6 source IPv6 TFTP server. to restore the default. undo tftp client ipv6 source Syntax tftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address } undo tftp client ipv6 source Default...

  • Page 156: Tftp Ipv6

    Syntax tftp client source { interface interface-type interface-number | ip source-ip-address } undo tftp client source Default No source IPv4 address is specified for TFTP packets sent to an IPv4 TFTP server. The device uses the primary IPv4 address of the output interface for the route to the server as the source address. Views System view Predefined user roles...
  • Page 157 Predefined user roles network-admin Parameters : Specifies the IPv6 address or host name of a TFTP server. The host name can be a tftp-server case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-), underscores (_), and dots (.). : Specifies an output interface by its type and number.

  • Page 158: Tftp-Server Acl

    <Sysname> tftp ipv6 2001::1 get new.bin new.bin Press CTRL+C to abort. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 13.9M 100 13.9M 1206k 0:00:11 0:00:11 --:--:-- 1206k Writing file...Done. For more information about the command output, see Table tftp-server acl...
  • Page 159 undo tftp-server ipv6 acl Default No ACL is used to control the device's access to TFTP servers. Views System view Predefined user roles network-admin Parameters : Specifies the number of a basic ACL, in the range of 2000 to 2999. ipv6-acl-number Usage guidelines You can use an ACL to deny or permit the device's access to specific TFTP servers.
  • Page 160 Contents File system management commands ···························································· 1 cd ······························································································································································· 1 copy ···························································································································································· 2 delete ························································································································································· 5 dir ······························································································································································· 6 execute ······················································································································································· 7 fdisk ···························································································································································· 7 file prompt ·················································································································································· 9 fixdisk ······················································································································································· 10 format ······················································································································································· 10 gunzip ······················································································································································· 11 gzip ··························································································································································· 12 md5sum ···················································································································································...

  • Page 161: File System Management Commands

    File system management commands IMPORTANT: • Before managing storage media, file systems, directories, and files, make sure you know the possible impact. • A file or directory whose name starts with a dot character (.) is a hidden file or directory. To prevent the system from hiding a file or directory, make sure the file or directory name does not start with a dot character.

  • Page 162: Copy

    Examples # Access the test directory after logging in to the device. <Sysname> cd test # Change to the parent directory. <Sysname> cd .. copy copy to copy a file. Syntax In non-FIPS mode: copy source-file dest-file dest-directory vpn-instance vpn-instance-name ] [ source interface interface-type interface-number ] In FIPS mode: copy source-file { dest-file | dest-directory } Views...
  • Page 163 To specify a file or directory, use the following guidelines: Location Name format Remarks Use the file name guidelines in On the device Fundamentals Configuration Guide. The username and password must be the same as the username and password configured on the FTP server.
  • Page 164 Copy ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y Copying file ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg... Done. # Copy test.cfg from the current directory. Save the copy to the working directory on FTP server 1.1.1.1 as testbackup.cfg. The FTP username is user. The password is private. <Sysname>...

  • Page 165: Delete

    # Copy test.cfg from the authorized directory on HTTP server 2001::1. Save the copy to the local current directory as testbackup.cfg. The HTTP login username is user. The password is private. <Sysname> copy http://user:private@[2001::1]/test.cfg testbackup.cfg Copy http://user:private@[2001::1]/test.cfg to flash:/testbackup.cfg? [Y/N]:y Copying file http://user:private@[2001::1]/test.cfg to flash:/testbackup.cfg...

  • Page 166: Dir

    undelete to display files or directories. Syntax dir [ /all ] [ file | directory | /all-filesystems ] Views User view Predefined user roles network-admin Parameters : Displays all files and directories in the current directory, visible or hidden. If you do not specify /all this option, only visible files and directories are displayed.

  • Page 167: Execute

    Field Description File or directory information: • 0—File or directory number, which is automatically allocated by the system. • -rwh—Attributes of the file or directory. The first character is the directory indicator (d for directory and – for file). The second character indicates whether the file or directory is readable (r for readable).
  • Page 168 Views User view Predefined user roles network-admin Parameters Specifies the name of the storage medium to be partitioned. medium: Specifies the number of partitions, in the range of 1 to 4. If you specify this partition-number: argument, the storage medium is divided evenly into the specified number of partitions. To customize the sizes of partitions, do not provide this argument.

  • Page 169: File Prompt

    Partitioning usba:...Done. # Divide the USB disk on the device into three partitions and specify the size for each partition. <Sysname> fdisk usba: The capacity of usba: : 256M bytes Partition 1 (32MB~224MB, 256MB, Press CTRL+C to quit or Enter to use all available space):128 // Enter to set the size of the first partition to 128 MB.

  • Page 170: Fixdisk

    Parameters : Prompts for confirmation when a destructive file or directory operation is being performed. alert : Gives no confirmation prompt for file or directory operations except the recycle bin emptying quiet operation. Usage guidelines In quiet mode, the system does not prompt for confirmation when a user performs a file or directory operation except the recycle bin emptying operation.

  • Page 171: Gunzip

    Parameters : Specifies the name of a file system. filesystem Usage guidelines CAUTION: Formatting a file system permanently deletes all files and directories in the file system. You cannot restore the deleted files or directories. If a startup configuration file exists in the file system, back up the file if necessary.

  • Page 172: Gzip

    251904 KB total (193312 KB free) Decompress the file system.bin.gz. <Sysname> gunzip system.bin.gz Decompressing file flash:/system.bin.gz..Done. Verify the decompress operation. <Sysname> dir system.* Directory of flash: 1 -rw- 0 May 30 2012 11:42:25 system.bin 251904 KB total (193312 KB free) gzip to compress a file.

  • Page 173: Md5Sum

    251904 KB total (193312 KB free) md5sum to use the MD5 algorithm to calculate the digest of a file. md5sum Syntax md5sum file Views User view Predefined user roles network-admin network-operator Parameters : Specifies the name of a file. file Usage guidelines You can use file digests to verify file integrity.

  • Page 174: More

    # Create the test/subtest directory in the current directory. <Sysname> mkdir test/subtest Creating directory flash:/test/subtest... Done. more to display the contents of a text file. more Syntax more file Views User view Predefined user roles network-admin Parameters : Specifies the name of a file. file Examples # Display the contents of the test.txt file.

  • Page 175: Move

    Usage guidelines Generally, file systems on a hot-swappable storage medium are automatically mounted when the storage medium is connected to the device. If the system cannot recognize a file system, however, you must mount the file system before you can access it. To avoid file system corruption, do not perform the following tasks while the system is mounting a file system: •...

  • Page 176: Pwd

    to display the working directory. Syntax Views User view Predefined user roles network-admin Examples # Display the working directory. <Sysname> pwd flash: rename to rename a file or directory. rename Syntax rename { source-file | source-directory } { dest-file | dest-directory } Views User view Predefined user roles...

  • Page 177: Rmdir

    Syntax reset recycle-bin [ /force ] Views User view Predefined user roles network-admin Parameters : Deletes all files in the recycle bin without prompting for confirmation. If you do not specify /force this option, the command prompts you to confirm the deletion operation for each file. Usage guidelines CAUTION: The files in a recycle bin can be restored by using the...

  • Page 178: Sha256Sum

    Parameters : Specifies a directory. directory Usage guidelines CAUTION: To delete a directory, you must first delete all files and subdirectories in the directory permanently or move them to the recycle bin. If you move them to the recycle bin, executing the command to rmdir delete the directory will delete them permanently.

  • Page 179: Tar Extract

    Predefined user roles network-admin Parameters : Uses gzip to compress the files and directories before archiving them. If you do not specify this keyword, the command archives the files and directories without compressing them. : Specifies the archive file name. If you specified the keyword, the archive-file dest-file extension of the archive file name must be .tar.gz.
  • Page 180 Parameters : Specifies the archive file name. The extension can be .tar or .tar.gz. archive-file file : Displays the names of the successfully extracted files and directories. verbose : Displays the content of the extracted files and directories on the screen. The extracted files screen are not saved.

  • Page 181: Tar List

    tar list to display the names of archived files and directories. tar list Syntax tar list archive-file file Views User view Predefined user roles network-admin Parameters : Specifies the archive file name. The extension can be .tar or .tar.gz. archive-file file Examples # Display the names of archived files and directories.

  • Page 182: Undelete

    To avoid file system corruption, do not perform the following tasks while the system is unmounting a file system: • Reboot, power cycle, or power off the device. • Install, remove, or access storage media. • Perform a switchover. Examples # Unmount a file system on a USB disk.
  • Page 183 Contents Configuration file management commands ···················································· 1 archive configuration ·································································································································· 1 archive configuration interval ····················································································································· 2 archive configuration location ····················································································································· 3 archive configuration max ·························································································································· 4 archive configuration server ······················································································································· 5 archive configuration server password······································································································· 7 archive configuration server user ··············································································································· 7 backup startup-configuration ······················································································································...

  • Page 184: Configuration File Management Commands

    Configuration file management commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. archive configuration to manually archive the running configuration to the configuration archive configuration...

  • Page 185: Archive Configuration Interval

    archive configuration server password archive configuration server user display archive configuration archive configuration interval to enable automatic running-configuration archiving archive configuration interval and set the archiving interval. to disable automatic running-configuration undo archive configuration interval archiving. Syntax archive configuration interval interval undo archive configuration interval Default The automatic running-configuration archiving feature is disabled.

  • Page 186: Archive Configuration Location

    Related commands archive configuration archive configuration location archive configuration max archive configuration server archive configuration server password archive configuration server user display archive configuration archive configuration location to specify a local directory and file name prefix for archive configuration location archiving the running configuration.

  • Page 187: Archive Configuration Max

    the configuration archive counter restarts. The serial number for new configuration archives starts at command removes the local configuration undo archive configuration location archive directory and file name prefix settings. The command also performs the following operations: • Disables the configuration archive feature (both manual and automatic methods). •...

  • Page 188: Archive Configuration Server

    After the maximum number of configuration archives is reached, the system deletes the oldest archive for the new archive. Changing the limit setting to a lower value does not cause immediate deletion of excess archives. Instead, the configuration archive feature deletes the oldest n files when a new archive is manually or automatically saved, where n = current archive count –...
  • Page 189 : Specifies an MPLS L3VPN instance by its name, a vpn-instance vpn-instance-name case-sensitive string of 1 to 31 characters. If the SCP server is on the public network, do not specify this option. : Specifies the archive directory, a case-insensitive string. If you do not directory directory specify this option, the archive directory is the root directory of the SCP server.

  • Page 190: Archive Configuration Server Password

    archive configuration location archive configuration server password archive configuration server user display archive configuration archive configuration server password to configure the password for accessing the archive configuration server password SCP server that saves the configuration archives. to restore the default. undo archive configuration server password Syntax archive configuration server password { cipher | simple } string...

  • Page 191: Backup Startup-Configuration

    undo archive configuration server user Default No username is configured for accessing the SCP server that saves the configuration archives. Views System view Predefined user roles network-admin Parameters : Specifies the username, a case-sensitive string of 1 to 63 characters. user-name Examples # Set the username to admin for accessing the SCP server that saves the configuration archives.

  • Page 192: Configuration Commit

    Usage guidelines This command is not supported in FIPS mode. Examples # Back up the main next-startup configuration file to the IPv4 TFTP server at 2.2.2.2 in the public network, and set the target file name to 192-168-1-26.cfg. <Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg Backing up the main startup configuration file to 2.2.2.2...

  • Page 193: Configuration Commit Delay

    [Sysname] configuration commit Related commands configuration commit delay configuration commit delay to enable the configuration commit delay feature and start configuration commit delay the configuration commit delay timer. Syntax configuration commit delay delay-time Views System view Predefined user roles network-admin Parameters : Sets the configuration commit delay interval.

  • Page 194: Configuration Encrypt

    configuration encrypt to enable configuration encryption. configuration encrypt to disable configuration encryption. undo configuration encrypt Syntax configuration encrypt { private-key | public-key } undo configuration encrypt Default Configuration encryption is disabled. Views System view Predefined user roles network-admin Parameters : Encrypts configuration with a private key. All devices running Comware 7 software private-key use the same private key.

  • Page 195: Display Archive Configuration

    Usage guidelines CAUTION: The configuration rollback feature replaces the running configuration with the configuration in a configuration file without rebooting the device. This operation will cause settings not in the replacement configuration file to be lost, which might cause service interruption. When you perform configuration rollback, make sure you fully understand its impact on your network.
  • Page 196 Aug 05 2007 20:34:54 my_archive_2.cfg Aug 05 2007 20:44:54 my_archive_3.cfg The pound sign (#) indicates the most recent archive file. Next archive file to be saved: my_archive_4.cfg # Display information about the configuration archives. The sample output was created based on remote archiving.

  • Page 197: Display Current-Configuration

    display current-configuration to display the running configuration. display current-configuration Syntax display current-configuration [ [ configuration [ module-name ] | interface [ interface-type [ interface-number ] ] ] [ all ] | slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 198: Display Current-Configuration Diff

    password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtV ErJ/C31oq2rFtmNuyZf4STw== service-type ssh telnet terminal authorization-attribute user-role network-admin return # Display VLAN interface configuration. <Sysname> display current-configuration interface Vlan-interface interface Vlan-interface1 ip address 192.168.1.84 255.255.255 Return display current-configuration diff to display the differences that the running display current-configuration diff configuration has as compared with the next-startup configuration.

  • Page 199: Display Default-Configuration

    system-working-mode standard <Sysname> Table 2 Command output Field Description • A represents the source configuration for comparison, which can be Startup configuration, Current configuration, or the name of the source configuration file with its directory information. • - - - A B represents the target configuration for comparison, which can be Current configuration, Startup configuration, or the name of the +++ B...

  • Page 200: Display Diff

    Usage guidelines Factory defaults are custom basic settings that came with the device. Factory defaults vary by device models and might differ from the initial default settings for the commands. The device starts up with the factory defaults if no next-startup configuration files are available. Examples # Display the factory defaults.

  • Page 201: Display Saved-Configuration

    Examples # Display the differences between startup.cfg and test.cfg. <Sysname> display diff configfile startup.cfg configfile test.cfg --- flash:/startup.cfg +++ flash:/test.cfg @@ -5,7 +5,7 @@ sysname Sysname -alias dhc display history-command +alias dh display hotkey system-working-mode standard <Sysname> The output shows that the command is contained only alias dhc display history-command in startup.cfg, and the...

  • Page 202: Display Startup

    Views Any view Predefined user roles network-admin network-operator Usage guidelines Use this command to verify that important settings have been saved to the configuration file for the next system startup. This command selects the configuration file to display in the following order: If the main startup configuration file is available, this command displays the contents of the main startup configuration file.

  • Page 203: Display This

    Views Any view Predefined user roles network-admin network-operator Usage guidelines All IRF members use the same current startup configuration file as the master. After a master/subordinate switchover, it is normal that the current startup configuration files on all IRF members are displayed as NULL. This is because the new master continues to run with the running configuration rather than rebooting with a startup configuration file.

  • Page 204: Reset Saved-Configuration

    Usage guidelines Use this command to verify the configuration you have made in a certain view. This command does not display parameters that are using the default settings. Some parameters can be successfully set even if their dependent features are not enabled. For these parameters, this command displays their settings after the dependent features are enabled.

  • Page 205: Restore Startup-Configuration

    Examples # Delete the main next-startup configuration file. <Sysname> reset saved-configuration The saved configuration file will be erased. Are you sure? [Y/N]:y Configuration file in flash: is being cleared. Please wait ... Configuration file is cleared. Related commands display saved-configuration restore startup-configuration to download a configuration file from a TFTP server restore startup-configuration...

  • Page 206: Save

    configuration file to the subordinate device. For example, the subordinate device uses a USB disk, but the master uses a flash memory. In this situation, you must manually restore the main next-startup configuration file on the subordinate device. Examples # Download test.cfg from the IPv4 TFTP server at 2.2.2.2 in the public network, and specify the file as the main next-startup configuration file.
  • Page 207 : Saves the running configuration to a configuration file, and specifies the file as the backup backup next-startup configuration file. If you do not specify this keyword or the keyword, the command main specifies the saved file as the main next-startup configuration file. : Saves the running configuration to a configuration file, and specifies the file as the main main next-startup configuration file.

  • Page 208: Standby Auto-Update Config

    # Save the running configuration to the main next-startup configuration file without any confirmation required. <Sysname> save force Validating file. Please wait..Saved the current configuration to mainboard device successfully. # Save the running configuration to a file in the root directory of the default storage medium, and specify the file as the main next-startup configuration file.

  • Page 209: Startup Saved-Configuration

    performed only on the master device. In addition, the amount of time required to complete a system-wide configuration operation increases as the amount of configuration data grows. If you are disabling automatic system-wide operations for faster configuration saving, be aware that the next-startup configuration files will be inconsistent between the master device and the subordinate devices.
  • Page 210 If you do not specify the keyword, the backup main startup saved-configuration command specifies the main next-startup configuration file. As a best practice, specify different files as the main and backup next-startup configuration files. undo startup saved-configuration command changes the file attribute of the main and backup next-startup configuration files to NULL.
  • Page 211 Contents Software upgrade commands ········································································ 1 boot-loader file ··········································································································································· 1 boot-loader update ····································································································································· 3 bootrom update ·········································································································································· 4 display boot-loader ····································································································································· 5 display install active ··································································································································· 6 display install committed ···························································································································· 8 install activate ············································································································································· 9 install commit ··········································································································································· 10 install deactivate ·······································································································································...

  • Page 212: Software Upgrade Commands

    Software upgrade commands As a best practice, store the startup images in a fixed storage medium. If you store the startup images in a hot swappable storage medium, do not remove the hot swappable storage medium during the startup process. boot-loader file to specify startup image files.
  • Page 213 Examples # Specify flash:/all.ipe as the main startup image file for slot 1. <Sysname> boot-loader file flash:/all.ipe slot 1 main Verifying the IPE file and the images....Done. H3C IE4320-28S-PS1 Switch images in IPE: boot.bin system.bin feature.bin This command will set the main startup software images. Continue? [Y/N]:Y Add images to slot 1.

  • Page 214: Boot-Loader Update

    N: Not overwrite the file. A: From now on, overwrite or not overwrite without prompt. Please make a choice. [Y/N/A]:a What type of overwrite operation do you want to perform? Y: Overwrite without prompt. N: Not overwrite or display prompt. Q: Return to the previous step.

  • Page 215: Bootrom Update

    • If the master device has started up with main startup images, its main startup images are synchronized to the subordinate device, regardless of whether any main startup image has been respecified on the master device. • If the master device has started up with backup startup images, its backup startup images are synchronized to the subordinate device, regardless of whether any backup startup image has been respecified on the master device.

  • Page 216: Display Boot-Loader

    Usage guidelines BootWare images are contained in the .bin Comware boot image file. You can specify a Comware boot image file in this command to upgrade the BootWares in the system before you upgrade the Comware images. If you do not upgrade BootWares before upgrading Comware images, the system automatically upgrades BootWares as necessary when loading Comware images.

  • Page 217: Display Install Active

    # Display detailed information about active software images. <Sysname> display install active verbose Active packages on slot 1: flash:/boot.bin [Package] Vendor: H3C Product: IE4320-28S-PS1 Service name: boot Platform version: 7.1.022 Product version: Test 2201 Supported board: mpu [Component]...
  • Page 218 Description: boot package flash:/system.bin [Package] Vendor: H3C Product: IE4320-28S-PS1 Service name: system Platform version: 7.1.022 Product version: Test 2201 Supported board: mpu [Component] Component: system Description: system package flash:/feature.bin [Package] Vendor: H3C Product: IE4320-28S-PS1 Service name: test Platform version: 7.1.022...

  • Page 219: Display Install Committed

    # Display detailed information about main startup software images. <Sysname> display install committed verbose Committed packages on slot 1: flash:/boot-t5101.bin [Package] Vendor: H3C Product: IE4320-28S-PS1 Service name: boot Platform version: 7.1 Product version: Beta 1330 Supported board: mpu [Component]...

  • Page 220: Install Activate

    [Package] Vendor: H3C Product: IE4320-28S-PS1 Service name: system Platform version: 7.1 Product version: Beta 1330 Supported board: mpu [Component] Component: system Description: system package flash:/ssh-feature.bin [Package] Vendor: H3C Product: IE4320-28S-PS1 Service name: ssh Platform version: 7.1 Product version: Beta 1330...

  • Page 221: Install Commit

    the value string can have a maximum of 63 characters. For more information about specifying a file, see file system management in Fundamentals Configuration Guide. : Specifies all IRF member devices. : Specifies an IRF member device by its member ID. slot slot-number Usage guidelines This command activates images and adds the images to the current image list.

  • Page 222: Install Deactivate

    This operation will take several minutes, please wait......Done. Related commands install activate install deactivate install deactivate to deactivate feature or patch images. install deactivate Syntax install deactivate feature filename&<1-30> slot slot-number install deactivate patch filename { all | slot slot-number } Views User view Predefined user roles...
  • Page 223 Contents Device management commands···································································· 1 alarm-port event ········································································································································· 1 alarm-port in ··············································································································································· 2 alarm-port out ············································································································································· 3 alarm-port pulse-period ······························································································································ 4 clock datetime ············································································································································ 5 clock protocol ············································································································································· 6 clock summer-time ····································································································································· 6 clock timezone ··········································································································································· 8 command ··················································································································································· 9 copyright-info enable ································································································································...
  • Page 224 scheduler reboot at ·································································································································· 50 scheduler reboot delay ····························································································································· 51 scheduler schedule ·································································································································· 52 shutdown-interval ····································································································································· 53 sysname ··················································································································································· 53 transceiver monitor enable ······················································································································· 54 transceiver monitor interval ······················································································································ 55 temperature-limit ······································································································································ 55 time at ······················································································································································ 56 time once ·················································································································································· 57 time repeating ··········································································································································...

  • Page 225: Device Management Commands

    : Issues an alarm when a CPU usage alarm threshold is exceeded on the device. Only cpu-usage the IE4300-28P-M and IE4300-12P-PWR-M switches support the keyword. cpu-usage : Issues an alarm when a loop is detected on the device. To monitor this type of alarm, you must loop enable loop detection.

  • Page 226: Alarm-Port In

    Loops are detected.  A power module stops providing power.  The device reboots.  • External alarm events, which are received from another device. To avoid false alarms, do not execute the alarm-port event alarm-in alarm-port in command if the alarm input port is not connected to any other device. To monitor multiple types of local alarm events or alarm events from multiple alarm input ports, execute this command multiple times.

  • Page 227: Alarm-Port Out

    To avoid false alarms, do not execute the alarm-port event alarm-in alarm-port in command if the alarm input port is not connected to any other device. The alarm output port issues an alarm in response to an incoming external alarm only if the command is executed on the device.

  • Page 228: Alarm-Port Pulse-Period

    Table 1 Recommended alarm signal schemes Signal type recommended for the alarm output Signal type used by interconnected alarm ports port connected to an alarm indicator High level High level or pulse Low level Low level Examples #Configure the alarm output port to use the high level signal to indicate an alarm on member devices 1, 2, and 3.

  • Page 229: Clock Datetime

    clock datetime to set the system time. clock datetime Syntax clock datetime time date Default The system time is UTC time 00:00:00 01/01/2013. Views User view Predefined user roles network-admin Parameters : Specifies a time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for time mm is 0 to 59.

  • Page 230: Clock Protocol

    clock protocol to specify the system time source. clock protocol to restore the default. undo clock protocol Syntax clock protocol { none | ntp } undo clock protocol Default The device obtains the UTC time from an NTP time source. Views System view Predefined user roles...
  • Page 231 Default The daylight saving time is not set. Views System view Predefined user roles network-admin Parameters : Specifies a name for the daylight saving time schedule, a case-sensitive string of 1 to 32 name characters. : Specifies the start time in the hh:mm:ss format. The value range for hh is 0 to 23. The start-time value range for mm is 0 to 59.

  • Page 232: Clock Timezone

    Examples # Set the system time ahead 1 hour for the period between 06:00:00 on 08/01 and 06:00:00 on 09/01. <Sysname> system-view [Sysname] clock summer-time PDT 6 08/01 6 09/01 1 Related commands clock datetime clock timezone display clock clock timezone to set the time zone.

  • Page 233: Command

    Related commands clock datetime clock summer-time display clock command to assign a command to a job. command undo command to revoke a command. Syntax command id command undo command id Default No command is assigned to a job. Views Job view Predefined user roles network-admin Parameters...

  • Page 234: Copyright-Info Enable

    The device will display the following statement when a user logs in: ****************************************************************************** * Copyright (c) 2004-2019 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 235: Display Copyright

    Examples # Display the system time and date when the time zone is not specified. <Sysname> display clock 10:09:00.258 UTC Fri 03/16/2015 The time is in the hour:minute:second.milliseconds format. # Display the system time and date when the time zone Z5 is specified. <Sysname>...

  • Page 236: Display Cpu-Usage Configuration

    Predefined user roles network-admin network-operator Parameters : Displays CPU usage statistics in table form. If you do not specify this keyword, the summary command displays CPU usage statistics in text form. : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays CPU usage statistics for all member devices.

  • Page 237: Display Cpu-Usage History

    Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays the CPU usage monitoring settings for the master device. : Specifies a CPU by its number. cpu cpu-number Examples # Display the CPU usage monitoring settings.
  • Page 238 : Specifies an IRF member device by its member ID. If you specify a process slot slot-number but do not specify a member device, this command displays the statistics for the process on the master device. If you do not specify any options, this command displays the statistics for all processes on all member devices.

  • Page 239: Display Device

    Examples # Display device information. <Sysname> display device Slot Type State Subslot Soft Ver Patch Ver IE4300-28P-M Master IE4300M-6343P09 None Table 4 Command output Field Description Type Device type. State Role of the device in an IRF fabric:...

  • Page 240: Display Device Manuinfo

    Field Description • Master—The device is the master. • Standby—The device is a subordinate member. Soft Ver Software version of the device. Most recently released patch image version that is running on the device. If no patch image is installed, this field displays None. If both incremental and non-incremental patch images are running on the device, this Patch Ver field displays the most recently released incremental patch image version.

  • Page 241: Display Diagnostic-Information

    Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. slot slot-number : Specifies a power supply by its ID. power Examples # Display electronic label information for a power supply. <Sysname> display device manuinfo slot 1 power 1 display diagnostic-information to display or save operating information for features display diagnostic-information...
  • Page 242 • Use the command to collect operating information display diagnostic-information for multiple or all features and hardware modules. To save storage space, this command automatically compresses the information before saving the information to a file. To view the file content: Use the command to extract the file.

  • Page 243: Display Dying-Gasp Host

    Related commands gunzip more tar extract display dying-gasp host to display poweroff alarm destination host settings. display dying-gasp host Syntax display dying-gasp host Views Any view Predefined user roles network-admin network-operator Examples # Display poweroff alarm destination host settings. <Sysname> display dying-gasp host IPv4 address: 1.1.1.0 Message type: SNMP Trap Securityname: p1...

  • Page 244: Display Environment

    display environment to display temperature information. display environment Syntax display environment [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number : Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays temperature information for all member devices.

  • Page 245: Display Fan

    Field Description support this field, this field displays NA. display fan to display fan tray operating status information. display fan Syntax display fan [ slot slot-number [ fan-id ] ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number : Specifies an IRF member device by its member ID.
  • Page 246 Predefined user roles network-admin network-operator Parameters : Displays brief information about memory usage. If you do not specify this keyword, the summary command displays detailed information about memory usage. : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays memory usage for all member devices.

  • Page 247: Display Memory-Threshold

    Field Description Swap Memory space for swapping. display memory-threshold to display memory alarm thresholds and statistics. display memory-threshold Syntax display memory-threshold [ slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles network-admin Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays the memory usage thresholds and statistics for the master device.

  • Page 248: Display Output-Power Port Status

    [Entered severe alarm state] First notification at: 0.0 Latest notification at: 0.0 Total number of notifications sent: 0 [Back to severe alarm state] First notification at: 0.0 Latest notification at: 0.0 Total number of notifications sent: 0 [Entered critical alarm state] First notification at: 0.0 Latest notification at: 0.0 Total number of notifications sent: 0...

  • Page 249: Display Power

    • Open—No external device is connected to the power terminal for the power supply port, or an open circuit condition exists. • OverVol—An over-voltage condition occurs. • OverCur—An over-current condition occurs. • OverPower—An over-power condition occurs. • UnderVol—An under-voltage condition occurs. OutVoltage Current output voltage of the power supply port.

  • Page 250: Display Scheduler Job

    Field Description • AC—AC power supply. • DC—DC power supply. Output current of the power supply, in amperes. Current(A) If this field is not supported, two hyphens (--) are displayed. Output voltage of the power supply, in volts. Voltage(V) If this field is not supported, two hyphens (--) are displayed. Output power of the power supply, in watts.

  • Page 251: Display Scheduler Reboot

    Views Any view Predefined user roles network-admin network-operator Examples # Display job execution log information. <Sysname> display scheduler logfile Logfile Size: 1902 Bytes. Job name : shutdown Schedule name : shutdown Execution time : Tue Dec 27 10:44:42 2015 Completion time : Tue Dec 27 10:44:47 2015 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z.

  • Page 252: Display Scheduler Schedule

    Examples # Display the automatic reboot schedule. <Sysname> display scheduler reboot System will reboot at 16:32:00 05/23/2015 (in 1 hours and 39 minutes). Related commands scheduler reboot at scheduler reboot delay display scheduler schedule to display schedule information. display scheduler schedule Syntax display scheduler schedule [ schedule-name ] Views...

  • Page 253: Display System Stable State

    Field Description time is not displayed. Number of times the schedule has been executed. If the schedule has never been Execution counts executed, this field is not displayed. Job name Name of a job under the schedule. Result of the most recent execution: •...

  • Page 254: Display Transceiver Alarm

    Table 13 Command output Field Description System status: System state Stable—The system is operating stably. System redundancy status: • Stable—Member devices are operating stably. You can perform a switchover. • Redundancy state No redundance—The system has only one member device. You cannot perform a switchover.

  • Page 255: Display Transceiver Diagnosis

    Table 14 Common transceiver alarm components Field Description Avalanche photo diode Physical coding sublayer PHY XS PHY extended sublayer PMA/PMD Physical medium attachment/physical medium dependent power Optical power REFCLK Reference clock Receive Thermoelectric cooler Temp Temperature Transmit WAN interface sublayer Examples # Display the alarms present on the transceiver module in interface GigabitEthernet 1/0/1.

  • Page 256: Display Transceiver Interface

    Parameters : Specifies an interface by its type and interface [ interface-type interface-number ] number. If no interface is specified, this command displays the current values of the digital diagnosis parameters on every transceiver module. Examples # Display the current values of the digital diagnosis parameters on the transceiver module in interface GigabitEthernet 1/0/1.

  • Page 257: Display Transceiver Manuinfo

    Examples # Display system version information. <Sysname> display version H3C Comware Software, Version 7.1.070, Release 6343P09 Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved. H3C IE4300-28P-M uptime is 0 weeks, 0 days, 6 hours, 43 minutes...

  • Page 258: Display Version-Update-Record

    Last reboot reason : Cold reboot Boot image: flash:/ie4320-cmw710-boot-r6343p09.bin Boot image version: 7.1.070, Release 6343P09 Compiled Jan 21 2022 11:00:00 System image: flash:/ ie4320-cmw710-system-r6343p09.bin System image version: 7.1.070, Release 6343P09 Compiled Jan 21 2022 11:00:00 Table 17 Command output Field Description Reason for the last reboot: •...

  • Page 259: Dying-Gasp Host

    Version : 7.1.070 Release 6343P09 Compile time: Mar 25 2019 15:52:43 *Name : simware-cmw710-system.bin Version : 7.1.070 Release 6343P09 Compile time: Mar 25 2019 15:52:43 Table 18 Command output Field Description Number of the startup software image upgrade record. Record 1 is the most Record n recent record.

  • Page 260: Dying-Gasp Source

    : Uses an SNMP notification to send the poweroff alarm. snmp-trap : Specifies the SNMP version. version : Uses SNMPv1. : Uses SNMPv2c. : Specifies an SNMPv1 or SNMPv2c community name, a securityname security-string case-sensitive string of 1 to 32 characters. : Uses a log message to send the poweroff alarm.

  • Page 261: Header

    If no address is configured for the specified source interface, this command does not take effect. For this command to take effect, assign an address to the source interface. Examples # Use the Loopback 1 interface as the source interface for sending the poweroff alarm. <Sysname>...

  • Page 262: Memory-Threshold

    Syntax job job-name undo job job-name Default No job is assigned to a schedule. Views Schedule view Predefined user roles network-admin Parameters : Specifies the job name, a case-sensitive string of 1 to 47 characters. job-name Usage guidelines You can assign multiple jobs to a schedule. The jobs in a schedule are executed concurrently. The jobs to be assigned to a schedule must already exist.

  • Page 263: Memory-Threshold Usage

    Predefined user roles network-admin Parameters : Specifies free-memory thresholds in percentage. If you do not specify this keyword, the ratio command sets free-memory thresholds in MB. : Specifies the minor alarm threshold. To view the value range for this minor minor-value threshold, enter a question mark (?) in the place of the argument.

  • Page 264: Monitor Cpu-Usage Enable

    Syntax memory-threshold [ slot slot-number [ cpu cpu-number ] usage memory-threshold undo memory-threshold [ slot slot-number [ cpu cpu-number ] ] usage Default The memory usage threshold is 100%. Views System view Predefined user roles network-admin Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command sets the memory usage threshold for the master device.

  • Page 265: Monitor Cpu-Usage Interval

    Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command enables CPU usage monitoring for the master device. : Specifies a CPU by its number. cpu cpu-number Usage guidelines After CPU usage monitoring is enabled, the system samples and saves CPU usage at the interval specified by the...

  • Page 266: Monitor Cpu-Usage Threshold

    <Sysname> system-view [Sysname] monitor cpu-usage interval 5Sec Related commands display cpu-usage configuration display cpu-usage history monitor cpu-usage enable monitor cpu-usage threshold to set CPU usage alarm thresholds. monitor cpu-usage threshold to restore default settings. undo monitor cpu-usage threshold Syntax monitor cpu-usage threshold severe-threshold...

  • Page 267: Monitor Resend Cpu-Usage

    [Sysname] monitor cpu-usage threshold 90 minor-threshold 80 recovery-threshold 70 Related commands display cpu-usage configuration monitor resend cpu-usage to set CPU usage alarm resending intervals. monitor resend cpu-usage to restore default settings. undo monitor resend cpu-usage Syntax monitor resend cpu-usage minor-interval minor-interval severe-interval severe-interval } * [ slot slot-number [ cpu cpu-number ] ] undo monitor resend cpu-usage [ minor-interval | severe-interval ] [ slot...

  • Page 268: Monitor Resend Memory-Threshold

    [Sysname] monitor resend cpu-usage minor-interval 60 slot 1 cpu 0 monitor resend memory-threshold to set memory depletion alarm resending intervals. monitor resend memory-threshold to restore default settings. undo monitor resend memory-threshold Syntax monitor resend memory-threshold { critical-interval critical-interval | minor-interval minor-interval | severe-interval severe-interval } * [ slot slot-number [ cpu cpu-number ] ] undo monitor resend memory-threshold [ critical-interval | minor-interval | severe-interval ] * [ slot slot-number [ cpu cpu-number ] ]...

  • Page 269: Output-Power Enable

    Examples # Set the minor memory depletion alarm resending interval to 12 hours for CPU 0 in slot 1. <Sysname> system-view [Sysname] monitor resend memory-threshold minor-interval 12 slot 1 cpu 0 output-power enable to enable power supply on a power supply port. output-power enable to disable power supply on a power supply port.

  • Page 270: Reboot

    Predefined user roles network-admin Usage guidelines Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords. If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords.

  • Page 271: Reset Scheduler Logfile

    For data security, the device does not reboot if you reboot the device while the device is performing file operations. If the IRF fabric has only one member device, rebooting the member device reboots the entire IRF fabric. If the IRF fabric has a subordinate member and the member is operating correctly, rebooting the master triggers a master/subordinate switchover.

  • Page 272: Reset Version-Update-Record

    reset version-update-record to clear startup software image upgrade records. reset version-update-record Syntax reset version-update-record Views System view Predefined user roles network-admin Examples # Clear the startup software image upgrade records. <Sysname> system-view [Sysname] reset version-update-record This command will delete all records of version update. Continue? [Y/N]:y Related commands display version-update-record restore factory-default...

  • Page 273: Scheduler Job

    Related commands reboot scheduler job to create a job and enter its view, or enter the view of an existing job. scheduler job to delete a job. undo scheduler job Syntax scheduler job job-name undo scheduler job job-name Default No job exists. Views System view Predefined user roles...

  • Page 274: Scheduler Reboot At

    Parameters : Specifies the size of the job execution log file, in KB. The value range is 16 to 1024. value Usage guidelines The job execution log file saves the execution information of jobs. If the file is full, old records are deleted to make room for new records.

  • Page 275: Scheduler Reboot Delay

    The device supports only one device reboot schedule. If you execute both the scheduler reboot delay scheduler reboot at commands or execute one of the commands multiple times, the most recent configuration takes effect. For data security, the system does not reboot at the reboot time if a file operation is being performed. Examples # Configure the device to reboot at 12:00 p.m.

  • Page 276: Scheduler Schedule

    <Sysname> scheduler reboot delay 88 Reboot system at 13:16 06/06/2015(in 1 hours and 28 minutes). Confirm? [Y/N]: scheduler schedule scheduler schedule to create a schedule and enter its view, or enter the view of an existing schedule. to delete a schedule. undo scheduler schedule Syntax scheduler schedule schedule-name...

  • Page 277: Shutdown-Interval

    Examples # Set the port status detection timer to 100 seconds. <Sysname> system-view [Sysname] shutdown-interval 100 sysname to set the device name. sysname to restore the default. undo sysname Syntax sysname sysname undo sysname Default The device name is H3C.

  • Page 278: Transceiver Monitor Enable

    Views System view Predefined user roles network-admin Parameters : Specifies a name for the device, a string of 1 to 64 characters. sysname Usage guidelines A device name identifies a device in a network and is used in CLI view prompts. For example, if the device name is Sysname, the user view prompt is <Sysname>.

  • Page 279: Transceiver Monitor Interval

    transceiver monitor interval to set a transceiver monitoring interval. transceiver monitor interval to restore the default. undo transceiver monitor interval Syntax transceiver monitor interval interval undo transceiver monitor interval Default The transceiver monitoring interval is 600 seconds. Views System view Predefined user roles network-admin Parameters...

  • Page 280: Time At

    Views System view Predefined user roles network-admin Parameters : Specifies an IRF member device by its member ID. slot slot-number : Configures temperature alarm thresholds for hotspot sensors. A hotspot sensor is hotspot typically near the chip that generates a great amount of heat and used to monitor the chip. : Specifies a sensor by its number.

  • Page 281: Time Once

    Predefined user roles network-admin Parameters : Specifies the schedule execution time in the hh:mm format. The value range for hh is 0 to 23. time The value range for mm is 0 to 59. : Specifies the schedule execution date in the MM/DD/YYYY or YYYY/MM/DD format. The date value range for YYYY is 2000 to 2035.

  • Page 282: Time Repeating

    : Specifies the delay time for executing the schedule, in the hh:mm or mm format. This delay time argument can have up to six characters. When in the hh:mm format, mm must be in the range of 0 to Usage guidelines If the specified time has already occurred, the schedule will be executed at the specified time the following day.
  • Page 283 Default No execution time table is specified for a periodic schedule. Views Schedule view Predefined user roles network-admin Parameters : Specifies the execution time in the hh:mm format. The value range for hh is 0 to 23. The at time value range for mm is 0 to 59.

  • Page 284: User-Role

    [Sysname] scheduler schedule saveconfig [Sysname-schedule-saveconfig] time repeating at 8:00 month-date last # Configure the device to execute schedule saveconfig at 8:00 a.m. every Friday and Saturday. <Sysname> system-view [Sysname] scheduler schedule saveconfig [Sysname-schedule-saveconfig] time repeating at 8:00 week-day fri sat Related commands scheduler schedule user-role...
  • Page 285 Contents Tcl commands ······························································································· 1 cli ································································································································································ 1 tclquit ·························································································································································· 1 tclsh ···························································································································································· 2...

  • Page 286: Tcl Commands

    Tcl commands to enable a Comware command to be executed in Tcl configuration view when it conflicts with a Tcl command. Syntax cli command Views Tcl configuration view Predefined user roles network-admin Parameters : Specifies the commands to be executed. They must be complete command lines. command Usage guidelines In Tcl configuration view, if a Comware command conflicts with a Tcl command, the Tcl command will...

  • Page 287: Tclsh

    Views Tcl configuration view Predefined user roles network-admin Usage guidelines To return from Tcl configuration view to user view, you can also use the command. quit To return to the upper-level view after you execute Comware commands to enter system view or a Comware feature view, use the command.
  • Page 288 Contents Python commands ························································································· 1 exit() ··························································································································································· 1 python ························································································································································ 1 python filename ······································································································································ 2...

  • Page 289: Python Commands

    Python commands exit() to exit the Python shell. exit() Syntax exit() Views Python shell Predefined user roles network-admin Usage guidelines To return to user view from the Python shell, you cannot use the command. You must use the quit command. exit() Examples # Exit the Python shell.

  • Page 290: Python

    [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> python filename to execute a Python script. python filename Syntax python filename [ param ] Views User view Predefined user roles network-admin Parameters : Specifies the name of a Python script on a storage medium of the device. The script filename name is case sensitive and must use the extension .py.
  • Page 291 Contents Automatic configuration commands ······························································· 1 autodeploy udisk enable ···························································································································· 1...
  • Page 292 Automatic configuration commands autodeploy udisk enable to enable USB-based automatic configuration. autodeploy udisk enable to disable USB-based automatic configuration. undo autodeploy udisk enable Syntax autodeploy udisk enable undo autodeploy udisk enable Default USB-based automatic configuration is enabled. Views System view Predefined user roles network-admin Usage guidelines...
  • Page 293 H3C IE4300 & IE4300-M & IE4320 Industrial Switch Series Virtual Technologies Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 63xx Document version: 6W101-20230116...
  • Page 294 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 295 Preface This command reference describes IRF configuration commands for setting up and maintaining an IRF fabric, including: • Commands for IRF port binding configuration. • Commands for IRF member ID and priority configuration. • Commands for detecting IRF splits and maintaining the IRF fabric. This preface includes the following topics about the documentation: •...
  • Page 296 Convention Description example, the New User window opens; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > > Folder. Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury.
  • Page 297 It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device. Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 298 Contents IRF commands ······························································································ 1 display irf ···················································································································································· 1 display irf configuration ······························································································································ 2 display irf link ·············································································································································· 3 display irf topology ····································································································································· 4 display mad ················································································································································ 5 easy-irf ······················································································································································· 7 irf auto-update enable ······························································································································ 10 irf domain ················································································································································· 10 irf link-delay ··············································································································································...

  • Page 299: Irf Commands

    IRF commands display irf to display IRF fabric information. display irf Syntax display irf Views Any view Predefined user roles network-admin network-operator Examples # Display IRF fabric information. <Sysname> display irf MemberID Role Priority CPU-Mac Description Loading 00e0-fcbe-3102 F1Num001 Master 00e0-fcb1-ade2 F1Num002 --------------------------------------------------------...
  • Page 300 Field Description Description you have configured for the member device. • If no description is configured, this field displays a dashed line (-----). • If the description exceeds the maximum number of characters that can be Description displayed, an ellipsis (…) is displayed in place of the exceeding text. To display the complete description, use the display current-configuration...

  • Page 301: Display Irf Link

    Table 2 Command output Field Description MemberID Current member ID of the device. NewID Member ID assigned to the device. This member ID takes effect at reboot. Physical interfaces bound to IRF-port 1. IRF-Port1 This field displays disable if no physical interfaces are bound to the IRF port. Physical interfaces bound to IRF-port 2.

  • Page 302: Display Irf Topology

    Field Description Physical interfaces bound to the IRF port. This field displays disable if no Interface physical interfaces have been bound to the IRF port. Link state of the IRF physical interface: • UP—The link is up. • Status DOWN—The link is down. •...

  • Page 303: Display Mad

    Field Description Link state of the IRF port: • UP—The IRF link is up. • DOWN—The IRF link is down because the port has no physical link or has not been activated by the irf-port-configuration active command. • DIS—No physical interfaces have been bound to the IRF port. Link •...
  • Page 304 Excluded ports (user-configured): Bridge-Aggregation4 Vlan-interface999 Excluded ports (system-configured): IRF physical interfaces: Ten-GigabitEthernet1/0/49 Ten-GigabitEthernet1/0/50 Ten-GigabitEthernet2/0/49 Ten-GigabitEthernet2/0/50 BFD MAD interfaces: GigabitEthernet1/0/10 GigabitEthernet2/0/10 Vlan-interface3 Member interfaces of excluded interface Bridge-Aggregation 4: GigabitEthernet1/0/11 GigabitEthernet2/0/11 MAD ARP disabled. MAD ND disabled. MAD LACP enabled interface: Bridge-Aggregation 1 MAD status : Normal Member ID...

  • Page 305: Easy-Irf

    Field Description Excluded ports Network interfaces manually configured to not shut down when the IRF fabric (user-configured) transits to the Recovery state. Network interfaces set to not shut down by the system when the IRF fabric transits to the Recovery state. These interfaces are not manually configured. •...
  • Page 306 Syntax easy-irf [ member member-id [ renumber new-member-id ] domain domain-id [ priority priority ] [ irf-port1 interface-list1 ] [ irf-port2 interface-list2 ] ] Views System view Predefined user roles network-admin Parameters : Specifies the member ID of a member device. The value range for the member member-id member ID is 1 to 10.
  • Page 307 • Use a comma (,) to separate two physical interfaces. No spaces are allowed between interfaces. To remove an IRF physical interface from an IRF port, you must use the undo port group interface command in IRF port view. Examples # Bulk-configure basic IRF settings by using the non-interactive method.

  • Page 308: Irf Auto-Update Enable

    IRF priority : 10 IRF-port 1 : Ten-GigabitEthernet2/0/51, Ten-GigabitEthernet2/0/52 IRF-port 2 : Disabled ***************************************************************************** Are you sure to use these settings to set up IRF? [Y/N] y Starting to configure IRF... Configuration succeeded. The device will reboot for the new member ID to take effect. Continue? [Y/N] y irf auto-update enable to enable the software auto-update feature.

  • Page 309: Irf Link-Delay

    Default The IRF domain ID is 0. Views System view Predefined user roles network-admin Parameters : Specifies a domain ID for the IRF fabric. The value range is 0 to 4294967295. domain-id Usage guidelines CAUTION: Changing the IRF domain ID of an IRF member device will remove that member device from the IRF fabric.

  • Page 310: Irf Mac-Address Persistent

    Usage guidelines The device delays reporting link status change events of an IRF port, but it does not delay reporting link status change events of an IRF physical interface. Examples # Set the IRF link status change report delay to 300 milliseconds. <Sysname>...

  • Page 311: Irf Member Description

    On a switched LAN, the IRF bridge MAC address must be unique for correct traffic transmission. When IRF fabrics merge, IRF ignores the IRF bridge MAC address and checks the bridge MAC address of each member device in the IRF fabrics. IRF merge fails if any two member devices have the same bridge MAC address.

  • Page 312: Irf Member Renumber

    Predefined user roles network-admin Parameters : Specifies an IRF member ID. The value range for IRF member IDs is 1 to 10. member-id : Sets priority in the range of 1 to 32. The greater the priority value, the higher the priority. priority A member with higher priority is more likely to be the master.

  • Page 313: Irf-Port

    Interchanging member IDs between IRF member devices might cause undesirable configuration changes and data loss. For example, the IRF member IDs of Device A and Device B are 2 and 3, respectively. After you interchange their member IDs, their port settings also interchange. Examples # Change the ID of an IRF member device from 1 to 2.

  • Page 314: Irf-Port-Configuration Active

    irf-port-configuration active to activate IRF ports. irf-port-configuration active Syntax irf-port-configuration active Views System view Predefined user roles network-admin Usage guidelines After connecting the physical interfaces between two devices and binding them to the correct IRF ports, you must use this command to activate the settings on the IRF ports. This command merges the two devices into one IRF fabric.

  • Page 315: Mad Arp Enable

    mad arp enable to enable ARP MAD. mad arp enable to disable ARP MAD. undo mad arp enable Syntax mad arp enable undo mad arp enable Default ARP MAD is disabled. Views VLAN interface view Predefined user roles network-admin Usage guidelines Do not configure ARP MAD together with LACP MAD or BFD MAD, because they handle collisions differently.

  • Page 316: Mad Bfd Enable

    [Sysname] interface vlan-interface 3 [Sysname-Vlan-interface3] mad arp enable You need to assign a domain ID (range: 0-4294967295) [Current domain is: 0]: 1 The assigned domain ID is: 1 Related commands irf domain mad bfd enable to enable BFD MAD. mad bfd enable to disable BFD MAD.

  • Page 317: Mad Enable

    Category Restrictions and guidelines Do not use the BFD MAD VLAN for any purposes other than configuring BFD MAD. • Use only the mad bfd enable mad ip address commands on the BFD MAD-enabled VLAN interface. If you configure other BFD MAD VLAN and features, both BFD MAD and other features on the interface might run feature compatibility...

  • Page 318: Mad Exclude Interface

    An IRF fabric has only one IRF domain ID. You can change the IRF domain ID by using the following commands: irf domain mad enable mad arp enable , or mad nd enable . The IRF domain IDs configured by using these commands overwrite each other. Examples # Enable LACP MAD on Bridge-Aggregation 1, a Layer 2 dynamic aggregate interface.

  • Page 319: Mad Ip Address

    command on the inactive IRF fabric to recover the inactive IRF fabric. This command also restore brings up all interfaces that were shut down by MAD. Examples # Exclude GigabitEthernet 1/0/1 from being shut down when the MAD status transits to Recovery. <Sysname>...

  • Page 320: Mad Nd Enable

    <Sysname> system-view [Sysname] interface vlan-interface 3 [Sysname-Vlan-interface3] mad ip address 192.168.0.1 255.255.255.0 member 1 # Assign a MAD IP address to IRF member 2 on VLAN-interface 3. [Sysname-Vlan-interface3] mad ip address 192.168.0.2 255.255.255.0 member 2 Related commands mad bfd enable mad nd enable to enable ND MAD.

  • Page 321: Mad Restore

    Category Restrictions and guidelines If an intermediate device is used, make sure the following requirements are met: • Run the spanning tree feature between the IRF fabric and the intermediate device to ensure that there is only one ND MAD link in forwarding state.

  • Page 322: Port Group Interface

    Restoring from multi-active conflict state, please wait... port group interface to bind a physical interface to an IRF port. port group interface to remove the binding of a physical interface to an IRF port. undo port group interface Syntax port group interface interface-type interface-number undo port group interface interface-name Default No physical interfaces are bound to an IRF port.
  • Page 323 [Sysname-Ten-GigabitEthernet1/0/51] undo shutdown Related commands irf-port...
  • Page 324 H3C IE4300 & IE4300-M & IE4320 Industrial Switch Series Layer 2—LAN Switching Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 63xx Document version: 6W101-20230116...
  • Page 325 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 326 Preface This command reference describes Layer 2—LAN switching configuration commands. This preface includes the following topics about the documentation: • Audience • Conventions • Documentation feedback Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...
  • Page 327 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 328 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 329 Contents Ethernet interface commands ········································································ 1 Common Ethernet interface commands············································································································· 1 bandwidth ··················································································································································· 1 broadcast-suppression ······························································································································· 1 combo enable ············································································································································· 3 dampening ················································································································································· 4 default ························································································································································ 5 description ·················································································································································· 5 display counters ········································································································································· 6 display counters rate ·································································································································· 7 display ethernet statistics ··························································································································· 8 display interface ·······································································································································...

  • Page 330: Ethernet Interface Commands

    Ethernet interface commands Common Ethernet interface commands bandwidth to set the expected bandwidth of an interface. bandwidth to restore the default. undo bandwidth Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth (in kbps) is the interface baud rate divided by 1000. Views Ethernet interface view Predefined user roles...
  • Page 331 Default Ethernet interfaces do not suppress broadcast traffic. Views Ethernet interface view Predefined user roles network-admin Parameters : Sets the broadcast suppression threshold as a percentage of the interface bandwidth. The ratio value range for this argument is 0 to 100. A smaller value means that less broadcast traffic is allowed to pass through.

  • Page 332: Combo Enable

    combo enable to activate the copper or fiber combo port of a combo interface. combo enable Syntax combo enable { auto | copper | fiber } Default The copper or fiber combo port is automatically activated depending on the medium inserted in the combo interface.

  • Page 333: Dampening

    dampening to enable the device to dampen an interface when the interface is flapping. dampening to restore the default. undo dampening Syntax dampening [ half-life reuse suppress max-suppress-time ] undo dampening Default Interface dampening is disabled on Ethernet interfaces. Views Ethernet interface view Predefined user roles network-admin...

  • Page 334: Default

    • Reuse value to 800. • Suppression threshold to 3000. • Maximum suppression interval to 5 seconds. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dampening 2 800 3000 5 Related commands display interface link-delay port link-flap protect enable default to restore the default settings for an interface. default Syntax default...

  • Page 335: Display Counters

    Default The description of an interface is the interface name plus Interface (for example, GigabitEthernet1/0/1 Interface). Views Ethernet interface view Predefined user roles network-admin Parameters : Specifies the interface description, a case-sensitive string of 1 to 255 characters. text Examples # Set the description of GigabitEthernet 1/0/1 to lan-interface.

  • Page 336: Display Counters Rate

    <Sysname> display counters inbound interface Interface Total (pkts) Broadcast (pkts) Multicast (pkts) Err (pkts) GE1/0/1 GE1/0/2 Overflow Overflow Overflow Overflow Overflow: More than 14 digits (7 digits for column "Err"). --: Not supported. Table 1 Command output Field Description Interface Abbreviated interface name.

  • Page 337: Display Ethernet Statistics

    If you specify an interface type but do not specify an interface number, this command displays traffic rate statistics for all up interfaces of the specified type. If you specify an interface type and an interface, this command displays traffic rate statistics for the specified interface.
  • Page 338 network-operator Parameters Specifies an IRF member device by its member ID. slot slot-number: Examples # Display the Ethernet module statistics for the specified slot. <Sysname> display ethernet statistics slot 1 ETH receive packet statistics: Totalnum : 10447 ETHIINum : 4459 SNAPNum RAWNum LLCNum...

  • Page 339: Display Interface

    Field Description software version. • ISIS2—Number of large 802.3/802.2 frames encapsulated by using IS-IS. This field is not supported in the current software version. • IP—Number of IP packets. • IPv6—Number of IPv6 packets. Statistics about the error Ethernet packets in the inbound direction on the Ethernet module.
  • Page 340 Syntax display interface [ interface-type [ interface-number ] ] [ brief [ description | down ] ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface type. interface-type : Specifies an interface number. interface-number : Displays brief interface information. If you do not specify this keyword, the command brief displays detailed interface information.
  • Page 341 UnTagged VLANs: 1 Port priority: 2 Last link flapping: 6 hours 39 minutes 25 seconds Last clearing of counters: 14:34:09 Tue 11/01/2011 Current system time:2018-08-10 14:58:27 Last time when physical state changed to up:- Last time when physical state changed to down:2018-08-10 14:57:58 Peak input rate: 0 bytes/sec, at 2013-07-17 22:06:19 Peak output rate: 0 bytes/sec, at 2013-07-17 22:06:19 Last 300 seconds input:...
  • Page 342 Field Description • UP—The interface is both administratively and physically Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. • UP—The data link layer protocol is up. • UP (spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist.
  • Page 343 Field Description speed auto Link speed type is autonegotiation The interface is configured with the command. The interface is manually configured with a speed (for example, Link speed type is force link speed 1000 Mbps) by using the command. duplex auto link duplex type is autonegotiation The interface is configured with the command.
  • Page 344 Field Description Last time when the physical state of the interface changed to up. If the time zone is configured, this field is in the YYYY/MM/DD Last time when physical state changed HH:MM:SS zone-name±HH:MM:SS format, where the to up zone-name argument is the local time zone. A hyphen (-) indicates that the physical state of the interface has never changed.
  • Page 345 Field Description Number of inbound frames that had a non-integer number of throttles bytes. Total number of inbound frames that had a normal length, but contained CRC errors. Total number of inbound frames that contained CRC errors and a frame non-integer number of bytes.
  • Page 346 Field Description Number of packets dropped because the output rate of the underruns interface exceeded the output queuing capability. This is a low-probability hardware anomaly. Number of packets dropped because the transmitting buffer of the buffer failures interface ran low. Number of packets that failed to be transmitted, for example, aborts because of Ethernet collisions.
  • Page 347 Brief information on interfaces in bridge mode: Link: ADM - administratively down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE1/0/3...

  • Page 348: Display Interface Link-Info

    Field Description speed but the autonegotiation has not started. Duplex mode of the interface: • A—Autonegotiation. The interface is configured to autonegotiate its duplex mode but the autonegotiation has not started. • F—Full duplex. Duplex • F(a)—Autonegotiated full duplex. • H—Half duplex.
  • Page 349 Predefined user roles network-admin network-operator Examples # Display status and statistics of all interfaces. <Sysname> display interface link-info Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol InUsage OutUsage InErrs OutErrs GE1/0/1 NULL0 UP(s) Overflow: More than 7 digits.

  • Page 350: Display Link-Flap Protection

    Field Description bandwidth. To set the statistics polling interval, use the flow-interval command. InErrs Number of error packets received. OutErrs Number of error packets sent. Overflow: More than 7 digits. The data length of a statistical item value is greater than 7 decimal digits. A hyphen (-) indicates that the corresponding statistical item is not --: Not supported.

  • Page 351: Duplex

    Field Description • Enabled—Link flapping protection is enabled on an interface. • Disabled—Link flapping protection is disabled on an interface. Status of an interface: • Down—The interface has been shut down by the link flapping protection Status feature. • N/A—The interface status is not affected by the link flapping protection feature. Interval Link flapping detection interval for an interface.

  • Page 352: Flow-Control

    IMPORTANT: Fiber ports do not support this command. to enable Energy Efficient Ethernet (EEE) on an interface. eee enable to disable EEE on an interface. undo eee enable Syntax eee enable undo eee enable Default EEE is disabled. Views Ethernet interface view Predefined user roles network-admin Usage guidelines...

  • Page 353: Flow-Control Receive Enable

    • When congested, the interface sends a flow control frame to its peer. • Upon receiving a flow control frame from the peer, the interface suspends sending packets. To implement flow control on a link, enable generic flow control at both ends of the link. Examples # Enable TxRx-mode generic flow control on GigabitEthernet 1/0/1.

  • Page 354: Ifmonitor Crc-Error

    Syntax flow-interval interval undo flow-interval Default The statistics polling interval is 300 seconds. Views System view Ethernet interface view Predefined user roles network-admin Parameters : Sets the statistics polling interval in seconds. The interval is in the range of 5 to 300 and interval must be a multiple of 5.

  • Page 355: Ifmonitor Input-Error

    Predefined user roles network-admin Parameters : Specifies the upper threshold for CRC error packet alarms, in high-threshold high-value the range of 1 to 4294967295 packets. : Specifies the lower threshold for CRC error packet alarms, in the low-threshold low-value range of 1 to 4294967295 packets. : Specifies the statistics collection and comparison interval for CRC error interval interval packets, in the range of 1 to 65535 seconds.

  • Page 356: Ifmonitor Output-Error

    Default The upper threshold is 1000, the lower threshold is 100, and the statistics collection and comparison interval is 10 seconds for input error packet alarms. Views System view Predefined user roles network-admin Parameters high-threshold high-value : Specifies the upper threshold for input error packet alarms, in the range of 1 to 4294967295 packets.
  • Page 357 Syntax ifmonitor output-error slot slot-number high-threshold high-value low-threshold low-value interval interval [ shutdown ] undo ifmonitor output-error slot slot-number Default The upper threshold is 1000, the lower threshold is 100, and the statistics collection and comparison interval is 10 seconds for output error packet alarms. Views System view Predefined user roles...

  • Page 358: Interface

    interface to enter interface view. interface Syntax interface interface-type interface-number Views System view Predefined user roles network-admin Parameters : Specifies an interface type. interface-type : Specifies an interface number. interface-number Examples # Enter the view of GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] jumboframe enable...

  • Page 359: Link-Delay

    [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] jumboframe enable link-delay link-delay to set the physical state change suppression interval on an Ethernet interface. to restore the default. undo link-delay Syntax link-delay { down | up } [ msec ] delay-time undo link-delay { down | up } Default Each time the physical link of a port goes up or comes down, the interface immediately reports the change to the CPU.

  • Page 360: Link-Flap Protect Enable

    This command, the command, and the dampening port link-flap protect enable command are mutually exclusive on an Ethernet interface. Examples # Set the link-down event suppression interval to 8 seconds on GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] link-delay down 8 # Set the link-up event suppression interval to 800 milliseconds on GigabitEthernet 1/0/1.

  • Page 361: Loopback

    Related commands port link-flap protect enable loopback to enable loopback testing on an Ethernet interface. loopback Syntax loopback { external | internal } Default Loopback testing is disabled on an Ethernet interface. Views Ethernet interface view Predefined user roles network-admin Parameters : Enables external loopback testing on the Ethernet interface.

  • Page 362: Port Auto-Power-Down

    Views Ethernet interface view Predefined user roles network-admin Parameters : Sets the multicast suppression threshold as a percentage of the interface bandwidth. The ratio value range for this argument (in percentage) is 0 to 100. A smaller value means that less multicast traffic is allowed to pass through.

  • Page 363: Port Ifmonitor Crc-Error

    IMPORTANT: Fiber ports do not support this command. to enable auto power-down on an Ethernet interface. port auto-power-down to disable auto power-down on an Ethernet interface. undo port auto-power-down Syntax port auto-power-down undo port auto-power-down Default Auto power-down is disabled on Ethernet interfaces. Views Ethernet interface view Predefined user roles...

  • Page 364: Port Ifmonitor Input-Error

    Views Ethernet interface view Predefined user roles network-admin Parameters : Specifies the upper threshold for CRC error packet alarms. If high-threshold high-value you specify the keyword, the value range is 1 to 100. If you do not specify the ratio ratio keyword, the value range is 1 to 4294967295 packets.
  • Page 365 Syntax port ifmonitor input-error high-threshold high-value low-threshold low-value interval interval [ shutdown ] undo port ifmonitor input-error Default An interface uses the global input error packet alarm parameters. Views Ethernet interface view Predefined user roles network-admin Parameters : Specifies the upper threshold for input error packet alarms, in high-threshold high-value the range of 1 to 4294967295 packets.

  • Page 366: Port Ifmonitor Output-Error

    port ifmonitor output-error to configure output error packet alarm parameters for an port ifmonitor output-error interface. to restore the default. undo port ifmonitor output-error Syntax port ifmonitor output-error high-threshold high-value low-threshold low-value interval interval [ shutdown ] undo port ifmonitor output-error Default An interface uses the global output error packet alarm parameters.

  • Page 367: Port Link-Flap Protect Enable

    [Sysname-GigabitEthernet1/0/1] port ifmonitor output-error high-threshold 5000 low-threshold 400 interval 6 Related commands snmp-agent trap enable ifmonitor port link-flap protect enable to enable link flapping protection on an interface. port link-flap protect enable to disable link flapping protection on an interface. undo port link-flap protect enable Syntax port link-flap protect enable [ interval interval | threshold threshold ] *...

  • Page 368: Port Up-Mode

    [Sysname-GigabitEthernet 1/0/1] port link-flap protect enable interval 10 threshold 5 Related commands dampening link-delay link-flap protect enable port up-mode to forcibly bring up a fiber Ethernet port. port up-mode to restore the default. undo port up-mode Syntax port up-mode undo port up-mode Default A fiber Ethernet port is not forcibly brought up.

  • Page 369: Reset Ethernet Statistics

    Predefined user roles network-admin Parameters : Specifies an interface type. interface-type : Specifies an interface number. interface-number Usage guidelines Use this command to clear history statistics if you want to collect traffic statistics for a specific time period. If you do not specify an interface type, this command clears statistics for all interfaces. If you specify an interface type but do not specify an interface number, this command clears statistics for all interfaces of the specified type.

  • Page 370: Snmp-Agent Trap Enable Ifmonitor

    Syntax shutdown undo shutdown Default Ethernet interfaces are in up state. Views Ethernet interface view Predefined user roles network-admin Usage guidelines CAUTION: Executing the command on an interface will disconnect the link of the interface and shutdown interrupt communication. Use this command with caution. Some interface configurations might require an interface restart before taking effect.

  • Page 371: Speed

    Predefined user roles network-admin Parameters : Enables the CRC error packet alarm function for interfaces. crc-error : Enables the input error packet alarm function for interfaces. input-error : Enables the output error packet alarm function for interfaces. output-error Examples # Enable the CRC error packet alarm function for interfaces. <Sysname>...

  • Page 372: Speed Auto Downgrade

    use the command in interface view. If the system does not prompt that operation failed speed ? when you configure a speed for a fiber port, the fiber port supports this speed. Otherwise, the fiber port does not support this speed. Additionally, you must select a speed for a fiber port according to the transceiver module installed to ensure that the transceiver module can be used properly.

  • Page 373: Unicast-Suppression

    unicast-suppression to enable unknown unicast storm suppression and set the unknown unicast-suppression unicast storm suppression threshold. to disable unknown unicast storm suppression. undo unicast-suppression Syntax unicast-suppression { ratio | pps max-pps | kbps max-kbps } undo unicast-suppression Default Ethernet interfaces do not suppress unknown unicast traffic. Views Ethernet interface view Predefined user roles...

  • Page 374: Layer 2 Ethernet Interface Commands

    [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] unicast-suppression kbps 10000 The actual value is 10048 on port GigabitEthernet1/0/1 currently. The output shows that the value that takes effect is 10048 kbps (157 times of 64), because the chip only supports step 64. Related commands broadcast-suppression multicast-suppression...

  • Page 375: Mdix-Mode

    Table 8 Command output Field Description Flow Statistic Interval Traffic polling interval (in seconds) of the storm control module. Port Abbreviated interface name. Type of traffic subjected to storm control: • BC—Broadcast packets. • MC—Multicast packets. Type • UC—Unknown unicast packets. •...

  • Page 376: Port Bridge Enable

    Default Ethernet interfaces operate in mode. automdix Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters : Specifies that the interface negotiates pin roles with its peer. automdix : Specifies that pins 1 and 2 are transmit pins and pins 3 and 6 are receive pins. : Specifies that pins 1 and 2 are receive pins and pins 3 and 6 are transmit pins.

  • Page 377: Speed Auto

    speed auto to set options for speed autonegotiation. speed auto to restore the default. undo speed Syntax speed auto { 10 | 100 | 1000 } * undo speed Default No option is set for speed autonegotiation. Views 100-Mbps or 1000-Mbps Layer 2 Ethernet interface view Predefined user roles network-admin Parameters...
  • Page 378 Syntax storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } upperlimit lowerlimit undo storm-constrain { all | broadcast | multicast | unicast } Default Traffic storm control is disabled. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters...

  • Page 379: Storm-Constrain Control

    When configuring this command, make sure is greater than upperlimit lowerlimit Examples # Enable unknown unicast storm control on GigabitEthernet 1/0/1 and set the upper and lower thresholds to 200 pps and 150 pps, respectively. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] storm-constrain unicast pps 200 150 # Enable broadcast storm control on GigabitEthernet 1/0/2, and set the upper and lower thresholds to 2000 kbps and 1500 kbps, respectively.

  • Page 380: Storm-Constrain Enable Log

    Examples # Configure GigabitEthernet 1/0/1 to block a specific type of traffic when the type of traffic exceeds the upper storm control threshold. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] storm-constrain control block Related commands storm-constrain storm-constrain control storm-constrain enable log to enable an Ethernet interface to output log messages storm-constrain enable log when it detects storm control threshold events.

  • Page 381: Storm-Constrain Interval

    Default An interface sends out storm control threshold event traps when monitored traffic exceeds the upper threshold or drops below the lower threshold from a value above the upper threshold. Views Layer 2 Ethernet interface view Predefined user roles network-admin Examples # Enable GigabitEthernet 1/0/1 to send traps when it detects storm control threshold events.

  • Page 382: Virtual-Cable-Test

    virtual-cable-test to test the cable connection of an Ethernet interface and display the virtual-cable-test test result. Syntax virtual-cable-test Views Layer 2 Ethernet interface view Predefined user roles network-admin Usage guidelines This command is not available on Ethernet copper ports operating at 10 Mbps or 100 Mbps and fiber ports.
  • Page 383 Field Description Cable pair state: • OK—The cable pair is in good condition. • Abnormal—The cable pair is abnormal. Pair x state • Abnormal (open)—An open circuit is detected. • Abnormal (short)—A short circuit is detected. • Invalid—The test failed.
  • Page 384 Contents Loopback, null, and inloopback interface commands ····································· 1 bandwidth ··················································································································································· 1 default ························································································································································ 1 description ·················································································································································· 2 display interface inloopback ······················································································································· 3 display interface loopback ·························································································································· 5 display interface null ··································································································································· 7 interface loopback ······································································································································ 9 interface null ··············································································································································· 9 reset counters interface loopback ············································································································...

  • Page 385: Loopback, Null, And Inloopback Interface Commands

    Loopback, null, and inloopback interface commands bandwidth to set the expected bandwidth for an interface. bandwidth to restore the default. undo bandwidth Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth of a loopback interface is 0 kbps. Views Loopback interface view Predefined user roles network-admin Parameters...

  • Page 386: Description

    Usage guidelines CAUTION: command might interrupt ongoing network services. Make sure you are fully aware default of the impact of this command before using it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.

  • Page 387: Display Interface Inloopback

    display interface inloopback to display information about the inloopback interface. display interface inloopback Syntax display interface [ inloopback [ 0 ] ] [ brief [ description | down ] ] Views Any view Predefined user roles network-admin network-operator Parameters inloopback [ 0 ] : Specifies Inloopback 0.
  • Page 388 Field Description Data link layer state of the interface, which is always UP(spoofing). UP(spoofing) represents that the data link layer protocol of the Line protocol state interface is up, but the link is an on-demand link or does not exist. This attribute is typical of null interfaces and loopback interfaces.

  • Page 389: Display Interface Loopback

    Field Description Description of the interface. Because inloopback interfaces do not Description support CLI configuration, this field does not display a value. display interface loopback to display information about the specified or all existing display interface loopback loopback interfaces. Syntax display interface [ loopback [ interface-number ] ] [ brief [ description | down ] ] Views...
  • Page 390 Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops Table 3 Command output Field Description Physical link state of the interface:...

  • Page 391: Display Interface Null

    Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Primary IP Description Loop1 UP(s) forLAN1 # Display information about all loopback interfaces in down state and the causes. <Sysname>...
  • Page 392 Views Any view Predefined user roles network-admin network-operator Parameters : Specifies Null 0. If you do not specify the keyword, the command displays null [ 0 ] null information about all interfaces. : Displays brief interface information. If you do not specify this keyword, the command brief displays detailed interface information.

  • Page 393: Interface Loopback

    interface loopback to create a loopback interface and enter its view, or enter the view of interface loopback an existing loopback interface. to remove a loopback interface. undo interface loopback Syntax interface loopback interface-number undo interface loopback interface-number Default No loopback interfaces exist. Views System view Predefined user roles...

  • Page 394: Reset Counters Interface Loopback

    Parameters : Specifies Null 0. The null interface number is always 0. Examples # Enter Null 0 interface view. <Sysname> system-view [Sysname] interface null 0 [Sysname-NULL0] reset counters interface loopback to clear the statistics on the specified or all reset counters interface loopback loopback interfaces.

  • Page 395: Shutdown

    Predefined user roles network-admin Parameters : Specifies Null 0. If you do not specify the keyword, the command clears the null [ 0 ] null statistics on all interfaces. Usage guidelines To determine whether the null interface works correctly within a period by collecting the traffic statistics within that period, first use the command reset counters interface [ null [ 0 ] ]...
  • Page 396 Contents Bulk interface configuration commands ························································· 1 display interface range ······························································································································· 1 interface range ··········································································································································· 1 interface range name ································································································································· 3...

  • Page 397: Bulk Interface Configuration Commands

    Bulk interface configuration commands display interface range to display information about named interface ranges created by display interface range using the command. interface range name Syntax display interface range [ name name ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface range by its name, a case-sensitive string of 1 to 32 characters.
  • Page 398 . The interface-type interface-number1 to interface-type interface-number2 start interface number must be identical to or lower than the end interface number. Usage guidelines Use this command to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, execute the command in interface range view to shut shutdown down a range of interfaces.

  • Page 399: Interface Range Name

    interface range name to create a named interface interface range name name interface interface-list range and enter the interface range view. without the keyword to enter the view of a interface range name name interface named interface range. undo interface range name to delete the interface range with the specified name.
  • Page 400 To view the member interfaces of a named interface range, use the display interface range command. The device does not output prompt or alarm messages during the bulk interface configuration process. Make sure you are fully aware of the impacts of the bulk interface configuration. When you bulk configure interfaces, follow these guidelines: •...
  • Page 401 Contents MAC address table commands ······································································ 1 display mac-address ·································································································································· 1 display mac-address aging-time ················································································································ 2 display mac-address hash-bucket-size ······································································································ 3 display mac-address hash-conflict-record·································································································· 3 display mac-address mac-learning ············································································································ 4 display mac-address mac-move ················································································································ 5 display mac-address statistics ··················································································································· 6 mac-address (interface view) ·····················································································································...

  • Page 402: Mac Address Table Commands

    MAC address table commands This document covers the configuration of unicast MAC address entries, including static, dynamic, blackhole, and multiport unicast MAC address entries. For more information about configuring static multicast MAC address entries, see IGMP snooping and IPv6 multicast routing and forwarding in IP Multicast Configuration Guide.

  • Page 403: Display Mac-Address Aging-Time

    entry has lower priority. The device prefers to use the multiport unicast entry to forward frames destined for the MAC address in the entry. Examples # Display MAC address entries for VLAN 100. <Sysname> display mac-address vlan 100 MAC Address VLAN ID State Port/Nickname...

  • Page 404: Display Mac-Address Hash-Bucket-Size

    Views Any view Predefined user roles network-admin network-operator Examples # Display the aging timer for dynamic MAC address entries. <Sysname> display mac-address aging-time MAC address aging time: 300s. Related commands mac-address timer display mac-address hash-bucket-size to display the hash bucket size for the MAC display mac-address hash-bucket-size address table.

  • Page 405: Display Mac-Address Mac-Learning

    Syntax display mac-address hash-conflict-record slot slot-number Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. slot slot-number Usage guidelines A device enabled with MAC hashing conflict logging records the MAC hashing conflicts that occur in MAC address learning.

  • Page 406: Display Mac-Address Mac-Move

    Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface by its type and interface interface-type interface-number number. If you do not specify an interface, the command displays the global MAC address learning status and the MAC address learning status of all interfaces. Examples # Display the global MAC address learning status and the MAC learning status of all interfaces.

  • Page 407: Display Mac-Address Statistics

    Usage guidelines When a MAC address frequently moves between the specified two interfaces, Layer 2 loops might occur in the network. To discover and locate loops, you can view the MAC address move records. In the MAC address move records, records with the same MAC address, VLAN, source port, and current port are considered to be one record.

  • Page 408: Mac-Address (Interface View)

    Predefined user roles network-admin network-operator Usage guidelines This command displays the number of MAC address entries per type and the maximum number of MAC address entries allowed for each type. Examples # Display MAC address table statistics. <Sysname> display mac-address statistics MAC Address Count: Dynamic Unicast Address (Learned) Count: Dynamic Unicast Address (Security-service-defined) Count:...
  • Page 409 Syntax mac-address { dynamic | multiport | static } mac address vlan vlan undo mac-address { dynamic | multiport | static } mac address vlan vlan Default An interface is not configured with MAC address entries. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin...

  • Page 410: Mac-Address (System View)

    [Sysname-GigabitEthernet1/0/1] mac-address multiport 0001-0001-0101 vlan 2 [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface gigabitethernet 1/0/2 [Sysname-GigabitEthernet1/0/2] mac-address multiport 0001-0001-0101 vlan 2 Related commands display mac-address (system view) mac-address mac-address (system view) mac-address to add or modify a MAC address entry. to delete one or all MAC address entries. undo mac-address Syntax mac-address { dynamic | static } mac...
  • Page 411 : Specifies an existing VLAN to which the interface belongs. The value range for the vlan vlan argument is 1 to 4094. vlan-id : Specifies an outgoing interface by its type interface interface type interface number and number. : Specifies a list of up to four interface items. Each interface item interface interface-list can be an individual interface in the format of or a range...

  • Page 412: Mac-Address Hash-Bucket-Size

    [Sysname] mac-address multiport 000f-e201-0101 interface gigabitethernet 1/0/1 to gigabitethernet 1/0/3 vlan 2 Related commands display mac-address (interface view) mac-address mac-address hash-bucket-size to set the hash bucket size of the MAC address table. mac-address hash-bucket-size to restore the default. undo mac-address hash-bucket-size Syntax mac-address hash-bucket-size size undo mac-address hash-bucket-size...

  • Page 413: Mac-Address Mac-Learning Enable

    to disable MAC hashing conflict undo mac-address hash-conflict-record enable logging. Syntax mac-address hash-conflict-record enable slot slot-number undo mac-address hash-conflict-record enable slot slot-number Default MAC hashing conflict logging is disabled. Views System view Predefined user roles network-admin Parameters : Specifies an IRF member device by its member ID. slot slot-number Usage guidelines The device generates a unique hashing key for each MAC address when learning MAC addresses.

  • Page 414: Mac-Address Mac-Move Fast-Update

    Views System view Layer 2 Ethernet interface view Layer 2 aggregate interface view VLAN view Predefined user roles network-admin Usage guidelines To prevent the MAC address table from becoming saturated, you can disable MAC address learning. For example, a number of packets with different source MAC addresses reaching a device can affect the MAC address table update.

  • Page 415: Mac-Address Mac-Roaming Enable

    to disable ARP fast update for MAC address undo mac-address mac-move fast-update moves. Syntax mac-address mac-move fast-update undo mac-address mac-move fast-update Default ARP fast update is disabled for MAC address moves. Views System view Predefined user roles network-admin Examples # Enable ARP fast update for MAC address moves. <Sysname>...

  • Page 416: Mac-Address Max-Mac-Count

    mac-address max-mac-count to set the MAC learning limit on an interface. mac-address max-mac-count to restore the default. undo mac-address max-mac-count Syntax mac-address max-mac-count count undo mac-address max-mac-count Default The number of MAC addresses that can be learned on an interface is not limited. Views Layer 2 Ethernet interface view Predefined user roles...

  • Page 417: Mac-Address Multicast-Source Packet-Filter

    Default When the MAC learning limit on an interface is reached, the device can forward unknown frames received on the interface. Views Layer 2 Ethernet interface view Predefined user roles network-admin Examples # Configure GigabitEthernet 1/0/1 to learn a maximum of 600 MAC address entries. <Sysname>...

  • Page 418: Mac-Address Notification Mac-Move

    mac-address notification mac-move to enable MAC address move notifications and mac-address notification mac-move optionally specify a MAC move detection interval. to disable MAC address move undo mac-address notification mac-move notifications. Syntax mac-address notification mac-move [ interval interval ] undo mac-address notification mac-move Default MAC address move notifications are disabled.

  • Page 419: Mac-Address Notification Mac-Move Suppression (Interface View)

    • The VLAN ID of MAC address 0000-0012-0034 is VLAN 500. • The MAC address moved from GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2. • The MAC address has moved once within a MAC move detection interval. Related commands display mac-address mac-move mac-address notification mac-move suppression (interface view) to enable MAC address move...

  • Page 420: Mac-Address Timer

    to restore the default. undo mac-address notification mac-move suppression Syntax mac-address notification mac-move suppression { interval interval | threshold threshold } undo mac-address notification mac-move suppression { interval threshold } Default The suppression interval is 30 seconds. The suppression threshold is 3. Views System view Predefined user roles...

  • Page 421: Snmp-Agent Trap Enable Mac-Address

    Default The aging timer is 300 seconds for dynamic MAC address entries. Views System view Predefined user roles network-admin Parameters : Specifies an aging timer for dynamic MAC address entries, in seconds. The value aging seconds range for the argument is 10 to 100000. seconds : Configures dynamic MAC address entries not to age.
  • Page 422 Usage guidelines To report critical MAC address move events to an NMS, enable SNMP notifications for the MAC address table. For MAC address move event notifications to be sent correctly, you must also configure SNMP on the device. When SNMP notifications are disabled for the MAC address table, the device sends the generated logs to the information center.

  • Page 423: Mac Information Commands

    MAC Information commands mac-address information enable (interface view) to enable MAC Information on an interface. mac-address information enable to disable MAC Information on an interface. undo mac-address information enable Syntax mac-address information enable { added | deleted } undo mac-address information enable { added | deleted } Default MAC Information is disabled on an interface.

  • Page 424: Mac-Address Information Interval

    Views System view Predefined user roles network-admin Usage guidelines Before you enable MAC Information on an interface, enable MAC Information globally. Examples # Enable MAC Information globally. <Sysname> system-view [Sysname] mac-address information enable Related commands (interface view) mac-address information enable mac-address information interval to set the MAC change notification interval.

  • Page 425: Mac-Address Information Queue-Length

    Syntax mac-address information mode { syslog | trap } undo mac-address information mode Default SNMP notifications are sent to notify MAC changes. Views System view Predefined user roles network-admin Parameters : Specifies that the device sends syslog messages to notify MAC changes. syslog : Specifies that the device sends SNMP notifications to notify MAC changes.
  • Page 426 • The device sends syslog messages or SNMP notifications only if the MAC change notification interval expires. Examples # Set the MAC Information queue length to 600. <Sysname> system-view [Sysname] mac-address information queue-length 600...
  • Page 427 Contents Ethernet link aggregation commands ····························································· 1 bandwidth ··················································································································································· 1 default ························································································································································ 1 description ·················································································································································· 2 display interface ········································································································································· 2 display lacp system-id ································································································································ 5 display link-aggregation load-sharing mode······························································································· 6 display link-aggregation member-port ········································································································ 8 display link-aggregation summary ············································································································ 10 display link-aggregation verbose··············································································································...

  • Page 428: Ethernet Link Aggregation Commands

    Ethernet link aggregation commands bandwidth to set the expected bandwidth for an interface. bandwidth to restore the default. undo bandwidth Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth (in kbps) is the interface baud rate divided by 1000. Views Layer 2 aggregate interface view Predefined user roles network-admin...

  • Page 429: Description

    This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the command in interface display this view to identify these commands, and then use their forms or follow the command reference to undo restore their default settings.
  • Page 430 Predefined user roles network-admin network-operator Parameters : Specifies Layer 2 aggregate interfaces. bridge-aggregation : Specifies an existing aggregate interface number. interface-number : Displays brief interface information. If you do not specify this keyword, the command brief displays detailed interface information. : Displays complete interface descriptions.
  • Page 431 Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions - lost carrier, - no carrier # Display brief information about Layer 2 aggregate interface Bridge-Aggregation 1. <Sysname> display interface bridge-aggregation 1 brief Brief information on interfaces in bridge mode: Link: ADM - administratively down;...

  • Page 432: Display Lacp System-Id

    Field Description Maximum transmission unit MTU of the interface. Brief information on interfaces in bridge Brief information about Layer 2 interfaces. mode Interface Abbreviated interface name. Physical link state of the interface: • UP—The interface is physically up. • DOWN—The interface is physically down. Link •...

  • Page 433: Display Link-Aggregation Load-Sharing Mode

    network-operator Usage guidelines You can use the command to change the LACP priority of the local lacp system-priority system. The LACP priority value is specified in decimal format in the lacp system-priority command. However, it is displayed in hexadecimal format in the output from the display lacp command.
  • Page 434 <Sysname> display link-aggregation load-sharing mode Link-aggregation load-sharing mode: Layer 2 traffic: packet type-based sharing Layer 3 traffic: packet type-based sharing # Display the global link-aggregation load sharing mode. This example displays a user-configured setting. <Sysname> display link-aggregation load-sharing mode Link-aggregation load-sharing mode: destination-mac address, source-mac address # Display the link-aggregation load sharing mode of Layer 2 aggregation group 10.

  • Page 435: Display Link-Aggregation Member-Port

    display link-aggregation member-port to display detailed link aggregation display link-aggregation member-port information about the specified member ports. Syntax display link-aggregation member-port [ interface-list | auto ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a list of link aggregation member ports, in the format interface-list interface-type interface-number1 [ to interface-type interface-number2 ] The value for the...
  • Page 436 Port Priority: 32768 Oper-Key: 2 Flag: {ACDEF} Remote: System ID: 0x8000, 000f-e267-6c6a Port Number: 26 Port Priority: 32768 Oper-Key: 2 Flag: {ACDEF} Received LACP Packets: 5 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 7 packet(s) # Display detailed information about all link aggregation member ports that are enabled with automatic assignment.

  • Page 437: Display Link-Aggregation Summary

    Field Description • E—Indicates whether the sending system considers that the link can collect frames. 1 indicates yes. 0 indicates no. • F—Indicates whether the sending system considers that the link can distribute frames. 1 indicates yes. 0 indicates no. •...

  • Page 438: Display Link-Aggregation Verbose

    Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Actor System ID: 0x8000, 000f-e267-6c6a Partner ID Selected Unselected Individual Share Interface Mode Ports Ports Ports Type -------------------------------------------------------------------------------- BAGG20 0x8000,00e0-fcff-ff01 Shar Table 5 Command output Field Description Aggregate interface type: • BAGG—Layer 2. Aggregate Interface Type •...
  • Page 439 Parameters : Specifies Layer 2 aggregate interfaces. bridge-aggregation : Specifies an existing aggregate interface by its number. interface-number Usage guidelines If you do not specify an aggregate interface type, the command displays detailed information about all aggregation groups. If you specify an aggregate interface type but do not specify an interface number, the command displays detailed information about all aggregation groups of the specified type.
  • Page 440 G -- Defaulted, H -- Expired Aggregate Interface: Bridge-Aggregation20 Aggregation Mode: Static Loadsharing Type: Shar Management VLANs: None Port Status Priority Oper-Key GE1/0/1(R) 32768 GE1/0/2 32768 GE1/0/3 32768 Table 6 Command output Field Description Load sharing type: • Shar—Load-sharing. Loadsharing Type •...

  • Page 441: Interface Bridge-Aggregation

    Field Description • S—Static. • D—Dynamic. (This field is not supported in the current software version.) Management VLANs. Management VLANs If no management VLANs are specified, this field displays None. Local system ID, containing the local LACP system priority and the local LACP System ID system MAC address.

  • Page 442: Jumboframe Enable

    Usage guidelines When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 aggregation group with the same number. The aggregation group operates in static aggregation mode by default. Deleting a Layer 2 aggregate interface also deletes the Layer 2 aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group.

  • Page 443: Lacp Edge-Port

    Syntax lacp default-selected-port disable undo lacp default-selected-port disable Default The default port selection action is enabled for dynamic aggregation groups. Views System view Predefined user roles network-admin Usage guidelines The default port selection action applies to dynamic aggregation groups. This action automatically chooses the port with the lowest ID from among all up member ports as a Selected port if none of them has received LACPDUs before the LACP timeout interval expires.

  • Page 444: Lacp Mode

    Examples # Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface. <Sysname> System-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] lacp edge-port lacp mode to configure LACP to operate in passive mode on a port. lacp mode passive to restore the default. undo lacp mode Syntax lacp mode passive...

  • Page 445: Lacp Select Speed

    Predefined user roles network-admin Examples # Enable the short LACP timeout interval (3 seconds) on GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lacp period short lacp select speed to configure a dynamic aggregation group to use port speed as the lacp select speed prioritized criterion for reference port selection.

  • Page 446: Lacp System-Mac

    lacp system-mac to set the LACP system MAC address. lacp system-mac to restore the default. undo lacp system Syntax lacp system-mac mac-address undo lacp system-mac Default The LACP system MAC address is the bridge MAC address of the device. Views System view Predefined user roles network-admin...

  • Page 447: Lacp System-Priority

    Predefined user roles network-admin Parameters : Specifies a number in the range of 1 to 3. number Usage guidelines You must assign a unique LACP system number to each S-MLAG device. The LACP system number configured by using this command takes effect only on aggregate interfaces in S-MLAG groups.

  • Page 448: Link-Aggregation Bfd Ipv4

    link-aggregation bfd ipv4 to enable BFD for an aggregation group. link-aggregation bfd ipv4 to disable BFD for an aggregation group. undo link-aggregation bfd Syntax link-aggregation bfd ipv4 source ip-address destination ip-address undo link-aggregation bfd Default BFD is disabled for an aggregation group. Views Layer 2 aggregate interface view Predefined user roles...

  • Page 449: Link-Aggregation Global Load-Sharing Mode

    link-aggregation global load-sharing mode to set the global link-aggregation load link-aggregation global load-sharing mode sharing mode. to restore the default. undo link-aggregation global load-sharing mode Syntax link-aggregation global load-sharing mode destination-ip destination-mac | destination-port | ingress-port | source-ip | source-mac | source-port } * undo link-aggregation global load-sharing mode Default...

  • Page 450: Link-Aggregation Lacp Traffic-Redirect-Notification Enable

    Examples # Set the global load sharing mode to load share packets based on destination MAC addresses. <Sysname> system-view [Sysname] link-aggregation global load-sharing mode destination-mac link-aggregation lacp traffic-redirect-notification enable to enable link-aggregation lacp traffic-redirect-notification enable link-aggregation traffic redirection. undo link-aggregation lacp traffic-redirect-notification enable disable link-aggregation traffic redirection.

  • Page 451: Link-Aggregation Load-Sharing Mode Local-First

    As a best practice, enable link-aggregation traffic redirection on a per-interface basis. If you enable this feature globally, communication with a third-party peer device might be affected if the peer is not compatible with this feature. Examples # Enable link-aggregation traffic redirection. <Sysname>...

  • Page 452: Link-Aggregation Port-Priority

    Default An aggregation group operates in static aggregation mode. Views Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines When you change the aggregation mode, make sure you understand the impact of the change on services. Aggregation mode change might cause Selected member ports to become Unselected. Examples # Configure Layer 2 aggregation group 1 to operate in dynamic aggregation mode.

  • Page 453: Link-Aggregation Selected-Port Maximum

    link-aggregation selected-port maximum to set the maximum number of Selected link-aggregation selected-port maximum ports allowed in an aggregation group. to restore the default. undo link-aggregation selected-port maximum Syntax link-aggregation selected-port maximum max-number undo link-aggregation selected-port maximum Default The maximum number of Selected ports allowed in an aggregation group is 8. Views Layer 2 aggregate interface view Predefined user roles...

  • Page 454: Link-Aggregation Selected-Port Minimum

    link-aggregation selected-port minimum to set the minimum number of Selected link-aggregation selected-port minimum ports in an aggregation group. to restore the default. undo link-aggregation selected-port minimum Syntax link-aggregation selected-port minimum { min-number | percentage number } undo link-aggregation selected-port minimum Default The minimum number of Selected ports in an aggregation group is not specified.

  • Page 455: Link-Delay

    link-delay to set the physical state change suppression interval on an aggregate interface. link-delay to restore the default. undo link-delay Syntax link-delay { down | up } [ msec ] delay-time undo link-delay { down | up } Default Each time the physical link of an aggregate interface goes up or comes down, the system immediately reports the change to the CPU.
  • Page 456 to remove an interface from the aggregation group undo port link-aggregation group to which it belongs. Syntax port link-aggregation group { group-id [ force ] | auto [ group-id ] } undo port link-aggregation group Default An interface does not belong to any aggregation group. Views Layer 2 Ethernet interface view Predefined user roles...

  • Page 457: Port S-Mlag Group

    port s-mlag group to assign an aggregate interface to an S-MLAG group. port s-mlag group to restore the default. undo port s-mlag group Syntax port s-mlag group group-id undo port s-mlag group Default An aggregate interface is not in any S-MLAG group. Views Layer 2 aggregate interface view Predefined user roles...

  • Page 458: Reset Lacp Statistics

    If you do not specify an aggregate interface type, the command clears statistics for all interfaces in the system. If you specify only an aggregate interface type, the command clears statistics for all aggregate interfaces of the specified type. keyword is available only when Layer 2 aggregate interfaces exist on bridge-aggregation the device.
  • Page 459 Usage guidelines CAUTION: shutdown command will disconnect all links established on an interface. Make sure you are fully aware of the impacts of this command when you use it on a live network. Examples # Bring up Layer 2 aggregate interface Bridge-Aggregation 1. <Sysname>...
  • Page 460 Contents Port isolation commands················································································ 1 display port-isolate group ··························································································································· 1 port-isolate enable ······································································································································ 2 port-isolate group ······································································································································· 2...
  • Page 461 Port isolation commands display port-isolate group to display port isolation group information. display port-isolate group Syntax display port-isolate group [ group-id ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an isolation group by its ID. The value range is 1 to 8. group-id Examples # Display all isolation groups.
  • Page 462 port-isolate enable to assign a port to an isolation group. port-isolate enable to remove a port from an isolation group. undo port-isolate enable Syntax port-isolate enable group group-id undo port-isolate enable Default The port is not assigned to an isolation group. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view...
  • Page 463 undo port-isolate group { group-id | all } Default No isolation groups exist. Views System view Predefined user roles network-admin Parameters : Specifies an isolation group by its ID. The value range is 1 to 8. group-id : Deletes all isolation groups. Examples # Create isolation group 1.
  • Page 464 Contents Spanning tree commands ·············································································· 1 active region-configuration ························································································································· 1 bpdu-drop any ············································································································································ 1 check region-configuration ························································································································· 2 display stp ·················································································································································· 3 display stp abnormal-port ························································································································· 10 display stp bpdu-statistics ························································································································ 11 display stp down-port ······························································································································· 13 display stp history ····································································································································· 14 display stp region-configuration ···············································································································...
  • Page 465 stp vlan enable ········································································································································· 55 vlan-mapping modulo ······························································································································· 55...

  • Page 466: Spanning Tree Commands

    Spanning tree commands active region-configuration to activate your MST region configuration. active region-configuration Syntax active region-configuration Views MST region view Predefined user roles network-admin Usage guidelines When you configure MST region parameters, MSTP launches a new spanning tree calculation process that might cause network topology instability. This is most likely to occur when you configure the VLAN-to-instance mapping table.

  • Page 467: Check Region-Configuration

    Default BPDU drop is disabled on a port. Views Layer 2 Ethernet interface view Predefined user roles network-admin Examples # Enable BPDU drop on port GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] bpdu-drop any check region-configuration to display MST region pre-configuration information. check region-configuration Syntax check region-configuration...

  • Page 468: Display Stp

    Table 1 Command output Field Description Format selector Format selector of the MST region, which is 0 (not configurable). Region name MST region name. Revision level Revision level of the MST region. Instance VLANs Mapped VLAN-to-instance mappings in the MST region. Related commands active region-configuration instance...
  • Page 469 : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays information for all member devices. Usage guidelines In STP or RSTP mode, the command output is sorted by port name. •...
  • Page 470 Field Description • DISA—The port is disabled. Spanning tree status on the port: • FORWARDING—The port can receive and send BPDUs and also forward user traffic. • STP State DISCARDING—The port can receive and send BPDUs but cannot forward user traffic. •...
  • Page 471 TCN: 0, Config: 0, RST: 0, MST: 32 BPDU received TCN: 0, Config: 0, RST: 0, MST: 2 -------[MSTI 1 Global Info]------- Bridge ID : 32768.0001-0000-0000 RegRoot ID/IRPC : 32768.0001-0000-0000, 0 RootPort ID : 0.0 Master bridge : 32768.0001-0000-0000 Cost to master TC received ----[Port1(GigabitEthernet1/0/1)][FORWARDING]---- Port protocol...
  • Page 472 -------[VLAN 2 Global Info]------- Protocol status : Enabled Bridge ID : 32768.000f-e200-2200 Bridge times : Hello 2s MaxAge 20s FwDly 15s VlanRoot ID/RPC : 0.00e0-fc0e-6554, 200200 RootPort ID : 128.48 BPDU-Protection : Disabled TC or TCN received Time since last TC : 0 days 0h:5m:42s # In MSTP mode, display the spanning tree status and statistics when the spanning tree feature is disabled.
  • Page 473 Field Description CIST regional root). VLAN root ID and root path cost (the path cost from the device to the VLAN root VlanRoot ID/RPC bridge). Root port ID. The value 0.0 indicates that the device is the root and there is no root RootPort ID port.
  • Page 474 Field Description triggered, this field displays NONE. TC-Restriction Status of TC transmission restriction on the port. Role-Restriction Status of port role restriction on the port. Format of the MST BPDUs that the port can send: • MST BPDU format Config—Configured value (legacy or 802.1s). •...

  • Page 475: Display Stp Abnormal-Port

    Related commands reset stp display stp abnormal-port to display history about ports that are blocked by spanning display stp abnormal-port tree protection features. Syntax display stp abnormal-port Views Any view Predefined user roles network-admin network-operator Usage guidelines In an MSTI or VLAN, this command can display a maximum of three history records for a port that is blocked by spanning tree protection features.

  • Page 476: Display Stp Bpdu-Statistics

    display stp bpdu-statistics to display the BPDU statistics for ports. display stp bpdu-statistics Syntax display stp bpdu-statistics [ interface interface-type interface-number [ instance instance-list ] ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface by its type and interface interface-type interface-number number.
  • Page 477 Config sent Config received RST sent RST received MST sent 10:33:11 01/13/2011 MST received 10:37:43 01/13/2011 Instance 0: Type Count Last Updated --------------------------- ---------- ----------------- Timeout BPDUs Max-hoped BPDUs TC detected 10:32:40 01/13/2011 TC sent 10:33:11 01/13/2011 TC received # In PVST mode, display the BPDU statistics for GigabitEthernet 1/0/1. <Sysname>...

  • Page 478: Display Stp Down-Port

    Field Description Type Statistical item. Looped-back BPDUs Number of BPDUs sent and then received by the same port. Max-aged BPDUs Number of BPDUs whose max age was exceeded. TCN sent Number of sent TCN BPDUs. TCN received Number of received TCN BPDUs. TCA sent Number of sent TCA BPDUs.

  • Page 479: Display Stp History

    Table 6 Command output Field Description Down Port Name of a port that was shut down by the spanning tree protection features. Reason that the port was shut down: • BPDU protection—Indicates the BPDU guard feature. Reason • PVST BPDU protection—Indicates the PVST BPDU guard feature. display stp history to display port role calculation history.
  • Page 480 --------------- STP slot 1 history trace --------------- ------------------- Instance 2 --------------------- Port GigabitEthernet1/0/1 Role change : ROOT->DESI (Aged) Time : 2009/02/08 00:22:56 Port priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1 Designated priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1 Port GigabitEthernet1/0/2 Role change : ALTER->ROOT Time : 2009/02/08 00:22:56...

  • Page 481: Display Stp Region-Configuration

    Field Description regional root bridge ID, cost of the path to the regional root bridge, device bridge ID, designated port ID, and current port ID, which are separated with spaces. • For PVST mode and CSTs in MSTP mode, port priority includes regional root bridge ID, cost of the path to the regional root bridge, device bridge ID, designated port ID, and current port ID, which are separated with spaces.

  • Page 482: Display Stp Root

    revision-level vlan-mapping modulo display stp root to display the root bridge information of spanning trees. display stp root Syntax display stp root Views Any view Predefined user roles network-admin network-operator Examples # In MSTP mode, display the root bridge information of all spanning trees. <Sysname>...
  • Page 483 Parameters : Specifies a space-separated list of up to 10 MSTI items. Each item instance instance-list specifies an MSTI or a range of MSTIs in the form of . The instance-id1 [ to instance-id2 ] value for must be equal to or greater than the value for .

  • Page 484: Instance

    instance to map a list of VLANs to an MSTI. instance to remap the specified VLAN or all VLANs to the CIST (MSTI 0). undo instance Syntax instance instance-id vlan vlan-id-list undo instance instance-id [ vlan vlan-id-list ] Default All VLANs are mapped to the CIST. Views MST region view Predefined user roles...

  • Page 485: Region-Name

    check region-configuration display stp region-configuration region-name to configure the MST region name. region-name to restore the default MST region name. undo region-name Syntax region-name name undo region-name Default The MST region name of the device is its MAC address. Views MST region view Predefined user roles network-admin...

  • Page 486: Revision-Level

    Views User view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 10 interface items. Each interface interface-list item specifies an interface or a range of interfaces in the form of interface-type . The interface interface-number 1 [ to interface-type interface-number 2 ] number for must be equal to or greater than the interface number for interface-number 2...

  • Page 487: Snmp-Agent Trap Enable Stp

    Related commands active region-configuration check region-configuration display stp region-configuration instance region-name vlan-mapping modulo snmp-agent trap enable stp to enable SNMP notifications for new-root election events snmp-agent trap enable stp or spanning tree topology changes. to disable SNMP notifications for new-root election undo snmp-agent trap enable stp events or spanning tree topology changes.

  • Page 488: Stp Bpdu-Protection

    stp bpdu-protection to enable BPDU guard globally. stp bpdu-protection to disable BPDU guard globally. undo stp bpdu-protection Syntax stp bpdu-protection undo stp bpdu-protection Default BPDU guard is globally disabled. Views System view Predefined user roles network-admin Usage guidelines With BPDU guard enabled, the device performs the following operations when edge ports receive configuration BPDUs: •...

  • Page 489: Stp Compliance

    Syntax stp [ vlan vlan-id-list ] bridge-diameter diameter undo stp [ vlan vlan-id-list ] bridge-diameter Default The network diameter of the switched network is 7. Views System view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 10 VLAN items. Each item vlan vlan-id-list specifies a VLAN or a range of VLANs in the form of .

  • Page 490: Stp Config-Digest-Snooping

    undo stp compliance Default A port automatically recognizes the formats of received MSTP packets and determines the formats of MSTP packets to be sent based on the recognized formats. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters...

  • Page 491: Stp Cost

    Usage guidelines For Digest Snooping to take effect, you must enable Digest Snooping both globally and on associated ports. As a best practice, first enable Digest Snooping on ports connected to third-party vendor devices and then enable the feature globally. Digest Snooping takes effect on the ports simultaneously, which reduces impact on the network.

  • Page 492: Stp Dispute-Protection

    must be equal to or greater than the value for . The value range for the vlan-id2 vlan-id1 argument is 1 to 4094. vlan-id : Specifies the path cost of the port, with an effective range that varies by path cost cost-value calculation standard that is used.

  • Page 493: Stp Edged-Port

    Default Dispute guard is enabled. Views System view Predefined user roles network-admin Usage guidelines Dispute guard blocks a port to prevent loops when a unidirectional link is detected on the port by the spanning tree feature. In some VLAN networks, an uplink port on a downstream device is configured to deny packets from the PVID.

  • Page 494: Stp Enable

    If this command is configured in Layer 2 Ethernet interface view, it takes effect only on that interface. If this command is configured in Layer 2 aggregate interface view, it takes effect only on the aggregate interface. If this command is configured on a member port in an aggregation group, it takes effect only after the port leaves the aggregation group.

  • Page 495: Stp Global Config-Digest-Snooping

    Examples # In MSTP mode, disable the spanning tree feature on GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo stp enable Related commands stp global enable stp mode stp vlan enable stp global config-digest-snooping to enable Digest Snooping globally. stp global config-digest-snooping to disable Digest Snooping globally.

  • Page 496: Stp Global Mcheck

    to disable the spanning tree feature globally. undo stp global enable Syntax stp global enable undo stp global enable Default When the device starts up with initial settings, the spanning tree feature is globally disabled. When the device starts up with factory defaults, the spanning tree feature is globally enabled. For more information about the initial settings and factory defaults, see Fundamentals Configuration Guide.

  • Page 497: Stp Ignore-Pvid-Inconsistency

    In this case, you can perform an mCheck operation to forcibly transit the port to operate in the original mode. The device operates in STP, RSTP, PVST, or MSTP mode, depending on the spanning tree mode setting. command takes effect only when the device operates in MSTP, RSTP, stp global mcheck or PVST mode.

  • Page 498: Stp Log Enable Tc

    stp log enable tc to enable the device to log events of detecting or receiving TC BPDUs. stp log enable tc to restore the default. undo stp log enable tc Syntax stp log enable tc undo stp log enable tc Default In PVST mode, the device does not generate logs when it detects or receives TC BPDUs.

  • Page 499: Stp Max-Hops

    If this command is configured on a member port in an aggregation group, it takes effect only after the port leaves the aggregation group. Examples # Enable loop guard on GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp loop-protection Related commands stp edged-port stp root-protection...

  • Page 500: Stp Mode

    Predefined user roles network-admin Usage guidelines When a port on an MSTP, RSTP, or PVST device connects to an STP device and receives STP BPDUs, the port automatically transits to the STP mode. However, the port cannot automatically transit back to the original mode when the following conditions exist: •...

  • Page 501: Stp No-Agreement-Check

    Predefined user roles network-admin Parameters : Configures the spanning tree device to operate in MSTP mode. mstp : Configures the spanning tree device to operate in PVST mode. pvst : Configures the spanning tree device to operate in RSTP mode. rstp : Configures the spanning tree device to operate in STP mode.

  • Page 502: Stp Pathcost-Standard

    Usage guidelines This command takes effect only after you enable it on the root port. If this command is configured in Layer 2 Ethernet interface view, it takes effect only on that interface. If this command is configured in Layer 2 aggregate interface view, it takes effect only on the aggregate interface.

  • Page 503: Stp Point-To-Point

    stp cost stp point-to-point to configure the link type of a port. stp point-to-point to restore the default. undo stp point-to-point Syntax stp point-to-point { auto | force-false | force-true } undo stp point-to-point Default The default setting is auto, and the spanning tree device automatically detects whether a port connects to a point-to-point link.

  • Page 504: Stp Port Bpdu-Protection

    stp port bpdu-protection to configure BPDU guard on an interface. stp port bpdu-protection to restore the default. undo stp port bpdu-protection Syntax stp port bpdu-protection { enable | disable } undo stp port bpdu-protection Default BPDU guard is not configured on a per-edge port basis. The status of BPDU guard on an interface is the same as the global BPDU guard status.

  • Page 505: Stp Port Priority

    stp edged-port stp port priority to set the priority of a port. The port priority affects the role of a port in stp port priority a spanning tree. to restore the default. undo stp port priority Syntax stp [ instance instance-list | vlan vlan-id-list ] port priority priority undo stp [ instance instance-list | vlan vlan-id-list ] port priority Default The port priority is 128.

  • Page 506: Stp Port Shutdown Permanent

    <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp vlan 2 port priority 16 Related commands display stp stp port shutdown permanent to disable the device from reactivating edge ports shut stp port shutdown permanent down by BPDU guard. to restore the default. undo stp port shutdown permanent Syntax stp port shutdown permanent...

  • Page 507: Stp Priority

    Views System view Predefined user roles network-admin Parameters : Specifies all MSTIs or VLANs. : Specifies a space-separated list of up to 10 MSTI items. Each item instance instance-list specifies an MSTI or a range of MSTIs in the form of .

  • Page 508: Stp Pvst-Bpdu-Protection

    Views System view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 10 MSTI items. Each item instance instance-list specifies an MSTI or a range of MSTIs in the form of . The instance-id1 [ to instance-id2 ] value for must be equal to or greater than the value for .

  • Page 509: Stp Region-Configuration

    Usage guidelines PVST BPDU guard enables an MSTP-enabled device to shut down a port if the port receives PVST BPDUs. The shutdown port is brought up after a detection timer expires. To set the detection timer, use the command. shutdown-interval Examples # In MSTP mode, enable PVST BPDU guard.

  • Page 510: Stp Root Primary

    undo stp role-restriction Default Port role restriction is disabled. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines When port role restriction is enabled on a port, the port cannot become a root port. If this command is configured in Layer 2 Ethernet interface view, it takes effect only on that interface.

  • Page 511: Stp Root Secondary

    must be equal to or greater than the value for . The value range for the vlan-id2 vlan-id1 argument is 1 to 4094. vlan-id Usage guidelines Once you specify the device as the root bridge, you cannot change the priority of the device. If you do not specify an MSTI or VLAN, this command configures the device as the root bridge of the MSTP CIST or of the STP or RSTP spanning tree.

  • Page 512: Stp Root-Protection

    If you do not specify an MSTI or VLAN, this command configures a secondary root bridge for the MSTP CIST or the STP or RSTP spanning tree. Examples # In MSTP mode, specify the device as a secondary root bridge in MSTI 1. <Sysname>...

  • Page 513: Stp Tc-Protection

    stp tc-protection to enable TC-BPDU attack guard for the device. stp tc-protection to disable TC-BPDU attack guard for the device. undo stp tc-protection Syntax stp tc-protection undo stp tc-protection Default TC-BPDU attack guard is enabled. Views System view Predefined user roles network-admin Usage guidelines With TC-BPDU guard, you can set the maximum number of immediate forwarding address entry...

  • Page 514: Stp Tc-Restriction

    Parameters : Specifies the maximum number of immediate forwarding address entry flushes that the number device can perform every 10 seconds. The value is in the range of 1 to 255. Examples # Configure the device to perform up to 10 forwarding address entry flushes every 10 seconds. <Sysname>...

  • Page 515: Stp Timer Forward-Delay

    Syntax stp tc-snooping undo stp tc-snooping Default TC Snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines TC Snooping and the spanning tree feature are mutually exclusive. You must globally disable the spanning tree feature before enabling TC Snooping. Examples # Globally disable the spanning tree feature and enable TC Snooping.

  • Page 516: Stp Timer Hello

    Usage guidelines The forward delay timer determines the time interval of state transition. To prevent temporary loops, a spanning tree port goes through the learning (intermediate) state before it transits from the discarding state to the forwarding state. To stay synchronized with the remote device, the port has a wait period that is determined by the forward delay timer between transition states.

  • Page 517: Stp Timer Max-Age

    Usage guidelines Hello time is the interval at which spanning tree devices send configuration BPDUs to maintain the spanning tree. If a device fails to receive configuration BPDUs within the set period of time, a new spanning tree calculation process is triggered. As a best practice, do not set the hello time with this command.

  • Page 518: Stp Timer-Factor

    Usage guidelines In the CIST of an MSTP network, the device determines whether a configuration BPDU received on a port has expired based on the max age timer. If the configuration BPDU has expired, a new spanning tree calculation process starts. The max age timer takes effect only on the CIST (or MSTI As a best practice, do not set the max age timer with this command.

  • Page 519: Stp Transmit-Limit

    As a best practice, set the timeout factor to 5, 6, or 7 in the following situations: • To prevent undesired spanning tree calculations. An upstream device might be too busy to forward configuration BPDUs in time, for example, many Layer 2 interfaces are configured on the upstream device.
  • Page 520 [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp transmit-limit 5 stp vlan enable stp vlan enable to enable the spanning tree feature for VLANs. to disable the spanning tree feature for VLANs. undo stp enable Syntax stp vlan vlan-id-list enable undo stp vlan vlan-id-list enable Default The spanning tree feature is enabled in VLANs.
  • Page 521 Syntax vlan-mapping modulo modulo Default All VLANs are mapped to the CIST (MSTI 0). Views MST region view Predefined user roles network-admin Parameters : Specifies the modulo value. The value range for this argument is 1 to 64. modulo Usage guidelines You cannot map a VLAN to different MSTIs.
  • Page 522 Contents Loop detection commands ············································································· 1 display loopback-detection ························································································································· 1 loopback-detection action ·························································································································· 2 loopback-detection enable ························································································································· 3 loopback-detection global action ················································································································ 3 loopback-detection global enable··············································································································· 4 loopback-detection interval-time ················································································································ 5...

  • Page 523: Loop Detection Commands

    Loop detection commands display loopback-detection to display the loop detection configuration and status. display loopback-detection Syntax display loopback-detection Views Any view Predefined user roles network-admin network-operator Usage guidelines In the command output, a port shut down by loop detection stays in looped state until it comes up. Example # Display the loop detection configuration and status.

  • Page 524: Loopback-Detection Action

    loopback-detection action to set the loop protection action on a per-port basis. loopback-detection action to restore the default. undo loopback-detection action Syntax In Layer 2 Ethernet interface view: loopback-detection action { block | no-learning | shutdown } undo loopback-detection action In Layer 2 aggregate interface view: loopback-detection action shutdown undo loopback-detection action...

  • Page 525: Loopback-Detection Enable

    Related commands display loopback-detection loopback-detection global action loopback-detection enable to enable loop detection on a per-port basis. loopback-detection enable to disable loop detection on a port. undo loopback-detection enable Syntax loopback-detection enable vlan { vlan-id-list | all } undo loopback-detection enable vlan { vlan-id-list | all } Default Loop detection is disabled on ports.

  • Page 526: Loopback-Detection Global Enable

    undo loopback-detection global action Default When the device detects a loop on a port, it generates a log but performs no action on the port. Views System view Predefined user roles network-admin Parameters : Enables the shutdown mode. If a loop is detected, the device generates a log and shuts shutdown down the port.

  • Page 527: Loopback-Detection Interval-Time

    : Specifies all existing VLANs. Usage guidelines You can enable loop detection globally or on a per-port basis. When a port receives a detection frame in any VLAN, the loop protection action is triggered on that port, regardless of whether loop detection is enabled on it.
  • Page 528 Contents VLAN commands ··························································································· 1 Basic VLAN commands ····································································································································· 1 bandwidth ··················································································································································· 1 default ························································································································································ 1 description ·················································································································································· 2 display interface vlan-interface··················································································································· 3 display vlan ················································································································································ 5 display vlan brief ········································································································································ 6 interface vlan-interface ······························································································································· 7 mtu ····························································································································································· 8 name ·························································································································································· 9 reset counters interface vlan-interface ·····································································································...
  • Page 529 Voice VLAN commands ··············································································· 54 display voice-vlan mac-address ··············································································································· 54 display voice-vlan state ···························································································································· 54 voice-vlan aging ······································································································································· 55 voice-vlan enable ····································································································································· 56 voice-vlan mac-address ··························································································································· 57 voice-vlan mode auto ······························································································································· 58 voice-vlan security enable ························································································································ 59 voice-vlan track lldp ·································································································································· 59...

  • Page 530: Vlan Commands

    VLAN commands Basic VLAN commands bandwidth to set the expected bandwidth of an interface. bandwidth to restore the default. undo bandwidth Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth (in kbps) is the interface baud rate divided by 1000. Views VLAN interface view Predefined user roles...

  • Page 531: Description

    Usage guidelines CAUTION: command might interrupt ongoing network services. Make sure you are fully aware of default the impact of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions.

  • Page 532: Display Interface Vlan-Interface

    # Configure the description of VLAN-interface 2 as linktoPC56. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] description linktoPC56 Related commands display interface vlan-interface display vlan display interface vlan-interface to display VLAN interface information. display interface vlan-interface Syntax display interface [ vlan-interface [ interface-number ] ] [ brief [ description | down ] ]...
  • Page 533 # Display brief information about VLAN-interface 2. <Sysname> display interface vlan-interface 2 brief Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Primary IP Description Vlan2 DOWN DOWN Table 1 Command output Field Description...

  • Page 534: Display Vlan

    Field Description display To see the primary interface, use the interface-backup state command. Data link layer protocol state of the interface: • UP—The data link layer protocol state of the interface is up. • DOWN—The data link layer protocol state of the interface is Protocol down.

  • Page 535: Display Vlan Brief

    Route interface: Not configured Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 # Display information about VLAN 3. <Sysname> display vlan 3 VLAN ID: 3 VLAN type: static Route interface: Configured IPv4 address: 1.1.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003...

  • Page 536: Interface Vlan-Interface

    Syntax display vlan brief Views Any view Predefined user roles network-admin network-operator Examples # Display brief VLAN information. <Sysname> display vlan brief Brief information about all VLANs: Supported Minimum VLAN ID: 1 Supported Maximum VLAN ID: 4094 Default VLAN ID: 1 VLAN ID Name Port...

  • Page 537: Mtu

    to delete a VLAN interface. undo interface vlan-interface Syntax interface vlan-interface interface-number undo interface vlan-interface interface-number Default No VLAN interfaces exist. Views System view Predefined user roles network-admin Parameters : Specifies a VLAN interface number in the range of 1 to 4094. interface-number Usage guidelines Create the VLAN before you create the VLAN interface for a VLAN.

  • Page 538: Name

    Parameters : Sets the MTU in bytes. The value range for this argument is 128 to 1500. size Usage guidelines If you configure both the commands on a VLAN interface, the MTU set by the ip mtu command is used for fragmentation. For more information about the command, see ip mtu Layer 3—IP Services Command Reference.

  • Page 539: Reset Counters Interface Vlan-Interface

    reset counters interface vlan-interface to clear statistics on a VLAN interface. reset counters interface vlan-interface Syntax reset counters [ interface vlan-interface [ interface-number ] ] Views User view Predefined user roles network-admin Parameters : Specifies a VLAN interface by its number. If you do not vlan-interface interface-number specify the keyword, the command clears statistics on all interfaces.

  • Page 540: Vlan

    Usage guidelines CAUTION: Executing the command on a VLAN interface will disconnect the link of the VLAN shutdown interface and interrupt communication. Use this command with caution. When you use this command to shut down a VLAN interface, the VLAN interface remains in DOWN (Administratively) state.

  • Page 541: Port-Based Vlan Commands

    Usage guidelines You cannot create or delete the system default VLAN (VLAN 1) or reserved VLANs. Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN. Examples # Create VLAN 2 and enter its view. <Sysname>...

  • Page 542: Port

    555, 600-611, 1000, 2006-2008 Table 4 Command output Field Description Interface Interface name. PVID Port VLAN ID. VLAN Passing Existing VLANs allowed on the port. Tagged VLANs from which the port sends packets without removing VLAN tags. Untagged VLANs from which the port sends packets after removing VLAN tags. port to assign the specified access ports to a VLAN.

  • Page 543: Port Access Vlan

    port access vlan to assign an access port to the specified VLAN. port access vlan to restore the default. undo port access vlan Syntax port access vlan vlan-id undo port access vlan Default All access ports belong to VLAN 1. Views Layer 2 aggregate interface view Layer 2 Ethernet interface view...

  • Page 544: Port Hybrid Vlan

    Layer 2 Ethernet interface view Predefined user roles network-admin Parameters : Specifies a VLAN by its ID in the range of 1 to 4094. vlan-id Usage guidelines You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the command, the PVID setting of the port does not change.

  • Page 545: Port Link-Type

    Parameters : Specifies a space-separated list of up to 32 VLAN items. Each item specifies a vlan-id-list VLAN ID or a range of VLAN IDs in the form of . The value range for vlan-id1 to vlan-id2 VLAN IDs is 1 to 4094. The value for the argument must be equal to or greater than the vlan-id2 value for the...

  • Page 546: Port Trunk Permit Vlan

    Examples # Configure GigabitEthernet 1/0/1 as a trunk port. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk port trunk permit vlan to assign a trunk port to the specified VLANs. port trunk permit vlan to remove a trunk port from the specified VLANs. undo port trunk permit vlan Syntax port trunk permit vlan { vlan-id-list | all }...

  • Page 547: Port Trunk Pvid

    port trunk pvid to set the PVID for a trunk port. port trunk pvid to restore the default. undo port trunk pvid Syntax port trunk pvid vlan vlan-id undo port trunk pvid Default The PVID of a trunk port is VLAN 1. Views Layer 2 aggregate interface view Layer 2 Ethernet interface view...
  • Page 548 Views Any view Predefined user roles network-admin network-operator Parameters : Specifies all MAC-to-VLAN entries. : Specifies dynamically configured MAC-to-VLAN entries. dynamic : Specifies the MAC address in the MAC-to-VLAN entry. The format mac-address mac-address of the argument is H-H-H. mac-address : Specifies the mask for matching MAC addresses in MAC-to-VLAN entries.

  • Page 549: Display Mac-Vlan Interface

    Related commands mac-vlan mac-address display mac-vlan interface to display all ports that are enabled with the MAC-based display mac-vlan interface VLAN feature. Syntax display mac-vlan interface Views Any view Predefined user roles network-admin network-operator Examples # Display all ports that are enabled with the MAC-based VLAN feature. <Sysname>...

  • Page 550: Mac-Vlan Mac-Address

    Related commands display mac-vlan interface mac-vlan mac-address to configure a MAC-to-VLAN entry. mac-vlan mac-address to delete the specified MAC-to-VLAN entries. undo mac-vlan Syntax mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ dot1p priority ] undo mac-vlan { all | mac-address mac-address [ mask mac-mask ] | vlan vlan-id } Default No MAC-to-VLAN entries exist.

  • Page 551: Mac-Vlan Trigger Enable

    Examples # Associate the MAC address 0000-0001-0001 with VLAN 100, and set the 802.1p priority to 7 for VLAN 100 in this entry. <Sysname> system-view [Sysname] mac-vlan mac-address 0-1-1 vlan 100 dot1p 7 # Associate VLAN 100 with MAC addresses whose six high-order bits are 121122, and set the 802.1p priority to 4 for VLAN 100 in this entry.

  • Page 552: Vlan Precedence

    Syntax port pvid forbidden undo port pvid forbidden Default When a port receives packets whose source MAC addresses fail the exact MAC address match, the port forwards them in its PVID. Views Layer 2 Ethernet interface view Predefined user roles network-admin Usage guidelines Use this feature only with dynamic MAC-based VLAN assignment.

  • Page 553: Ip Subnet-Based Vlan Commands

    When you enable dynamic MAC-based VLAN assignment, configure the vlan precedence command as a best practice to ensure the priority of MAC-based VLAN matching. If you mac-vlan execute the command, the command does not take effect. vlan precedence ip-subnet-vlan Examples # Configure GigabitEthernet 1/0/1 to match VLANs based on MAC addresses preferentially.

  • Page 554: Display Ip-Subnet-Vlan Vlan

    Table 6 Command output Field Description VLAN ID ID of the IP subnet-based VLAN. Index of the IP subnet. Subnet index This field displays N/A if no IP subnet-based VLAN is configured. IP address of the subnet. It can be an IP address or a subnet address. IP address This field displays N/A if no IP subnet address is configured for the VLAN.

  • Page 555: Ip-Subnet-Vlan

    192.168.1.0 255.255.255.0 Table 7 Command output Field Description VLAN ID ID of the IP subnet-based VLAN. Subnet index Index of the IP subnet. IP address IP address of the subnet. It can be an IP address or a subnet address. Subnet mask Mask of the IP subnet.

  • Page 556: Port Hybrid Ip-Subnet-Vlan

    Examples # Configure VLAN 3 as an IP subnet-based VLAN and associate it with the subnet 192.168.1.0/24. <Sysname> system-view [Sysname] vlan 3 [Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0 Related commands display ip-subnet-vlan interface display ip-subnet-vlan vlan port hybrid ip-subnet-vlan port hybrid ip-subnet-vlan to associate a port with the specified IP subnet-based port hybrid ip-subnet-vlan VLAN.

  • Page 557: Protocol-Based Vlan Commands

    [Sysname-GigabitEthernet1/0/1] port hybrid vlan 3 untagged [Sysname-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 3 # Associate Layer 2 aggregate interface Bridge-Aggregation 1 with IP subnet-based VLAN 3. <Sysname> system-view [Sysname] vlan 3 [Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0 [Sysname-vlan3] quit [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port link-type hybrid [Sysname-Bridge-Aggregation1] port hybrid vlan 3 untagged [Sysname-Bridge-Aggregation1] port hybrid ip-subnet-vlan vlan 3...

  • Page 558: Display Protocol-Vlan Vlan

    4094 65535 IPv4 Inactive Table 8 Command output Field Description VLAN ID ID of the protocol-based VLAN. Protocol index Protocol template index. Protocol type specified by the protocol template. Protocol type This field displays N/A if the protocol type is not specified. Whether the protocol-based VLAN has taken effect: •...

  • Page 559: Port Hybrid Protocol-Vlan

    IPv4 65535 LLC DSAP 0x11 SSAP 0x22 Table 9 Command output Field Description VLAN ID ID of the protocol-based VLAN. Protocol index Protocol template index. Protocol type or encapsulation format specified by the protocol Protocol type template. Related commands display protocol-vlan interface port hybrid protocol-vlan protocol-vlan port hybrid protocol-vlan...

  • Page 560: Protocol-Vlan

    Set the port link type to hybrid. Configure the port to allow the protocol-based VLAN to pass through. When you execute the command on a port, follow these undo port hybrid protocol-vlan guidelines: • If you specify both the argument and the keyword, this command disassociates vlan-id the port from all protocol templates of the specified VLAN.
  • Page 561 Parameters : Specifies the AppleTalk-based VLAN. : Specifies the IPv4-based VLAN. ipv4 : Specifies the IPv6-based VLAN. ipv6 : Specifies the IPX-based VLAN. The keywords , and specify ethernetii snap IPX encapsulation formats. mode : Configures a user-defined protocol template for the VLAN. The keywords ethernetii specify the available encapsulation formats.

  • Page 562: Vlan Group Commands

    When either of the arguments is configured, the system assigns the dsap-id ssap-id hexadecimal value to the other argument. • Do not set the argument in the option to the hexadecimal etype-id snap etype etype-id value 8137. Otherwise, the template format will be the same as that of the IPX protocol. You can set the argument to the hexadecimal value 800, 809b, or 86dd.

  • Page 563: Vlan-Group

    VLAN list: Null Table 10 Command output Field Description VLAN group Name of the VLAN group. VLAN list VLAN list in the VLAN group. Related commands vlan-group vlan-list vlan-group to create a VLAN group and enter its view, or enter the view of an existing VLAN vlan-group group.
  • Page 564 Syntax vlan-list vlan-id-list undo vlan-list vlan-id-list Default No VLANs exist in a VLAN group. Views VLAN group view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 10 VLAN items. Each item specifies a vlan-id-list VLAN ID or a range of VLAN IDs in the form of .

  • Page 565: Private Vlan Commands

    Private VLAN commands display private-vlan to display information about primary VLANs and their associated display private-vlan secondary VLANs. Syntax display private-vlan [ primary-vlan-id ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a primary VLAN ID in the range of 1 to 4094. If you do not specify a primary-vlan-id primary VLAN ID, this command displays information about all primary VLANs and their associated secondary VLANs.
  • Page 566 Name: VLAN 0003 Tagged ports: None Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/3 VLAN ID: 4 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0004 Name: VLAN 0004 Tagged ports: None Untagged ports: GigabitEthernet1/0/2 GigabitEthernet1/0/4 Table 11 Command output Field Description VLAN type...

  • Page 567: Port Private-Vlan Host

    Field Description address are processed correctly. Description VLAN description. Name VLAN name. Tagged ports Tagged members of the VLAN. Untagged ports Untagged members of the VLAN. Related commands (VLAN view) private-vlan private-vlan primary port private-vlan host to configure a port as a host port. port private-vlan host to restore the default.

  • Page 568: Port Private-Vlan Promiscuous

    command is mutually exclusive with the port private-vlan host port private-vlan trunk promiscuous port private-vlan trunk secondary commands. Examples In this example, VLAN 20 is a secondary VLAN and is associated with primary VLAN 2. # Configure GigabitEthernet 1/0/1 as a host port, and then verify the configuration. <Sysname>...
  • Page 569 Syntax port private-vlan vlan-id promiscuous undo port private-vlan Default A port is not a promiscuous port of any VLANs. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters : Specifies a VLAN ID in the range of 1 to 4094. Though VLAN 1 is in the valid value range, vlan-id it cannot be configured in the command.
  • Page 570 [Sysname-GigabitEthernet1/0/1] display this interface GigabitEthernet1/0/1 port link-mode bridge return # Configure GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2, and then verify the configuration. [Sysname-GigabitEthernet1/0/1] port private-vlan 2 promiscuous [Sysname-GigabitEthernet1/0/1] display this interface GigabitEthernet1/0/1 port link-mode bridge port link-type hybrid port private-vlan 2 promiscuous undo port hybrid vlan 1 port hybrid vlan 2 20 untagged...

  • Page 571: Port Private-Vlan Trunk Promiscuous

    (VLAN view) private-vlan private-vlan primary port private-vlan trunk promiscuous to configure a port as a trunk promiscuous port port private-vlan trunk promiscuous of the specified VLANs and assign the port to these VLANs. to cancel the trunk promiscuous undo port private-vlan trunk promiscuous attribute of a port in the specified VLANs.
  • Page 572 You can configure the specified VLANs as primary VLANs before or after you execute this command. This command is mutually exclusive with the port private-vlan host port private-vlan commands. promiscuous port private-vlan trunk secondary For an uplink port to permit multiple primary VLANs, use the port private-vlan trunk command to assign the port to these VLANs.

  • Page 573: Port Private-Vlan Trunk Secondary

    return The output shows that: • GigabitEthernet 1/0/1 is removed from VLANs 2 and 3. • GigabitEthernet 1/0/1 is a tagged member of VLANs 20 and 30. • The port link type and PVID of GigabitEthernet 1/0/1 do not change. Related commands port private-vlan host port private-vlan promiscuous...
  • Page 574 • For a trunk port, the device does not change the port link type or PVID. • For a hybrid port, the device does not change the port link type or PVID. If the port has been an untagged or tagged member of part of the secondary VLANs and ...
  • Page 575 [Sysname-GigabitEthernet1/0/1] display this interface GigabitEthernet1/0/1 port link-mode bridge port link-type hybrid port hybrid vlan 2 3 20 30 tagged port hybrid vlan 1 untagged port private-vlan 20 30 trunk secondary return The output shows that: GigabitEthernet 1/0/1 is a trunk secondary port of VLANs 20 and 30. ...

  • Page 576: Private-Vlan (Vlan Interface View)

    port link-type hybrid port hybrid vlan 10 tagged port hybrid vlan 1 untagged port private-vlan 10 trunk secondary return The output shows that: GigabitEthernet 1/0/1 is a trunk secondary port of VLAN 10.  GigabitEthernet 1/0/1 is a tagged member of VLAN 10. ...
  • Page 577 Views VLAN interface view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 10 secondary VLAN items. Each item vlan-id-list specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to .

  • Page 578: Private-Vlan (Vlan View)

    # Assign downlink port GigabitEthernet 1/0/3 to VLAN 3 and configure the port as a host port. [Sysname] interface gigabitethernet 1/0/3 [Sysname-GigabitEthernet1/0/3] port access vlan 3 [Sysname-GigabitEthernet1/0/3] port private-vlan host [Sysname-GigabitEthernet1/0/3] quit # Assign downlink port GigabitEthernet 1/0/4 to VLAN 4 and configure the port as a host port. [Sysname] interface gigabitethernet 1/0/4 [Sysname-GigabitEthernet1/0/4] port access vlan 4 [Sysname-GigabitEthernet1/0/4] port private-vlan host...

  • Page 579: Private-Vlan Community

    Usage guidelines A primary VLAN can be associated with multiple secondary VLANs. When you execute this command in the same VLAN view multiple times, all the specified secondary VLANs are associated with the primary VLAN. The configuration synchronization is triggered based on the interface configuration when the following conditions exist: •...

  • Page 580: Private-Vlan Isolated

    Examples This example shows how to meet the following requirements: • VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2. • GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2. • GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 are host ports. •...
  • Page 581 Views VLAN view Predefined user roles network-admin Usage guidelines This command takes effect when the following conditions exist: • The secondary VLAN is associated with a primary VLAN. • The ports are configured as host ports or trunk secondary ports of the secondary VLAN. This command is mutually exclusive with the primary VLAN configuration commands.

  • Page 582: Private-Vlan Primary

    private-vlan primary to configure a VLAN as a primary VLAN. private-vlan primary to restore the default. undo private-vlan primary Syntax private-vlan primary undo private-vlan primary Default A VLAN is not a primary VLAN. Views VLAN view Predefined user roles network-admin Usage guidelines The configuration synchronization is triggered based on the interface configuration when the following conditions exist:...
  • Page 583 OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone Table 12 Command output...
  • Page 584 Predefined user roles network-admin network-operator Examples # Display voice VLAN information. <Sysname> display voice-vlan state Current voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled ports and their modes: Port VLAN Mode DSCP GE1/0/1 Auto...

  • Page 585: Voice-Vlan Aging

    Default The voice VLAN aging timer is 1440 minutes (24 hours). Views System view Predefined user roles network-admin Parameters minutes : Sets the voice VLAN aging timer to 0 minutes or a value in the range of 5 to 43200 minutes.

  • Page 586: Voice-Vlan Mac-Address

    Table 14 System default OUI addresses Number OUI address Vendor 0001-e300-0000 Siemens phone 0003-6b00-0000 Cisco phone 0004-0d00-0000 Avaya phone 000f-e200-0000 H3C Aolynk phone 0060-b900-0000 Philips/NEC phone 00d0-1e00-0000 Pingtel phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone Views System view Predefined user roles...

  • Page 587: Voice-Vlan Mode Auto

    : Specifies the valid length of the OUI address by using a mask in the format of mask oui-mask H-H-H. The mask contains consecutive 1s and 0s. For example, ffff-0000-0000. To match the voice devices of a vendor, set the mask to ffff-ff00-0000. : Specifies the OUI address description, a case-sensitive string of 1 to 30 description text characters.

  • Page 588: Voice-Vlan Security Enable

    Related commands display voice-vlan state voice-vlan security enable to enable the voice VLAN security mode. voice-vlan security enable to disable the voice VLAN security mode. undo voice-vlan security enable Syntax voice-vlan security enable undo voice-vlan security enable Default The voice VLAN security mode is enabled. Views System view Predefined user roles...
  • Page 589 Examples # Enable LLDP for automatic IP phone discovery. <Sysname> system-view [Sysname] voice-vlan track lldp...
  • Page 590 Contents MVRP commands ·························································································· 1 display mvrp running-status ······················································································································· 1 display mvrp state ······································································································································ 2 display mvrp statistics ································································································································ 3 mrp timer join ············································································································································· 5 mrp timer leave ·········································································································································· 6 mrp timer leaveall ······································································································································· 7 mrp timer periodic ······································································································································ 8 mvrp enable ···············································································································································...

  • Page 591: Mvrp Commands

    MVRP commands display mvrp running-status to display MVRP running status. display mvrp running-status Syntax display mvrp running-status [ interface interface-list ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a range of Ethernet interfaces in the form of interface interface-list interface-type interface-number1 [ to interface-type interface-number2 ] argument represents the interface type and...

  • Page 592: Display Mvrp State

    Running Status : Disabled Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : None Declared VLANs : None Propagated VLANs : None Table 1 Command output Field Description...

  • Page 593: Display Mvrp Statistics

    Syntax display mvrp state interface interface-type interface-number vlan vlan-id Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a port by its type and number. interface interface-type interface-number : Specifies a VLAN by its VLAN ID in the range of 1 to 4094. vlan vlan-id Examples # Display the MVRP state of GigabitEthernet 1/0/1 in VLAN 2.
  • Page 594 Syntax display mvrp statistics [ interface interface-list ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a range of Ethernet interfaces in the form of interface interface-list interface-type interface-number1 [ to interface-type interface-number2 ] argument represents the interface type and interface-type interface-number interface number.

  • Page 595: Mrp Timer Join

    JoinIn Event Received In Event Received JoinMt Event Received Mt Event Received Leave Event Received LeaveAll Event Received Frames Transmitted New Event Transmitted JoinIn Event Transmitted In Event Transmitted JoinMt Event Transmitted Mt Event Transmitted Leave Event Transmitted LeaveAll Event Transmitted Frames Discarded Table 3 Command output Field...

  • Page 596: Mrp Timer Leave

    Syntax mrp timer join timer-value undo mrp timer join Default The Join timer is 20 centiseconds. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters : Specifies the Join timer value (in centiseconds). The Join timer must meet the timer-value following requirements: •...

  • Page 597: Mrp Timer Leaveall

    Parameters : Specifies the Leave timer value (in centiseconds). The Leave timer must meet the timer-value following requirements: • Greater than two times the Join timer. • Less than the LeaveAll timer. • Divisible by 20 centiseconds. Examples # Set the Leave timer to 100 centiseconds. (In this example, the Join timer and LeaveAll timer use their default settings.) <Sysname>...

  • Page 598: Mrp Timer Periodic

    To keep the dynamic VLANs learned through MVRP stable, do not set the LeaveAll timer less than its default value. The device randomly changes the LeaveAll timer within a certain range when an MRP participant restarts its LeaveAll timer. This prevents the LeaveAll timer of a particular participant from always expiring first.

  • Page 599: Mvrp Enable

    mvrp enable to enable MVRP on a port. mvrp enable to disable MVRP on a port. undo mvrp enable Syntax mvrp enable undo mvrp enable Default MVRP is disabled on a port. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines...

  • Page 600: Mvrp Gvrp-Compliance Enable

    Views System view Predefined user roles network-admin Usage guidelines For MVRP to take effect on a port, enable MVRP both on the port and globally. Examples # Enable MVRP globally. <Sysname> system-view [Sysname] mvrp global enable Related commands display mvrp running-status mvrp gvrp-compliance enable to enable GVRP compatibility for MVRP.

  • Page 601: Reset Mvrp Statistics

    Syntax mvrp registration { fixed | forbidden | normal } undo mvrp registration Default The MVRP registration mode is normal. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters : Specifies the fixed registration mode. fixed : Specifies the forbidden registration mode.
  • Page 602 Related commands display mvrp statistics...
  • Page 603 Contents QinQ commands ···························································································· 1 display qinq ················································································································································ 1 qinq enable ················································································································································· 2 qinq ethernet-type (interface view) ············································································································· 2 qinq ethernet-type (system view) ··············································································································· 3 qinq transparent-vlan ································································································································· 4...

  • Page 604: Qinq Commands

    QinQ commands This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.

  • Page 605: Qinq Enable

    Related commands qinq enable qinq enable to enable QinQ on an interface. qinq enable to disable QinQ on an interface. undo qinq enable Syntax qinq enable undo qinq enable Default QinQ is disabled on interfaces. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin...

  • Page 606: Qinq Ethernet-Type (System View)

    Parameters : Sets the TPID value in the SVLAN tag. service-tag : Sets a hexadecimal TPID value in the range of 1 to ffff, excluding the reserved hex-value EtherType values listed in Table Table 1 Reserved EtherType values Protocol type Value 0x0806 0x0200...

  • Page 607: Qinq Transparent-Vlan

    Default The TPID value in CVLAN tags is 8100 in hexadecimal notation. Views System view Predefined user roles network-admin Parameters : Sets the TPID value in the CVLAN tag. customer-tag : Sets a hexadecimal TPID value in the range of 1 to ffff, excluding the reserved hex-value EtherType values listed in Table...
  • Page 608 Syntax qinq transparent-vlan vlan-id-list undo qinq transparent-vlan { vlan-id-list | all } Default Transparent transmission is disabled for all VLANs. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 10 VLAN items. Each item specifies a vlan-id-list single VLAN ID or a VLAN ID range in the form of .
  • Page 609 Contents VLAN mapping commands ············································································ 1 display vlan mapping ·································································································································· 1 vlan mapping ·············································································································································· 2...
  • Page 610 VLAN mapping commands display vlan mapping to display VLAN mapping information. display vlan mapping Syntax display vlan mapping [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface by its type and interface interface-type interface-number number.
  • Page 611 Field Description This field displays N/A for one-to-one VLAN mapping. Related commands vlan mapping vlan mapping to configure VLAN mapping on an interface. vlan mapping to cancel the VLAN mapping configuration. undo vlan mapping Syntax vlan mapping vlan-id translated-vlan vlan-id nest range vlan-range-list | single vlan-id-list } nested-vlan vlan-id }...
  • Page 612 • Different one-to-one VLAN mapping entries cannot include the same translated VLANs. If you configure multiple one-to-one VLAN mapping entries for the same original VLANs, the most recent configuration takes effect. Before you enable or disable QinQ on a port, you must remove all VLAN mappings on the port. If you use both transparent VLANs and VLAN mappings on an interface, the transparent VLANs cannot be the following VLANs: •...
  • Page 613 Contents LLDP commands ··························································································· 1 cdp voice-vlan ············································································································································ 1 display lldp local-information ······················································································································ 1 display lldp neighbor-information ··············································································································· 9 display lldp statistics ································································································································· 16 display lldp status ····································································································································· 18 display lldp tlv-config ································································································································ 20 lldp admin-status ······································································································································ 24 lldp check-change-interval ······················································································································· 24 lldp compliance admin-status cdp ············································································································...

  • Page 614: Lldp Commands

    LLDP commands cdp voice-vlan to set the voice VLAN ID carried in CDP frames. cdp voice-vlan to restore the default. undo cdp voice-vlan Syntax cdp voice-vlan vlan-id undo cdp voice-vlan Default No voice VLAN ID is configured to be carried in CDP frames. Views Layer 2 Ethernet interface view Default command level...
  • Page 615 : Sysname System description H3C Comware Platform Software, Software Version 7.1.070, Release 6343P09 H3C IE4320-28S-PS1 Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved. System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Service Bridge...
  • Page 616 Management address interface type : IfIndex Management address interface ID : Unknown Management address OID Port VLAN ID(PVID): 1 Port and protocol VLAN ID(PPVID) : 12 Port and protocol VLAN supported : Yes Port and protocol VLAN enabled : Yes VLAN name of VLAN 12: VLAN 0012 Management VLAN ID Link aggregation supported : Yes...
  • Page 617 PoE PSE power source : Primary Port PSE priority : Critical Port available power value : 100.0 w PoE power information: Current power : 11592 mW Average power : 11610 mW Peak power : 11684 mW Table 1 Command output Field Description Chassis ID...
  • Page 618 Field Description SerialNum Serial number. Manufacturer name Device manufacturer. Model name Device model. Port ID type: • MAC address. Port ID type • Interface name. Port ID Port ID, the value of which depends on the port ID type. Management address interface Numbering type of the interface identified by the management address.
  • Page 619 Field Description • Type 1 PSE. • Type 2 PSE. Power source: • When the power supply type is PSE, options are: Unknown—Unknown power supply.  Primary—Primary power supply.  Backup—Backup power supply.  Reserved. Power source  • When the power supply type is PD, options are: Unknown—Unknown power supply.
  • Page 620 Field Description • Alternative A—PSE power supply in mode A. • Alternative B—PSE power supply in mode B. • Both Alternatives—PSE power supply in both mode A and mode This field is supported only on the UPWR switches. PSE power class for a dual-signature PD in mode A: •...
  • Page 621 Field Description This field is supported only on the UPWR switches. PSE maximum available power PSE maximum output power. This field is supported only on theUPWR switches. Autoclass support Indicates whether the PSE supports Autoclass. This field is supported only on theUPWR switches Autoclass completed Indicates whether the PSE has completed Autoclass.

  • Page 622: Display Lldp Neighbor-Information

    display lldp neighbor-information to display the LLDP information received from display lldp neighbor-information the neighboring devices. Syntax display lldp neighbor-information [ [ [ interface interface-type interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] [ verbose ] ] | list [ system-name system-name ] ] Views Any view Predefined user roles...
  • Page 623 : Sysname H3C Comware Platform Software, Software Version 7.1.070, Release 6343P09 H3C IE4320-28S-PS1 Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved. System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Customer Bridge...
  • Page 624 # Display brief LLDP information that all LLDP agents received from all neighboring devices. <Sysname> display lldp neighbor-information LLDP neighbor-information of port 3[GigabitEthernet1/0/3]: LLDP agent nearest-bridge: LLDP neighbor index : 3 ChassisID/subtype : 0011-2233-4400/MAC address PortID/subtype : 000c-29f5-c71f/MAC address Capabilities : Bridge, Router, Customer Bridge LLDP neighbor index : 6 ChassisID/subtype...
  • Page 625 Field Description • Network address (ipv4). • Interface name. • Locally assigned—Locally-defined chassis type other than those listed above. ID that identifies the LLDP sending device, which can be a MAC Chassis ID address, a network address, an interface, or some other value, depending on the chassis ID type of the neighboring device.
  • Page 626 Field Description Link aggregation supported Indicates whether link aggregation is supported. Link aggregation enabled Indicates whether link aggregation is enabled. Aggregation port ID Member port ID, which is 0 when link aggregation is disabled. Auto-negotiation supported Indicates whether autonegotiation is supported on the port. Auto-negotiation enabled Indicates whether autonegotiation is enabled on the port.
  • Page 627 Field Description 4-pair dual-signature PD requested power in mode A, in watts. This field is supported only on the UPWR switches. PD requested power value mode B 4-pair dual-signature PD requested power in mode B, in watts. This field is supported only on the UPWR switches. PSE allocated power value alternative A 4-pair PSE allocated power value in mode A, in watts.
  • Page 628 Field Description • Class 4. • Class 5. • Single-signature PD or 2-pair only PSE—A single-signature PD is connected or a 2-pair PSE power supply is used. This field is supported only on the UPWR switches. PSE power class when a single-signature PD is connected or a 2-pair PSE power supply is used.

  • Page 629: Display Lldp Statistics

    Field Description Capabilities enabled on the neighboring device: • Repeater—Signal repeating is enabled. • Bridge—Switching is enabled. • Router—Routing is enabled. • Telephone—The neighboring device is acting as a telephone. • Capabilities DocsisCableDevice—The neighboring device is acting as a DOCSIS-compliant cable device. •...
  • Page 630 Examples # Display the global LLDP statistics and the LLDP statistics of all ports. <Sysname> display lldp statistics LLDP statistics global information: LLDP neighbor information last change time:0 days, 0 hours, 4 minutes, 40 seconds The number of LLDP neighbor information inserted : 1 The number of LLDP neighbor information deleted The number of LLDP neighbor information dropped The number of LLDP neighbor information aged out : 1...

  • Page 631: Display Lldp Status

    The number of CDP error frames # Display the LLDP statistics for the nearest customer bridge agents on GigabitEthernet 1/0/1. <Sysname> display lldp statistics interface GigabitEthernet1/0/1 agent nearest-customer LLDP statistics information of port 1 [GigabitEthernet1/0/1]: LLDP agent nearest-customer: The number of LLDP frames transmitted The number of LLDP frames received The number of LLDP frames discarded The number of LLDP error frames...
  • Page 632 : Specifies nearest bridge agents. nearest-bridge : Specifies nearest customer bridge agents. nearest-customer : Specifies nearest non-TPMR bridge agents. nearest-nontpmr Examples # Display the global LLDP status and the LLDP status of each port. <Sysname> display lldp status Global status of LLDP: Enable Bridge mode of LLDP: customer-bridge The current number of LLDP neighbors: 5 The current number of CDP neighbors: 0...

  • Page 633: Display Lldp Tlv-Config

    Trap flag : No MED trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 12 Number of received unknown TLV : 5 Table 4 Command output Field Description Bridge mode of LLDP...
  • Page 634 Syntax display lldp tlv-config [ interface interface-type interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a port by its type and number. interface interface-type interface-number If you do not specify this option, the command displays the types of advertisable optional TLVs of all ports.
  • Page 635 Extended Power via MDI TLV Inventory TLV LLDP agent nearest-nontpmr: NAME STATUS DEFAULT Basic optional TLV: Port Description TLV System Name TLV System Description TLV System Capabilities TLV Management Address TLV IEEE 802.1 extend TLV: Port VLAN ID TLV Port And Protocol VLAN ID TLV VLAN Name TLV DCBX TLV EVB TLV...
  • Page 636 Maximum Frame Size TLV LLDP-MED extend TLV: Capabilities TLV Network Policy TLV Location Identification TLV Extended Power via MDI TLV Inventory TLV Table 5 Command output Field Description LLDP tlv-config of port 1 Advertisable optional TLVs of port 1. NAME TLV type.

  • Page 637: Lldp Admin-Status

    lldp admin-status to set the LLDP operating mode. lldp admin-status to restore the default. undo lldp admin-status Syntax In Layer 2 Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] admin-status { disable | rx | tx | txrx } undo lldp [ agent { nearest-customer | nearest-nontpmr } ] admin-status In Layer 2 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } admin-status { disable...

  • Page 638: Lldp Compliance Admin-Status Cdp

    Syntax In Layer 2 Ethernet interface view: lldp agent nearest-customer nearest-nontpmr check-change-interval interval undo lldp agent nearest-customer nearest-nontpmr check-change-interval In Layer 2 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } check-change-interval interval undo lldp agent nearest-customer nearest-nontpmr check-change-interval Default LLDP polling is disabled.

  • Page 639: Lldp Compliance Cdp

    Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters : Specifies the Disable mode. CDP-compatible LLDP in this mode cannot receive or disable transmit CDP packets. : Specifies the TxRx mode. CDP-compatible LLDP in this mode can send and receive CDP txrx packets.

  • Page 640: Lldp Enable

    Examples # Enable CDP compatibility. <Sysname> system-view [Sysname] lldp compliance cdp Related commands lldp hold-multiplier lldp timer tx-interval lldp enable to enable LLDP on a port. lldp enable to disable LLDP on a port. undo lldp enable Syntax lldp enable undo lldp enable Default LLDP is enabled on a port.

  • Page 641: Lldp Fast-Count

    lldp agent { nearest-customer | nearest-nontpmr } encapsulation snap undo lldp agent { nearest-customer | nearest-nontpmr } encapsulation Default The encapsulation format for LLDP frames is Ethernet II. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters : Specifies an LLDP agent type.

  • Page 642: Lldp Global Enable

    Examples # Configure the device to send five LLDP frames each time fast LLDP frame transmission is triggered. <Sysname> system-view [Sysname] lldp fast-count 5 lldp global enable to enable LLDP globally. lldp global enable undo lldp global enable to disable LLDP globally. Syntax lldp global enable undo lldp global enable...

  • Page 643: Lldp Global Tlv-Enable Basic-Tlv Management-Address-Tlv

    Default An interface advertises port ID TLVs that contain interface MAC addresses if it receives LLDP-MED TLVs and advertises port ID TLVs that contain interface names if no LLDP-MED TLVs are received. Views System view Predefined user roles network-admin Parameters : Specifies an LLDP agent type.
  • Page 644 Views System view Predefined user roles network-admin Parameters : Specifies an LLDP agent type. If you do not specify an agent type, this command applies to agent the nearest bridge agent. • : Specifies the nearest customer bridge agent. nearest-customer •...

  • Page 645: Lldp Hold-Multiplier

    Examples # Enable advertisement of the management address TLV globally and set the advertised management address to 192.168.1.1. <Sysname> system-view [Sysname] lldp agent nearest-customer global tlv-enable basic-tlv management-address-tlv 192.168.1.1 Related commands lldp tlv-enable lldp hold-multiplier to set the TTL multiplier. lldp hold-multiplier restore the default.

  • Page 646: Lldp Local-Information All-Interface

    By default, the command displays information about display lldp local-information physically up interfaces. The media devices from some vendors can obtain interface information from H3C devices only through LLDP. For the media devices to obtain all interface information,...

  • Page 647: Lldp Management-Address

    enable the command to display LLDP local information display lldp local-information about all interfaces. Examples # Enable displaying LLDP local information about all interfaces. <Sysname> system-view [Sysname] lldp local-information all-interface Related commands display lldp local-information lldp management-address to enable the device to generate an ARP or ND entry after lldp management-address receiving an LLDP frame that carries a management address TLV.

  • Page 648: Lldp Management-Address-Format String

    the source MAC address of LLDP frames. This ensures that the LLDP neighbor can learn correct ARP or ND entries. Examples # Configure GigabitEthernet 1/0/1 to generate an ARP entry after receiving an LLDP frame carrying an IPv4 management address TLV. <Sysname>...

  • Page 649: Lldp Max-Credit

    Examples # Set the encoding format of the management address to string for the nearest customer bridge agents on GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lldp agent nearest-customer management-address-format string lldp max-credit to set the token bucket size for sending LLDP frames. lldp max-credit to restore the default.

  • Page 650: Lldp Notification Med-Topology-Change Enable

    Parameters : Specifies the service bridge mode. service-bridge Usage guidelines The LLDP agent types supported by LLDP depend on the LLDP bridge mode: • Service bridge mode—LLDP supports nearest bridge agents and nearest non-TPMR bridge agents. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in a VLAN.

  • Page 651: Lldp Source-Mac Vlan

    to disable LLDP trapping. undo lldp notification remote-change enable Syntax In Layer 2 Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] notification remote-change enable undo lldp [ agent { nearest-customer | nearest-nontpmr } ] notification remote-change enable In Layer 2 aggregate interface view: lldp agent...

  • Page 652: Lldp Timer Fast-Interval

    Views Layer 2 Ethernet interface view Default command level network-admin Parameters : Specifies a VLAN ID in the range of 1 to 4094. The MAC address of the VLAN vlan vlan-id interface will be used as the source MAC address of outgoing LLDP frames. Usage guidelines In Layer 2 Ethernet interface view, this command must be configured together with the lldp...

  • Page 653: Lldp Timer Notification-Interval

    <Sysname> system-view [Sysname] lldp timer fast-interval 2 lldp timer notification-interval lldp timer notification-interval to set the LLDP trap and LLDP-MED trap transmission interval. to restore the default. undo lldp timer notification-interval Syntax lldp timer notification-interval interval undo lldp timer notification-interval Default The LLDP trap and LLDP-MED trap transmission interval is 30 seconds.

  • Page 654: Lldp Timer Tx-Interval

    Examples # Set the LLDP reinitialization delay to 4 seconds. <Sysname> system-view [Sysname] lldp timer reinit-delay 4 lldp timer tx-interval to set the LLDP frame transmission interval. lldp timer tx-interval to restore the default. undo lldp timer tx-interval Syntax lldp timer tx-interval interval undo lldp timer tx-interval Default The LLDP frame transmission interval is 30 seconds.

  • Page 655: Lldp Tlv-Enable

    Default An interface advertises port ID TLVs that contain interface MAC addresses if it receives LLDP-MED TLVs and advertises port ID TLVs that contain interface names if no LLDP-MED TLVs are received. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters...
  • Page 656 { civic-address device-type country-code { ca-type ca-value }&<1-10> | elin-address tel-number } } } undo lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address | interface loopback interface-number ] } | dot1-tlv { all | port-vlan-id | link-aggregation | protocol-vlan-id | vlan-name | management-vid } | dot3-tlv { all | link-aggregation | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | network-policy [ vlan-id ] |...
  • Page 657 undo lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | management-address-tlv [ ipv6 ] [ ip-address ] | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id } } undo lldp agent nearest-customer tlv-enable { basic-tlv { all | management-address-tlv [ ipv6 ] [ ip-address ] | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id } }...
  • Page 658 : Advertises basic LLDP TLVs. basic-tlv management-address-tlv [ ipv6 ] [ ip-address | interface loopback : Advertises management address TLVs. The keyword indicates that interface-number ] ipv6 the management address to be advertised is in IPv6 format. The argument specifies ip-address the management address to be advertised.
  • Page 659 : Advertises port and protocol VLAN ID TLVs. The protocol-vlan-id [ vlan-id ] vlan-id argument specifies a VLAN ID in the TLVs to be advertised. The VLAN ID is in the range of 1 to 4094, and the default is the lowest VLAN ID on the port. : Advertises VLAN name TLVs.

  • Page 660: Lldp Tlv-Enable Private-Tlv

    Usage guidelines H3C-proprietary TLVs are defined to meet specific transmission requirements on network management. Devices of other vendors cannot identify H3C-proprietary TLVs carried in LLDPDUs. Only actual power TLVs are supported in the current software version. This type of TLV provides...

  • Page 661: Reset Lldp Statistics

    Examples # Configure nearest customer bridge agents to advertise actual power TLVs on interface GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] lldp agent neareset-customer tlv-enable private-tlv actual-power reset lldp statistics to clear LLDP statistics on ports. reset lldp statistics Syntax reset lldp statistics [ interface interface-type interface number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ]...
  • Page 662 Contents L2PT commands ··························································································· 1 display l2protocol statistics ························································································································· 1 l2protocol tunnel dot1q ······························································································································· 2 l2protocol tunnel-dmac ······························································································································· 4 l2protocol type tunnel-dmac ······················································································································· 4 reset l2protocol statistics ···························································································································· 6...

  • Page 663: L2Pt Commands

    L2PT commands display l2protocol statistics to display Layer 2 Protocol Tunneling (L2PT) statistics. display l2protocol statistics Syntax display l2protocol statistics interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a Layer 2 Ethernet or aggregate interface interface-type interface-number interface by its type and number.

  • Page 664: L2Protocol Tunnel Dot1Q

    LACP LLDP MVRP PAGP PVST Tunnel UDLD Table 1 Command output Field Description Protocol The DTP and CFD protocols. Number of encapsulated packets. The number increases by 1 when the interface receives and encapsulates a Encapsulated protocol packet from a customer network. For protocol Tunnel, which represents tunneled packets, this field displays N/A.
  • Page 665 l2protocol { cdp | cfd | gvrp | lacp | lldp | mvrp | pagp | pvst | stp | udld | vtp } tunnel dot1q undo l2protocol { cdp | cfd | gvrp | lacp | lldp | mvrp | pagp | pvst | stp | udld | vtp } tunnel dot1q Default L2PT is disabled for all protocols.

  • Page 666: L2Protocol Tunnel-Dmac

    [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo stp enable [Sysname-GigabitEthernet1/0/1] l2protocol stp tunnel dot1q # Disable STP and enable L2PT for STP on Bridge-Aggregation 1. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] undo stp enable [Sysname-Bridge-Aggregation1] l2protocol stp tunnel dot1q l2protocol tunnel-dmac to set the destination multicast MAC address for tunneled l2protocol tunnel-dmac packets of all protocols.
  • Page 667 Syntax l2protocol type { cdp | cfd | dldp | dtp | eoam | gvrp | lacp | lldp | mvrp | pagp | pvst | stp | udld | vtp } tunnel-dmac mac-address undo l2protocol type { cdp | cfd | dldp | dtp | eoam | gvrp | lacp | lldp | mvrp | pagp | pvst | stp | udld | vtp } tunnel-dmac Default The tunneled packets of all protocols use 010f-e200-0003 as the destination multicast MAC address.

  • Page 668: Reset L2Protocol Statistics

    Related commands l2protocol tunnel-dmac reset l2protocol statistics to clear L2PT statistics. reset l2protocol statistics Syntax reset l2protocol statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters : Specifies a Layer 2 Ethernet or aggregate interface interface-type interface-number interface by its type and number.
  • Page 669 Contents PPPoE relay commands ················································································ 1 PPPoE relay commands ···································································································································· 1 display pppoe-relay client-information ········································································································ 1 display pppoe-relay statistics ····················································································································· 2 pppoe-relay client-information format ········································································································· 3 pppoe-relay client-information strategy ······································································································ 5 pppoe-relay enable ···································································································································· 6 pppoe-relay server-information vendor-specific strip ················································································· 7 pppoe-relay trust ········································································································································...

  • Page 670: Pppoe Relay Commands

    PPPoE relay commands PPPoE relay commands display pppoe-relay client-information to display the vendor-specific tag display pppoe-relay client-information processing configuration for client-side packets on the PPPoE relay. Syntax display pppoe-relay client-information { format | strategy } Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 671: Display Pppoe-Relay Statistics

    Field Description client-information strategy PADR packets on the PPPoE relay: • Drop—Strips the vendor-specific tag from the PADI or PADR packets. • Keep—Keeps the vendor-specific tag unchanged. • Replace—Pads the vendor-specific tag in the configured padding format. The current interface Interface-level vendor-specific tag processing policy for the client-side PADI client-information strategy and PADR packets on the PPPoE relay.

  • Page 672: Pppoe-Relay Client-Information Format

    ALL = 5 PADI = 0 PADO = 5 PADR = 0 PADS = 0 PADT = 0 Packets dropped: Server responses from untrusted ports = 0 Client requests towards untrusted ports = 0 Malformed PPPoE Discovery packets = 0 Table 2 Command output Field Description...
  • Page 673 Predefined user roles network-admin Parameters : Specifies the circuit ID padding format. circuit-id : Specifies the remote ID padding format. remote-id Specifies ASCII string format. When this format configured, ascii %portname:%svlan.%cvlan %sysname is extracted and used as the circuit ID content, and "...

  • Page 674: Pppoe-Relay Client-Information Strategy

    When you use different padding formats, the packet contents are different. For example, the contents of the circuit ID are as follows: the user access interface is GigabitEthernet 1/0/1, the outer VLAN ID is 200, the inner VLAN ID is 100, and the system name of the PPPoE relay is Sysname. The contents of the remote ID are as follows: the MAC address of the PPPoE relay is 04f9-38a9-44b0.

  • Page 675: Pppoe-Relay Enable

    Predefined user roles network-admin Parameters : Strips the vendor-specific tag from the PADI or PADR packets. drop : Keeps the vendor-specific tag unchanged. keep : Pads the vendor-specific tag in the configured format. replace Usage guidelines This feature can be configured both in system view and in interface view. The configuration in system view takes effect on all interfaces.

  • Page 676: Pppoe-Relay Server-Information Vendor-Specific Strip

    pppoe-relay server-information vendor-specific strip to enable an interface pppoe-relay server-information vendor-specific strip to strip the vendor-specific tags of the PPPoE server-side packets. to disable an undo pppoe-relay server-information vendor-specific strip interface from stripping the vendor-specific tags of the PPPoE server-side packets. Syntax pppoe-relay server-information vendor-specific strip undo pppoe-relay server-information vendor-specific strip...

  • Page 677: Reset Pppoe-Relay Statistics

    Default An interface is a PPPoE relay untrusted port. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines A PPPoE relay-enabled device processes PPPoE protocol packets as follows: • When receiving PADI, PADR, and PADT on untrusted ports, the device can forward the packets out of only the trusted ports.
  • Page 678 Related commands reset pppoe-relay statistics...
  • Page 679 H3C IE4300 & IE4300-M & IE4320 Industrial Switch Series Layer 3—IP Services Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 63xx Document version: 6W101-20230116...
  • Page 680 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 681 Preface This command reference describes IP services configuration commands. This preface includes the following topics about the documentation: • Audience • Conventions • Documentation feedback Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...
  • Page 682 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 683 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 684 Contents ARP commands ····························································································· 1 arp check enable ········································································································································ 1 arp check log enable ·································································································································· 1 arp mac-interface-consistency check enable ····························································································· 2 arp max-learning-num ································································································································ 3 arp max-learning-number ··························································································································· 4 arp multiport ··············································································································································· 4 arp smooth ················································································································································· 5 arp static ····················································································································································· 6 arp timer aging ···········································································································································...

  • Page 685: Arp Commands

    ARP commands arp check enable to enable dynamic ARP entry check. arp check enable to disable dynamic ARP entry check. undo arp check enable Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Predefined user roles network-admin...

  • Page 686: Arp Mac-Interface-Consistency Check Enable

    Predefined user roles network-admin Usage guidelines This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The log information helps administrators locate and solve problems. The device can log the following ARP events: • On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the following IP addresses: The IP address of the receiving interface.

  • Page 687: Arp Max-Learning-Num

    to display MAC address entries. display mac-address Examples # Enable interface consistency check between ARP and MAC address entries. <Sysname> system-view interface- [Sysname] arp mac- consistency check enable Related commands (Layer 2—LAN Switching Command Reference) display mac-address arp max-learning-num to set the dynamic ARP learning limit on an interface. arp max-learning-num to restore the default.

  • Page 688: Arp Max-Learning-Number

    <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] arp max-learning-num 10 # Specify Layer 2 aggregate interface Bridge-Aggregation 1 to learn a maximum of 10 dynamic ARP entries. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] arp max-learning-num 10 arp max-learning-number to set the dynamic ARP learning limit on the device. arp max-learning-number to restore the default.

  • Page 689: Arp Smooth

    undo arp ip-address [ vpn-instance-name ] Default No multiport ARP entries exist. Views System view Predefined user roles network-admin Parameters : Specifies an IP address for the multiport ARP entry. ip-address : Specifies a MAC address for the multiport ARP entry, in the format of H-H-H. mac-address : Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094.

  • Page 690: Arp Static

    Views User view Predefined user roles network-admin Examples # Synchronize ARP entries from the master device to all subordinate devices. <Sysname> arp smooth arp static to configure a static ARP entry. arp static to delete an ARP entry. undo arp Syntax static ip-address...

  • Page 691: Arp Timer Aging

    • No local interface has an IP address in the same subnet as the IP address in the ARP entry. If you specify the argument, follow these vlan-id interface-type interface-number restrictions and guidelines: • The interface can be an Ethernet interface or an aggregate interface. •...

  • Page 692: Arp Timer Aging Probe-Count

    You can set the aging timer for dynamic ARP entries in system view or in interface view. The aging timer set in interface view takes precedence over the aging timer set in system view. Set the aging timer for dynamic ARP entries as needed. For example, when you configure proxy ARP, set a short aging time so that invalid dynamic ARP entries can be deleted in a timely manner.

  • Page 693: Arp Timer Aging Probe-Interval

    Usage guidelines This probe mechanism keeps legal dynamic ARP entries valid and avoids unnecessary ARP resolution during later traffic forwarding. This probe feature sends ARP requests for the IP address in a dynamic ARP entry. • If the device receives an ARP reply before the entry aging timer expires, the device resets the aging timer.

  • Page 694: Arp User-Ip-Conflict Record Enable

    Usage guidelines The probing feature keeps legal dynamic ARP entries valid and avoids unnecessary ARP resolution during later traffic forwarding. Before a dynamic ARP entry is aged out, the device sends ARP requests for the IP address in the ARP entry. •...

  • Page 695: Arp User-Move Record Enable

    information about the log destination and output rule configuration, see the information center in Network Management and Monitoring Configuration Guide. An IRF member device can generate a maximum of 10 user IP address conflict logs per second. To display user IP address conflict records, use the display arp user-ip-conflict record command.
  • Page 696 Views Any view Predefined user roles network-admin network-operator Parameters : Displays all ARP entries. : Displays dynamic ARP entries. dynamic : Displays multiport ARP entries. multiport : Displays static ARP entries. static : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays ARP entries for the master device.
  • Page 697 VPN instance : -- Link ID : -- Service instance : -- VXLAN ID : -- VSI name : -- VSI interface : -- Nickname : -- IP address : 1.1.1.4 MAC address : 00e0-fe60-5000 Type : Multiport Aging : -- Interface : -- VLAN...

  • Page 698: Display Arp Entry-Limit

    • O—OpenFlow. • R—Rule. • M—Multiport. • I—Invalid. Name of VPN instance. If no VPN instance is configured for the ARP entry, this VPN instance field displays hyphens (--). This field is not supported in the current software version. Ethernet service instance in an ARP entry. This field displays hyphens (--) if no Service instance Ethernet service instance is specified for the Layer 2 Ethernet interface or Layer 2 aggregate interface in the ARP entry.

  • Page 699: Display Arp Ip-Address

    display arp ip-address to display the ARP entry for an IP address. display arp ip-address Syntax display arp ip-address [ slot slot-number ] [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays the ARP entry for the specified IP address. ip-address : Specifies an IRF member device by its member ID.

  • Page 700: Display Arp Timer Aging

    Examples # Display the number of OpenFlow ARP entries. <Sysname> display arp openflow count Total number of OpenFlow ARP entries: 6 display arp timer aging to display the aging timer of dynamic ARP entries. display arp timer aging Syntax display arp timer aging Views Any view Predefined user roles...
  • Page 701 Examples # Display all user IP address conflict records. <Sysname> display arp user-ip-conflict record IP address: 10.1.1.1 System time: 2018-02-02 11:22:29 Conflict count: 1 Log suppress count: 0 Old interface: GigabitEthernet1/0/1 New interface: GigabitEthernet1/0/2 Old SVLAN/CVLAN: 100/2 New SVLAN/CVLAN: 100/2 Old MAC: 00e0-ca63-8141 New MAC: 00e0-ca63-8142 IP address: 10.1.1.2...

  • Page 702: Display Arp User-Move Record

    display arp user-move record to display user port migration records. display arp user-move record Syntax display arp user-move record [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number : Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays user port migration records for all member devices.

  • Page 703: Display Arp Vpn-Instance

    Table 3 Command output Field Description IP address IP address of the user. MAC address MAC address of the user. System time Time when the user port migration occurred. Move count Number of times that user port migrated. Log suppress count Number of times that the generation of user port migration logs is suppressed.

  • Page 704: Reset Arp

    reset arp to clear ARP entries from the ARP table. reset arp Syntax reset arp { all | dynamic | interface interface-type interface-number | multiport | slot slot-number | static } Views User view Predefined user roles network-admin Parameters : Clears all ARP entries. : Clears all dynamic ARP entries.

  • Page 705: Gratuitous Arp Commands

    Gratuitous ARP commands arp ip-conflict log prompt to enable IP conflict notification. arp ip-conflict log prompt to restore the default. undo arp ip-conflict log prompt Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default IP conflict notification is disabled. Views System view Predefined user roles...

  • Page 706: Gratuitous-Arp Mac-Change Retransmit

    Predefined user roles network-admin Parameters : Specifies the sending interval in the range of 200 to 200000 milliseconds. interval interval The default value is 2000 milliseconds. Usage guidelines This feature takes effect on an interface only when the interface has an IP address and the data link layer state of the interface is up.

  • Page 707: Gratuitous-Arp-Learning Enable

    Usage guidelines The device sends a gratuitous ARP packet to inform other devices of its MAC address change. However, the other devices might fail to receive the packet because the device sends the gratuitous ARP packet once only by default. Use this command to configure gratuitous ARP retransmission parameters to ensure that the other devices can receive the packet.
  • Page 708 Syntax gratuitous-arp-sending enable undo gratuitous-arp-sending enable Default A device does not send gratuitous ARP packets when it receives ARP requests whose sender IP address is on a different subnet. Views System view Predefined user roles network-admin Examples # Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.

  • Page 709: Proxy Arp Commands

    Proxy ARP commands display local-proxy-arp to display the local proxy ARP status. display local-proxy-arp Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface by its type and interface interface-type interface-number number.

  • Page 710: Local-Proxy-Arp Enable

    Usage guidelines You can use this command to check whether proxy ARP is enabled or disabled. Examples # Display the proxy ARP status on VLAN-interface 2. <Sysname> display proxy-arp interface vlan-interface 2 Interface Vlan-interface2 Proxy ARP status: disabled Related commands proxy-arp enable local-proxy-arp enable to enable local proxy ARP.

  • Page 711: Proxy-Arp Enable

    # Enable local proxy ARP on VLAN-interface 2 for an IP address range. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.20 Related commands display local-proxy-arp proxy-arp enable to enable proxy ARP. proxy-arp enable to disable proxy ARP. undo proxy-arp enable Syntax proxy-arp enable...

  • Page 712: Arp Snooping Commands

    ARP snooping commands arp snooping enable to enable ARP snooping. arp snooping enable to disable ARP snooping. undo arp snooping enable Syntax arp snooping enable undo arp snooping enable Default ARP snooping is disabled. Views VLAN view Predefined user roles network-admin Examples # Enable ARP snooping for VLAN 2.

  • Page 713: Reset Arp Snooping

    : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays ARP snooping entries for the master device. Examples # Display ARP snooping entries for VLAN 2. <Sysname> display arp snooping vlan 2 IP Address MAC Address VLAN ID Interface...
  • Page 714 : Deletes the ARP snooping entry for the specified IP address in VLANs. ip ip-address Examples # Delete ARP snooping entries for VLAN 2. <Sysname> reset arp snooping vlan 2 Related commands display arp snooping...

  • Page 715: Arp Direct Route Advertisement Commands

    ARP direct route advertisement commands arp route-direct advertise to enable ARP direct route advertisement. arp route-direct advertise to disable ARP direct route advertisement. undo arp route-direct advertise Syntax arp route-direct advertise undo arp route-direct advertise Default ARP direct route advertisement is disabled. Views Interface view Predefined user roles...
  • Page 716 Contents IP addressing commands ·············································································· 1 display ip interface ····································································································································· 1 display ip interface brief ····························································································································· 3 ip address ··················································································································································· 5 ip address unnumbered ····························································································································· 6...

  • Page 717: Ip Addressing Commands

    IP addressing commands display ip interface to display IP configuration and statistics for Layer 3 interfaces. display ip interface Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface by its type and number. If you do interface-type interface-number not specify an interface, this command displays IP configuration and statistics for all Layer 3 interfaces.
  • Page 718 IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 1 Command output Field Description Physical link state of the interface: • Administrative DOWN—The interface has been shut down by using shutdown command.

  • Page 719: Display Ip Interface Brief

    Field Description ICMP packet input number: Total number of ICMP packets received on the interface (statistics start at Echo reply: the device startup): • Unreachable: Echo reply packets. • Unreachable packets. Source quench: • Source quench packets. Routing redirect: • Routing redirect packets.
  • Page 720 Usage guidelines Information displayed by the command includes the state of the physical and link layer protocols, IP address, and interface descriptions. Examples # Display brief IP configuration for VLAN interfaces. <Sysname> display ip interface vlan-interface brief *down: administratively down (s): spoofing (l): loopback Interface...

  • Page 721: Ip Address

    Related commands display ip interface ip address ip address to assign an IP address to the interface. ip address to remove the IP address from the interface. undo ip address Syntax ip address ip-address { mask-length | mask } [sub ] undo ip address ip-address { mask-length | mask } [ irf-member member-id | sub ] Default...

  • Page 722: Ip Address Unnumbered

    [Sysname-Vlan-interface10] ip address 129.12.0.1 255.255.255.0 [Sysname-Vlan-interface10] ip address 202.38.160.1 255.255.255.0 sub Related commands display ip interface display ip interface brief ip address unnumbered to configure the current interface as IP unnumbered to borrow an ip address unnumbered IP address from the specified interface. to restore the default.
  • Page 723 Contents DHCP commands ·························································································· 1 Common DHCP commands ······························································································································· 1 dhcp client-detect ······································································································································· 1 dhcp dscp ··················································································································································· 1 dhcp enable ················································································································································ 2 dhcp log enable ·········································································································································· 2 dhcp select ················································································································································· 3 DHCP server commands ··································································································································· 4 address range ············································································································································ 4 bims-server ················································································································································...
  • Page 724 static-bind ················································································································································· 46 tftp-server domain-name ·························································································································· 47 tftp-server ip-address ······························································································································· 48 valid class ················································································································································· 49 verify class ··············································································································································· 49 voice-config ·············································································································································· 50 vpn-instance ············································································································································· 51 DHCP relay agent commands ························································································································· 52 dhcp relay check mac-address ················································································································ 52 dhcp relay check mac-address aging-time······························································································· 52 dhcp relay client-information record ·········································································································...
  • Page 725 dhcp snooping rate-limit ··························································································································· 95 dhcp snooping trust ·································································································································· 96 dhcp snooping trust interface ··················································································································· 97 display dhcp snooping binding ················································································································· 97 display dhcp snooping binding database ································································································· 99 display dhcp snooping information ········································································································· 100 display dhcp snooping packet statistics ································································································· 101 display dhcp snooping trust ····················································································································...

  • Page 726: Dhcp Commands

    DHCP commands Common DHCP commands dhcp client-detect to enable client offline detection on the DHCP server or DHCP relay dhcp client-detect agent. to disable client offline detection on the DHCP server or DHCP undo dhcp client-detect relay agent. Syntax dhcp client-detect undo dhcp client-detect Default Client offline detection is disabled on the DHCP server or DHCP relay agent.

  • Page 727: Dhcp Enable

    Views System view Predefined user roles network-admin Parameters : Specifies the DSCP value for DHCP packets, in the range of 0 to 63. dscp-value Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.

  • Page 728: Dhcp Select

    undo dhcp log enable Default DHCP server logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCP server to generate DHCP logs and send them to the information center. The information helps administrators to locate and solve problems. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

  • Page 729: Dhcp Server Commands

    Usage guidelines Before enabling a DHCP server to operate as a DHCP relay agent, use the reset dhcp server command to clear address bindings and authorized ARP entries. These authorized ip-in-use ARP entries might conflict with ARP entries that are created after the DHCP relay agent is enabled. When DHCP server proxy is enabled on the DHCP relay agent, the proxy forwards packets between the DHCP clients and DHCP server.

  • Page 730: Bims-Server

    Usage guidelines If no IP address range is specified, all IP addresses in the subnet specified by the network command in address pool view are assignable. If an IP address range is specified, only the IP addresses in the IP address range are assignable. After you use the command, you cannot use the address range...

  • Page 731: Bootfile-Name

    : Specifies the key string. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its string encrypted form is a case-sensitive string of 1 to 53 characters. The DHCP client uses the shared key to encrypt packets sent to the BIMS server. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect.

  • Page 732: Class Ip-Pool

    <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bootfile-name http://10.1.1.1/boot.cfg Related commands display dhcp server pool next-server tftp-server domain-name tftp-server ip-address class ip-pool to specify a DHCP address pool for a DHCP user class. class ip-pool to remove the DHCP address pool specified for a DHCP user class. undo class ip-pool Syntax class class-name ip-pool pool-name...

  • Page 733: Class Option-Group

    class option-group to specify a DHCP option group for a DHCP user class. class option-group to remove the configuration. undo class option-group Syntax class class-name option-group option-group-number undo class class-name option-group Default No DHCP option group is specified for a DHCP user class. Views DHCP address pool view Predefined user roles...

  • Page 734: Default Ip-Pool

    Default No IP address range is specified for a DHCP user class. Views DHCP address pool view Predefined user roles network-admin Parameters class-name : Specifies a DHCP user class name, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any clients.

  • Page 735: Dhcp Apply-Policy

    Views DHCP policy view Predefined user roles network-admin Parameters : Specifies a DHCP address pool by its name, a case-insensitive string of 1 to 63 pool-name characters. Usage guidelines In a DHCP policy, the DHCP server uses the default DHCP address pool to assign IP addresses and other parameters to clients that do not match any user classes.

  • Page 736: Dhcp Class

    Examples # Apply DHCP policy test to VLAN-interface 10. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] dhcp apply-policy test Related commands dhcp policy dhcp class to create a DHCP user class and enter its view, or enter the view of an existing dhcp class DHCP user class.

  • Page 737: Dhcp Option-Group

    dhcp option-group to create a DHCP option group and enter its view, or enter the view of dhcp option-group an existing DHCP option group. to delete a DHCP option group. undo dhcp option-group Syntax dhcp option-group option-group-number undo dhcp option-group option-group-number Default No DHCP option groups exist.

  • Page 738: Dhcp Server Always-Broadcast

    Parameters : Assigns a name to the DHCP policy. The policy name is a case-insensitive string of policy-name 1 to 63 characters. Usage guidelines In DHCP policy view, you can specify address pools for different user classes. Clients matching a user class will obtain IP addresses and other parameters from the specified address pool.

  • Page 739: Dhcp Server Apply Ip-Pool

    <Sysname> system-view [Sysname] dhcp server always-broadcast dhcp server apply ip-pool dhcp server apply ip-pool to apply an address pool to an interface. to restore the default. undo dhcp server apply ip-pool Syntax dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool Default No address pool is applied to an interface Views...

  • Page 740: Dhcp Server Bootp Reply-Rfc-1048

    Views System view Predefined user roles network-admin Usage guidelines The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests. Examples # Configure the DHCP server to ignore BOOTP requests.

  • Page 741: Dhcp Server Database Filename

    undo dhcp server check mac-address Default MAC address check is disabled on the DHCP server. Views Interface view Predefined user roles network-admin Usage guidelines This feature enables the DHCP server to compare the chaddr field of a received DHCP request with the source MAC address in the frame header.

  • Page 742: Dhcp Server Database Update Interval

    As a best practice, back up the bindings to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP server to malfunction. When the backup file is on a remote device, follow these restrictions and guidelines: •...

  • Page 743: Dhcp Server Database Update Now

    Examples # Set the waiting time to 10 minutes for the DHCP server to update the backup file. <Sysname> system-view [Sysname] dhcp server database update interval 600 Related commands dhcp server database filename dhcp server database update now dhcp server database update stop dhcp server database update now to manually save the DHCP bindings to the backup dhcp server database update now...

  • Page 744: Dhcp Server Forbidden-Ip

    Usage guidelines The DHCP server does not provide services during the binding download process. If the connection disconnects during the process, the waiting timeout timer is 60 minutes. When the timer expires, the DHCP server stops waiting and starts providing address allocation services. To enable the DHCP server to provide services without waiting for the connection to be repaired, use this command to terminate the download immediately.

  • Page 745: Dhcp Server Ip-Pool

    The address or address range specified in the command undo dhcp server forbidden-ip must be the same as that specified in the dhcp server forbidden-ip command. To remove an IP address from the specified address range, you must remove the entire address range. You can execute this command multiple times to exclude multiple IP address ranges from dynamic allocation.

  • Page 746: Dhcp Server Ping Packets

    dhcp server ping packets to set the maximum number of ping packets. dhcp server ping packets to restore the default. undo dhcp server ping packets Syntax dhcp server ping packets number undo dhcp server ping packets Default The maximum number of ping packets is 1. Views System view Predefined user roles...

  • Page 747: Dhcp Server Relay Information Enable

    Views System view Predefined user roles network-admin Parameters : Specifies the timeout time in the range of 0 to 10000 milliseconds. To disable the milliseconds ping operation for address conflict detection, set the value to 0 milliseconds. Usage guidelines To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.

  • Page 748: Dhcp Server Request-Ip-Address Check

    [Sysname] undo dhcp server relay information enable dhcp server request-ip-address check to enable the DHCP server to return a dhcp server request-ip-address check DHCP-NAK message if the client notions of their IP addresses are incorrect. to restore the default. undo dhcp server request-ip-address check Syntax dhcp server request-ip-address check undo dhcp server request-ip-address check...

  • Page 749: Display Dhcp Server Database

    network-operator Parameters : Displays conflict information about the specified IP address. If you do not specify ip ip-address this option, this command displays information about all IP address conflicts. : Specifies an MPLS L3VPN instance by its name, a vpn-instance vpn-instance-name case-sensitive string of 1 to 31 characters.

  • Page 750: Display Dhcp Server Expired

    Username Password Update interval 600 seconds Latest write time 8 16:09:53 2014 Status Last write succeeded. Table 2 Command output Field Description File name Name of the DHCP binding backup file. Username Username for accessing the URL of the remote backup file. Password for accessing the URL of the remote backup file.

  • Page 751: Display Dhcp Server Free-Ip

    Examples # Display all lease expiration information. <Sysname> display dhcp server expired IP address Client-identifier/Hardware address Lease expiration 4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2007 -2d45-7468-6572-6e65-7430-2f31 Table 3 Command output Field Description IP address Expired IP address. Client-identifier/Hardware address Client ID or MAC address. Lease expiration Time when the lease expired.

  • Page 752: Display Dhcp Server Ip-In-Use

    IP Ranges from 10.2.0.0 to 10.2.0.255 Pool name: 2 Network: 20.1.1.0 mask 255.255.255.0 IP ranges from 20.1.1.0 to 20.1.1.255 Table 4 Command output Field Description Pool name Name of the address pool. Network Assignable network. IP ranges Assignable IP address range. Secondary networks Assignable secondary networks.

  • Page 753: Display Dhcp Server Pool

    If the lease deadline exceeds the year 2100, the lease expiration time is displayed as After 2100. Examples # Display binding information about all assigned DHCP addresses. <Sysname> display dhcp server ip-in-use IP address Client-identifier/ Lease expiration Type Hardware address 10.1.1.1 4444-4444-4444 Not used...
  • Page 754 Predefined user roles network-admin network-operator Parameters : Displays information about the specified address pool. The pool name is a pool-name case-insensitive string of 1 to 63 characters. If you do not specify the argument, this pool-name command displays information about all address pools. : Specifies an MPLS L3VPN instance by its name, a vpn-instance vpn-instance-name case-sensitive string of 1 to 31 characters.
  • Page 755 voice-config voice-vlan 3 enable voice-config fail-over 20.1.3.6 123* option 2 ip-address 20.1.3.10 expired day 1 hour 0 minute 0 second 0 Pool name: 3 static bindings: ip-address 10.10.1.2 mask 255.0.0.0 hardware-address 00e0-00fc-0001 ethernet ip-address 10.10.1.3 mask 255.0.0.0 client-identifier aaaa-bbbb expired unlimited Table 6 Command output Field Description...

  • Page 756: Display Dhcp Server Statistics

    display dhcp server statistics to display the DHCP server statistics. display dhcp server statistics Syntax display dhcp server statistics pool pool-name vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an address pool by its name, a case-insensitive string of 1 to 63 pool pool-name characters.

  • Page 757: Dns-List

    Table 7 Command output Field Description Total number of address pools. This field is not displayed when you Pool number display statistics for a specific address pool. Pool usage rate: • If you display statistics for all address pools, this field displays the Pool utilization usage rate of all address pools.

  • Page 758: Domain-Name

    Views DHCP address pool view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to eight DNS servers. ip-address&<1-8> Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. If you do not specify any parameters, the command deletes all DNS server undo dns-list addresses in the DHCP address pool.

  • Page 759: Expired

    Related commands display dhcp server pool expired to set the lease duration in a DHCP address pool. expired to restore the default lease duration for a DHCP address pool. undo expired Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic DHCP address pool is one day.

  • Page 760: Forbidden-Ip

    forbidden-ip to exclude IP addresses from dynamic allocation in an address pool. forbidden-ip to remove the configuration. undo forbidden-ip Syntax forbidden-ip ip-address&<1-8> undo forbidden-ip [ ip-address&<1-8> ] Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles...

  • Page 761: If-Match

    Default No gateway address is configured in a DHCP address pool or a DHCP secondary subnet. Views DHCP address pool view DHCP secondary subnet view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 64 gateway addresses. Gateway ip-address&<1-64>...
  • Page 762 Predefined user roles network-admin Parameters : Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents rule rule-number a higher match priority. : Specifies a hardware address, a string of 4 to 39 hardware-address hardware-address characters.
  • Page 763 When you configure an rule, follow these guidelines: if-match hardware-address • The hardware address type supports only the MAC address. A rule does not match clients with hardware addresses of other types. • The specified hardware address must be of the same length as the client hardware addresses to be matched.

  • Page 764: Ip-In-Use Threshold

    # Configure match rule 6 for DHCP user class exam to match DHCP requests in which the giaddr field is 10.1.1.1. <Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 6 relay-agent 10.1.1.1 Related commands dhcp class ip-in-use threshold to set a threshold for the address pool usage alarming. ip-in-use threshold to restore the default.

  • Page 765: Netbios-Type

    undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to eight WINS server IP addresses. ip-address&<1-8> Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. If you do not specify any parameters, the command deletes all WINS server undo nbns-list...

  • Page 766: Network

    : Specifies the mixed node. An m-node client broadcasts the destination name. If it does not m-node receive a response, the m-node client unicasts the destination name to the WINS server to get the mapping. : Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast p-node message to get the mapping from the WINS server.

  • Page 767: Next-Server

    You can specify only one primary subnet for a DHCP address pool. If you execute the network command multiple times, the most recent configuration takes effect. You can specify up to 32 secondary subnets for a DHCP address pool. The primary subnet and secondary subnets in a DHCP address pool must not have the same network address and mask.
  • Page 768 <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] next-server 10.1.1.254 Related commands display dhcp server pool option to customize a DHCP option. option to remove a customized DHCP option. undo option Syntax option code { ascii ascii-string | hex-string | ip-address ip-address&<1-8>...

  • Page 769: Reset Dhcp Server Conflict

    DHCP options specified by dedicated commands take precedence over those specified by the commands. For example, if a DNS server address is specified by both the option dns-list command and the command, the server uses the address specified by the option 6 dns-list command.

  • Page 770: Reset Dhcp Server Expired

    reset dhcp server expired to clear binding information about expired IP addresses. reset dhcp server expired Syntax reset dhcp server expired ip-address vpn-instance vpn-instance-name ] | pool pool-name ] Views User view Predefined user roles network-admin Parameters : Clears binding information about the specified expired IP address. If you do not ip ip-address specify an IP address, this command clears binding information about all expired IP addresses.

  • Page 771: Reset Dhcp Server Statistics

    : Clears binding information about assigned IP addresses in the specified pool pool-name address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command clears binding information about assigned IP addresses in all address pools.

  • Page 772: Tftp-Server Domain-Name

    Views DHCP address pool view Predefined user roles network-admin Parameters : Specifies the IP address of the static binding. The natural mask is ip-address ip-address used if no mask length or mask is specified. : Specifies the mask length in the range of 1 to 30. mask-length : Specifies the mask, in dotted decimal format.

  • Page 773: Tftp-Server Ip-Address

    Default No TFTP server name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters domain-name : Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify TFTP server name aaa in DHCP address pool 0.

  • Page 774: Valid Class

    [Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.1 Related commands display dhcp server pool tftp-server domain-name valid class to add DHCP user classes to the whitelist. valid class to remove DHCP user classes from the whitelist. undo valid class Syntax valid class class-name&<1-8> undo valid class class-name&<1-8> Default No DHCP user class is listed on the whitelist.

  • Page 775: Voice-Config

    Views DHCP address pool view Predefined user roles network-admin Usage guidelines After you enable the DHCP user class whitelist, the DHCP server processes requests only from clients on the DHCP user class whitelist. The DHCP user class whitelist does not take effect on clients that request static IP addresses, and the server always processes their requests.

  • Page 776: Vpn-Instance

    Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Configure Option 184 in DHCP address pool 0. The primary and backup network calling processors are at 10.1.1.1 and 10.2.2.2, respectively. The voice VLAN 3 is enabled. The failover IP address is 10.3.3.3.

  • Page 777: Dhcp Relay Agent Commands

    <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] vpn-instance abc DHCP relay agent commands dhcp relay check mac-address to enable MAC address check on the relay agent. dhcp relay check mac-address to disable MAC address check on the relay agent. undo dhcp relay check mac-address Syntax dhcp relay check mac-address...

  • Page 778: Dhcp Relay Client-Information Record

    Syntax dhcp relay check mac-address aging-time time undo dhcp relay check mac-address aging-time Default The aging time is 30 seconds. Views System view Predefined user roles network-admin Parameters : Specifies the aging time for MAC address check entries, in the range of 30 to 600 seconds. time Usage guidelines This command takes effect only after you execute the...

  • Page 779: Dhcp Relay Client-Information Refresh

    [Sysname] dhcp relay client-information record Related commands dhcp relay client-information refresh dhcp relay client-information refresh enable dhcp relay client-information refresh to set the interval at which the DHCP relay dhcp relay client-information refresh agent refreshes relay entries. to restore the default. undo dhcp relay client-information refresh Syntax dhcp relay client-information refresh [ auto | interval interval ]...

  • Page 780: Dhcp Relay Dhcp-Server Timeout

    undo dhcp relay client-information refresh enable Default The DHCP relay agent periodically refreshes relay entries. Views System view Predefined user roles network-admin Usage guidelines A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.

  • Page 781: Dhcp Relay Gateway

    Predefined user roles network-admin Parameters : Specifies the DHCP server response timeout time in the range of 1 to 65535 seconds. time Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Set the DHCP server response timeout time to 60 seconds for DHCP server switchover on VLAN-interface 2.

  • Page 782: Dhcp Relay Information Circuit-Id

    Related commands gateway-list dhcp relay information circuit-id to configure the padding mode and padding dhcp relay information circuit-id format for the Circuit ID sub-option of Option 82. to restore the default. undo dhcp relay information circuit-id Syntax dhcp relay information circuit-id { bas | string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] [ interface ] } [ format { ascii | hex } ] } undo dhcp relay information circuit-id...

  • Page 783: Dhcp Relay Information Enable

    : Specifies the hex padding format. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration. Table 8 shows how the padding format is determined for different modes.

  • Page 784: Dhcp Relay Information Remote-Id

    Predefined user roles network-admin Usage guidelines This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id dhcp relay information...

  • Page 785: Dhcp Relay Information Strategy

    : Specifies the hex padding format. : Specifies the string mode that uses a case-sensitive string of 1 to 63 string remote-id characters as the content of the Remote ID sub-option. : Specifies the sysname mode that uses the device name as the content of the Remote ID sysname sub-option.

  • Page 786: Dhcp Relay Master-Server Switch-Delay

    Usage guidelines This command takes effect only on DHCP requests that contain Option 82. For DHCP requests that do not contain Option 82, the DHCP relay agent always adds Option 82 to the requests before forwarding the requests to the DHCP server. If the handling strategy is , configure a padding mode and padding format for Option 82.

  • Page 787: Dhcp Relay Release Ip

    Related commands dhcp relay server-address algorithm dhcp relay release ip to release a client IP address. dhcp relay release ip Syntax dhcp relay release ip ip-address [ vpn-instance vpn-instance-name ] Views System view Predefined user roles network-admin Parameters : Specifies the IP address to be released. ip-address : Specifies the MPLS L3VPN instance to which the vpn-instance vpn-instance-name...

  • Page 788: Dhcp Relay Server-Address Algorithm

    Parameters : Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP ip-address packets received from DHCP clients to this DHCP server. class class-name: Specifies a DHCP user class to match DHCP request packets. The class name is a case-sensitive string of 1 to 63 characters.

  • Page 789: Dhcp Relay Source-Address

    Default algorithm is used. The DHCP relay agent forwards DHCP requests to all DHCP polling servers at the same time. Views Interface view Predefined user roles network-admin Parameters : Forwards DHCP requests to the master DHCP server first. If the master server is master-backup not available or does not have assignable IP addresses, the relay agent forwards DHCP requests to backup DHCP servers in the order they are specified.

  • Page 790: Dhcp Smart-Relay Enable

    Parameters : Specifies the source IP address. ip-address : Uses the IP address of an interface as the interface interface-type interface-number source IP address. The arguments specify an interface interface-type interface-number by its type and number. Usage guidelines This command is required if multiple relay interfaces share the same IP address or if a relay interface does not have routes to DHCP servers.

  • Page 791: Dhcp-Server Timeout

    Examples # Enable the DHCP smart relay feature. <Sysname> system-view [Sysname] dhcp smart-relay enable Related commands dhcp select gateway-list dhcp-server timeout to set the DHCP server response timeout time for DHCP server dhcp-server timeout switchover. undo dhcp-server timeout to restore the default. Syntax dhcp-server timeout time undo dhcp-server timeout...

  • Page 792: Display Dhcp Relay Client-Information

    Views Any view Predefined user roles network-admin network-operator Examples # Display MAC address check entries on the DHCP relay agent. <Sysname> display dhcp relay check mac-address Source-MAC Interface Aging-time 23f3-1122-adf1 Vlan2 23f3-1122-2230 Vlan3 Table 9 Command output Field Description Source MAC Source MAC address of the attacker.

  • Page 793: Display Dhcp Relay Information

    Examples # Display all relay entries on the relay agent. <Sysname> display dhcp relay client-information Total number of client-information items: 2 Total number of dynamic items: 1 Total number of temporary items: 1 IP address MAC address Type Interface VPN name 10.1.1.5 00e0-0000-0000 Temporary...
  • Page 794 Parameters : Displays Option 82 configuration interface interface-type interface-number information for the specified interface. If you do not specify an interface, this command displays Option 82 configuration information about all interfaces. Examples # Display Option 82 configuration information for all interfaces. <Sysname>...

  • Page 795: Display Dhcp Relay Server-Address

    display dhcp relay server-address to display DHCP server addresses configured on display dhcp relay server-address an interface. Syntax display dhcp relay server-address interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays DHCP server addresses on the interface interface-type interface-number specified interface.
  • Page 796 Syntax display dhcp relay statistics interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays DHCP packet statistics on the interface interface-type interface-number specified interface. If you do not specify an interface, this command displays all DHCP packet statistics on the DHCP relay agent.

  • Page 797: Gateway-List

    BOOTPREQUEST: DHCP packets sent to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: Related commands reset dhcp relay statistics gateway-list to specify gateway addresses for DHCP clients in a DHCP address pool. gateway-list to remove gateway addresses from a DHCP address pool. undo gateway-list Syntax gateway-list ip-address&<1-64>...

  • Page 798: Master-Server Switch-Delay

    master-server switch-delay to enable the switchback to the master DHCP server and master-server switch-delay set the switchback delay time. to restore the default. undo master-server switch-delay Syntax master-server switch-delay delay-time undo master-server switch-delay Default The DHCP relay agent does not switch back to the master DHCP server. Views DHCP address pool view Predefined user roles...

  • Page 799: Remote-Server Algorithm

    Parameters : Specifies a space-separated list of up to eight DHCP server addresses. ip-address&<1-8> Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. If you do not specify a DHCP server address, the command removes all undo remote-server DHCP servers in the DHCP address pool.

  • Page 800: Reset Dhcp Relay Client-Information

    dhcp-server timeout master-server switch-delay remote-server reset dhcp relay client-information to clear relay entries on the DHCP relay agent. reset dhcp relay client-information Syntax reset dhcp relay client-information interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ] Views User view Predefined user roles network-admin Parameters...

  • Page 801: Dhcp Client Commands

    Examples # Clear all DHCP relay agent statistics. <Sysname> reset dhcp relay statistics Related commands display dhcp relay statistics DHCP client commands dhcp client class-id to configure Option 60. dhcp client class-id to restore the default. undo dhcp client class-id Syntax dhcp client class-id { ascii ascii-string | hex hex-string } undo dhcp client class-id...

  • Page 802: Dhcp Client Dscp

    to disable duplicate address detection. undo dhcp client dad enable Syntax dhcp client dad enable undo dhcp client dad enable Default Duplicate address detection is enabled. Views System view Predefined user roles network-admin Usage guidelines DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply.

  • Page 803: Dhcp Client Identifier

    [Sysname] dhcp client dscp 30 dhcp client identifier to configure a DHCP client ID for an interface. dhcp client identifier to restore the default. undo dhcp client identifier Syntax dhcp client identifier { ascii ascii-string | hex hex-string | mac interface-type interface-number } undo dhcp client identifier Default...
  • Page 804 Syntax display dhcp client verbose interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters verbose : Displays detailed DHCP client information. If you do not specify this keyword, the command displays brief DHCP client information. : Specifies an interface by its type and interface interface-type interface-number number.
  • Page 805 Table 13 Command output Field Description DHCP client information Information about the interface that acts as the DHCP client. Current state of the DHCP client: • HALT—The client stops applying for an IP address. • INIT—The initialization state. • SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers.

  • Page 806: Ip Address Dhcp-Alloc

    Related commands dhcp client identifier ip address dhcp-alloc ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition. ip address dhcp-alloc to cancel an interface from using DHCP. undo ip address dhcp-alloc Syntax ip address dhcp-alloc undo ip address dhcp-alloc Default •...
  • Page 807 Syntax dhcp snooping binding database filename { filename | url url } undo dhcp snooping binding database filename Default The DHCP snooping device does not back up DHCP snooping entries. Views System view Predefined user roles network-admin Parameters : Specifies the name of a local backup file. For information about the filename filename argument, see Fundamentals Configuration Guide.

  • Page 808: Dhcp Snooping Binding Database Update Interval

    dhcp snooping binding database update interval to set the waiting time for the dhcp snooping binding database update interval DHCP snooping device to update the backup file after a DHCP snooping entry change. to restore the default. undo dhcp snooping binding database update interval Syntax dhcp snooping binding database update interval interval undo dhcp snooping binding database update interval...

  • Page 809: Dhcp Snooping Binding Record

    This command takes effect only after you configure the DHCP snooping auto backup by using the dhcp snooping binding database filename command. Examples # Manually save DHCP snooping entries to the backup file. <Sysname> system-view [Sysname] dhcp snooping binding database update now Related commands dhcp snooping binding database filename dhcp snooping binding record...

  • Page 810: Dhcp Snooping Check Request-Message

    Default MAC address check for DHCP snooping is disabled. Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server.

  • Page 811: Dhcp Snooping Deny

    Examples # Enable DHCP-REQUEST check for DHCP snooping. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp snooping check request-message dhcp snooping deny to configure a port as DHCP packet blocking port. dhcp snooping deny to restore the default. undo dhcp snooping deny Syntax dhcp snooping deny undo dhcp snooping deny...

  • Page 812: Dhcp Snooping Enable

    If you do not enable DHCP snooping globally or for a VLAN, DHCP snooping is disabled on all interfaces on the device or on all interfaces in the VLAN. Views Interface view Predefined user roles network-admin Usage guidelines This command allows you to narrow down the interface range where DHCP snooping takes effect. For example, to enable DHCP snooping globally except for a specific interface, you can enable DHCP snooping globally and execute this command on the target interface.

  • Page 813: Dhcp Snooping Information Circuit-Id

    to disable DHCP snooping for VLANs. undo dhcp snooping enable vlan Syntax dhcp snooping enable vlan vlan-id-list undo dhcp snooping enable vlan vlan-id-list Default DHCP snooping is disabled for all VLANs. Views System view Predefined user roles network-admin Parameters : Specifies a space-separated list of up to 10 VLAN items. Each VLAN item vlan-id-list specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1...
  • Page 814 Predefined user roles network-admin Parameters : Specifies the extended normal mode. The padding content for the Circuit ID normal-extended sub-option includes the VLAN ID, slot number, and interface number. T : Pads the Circuit ID sub-option for packets received from the specified VLAN. If you vlan vlan-id do not specify a VLAN, the device pads the Circuit ID sub-option for packets received from the default VLAN.

  • Page 815: Dhcp Snooping Information Enable

    If no padding format is If the padding If the padding format Keyword (mode) format is ascii is hex ASCII for the node Hex for the VLAN ID. identifier and Ethernet ASCII for the node identifier, type. Ethernet type, chassis verbose ASCII.

  • Page 816: Dhcp Snooping Information Remote-Id

    Examples # Enable DHCP snooping to support Option 82. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp snooping information enable Related commands dhcp snooping information circuit-id dhcp snooping information remote-id dhcp snooping information strategy dhcp snooping information remote-id to configure the padding mode and padding dhcp snooping information remote-id format for the Remote ID sub-option.

  • Page 817: Dhcp Snooping Information Strategy

    Usage guidelines DHCP snooping uses ASCII to pad the specified string or device name for the Remote ID sub-option. The padding format for the normal padding mode is determined by the command configuration. If you execute this command multiple times, the most recent configuration takes effect. Examples # Pad the Remote ID sub-option with a character string of device001.

  • Page 818: Dhcp Snooping Information Vendor-Specific

    : Replaces the Option 82 with the configured Option 82 before forwarding the DHCP replace messages. If the DHCP messages do not carry Option 82, the device adds Option 82 according to the padding configuration before forwarding the DHCP messages. Usage guidelines This command takes effect only on DHCP requests that contain Option 82.

  • Page 819: Dhcp Snooping Log Enable

    : Specifies the access node identifier. If you do not specify this keyword, the node-identifier device pads the Vendor-Specific sub-option with the bridge MAC address of the access node as the node identifier. The padding format for the Vendor-Specific sub-option is ASCII. •...

  • Page 820: Dhcp Snooping Max-Learning-Num

    information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide. As a best practice, disable this feature if the log generation affects the device performance. Examples # Enable DHCP snooping logging. <Sysname>...

  • Page 821: Dhcp Snooping Trust

    Default The DHCP snooping packet rate limit is disabled on an interface. Views Layer 2 Ethernet interface/Layer 2 aggregate interface view Predefined user roles network-admin Parameters rate : Specifies the maximum rate in Kbps. The value range is 64 to 512. Usage guidelines This command takes effect only when DHCP snooping is enabled.

  • Page 822: Dhcp Snooping Trust Interface

    [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dhcp snooping trust Related commands display dhcp snooping trust dhcp snooping trust interface to configure an interface in a VLAN as a DHCP dhcp snooping trust interface snooping trusted port. to configure an interface in a VLAN as a DHCP undo dhcp snooping trust interface snooping untrusted port.
  • Page 823 Syntax display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ] [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays the DHCP snooping entry for the specified IP address. ip ip-address : Specifies the VLAN ID where the IP address resides. vlan vlan-id : Displays detailed DHCP snooping entry information.

  • Page 824: Display Dhcp Snooping Binding Database

    Field Description MAC address MAC address of the DHCP client. Lease Remaining lease duration in seconds. When both DHCP snooping and QinQ are enabled or the DHCP packet VLAN contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCP client resides.

  • Page 825: Display Dhcp Snooping Information

    Field Description Waiting time in seconds after a DHCP snooping entry change for the DHCP Update interval snooping device to update the backup file. Latest write time Time of the latest update. Status of the update: • Writing—The backup file is being updated. Status •...

  • Page 826: Display Dhcp Snooping Packet Statistics

    Vendor-specific: Padding format: BAS Node identifier: User defined(abcd) Table 17 Command output Field Description Interface Interface name. Option 82 status, Enable or Disable. Status Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or Strategy Replace. Circuit ID Content of the Circuit ID sub-option.

  • Page 827: Display Dhcp Snooping Trust

    Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays DHCP packet statistics for the master device. Examples # Display DHCP packet statistics for DHCP snooping. <Sysname>...

  • Page 828: Reset Dhcp Snooping Binding

    DHCP snooping configuration, this field displays a hyphen (-). This field is not supported in the current software version. VSI name of the VXLAN tunnel interface. This field is available when you VSI name configure the tunnel interface assigned to the VSI as a DHCP snooping trusted dhcp snooping trust tunnel interface by using the command.

  • Page 829: Bootp Client Commands

    Syntax reset dhcp snooping packet statistics [ slot slot-number ] Views User view Predefined user roles network-admin Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command clears DHCP packet statistics for the master device. Examples # Clear DHCP packet statistics for DHCP snooping.

  • Page 830: Ip Address Bootp-Alloc

    Field Description Allocated IP BOOTP client's IP address allocated by the BOOTP server. Value of the XID field in a BOOTP message. The BOOTP client chooses a random number for the XID field when sending a BOOTP request to the BOOTP server. It is used to match a Transaction ID response message from the BOOTP server.
  • Page 831 Contents DNS commands ···························································································· 1 display dns domain ···································································································································· 1 display dns host ········································································································································· 2 display dns server ······································································································································ 3 display ipv6 dns server ······························································································································· 4 dns domain ················································································································································· 5 dns dscp ····················································································································································· 5 dns proxy enable ········································································································································ 6 dns server ·················································································································································· 7 dns source-interface ···································································································································...

  • Page 832: Dns Commands

    DNS commands display dns domain to display the domain name suffixes. display dns domain Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays the domain name suffixes dynamically obtained through DHCP or other dynamic protocols.

  • Page 833: Display Dns Host

    display dns host to display information about domain name-to-IP address mappings. display dns host Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. : Specifies type AAAA queries.

  • Page 834: Display Dns Server

    Field Description Time in seconds that a mapping can be stored in the cache. For a static mapping, a hyphen (-) is displayed. Query type Query type: A and AAAA. Replied IP address: • IP addresses For a type A query, the replied IP address is an IPv4 address. •...

  • Page 835: Display Ipv6 Dns Server

    Field Description DNS server type: • S—A manually configured DNS server. Type • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server display ipv6 dns server to display IPv6 DNS server information.

  • Page 836: Dns Domain

    Field Description Outgoing Interface Output interface. Related commands ipv6 dns server dns domain to configure a domain name suffix. dns domain to delete the specified domain name suffix. undo dns domain Syntax dns domain domain-name [ vpn-instance vpn-instance-name ] undo dns domain domain-name [ vpn-instance vpn-instance-name ] Default No domain name suffix is configured.

  • Page 837: Dns Proxy Enable

    to restore the default. undo dns dscp Syntax dns dscp dscp-value undo dns dscp Default The DSCP value is 0 in DNS packets sent by a DNS client or DNS proxy. Views System view Predefined user roles network-admin Parameters : Specifies the DSCP value in the range of 0 to 63. dscp-value Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission...

  • Page 838: Dns Server

    dns server to specify the IPv4 address of a DNS server. dns server to remove the IPv4 address of a DNS server. undo dns server Syntax dns server ip-address [ vpn-instance vpn-instance-name ] undo dns server [ ip-address ] [ vpn-instance vpn-instance-name ] Default No DNS server IPv4 address is specified.

  • Page 839: Dns Spoofing

    Default No source interface is specified for DNS packets. The device uses the primary IP address of the output interface of the matching route as the source IP address for a DNS request. Views System view Predefined user roles network-admin Parameters : Specifies an interface by its type and number.

  • Page 840: Dns Trust-Interface

    Parameters : Specifies the IPv4 address used to spoof DNS requests. ip-address : Specifies an MPLS L3VPN instance by its name, a vpn-instance vpn-instance-name case-sensitive string of 1 to 31 characters. To enable DNS spoofing for the public network, do not specify this option.

  • Page 841: Ip Host

    This configuration applies to both IPv4 DNS and IPv6 DNS. You can configure a maximum of 128 DNS trusted interfaces on the device. If you do not specify an interface, the command removes all DNS undo dns trust-interface trusted interfaces and restores the default. Examples # Specify VLAN-interface 2 as a DNS trusted interface.

  • Page 842: Ipv6 Dns Dscp

    Related commands display dns host ipv6 dns dscp to set the DSCP value for IPv6 DNS packets sent by an IPv6 DNS client or ipv6 dns dscp IPv6 DNS proxy. to restore the default. undo ipv6 dns dscp Syntax ipv6 dns dscp dscp-value undo ipv6 dns dscp Default The DSCP value is 0 in IPv6 DNS packets sent by an IPv6 DNS client or IPv6 DNS proxy.

  • Page 843: Ipv6 Dns Spoofing

    Predefined user roles network-admin Parameters : Specifies the IPv6 address of a DNS server. ipv6-address : Specifies the output interface by its type and number. If interface-type interface-number you do not specify an interface, the device forwards DNS packets out of the output interface of the matching route.

  • Page 844: Ipv6 Host

    : Specifies an MPLS L3VPN instance by its name, a vpn-instance vpn-instance-name case-sensitive string of 1 to 31 characters. To enable DNS spoofing for the public network, do not specify this option. Usage guidelines Use the command together with the command.

  • Page 845: Reset Dns Host

    For the public network or a VPN instance, each host name maps to only one IPv6 address. If you execute this command multiple times, the most recent configuration takes effect. Do not use the command parameter , or ping ipv6 as the host name.
  • Page 846 Contents Basic IP forwarding commands ····································································· 1 display fib ··················································································································································· 1 ip forwarding-table save ····························································································································· 2...
  • Page 847 Basic IP forwarding commands display fib to display FIB entries. display fib Syntax display fib [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies a VPN instance by its name, a case-sensitive vpn-instance vpn-instance-name string of 1 to 31 characters.
  • Page 848 Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay F:FRR Destination/Mask Nexthop Flag OutInterface/Token Label 0.0.0.0/32 127.0.0.1 InLoop0 Null 20.20.20.0/24 20.20.20.25 M-GE0/0/0 Null 20.20.20.0/32 20.20.20.25 M-GE0/0/0 Null 20.20.20.25/32 127.0.0.1 InLoop0 Null 20.20.20.25/32 20.20.20.25 M-GE0/0/0 Null 20.20.20.255/32 20.20.20.25 M-GE0/0/0 Null # Display the FIB entries matching the destination IP address 10.2.1.1. <Sysname>...
  • Page 849 Syntax ip forwarding-table save filename filename Views Any view Predefined user roles network-admin Parameters : Specifies the name of a file, a string of 1 to 255 characters. For information filename filename about the argument, see file system management in Fundamentals Configuration Guide. filename Usage guidelines The command automatically creates the file if you specify a nonexistent file.
  • Page 850 Contents Fast forwarding commands ············································································ 1 display ip fast-forwarding aging-time ·········································································································· 1 display ip fast-forwarding cache ················································································································· 1 display ip fast-forwarding fragcache ··········································································································· 2 ip fast-forwarding aging-time ······················································································································ 3 ip fast-forwarding load-sharing ··················································································································· 4 reset ip fast-forwarding cache ···················································································································· 4...

  • Page 851: Fast Forwarding Commands

    Fast forwarding commands display ip fast-forwarding aging-time to display the aging time of fast forwarding display ip fast-forwarding aging-time entries. Syntax display ip fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of fast forwarding entries. <Sysname>...

  • Page 852: Display Ip Fast-Forwarding Fragcache

    Table 1 Command output Field Description Source IP address. SPort Source port number. Destination IP address. DPort Destination port number. Protocol number. Input interface type and number. Input_If If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-).

  • Page 853: Ip Fast-Forwarding Aging-Time

    7.0.0.13 8.0.0.1 GE1/0/3 Table 2 Command output Field Description Source IP address. SPort Source port number. Destination IP address. DPort Destination port number. Protocol number. Input interface type and number. Input_If If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-).

  • Page 854: Ip Fast-Forwarding Load-Sharing

    ip fast-forwarding load-sharing to enable fast forwarding load sharing. ip fast-forwarding load-sharing to disable fast forwarding load sharing. undo ip fast-forwarding load-sharing Syntax ip fast-forwarding load-sharing undo ip fast-forwarding load-sharing Default Fast forwarding load sharing is enabled. Views System view Predefined user roles network-admin Usage guidelines...
  • Page 855 Contents IP performance optimization commands ························································ 1 display icmp statistics ································································································································· 1 display ip statistics ····································································································································· 1 display rawip ·············································································································································· 3 display rawip verbose ································································································································· 4 display tcp ·················································································································································· 7 display tcp statistics ··································································································································· 7 display tcp verbose ···································································································································· 9 display udp ···············································································································································...
  • Page 856 IP performance optimization commands display icmp statistics to display ICMP statistics. display icmp statistics Syntax display icmp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays ICMP statistics for all member devices.
  • Page 857 Syntax display ip statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays IP packet statistics for all member devices. Usage guidelines IP statistics include information about received and sent packets, fragments, and reassembly.

  • Page 858: Display Rawip

    Field Description Statistics about fragments: • input—Total number of fragments received. • output—Total number of fragments sent. Fragment • dropped—Total number of fragments dropped. • fragmented—Total number of packets successfully fragmented. • couldn't fragment—Total number of packets failed to be fragmented. Statistics about reassembly: •...

  • Page 859: Display Rawip Verbose

    Field Description Protocol control block. display rawip verbose to display detailed information about RawIP connections. display rawip verbose Syntax display rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays detailed RawIP connection information for the specified PCB. The pcb pcb-index argument specifies the index of the PCB.
  • Page 860 Table 3 Command output Field Description Total RawIP socket number Total number of RawIP sockets. Connection information, including source IP address and destination Connection info IP address. Location Socket location. This field is not available on the centralized devices. Name of the operation that created the socket. The number in Creator brackets is the process number of the creator.
  • Page 861 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...

  • Page 862: Display Tcp

    display tcp to display brief information about TCP connections. display tcp Syntax display tcp [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays brief information about TCP connections for all member devices.
  • Page 863 Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays TCP traffic statistics for all member devices. Usage guidelines TCP traffic statistics include information about received and sent TCP packets and Syncache/syncookie.

  • Page 864: Display Tcp Verbose

    syncache entries removed due to bad ACK: 0 syncache entries removed due to ICMP unreachable: 0 SYN cookies sent: 0 SYN cookies received: 0 SACK related statistics: SACK recoveries: 1 SACK retransmitted segments: 0 (0 bytes) SACK blocks (options) received: 0 SACK blocks (options) sent: 0 SACK scoreboard overflows: 0 Other statistics:...
  • Page 865 Parameters : Displays detailed TCP connection information for the specified PCB. The index is pcb pcb-index a hexadecimal string in the range of 1 to ffffffffffffffff. : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays detailed information about TCP connections for all member devices.
  • Page 866 Field Description State State of the socket. Options Socket options. Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Receiving buffer • state—Buffer state: (cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer. ...
  • Page 867 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...

  • Page 868: Display Udp

    Field Description TCP options: • TF_MD5SIG—Enables MD5 signature. • TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP. • TF_NOOPT—No TCP options. • TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers. •...

  • Page 869: Display Udp Verbose

    Local Addr:port Foreign Addr:port Slot 0.0.0.0:69 0.0.0.0:0 0x0000000000000003 Table 6 Command output Field Description Local Addr:port Local IP address and port number. Foreign Addr:port Peer IP address and port number. PCB index. display udp statistics to display UDP traffic statistics. display udp statistics Syntax display udp statistics [ slot slot-number ]...
  • Page 870 Syntax display udp verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays detailed UDP connection information for the specified PCB. The index is pcb pcb-index a hexadecimal string in the range of 1 to ffffffffffffffff. : Specifies an IRF member device by its member ID.
  • Page 871 Field Description Name of the operation that created the socket. The number in brackets is Creator the process number of the creator. State Socket state. Options Socket option. Error Error code. Displays receive buffer information in the following order: • cc—Used space.

  • Page 872: Ip Forward-Broadcast

    Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...

  • Page 873: Ip Icmp Error-Interval

    Syntax ip forward-broadcast [ acl acl-number ] undo ip forward-broadcast Default An interface cannot forward directed broadcasts destined for the directly connected network. Views Interface view Predefined user roles network-admin Parameters : Specifies an ACL by its number. The interface forwards only the directed acl acl-number broadcasts permitted by the ACL.

  • Page 874: Ip Icmp Source

    undo ip icmp error-interval Default A token is placed in the bucket every 100 milliseconds, and the bucket allows a maximum of 10 tokens. Views System view Predefined user roles network-admin Parameters : Specifies the interval for tokens to arrive in the bucket. The value range is 0 to interval 2147483647 milliseconds.

  • Page 875: Ip Mtu

    Views System view Predefined user roles network-admin Parameters : Specifies an MPLS L3VPN instance to which the vpn-instance vpn-instance-name specified address belongs. The argument represents the VPN instance vpn-instance-name name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must exist. If you do not specify a VPN instance, the ip-address argument specifies an IP address on the public...

  • Page 876: Ip Reassemble Local Enable

    Fragmentation and reassembling consume system resources, so set an appropriate MTU to avoid fragmentation. If an interface supports both the commands, the device fragments a packet based ip mtu on the MTU set by the command. ip mtu Examples # Set the interface MTU for IPv4 packets to 1280 bytes on VLAN-interface 100. <Sysname>...

  • Page 877: Ip Ttl-Expires Enable

    Views System view Predefined user roles network-admin Usage guidelines ICMP redirect messages simplify host management and enable hosts to gradually optimize their routing tables. A host that has only one route destined for the default gateway sends all packets to the default gateway.

  • Page 878: Ip Unreachables Enable

    Examples # Enable sending ICMP time exceeded messages. <Sysname> system-view [Sysname] ip ttl-expires enable ip unreachables enable to enable sending ICMP destination unreachable messages. ip unreachables enable to disable sending ICMP destination unreachable undo ip unreachables enable messages. Syntax ip unreachables enable undo ip unreachables enable Default Sending ICMP destination unreachable messages is disabled.

  • Page 879: Reset Ip Statistics

    <Sysname> system-view [Sysname] ip unreachables enable reset ip statistics reset ip statistics to clear IP traffic statistics. Syntax reset ip statistics [ slot slot-number ] Views User view Predefined user roles network-admin Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command clears IP traffic statistics for all member devices.

  • Page 880: Reset Udp Statistics

    reset udp statistics to clear UDP traffic statistics. reset udp statistics Syntax reset udp statistics Views User view Predefined user roles network-admin Examples # Clear UDP traffic statistics. <Sysname> reset udp statistics Related commands display udp statistics tcp mss to set the TCP maximum segment size (MSS). tcp mss to restore the default.

  • Page 881: Tcp Path-Mtu-Discovery

    Examples # Set the TCP MSS to 300 bytes on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] tcp mss 300 tcp path-mtu-discovery to enable TCP path MTU discovery. tcp path-mtu-discovery to disable TCP path MTU discovery. undo tcp path-mtu-discovery Syntax tcp path-mtu-discovery [ aging age-time | no-aging ] undo tcp path-mtu-discovery...

  • Page 882: Tcp Timer Fin-Timeout

    Default SYN Cookie is disabled. Views System view Predefined user roles network-admin Usage guidelines A TCP connection is established through a three-way handshake: The sender sends a SYN packet to the server. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender.

  • Page 883: Tcp Timer Syn-Timeout

    Usage guidelines TCP starts the FIN wait timer when the state of a TCP connection changes to FIN_WAIT_2. If no FIN packet is received within the timer interval, the TCP connection is terminated. If a FIN packet is received, TCP changes the connection state to TIME_WAIT. If a non-FIN packet is received, TCP restarts the timer and tears down the connection when the timer expires.

  • Page 884: Tcp Window

    Default The TCP Timestamps option is encapsulated in outgoing TCP packets. Views System view Predefined user roles network-admin Usage guidelines Devices at each end of the TCP connection can calculate the RTT value by using the TCP Timestamps option carried in TCP packets. For security purpose in some networks, you can disable the TCP Timestamps option encapsulation at one end of the TCP connection to prevent intermediate devices from obtaining the option information.
  • Page 885 Contents UDP helper commands ·················································································· 1 display udp-helper interface ······················································································································· 1 reset udp-helper statistics ·························································································································· 1 udp-helper broadcast-map ························································································································· 2 udp-helper enable ······································································································································ 3 udp-helper port ··········································································································································· 3 udp-helper server ······································································································································· 4...

  • Page 886: Udp Helper Commands

    UDP helper commands display udp-helper interface to display information about broadcast to unicast display udp-helper interface conversion by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an interface by its type and number. interface-type interface-number Usage guidelines This command displays information about destination servers and total number of unicast packets...

  • Page 887: Udp-Helper Broadcast-Map

    Views User view Predefined user roles network-admin Examples # Clear the statistics about broadcast to unicast conversion by UDP helper. <Sysname> reset udp-helper statistics Related commands display udp-helper interface udp-helper broadcast-map to specify a multicast address for UDP helper to convert udp-helper broadcast-map broadcast to multicast.

  • Page 888: Udp-Helper Enable

    Examples # Configure UDP helper to convert received broadcast packets on VLAN-interface 100 to multicast packets destined for 225.0.0.1. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] udp-helper broadcast-map 225.0.0.1 udp-helper enable to enable UDP helper. udp-helper enable to disable UDP helper. undo udp-helper enable Syntax udp-helper enable...

  • Page 889: Udp-Helper Server

    undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } Default No UDP port numbers are specified for UDP helper. Views System view Predefined user roles network-admin Parameters : Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). port-number : Specifies the UDP port 53 used by DNS packets.
  • Page 890 Predefined user roles network-admin Parameters : Specifies the IP address of a destination server, in dotted decimal notation. ip-address : Forwards converted unicast packets to the server on the public network. global : Specifies an MPLS L3VPN instance to which the server vpn-instance vpn-instance-name belongs.
  • Page 891 Contents IPv6 basics commands ·················································································· 1 display ipv6 fib ············································································································································ 1 display ipv6 icmp statistics ························································································································· 2 display ipv6 interface ·································································································································· 3 display ipv6 interface prefix ························································································································ 7 display ipv6 nd snooping count vlan ·········································································································· 8 display ipv6 nd snooping vlan ···················································································································· 9 display ipv6 nd user-ip-conflict record ······································································································...
  • Page 892 ipv6 nd snooping glean source ················································································································ 62 ipv6 nd snooping lifetime ·························································································································· 63 ipv6 nd snooping max-learning-num ········································································································ 63 ipv6 nd snooping uplink···························································································································· 64 ipv6 nd user-ip-conflict record enable ······································································································ 64 ipv6 nd user-move record enable············································································································· 65 ipv6 neighbor ············································································································································ 66 ipv6 neighbor link-local minimize ·············································································································...

  • Page 893: Ipv6 Basics Commands

    IPv6 basics commands display ipv6 fib to display IPv6 FIB entries. display ipv6 fib Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address [ prefix-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an MPLS L3VPN instance by its name, a vpn-instance vpn-instance-name case-sensitive string of 1 to 31 characters.

  • Page 894: Display Ipv6 Icmp Statistics

    Field Description Nexthop Next hop address. Route flag: • U—Usable route. • G—Gateway route. • H—Host route. • Flags B—Black hole route. • D—Dynamic route. • S—Static route. • R—Recursive route. • F—Fast re-route. Time stamp Time when the IPv6 FIB entry was generated. Inner MPLS label.

  • Page 895: Display Ipv6 Interface

    unreachable address unreachable no port too big time exceed transit time exceed reassembly 0 redirect ratelimited other errors display ipv6 interface to display IPv6 interface information. display ipv6 interface Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] Views Any view Predefined user roles...
  • Page 896 FF02::1:FF65:4322 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs:...
  • Page 897 Field Description Global unicast addresses of the interface. IPv6 address states: • TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. • DUPLICATE—The address is not unique on the link. • PREFERRED—The address is preferred and can be used as the source or destination address of a packet.
  • Page 898 Field Description InFragDrops Received IPv6 fragments that are discarded because of certain errors. Received IPv6 fragments that are discarded because the amount of InFragTimeouts time they stay in the system buffer exceeds the specified interval. OutFragFails IPv6 packets that fail to be fragmented on the output interface. InUnknownProtos Received IPv6 packets with unknown or unsupported protocol type.

  • Page 899: Display Ipv6 Interface Prefix

    Field Description shutdown command. • down—The interface is administratively up but its physical state is down, possibly because of a connection or link failure. • up—The administrative and physical states of the interface are both Link layer protocol state of the interface: •...

  • Page 900: Display Ipv6 Nd Snooping Count Vlan

    Prefix: 4001::/64 Origin: STATIC Age: Flag: Lifetime(Valid/Preferred): 1000/200 Preference: 200 Table 4 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: • STATIC—Manually configured by using the ipv6 nd ra prefix command. Origin • RA—Advertised in RA messages after stateless autoconfiguration is enabled. •...

  • Page 901: Display Ipv6 Nd Snooping Vlan

    Examples # Display the total number of IPv6 ND snooping entries in all VLANs. <Sysname> display ipv6 nd snooping count vlan Total entries for VLANs: 5 # Display the total number of IPv6 ND snooping entries on GigabitEthernet 1/0/1. <Sysname> display ipv6 nd snooping count vlan interface gigabitethernet 1/0/1 Total entries on interface GE1/0/1: 2 Table 5 Command output Field...

  • Page 902: Display Ipv6 Nd User-Ip-Conflict Record

    Examples # Display brief information about IPv6 ND snooping entries for VLAN 1. <Sysname> display ipv6 nd snooping vlan 1 IPv6 address MAC address VID Interface Status 1::2 0000-1234-0c01 1 GE1/0/2 VALID # Display detailed information about IPv6 ND snooping entries for VLAN 1. <Sysname>...
  • Page 903 Syntax display ipv6 nd user-ip-conflict record [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays user IP address conflict records for all member devices. Examples # Display all user IPv6 address conflict records.
  • Page 904 ID of the outer VLAN or inner VLAN in the old ND entry. This field displays Old SVLAN/CVLAN hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN. ID of the outer VLAN or inner VLAN in the new ND entry. This field displays New SVLAN/CVLAN hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN.

  • Page 905: Display Ipv6 Neighbors

    SVLAN/CVLAN: 100/-- After: interface: GigabitEthernet1/0/2 SVLAN/CVLAN: 100/-- Table 8 Command output Field Description IPv6 address IPv6 address of the user. MAC address MAC address of the user. System time Time when the user port migration occurred. Move count Number of times the user port migrated. Log suppress count Number of times user port migration log generation has been suppressed.
  • Page 906 : Specifies an interface by its type and interface interface-type interface-number number. : Displays information about neighbors in the specified VLAN. The value range for vlan vlan-id VLAN ID is 1 to 4094. : Displays detailed neighbor information. verbose Examples # Display all neighbor information.

  • Page 907: Display Ipv6 Neighbors Count

    Field Description ID of the VLAN to which the interface connected to a neighbor belongs. This field displays N/A if the VLAN ID is invalid. Interface connected to a neighbor. If the interface name or link ID is not available, the Interface field displays N/A.

  • Page 908: Display Ipv6 Neighbors Entry-Limit

    Views Any view Predefined user roles network-admin network-operator Parameters : Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically. : Displays the total number of neighbor entries created dynamically. dynamic : Displays the total number of neighbor entries configured statically. static : Specifies an IRF member device by its member ID.
  • Page 909 Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an MPLS L3VPN instance by its name, a case-sensitive string of vpn-instance-name 1 to 31 characters. The VPN instance must already exist. : Displays the total number of neighbor entries in the specified VPN instance. count Examples # Display neighbor information about the VPN instance vpn1.

  • Page 910: Display Ipv6 Pathmtu

    display ipv6 pathmtu Use the command to display IPv6 Path MTU information. display ipv6 pathmtu Syntax display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | { all | dynamic | static } [ count ] } Views Any view Predefined user roles network-admin network-operator...

  • Page 911: Display Ipv6 Prefix

    Related commands ipv6 pathmtu reset ipv6 pathmtu display ipv6 prefix to display information about IPv6 prefixes, including dynamic and display ipv6 prefix static prefixes. Syntax display ipv6 prefix [ prefix-number ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies the ID of an IPv6 prefix, in the range of 1 to 1024.

  • Page 912: Display Ipv6 Rawip

    Field Description Preferred lifetime 90 Preferred lifetime in seconds. For a static IPv6 prefix, this field is not displayed. valid lifetime 120 sec Valid lifetime in seconds. For a static IPv6 prefix, this field is not displayed. Related commands ipv6 dhcp client pd ipv6 prefix display ipv6 rawip to display brief information about IPv6 RawIP connections.

  • Page 913: Display Ipv6 Rawip Verbose

    display ipv6 rawip verbose to display detailed information about IPv6 RawIP display ipv6 rawip verbose connections. Syntax display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays detailed information about IPv6 RawIP connections for all member devices.
  • Page 914 Field Description Creator Task name of the socket. The process number is in the square brackets. Socket state: • NOFDREF—The user has closed the connection. • ISCONNECTED—The connection has been established. • ISCONNECTING—The connection is being established. • State ISDISCONNECTING—The connection is being interrupted. •...
  • Page 915 Field Description • hiwat—Maximum space. • lowat—Minimum space. • state—Buffer state: CANTSENDMORE—Unable to send data to the peer.  CANTRCVMORE—Unable to receive data from the peer.  RCVATMARK—Receiving tag.  N/A—None of the above states.  Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams.

  • Page 916: Display Ipv6 Statistics

    Field Description • INP_EXTRCVICMPERR—Receives an ICMP error packet. • INP_EXTFILTER—Filters the contents in the received packet. • N/A—None of the above flags. IP version flag in the Internet PCB: • INP_IPV4—IPv4 protocol. • INP_IPV6—IPv6 protocol. • INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. •...

  • Page 917: Display Ipv6 Tcp

    Received packets: Total: Received locally: Hop limit exceeded: 0 Fragments: Reassembled: Reassembly failures: 0 Reassembly timeout: 0 Format errors: Option errors: Protocol errors: ICMPv6 statistics: Sent packets: Total: Unreachable: Too big: Hop limit exceeded: Reassembly timeouts: 0 Parameter problems: Echo requests: Echo replies: Neighbor solicits: Neighbor adverts:...

  • Page 918: Display Ipv6 Tcp Verbose

    Predefined user roles network-admin network-operator Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays brief information about IPv6 TCP connections for all member devices. Examples # Display brief information about IPv6 TCP connections.
  • Page 919 Examples # Display detailed information about an IPv6 TCP connection. <Sysname> display ipv6 tcp verbose TCP inpcb number: 1(tcpcb number: 1) Connection info: src = 2001::1->179 , dst = 2001::2->4181 Location: Slot: 6 NSR standby: N/A Creator: bgpd[199] State: ISCONNECTED Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/state): 0 / 65536 / 1 / N/A...
  • Page 920 Field Description • SO_REUSEADDR—Allows the local address reuse. • SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. • SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. • SO_BROADCAST—Supports broadcast packets. •...
  • Page 921 Field Description • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. • INP_PROTOCOL_PACKET—Identifies a protocol packet. • INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. •...

  • Page 922: Display Ipv6 Udp

    Field Description • ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. • CLOSE_WAIT—The server receives a disconnection request from the client. • FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. • CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other.

  • Page 923: Display Ipv6 Udp Verbose

    Parameters : Specifies an IRF member device by its member ID. If you do not specify a slot slot-number member device, this command displays brief information about IPv6 UDP connections for all member devices. Examples # Displays brief information about IPv6 UDP connections. <Sysname>...
  • Page 924 Creator: sock_test_mips[250] State: N/A Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 41600 / 1 / 0 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A Type: 2 Protocol: 17 Inpcb flags: N/A Inpcb extflag: N/A Inpcb vflag: INP_IPV6 Hop limit: 255 (minimum hop limit: 0) Send VRF: 0xffff Receive VRF: 0xffff...
  • Page 925 Field Description result, a sigpipe cannot be established when a return failure occurs. • SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. • SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. • SO_FILTER—Supports setting the packet filter criterion. This option is available for OSI Socket and RawIP.

  • Page 926: Ipv6 Address

    Field Description • IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack. • IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet. • IN6P_HOPLIMIT—Receives the hop limit. • IN6P_HOPOPTS—Receives the hop-by-hop options extension header. • IN6P_DSTOPTS—Receives the destination options extension header. • IN6P_RTHDR—Receives the routing extension header.

  • Page 927: Ipv6 Address Anycast

    Default No IPv6 global unicast address is configured for an interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address : Specifies an IPv6 address. : Specifies a prefix length in the range of 1 to 128. prefix-length Usage guidelines Like public IPv4 addresses, IPv6 global unicast addresses are assigned to ISPs.

  • Page 928: Ipv6 Address Auto

    Parameters : Specifies an IPv6 anycast address. ipv6-address : Specifies a prefix length in the range of 1 to 128. prefix-length Examples # Set the IPv6 anycast address of VLAN-interface 100 to 2001::1 with prefix length 64. Method 1: <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1/64 anycast Method 2:...

  • Page 929: Ipv6 Address Auto Link-Local

    ipv6 address auto link-local to automatically generate a link-local address for an ipv6 address auto link-local interface. to restore the default. undo ipv6 address auto link-local Syntax ipv6 address auto link-local undo ipv6 address auto link-local Default No link-local address is configured on an interface. A link-local address is automatically generated after an IPv6 global unicast address is configured for the interface.
  • Page 930 ipv6 address eui-64 to configure an EUI-64 IPv6 address for an interface. ipv6 address eui-64 to delete an EUI-64 IPv6 address from an interface. undo ipv6 address eui-64 Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64 undo ipv6 address ipv6-address prefix-length...
  • Page 931 to restore the default. undo ipv6 address link-local Syntax ipv6 address ipv6-address prefix-length ipv6-address/prefix-length } link-local undo ipv6 address ipv6-address prefix-length ipv6-address/prefix-length } link-local Default No link-local address is configured for the interface. Views Interface view Predefined user roles network-admin Parameters : Specifies an IPv6 link-local address.

  • Page 932: Ipv6 Address Prefix-Number

    ipv6 address prefix-number to specify an IPv6 prefix for an interface to automatically ipv6 address prefix-number generate an IPv6 global unicast address and advertise the prefix. to restore the default. undo ipv6 address prefix-number Syntax ipv6 address prefix-number sub-prefix/prefix-length undo ipv6 address prefix-number Default No IPv6 prefix is specified for IPv6 address autoconfiguration.

  • Page 933: Ipv6 Hop-Limit

    Related commands ipv6 prefix ipv6 dhcp client pd ipv6 hop-limit to set the Hop Limit field in the IPv6 header. ipv6 hop-limit to restore the default. undo ipv6 hop-limit Syntax ipv6 hop-limit value undo ipv6 hop-limit Default The hop limit is 64. Views System view Predefined user roles...

  • Page 934: Ipv6 Icmpv6 Error-Interval

    Views System view Predefined user roles network-admin Usage guidelines ICMPv6 time exceeded messages are sent to the source of IPv6 packets after the device discards IPv6 packets because hop or reassembly times out. To prevent too many ICMPv6 error messages from affecting device performance, disable this feature.

  • Page 935: Ipv6 Icmpv6 Multicast-Echo-Reply Enable

    Examples # Set the bucket size to 40 tokens and the interval for tokens to arrive in the bucket to 200 milliseconds for ICMPv6 error messages. <Sysname> system-view [Sysname] ipv6 icmpv6 error-interval 200 40 ipv6 icmpv6 multicast-echo-reply enable to enable replying to multicast echo ipv6 icmpv6 multicast-echo-reply enable requests.

  • Page 936: Ipv6 Mtu

    Predefined user roles network-admin Parameters : Specifies an MPLS L3VPN instance to which the vpn-instance vpn-instance-name specified address belongs. The argument represents the VPN instance vpn-instance-name name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the argument specifies an IPv6 address on the public network.

  • Page 937: Ipv6 Nd Autoconfig Managed-Address-Flag

    ipv6 nd autoconfig managed-address-flag to set the managed address ipv6 nd autoconfig managed-address-flag configuration flag (M) to 1 in RA advertisements to be sent. to restore the default. undo ipv6 nd autoconfig managed-address-flag Syntax ipv6 nd autoconfig managed-address-flag undo ipv6 nd autoconfig managed-address-flag Default The M flag is set to in RA advertisements.

  • Page 938: Ipv6 Nd Dad Attempts

    Predefined user roles network-admin Usage guidelines The O flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain configuration information other than IPv6 addresses. • If the O flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 addresses.

  • Page 939: Ipv6 Nd Ns Retrans-Timer

    Related commands display ipv6 interface ipv6 nd ns retrans-timer ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. ipv6 nd ns retrans-timer to restore the default. undo ipv6 nd ns retrans-timer Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at every an interval of 1000 milliseconds, and the Retrans...

  • Page 940: Ipv6 Nd Online-Offline-Log Enable

    Default The neighbor reachable time on the local interface is 1200000 milliseconds, and the value of the Reachable Time field in RA messages is 0. The reachable time is determined by the receiving device. Views Interface view Predefined user roles network-admin Parameters : Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds.

  • Page 941: Ipv6 Nd Ra Boot-File-Url

    Usage guidelines A higher log output rate consumes more CPU resources. Adjust the log output rate based the CPU performance and usage. Examples # Enable ND logging for user online and offline events, and set the maximum log output rate to 100 logs per second.

  • Page 942: Ipv6 Nd Ra Dns Search-List

    ipv6 nd ra dns search-list to specify DNS suffix information to be advertised in RA ipv6 nd ra dns search-list messages. to remove a DNS suffix from RA message undo ipv6 nd ra dns search-list advertisement. Syntax ipv6 nd ra dns search-list domain-name [ seconds | infinite ] sequence seqno undo ipv6 nd ra dns search-list domain-name Default...

  • Page 943: Ipv6 Nd Ra Dns Search-List Suppress

    • The second RA message carries information about remaining DNS suffixes. Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface. Examples # Specify the DNS suffix as com, the suffix lifetime as infinite, and the sequence number as 1 for RA messages on VLAN-interface 100.

  • Page 944: Ipv6 Nd Ra Dns Server

    • If the interface has no DNS suffix information specified, no RA messages are triggered. Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface. Examples # Enable DNS suffix suppression in RA messages on VLAN-interface 100. <Sysname>...

  • Page 945: Ipv6 Nd Ra Dns Server Suppress

    The sequence number uniquely identifies a DNS server. To modify the IPv6 address or sequence number of a DNS server, you must first use the undo ipv6 nd ra dns server command to remove the DNS server from RA message advertisement. After you execute the command, the device immediately sends an RA ipv6 nd ra dns server...

  • Page 946: Ipv6 Nd Ra Halt

    first message, the lifetime for DNS server addresses is 0 seconds. The second RA message does not carry any DNS server options. • If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered. •...

  • Page 947: Ipv6 Nd Ra Hop-Limit Unspecified

    ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages. ipv6 nd ra hop-limit unspecified to restore the default. undo ipv6 nd ra hop-limit unspecified Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default The maximum number of hops in the RA messages is limited to 64.

  • Page 948: Ipv6 Nd Ra No-Advlinkmtu

    : Specifies the minimum interval value in the range of 3 seconds to three-fourths of min-interval the maximum interval. Usage guidelines The device advertises RA messages randomly between the maximum interval and the minimum interval. The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.
  • Page 949 Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix prefix-length } valid-lifetime preferred-lifetime no-autoconfig off-link prefix-preference level ] * | no-advertise ] undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix prefix-length } Default No prefix information is configured for RA messages. Instead, the IPv6 address of the interface sending RA messages is used as the prefix information.

  • Page 950: Ipv6 Nd Ra Prefix

    • The prefix is advertised in RA messages. Examples # Configure the prefix information in RA messages on VLAN-interface 100. Method 1: <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/64 100 10 Method 2: <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra prefix default...

  • Page 951: Ipv6 Nd Ra Router-Lifetime

    Examples # Configure the default settings for prefixes advertised in RA messages on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix default 100 10 ipv6 nd ra router-lifetime to set the router lifetime in RA messages. ipv6 nd ra router-lifetime to restore the default.

  • Page 952: Ipv6 Nd Snooping Dad Retrans-Timer

    undo ipv6 nd router-preference Default The router preference is medium. Views Interface view Predefined user roles network-admin Parameters : Sets the router preference to the highest setting. high : Sets the router preference to the lowest setting. : Sets the router preference to the medium setting. medium Usage guidelines A hosts selects a router with the highest preference as the default router.

  • Page 953: Ipv6 Nd Snooping Enable Global

    Usage guidelines When creating, updating, or deleting an ND snooping entry, the device sends an NS message to test the entry by DAD. When both of the following conditions exist, the device retransmits an NS message by default: • The device does not receive a reply within the retransmission interval. •...

  • Page 954: Ipv6 Nd Snooping Glean Source

    Default ND snooping is disabled for link-local addresses. Views VLAN view Predefined user roles network-admin Examples # Enable ND snooping for link-local addresses. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] ipv6 nd snooping enable link-local ipv6 nd snooping glean source to enable ND snooping for data packets from unknown ipv6 nd snooping glean source sources.

  • Page 955: Ipv6 Nd Snooping Lifetime

    ipv6 nd snooping lifetime to set timeout timers for ND snooping entries. ipv6 nd snooping lifetime to restore the default. undo ipv6 nd snooping lifetime Syntax ipv6 snooping lifetime invalid invalid-lifetime valid valid-lifetime } undo ipv6 nd snooping lifetime { invalid | valid } Default The timeout timer for ND snooping entries in INVALID status (TENTATIVE, TESTING_TPLT, or TESTING_VP) is 500 milliseconds.

  • Page 956: Ipv6 Nd Snooping Uplink

    Parameters : Specifies the maximum number of ND snooping entries that an interface can learn. max-number The value range for this argument is 1 to 1024. Usage guidelines An interface can learn ND snooping entries. The learning limit is limited by the ND snooping entry learning limit for all VLANs.

  • Page 957: Ipv6 Nd User-Move Record Enable

    to disable recording user IPv6 undo ipv6 nd user-ip-conflict record enable address conflicts. Syntax ipv6 nd user-ip-conflict record enable undo ipv6 nd user-ip-conflict record enable Default Recording user IPv6 address conflicts is disabled. Views System view Predefined user roles network-admin Usage guidelines This feature detects and records user IPv6 address conflicts.

  • Page 958: Ipv6 Neighbor

    Predefined user roles network-admin Usage guidelines This feature enables the device to detect and record user port migrations. A user port migrates if an incoming NA packet has the same source IPv6 address and source MAC address as an existing ND entry but a different port.

  • Page 959: Ipv6 Neighbor Link-Local Minimize

    : Specifies a Layer 3 interface of the static interface interface-type interface-number neighbor entry by its type and number. : Specifies an MPLS L3VPN instance to which the static vpn-instance vpn-instance-name neighbor entry belongs. The argument represents the VPN instance name, vpn-instance-name a case-sensitive string of 1 to 31 characters.

  • Page 960: Ipv6 Neighbor Stale-Aging

    Views System view Predefined user roles network-admin Usage guidelines Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries that contain link-local addresses. With this feature enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route to the driver.

  • Page 961: Ipv6 Neighbor Timer Stale-Aging

    Related commands ipv6 neighbor timer stale-aging ipv6 neighbor timer stale-aging to set the aging timer for ND entries in stale state on ipv6 neighbor timer stale-aging an interface. to restore the default. undo ipv6 neighbor timer stale-aging Syntax ipv6 neighbor timer stale-aging aging-time undo ipv6 neighbor timer stale-aging Default The aging timer of ND entries in stale state is not configured on an interface.

  • Page 962: Ipv6 Pathmtu

    Syntax ipv6 neighbors max-learning-num max-number undo ipv6 neighbors max-learning-num Default The maximum number of dynamic neighbor entries that an interface can learn is 256. Views Layer 2 interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters : Specifies the maximum number of dynamic neighbor entries that an interface can max-number learn.The value ranges for this argument on different switch series is 0 to 256.

  • Page 963: Ipv6 Pathmtu Age

    : Specifies an IPv6 address. ipv6-address : Specifies the Path MTU of the specified IPv6 address, in the range of 1280 to 10240 bytes. value Usage guidelines You can set a static Path MTU for a destination IPv6 address. When a source host sends a packet through an interface, it compares the interface MTU with the static Path MTU of the specified destination IPv6 address.

  • Page 964: Ipv6 Prefer Temporary-Address

    Related commands display ipv6 pathmtu ipv6 prefer temporary-address to enable the system to preferentially use the ipv6 prefer temporary-address temporary IPv6 address of the sending interface as the source address of a packet. to disable the system to preferentially use the undo ipv6 prefer temporary-address temporary IPv6 address of the sending interface as the source address of a packet.

  • Page 965: Ipv6 Reassemble Local Enable

    Views System view Predefined user roles network-admin Parameters : Specifies a prefix ID in the range of 1 to 1024. prefix-number : Specifies a prefix and its length. The value range for the ipv6-prefix/prefix-length argument is 1 to 128. prefix-length Usage guidelines To modify an existing static prefix, execute the command to delete the...

  • Page 966: Ipv6 Redirects Enable

    [Sysname] ipv6 reassemble local enable ipv6 redirects enable to enable sending ICMPv6 redirect messages. ipv6 redirects enable to disable sending ICMPv6 redirect messages. undo ipv6 redirects enable Syntax ipv6 redirects enable undo ipv6 redirects enable Default Sending ICMPv6 redirect messages is disabled. Views System view Predefined user roles...

  • Page 967: Ipv6 Unreachables Enable

    Parameters : Specifies the valid lifetime for temporary IPv6 addresses, in the range of 600 valid-lifetime to 4294967295 seconds. The default valid lifetime is 604800 seconds (7 days). : Specifies the preferred lifetime for temporary IPv6 addresses, in the preferred-lifetime range of 600 to 4294967295 seconds.

  • Page 968: Local-Proxy-Nd Enable

    Syntax ipv6 unreachables enable undo ipv6 unreachables enable Default Sending ICMPv6 destination unreachable messages is disabled. Views System view Predefined user roles network-admin Usage guidelines If the device fails to forward a received IPv6 packet because of a destination unreachable error, it performs the following operations: •...

  • Page 969: Proxy-Nd Enable

    proxy-nd enable to enable common ND proxy. proxy-nd enable to disable common ND proxy. undo proxy-nd enable Syntax proxy-nd enable undo proxy-nd enable Default Common ND proxy is disabled. Views VLAN interface view Predefined user roles network-admin Examples # Enable common ND proxy on VLAN-interface 100. <Sysname>...

  • Page 970: Reset Ipv6 Neighbors

    Examples # Clear ND snooping entries in all VLANs. <Sysname> reset ipv6 nd snooping vlan Related commands display ipv6 nd snooping count vlan display ipv6 nd snooping vlan reset ipv6 neighbors to clear IPv6 neighbor information. reset ipv6 neighbors Syntax reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static } Views...

  • Page 971: Reset Ipv6 Statistics

    Syntax reset ipv6 pathmtu { all | dynamic | static } Views User view Predefined user roles network-admin Parameters : Clears all Path MTUs. : Clears all dynamic Path MTUs. dynamic : Clears all static Path MTUs. static Examples # Clear all Path MTUs. <Sysname>...
  • Page 972 Contents DHCPv6 commands ······················································································ 1 Common DHCPv6 commands ··························································································································· 1 display ipv6 dhcp duid ································································································································ 1 ipv6 dhcp advertise pd-route ······················································································································ 1 ipv6 dhcp dscp ··········································································································································· 2 ipv6 dhcp log enable ·································································································································· 2 ipv6 dhcp select ········································································································································· 3 DHCPv6 server commands································································································································ 4 address range ············································································································································...
  • Page 973 ipv6 dhcp relay client-link-address enable ······························································································· 54 ipv6 dhcp relay gateway ··························································································································· 54 ipv6 dhcp relay interface-id ······················································································································ 55 ipv6 dhcp relay server-address ················································································································ 56 ipv6 dhcp relay source-address ··············································································································· 57 remote-server ··········································································································································· 58 reset ipv6 dhcp relay statistics ················································································································· 58 DHCPv6 client commands ·······························································································································...

  • Page 974: Dhcpv6 Commands

    DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid to display the DUID of the local device. display ipv6 dhcp duid Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).

  • Page 975: Ipv6 Dhcp Dscp

    Usage guidelines A DHCPv6 client can obtain an IPv6 prefix through DHCPv6 and use the IPv6 prefix for IPv6 address assignment in a downstream network. If the IPv6 prefix is in a different subnet than the IPv6 address of the DHCPv6 client's upstream interface, the downstream network cannot access the external network.

  • Page 976: Ipv6 Dhcp Select

    Syntax ipv6 dhcp log enable undo ipv6 dhcp log enable Default DHCPv6 server logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCPv6 server to generate DHCPv6 logs and send them to the information center.

  • Page 977: Dhcpv6 Server Commands

    • reset ipv6 dhcp server ip-in-use • reset ipv6 dhcp server pd-in-use Do not configure the DHCPv6 client on the interface that has been configured as the DHCPv6 relay agent or DHCPv6 server. Examples # Enable the DHCPv6 server on VLAN-interface 10. <Sysname>...

  • Page 978: Address-Alloc-Mode Eui-64

    : Specifies the valid lifetime for the non-temporary IPv6 valid-lifetime valid-lifetime addresses. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime cannot be shorter than the preferred lifetime. Usage guidelines If you do not specify a non-temporary IPv6 address range, all unicast addresses on the subnet specified by the command in address pool view are assignable.

  • Page 979: Class Pool

    is between the clients and server, do not configure this feature because the server cannot obtain the MAC addresses from received DHCP requests. Examples # Enable the EUI-64 address allocation mode in DHCPv6 address pool pool1. <Sysname> system-view [Sysname] ipv6 dhcp pool pool1 [Sysname-dhcp6-pool-pool1] address-alloc-mode eui-64 class pool to specify a DHCPv6 address pool for a DHCPv6 user class.

  • Page 980: Display Ipv6 Dhcp Option-Group

    to restore the default. undo default pool Syntax default pool pool-name undo default pool Default No default DHCPv6 address pool is specified. Views DHCPv6 policy view Predefined user roles network-admin Parameters : Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63 pool-name characters.
  • Page 981 Parameters : Specifies a static or dynamic DHCPv6 option group by its ID. The value option-group-number range for the option group ID is 1 to 100. If you do not specify an option group, this command displays information about all DHCPv6 option groups. Usage guidelines A static DHCPv6 option group is created by using the command.

  • Page 982: Display Ipv6 Dhcp Pool

    Domain name: Type: Dynamic (DHCPv6 address allocation) Interface: Vlan-interface10 aaa.com Options: Code: 23 Type: Dynamic (DHCPv6 prefix allocation) Interface: Vlan-interface10 Length: 2 bytes Hex: ABCD Table 1 Command output Field Description DHCPv6 option group ID of the DHCPv6 option group. Types of the DHCPv6 option: •...
  • Page 983 Predefined user roles network-admin network-operator Parameters : Displays information about the specified DHCPv6 address pool. The pool name is a pool-name case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays information about all DHCPv6 address pools. : Specifies an MPLS L3VPN instance by its name, a vpn-instance vpn-instance-name case-sensitive string of 1 to 31 characters.

  • Page 984: Display Ipv6 Dhcp Prefix-Pool

    SIP server domain names: bbb.com # Display information about DHCPv6 address pool 1. <Sysname> display ipv6 dhcp pool 1 DHCPv6 pool: 1 Network: Not-available Preferred lifetime 604800 seconds, valid lifetime 2592000 seconds # Display information about DHCPv6 address pool 1. <Sysname>...
  • Page 985 Syntax display ipv6 dhcp prefix-pool [ prefix-pool-number ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters : Displays detailed information about a prefix pool specified by its number prefix-pool-number in the range of 1 to 128. If you do not specify a prefix pool, this command displays brief information about all prefix pools.

  • Page 986: Display Ipv6 Dhcp Server

    <Sysname> display ipv6 dhcp prefix-pool 1 Prefix: 5::/64(Zombie) Assigned length: 70 Total prefix number: 10 Available: 0 In-use: 10 Static: 0 Table 3 Command output Field Description Prefix-pool Prefix pool number. Prefix specified in the prefix pool. If the prefix is ineffective, this field displays Not-available. If Prefix the prefix becomes ineffective after a configuration recovery, the prefix is marked (Zombie).

  • Page 987: Display Ipv6 Dhcp Server Conflict

    Using pool: 1 Preference value: 0 Allow-hint: Enabled Rapid-commit: Disabled Table 4 Command output Field Description Interface Interface enabled with DHCPv6 server. Address pool applied to the interface. If no address pool is applied to the interface, global is displayed. The Pool DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client.

  • Page 988: Display Ipv6 Dhcp Server Database

    • The DHCPv6 server discovers that the only assignable address in the address pool is its own IPv6 address. Examples # Display information about all address conflicts. <Sysname> display ipv6 dhcp server conflict IPv6 address Detect time 2001::1 Apr 25 16:57:20 2007 1::1:2 Apr 25 17:00:10 2007 Table 5 Command output...

  • Page 989: Display Ipv6 Dhcp Server Expired

    Field Description Waiting time in seconds after a DHCPv6 binding change for the Update interval DHCPv6 server to update the backup file. Latest write time Time of the latest update. Status of the update: • Writing—The backup file is being updated. •...

  • Page 990: Display Ipv6 Dhcp Server Ip-In-Use

    Table 7 Command output Field Description IPv6 address Expired IPv6 address. DUID Client DUID bound to the expired IPv6 address. Lease expiration Time when the lease expired. Related commands reset ipv6 dhcp server expired display ipv6 dhcp server ip-in-use display ipv6 dhcp server ip-in-use to display binding information for assigned IPv6 addresses.
  • Page 991 IPv6 address Type Lease expiration 1:2::2 Auto(Z) 11 09:23:31 2008 # Display binding information for all assigned IPv6 addresses for the specified DHCPv6 address pool. <Sysname> display ipv6 dhcp server ip-in-use pool 1 Pool: 1 IPv6 address Type Lease expiration 2:1::1 Auto(O) Jul 10 22:22:22 2008...

  • Page 992: Display Ipv6 Dhcp Server Pd-In-Use

    Field Description valid lifetime Valid lifetime in seconds of the IPv6 address. Time when the lease of an IPv6 address will expire. If the lease expires after Expires at the year 2100, this field displays Expires after 2100. Related commands reset ipv6 dhcp server ip-in-use display ipv6 dhcp server pd-in-use to display binding information for the assigned...
  • Page 993 # Display IPv6 prefix binding information for DHCPv6 address pool 1. <Sysname> display ipv6 dhcp server pd-in-use pool 1 Pool: 1 IPv6 prefix Type Lease expiration 2:1::/24 Auto(O) Jul 10 22:22:22 2008 3:1::/64 Static(C) Jan 1 11:11:11 2008 # Display binding information for the IPv6 prefix 2:1::3/24. <Sysname>...

  • Page 994: Display Ipv6 Dhcp Server Statistics

    Related commands reset ipv6 dhcp server pd-in-use display ipv6 dhcp server statistics display DHCPv6 packet statistics on the display ipv6 dhcp server statistics to DHCPv6 server. Syntax display ipv6 dhcp server statistics [ pool pool-name | vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin...

  • Page 995: Dns-Server

    Table 10 Command output Field Description Number of bindings: • Ip-in-use—Total number of address bindings. Bindings • Pd-in-use—Total number of prefix bindings. • Expired—Total number of expired address bindings. Total number of conflicted addresses. If statistics about an address pool are Conflict displayed, this field is not displayed.

  • Page 996: Domain-Name

    Predefined user roles network-admin Parameters : Specifies the IPv6 address of a DNS server. ipv6-address Usage guidelines You can use the command to specify up to eight DNS servers in an address pool. A dns-server DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1.

  • Page 997: If-Match

    if-match to configure a match rule for a DHCPv6 user class. if-match to delete a match rule for a DHCP user class. undo if-match Syntax if-match rule rule-number { option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-ipv6-address } undo if-match rule rule-number Default...
  • Page 998 • If the rule that you are configuring has the same ID and type as an existing rule, the new rule overwrites the existing rule. • If the rule that you are configuring has the same ID as an existing rule but a different type, the new rule takes effect and coexists with the existing rule.

  • Page 999: Ipv6 Dhcp Apply-Policy

    ipv6 dhcp apply-policy to apply a DHCPv6 policy to an interface. ipv6 dhcp apply-policy to restore the default. undo ipv6 dhcp apply-policy Syntax ipv6 dhcp apply-policy policy-name undo ipv6 dhcp apply-policy Default No DHCPv6 policy is applied to an interface. Views Interface view Predefined user roles...

  • Page 1000: Ipv6 Dhcp Option-Group

    Parameters : Specifies a name for the DHCPv6 user class, a case-insensitive string of 1 to 63 class-name characters. Usage guidelines In the DHCPv6 user class view, you can use the command to configure match rules for if-match user classification. Examples # Create a DHCPv6 user class test and enter DHCPv6 user class view.

This manual is also suitable for:

Ie4300-mIe4320

Table of Contents