H3C S6812 Series Command Reference Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S6812 Series
  6. Command reference manual
H3C S6812 Series Command Reference Manual

H3C S6812 Series Command Reference Manual

Hide thumbs Also See for S6812 Series:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

Download this manual
About the H3C S5150-EI command
references
The H3C S5150-EI command references describe the commands and command syntax options
available for the H3C S5150-EI Switch Series.
Command reference
Fundamentals Command
Reference
IRF Command Reference
Layer 2—LAN Switching
Command Reference
Layer 3—IP Services
Command Reference
Content
Covers the commands for logging in to and setting up an S5150-EI switch.
This command reference includes:
CLI (command privilege settings and CLI management commands).
RBAC.
Logging in to the switch.
FTP and TFTP.
File system management.
Configuration file management.
Software upgrade.
Emergency shell.
Device management.
Tcl.
Python.
Covers the commands for configuring the H3C proprietary Intelligent
Resilient Framework (IRF) technology features. It covers planning the
switch roles in the IRF fabric, connecting the IRF links, and detecting and
maintaining the IRF fabric.
Covers the commands for configuring Layer 2 technologies and features
in a LAN switched network.
This command reference includes:
Ethernet interface.
Loopback, null, and inloopback interfaces.
Bulk interface configuration.
MAC address table and MAC Information.
Ethernet link aggregation.
Port isolation.
Spanning tree.
Loop detection.
VLAN (including VLAN, super VLAN, private VLAN, and voice
VLAN).
MVRP.
QinQ.
VLAN mapping.
LLDP.
Covers the commands for configuring and managing IP addressing
(including static and dynamic IPv4 and IPv6 address assignment),
network performance optimization, and ARP.
This command reference includes:
ARP (including gratuitous ARP, proxy ARP, and ARP snooping).
IP addressing.
DHCP.
DNS.

Advertisement

Table of Contents
loading

Related Manuals for H3C S6812 Series

Summary of Contents for H3C S6812 Series

  • Page 1 About the H3C S5150-EI command references The H3C S5150-EI command references describe the commands and command syntax options available for the H3C S5150-EI Switch Series. Command reference Content Covers the commands for logging in to and setting up an S5150-EI switch.
  • Page 2 Command reference Content • Basic IP forwarding. • IDRP. • IP performance optimization. • UDP helper. • IPv6 basics. • DHCPv6. Covers the commands for configuring routes for IPv4 and IPv6 networks of different sizes, route filtering, route control, and policy-based routing. This command reference includes: •...
  • Page 3 Command reference Content • Password control. • Keychain. • Public key management. • PKI. • IPsec and IKE. • SSH. • SSL. • Attack detection and prevention. • TCP attack prevention. • IP source guard. • ARP attack protection. • ND attack defense.
  • Page 4 H3C S6812 & S6813 Switch Series Fundamentals Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 510x Document version: 6W102-20230313...
  • Page 5 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 6 Preface This command reference describes commands that help you get started with the switch, including This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners. •...
  • Page 7 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 8 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 9: Table Of Contents

    Contents Basic CLI commands ····················································································· 1 alias ···························································································································································· 1 display | { begin | exclude | include } ·········································································································· 2 display | by-linenum ··································································································································· 3 display > ····················································································································································· 4 display >> ··················································································································································· 5 display alias ················································································································································ 6 display history-command ··························································································································· 6 display history-command all ·······················································································································...

  • Page 10: Basic Cli Commands

    Basic CLI commands alias Use alias to configure a command alias. Use undo alias to delete a command alias. Syntax alias alias command undo alias alias Default The device has a set of system-defined command aliases, as listed in Table Table 1 System-defined command aliases Command alias Command or command keyword...

  • Page 11: Display | { Begin | Exclude | Include

    • Enter ship routing-table to execute the display ip routing-table command. • Enter ship interface to execute the display ip interface command. The command string can include up to nine parameters. Each parameter starts with the dollar sign ($) and a sequence number in the range of 1 to 9. For example, you can configure the alias shinc for the display ip $1 | include $2 command.

  • Page 12: Display | By-Linenum

    Predefined user roles network-admin network-operator Parameters command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?. begin: Displays the first line matching the specified regular expression and all subsequent lines. exclude: Displays all lines not matching the specified regular expression. include: Displays all lines matching the specified regular expression.

  • Page 13: Display

    VLAN type: Static Route interface: Configured IP address: 192.168.2.1 Subnet mask: 255.255.255.0 Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 # Display the first line that begins with user-group in the running configuration and all of the following lines.
  • Page 14 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/2 display >> Use display >> to append the output from a display command to the end of a file. Syntax display command >> filename Views Any view Predefined user roles network-admin network-operator Parameters command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

  • Page 15: Display Alias

    Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/2 display alias Use display alias to display command aliases. Syntax display alias [ alias ] Views Any view Predefined user roles network-admin network-operator Parameters alias: Specifies a command alias. If you do not specify this argument, the command displays all command aliases.

  • Page 16: Display History-Command All

    Views Any view Predefined user roles network-admin network-operator Usage guidelines The system automatically saves commands you have successfully executed to the command history buffer for the current CLI session. You can view them and execute them again. By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size.

  • Page 17: Display Hotkey

    Cmd:dis his all 03/16/2012 20:03:29 vty0 192.168.1.26 Cmd:sys Table 2 Command output Field Description Date Date when the command was executed. Time Time when the command was executed. Terminal User line used by the user. IP address of the terminal used by the user. Username used by the user if the user login authentication mode is User scheme.

  • Page 18: Hotkey

    CTRL_C Stop the current command. CTRL_D Erase the character at the cursor. CTRL_E Move the cursor to the end of the line. CTRL_F Move the cursor one character to the right. CTRL_H Erase the character to the left of the cursor. CTRL_K Abort the connection request.

  • Page 19: Quit

    ctrl_l: Assigns a command to Ctrl+L. ctrl_o: Assigns a command to Ctrl+O. ctrl_t: Assigns a command to Ctrl+T. ctrl_u: Assigns a command to Ctrl+U. command: Specifies the command to be assigned to the hotkey. Usage guidelines The system defines some command hotkeys and provides five configurable command hotkeys. Pressing a command hotkey executes the command assigned to the hotkey.
  • Page 20 Predefined user roles network-admin Parameters number: Specifies the number of the most recently executed commands in the command history buffer for the current CLI session that you want to execute. The value range is 1 to 10. The default is count times: Specifies the number of times that you want to execute the commands.

  • Page 21: Return

    return Use return to return to user view from any other view. Syntax return Views Any view except user view Predefined user roles network-admin network-operator Usage guidelines Pressing Ctrl+Z has the same effect as the return command. Examples # Return to user view from Ten-GigabitEthernet 1/0/1 interface view. [Sysname-Ten-GigabitEthernet1/0/1] return <Sysname>...

  • Page 22: System-View

    Examples # Disable pausing between screens of output for the current CLI session. <Sysname> screen-length disable Related commands screen-length system-view Use system-view to enter system view from user view. Syntax system-view Views User view Predefined user roles network-admin network-operator Examples # Enter system view from user view.
  • Page 23 Contents RBAC commands ·························································································· 1 description ·················································································································································· 1 display role ················································································································································· 1 display role feature ····································································································································· 8 display role feature-group ························································································································ 10 feature ······················································································································································ 13 interface policy deny ································································································································ 14 permit interface ········································································································································ 15 permit vlan ················································································································································ 16 role ··························································································································································· 18 role default-role enable ····························································································································...

  • Page 24: Rbac Commands

    RBAC commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. description Use description to configure a description for a user role for easy identification.
  • Page 25 Parameters name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do not specify a user role name, the command displays information about all user roles, including the predefined user roles. Examples # Display information about user role 123. <Sysname>...
  • Page 26 VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- sys-1 permit command display * sys-2 permit command sys-3 permit command system-view ; probe ; display * sys-4 deny command display history-command all sys-5 deny...
  • Page 27 VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- sys-1 permit command tracert * sys-2 permit command telnet * sys-3 permit command ping * sys-4 permit command ssh2 * sys-5 permit command...
  • Page 28 Interface policy: permit (default) VPN instance policy: permit (default) Role: level-8 Description: Predefined level-8 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) Role: level-9 Description: Predefined level-9 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule...
  • Page 29 Role: level-14 Description: Predefined level-14 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) Role: level-15 Description: Predefined level-15 role VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope...
  • Page 30 sys-15 permit command undelete * sys-16 permit command ftp * sys-17 permit command sftp * R:Read W:Write X:Execute Role: guest-manager Description: Predefined guest manager role can't access to commands VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) ------------------------------------------------------------------- Rule Perm...

  • Page 31: Display Role Feature

    Field Description This field is not supported in the current software version. VPN instance policy of the user role: • deny—Denies access to all VPN instances except for permitted VPN instance policy VPN instances. • permit (default)—Default VPN instance policy, which enables the user role to access all VPN instances.
  • Page 32 network-operator Parameters name feature-name: Specifies a feature by feature name. The feature-name argument represents the feature name, and all letters must be in lower case. verbose: Displays the commands of each feature. Usage guidelines If you do not specify any parameters, the command displays only the list of features available in the system.

  • Page 33: Display Role Feature-Group

    display password-control * reset password-control * system-view ; password-control * … Table 2 Command output (display role feature name aaa) Field Description Feature Displays the name and brief function description of the feature. All commands that start with the domain keyword in system view, system-view ;...
  • Page 34 Predefined user roles network-admin network-operator Parameters name feature-group-name: Specifies a feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If you do not specify a feature group, the command displays information about all feature groups. verbose: Displays the commands of each feature in feature groups.
  • Page 35 Feature: igmp-snooping (IGMP-Snooping related commands) system-view ; igmp-snooping * system-view ; multicast-vlan * system-view ; vlan * ; igmp-snooping * system-view ; vlan * ; pim-snooping * system-view ; vsi * ; igmp-snooping * system-view ; vsi * ; pim-snooping * system-view ;...

  • Page 36: Feature

    Feature: route (Route management related commands) Feature: staticrt (Unicast static route related commands) Feature: ospf (Open Shortest Path First protocol related commands) Feature: rip (Routing Information Protocol related commands) Feature: lisp (LISP protocol related commands) Feature: l3vpn (Layer 3 Virtual Private Network related commands) Feature: route-policy (Routing Policy related commands) Feature: multicast...

  • Page 37: Interface Policy Deny

    interface policy deny Use interface policy deny to enter user role interface policy view. Use undo interface policy deny to restore the default. Syntax interface policy deny undo interface policy deny Default A user role has access to all interfaces. Views User role view Predefined user roles...

  • Page 38: Permit Interface

    Related commands display role permit interface role permit interface Use permit interface to configure a list of interfaces accessible to a user role. Use undo permit interface to disable the access of a user role to specific interfaces. Syntax permit interface interface-list undo permit interface [ interface-list ] Default No permitted interfaces are configured in user role interface policy view.

  • Page 39: Permit Vlan

    [Sysname] role name role1 [Sysname-role-role1] rule 1 permit command system-view ; interface * [Sysname-role-role1] rule 2 permit command system-view ; vlan * # Permit the user role to access Ten-GigabitEthernet 1/0/1, and Ten-GigabitEthernet 1/0/3 to Ten-GigabitEthernet 1/0/5. [Sysname-role-role1] interface policy deny [Sysname-role-role1-ifpolicy] permit interface ten-gigabitethernet 1/0/1 ten-gigabitethernet 1/0/3 to ten-gigabitethernet 1/0/5 [Sysname-role-role1-ifpolicy] quit...
  • Page 40 for the VLAN IDs is 1 to 4094. If you specify a VLAN range, the value for the vlan-id2 argument must be greater than the value for the vlan-id1 argument. Usage guidelines To permit a user role to access a VLAN after you configure the vlan policy deny command, you must add the VLAN to the permitted VLAN list of the policy.

  • Page 41: Role

    role Use role to create a user role and enter its view, or enter the view of an existing user role. Use undo role to delete a user role. Syntax role name role-name undo role name role-name Default The system has the following predefined user roles: network-admin, network-operator, level-n (where n represents an integer in the range of 0 to 15), and security-audit.

  • Page 42: Role Feature-Group

    Syntax role default-role enable [ role-name ] undo role default-role enable Default The default user role feature is disabled. AAA users who do not have a user role cannot log in to the device. Views System view Predefined user roles network-admin Parameters role-name: Specifies a user role by its name for the default user role.

  • Page 43: Rule

    Parameters name feature-group-name: Specifies a feature group name. The feature-group-name argument is a case-sensitive string of 1 to 31 characters. Usage guidelines The L2 feature group includes all Layer 2 feature commands, and the L3 feature group includes all Layer 3 feature commands. These predefined feature groups are not user configurable. In addition to the predefined feature groups L2 and L3, you can create a maximum of 64 user role feature groups.
  • Page 44 execute: Specifies the execute commands, Web menus, XML elements, or MIB nodes. An execute command (for example, ping), Web menu, XML element, or MIB node executes a specific function or program. read: Specifies the read commands, Web menus, XML elements, or MIB nodes. A read command (for example, display, dir, more, and pwd), Web menu, XML element, or MIB node displays configuration or maintenance information.
  • Page 45 A command with output redirection to the file system is permitted only when the command type write is assigned to the file system feature. The following guidelines apply to non-OID rules: • If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For example, a user role can use the tracert command but not the ping command if the user role contains rules configured by using the following commands: rule 1 permit command ping...
  • Page 46 Rule Guidelines In the last segment, you can use an asterisk in any position of the segment. If the asterisk appears at the beginning, you cannot specify a printable character behind the asterisk. For example, the "system ; *" command string represents all commands available in system view and all subviews of the system view.

  • Page 47: Super

    Related commands display role display role feature display role feature-group display web menu role super Use super to obtain another user role without reconnecting to the device. Syntax super [ role-name ] Views User view Predefined user roles network-admin Parameters role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters.

  • Page 48: Super Authentication-Mode

    super authentication-mode Use super authentication-mode to set an authentication mode for temporary user role authorization. Use undo super authentication-mode to restore the default. Syntax super authentication-mode { local | scheme } * undo super authentication-mode Default Local password authentication applies. Views System view Predefined user roles...

  • Page 49: Super Default Role

    super default role Use super default role to specify the default target user role for temporary user role authorization. Use undo super default role to restore the default. Syntax super default role role-name undo super default role Default The default target user role is network-admin. Views System view Predefined user roles...

  • Page 50: Vlan Policy Deny

    Views System view Predefined user roles network-admin Parameters role role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system and cannot be security-audit. If you do not specify a user role, the command sets a password for the default target user role which is set by using the super default role command.
  • Page 51 undo vlan policy deny Default A user role has access to all VLANs. Views User role view Predefined user roles network-admin Usage guidelines To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks: Use vlan policy deny to enter user role VLAN policy view.
  • Page 52 Contents Login management commands ······································································ 1 activation-key ············································································································································· 1 authentication-mode ··································································································································· 3 auto-execute command ······························································································································ 4 command accounting ································································································································· 6 command authorization ······························································································································ 6 databits ······················································································································································· 7 display ip http ············································································································································· 8 display ip https ··········································································································································· 8 display line ················································································································································· 9 display telnet client ···································································································································...
  • Page 53 web captcha ············································································································································· 49 web https-authorization mode ·················································································································· 50 web idle-timeout ······································································································································· 50 webui log ·················································································································································· 51...

  • Page 54: Login Management Commands

    Login management commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Some login management commands are available in both user line view and user line class view.
  • Page 55 Table 1 ASCII code values for combined keys that use the Ctrl key Combined key ASCII code value Ctrl+A Ctrl+B Ctrl+C Ctrl+D Ctrl+E Ctrl+F Ctrl+G Ctrl+H Ctrl+I Ctrl+J Ctrl_K Ctrl_L Ctrl+M Ctrl+N Ctrl+O Ctrl+P Ctrl+Q Ctrl+R Ctrl+S Ctrl+T Ctrl+U Ctrl+V Ctrl+W Ctrl+X Ctrl+Y...

  • Page 56: Authentication-Mode

    Press ENTER to get started. Press Enter. Pressing Enter does not start a session. Press s. A terminal session is started. <Sysname> authentication-mode Use authentication-mode to set the authentication mode for a user line. Use undo authentication-mode to restore the default. Syntax In non-FIPS mode: authentication-mode { none | password | scheme }...

  • Page 57: Auto-Execute Command

    An authentication mode change does not take effect for the current session. It takes effect for subsequent login sessions. Examples # Enable the none authentication mode for VTY line 0. <Sysname> system-view [Sysname] line vty 0 [Sysname-line-vty0] authentication-mode none # Enable password authentication for VTY line 0 and set the password to 321. <Sysname>...
  • Page 58 The device automatically Telnets to 192.168.1.41. The following output is displayed on the configuration terminal: C:\> telnet 192.168.1.40 ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <Sysname>...

  • Page 59: Command Accounting

    command accounting Use command accounting to enable command accounting. Use undo command accounting to disable command accounting. Syntax command accounting undo command accounting Default Command accounting is disabled. The accounting server does not record executed commands. Views User line view User line class view Predefined user roles network-admin...

  • Page 60: Databits

    Views User line view User line class view Predefined user roles network-admin Usage guidelines When command authorization is enabled, a user can only use commands that are permitted by both the AAA scheme and user role. A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.

  • Page 61: Display Ip Http

    Examples # Configure AUX 0 to use seven data bits for a character. <Sysname> system-view [Sysname] line aux 0 [Sysname-line-aux0] databits 7 display ip http Use display ip http to display HTTP service configuration and status information. Syntax display ip http Views Any view Predefined user roles...

  • Page 62: Display Line

    network-operator Examples # Display HTTPS service configuration and status information. <Sysname> display ip https HTTPS port: 443 SSL server policy: test Certificate access control policy: Not configured Basic ACL: 2222 HTTPS status: Enabled Table 3 Command output Field Description HTTPS port HTTPS service port number.
  • Page 63 number2: Specifies the relative number of a user line. The value range is 0 to 9 for AUX lines and 0 to 63 for VTY lines. summary: Displays summary information about user lines. If you do not specify this keyword, the command displays detailed information.

  • Page 64: Display Telnet Client

    Fields Description number: Absolute number of the first user line in the user line class. number:status status: User line status. X is for unused and U is for used. display telnet client Use display telnet client to display the packet source setting for the Telnet client. Syntax display telnet client Views...
  • Page 65 summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed. Usage guidelines This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the display line command. As a best practice, use the display line command.

  • Page 66: Display Users

    Fields Description • VTY—VTY line. number: Absolute number of the first user line in the user line class. number:status status: User line status. X is for unused and U is for used. display users Use display users to display online CLI users. Syntax display users [ all ] Views...

  • Page 67: Display Web Menu

    Field Description User line you are using. Location IP address of the user. display web menu Use display web menu to display Web interface navigation tree information. Syntax display web menu [ chinese ] Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 68: Display Web Users

    `--Configuration: ID = m_config |--Save: ID = i_save |--Backup: ID = i_backup |--Restore: ID = i_restore |--Import: ID = i_import `--Export: ID = i_export display web users Use display web users to display online Web users. Syntax display web users Views Any view Predefined user roles...
  • Page 69 Predefined user roles network-admin Parameters key-string: Specifies a shortcut key. It can be a character (case sensitive, except for d and D), or an ASCII code value in the range of 0 to 127. For example, if you configure escape-key 1, the shortcut key is Ctrl+A.

  • Page 70: Flow-Control

    2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms <Sysname> flow-control Use flow-control to configure the flow control mode. Use undo flow-control to restore the default. Syntax flow-control { none | software } undo flow-control Default Flow control is disabled.

  • Page 71: Free User-Interface

    Views User view Predefined user roles network-admin Parameters number1: Specifies the absolute number of a user line. The value range is 0 to 73. aux: Specifies the AUX line. vty: Specifies the VTY line. number2: Specifies the relative number of a user line. The value range is 0 to 9 for AUX lines and 0 to 63 for VTY lines.

  • Page 72: Free Web Users

    free web users Use free web users to log off online Web users. Syntax free web users { all | user-id user-id | user-name user-name } Views User view Predefined user roles network-admin Parameters all: Specifies all Web users. user-id: Specifies a Web user by the ID, a hexadecimal number of 15 digits. The system assigns each Web user a unique ID at login to identify the user.

  • Page 73: Idle-Timeout

    To display history commands in the buffer for your session, press the up or down arrow key, or execute the display history-command command. For more information about the command history buffer, see Fundamentals Configuration Guide. Terminating a CLI session clears the commands in the command history buffer. The setting in user line view takes effect immediately for the current session.

  • Page 74: Ip Http Acl

    ip http acl Use ip http acl to apply an ACL to the HTTP service. Use undo ip http acl to restore the default. Syntax ip http acl { acl-number | name acl-name } undo ip http acl Default No ACL is applied to the HTTP service. Views System view Predefined user roles...

  • Page 75: Ip Http Port

    Views System view Predefined user roles network-admin Usage guidelines This command is not supported in FIPS mode. To allow users to access the device through HTTP, you must enable the HTTP service. Examples # Enable the HTTP service. <Sysname> system-view [Sysname] ip http enable Related commands ip https enable...

  • Page 76: Ip Https Certificate Access-Control-Policy

    Use undo ip https acl to restore the default. Syntax ip https acl {acl-number | name acl-name } undo ip https acl Default No ACL is applied to the HTTP service. Views System view Predefined user roles network-admin Parameters acl-number: Specifies an ACL by its number. The value range is 2000 to 2999. name acl-name: Specifies an ACL by its name.

  • Page 77: Ip Https Enable

    Default No certificate-based access control policy is applied for HTTPS access control. Views System view Predefined user roles network-admin Parameters policy-name: Specifies a certificate-based access control policy by its name, a case-sensitive string of 1 to 31 characters. Usage guidelines For more information about the certificate-based access control policy, see the chapter on PKI in Security Configuration Guide.

  • Page 78: Ip Https Port

    Examples # Enable the HTTPS service. <Sysname> system-view [Sysname] ip https enable Related commands ip https certificate access-control-policy ip https ssl-server-policy ip https port Use ip https port to specify the HTTPS service port number. Use undo ip https port to restore the default. Syntax ip https port port-number undo ip https port...

  • Page 79: Line

    Views System view Predefined user roles network-admin Parameters policy-name: Specifies an SSL server policy name, a string of 1 to 31 characters. Usage guidelines If the HTTP service and HTTPS service are enabled, changes to the applied SSL server policy do not take effect.

  • Page 80: Line Class

    [Sysname-line-vty0] # Enter the views of VTY lines 0 to 63. <Sysname> system-view [Sysname] line vty 0 63 [Sysname-line-vty0-63] Related commands line class line class Use line class to enter user line class view. Syntax line class { aux | vty } Views System view Predefined user roles...

  • Page 81: Lock

    • A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view. • A setting in user line class view does not take effect for current online users. It takes effect only for new login users.

  • Page 82: Lock Reauthentication

    Predefined user roles network-admin Usage guidelines This command is not supported in FIPS mode. This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.

  • Page 83: Lock-Key

    <Sysname> Related commands lock-key lock-key Use lock-key to set the user line locking key. Pressing this shortcut key locks the current user line and enables unlocking authentication. Use undo lock-key to restore the default. Syntax lock-key key-string undo lock-key Default No user line locking key is set.

  • Page 84: Parity

    Press Enter and enter the login password. Password: [Sysname] Related commands lock reauthentication parity Use parity to specify the parity. Use undo parity to restore the default. Syntax parity { even | mark | none | odd | space } undo parity Default The setting is none.
  • Page 85 protocol inbound { all | ssh | telnet } undo protocol inbound In FIPS mode: protocol inbound ssh undo protocol inbound Default In non-FIPS mode, all protocols are supported. In FIPS mode, SSH is supported. Views VTY line view VTY line class view Predefined user roles network-admin Parameters...

  • Page 86: Restful Http Enable

    Trying 192.168.1.241 ... Press CTRL+K to abort Connected to 192.168.1.241 ... ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <Server>...

  • Page 87: Restful Https Enable

    Usage guidelines This command is not supported in FIPS mode. For users to access the device through the HTTP-based RESTful API, you must enable RESTful access over HTTP. Examples # Enable RESTful access over HTTP. <Sysname> system-view [Sysname] restful http enable restful https enable Use restful https enable to enable RESTful access over HTTPS.

  • Page 88: Send

    User line class view Predefined user roles network-admin Parameters screen-length: Specifies the maximum number of lines to send, in the range of 0 to 512. To send command output without pausing, set the number to 0 or execute the screen-length disable command.

  • Page 89: Set Authentication Password

    Usage guidelines You can use this command to send notifications to online users before performing an operation that might affect other online users, for example, before rebooting the device. To end a message, press Enter. To abort the send operation, press Ctrl+C. Examples # Send a notification to the user on VTY 1.

  • Page 90: Shell

    This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view. A password change does not take effect for the current session.

  • Page 91: Speed

    Disable ui-vty0-4 , are you sure? [Y/N]:y [Sysname-line-vty0-4] speed Use speed to set the transmission rate (also called the baud rate) on a user line. Use undo speed to restore the default. Syntax speed speed-value undo speed Default The transmission rate is 9600 bps on a user line. Views User line view Predefined user roles...

  • Page 92: Telnet

    Use undo stopbits to restore the default. Syntax stopbits { 1 | 1.5 | 2 } undo stopbits Default One stop bit is used. Views User line view Predefined user roles network-admin Parameters 1: Uses one stop bit. 1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.

  • Page 93: Telnet Client Source

    source: Specifies a source IPv4 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the server as the source address. interface interface-type interface-number: Specifies the source interface.

  • Page 94: Telnet Ipv6

    Examples # Set the source IPv4 address to 1.1.1.1 for outgoing Telnet packets. <Sysname> system-view [Sysname] telnet client source ip 1.1.1.1 Related commands display telnet client configuration telnet ipv6 Use telnet ipv6 to Telnet to a host in an IPv6 network. Syntax telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ source { interface interface-type interface-number | ipv6 ipv6-address } | dscp dscp-value ] *...

  • Page 95: Telnet Server Acl

    telnet server acl Use telnet server acl to apply an ACL to filter Telnet logins. Use undo telnet server acl to restore the default. Syntax telnet server acl [ mac ] acl-number undo telnet server acl Default No ACL is used to filter Telnet logins. Views System view Predefined user roles...

  • Page 96: Telnet Server Enable

    Default IPv4 uses the DSCP value 48 for Telnet packets sent to a Telnet client. Views System view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. Usage guidelines This command is not supported in FIPS mode. The DSCP value is carried in the ToS field of an IPv4 packet to indicate the packet transmission priority.

  • Page 97: Telnet Server Ipv6 Dscp

    Use undo telnet server ipv6 acl to restore the default. Syntax telnet server ipv6 acl { ipv6 | mac } acl-number undo telnet server ipv6 acl Default No IPv6 ACL is used to filter IPv6 Telnet logins. Views System view Predefined user roles network-admin Parameters...

  • Page 98: Terminal Type

    Views System view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. Usage guidelines This command is not supported in FIPS mode. The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet transmission priority.

  • Page 99: User-Interface

    Examples # Set the terminal display type to VT100. <Sysname> system-view [Sysname] line vty 0 [Sysname-line-vty0] terminal type vt100 user-interface Use user-interface to enter one or multiple user line views. Syntax user-interface { first-number1 [ last-number1 ] | { aux | vty } first-number2 [ last-number2 ] } Views System view Predefined user roles...

  • Page 100: User-Interface Class

    user-interface class Use user-interface class to enter user line class view. Syntax user-interface class { aux | vty } Views System view Predefined user roles network-admin Parameters aux: Specifies the AUX line class view. vty: Specifies the VTY line class view. Usage guidelines This command is an older version reserved for backward compatibility purposes.

  • Page 101: User-Role

    Examples # Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view. <Sysname> system-view [Sysname] user-interface class vty [Sysname-line-class-vty] idle-timeout 15 # In AUX line class view, configure character s as the terminal session activation key. <Sysname>...

  • Page 102: Web Captcha

    Predefined user roles network-admin Parameters role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined. Available predefined user roles include network-admin, network-operator, and level-0 to level-15. Predefined user roles security-audit and guest-manager are available only in local user view.

  • Page 103: Web Https-Authorization Mode

    If you execute the web captcha command multiple times, the most recent configuration takes effect. This command is not saved to the configuration file and will not take effect after a reboot. Examples # Set the fixed verification code to test for Web login. <Sysname>...

  • Page 104: Webui Log

    undo web idle-timeout Default The Web connection idle-timeout timer is 10 minutes. Views System view Predefined user roles network-admin Parameters idle-time: Specifies the Web connection idle-timeout timer in minutes. The value range is 1 to 999. Usage guidelines The system automatically terminates a Web user connection if no mouse or keyboard operation occurs within the idle-timeout interval.
  • Page 105 The following is a sample log message: %Mar 25 14:32:38:802 2013 H3C WEB/6/WEBOPT_SET_TIME: -HostIP=192.168.100.235-User=Admin; Set the system date and time to 2013-05-27T10:00:00. Examples # Enable Web operation logging. <Sysname> system-view [Sysname] webui log enable...
  • Page 106 Contents FTP commands ····························································································· 1 FTP server commands ······································································································································· 1 display ftp-server ········································································································································ 1 display ftp-user ··········································································································································· 1 free ftp user ················································································································································ 2 free ftp user-ip ············································································································································ 3 free ftp user-ip ipv6 ···································································································································· 3 ftp server acl ··············································································································································· 4 ftp server dscp ············································································································································ 4 ftp server enable ········································································································································...
  • Page 107 tftp client source ······································································································································· 39 tftp ipv6 ····················································································································································· 40 tftp-server acl ··········································································································································· 41 tftp-server ipv6 acl ···································································································································· 42...

  • Page 108: Ftp Commands

    FTP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. FTP is not supported in FIPS mode. FTP server commands display ftp-server Use display ftp-server to display FTP server configuration and status information.

  • Page 109: Free Ftp User

    Views Any view Predefined user roles network-admin network-operator Examples # Display detailed information about online FTP users. <Sysname> display ftp-user UserName HostIP Port HomeDir root 192.168.20.184 46539 flash: A field value is wrapped if its length exceeds the limit. The segments are left justified. The following are the length limits for fields: •...

  • Page 110: Free Ftp User-Ip

    Parameters username: Specifies a username. To display online FTP users, execute the display ftp-user command. Examples # Release the FTP connections established by using user account ftpuser. <Sysname> free ftp user ftpuser Are you sure to free FTP connection? [Y/N]:y <Sysname>...

  • Page 111: Ftp Server Acl

    port port: Specifies the source port of an FTP connection. To view the source ports of FTP connections, execute the display ftp-user command. Examples # Release the FTP connections established from IPv6 address 2000::154. <Sysname> free ftp user-ip ipv6 2000::154 Are you sure to free FTP connection? [Y/N]:y <Sysname>...

  • Page 112: Ftp Server Enable

    undo ftp server dscp Default IPv4 uses the DSCP value 0 for FTP packets sent to an FTP client. Views System view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. Usage guidelines The DSCP value is carried in the ToS field of an IP packet to indicate the transmission priority of the packet.

  • Page 113: Ftp Server Ssl-Server-Policy

    undo ftp server ipv6 dscp Default IPv6 uses the DSCP value 0 for FTP packets sent to an FTP client. Views System view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. Usage guidelines The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the transmission priority of the packet.

  • Page 114: Ftp Timeout

    ssl server-policy (Security Command Reference) ftp timeout Use ftp timeout to set the FTP connection idle-timeout timer. Use undo ftp timeout to restore the default. Syntax ftp timeout minute undo ftp timeout Default The FTP connection idle-timeout timer is 30 minutes. Views System view Predefined user roles...

  • Page 115: Append

    Predefined user roles network-admin Parameters command-name: Specifies a command supported by the FTP client. Usage guidelines In FTP client view, entering ? is the same as executing the help command. Examples # Display all commands supported by the FTP client. ftp>...

  • Page 116: Ascii

    150 Accepted data connection 226 File successfully transferred 1657 bytes sent in 0.000736 seconds (2.15 Mbyte/s) ascii Use ascii to set the file transfer mode to ASCII. Syntax ascii Default The file transfer mode is binary. Views FTP client view Predefined user roles network-admin Usage guidelines...

  • Page 117: Bye

    Usage guidelines You can perform this operation only after you log in to the FTP server. FTP transfers files in either of the following modes: • Binary mode—Transfers program file or pictures. • ASCII mode—Transfers text files. When the device acts as the FTP server, the transfer mode is determined by the FTP client. When the device acts as the FTP client, you can set the transfer mode.

  • Page 118: Cdup

    Parameters directory: Specifies the target directory. If the target directory does not exist, the cd command does not change the current working directory. ..: Specifies the upper directory. Executing the cd .. command is the same as executing the cdup command.

  • Page 119: Close

    257 "/ftp/subdir" is your current location ftp> cdup 250 OK. Current directory is /ftp ftp> pwd 257 "/ftp" is your current location Related commands close Use close to terminate the connection to the FTP server without exiting FTP client view. Syntax close Views...

  • Page 120: Delete

    When FTP client debugging is disabled, executing this command enables FTP client debugging. Examples # Enable and then disable FTP client debugging. ftp> debug Debugging on (debug=1). ftp> debug Debugging off (debug=0). delete Use delete to permanently delete a file from the FTP server. Syntax delete remotefile Views...

  • Page 121: Disconnect

    To display detailed information about the files and subdirectories in the working directory on the FTP server, use the dir command. To display detailed information about a file or directory on the FTP server, use the dir remotefile command. To save detailed information about a file or directory on the FTP server to a local file, use the dir remotefile localfile command.

  • Page 122: Display Ftp Client Source

    Predefined user roles network-admin Usage guidelines You can perform this operation only after you log in to the FTP server. Examples # Terminate the connection to the FTP server without exiting the FTP client view. ftp> disconnect 221-Goodbye. You uploaded 0 and downloaded 0 kbytes. 221 Logout.

  • Page 123: Ftp Client Ipv6 Source

    service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default is 21. dscp dscp-value: Specifies the DSCP value for IPv4 to use in outgoing FTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0. source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address used to establish the FTP connection.

  • Page 124: Ftp Client Source

    Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source address. For successful FTP packet transmission, make sure the interface is up and is configured with an IPv6 address. ipv6 source-ipv6-address: Specifies an IPv6 address.

  • Page 125: Ftp Ipv6

    Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. The source address specified with the ftp command takes precedence over the source address specified with the ftp client source command. The source address specified with the ftp client source command applies to all FTP connections. The source address specified with the ftp command applies only to the FTP connection that is being established.

  • Page 126: Get

    220 FTP service ready. User (2000::154): root 331 Password required for root. Password: 230 User logged in Remote system type is H3C Use get to download a file from the FTP server and save the file. Syntax get remotefile [ localfile ] Views...

  • Page 127: Help

    1569 bytes received in 0.00527 seconds (290.6 kbyte/s) # Download the a.txt file to the test directory in the working directory accessed by the ftp command. ftp> get a.txt flash:/test/b.txt local: flash:/test/b.txt remote: a.txt 150 Connecting to port 47457 226 File successfully transferred 1569 bytes received in 0.00527 seconds (290.6 kbyte/s) # Download the a.txt file to the root directory of the flash memory on a member device.

  • Page 128: Lcd

    list contents of remote directory Related commands Use lcd to display or change the local working directory of the FTP client. Syntax lcd [ directory | / ] Views FTP client view Predefined user roles network-admin Parameters directory: Changes the local working directory of the FTP client to the specified local directory. There must be a slash sign (/) before the name of the storage medium, for example, /flash:/logfile.

  • Page 129: Mkdir

    To display detailed information about the files and subdirectories in the working directory on the FTP server, use the ls command. To display detailed information about a file or directory on the FTP server, use the ls remotefile command. To save detailed information about a file or directory on the FTP server to a local file, use the ls remotefile localfile command.

  • Page 130: Newer

    Predefined user roles network-admin Parameters directory: Specifies the name for the directory to be created. Usage guidelines You can perform this operation only after you log in to the FTP server. You must have permission to perform this operation on the FTP server. Examples # Create a subdirectory named newdir in the current directory of the FTP server.

  • Page 131: Passive

    Press CTRL+C to abort. Connected to 192.168.40.7 (192.168.40.7). 220 FTP service ready. User (192.168.40.7:(none)): root 331 Password required for root. Password: 230 User logged in. Remote system type is H3C. ftp> passive Use passive to change the FTP operation mode. Syntax passive Default The FTP operation mode is passive.

  • Page 132: Put

    • Passive mode—The FTP client initiates the TCP connection. When the FTP operation mode is passive, executing this command changes the mode to active. When the FTP operation mode is active, executing this command changes the mode to passive. This command is typically used together with a firewall to control FTP session establishment between private network users and public network users.

  • Page 133: Pwd

    # Upload file a.txt from the test directory of the storage medium on a member device. Save the file as b.txt on the FTP server. ftp> put slot2#flash:/test/a.txt b.txt local: slot2#flash:/test/a.txt remote: b.txt 150 Connecting to port 47461 226 File successfully transferred 1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s) Related commands Use pwd to display the currently accessed directory on the FTP server.

  • Page 134: Reget

    Related commands reget Use reget to get the missing part of a file from the FTP server. Syntax reget remotefile [ localfile ] Views FTP client view Predefined user roles network-admin network-operator Parameters remotefile: Specifies a file on the FTP server. localfile: Specifies a local file.

  • Page 135: Reset

    Usage guidelines You can perform this operation only after you log in to the FTP server. Examples # Rename the a.txt file as b.txt. • Method 1: ftp> rename (from-name) a.txt (to-name) b.txt 350 RNFR accepted - file exists, ready for destination 250 File successfully renamed or moved •...

  • Page 136: Rhelp

    Parameters marker: Specifies the retransmission offset, in bytes. Usage guidelines Use this command to continue with a file retransmission. The file retransmission starts from the (offset+1)th byte. You can perform this operation only after you log in to the FTP server. Support for this command depends on the FTP server.
  • Page 137 PASV EPSV REST RETR STOR APPE DELE MKD XMKD RMD XRMD ABOR SIZE RNFR RNTO 214 UNIX Type: L8 Table 3 Command output Field Description USER Username. PASS Password. NOOP Null operation. SYST System parameters. TYPE Request type. Changes the current working directory. XCWD Extended command with the meaning of CWD.

  • Page 138: Rmdir

    rmdir Use rmdir to permanently delete a directory from the FTP server. Syntax rmdir directory Views FTP client view Predefined user roles network-admin Parameters directory: Specifies a directory on the FTP server. Usage guidelines You can perform this operation only after you log in to the FTP server. To perform this operation, you must have delete permission on the FTP server.
  • Page 139 Examples # Display FTP server status information. ftp> rstatus 211-FTP server status: Connected to 192.168.20.177 Logged in as root TYPE: ASCII No session bandwidth limit Session timeout in seconds is 300 Control connection is plain text Data connections will be plain text At session startup, client count was 1 vsFTPd 2.0.6 - secure, fast, stable 211 End of status...

  • Page 140: Status

    Field Description The second bit through the tenth bit are divided into three groups. Each group contains three characters, representing the access permission of the owner, group, and other users. • -—No permission. • r—Read permission. • w—Write permission. • x—Execution permission.

  • Page 141: System

    Field Description The name of the file on the FTP server is unique and Store unique: off; Receive unique: off the name of the local file is unique. Does not support obtaining multiple files once and Case: off; CR stripping: on deletes "\r"...

  • Page 142: Verbose

    After you log in to an FTP server, you can initiate an FTP authentication to change to a new account. By changing to a new account, you can get a different privilege without re-establishing the FTP connection. Make sure the specified username and password have been configured on the FTP server. If the username or password is not configured, this command fails and the FTP connection is closed.
  • Page 143 150 The computer is your friend. Trust the computer 226 File successfully transferred 3796 bytes received in 0.00762 seconds (486.5 kbyte/s)

  • Page 144: Tftp Commands

    TFTP commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. TFTP is not supported in FIPS mode. tftp Use tftp to download a file from a TFTP server or upload a file to a TFTP server in an IPv4 network.

  • Page 145: Tftp Client Ipv6 Source

    Usage guidelines The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command. The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection. Examples # Download the new.bin file from TFTP server 192.168.1.1 and save the file as new.bin.

  • Page 146: Tftp Client Source

    Views System view Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source address. For successful TFTP packet transmission, make sure the interface is up and is configured with an IPv6 address. ipv6 source-ipv6-address: Specifies an IPv6 address .

  • Page 147: Tftp Ipv6

    ip source-ip-address: Specifies an IPv4 address. For successful TFTP packet transmission, make sure this address is the IPv4 address of an interface in up state on the device. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.

  • Page 148: Tftp-Server Acl

    destination-filename: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If this argument is not specified, the file uses the source file name. dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing TFTP packets to indicate the packet transmission priority.

  • Page 149: Tftp-Server Ipv6 Acl

    Usage guidelines You can use an ACL to deny or permit the device's access to specific TFTP servers. Examples # Allow the device to access only TFTP server 1.1.1.1. <Sysname> system-view [Sysname] acl basic 2000 [Sysname-acl-ipv4-basic-2000] rule permit source 1.1.1.1 0 [Sysname-acl-ipv4-basic-2000] quit [Sysname] tftp-server acl 2000 tftp-server ipv6 acl...
  • Page 150 Contents File system management commands ···························································· 1 cd ······························································································································································· 1 copy ···························································································································································· 2 delete ························································································································································· 4 dir ······························································································································································· 5 fdisk ···························································································································································· 6 file prompt ·················································································································································· 8 fixdisk ························································································································································· 9 format ························································································································································· 9 gunzip ······················································································································································· 10 gzip ··························································································································································· 11 md5sum ··················································································································································· 11 mkdir ························································································································································...

  • Page 151: File System Management Commands

    File system management commands IMPORTANT: • Before managing storage media, file systems, directories, and files, make sure you know the possible impact. • A file or directory whose name starts with a dot character (.) is a hidden file or directory. To prevent the system from hiding a file or directory, make sure the file or directory name does not start with a dot character.

  • Page 152: Copy

    Examples # Access the test directory after logging in to the device. <Sysname> cd test # Change to the parent directory. <Sysname> cd .. copy Use copy to copy a file. Syntax copy source-file { dest-file | dest-directory } Views User view Predefined user roles network-admin...
  • Page 153 Location Name format Remarks Enter the URL in the format of For example, to specify the startup.cfg file in the On a TFTP tftp://server address[:port working directory on TFTP server 1.1.1.1, enter the server number]/file path[/file name]. URL tftp://1.1.1.1/startup.cfg. The username and password in the URL must be the same as the username and password configured on the server.

  • Page 154: Delete

    Copying file tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg... Done. # Copy test.cfg from the current directory. Save the copy to the working directory on TFTP server 1.1.1.1 as testbackup.cfg. <Sysname> copy test.cfg tftp://1.1.1.1/testbackup.cfg Copy flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg? [Y/N]:y Copying file flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg... Done. # Copy test.cfg from the working directory on FTP server 2001::1.

  • Page 155: Dir

    Usage guidelines Use the delete /unreserved file command with caution. You cannot restore a file that was deleted with this command. The delete file command (without /unreserved) moves the specified file to the recycle bin, unless the file system is running out of storage space. If the file system is running out of storage space, the command permanently deletes the file.

  • Page 156: Fdisk

    The directory name of the recycle bin is .trash. To display files in the recycle bin, use either of the following methods: • Execute the dir /all .trash command. • Execute the cd .trash command and then the dir command. Examples # Display information about all files and directories in the current directory.
  • Page 157 partition-number: Specifies the number of partitions, in the range of 1 to 4. If you specify this argument, the storage medium is divided evenly into the specified number of partitions. To customize the sizes of partitions, do not provide this argument. Usage guidelines The flash memory cannot be partitioned.

  • Page 158: File Prompt

    Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):31 // Enter 31 to set the size of the second partition to 31 MB. The partition size must be greater than or equal to 32MB. Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):1000 // Enter 1000 to set the size of the second partition to 1000 MB.

  • Page 159: Fixdisk

    Examples # Set the file and directory operation mode to alert. <Sysname> system-view [Sysname] file prompt alert fixdisk Use fixdisk to check a file system for damage and repair any damage. Syntax fixdisk filesystem Views User view Predefined user roles network-admin Parameters filesystem: Specifies the name of a file system.

  • Page 160: Gunzip

    Formatting a file system permanently deletes all files in the file system. If a startup configuration file exists in the file system, back up the file if necessary. You can format a file system only when no other users are accessing the file system. Examples # Format file system flash:.

  • Page 161: Gzip

    507904 KB total (472844 KB free) gzip Use gzip to compress a file. Syntax gzip file Views User view Predefined user roles network-admin Parameters file: Specifies the name of the file to be compressed. Usage guidelines This command saves the compressed file to the file.gz file and deletes the source file. Examples # Compress file system.bin: Before compressing the file, you can display files whose names start with the system.

  • Page 162: Mkdir

    Predefined user roles network-admin network-operator Parameters file: Specifies the name of a file. Usage guidelines You can use file digests to verify file integrity. Examples # Use the MD5 algorithm to calculate the digest of file system.bin. <Sysname> md5sum system.bin MD5 digest: 4f22b6190d151a167105df61c35f0917 mkdir...

  • Page 163: Mount

    Views User view Predefined user roles network-admin Parameters file: Specifies the name of a file. Examples # Display the contents of the test.txt file. <Sysname> more test.txt Have a nice day. # Display the contents of the testcfg.cfg file. <Sysname> more testcfg.cfg version 7.1.070, Release 1201 sysname Sysname vlan 2...

  • Page 164: Move

    Examples # Mount a file system on the USB disk. <Sysname> mount usba0: Related commands umount move Use move to move a file. Syntax move source-file { dest-file | dest-directory } Views User view Predefined user roles network-admin Parameters source-file: Specifies the name of the source file. dest-file: Specifies the name of the destination file.

  • Page 165: Rename

    Examples # Display the working directory. <Sysname> pwd flash: rename Use rename to rename a file or directory. Syntax rename { source-file | source-directory } { dest-file | dest-directory } Views User view Predefined user roles network-admin Parameters source-file: Specifies the name of the source file. source-directory: Specifies the name of the source directory.

  • Page 166: Rmdir

    Usage guidelines The delete file command only moves a file to the recycle bin. To permanently delete the file, use the reset recycle-bin command to delete the file from the recycle bin. Examples # Empty the recycle bin. (In this example there are two files in the recycle bin.) <Sysname>...

  • Page 167: Tar Create

    Syntax sha256sum file Views User view Predefined user roles network-admin Parameters file: Specifies the name of a file. Usage guidelines You can use file digests to verify file integrity. Examples # Use the SHA-256 algorithm to calculate the digest of file system.bin. <Sysname>...

  • Page 168: Tar Extract

    Creating archive flash:/b.tar.gz Done. # Compress and archive files and directories, and display the successfully archived files and directories. <Sysname> tar create gz archive-file c.tar.gz verbose source 1.cfg 2.cfg test 1.cfg 2.cfg test/ test/a.log test/subtest/ test/subtest/aa.log Related commands tar extract tar list tar extract Use tar extract to extract files and directories.

  • Page 169: Tar List

    2.cfg test/ test/a.log test/subtest/ test/subtest/aa.log # Extract files and directories from archive file a.tar, and display the content of the files on the screen. <Sysname> tar extract archive-file c.tar.gz screen version 7.1.070, Release 1201 sysname Sysname Related commands tar create tar list tar list Use tar list to display the names of archived files and directories.

  • Page 170: Umount

    umount Use umount to unmount a file system. Syntax umount filesystem Views User view Predefined user roles network-admin Parameters filesystem: Specifies the name of a file system. Usage guidelines File systems on a storage medium are automatically mounted when the storage medium is connected to the device.
  • Page 171 Usage guidelines If a file with the same name already exists in the directory, the system prompts whether or not you want to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the command is not executed.
  • Page 172 Contents Configuration file management commands ···················································· 1 archive configuration ·································································································································· 1 archive configuration interval ····················································································································· 1 archive configuration location ····················································································································· 2 archive configuration max ·························································································································· 3 backup startup-configuration ······················································································································ 4 configuration commit ·································································································································· 5 configuration commit delay ························································································································ 6 configuration encrypt ·································································································································· 7 configuration replace file ····························································································································...

  • Page 173: Configuration File Management Commands

    Configuration file management commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. archive configuration Use archive configuration to manually archive the running configuration to the configuration archive directory.

  • Page 174: Archive Configuration Location

    Default The automatic running-configuration archiving feature is disabled. Views System view Predefined user roles network-admin Parameters interval: Specifies the interval for automatically saving the running configuration. The value range is 10 to 525600, in minutes. Usage guidelines Automatic configuration archiving enables the system to periodically save the running configuration to the archive directory automatically.

  • Page 175: Archive Configuration Max

    Parameters directory: Specifies the configuration archive directory, a case-insensitive string of 1 to 63 characters. The value for this argument must take the format storage-medium-name:/folder-name. The directory must already exist on the master. filename-prefix filename-prefix: Specifies a file name prefix for configuration archives, a case-insensitive string of 1 to 30 characters.

  • Page 176: Backup Startup-Configuration

    Syntax archive configuration max file-number undo archive configuration max Default The maximum number is 5. Views System view Predefined user roles network-admin Parameters file-number: Specifies the maximum number of configuration archives that can be saved. The value range is 1 to 10. Adjust the setting depending on the amount of storage space available. Usage guidelines Before you can set a limit on configuration archives, use the archive configuration location command to specify a configuration archive directory and archive file name prefix.

  • Page 177: Configuration Commit

    Predefined user roles network-admin Parameters ipv4-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.). ipv6 ipv6-server: Specifies a TFTP server by its IPv6 address or host name.

  • Page 178: Configuration Commit Delay

    Examples # Set the allowed delay time to 10 minutes for a manual commit to keep the settings configured subsequently in effect. <Sysname> system-view [Sysname] configuration commit delay 10 # Commit the settings configured after the configuration commit delay command was executed. [Sysname] configuration commit # Commit the settings configured after the configuration commit delay command was executed.

  • Page 179: Configuration Encrypt

    [Sysname] configuration commit delay 10 # Re-set the allowed delay time to 60 minutes for a manual commit to keep the settings configured subsequently in effect. [Sysname] configuration commit delay 60 The commit delay already set 10 minutes, overwrite it? [Y/N]:y # Re-set the allowed delay time to 20 minutes for a manual commit to keep the settings configured subsequently in effect.

  • Page 180: Display Archive Configuration

    Views System view Predefined user roles network-admin Parameters filename: Specifies the name of the replacement configuration file used for configuration rollback. The file name must use the .cfg extension. Excluding the .cfg extension, the file name is a case-insensitive string of 1 to 255 characters and can include path information. The file and file path must be valid.

  • Page 181: Display Current-Configuration

    Maximum number of archive files: 10 Saved archive files: No. TimeStamp FileName Wed Jan 15 14:20:18 2012 my_archive_1.cfg Wed Jan 15 14:33:10 2012 my_archive_2.cfg Wed Jan 15 14:49:37 2012 my_archive_3.cfg '#' indicates the most recent archive file. Next archive file to be saved: my_archive_4.cfg Table 1 Command output Field Description...

  • Page 182: Display Current-Configuration Diff

    interface [ interface-type [ interface-number ] ]: Displays interface configuration, where the interface-type argument represents the interface type and the interface-number argument represents the interface number. If you do not specify the interface-type interface-number arguments, the command displays the running configuration for all interfaces. If you specify only the interface-type argument, the command displays the running configuration for all interfaces of this type.
  • Page 183 Predefined user roles network-admin network-operator Examples # Display the configuration differences between the running configuration and the next-startup configuration file. <Sysname> display current-configuration diff --- Startup configuration +++ Current configuration @@ -17,7 +17,9 @@ vlan 200 -vlan 300 +vlan 400 +vlan 500 <Sysname>...

  • Page 184: Display Default-Configuration

    display default-configuration Use display default-configuration to display the factory defaults. Syntax display default-configuration Views Any view Predefined user roles network-admin network-operator Usage guidelines The device is shipped with some basic settings called factory defaults. These default settings ensure that the device can start up and run correctly when it does not have a startup configuration file or the configuration file is corrupt.

  • Page 185: Display Saved-Configuration

    comparison. In the display diff configfile file-name-s and display diff current-configuration commands, this keyword specifies the target configuration file. Examples # Display the configuration differences between startup.cfg and test.cfg. <Sysname> display diff configfile startup.cfg configfile test.cfg --- flash:/startup.cfg +++ flash:/test.cfg @@ -17,7 +17,9 @@ vlan 200 -vlan 300...

  • Page 186: Display Startup

    Syntax display saved-configuration Views Any view Predefined user roles network-admin network-operator Usage guidelines Use this command to verify that important settings have been saved to the configuration file for the next system startup. This command selects the configuration file to display in the following order: If the main startup configuration file is available, this command displays the contents of the main startup configuration file.

  • Page 187: Display This

    Syntax display startup Views Any view Predefined user roles network-admin network-operator Usage guidelines All IRF members use the same current startup configuration file as the master. After a master/subordinate switchover, it is normal that the current startup configuration files on all IRF members are displayed as NULL.

  • Page 188: Reset Saved-Configuration

    Some parameters can be successfully set even if their dependent features are not enabled. For these parameters, this command displays their settings after the dependent features are enabled. This command can be executed in any user line view to display the running configuration of all user lines.

  • Page 189: Restore Startup-Configuration

    Related commands display saved-configuration restore startup-configuration Use restore startup-configuration to download a configuration file from a TFTP server and specify it as the main next-startup configuration file. Syntax restore startup-configuration from { ipv4-server | ipv6 ipv6-server } src-filename Views User view Predefined user roles network-admin Parameters...

  • Page 190: Save

    Related commands backup startup-configuration save Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file. Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file in the root directory of the default storage medium.

  • Page 191: Startup Saved-Configuration

    Usage guidelines If the file specified for the command does not exist, the system creates the file before saving the configuration. If the file already exists, the system prompts you to confirm whether to overwrite the file. If you choose to not overwrite the file, the system cancels the save operation. If you do not specify the file-url option, this command saves the running configuration to an .mdb binary file as well as a .cfg text file.
  • Page 192 Use undo startup saved-configuration to set the system to start up with factory defaults at the next startup. Syntax startup saved-configuration cfgfile [ backup | main ] undo startup saved-configuration Default No next-startup configuration file is specified. Views User view Predefined user roles network-admin Parameters...
  • Page 193 Related commands display startup...
  • Page 194 Contents Software upgrade commands ········································································ 1 boot-loader file ··········································································································································· 1 boot-loader update ····································································································································· 3 bootrom update ·········································································································································· 4 display boot-loader ····································································································································· 5 display install active ··································································································································· 5 display install committed ···························································································································· 7 install activate ············································································································································· 9 install commit ··········································································································································· 10 install deactivate ·······································································································································...

  • Page 195: Software Upgrade Commands

    Software upgrade commands The device can start up from the built-in flash memory or the USB disk. As a best practice, store the startup images in the built-in flash memory. If you store the startup images on the USB disk, do not remove the USB disk during the startup process.
  • Page 196 # Specify flash:/all.ipe as the main startup image file for slot 1. <Sysname> boot-loader file flash:/all.ipe slot 1 main Verifying the file flash:/all.ipe on slot 1....Done. H3C S5150X-16ST-EI images in IPE: boot.bin system.bin This command will set the main startup software images. Continue? [Y/N]:Y Add images to slot 1.

  • Page 197: Boot-Loader Update

    Loading......Done. Loading......Done. Loading......Done. Loading......Done. The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 2. The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 3.

  • Page 198: Bootrom Update

    Verifying the file flash:/s5150ei-cmw710-boot-t5101.bin on slot 1...Done. Verifying the file flash:/s5150ei-cmw710-system-t5101.bin on slot 1..Done. Copying main startup software images to slot 2. Please wait... Done. Setting copied images as main startup software images for slot 2... The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 2.

  • Page 199: Display Boot-Loader

    display boot-loader Use display boot-loader to display current software images and startup software images. Syntax display boot-loader [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies the member ID of an IRF member device. If you do not specify a member device, this command displays the software images on each IRF member device.
  • Page 200 # Display detailed information about active software images. <Sysname> display install active verbose Active packages on slot 1: flash:/boot.bin [Package] Vendor: H3C Product: S5150-EI Service name: boot Platform version: 7.1.022 Product version: Test 2201 Supported board: mpu [Component]...

  • Page 201: Display Install Committed

    Platform version: 7.1.022 Product version: Test 2201 Supported board: mpu [Component] Component: test Description: test package Table 2 Command output Field Description [Package] Detailed information about the software image. Image type: • boot—Boot image. • boot-patch—Boot image patch. Service name •...
  • Page 202 # Display detailed information about main startup software images. <Sysname> display install committed verbose Committed packages on slot 1: flash:/boot-t5101.bin [Package] Vendor: H3C Product: S5150-EI Service name: boot Platform version: 7.1 Product version: Beta 1330 Supported board: mpu [Component]...

  • Page 203: Install Activate

    Component: ssh Description: ssh package For information about the command output, see Table Related commands boot-loader file install commit install activate Use install activate to activate feature or patch images. Syntax install activate feature filename&<1-30> slot slot-number install activate patch filename { all | slot slot-number } Views User view Predefined user roles...

  • Page 204: Install Commit

    install deactivate install commit Use install commit to commit software changes. Syntax install commit Views User view Predefined user roles network-admin Usage guidelines This command adds the patch image file to the startup image list with which the system started up. •...
  • Page 205 the value string can have a maximum of 63 characters. For more information about specifying a file, see Fundamentals Configuration Guide. all: Specifies all IRF member devices. slot slot-number: Specifies an IRF member device by its member ID. Usage guidelines You can deactivate only active feature and patch images.
  • Page 206 Contents Emergency shell commands ·········································································· 1 copy ···························································································································································· 1 delete ························································································································································· 1 dir ······························································································································································· 2 display copyright ········································································································································ 4 display install package ······························································································································· 4 display interface m-eth0 ····························································································································· 5 display ip routing-table ······························································································································· 6 display ipv6 routing-table ··························································································································· 7 display version ··········································································································································· 8 format ·························································································································································...

  • Page 207: Emergency Shell Commands

    Emergency shell commands File system names, directory names, or file names must be compliant with the naming conventions. For more information about the naming conventions and the methods for specifying the names, see Fundamentals Configuration Guide. Unless otherwise stated, a file or directory name argument in this document must contain the file system name and cannot contain file system location information.

  • Page 208: Dir

    Syntax delete file Views User view Parameters file: Specifies the file to be deleted. Examples # Delete the tt.cfg file. <boot> delete flash:/tt.cfg Delete flash:/tt.cfg? [Y/N]:y Deleting the file permanently will take a long time. Please wait... Start to delete flash:/tt.cfg...Done. Use dir to display files or directories.
  • Page 209 drw- Jan 01 2012 00:04:07 test drw- Nov 05 2012 06:45:07 logfile -rwh Oct 20 2012 09:09:52 .snmpboots drw- Nov 05 2012 05:56:22 diagfile drwh Aug 20 2012 09:23:48 .trash -rw- Aug 20 2012 06:15:00 ifindex.dat -rw- 3231 Aug 31 2012 09:01:41 startup.cfg -rw- 60620...

  • Page 210: Display Copyright

    The value string can have a maximum of 63 characters. The filesystemname cannot contain file system location information. Examples # Display information about the system.bin software package. <boot> display install package flash:/system-t6101010.bin Verifying the file flash:/system-t6101010.bin ....Done. flash:/system-t6101010.bin [Package] Vendor: H3C Product: S5150-EI Service name: system...

  • Page 211: Display Interface M-Eth0

    Platform version: 7.1.070 Product version: Test 0001010 Supported board: mpu [Component] Component: system Description: system package Table 2 Command output Field Description Product Product name. Type of the service package: • boot—Boot image. • system—System image. Service name • patch—Patch package. If the value of this field is not boot, system, or patch, the service packet is a feature package.

  • Page 212: Display Ip Routing-Table

    Output bytes:30367 Table 3 Command output Field Description Physical layer status of the management Ethernet interface: • Administratively DOWN—The interface has been shut down by using the shutdown command. • DOWN—The interface has been enabled by using the m-eth0 current state undo shutdown command, but its physical status is down.

  • Page 213: Display Ipv6 Routing-Table

    Syntax display ip routing-table Views Any view Examples # Display IPv4 routing information. <boot> display ip routing-table Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.116.0 255.255.255.0 0 m-eth0 default 192.168.116.1 0.0.0.0 0 m-eth0 Table 4 Command output Field Description Kernel IP routing table...

  • Page 214: Display Version

    Flags Metric Ref Use Iface ::1/128 1 lo FE80::201:2FF:FE03:406/128 1 lo FE80::/64 0 m-eth0 FF02::1:2/128 FF02::1:2 2888 0 m-eth0 FF00::/8 0 m-eth0 Table 5 Command output Field Description Kernel IPv6 routing table IPv6 routing information. Flags: • A—The route was learned from a route advertisement. •...

  • Page 215: Ftp

    Syntax format filesystem Views User view Parameters filesystem: Specifies a file system. Usage guidelines Use this command with caution. This command permanently deletes all files and directories from the file system, including the startup image files and startup configuration files. The deleted files and directories cannot be restored.

  • Page 216: Interface M-Eth0

    Syntax install load system-package Views User view Parameters system-package: Specifies a .bin system image file in the filesystemname/filename.bin format, for example, flash:/startup-system.bin. The file must be saved in the root directory of a file system on the current member device. The value string can have a maximum of 63 characters. The filesystemname cannot contain file system location information.

  • Page 217: Ip Address

    ip address Use ip address to assign an IPv4 address to the management Ethernet interface. Use undo ip address to restore the default. Syntax ip address ip-address { mask-length | mask } undo ip address Default No IPv4 address is assigned to the management Ethernet interface. Views Management Ethernet interface view Parameters...

  • Page 218: Ipv6 Address

    Usage guidelines When the device needs to communicate with a device on a remote IPv4 network, you must specify an IPv4 gateway for the management Ethernet interface. If you execute this command multiple times, the most recent configuration takes effect. Changing or removing the IPv4 address of the management Ethernet interface deletes the interface's IPv4 gateway configuration.

  • Page 219: Mkdir

    undo ipv6 gateway Default No IPv6 gateway is specified for the management Ethernet interface. Views Management Ethernet interface view Parameters link-local: Specifies the link-local address of an IPv6 gateway. Usage guidelines When the device needs to communicate with a device on a remote IPv6 network, you must specify an IPv6 gateway for the management Ethernet interface.

  • Page 220: More

    rmdir more Use more to display the contents of a text file. Syntax more file Views User view Parameters file: Specifies a text file. Examples # Display the contents of the test.txt file. <boot> more flash:/test.txt Have a nice day. move Use move to move a file.

  • Page 221: Ping

    ping Use ping to check the connectivity to an IPv4 address. Syntax ping [ -c count | -s size ] * ip-address Views Any view Parameters -c count: Specifies the number of ICMP echo requests to send, in the range of 1 to 2147483647. The default is 5.

  • Page 222: Ping Ipv6

    Field Description 0% packet loss Percentage of echo requests that failed to be echoed back. round-trip min/avg/max = Minimum/average/maximum response time, in milliseconds. 0.717/1.101/2.243 ms ping ipv6 Use ping ipv6 to check the connectivity to an IPv6 address. Syntax ping ipv6 [ -c count | -s size ] * ipv6-address Views Any view Parameters...

  • Page 223: Quit

    Examples # Display the working directory. <boot> pwd flash: quit Use quit to return to the upper-level view. Syntax quit Views System view Management Ethernet interface view Examples # Return from management Ethernet interface view to user view. [boot-m-eth0] quit [boot] quit <boot>...

  • Page 224: Rmdir

    Warning: Permanently added '192.168.1.59' (RSA) to the list of known hosts. client001@192.168.1.59's password: ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 225: Shutdown

    Remove directory flash:/mydir?[Y/N]:y Directory flash:/1 removed. Related commands delete mkdir shutdown Use shutdown to shut down the management Ethernet interface. Use undo shutdown to bring up the management Ethernet interface. Syntax shutdown undo shutdown Default The management Ethernet interface is up. Views Management Ethernet interface view Usage guidelines...

  • Page 226: System-View

    Warning: Permanently added '192.168.1.59' (RSA) to the list of known hosts. client001@192.168.1.59's password: ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 227: Telnet

    telnet Use telnet to log in to a Telnet server. Syntax telnet { server-ipv4-address | ipv6 server-ipv6-address } Views User view Parameters server-ipv4-address: Specifies the IPv4 address of the Telnet server in dotted decimal notation. server-ipv6-address: Specifies the IPv6 address of the Telnet server. Usage guidelines If the Telnet server does not respond, you can press Ctrl+K to abort the login attempt and try again later.
  • Page 228 Contents Device management commands···································································· 1 clock datetime ············································································································································ 1 clock protocol ············································································································································· 1 clock summer-time ····································································································································· 2 clock timezone ··········································································································································· 4 command ··················································································································································· 5 copyright-info enable ·································································································································· 6 display clock ··············································································································································· 6 display copyright ········································································································································ 7 display cpu-usage ······································································································································ 7 display cpu-usage configuration·················································································································...

  • Page 229: Device Management Commands

    Device management commands clock datetime Use clock datetime to set the system time. Syntax clock datetime time date Default The system time is UTC time 00:00:00 01/01/2011. Views User view Predefined user roles network-admin Parameters time: Specifies a time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.

  • Page 230: Clock Summer-Time

    Syntax clock protocol { none | ntp } undo clock protocol Default The device obtains its time through NTP. Views System view Predefined user roles network-admin Parameters none: Uses the system time set by using the clock datetime command. ntp: Uses NTP to obtain the UTC time. You must configure NTP correctly. For more information about NTP and NTP configuration, see Network Management and Monitoring Configuration Guide.
  • Page 231 Predefined user roles network-admin Parameters name: Specifies a name for the daylight saving time schedule, a case-sensitive string of 1 to 32 characters. start-time: Specifies the start time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.

  • Page 232: Clock Timezone

    Related commands clock datetime clock timezone display clock clock timezone Use clock timezone to set the time zone. Use undo clock timezone to restore the default. Syntax clock timezone zone-name { add | minus } zone-offset undo clock timezone Default The Greenwich Mean Time time zone is used.

  • Page 233: Command

    command Use command to assign a command to a job. Use undo command to revoke a command. Syntax command id command undo command id Default No command is assigned to a job. Views Job view Predefined user roles network-admin Parameters id: Specifies an ID for the command, in the range of 0 to 4294967295.

  • Page 234: Copyright-Info Enable

    The device will display the following statement when a user logs in: ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 235: Display Copyright

    <Sysname> display clock 15:10:00 Z5 Fri 03/16/2015 Time Zone : Z5 add 05:00:00 # Display the system time and date when the time zone Z5 and daylight saving time PDT are specified. <Sysname> display clock 15:11:00 Z5 Fri 03/16/2015 Time Zone : Z5 add 05:00:00 Summer Time : PDT 06:00:00 08/01 06:00:00 09/01 01:00:00 Related commands clock datetime...

  • Page 236: Display Cpu-Usage Configuration

    slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays CPU usage statistics for all member devices. cpu cpu-number: Specifies a CPU by its number. Examples # Display the current CPU usage statistics in text form. <Sysname>...

  • Page 237: Display Cpu-Usage History

    Related commands monitor cpu-usage enable monitor cpu-usage interval monitor cpu-usage threshold display cpu-usage history Use display cpu-usage history to display the historical CPU usage statistics in a coordinate system. Syntax display cpu-usage history [ job job-id ] [ slot slot-number [ cpu cpu-number ] ] Views Any view Predefined user roles...

  • Page 238: Display Device

    80%| 75%| 70%| 65%| 60%| 55%| 50%| 45%| 40%| 35%| 30%| 25%| 20%| 15%| 10%| ######## ------------------------------------------------------------ (minutes) cpu-usage (Slot 1 CPU 0) last 60 minutes (SYSTEM) The output shows the following items: • Process name. The name SYSTEM represents the entire system. •...

  • Page 239: Display Device Manuinfo

    network-operator Parameters flash: Displays flash memory information. usb: Displays USB information. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. verbose: Displays detailed information. If you do not specify this keyword, this command displays brief information.

  • Page 240: Display Device Manuinfo Power

    Usage guidelines An electronic label contains the permanent configuration information, including the hardware serial number, manufacturing date, MAC address, and vendor name. The data is written to the storage component during hardware debugging or testing. This command displays only part of the electronic label information.
  • Page 241 l2: Specifies operating information for the Layer 2 features. l3: Specifies operating information for the Layer 3 features. service: Specifies operating information for Layer 4 and upper-layer features. filename: Saves the information to a file. The filename argument must use the .tar.gz suffix. If you do not specify this argument, the command prompts you to choose whether to save the information to a file or display the information.

  • Page 242: Display Environment

    tar extract display environment Use display environment to display temperature information. Syntax display environment [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays temperature information for all member devices.

  • Page 243: Display Fan

    display fan Use display fan to display fan tray operating status information. Syntax display fan [ slot slot-number [ fan-id ] ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays fan tray operating status information for all member devices.

  • Page 244: Display Memory-Threshold

    <Sysname> display memory Memory statistics are measured in KB: Slot 1: Total Used Free Shared Buffers Cached FreeRatio Mem: 905704 329632 576072 1304 122660 63.6% -/+ Buffers/Cache: 205668 700036 Swap: # Display brief memory usage information. <Sysname> display memory summary Memory statistics are measured in KB: Slot CPU Total...

  • Page 245: Display Power

    Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the memory usage thresholds and statistics for the master device. cpu cpu-number: Specifies a CPU by its number. Usage guidelines For more information about memory usage notifications, see log information containing MEM_EXCEED_THRESHOLD or MEM_BELOW_THRESHOLD.

  • Page 246: Display Scheduler Job

    Syntax display power [ slot slot-number [ power-id ] ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays power supply information for all member devices. power-id: Specifies a power supply by its ID.

  • Page 247: Display Scheduler Logfile

    vlan 100 // The output shows that the device has three jobs: the first has one command, the second does not have any commands, and the third has two commands. Jobs are separated by blank lines. display scheduler logfile Use display scheduler logfile to display job execution log information. Syntax display scheduler logfile Views...

  • Page 248: Display Scheduler Schedule

    Syntax display scheduler reboot Views Any view Predefined user roles network-admin network-operator Examples # Display the automatic reboot schedule. <Sysname> display scheduler reboot System will reboot at 16:32:00 05/23/2015 (in 1 hours and 39 minutes). Related commands scheduler reboot at scheduler reboot delay display scheduler schedule Use display scheduler schedule to display schedule information.

  • Page 249: Display System Stable State

    Table 6 Command output Field Description Execution time setting of the schedule. If no execution time is specified, this field is not Schedule type displayed. Time to execute the schedule for the first time. If no execution time is specified, this Start time field is not displayed.

  • Page 250: Display Transceiver Alarm

    Use the display system internal process state command in probe view to display service operating status. Examples # Display system stability and status information. <Sysname> display system stable state System state : Stable Redundancy state: Stable Slot Role State Active Stable Table 7 Command output Field...

  • Page 251: Display Transceiver Diagnosis

    network-operator Parameters interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the alarms present on every transceiver module. Usage guidelines Table 8 shows the common transceiver alarm components. If no error occurs, "None" is displayed. Table 8 Common transceiver alarm components Field Description...

  • Page 252: Display Transceiver Interface

    Predefined user roles network-admin network-operator Parameters interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the current values of the digital diagnosis parameters on every transceiver module. Examples # Display the current values of the digital diagnosis parameters on the transceiver module in interface Ten-GigabitEthernet 1/0/1.

  • Page 253: Display Transceiver Manuinfo

    Examples # Display the key parameters of the transceiver module in interface Ten-GigabitEthernet 1/0/1. <Sysname> display transceiver interface ten-gigabitethernet 1/0/1 display transceiver manuinfo Use display transceiver manuinfo to display electronic label information for transceiver modules. Syntax display transceiver manuinfo interface [ interface-type interface-number ] Views Any view Predefined user roles...

  • Page 254: Header

    Syntax display version-update-record Views Any view Predefined user roles network-admin network-operator Usage guidelines The device records its current startup software version information whenever it starts up, and records all software version update information. Such information can survive reboots. Examples # Display the startup software image upgrade records. <Sysname>...

  • Page 255: Job

    Predefined user roles network-admin Parameters legal: Configures the banner to be displayed before a user inputs the username and password to access the CLI. login: Configures the banner to be displayed before password or scheme authentication is performed for a login user. motd: Configures the greeting banner to be displayed before the legal banner appears.

  • Page 256: Memory-Threshold

    Related commands scheduler job scheduler schedule memory-threshold Use memory-threshold to set free-memory thresholds. Use undo memory-threshold to restore the defaults. Syntax memory-threshold [ slot slot-number [ cpu cpu-number ] ] minor minor-value severe severe-value critical critical-value normal normal-value undo memory-threshold [ slot slot-number [ cpu cpu-number ] ] Default Minor alarm threshold: 96 MB.

  • Page 257: Memory-Threshold Usage

    Examples # Set the minor alarm, severe alarm, critical alarm, and normal state thresholds to 64 MB, 48 MB, 32 MB, and 96 MB, respectively. <Sysname> system-view [Sysname] memory-threshold minor 64 severe 48 critical 32 normal 96 Related commands display memory-threshold memory-threshold usage Use memory-threshold usage to set the memory usage threshold.

  • Page 258: Monitor Cpu-Usage Interval

    Syntax monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ] undo monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ] Default CPU usage monitoring is enabled. Views System view Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command enables CPU usage monitoring for the master device.

  • Page 259: Monitor Cpu-Usage Threshold

    slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets the interval for the master device. cpu cpu-number: Specifies a CPU by its number. Usage guidelines After CPU usage monitoring is enabled, the system samples and saves CPU usage at the specified interval.

  • Page 260: Password-Recovery Enable

    password-recovery enable Use password-recovery enable to enable password recovery capability. Use undo password-recovery enable to disable password recovery capability. Syntax password-recovery enable undo password-recovery enable Default Password recovery capability is enabled. Views System view Predefined user roles network-admin Usage guidelines Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus.
  • Page 261 system failure. For example, the system identifies whether the main system software image file exists and whether a write operation is in progress on a storage medium. If the reboot might cause problems, the system does not reboot the device. Usage guidelines CAUTION: •...

  • Page 262: Reset Scheduler Logfile

    reset scheduler logfile Use reset scheduler logfile to clear job execution log information. Syntax reset scheduler logfile Views User view Predefined user roles network-admin Examples # Clear job execution log information. <Sysname> reset scheduler logfile Related commands display scheduler logfile reset version-update-record Use reset version-update-record to clear startup software image upgrade records.

  • Page 263: Scheduler Job

    Usage guidelines This command is disruptive. Use this command only when you cannot troubleshoot the device by using other methods, or you want to use the device in a different scenario. Examples # Restore the factory-default configuration for the device. <Sysname>...

  • Page 264: Scheduler Logfile Size

    scheduler logfile size Use scheduler logfile size to set the size of the job execution log file. Syntax scheduler logfile size value Default The size of the job execution log file is 16 KB. Views System view Predefined user roles network-admin Parameters value: Specifies the size of the job execution log file, in KB.

  • Page 265: Scheduler Reboot Delay

    date: Specifies the reboot date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month. Usage guidelines CAUTION: Device reboot interrupts network services.

  • Page 266: Scheduler Schedule

    The device supports only one device reboot schedule. If you execute both the scheduler reboot delay and schedule reboot at commands or execute one of the commands multiple times, the most recent configuration takes effect. For data security, the system does not reboot at the reboot time if a file operation is being performed. Examples # Configure the device to reboot after 88 minutes.

  • Page 267: Shutdown-Interval

    Related commands time at time once shutdown-interval Use shutdown-interval to set the port status detection timer. Use undo shutdown-interval to restore the default. Syntax shutdown-interval interval undo shutdown-interval Default The port status detection timer setting is 30 seconds. Views System view Predefined user roles network-admin Parameters...

  • Page 268: Temperature-Limit

    Default The device name is H3C. Views System view Predefined user roles network-admin Parameters sysname: Specifies a name for the device, a string of 1 to 64 characters. Usage guidelines A device name identifies a device in a network and is used in CLI view prompts. For example, if the device name is Sysname, the user view prompt is <Sysname>.

  • Page 269: Time At

    warninglimit: Specifies the high-temperature warning threshold in Celsius degrees. This threshold must be greater than the low-temperature threshold. The value range for this threshold varies by the low-temperature threshold you specified. alarmlimit: Specifies the high-temperature alarming threshold in Celsius degrees. This threshold must be greater than the warning threshold.

  • Page 270: Time Once

    Examples # Configure the device to execute schedule saveconfig at 01:01 a.m. on May 11, 2015. <Sysname> system-view [Sysname] scheduler schedule saveconfig [Sysname-schedule-saveconfig] time at 1:1 2015/05/11 Related commands scheduler schedule time once Use time once to specify one or more execution days and the execution time for a non-periodic schedule.

  • Page 271: Time Repeating

    Examples # Configure the device to execute schedule saveconfig once at 15:00. <Sysname> system-view [Sysname] scheduler schedule saveconfig [Sysname-schedule-saveconfig] time once at 15:00 Schedule starts at 15:00 5/11/2011. # Configure the device to execute schedule saveconfig once at 15:00 on the coming 15th day in a month.

  • Page 272: User-Role

    DD varies by month. If you do not specify this argument, the execution start date is the first day when the specified time arrives. interval interval: Specifies the execution time interval in the hh:mm or mm format. This argument can have up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59. When in the mm format, this argument must be equal to or greater than 1 minute.
  • Page 273 Syntax user-role role-name undo user-role role-name Default A schedule has the user roles of the schedule creator. Views Schedule view Predefined user roles network-admin Parameters role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined.
  • Page 274 Contents Tcl commands ······························································································· 1 cli ································································································································································ 1 tclquit ·························································································································································· 1 tclsh ···························································································································································· 2...
  • Page 275 Tcl commands Use cli to enable a Comware command to be executed in Tcl configuration view when it conflicts with a Tcl command. Syntax cli command Views Tcl configuration view Predefined user roles network-admin Parameters command: Specifies the commands to be executed. They must be complete command lines. Usage guidelines In Tcl configuration view, if a Comware command conflicts with a Tcl command, the Tcl command will be executed.
  • Page 276 Views Tcl configuration view Predefined user roles network-admin Usage guidelines To return from Tcl configuration view to user view, you can also use the quit command. To return to the upper-level view after you execute Comware commands to enter system view or a Comware feature view, use the quit command.
  • Page 277 Contents Python commands ························································································· 1 exit() ··························································································································································· 1 python ························································································································································ 1 python filename ·········································································································································· 2...
  • Page 278 Python commands exit() Use exit() to exit the Python shell. Syntax exit() Views Python shell Predefined user roles network-admin Usage guidelines To return to user view from the Python shell, you cannot use the quit command. You must use the exit() command.
  • Page 279 [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> python filename Use python filename to execute a Python script. Syntax python filename [ param ] Views User view Predefined user roles network-admin Parameters filename: Specifies the name of a Python script on a storage medium of the device. The script name is case sensitive and must use the extension .py.
  • Page 280 H3C S6812 & S6813 Switch Series IRF Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 510x Document version: 6W102-20230313...
  • Page 281 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 282 Preface This command reference describes IRF configuration commands for setting up and maintaining an IRF fabric. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners. •...
  • Page 283 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 284 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 285 Contents IRF commands ······························································································ 2 display irf ···················································································································································· 2 display irf configuration ······························································································································ 3 display irf link ·············································································································································· 4 display irf topology ····································································································································· 5 display irf-port load-sharing mode ·············································································································· 6 display mad ················································································································································ 7 easy-irf ······················································································································································· 9 irf auto-update enable ······························································································································ 11 irf domain ·················································································································································...

  • Page 286: Irf Commands

    IRF commands display irf Use display irf to display IRF fabric information. Syntax display irf Views Any view Predefined user roles network-admin network-operator Examples # Display IRF fabric information. <Sysname> display irf MemberID Role Priority CPU-Mac Description Loading 00e0-fcbe-3102 F1Num001 Master 00e0-fcb1-ade2 F1Num002...
  • Page 287 Field Description command. Status of the software auto-update feature: • yes—Enabled. Auto upgrade • no—Disabled. IRF bridge MAC persistence setting: • 6 min—Bridge MAC address of the IRF fabric remains unchanged for 6 minutes after the address owner leaves. • MAC persistent always—Bridge MAC address of the IRF fabric does not change after the address owner leaves.

  • Page 288: Display Irf Link

    Field Description Physical interfaces bound to IRF-port 1. IRF-Port1 This field displays disable if no physical interfaces are bound to the IRF port. Physical interfaces bound to IRF-port 2. IRF-Port2 This field displays disable if no physical interfaces are bound to the IRF port. Related commands display irf display irf topology...

  • Page 289: Display Irf Topology

    Field Description Link state of the IRF physical interface: • UP—The link is up. • DOWN—The link is down. Status • ADM—The interface has been manually shut down by using the shutdown command. • ABSENT—Interface module that hosts the interface is not present. display irf topology Use display irf topology to display IRF fabric topology information.

  • Page 290: Display Irf-Port Load-Sharing Mode

    Field Description This field displays three hyphens (---) if no device is connected to the port. IRF fabric that has the device, represented by the CPU MAC address of the Belong To master in the IRF fabric. Related commands display irf display irf configuration display irf-port load-sharing mode Use display irf-port load-sharing mode to display IRF link load sharing mode.

  • Page 291: Display Mad

    Layer 3 traffic: packet type-based sharing # Display the load sharing mode of IRF-port 1/1 after a load sharing mode is configured on the port. <Sysname> display irf-port load-sharing mode irf-port 1/1 irf-port1/1 Load-Sharing Mode: destination-mac address, source-mac address # Display the load sharing mode used on each IRF port. <Sysname>...
  • Page 292 <Sysname> display mad MAD ARP enabled. MAD ND enabled. MAD LACP disabled. MAD BFD disabled. # Display detailed MAD information. <Sysname> display mad verbose Multi-active recovery state: No Excluded ports(user-configured): Vlan-interface999 Excluded ports(system-configured): Ten-GigabitEthernet1/0/5 Ten-GigabitEthernet1/0/6 Ten-GigabitEthernet1/0/7 Ten-GigabitEthernet1/0/8 Ten-GigabitEthernet2/0/5 Ten-GigabitEthernet2/0/6 Ten-GigabitEthernet2/0/7 Ten-GigabitEthernet2/0/8 MAD ARP enabled interface: Vlan-interface2...

  • Page 293: Easy-Irf

    Field Description This field displays MAD BFD disabled if BFD MAD is disabled. Whether the IRF fabric is in Recovery state: • Yes—The IRF fabric is in Recovery state. When MAD detects that an IRF fabric has split into multiple IRF fabrics, it allows one fabric to forward traffic.
  • Page 294 irf-port2 interface-list2: Specifies a space-separated list of up to four interface items. Each interface item specifies one interface in the interface-type interface-number form. The interfaces are bound to IRF-port 2. A physical interface can be bound only to one IRF port. Usage guidelines This command bulk-configures basic IRF settings for a member device, including the member ID, domain ID, priority, and IRF port bindings.

  • Page 295: Irf Auto-Update Enable

    <Sysname> system-view [Sysname] easy-irf ***************************************************************************** Welcome to use easy IRF. To skip the current step, enter a dot sign (.). To return to the previous step, enter a minus sign (-). To use the default value (enclosed in []) for each parameter, press Enter withou t entering a value.

  • Page 296: Irf Domain

    Predefined user roles network-admin Usage guidelines This command automatically propagates the current software images of the master device in the IRF fabric to any devices you are adding to the IRF fabric. To ensure a successful software update, verify that the new device you are adding to the IRF fabric has sufficient storage space for the new software images.

  • Page 297: Irf Link-Delay

    irf link-delay Use irf link-delay to set a delay for the IRF ports to report a link down event. Use undo irf link-delay to restore the default. Syntax irf link-delay interval undo irf link-delay Default The delay time is 4 seconds. Views System view Predefined user roles...

  • Page 298: Irf Member Description

    Views System view Predefined user roles network-admin Parameters always: Enables the IRF bridge MAC address to be permanent. The IRF bridge MAC address does not change after the address owner leaves the fabric. timer: Enables the IRF bridge MAC address to remain unchanged for 6 minutes after the address owner leaves.

  • Page 299: Irf Member Priority

    Predefined user roles network-admin Parameters member-id: Specifies the ID of an IRF member. text: Specifies a description, a string of 1 to 127 characters. Examples # Configure the description as F1Num001 for IRF member 1. <Sysname> system-view [Sysname] irf member 1 description F1Num001 irf member priority Use irf member priority to change the priority of an IRF member device.

  • Page 300: Irf-Port

    Default The IRF member ID is 1. Views System view Predefined user roles network-admin Parameters member-id: Specifies the ID of an IRF member. The value range for IRF member IDs is 1 to 10. new-member-id: Assigns a new ID to the IRF member. The value range for IRF member IDs is 1 to Usage guidelines CAUTION: IRF member ID change can invalidate member ID-related settings, including interface and file path...

  • Page 301: Irf-Port Global Load-Sharing Mode

    Predefined user roles network-admin Parameters member-id: Specifies an IRF member device by its member ID. irf-port-number: Specifies an IRF port on the member device. The irf-port-number argument represents the IRF port index and must be 1 or 2. Usage guidelines To bind physical interfaces to an IRF port, you must enter IRF port view.

  • Page 302: Irf-Port Load-Sharing Mode

    You can also configure a port-specific load sharing mode for an IRF port in IRF port view by using the irf-port load-sharing mode command. An IRF port preferentially uses the port-specific load sharing mode. If no port-specific load sharing mode is available, the port uses the global load sharing mode. Examples # Configure the global IRF link load sharing mode to distribute traffic based on destination MAC address.

  • Page 303: Irf-Port-Configuration Active

    Examples # Configure a port-specific load sharing mode for IRF-port 1/1 to distribute traffic based on destination MAC address. <Sysname> system-view [Sysname] irf-port 1/1 [Sysname-irf-port1/1] irf-port load-sharing mode destination-mac Related commands irf-port global load-sharing mode irf-port-configuration active Use irf-port-configuration active to activate IRF ports. Syntax irf-port-configuration active Views...

  • Page 304: Mad Arp Enable

    Please input the file name(*.cfg)[flash:/startup.cfg] (To leave the existing filename unchanged, press the enter key): flash:/startup.cfg exists, overwrite? [Y/N]:y Validating file. Please wait......Saved the current configuration to mainboard device successfully. # Activate the IRF port. [Sysname] irf-port-configuration active mad arp enable Use mad arp enable to enable ARP MAD.

  • Page 305: Mad Bfd Enable

    When you use the mad arp enable command, the system prompts you to enter a domain ID. If you do not want to change the current domain ID, press enter at the prompt. An IRF fabric has only one IRF domain ID. You can change the IRF domain ID by using the following commands: irf domain, mad enable, mad arp enable, or mad nd enable.

  • Page 306: Mad Enable

    LACP MAD together with ARP MAD and ND MAD on an IRF fabric. LACP MAD requires an H3C device that supports extended LACPDUs to act as the intermediate device. You must set up a dynamic link aggregation group that spans all IRF member devices between the IRF fabric and the intermediate device.

  • Page 307: Mad Exclude Interface

    An IRF fabric has only one IRF domain ID. You can change the IRF domain ID by using the following commands: irf domain, mad enable, mad arp enable, or mad nd enable. The IRF domain IDs configured by using these commands overwrite each other. Examples # Enable LACP MAD on Bridge-Aggregation 1, a Layer 2 dynamic aggregate interface.

  • Page 308: Mad Ip Address

    <Sysname> system-view [Sysname] mad exclude interface ten-gigabitethernet 1/0/1 Related commands mad restore mad ip address Use mad ip address to assign a MAD IP address to an IRF member device for BFD MAD. Use undo mad ip address to delete the MAD IP address for an IRF member device. Syntax mad ip address ip-address { mask | mask-length } member member-id undo mad ip address ip-address { mask | mask-length } member member-id...

  • Page 309: Mad Nd Enable

    Related commands mad bfd enable mad nd enable Use mad nd enable to enable ND MAD. Use undo mad nd enable to disable ND MAD. Syntax mad nd enable undo mad nd enable Default ND MAD is disabled. Views VLAN interface view Predefined user roles network-admin Usage guidelines...

  • Page 310: Port Group Interface

    Syntax mad restore Views System view Predefined user roles network-admin Usage guidelines If the active IRF fabric has failed to work before the IRF split problem is fixed, use this command to restore an IRF fabric in Recovery state. The recovered IRF fabric will take over the active IRF fabric role.
  • Page 311 Examples # Bind Ten-GigabitEthernet 1/0/1 to IRF-port 1/1 on IRF member 1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] shutdown [Sysname-Ten-GigabitEthernet1/0/1] quit [Sysname] irf-port 1/1 [Sysname-irf-port1/1] port group interface ten-gigabitethernet 1/0/1 [Sysname-irf-port1/1] quit [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] undo shutdown Related commands irf-port...
  • Page 312 H3C S6812 & S6813 Switch Series Layer 2—LAN Switching Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 510x Document version: 6W102-20230313...
  • Page 313 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 314 Preface This command reference describes LAN switching configuration commands. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...
  • Page 315 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 316 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 317 Contents Ethernet interface commands ········································································ 1 Common Ethernet interface commands············································································································· 1 bandwidth ··················································································································································· 1 broadcast-suppression ······························································································································· 1 default ························································································································································ 2 description ·················································································································································· 3 display counters ········································································································································· 4 display counters rate ·································································································································· 5 display ethernet statistics ··························································································································· 6 display interface ········································································································································· 8 display packet-drop ··································································································································...

  • Page 318: Ethernet Interface Commands

    Ethernet interface commands Common Ethernet interface commands bandwidth Use bandwidth to set the expected bandwidth of an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth (in kbps) is the interface baud rate divided by 1000. Views Ethernet interface view Predefined user roles...

  • Page 319: Default

    Views Ethernet interface view Predefined user roles network-admin Parameters ratio: Sets the broadcast suppression threshold as a percentage of the interface bandwidth. The value range for this argument is 0 to 100. A smaller value means that less broadcast traffic is allowed to pass through.

  • Page 320: Description

    Syntax default Views Ethernet interface view Predefined user roles network-admin Usage guidelines CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network. This command might fail to restore the default settings for some commands because of command dependencies or system restrictions.

  • Page 321: Display Counters

    display counters Use display counters to display interface traffic statistics. Syntax display counters { inbound | outbound } interface [ interface-type [ interface-number ] ] Views Any view Predefined user roles network-admin network-operator Parameters inbound: Displays inbound traffic statistics. outbound: Displays outbound traffic statistics. interface-type: Specifies an interface type.

  • Page 322: Display Counters Rate

    Field Description The command displays Overflow when any of the following conditions exist: Overflow: More than 14 • The data length of an Err field value is greater than 7 decimal digits. digits (7 digits for column • The data length of a non-Err field value is greater than 14 decimal "Err") digits.

  • Page 323: Display Ethernet Statistics

    Overflow: More than 14 digits. --: Not supported. Table 2 Command output Field Description Interface Abbreviated interface name. Bandwidth usage (in percentage) of the interface for the last statistics polling Usage (%) interval. Average receiving or sending rate (in pps) for unicast packets for the last Total (pkts/sec) statistics polling interval.
  • Page 324 ISIS2 IPV6 ETH receive error statistics: NullPoint ErrIfindex ErrIfcb IfShut ErrAnalyse : 5988 ErrSrcMAC : 5988 ErrHdrLen ETH send packet statistics: L3OutNum : 211 VLANOutNum FastOutNum : 155 L2OutNum ETH send error statistics: MbufRelayNum NullMbuf ErrAdjFwd ErrPrepend ErrHdrLen ErrPad ErrQoSTrs ErrVLANTrs ErrEncap ErrTagVLAN...

  • Page 325: Display Interface

    Field Description Statistics about the Ethernet packets sent by the Ethernet module: • L3OutNum—Number of packets sent out of Layer 3 Ethernet interfaces. • VLANOutNum—Number of packets sent out of VLAN interfaces. ETH send packet statistics • FastOutNum—Number of packets fast forwarded. •...
  • Page 326 Usage guidelines If you do not specify an interface type, this command displays information about all interfaces. If you specify an interface type but do not specify an interface number, this command displays information about all interfaces of the specified type. Examples # Display detailed information about Layer 2 interface Ten-GigabitEthernet 1/0/1.
  • Page 327 0 lost carrier, 0 no carrier Table 4 Command output Field Description Physical link state of the interface: • Administratively DOWN—The interface has been shut down by using the shutdown command. • DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed).
  • Page 328 Field Description No loopback test is running on the interface. This field depends Loopback is not set on your configuration. The interface is operating at 10 Mbps. This field depends on your 10Mbps-speed mode configuration and the link parameter negotiation result. The interface is operating at 100 Mbps.
  • Page 329 Field Description VLANs for which the interface sends packets after removing Untagged VLANs VLAN tags. VLANs whose packets can be forwarded by the port. The VLANs VLAN Passing must have been created. VLAN permitted VLANs whose packets are permitted by the port. Trunk port encapsulation Encapsulation protocol type for the trunk port.
  • Page 330 Field Description Number of inbound giants. Giants refer to frames larger than the maximum frame length supported on the interface. For an Ethernet interface that does not permit jumbo frames, the maximum frame length is as follows: • giants 1518 bytes (without VLAN tags). •...
  • Page 331 Field Description The two fields on the first line represent the outbound normal traffic and pause frame statistics (in packets and bytes) for the interface. The four fields on the second line represent: Output(normal): 0 packets, 0 bytes • Number of outbound normal unicast packets. 0 unicasts, 0 broadcasts, 0 •...
  • Page 332 Link: ADM - administratively down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description XGE1/0/2 DOWN auto XGE1/0/3 100M(a) F(a)
  • Page 333 Field Description Data link layer protocol state of the interface: • UP—The data link layer protocol of the interface is up. • DOWN—The data link layer protocol of the interface is down. Protocol • UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist.

  • Page 334: Display Packet-Drop

    Field Description Cause for the physical link state of an interface to be DOWN: • Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. •...

  • Page 335: Duplex

    Examples # Display information about dropped packets on Ten-GigabitEthernet 1/0/1. <Sysname> display packet-drop interface ten-gigabitethernet 1/0/1 Ten-GigabitEthernet1/0/1: Packets dropped due to full GBP or insufficient bandwidth: 301 Packets dropped due to Fast Filter Processor (FFP): 261 Packets dropped due to STP non-forwarding state: 321 # Display the summary of dropped packets on all interfaces.

  • Page 336: Eee Enable

    [Sysname-Ten-GigabitEthernet1/0/1] duplex full eee enable IMPORTANT: Fiber ports do not support this command. Use eee enable to enable Energy Efficient Ethernet (EEE) on an interface. Use undo eee enable to disable EEE on an interface. Syntax eee enable undo eee enable Default EEE is disabled.

  • Page 337: Flow-Control Receive Enable

    Usage guidelines With TxRx-mode generic flow control configured, an interface can both send and receive flow control frames: • When congested, the interface sends a flow control frame to its peer. • Upon receiving a flow control frame from the peer, the interface suspends sending packets. To implement flow control on a link, enable generic flow control at both ends of the link.

  • Page 338: Flow-Interval

    flow-interval Use flow-interval to set the statistics polling interval. Use undo flow-interval to restore the default. Syntax flow-interval interval undo flow-interval Default The statistics polling interval is 300 seconds. Views Ethernet interface view Predefined user roles network-admin Parameters interval: Sets the statistics polling interval in seconds. The interval is in the range of 5 to 300 and must be a multiple of 5.

  • Page 339: Jumboframe Enable

    jumboframe enable Use jumboframe enable to allow jumbo frames within the specified length to pass through. Use undo jumboframe enable to prevent jumbo frames from passing through. Use undo jumboframe enable size to restore the default. Syntax jumboframe enable [ size ] undo jumboframe enable [ size ] Default The device allows jumbo frames within a 10000 bytes to pass through.

  • Page 340: Loopback

    Parameters msec: Enables the physical state change suppression interval to be accurate to milliseconds. If you do not specify this keyword, the suppression interval is accurate to seconds. delay-time: Sets the physical state change suppression interval on the Ethernet interface. A value of 0 means that physical state changes are immediately reported to the CPU and are not suppressed.

  • Page 341: Multicast-Suppression

    Syntax loopback { external | internal } undo loopback Default Loopback testing is disabled on an Ethernet interface. Views Ethernet interface view Predefined user roles network-admin Parameters external: Enables external loopback testing on the Ethernet interface. internal: Enables internal loopback testing on the Ethernet interface. Usage guidelines After you enable loopback testing on an Ethernet interface, the Ethernet interface switches to full duplex mode.

  • Page 342: Port Auto-Power-Down

    pps max-pps: Specifies the maximum number of multicast packets that the interface can forward per second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface bandwidth. kbps max-kbps: Specifies the maximum number of kilobits of multicast traffic that the Ethernet interface can forward per second.

  • Page 343: Reset Counters Interface

    Views Ethernet interface view Predefined user roles network-admin Usage guidelines When an interface with auto power-down enabled has been down for a specific period of time, both of the following events occur: • The device automatically stops supplying power to the interface. •...

  • Page 344: Reset Ethernet Statistics

    Related commands display counters interface display counters rate interface display interface reset ethernet statistics Use reset ethernet statistics to clear the Ethernet module statistics. Syntax reset ethernet statistics [ slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device by its member ID.

  • Page 345: Shutdown

    Examples # Clear dropped packet statistics for Ten-GigabitEthernet 1/0/1. <Sysname> reset packet-drop interface ten-gigabitethernet 1/0/1 # Clear dropped packet statistics for all interfaces. <Sysname> reset packet-drop interface Related commands display packet-drop shutdown Use shutdown to shut down an Ethernet interface. Use undo shutdown to bring up an Ethernet interface.

  • Page 346: Unicast-Suppression

    Views Ethernet interface view Predefined user roles network-admin Parameters 100: Sets the interface speed to 100 Mbps. 1000: Sets the interface speed to 1000 Mbps. 2500: Sets the interface speed to 2500 Mbps. 5000: Sets the interface speed to 5000 Mbps. 10000: Sets the interface speed to 10000 Mbps.

  • Page 347: Layer 2 Ethernet Interface Commands

    pps max-pps: Specifies the maximum number of unknown unicast packets that the interface can forward per second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface bandwidth. kbps max-kbps: Specifies the maximum number of kilobits of unknown unicast traffic that the Ethernet interface can forward per second.
  • Page 348 Predefined user roles network-admin network-operator Parameters broadcast: Displays broadcast storm control settings and statistics. multicast: Displays multicast storm control settings and statistics. unicast: Displays unknown unicast storm control settings and statistics. interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, the command displays storm control settings and statistics for all storm control-enabled interfaces.

  • Page 349: Mdix-Mode

    Field Description Status of the storm control threshold event trap switch: • Trap on—The port sends threshold event traps. • off—The port does not send threshold event traps. Status of the storm control threshold event log switch: • on—The port sends threshold event log messages. •...

  • Page 350: Storm-Constrain

    Syntax port bridge enable undo port bridge enable Default Bridging is disabled on an Ethernet interface. Views Layer 2 Ethernet interface view Predefined user roles network-admin Usage guidelines By default, the device drops packets whose outgoing interface and incoming interface are the same. To enable the device to forward such packets rather than drop them, configure this command in Ethernet interface view.
  • Page 351 pps: Sets storm control thresholds in pps. kbps: Sets storm control thresholds in kbps. ratio: Sets storm control thresholds as a percentage of the transmission capacity of the interface. upperlimit: Sets the upper threshold, in pps, kbps, or percentage. • If you specify the pps keyword, the value range for the upperlimit argument is 0 to 1.4881 ×...

  • Page 352: Storm-Constrain Control

    storm-constrain interval storm-constrain control Use storm-constrain control to set the action to take on an Ethernet interface when a type of traffic (unknown unicast, multicast, or broadcast) exceeds the upper storm control threshold. Use undo storm-constrain control to restore the default. Syntax storm-constrain control { block | shutdown } undo storm-constrain control...

  • Page 353: Storm-Constrain Enable Trap

    Default An Ethernet interface outputs log messages when monitored traffic exceeds the upper threshold or drops below the lower threshold. Views Layer 2 Ethernet interface view Predefined user roles network-admin Examples # Enable Ten-GigabitEthernet 1/0/1 to output log messages when it detects storm control threshold events.

  • Page 354: Virtual-Cable-Test

    Default The storm control module polls traffic statistics every 10 seconds. Views System view Predefined user roles network-admin Parameters interval: Sets the traffic polling interval of the storm control module. The value range is 1 to 300 seconds. To ensure network stability, as a best practice, do not use a traffic polling interval shorter than 10 seconds.
  • Page 355 [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] virtual-cable-test Cable status: abnormal(open), 140 metre(s) Pair Impedance mismatch: - Pair skew: - ns Pair swap: - Pair polarity: - Insertion loss: - db Return loss: - db Near-end crosstalk: - db Table 8 Command output Field Description Cable status:...
  • Page 356 Contents Loopback, null, and inloopback interface commands ····································· 1 bandwidth ··················································································································································· 1 default ························································································································································ 1 description ·················································································································································· 2 display interface inloopback ······················································································································· 3 display interface loopback ·························································································································· 5 display interface null ··································································································································· 7 interface loopback ······································································································································ 8 interface null ··············································································································································· 9 reset counters interface loopback ············································································································...

  • Page 357: Loopback, Null, And Inloopback Interface Commands

    Loopback, null, and inloopback interface commands bandwidth Use bandwidth to set the expected bandwidth for an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth of a loopback interface is 0 kbps. Views Loopback interface view Predefined user roles...

  • Page 358: Description

    Usage guidelines CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command before using it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.

  • Page 359: Display Interface Inloopback

    display interface inloopback Use display interface inloopback to display information about the inloopback interface. Syntax display interface inloopback [ 0 ] [ brief [ description | down ] ] Views Any view Predefined user roles network-admin network-operator Parameters 0: Specifies Inloopback 0. brief: Displays brief interface information.
  • Page 360 Field Description Description of the interface, which is always InLoopBack0 Description Interface and cannot be configured. MTU of the interface, which is always 1536 and cannot be Maximum transmission unit configured Physical: InLoopBack The physical type of the interface is inloopback. Average input rate during the last 300 seconds (displayed when the interface supports traffic statistics collection): •...

  • Page 361: Display Interface Loopback

    display interface loopback Use display interface loopback to display information about the specified or all existing loopback interfaces. Syntax display interface loopback [ interface-number ] [ brief [ description | down ] ] Views Any view Predefined user roles network-admin network-operator Parameters loopback interface-number: Specifies a loopback interface by its number, which can be the number...
  • Page 362 Table 3 Command output Field Description Physical link state of the interface: • UP—The loopback interface can receive and transmit packets. Current state • Administratively DOWN—The interface has been shut down by using the shutdown command. Data link layer state of the interface. UP (spoofing) means that the data link layer protocol of the interface is up, but the link is an Line protocol state on-demand link or does not exist.

  • Page 363: Display Interface Null

    # Display information about all loopback interfaces in down state and the causes. <Sysname> display interface loopback brief down Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Interface Link Cause Loop1 Administratively Table 4 Command output Field Description Physical link state of the interface:...

  • Page 364: Interface Loopback

    Parameters 0: Specifies Null 0. brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information. description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions. down: Displays information about interfaces in down state and the causes.

  • Page 365: Interface Null

    Syntax interface loopback interface-number undo interface loopback interface-number Default No loopback interfaces exist. Views System view Predefined user roles network-admin Parameters interface-number: Specifies a loopback interface by its number. The value range for this argument is 0 to 127. Usage guidelines The physical layer state and link layer protocols of a loopback interface are always up unless the loopback interface is manually shut down.

  • Page 366: Reset Counters Interface Loopback

    <Sysname> system-view [Sysname] interface null 0 [Sysname-NULL0] reset counters interface loopback Use reset counters interface loopback to clear the statistics on the specified or all loopback interfaces. Syntax reset counters interface loopback [ interface-number ] Views User view Predefined user roles network-admin Parameters interface-number: Specifies a loopback interface by its number, which can be the number of any...

  • Page 367: Shutdown

    Usage guidelines To determine whether the null interface works correctly within a period by collecting the traffic statistics within that period, first use the reset counters interface [ null [ 0 ] ] command to clear the statistics. Then have the interface automatically collect the statistics. Examples # Clear the statistics on Null 0.
  • Page 368 Contents Bulk interface configuration commands ························································· 1 display interface range ······························································································································· 1 interface range ··········································································································································· 1 interface range name ································································································································· 3...
  • Page 369 Bulk interface configuration commands display interface range Use display interface range to display information about named interface ranges created by using the interface range name command. Syntax display interface range [ name name ] Views Any view Predefined user roles network-admin network-operator Parameters...
  • Page 370 Parameters interface-list: Specifies a space-separated list of up to 24 interface items. Each item specifies an interface by its type and number or specifies a subrange of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. The start interface number must be identical to or lower than the end interface number.
  • Page 371 interface range name Use interface range name name interface interface-list to create a named interface range and enter the interface range view. Use interface range name name without the interface keyword to enter the view of a named interface range. Use undo interface range name to delete the interface range with the specified name.
  • Page 372 When you bulk configure interfaces, follow these guidelines: • Before you configure an interface as the first interface in an interface range, make sure you can enter the view of the interface by using the interface interface-type interface-number command. • Do not assign both an aggregate interface and any of its member interfaces to an interface range.
  • Page 373 Contents MAC address table commands ······································································ 1 display mac-address ·································································································································· 1 display mac-address aging-time ················································································································ 2 display mac-address mac-learning ············································································································ 3 display mac-address mac-move ················································································································ 4 display mac-address statistics ··················································································································· 5 mac-address (interface view) ····················································································································· 6 mac-address (system view) ······················································································································· 7 mac-address mac-learning enable ·············································································································...

  • Page 374: Mac Address Table Commands

    MAC address table commands This document covers the configuration of unicast MAC address entries, including static, dynamic, blackhole, and multiport unicast MAC address entries. For more information about configuring static multicast MAC address entries, see IP Multicast Configuration Guide. display mac-address Use display mac-address to display MAC address entries.

  • Page 375: Display Mac-Address Aging-Time

    Examples # Display MAC address entries for VLAN 100. <Sysname> display mac-address vlan 100 MAC Address VLAN ID State Port/Nickname Aging 0001-0101-0101 Multiport XGE1/0/1 XGE1/0/2 0033-0033-0033 Blackhole 0000-0000-0002 Static XGE1/0/3 00e0-fc00-5829 Learned XGE1/0/4 0000-0000-0022 OpenFlow XGE1/0/5 # Display the number of MAC address entries. <Sysname>...

  • Page 376: Display Mac-Address Mac-Learning

    network-operator Examples # Display the aging timer for dynamic MAC address entries. <Sysname> display mac-address aging-time MAC address aging time: 300s. Related commands mac-address timer display mac-address mac-learning Use display mac-address mac-learning to display the global MAC address learning status and the MAC learning status of the specified interface or all interfaces.

  • Page 377: Display Mac-Address Mac-Move

    display mac-address mac-move Use display mac-address mac-move to display the MAC address move records after the device is started. Syntax display mac-address mac-move [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays MAC address move records for all IRF member devices.

  • Page 378: Display Mac-Address Statistics

    Field Description Number of MAC address moves after the device is started. For a MAC address record, the number of MAC address moves is increased by 1 Times when a new MAC address move has the same MAC address, VLAN, Current Port, and Source Port fields as the MAC address record.

  • Page 379: Mac-Address (Interface View)

    Field Description Number of static unicast MAC address entries added Static Unicast Address (System-defined) Count by the system. Total Unicast MAC Addresses In Use Number of unicast MAC address entries. Maximum number of unicast MAC address entries Total Unicast MAC Addresses Available allowed.

  • Page 380: Mac-Address (System View)

    for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A. The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.
  • Page 381 Views System view Predefined user roles network-admin Parameters dynamic: Specifies dynamic MAC address entries. static: Specifies static MAC address entries. blackhole: Specifies blackhole MAC address entries. Packets whose source or destination MAC addresses match blackhole MAC address entries are dropped. multiport: Specifies multiport unicast MAC address entries.

  • Page 382: Mac-Address Mac-Learning Enable

    delete the corresponding unicast MAC address entries, but not the corresponding static multicast MAC address entries. The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration. Examples # Add a static entry for MAC address 000f-e201-0101.

  • Page 383: Mac-Address Mac-Move Fast-Update

    • You can disable MAC address learning on a per-interface basis. If you disable MAC address learning globally, MAC address learning is disabled for all interfaces. The device then stops learning MAC addresses and cannot dynamically update the MAC address table. •...

  • Page 384: Mac-Address Mac-Roaming Enable

    Examples # Enable ARP fast update for MAC address moves. <Sysname> system-view [Sysname] mac-address mac-move fast-update mac-address mac-roaming enable Use mac-address mac-roaming enable to enable MAC address synchronization. Use undo mac-address mac-roaming enable to disable MAC address synchronization. Syntax mac-address mac-roaming enable undo mac-address mac-roaming enable Default MAC address synchronization is disabled.

  • Page 385: Mac-Address Max-Mac-Count Enable-Forwarding

    Predefined user roles network-admin Parameters count: Specifies the maximum number of MAC addresses that can be learned on an interface. When the argument is set to 0, the interface is not allowed to learn MAC addresses. The value range for this argument is 0 to 4096.

  • Page 386: Mac-Address Notification Mac-Move

    Related commands mac-address mac-address max-mac-count mac-address notification mac-move Use mac-address notification mac-move to enable MAC address move notifications and optionally specify a MAC move detection interval. Use undo mac-address notification mac-move to disable MAC address move notifications. Syntax mac-address notification mac-move [ interval interval ] undo mac-address notification mac-move Default MAC address move notifications are disabled.

  • Page 387: Mac-Address Notification Mac-Move Suppression (Interface View)

    <Sysname> system-view [Sysname] mac-address notification mac-move [Sysname] %May 14 17:16:45:688 2013 Sysname MAC/4/MAC_FLAPPING: MAC address 0000-0012-0034 in VLAN 500 has moved from port XGE1/0/1 to port XGE1/0/2 for 1 times The output shows that: • The VLAN ID of MAC address 0000-0012-0034 is VLAN 500. •...

  • Page 388: Mac-Address Notification Mac-Move Suppression (System View)

    mac-address notification mac-move suppression (system view) Use mac-address notification mac-move suppression to set the suppression interval or the suppression threshold. Use undo mac-address notification mac-move suppression to restore the default. Syntax mac-address notification mac-move suppression { interval interval | threshold threshold } undo mac-address notification mac-move suppression { interval | threshold } Default The suppression interval is 30 seconds.

  • Page 389: Snmp-Agent Trap Enable Mac-Address

    undo mac-address timer Default The aging timer is 300 seconds for dynamic MAC address entries. Views System view Predefined user roles network-admin Parameters aging seconds: Specifies an aging timer for dynamic MAC address entries, in seconds. The value range for the seconds argument is 10 to 1000000. no-aging: Configures dynamic MAC address entries not to age.
  • Page 390 Parameters mac-move: Specifies notifications about the MAC address moves for the MAC address table. If you do not specify this keyword, the command enables all types of SNMP notifications for the MAC address table. Usage guidelines To report critical MAC address move events to an NMS, enable SNMP notifications for the MAC address table.

  • Page 391: Mac Information Commands

    MAC Information commands mac-address information enable (interface view) Use mac-address information enable to enable MAC Information on an interface. Use undo mac-address information enable to disable MAC Information on an interface. Syntax mac-address information enable { added | deleted } undo mac-address information enable { added | deleted } Default MAC Information is disabled on an interface.

  • Page 392: Mac-Address Information Interval

    Views System view Predefined user roles network-admin Usage guidelines Before you enable MAC Information on an interface, enable MAC Information globally. Examples # Enable MAC Information globally. <Sysname> system-view [Sysname] mac-address information enable Related commands mac-address information enable (interface view) mac-address information interval Use mac-address information interval to set the MAC change notification interval.

  • Page 393: Mac-Address Information Queue-Length

    Syntax mac-address information mode { syslog | trap } undo mac-address information mode Default SNMP notifications are sent to notify MAC changes. Views System view Predefined user roles network-admin Parameters syslog: Specifies that the device sends syslog messages to notify MAC changes. trap: Specifies that the device sends SNMP notifications to notify MAC changes.
  • Page 394 • The device sends syslog messages or SNMP notifications only if the MAC change notification interval expires. Examples # Set the MAC Information queue length to 600. <Sysname> system-view [Sysname] mac-address information queue-length 600...
  • Page 395 Contents Ethernet link aggregation commands ····························································· 1 bandwidth ··················································································································································· 1 default ························································································································································ 1 description ·················································································································································· 2 display interface ········································································································································· 2 display lacp system-id ································································································································ 6 display link-aggregation load-sharing mode······························································································· 6 display link-aggregation member-port ········································································································ 8 display link-aggregation summary ············································································································ 10 display link-aggregation verbose··············································································································...

  • Page 396: Ethernet Link Aggregation Commands

    Ethernet link aggregation commands bandwidth Use bandwidth to set the expected bandwidth for an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth (in kbps) is the interface baud rate divided by 1000. Views Layer 2 aggregate interface view Predefined user roles...

  • Page 397: Description

    This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to restore their default settings.
  • Page 398 network-operator Parameters bridge-aggregation: Specifies Layer 2 aggregate interfaces. interface-number: Specifies an existing aggregate interface number. brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information. description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
  • Page 399 # Display brief information about Layer 2 aggregate interface Bridge-Aggregation 1. <Sysname> display interface bridge-aggregation 1 brief Brief information on interfaces in bridge mode: Link: ADM - administratively down; Stby - standby Speed: (a) – auto Duplex: (a)/A - auto; H - half; F - full Type: A - access;...
  • Page 400 Field Description Untagged VLANs VLAN whose packets are sent out of this interface without a tag. Time when the reset counters interface command was last used to clear the interface statistics. This field displays Never if Last clearing of counters the reset counters interface command has never been used on the interface since device startup.

  • Page 401: Display Lacp System-Id

    display lacp system-id Use display lacp system-id to display the local system ID. Syntax display lacp system-id Views Any view Predefined user roles network-admin network-operator Usage guidelines You can use the lacp system-priority command to change the LACP priority of the local system. The LACP priority value is specified in decimal format in the lacp system-priority command.
  • Page 402 interface-number: Specifies an existing aggregate interface number. Usage guidelines If you do not specify the interface keyword, the command displays the global link-aggregation load sharing modes. If you specify the interface keyword, but do not specify an interface, the command displays all group-specific load sharing modes.

  • Page 403: Display Link-Aggregation Member-Port

    Field Description User-configured link-aggregation load sharing mode. In this destination-mac address, source-mac sample output, traffic is load shared based on source and address destination MAC addresses. display link-aggregation member-port Use display link-aggregation member-port to display detailed link aggregation information for the specified member ports.
  • Page 404 Aggregate Interface: Bridge-Aggregation10 Local: Port Number: 2 Port Priority: 32768 Oper-Key: 2 Flag: {ACDEF} Remote: System ID: 0x8000, 000f-e267-6c6a Port Number: 26 Port Priority: 32768 Oper-Key: 2 Flag: {ACDEF} Received LACP Packets: 5 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 7 packet(s) Table 4 Command output Field Description...

  • Page 405: Display Link-Aggregation Summary

    display link-aggregation summary Use display link-aggregation summary to display brief information about all aggregation groups. Syntax display link-aggregation summary Views Any view Predefined user roles network-admin network-operator Usage guidelines Static link aggregation groups cannot obtain information about the peer groups. As a result, the Partner ID field displays None for a static link aggregation group.

  • Page 406: Display Link-Aggregation Verbose

    Field Description System ID of the peer system, which contains the peer system LACP Partner ID priority and the peer system MAC address. Selected Ports Total number of Selected ports. Unselected Ports Total number of Unselected ports. Individual Ports Total number of Individual ports. Share Type Load sharing type.
  • Page 407 Management VLANs: None System ID: 0x8000, 000f-e267-6c6a Local: Port Status Priority Index Oper-Key Flag XGE1/0/1 32768 {ACDEF} XGE1/0/2 32768 {ACDEF} XGE1/0/3 32768 {AG} Remote: Actor Priority Index Oper-Key SystemID Flag XGE1/0/1(R) 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/2 32768 0x8000, 000f-e267-57ad {ACDEF} XGE1/0/3 32768 0x8000, 0000-0000-0000 {DEF}...
  • Page 408 Field Description LACP state flags. This field is one byte long, represented by ABCDEFGH from the least significant bit to the most significant bit. A letter appears when its bit is 1 and does not appear when its bit is 0. •...

  • Page 409: Interface Bridge-Aggregation

    interface bridge-aggregation Use interface bridge-aggregation to create a Layer 2 aggregate interface and enter its view, or enter the view of an existing Layer 2 aggregate interface. Use undo interface bridge-aggregation to delete a Layer 2 aggregate interface. Syntax interface bridge-aggregation interface-number undo interface bridge-aggregation interface-number Default No Layer 2 aggregate interfaces exist.

  • Page 410: Lacp Mode

    Usage guidelines Use this command on the aggregate interface that connects the device to a server if dynamic link aggregation is configured only on the device. This feature improves link reliability by enabling all member ports of the aggregation group to forward packets. This command takes effect only on an aggregate interface corresponding to a dynamic aggregation group.

  • Page 411: Lacp System-Priority

    undo lacp period Default The LACP timeout interval is the long timeout interval (90 seconds) on an interface. Views Layer 2 Ethernet interface view Predefined user roles network-admin Examples # Set the short LACP timeout interval (3 seconds) on Ten-GigabitEthernet 1/0/1. <Sysname>...
  • Page 412 Syntax link-aggregation global load-sharing mode destination-ip destination-mac destination-port | ingress-port | source-ip | source-mac | source-port } * undo link-aggregation global load-sharing mode Default The global load sharing mode load shares packets based on source and destination IP addresses. Views System view Predefined user roles network-admin...

  • Page 413: Link-Aggregation Ignore Vlan

    Source IP address, source port, destination IP Source MAC address and destination MAC address address, and destination port Examples # Set the global load sharing mode to load share packets based on destination MAC addresses. <Sysname> system-view [Sysname] link-aggregation global load-sharing mode destination-mac Related commands link-aggregation load-sharing mode link-aggregation ignore vlan...

  • Page 414: Link-Aggregation Load-Sharing Mode

    Syntax link-aggregation lacp traffic-redirect-notification enable undo link-aggregation lacp traffic-redirect-notification enable Default Link-aggregation traffic redirection is disabled. Views System view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines This feature redirects traffic on a Selected port to the remaining available Selected ports of an aggregation group if one of the following events occurs: •...

  • Page 415: Link-Aggregation Load-Sharing Mode Local-First

    Default The group-specific load sharing mode is the same as the global load sharing mode. Views Layer 2 aggregate interface view Predefined user roles network-admin Parameters destination-ip: Load shares traffic based on destination IP addresses. destination-mac: Load shares traffic based on destination MAC addresses. source-ip: Load shares traffic based on source IP addresses.

  • Page 416: Link-Aggregation Mode

    Use undo link-aggregation load-sharing mode local-first to disable local-first load sharing for link aggregation. Syntax link-aggregation load-sharing mode local-first undo link-aggregation load-sharing mode local-first Default Local-first load sharing is enabled for link aggregation. Views System view Predefined user roles network-admin Usage guidelines After you disable local-first load sharing, the packets will be load shared among all Selected ports of the aggregate interface on all IRF member devices.

  • Page 417: Link-Aggregation Selected-Port Maximum

    Use undo link-aggregation port-priority to restore the default. Syntax link-aggregation port-priority priority undo link-aggregation port-priority Default The port priority of an interface is 32768. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters priority: Specifies the port priority in the range of 0 to 65535. The smaller the value, the higher the port priority.

  • Page 418: Link-Aggregation Selected-Port Minimum

    The maximum number of Selected ports allowed in the aggregation groups must be the same for the local and peer ends. The maximum number of Selected ports allowed in an aggregation group is limited by one of the following values, whichever value is smaller: •...

  • Page 419: Port Link-Aggregation Group

    <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] link-aggregation selected-port minimum 3 Related commands link-aggregation selected-port maximum port link-aggregation group Use port link-aggregation group to assign an interface to an aggregation group. Use undo port link-aggregation group to remove an interface from the aggregation group to which it belongs.

  • Page 420: Reset Lacp Statistics

    interface-number: Specifies an existing aggregate interface number. Usage guidelines Use this command to clear history statistics before you collect traffic statistics for a time period. If you do not specify an aggregate interface type, the command clears statistics for all interfaces in the system.
  • Page 421 Predefined user roles network-admin Examples # Bring up Layer 2 aggregate interface Bridge-Aggregation 1. <Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] undo shutdown...
  • Page 422 Contents Port isolation commands················································································ 1 display port-isolate group ··························································································································· 1 port-isolate enable ······································································································································ 2 port-isolate group ······································································································································· 2...
  • Page 423 Port isolation commands display port-isolate group Use display port-isolate group to display port isolation group information. Syntax display port-isolate group [ group-id ] Views Any view Predefined user roles network-admin network-operator Parameters group-id: Specifies an isolation group by its ID. The value range is 1 to 8. Examples # Display all isolation groups.
  • Page 424 port-isolate enable Use port-isolate enable to assign a port to an isolation group. Use undo port-isolate enable to remove a port from an isolation group. Syntax port-isolate enable group group-id undo port-isolate enable Default The port is not assigned to any isolation group. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view...
  • Page 425 undo port-isolate group { group-id | all } Default No isolation groups exist. Views System view Predefined user roles network-admin Parameters group-id: Specifies an isolation group by its ID. The value range is 1 to 8. all: Deletes all isolation groups. Examples # Create isolation group 1.
  • Page 426 Contents Spanning tree commands ·············································································· 1 active region-configuration ························································································································· 1 bpdu-drop any ············································································································································ 1 check region-configuration ························································································································· 2 display stp ·················································································································································· 3 display stp abnormal-port ························································································································· 10 display stp bpdu-statistics ························································································································ 11 display stp down-port ······························································································································· 13 display stp history ····································································································································· 14 display stp region-configuration ···············································································································...

  • Page 427: Spanning Tree Commands

    Spanning tree commands active region-configuration Use active region-configuration to activate your MST region configuration. Syntax active region-configuration Views MST region view Predefined user roles network-admin Usage guidelines When you configure MST region parameters, MSTP launches a new spanning tree calculation process that might cause network topology instability.

  • Page 428: Check Region-Configuration

    Views Layer 2 Ethernet interface view Predefined user roles network-admin Examples # Enable BPDU drop on port Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] bpdu-drop any check region-configuration Use check region-configuration to display MST region pre-configuration information. Syntax check region-configuration Views MST region view...

  • Page 429: Display Stp

    Table 1 Command output Field Description Format selector Format selector of the MST region, which is 0 (not configurable). Region name MST region name. Revision level Revision level of the MST region. Instance VLANs Mapped VLAN-to-instance mappings in the MST region. Related commands active region-configuration instance...
  • Page 430 • If you do not specify a port, this command applies to all ports. • If you specify a port list, this command applies to the specified ports. In PVST mode, the command output is sorted by VLAN ID and by port name in each VLAN. •...
  • Page 431 Field Description Spanning tree status on the port: • FORWARDING—The port can receive and send BPDUs and also forward user traffic. • STP State DISCARDING—The port can receive and send BPDUs but cannot forward user traffic. • LEARNING—The port is in a transitional state. It can receive and send BPDUs but cannot forward user traffic.
  • Page 432 BPDU received TCN: 0, Config: 0, RST: 0, MST: 2 -------[MSTI 1 Global Info]------- Bridge ID : 32768.0001-0000-0000 RegRoot ID/IRPC : 32768.0001-0000-0000, 0 RootPort ID : 0.0 Master bridge : 32768.0001-0000-0000 Cost to master TC received ----[Port1(Ten-GigabitEthernet1/0/1)][FORWARDING]---- Port protocol : Enabled Port role : Designated Port (Boundary) Port ID...
  • Page 433 -------[VLAN 2 Global Info]------- Protocol status : Enabled Bridge ID : 32768.000f-e200-2200 Bridge times : Hello 2s MaxAge 20s FwDly 15s VlanRoot ID/RPC : 0.00e0-fc0e-6554, 200200 RootPort ID : 128.48 BPDU-Protection : Disabled TC or TCN received Time since last TC : 0 days 0h:5m:42s # In MSTP mode, display the spanning tree status and statistics when the spanning tree feature is disabled.
  • Page 434 Field Description VLAN root ID and root path cost (the path cost from the device to the VLAN root VlanRoot ID/RPC bridge). Root port ID. The value 0.0 indicates that the device is the root and there is no root RootPort ID port.
  • Page 435 Field Description TC-Restriction Status of TC transmission restriction on the port. Role-Restriction Status of port role restriction on the port. Format of the MST BPDUs that the port can send: • MST BPDU format Config—Configured value (legacy or 802.1s). • Active—Actual value (legacy or 802.1s).

  • Page 436: Display Stp Abnormal-Port

    display stp abnormal-port Use display stp abnormal-port to display history about ports that are blocked by spanning tree protection features. Syntax display stp abnormal-port Views Any view Predefined user roles network-admin network-operator Usage guidelines In an MSTI or VLAN, this command can display a maximum of three history records for a port that is blocked by spanning tree protection features.

  • Page 437: Display Stp Bpdu-Statistics

    display stp bpdu-statistics Use display stp bpdu-statistics to display the BPDU statistics for ports. Syntax display stp bpdu-statistics [ interface interface-type interface-number [ instance instance-list ] ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. instance instance-list: Specifies a space-separated list of up to 10 MSTI items.
  • Page 438 RST received MST sent 10:33:11 01/13/2011 MST received 10:37:43 01/13/2011 Instance 0: Type Count Last Updated --------------------------- ---------- ----------------- Timeout BPDUs Max-hoped BPDUs TC detected 10:32:40 01/13/2011 TC sent 10:33:11 01/13/2011 TC received # In PVST mode, display the BPDU statistics for Ten-GigabitEthernet 1/0/1. <Sysname>...

  • Page 439: Display Stp Down-Port

    Field Description Max-aged BPDUs Number of BPDUs whose max age was exceeded. TCN sent Number of sent TCN BPDUs. TCN received Number of received TCN BPDUs. TCA sent Number of sent TCA BPDUs. TCA received Number of received TCA BPDUs. Config sent Number of sent configuration BPDUs.

  • Page 440: Display Stp History

    Table 6 Command output Field Description Down Port Name of a port that was shut down by the spanning tree protection features. Reason that the port was shut down: • BPDU protection—Indicates the BPDU guard feature. Reason • PVST BPDU protection—Indicates the PVST BPDU guard feature. display stp history Use display stp history to display port role calculation history.

  • Page 441: Display Stp Region-Configuration

    Role change : ROOT->DESI (Aged) Time : 2009/02/08 00:22:56 Port priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1 Designated priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1 Port Ten-GigabitEthernet1/0/2 Role change : ALTER->ROOT Time : 2009/02/08 00:22:56 Port priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.2 128.153 Designated priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.2 128.153...

  • Page 442: Display Stp Root

    Examples # In MSTP mode, display effective MST region configuration. <Sysname> display stp region-configuration Oper Configuration Format selector Region name : hello Revision level Configuration digest : 0x5f762d9a46311effb7a488a3267fca9f Instance VLANs Mapped 21 to 4094 1 to 10 11 to 20 Table 8 Command output Field Description...

  • Page 443: Display Stp Tc

    # In PVST mode, display the root bridge information of all spanning trees. <Sysname> display stp root VLAN ID Root Bridge ID ExtPathCost IntPathCost Root Port 0.00e0-fc0e-6554 200200 Ten-GigabitEthernet1/0/1 Table 9 Command output Field Description External path cost. The path cost of a port is either automatically calculated by the ExtPathCost device or manually configured by using the stp cost command.

  • Page 444: Instance

    <Sysname> display stp instance 0 tc slot 1 -------------- STP slot 1 TC or TCN count ------------- MST ID Port Receive Send Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 # In PVST mode, display the incoming and outgoing TC/TCN BPDU statistics for all ports on slot 1 in VLAN 2.

  • Page 445: Region-Name

    Usage guidelines CAUTION: Use caution with global Digest Snooping in the following situations: • When you modify the VLAN-to-instance mappings. • When you restore the default MST region configuration. If the local device has different VLAN-to-instance mappings than its neighboring devices, loops or traffic interruption will occur.

  • Page 446: Reset Stp

    Usage guidelines The MST region name, the VLAN-to-instance mapping table, and the MSTP revision level of a device determine the device's MST region. After configuring this command, execute the active region-configuration command to activate the configured MST region name. Examples # Set the MST region name of the device to hello.

  • Page 447: Snmp-Agent Trap Enable Stp

    Use undo revision-level to restore the default MSTP revision level. Syntax revision-level level undo revision-level Default The MSTP revision level is 0. Views MST region view Predefined user roles network-admin Parameters level: Specifies an MSTP revision level in the range of 0 to 65535. Usage guidelines The MSTP revision level, the MST region name, and the VLAN-to-instance mapping table of a device determine the device's MST region.

  • Page 448: Stp Bpdu-Protection

    In MSTP mode, SNMP notifications are enabled in MSTI 0 and disabled in other MSTIs for spanning tree topology changes. In PVST mode, SNMP notifications are disabled for spanning tree topology changes in all VLANs. Views System view Predefined user roles network-admin Parameters new-root: Enables the device to send notifications if the device is elected as a new root bridge.

  • Page 449: Stp Bridge-Diameter

    Related commands stp edged-port stp port bpdu-protection stp bridge-diameter Use stp bridge-diameter to set the network diameter. The switched network diameter refers to the maximum number of devices on the path for an edge device to reach another through the root bridge.

  • Page 450: Stp Compliance

    stp timer max-age stp compliance Use stp compliance to configure the mode a port uses to recognize and send MSTP BPDUs. Use undo stp compliance to restore the default. Syntax stp compliance { auto | dot1s | legacy } undo stp compliance Default A port automatically recognizes the formats of received MSTP packets and determines the formats of MSTP packets to be sent based on the recognized formats.

  • Page 451: Stp Cost

    Default Digest Snooping is disabled. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines For Digest Snooping to take effect, you must enable Digest Snooping both globally and on associated ports. As a best practice, first enable Digest Snooping on ports connected to third-party vendor devices and then enable the feature globally.
  • Page 452 Predefined user roles network-admin Parameters instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2 must be equal to or greater than the value for instance-id1.

  • Page 453: Stp Edged-Port

    stp edged-port Use stp edged-port to configure a port as an edge port. Use undo stp edged-port to restore the default. Syntax stp edged-port undo stp edged-port Default All ports are non-edge ports. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines...

  • Page 454: Stp Global Config-Digest-Snooping

    Syntax stp enable undo stp enable Default The spanning tree feature is enabled on all ports. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines When you enable the spanning tree feature, the device operates in STP, RSTP, PVST, or MSTP mode, depending on the spanning tree mode setting.

  • Page 455: Stp Global Enable

    Predefined user roles network-admin Usage guidelines For Digest Snooping to take effect, you must enable Digest Snooping both globally and on associated ports. As a best practice, first enable Digest Snooping on ports connected to third-party vendor devices and then enable the feature globally. Digest Snooping takes effect on the ports simultaneously, which reduces impact on the network.

  • Page 456: Stp Global Mcheck

    stp mode stp global mcheck Use stp global mcheck to perform mCheck globally. Syntax stp global mcheck Views System view Predefined user roles network-admin Usage guidelines When a port on an MSTP, RSTP, or PVST device connects to an STP device and receives STP BPDUs, the port automatically transits to the STP mode.

  • Page 457: Stp Log Enable Tc

    Predefined user roles network-admin Usage guidelines This command takes effect only when the device is operating in PVST mode. Disabling inconsistent PVID protection might cause spanning tree calculation errors. To avoid such errors, make sure the following requirements are met: •...

  • Page 458: Stp Max-Hops

    Syntax stp loop-protection undo stp loop-protection Default Loop guard is disabled. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines On a port, the loop guard feature is mutually exclusive with the root guard feature or the edge port setting.

  • Page 459: Stp Mcheck

    Parameters hops: Specifies the maximum hops in the range of 1 to 40. Examples # Set the maximum hops of the MST region to 35. <Sysname> system-view [Sysname] stp max-hops 35 Related commands display stp stp mcheck Use stp mcheck to perform mCheck on a port. Syntax stp mcheck Views...

  • Page 460: Stp Mode

    [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] stp mcheck Related commands stp global mcheck stp mode stp mode Use stp mode to configure the spanning tree operating mode. Use undo stp mode to restore the default. Syntax stp mode { mstp | pvst | rstp | stp } undo stp mode Default A spanning tree device operates in MSTP mode.

  • Page 461: Stp No-Agreement-Check

    stp no-agreement-check Use stp no-agreement-check to enable No Agreement Check on a port. Use undo stp no-agreement-check to disable No Agreement Check on a port. Syntax stp no-agreement-check undo stp no-agreement-check Default No Agreement Check is disabled. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin...

  • Page 462: Stp Point-To-Point

    Parameters dot1d-1998: Configures the device to calculate the default path cost for ports based on IEEE 802.1d-1998. dot1t: Configures the device to calculate the default path cost for ports based on IEEE 802.1t. legacy: Configures the device to calculate the default path cost for ports based on a private standard.

  • Page 463: Stp Port Bpdu-Protection

    In MSTP or PVST mode, the stp point-to-point force-false or stp point-to-point force-true command configured on a port takes effect on all MSTIs or VLANs. Before you set the link type of a port to point-to-point, make sure the port is connected to a point-to-point link.

  • Page 464: Stp Port Priority

    Examples # Enable BPDU guard on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] stp port bpdu-protection enable Related commands stp bpdu-protection stp edged-port stp port priority Use stp port priority to set the priority of a port. The port priority affects the role of a port in a spanning tree.

  • Page 465: Stp Port-Log

    Examples # In MSTP mode, set the port priority of Ten-GigabitEthernet 1/0/1 to 16 in MSTI 2. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] stp instance 2 port priority 16 # In PVST mode, set the port priority of Ten-GigabitEthernet 1/0/1 to 16 in VLAN 2. <Sysname>...

  • Page 466: Stp Priority

    # In PVST mode, enable outputting port state transition information for VLAN 1 through VLAN 4094. <Sysname> system-view [Sysname] stp port-log vlan 1 to 4094 %Aug 16 00:49:41:856 2006 Sysname STP/3/STP_DISCARDING: VLAN 2's Ten-GigabitEthernet1/0/1 has been set to discarding state. %Aug 16 00:49:41:856 2006 Sysname STP/3/STP_FORWARDING: VLAN 2's Ten-GigabitEthernet1/0/2 has been set to forwarding state.

  • Page 467: Stp Pvst-Bpdu-Protection

    stp pvst-bpdu-protection Use stp pvst-bpdu-protection to enable PVST BPDU guard. Use undo stp pvst-bpdu-protection to disable PVST BPDU guard. Syntax stp pvst-bpdu-protection undo stp pvst-bpdu-protection Default PVST BPDU guard is disabled. Views System view Predefined user roles network-admin Usage guidelines PVST BPDU guard enables an MSTP-enabled device to shut down a port if the port receives PVST BPDUs.

  • Page 468: Stp Role-Restriction

    Usage guidelines After you enter MST region view, you can configure MST region parameters, including the region name, VLAN-to-instance mappings, and revision level. Examples # Enter MST region view. <Sysname> system-view [Sysname] stp region-configuration [Sysname-mst-region] stp role-restriction Use stp role-restriction to enable port role restriction. Use undo stp role-restriction to disable port role restriction.

  • Page 469: Stp Root Secondary

    undo stp [ instance instance-list | vlan vlan-id-list ] root Default The device is not a root bridge. Views System view Predefined user roles network-admin Parameters instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ].

  • Page 470: Stp Root-Protection

    Predefined user roles network-admin Parameters instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2 must be equal to or greater than the value for instance-id1.

  • Page 471: Stp Tc-Protection

    If this command is configured in Layer 2 aggregate interface view, it takes effect only on the aggregate interface. If this command is configured on a member port in an aggregation group, it takes effect only after the port leaves the aggregation group. Examples # Enable root guard on Ten-GigabitEthernet 1/0/1.

  • Page 472: Stp Tc-Restriction

    Syntax stp tc-protection threshold number undo stp tc-protection threshold Default By default, the device can perform a maximum of 6 forwarding address entry flushes every 10 seconds. Views System view Predefined user roles network-admin Parameters number: Specifies the maximum number of immediate forwarding address entry flushes that the device can perform every 10 seconds.

  • Page 473: Stp Tc-Snooping

    If this command is configured on a member port in an aggregation group, it takes effect only after the port leaves the aggregation group. Examples # Enable TC-BPDU transmission restriction on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] stp tc-restriction stp tc-snooping Use stp tc-snooping to enable TC Snooping.

  • Page 474: Stp Timer Hello

    Views System view Predefined user roles network-admin Parameters vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal to or greater than the value for vlan-id1.

  • Page 475: Stp Timer Max-Age

    Predefined user roles network-admin Parameters vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal to or greater than the value for vlan-id1.

  • Page 476: Stp Timer-Factor

    Parameters vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. If you set the STP, RSTP, or MSTP max age, do not specify this option.

  • Page 477: Stp Transmit-Limit

    Parameters factor: Specifies the timeout factor in the range of 1 to 20. Usage guidelines In a stable network, each non-root-bridge forwards configuration BPDUs to surrounding devices at the interval of hello time to determine whether any link fails. If a device does not receive a BPDU from the upstream device within nine times of the hello time, it assumes that the upstream device has failed.

  • Page 478: Stp Vlan Enable

    If this command is configured in Layer 2 aggregate interface view, it takes effect only on the aggregate interface. If this command is configured on a member port in an aggregation group, it takes effect only after the port leaves the aggregation group. Examples # Set the BPDU transmission rate of Ten-GigabitEthernet 1/0/1 to 5.

  • Page 479: Vlan-Mapping Modulo

    stp global enable stp mode vlan-mapping modulo Use vlan-mapping modulo to map VLANs in an MST region to MSTIs according to the specified modulo value and quickly create a VLAN-to-instance mapping table. Syntax vlan-mapping modulo modulo Default All VLANs are mapped to the CIST (MSTI 0). Views MST region view Predefined user roles...
  • Page 480 Contents Loop detection commands ············································································· 1 display loopback-detection ························································································································· 1 loopback-detection action ·························································································································· 1 loopback-detection enable ························································································································· 2 loopback-detection global action ················································································································ 3 loopback-detection global enable··············································································································· 4 loopback-detection interval-time ················································································································ 5...

  • Page 481: Loop Detection Commands

    Loop detection commands display loopback-detection Use display loopback-detection to display the loop detection configuration and status. Syntax display loopback-detection Views Any view Predefined user roles network-admin network-operator Example # Display the loop detection configuration and status. <Sysname> display loopback-detection Loopback detection is enabled. Loopback detection interval is 30 second(s).

  • Page 482: Loopback-Detection Enable

    Syntax In Layer 2 Ethernet interface view: loopback-detection action { block | no-learning | shutdown } undo loopback-detection action In Layer 2 aggregate interface view: loopback-detection action shutdown undo loopback-detection action Default When the device detects a loop on a port, it generates a log but performs no action on the port. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view...

  • Page 483: Loopback-Detection Global Action

    Use undo loopback-detection enable to disable loop detection on a port. Syntax loopback-detection enable vlan { vlan-id-list | all } undo loopback-detection enable vlan { vlan-id-list | all } Default Loop detection is disabled on ports. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin...

  • Page 484: Loopback-Detection Global Enable

    Predefined user roles network-admin Parameters shutdown: Enables the shutdown mode. If a loop is detected, the device generates a log and shuts down the port. The device automatically sets the port to the forwarding state after you set the time interval by using the shutdown-interval command (see Fundamentals Command Reference).

  • Page 485: Loopback-Detection Interval-Time

    Example # Globally enable loop detection for VLAN 10 through VLAN 20. <Sysname> system-view [System] loopback-detection global enable vlan 10 to 20 Related commands display loopback-detection loopback-detection enable loopback-detection interval-time Use loopback-detection interval-time to set the loop detection interval. Use undo loopback-detection interval-time to restore the default. Syntax loopback-detection interval-time interval undo loopback-detection interval-time...
  • Page 486 Contents VLAN commands ··························································································· 1 Basic VLAN commands ····································································································································· 1 bandwidth ··················································································································································· 1 default ························································································································································ 1 description ·················································································································································· 2 display interface vlan-interface··················································································································· 3 display vlan ················································································································································ 5 display vlan brief ········································································································································ 6 interface vlan-interface ······························································································································· 7 mtu ····························································································································································· 8 name ·························································································································································· 9 reset counters interface vlan-interface ·····································································································...
  • Page 487 private-vlan (VLAN interface view) ··········································································································· 50 private-vlan (VLAN view) ·························································································································· 52 private-vlan community ···························································································································· 53 private-vlan isolated ································································································································· 54 private-vlan primary ·································································································································· 56 Voice VLAN commands ··············································································· 57 display voice-vlan mac-address ··············································································································· 57 display voice-vlan state ···························································································································· 57 voice-vlan aging ······································································································································· 58 voice-vlan enable ·····································································································································...

  • Page 488: Vlan Commands

    VLAN commands Basic VLAN commands bandwidth Use bandwidth to set the expected bandwidth of an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth (in kbps) is the interface baud rate divided by 1000. Views VLAN interface view Predefined user roles...

  • Page 489: Description

    Usage guidelines CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions.

  • Page 490: Display Interface Vlan-Interface

    # Configure the description of VLAN-interface 2 as linktoPC56. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] description linktoPC56 Related commands display interface vlan-interface display vlan display interface vlan-interface Use display interface vlan-interface to display VLAN interface information. Syntax display interface vlan-interface [ interface-number ] [ brief [ description | down ] ] Views...
  • Page 491 Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Primary IP Description Vlan2 DOWN DOWN Table 1 Command output Field Description Vlan-interface2 VLAN interface name. Physical link state of the VLAN interface: •...

  • Page 492: Display Vlan

    Field Description Data link layer protocol state of the interface: • UP—The data link layer protocol state of the interface is up. • DOWN—The data link layer protocol state of the interface is Protocol down. • UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist.
  • Page 493 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 # Display information about VLAN 3. <Sysname> display vlan 3 VLAN ID: 3 VLAN type: static Route interface: Configured IPv4 address: 1.1.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: None...
  • Page 494 Views Any view Predefined user roles network-admin network-operator Examples # Display brief VLAN information. <Sysname> display vlan brief Brief information about all VLANs: Supported Minimum VLAN ID: 1 Supported Maximum VLAN ID: 4094 Default VLAN ID: 1 VLAN ID Name Port VLAN 0001 GE1/0/1...

  • Page 495: Mtu

    Syntax interface vlan-interface interface-number undo interface vlan-interface interface-number Default No VLAN interfaces exist. Views System view Predefined user roles network-admin Parameters interface-number: Specifies a VLAN interface number in the range of 1 to 4094. Usage guidelines Create the VLAN before you create the VLAN interface for a VLAN. You cannot create VLAN interfaces for sub-VLANs.

  • Page 496: Name

    Parameters size: Sets the MTU in bytes. The value range for this argument is 128 to 1500. Usage guidelines If you configure both the mtu and ip mtu commands on a VLAN interface, the MTU set by the ip mtu command is used for fragmentation.

  • Page 497: Reset Counters Interface Vlan-Interface

    reset counters interface vlan-interface Use reset counters interface vlan-interface to clear statistics on a VLAN interface. Syntax reset counters interface vlan-interface [ interface-number ] Views User view Predefined user roles network-admin Parameters vlan-interface interface-number: Specifies a VLAN interface by its number. If you do not specify the interface-number argument, this command clears statistics on all VLAN interfaces.

  • Page 498: Vlan

    To troubleshoot a failed VLAN interface, you can use the shutdown command and then the undo shutdown command on the interface to see whether it recovers. In a VLAN, the state of each Ethernet port is independent of the state of the VLAN interface. Examples # Shut down VLAN-interface 2, and then bring it up.

  • Page 499: Port-Based Vlan Commands

    [Sysname] vlan 4 to 100 Related commands display vlan Port-based VLAN commands display port Use display port to display information about hybrid or trunk ports. Syntax display port { hybrid | trunk } Views Any view Predefined user roles network-admin network-operator Parameters hybrid: Specifies hybrid ports.

  • Page 500: Port

    port Use port to assign the specified access ports to a VLAN. Use undo port to remove the specified access ports from a VLAN. Syntax port interface-list undo port interface-list Default All ports are in VLAN 1. Views VLAN view Predefined user roles network-admin Parameters...

  • Page 501: Port Hybrid Pvid

    Layer 2 Ethernet interface view Predefined user roles network-admin Parameters vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094. Usage guidelines Before assigning an access port to a VLAN, make sure the VLAN has been created. Examples # Assign Ten-GigabitEthernet 1/0/1 to VLAN 3.

  • Page 502: Port Hybrid Vlan

    [Sysname] vlan 100 [Sysname-vlan100] quit [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid [Sysname-Ten-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged Related commands port hybrid vlan port link-type port hybrid vlan Use port hybrid vlan to assign a hybrid port to the specified VLANs. Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.

  • Page 503: Port Link-Type

    Related commands port link-type port link-type Use port link-type to set the link type of a port. Use undo port link-type to restore the default link type of a port. Syntax port link-type { access | hybrid | trunk } undo port link-type Default Each port is an access port.

  • Page 504: Port Trunk Pvid

    Predefined user roles network-admin Parameters vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

  • Page 505: Mac-Based Vlan Commands

    To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command. Examples # Configure Ten-GigabitEthernet 1/0/1 as a trunk, set its PVID to VLAN 100, and assign it to VLAN 100.

  • Page 506: Display Mac-Vlan Interface

    MAC address Mask VLAN ID Dot1q State 0008-0001-0000 ffff-ff00-0000 0002-0001-0000 ffff-ffff-ffff S&D Total MAC VLAN entries count: 2 Table 5 Command output Field Description S - Static Statically configured MAC-to-VLAN entries. D - Dynamic Dynamically configured MAC-to-VLAN entries. MAC address MAC address of the MAC-to-VLAN entry.

  • Page 507: Mac-Vlan Enable

    mac-vlan enable Use mac-vlan enable to enable the MAC-based VLAN feature on a port. Use undo mac-vlan enable to disable the MAC-based VLAN feature on a port. Syntax mac-vlan enable undo mac-vlan enable Default The MAC-based VLAN feature is disabled on a port. Views Layer 2 Ethernet interface view Predefined user roles...

  • Page 508: Mac-Vlan Trigger Enable

    vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094. dot1q priority: Specifies the 802.1p priority of the VLAN specific to the MAC-to-VLAN entry. The value range for the priority argument is 0 to 7, and the default value is 0. The higher the value, the higher the 802.1p priority.

  • Page 509: Port Pvid Forbidden

    Examples # Enable dynamic MAC-based VLAN assignment on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] mac-vlan trigger enable Related commands mac-vlan mac-address port pvid forbidden port pvid forbidden Use port pvid forbidden to disable a port from forwarding packets that fail the exact MAC address match in its PVID.

  • Page 510: Ip Subnet-Based Vlan Commands

    Default A port matches VLANs based on MAC addresses preferentially. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters mac-vlan: Matches VLANs based on MAC addresses preferentially. ip-subnet-vlan: Matches VLANs based on IP subnets preferentially. Usage guidelines This command takes effect only on MAC-based VLANs and IP subnet-based VLANs. When you enable dynamic MAC-based VLAN assignment, configure the vlan precedence mac-vlan command as a best practice to ensure the priority of MAC-based VLAN matching.

  • Page 511: Display Ip-Subnet-Vlan Vlan

    Examples # Display IP subnet-based VLANs on Ten-GigabitEthernet 1/0/1. <Sysname> display ip-subnet-vlan interface ten-gigabitethernet 1/0/1 Interface: Ten-GigabitEthernet1/0/1 VLAN ID Subnet index IP address Subnet mask Status 192.168.1.0 255.255.255.0 Active Inactive 4094 65535 172.16.1.1 255.255.0.0 Inactive Table 6 Command output Field Description VLAN ID ID of the IP subnet-based VLAN.

  • Page 512: Ip-Subnet-Vlan

    vlan-id1 to vlan-id2: Specifies an IP subnet-based VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. all: Specifies all IP subnet-based VLANs.

  • Page 513: Port Hybrid Ip-Subnet-Vlan

    decimal notation. The mask argument is the subnet mask of the source IP address or network address, in dotted decimal notation with a default value of 255.255.255.0. to ip-subnet-end: Specifies an end IP subnet index of an IP subnet index range, in the range of 0 to 65535.
  • Page 514 Examples # Associate Ten-GigabitEthernet 1/0/1 with IP subnet-based VLAN 3. <Sysname> system-view [Sysname] vlan 3 [Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0 [Sysname-vlan3] quit [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid [Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 3 untagged [Sysname-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 3 # Associate Layer 2 aggregate interface Bridge-Aggregation 1 with IP subnet-based VLAN 3.

  • Page 515: Display Protocol-Vlan Vlan

    Examples # Display protocol-based VLAN information on Ten-GigabitEthernet 1/0/1. <Sysname> display protocol-vlan interface ten-gigabitethernet 1/0/1 Interface: Ten-GigabitEthernet1/0/1 VLAN ID Protocol index Protocol type Status IPv6 Active Inactive 4094 65535 IPv4 Inactive Table 8 Command output Field Description VLAN ID ID of the protocol-based VLAN. Protocol index Protocol template index.

  • Page 516: Port Hybrid Protocol-Vlan

    VLAN ID: 2 Protocol index Protocol type IPv4 65535 IPv6 VLAN ID: 3 Protocol index Protocol type IPv4 65535 LLC DSAP 0x11 SSAP 0x22 Table 9 Command output Field Description VLAN ID ID of the protocol-based VLAN. Protocol index Protocol template index. Protocol type or encapsulation format specified by the protocol Protocol type template.
  • Page 517 all: Specifies all protocol templates. Usage guidelines For this command to take effect, perform the following tasks: Create a VLAN and associate it with the specified protocol templates. Set the port link type to hybrid. Configure the port to allow the protocol-based VLAN to pass through. When you execute the undo port hybrid protocol-vlan command on a port, follow these guidelines: •...
  • Page 518 Views VLAN view Predefined user roles network-admin Parameters at: Specifies the AppleTalk-based VLAN. ipv4: Specifies the IPv4-based VLAN. ipv6: Specifies the IPv6-based VLAN. ipx: Specifies the IPX-based VLAN. The keywords ethernetii, llc, raw, and snap specify IPX encapsulation formats. mode: Configures a user-defined protocol template for the VLAN. The keywords ethernetii, llc, and snap specify the available encapsulation formats.

  • Page 519: Vlan Group Commands

    ff—Specifies the 802.3 raw encapsulation format for IPX packets.  aa—Specifies the 802.2 SNAP encapsulation format.  When either of the dsap-id and ssap-id arguments is configured, the system assigns the hexadecimal value aa to the other argument. • Do not set the etype-id argument in the snap etype etype-id option to the hexadecimal value 8137.

  • Page 520: Vlan-Group

    VLAN list: 2-4 100 200 VLAN group: rnd VLAN list: Null Table 10 Command output Field Description VLAN group Name of the VLAN group. VLAN list VLAN list in the VLAN group. Related commands vlan-group vlan-list vlan-group Use vlan-group to create a VLAN group and enter its view, or enter the view of an existing VLAN group.
  • Page 521 Use undo vlan-list to remove VLANs from a VLAN group. Syntax vlan-list vlan-id-list undo vlan-list vlan-id-list Default No VLANs exist in a VLAN group. Views VLAN group view Predefined user roles network-admin Parameters vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2.

  • Page 522: Display Supervlan

    Super VLAN commands display supervlan Use display supervlan to display information about super VLANs and their associated sub-VLANs. Syntax display supervlan [ supervlan-id ] Views Any view Predefined user roles network-admin network-operator Parameters supervlan-id: Specifies a super VLAN ID in the range of 1 to 4094. If you do not specify a super VLAN ID, this command displays information about all super VLANs and their associated sub-VLANs.
  • Page 523 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/3 VLAN ID: 4 VLAN type: Static It is a sub VLAN. Route interface: Configured IPv4 address: 10.153.17.41 IPv4 subnet mask: 255.255.252.0 IPv6 global unicast addresses: 2001::1, subnet is 2001::/64 [TENTATIVE] Description: VLAN 0004 Name: VLAN 0004 Tagged ports: None Untagged ports:...

  • Page 524: Subvlan

    Field Description Untagged ports Untagged members of the VLAN. Related commands subvlan supervlan subvlan Use subvlan to associate a super VLAN with the specified sub-VLANs. Use undo subvlan to dissociate sub-VLANs from a super VLAN. Syntax subvlan vlan-id-list undo subvlan [ vlan-id-list ] Default A super VLAN is not associated with any sub-VLANs.

  • Page 525: Supervlan

    supervlan supervlan Use supervlan to configure a VLAN as a super VLAN. Use undo supervlan to restore the default. Syntax supervlan undo supervlan Default A VLAN is not a super VLAN. Views VLAN view Predefined user roles network-admin Usage guidelines You cannot configure a VLAN as both a super VLAN and a guest VLAN, Auth-Fail VLAN, or critical VLAN.
  • Page 526 Private VLAN commands display private-vlan Use display private-vlan to display information about primary VLANs and their associated secondary VLANs. Syntax display private-vlan [ primary-vlan-id ] Views Any view Predefined user roles network-admin network-operator Parameters primary-vlan-id: Specifies a primary VLAN ID in the range of 1 to 4094. If you do not specify a primary VLAN ID, this command displays information about all primary VLANs and their associated secondary VLANs.
  • Page 527 Name: VLAN 0003 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 VLAN ID: 4 VLAN type: Static Private VLAN type: Secondary Route interface: Not configured Description: VLAN 0004 Name: VLAN 0004 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/4 Table 12 Command output Field Description VLAN type...

  • Page 528: Port Private-Vlan Host

    Field Description Global unicast IPv6 address of the VLAN interface. This field is not displayed when no IPv6 address is configured for the VLAN interface. The IPv6 address states are as follows: • TENTATIVE—Initial state. DAD is being performed or is to be performed on the address.
  • Page 529 Assigns the port to the primary VLAN as an untagged member.  • For a trunk port, the device does not change the port link type or PVID. • For a hybrid port, the device does not change the port link type or PVID. If the hybrid port has been a tagged or untagged member of the primary VLAN, this member ...

  • Page 530: Port Private-Vlan Promiscuous

    port private-vlan trunk secondary private-vlan (VLAN view) private-vlan primary port private-vlan promiscuous Use port private-vlan promiscuous to configure a port as a promiscuous port of the specified VLAN and assign the port to the VLAN. Use undo port private-vlan to restore the default. Syntax port private-vlan vlan-id promiscuous undo port private-vlan...
  • Page 531 You can configure the VLAN as a primary VLAN before or after you execute the port private-vlan promiscuous command. This command is mutually exclusive with the port private-vlan trunk promiscuous and port private-vlan trunk secondary commands. Examples In this example, VLAN 2 is a primary VLAN, and it is associated with secondary VLAN 20. # Display information about Ten-GigabitEthernet 1/0/1.

  • Page 532: Port Private-Vlan Trunk Promiscuous

    • Ten-GigabitEthernet 1/0/1 is removed from primary VLAN 2. • Ten-GigabitEthernet 1/0/1 is an untagged member of VLAN 20. • The link type and PVID of Ten-GigabitEthernet 1/0/1 do not change. Related commands port private-vlan host port private-vlan trunk promiscuous port private-vlan trunk secondary private-vlan (VLAN view) private-vlan primary...
  • Page 533 device assigns the hybrid port to the rest of the primary VLANs and their associated secondary VLANs as a tagged member. If the hybrid port does not allow any of the primary VLANs and their associated secondary  VLANs, the device assigns the port to these VLANs as a tagged member. The undo form of this command does not change the VLAN attributes (allowed secondary VLANs, port link type, and PVID) of the port.

  • Page 534: Port Private-Vlan Trunk Secondary

    [Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 2 3 trunk promiscuous [Sysname-Ten-GigabitEthernet1/0/1] display this interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-type hybrid port hybrid vlan 20 30 tagged port hybrid vlan 1 untagged return The output shows that: • Ten-GigabitEthernet 1/0/1 is removed from VLANs 2 and 3. •...
  • Page 535 Usage guidelines If the specified VLANs are secondary VLANs that have been associated with primary VLANs, the command also assigns the port to the associated primary VLANs. Also, the following events occur: • For an access port, the device performs the following operations: Changes the port link type to hybrid.
  • Page 536 interface Ten-GigabitEthernet1/0/1 port link-mode bridge return # Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLANs 20 and 30, and then verify the configuration. [Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 20 30 trunk secondary [Sysname-Ten-GigabitEthernet1/0/1] display this interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-type hybrid port hybrid vlan 2 3 20 30 tagged port hybrid vlan 1 untagged...

  • Page 537: Private-Vlan (Vlan Interface View)

    # Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLAN 10, and then verify the configuration. [Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 10 trunk secondary [Sysname-Ten-GigabitEthernet1/0/1] display this interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-type hybrid port hybrid vlan 10 tagged port hybrid vlan 1 untagged port private-vlan 10 trunk secondary return The output shows that:...
  • Page 538 Syntax private-vlan secondary vlan-id-list undo private-vlan [ secondary vlan-id-list ] Default Secondary VLANs are isolated at Layer 3. Views VLAN interface view Predefined user roles network-admin Parameters vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2.
  • Page 539 [Sysname-vlan2] quit # Configure the uplink port (Ten-GigabitEthernet 1/0/2) as a promiscuous port of VLAN 2. [Sysname] interface ten-gigabitethernet 1/0/2 [Sysname-Ten-GigabitEthernet1/0/2] port private-vlan 2 promiscuous [Sysname-Ten-GigabitEthernet1/0/2] quit # Assign downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3 and configure the port as a host port. [Sysname] interface ten-gigabitethernet 1/0/3 [Sysname-Ten-GigabitEthernet1/0/3] port access vlan 3 [Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host...

  • Page 540: Private-Vlan Community

    must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command. Usage guidelines A primary VLAN can be associated with multiple secondary VLANs. When you execute this command in the same VLAN view multiple times, all the specified secondary VLANs are associated with the primary VLAN.
  • Page 541 When you use the save command to save the configuration, the private-vlan community command is not saved into the configuration file. Examples This example shows how to meet the following requirements: • VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2. •...
  • Page 542 Default Ports in the same secondary VLAN can communicate with each other at Layer 2. Views VLAN view Predefined user roles network-admin Usage guidelines This command takes effect when the following conditions exist: • The secondary VLAN is associated with a primary VLAN. •...

  • Page 543: Private-Vlan Primary

    Related commands private-vlan (VLAN view) private-vlan community private-vlan primary private-vlan primary Use private-vlan primary to configure a VLAN as a primary VLAN. Use undo private-vlan primary to restore the default. Syntax private-vlan primary undo private-vlan primary Default A VLAN is not a primary VLAN. Views VLAN view Predefined user roles...
  • Page 544 OUI Address Mask Description 0001-e300-0000 ffff-ff00-0000 Siemens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000 ffff-ff00-0000 Avaya phone 000f-e200-0000 ffff-ff00-0000 H3C Aolynk phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone Table 13 Command output...

  • Page 545: Voice-Vlan Aging

    Predefined user roles network-admin network-operator Examples # Display voice VLAN information. <Sysname> display voice-vlan state Current voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled ports and their modes: Port VLAN Mode DSCP XGE1/0/1 Auto...

  • Page 546: Voice-Vlan Enable

    Views System view Predefined user roles network-admin Parameters minutes: Sets the voice VLAN aging timer in the range of 5 to 43200 minutes. Usage guidelines In automatic voice VLAN assignment mode, the device starts an aging timer for a voice VLAN when assigning a port to the voice VLAN.
  • Page 547 Table 15 System default OUI addresses Number OUI address Vendor 0001-e300-0000 Siemens phone 0003-6b00-0000 Cisco phone 0004-0d00-0000 Avaya phone 000f-e200-0000 H3C Aolynk phone 0060-b900-0000 Philips/NEC phone 00d0-1e00-0000 Pingtel phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone Views System view Predefined user roles...

  • Page 548: Voice-Vlan Mode Auto

    Usage guidelines You can manually delete or add the system default OUI addresses. The device supports a maximum of 128 OUI addresses. Examples # Add OUI address 1234-1200-0000 by specifying the MAC address as 1234-1234-1234 and the mask as fff-ff00-0000. Configure the OUI address description as PhoneA. <Sysname>...

  • Page 549: Voice-Vlan Qos Trust

    Syntax voice-vlan qos cos-value dscp-value undo voice-vlan qos Default A port modifies the CoS and DSCP values for incoming voice VLAN packets to 6 and 46, respectively. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters cos-value: Specifies a CoS value in the range of 0 to 7. A bigger CoS value represents a higher priority.

  • Page 550: Voice-Vlan Security Enable

    Predefined user roles network-admin Usage guidelines When a port trusts the QoS priority settings in incoming voice VLAN packets, the port does not modify their CoS and DSCP values. You cannot execute this command on a voice VLAN-enabled port. Before you execute this command on a port, you must disable the voice VLAN feature on it.

  • Page 551: Voice-Vlan Track Lldp

    voice-vlan track lldp Use voice-vlan track lldp to enable LLDP for automatic IP phone discovery. Use undo voice-vlan track lldp to disable LLDP for automatic IP phone discovery. Syntax voice-vlan track lldp undo voice-vlan track lldp Views System view Default LLDP for automatic IP phone discovery is disabled.
  • Page 552 Contents MVRP commands ·························································································· 1 display mvrp running-status ······················································································································· 1 display mvrp state ······································································································································ 2 display mvrp statistics ································································································································ 3 mrp timer join ············································································································································· 5 mrp timer leave ·········································································································································· 6 mrp timer leaveall ······································································································································· 7 mrp timer periodic ······································································································································ 8 mvrp enable ···············································································································································...

  • Page 553: Mvrp Commands

    MVRP commands display mvrp running-status Use display mvrp running-status to display MVRP running status. Syntax display mvrp running-status [ interface interface-list ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-list: Specifies a range of Ethernet interfaces in the form of interface-type interface-number1 [ to interface-type interface-number2 ].

  • Page 554: Display Mvrp State

    Join Timer : 20 (centiseconds) Leave Timer : 60 (centiseconds) Periodic Timer : 100 (centiseconds) LeaveAll Timer : 1000 (centiseconds) Registration Type : Normal Registered VLANs : None Declared VLANs : None Propagated VLANs : None Table 1 Command output Field Description MVRP Global Info...

  • Page 555: Display Mvrp Statistics

    Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies a port by its type and number. vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094. Examples # Display the MVRP state of Ten-GigabitEthernet 1/0/1 in VLAN 2. <Sysname>...
  • Page 556 Views Any view Predefined user roles network-admin network-operator Parameters interface interface-list: Specifies a range of Ethernet interfaces in the form of interface-type interface-number1 [ to interface-type interface-number2 ]. The interface-type interface-number argument represents the interface type and interface number. The value for the interface-number2 argument must be greater than or equal to the value for the interface-number1 argument.
  • Page 557 Leave Event Received LeaveAll Event Received Frames Transmitted New Event Transmitted JoinIn Event Transmitted In Event Transmitted JoinMt Event Transmitted Mt Event Transmitted Leave Event Transmitted LeaveAll Event Transmitted Frames Discarded Table 3 Command output Field Description Number of VLAN registration failures through MVRP on the local Failed Registrations participant.

  • Page 558: Mrp Timer Leave

    Default The Join timer is 20 centiseconds. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters timer-value: Specifies the Join timer value (in centiseconds). The Join timer must meet the following requirements: • Not less than 20 centiseconds.

  • Page 559: Mrp Timer Leaveall

    • Divisible by 20 centiseconds. Examples # Set the Leave timer to 100 centiseconds. (In this example, the Join timer and LeaveAll timer use their default settings.) <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] mrp timer leave 100 Related commands display mvrp running-status mrp timer join mrp timer leaveall...

  • Page 560: Mrp Timer Periodic

    Examples # Set the LeaveAll timer to 1500 centiseconds. (In this example, the Leave timer on each port uses the default setting.) <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] mrp timer leaveall 1500 Related commands display mvrp running-status mrp timer leave mrp timer periodic Use mrp timer periodic to set the Periodic timer.

  • Page 561: Mvrp Global Enable

    Syntax mvrp enable undo mvrp enable Default MVRP is disabled on a port. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Usage guidelines For MVRP to take effect on a port, make sure the following requirements are met: •...

  • Page 562: Mvrp Gvrp-Compliance Enable

    Examples # Enable MVRP globally. <Sysname> system-view [Sysname] mvrp global enable Related commands display mvrp running-status mvrp gvrp-compliance enable Use mvrp gvrp-compliance enable to enable GVRP compatibility for MVRP. Use undo mvrp gvrp-compliance enable to restore the default. Syntax mvrp gvrp-compliance enable undo mvrp gvrp-compliance enable Default MVRP is incompatible with GVRP.

  • Page 563: Reset Mvrp Statistics

    Layer 2 aggregate interface view Predefined user roles network-admin Parameters fixed: Specifies the fixed registration mode. forbidden: Specifies the forbidden registration mode. normal: Specifies the normal registration mode. Examples # Set the MVRP registration mode to fixed on Ten-GigabitEthernet 1/0/1. <Sysname>...
  • Page 564 Contents QinQ commands ···························································································· 1 display qinq ················································································································································ 1 qinq enable ················································································································································· 2 qinq ethernet-type (interface view) ············································································································· 2 qinq ethernet-type (system view) ··············································································································· 3 qinq transparent-vlan ································································································································· 4...

  • Page 565: Qinq Commands

    QinQ commands This document uses the following terms: • CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer uses on the private network. • SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a service provider uses to transmit VLAN tagged traffic for customers.

  • Page 566: Qinq Enable

    Related commands qinq enable qinq enable Use qinq enable to enable QinQ on an interface. Use undo qinq enable to disable QinQ on an interface. Syntax qinq enable undo qinq enable Default QinQ is disabled on interfaces. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin...

  • Page 567: Qinq Ethernet-Type (System View)

    hex-value: Sets a hexadecimal TPID value in the range of 1 to ffff, excluding the reserved EtherType values listed in Table Table 1 Reserved EtherType values Protocol type Value 0x0806 0x0200 RARP 0x8035 0x0800 IPv6 0x86dd PPPoE 0x8863/0x8864 MPLS 0x8847/0x8848 IPX/SPX 0x8137 IS-IS...

  • Page 568: Qinq Transparent-Vlan

    Views System view Predefined user roles network-admin Parameters customer-tag: Sets the TPID value in the CVLAN tag. hex-value: Sets a hexadecimal TPID value in the range of 1 to ffff, excluding the reserved EtherType values listed in Table Table 2 Reserved EtherType values Protocol type Value 0x0806...
  • Page 569 Syntax qinq transparent-vlan vlan-id-list undo qinq transparent-vlan { vlan-id-list | all } Default Transparent transmission is disabled for all VLANs. Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network-admin Parameters vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a single VLAN ID or a VLAN ID range in the form of vlan-id1 to vlan-id2.
  • Page 570 Contents VLAN mapping commands ············································································ 1 display vlan mapping ·································································································································· 1 vlan mapping ·············································································································································· 2...
  • Page 571 VLAN mapping commands display vlan mapping Use display vlan mapping to display VLAN mapping information. Syntax display vlan mapping [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays VLAN mapping information on all interfaces.
  • Page 572 Field Description Translated outer VLAN. Translated Outer VLAN This field indicates the translated VLAN for one-to-one VLAN mapping and many-to-one VLAN mapping. Translated inner VLAN. Translated Inner VLAN This field displays N/A for one-to-one VLAN mapping and many-to-one VLAN mapping. Related commands vlan mapping vlan mapping...
  • Page 573 nest range vlan-range-list nested-vlan vlan-id: Specifies the CVLAN ranges and the SVLAN for a one-to-two VLAN mapping. The vlan-range-list argument specifies a space-separated list of up to 10 CVLAN items. Each item specifies a CVLAN ID or a range of CVLAN IDs in the format of vlan-id1 to vlan-id2.
  • Page 574 (Ten-GigabitEthernet 1/0/3) to use the original VLAN tags of the many-to-one mappings to replace the VLAN tags of the packets destined for the user network. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/2 [Sysname-Ten-GigabitEthernet1/0/2] vlan mapping uni range 1 to 50 translated-vlan 101 [Sysname-Ten-GigabitEthernet1/0/2] vlan mapping uni single 80 translated-vlan 101 [Sysname-Ten-GigabitEthernet1/0/2] quit [Sysname] interface ten-gigabitethernet 1/0/3...
  • Page 575 Contents LLDP commands ··························································································· 1 cdp voice-vlan ············································································································································ 1 display lldp local-information ······················································································································ 1 display lldp neighbor-information ··············································································································· 6 display lldp statistics ································································································································· 13 display lldp status ····································································································································· 16 display lldp tlv-config ································································································································ 18 lldp admin-status ······································································································································ 21 lldp check-change-interval ······················································································································· 22 lldp compliance admin-status cdp ············································································································...

  • Page 576: Lldp Commands

    LLDP commands cdp voice-vlan Use cdp voice-vlan to set the voice VLAN ID carried in CDP frames. Use undo cdp voice-vlan to restore the default. Syntax cdp voice-vlan vlan-id undo cdp voice-vlan Default No voice VLAN ID is configured to be carried in CDP frames. Views Layer 2 Ethernet interface view Default command level...
  • Page 577 Global LLDP local-information: Chassis ID : 00e0-fc00-5600 System name : Sysname System description : H3C Comware Platform Software System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Service Bridge MED information: Device class...
  • Page 578 Port and protocol VLAN ID(PPVID) : 12 Port and protocol VLAN supported : Yes Port and protocol VLAN enabled : Yes VLAN name of VLAN 12: VLAN 0012 Management VLAN ID Link aggregation supported : Yes Link aggregation enabled : Yes Aggregation port ID : 52 Auto-negotiation supported : Yes...
  • Page 579 Field Description • Bridge—Switching is enabled. • Router—Routing is enabled. • Repeater—Signal repeating is enabled. • Telephone—The local device is acting as a telephone. • DocsisCableDevice—The local device is acting as a DOCSIS-compliant cable device. • StationOnly—The local device is acting as a station only. •...
  • Page 580 Field Description PSE power supported Indicates whether the device can operate as a PSE. PSE power enabled Indicates whether the device is operating as a PSE. PSE pairs control ability Indicates whether the pair selection ability is available. Power supply mode: •...

  • Page 581: Display Lldp Neighbor-Information

    Field Description • High. • Low. PoE power receiving priority of PD ports: • Unknown. • Port PD priority Critical. • High. • Low. Available PoE power on PSE ports, or power needed on PD ports, in Port available power value watts.
  • Page 582 : 121 Port description : Ten-GigabitEthernet1/0/1 Interface System name : Sysname System description : H3C Comware Platform Software System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Customer Bridge Management address type : IPv4 Management address : 192.168.1.55...
  • Page 583 : 121 Port description : Ten-GigabitEthernet1/0/1 Interface System name : Sysname System description : H3C Comware Platform Software System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Customer Bridge Management address type : IPv4 Management address : 192.168.1.55...
  • Page 584 : 121 Port description : Ten-GigabitEthernet1/0/1 Interface System name : Sysname System description : H3C Comware Platform Software System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge System capabilities enabled : Bridge, Router, Customer Bridge Management address type : IPv4 Management address : 192.168.1.55...
  • Page 585 Maximum frame size : 1500 # Display the brief LLDP information that all LLDP agents on all ports received from the neighboring devices. <Sysname> display lldp neighbor-information LLDP neighbor-information of port 52[Ten-GigabitEthernet1/0/3]: LLDP agent nearest-bridge: LLDP neighbor index : 3 LLDP mac type : Nearest Bridge ChassisID/subtype...
  • Page 586 Field Description Type of the neighbor MAC address: • Nearest bridge. LLDP mac type • Nearest customer bridge. • Nearest non-TPMR bridge. Chassis ID type: • Chassis component. • Interface alias. • Port component. • Chassis type MAC address. • Network address (ipv4).
  • Page 587 Field Description DOCSIS-compliant cable device. • StationOnly—The neighboring device is acting as a station only. • Customer Bridge—The customer bridge feature is enabled. • Service Bridge—The service bridge feature is enabled. • TPMR—The TPMR feature is enabled. • Other—Features other than those listed above are supported.

  • Page 588: Display Lldp Statistics

    Field Description Reserved.  • When the power supply type is PD, options are:: Unknown—Unknown power supply.  PSE—PSE power supply.  Local—Local power supply.  PSE and local—PSE and local power supplies.  • Unknown. • Critical. Power priority •...
  • Page 589 Views Any view Predefined user roles network-admin network-operator Parameters global: Displays the global LLDP statistics. interface interface-type interface-number: Specifies a port by its type and number. agent: Specifies an LLDP agent type. If you do not specify an agent type, the command displays the statistics for all LLDP agents.
  • Page 590 The number of LLDP TLVs discarded The number of LLDP TLVs unrecognized The number of LLDP neighbor information aged out : 0 The number of CDP frames transmitted The number of CDP frames received The number of CDP frames discarded The number of CDP error frames LLDP agent nearest-customer: The number of LLDP frames transmitted...
  • Page 591 display lldp status Use display lldp status to display LLDP status. Syntax display lldp status [ interface interface-type interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies a port by its type and number. If you do not specify this option, the command displays the global LLDP status and the LLDP status of all ports.
  • Page 592 Number of sent optional TLV : 12 Number of received unknown TLV : 5 LLDP agent nearest-nontpmr: Port status of LLDP : Enable Admin status : TX_RX Trap flag : No Polling interval : 0s Number of LLDP neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV : 12...

  • Page 593: Display Lldp Tlv-Config

    Field Description Polling interval LLDP polling interval, which is 0 when LLDP polling is disabled. Number of neighbors Number of LLDP neighbors connecting to the port. Number of MED neighbors Number of MED neighbors connecting to the port. Number of CDP neighbors Number of CDP neighbors connecting to the port.
  • Page 594 Port VLAN ID TLV Port And Protocol VLAN ID TLV VLAN Name TLV DCBX TLV EVB TLV Link Aggregation TLV Management VID TLV IEEE 802.3 extend TLV: MAC-Physic TLV Power via MDI TLV Maximum Frame Size TLV Energy-Efficient Ethernet TLV LLDP-MED extend TLV: Capabilities TLV Network Policy TLV...
  • Page 595 Basic optional TLV: Port Description TLV System Name TLV System Description TLV System Capabilities TLV Management Address TLV IEEE 802.1 extend TLV: Port VLAN ID TLV Port And Protocol VLAN ID TLV VLAN Name TLV DCBX TLV EVB TLV Link Aggregation TLV Management VID TLV IEEE 802.3 extend TLV: MAC-Physic TLV...

  • Page 596: Lldp Admin-Status

    Field Description • Link aggregation TLV. • Maximum frame size TLV. LLDP-MED TLVs: • Capabilities TLV. • Network Policy TLV. LLDP-MED extend TLV • Extended Power-via-MDI TLV. • Location Identification TLV. • Inventory TLV. Inventory TLVs: • Hardware Revision TLV. •...

  • Page 597: Lldp Check-Change-Interval

    nearest-customer: Specifies nearest customer bridge agents. nearest-nontpmr: Specifies nearest non-TPMR bridge agents. disable: Specifies the Disable mode. A port in this mode cannot send or receive LLDP frames. rx: Specifies the Rx mode. A port in this mode can only receive LLDP frames. tx: Specifies the Tx mode.

  • Page 598: Lldp Compliance Admin-Status Cdp

    Examples # Enable LLDP polling and set the polling interval to 30 seconds for the nearest customer bridge agents on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] lldp agent nearest-customer check-change-interval 30 lldp compliance admin-status cdp Use lldp compliance admin-status cdp to set the operating mode of CDP-compatible LLDP. Use undo lldp compliance admin-status cdp to restore the default.

  • Page 599: Lldp Compliance Cdp

    lldp compliance cdp Use lldp compliance cdp to enable CDP compatibility. Use undo lldp compliance cdp to disable CDP compatibility. Syntax lldp compliance cdp undo lldp compliance cdp Default CDP compatibility is disabled. Views System view Predefined user roles network-admin Usage guidelines The maximum TTL that CDP allows is 255 seconds.

  • Page 600: Lldp Encapsulation Snap

    Usage guidelines LLDP takes effect on a port only when LLDP is enabled both globally and on the port. Examples # Disable LLDP on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] undo lldp enable Related commands lldp global enable lldp encapsulation snap Use lldp encapsulation snap to set the encapsulation format for LLDP frames to SNAP.

  • Page 601: Lldp Fast-Count

    [Sysname-Ten-GigabitEthernet1/0/1] lldp encapsulation snap lldp fast-count Use lldp fast-count to set the number of LLDP frames sent each time fast LLDP frame transmission is triggered. Use undo lldp fast-count to restore the default. Syntax lldp fast-count count undo lldp fast-count Default The number is 4.

  • Page 602: Lldp Hold-Multiplier

    <Sysname> system-view [Sysname] undo lldp global enable Related commands lldp enable lldp hold-multiplier Use lldp hold-multiplier to set the TTL multiplier. Use undo lldp hold-multiplier to restore the default. Syntax lldp hold-multiplier value undo lldp hold-multiplier Default The TTL multiplier is 4. Views System view Predefined user roles...

  • Page 603: Lldp Management-Address-Format String

    Default LLDP PVID inconsistency check is enabled. Views System view Default command level network-admin Usage guidelines By default, when the system receives an LLDP packet, it compares the PVID value contained in packet with the PVID configured on the receiving interface. If the two PVIDs do not match, a log message will be printed to notify the user.

  • Page 604: Lldp Max-Credit

    nearest-nontpmr: Specifies nearest non-TPMR bridge agents. Usage guidelines LLDP neighbors must use the same encoding format for the management address. Examples # Set the encoding format of the management address to string for the nearest customer bridge agents on Ten-GigabitEthernet 1/0/1. <Sysname>...

  • Page 605: Lldp Notification Med-Topology-Change Enable

    Predefined user roles network-admin Parameters service-bridge: Specifies the service bridge mode. Usage guidelines The LLDP agent types supported by LLDP depend on the LLDP bridge mode: • Service bridge mode—LLDP supports nearest bridge agents and nearest non-TPMR bridge agents. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in the VLAN.

  • Page 606: Lldp Notification Remote-Change Enable

    lldp notification remote-change enable Use lldp notification remote-change enable to enable LLDP trapping. Use undo lldp notification remote-change enable to disable LLDP trapping. Syntax In Layer 2 Ethernet view or management Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] notification remote-change enable undo lldp [ agent { nearest-customer | nearest-nontpmr } ] notification remote-change enable In Layer 2 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } notification remote-change enable...

  • Page 607: Lldp Timer Notification-Interval

    Views System view Predefined user roles network-admin Parameters interval: Sets an interval for fast LLDP frame transmission, in the range of 1 to 3600 seconds. Examples # Set the interval for fast LLDP frame transmission to 2 seconds. <Sysname> system-view [Sysname] lldp timer fast-interval 2 lldp timer notification-interval Use lldp timer notification-interval to set the LLDP trap and LLDP-MED trap transmission interval.

  • Page 608: Lldp Timer Tx-Interval

    Views System view Predefined user roles network-admin Parameters delay: Sets the LLDP reinitialization delay in the range of 1 to 10 seconds. Examples # Set the LLDP reinitialization delay to 4 seconds. <Sysname> system-view [Sysname] lldp timer reinit-delay 4 lldp timer tx-interval Use lldp timer tx-interval to set the LLDP frame transmission interval.
  • Page 609 | inventory | network-policy [ vlan-id ] | power-over-ethernet | location-id { civic-address device-type country-code { ca-type ca-value }&<1-10> | elin-address tel-number } } } undo lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | port-vlan-id | link-aggregation | protocol-vlan-id | vlan-name | management-vid } | dot3-tlv { all | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | network-policy [ vlan-id ] | power-over-ethernet | location-id } }...
  • Page 610 • undo lldp tlv-enable dot1-tlv { protocol-vlan-id | vlan-name | management-vid } Default On Layer 2 Ethernet interfaces: • Nearest bridge agents can advertise all types of LLDP TLVs except the following types: Location identification TLVs.  Port and protocol VLAN ID TLVs. ...
  • Page 611 management-address-tlv [ ipv6 ] [ ip-address | interface loopback interface-number ]: Advertises management address TLVs. The ipv6 keyword indicates that the management address to be advertised is in IPv6 format. If you do not specify this keyword, the management address in IPv4 format will be advertised.
  • Page 612 med-tlv: Advertises LLDP-MED TLVs. capability: Advertises LLDP-MED capabilities TLVs. inventory: Advertises the following TLVs: hardware revision, firmware revision, software revision, serial number, manufacturer name, model name, and asset ID. location-id: Advertises location identification TLVs. civic-address: Inserts the typical address information about the network device in location identification TLVs .
  • Page 613 H3C S6812 & S6813 Switch Series Layer 3—IP Services Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 510x Document version: 6W102-20230313...
  • Page 614 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 615 Preface This command reference describes the IP services configuration commands. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...
  • Page 616 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 617 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
  • Page 618 Contents ARP commands ····························································································· 1 arp check enable ········································································································································ 1 arp check log enable ·································································································································· 1 arp max-learning-num ································································································································ 2 arp max-learning-number ··························································································································· 3 arp multiport ··············································································································································· 3 arp smooth ················································································································································· 4 arp static ····················································································································································· 5 arp timer aging ··········································································································································· 6 display arp ··················································································································································...

  • Page 619: Arp Commands

    ARP commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Predefined user roles...

  • Page 620: Arp Max-Learning-Num

    Usage guidelines This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The device can log the following ARP events: • On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not the IP address of the receiving interface.

  • Page 621: Arp Multiport

    [Sysname] interface vlan-interface 40 [Sysname-Vlan-interface40] arp max-learning-num 10 # Specify Ten-GigabitEthernet 1/0/1 to learn a maximum of 10 dynamic ARP entries. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] arp max-learning-num 10 # Specify Layer 2 aggregate interface Bridge-Aggregation 1 to learn a maximum of 10 dynamic ARP entries.

  • Page 622: Arp Smooth

    Syntax arp multiport ip-address mac-address vlan-id undo arp ip-address Default No multiport ARP entries exist. Views System view Predefined user roles network-admin Parameters ip-address: Specifies an IP address for the multiport ARP entry. mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H. vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094.

  • Page 623: Arp Static

    arp static Use arp static to configure a static ARP entry. Use undo arp to delete an ARP entry. Syntax arp static ip-address mac-address [ vlan-id interface-type interface-number ] undo arp ip-address Default No static ARP entries exist. Views System view Predefined user roles network-admin Parameters...

  • Page 624: Arp Timer Aging

    [Sysname] arp static 202.38.10.2 00e0-fc01-0000 10 ten-gigabitethernet 1/0/1 Related commands display arp reset arp arp timer aging Use arp timer aging to set the aging timer for dynamic ARP entries. Use undo arp timer aging to restore the default. Syntax arp timer aging aging-time undo arp timer aging Default...
  • Page 625 Predefined user roles network-admin network-operator Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. multiport: Displays multiport ARP entries. static: Displays static ARP entries. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ARP entries for the master device.
  • Page 626 Interface/Link ID: 0x1 VPN Instance : [No Vrf] VSI Name : vpna VSI Interface : Vsi1 # Display the number of all ARP entries. <Sysname> display arp all count Total number of entries : 4 Table 1 Command output Field Description IP Address IP address in an ARP entry.

  • Page 627: Display Arp Entry-Limit

    reset arp display arp entry-limit Use display arp entry-limit to display the maximum number of ARP entries that a device supports. Syntax display arp entry-limit Views Any view Predefined user roles network-admin network-operator Examples # Display the maximum number of ARP entries that the device supports. <Sysname>...

  • Page 628: Display Arp Timer Aging

    Related commands arp static reset arp display arp timer aging Use display arp timer aging to display the aging timer of dynamic ARP entries. Syntax display arp timer aging Views Any view Predefined user roles network-admin network-operator Examples # Display the aging timer of dynamic ARP entries. <Sysname>...
  • Page 629 <Sysname> reset arp static Related commands arp static display arp...

  • Page 630: Gratuitous Arp Commands

    Gratuitous ARP commands arp ip-conflict log prompt Use arp ip-conflict log prompt to enable IP conflict notification. Use undo arp ip-conflict log prompt to restore the default. Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default IP conflict notification is disabled. Views System view Predefined user roles...

  • Page 631: Gratuitous-Arp-Learning Enable

    Predefined user roles network-admin Parameters interval interval: Specifies the sending interval in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This feature takes effect on an interface only when the interface has an IP address and the data link layer state of the interface is up.

  • Page 632: Gratuitous-Arp-Sending Enable

    Examples # Enable learning of gratuitous ARP packets. <Sysname> system-view [Sysname] gratuitous-arp-learning enable gratuitous-arp-sending enable Use gratuitous-arp-sending enable to enable sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet. Use undo gratuitous-arp-sending enable to disable sending gratuitous ARP packets upon receiving ARP requests whose sender IP address is on a different subnet.

  • Page 633: Proxy Arp Commands

    Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the local proxy ARP status for all interfaces.

  • Page 634: Local-Proxy-Arp Enable

    Examples # Display the proxy ARP status on VLAN-interface 2. <Sysname> display proxy-arp interface vlan-interface 2 Interface Vlan-interface2 Proxy ARP status: disabled Related commands proxy-arp enable local-proxy-arp enable Use local-proxy-arp enable to enable local proxy ARP. Use undo local-proxy-arp enable to disable local proxy ARP. Syntax local-proxy-arp enable [ ip-range start-ip-address to end-ip-address ] undo local-proxy-arp enable...

  • Page 635: Proxy-Arp Enable

    Related commands display local-proxy-arp proxy-arp enable Use proxy-arp enable to enable proxy ARP. Use undo proxy-arp enable to disable proxy ARP. Syntax proxy-arp enable undo proxy-arp enable Default Proxy ARP is disabled. Views VLAN interface view Predefined user roles network-admin Usage guidelines Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network.

  • Page 636: Arp Snooping Commands

    ARP snooping commands arp snooping enable Use arp snooping enable to enable ARP snooping. Use undo arp snooping enable to disable ARP snooping. Syntax arp snooping enable undo arp snooping enable Default ARP snooping is disabled. Views VLAN view Predefined user roles network-admin Examples # Enable ARP snooping for VLAN 2.

  • Page 637: Reset Arp Snooping

    Examples # Display ARP snooping entries for VLAN 2. <Sysname> display arp snooping vlan 2 IP Address MAC Address VLAN ID Interface Aging Status 3.3.3.3 0003-0003-0003 2 XGE1/0/1 Valid 3.3.3.4 0004-0004-0004 2 XGE1/0/2 Invalid # Display the number of the ARP snooping entries. <Sysname>...
  • Page 638 <Sysname> reset arp snooping vlan 2 Related commands display arp snooping...
  • Page 639 Contents IP addressing commands ·············································································· 1 display ip interface ····································································································································· 1 display ip interface brief ····························································································································· 3 ip address ··················································································································································· 5...

  • Page 640: Ip Addressing Commands

    IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays IP configuration and statistics for all Layer 3 interfaces.
  • Page 641 Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 1 Command output Field Description Physical link state of the interface: • Administrative DOWN—The interface has been shut down by using the shutdown command. current state •...

  • Page 642: Display Ip Interface Brief

    Field Description ICMP packet input number: Total number of ICMP packets received on the interface (statistics start at Echo reply: the device startup): • Unreachable: Echo reply packets. • Unreachable packets. Source quench: • Source quench packets. Routing redirect: • Routing redirect packets.
  • Page 643 Examples # Display brief IP configuration for VLAN interfaces. <Sysname> display ip interface vlan-interface brief *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP address VPN instance Description Vlan10 down down 6.6.6.1 Link to Co... # Display brief IP configuration for VLAN interfaces, including complete interface descriptions. <Sysname>...

  • Page 644: Ip Address

    ip address Use ip address to assign an IP address to the interface. Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address ip-address { mask-length | mask } [ sub ] Default No IP address is assigned to an interface.
  • Page 645 Contents DHCP commands ·························································································· 1 Common DHCP commands ······························································································································· 1 dhcp client-detect ······································································································································· 1 Syntax ··········································································································· 1 Default ··········································································································· 1 Views ············································································································· 1 Interface view ································································································ 1 Predefined user roles ····················································································· 1 Usage guidelines ··························································································· 1 Examples ······································································································· 1 dhcp dscp ··················································································································································· 1 Syntax ···········································································································...
  • Page 646 Syntax ··········································································································· 2 Default ··········································································································· 3 Views ············································································································· 3 System view ·································································································· 3 Predefined user roles ····················································································· 3 Usage guidelines ··························································································· 3 Examples ······································································································· 3 dhcp select ················································································································································· 3 Syntax ··········································································································· 3 Default ··········································································································· 3 Views ············································································································· 3 Interface view ································································································ 3 Predefined user roles ·····················································································...
  • Page 647 Syntax ··········································································································· 5 Default ··········································································································· 5 Views ············································································································· 5 DHCP address pool view ··············································································· 5 Predefined user roles ····················································································· 5 Parameters ···································································································· 5 Usage guidelines ··························································································· 5 Examples ······································································································· 5 Related commands ························································································ 6 bootfile-name ············································································································································· 6 Syntax ··········································································································· 6 Default ···········································································································...
  • Page 648 Syntax ··········································································································· 7 Default ··········································································································· 7 Views ············································································································· 8 DHCP address pool view ··············································································· 8 Predefined user roles ····················································································· 8 Parameters ···································································································· 8 Usage guidelines ··························································································· 8 Examples ······································································································· 8 Related commands ························································································ 8 class range ················································································································································· 8 Syntax ··········································································································· 8 Default ···········································································································...
  • Page 649 Syntax ········································································································· 10 Default ········································································································· 10 Views ··········································································································· 10 Interface view ······························································································ 10 Predefined user roles ··················································································· 10 Parameters ·································································································· 10 Usage guidelines ························································································· 10 Examples ····································································································· 10 Related commands ······················································································ 10 dhcp class ················································································································································ 10 Syntax ········································································································· 11 Default ········································································································· 11 Views ···········································································································...
  • Page 650 Syntax ········································································································· 12 Default ········································································································· 12 Views ··········································································································· 12 System view ································································································ 12 Predefined user roles ··················································································· 12 Parameters ·································································································· 12 Usage guidelines ························································································· 12 Examples ····································································································· 12 Related commands ······················································································ 12 dhcp server always-broadcast ················································································································· 13 Syntax ········································································································· 13 Default ·········································································································...
  • Page 651 Syntax ········································································································· 14 Default ········································································································· 14 Views ··········································································································· 14 System view ································································································ 14 Predefined user roles ··················································································· 14 Usage guidelines ························································································· 14 Examples ····································································································· 14 dhcp server bootp reply-rfc-1048 ············································································································· 15 Use undo dhcp server bootp reply-rfc-1048 to disable this feature. ········· 15 Syntax ·········································································································...
  • Page 652 Syntax ········································································································· 17 Default ········································································································· 17 Views ··········································································································· 17 System view ································································································ 17 Predefined user roles ··················································································· 17 Parameters ·································································································· 17 Usage guidelines ························································································· 17 Examples ····································································································· 17 <Sysname> system-view ············································································· 17 Related commands ······················································································ 17 dhcp server database update now ··········································································································· 17 Syntax ·········································································································...
  • Page 653 Syntax ········································································································· 19 Default ········································································································· 19 Views ··········································································································· 19 System view ································································································ 19 Predefined user roles ··················································································· 19 Parameters ·································································································· 19 Usage guidelines ························································································· 19 Examples ····································································································· 19 Related commands ······················································································ 19 dhcp server ip-pool ··································································································································· 19 Syntax ········································································································· 19 Default ·········································································································...
  • Page 654 Syntax ········································································································· 21 Default ········································································································· 21 Views ··········································································································· 21 System view ································································································ 21 Predefined user roles ··················································································· 21 Parameters ·································································································· 21 Usage guidelines ························································································· 21 Examples ····································································································· 21 Related commands ······················································································ 21 dhcp server relay information enable ······································································································· 22 Syntax ········································································································· 22 Default ·········································································································...
  • Page 655 Syntax ········································································································· 23 Views ··········································································································· 23 Any view ······································································································ 23 Predefined user roles ··················································································· 23 Examples ····································································································· 23 <Sysname> display dhcp server database ·················································· 23 display dhcp server expired ····················································································································· 24 Syntax ········································································································· 24 Views ··········································································································· 24 Any view ······································································································ 24 Predefined user roles ···················································································...
  • Page 656 Syntax ········································································································· 26 Views ··········································································································· 26 Any view ······································································································ 26 Predefined user roles ··················································································· 26 Parameters ·································································································· 26 Usage guidelines ························································································· 26 Examples ····································································································· 26 <Sysname> display dhcp server ip-in-use ··················································· 26 Related commands ······················································································ 27 display dhcp server pool ·························································································································· 27 Syntax ·········································································································...
  • Page 657 Syntax ········································································································· 31 Default ········································································································· 31 Views ··········································································································· 31 DHCP address pool view ············································································· 31 Predefined user roles ··················································································· 31 Parameters ·································································································· 31 Usage guidelines ························································································· 31 Examples ····································································································· 31 Related commands ······················································································ 31 domain-name ··········································································································································· 32 Syntax ········································································································· 32 Default ·········································································································...
  • Page 658 Syntax ········································································································· 33 Default ········································································································· 33 Views ··········································································································· 33 DHCP address pool view ············································································· 33 Predefined user roles ··················································································· 33 Parameters ·································································································· 33 Usage guidelines ························································································· 33 Examples ····································································································· 34 Related commands ······················································································ 34 gateway-list ·············································································································································· 34 Syntax ········································································································· 34 Default ·········································································································...
  • Page 659 Use undo ip-in-use threshold to restore the default. ································· 37 Syntax ········································································································· 37 Default ········································································································· 37 Views ··········································································································· 37 DHCP address pool view ············································································· 37 Predefined user roles ··················································································· 37 Parameters ·································································································· 37 Usage guidelines ························································································· 37 Examples ····································································································· 38 nbns-list ····················································································································································...
  • Page 660 Syntax ········································································································· 39 Default ········································································································· 39 Views ··········································································································· 39 DHCP address pool view ············································································· 39 Predefined user roles ··················································································· 39 Parameters ·································································································· 40 Usage guidelines ························································································· 40 Examples ····································································································· 40 Related commands ······················································································ 40 next-server ··············································································································································· 40 Syntax ········································································································· 40 Default ·········································································································...
  • Page 661 Syntax ········································································································· 42 Views ··········································································································· 42 User view ····································································································· 42 Predefined user roles ··················································································· 42 Parameters ·································································································· 42 Usage guidelines ························································································· 42 Examples ····································································································· 42 Related commands ······················································································ 43 reset dhcp server expired ························································································································· 43 Syntax ········································································································· 43 Views ··········································································································· 43 User view ·····································································································...
  • Page 662 Syntax ········································································································· 44 Views ··········································································································· 44 User view ····································································································· 44 Predefined user roles ··················································································· 44 Examples ····································································································· 44 Related commands ······················································································ 44 static-bind ················································································································································· 44 Syntax ········································································································· 44 Default ········································································································· 44 Views ··········································································································· 44 DHCP address pool view ············································································· 44 Predefined user roles ···················································································...
  • Page 663 Use undo tftp-server ip-address to restore the default. ····························· 46 Syntax ········································································································· 46 Default ········································································································· 46 Views ··········································································································· 46 DHCP address pool view ············································································· 46 Predefined user roles ··················································································· 46 Parameters ·································································································· 46 Usage guidelines ························································································· 46 Examples ····································································································· 46 Related commands ······················································································...
  • Page 664 Syntax ········································································································· 48 Default ········································································································· 48 Views ··········································································································· 48 DHCP address pool view ············································································· 48 Predefined user roles ··················································································· 48 Parameters ·································································································· 48 Usage guidelines ························································································· 48 Examples ····································································································· 48 [Sysname-dhcp-pool-0] voice-config as-ip 10.2.2.2 ····································· 49 Related commands ······················································································ 49 DHCP relay agent commands ·························································································································...
  • Page 665 Use undo dhcp relay client-information record to disable the feature. ···· 50 Syntax ········································································································· 50 Default ········································································································· 50 Views ··········································································································· 50 System view ································································································ 50 Predefined user roles ··················································································· 50 Usage guidelines ························································································· 50 Examples ····································································································· 51 Related commands ······················································································ 51 dhcp relay client-information refresh ········································································································...
  • Page 666 Use undo dhcp relay dhcp-server timeout to restore the default. ············ 52 Syntax ········································································································· 52 Default ········································································································· 52 Views ··········································································································· 53 Interface view ······························································································ 53 Predefined user roles ··················································································· 53 Parameters ·································································································· 53 Usage guidelines ························································································· 53 Examples ····································································································· 53 Related commands ······················································································...
  • Page 667 Use undo dhcp relay information circuit-id to restore the default. ··········· 54 Syntax ········································································································· 54 Default ········································································································· 54 Views ··········································································································· 54 Interface view ······························································································ 54 Predefined user roles ··················································································· 54 Parameters ·································································································· 54 Usage guidelines ························································································· 55 Examples ····································································································· 55 [Sysname-Vlan-interface10] dhcp relay information strategy replace ···········...
  • Page 668 Syntax ········································································································· 57 Default ········································································································· 57 Views ··········································································································· 57 Interface view ······························································································ 57 Predefined user roles ··················································································· 57 Parameters ·································································································· 57 Usage guidelines ························································································· 57 Examples ····································································································· 58 Related commands ······················································································ 58 dhcp relay master-server switch-delay ····································································································· 58 Use undo dhcp relay master-server switch-delay to restore the default. · 58 Syntax ·········································································································...
  • Page 669 Syntax ········································································································· 59 Default ········································································································· 59 Views ··········································································································· 59 Interface view ······························································································ 59 Predefined user roles ··················································································· 59 Parameters ·································································································· 59 Usage guidelines ························································································· 59 Examples ····································································································· 60 Related commands ······················································································ 60 dhcp relay server-address algorithm ········································································································ 60 Use undo dhcp relay server-address algorithm to restore the default. ···· 60 Syntax ·········································································································...
  • Page 670 Syntax ········································································································· 61 Default ········································································································· 62 Views ··········································································································· 62 System view ································································································ 62 Predefined user roles ··················································································· 62 Usage guidelines ························································································· 62 Examples ····································································································· 62 Related commands ······················································································ 62 dhcp-server timeout ································································································································· 62 Syntax ········································································································· 62 Default ········································································································· 62 Views ··········································································································· 62 DHCP address pool view ·············································································...
  • Page 671 Syntax ········································································································· 63 Views ··········································································································· 63 Any view ······································································································ 63 Predefined user roles ··················································································· 63 Parameters ·································································································· 64 Usage guidelines ························································································· 64 Examples ····································································································· 64 Related commands ······················································································ 64 display dhcp relay information ·················································································································· 64 Syntax ········································································································· 65 Views ··········································································································· 65 Any view ······································································································...
  • Page 672 Syntax ········································································································· 68 Default ········································································································· 68 Views ··········································································································· 68 DHCP address pool view ············································································· 68 Predefined user roles ··················································································· 68 Parameters ·································································································· 68 Usage guidelines ························································································· 68 Examples ····································································································· 68 Related commands ······················································································ 68 master-server switch-delay ······················································································································ 68 Use undo master-server switch-delay to restore the default. ··················· 68 Syntax ·········································································································...
  • Page 673 Syntax ········································································································· 70 Default ········································································································· 70 Views ··········································································································· 70 DHCP address pool view ············································································· 70 Predefined user roles ··················································································· 70 Parameters ·································································································· 70 Usage guidelines ························································································· 70 Examples ····································································································· 70 Related commands ······················································································ 70 reset dhcp relay client-information ··········································································································· 70 Syntax ·········································································································...
  • Page 674 Syntax ········································································································· 72 Default ········································································································· 72 Views ··········································································································· 72 System view ································································································ 72 Predefined user roles ··················································································· 72 Usage guidelines ························································································· 72 Examples ····································································································· 72 dhcp client dscp ······································································································································· 72 Syntax ········································································································· 72 Default ········································································································· 72 Views ··········································································································· 72 System view ································································································ 72 Predefined user roles ···················································································...
  • Page 675 Syntax ········································································································· 73 Views ··········································································································· 73 Any view ······································································································ 73 Predefined user roles ··················································································· 74 Parameters ·································································································· 74 Examples ····································································································· 74 <Sysname> display dhcp client ··································································· 74 DHCP server: 40.1.1.2 ················································································· 74 <Sysname> display dhcp client verbose ······················································ 74 Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 ·················· 74 Related commands ······················································································...
  • Page 676 Syntax ········································································································· 77 Default ········································································································· 77 Views ··········································································································· 77 System view ································································································ 77 Predefined user roles ··················································································· 77 Parameters ·································································································· 77 Usage guidelines ························································································· 77 Examples ····································································································· 78 <Sysname> system-view ············································································· 78 <Sysname> system-view ············································································· 78 <Sysname> system-view ············································································· 78 Related commands ······················································································...
  • Page 677 Syntax ········································································································· 79 Views ··········································································································· 79 System view ································································································ 79 Predefined user roles ··················································································· 79 Usage guidelines ························································································· 79 Examples ····································································································· 79 Related commands ······················································································ 79 dhcp snooping binding record ·················································································································· 79 Syntax ········································································································· 79 Default ········································································································· 79 Views ··········································································································· 79 Layer 2 Ethernet interface/Layer 2 aggregate interface view ·······················...
  • Page 678 Syntax ········································································································· 81 Default ········································································································· 81 Views ··········································································································· 81 Layer 2 Ethernet interface/Layer 2 aggregate interface view ······················· 81 Predefined user roles ··················································································· 81 Usage guidelines ························································································· 81 Examples ····································································································· 81 dhcp snooping enable ······························································································································ 81 Syntax ········································································································· 82 Default ········································································································· 82 Views ···········································································································...
  • Page 679 Syntax ········································································································· 84 Default ········································································································· 84 Views ··········································································································· 84 Layer 2 Ethernet interface view ··································································· 84 Predefined user roles ··················································································· 84 Usage guidelines ························································································· 84 Examples ····································································································· 84 Related commands ······················································································ 84 dhcp snooping information remote-id ······································································································· 84 Use undo dhcp snooping information remote-id to restore the default. ·· 85 Syntax ·········································································································...
  • Page 680 Syntax ········································································································· 87 Default ········································································································· 87 Views ··········································································································· 87 System view ································································································ 87 Predefined user roles ··················································································· 87 Usage guidelines ························································································· 87 Examples ····································································································· 87 dhcp snooping max-learning-num ············································································································ 87 Use undo dhcp snooping max-learning-num to restore the default. ········ 87 Syntax ·········································································································...
  • Page 681 Syntax ········································································································· 88 Default ········································································································· 88 Views ··········································································································· 88 Layer 2 Ethernet interface/Layer 2 aggregate interface view ······················· 88 Predefined user roles ··················································································· 89 Usage guidelines ························································································· 89 Examples ····································································································· 89 Related commands ······················································································ 89 display dhcp snooping binding ················································································································· 89 Syntax ·········································································································...
  • Page 682 Syntax ········································································································· 91 Views ··········································································································· 91 Any view ······································································································ 91 Predefined user roles ··················································································· 91 Parameters ·································································································· 91 Examples ····································································································· 91 Padding format: User Defined ······································································ 91 Format: ASCII ······························································································ 92 VLAN 10: ····································································································· 92 Circuit ID: abcd ···························································································· 92 display dhcp snooping packet statistics ···································································································...
  • Page 683 Syntax ········································································································· 93 Views ··········································································································· 93 User view ····································································································· 93 Predefined user roles ··················································································· 93 Parameters ·································································································· 93 Examples ····································································································· 94 Related commands ······················································································ 94 reset dhcp snooping packet statistics ······································································································ 94 Syntax ········································································································· 94 Views ··········································································································· 94 User view ····································································································· 94 Predefined user roles ···················································································...
  • Page 684 DHCP commands Common DHCP commands dhcp client-detect Use dhcp client-detect to enable client offline detection on the DHCP server or DHCP relay agent. Use undo dhcp client-detect to disable client offline detection on the DHCP server or DHCP relay agent. Syntax dhcp client-detect undo dhcp client-detect...
  • Page 685 Predefined user roles network-admin Parameters dscp-value: Specifies the DSCP value for DHCP packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCP packets sent by the DHCP server or the DHCP relay agent.
  • Page 686 Default DHCP server logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCP server to generate DHCP logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.
  • Page 687 • When receiving DHCP requests from DHCP clients, the proxy forwards them to the DHCP server. • When receiving DHCP responses from the DHCP server, the proxy modifies the DHCP server's IP address in these responses as its own IP address. Examples # Enable the DHCP relay agent on VLAN-interface 2.
  • Page 688 The address range specified by the address range command must be within the subnet specified by the network command. The addresses outside of the subnet cannot be assigned. Examples # Specify an address range of 192.168.8.1 through 192.168.8.150 in address pool 1. <Sysname>...
  • Page 689 [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc Related commands display dhcp server pool bootfile-name Use bootfile-name to specify a configuration file name or URL. Use undo bootfile-name to restore the default. Syntax bootfile-name { bootfile-name | url } undo bootfile-name Default No configuration file name or URL is specified.
  • Page 690 class ip-pool Use class ip-pool to specify a DHCP address pool for a DHCP user class. Use undo class ip-pool to remove the DHCP address pool specified for a DHCP user class. Syntax class class-name ip-pool pool-name undo class class-name ip-pool Default No DHCP address pool is specified for a DHCP user class.
  • Page 691 Views DHCP address pool view Predefined user roles network-admin Parameters class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters. option-group-number: Specifies a DHCP option group by its number in the range of 1 to 32768. Usage guidelines When receiving a DHCP-DISCOVER message, the server compares the client against the user classes in the order that they are specified by this command.
  • Page 692 start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address. Usage guidelines The class range command allows you to divide an address range into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary subnet specified by the network command.
  • Page 693 You can specify only one default address pool in a DHCP policy. If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify DHCP address pool pool1 as the default DHCP address pool in DHCP policy 1. <Sysname>...
  • Page 694 Syntax dhcp class class-name undo dhcp class class-name Default No DHCP user classes exist. Views System view Predefined user roles network-admin Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. Usage guidelines In the DHCP user class view, you can use the if-match command to configure match rules to group clients to the user class.
  • Page 695 Predefined user roles network-admin Parameters option-group-number: Assigns a number to the DHCP option group, in the range of 1 to 32768. Examples # Create DHCP option group 1 and enter DHCP option group view. <Sysname> system-view [Sysname] dhcp option-group 1 [Sysname-dhcp-option-group-1] Related commands class option-group...
  • Page 696 dhcp apply-policy dhcp class dhcp server always-broadcast Use dhcp server always-broadcast to enable the DHCP server to broadcast all responses. Use undo dhcp server always-broadcast to restore the default. Syntax dhcp server always-broadcast undo dhcp server always-broadcast Default The DHCP server reads the broadcast flag in a DHCP request to decide whether to broadcast or unicast the response.
  • Page 697 Predefined user roles network-admin Parameters pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63 characters. Usage guidelines Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for the client from all address pools.
  • Page 698 dhcp server bootp reply-rfc-1048 Use dhcp server bootp reply-rfc-1048 to enable the sending of BOOTP responses in RFC 1048 format. Use undo dhcp server bootp reply-rfc-1048 to disable this feature. Syntax dhcp server bootp reply-rfc-1048 undo dhcp server bootp reply-rfc-1048 Default This feature is disabled.
  • Page 699 Parameters filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide. url url: Specifies the URL of a remote backup file, a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL. username username: Specifies the username for accessing the URL of the remote backup file, a case-sensitive string of 1 to 32 characters.
  • Page 700 dhcp server database update stop dhcp server database update interval Use dhcp server database update interval to set the waiting time for the DHCP server to update the backup file after a DHCP binding change. Use undo dhcp server database update interval to restore the default. Syntax dhcp server database update interval interval undo dhcp server database update interval...
  • Page 701 Predefined user roles network-admin Usage guidelines Each time this command is executed, the DHCP bindings are saved to the backup file. For this command to take effect, you must configure the DHCP auto backup by using the dhcp server database filename command. Examples # Manually save the DHCP bindings to the backup file.
  • Page 702 dhcp server forbidden-ip Use dhcp server forbidden-ip to exclude IP addresses from dynamic allocation globally. Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip start-ip-address [ end-ip-address ] undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] Default No IP addresses are excluded from dynamic allocation globally.
  • Page 703 Default No DHCP address pools exist. Views System view Predefined user roles network-admin Parameters pool-name: Specifies a DHCP address pool name, a case-insensitive string of 1 to 63 characters. The pool name uniquely identifies an address pool. Usage guidelines A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients. Examples # Create a DHCP address pool named pool1.
  • Page 704 If a ping attempt succeeds, the server determines that the IP address is in use and picks a new IP address. If all the ping attempts fail, the server assigns the IP address to the requesting DHCP client. Examples # Set the maximum number of ping packets to 10. <Sysname>...
  • Page 705 dhcp server relay information enable Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option Syntax dhcp server relay information enable undo dhcp server relay information enable Default The DHCP server handles Option 82.
  • Page 706 • The DHCP server discovers that the only assignable address in the address pool is its own IP address. Examples # Display information about all IP address conflicts. <Sysname> display dhcp server conflict IP address Detect time 4.4.4.1 Apr 25 16:57:20 2007 4.4.4.2 Apr 25 17:00:10 2007 Table 1 Command output...
  • Page 707 Field Description Waiting time in seconds after a DHCP binding change for the DHCP Update interval server to update the backup file. Latest write time Time of the latest update. Status of the update: • Writing—The backup file is being updated. •...
  • Page 708 Related commands reset dhcp server expired display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses. Syntax display dhcp server free-ip [ pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Displays assignable IP addresses in the specified address pool.
  • Page 709 network display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about assigned IP addresses. Syntax display dhcp server ip-in-use [ ip ip-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip ip-address: Displays binding information about the specified assigned IP address. If you do not specify an IP address, this command displays binding information about all assigned IP addresses.
  • Page 710 Field Description Lease expiration time: • Exact time (May 1 14:02:49 2015 in this example)—Time when the lease will expire. • Lease expiration Not used—The IP address of the static binding has not been assigned to the specific client. • Unlimited—Infinite lease expiration time.
  • Page 711 option 2 ip-address 1.1.1.1 expired 1 2 3 0 Pool name: 1 Network 20.1.1.0 mask 255.255.255.0 secondary networks: 20.1.2.0 mask 255.255.255.0 20.1.3.0 mask 255.255.255.0 bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU= forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37 forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24 gateway-list 1.1.1.1 2.2.2.2 4.4.4.4 nbns-list 5.5.5.5 6.6.6.6 7.7.7.7 netbios-type m-node...
  • Page 712 Field Description static bindings Static IP-to-MAC/client ID bindings. option Customized DHCP option. Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3 expired minutes 4 seconds. bootfile-name Boot file name dns-list DNS server IP address. domain-name Domain name suffix.
  • Page 713 Bindings: Automatic: Manual: Expired: Conflict: Messages received: DHCPDISCOVER: DHCPREQUEST: DHCPDECLINE: DHCPRELEASE: DHCPINFORM: BOOTPREQUEST: Messages sent: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: Bad Messages: Table 7 Command output Field Description Total number of address pools. This field is not displayed when you Pool number display statistics for a specific address pool.
  • Page 714 Field Description DHCP packets sent to clients: • DHCPOFFER. • DHCPACK. • Messages sent DHCPNAK. • BOOTPREPLY. This field is not displayed if statistics about a specific address pool are displayed. Number of bad messages. This field is not displayed if you display Bad Messages statistics for a specific address pool.
  • Page 715 domain-name Use domain-name to specify a domain name in a DHCP address pool. Use undo domain-name to restore the default. Syntax domain-name domain-name undo domain-name Default No domain name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters.

  • Page 716: Syntax

    hour hour: Specifies the number of hours, in the range of 0 to 23. The default is 0. minute minute: Specifies the number of minutes, in the range of 0 to 59. The default is 0. second second: Specifies the number of seconds, in the range of 0 to 59. The default is 0. unlimited: Specifies the unlimited lease duration, which is actually 136 years.

  • Page 717: Examples

    If you do not specify any parameters, the undo forbidden-ip command removes all excluded IP addresses. Examples # Exclude IP addresses 192.168.1.3 and 192.168.1.10 from dynamic allocation in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] forbidden-ip 192.168.1.3 192.168.1.10 Related commands dhcp server forbidden-ip display dhcp server pool...

  • Page 718: Related Commands

    [Sysname-dhcp-pool-0] gateway-list 10.1.1.1 Related commands display dhcp server pool if-match Use if-match to configure a match rule for a DHCP user class. Use undo if-match to delete a match rule for a DHCP user class. Syntax if-match rule rule-number { hardware-address hardware-address mask hardware-address-mask | option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-address } undo if-match rule rule-number...

  • Page 719: Usage Guidelines

    length length: Specifies the length of the option content to be matched, in the range of 1 to 128 bytes. The length must be the same as the hex-string length. relay-agent gateway-address: Specifies a giaddr field value. The value is an IPv4 address in the dotted decimal notation.

  • Page 720: Related Commands

    <Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 3 option 82 hex 00000080 mask 00000080 # Configure match rule 4 for DHCP user class exam. The rule matches DHCP requests in which the first three bytes of Option 82 are the hexadecimal number 13ae92. <Sysname>...
  • Page 721 Examples # Set the address pool usage threshold to 85%. <Sysname> system-view [Sysname] dhcp server ip-pool p1 [Sysname-dhcp-pool-p1] ip-in-use threshold 85 nbns-list Use nbns-list to specify WINS server addresses in a DHCP address pool. Use undo nbns-list to remove the specified WINS server addresses. Syntax nbns-list ip-address&<1-8>...
  • Page 722 Default No NetBIOS node type is specified. Views DHCP address pool view Predefined user roles network-admin Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node.
  • Page 723 Parameters network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified, the natural mask will be used. mask-length: Specifies the mask length in the range of 1 to 30. mask mask: Specifies the mask in dotted decimal format. secondary: Specifies the subnet as a secondary subnet.
  • Page 724 Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a server. Usage guidelines Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information. If you execute this command multiple times, the most recent configuration takes effect.
  • Page 725 You can customize options for the following purposes: • Add newly released options. • Add options for which the vendor defines the contents, for example, Option 43. • Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients.
  • Page 726 Related commands display dhcp server conflict reset dhcp server expired Use reset dhcp server expired to clear binding information about expired IP addresses. Syntax reset dhcp server expired [ ip ip-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears binding information about the specified expired IP address.
  • Page 727 Usage guidelines If you use this command to clear information about an assigned static binding, the static binding becomes a free static binding. Examples # Clear binding information about IP address 10.110.1.1. <Sysname> reset dhcp server ip-in-use ip 10.110.1.1 Related commands display dhcp server ip-in-use reset dhcp server statistics Use reset dhcp server statistics to clear DHCP server statistics.
  • Page 728 mask-length: Specifies the mask length in the range of 1 to 30. mask mask: Specifies the mask, in dotted decimal format. client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters. The string can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H….
  • Page 729 Parameters domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify TFTP server name aaa in DHCP address pool 0. <Sysname>...
  • Page 730 valid class Use valid class to add DHCP user classes to the whitelist. Use undo valid class to remove DHCP user classes from the whitelist. Syntax valid class class-name&<1-8> undo valid class class-name&<1-8> Default No DHCP user class is listed on the whitelist. Views DHCP address pool view Predefined user roles...
  • Page 731 Usage guidelines After you enable the DHCP user class whitelist, the DHCP server processes requests only from clients on the DHCP user class whitelist. The DHCP user class whitelist does not take effect on clients that request static IP addresses, and the server always processes their requests.
  • Page 732 [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] voice-config ncp-ip 10.1.1.1 [Sysname-dhcp-pool-0] voice-config as-ip 10.2.2.2 [Sysname-dhcp-pool-0] voice-config voice-vlan 3 enable [Sysname-dhcp-pool-0] voice-config fail-over 10.3.3.3 99* Related commands display dhcp server pool DHCP relay agent commands dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.
  • Page 733 dhcp relay check mac-address aging-time Use dhcp relay check mac-address aging-time to set the aging time for MAC address check entries on the DHCP relay agent. Use undo dhcp relay check mac-address aging-time to restore the default. Syntax dhcp relay check mac-address aging-time time undo dhcp relay check mac-address aging-time Default The aging time is 30 seconds.
  • Page 734 Examples # Enable the recording of relay entries on the relay agent. <Sysname> system-view [Sysname] dhcp relay client-information record Related commands dhcp relay client-information refresh dhcp relay client-information refresh enable dhcp relay client-information refresh Use dhcp relay client-information refresh to set the interval at which the DHCP relay agent refreshes relay entries.
  • Page 735 Syntax dhcp relay client-information refresh enable undo dhcp relay client-information refresh enable Default The DHCP relay agent periodically refreshes relay entries. Views System view Predefined user roles network-admin Usage guidelines A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.
  • Page 736 Views Interface view Predefined user roles network-admin Parameters time: Specifies the DHCP server response timeout time in the range of 30 to 65535 seconds. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Set the DHCP server response timeout time to 60 seconds for DHCP server switchover on VLAN-interface 2.
  • Page 737 [Sysname-Vlan-interface2] dhcp relay gateway 10.1.1.1 Related commands gateway-list dhcp relay information circuit-id Use dhcp relay information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option of Option 82. Use undo dhcp relay information circuit-id to restore the default. Syntax dhcp relay information circuit-id { bas | string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] [ interface ] } [ format { ascii | hex } ] }...
  • Page 738 ascii: Specifies the ASCII padding format. hex: Specifies the hex padding format. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration.
  • Page 739 Predefined user roles network-admin Usage guidelines This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands.
  • Page 740 string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option. sysname: Specifies the sysname mode that uses the device name as the content of the Remote ID sub-option.
  • Page 741 For DHCP requests that do not contain Option 82, the DHCP relay agent always adds Option 82 to the requests before forwarding the requests to the DHCP server. If the handling strategy is replace, configure a padding mode and padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure any padding mode or padding format.
  • Page 742 dhcp relay release ip Use dhcp relay release ip to release a client IP address. Syntax dhcp relay release ip ip-address Views System view Predefined user roles network-admin Parameters ip-address: Specifies the IP address to be released. Usage guidelines After you execute this command, the relay agent sends a DHCP-RELEASE packet to the DHCP server and removes the relay entry of the IP address.
  • Page 743 If you do not specify an IP address, the undo dhcp relay server-address command removes all DHCP servers on the interface. Examples # Specify DHCP server address 1.1.1.1 on VLAN-interface 10. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] dhcp relay server-address 1.1.1.1 Related commands dhcp select relay display dhcp relay interface...
  • Page 744 dhcp relay source-address Use dhcp relay source-address to specify the source IP address for DHCP requests. Use undo dhcp relay source-address to restore the default. Syntax dhcp relay source-address { ip-address | interface interface-type interface-number } undo dhcp relay source-address Default No source IP address is specified for DHCP requests.
  • Page 745 undo dhcp smart-relay enable Default The DHCP smart relay feature is disabled. Views System view Predefined user roles network-admin Usage guidelines The smart relay feature allows the relay agent to use secondary IP addresses as the gateway address when the DHCP server does not reply the DHCP-OFFER message. The relay agent initially inserts its primary IP address in the giaddr field before forwarding a request to the DHCP server.

  • Page 746: Syntax

    Examples # Set the DHCP server response timeout time to 60 seconds for DHCP server switchover in DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dhcp-server timeout 60 Related commands remote-server algorithm display dhcp relay check mac-address Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.

  • Page 747: Parameters

    network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. If you do not specify an interface, this command displays relay entries on all interfaces. ip ip-address: Displays the relay entry for the specified IP address. If you do not specify an IP address, this command displays relay entries for all IP addresses.

  • Page 748: Syntax

    Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays Option 82 configuration information for the specified interface. If you do not specify an interface, this command displays Option 82 configuration information about all interfaces.

  • Page 749: Display Dhcp Relay Server-Address

    Circuit ID format-type Padding format of the Circuit ID sub-option, ASCII, Hex, or Undefined. Remote ID format-type Padding format of the Remote ID sub-option, ASCII, Hex, or Undefined. Node identifier Access node identifier. User defined Content of the user-defined sub-options. Circuit ID User-defined content of the Circuit ID sub-option.

  • Page 750: Views

    Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCP packet statistics on the specified interface. If you do not specify an interface, this command displays all DHCP packet statistics on the DHCP relay agent. Examples # Display all DHCP packet statistics on the DHCP relay agent.

  • Page 751: Related Commands

    DHCPNAK: BOOTPREPLY: Related commands reset dhcp relay statistics gateway-list Use gateway-list to specify gateway addresses for DHCP clients in a DHCP address pool. Use undo gateway-list to remove gateway addresses from a DHCP address pool. Syntax gateway-list ip-address&<1-64> undo gateway-list [ ip-address&<1-64> ] Default No gateway address is specified in a DHCP address pool.
  • Page 752 Syntax master-server switch-delay delay-time undo master-server switch-delay Default The DHCP relay agent does not switch back to the master DHCP server. Views DHCP address pool view Predefined user roles network-admin Parameters delay-time: Specifies the delay time in the range of 1 to 65535 minutes. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect.
  • Page 753 Examples # Specify DHCP server 10.1.1.1 for DHCP address pool 0. <Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] remote-server 10.1.1.1 remote-server algorithm Use remote-server algorithm to specify the DHCP server selecting algorithm. Use undo remote-server algorithm to restore the default. Syntax remote-server algorithm { master-backup | polling } undo remote-server algorithm...
  • Page 754 Syntax reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Clears relay entries on the specified interface. If you do not specify an interface, this command clears relay entries on all interfaces. ip ip-address: Clears the relay entry for the specified IP address.
  • Page 755 Syntax dhcp client dad enable undo dhcp client dad enable Default Duplicate address detection is enabled on an interface. Views System view Predefined user roles network-admin Usage guidelines DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply.
  • Page 756 dhcp client identifier Use dhcp client identifier to configure a DHCP client ID for an interface. Use undo dhcp client identifier to restore the default. Syntax dhcp client identifier { ascii ascii-string | hex hex-string | mac interface-type interface-number } undo dhcp client identifier Default An interface generates the DHCP client ID based on its MAC address.
  • Page 757 Predefined user roles network-admin network-operator Parameters verbose: Displays detailed DHCP client information. If you do not specify this keyword, the command displays brief DHCP client information. interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCP client information on all interfaces.
  • Page 758 Field Description Current state of the DHCP client: • HALT—The client stops applying for an IP address. • INIT—The initialization state. • SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers.
  • Page 759 Field Description T1 will timeout in 1 day 11 hours 58 How long the T1 (1/2 lease time) timer will timeout. minutes 52 seconds. Related commands dhcp client identifier ip address dhcp-alloc ip address dhcp-alloc Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition. Use undo ip address dhcp-alloc to cancel an interface from using DHCP.
  • Page 760 Syntax dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } string ] ] } undo dhcp snooping binding database filename Default The DHCP snooping device does not back up DHCP snooping entries. Views System view Predefined user roles...
  • Page 761 Examples # Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp. <Sysname> system-view [Sysname] dhcp snooping binding database filename database.dhcp # Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp in the working directory of the FTP server at 10.1.1.1.
  • Page 762 Related commands dhcp snooping binding database filename dhcp snooping binding database update now Use dhcp snooping binding database update now to manually save DHCP snooping entries to the backup file. Syntax dhcp snooping binding database update now Views System view Predefined user roles network-admin Usage guidelines...
  • Page 763 Examples # Enable the recording of client information in DHCP snooping entries on Ten-GigabitEthernet 1/0/1. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping binding record dhcp snooping check mac-address Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping. Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.
  • Page 764 Predefined user roles network-admin Usage guidelines DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server. With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message.
  • Page 765 Syntax dhcp snooping enable undo dhcp snooping enable Default DHCP snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines Use the DHCP snooping feature together with the trusted port configuration. Trusted ports forward responses from DHCP servers and untrusted ports discard responses from DHCP servers. This mechanism ensures that DHCP clients obtain IP addresses from authorized DHCP servers.
  • Page 766 normal: Specifies the normal mode. The padding content includes the VLAN ID and interface number. verbose: Specifies the verbose mode. The padding content includes the node identifier, interface information, and VLAN ID. The default node identifier is the MAC address of the access node. The default interface information consists of the Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, and interface number.
  • Page 767 [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information strategy replace [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information circuit-id verbose node-identifier sysname format ascii Related commands dhcp snooping information enable dhcp snooping information strategy display dhcp snooping information dhcp snooping information enable Use dhcp snooping information enable to enable DHCP snooping to support Option 82. Use undo dhcp snooping information enable to disable this feature.
  • Page 768 Use undo dhcp snooping information remote-id to restore the default. Syntax dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } } undo dhcp snooping information remote-id [ vlan vlan-id ] Default The padding mode is normal and the padding format is hex.
  • Page 769 dhcp snooping information strategy Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages. Use undo dhcp snooping information strategy to restore the default. Syntax dhcp snooping information strategy { drop | keep | replace } undo dhcp snooping information strategy Default The handling strategy for Option 82 in request messages is replace.
  • Page 770 Syntax dhcp snooping log enable undo dhcp snooping log enable Default DHCP snooping logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCP snooping device to generate DHCP snooping logs and send them to the information center.
  • Page 771 dhcp snooping rate-limit Use dhcp snooping rate-limit to enable DHCP snooping packet rate limit on an interface and set the limit value. Use undo dhcp snooping rate-limit to disable DHCP snooping packet rate limit. Syntax dhcp snooping rate-limit rate undo dhcp snooping rate-limit Default The DHCP snooping packet rate limit is disabled on an interface.
  • Page 772 Predefined user roles network-admin Usage guidelines Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted ports so DHCP clients can obtain valid IP addresses. Examples # Specify Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 as a trusted port. <Sysname>...
  • Page 773 SVLAN: 3 Interface: Ten-GigabitEthernet1/0/1 Parameter requested list: 03 06 21 IP address: 1.1.1.104 MAC address: 0000-0101-010b Lease: 16907537 seconds VLAN: 2 SVLAN: 3 Interface: Ten-GigabitEthernet1/0/3 Parameter requested list: 37 0B 01 0F 03 06 2C 2E 2F 1F 21 F9 2B Table 15 Command output Field Description...
  • Page 774 File name database.dhcp Username Password Update interval 600 seconds Latest write time Feb 27 18:48:04 2012 Status Last write succeeded. Table 16 Command output Field Description File name Name of the DHCP snooping entry backup file. Username Username for accessing the URL of the remote backup file. Password for accessing the URL of the remote backup file.
  • Page 775 Format: ASCII Remote ID: Padding format: Normal Format: ASCII VLAN 10: Circuit ID: abcd Remote ID: company Table 17 Command output Field Description Interface Interface name. Status Option 82 status, Enable or Disable. Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or Strategy Replace.
  • Page 776 Examples # Display DHCP packet statistics for DHCP snooping. <Sysname> display dhcp snooping packet statistics DHCP packets received : 100 DHCP packets sent : 200 Invalid DHCP packets dropped Related commands reset dhcp snooping packet statistics display dhcp snooping trust Use display dhcp snooping trust to display information about trusted ports.
  • Page 777 vlan vlan-id: Clears DHCP snooping entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCP snooping entries for the default VLAN. Examples # Clear all DHCP snooping entries. <Sysname> reset dhcp snooping binding all Related commands display dhcp snooping binding reset dhcp snooping packet statistics...
  • Page 778 Examples # Display BOOTP client information on VLAN-interface 10. <Sysname> display bootp client interface vlan-interface 10 Vlan-interface10 BOOTP client information: Allocated IP: 169.254.0.2 255.255.0.0 Transaction ID: 0x3d8a7431 MAC Address: 00e0-fc0a-c3ef Table 18 Command output Field Description BOOTP client information Information about the interface that acts as a BOOTP client. Allocated IP BOOTP client's IP address allocated by the BOOTP server.
  • Page 779 Contents DNS commands ···························································································· 1 display dns domain ···································································································································· 1 display dns host ········································································································································· 1 display dns server ······································································································································ 3 display ipv6 dns server ······························································································································· 3 dns domain ················································································································································· 4 dns dscp ····················································································································································· 5 dns proxy enable ········································································································································ 6 dns server ·················································································································································· 6 dns source-interface ···································································································································...
  • Page 780 DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols.
  • Page 781 Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
  • Page 782 reset dns host display dns server Use display dns server to display IPv4 DNS server information. Syntax display dns server [ dynamic ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays IPv4 DNS server information dynamically obtained through DHCP or other protocols.
  • Page 783 Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays IPv6 DNS server information dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained IPv6 DNS server information. Examples # Display IPv6 DNS server information for the public network.
  • Page 784 Predefined user roles network-admin Parameters domain-name: Specifies a domain name suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.), for example, aabbcc.com. The domain name suffix can include a maximum of 253 characters, and each separated string includes no more than 63 characters.
  • Page 785 dns proxy enable Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to disable DNS proxy. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Predefined user roles network-admin Usage guidelines This configuration applies to both IPv4 DNS and IPv6 DNS.
  • Page 786 Examples # Specify DNS server IPv4 address 172.16.1.1. <Sysname> system-view [Sysname] dns server 172.16.1.1 Related commands display dns server dns source-interface Use dns source-interface to specify the source interface for DNS packets. Use undo dns source-interface to restore the default. Syntax dns source-interface interface-type interface-number undo dns source-interface interface-type interface-number...
  • Page 787 Default DNS spoofing is disabled. Views System view Predefined user roles network-admin Parameters ip-address: Specifies the IPv4 address used to spoof DNS requests. Usage guidelines Use the dns spoofing command together with the dns proxy enable command. DNS spoofing functions when the DNS proxy does not know the DNS server address or cannot reach the DNS server.
  • Page 788 device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attacks. This configuration applies to both IPv4 DNS and IPv6 DNS.
  • Page 789 ipv6 dns dscp Use ipv6 dns dscp to set the DSCP value for IPv6 DNS packets sent by an IPv6 DNS client or IPv6 DNS proxy. Use undo ipv6 dns dscp to restore the default. Syntax ipv6 dns dscp dscp-value undo ipv6 dns dscp Default The DSCP value is 0 in IPv6 DNS packets sent by an IPv6 DNS client or IPv6 DNS proxy.
  • Page 790 route. Specify this argument if the IPv6 address of the DNS server is a link-local address. Do not specify this argument if the IPv6 address of the DNS server is a global unicast address. Usage guidelines For dynamic DNS, the device sends a DNS query request to the DNS servers in the order their IPv6 addresses are specified.
  • Page 791 [Sysname] ipv6 dns spoofing 2001::1 Related commands dns proxy enable ipv6 host Use ipv6 host to create a host name-to-IPv6 address mapping. Use undo ipv6 host to remove a host name-to-IPv6 address mapping. Syntax ipv6 host host-name ipv6-address undo ipv6 host host-name ipv6-address Default No host name-to-IPv6 address mappings exist.
  • Page 792 Predefined user roles network-admin Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
  • Page 793 DDNS commands ddns apply policy Use ddns apply policy to apply a DDNS policy to an interface and enable DDNS update. DDNS updates the mapping between the FQDN and the primary IP address of the interface. Use undo ddns apply policy to remove the application of a DDNS policy from an interface and to stop DDNS update.
  • Page 794 Syntax ddns dscp dscp-value undo ddns dscp Default The DSCP value for outgoing DDNS packets is 0. Views System view Predefined user roles network-admin Parameters dscp-value: Specifies the DSCP value in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
  • Page 795 Related commands ddns apply policy display ddns policy display ddns policy Use display ddns policy to display information about DDNS policies. Syntax display ddns policy [ policy-name ] Views Any view Predefined user roles network-admin network-operator Parameters policy-name: Specifies a DDNS policy by its name, a case-insensitive string of 1 to 32 characters. If you do not specify a DDNS policy, this command displays information about all DDNS policies.
  • Page 796 SSL client policy: Interval : 0 days 0 hours 15 minutes DDNS policy: u-policy : oray://phservice2.oray.net Username : username Password Method SSL client policy: Interval : 0 days 0 hours 15 minutes Table 5 Command output Field Description DDNS policy DDNS policy name.
  • Page 797 Parameters days: Days in the range of 0 to 365. hours: Hours in the range of 0 to 23. minutes: Minutes in the range of 0 to 59. Usage guidelines Whether the interval is reached or not, a DDNS update request is initiated immediately if either of the following conditions occurs: •...
  • Page 798 http-post: Uses the post operation. Usage guidelines This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server. For example, a DHS server supports the http-post method. If the DDNS policy has been applied to an interface, a DDNS update is sent immediately after the parameter transmission is changed.
  • Page 799 display ddns policy username ssl-client-policy Use ssl-client-policy to associate an SSL client policy with a DDNS policy. Use undo ssl-client-policy to restore the default. Syntax ssl-client-policy policy-name undo ssl-client-policy Default No SSL client policy is associated with a DDNS policy. Views DDNS policy view Predefined user roles...
  • Page 800 Default No URL address is specified for DDNS update requests. Views DDNS policy view Predefined user roles network-admin Parameters request-url: Specifies the URL address, a case-sensitive string of 1 to 240 characters. Usage guidelines The URL addresses configured for update requests vary by DDNS server. Common DDNS server URL address formats are shown in Table Table 6 Common URL addresses for DDNS update request...
  • Page 801 • gnudip://—The TCP-based GNUDIP server. • oray://—The TCP-based DDNS server. The domain names of DDNS servers are members.3322.org and phservice2.oray.net. The domain names of PeanutHull DDNS servers can be phservice2.oray.net, phddns60.oray.net, client.oray.net, ph031.oray.net, and so on. Determine the domain name in the URL according to the actual situation. The port number in the URL address is optional.
  • Page 802 Views DDNS policy view Predefined user roles network-admin Parameters username: Specifies the username, a case-sensitive string of 1 to 32 characters. Examples # In DDNS policy steven_policy, specify steven as the username for logging in to the DDNS server. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] username steven Related commands...
  • Page 803 Contents Basic IP forwarding commands ····································································· 1 display fib ··················································································································································· 1 ip forwarding-table save ····························································································································· 2...
  • Page 804 Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters ip-address: Displays the FIB entry that matches the specified destination IP address. mask: Specifies the mask for the IP address.
  • Page 805 Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay F:FRR Destination/Mask Nexthop Flag OutInterface/Token Label 10.2.1.1/32 127.0.0.1 InLoop0 Null Table 1 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of FIB entries. Destination/Mask Destination address and the mask length.
  • Page 806 Examples # Save the IP forwarding entries to the fib.txt file. <Sysname> ip forwarding-table save filename fib.txt...
  • Page 807 Contents Fast forwarding commands ············································································ 1 display ip fast-forwarding aging-time ·········································································································· 1 display ip fast-forwarding cache ················································································································· 1 display ip fast-forwarding fragcache ··········································································································· 2 ip fast-forwarding aging-time ······················································································································ 3 ip fast-forwarding load-sharing ··················································································································· 4 reset ip fast-forwarding cache ···················································································································· 4...
  • Page 808 Fast forwarding commands display ip fast-forwarding aging-time Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries. Syntax display ip fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of fast forwarding entries. <Sysname>...
  • Page 809 Table 1 Command output Field Description Source IP address. SPort Source port number. Destination IP address. DPort Destination port number. Protocol number. Input interface type and number. Input_If If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-).
  • Page 810 Table 2 Command output Field Description Source IP address. SPort Source port number. Destination IP address. DPort Destination port number. Protocol number. Input interface type and number. If no interface is involved in fast forwarding, this field displays N/A. Input_If If the input interface does not exist, this field displays a hyphen (-).
  • Page 811 ip fast-forwarding load-sharing Use ip fast-forwarding load-sharing to enable fast forwarding load sharing. Use undo ip fast-forwarding load-sharing to disable fast forwarding load sharing. Syntax ip fast-forwarding load-sharing undo ip fast-forwarding load-sharing Default Fast forwarding load sharing is enabled. Views System view Predefined user roles network-admin...
  • Page 812 display ip fast-forwarding fragcache...
  • Page 813 Contents IRDP commands ··························································································· 1 ip irdp ························································································································································· 1 ip irdp address ············································································································································ 1 ip irdp interval ············································································································································· 2 ip irdp lifetime ············································································································································· 3 ip irdp multicast ·········································································································································· 3 ip irdp preference ······································································································································· 4...
  • Page 814 IRDP commands ip irdp Use ip irdp to enable IRDP on an interface. Use undo ip irdp to disable IRDP on an interface. Syntax ip irdp undo ip irdp Default IRDP is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines This command validates the IRDP settings on an interface.
  • Page 815 preference-value: Specifies the preference for the IP address, in the range of –2147483648 to 2147483647. A larger preference value represents a higher preference. Usage guidelines You can specify a maximum of four IP addresses for an interface to proxy-advertise. An RA sent on the interface includes the interface IP addresses and the proxy-advertised IP addresses.
  • Page 816 Related commands ip irdp ip irdp lifetime ip irdp lifetime Use ip irdp lifetime to set the lifetime of IP addresses advertised on an interface. Use undo ip irdp lifetime to restore the default. Syntax ip irdp lifetime lifetime-value undo ip irdp lifetime Default The lifetime is 1800 seconds.
  • Page 817 Default RAs use the broadcast address 255.255.255.255 as the destination IP address. Views Interface view Predefined user roles network-admin Examples # Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ip irdp multicast Related commands ip irdp...
  • Page 818 Contents IP performance optimization commands ························································ 1 display icmp statistics ································································································································· 1 display ip statistics ····································································································································· 1 display rawip ·············································································································································· 3 display rawip verbose ································································································································· 3 display tcp ·················································································································································· 6 display tcp statistics ··································································································································· 7 display tcp verbose ···································································································································· 9 display udp ···············································································································································...
  • Page 819 IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax display icmp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ICMP statistics for all member devices.
  • Page 820 Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IP packet statistics for all member devices. Usage guidelines IP statistics include information about received and sent packets, fragments, and reassembly.
  • Page 821 Field Description Statistics about reassembly: • Reassembling sum—Total number of packets reassembled. • timeouts—Total number of reassembly timeouts. Related commands display ip interface reset ip statistics display rawip Use display rawip to display brief information about RawIP connections. Syntax display rawip [ slot slot-number ] Views Any view Predefined user roles...
  • Page 822 Syntax display rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB. The index is a hexadecimal string in the range of 1 to ffffffffffffffff.
  • Page 823 Field Description Options Socket options. Error Error code. Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. • drop—Number of dropped packets. Receiving buffer • (cc/hiwat/lowat/drop/state) state—Buffer state: CANTSENDMORE—Unable to send data to the peer. ...
  • Page 824 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
  • Page 825 Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about TCP connections for all member devices. Usage guidelines Brief TCP connection information includes local IP address, local port number, peer IP address, peer port number, and TCP connection state.
  • Page 826 Usage guidelines TCP traffic statistics include information about received and sent TCP packets and Syncache/syncookie. Examples # Display TCP traffic statistics. <Sysname> display tcp statistics Received packets: Total: 4150 packets in sequence: 1366 (134675 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 packets dropped for lack of memory: 0 packets dropped due to PAWS: 0...
  • Page 827 SACK retransmitted segments: 0 (0 bytes) SACK blocks (options) received: 0 SACK blocks (options) sent: 0 SACK scoreboard overflows: 0 Other statistics: retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 persist timeout: 0 keepalive timeout: 21, keepalive probe: 0 keepalive timeout, so connections disconnected: 0 fin_wait_2 timeout, so connections disconnected: 0 initiated connections: 29, accepted connections: 12, established connections:...
  • Page 828 Usage guidelines The detailed TCP connection information includes socket creator, state, option, type, protocol number, source IP address and port number, destination IP address and port number, and connection state. Examples # Display detailed information about TCP connections. <Sysname> display tcp verbose TCP inpcb number: 1(tcpcb number: 1) Location: slot: 1 NSR standby: N/A...
  • Page 829 Field Description Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. Receiving buffer • state—Buffer state: (cc/hiwat/lowat/state) CANTSENDMORE—Unable to send data to the peer.  CANTRCVMORE—Unable to receive data from the peer. ...
  • Page 830 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IP options. • INP_RECVRETOPTS—Receives replied IP options. • INP_RECVDSTADDR—Receives destination IP address. • INP_HDRINCL—Provides the entire IP header. • INP_REUSEADDR—Reuses the IP address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
  • Page 831 Field Description TCP options: • TF_MD5SIG—Enables MD5 signature. • TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP. • TF_NOOPT—No TCP options. • TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers. •...
  • Page 832 Table 6 Command output Field Description Local Addr:port Local IP address and port number. Foreign Addr:port Peer IP address and port number. PCB index. display udp statistics Use display udp statistics to display UDP traffic statistics. Syntax display udp statistics [ slot slot-number ] Views Any view Predefined user roles...
  • Page 833 Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The index is a hexadecimal string in the range of 1 to ffffffffffffffff. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about UDP connections for all member devices.
  • Page 834 Field Description Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. • drop—Number of dropped packets. Receiving • buffer(cc/hiwat/lowat/drop/state) state—Buffer state: CANTSENDMORE—Unable to send data to the peer.  CANTRCVMORE—Unable to receive data from the peer. ...
  • Page 835 Field Description Extension flags in the Internet PCB: • INP_EXTRCVPVCIDX—Records the PVC index of the received packet. Inpcb extflag • INP_RCVPWID—Records the PW ID of the received packet. • N/A—None of the above flags. IP version flags in the Internet PCB: •...
  • Page 836 The command enables the interface to forward directed broadcast packets that are destined for the directly connected network and are received from another subnet to support Wake on LAN. Wake on LAN sends the directed broadcasts to wake up the hosts on the target network. Examples # Enable VLAN-interface 2 to forward directed broadcast packets destined for the directly connected network.
  • Page 837 ip icmp fragment discarding Use ip icmp fragment discarding to disable forwarding of ICMP fragments. Use undo ip icmp fragment discarding to enable forwarding of ICMP fragments. Syntax ip icmp fragment discarding undo ip icmp fragment discarding Default Forwarding of ICMP fragments is enabled. Views System view Predefined user roles...
  • Page 838 Examples # Specify 1.1.1.1 as the source address for outgoing ICMP packets. <Sysname> system-view [Sysname] ip icmp source 1.1.1.1 ip mtu Use ip mtu to set the MTU of IPv4 packets sent over an interface. Use undo ip mtu to restore the default. Syntax ip mtu mtu-size undo ip mtu...
  • Page 839 Default IPv4 local fragment reassembly is disabled. Views System view Predefined user roles network-admin Usage guidelines Use this feature on a multichassis IRF fabric to improve fragment reassembly efficiency. This feature enables a subordinate to reassemble the IPv4 fragments of a packet if all the fragments arrive at it. If this feature is disabled, all IPv4 fragments are delivered to the master device for reassembly.
  • Page 840 ip ttl-expires enable Use ip ttl-expires enable to enable sending ICMP time exceeded messages. Use undo ip ttl-expires enable to disable sending ICMP time exceeded messages. Syntax ip ttl-expires enable undo ip ttl-expires enable Default Sending ICMP time exceeded messages is disabled. Views System view Predefined user roles...
  • Page 841 Usage guidelines A device sends ICMP destination unreachable messages by following these rules: • The device sends the source an ICMP network unreachable message when the following conditions are met: The received packet does not match any route.  No default route exists in the routing table. ...
  • Page 842 Examples # Clear IP traffic statistics. <Sysname> reset ip statistics Related commands display ip interface display ip statistics reset tcp statistics Use reset tcp statistics to clear TCP traffic statistics. Syntax reset tcp statistics Views User view Predefined user roles network-admin Examples # Clear TCP traffic statistics.
  • Page 843 Syntax tcp mss value undo tcp mss Default The TCP MSS is not set. Views Interface view Predefined user roles network-admin Parameters value: Specifies the TCP MSS in bytes. The value range for this argument is 128 to 1460. Usage guidelines The MSS option informs the receiver of the largest segment that the sender can accept.
  • Page 844 Parameters aging age-time: Specifies the aging time for the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes. no-aging: Does not age out the path MTU. Usage guidelines After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.
  • Page 845 Examples # Enable SYN Cookie. <Sysname> system-view [Sysname] tcp syn-cookie enable tcp timer fin-timeout Use tcp timer fin-timeout to set the TCP FIN wait timer. Use undo tcp timer fin-timeout to restore the default. Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP FIN wait timer is 675 seconds.
  • Page 846 Predefined user roles network-admin Parameters time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds. Usage guidelines TCP starts the SYN wait timer after sending a SYN packet. Within the SYN wait timer if no response is received or the upper limit on TCP connection tries is reached, TCP fails to establish the connection.
  • Page 847 Contents UDP helper commands ·················································································· 1 display udp-helper interface ······················································································································· 1 reset udp-helper statistics ·························································································································· 1 udp-helper broadcast-map ························································································································· 2 udp-helper enable ······································································································································ 3 udp-helper port ··········································································································································· 3 udp-helper server ······································································································································· 4...
  • Page 848 UDP helper commands display udp-helper interface Use display udp-helper interface to display information about broadcast to unicast conversion by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines This command displays information about destination servers and total number of unicast packets converted from UDP broadcast packets by UDP helper.
  • Page 849 Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the statistics about broadcast to unicast conversion by UDP helper. <Sysname> reset udp-helper statistics Related commands display udp-helper interface udp-helper broadcast-map Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast to multicast.
  • Page 850 [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] udp-helper broadcast-map 225.0.0.1 udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper. Syntax udp-helper enable undo udp-helper enable Default UDP helper is disabled. Views System view Predefined user roles network-admin Usage guidelines For UDP helper to take effect on an interface, make sure the following conditions are met:...
  • Page 851 Predefined user roles network-admin Parameters port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). dns: Specifies the UDP port 53 used by DNS packets. netbios-ds: Specifies the UDP port 138 used by NetBIOS distribution service packets. netbios-ns: Specifies the UDP port 137 used by NetBIOS name service packets.
  • Page 852 Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets. If the packets' destination UDP port numbers match the UDP helper ports, UDP helper forwards the broadcasts to the specified servers. You can specify a maximum of 20 unicast and multicast addresses for UDP helper to convert broadcast packets on an interface.
  • Page 853 Contents IPv6 basics commands ·················································································· 1 display ipv6 fib ············································································································································ 1 display ipv6 icmp statistics ························································································································· 2 display ipv6 interface ·································································································································· 3 display ipv6 interface prefix ························································································································ 7 display ipv6 nd snooping ···························································································································· 8 display ipv6 nd snooping count ·················································································································· 9 display ipv6 neighbors ······························································································································...
  • Page 854 ipv6 prefix ················································································································································· 55 ipv6 reassemble local enable ··················································································································· 55 ipv6 redirects enable ································································································································ 56 ipv6 temporary-address ··························································································································· 57 ipv6 unreachables enable ························································································································ 58 local-proxy-nd enable ······························································································································· 58 proxy-nd enable ······································································································································· 59 reset ipv6 nd snooping ····························································································································· 59 reset ipv6 neighbors ································································································································· 60 reset ipv6 pathmtu ····································································································································...
  • Page 855 IPv6 basics commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. Syntax display ipv6 fib [ ipv6-address [ prefix-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters ipv6-address: Displays IPv6 FIB entries for a destination IPv6 address. If you do not specify an IPv6 address, this command displays all IPv6 FIB entries.
  • Page 856 Field Description Route flag: • U—Usable route. • G—Gateway route. • H—Host route. • Flags B—Black hole route. • D—Dynamic route. • S—Static route. • R—Recursive route. • F—Fast re-route. Time stamp Time when the IPv6 FIB entry was generated. Label Inner MPLS label.
  • Page 857 time exceed reassembly 0 redirect ratelimited other errors display ipv6 interface Use display ipv6 interface to display IPv6 interface information. Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type: Specifies an interface by its type.
  • Page 858 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: InTooShorts: InTruncatedPkts: InHopLimitExceeds: InBadHeaders: InBadOptions: ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts:...
  • Page 859 Field Description Global unicast addresses of the interface. IPv6 address states: • TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. • DUPLICATE—The address is not unique on the link. • PREFERRED—The address is preferred and can be used as the source or destination address of a packet.
  • Page 860 Field Description InFragDrops Received IPv6 fragments that are discarded because of certain errors. Received IPv6 fragments that are discarded because the amount of InFragTimeouts time they stay in the system buffer exceeds the specified interval. OutFragFails IPv6 packets that fail to be fragmented on the output interface. InUnknownProtos Received IPv6 packets with unknown or unsupported protocol type.
  • Page 861 Field Description Physical state of the interface: • *down—The interface has been administratively shut down by using the shutdown command. • Physical down—The interface is administratively up but its physical state is down, possibly because of a connection or link failure. •...
  • Page 862 Table 4 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: • STATIC—Manually configured by using the ipv6 nd ra prefix command. Origin • RA—Advertised in RA messages after stateless autoconfiguration is enabled. • ADDRESS—Generated by a manually configured address. Aging time in seconds.
  • Page 863 IPv6 address MAC address VID Interface Status 1::2 0000-1234-0c01 1 XGE1/0/2 VALID # Display detailed information about IPv6 ND snooping entries for VLAN 1. <Sysname> display ipv6 nd snooping vlan 1 verbose IPv6 address: 1::2 MAC address: 0000-1234-0c01 Interface: XGE1/0/2 First VLAN ID: 1 Second VLAN ID: N/A Status: VALID...
  • Page 864 Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the total number of ND snooping entries. Examples # Display the total number of IPv6 ND snooping entries. <Sysname>...
  • Page 865 Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid IPv6 Address: 1::2 Link Layer : 6864-6839-0202 VID : 1 Interface: XGE1/0/1 State : STALE Type: D : 290 Vpn-instance: [No Vrf] NickName : 0x0 IPv6 Address: FE80::6A64:68FF:FE39:202 Link Layer : 6864-6839-0202 VID : 1 Interface: XGE1/0/1 State : STALE...
  • Page 866 display ipv6 neighbors count Use display ipv6 neighbors count to display the number of neighbor entries. Syntax display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count Views Any view Predefined user roles...
  • Page 867 display ipv6 pathmtu Use the display ipv6 pathmtu command to display IPv6 Path MTU information. Syntax display ipv6 pathmtu { ipv6-address | { all | dynamic | static } [ count ] } Views Any view Predefined user roles network-admin network-operator Parameters ipv6-address: Specifies the destination IPv6 address for which the Path MTU information is to be...
  • Page 868 display ipv6 prefix Use display ipv6 prefix to display information about IPv6 prefixes, including dynamic and static prefixes. Syntax display ipv6 prefix [ prefix-number ] Views Any view Predefined user roles network-admin network-operator Parameters prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. If you do not specify an IPv6 prefix ID, this command displays information about all IPv6 prefixes.
  • Page 869 Related commands ipv6 dhcp client pd ipv6 prefix display ipv6 rawip Use display ipv6 rawip to display brief information about IPv6 RawIP connections. Syntax display ipv6 rawip [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID.
  • Page 870 Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16. slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about IPv6 RawIP connections for all member devices.
  • Page 871 Field Description Displays receive buffer information in the following order: • cc—Used space. • hiwat—Maximum space. • lowat—Minimum space. • Receiving buffer drop—Number of dropped packets. (cc/hiwat/lowat/drop/state) • state—Buffer state: CANTSENDMORE—Unable to send data to the peer.  CANTRCVMORE—Unable to receive data from the peer. ...
  • Page 872 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
  • Page 873 Field Description Send VRF Sent instances. Receive VRF Received instances. display ipv6 statistics Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics. Syntax display ipv6 statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID.
  • Page 874 Echo requests: Echo replies: Neighbor solicits: Neighbor adverts: Router solicits: Router adverts: Redirects: Router renumbering: Send failed: Rate limitation: Other errors: Received packets: Total: Checksum errors: Too short: Bad codes: Unreachable: Too big: Hop limit exceeded: Reassembly timeouts: Parameter problems: Unknown error types: Echo requests: Echo replies:...
  • Page 875 07:2008->1200 07:3008->1200 2001::1->23 2001::5->1284 ESTABLISHED 2 0x0000000000000008 2003::1->25 2001::2->1283 LISTEN 0x0000000000000009 Table 11 Command output Field Description Indicates that the TCP connection uses authentication. LAddr->port Local IPv6 address and port number. FAddr->port Peer IPv6 address and port number. State IPv6 TCP connection state. PCB index.
  • Page 876 Inpcb flags: N/A Inpcb extflag: N/A Inpcb vflag: INP_IPV6 Hop limit: 255 (minimum hop limit: 0) Connection state: ESTABLISHED TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR NSR state: READY(M) Send VRF: 0x0 Receive VRF: 0x0 Table 12 Command output Field Description TCP inpcb number Number of IPv6 TCP Internet PCBs.
  • Page 877 Field Description Flags in the Internet PCB: • INP_RECVOPTS—Receives IPv6 options. • INP_RECVRETOPTS—Receives replied IPv6 options. • INP_RECVDSTADDR—Receives destination IPv6 address. • INP_HDRINCL—Provides the entire IPv6 header. • INP_REUSEADDR—Reuses the IPv6 address. • INP_REUSEPORT—Reuses the port number. • INP_ANONPORT—Port number not specified. •...
  • Page 878 Field Description TCP connection state: • CLOSED—The server receives a disconnection request's reply from the client. • LISTEN—The server is waiting for connection requests. • SYN_SENT—The client is waiting for the server to reply to the connection request. • SYN_RCVD—The server receives a connection request. •...
  • Page 879 Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about IPv6 UDP connections for all member devices. Examples # Displays brief information about IPv6 UDP connections.
  • Page 880 <Sysname> display ipv6 udp verbose Total UDP socket number: 1 Location: slot: 1 Creator: sock_test_mips[250] State: N/A Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 41600 / 1 / 0 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A Type: 2 Protocol: 17 Connection info: src = ::->69, dst = ::->0...
  • Page 881 Field Description Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. • 2—SOCK_DGRAM. This socket uses UDP to provide datagram Type transmission. • 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. •...
  • Page 882 Field Description IP version flags in the Internet PCB: • INP_IPV4—IPv4 protocol. • INP_IPV6—IPv6 protocol. • INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. • INP_TIMEWAIT—In TIMEWAIT state. Inpcb vflag • INP_ONESBCAST—Sends broadcast packets. • INP_DROPPED—Protocol dropped flag. • INP_SOCKREF—Strong socket reference. •...
  • Page 883 [Sysname-Vlan-interface100] ipv6 address 2001::1/64 Method 2: <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1 64 ipv6 address anycast Use ipv6 address anycast to configure an IPv6 anycast address for an interface. Use undo ipv6 address anycast to delete the IPv6 anycast address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast...
  • Page 884 Default The stateless address autoconfiguration feature is disabled. Views Interface view Predefined user roles network-admin Usage guidelines After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically. To delete the global unicast address and the link-local address that are automatically generated, use either of the following commands: •...
  • Page 885 You can also manually assign an IPv6 link-local address for an interface by using the ipv6 address link-local command. Manual assignment takes precedence over automatic generation for IPv6 link-local addresses. • If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated address.
  • Page 886 <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1/64 eui-64 Method 2: <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1 64 eui-64 Related commands display ipv6 interface ipv6 address link-local Use ipv6 address link-local to configure a link-local address for the interface. Use undo ipv6 address link-local to restore the default.
  • Page 887 ipv6 address prefix-number Use ipv6 address prefix-number to specify an IPv6 prefix for an interface to automatically generate an IPv6 global unicast address and advertise the prefix. Use undo ipv6 address prefix-number to restore the default. Syntax ipv6 address prefix-number sub-prefix/prefix-length undo ipv6 address prefix-number Default No IPv6 prefix is specified for IPv6 address autoconfiguration.
  • Page 888 Related commands ipv6 prefix ipv6 dhcp client pd ipv6 extension-header drop enable Use ipv6 extension-header drop enable to enable a device to discard IPv6 packets that contain extension headers. Use undo ipv6 extension-header drop enable to disable a device from discarding IPv6 packets that contain extension headers.
  • Page 889 Usage guidelines The hop limit determines the number of hops that an IPv6 packet generated by the device can travel. The device advertises the hop limit in RA messages. All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent. To disable the device from advertising the hop limit, use the ipv6 nd ra hop-limit unspecified command.
  • Page 890 Syntax ipv6 icmpv6 error-interval interval [ bucketsize ] undo ipv6 icmpv6 error-interval Default The bucket allows a maximum of 10 tokens, and a token is placed in the bucket every 100 milliseconds. Views System view Predefined user roles network-admin Parameters interval: Specifies the interval for tokens to arrive in the bucket.
  • Page 891 Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host. For example, the attacker can send an echo request to a multicast address with Host A as the source. All hosts in the multicast group will send echo replies to Host A. To prevent attacks, do not enable the device to reply to multicast echo requests unless necessary.
  • Page 892 undo ipv6 mtu Default No MTU is configured for an interface. Views Interface view Predefined user roles network-admin Parameters size: Specifies the size of the MTUs of an interface in bytes. The value range for this argument is 1280 to 1500. Usage guidelines IPv6 routers do not support packet fragmentation.
  • Page 893 • If the M flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration. Stateless autoconfiguration generates IPv6 addresses according to link-layer addresses and the prefix information in the RA advertisements. Examples # Set the M flag to 1 in RA advertisements to be sent. <Sysname>...
  • Page 894 undo ipv6 nd dad attempts Default The number of attempts to send an NS message for DAD is 1. Views Interface view Predefined user roles network-admin Parameters interval: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. If it is set to 0, DAD is disabled.
  • Page 895 Usage guidelines If a device does not receive a response from the peer within the specified interval, the device resends an NS message. The device retransmits an NS message at the specified interval and uses the interval value to fill the Retrans Timer field in RA messages to be sent. Examples # Specify VLAN-interface 100 to retransmit NS messages every 10000 milliseconds.
  • Page 896 ipv6 nd ra halt Use ipv6 nd ra halt to suppress an interface from advertising RA messages. Use undo ipv6 nd ra halt to disable this feature. Syntax ipv6 nd ra halt undo ipv6 nd ra halt Default An interface is suppressed from sending RA messages. Views Interface view Predefined user roles...
  • Page 897 Related commands ipv6 hop-limit ipv6 nd ra interval Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages. Use undo ipv6 nd ra interval to restore the default. Syntax ipv6 nd ra interval max-interval min-interval undo ipv6 nd ra interval Default The maximum interval between RA messages is 600 seconds, and the minimum interval is 200...
  • Page 898 Default RA messages contain the MTU option. Views Interface view Predefined user roles network-admin Usage guidelines The MTU option in the RA messages specifies the link MTU to ensure that all nodes on the link use the same MTU. Examples # Turn off the MTU option in RA messages on VLAN-interface 100.
  • Page 899 no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration. off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.
  • Page 900 Parameters valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days). preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The preferred lifetime cannot be longer than the valid lifetime.
  • Page 901 Examples # Set the router lifetime in RA messages on VLAN-interface 100 to 1000 seconds. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra router-lifetime 1000 Related commands ipv6 nd ra interval ipv6 nd router-preference Use ipv6 nd router-preference to set a router preference in RA messages. Use undo ipv6 nd router-preference to restore the default.
  • Page 902 Default ND snooping is disabled for global unicast addresses. Views VLAN view Predefined user roles network-admin Examples # Enable ND snooping for global unicast addresses. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] ipv6 nd snooping enable global ipv6 nd snooping enable link-local Use ipv6 nd snooping enable link-local to enable ND snooping for link-local addresses.
  • Page 903 Views VLAN view Predefined user roles network-admin Usage guidelines This command enables the device to learn ND snooping entries from data packets originated by unknown sources. For this command to take effect, execute the ipv6 nd snooping enable global command or the ipv6 nd snooping enable link-local command.
  • Page 904 ipv6 neighbor Use ipv6 neighbor to configure a static neighbor entry. Use undo ipv6 neighbor to delete a static neighbor entry. Syntax ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number } undo ipv6 neighbor ipv6-address interface-type interface-number Default No static neighbor entries exist.
  • Page 905 <Sysname> system-view [Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface Vlan-interface 1 Related commands display ipv6 neighbors reset ipv6 neighbors ipv6 neighbor link-local minimize Use ipv6 neighbor link-local minimize to minimize link-local ND entries. Use undo ipv6 neighbor link-local minimize to restore the default. Syntax ipv6 neighbor link-local minimize undo ipv6 neighbor link-local minimize...
  • Page 906 Predefined user roles network-admin Parameters aging-time: Specifies the aging timer for ND entries in stale state, in the range of 1 to 1440 minutes. Usage guidelines This aging time applies to all ND entries in stale state. If an ND entry in stale state is not updated before the timer expires, it moves to the delay state.
  • Page 907 ipv6 pathmtu Use ipv6 pathmtu to set a static Path MTU for an IPv6 address. Use undo ipv6 pathmtu to delete the Path MTU configuration for an IPv6 address. Syntax ipv6 pathmtu ipv6-address value undo ipv6 pathmtu ipv6-address Default No static Path MTU is set. Views System view Predefined user roles...
  • Page 908 Predefined user roles network-admin Parameters age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100. Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU.
  • Page 909 Related commands ipv6 address auto ipv6 nd ra prefix ipv6 temporary-address ipv6 prefix Use ipv6 prefix to configure a static IPv6 prefix. Use undo ipv6 prefix to delete a static IPv6 prefix. Syntax ipv6 prefix prefix-number ipv6-prefix/prefix-length undo ipv6 prefix prefix-number Default No static IPv6 prefixes exist.
  • Page 910 Default IPv6 local fragment reassembly is disabled. Views System view Predefined user roles network-admin Usage guidelines Configure this command on a multichassis IRF fabric to improve fragment reassembly efficiency. The command enables the subordinate to reassemble the IPv6 fragments of a packet if all the fragments arrive at it.
  • Page 911 ipv6 temporary-address Use ipv6 temporary-address to enable the temporary IPv6 address feature. Use undo ipv6 temporary-address to restore the default. Syntax ipv6 temporary-address [ valid-lifetime preferred-lifetime ] undo ipv6 temporary-address Default The system does not generate any temporary IPv6 address. Views System view Predefined user roles...
  • Page 912 Examples # Enable the system to generate a temporary IPv6 address. <Sysname> system-view [Sysname] ipv6 temporary-address Related commands ipv6 address auto ipv6 nd ra prefix ipv6 prefer temporary-address ipv6 unreachables enable Use ipv6 unreachables enable to enable sending ICMPv6 destination unreachable messages. Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable messages.
  • Page 913 Default Local ND proxy is disabled. Views VLAN interface view Predefined user roles network-admin Examples # Enable local ND proxy on VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] local-proxy-nd enable Related commands proxy-nd enable proxy-nd enable Use proxy-nd enable to enable common ND proxy. Use undo proxy-nd enable to disable common ND proxy.
  • Page 914 Views User view Predefined user roles network-admin Parameters ipv6-address: Clears ND snooping entries for the specified IPv6 address. vlan vlan-id: Clears ND snooping entries for the specified VLAN. The value range for the VLAN ID is 1 to 4094. global: Clears ND snooping entries for global unicast addresses. link-local: Clears ND snooping entries for link-local addresses.
  • Page 915 <Sysname> reset ipv6 neighbors interface ten-gigabitethernet 1/0/1 This will delete all the dynamic entries by the interface you specified. Contin ue? [Y/N]:Y Related commands display ipv6 neighbors ipv6 neighbor reset ipv6 pathmtu Use reset ipv6 pathmtu to clear the Path MTU information. Syntax reset ipv6 pathmtu { all | dynamic | static } Views...
  • Page 916 Related commands display ipv6 statistics...
  • Page 917 Contents DHCPv6 commands ······················································································ 1 Common DHCPv6 commands ··························································································································· 1 display ipv6 dhcp duid ································································································································ 1 ipv6 dhcp advertise pd-route ······················································································································ 1 ipv6 dhcp dscp ··········································································································································· 2 ipv6 dhcp log enable ·································································································································· 2 ipv6 dhcp select ········································································································································· 3 DHCPv6 server commands································································································································ 4 address range ············································································································································...
  • Page 918 ipv6 dhcp relay client-information record ································································································· 54 ipv6 dhcp relay gateway ··························································································································· 54 ipv6 dhcp relay interface-id ······················································································································ 55 ipv6 dhcp relay release-agent ·················································································································· 56 ipv6 dhcp relay server-address ················································································································ 56 remote-server ··········································································································································· 57 reset ipv6 dhcp relay client-information address ······················································································ 58 reset ipv6 dhcp relay client-information pd ·······························································································...
  • Page 919 DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent).
  • Page 920 network. You can use this command to configure the DHCPv6 server or DHCPv6 relay agent, whichever is on the same link as the DHCPv6 client, to advertise the IPv6 prefix. To use this command on the DHCPv6 relay agent, you must enable the DHCPv6 relay agent to record DHCPv6 relay entries first.
  • Page 921 Views System view Predefined user roles network-admin Usage guidelines This command enables the DHCPv6 server to generate DHCPv6 logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide. As a best practice, disable this feature if the log generation affects the device performance or reduces the address and prefix allocation efficiency.
  • Page 922 [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ipv6 dhcp select server # Enable the DHCPv6 relay agent on VLAN-interface 20. <Sysname> system-view [Sysname] interface vlan-interface 20 [Sysname-Vlan-interface20] ipv6 dhcp select relay Related commands display ipv6 dhcp relay server-address display ipv6 dhcp server DHCPv6 server commands address range Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for...
  • Page 923 The non-temporary IPv6 address range specified by the address range command must be on the subnet specified by the network command. Examples Configure non-temporary IPv6 address range from 3ffe:501:ffff:100::10 through 3ffe:501:ffff:100::31 in address pool 1. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 [Sysname-dhcp6-pool-1] address range 3ffe:501:ffff:100::10 3ffe:501:ffff:100::31 Related commands...
  • Page 924 ipv6 dhcp pool default pool Use default pool to specify the default DHCPv6 address pool. Use undo default pool to restore the default. Syntax default pool pool-name undo default pool Default No default DHCPv6 address pool is specified. Views DHCPv6 policy view Predefined user roles network-admin Parameters...
  • Page 925 Predefined user roles network-admin network-operator Parameters option-group-number: Specifies a static or dynamic DHCPv6 option group by its ID. The value range for the option group ID is 1 to 100. If you do not specify an option group, this command displays information about all DHCPv6 option groups.
  • Page 926 Type: Static Interface: N/A aaa.com Domain name: Type: Dynamic (DHCPv6 address allocation) Interface: Vlan-interface10 aaa.com Options: Code: 23 Type: Dynamic (DHCPv6 prefix allocation) Interface: Vlan-interface10 Length: 2 bytes Hex: ABCD Table 1 Command output Field Description DHCPv6 option group ID of the DHCPv6 option group. Types of the DHCPv6 option: •...
  • Page 927 Views Any view Predefined user roles network-admin network-operator Parameters pool-name: Displays information about the specified DHCPv6 address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays information about all DHCPv6 address pools.
  • Page 928 bbb.com # Display information about DHCPv6 address pool 1. <Sysname> display ipv6 dhcp pool 1 DHCPv6 pool: 1 Network: Not-available Preferred lifetime 604800, valid lifetime 2592000 # Display information about DHCPv6 address pool 1. <Sysname> display ipv6 dhcp pool 1 DHCPv6 pool: 1 Network: 1::/64(Zombie) Preferred lifetime 604800, valid lifetime 2592000...
  • Page 929 Syntax display ipv6 dhcp prefix-pool [ prefix-pool-number ] Views Any view Predefined user roles network-admin network-operator Parameters prefix-pool-number: Displays detailed information about a prefix pool specified by its number in the range of 1 to 128. If you do not specify a prefix pool, this command displays brief information about all prefix pools.
  • Page 930 Available: 0 In-use: 10 Static: 0 Table 3 Command output Field Description Prefix-pool Prefix pool number. Prefix specified in the prefix pool. If the prefix is ineffective, this field displays Not-available. If Prefix the prefix becomes ineffective after a configuration recovery (for example, a switchover from the backup to the master), the prefix is marked (Zombie).
  • Page 931 Table 4 Command output Field Description Interface Interface enabled with DHCPv6 server. Address pool applied to the interface. If no address pool is applied to the interface, global is displayed. The Pool DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client.
  • Page 932 Table 5 Command output Field Description IPv6 address Conflicted IPv6 address. Detect time Time when the conflict was discovered. Related commands reset ipv6 dhcp server conflict display ipv6 dhcp server database Use display ipv6 dhcp server database to display information about DHCPv6 binding auto backup.
  • Page 933 display ipv6 dhcp server expired Use display ipv6 dhcp server expired to display lease expiration information. Syntax display ipv6 dhcp server expired [ address ipv6-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays lease expiration information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays lease expiration information for all IPv6 addresses.
  • Page 934 Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays binding information for the specified IPv6 address. If you do not specify an IPv6 address, this command displays binding information for all IPv6 addresses. pool pool-name: Displays IPv6 address binding information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters.
  • Page 935 Table 8 Command output Field Description Pool DHCPv6 address pool. IPv6 address IPv6 address assigned. IPv6 address binding types: • Static(F)—Free static binding whose IPv6 address has not been assigned. • Static(O)—Offered static binding whose IPv6 address has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client.
  • Page 936 network-operator Parameters pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this command displays IPv6 prefix binding information for all DHCPv6 address pools. prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix.
  • Page 937 Field Description Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned. • Static(O)—Offered static binding whose IPv6 prefix has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client. • Static(C)—Committed static binding whose IPv6 prefix has been assigned to the client.
  • Page 938 Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays DHCPv6 packet statistics for all address pools. Examples # Display all DHCPv6 packet statistics on the DHCPv6 server.
  • Page 939 Field Description Number of messages received by the DHCPv6 server. The message types include: • Solicit. • Request. • Confirm. • Renew. Packets received • Rebind. • Release. • Decline. • Information-request. • Relay-forward. If statistics about an address pool are displayed, this field is not displayed. Number of packets discarded.
  • Page 940 Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] dns-server 2:2::3 Related commands display ipv6 dhcp pool domain-name Use domain-name to specify a domain name in a DHCPv6 address pool. Use undo domain-name to restore the default.
  • Page 941 Syntax if-match rule rule-number { option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-ipv6-address } undo if-match rule rule-number Default No match rules are configured for the DHCPv6 user class.
  • Page 942 When you configure an if-match option rule, follow these guidelines: • To match packets that contain an option, specify only the option-code argument. • To match a hexadecimal number by AND operations, specify the option option-code hex hex-string mask mask options. •...
  • Page 943 Default No DHCPv6 policy is applied to an interface. Views Interface view Predefined user roles network-admin Parameters policy-name: Specifies a DHCPv6 policy by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines You can apply only one DHCPv6 policy to an interface. If you execute this command multiple times, the most recent configuration takes effect.
  • Page 944 <Sysname> system-view [Sysname] ipv6 dhcp class test [Sysname-dhcp6-class-test] Related commands class pool ipv6 dhcp policy if-match ipv6 dhcp option-group Use ipv6 dhcp option-group to create a static DHCPv6 option group and enter its view. Use undo ipv6 dhcp option-group to delete the specified static DHCPv6 option group. Syntax ipv6 dhcp option-group option-group-number undo ipv6 dhcp option-group option-group-number...
  • Page 945 undo ipv6 dhcp policy policy-name Default No DHCPv6 policies exist. Views System view Predefined user roles network-admin Parameters policy-name: Assigns a name to the DHCPv6 policy. The policy name is a case-insensitive string of 1 to 63 characters. Usage guidelines In DHCP policy view, you can specify address pools for different user classes.
  • Page 946 Parameters pool-name: Specifies a name for the DHCPv6 address pool, a case-insensitive string of 1 to 63 characters. Usage guidelines A DHCPv6 address pool stores IPv6 address/prefix and other configuration parameters to be assigned to DHCPv6 clients. When you delete a DHCPv6 address pool, binding information for the assigned IPv6 addresses and prefixes in the address pool is also deleted.
  • Page 947 To modify a prefix pool, execute the undo ipv6 dhcp prefix-pool command to delete the prefix pool, and then execute the ipv6 dhcp prefix-pool command. Deleting a prefix pool clears all prefix bindings from the prefix pool. When you specify a prefix by its ID, follow these restrictions and guidelines: •...
  • Page 948 Usage guidelines The allow-hint keyword enables the server to assign the desired address or prefix to the requesting client. If the desired address or prefix is not included in any global address pool, or is already assigned to another client, the server assigns the client a free address or a prefix. If the allow-hint keyword is not specified, the server ignores the desired address or prefix, and selects an address or prefix from a global address pool.
  • Page 949 IPv6 address or prefix from a global address pool that matches the IPv6 address of the receiving interface or the DHCPv6 relay agent. The allow-hint keyword enables the server to assign the desired address or prefix to the client. If the desired address or prefix does not exist or is already assigned to another client, the server assigns a free address or prefix.
  • Page 950 cipher: Specifies a password in encrypted form. simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
  • Page 951 Syntax ipv6 dhcp server database update interval interval undo ipv6 dhcp server database interval Default The DHCPv6 server waits 300 seconds to update the backup file after a DHCPv6 binding change. If no DHCPv6 binding changes, the backup file is not updated. Views System view Predefined user roles...
  • Page 952 Examples # Manually save the DHCPv6 bindings to the backup file. <Sysname> system-view [Sysname] ipv6 dhcp server database update now Related commands ipv6 dhcp server database filename ipv6 dhcp server database update interval ipv6 dhcp server database update stop ipv6 dhcp server database update stop Use ipv6 dhcp server database update stop to terminate the download of DHCPv6 bindings from the backup file.
  • Page 953 undo ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] Default Except for the DHCPv6 server address, all IPv6 addresses in a DHCPv6 address pool are assignable. Views System view Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address, which cannot be lower than start-ipv6-address.
  • Page 954 Views System view Predefined user roles network-admin Parameters start-prefix/prefix-len: Specifies the start IPv6 prefix. The prefix-len argument specifies the prefix length in the range of 1 to 128. end-prefix/prefix-len: Specifies the end IPv6 prefix. The prefix-len argument specifies the prefix length in the range of 1 to 128.
  • Page 955 Parameters prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation. The value range for the prefix-length argument is 1 to 128. prefix prefix-number: Specifies an IPv6 prefix by its ID in the range of 1 to 1024. sub-prefix/sub-prefix-length: Specifies an IPv6 sub-prefix and its length. The value range for the sub-prefix-length argument is 1 to 128.
  • Page 956 display ipv6 dhcp pool temporary address range option Use option to configure a self-defined DHCPv6 option in a DHCPv6 address pool. Use undo option to remove a self-defined DHCPv6 option from a DHCPv6 address pool. Syntax option code hex hex-string undo option code Default No self-defined DHCPv6 option is configured in a DHCPv6 address pool.
  • Page 957 Related commands display ipv6 dhcp pool dns-server domain-name sip-server option-group Use option-group to specify a DHCPv6 option group for a DHCPv6 address pool. Use undo option-group to restore the default. Syntax option-group option-group-number undo option-group Default No DHCPv6 option group is specified for a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles...
  • Page 958 Views DHCPv6 address pool view Predefined user roles network-admin Parameters prefix-pool-number: Specifies a prefix pool by its number in the range of 1 to 128. preferred-lifetime preferred-lifetime: Sets the preferred lifetime in the range of 60 to 4294967295 seconds. The default value is 604800 seconds (7 days). valid-lifetime valid-lifetime: Sets the valid lifetime in the range of 60 to 4294967295 seconds.
  • Page 959 Usage guidelines Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After the conflicts are resolved, you can use the reset ipv6 dhcp server conflict command to clear conflict information so that the conflicted addresses can be assigned to clients. Examples # Clear all IPv6 address conflict information.
  • Page 960 Parameters address ipv6-address: Clears binding information for the specified assigned IPv6 address. If you do not specify an IPv6 address, this command clears binding information for all assigned IPv6 addresses. pool pool-name: Clears binding information for assigned IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters.
  • Page 961 # Clears binding information for the assigned IPv6 prefix 2001:0:0:1::/64. <Sysname> reset ipv6 dhcp server pd-in-use prefix 2001:0:0:1::/64 Related commands display ipv6 dhcp server pd-in-use reset ipv6 dhcp server statistics Use reset ipv6 dhcp server statistics to clear DHCPv6 server statistics. Syntax reset ipv6 dhcp server statistics Views...
  • Page 962 Examples # Specify the SIP server address 2:2::4 in DHCPv6 address pool 1. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] sip-server address 2:2::4 # Specify the SIP server domain name bbb.com in DHCPv6 address pool 1. [Sysname-dhcp6-pool-1] sip-server domain-name bbb.com Related commands display ipv6 dhcp pool static-bind...
  • Page 963 Examples # In address pool 1, bind IPv6 address 2001:0410::/35 to the client DUID 0003000100e0fc005552 and IAID A1A1A1A1. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] static-bind address 2001:0410::/35 duid 0003000100e0fc005552 iaid A1A1A1A1 # In address pool 1, bind prefix 2001:0410::/35 to the client DUID 00030001CA0006A400 and IAID A1A1A1A1.
  • Page 964 Examples # In DHCPv6 address pool 1, configure a temporary IPv6 address range from 3ffe:501:ffff:100::50 to 3ffe:501:ffff:100::60. <Sysname> system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 [Sysname-dhcp6-pool-1] temporary address range 3ffe:501:ffff:100::50 3ffe:501:ffff:100::60 Related commands display ipv6 dhcp pool address range network DHCPv6 relay agent commands display ipv6 dhcp relay client-information address...
  • Page 965 1 DHCPv6 relay entries found. IPv6 address: 2::1 DUID: 00030001CA000C180000 IAID: 0x00030001 Port index: N/A Interface: Vlan2 Inner VLAN: N/A Outer VLAN: N/A Status: Open Access type: CommonV6 Remaining lease time: 54 seconds Preferred lifetime: 400 seconds Valid lifetime: 500 seconds Table 11 Command output Field Description...
  • Page 966 Field Description Remaining lease time Remaining time in seconds of the IPv6 address lease. Preferred lifetime Preferred lifetime in seconds of the IPv6 address. Valid lifetime Valid lifetime in seconds of the IPv6 address. Related commands ipv6 dhcp relay client-information record reset ipv6 dhcp relay client-information address display ipv6 dhcp relay client-information pd Use display ipv6 dhcp relay client-information pd to display DHCPv6 relay entries that record...
  • Page 967 Interface: Vlan2 Inner VLAN: N/A Outer VLAN: N/A Status: Open Access type: CommonV6 Remaining lease time: 54 seconds Preferred lifetime: 400 seconds Valid lifetime: 500 seconds Table 12 Command output Field Description Number of DHCPv6 relay entries that record clients' IPv6 prefix x DHCPv6 relay entries found.
  • Page 968 Related commands ipv6 dhcp relay client-information record reset ipv6 dhcp relay client-information pd display ipv6 dhcp relay server-address Use display ipv6 dhcp relay server-address to display DHCPv6 server addresses specified on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay server-address [ interface interface-type interface-number ] Views Any view Predefined user roles...
  • Page 969 Related commands ipv6 dhcp relay server-address ipv6 dhcp select display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display DHCPv6 packet statistics on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay statistics [ interface interface-type interface-number ] Views Any view Predefined user roles...
  • Page 970 Request Confirm Renew Rebind Release Decline Information-request Relay-forward Relay-reply Packets sent Advertise Reconfigure Reply Relay-forward Relay-reply Table 14 Command output Field Description Packets dropped Number of discarded packets. Packets received Number of received packets. Solicit Number of received solicit packets. Request Number of received request packets.
  • Page 971 Use undo gateway-list to remove gateway addresses from a DHCPv6 address pool. Syntax gateway-list ipv6-address&<1-8> undo gateway-list [ ipv6-address&<1-8> ] Default No gateway address is specified in a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles network-admin Parameters ipv6-address&<1-8>: Specifies a space-separated list of up to eight addresses.
  • Page 972 Usage guidelines This command takes effect only after you enable the DHCPv6 relay agent and the recording of DHCPv6 relay entries on the interface. Examples # Enable client offline detection on VLAN-interface 2. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ipv6 dhcp select relay [Sysname-Vlan-interface2] ipv6 dhcp relay client-information record [Sysname-Vlan-interface2] ipv6 dhcp client-detect ipv6 dhcp relay client-information record...
  • Page 973 Syntax ipv6 dhcp relay gateway ipv6-address undo ipv6 dhcp relay gateway Default The first IPv6 address of the relay interface is used as the gateway address for DHCPv6 clients. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies a gateway address. The IPv6 address must be an IPv6 address of the relay interface.
  • Page 974 Usage guidelines Enable the DHCPv6 relay agent on the interface before executing this command. Otherwise, the command does not take effect. Examples # Specify the BAS mode as the padding mode for the Interface-ID option on VLAN-interface 10. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ipv6 dhcp relay interface-id bas # Specify the interface name mode as the padding mode for the Interface-ID option on...
  • Page 975 Use undo ipv6 dhcp relay server-address to remove DHCPv6 server addresses. Syntax ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ] undo ipv6 dhcp relay server-address [ ipv6-address [ interface interface-type interface-number ] ] Default No DHCPv6 server address is specified on the DHCPv6 relay agent. Views Interface view Predefined user roles...
  • Page 976 undo remote-server [ ipv6-address [ interface interface-type interface-number ] ] Default No DHCPv6 server is specified for the DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles network-admin Parameters ipv6-address: Specifies a DHCPv6 server address. interface interface-type interface-number: Specifies the outgoing interface by its type and number for the DHCPv6 relay agent to forward packets to the DHCPv6 server.
  • Page 977 Examples # Clear all DHCPv6 relay entries that record clients' IPv6 address information. <Sysname> reset ipv6 dhcp relay client-information address Related commands display ipv6 dhcp relay client-information address ipv6 dhcp relay client-information record reset ipv6 dhcp relay client-information pd Use reset ipv6 dhcp relay client-information pd to clear DHCPv6 relay entries that record clients' IPv6 prefix information.
  • Page 978 Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears all relay agent statistics. Examples # Clear packet statistics on the DHCPv6 relay agent. <Sysname> reset ipv6 dhcp relay statistics Related commands display ipv6 dhcp relay statistics DHCPv6 client commands...
  • Page 979 Domain name: aaa.com SIP server addresses: 2:2::4 SIP server domain names: bbb.com Options: Code: 88 Length: 3 bytes Hex: AABBCC Table 15 Command output Field Description Types of DHCPv6 client: • Stateful client requesting address—A DHCPv6 client that requests an IPv6 address.
  • Page 980 Field Description IPv6 prefix obtained. This field is displayed only when the DHCPv6 client type is Prefix Stateful client requesting prefix. Preferred lifetime Preferred lifetime in seconds. valid lifetime Valid lifetime in seconds. Time when the lease expires and the remaining time of the lease. Will expire on Feb 4 2014 at 15:37:20 (288 seconds If the lease expires after the year 2100, this field displays Will expire after...
  • Page 981 Advertise Reconfigure Invalid Packets sent Solicit Request Renew Rebind Information-request : Release Decline Table 16 Command output Field Description Interface Interface that acts as the DHCPv6 client. Packets Received Number of received packets. Reply Number of received reply packets. Advertise Number of received advertise packets.
  • Page 982 Views VLAN interface view Predefined user roles network-admin Parameters option-group option-group-number: Enables the DHCPv6 client to create a dynamic DHCPv6 option group for saving the configuration parameters, and assigns an ID to the option group. The value range for the ID is 1 to 100. If you do not specify this option, the DHCPv6 client does not create any dynamic DHCPv6 option groups.
  • Page 983 ipv6 dhcp client duid Use ipv6 dhcp client duid to configure the DHCPv6 client DUID for an interface. Use undo ipv6 dhcp client duid to restore the default. Syntax ipv6 dhcp client duid { ascii ascii-string | hex hex-string | mac interface-type interface-number } undo ipv6 dhcp client duid Default The interface uses the device bridge MAC address to generate its DHCPv6 client DUID.
  • Page 984 Default An interface does not use DHCPv6 for IPv6 prefix acquisition. Views VLAN interface view Predefined user roles network-admin Parameters prefix-number: Specifies an IPv6 prefix ID in the range of 1 to 1024. After obtaining an IPv6 prefix, the client assigns the ID to the IPv6 prefix. rapid-commit: Supports rapid address or prefix assignment.
  • Page 985 rapid-commit: Supports rapid address and prefix assignment. option-group option-group-number: Enables the DHCPv6 client to create a dynamic DHCPv6 option group for saving the configuration parameters, and assigns an ID to the option group. The value range for the ID is 1 to 100. If you do not specify this option, the DHCPv6 client does not create any dynamic DHCPv6 option groups.
  • Page 986 reset ipv6 dhcp client statistics Use reset ipv6 dhcp client statistics to clear DHCPv6 client statistics. Syntax reset ipv6 dhcp client statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears all DHCPv6 client statistics.
  • Page 987 <Sysname> display ipv6 dhcp snooping binding 1 DHCPv6 snooping entries found. IPv6 address MAC address Lease VLAN SVLAN Interface ================ ============== =========== ==== ===== ======================== 2::1 00e0-fc00-0006 54 Ten-GigabitEthernet1/0/1 Table 17 Command output Field Description IPv6 Address IPv6 address assigned to the DHCPv6 client. MAC Address MAC address of the DHCPv6 client.
  • Page 988 Table 18 Command output Field Description File name Name of the DHCPv6 snooping entry backup file. Username Username for accessing the URL of the remote backup file. Password for accessing the URL of the remote backup file. This field displays ****** if Password a password is configured.
  • Page 989 Views Any view Predefined user roles network-admin network-operator Examples # Display information about trusted ports. <Sysname> display ipv6 dhcp snooping trust DHCPv6 snooping is enabled. Interface Trusted ========================= ============ Ten-GigabitEthernet1/0/1 Trusted The output shows that DHCPv6 snooping is enabled and Ten-GigabitEthernet 1/0/1 is the trusted port.
  • Page 990 simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form. string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters. Do not specify this argument if a password is not required for accessing the URL of the remote backup file.
  • Page 991 Use undo ipv6 dhcp snooping binding database update interval to restore the default. Syntax ipv6 dhcp snooping binding database update interval interval undo ipv6 dhcp snooping binding database update interval Default The DHCPv6 snooping device waits 300 seconds to update the backup file after a DHCPv6 snooping entry change.
  • Page 992 <Sysname> system-view [Sysname] ipv6 dhcp snooping binding database update now Related commands ipv6 dhcp snooping binding database filename ipv6 dhcp snooping binding record Use ipv6 dhcp snooping binding record to enable recording of client information in DHCPv6 snooping entries. Use undo ipv6 dhcp snooping binding record to disable the feature. Syntax ipv6 dhcp snooping binding record undo ipv6 dhcp snooping binding record...
  • Page 993 Predefined user roles network-admin Usage guidelines Use the DHCPv6-REQUEST check feature to protect the DHCPv6 server against DHCPv6 client spoofing attacks. The feature enables the DHCPv6 snooping device to check every received DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries.
  • Page 994 Use undo ipv6 dhcp snooping enable to disable DHCPv6 snooping. Syntax ipv6 dhcp snooping enable undo ipv6 dhcp snooping enable Default DHCPv6 snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines Use the DHCPv6 snooping feature together with trusted port configuration. Trusted ports forward responses from DHCPv6 servers and untrusted ports discard responses from DHCPv6 servers.
  • Page 995 Examples # Enable DHCPv6 snooping logging. <Sysname> system-view [Sysname] ipv6 dhcp snooping log enable ipv6 dhcp snooping max-learning-num Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping entries for an interface to learn. Use undo ipv6 dhcp snooping max-learning-num to restore the default. Syntax ipv6 dhcp snooping max-learning-num max-number undo ipv6 dhcp snooping max-learning-num...
  • Page 996 Predefined user roles network-admin Usage guidelines This command takes effect only when DHCPv6 snooping is globally enabled. Examples # Enable support for Option 18. <Sysname> system-view [Sysname] ipv6 dhcp snooping enable [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id enable Related commands ipv6 dhcp snooping enable ipv6 dhcp snooping option interface-id string...
  • Page 997 ipv6 dhcp snooping option interface-id enable ipv6 dhcp snooping option remote-id enable Use ipv6 dhcp snooping option remote-id enable to enable support for the remote-ID option (also called Option 37). Use undo ipv6 dhcp snooping option remote-id enable to disable support for the remote-ID option.
  • Page 998 Predefined user roles network-admin Parameters vlan vlan-id: Pads the remote ID for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the remote ID for packets received from the default VLAN. remote-id: Specifies the a string of 1 to 128 characters as the remote ID. Examples # Specify device001 as the remote ID.
  • Page 999 Examples # Configure Ten-GigabitEthernet 1/0/1 to receive DHCPv6 packets at a maximum rate of 64 Kbps. <Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] ipv6 dhcp snooping rate-limit 64 ipv6 dhcp snooping trust Use ipv6 dhcp snooping trust to configure a port as a trusted port. Use undo ipv6 dhcp snooping trust to restore the default state of a port.
  • Page 1000 vlan vlan-id: Clears DHCPv6 snooping entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCPv6 snooping entries for the default VLAN. all: Clears all DHCPv6 snooping entries. Examples # Clear all DHCPv6 snooping entries. <Sysname>...

This manual is also suitable for:

S6813 seriesS5150-ei

Table of Contents