3Com 8807 Command Reference Manual
  1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Switch
  5. Switch 8807
  6. Command reference manual
3Com 8807 Command Reference Manual

3Com 8807 Command Reference Manual

8800 series
Hide thumbs Also See for 8807:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Installation Manual
®
3Com
Switch 8800 Family

Command Reference Guide

Switch 8807
Switch 8810
Switch 8814
www.3Com.com
Part No. 10015595, Rev. AA
Published: January 2007

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 8807 and is the answer not in the manual?

Questions and answers

Related Manuals for 3Com 8807

Summary of Contents for 3Com 8807

  • Page 1: Command Reference Guide

    ® 3Com Switch 8800 Family Command Reference Guide Switch 8807 Switch 8810 Switch 8814 www.3Com.com Part No. 10015595, Rev. AA Published: January 2007...
  • Page 2 LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

  • Page 3: Table Of Contents

    655 aggregate 707 anti-attack 293 apply as-path 547 apply community 548 apply cost 548 apply cost-type 549 apply ip next-hop 550 apply isis 550 apply local-preference 551 apply mpls-label 708 apply origin 551 apply tag 552 area 414 area-authentication-mode 461...
  • Page 4 499 binary 991 boot boot-loader 981 boot bootrom 982 broadcast-restrain 773 broadcast-suppression 129 broadcast-suppression 583 bsr-policy 617 bye 962 bye 992 cache-sa-enable 637 c-bsr 618 ccc 761 cd 962 cd 971 cd 992 cdup 963 cdup 992 ce 766...
  • Page 5 993 debugging arp 811 debugging arp packet 812 debugging bgp 503 debugging bgp 709 debugging bgp mp-update 656 debugging dhcp relay 850 debugging dhcp server 825 debugging dns 862 debugging ha 801 debugging hwtacacs 354 debugging igmp 603 debugging isis 463...
  • Page 6 775 destination-ip 1074 dhcp enable 823 dhcp relay information enable 855 dhcp relay information format 856 dhcp relay information format verbose node-identifier 857 dhcp relay information strategy 856 dhcp relay security 851 dhcp relay security address-check 852 dhcp select 823...
  • Page 7 658 display bgp multicast network 659 display bgp multicast peer 659 display bgp multicast routing-table 659 display bgp multicast routing-table as-path-acl 660 display bgp multicast routing-table cidr 660 display bgp multicast routing-table community 661 display bgp multicast routing-table community-list 661...
  • Page 8 99 display ip interface 99 display ip ip-prefix 553 display ip netstream cache 869 display ip netstream export 870 display ip routing-table 381 display ip routing-table acl 382 display ip routing-table ip-address 385 display ip routing-table ip-address1 ip-address2 386...
  • Page 9 387 display ip routing-table protocol 388 display ip routing-table radix 390 display ip routing-table statistics 390 display ip routing-table verbose 392 display ip routing-table vpn-instance 391 display ip routing-table vpn-instance 713 display ip socket 110 display ip statistics 111...
  • Page 10 435 display ospf asbr-summary 423 display ospf brief 424 display ospf cumulative 425 display ospf error 426 display ospf graceful-restart status 435 display ospf interface 428 display ospf lsdb 429 display ospf nexthop 431 display ospf peer 432...
  • Page 11 238 display qos-interface traffic-limit 239 display qos-interface traffic-priority 240 display qos-interface traffic-redirect 240 display qos-interface traffic-shape 241 display qos-interface traffic-statistic rate 241 display qos-vlan all 242 display qos-vlan traffic-limit 243 display qos-vlan traffic-priority 244 display qos-vlan traffic-redirect 245...
  • Page 12 355 display stp 172 display stp region-configuration 174 display stp tc 175 display supervision-module information 891 display supervlan 91 display switchover state 801 display tcp statistics 112 display tcp status 114 display this 72 display time-range 219...
  • Page 13 302 dot1x retry 302 dot1x supp-proxy-check 303 dot1x timer 304 drop-mode 246 dscp 247 duplex 135 enable 871 enable snmp trap 905 encapsulation 779 execute 973 exit 964 exp 248 expired 842 file prompt 974 filter-policy export 399...
  • Page 14 1077 host-route 401 hwtacacs nas-ip 356 hwtacacs scheme 356 idle-cut 317 idle-timeout 52 if-match { acl | ip-prefix } 556 if-match as-path 556 if-match community 557 if-match cost 558 if-match interface 558 if-match ip next-hop 559 if-match mpls-label 719...
  • Page 15 401 import-route 442 import-route 474 import-route 521 import-route 664 import-route 721 import-route isis level-2 into level-1 474 import-route-limit 442 import-source 641 info-center channel name 1008 info-center console channel 1009 info-center enable 1010 info-center logbuffer 1010 info-center logfile 1011 info-center loghost 1012...
  • Page 16 478 isis dis-priority 478 isis enable 479 isis mesh-group 480 isis timer csnp 481 isis timer hello 481 isis timer hello minimal 482 isis timer holding-multiplier 483 isis timer lsp 484 isis timer retransmit 485 is-level 486 isolate-user-vlan 96...
  • Page 17 1047 loopback-detection disable 1047 loopback-detection enable 1045 loopback-detection enable vlan 1045 loopback-detection interval-time 1046 ls 965 ls 996 lsp-trigger 684 mac-address 162 mac-address 781 mac-address max-mac-count 163 mac-address max-mac-count enable 164 mac-address max-mac-count max-mac-num 166 mac-address multicast 599...
  • Page 18 845 network-entity 487 NQA 1077 nqa-agent enable 1078 nqa-agent max-requests 1078 nssa 444 ntp-service access 932 ntp-service authentication enable 933 ntp-service authentication-keyid 933 ntp-service broadcast-client 934 ntp-service broadcast-server 934 ntp-service max-dynamic-sessions 935 ntp-service multicast-client 936 ntp-service multicast-server 936 ntp-service refclock-master 937...
  • Page 19 448 ospf mtu-enable 448 ospf network-type 449 ospf timer dead 449 ospf timer hello 450 ospf timer retransmit 451 ospf trans-delay 452 packet-filter 223 packet-filter 282 parity 55 passive 997 password 1090 password 321 password-control 1091 password-control enable 1093...
  • Page 20 670 peer filter-policy export 735 peer filter-policy import 529 peer filter-policy import 670 peer filter-policy import 735 peer graceful-restart 530 peer group 531 peer group 671 peer group 736 peer ip-prefix export 531 peer ip-prefix export 672...
  • Page 21 745 peer vpn-instance route-policy import 746 peer-public-key end 947 pim 627 pim bsr-boundary 628 pim dm 628 pim neighbor-limit 629 pim neighbor-policy 630 pim sm 630 pim timer hello 631 ping 1035 poe enable 882 poe enable slot 882...
  • Page 22 748 primary accounting 338 primary accounting 358 primary authentication 339 primary authentication 359 primary authorization 360 priority 255 private-group-id mode standard 323 probe-failtimes 1079 protocol inbound 56 protocol inbound 948 protocol-vlan 86 public-key-code begin 949 public-key-code end 949 put 966...
  • Page 23 542 reset bgp flap-info 542 reset bgp group 543 reset counters interface 146 reset dampening 543 reset dhcp server conflict 847 reset dhcp server ip-in-use 847 reset dhcp server statistics 848 reset dns dynamic-host 866 reset dot1x statistics 306...
  • Page 24 750 route-policy 563 router id 454 router route-limit 565 router VRF-limit 565 route-rely 567 route-tag 751 routing-table limit 753 rsa local-key-pair create 950 rsa local-key-pair destroy 951 rsa peer-public-key 951 rule 225 rule permit mpls l2label-range 784 save 74...
  • Page 25 276 snmp-agent community 906 snmp-agent group 277 snmp-agent group 907 snmp-agent local-engineid 908 snmp-agent mib-view 908 snmp-agent packet max-size 909 snmp-agent sys-info 910 snmp-agent target-host 911 snmp-agent trap enable 912 snmp-agent trap enable ldp 686 snmp-agent trap enable lsp 687...
  • Page 26 456 snmp-agent trap life 913 snmp-agent trap queue-size 914 snmp-agent trap source 914 snmp-agent usm-user 278 snmp-agent usm-user 915 source-interface 1082 source-ip 1082 source-policy 634 speed 147 speed 61 spf-delay-interval 491 spf-schedule-interval 457 spf-slice-size 491 ssh authentication-type default 955...
  • Page 27 184 stp instance root secondary 201 stp interface 185 stp interface edged-port 186 stp interface instance cost 185 stp interface instance port priority 187 stp interface loop-protection 188 stp interface mcheck 189 stp interface no-agreement-check 190 stp interface point-to-point 191...
  • Page 28 266 traffic-priority 285 traffic-redirect 1065 traffic-redirect 268 traffic-redirect 287 traffic-redirect 752 traffic-shape 271 traffic-statistic 272 traffic-statistic 288 trap-to-cpu disable 81 trap-to-cpu disable vlan 82 ttl 1086 udp-helper enable 896 udp-helper port 897 udp-helper server 897 umount 979 undelete 979...
  • Page 29 787 undo snmp-agent 916 update l3plus 989 user 1000 user privilege level 64 user-interface 64 user-name-format 351 user-name-format 366 verbose 1000 vlan 82 vlan vpn-range 756 vlan-assignment-mode 326 vlan-mapping modulo 208 vlan-type ip-subnet 90 vlan-vpn enable 1067...
  • Page 31 Conventions Related Documentation OMMAND NTERFACE OMMANDS Command Line Interface Commands OMMANDS SED TO OG IN TO WITCH Logging in to Switch Commands ONFIGURATION ANAGEMENT OMMANDS Configuration File Management Commands VLAN C ONFIGURATION OMMANDS VLAN Configuration Commands Port-Based VLAN Configuration Commands...
  • Page 32 ACL C OMMANDS ACL Commands OMMANDS QoS Commands ACL C ONTROL OMMANDS TO ONTROL OGIN SERS The ACL Control Commands to Control Login Users VLAN-ACL C ONFIGURATION OMMANDS VLAN-ACL Configuration Commands 802.1 ONFIGURATION OMMANDS 802.1x Configuration Commands RADIUS/HWTACACS P ROTOCOL...
  • Page 33 TATIC OUTE ONFIGURATION OMMANDS Display Commands of the Routing Table Static Route Configuration Commands RIP C ONFIGURATION OMMANDS RIP Configuration Commands OSPF C ONFIGURATION OMMANDS OSPF Configuration Commands IS-IS C NTEGRATED ONFIGURATION OMMANDS Integrated IS-IS Configuration Commands BGP C ONFIGURATION...
  • Page 34 PIM Configuration Commands MSDP C ONFIGURATION OMMANDS MSDP Configuration Commands MBGP M ULTICAST XTENSION ONFIGURATION OMMANDS MBGP Multicast Extension Configuration Commands MPLS B ASIC ONFIGURATION OMMANDS MPLS Basic Configuration Commands LDP Configuration Commands BGP/MPLS VPN C ONFIGURATION OMMANDS MPLS VLL C...
  • Page 35 ETSTREAM ONFIGURATION OMMANDS Netstream Configuration Commands ONFIGURATION OMMANDS PoE Configuration Commands E PSU S UPERVISION OMMANDS PoE PSU Supervision Display Commands PoE PSU Supervision Configuration Commands UDP H ELPER ONFIGURATION OMMANDS UDP Helper Configuration Commands SNMP C ONFIGURATION OMMANDS SNMP Configuration Commands...
  • Page 36 1001 NFORMATION ENTER Information Center Configuration Commands 1003 YSTEM AINTENANCE OMMANDS Basic System Configuration and Management Commands 1025 System Status and System Information Query Commands 1028 System Debug Commands 1033 Network Connection Test Commands 1035 ROTOCOL ECURITY ONFIGURATION OMMANDS Protocol Port security Configuration Commands...
  • Page 37 (+), for example: Press Ctrl+Alt+Del The words “enter” and “type” When you see the word “enter” in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says “type.”...

  • Page 38: Related Documentation

    Convention Description Words in italics Italics are used to: Emphasize a point. Denote a new term at the place where it is defined in the text. Identify menu names, menu commands, and software button names. Examples: From the Help menu, select Contents.

  • Page 39: Command-Privilege Level

    When a user logs in to the switch, the command level that it can access depends on two points. One is the command level that the user itself can access, the other is the set command level of this user interface.

  • Page 40: Display History-Command

    The display history-command command is used to query selectively the history commands. All the history commands are stored in the history command buffer. When the history command buffer is full, the oldest information in the buffer will be replaced by new information.
  • Page 41 If you only specify Command-Number, the Command-Number pieces of ■ commands executed recently will be displayed. If you specify a regular expression "| { begin | include | exclude } ■ Match-string", all the commands that have been successfully executed by the user and that match the regular expression.

  • Page 42: Super

    Use the super command to enable the user to change to user level from the current user level. If the user has set the super password [ level level ] { simple | cipher } password, then user password of the higher level is needed, or the former...

  • Page 43: Super Password

    Parameter level: Specifies the entering password of the specified priority, ranging from 1 to 3. The default value is 3, i.e. do not specify user level. It means the password to be set is used for entering level 3. simple: Displays the current password with plain text.
  • Page 44 1: C HAPTER OMMAND NTERFACE OMMANDS <SW8800>system-view System View: return to User View with Ctrl+Z. [SW8800] super password level 3 simple zbr...

  • Page 45: Authentication-Mode

    By default, terminal authentication is not required for local users log in via the Console port. However, password authentication is required for local users and remote Modem users to log in via the AUX port, and for Telnet users and VTY users to log in through Ethernet port.

  • Page 46: Auto-Execute Command

    Therefore use caution when using this command. Ensure that you will be able to log in to the system in some other way to cancel ■ the configuration, before you configure the auto-execute command command and save the configuration.

  • Page 47: Databits

    Use the databits command to configure the data bits for the user interface. Use the undo databits command to restore the default bits of the user interface. This command can only be performed in Console and AUX user interface view.

  • Page 48: Display Users

    Tx/Rx User interface speed Modem Modem operation mode Privi Which levels of commands can be used after logging in from the user interface Auth User interface authentication method The physical location of user interfaces # Display the summary information of user interface 0.

  • Page 49: Flow-Control

    Field Description Current user interface is in use and work in asynchronous mode. Number of the first list is the absolute number of user interface. Number of the second list is the relative number of user interface. Delay Indicates the interval from the latest input till now in seconds.

  • Page 50: Free User-Interface

    # Release user interface 1 after logged in to the switch via user interface 0. <SW8800> free user-interface 1 After the command is executed, user interface 1 will be disconnected. It will not be connected to the switch until you log in via the user interface 1 for the next time. header...
  • Page 51 The system supports two types of input modes: one is to input all the text in one line, and altogether 256 characters, including command key word, can be input; the other is to input all the text in several lines using the <Enter>...
  • Page 52 "Hello, welcome!" is displayed on the terminal screen. The initial character 0 is not header content. 2 You can also input the header content in a single line. In this case, the beginning and the end character serve as the identifiers and must be the same. For example, <SW8800>...

  • Page 53: History-Command Max-Size

    View User interface view Parameter value: Defines the size of the history buffer, ranging from 0 to 256. By default, the size is 10, that is, 10 history commands can be saved. Description Use the history-command max-size command to configure the size of the history command buffer.

  • Page 54: Idle-Timeout

    Specifies the minute, ranging from 0 to 35791. seconds: Specifies the second, ranging from 0 to 59. Description Use the idle-timeout command to configure the timeout function. If there is no user operation performed before idle-timeout expires, the user interface will be disconnected.

  • Page 55: Lock

    Syntax lock View User view Parameter None Description Use the lock command to lock the user interface to prevent unauthorized user from operating it. Example # Lock the current user interface. <SW8800> lock Password: xxxx Again: xxxx modem Syntax...

  • Page 56: Modem Auto-Answer

    By default, the mode is set to manual answer. This command can only be performed in AUX user interface view. Example # Configure the answer mode of the Modem on the AUX port as auto-answer. <SW8800>system-view System View: return to User View with Ctrl+Z.

  • Page 57: Parity

    Configures to perform space parity. Description Use the parity command to configure the parity mode on the user interface. Use the undo parity command to restore the default parity mode. This command can only be performed in Console and AUX user interface view.

  • Page 58: Protocol Inbound

    None Description Use the quit command to return to the lower level view from the current view. If the current view is user view, you can quit the system. There are three levels of views, which are listed from low to high as follows: User view ■...

  • Page 59: Return

    View System view or above Parameter None Description Use the return command to return to user view from a view other than user view. Combination key <Ctrl+Z> performs the same function with the return command. Related command: quit. Example # Return to user view from system view.

  • Page 60: Send

    For Aux or Console user types, it can be 0 only. For VTY user type, it ranges from 0 to 4. If the type is not specified, it is an absolute number, which ranges from 0 to 6.

  • Page 61: Set Authentication Password

    If the authentication is in the cipher mode, the password can be either in encrypted text or in plain text. The result is determined by the input. A plain text password is a sequential character string of no more than 16 digits, for example, 3com918.

  • Page 62: Shell

    ■ You will be asked to confirm before executing this command on any legal user ■ interface. Example # Disable terminal service on the vty user interface 0 to 4 after logging in to the switch via user interface 0.

  • Page 63: Speed

    View User interface view Parameter speed-value: Specifies the transmission rate on the user interface in bps, which can be 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, or 115200. The default rate is 9600 bps. Description Use the speed command to configure the transmission rate on the user interface.

  • Page 64: Sysname

    Use the undo stopbits command to restore the default stop bits. This command can only be performed in Console and AUX user interface view. By default, the value is 1. Note that setting 1.5 stop bits is not available on 3Com Switch 8800 Family Series Routing Switches at present. Example # Set stop bits to 2.

  • Page 65: Telnet

    0 to 65535. Description Use the telnet command to log in to another switch from the current one via telnet for remote management. To terminate the Telnet login, press <Ctrl+K>. By default, when the service-port is not specified, the default telnet port number is Related command: display tcp status and ip host.

  • Page 66: User Privilege Level

    0 to 6. last-number: Specifies the number of the last user interface to be configured. It must be an integer in the range of 1 to 6 and it must be greater than the value of first-number.
  • Page 67 System View: return to User View with Ctrl+Z. [SW8800] user-interface vty 0 [3Com-ui-vty0] user privilege level 0 # After you telnet from VTY 0 user interface to the switch, you will view the terminal only displays commands at level 0. <SW8800> ?
  • Page 68 2: C HAPTER OMMANDS SED TO OG IN TO WITCH...

  • Page 69: Display Current-Configuration

    Commands display Syntax current-configuration display current-configuration [ controller | interface interface-type interface-number | configuration [ configuration ] ] [ | { begin | exclude | include } regular-expression ] View Any view Parameter controller: Views the configuration information of controllers.
  • Page 70 If a user needs to authenticate whether the configurations are correct after finishing a set of configuration, the display current-configuration command can be used to display the running parameters. Although the user has configured some parameters, but the related functions are not effective, they are not displayed.
  • Page 71 10.1.1.0 0.0.0.255 user-interface aux 0 user-interface vty 0 4 return # View the lines containing the character string "10*.110" in the configuration information. The "*" indicates that the "0" before it can appear 0 times or multiple consecutive times.
  • Page 72 10.1.1.0 0.0.0.255 # View configuration information begin with "user". <SW8800> display current-configuration | include ^user user-interface aux 0 user-interface vty 0 4 # View the pre-positive and post-positive configuration information. <SW8800> display current-configuration configuration sysname 3Com radius scheme system server-type nec primary authentication 127.0.0.1 1645...

  • Page 73: Display Saved-Configuration

    Switch. Related command: save, reset saved-configuration and display current-configuration. Example # Display configuration files in flash memory or CF card of the switch. <SW8800> display saved-configuration sysname 3Com local-user abc password simple abc...

  • Page 74: Display Startup

    Use the display this command to display the running configuration of the current view. If you need to authenticate whether the configurations is correct after you have finished a set of configurations under a view, you can use the display this command to view the running parameters.

  • Page 75: Reset Saved-Configuration

    Erase the original configuration files for reconfiguration. If the configuration files do not exist in the flash memory when the switch is electrified and initialized, it will enter setup switch view automatically.

  • Page 76: Save

    View User view Parameter cfgfile: Name of the configuration file. It is a string with a length of 5 to 56 characters. Description Use the startup saved-configuration command to configure the configuration file used for enabling the system for the next time.
  • Page 77 Configuration File Management Commands The extension of configuration file must be .cfg, and the startup configuration file must be saved under the directory where the memory resides. The memory is Flash. Related command: display startup. Example # Configure the configuration file for the next start-up...
  • Page 78 3: C HAPTER ONFIGURATION ANAGEMENT OMMANDS...

  • Page 79: Description

    Description character string of current VLAN or VLAN interface. For VLAN, it ranges from 1 to 32 characters. For VLAN interface, it ranges from 1 to 64 characters. The default description character string of current VLAN is VLAN ID of the VLAN, e.g.

  • Page 80: Display Interface Vlan-Interface

    MAC address, IP address and sub-net mask, description character string and MTU, etc. With vlan-id specified, only the information about the specified VLAN interface will be displayed. If no vlan-id is specified, the information about all the existing VLAN interfaces will be displayed. Related command: interface vlan-interface.

  • Page 81: Display Vlan

    If vlan-id or all is specified, information of specified VLAN or all VLANs is displayed. It includes: VLAN ID, VLAN type (dynamic or static), whether the routing function has been enabled on this VLAN (if enabled, the main IP address and mask will be displayed), VLAN description, and the ports VLAN contains.

  • Page 82: Interface Vlan-Interface

    View VLAN view Parameter string: Name of the current VLAN, a string of 1 to 32 characters. The default value is the VLAN ID of the VLAN. Description Use the name command to name the current VLAN. Use the undo name command to restore the default name of the current VLAN.

  • Page 83: Shutdown

    Use the undo shutdown command to enable the VLAN interface. By default, when all the Ethernet ports in a VLAN are in the Down state, this VLAN interface is also Down. When there are one or more Ethernet ports in the Up state, this VLAN interface is also Up.

  • Page 84: Trap-To-Cpu Disable Vlan

    Specifies the list of VLANs that contain a CPU port, expressed in form of vlan-list = { vlan-id [ to vlan-id ] } &<1-10>. The vlan-id before the keyword to must be larger than or equal to the vlan-id after to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

  • Page 85: Port

    Port-Based VLAN Configuration Commands all: Deletes all VLANs. Description Use the vlan vlan-id-list command to enter VLAN view or to create a range of VLANs. Use the undo vlan command to delete the specified VLAN. If only one VLAN is created, the system will automatically enter the view of the VLAN just created.

  • Page 86: Display Protocol-Vlan Interface

    4: VLAN C HAPTER ONFIGURATION OMMANDS Note that you can add/delete trunk port and hybrid port to/from VLAN by the port and undo port commands in Ethernet port view, but not in VLAN view. Related command: display vlan. Example # Add Ethernet2/1/1 through Ethernet2/1/3 to VLAN 2.

  • Page 87: Display Vlan-Protocol-Vlan Vlan

    Any view Parameter vlan-list: Specifies a VLAN list. It is expressed in the form of vlan-list = { vlan-id [ to vlan-id ] }, where the vlan-id after the keyword to must be larger than or equal to the vlan-id before to.

  • Page 88: Protocol-Vlan

    Syntax protocol-vlan [ protocol-index ] { at | ipx { ethernetii | llc | raw | snap } | mode { ethernetii [ etype etype-id ] | llc [ dsap dsap-id ] [ ssap ssap-id ] | snap [ etype...

  • Page 89: Display Vlan-Ip Vlan

    View Any view Parameter vlan-list: Displays the information of a specified IP subnet-based VLAN, in the form of vlan-list = { vlan-id [ to vlan-id ] }. all: Displays the protocol information and indexes of all the IP subnet-based VLANs.

  • Page 90: Display Vlan-Ip Interface

    Description Use the display vlan-ip vlan command to display the information and index of the IP subnet-based VLAN configured on the specified VLAN. You can refer to this command for using an IP subnet-based VLAN and adding/deleting an IP subnet-based VLAN.

  • Page 91: Port Hybrid Ip-Vlan Vlan

    View Ethernet port view Parameter vlan-id: Specifies the ID of the IP subnet-based VLAN to be delivered or deleted. Description Use the port hybrid ip-vlan vlan command to associate a specified port with an IP subnet-based VLAN.

  • Page 92: Vlan-Type Ip-Subnet

    VLAN view Parameter ip-address: IP address net-mask: Mask of an IP address. If no mask is specified, the default mask is 255.255.255.0. net-mask-length: Mask length of an IP address index-begin: Initial value of an IP subnet-based VLAN index, ranging from 0 to 11.

  • Page 93: Display Supervlan

    [ supervlan-id ] View Any view Parameter supervlan-id: VLAN ID of a configured super VLAN. This argument ranges from 1 to 4094. Description Use the display supervlan command to display mapping relationship between a specified super VLAN and sub VLANs, and the ports that identify the mapping relationship.

  • Page 94: Subvlan

    VLAN view of super VLAN Parameter sub-vlan-list: List of sub VLANs. It is expressed in the form of sub-vlan-list = { vlan-id [ to vlan-id }&<1-10>. The vlan-id after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

  • Page 95: Supervlan

    The undo subvlan command cancels all mapping relationships between the ■ specified super VLAN and all sub VLANs. If you do not specify the sub-vlan-list argument. Otherwise, this command cancels the mapping relationship between the specified sub VLAN and the specified super VLAN.
  • Page 96 5: S VLAN C HAPTER UPER ONFIGURATION OMMANDS...

  • Page 97: Display Isolate-User-Vlan

    Parameter isolate-user-vlan-num: VLAN ID of an isolate-user-VLAN. Description Use the display isolate-user-vlan command to view the mapping relationships between isolate-user-VLANs and Secondary VLANs and the ports identifying the mapping relationships between isolate-user-vlan and Secondary VLAN. Related command: isolate-user-vlan enable, isolate-user-vlan.

  • Page 98: Isolate-User-Vlan

    Route Interface Whether VLAN has route function Description VLAN description Tagged Ports Identifies the ports on which the VLAN packets are to be tagged Untagged Ports Identifies the ports on which the VLAN packets are not to be tagged isolate-user-vlan...

  • Page 99: Isolate-User-Vlan Enable

    After this command is executed, the mapping relationship between isolate-user-vlan and Secondary VLAN is established. The actual operation include: for access ports or hybrid ports whose PVIDs are the same as isolate-user-VLAN IDs and join to isolate-user-vlans in the untagged mode, add the ports of isolate-user-VLAN to every Secondary VLAN and add the ports of all Secondary VLANs to isolate-user-VLAN.
  • Page 100 VLAN, such as Secondary VLAN, multicast VLAN, Super VLAN/Sub VLAN, Guest VLAN and VLAN running L2VPN services. You cannot directly configure Secondary VLAN as other type of VLAN than common VLAN, such as isolate-user-VLAN, multicast VLAN, super VLAN/sub VLAN, guest VLAN and VLAN running L2VPN services.

  • Page 101: Display Ip Host

    IP address is static. If you resolve the host name through DNS, the relationship between the host name and the IP address is dynamic.
  • Page 102 Refer to the interface command in Port Command Manual for more information. Description Use the display ip interface command to display information about an interface. Example # Display the information about interface VLAN-interface 1.

  • Page 103: Ip Address

    Corresponding subnet mask in dotted decimal format. mask-length: Mask length. That is, the number of bits with a value of 1. sub: Specifies the IP address to be configured to be the secondary IP address of the VLAN interface/loopback interface.
  • Page 104 IP address configured. Normally, a VLAN interface/loopback interface/console interface only needs to be configured with one IP address. But you can also assign up to 21 IP addresses to a VLAN interface/loopback interface/console interface to enable it to connect to multiple subnets.

  • Page 105: Ip Icmp-Time-Exceed Enable

    IP Address Configuration Commands Parameter hostname: Name of the host. It is a character string that consists of 1 to 20 characters, including letters, numbers, "_", or ",", and it must contain at least one letter. ip-address: Host IP address (the corresponding IP address to the host name) in dotted decimal notation.

  • Page 106: Ip-Protect Enable

    ARP mapping entries, and existing dynamic ARP mapping entries will be removed. At the same time, the switch will enable the MAC address auto filling function, so that the user can configure static ARP entries that have only IP address.

  • Page 107: Display Fib

    Any view Parameter None Description Use the display fib command to view the entries of the forwarding information base. Each line outputs indicates a FIB entry. The information includes destination address/mask length, next hop, current flag, timestamp and outbound interface. Example # Display the entries of the Forwarding Information Base.

  • Page 108: Display Fib Ip-Address

    Timestamp Interface The forwarding interface display fib ip-address Syntax display fib [ ip-address1 { mask1 | mask-length1 } [ ip-address2 { mask2 | mask-length2 } | longer ] | longer ] View Any view Parameter ip-address1, ip-address2: Destination IP address, in dotted decimal format.

  • Page 109: Display Fib Acl

    ACL in number form, in the range 2000 to 2999 name: ACL in name form, a string of 1 to 32 characters. Description Use the display fib command to view the FIB entries matching a specific ACL. Example # Display the FIB entries matching ACL 2000.

  • Page 110: Display Fib Ip-Prefix

    ONFIGURATION OMMANDS Description Use the display fib | command to view the FIB entries which are output from the buffer according to regular expression and related to the specific character string. Example # Display the lines starting from the first one containing the string 169.254.0.0 <SW8800>...

  • Page 111: Display Icmp Statistics

    View Any view Parameter None Description Use the display icmp statistics command to view the statistics information about ICMP packets. Related command: display ip interface, reset ip statistics. Example # View statistics about ICMP packets. <SW8800> display icmp statistics...

  • Page 112: Display Ip Socket

    The type of a socket (tcp:1, udp: 2, raw ip: 3). task-id: The ID of a task, with the value ranging from 1 to 100. socket-id: The ID of a socket, with the value ranging from 0 to 3072.

  • Page 113: Display Ip Statistics

    The receiving buffer size of the socket sb_cc The current data size in the sending buffer. The value makes sense only for the socket of TCP type, because only TCP is able to cache data rb_cc The current data size in the receiving buffer...

  • Page 114: Display Tcp Statistics

    8: IP P HAPTER ERFORMANCE ONFIGURATION OMMANDS Table 15 Description on the fields of the display ip statistics command Field Description Sum of input packets local Number of received packets whose destination is the local device bad protocol Number of packets with...
  • Page 115 Initiated connections: 0, accepted connections: 0, established connections: 0 Closed connections: 0 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 16 Description on the fields of the display tcp statistics command Field Description Received packets...

  • Page 116: Display Tcp Status

    Packets permitted with MD5 authentication: 0 Number of packets permitted with MD5 authentication: 0 display tcp status Syntax display tcp status View Any view Parameter None Description Use the display tcp status command to view all TCP connection states. This helps user monitor TCP connection at any time.

  • Page 117: Display Udp Statistics

    The displayed information indicates that a TCP connection is established. The local IP address of this TCP connection is 100.0.0.204, and the local port number is 23. The remote IP address is 100.0.0.253, and the remote port number is 65508. In addition, there is a local server process which listens to the port 4001.

  • Page 118: Reset Ip Statistics

    8: IP P HAPTER ERFORMANCE ONFIGURATION OMMANDS Table 17 Description on the fields of the display udp statistics command Field Description checksum error: 0 Number of checksum errors: 0 shorter than header: 0, data Cases that the length of the packets is shorter than the...

  • Page 119: Reset Udp Statistics

    View System view Parameter time-value: TCP finwait timer value in second, with the value ranging from 76 to 3600; By default, it is 675 seconds. Description Use the tcp timer fin-timeout command to configure the TCP finwait timer.

  • Page 120: Tcp Timer Syn-Timeout

    Use the undo tcp timer syn-timeout command to restore the default value of the timer. TCP enables the synwait timer if a SYN packet is sent. The TCP connection is terminated if the response packet is not received. Related command: tcp timer fin-timeout, tcp window.
  • Page 121 IP Performance Configuration Commands <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] tcp window 3...
  • Page 122 8: IP P HAPTER ERFORMANCE ONFIGURATION OMMANDS...

  • Page 123: Display Garp Statistics

    [ to interface-type interface-number] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface number after the keyword to must be larger than or equal to that before to. &<1-10> represents that the preceding parameter can be repeated up to 10 times.

  • Page 124: Garp Timer

    ] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

  • Page 125: Garp Timer Leaveall

    Use the undo garp timer command to restore the default value of GARP timer. The value range of a timer varies with the values of other timers. So if the value of a timer you want to set is not within the available value range, you can change the value range by changing the values of other related timers.

  • Page 126: Display Gvrp Statistics

    [ to interface-type interface-num] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface-number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

  • Page 127: Display Gvrp Status

    }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface-number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.

  • Page 128: Gvrp

    View Ethernet port view Parameter fixed: Enables to create or register VLAN on the port manually and disables to register or deregister VLAN dynamically. forbidden: Deregisters all VLANs except VLAN 1 and disables to create or register any other VLAN on the port.
  • Page 129 GVRP Configuration Commands Use the undo gvrp registration command to restore the default type. By default, the registration type is normal. This command can be only used on Trunk port. Related command: display gvrp statistics. Example # Set the GVRP registration type of Ethernet2/1/1 as fixed.
  • Page 130 9: GARP&GVRP C HAPTER ONFIGURATION OMMANDS...

  • Page 131: Broadcast-Suppression

    Specifies the maximum wire speed ratio of the broadcast traffic allowed on the port. The value range is 1 to 100, and the default value is 50. The smaller the ratio is, the smaller the broadcast traffic is allowed.

  • Page 132: Copy Configuration

    Source or destination aggregation group ID. If it is a source aggregation group, the port with minimum port number is the source port; if it is a destination aggregation group, the configurations of all its member ports change to be consistent with that of the source.

  • Page 133: Display Counters

    View Any view Parameter rate: Displays the rate information of the ports in the Up state during the latest sampling period. If this keyword is not specified in the command, the system displays packet counts. inbound: Displays the import statistic information.

  • Page 134: Display Interface

    MultiCast items, decimal numbers of 14 digits can be displayed at most, and those of more than 14 digits are indicated with "OverFlow"; for the Err item, decimal numbers of 7 digits can be displayed at most, and those of more than 7 digits are indicated with "OverFlow".
  • Page 135 0 aborts, 0 deferred, - collisions, 0 late collisions - lost carrier, - no carrier Receive Packet Peak Value Info: 7215 bytes, happened at 03:30:35 3-7-2001 Transmit Packet Peak Value Info: 64 bytes, happened at 03:30:35 3-7-2001 Table 19 Description on the fields of the display interface command...

  • Page 136: Display Jumboframe Configuration

    None Description Use the display jumboframe configuration command to view the Jumbo frame configuration on all cards. The supported Jumbo frame length ranges, as well as the default values, may vary from card to card. Example # Display the current Jumboframe configuration in the system.

  • Page 137: Duplex

    Ethernet 3/1/1 and Ethernet 3/1/2. The tagged VLANs that pass Ethernet3/1/1 are 3, 5, 7, 9, and 11, and the untagged VLANs that pass it are 1, 2, 4, and 6. No tagged VLAN passes Ethernet3/1/2, and untagged VLAN 1 passes Ethernet 3/1/2.

  • Page 138: Flow-Interval

    OMMANDS Description Use the duplex command to configure the duplex attribute of the Ethernet port. Use the undo duplex command to restore the duplex attribute of the port to default auto-negotiation mode. By default, the duplex attribute is auto. Related command: speed.

  • Page 139: Link-Status Hold

    Ethernet Port Configuration Commands Parameter interval: Interval of performing statistics on ports in seconds. It is 300 seconds by default. Description Use the flow interval command to set the interval of performing statistics on ports. The switch performs the statistics about the average speed during the interval.

  • Page 140: Interface

    Module slot number of the port. For Switch 8807, it ranges from 2 to 6. For Switch 8810, it ranges from 0 to 3 and 6 to 9 (slot number 4 and 5 are Fabric). For Switch 8814, it ranges from 0 to 5 and 8 to 13 (slot number 6 and 7 are Fabric).

  • Page 141: Loopback

    1553-9022 section is 9022, that for the 9023-9192 section is 9192, and that for the 9193-10240 section is 10240. Example # Permit jumbo frames to pass the card on slot 6 and set the maximum size of Jumbo frames to 9022 . <SW8800>system-view...

  • Page 142: Multicast-Suppression

    Specifies the maximum wire speed ratio of the multicast traffic allowed on the Ethernet port. The value range is 1 to 100, and the default value is 50. The smaller the ratio is, the smaller the multicast traffic is allowed.

  • Page 143: Port Access Vlan

    View Ethernet port view Parameter vlan-id: VLAN ID defined in IEEE802.1Q, ranging from 2 to 4094. Description Use the port access vlan command to add the access port into a specified VLAN.

  • Page 144: Port Hybrid Pvid Vlan

    Use the undo port hybrid pvid command to restore the default VLAN ID of the local hybrid port. The default VLAN ID of local hybrid port shall be consistent with that of the peer one, otherwise, the packet cannot be properly transmitted.

  • Page 145: Port Link-Type

    = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>: Specifies which VLAN the hybrid port will be added to. It can be discrete. The vlan-id ranges from 1 to 4,094. &<1-10> indicates that the former parameter can be input 10 times repeatedly at most.

  • Page 146: Port-Mode

    You must turn it first into access port and then set it as other type. For example, you cannot configure a trunk port directly as hybrid port, but first set it as access port and then as hybrid port.

  • Page 147: Port Trunk Pvid Vlan

    = [ vlan-id1 [ to vlan-id2 ] ]&<1-10> is the VLAN range joined by the trunk port. It can be discrete. The vlan-id ranges from 2 to 4,094. &<1-10> indicates that the former parameter can be input 10 times repeatedly at most.

  • Page 148: Reset Counters Interface

    Use the undo port trunk pvid command to restore the default VLAN ID of the port. The default VLAN ID of local trunk port should be consistent with that of the peer one, otherwise, the packet cannot be properly transmitted.

  • Page 149: Speed

    10 Mbps, 100 Mbps, and 1000 Mbps. You can select proper port speed as you require. But when the duplex mode is changed into half duplex mode, the port speed can be set to 1000 Mbps or auto.

  • Page 150: Vlan-Vpn Enable

    Use the vlan-vpn enable command to enable port VLAN VPN. Use the undo vlan-vpn command to disable port VLAN VPN. Note that if anyone of GComware, STP, NTP or 802.1x has been enabled on a port, VLAN VPN cannot be enabled on it.

  • Page 151: Debugging Lacp Packet

    Description Use the debugging lacp packet command to enable LACP packet debugging for the port. If you do not specify a port, the command enables packet debugging on all LACP-enabled ports. Use the undo debugging lacp packet command to disable LACP packet debugging for the port.

  • Page 152: Debugging Link-Aggregation Error

    THERNET GGREGATION ONFIGURATION OMMANDS undo debugging lacp state [ interface interface-type interface-number [ to interface-type interface-number ] ] { { actor-churn | mux | partner-churn | ptx | rx }* | all } View User view Parameter interface interface-type interface-number [ to interface-type interface-number ]: Specifies a port or ports.

  • Page 153: Debugging Link-Aggregation Event

    View Any view Parameter None Description Use the display lacp system-id command to display the device ID of local system, including system priority and system MAC address. Related command: link-aggregation. Example # Display the device ID of the local system.

  • Page 154: Display Link-Aggregation Summary

    ONFIGURATION OMMANDS Table 20 Description on the fields of the display lacp system-id command Field Description Actor System ID The device ID of the local system, including system priority and system MAC address. display link-aggregation Syntax summary display link-aggregation summary...
  • Page 155 Note that since the manual aggregation group cannot get the information of the peer end, every item of the peer end is displayed as 0, which does not indicate the actual status of the peer system. Example # Display the detailed information of aggregation group 5.

  • Page 156: Display Link-Aggregation Interface

    Note that since the manual aggregation group cannot get the information of the peer end, every item of the peer end is displayed as 0, which does not indicate the actual status of the peer system.

  • Page 157: Lacp Enable

    System View: return to User View with Ctrl+Z. [SW8800] interface Ethernet1/1/1 [3Com-Ethernet1/1/1] lacp enable lacp port-priority Syntax lacp port-priority port-priority-value undo lacp port-priority View Ethernet port view Parameter port-priority-value: Port priority, in the range of 0 to 65,535. By default, it is 32,768.

  • Page 158: Lacp System-Priority

    View System view Parameter system-priority-value: System priority, in the range of 0 to 65,535. By default, it is 32,768. Description Use the lacp system-priority command to configure system priority. Use the undo lacp system-priority command to restore the default system priority.

  • Page 159: Link-Aggregation Group Agg-Id Description

    System view Parameter agg-id: Aggregation group ID, in the range of 1 to 920. IDs 1 though 31 indicate manual or static aggregation groups; IDs 32 through 64 are reserved; IDs 65 though 192 indicate Routed Trunks; IDs 193 through 920 indicate dynamic aggregation groups.

  • Page 160: Link-Aggregation Group Agg-Id Mode

    System view Parameter agg-id: Aggregation group ID, in the range of 1 to 920. IDs 1 though 31 indicate manual or static aggregation groups; IDs 32 through 64 are reserved; IDs 65 though 192 indicate Routed Trunks; IDs 193 through 920 indicate dynamic aggregation groups.

  • Page 161: Reset Lacp Statistics

    Ethernet port view Parameter agg-id: Aggregation group ID, in the range of 1 to 920. IDs 1 though 31 indicate manual or static aggregation groups; IDs 32 through 64 are reserved; IDs 65 though 192 indicate Routed Trunks; IDs 193 through 920 indicate dynamic aggregation groups.
  • Page 162 11: E HAPTER THERNET GGREGATION ONFIGURATION OMMANDS...

  • Page 163: Display Mac-Address

    The above information indicates that the aging time of the dynamic entry in the MAC address is 300s. display mac-address Syntax display mac-address [ mac-addr [ vlan vlan-id ] | [ static | dynamic ] [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] ] View Any view Parameter mac-addr: Specifies the MAC address.

  • Page 164: Mac-Address

    Specifies the interface type. interface-number: Specifies the interface number. count: the display information will only contain the sum number of MAC addresses in the MAC address table if user choice this parameter when using this command. Description Use the display mac-address command to view MAC address table information.

  • Page 165: Mac-Address Max-Mac-Count

    MAC addresses learned by an Ethernet port. By default, a port can learn as many MAC addresses as on an I/O Module. You can change the default value by using this command: if you set the value to count,...

  • Page 166: Mac-Address Max-Mac-Count Enable

    ANAGEMENT OMMANDS this port will no longer learn any more MAC addresses; and you can use the undo mac-address max-mac-count command to remove the limit on the number. The maximum number of MAC addresses on an I/O Module ranges from 12 K ■...
  • Page 167 MAC addresses learned by a port reach the maximum number of MAC addresses that the port can learned, the port will send an alarm to network administrator to prompt that the port will no longer learn any MAC addresses.

  • Page 168: Mac-Address Max-Mac-Count Max-Mac-Num

    Use the undo mac-address max-mac-count command to cancel the configuration. If you have set the maximum number, MAC addresses will not be learned in the VLAN when the maximum number is reached. By default, the number of learned MAC addresses is not limited in a VLAN.

  • Page 169: Reset Mac-Address

    VLAN. This will affect the switch operation performance. If aging time is too long, the switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.
  • Page 170 DDRESS ABLE ANAGEMENT OMMANDS Vlan vlan-id: Clears all of the MAC address entries in the specified VLAN. For the range of the vlan-id argument, see the introduction to the interface command in the port module of the command manual. Description Use the reset mac-address command to clear corresponding MAC address entries.

  • Page 171: Active Region-Configuration

    This command is used for manually activate the configurations of MST region. Configuring the related parameters, especially the VLAN mapping table, of the MST region, will lead to the recalculation of spanning tree and network topology flapping. To bate such flapping, MSTP applies the configured parameters and launches recalculation of the spanning tree only when you activate the configured MST region parameters or enable MSTP.

  • Page 172: Debugging Stp

    ] | instance instance-id | lacp-key | packet | state-machine [ { pim | prs | prt | pst | tcm } [ instance instance-id ] | [ ppm | ptx | tcpm] ] | interface interface-type interface-number { lacp-key | packet | event } }...
  • Page 173 MSTP Configuration Commands ] | [ ppm | ptx | tcpm] ] | interface interface-type interface-number { lacp-key | packet | event } } View User view Parameter None Description Use the debugging stp { global-error | global-event } command to enable STP global error or event debugging.

  • Page 174: Display Stp

    | packet | event } command to disable specified port debugging of MSTP. Example # Enable STP global event debugging. <SW8800> debugging stp global-event display stp Syntax display stp [ instance instance-id ] [ interface interface-list | slot slot-num ] [ brief ]...
  • Page 175 MSTIs on the port in port number order. If both instance ID and port list are specified, the command will display the spanning tree information of the specified instance and port according to the port list of the instance ID.

  • Page 176: Display Stp Region-Configuration

    3 Global MSTIs parameter: MSTI instance ID, bridge priority of the instance, region root, internal path cost, MSTI root port, MASTER bridge, path cost to region root and number of the received TC packets. If you specify the relationship between master roots and slave roots in an instance, the global MSTI parameters can also be displayed in MSTI Root Type.

  • Page 177: Display Stp Tc

    Instance Vlans Mapped VLAN mapping table of MST region display stp tc Syntax display stp [ instance instanceid ] tc { all | detected | received | sent } View Any view Parameter instance instanceid: Instance to be displayed. By default, TC (Topology Change) statistics of all the instances will be displayed.

  • Page 178: Instance

    Specifies the spanning tree instance ID, ranging from 0 to 48. The value 0 indicates a CIST. vlan vlan-list: Specifies the VLAN list, ranging from 1 to 4094. vlan-list = { vlan-id [ to vlan-id ] }&<1-10>. Where, &<1-10> represents that you can input vlan-ids up...

  • Page 179: Region-Name

    Use the region-name command to configure the MST region name of a switch. Use the undo region-name command to restore the default MST region name. By default, the MST region name of the switch is the switch MAC address in hexadecimal notation.

  • Page 180: Revision-Level

    BPDU are counted on CIST. If you specify a port list, the command clears the spanning tree statistics information of the specified port. If you do not specify any port, the command clears the spanning tree statistics information of all ports.
  • Page 181 Description Use the stp command to enable or disable MSTP on a device or a port. Use the undo stp command to restore the default MSTP state on a device or a port. By default, MSTP is disabled on the switch.

  • Page 182: Stp Bpdu-Protection

    Generally, the access ports of the access layer devices are directly connected to user terminals (such as PC) or file servers. In this case, the access ports are set to edge ports to implement fast state transition. However, when such access ports receive configuration BPDU, the system will automatically set them to non-edge ports and recalculate the spanning tree, which makes the network topology flap.

  • Page 183: Stp Compliance

    Indicates that the port sends and receives standard MSTP packets. auto: Indicates the port has the auto-sensing function. The port can automatically adjust the format of the packet to be sent based on the format of the received packet.

  • Page 184: Stp Cost

    You may specify the instance-id parameter as 0 to configure CIST path cost of the port. The path cost has effect on the port role selection. A port can be configured with different path costs on different MSTIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing.

  • Page 185: Stp Edged-Port

    Accordingly, you can configure a port as an edge port, so that it can transit to forwarding state fast. For this purpose, configure the Ethernet port directly connected to the user terminal as an edge port.
  • Page 186 Use the stp root primary command to configure the current switch as the primary root of the specified MSTI. Use the undo stp root command to cancel the current switch for the primary root of the designated MSTI. If you execute these commands without using the instance instance-id option, your configuration takes effect only on the CIST instance.

  • Page 187: Stp Interface

    Use the stp interface command to enable/disable MSTP on a switch port in system view. By default, if MSTP is enabled globally, it is enabled on every port. If MSTP is disabled globally, it is also disabled on every port.

  • Page 188: Stp Interface Edged-Port

    Related command: stp cost. Example # Set the path cost of Ethernet 2/1/3 on MSTI 2 to 400 in system view. <SW8800>system-view System View: return to User View with Ctrl+Z. [SW8800] stp interface Ethernet 2/1/3 instance 2 cost 400...
  • Page 189 Accordingly, you can configure a port as an edge port, so that it can transit to forwarding state fast. For this purpose, configure the Ethernet port directly connected to the user terminal as an edge port.

  • Page 190: Stp Interface Instance Port Priority

    Instance 0 represents CIST. port priority priority: Specifies the port priority, ranging from 0 to 240 with a step length of 16, e.g., 0, 16 and 32. By default, the port has a priority of 128 on every MSTI. Description Use the stp interface instance port priority command to configure the priority of the specified port on the specified MSTI in system view.

  • Page 191: Stp Interface Loop-Protection

    Due to link congestion or unidirectional link failure, these ports may be unable to receive BPDUs and the switch will select root port again. In this case, the former root port will turn into the specified port and the former blocked ports will change to the forwarding state, and link loop appears.

  • Page 192: Stp Interface No-Agreement-Check

    Use the stp interface mcheck command to perform mCheck operation on the port in system view. If a port of an MSTP switch on a switching network has ever been connected to an STP switch, the port will automatically transit to operate in STP-compatible mode.

  • Page 193: Stp Interface Point-To-Point

    Use the undo stp interface point-to-point command to restore the default state of the link to the Ethernet port. By default, the parameter defaults to auto, that is, MSTP checks if the link to the Ethernet port is a point-to-point link.

  • Page 194: Stp Interface Root-Protection

    ONFIGURATION OMMANDS This configuration takes effect on the CIST and all the MSTIs. The settings of a port whether to connect the point-to-point link will be applied to all the MSTIs where the port belongs. Note that a temporary loop may be redistributed if you configure a port not physically connected with the point-to-point link as connected to such a link by force.

  • Page 195: Stp Interface Transmit-Limit

    Use the undo stp interface transmit-limit command to restore the default limit on the specified port in system view. The larger the value is, the more packets can be transmitted in a time unit, yet the more switch resources will be occupied. With a moderate value, the amount of the BPDUs transmitted during Hello Time via every port can be limited and MSTP will not occupy too many bandwidth resources when the network topology flaps.

  • Page 196: Stp Loop-Protection

    In this way, if the peer end cannot send BPDU packets due to error operation, and the port enters forwarding state directly for not receiving configuration message for a long time, no loop will be generated by enabling the loop protection.

  • Page 197: Stp Mcheck

    0 hops left, thereby limiting the network scale inside the region. If the current switch is a CIST root bridge or MSTI root bridge in an MST region, the Max Hops configured on it will be the network diameter of the spanning tree to limit its scale in the local MST region.

  • Page 198: Stp Mode

    STP-compatible mode, the switch sends STP BPDU packets via every port. In MSTP mode, the switch ports send MSTP BPDU packets. When detecting it is connected to an STP switch (it receives config BPDU packets from the STP switch), the switch port enters automatically STP-compatible mode and sends config BPDU packets from the STP switch.

  • Page 199: Stp Non-Flooding

    Use the undo stp interface no-agreement-check command to disable port fast transition. By default, port fast transition is disabled. Related command: stp interface no-agreement-check. You can configure fast transition only on a root port or an alternate port. Example # Enable fast transition on GigabitEthernet1/1/1. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 200: Stp Pathcost-Standard

    Use the stp pathcost-standard command to set the path cost calculation standard on STP port. The port rate must be obtained first before you can calculate the path cost of a port as the path cost is associated with the port rate. The three standards use their own way to work out the port rate, based on which each standard calculates the port path cost by a certain algorithm.

  • Page 201: Stp Port Priority

    48. The Instance 0 represents CIST. port priority priority: Specifies the port priority, ranging from 0 to 240, with a step length of 16, e.g., 0, 16, and 32. By default, the priorities of a port on the MSTIs are 128.

  • Page 202: Stp Region-Configuration

    By default, the three MST region parameters take the default values. The MST region name of the switch is the first MAC address, all the VLANs are mapped to CIST, and MSTP revision level takes 0. You can enter MST region view, using the stp region-configuration command.

  • Page 203: Stp Reset-Arp

    If you enable the function of clearing dynamic ARP entries in system view, the ARP entries of all the ports will be deleted. If you enable the function of clearing dynamic ARP entries in port view, only the ARP entries of the specified port will be deleted.
  • Page 204 Forward Delay and Max Age, of the switch can be determined. To configure the current switch as the root bridge of CIST, simply specify instance-id as 0. You can configure only one root bridge for an MSTI and one or more secondary root bridges for it.

  • Page 205: Stp Root-Protection

    Whenever such a port receives a higher-priority BPDU, it will be set to listening state and not forward packets any more (as if the link to the port is disconnected). If the port has not received any higher-priority BPDU for a certain period of time thereafter, it will resume the normal state.

  • Page 206: Stp Timer Forward-Delay

    (generally, 15 seconds) after receiving TC-BPDU packets, as well as monitoring whether it receives TC-BPDU packets during this period. Even if it detects a TC-BPDU packet is received in a period shorter than the specified interval, the switch shall not run the delete operation till the specified interval is reached.

  • Page 207: Stp Timer Hello

    System view Parameter centi-senconds: Specifies Hello Time value with an integer in the range of 100 to 1000 in units of centiseconds. By default, the Hello Time of the switch is 200 centiseconds. Description Use the stp timer hello command to configure Hello Time of the switch.

  • Page 208: Stp Timer Max-Age

    Max Age. If the BPDU expires, the MSTI has to be calculated again. Max Age takes no effect on MSTIs. If the current switch is CIST root bridge, it will check if the configuration BPDU expires according to the configured Max Age.

  • Page 209: Stp Timer-Factor

    In this case, users can redefine the timeout interval to a longer time (four times the hello time or larger) by define the multiple of hello time. It is recommended to set 5, 6 or 7 as the value of multiple in the steady network.

  • Page 210: Stp Transmit-Limit

    Use the undo stp transmit-limit command to restore the default limit. The larger the value is, the more packets can be transmitted in a time unit, yet the more switch resources will be occupied. With a moderate value, the amount of the BPDUs transmitted during Hello Time via every port can be limited and MSTP will not occupy too many bandwidth resources when the network topology flaps.
  • Page 211 Use the undo By default, all the VLANs are mapped to CIST, namely Instance 0. vlan-mappin Related command: region-name, revision-level, check region-configuration, active region-configuration Example # Map VLAN to MSTI based on modulo 16.
  • Page 212 13: MSTP C HAPTER ONFIGURATION OMMANDS...

  • Page 213: Stp Config-Digest-Snooping

    As switches of some manufacturers come with some proprietary protocols concerning spanning trees employed, a switch of this type cannot communicate with other switches in an MSTP domain even if it is configured with the same domain settings as other switches in the MSTP domain.
  • Page 214 VLANs and VPN instances of each switch. If you want to change the configuration of a domain with one or multiple of its ■ switches being digest snooping-enabled, be sure to disable digest snooping on...

  • Page 215: Vlan-Vpn Tunnel

    Parameter None Description Use the command vlan-vpn enable to enable VLAN VPN (QinQ) on the port. Use the undo vlan-vpn command to disable VLAN VPN (QinQ) on the port. By default, VLAN VPN is disabled on all the ports. Example # Enable VLAN VPN on the switch.
  • Page 216 By default, BPDU Tunnel is disabled. CAUTION: To enable BPDU Tunnel on a switch, you must first enable STP on it. Otherwise, ■ the client network BPDU will not be processed by the CPU when entering the switch, nor MAC address replacement or transparent transmission will be implemented.

  • Page 217: Acl C Ommands

    4000 to 4999: Represents Layer 2 ACL. name acl-name: Character string, which must be started with an English letter (i.e., a-z or A-Z), and there should not be a space in it; case insensitive, key words all and any are not allowed to use.

  • Page 218: Display Acl Config

    (matching the rules with smaller range first). By default, the former mode is selected. You cannot modify the matching order once you specify it. To do so, you have to delete all rules of the ACL and specify a matching order for it again.

  • Page 219: Display Acl Remaining Entry

    The number of the reserved ACL rules Configured Number The number of the ACL rules that have been configured Remaining Number The number of the remaining ACL rules Start Port Name, End Port Name The names of the start port and the end port...

  • Page 220: Display Acl Running-Packet-Filter

    The port of the switch. Refer to the description in the Port Module Command Manual for details. The ACL application information on the specified port of a normal card displays when the parameter is specified. vlan: Displays the ACL application information under the VLAN configured through the service process card.

  • Page 221: Display Time-Range

    Then there may the case where a time range have been shown active using the display time-range command, while it is still inactive in importing the ACL. You just take it as a normal case.

  • Page 222: Flow-Template User-Defined

    Time-range : tm1 Time range tml. "Inactive" means that the time range is inactive ( Inactive ) currently (active means the time range is active), and the time range is from 08:30 2-5-2005 to 18:00 2-19-2005 from 08:30 2-5-2005 to 18:00 2-19-2005 The displayed information below is similar.
  • Page 223 802.1p priority in the most external 802.1QTag carried by the packet, in ■ the length of 2 bytes together with s-tag-vlan in the flow template. dip wildcard: Destination IP domain in the IP packet header, in the length of 4 ■ bytes.
  • Page 224 ■ in the length of 2 bytes together with cos in the flow template. sip wildcard : Source IP domain in the IP packet header, in the length of 4 bytes. ■ smac wildcard: Source MAC domain in the Ethernet packet header, in the ■...

  • Page 225: Packet-Filter

    { acl-number | acl-name } { rule rule link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] | link-group { acl-number | acl-name } rule rule } undo packet-filter inbound ip-group { acl-number | acl-name } { rule rule...

  • Page 226: Reset Acl Counter

    Serial number of the ACL, in the range of 2000 to 3999. acl-name: ACL name, string parameter ranging from 1 to 32 bytes. It must start with an English letter ([a-z, A-Z]). No space is allowed in it. It is case insensitive. The keywords all is forbidden.

  • Page 227: Rule

    Define or delete the subrules of an advanced ACL rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | any } ] [ destination { dest-addr wildcard | any } ] [ source-port operator port1 [ port2 ] ]...
  • Page 228 (equal to), gt (greater than), lt (less than), neq (not equal to) and range (in the range of). Note that it appears only when the protocol parameter is set as TCP or UDP. port1 [ port2 ] stands for source TCP or UDP port ID of the packet, in characters or digits.
  • Page 229 It is only effective to fragmented messages and is ignored by non-fragmented messages. bt-flag: It indicates that the rule is effective to BT data messages only. If you use this key word, the protocol in the rule must be tcp. The parameter is applicable to defining the advanced ACLs.
  • Page 230 This parameter is used to specify the protocol type carried by the Ethernet frame. The protocol type can be expressed by either a name or a hexadecimal number. When the protocol type is expressed by a name, the value can be arp, ip, ipv6, mpls, nbx, pppoe-control, pppoedata and rarp.

  • Page 231: Time-Range

    Use the rule command to add a rule to the ACL. Use the undo rule command to delete a rule from the ACL. You can define multiple rules for an ACL. Only the specified rules will be deleted if you select parameters in the undo rule command.
  • Page 232 If a time range only defines the period time range, the time range is only active within the period time range. If a time range only defines the period time range and multiple ranges of this time...
  • Page 233 ACL Commands If a time range only defines the absolute time range, the time range is only active within the absolute time range. If a time range only defines the absolute time range and multiple ranges of this time range are available (repeating this time range name can configure multiple absolute time ranges of the same name), the time range is active only within these absolute time ranges.
  • Page 234 16: ACL C HAPTER OMMANDS...

  • Page 235: Display Port-Group

    After QACL is configured in port view, the QACL configuration of all the member ports in the port group keeps the same all the time. After a port is added to the port group, the port configuration is overwritten by that of the port group. You cannot apply the ACL rule as per port.

  • Page 236: Display Mirroring-Group

    ] | exp-policed-service-map | local-precedence-cos-map } View Any view Parameter conform-level-value: Conform level, in the range of 0 to 2. If you type value(s) for this parameter, then only the specified conform-level DSCP items will be displayed. Otherwise, the system displays the whole mapping connection.
  • Page 237 DSCP value "46", or DSCP values "0 8 10 16" (a space is required between two values). If you type value(s) for this parameter, then only the specified DSCP items will be displayed. Otherwise, the system displays the whole mapping connection.

  • Page 238: Display Qos Cos-Drop-Precedence-Map

    View Any view Parameter None Description Use the display qos cos-local-precedence-map command to view the "CoS -> Local -precedence" mapping table. Example # Display the "CoS -> Local -precedence" mapping table. <SW8800> display qos cos-local-precedence-map cos-local-precedence-map: cos :...

  • Page 239: Display Qos-Interface All

    Command Manual - Port. Description Use the display qos-interface all command to view the QoS configuration of all ports, including drop mode, queue scheduling, traffic shaping etc. If you specify port IDs, only their QoS configuration will be displayed, including drop mode, queue scheduling, traffic shaping etc.

  • Page 240: Display Qos-Interface Mirrored-To

    Command Manual - Port. Description Use the display qos-interface drop-mode command to view drop mode configuration of outbound queues at a port. If no port is specified, drop mode configuration of all ports will be displayed. Related command: drop-mode.

  • Page 241: Display Qos-Interface Traffic-Limit

    QoS Commands Description Use the display qos-interface queue-scheduler command to view queue scheduling mode and parameters of a port. If no port is specified, queue scheduling mode and the parameters of all ports will be displayed. Related command: queue-scheduler. Example # Display queue scheduling mode and parameters.

  • Page 242: Display Qos-Interface Traffic-Priority

    Command Manual - Port. Description Use the display qos-interface traffic-priority command to view traffic priority configuration of a port, including the target ACL, priority type, priority values etc. Related command: traffic-priority. Example # Display traffic priority marking configuration.

  • Page 243: Display Qos-Interface Traffic-Shape

    Description Use the display qos-interface traffic-shape command to view traffic shaping configuration of a port, including the maximum rate, MBS (in units of kbyte), the maximum queue length. If no port is specified, traffic shaping configuration of all ports will be displayed.

  • Page 244: Display Qos-Vlan All

    OMMANDS rate: Port rate. This parameter is available only when you select interface-type interface-number. timeinterval: Interval for making statistics of rates, ranging from 1 to 5 seconds. The default value is one second. Description Use the display qos-interface traffic-statistic command to view traffic statistics of a port, including the target ACL, number of calculated packets etc.
  • Page 245 Vlan 2 traffic-statistic Inbound: There is no configuration. Outbound: There is no configuration. ---- More ---- display qos-vlan Syntax traffic-limit display qos-vlan [ vlan-id ] traffic-limit View Any view Parameter vlan-id: ID of a VLAN, in the range of 1 to 4094.

  • Page 246: Display Qos-Vlan Traffic-Limit

    [ vlan-id ] traffic-priority View Any view Parameter vlan-id: ID of a VLAN, in the range of 1 to 4094. Description Use the display qos-vlan traffic-priority command to display the priority marking configuration in VLAN, including the ACL associated with the traffic priority marking, the type and value of the priority marking.

  • Page 247: Display Qos-Vlan Traffic-Redirect

    Description Use the display qos-vlan traffic-statistic command to display the traffic statistics information in VLAN. The displayed information includes the ACL corresponding to the traffic flow to be output, action type, and statistics result. Related command: traffic-statistic. Example # Display the traffic statistics information of VLAN 2.

  • Page 248: Display Traffic-Params

    Tail drop mode. wred: WRED drop mode. wred-index: WRED index, in the range of 0 to 3. By default, it is 0. If you type nothing for this parameter, the system will use the parameters specified when WRED index is 0.

  • Page 249: Dscp

    "0 8 10 16" (space is required between two values). dscp-value: Modified DSCP value, in the range of 0 to 63. exp-value: Modified EXP value, in the range of 0 to 7. EXP is MPLS priority of MPLS packets.
  • Page 250 After entering conform level view, you can configure the "DSCP + Conform-level -> Service-parameter" mapping table of the corresponding level. For example, you can enter conform level 0 view and configure the "DSCP + Conform-level 0 -> Service-parameter" mapping table.

  • Page 251: Local-Precedence

    Original EXP value, which can be a single value or several values, in the range of 0 to 7. For example, you can type single EXP value "2", or EXP values "2 3 4" (space is required between values). EXP is MPLS priority of MPLS packets.
  • Page 252 Use the undo local-precedence command to restore default configuration of the "Local-precedence + Conform-level -> 802.1p priority" mapping table. After entering conform level view, you can configure the " Local-precedence + Conform-level -> 802.1p priority " mapping table of the corresponding level. For example, you can enter conform level 0 view and configure the "...

  • Page 253: Mirrored-To

    English letter (a-z or A-Z), and without any space in it. rule rule: Specifies the rule of an active ACL, ranging from 0 to 127; if not specified, all rules of ACL will be activated.

  • Page 254: Mirroring-Group

    OMMANDS Interface: Mirrors traffic to the designated destination port. Description Use the mirrored-to command to activate an ACL and mirror data streams to the CPU or the designated destination port. Use the undo mirrored-to command to remove traffic mirroring setting.
  • Page 255 You can only configure eight monitored ports for all the mirroring groups in ■ transmit group. One port can act as mirroring port and mirrored port at the same time for ■ different mirroring group. More issues for the GV48 or GP48 card: For the mirroring (including inbound port mirroring and outbound port ■...

  • Page 256: Port

    Use the undo port command to add remove a port from a port group. For common interface cards except for the XP4 card, confider the following issues: Do not add the ports of different cards to the same port group. Do not add the ■...

  • Page 257: Port-Group

    View Ethernet port view, port group view Parameter priority-level: Port priority value, in the range of 0 to 7. By default, it is 0. Trust: Trusts the local priority in the input packet all the time. Description Use the priority command to set the default local precedence value for a port.

  • Page 258: Qos Conform-Level

    HAPTER OMMANDS After receiving a packet, the switch allocates a set of service parameters to it according to a specific rule. The procedure to obtain local precedence: First obtain it according to the "CoS ->Local-precedence" mapping table. If failed, the system uses the default local precedence of the port as that for the packet.
  • Page 259 CoS Value Drop-precedence After receiving a packet, the switch allocates a set of service parameters to it according to a specific rule. The service parameters, including CoS value, local precedence and drop level, are determined according to the packet 802.1p priority value.

  • Page 260: Qos Cos-Local-Precedence-Map

    17: Q HAPTER OMMANDS mapping table and the "CoS -> Drop-precedence" mapping table. You can modify the CoS -> Drop-precedence mapping table using this command. Example # Configure the "CoS -> Drop-precedence" mapping table. <SW8800> system-view System View: return to User View with Ctrl+Z.
  • Page 261 CoS Value Local Precedence After receiving a packet, the switch allocates a set of service parameters to it according to a specific rule. The service parameters, including CoS value, local precedence and drop level, are determined according to the packet 802.1p priority value.

  • Page 262: Queue

    Outbound queue ID, in the range of 0 to 7 green-min-threshhold: Minimum queue length to trigger random green packet dropping, in the range of 0 to 65535. It must be a multiple of 256 bytes. green-max-threshhold: Queue length to trigger complete green packet dropping, in the range of 0 to 65535.

  • Page 263: Queue-Scheduler

    Use the undo queue command to restore the default parameters for the WRED index. The switch provides four sets of default WRED parameters, respectively numbered as 0, 1, 2 and 3. Each set includes 80 parameters, 10 parameters for each of the eight queues. The ten parameters are green-min-threshhold, yellow-min-threshhold, red-min-threshhold, green-max-threshhold, yellow-max-threshhold, red-max-threshhold, green-max-prob, yellow-max-prob, red-max-prob and exponent.

  • Page 264: Reset Traffic-Statistic

    20:20:30 Example # Set queues 0 to 5 in WRR algorithm, queues 0, 1 and 2 belong to group 1, with weight respectively as 20, 20 and 30; queues 3, 4 and 5 belong to group 2, with weight respectively as 20, 20 and 40. Set queues 6 and 7 in SP algorithm, the default one.

  • Page 265: Traffic-Limit

    | acl-name } [ rule rule [ system-index index ] ] | link-group { acl-number | acl-name } rule rule } [ tc-index index ] cir cbs ebs [ pir ] [ conform { { remark-cos | remark-drop-priority }* | remark-policed-service } ] [ exceed {...
  • Page 266 For example, configure cir of the traffic that matches rule 1 to 10 kbps, and that of the rule 2 to 10 kbps too; and both of the rules have the same index value of traffic conditioner, then the sum of the average rates of rule 1 and rule 2 is restricted to 10 kbps.
  • Page 267 This command is only applicable to the packets which match the permitted rules in the ACL. It is required that CIR is less than or equal to PIR and CBS is less than or equal to EBS. You are recommended to configure CBS and EBS to numbers that are 100 to 150 times of CIR.

  • Page 268: Traffic-Priority

    Example # Set traffic limitation for the packets match the permitted rules in the ACL 4000: CIR is 200 kbps, CBS is 2000 bytes, EBS is 2500 bytes, drop the excessive packets. <SW8800> system-view System View: return to User View with Ctrl+Z.
  • Page 269 EXP values. For IP packets, dscp-value is the specified DSCP priority value (six bits in the packet header) and in the range of 0 to 63; for MPLS packets, other than that the dscp-value stands for their DSCP priority value, the three high-order bits of the value represent the EXP flag field.

  • Page 270: Traffic-Redirect

    { l2-vpn | l3-vpn } | next-hop ip-addr1 [ ip-addr2 ] [ invalid { forward | drop } ] | slot slotid { vlanid | designated-vlan vlanid } [ join-vlan ] } undo traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ]...
  • Page 271 { acl-number | acl-name } [ rule rule ] { cpu | interface interface-type interface-number destination-vlan { l2-vpn | l3-vpn } | next-hop ip-addr1 [ ip-addr2 ] [ invalid { forward | drop } ] | slot slotid designated-vlan vlanid [ join-vlan ] }...
  • Page 272 [ ip-addr2 ]: Redirects packets to the specified IP address. You can define two IP addresses at a stoke, but the first one is with higher priority. That is, the system redirects packets to the second IP address only if the first one is unreachable.

  • Page 273: Traffic-Shape

    # Configure traffic redirection on a service processor card for packets that match the permit rules in ACL 3000. 1 Redirect the packets of VLAN4 that match the permit rules in ACL 3000 to a service processor card in Ethernet port view.

  • Page 274: Traffic-Statistic

    English letter (a-z or A-Z), and without any space in it. rule rule: Specifies the rules of an active ACL, ranging from 0 to 127; if not specified, all rules of ACL will be activated.

  • Page 275: Share Descriptors

    Related command: display qos-interface traffic-statistic. Example # Run traffic statistics for the packets which match the permitted rules in the ACL 2000. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 276: Wred

    Use the undo wred command to restore the default WRED parameters. The switch provides four sets of default WRED parameters, respectively numbered as 0, 1, 2 and 3. The ten parameters for a port are green-min-threshhold, yellow-min-threshhold, red-min-threshhold, green-max-threshhold, yellow-max-threshhold, red-max-threshhold, green-max-prob, yellow-max-prob, red-max-prob and exponent.
  • Page 277 Telnet or SSH. Description Use the acl command to apply an ACL to implement the ACL control to the users accessing through Telnet or SSH. Use the undo acl command to remove the ACL control configured for users accessing through Telnet or SSH.

  • Page 278: Snmp-Agent Community

    OGIN SERS you use the rules of a basic or advanced ACL, only the source IP address and its mask, the destination IP address and its mask, and the time-range parameter in them are valid. Similarly, when you use Layer 2 ACLs to implement the ACL control to the users accessing through Telnet or SSH, incoming/outgoing requests are restricted based on the source MAC addresses.

  • Page 279: Snmp-Agent Group

    Description Use the snmp-agent community command to set the community access name, permit the access to the switch using SNMP, and reference the ACL to perform ACL control to the network management users by acl-number. Use the undo snmp-agent community command to remove the setting of community access name.

  • Page 280: Snmp-Agent Usm-User

    { v1 | v2c } user-name group-name snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password ] [ privacy des56 priv-password ] [ acl acl-number ] undo snmp-agent usm-user v3 user-name group-name { local | engineid...
  • Page 281 Use the undo snmp-agent usm-user command to remove the user from the related SNMP group as well as the configuration of the ACL control of the user. Example # Add a user "3com" to the SNMP group "3comgroup". Specify the security level to "to be authenticated", the authentication protocol to HMAC-MD5-96 and the...
  • Page 282 18: ACL C HAPTER ONTROL OMMANDS TO ONTROL OGIN SERS...

  • Page 283: Mirrored-To

    VLAN-ACL already applied to a customized flow template. 2 If both a VLAN and one of its ports have QACL rules applied, only those applied to the port work. In this case, the VLAN-ACL takes effect only after the QACL rules applied to the port are removed and the flow template applied to the port changes to the default flow template.

  • Page 284: Packet-Filter

    When using the mirrored-to command to deliver a rule, you can also specify a system index value for the rule, but this value may change while the system is running. In general, you are not recommended to specify this parameter manually.

  • Page 285: Traffic-Limit

    3999. acl-name: Name of the ACL, which must be a character string starting with an English letter (a-z or A-Z), and without any space in it. rule rule: Specifies the subitem of an active ACL, ranging from 0 to 127; if not specified, all subitems of ACL will be activated.
  • Page 286 2 is configured to be 10kbps. The tc-index values of the two rules are the same at the same time. Then the sum of the average rate of the flow matching rule 1 and the flow matching rule 2 will be limited to 10kbps.

  • Page 287: Traffic-Priority

    Example # Perform flow limit on packets received on the ports in VLAN 2 if they match the permit rule in ACL3000. Set the CIR to 2000 kbps, the CBS to 2000 bytes and the EBS to 2500 bytes. Drop packets when this threshold is exceeded.
  • Page 288 EXP values. For IP packets, dscp-value is the DSCP priority (six bits in length in the packet header) ranging from 0 to 63 and is set by users. For MPLS packets, the dscp-value argument indicates the DSCP priority. In addition, the least three bits of the value also act as the EXP flag field, which is set simultaneously when the user specifies the dscp-value argument.

  • Page 289: Traffic-Redirect

    Example # Choose automatically-allocated service parameters for the packets matching the rules that permit packets in the ACL 3000 in the data flow that the ports in VLAN receives. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 290: Traffic-Statistic

    IP address. invalid { forward | drop }: Sets the method of processing packets (forward or drop) when the IP address of the next hop is invlaid. The packet will be dropped by default.

  • Page 291: Port Can-Access Vlan-Acl

    3999. acl-name: Name of the ACL, which must be a character string starting with an English letter (a-z or A-Z), and without any space in it. rule rule: Specifies the subitem of an active ACL, ranging from 0 to 127; if not specified, all subitems of ACL will be activated.

  • Page 292: Display Vlan-Acl-Member-Ports

    Use the display vlan-acl-member-ports command to view in this VLAN the ports with the ACL configuration of the VLAN synchronized to. When a port is added to a VLAN, you may fail to synchronize the VLAN-ACL configuration of the VLAN because the resources are not enough or user-defined flow templates are applied to ports.
  • Page 294 19: VLAN-ACL C HAPTER ONFIGURATION OMMANDS...

  • Page 295: Anti-Attack

    :dot1 packet. ip: IP packet. Description Use the anti-attack { arp | dot1x | ip } enable command to enable packet attack prevention. Use the anti-attack { arp | dot1x | ip } disable command to disable packet attack prevention.
  • Page 296 The interface number after the key word to should be no smaller than the interface number before to. &<1-10> in the command means that the preceding parameter can be entered up to 10 times.

  • Page 297: Dot1X

    The maximal times for the Ethernet switch to retransmit authentication request frames to access user Total maximum 802.1x user resource number The maximum number of access users allowed Total current used 802.1x resource number Number of access users currently on line Ethernet3/1/1 is link-up The state of Ethernet 2/1/1 is Up.

  • Page 298: Dot1X Authentication-Method

    Related command: display dot1x. Example # Enable 802.1x on Ethernet 3/1/1. [SW8800] dot1x interface Ethernet 3/1/1 # Enable the 802.1x globally. [SW8800] dot1x dot1x Syntax authentication-method dot1x authentication-method { chap | pap | eap { md5-challenge | peap | tls }...

  • Page 299: Dot1X Dhcp-Launch

    CHAP is more secure and reliable. In the process of EAP authentication, switch directly sends authentication information of 802.1x user to RADIUS server in the form of EAP packet. It is not necessary to transfer the EAP packet to standard RADIUS packet first and then send it to RADIUS server.

  • Page 300: Dot1X Guest-Vlan

    View System view, Ethernet interface view Parameter vlan-id: ID of the VLAN specified as the Guest VLAN. It ranges from 1 to 4094. interface-list: List of Guest VLAN-enabled ports expressed in the format interface-list =interface-type interface-number [ to interface-type interface-number ] &<1-10>. interface-type means the interface type, interface-number is the interface number.

  • Page 301: Dot1X Max-User

    802.1x. Use the undo dot1x max-user command to restore the default value. This command is used for setting a limit to the amount of supplicants that 802.1x can hold on the specified interface. This command has effect on the interface specified by the parameter interface-list when executed in system view.

  • Page 302: Dot1X Port-Control

    By default, the access control mode is auto. This command is used to set the mode, or the interface state, for 802.1x to perform access control on the specified interface. This command has effect on the interface specified by the parameter interface-list when executed in system view. It...

  • Page 303: Dot1X Port-Method

    The interface number after the key word to should be no smaller than the interface number before to. &<1-10> in the command means that the preceding parameter can be entered up to 10 times.

  • Page 304: Dot1X Quiet-Period

    OMMANDS This command has effect on the interface specified by the parameter interface-list when executed in system view. It has effect on all the interfaces when no interface is specified. The parameter interface-list cannot be input when the command is executed in Ethernet interface view and it has effect only on the current interface.

  • Page 305: Dot1X Supp-Proxy-Check

    2 indicates that the switch is configured to transmit authentication request frame once again when no response is received for the first time and so on. This command has effect on all the port after configuration.

  • Page 306: Dot1X Timer

    The parameter interface-list cannot be input when the command is executed in Ethernet Port view and it has effect only on the current interface. After globally enabling proxy user detection and control in system view, only if you enable this feature on a specific port can this configuration take effects on the port.
  • Page 307 Authenticator will resend the above packet. supp-timeout-value: Specifies how long the duration of an authentication timeout timer of a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30. tx-period: Has two major effects, which are described in detail in the following section.

  • Page 308: Reset Dot1X Statistics

    When it is run, 802.1x enables many timers to control the rational and orderly interacting of the Supplicant, the Authenticator and the Authenticator Server. This command can set some of the timers (while other timers cannot be set) to adapt the interaction process. It could be necessary for some special and hard network environment.
  • Page 309 802.1x Configuration Commands be cleared. If the port type and port number are specified, the 802.1x statistics on the specified port will be cleared. Related command: display dot1x. Example # Clear the 802.1x statistics on Ethernet 3/1/2. <SW8800> reset dot1x statistics interface Ethernet 3/1/2...
  • Page 310 20: 802.1 HAPTER ONFIGURATION OMMANDS...

  • Page 311: Access-Limit

    Use the undo access-limit command to restore the limit to the default setting. By default, there is no limit to the amount of supplicants in the current ISP domain. This command limits the amount of supplicants contained in the current ISP domain.

  • Page 312: Attribute

    The argument max-user-number is in the range of 1 to 2048. vlan vlanid: Sets the VLAN attribute of user, in other words, the VLAN to which a user belong. The argument vlanid is an integer in the range of 1 to 4094.

  • Page 313: Cut Connection

    Use the undo attribute command to cancel the attributes that have been defined for this local user. As for attributes of the users that are of local LAN service type, user IP address and MAC address attribute are valid only when the ISP domain authentication scheme is a local authentication scheme, or the ISP domain authentication scheme is a RADIUS authentication scheme and the type of the RADIUS scheme is 3COM.

  • Page 314: Display Connection

    The pure username (the part before @, namely the user ID) cannot exceed 55 characters. Description Use the cut connection command to disconnect a user or a category of users by force. Related command: display connection.

  • Page 315: Display Domain

    It is a character string not exceeding 32 characters, excluding "/", ":", "*", "?", "<" and ">". The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters.

  • Page 316: Display Local-User

    [ domain isp-name | idle-cut { enable | disable } | service-type { ftp | lan-access | ppp | ssh | telnet | terminal } | state { active | block } | user-name user-name | vlan vlanid ]...
  • Page 317 Specifies Telnet users. terminal: Specifies terminal users. state { active | block }: Configures to display the local users in the specified state. active means that the system allows the user requesting network service and block means the system does not allow the user requesting network service.

  • Page 318: Domain

    Parameter isp-name: Specifies an ISP domain name. The name is expressed with a character string not exceeding 24 characters, excluding "/", ": ", "*", "? ", "<", and ">". default enable isp-name: Enables the default ISP domain specified by isp-name.

  • Page 319: Idle-Cut

    16 ISP domains. When this command is used, if the specified ISP domain does not exist, the system will create a new ISP domain. All the ISP domains are in the active state when they are created.
  • Page 320 The IP addresses in an IP address pool created in ISP domain view are mainly for PPP users of the ISP domain. This kind of IP address pools is suitable for ports with many PPP users connected to them and the available IP address these ports provide are not sufficient.

  • Page 321: Level

    { username | multicast [ domain domain-name ] ipaddress | password-display-mode { auto | cipher-force } } undo local-user { username | all [ service-type { ftp | lan-access | telnet | ppp | ssh | terminal } ] | multicast [ domain domain-name ] ipaddress |...

  • Page 322: Local-User Password-Display-Mode

    [ service-type { ftp | lan-access | telnet | ppp | ssh | terminal } ]: Deletes all local users. ftp means deleting all local FTP users, lan-access means deleting all...

  • Page 323: Name

    View VLAN view Parameter string: Name of the delivered VLAN. The name can contain up to 32 characters. Description Use the name command to configure the name of a delivered VLAN. Use the undo name command to remove the name configured for a delivered VLAN.

  • Page 324: Scheme

    Specifies to display passwords in cipher text. password: Defines a password, which is a character string of up to 16 characters if it is in simple text and of up to 24 characters if it is in cipher text. Description Use the password command to configure a password display mode for local users.

  • Page 325: Private-Group-Id Mode Standard

    # With 3com163.net as the current ISP domain, specify to adopt the RADIUS scheme named 3com. [3Com-isp-3com163.net] scheme radius-scheme 3com # Specify the ISP domain named 3com to adopt the Scheme named rd, with Local authentication as the secondary authentication Scheme. [3Com-isp-3com] scheme radius-scheme rd local # Specify the ISP domain named 3com to adopt hwtacacs-scheme hwtac Scheme, with Local authentication as the secondary authentication Scheme.

  • Page 326: Self-Service-Url

    ROTOCOL ONFIGURATION OMMANDS By default, a switch does not support a VLAN ID delivered by a RADIUS server to be of string type. Dynamic VLAN delivering enables an Ethernet switch to monitor network resources available to users by adding the ports to which the authenticated users connect to different VLANS according to the attributes delivered by RADIUS servers.

  • Page 327: Service-Type

    { ftp [ ftp-directory directory ] | lan-access | ppp [call-number call-number | callback-nocheck | callback-number callback-number ] | ssh [ level level | telnet | terminal ] | telnet [ level level | ssh | terminal ] | terminal [ level level | ssh | telnet ] }...

  • Page 328: State

    Configures the current ISP domain (ISP domain view)/current user (local user view) as being in block state, that is, the system does not allow the users in the domain (ISP domain view) or the current user (local user view) to request network service.
  • Page 329 Currently, the VLAN IDs delivered by RADIUS servers can be of integer or string type. As for a VLAN ID that is of integer type, a switch adds the port to the ■...

  • Page 330: Accounting Optional

    By default, selection of RADIUS accounting option is disabled. If no RADIUS server is available or if RADIUS accounting server fails when the accounting optional is configured, the user can still use the network resource, otherwise, the user will be disconnected.

  • Page 331: Debugging Radius

    By default, the data unit is byte and the data packet unit is one-packet. Related command, see display radius. Example # Set the unit of data flow that send to RADIUS Server 3Com is kilo-byte and the data packet unit is kilo-packet. [3Com-radius-3com] data-flow-format data kilo-byte packet kilo-packet...

  • Page 332: Display Local-Server

    None Description Use the display local-server statistics command to view the statistics of local RADIUS scheme. Use the display local-server nas-ip command to view the Nas-ip that is allowed to access the Local-server. Related command: local-server. Example # Display the statistics of local RADIUS scheme.
  • Page 333 RADIUS Protocol Configuration Commands Description Use the display radius command to view the configuration information of all RADIUS scheme or a specified one. By default, This command outputs the configuration information about the specified or all the RADIUS scheme. Related command: radius scheme.

  • Page 334: Display Radius Nas-Ip

    NAS-IP information of public network and private network. When the NAS-IP information of global private network is displayed, the name of the VPN that the NAS-IP belongs to is also displayed. Related command: radius nas-ip.
  • Page 335 Update request ,Num=0 Leaving ack ,Num=0 Cut req ,Num=0 RecError_MSG_sum:0 SndMSG_Fail_sum :0 Timer_Err Alloc_Mem_Err State Mismatch Other_Error No-response-acct-stop packet=0 Discarded No-response-acct-stop packet=0 Table 43 Description on the fields of the display radius statistics command Field Description state State statistics (total=2312) statistic(total=4120)

  • Page 336: Display Stop-Accounting-Buffer

    Configures to display the saved stopping accounting requests according to the saving time. start-time specifies the start time of the saving time range and stop-time specifies the stop time of the saving time range. The time is expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is specified, all the stopping accounting requests saved in the time range since start-time to stop-time will be displayed.
  • Page 337 Only when the keys are identical can both ends accept the packets from each other and give responses. So it is necessary to ensure that the keys set on the switch and the RADIUS scheme are identical. If the...

  • Page 338: Local-Server

    Parameter nas-ip ip-address: Sets Nas-IP address of access server. ip-address is expressed in the format of dotted decimal. By default, there is a local server with the NAS-IP address of 127.0.0.1. key password: Sets password of logon user. password is a character string...

  • Page 339: Nas-Ip

    MD5-challenge authentication. 3Com series switches support up to 16 local RADIUS scheme. Related command: radius scheme, state. Example # Set the IP address of local RADIUS scheme to 10.110.1.2 and the password to 3com. [SW8800] local-server nas-ip 10.110.1.2 key 3Com nas-ip...

  • Page 340: Primary Accounting

    HAPTER ROTOCOL ONFIGURATION OMMANDS By default, the source IP address of packets is the IP address of the VLAN interface to which the port connecting with the server belongs. Related commands: display radius, radius nas-ip Example # Configure the IP address that NAS (switch) uses to send RADIUS packets as 10.1.1.1.

  • Page 341: Primary Authentication

    By default, the primary authentication server of the RADIUS scheme created by the system, whose name is "system", uses IP address of 127.0.0.1 and UDP port of 1645. The secondary authentication server uses IP address of 0.0.0.0 and UDP port of 1812.

  • Page 342: Radius Nas-Ip

    Use the radius client enable command to enable the port 1812. You must use this command to enable ports before using RADIUS authentication. Use the undo radius client to disable the port 1812. You can use this command to disable ports when you do not use RADIUS authentication. The system does not receive (or respond to) UDP packets whose destination port is the port 1812 after the port 1812 is disabled.

  • Page 343: Radius Scheme

    RADIUS scheme and enter its view before performing other RADIUS protocol configurations. A RADIUS scheme can be used by several ISP domains at the same time. You can configure up to 16 RADIUS schemes, including the default scheme named as system.

  • Page 344: Reset Radius Statistics

    Start-time specifies the start time of the saving time range and stop-time specifies the stop time of the saving time range. The time is expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is set, all the stopping accounting requests saved since start-time to stop-time will be deleted.

  • Page 345: Retry

    After transmitting the stopping accounting requests, if there is no response from the RADIUS scheme, the switch will save the packet in the buffer and retransmit it for several times, which is set through the retry stop-accounting command.

  • Page 346: Retry Realtime-Accounting

    T and the real-time accounting interval of NAS is t, then the integer part of the result from dividing T by t is the value of count. Therefore, when applied, T is suggested the numbers which can be divided exactly by t.

  • Page 347: Retry Stop-Accounting

    Because the stopping accounting request concerns account balance and will affect the amount of charge, which is very important for both the user and ISP, NAS shall make its best effort to send the message to RADIUS accounting server.

  • Page 348: Secondary Authentication

    Related command: key, radius scheme, state. Example # Set the IP address of the secondary accounting server of RADIUS scheme, 3com, to 10.110.1.1 and the UDP port 1813 to provide RADIUS accounting service. [3Com-radius-3com] secondary accounting 10.110.1.1 1813 secondary...

  • Page 349: Server-Type

    # Set RADIUS scheme type of RADIUS scheme "3com", to 3com. [3Com-radius-3com] server-type 3com state Syntax state { primary | secondary } { accounting | authentication } { block | active } View RADIUS scheme view Parameter primary: Configures to set the state of the primary RADIUS server.

  • Page 350: Stop-Accounting-Buffer Enable

    RADIUS server is in the state of block. For a new RADIUS scheme, the RADIUS server is in the state of block if an IP address is not configured for the server; the RADIUS server is in the state of active if an IP address is configured for the server.

  • Page 351: Timer Quiet

    By default, enable to save the stopping accounting requests in the buffer. Because the stopping accounting request concerns account balance and will affect the amount of charge, which is very important for both the user and ISP, NAS shall make its best effort to send the message to RADIUS accounting server.

  • Page 352: Timer Realtime-Accounting

    After the attribute is set, NAS will transmit the accounting information of online users to the RADIUS server regularly. The value of minute is related to the performance of NAS and RADIUS server. The smaller the value is, the higher the requirement for NAS and RADIUS server is.

  • Page 353: Timer Response-Timeout

    View RADIUS scheme view Parameter seconds: The value range is 1 to 10 in seconds. The default response timeout value of the RADIUS server is 3 seconds. Description Use the timer response-timeout command to set the response-timeout value of RADIUS server.

  • Page 354: Vpn-Instance

    View RADIUS scheme view Parameter vpn-name: The name of the VPN instance, which is a string of 1 to 19 characters. Description Use the vpn-instance command to configure the VPN that the RADIUS scheme belongs to. Use the undo vpn-instance command to cancel the configuration for VPN.

  • Page 355: Data-Flow-Format

    By default, the data unit is byte and the data packet unit is one-packet. Related command: display hwtacacs. Example # Set the unit of data flow sent to TACACS Server 3Com to kilo-byte and the data packet unit to kilo-packet. [3Com-hwtacacs-3com] data-flow-format data kilo-byte packet kilo-packet...

  • Page 356: Debugging Hwtacacs

    OMMANDS debugging hwtacacs Syntax debugging hwtacacs { all | error | event | message | receive-packet | send-packet } undo debugging hwtacacs { all | error | event | message | receive-packet | send-packet } View User view Parameter all: Enables all HWTACACS debugging.

  • Page 357: Display Stop-Accounting-Buffer Hwtacacs-Scheme

    Use the display stop-accounting-buffer command to view information on the stop-accounting requests buffered in the switch. Related command: reset stop-accounting-buffer, stop-accounting-buffer enable, retry stop-accounting. Example # Display information on the buffered stop-accounting requests related to the HWTACACS scheme "3com". <SW8800> display stop-accounting-buffer hwtacacs-scheme 3com %No accounting stop packet exists.

  • Page 358: Hwtacacs Nas-Ip

    Parameter ip-address: IP address of a specified source, which is that of the local host and cannot be a broadcast address of class A, B or C, a class D address, an all-zero address, or an address begins with 127.

  • Page 359: Nas-Ip

    Only when the same key is used can both ends accept the packets from each other and give responses. So it is necessary to ensure that the same key is set on the switch and the HWTACACS server. If the authentication/authorization and accounting are performed on two server devices with different shared keys, you must set one shared key for each.

  • Page 360: Primary Accounting

    Generally, the Loopback interface address is recommended. By default, the source IP address of the packets is the IP address of the interface of the VLAN to which the port connecting the server belongs.

  • Page 361: Primary Authentication

    HWTACACS Configuration Commands You are not allowed to assign the same IP address to both primary and secondary accounting servers. If you repeatedly use this command, the latest configuration overwrites the previous one. You can remove a TACACS scheme accounting server only when no Active TCP connection used to send accounting packets is now using the server, and the removal impacts only packets forwarded afterwards.

  • Page 362: Primary Authorization

    Parameter ip-address: IP address of the server, a valid unicast address in dotted decimal format. port-number: Port number of the server, which is in the range 1 to 65535 and defaults to 49. Description Use the primary authorization command to configure a primary TACACS authorization server.

  • Page 363: Reset Stop-Accounting-Buffer

    Related command: stop-accounting-buffer enable, retry stop-accounting, display stop-accounting-buffer. Example # Delete the buffered stop-accounting requests that are related to the HWTACACS scheme "3com". <SW8800> reset stop-accounting-buffer hwtacacs-scheme 3Com retry stop-accounting...

  • Page 364: Secondary Accounting

    Parameter ip-address: IP address of the server, a valid unicast address in dotted decimal format. port-number: Port number of the server, which is in the range 1 to 65535 and defaults to 49. Description Use the secondary accounting command to configure a secondary TACACS accounting server.

  • Page 365: Secondary Authentication

    Parameter ip-address: IP address of the server, a valid unicast address in dotted decimal format. port-number: Port number of the server, which is in the range 1 to 65535 and defaults to 49. Description Use the secondary authentication command to configure a secondary TACACS authentication server.

  • Page 366: Secondary Authorization

    IP address of the server, a legal unicast address in dotted decimal format. port-number: Port number of the server, ranging from 1 to 65535. By default, it is Description Use the secondary authorization command to configure a secondary TACACS authorization server.

  • Page 367: Timer Realtime-Accounting

    After the switch waits for a time that is equal or greater than the time set by this command, it re-attempts to send packets to the server.

  • Page 368: User-Name-Format

    View HWTACACS view Parameter seconds: TACACS server response timeout time, which is in the range of 1 to 300 seconds and defaults to 5 seconds. Description Use the timer response-timeout command to set the TACACS server response timeout time.
  • Page 369 ISP domains but with the same name as one user. Related command: hwtacacs scheme. Example # Specify that no domain name is taken along with the username that will be sent out with the HWTACACS scheme 3com. [3Com-hwtacacs-3com] user-name-format without-domain...
  • Page 370 21: AAA RADIUS/HWTACACS P HAPTER ROTOCOL ONFIGURATION OMMANDS...

  • Page 371: Debugging Portal

    Syntax 1. display portal { acm | server | tcp-cheat } statistics 2. display portal [ auth-network [ auth-vlan-id ] | free-ip | free-user | server [ server-name ] | vlan [ vlan-id ] ] 3. display portal user [ ip ipaddress | interface interface-type interface-number |...
  • Page 372 Displays the authentication network section. auth-vlan-id is the ID of the VLAN where the access port (where the authentication users access into the switch across the network) lies in. free-ip: Displays the configured authentication-free IP addresses.
  • Page 373 Description Run Method Portal servers run in one of the three methods: direct, ReDHCP and Layer3 Free IP Free IP addresses. A Portal server will use one free IP address automatically Free User Authentication-free users Portal Server The basic information about the configuration of a Portal server,...

  • Page 374: Portal

    22: P HAPTER ORTAL ONFIGURATION OMMANDS Table 47 Description on the fields of the display portal acm statistics command Field Description ACM Statistics Statistics about state machines WAIT_MAC_ACK Time of waiting for MAC address acknowledgements. This value is 0 for the Layer 3 method...

  • Page 375: Portal Arp-Handshake

    When you enable the Portal authentication function on a VLAN interface, you must first make sure that VLAN IDs are in the range of 2 to 4094, and the make sure that a valid IP address is configured for this VALN interface and that the specified Portal server exists.

  • Page 376: Portal Auth-Network

    ONFIGURATION OMMANDS If the user PC still does not respond after the sending times exceed the retry times, the switch will regard the handshakes as abnormal, cut the connection with this user actively and notify the Portal server about this case.

  • Page 377: Portal Free-Ip

    Free IP addresses can be the IP addresses of DNS servers or the IP addresses that ISP provides to access free websites. All users can access these free IP addresses unrestrictedly. Up to 8 free IP addresses can be configured in one system. .A Portal server will use one free IP address automatically. Example # Set the IP address 10.1.1.0 as a free IP address...

  • Page 378: Portal Free-User

    ID of the VLAN that the authentication-free users belongs to, in the range of 1 to 4094. interface: Port of the switch that the authentication-free users lie in. This port must belong to the VLAN that this command specifies.

  • Page 379: Portal Method

    IP address of the interface belong to the same network section. The Direct authentication method requires that the IP address of an authentication-free user and that of the VLAN interface belong to the same network section.

  • Page 380: Portal Server

    Shared keys that the Portal server needs when it communicates with the switch. It is a string in the range of 1 to 16 characters. It is "3com" by default. port: Port that a switch uses to send packets to a Portal server. It is in the range of 1 to 65534.

  • Page 381: Portal Upload-Interface

    Syntax reset portal { acm | server | tcp-cheat } statistics View User view Parameter acm: Clears the statistics about ACM, that is to say, clears the statistics about the state machines related with authentication, connection and management.
  • Page 382 Clears the statistics about the Portal server. tcp-cheat: Clears the statistics about TCP cheats. Description Use the reset portal command to clear the related statistics about Portal. Example # Clear the statistics about ACM of the Portal client. <SW8800> reset portal acm statistics...

  • Page 383: Display Ip Routing-Table

    When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual.

  • Page 384: Display Ip Routing-Table Acl

    Use the display ip routing-table acl command to view the route filtered through specified basic access control list (ACL). This command is used in track display of route policy to display the route that passed the filtering rule according the input basic ACL number or name.
  • Page 385 Display Commands of the Routing Table For detailed description of the output information, see Table 48. # Display the verbose information of the Active and Inactive routes that are filtered through basic acl 2000. <SW8800> display ip routing-table acl 2000 verbose...
  • Page 386 23: S HAPTER TATIC OUTE ONFIGURATION OMMANDS Table 49 Description of the fields of the display ip routing-table acl verbose command Field Description Route state description: ActiveU Valid unicast route. U stands for unicast. Blackhole Blackhole route is similar to Reject...

  • Page 387: Display Ip Routing-Table Ip-Address

    Field Description Lifetime of a route entry, in hh : mm : ss, where hh is hours, mm is minutes, and ss is seconds. The displayed time should be read from right to left. For example, 7:24 indicates that the lifetime of a route is seven hours and 24 minutes.

  • Page 388: Display Ip Routing-Table Ip-Address1 Ip-Address2

    STATIC 192.168.1.2 Vlan-interface10 For detailed description of the output information, see Table 48. # There is no corresponding route (only the longest matching route is displayed) in natural mask range and summary is displayed. <SW8800>display ip routing-table 192.168.1.2 Destination/Mask Protocol Pre...

  • Page 389: Display Ip Routing-Table Ip-Prefix

    Anding ip-address1 with mask1 specifies the start of the range while anding ip-address2 with mask2 specifies the end. This command is used to display the routes in this address range.

  • Page 390: Display Ip Routing-Table Protocol

    48.48.48.2 Vlan-interface48 For detailed description of the output information, see Table 48. # Display the details of the active and inactive routes filtered by the prefix list abc2. <SW8800> display ip routing-table ip-prefix abc2 verbose Routes matched by ip-prefix abc2:...
  • Page 391 Without the parameter, this command displays the active and inactive route information. verbose: With the verbose keyword, this command displays the verbose route information. Without the parameter, this command displays the route summary. protocol: The parameter has multiple selectable values: direct: Displays direct connection route information ■...

  • Page 392: Display Ip Routing-Table Radix

    Radix tree for INET (2) inodes 7 routes 5: +-32+--{210.0.0.1 +--0+ | | +--8+--{127.0.0.0 | | | +-32+--{127.0.0.1 | +--1+ +--8+--{20.0.0.0 +-32+--{20.1.1.1 Table 50 Description of the fields of the display ip routing-table radix command Field Description INET Address suite inodes Number of nodes routes...

  • Page 393: Display Ip Routing-Table Vpn-Instance

    Number of routes Active Number of active routes Added Number of added routes after the router is rebooted or the routing table is cleared last time Deleted Number of deleted routes (such routes will be freed in a period of time) Total...

  • Page 394: Display Ip Routing-Table Verbose

    First, display statistics of the whole routing table and then output detailed information of every route entry in turn. The meaning of route status is shown in Table 49, and the statistics of routing table is shown in the following table.

  • Page 395: Delete Static-Routes All

    Static Route Configuration Commands Table 52 Description of the fields of the display ip routing-table verbose command Field Description Holddown Number of held-down routes Delete Number of deleted routes Hidden Number of hidden routes Static Route Configuration Commands delete static-routes all...

  • Page 396: Ip Route-Static

    Description Use the delete vpn-instance command to remove all the static routes of the VPN. When you use this command to remove the static routes, the system will prompt your acknowledgement. The system removes all configured static routes after the acknowledgement.
  • Page 397 Use the undo ip route-static command to delete the configured static route. By default, the system can obtain the sub-net route directly connected with the router. If it is not specified as reject or blackhole, the route will be reachable by default.
  • Page 398 23: S HAPTER TATIC OUTE ONFIGURATION OMMANDS...

  • Page 399: Checkzero

    You can use the checkzero command to enable the zero field check operation on RIP-1 packet. During the zero field check operation, if the RIP-1 packet in which the zero fields are not zeros is received, it will be rejected.

  • Page 400: Default Cost

    View RIP view Parameter value: The default routing cost to be set, ranging from 1 to 16. The default value is Description Use default cost command to set the default routing cost of an imported route. Use the undo default cost command to restore the default value.

  • Page 401: Filter-Policy Export

    Use the filter-policy export command to configure to filter the advertised routing information by RIP. Use the undo filter-policy export command to configure not to filter the advertised routing information. By default, RIP does not filter the advertised routing information.

  • Page 402: Filter-Policy Import

    Use the filter-policy gateway import command to configure to filter the received routing information distributed from the specified address. Use the undo filter-policy gateway import command to configure not to filter the received routing information distributed from the specified address.

  • Page 403: Host-Route

    Use the undo host-route command to reject the host route. By default, RIP accepts the host route. In some special cases, RIP receives a great number of host routes in the same network segment. These routes cannot help the path searching much but occupy a lot of resources.

  • Page 404: Network

    If the cost value is not specified, routes will be imported according to the default cost ranging from 1 to 16. If the cost value of the imported route is 16, then RIP continues to advertise this cost to other routers running RIP, and marks this route "Hold Down".

  • Page 405: Peer

    When the network command is used on an address, the effect is that the interface on the network segment at this address is enabled. For example, the results of viewing the network 129.102.1.1 with both the display...

  • Page 406: Reset

    Every routing protocol has its own preference. Its default value is determined by the specific routing policy. The preference will finally determine the routing algorithm to obtain the optimal route in the IP routing table. This command can be used to modify the RIP preference manually.

  • Page 407: Rip Authentication-Mode

    Specifies the MD5 cipher text authentication packet to use the general packet format (RFC1723 standard format). key-string: MD5 cipher text authentication key. If it is input in a plain text form, MD5 key is a character string not exceeding 16 characters. And it will be displayed in a cipher text form in a length of 24 characters when the display current-configuration command is executed.

  • Page 408: Rip Input

    One of them is that described in RFC 1723, which was brought forward earlier. The other format is the one described specially in RFC 2082. The router supports both of the packet formats and the user can select either of them on demands. Related command: rip version.

  • Page 409: Rip Metricin

    0 to 16. By default, the value is 0. Description Use the rip metricin command to configure the additional route metric added to the route when an interface receives RIP packets. Use the undo rip metricin command to restore the default value of this additional route metric.

  • Page 410: Rip Output

    Interface view Parameter None Description Use the rip output command to allow an interface to transmit RIP packets to the external. Use the undo rip output command to disable an interface to transmit RIP packets to the external. By default, all interfaces except loopback interfaces are enabled to transmit RIP packets to the external.

  • Page 411: Rip Version

    Transmission mode of RIP-2 packet is multicast. Description Use the rip version command to configure the version of RIP packets on an interface. Use the undo rip version command to restore the default value of RIP packet version on the interface.

  • Page 412: Rip Work

    Description Use the rip work command to enable the running of RIP on an interface. Use the undo rip work command to disable the running of RIP on an interface. By default, RIP is running on an interface. This command is used in cooperation with rip input, rip output and network commands.

  • Page 413: Timers

    By default, RIP-2 route summarization is used. Automatic route summarization can be performed to reduce the routing traffic on the network as well as to reduce the size of the routing table. If RIP-2 is used, route summarization function can be disabled with the undo summary command, when it is necessary to broadcast the subnet route.
  • Page 414 24: RIP C HAPTER ONFIGURATION OMMANDS Example # Set the values of Period Update timer and Timeout timer of RIP to 10 seconds and 30 seconds respectively. [SW8800] rip [3Com-rip] timers update 10 timeout 30...

  • Page 415: Abr-Summary

    When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual.

  • Page 416: Area

    View OSPF view Parameter area-id: ID of the OSPF area, which can be a decimal integer (ranging from 0 to 4,294,967,295) or in IP address format. Description Use the area command to enter OSPF Area view. Use the undo area command to remove the specified area.

  • Page 417: Authentication-Mode

    Type-7 LSAs in the summary address range. If the local router acts as both an ABR and a router in the NSSA, this command summarizes Type-5 LSAs transformed from Type-7 LSAs. If the router is not the router in the NSSA, the summarization is disabled.

  • Page 418: Debugging Ospf

    [3Com-ospf-1-area-0.0.0.0] authentication-mode md5 debugging ospf Syntax debugging ospf [ process-id ] { event | packet [ ack | dd | hello | interface interface-type interface-number | request | update ] | lsa-originate | spf | graceful-restart } undo debugging ospf [ process-id ] { event | packet [ ack | dd | hello |...

  • Page 419: Default Cost

    If you do not specify a process ID, the command is applied to all processes. While the router is operating, the debugging state always remains regardless of the existing OSPF process.

  • Page 420: Default Interval

    Because OSPF can import the external routing information and broadcast it to the entire autonomous system, and importing routes too often will greatly affect the performances of the device, it is necessary to specify the default interval for the protocol to import external routes.

  • Page 421: Default Tag

    Use the default tag command to configure the default tag that OSPF assigns to imported routes. Use the undo default tag command to restore the default of the default tag that OSPF assigns to imported routes. When OSPF imports a route found by other routing protocols in the router and...

  • Page 422: Default-Cost

    The stub command is used to configure the Stub attribute for this area. Related command: stub, nssa. Example # Set the area 1 as the Stub area and the cost of the default route transmitted to this Stub area to 60. [3Com-ospf-1] area 1 [3Com-ospf-1-area-0.0.0.1] network 20.0.0.0 0.255.255.255...

  • Page 423: Default-Route-Advertise

    The cost value of this ASE LSA. The metric-value ranges from 0 to 16,777,214. If the parameter is not configured, the default value is 1. type type-value: Cost type of this ASE LSA. It ranges from 1 to 2. If the parameter is not configured, the default value is 2.

  • Page 424: Display Ospf Abr-Asbr

    # Display the information of the OSPF area border routers and autonomous system border routers. <SW8800> display ospf abr-asbr OSPF Process 1 with Router ID 10.110.98.138 Routing Table to ABR and ASBR I = Intra i = Inter A = ASBR B = ABR S = SumASBR Destination Area Cost Nexthop Interface IA 2.2.2.2...

  • Page 425: Display Ospf Asbr-Summary

    View Any view Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. ip-address: Matched IP address in dotted decimal format. mask: IP address mask in dotted decimal format.

  • Page 426: Display Ospf Brief

    View Any view Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. Description Use the display ospf brief command to view the main summary of OSPF.

  • Page 427: Display Ospf Cumulative

    [ process-id ] cumulative View Any view Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. Description Use the display ospf cumulative command to view the OSPF cumulative information.

  • Page 428: Display Ospf Error

    1 net: 0 sumasb: 1 sumnet: 1 Routing Table: Intra Area: 2 Inter Area: 0 ASE: 1 Table 57 Description of the fields of the display ospf cumulative command Field Description Type of input/output OSPF Type packet IO Statistics...
  • Page 429 OSPF Configuration Commands Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. Description Use the display ospf error command to view the OSPF error information. Example # Display the OSPF error information.

  • Page 430: Display Ospf Interface

    [ process-id ] interface [ interface-type interface-number ] View Any view Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. interface-type interface-number: Specifies an interface. Description Use the display ospf interface command to view the OSPF interface information.

  • Page 431: Display Ospf Lsdb

    Syntax display ospf [ process-id ] [ area-id ] lsdb [ brief | [ asbr | ase | network | nssa | router | summary [ verbose ] ] [ ip-address ] [ originate-router ip-address | self-originate ] [ verbose ] ]...
  • Page 432 Views the IP address of the LSA generator. self-originate: Views the database information of self-originated LSA. Description Use the display ospf lsdb command to view the link-state database (LSDB) of OSPF. Example # Display the LSDB of OSPF.

  • Page 433: Display Ospf Nexthop

    Address Address of next hop Type Type of next hop Refcount Reference count of the next hop, i.e., number of routes using this address as the next hop Intf Addr IP address of the outgoing interface to the next hop...

  • Page 434: Display Ospf Peer

    Use the display ospf peer command to view information about OSPF peers. Use the display ospf peer brief command to view the brief information of every peer in OSPF, mainly the numbers of peers at all states in every area.

  • Page 435: Display Ospf Retrans-Queue

    [ process-id ] retrans-queue View Any view Parameter process-id: ID of an OSPF process. The command is applied to all current OSPF processes if you do not specify a process ID. Description Use the display ospf retrans-queue command to view information about the OSPF retransmission queue.

  • Page 436: Display Ospf Routing

    View Any view Parameter process-id: ID of an OSPF process. The command is applied to all current OSPF processes if you do not specify a process ID. Description Use the display ospf routing command to view information about the OSPF routing table.

  • Page 437: Display Ospf Abr-Summary

    OSPF Configuration Commands Table 66 Description of the fields of the display ospf routing command Field Description NSSA Number of NSSA routes display ospf Syntax abr-summary display ospf [ process-id ] abr-summary View Any view Parameter process-id: OSPF process number. If no process number is specified, the command functions on all the currently active OSPF processes.

  • Page 438: Display Ospf Vlink

    OMMANDS View Any View Parameter process-id: ID of an OSPF process. If the process ID is not specified, the major information about all the OSPF processes will be displayed in the order in which IDs are configured. Description Use the display ospf graceful-restart status command to display the information about OSPF Graceful Restart.

  • Page 439: Filter-Policy Export

    OSPF Configuration Commands Description Use the display ospf vlink command to view the information about OSPF virtual links. Example # View OSPF virtual links information. <SW8800> display ospf vlink OSPF Process 1 with Router ID 1.1.1.1 Virtual Links Virtual-link Neighbor-id ->...

  • Page 440: Filter-Policy Export

    HAPTER ONFIGURATION OMMANDS Description Use the filter-policy export command to configure the rule used by OSPF to filter advertised routing information. Use the undo filter-policy export command to cancel the filtering rules that have been set. By default, no filtering of the advertised routing information is performed.

  • Page 441: Filter-Policy Import

    Use the filter-policy export command to filter the Type-3 LSAs generated locally in an OSPF area so that only those Type-3 LSAs having passed the filtration can be added into the link state database of the other areas. The filtration is implemented according to the link state ID of the Type-3 LSAs.

  • Page 442: Filter-Policy Import

    Use the filter-policy import command to filter the Type-3 LSAs generated locally in an OSPF area so that only those Type-3 LSAs having passed the filtration can be added into the link state database of the other areas. The filtration is implemented...

  • Page 443: Graceful-Restart

    View OSPF view Parameter value: GR period in the way defined in the RFC3623 standard. It is 120 seconds by default. compatible: Performs GR in compatible way. Description Use the graceful-restart [ value ] command to configure the OSPF protocol for the switch to perform GR in the way defined in the RFC3623 standard.

  • Page 444: Import-Route

    Otherwise, the new configuration overwrites the old one. Example # Specify an imported RIP route as the route of type 2, with the route tag as 33 and the route cost as 50. [3Com-ospf-1] import-route rip type 2 tag 33 cost 50...

  • Page 445: Log-Peer-Change

    By default, a maximum of 20K exterior routes are allowed to be imported. Example # Set the maximum number of exterior routes allowed to be imported to 50K. [3Com-ospf-1] import-route-limit 50000 log-peer-change...

  • Page 446: Nssa

    If only the secondary IP address of the interface is in the range of the network segment specified by this command, this interface will not run OSPF.

  • Page 447: Ospf

    View System view Parameter process-id: ID of an OSPF process, in the range 1 to 65,535. By default, the process ID is 1. process-id is locally significant. router-id: Router ID in dotted decimal format for the specified OSPF process. vpn-instance: Specifies VPN instance parameter.

  • Page 448: Ospf Authentication-Mode

    ID of the authentication key in MD5 authentication mode in the range from 1 to 255. key: MD5 authentication key. If it is input in a plain text form, MD5 key is a character string in the range 1 to 16 characters. It will be displayed in a cipher text form in a length of 24 characters when the display current-configuration command is executed.

  • Page 449: Ospf Cost

    "designated router" is elected. The interface with higher priority will be considered first when vote collision occurs. Example # Set the priority of the interface Vlan-interface 10 to 8, when electing the DR. [SW8800] interface Vlan-interface 10 [3Com-Vlan-interface10] ospf dr-priority 8...

  • Page 450: Ospf Mib-Binding

    View System view Parameter process-id: ID of an OSPF process, in the range 1 to 65,535. If no OSPF process is specified, the default process ID 1 applies. Description Use the ospf mib-binding command to bind the MIB operation to the specified OSPF process.

  • Page 451: Ospf Network-Type

    Changes the interface network type to NBMA. p2mp: Changes the interface network type to p2mp. p2p: Changes the interface network type to point-to-point. Note: Due to the media type used on the Switch 8800, Broadcast is the only valid option. Description Use the ospf network-type command to configure the network type of OSPF interface.

  • Page 452: Ospf Timer Hello

    OMMANDS View Interface view Parameter seconds: Dead interval of the OSPF neighbor. It is in seconds and ranges from 1 to 65,535. minimal: Specifies the port to run Fast Hello function. multi-hello: Sends multiple hello packets. packets: Number of Hello packets sent within one second.

  • Page 453: Ospf Timer Retransmit

    Use the undo ospf timer retransmit command to restore the default interval value for LSA re-transmitting on the interface. If a router running OSPF transmits a "link state advertisement" (LSA) to the peer, it needs to wait for the acknowledgement packet from the peer. If no acknowledgement is received from the peer within the LSA retransmit, this LSA will be re-transmitted.

  • Page 454: Ospf Trans-Delay

    Use the undo ospf trans-delay command to restore the default value of the LSA transmitting delay on an interface. LSA will age in the "link state database" (LSDB) of the router as time goes by (add 1 for every second), but it will not age during network transmission. Therefore, it is necessary to add a period of time set by this command to the aging time of LSA before transmitting it.

  • Page 455: Reset Ospf

    The following are the benefits of the reset ospf all command: Clear invalid LSA immediately without waiting for LSA timeout. ■ If the Router ID changes, a new Router ID will take effect by executing the ■ command. Re-elect DR and BDR conveniently.

  • Page 456: Router Id

    ID, the router will automatically select one from configured IP address as the ID of this router. If no IP address is configured for any interface of the router, the router ID must be configured in OSPF view. Otherwise, OSPF protocol cannot be enabled.

  • Page 457: Sham-Link

    Use the undo silent-interface command to restore the default setting. By default, the interface is enabled to transmit OSPF packets. You can use this command to disable an interface to transmit OSPF packets, so as to prevent the router on some network from receiving the OSPF routing information.

  • Page 458: Snmp-Agent Trap Enable Ospf

    OMMANDS Description Use the sham-link command to run Fast Hello function on the sham-link link, that is, to specify multiple Fast Hello packets to be sent within one second. The default dead interval time is one second. Example # Specify the sham-link link 1.1.1.1 2.2.2.2 to run Fast Hello Function. The dead interval time is one second.

  • Page 459: Spf-Schedule-Interval

    View OSPF view Parameter interval: SPF calculation interval of OSPF, which is in the range of 1 to 10 and is measured in seconds. The default value is five seconds. Description Use the spf-schedule-interval command to configure the route calculation interval of OSPF.

  • Page 460: Vlink-Peer

    ONFIGURATION OMMANDS If the router is an ABR, it will send a default route to the connected Stub area. Using the default-cost command, you can configure the default route cost value. In addition, on an ABR, you can configure the no-summary argument in the stub command to prevent type-3 LSAs from entering the Stub area connected to this ABR.
  • Page 461 Specifies the MD5 authentication key. If it is input in a plain text form, MD5 key is a character string in the range 1 to 16 characters. It will be displayed in a cipher text form in a length of 24 characters when the display current-configuration command is executed.
  • Page 462 25: OSPF C HAPTER ONFIGURATION OMMANDS...

  • Page 463: Area-Authentication-Mode

    When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual.

  • Page 464: Cost-Style

    Permits to receive routes whose cost value is larger than 1024. If it is not set, routes whose metrics values are larger than 1024 will be discarded. This setting is only valid for compatible, narrow-compatible and...

  • Page 465: Debugging Isis

    By default, IS-IS only receives/sends packets whose cost type is narrow. Related command: isis cost. Example # Set IS-IS to receive packets whose cost type is narrow or wide, but only send packets whose cost type is narrow. [SW8800] isis...

  • Page 466: Default-Route-Advertise

    Use the default-route-advertise command to create the default route of L1, L2 router. Use the undo default-route-advertise command to cancel this configuration. By default, this command uses the L2 router to create the default route. There is another mechanism for L1 routers. Namely, the system discovers the default route...

  • Page 467: Display Isis Interface

    L1/L2 router. The nearest L1/L2 router can be found by searching the ATT bit in the L1 LSP. This command can be set on L1 router or L2 router. By default, the route is generated on L2 LSP. If the apply isis level-1 command is executed in route-policy view, the default route will be generated on L1 LSP.

  • Page 468: Display Isis Lsdb

    Priority Retransmission interval display isis lsdb Syntax display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ [ LSPID | local ] | verbose ]* ]* View Any view Parameter l1 and Level-1: Both refer to the link state database of Level-1.

  • Page 469: Display Isis Peer

    Description Use the display isis peer command to view IS-IS peer information. The display isis peer verbose command yields not only all the outputs of the display isis peer command, but also the area address, Uptime and IP address of the directly connected interface of the peer.

  • Page 470: Display Isis Spf-Log

    View Any view Parameter None Description Use the display isis spf-log command to view the SPF calculation log information of the IS-IS. . Example # View the SPF calculation log of IS-IS. <SW8800> display isis spf-log Details of Level 1 SPF Run: ------------------------------------------------------------------------- Trig.Event...

  • Page 471: Domain-Authentication-Mode

    (TT8F]Y5SQ=^Q‘MAF4<1!!. password: Specifies the authentication password which can be a character string with 1 to 16 characters. If md5 is specified, the password will be displayed in a cipher text form with 24 characters when the display current-configuration command is executed. Inputting password in a cipher text form with 24 characters is also supported.

  • Page 472: Filter-Policy Export

    At the same time, this command will let IS-IS insert the domain authentication password into all the level-2 routing packets sent by this node, in a certain mode.

  • Page 473: Filter-Policy Import

    View IS-IS view Parameter acl-number: Specifies the number of the access control list, ranging from 2000 to 3999. Description Use the filter-policy import command to configure to filter the routes received by IS-IS. Use the undo filter-policy import command to configure not to filter the received routes.

  • Page 474: Graceful-Restart Interval

    Use the undo graceful-restart suppress-sa command to disable the suppression on the SA bit. Routers that are started for the first time (excluding routers being restarted) does not maintain the forwarding status. If this router is not started for the first time,...

  • Page 475: Ignore-Lsp-Checksum-Error

    Integrated IS-IS Configuration Commands the LSP generated during the last run may still exist in the LSP database of other routers in the network. Because LSP fragment sequence numbers are initialized when a router is reset, the LSP copy stored in the other routers in the network seems newer than the new LSPs generated after this router is restarted.

  • Page 476: Import-Route Isis Level-2 Into Level-1

    Syntax import-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ]* undo import-route protocol [ cost value | type { external | internal } | [ level-1...

  • Page 477: Isis

    Integrated IS-IS Configuration Commands View IS-IS view Parameter acl-number: ACL number. It is in the range of 2000 to 3999, which means basic ACLs and advanced ACLs can be used. Description Use the import-route isis level-2 into level-1 command to enable routing information in a Level-2 area to be imported to a Level-1 area.

  • Page 478: Isis Authentication-Mode

    [3Com-isis] network-entity 01.0001.0000.0000.0002.00 isis authentication-mode Syntax isis authentication-mode { simple | md5 } password [ { level-1 | level-2 } [ ip | osi ] ] undo isis authentication-mode { simple | md5 } password [ { level-1 | level-2 }...

  • Page 479: Isis Circuit-Level

    This command is only applicable to Level-1-2 routers. If the local router is a Level-1-2 router and it is required to establish a correlation with the peer router on a certain level (Level-1 or Level-2), this command can specify the interface to send and receive Hello packets of this level.

  • Page 480: Isis Cost

    SPF calculation. Use the undo isis cost command to restore the default link cost. If neither Level 1 nor Level 2 is specified in the configuration, Level-1 will be the default value. The user is recommended to configure the appropriate link cost for all the interfaces.

  • Page 481: Isis Enable

    Use the undo isis dis-priority command to restore the default priority. The IS-IS protocol does not concern the concept of backup DIS. The router with the priority 0 can also run for the DIS, which is different from the DR election of OSPF.

  • Page 482: Isis Mesh-Group

    The interface joining a mesh group only floods the received LSP to the interfaces beyond the local mesh group. Make sure to provide some redundancy when adding an interface to a mesh group or blocking it, avoiding the affect to the normal flooding of the LSP due to link failure. Example # Add Vlan-interface 20 running IS-IS to mesh group 3.

  • Page 483: Isis Timer Csnp

    The default value is 10 seconds. level-1: Specifies the Level-1 Hello interval. level-2: Specifies the Level-2 Hello interval. If no level is not specified, the Hello interval is set to Level-1-2, that is, both Level-1 and Level-2 take effect.

  • Page 484: Isis Timer Hello Minimal

    Related command: isis timer holding-multiplier. Example # Set the Hello packet of Level-2 to be transmitted every 20 seconds on Interface Vlan-interface 10. [SW8800] interface Vlan-interface 10 [3Com-Vlan-interface10] isis timer hello 20 level-2...

  • Page 485: Isis Timer Holding-Multiplier

    Given a broadcast network, you may configure this command specific to Level-1 or Level-2 neighbors by specifying the keyword level-1 or level-2. Given a PPP link, you do not need to specify Level-1 or Level-2, because only one kind of Hello packet is available.

  • Page 486: Isis Timer Lsp

    View IS-IS view Parameter x: Maximum interval (in seconds) for generating LSP. It ranges from 1 to 120 and defaults to 5. y: Interval (in milliseconds) between each trigger operation and each LSP generation operation. It ranges from 1 to 120,000 and defaults to 5,000.

  • Page 487: Isis Timer Retransmit

    Use the undo timer lsp-generation command to restore the default setting. When an event occurs, a new LSP needs to be generated for the IS-IS protocol. But the frequent generation of LSPs will result in the occupancy of huge resources and thus decrease the performance of the routing switch.

  • Page 488: Is-Level

    We recommend setting the system Level, when you configure IS-IS. If there is only one area, you are recommended to set the level of all the routers as Level-1 or Level-2, because it is not necessary for all the routers to maintain two identical databases.

  • Page 489: Md5-Compatible

    Use the undo log-peer-change command to configure not to log the peer changes. By default, peer changes log disabled. After peer changes log is enabled, the IS-IS peer changes will be output on the configuration terminal until the log is disabled. Example # Configure to output the IS-IS peer changes on the current router.

  • Page 490: Preference

    NET means the Network Service Access Point (NSAP). An IS-IS NET is 8 to 20 bytes long. It consists of three parts. Part one is area ID, which is variable (1 to 13 bytes), and the area IDs of the routers in the same area are identical. Part two is system ID (6 bytes) of this router, which must be unique in the whole area and backbone area.

  • Page 491: Reset Isis All

    By default, IS-IS data structure will not be cleared. This command is used when LSPs need refreshing immediately. For example, after the area-authentication-mode and domain-authentication-mode commands are executed, the old LSP still remain on the router. This command can be used to clear them. Related command: area-authentication-mode, domain-authentication-mode.

  • Page 492: Set-Overload

    Use the undo set-overload command to cancel the overload flag. By default, no overload flag is set. If a router is configured with the overload flag, the routes it calculates will be ignored by other routers in SPF calculation. (However the directly connected routes will not be ignored.) And other routers should not send this router the packets...

  • Page 493: Spf-Delay-Interval

    View IS-IS view Parameter number: Specifies number of routes to process before releasing CPU. It is in unit of piece with the range from 1000 to 50000. By default, the value is 2500 pieces. Description Use the spf-delay-interval command to configure the number of routes to process before releasing CPU in the SPF calculation.

  • Page 494: Summary

    120. When the calculation duration time reaches or exceeds the set value, the calculation of this time ends. If seconds is set to 0, it indicates that SPF calculation is not divided into slices and it will operate until the end. By default, the value is 0. Description Use the spf-slice-size command to enable IS-IS to calculate SPF routes in slices and configure the duration of each calculation.

  • Page 495: Timer Lsp-Max-Age

    LSP will be deleted from the LSDB. Related command: timer lsp-refresh. Example # Set the lifetime of an LSP generated by the current system to 25 minutes, i.e., 1500 seconds. [3Com-isis] timer lsp-max-age 1500...

  • Page 496: Timer Spf

    View IS-IS view Parameter x: Maximum interval (in seconds) for SPF calculation. It ranges from 1 to 120 and defaults to 10. y: Interval (in milliseconds) between a trigger operation and an SPF calculation operation. It ranges from 1 to 120,000 and defaults to 5,500.
  • Page 497 By setting a proper interval for performing SPF calculation, you can avoid the above situation. This setting can be made according to actual conditions. Example # Set the SPF calculation interval of the router to 3, 100 and 500 seconds. [3Com-isis] timer spf 3 100 500...
  • Page 498 26: I IS-IS C HAPTER NTEGRATED ONFIGURATION OMMANDS...

  • Page 499: Aggregate

    When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual.

  • Page 500: Balance

    Used to produce an aggregated route, whose AS path information includes detailed routes. Use this keyword carefully when many AS paths need to be aggregated, for the frequent change of routes may lead to route vibration. detail-suppresse This keyword does not suppress any aggregated route, but it restrains the advertisement of all the specific routes.

  • Page 501: Compare-Different-As-Med

    Use the bgp command to enable BGP and enter the BGP view. Use the undo bgp command to disable BGP. By default, the system does not run BGP. This command is used to enable and disable BGP as well as to specify the local AS number of BGP. Example # Enable BGP.

  • Page 502: Confederation Id

    If there are several routes available to one destination address, the route with smaller MED parameter can be selected as the final route item. Do not use this command unless it is determined that the same IGP and routing selection mode are adopted by different autonomous systems.

  • Page 503: Confederation Nonstandard

    View BGP view Parameter as-number-1...as-number-n: Sub-AS number. The range is 1 to 65535. This command can configure a maximum of 32 Sub-ASs belonging to a confederation. Description Use the confederation peer-as command to configure a confederation consisting of which Sub-ASs.

  • Page 504: Dampening

    1 to 45 minutes. By default, the value is 15 minutes. half-life-unreachable: Specifies the semi-dampening when the route is unreachable. The range is 1 to 45 minutes. By default, the value is 15 minutes. reuse: When the penalty is reduced under this value, the route is reused. The range is 1 to 20000.

  • Page 505: Debugging Bgp

    Syntax debugging bgp { all | event | normal | { keepalive | mp-update | open | packet | route-refresh | update } [ receive | send ] [ verbose ] } undo debugging bgp { all | event | normal | keepalive | mp-update | open |...

  • Page 506: Default Local-Preference

    The command can be used to configure the default local preference of RTB as 180 so that the route via RTB is selected first when the same route goes through RTA and RTB at the same time.

  • Page 507: Default-Route Imported

    # Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is the peer of RTA and RTB. So the MED of RTA can be configured as 25 to allow RTC to select the route transmitted by RTB first.

  • Page 508: Display Bgp Group

    Any view Parameter group-name: Specified a peer group. Description Use the display bgp group command to view the information of peer groups. Example # View the information of the peer group aaa. <SW8800> display bgp group aaa Group : aaa...

  • Page 509: Display Bgp Network

    View Any view Parameter None Description Use the display bgp network command to view the routing information that has been configured. Example # Display the routing information that has been configured. <SW8800> display bgp network Network Mask Route-policy 133.1.1.0...

  • Page 510: Display Bgp Peer

    Aggregator Mask length of aggregate route Origin attribute of route, which indicates that the route updates its origin relative to the route originating it from AS. It has three optional values: The route belongs to inside of AS. BGP treats...

  • Page 511: Display Bgp Routing-Table

    Table 73 Description of the fields of the display bgp peer verbose command Field Description Peer IP address of peer and port number used by the peer to establish TCP connection Local IP address and port number used to establish TCP connection of local end Type...
  • Page 512 Local-Pref Local preference, which ranges from 0 to 4294967295 Origin attribute of route, which indicates that the route updates its origin relative to the route originating it from AS. It has three optional values: The route belongs to inside of AS. BGP treats aggregate route and the route defined by the command network as inside of AS, and origin type as IGP.

  • Page 513: Display Bgp Routing-Table As-Path-Acl

    BGP Configuration Commands Table 74 Description of the fields of the display bgp routing-table command Field Description AS-path attribute of route, which records all AS areas that the route passes. With As-path it, route loop can be avoided display bgp...

  • Page 514: Display Bgp Routing-Table Cidr

    (learned by other methods). BGP sets the origin of the route imported through other IGP protocols as INCOMPLETE AS-path attribute of route, which records all AS areas that the route passes. With As-path it, route loop can be avoided...

  • Page 515: Display Bgp Routing-Table Community-List

    Does not send matched route outside AS. no-advertise: Sends matched route to no peers. no-export: Does not advertise the route to outside the AS or the confederation, but can advertise the route to other sub-Ass in the confederation. whole-match: Configures to display the exactly matched routes.

  • Page 516: Display Bgp Routing-Table Dampened

    Source Damping-limit Origin As-path ----------------------------------------------------------------- 11.1.0.0/16 133.1.1.2 1:20:00 Table 76 Description of the fields of the display bgp routing-table dampened command Field Description State flags: # - valid (valid) ^ - best (selected) Flags D - damped (discarded) H - history (history)

  • Page 517: Display Bgp Routing-Table Different-Origin-As

    BGP Configuration Commands Table 76 Description of the fields of the display bgp routing-table dampened command Field Description Origin attribute of route, which indicates that the route updates its origin relative to the route originating it from AS. It has three optional values: The route belongs to inside of AS.
  • Page 518 27: BGP C HAPTER ONFIGURATION OMMANDS acl-number: Number of the specified AS path to be matched, ranging from 1 to 199. network-address: Displays the flap information of this IP address. mask: Network mask. longer-match: Shows the route flap-info that is more specific than address, mask.

  • Page 519: Display Bgp Routing-Table Peer

    BGP Configuration Commands Table 77 Description of the fields of the display bgp routing-table flap-info command Item Description AS-path attribute of route, which records all AS areas that the route passes. As-path With it, route loop can be avoided display bgp...

  • Page 520: Display Bgp Routing-Table Statistic

    Parameter advertised: Routing information advertised by the peers. received: Routing information received by the peers. statistic: The total number of routes advertised or received by the peer. Description Use the display bgp routing-table statistic command to display the total number of routes advertised or received by all BGP peers.

  • Page 521: Filter-Policy Export

    View BGP view Parameter acl-number: Number of IP access control list, in the range of 2000 to 3999. ip-prefix-name: Name of ip prefix list. Its length ranges from 1 to 19. routing-protocol: Specified protocols advertising routing information which include direct, ospf, ospf-ase, ospf-nssa, rip, isis and static.

  • Page 522: Group

    BGP view Parameter acl-number: Number of IP access control list, in the range of 2000 to 3999. ip-prefix-name: Name of an address prefix list. It is used for filtering routing information by destination address. Its length ranges from 1 to 19.

  • Page 523: Import-Route

    The default type of BGP peer group is internal. Rather than existing alone, a BGP peer must belong to a peer group. Therefore, when creating a BGP peer, you must create a BGP peer group first and then add the peer into the group.

  • Page 524: Log-Peer-Change

    Description Use the log-peer-change command to enable the switch for reporting the BGP peer changes and print the BGP state change messages onto the screen. Use the undo log-peer-change command to disable this function. The switch for reporting BGP peer changes is disabled by default.

  • Page 525: Peer Advertise-Community

    Specifies name of the peer group. peer-address: Specifies IP address of the peer. number: Specifies the repeating times of local AS, ranging from 1 to 10. Description Use the peer allow-as-loop command to configure the repeating time of local Use the undo peer allow-as-loop command to remove the repeating time of local AS.

  • Page 526: Peer As-Number

    View BGP view Parameter group-name: Name of peer group. as-number: Peer AS number of the peer group, the range is 1 to 65535. Description Use the peer as-number command to configure the peer AS number of the specified peer group.

  • Page 527: Peer As-Path-Acl Import

    The priority of the inbound filter policy configured for the peer is higher than that configured for the peer group. Related command: peer as-path-acl export. Example # Set the AS path ACL of the peer group test to filter BGP received routes. [3Com-bgp] peer test as-path-acl 1 import...

  • Page 528: Peer Connect-Interface

    By default, BGP uses the best source interface. Usually, BGP uses the optimal route to update the source interface of the packets. However, you can set the mode of the interface to Loopback in order to send route updates even if the interface is not work normally.

  • Page 529: Peer Description

    By default, a peer group does not import the default route. For this command, no default route needs to exist in the routing table. A default route is sent unconditionally to a peer with the next hop as itself.

  • Page 530: Peer Enable

    BGP view Parameter group-name: Specifies the name of the peer group. ttl: Maximum hop value. The range is 1 to 255. By default, the value is 64. Description Use the peer ebgp-max-hop command to allow the router to establish EBGP connection with the peer on indirectly connected network.

  • Page 531: Peer Filter-Policy Export

    The peer filter-policy export command can only be configured on peer groups. Related command: peer filter-policy export, ip as-path-acl, peer as-path-acl. Example # Configure to use acl 2000 to filter the routes advertised by the peer group test. [3Com-bgp] peer test filter-policy 2000 export peer filter-policy import...

  • Page 532: Peer Graceful-Restart

    The priority of the inbound filter policy configured for the peer is higher than that configured for the peer group. Example # Configure to use acl 2000 to filter the routes received by the peer group test.. [3Com-bgp] peer test filter-policy 2000 import peer graceful-restart...

  • Page 533: Peer Group

    If the peer group is not assigned an AS number, you need to assign an AS number to each peer when adding it to the group. The peers in the same peer group may use different AS numbers.

  • Page 534: Peer Ip-Prefix Import

    View BGP view Parameter group-name: Name of peer group. prefixname: Name of the specified ip-prefix. It is a character string of 1 to 19 characters. export: Applies the filtering policy on the route transmitted to the specified peer/peer group. Description Use the peer ip-prefix export command to configure the route filtering policy of routes advertised by the peer group based on the ip-prefix.

  • Page 535: Peer Next-Hop-Local

    Description Use the peer next-hop-local command to configure to perform the process of the next hop in the route to be advertised to the peer/peer group and take the address of itself as the next hop. Use the undo peer next-hop-local command to cancel the existing configuration.

  • Page 536: Peer Public-As-Only

    Displays the configured password in simple text mode. password: Password in character string form with 1 to 16 characters when parameter simple is configured in the command or in the event of inputting the password in simple text mode but parameter cipher is configured in the command;...

  • Page 537: Peer Reflect-Client

    By default, private AS number is carried when transmitting BGP update packets. Generally, BGP transmits BGP update packets with the AS number (either public AS number or private AS number). To enable some outbound routers to ignore the AS number when transmitting update packets, you can configure not to carry the AS number when transmitting BGP update packets.

  • Page 538: Peer Route-Policy Export

    By default, the peer/peer group has no Route-policy association. The peer route-policy export command only applies to peer groups. Related command: peer route-policy import. Example # Apply the Route-policy named test-policy to the route going out of the peer group test.

  • Page 539: Peer Route-Policy Import

    Use the undo peer route-policy import command to delete the specified Route-policy. By default, the peer/peer group has no Route-policy association. The priority of the inbound filter policy configured for the peer is higher than that configured for the peer group. Related command: peer route-policy export.

  • Page 540: Peer Shutdown

    Use the undo peer route-update-interval command to restore the interval to the default value. Example # Configure the interval of sending the route update packet of the BGP peer group "test" as 10 seconds. [3Com-bgp] peer test as-number 100 [3Com-bgp] peer test route-update-interval 10...

  • Page 541: Preference

    Use the peer timer command to configure the Keepalive and Holdtime intervals for the specified peer/peer group. Use the undo peer timer command to restore the default timer settings. The timer configured by using this command has a higher priority than the one configured by using the timer command. Example # Configure Keepalive and Holdtime intervals of the peer group "test".

  • Page 542: Reflect Between-Clients

    After the route reflector is configured, the route reflector reflects the routes of one client to other clients by default. By default, the clients of a route reflector need not be fully connected. If the clients are fully connected, a route reflector is not required.

  • Page 543: Refresh Bgp

    By default, each route reflector uses its Router ID as the cluster ID. Usually, there is only one route reflector in a cluster. In this case, the cluster is identified by the router ID of the route reflector. You can configure multiple route reflectors to improve network stability.

  • Page 544: Reset Bgp

    After the BGP connection is established, only incremental routes are sent. However, some special cases exist. For example, when the routing policy changes, the routes advertised to the peer or the advertised routes from the peer need refreshing so that they can be filtered according to the new policy.

  • Page 545: Reset Bgp Group

    View User view Parameter group-name: Specifies the name of the peer group. It is a character string of 1 to 47 characters. Description Use the reset bgp group command to reset the connections between the BGP and all the members of a group.

  • Page 546: Timer

    By default, no auto aggregation of sub-network routes is executed. After the summary is configured, BGP cannot receive the sub-network routes imported from the IGP, so the amount of the routing information can be reduced. Example # Make the auto aggregation of the sub-network routes.
  • Page 547 65535. By default, its value is 180 seconds. Description Use the timer command to configure the Keep-alive and Hold-time timer of BGP. Use the undo timer command to restore the default value of the Keep-alive and Hold-time of the timer. Example # Configure the Keep-alive timer as 120 seconds and Hold-time timer as 360 seconds.
  • Page 548 27: BGP C HAPTER ONFIGURATION OMMANDS...

  • Page 549: Apply As-Path

    If the match condition of Route-policy is met, the AS attribute of the transmitting route will be changed. You can add up to 10 AS numbers. Example # Configure AS 200 to be added in front of the original AS path in Route-policy.

  • Page 550: Apply Community

    View Route policy view Parameter none: Deletes the community attribute of the route. This keyword can be input up to 13 times. aa:nn: Community number. no-export-subconfed: Does not send matched route outside the sub-AS. no-advertise: Does not send matched route to any peer.

  • Page 551: Apply Cost-Type

    For BGP, it indicates when a BGP peer advertises routes to its EBGP peer, the peer uses the cost value of IGP as the MED value of BGP. For IS-IS, it indicates the internal cost. For other protocols, it is invalid.

  • Page 552: Apply Ip Next-Hop

    Parameter ip-address: The next-hop address. Description Use the apply ip next-hop command to configure the next hop address in the route information. Use the undo apply ip next-hop command to cancel the Apply sub-statement. By default, no Apply sub-statement is defined.

  • Page 553: Apply Local-Preference

    IP Routing Policy Configuration Commands Description Use the apply isis command to configure to apply the level of a matched route to be imported to Level-1, Level-2 or Level-1-2. Use the undo apply isis command to cancel the Apply sub-statement.

  • Page 554: Apply Tag

    Parameter value: Specifies the tag value of route information. Description Use the apply tag command to configure to set the tag area of OSPF route information. Use the undo apply tag command to cancel the Apply sub-statement. Related command: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply local-preference, apply cost, apply origin.

  • Page 555: Display Ip Ip-Prefix

    Any view Parameter ip-prefix-name: Specifies displayed address prefix list name. Description Use the display ip ip-prefix command to view the address prefix list. If no ip-prefix-name is specified, all configured address prefix lists are displayed. Related command: ip ip-prefix. Example # Display the information of the address prefix list named as p1.

  • Page 556: Filter-Policy Export

    Use the undo filter-policy export command to cancel the filtering conditions set. By default, the advertised routing information is not filtered. In some cases, it may be required that only the routing information meeting some conditions can be advertised. Then, the filter-policy command can be used to set...

  • Page 557: Filter-Policy Import

    Related command: filter-policy import. Example # Define the filtering rules for advertising the routing information of RIP. Only the routing information passing the filtering of address prefix list p1 will be advertised by RIP.

  • Page 558: If-Match { Acl | Ip-Prefix }

    Specifies the name of the prefix address list used for filtration. Description Use the if-match { acl | ip-prefix } command to specify one matching rule for the route-policy and configure the IP address range to match the Route-policy.

  • Page 559: If-Match Community

    IP Routing Policy Configuration Commands Description Use the if-match as-path command to match the AS path domain of the BGP routing information. Use the undo if-match as-path command to cancel the match of AS path domain. By default, AS path list number is not matched.

  • Page 560: If-Match Cost

    Example # First define a community-list numbered 1, allowing it to contain the routing information of AS 100 and AS 200. Then, define a route-policy named "test". An if-match sub-statement is defined for Node 10 of the route-policy, which quotes the definition of the community-list.

  • Page 561: If-Match Ip Next-Hop

    Example # Define an if-match sub-statement to match the route whose next hop interface is Vlan-interface 1 [3Com-route-policy] if-match interface Vlan-interface 1 if-match ip next-hop...

  • Page 562: If-Match Tag

    Example # Define an if-match sub-statement, allowing the routing information whose route next hop address passes the filtration of the prefix address list p1 to pass this if-match sub-statement. [3Com-route-policy] if-match ip next-hop ip-prefix p1...

  • Page 563: Ip Community-List

    AS regular expression. acl-number: Description Use the ip as-path-acl command to configure an AS path regular express. Use the undo ip as-path-acl command to disable the defined regular expression. The configured AS path list can be used on BGP policy.

  • Page 564: Ip Ip-Prefix

    Specifies the match mode of the defined address prefix list items as deny mode. In this case, if the IP address of the route to be filtered matches an entry in the address prefix list, the route is denied without further check. If otherwise, the IP address is checked against the next address prefix entry.

  • Page 565: Route-Policy

    The meaning of greater-equal is "larger less-equal: The than or equal to", and the meaning of less-equal is "less than or equal to". The range is len <= greater-equal <= less-equal <= 32. When only greater-equal is used, it denotes the prefix range [greater-equal, 32].
  • Page 566 OMMANDS deny: Specifies the match mode of the defined Route-policy node as deny mode. When a route satisfy all if-match sub-statements of this node and fails to pass the filtration, it will not tested by the next node. node: Node of the route policy.

  • Page 567: Router Route-Limit

    Use the router route-limit command to set the maximum number of route entries supported by the current system. If the maximum number of route entries supported by a card is less than this number, the system will inhibit the card from working.
  • Page 568 Use the router VRF-limit command to set the maximum number of VPN routing and forwarding instances (VRFs) supported by current system. If the number of VRFs supported by a card is less than this number, the system will inhibit the card from working. This number is 256 by default.

  • Page 569: Route-Rely

    View System view Parameter bgp: Specifies routes learned by the BGP as the type of routes to be controlled. static: Specifies static routes as the type of routes to be controlled. Description Use the route-rely command to enable recursive routing.
  • Page 570 30: R HAPTER ECURSIVE OUTING ONFIGURATION...

  • Page 571: Debugging Mpm

    Commands debugging mpm Syntax debugging mpm { abnormal | all | event | forward | groups | packets | timer } undo debugging mpm { abnormal | all | event | forward | groups | packets | timer } View...

  • Page 572: Display Igmp-Snooping Group

    The information above tells us that: IGMP Snooping is enabled; the router port aging time is set to be 105 seconds; the max response time of a query is set to be 1 seconds; the aging time of a multicast group member is set to be 260 seconds.

  • Page 573: Display Igmp-Snooping Statistics

    IGMP Snooping Configuration Commands IP multicast group address, member ports in the IP multicast group, MAC multicast group, MAC multicast group address, and the member ports in the MAC multicast group. Example # Display the multicast group information about VLAN2.

  • Page 574: Igmp-Snooping

    IGMP Snooping in VLAN view. Otherwise the IGMP Snooping function will not take effect. If the VLAN VPN is enabled on a port, the IGMP Snooping feature cannot be ■ enabled on the VLAN for the port or the IGMP feature cannot be enabled on the corresponding VLAN interface.

  • Page 575: Igmp-Snooping Fast-Leave

    System view, Ethernet port view Parameter vlan { vlan-id [ to vlan-id ] }&<1-10>: Specifies any VLAN or VLAN scope for port you want to enable/disable the IGMP Snooping fast leave feature on. The vlan-id argument ranges from 1 to 4094.
  • Page 576 ■ configuration takes effect only on primary aggregation ports. If you add an IGMP V1 host of the same multicast group to the port, the switch ■ does not remove the port when the port receives an IGMP Leave packet of the multicast group even you enable IGMP Snooping fast leave for the port.

  • Page 577: Igmp-Snooping Group-Policy

    <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] igmp-snooping fast-leave # Enable IGMP Snooping fast leave for all Ethernet ports except those in VLAN 5. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] igmp-snooping fast-leave [SW8800] undo igmp-snooping fast-leave vlan 5 # Disable IGMP Snooping fast leave in all VLANs.

  • Page 578: Igmp-Snooping Host-Aging-Time

    Use the undo igmp-snooping group-policy command to cancel the configuration. By default, no filtering rule is set in a VLAN. In this case, a host can join any multicast group. Example # Create ACL2001 and configure the flow rule for basic ACL, using the source IP address serves as the destination multicast address.

  • Page 579: Igmp-Snooping Max-Response-Time

    IGMP Snooping Configuration Commands This command is used to set the aging time of the multicast group member so that the refresh frequency can be controlled. When the group members change frequently, the aging time should be comparatively short, and vice versa.

  • Page 580: Igmp-Snooping Router-Aging-Time

    The port here refers to the Ethernet switch port connected to the multicast router. The Layer-2 Ethernet switch receives general query packets from the router via this port. The timer should be set to about 3.5 times of the general query period of the router.

  • Page 581: Multicast Static-Router-Port

    Multicast Static Routing Port Configuration Commands Example # Set the aging time of the IGMP Snooping router port to 500 seconds. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] igmp-snooping router-aging-time 500 reset igmp-snooping Syntax statistics reset igmp-snooping statistics...
  • Page 582 ONFIGURATION OMMANDS Parameter port-number: Port number of the port to be configured as a static routing port. Provide this argument in the format of interface-type interface-number, where the interface-type argument can only be Ethernet port type. vlan-id: ID of the VLAN where the port belongs to.

  • Page 583: Service-Type Multicast

    If you configure multicast VLAN, add the corresponding switch ports to the multicast VLAN and enable IGMP Snooping, users in different VLANs can share one multicast VLAN, and multicast flow can be transmitted in the multicast VLAN only, thus saving bandwidth. The completely isolated multicast VLAN and user VLAN can effectively ensure security.
  • Page 584 32: M VLAN C HAPTER ULTICAST ONFIGURATION OMMANDS...

  • Page 585: Broadcast-Suppression

    Maximum wire speed ratio of the broadcast traffic allowed on the port. The value range is 1 to 100, and the default value is 50. The smaller the ratio is, the smaller the broadcast traffic is allowed to pass.

  • Page 586: Debugging Multicast Forwarding

    33: M HAPTER ULTICAST OMMON ONFIGURATION OMMANDS No distinction is made between known multicast and unknown multicast for multicast suppression. Related command: multicast-suppression. Example # Set the broadcast suppression ratio to 40%. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 587: Debugging Multicast Status-Forwarding

    None Description Use the debugging multicast kernel-routing command to enable multicast kernel routing debugging functions. Use the undo debugging multicast kernel-routing command to disable the debugging functions. By default, the multicast kernel routing debugging is disabled. Example # Enable multicast kernel routing debugging functions.

  • Page 588: Display Mpm Group

    Use the display mpm forwarding-table command to view the port-carrying multicast forwarding table information. When a group address or a source address is specified, this command shows only the matched (S, G) entry; otherwise, this command shows all entries. Related command: display multicast forwarding-table Example # View the port-carrying multicast forwarding table information.
  • Page 589 Description Use the display mpm group command to display the information about the IP multicast groups or MAC multicast groups in a specified VLAN. If you do not specify the vlan-id argument, this command displays the information about multicast groups in all VLANs.

  • Page 590: Display Multicast Forwarding-Table

    Syntax forwarding-table display multicast forwarding-table [ group-address [ mask { mask | mask-length } ] | source-address [ mask { mask | mask-length } ] | incoming-interface{ interface-type interface-number | null NULL-interface- number | register} ] * View...

  • Page 591: Display Multicast Routing-Table

    2 matched entries display multicast Syntax routing-table display multicast routing-table [ group-address [ mask { mask | mask-length } ] | source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type vlan-interface | register } ]* View...
  • Page 592 VLAN interface number. register: Register interface of PIM-SM. Description Use the display multicast routing-table command to view the information of IP multicast routing table. CAUTION: You must use multicast routing-enable command in system view to enable IP multicast routing before you can view the multicast routing table information.

  • Page 593: Ip Managed-Multicast

    Multicast Common Configuration Commands Table 83 Description on the fields of the display multicast routing-table command Field Description Matched 3 entries 3 entries in total meeting the requirement ip managed-multicast Syntax ip managed-multicast undo ip managed-multicast View System view Parameter...

  • Page 594: Multicast

    &<1-9>: Multicast group IP address. &<1-9> implies that the preceding parameter can repeatedly input up to 9 times. mask-length: Mask length. The default value of this argument is to 32. If you do not specify this argument, this command specifies a specific multicast group instead of a network segment.

  • Page 595: Multicast Route-Limit

    [SW8800] multicast route-limit 800 # Limit multicast routing table capacity at 1000, here the default value of the multicast routing table capacity is 512, and interface I/O modules with slot 5 in the current system do not support the specification.

  • Page 596: Multicast Routing-Enable

    Maximum wire speed ratio of the multicast traffic allowed on the port. The value range is 1 to 100, and the default value is 50. The smaller the ratio is, the smaller the multicast traffic is allowed to pass.

  • Page 597: Reset Multicast Forwarding-Table

    Namely, once you have enabled broadcast suppression on some ports of a card, you cannot enable multicast suppression on the other ports of the card, and vice versa. Although the commands are based on ports, the mutual exclusion between these two commands is based on cards.

  • Page 598: Reset Multicast Routing-Table

    Use the reset multicast forwarding-table command to clear MFC forwarding entries or the statistic information of MFC forwarding entries. You can type in source address first and group address after in the command, as long as they both are valid addresses. The system prompts error information if you type in invalid addresses.
  • Page 599 Use the reset multicast routing-table command to clear route entries from the core multicast routing table, as well as MFC forwarding entries. You can type in source address first and group address after in the command, as long as they both are valid addresses. The system prompts error information if you type in invalid addresses.
  • Page 600 33: M HAPTER ULTICAST OMMON ONFIGURATION OMMANDS...

  • Page 601: Mac-Address Multicast

    Interface type and interface number. Refer to the Port Configuration part of the book. to: Defines a range of multicast MAC ports. Before to is the initial interface and after to is the terminal interface. Interfaces from the initial interface to the terminal interface form an interface list.

  • Page 602: Display Mac-Address Multicast Static

    The information includes multicast MAC address, VLAN ID, address status, port name, and aging time. If all ports in the configured static multicast MAC group are out of position (the corresponding module has been pulled out after configuration), the port name in the MAC information is displayed as N/A when you use this command.

  • Page 603: Reset Mac-Address Multicast

    View User view Parameter None Description Use the reset mac-address multicast command to delete all static multicast MAC groups. Related command: mac-address multicast Example # Delete all the static multicast MAC groups. <SW8800> reset mac-address multicast...
  • Page 604 34: S MAC A HAPTER TATIC ULTICAST DDRESS ONFIGURATION OMMAND...

  • Page 605: Debugging Igmp

    Commands debugging igmp Syntax debugging igmp { all | event | host | packet | timer } undo debugging igmp { all | event | host | packet | timer } View User view Parameter all: All the debugging information of IGMP.

  • Page 606: Display Igmp Interface

    Use the display igmp group command to view the member information of the IGMP multicast group. You can specify to show the information of a group or the member information of the multicast group on a VLAN interface. The information displayed contains the multicast groups which the downstream hosts join through IGMP or through command line.

  • Page 607: Igmp Enable

    IGMP leave packet from a host query timeout Query timeout for IGMP V1 Policy to accept IGMP reports Filter policy for the IGMP multicast group to control the accesses to the IP multicast group Querier for IGMP IGMP querier IGMP group limit Quantity limit of IGMP groups added to the interface.

  • Page 608: Igmp Fast-Leave

    You can optionally specify multiple vlan keywords for the igmp fast-leave command, through which you can enable IGMP fast leave in corresponding VLANs. If you do not specify the vlan keyword, IGMP fast leave is enabled in all VLANs. As mentioned earlier, the igmp fast-leave command can be executed in both system view and Ethernet port view.
  • Page 609 Fast leaves that are configured in system view and Ethernet port view operate ■ separately. Fast leave works on all ports of the specified VLANs if you configure it in system ■ view. However, it only works on the current port (e.g., when a Trunk port belong to multiple VLANs) in the specified VLANs if you configure it in Ethernet port view.

  • Page 610: Igmp Group-Limit

    Quantity of multicast groups, in the range of 0 to 512. Description Use the igmp group-limit command to limit multicast groups to be added on an interface. After the limit is reached, the router does not process IGMP join messages.

  • Page 611: Igmp Host-Join Port

    ACL rule for each VLAN, and the new configured rule will replace the old one. Use the undo igmp group-policy command to cancel the configuration. By default, no filtering rule is set in a VLAN. In this case, a host can join any multicast group. Example # Create ACL2001 and configure the flow rule for basic ACL, using the source IP address serves as the destination multicast address.

  • Page 612: Igmp Host-Join Vlan

    Address of the multicast group to be joined. vlan-id: VLAN where the port belongs to. Description Use the igmp host-join vlan command to make an Ethernet join a multicast group. Use the undo igmp host-join vlan command to cancel the configuration.

  • Page 613: Igmp Max-Response-Time

    This command is valid only when the query router runs IGMP v2. If the host runs IGMP v1 , it does not send an IGMP Leave message when it leaves a group, so this command is invalid for the IGMP query router.

  • Page 614: Igmp Robust-Count

    35: IGMP C HAPTER ONFIGURATION OMMANDS Example # Set the maximum response time carried in host-query message to 8 seconds. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800]interface vlan-interface 10 [3Com-Vlan-interface10] igmp max-response-time 8 igmp-report enhance Syntax...

  • Page 615: Igmp Timer Other-Querier-Present

    Interface view Parameter seconds: IGMP querier present timer value in second ranging from 1 to 131070. By default, the value is twice the value of IGMP query message interval, i.e., 120 seconds. Description Use the igmp timer other-querier-present command to configure the timer of presence of the IGMP querier.

  • Page 616: Igmp Timer Query

    1 to 65535. By default, the value is 60 seconds. Description Use the igmp timer query command to configure the interval at which a router interface sends IGMP query messages. Use the undo igmp timer query command to restore the default value.

  • Page 617: Reset Igmp Group

    IGMP Configuration Commands Description Use the igmp version command to specify the version of IGMP that a router uses. Use the undo igmp version command to restore the default value. The system does not automatic switching between different IGMP versions.

  • Page 618: Igmp Proxy

    A VLAN interface cannot be the IGMP proxy interface for two or more other ■ VLAN interfaces simultaneously. Example # Enable IGMP proxy for the interface of VLAN 100 and specify the interface of VLAN 200 to be its IGMP proxy interface. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 619: Bsr-Policy

    RPF checks can be used to stop this type of attacks. If a router in the network is manipulated by an attacker, or an illegal router is ■ accessed into the network, the attacker may set itself as C-BSR and try to win the contention and gain authority to advertise RP information among the network.

  • Page 620: C-Bsr

    Length of the mask. The value ranges from 0 to 32. priority: Priority of the candidate BSR. The larger the value of the priority, the higher the priority of the BSR. The value ranges from 0 to 255. By default, the priority is 0.

  • Page 621: C-Rp

    Related command: c-bsr. Example # Configure the switch to advertise itself as a C-RP in the PIM domain to BSR. The standard access list 2000 defines the groups related to the RP. The address of C-RP is designated as the IP address of VLAN-interface10.

  • Page 622: Crp-Policy

    3999. Description Use the crp-policy command to limit the range of legal C-RP, as well as target service group range of each C-RP, and prevent C-RP proofing. Use the undo crp-policy command to restore the default setting, that is, no range limit is set and all received messages are taken as legal.

  • Page 623: Debugging Pim Common

    Syntax debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert | graft | graft-ack | join | prune } } undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } {...

  • Page 624: Debugging Pim Sm

    { all | mbr { alert | fresh } | verbose | mrt | msdp | timer { assert | bsr | crpadv | jp | jpdelay | mrt | probe | spt } | warning | { recv | send }...

  • Page 625: Display Pim Bsr-Info

    PIM Configuration Commands send: Debugging information of PIM-SM sending packets. assert | bootstrap | crpadv | jp | reg | regstop: Packets type. Description Use the debugging pim sm command to enable PIM-SM debugging functions. Use the undo debugging pim sm command to disable the debugging functions.

  • Page 626: Display Pim Interface

    Use the display pim interface command to view the PIM interface configuration information. If no interface type or interface number is specified, this command displays the PIM configurations on all interfaces. If the interface type and interface number are specified, only the PIM configuration on the specified interface is displayed.

  • Page 627: Display Pim Routing-Table

    [ { { *g [ group-address [ mask { mask-length | mask } ] ] | **rp [ rp-address [ mask { mask-length | mask } ] ] } | { group-address [ mask { mask-length | mask } ] | source-address [ mask { mask-length | mask } ] } * } |...

  • Page 628: Display Pim Rp-Info

    Specifies the multicast routing protocol as PIM-SM. Description Use the display pim routing-table command to view the contents of the PIM multicast routing table. The displayed information of the PIM multicast routing table includes the SPT and RPF information.
  • Page 629 None Description Use the pim command to enter the PIM view and configure the PIM global parameters. Note that the command does not enable the PIM protocol. Use the undo pim command to return to system view, clear the PIM global...

  • Page 630: Pim Bsr-Boundary

    Use the undo pim bsr-boundary command to remove the border. By default, no domain border is set. You can use this command to set border of bootstrap messages, that is to say, bootstrap messages cannot pass interfaces that are configured with pim bsr-boundary command while other PIM messages can.

  • Page 631: Pim Neighbor-Limit

    View Interface view Parameter limit: Limits of PIM neighbors on the interface, in the range of 0~128. Description Use the pim neighbor-limit command to limit the PIM neighbors on an interface. No neighbor can be added any more when the limit is reached.

  • Page 632: Pim Neighbor-Policy

    Use the undo pim neighbor-policy command to remove the setting. Only the routers that match the filtering rule in the ACL can serve as a PIM neighbor of the current interface. The new configuration overwrites the old one if you run the command for a second time.

  • Page 633: Pim Timer Hello

    View Interface view Parameter seconds: Time interval for a port to send Hello packets, in the range of 1 to 18,000 (in seconds). By default, the time interval is 30 seconds. Description Use the pim timer hello command to configure the time interval for a port to send Hello packets.

  • Page 634: Register-Policy

    Use the undo register-policy command to remove the configured message filtering. Example # If the local device is the RP in the network, using the following command can only accept multicast message register of the source sending multicast address in the range of 225.1.0.0/16 on network segment 10.10.0.0/16.

  • Page 635: Reset Pim Routing-Table

    Use the reset pim routing-table command to clear a PIM route entry. You can type in source address first and group address after in the command, as long as they are valid. Error information will be given if you type in invalid addresses.

  • Page 636: Source-Policy

    HAPTER ONFIGURATION OMMANDS must be 224.0.0.0, and source address has no mask), then it means only the (*, *, RP) item will be cleared. If in this command, the group-address is any a group address, and source-address is 0 (where group address can have a mask, and source address has no mask), then only the (*, G) item will be cleared.

  • Page 637: Static-Rp

    Basic ACL, used to control the range of multicast group served by static RP, which ranges from 2000 to 2999. If an ACL is not specified upon configuration, static RP will serve all multicast groups; if an ACL is specified, static RP will only serve the multicast group passing the ACL.
  • Page 638 System View: return to User View with Ctrl+Z. [SW8800] multicast routing-enable [SW8800] pim [3Com-pim] static-rp 10.110.0.6 # Remove the static RP with the IP address of 10.110.0.6. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] multicast routing-enable [SW8800] pim [3Com-pim] undo static-rp 10.110.0.6...

  • Page 639: Cache-Sa-Enable

    By default, the router caches the SA state, i.e., (S, G) entry after it receives SA messages. If the router is in cache state, it will not send SA request message to the specified MSDP peer when it receives a new group join message.

  • Page 640: Display Msdp Brief

    View Any view Parameter None Description Use the display msdp brief command to view the state of MSDP peer. Example # Display the state of MSDP peer. <SW8800> display msdp brief MSDP Peer Brief Information Peer’s Address...

  • Page 641: Display Msdp Sa-Cache

    Group address of (S, G) entry. source-address: Source address of (S, G) entry. With no source address specified, all the source information of the specified group will be displayed. If neither group address nor source address is determined, all SA caches will be displayed.

  • Page 642: Display Msdp Sa-Count

    OMMANDS autonomous-system-number: Autonomous system number. Displays (S, G) entries from specified autonomous system. Description Use the display msdp sa-cache command to view (S, G) state learnt from MSDP peer. Only cache-sa-enable command is configured, can cache state be displayed. Example # Display the (S, G) state learned from MSDP peer.

  • Page 643: Import-Source

    MSDP originates an SA message. Use the undo import-source command to remove the configuration. By default, all the (S, G) entries in the domain are advertised by the SA message. Besides controlling SA messages creation, you can filter the forwarded SA messages by the commands peer sa-policy import and peer sa-policy export.

  • Page 644: Msdp-Tracert

    Multicast source address. group-address: Multicast group address. rp-address: IP address of RP. max-hops: The maximum number of hops that are traced, ranging from 1 to 255. By default, the value is 16. next-hop-info: Specifies flag bit for collecting the next hop information.

  • Page 645: Originating-Rp

    (S, G, RP) entry existing in SA cache of the local router. But the RP is different from the RP specified in the request message. RP-bit: 1 The local router is an RP, but it is not necessarily the source RP in (S, G, RP) entry. NC-bit: 0 The local router enables SA cache.

  • Page 646: Peer

    Use the peer command to configure an MSDP peer. Use the undo peer command to remove the MSDP peer configured. If the local router is also in BGP peer relation with a MSDP peer, the MSDP peer and the BGP peer should use the same IP address.

  • Page 647: Peer Mesh-Group

    MSDP Configuration Commands Example # Configure the router using IP address 125.10.7.6 as an MSDP peer of the local router. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] msdp [3Com-msdp] peer 125.10.7.6 connect-interface Vlan-interface 10 peer description...

  • Page 648: Peer Minimum-Ttl

    Related command: peer. Example # Configure the TTL threshold value to 10, i.e., only those multicast data packets with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer 110.10.10.1. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 649: Peer Request-Sa-Enable

    Use the undo peer request-sa-enable command to remove the configuration. By default, when receiving a new group join message, the router sends no SA request messages to MSDP peers but waits to receive the next SA message. Related command: cache-sa-enable.

  • Page 650: Peer Sa-Policy

    Related command: display msdp, sa-count, display msdp peer-status, display msdp brief. Example # Limit the number of caches originated to 100 when the router receives SA messages from the MSDP peer 125.10.7.6. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 651: Peer Sa-Request-Policy

    By default, the router receives all SA request messages from the MSDP peer. If no ACL is specified, all SA requests will be ignored. If ACL is specified, only those SA request messages from the groups permitted by the ACL will be processed and all the others will be ignored.

  • Page 652: Reset Msdp Sa-Cache

    User view Parameter group-address: Address of the group, (S, G) entries matching this address are cleared from the SA cache. If no multicast group address is specified, all SA cache entries will be cleared. Description Use the reset msdp sa-cache command to clear SMDP SA cache entries.

  • Page 653: Static-Rpf-Peer

    MSDP Configuration Commands Description Use the reset msdp statistics command to clear statistics of one or more MSDP peers without resetting the MSDP peer. Example # Clear the statistics of the MSDP peer 25.10.7.6. <SW8800> reset msdp statistics 125.10.7.6 shutdown...

  • Page 654: Timer Retry

    37: MSDP C HAPTER ONFIGURATION OMMANDS which passes filtering. If no filter policy is configured, the router will still accept all SA messages from the static RPF peer. Description Use the static-rpf-peer command to configure static RPF peer. Use the undo static-rpf-peer command to remove the static RPF peer.
  • Page 655 Related Example command: # Configure the connection request re-try period to 60 seconds. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] msdp [3Com-msdp] timer retry 60...
  • Page 656 37: MSDP C HAPTER ONFIGURATION OMMANDS...

  • Page 657: Aggregate

    Advertises the aggregated routes rather than the specific routes. origin-policy route-policy-name: Filters the originate routes of the aggregate. suppress-policy route-policy-name: Does not advertise the specific routes selected. Description Use the aggregate command to create a multicast aggregated record in the BGP routing table.

  • Page 658: Debugging Bgp Mp-Update

    Use the aggregate command without parameters to create one local aggregated route and set atomic aggregation attributes. Example # Create an aggregation entry in the MBGP routing table, with aggregated route address as 192.213.0.0. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 659: Default Local-Preference

    View IPv4 multicast sub-address family view Parameter value: Default local precedence you configured, in the range of 0 to 4294967295. By default, it is 100. The greatest value corresponds to the highest precedence level. Description Use the default local-preference command to configure the default local precedence.

  • Page 660: Default Med

    MED is exchanged, between ASs, and one it enters an AS, it does not leave the AS. MED attribute is used in best route selection. When a router running BGP travels through different external peers and get the routes with identical destination, but different next-hop addresses, it selects these routes according to their MED values.

  • Page 661: Display Bgp Multicast Network

    Parameter peer-address: Peer address, in dotted decimal format. verbose: Displays detailed information. Description Use the display bgp multicast peer command to view the MBGP peer information. Example # View the MBGP peer detailed information. <SW8800> display bgp multicast peer verbose...

  • Page 662: Display Bgp Multicast Routing-Table As-Path-Acl

    HAPTER ULTICAST XTENSION ONFIGURATION OMMANDS Parameter ip-address: IP address of the network segment whose MBGP routing information with specified IP address. Description Use the display bgp multicast routing-table command to view MBGP routing information. Example # Display MBGP routing information of network segment 14.1.0.0.

  • Page 663: Display Bgp Multicast Routing-Table Community

    Does not send matched routes outside the local autonomous system. no-advertise: Does not advertise matched routes to any peer. no-export: Does not advertise routes outside the local autonomous system but advertise routes to other sub-autonomous systems. whole-match: Exact match.

  • Page 664: Display Bgp Multicast Routing-Table Different-Origin-As

    Mask of the destination network. statistic: Statistic information of the route. Description Use the display bgp multicast routing-table peer command to view the routes received/advertised at/to the specified peer. Example # Display routing information advertised to the peer 10.10.1.11.

  • Page 665: Filter-Policy Export

    Description Use the filter-policy export command to set to filter the advertised routes. Only those pass through the filter can be advertised by BGP. Use the undo filter-policy export command to cancel route filtering.

  • Page 666: Filter-Policy Import

    1 to 19. gateway ip-prefix-name: Specifies IP prefix of the neighbor router, in the range of 1 to 19, to filter the routing information advertised by a specified neighbor router. Description Use the filter-policy gateway import command to set to filter the routes advertised by a specified neighbor router.

  • Page 667: Ipv4-Family Multicast

    Use the ipv4-family multicast command to enter the IPv4 multicast sub-address family view. Use the undo ipv4-family multicast command to exit the IPv4 multicast sub-address family view, return to the unicast view and remove all the information in multicast. Example...

  • Page 668: Network

    Mask of the network address. route-policy policy-name: Route-policy applied to the routes advertised. Description Use the network command to configure the network addresses to be sent by the local MBGP. Use the undo network command to remove the configuration.

  • Page 669: Peer Allow-As-Loop

    Parameter group-name: Name of the peer group. peer-address: IP address of the peer. number: Repetition number of local AS IDs, in the range of 1 to 10. By default ,the repetition number is 3. Description Use the peer allow-as-loop command to specify repetition number of local AS IDs.

  • Page 670: Peer As-Path-Acl Import

    Related command: peer as-path-acl import, ip as-path-acl (refer to the "Routing Protocol" part). Example # Configure the peer group test to use AS path list 2 to filter the advertised routes. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 671: Peer Enable

    Related command: peer as-path-acl export, ip as-path-acl (refer to the "Routing Protocol" part). Example # Set the AS path ACL of the peer group test to filter BGP received routes. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 672: Peer Filter-Policy Import

    Parameter group-name: Name of the peer group. acl-number: Number of IP ACL ranging from 2000 to 3999. That is, you can use basic ACLs or advanced ACLs. export: Applies the filter policy to the advertised routes. This keyword is only valid for the peer groups.

  • Page 673: Peer Group

    Use the peer group command to add a peer into a peer group. Use the undo peer group command to delete the peer. CAUTION: You must first add the specific peer in the peer group in BGP view and enable the peer group in the IPv4 multicast sub-address family view before you can issue this command.

  • Page 674: Peer Ip-Prefix Export

    The peer ip-prefix export command can only be configured on the peer groups. Related command: ip ip-prefix, peer ip-prefix import. Example # Configure the route filtering policy of the peer group1 based on the ip-prefix list1. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 675: Peer Next-Hop-Local

    Description Use the peer next-hop-local command to remove the processing of the next hop in routes which BGP will advertise to the peer group and set the local address as the next hop. Use the undo peer next-hop-local command to cancel the configuration.

  • Page 676: Peer Public-As-Only

    Name of the peer group. Description Use the peer public-as-only command to set to contain only public AS IDs in the MBGP Update message, but not private AS IDs. Use the undo peer public-as-only command to restore the default setting, the router contains only private AS IDs in the MBGP Update message.

  • Page 677: Peer Route-Policy Export

    MBGP Multicast Extension Configuration Commands Description Use the peer reflect-client command to configure a peer (group) as a client of the route reflector. Use the undo peer reflect-client command to remove the configuration. By default, there is no route reflector in the autonomous system.

  • Page 678: Preference

    IPv4 multicast sub-address family view Parameter ebgp-value: EBGP route priority, in the range of 1 to 256. By default, it is 256. ibgp-value: IBGP route priority, in the range of 1 to 256. By default, it is 256. local-value: Local route priority, in the range of 1 to 256. By default, it is 130.

  • Page 679: Refresh Bgp Multicast

    Use the undo reflect between-clients command to disable route reflection between clients. When configured, the route reflector can reflect routes of a client to other clients. By default, all-connection is not required for the clients with route reflectors configured, since the routes are by default reflected from one client to others. For all-connection clients, route reflection is unnecessary.

  • Page 680: Reflector Cluster-Id

    By default, each route reflector uses its own route ID as cluster ID. In general, one cluster has only one route reflector, and then the router ID for the route reflector can be used to identify the cluster. If a cluster has several route reflectors, for multiple route reflectors can improve network stability, then you can use this command to specify the same cluster ID for them all.

  • Page 681: Summary

    Use the undo summary command to remove the configuration. By default, subnet routes cannot be aggregated automatically. After the summary command is executed, MBGP cannot receive the subnet routes imported by IGP. You can use this command to reduce route selection information. Example # Enable subnet route auto-aggregation.
  • Page 682 38: MBGP M HAPTER ULTICAST XTENSION ONFIGURATION OMMANDS...

  • Page 683: Debugging Mpls Lspm

    Syntax debugging mpls lspm { agent | all | event | ftn | interface | packet | policy | process | vpn } undo debugging mpls lspm { agent | all | event | ftn | interface | packet |...

  • Page 684: Display Mpls Interface

    HAPTER ASIC ONFIGURATION OMMANDS This command is used to the debug MPLS LSPM. As running the debugging will affect the performance of the 3Com Switch 8800 Family Series Routing Switches, you are recommended to use the command with caution. Example # Enable all MPLS VPN debugging.

  • Page 685: Display Mpls Static-Lsp

    Displays the matching string including the specified information . verbose: Displays detailed information. Description Use the display mpls static-lsp command to view the information of one static LSP or all. Related command: display mpls interface, display mpls lsp and display mpls statistics.

  • Page 686: Display Mpls Statistics

    Vlan2000 TOTAL: 1 Record(s) Found. display mpls statistics Syntax display mpls statistics { interface { Vlan-interface | all } | lsp { lsp-Index | all | lsp-name }} View Any view Parameter interface { Vlan-interface | all }: Specifies one interface or all interfaces.

  • Page 687: Mpls

    By default, all kinds of routing protocols are filtered out. If no route-triggered policy is configured, LSPs can be triggered at all host routes with 32-bit masks. If you import an IP-prefix rule without contents, LSPs can be triggered at all routes. Related command: ip ip-prefix. Example # Triggers LSPs at all routes.

  • Page 688: Mpls Lsr-Id

    By default, no LSR has an ID. You must configure the mpls lsr-id command first and then you can use the other MPLS-related commands. An LSR ID is in the format of IP address, thus a loopback address is recommended. Related command: display mpls interface. Example # Set the LSR ID to 202.17.41.246.

  • Page 689: Snmp-Agent Trap Enable Lsp

    MPLS Basic Configuration Commands Parameter None Description Use the snmp-agent trap enable ldp command to enable Trap function in MPLS LDP creation. Use the undo snmp-agent trap enable ldp command to disable Trap function in MPLS LDP creation. By default, Trap function is not enabled during MPLS LDP creation.

  • Page 690: Static-Lsp Ingress

    1023. Description Use the static-lsp egress command to configure a static LSP for an egress LSR. Use the undo static-lsp egress command to delete an LSP for an egress LSR. Related command: static-lsp ingress, static-lsp transit and debugging mpls.

  • Page 691: Static-Lsp Transit

    Use the undo static-lsp transit command to delete an LSP for a transit LSR. Related command: static-lsp egress and static-lsp ingress. Example # Configure a static LSP for the VLAN201 interface on a transit LSR, with an inbound label of 123 and an outbound label of 253. <SW8800> system-view...

  • Page 692: Debugging Mpls Ldp

    Syntax debugging mpls ldp { all | main | advertisement | session | pdu | notification | remote | filter } [ interface interface-type interface-number ] undo debugging mpls ldp { all | main | advertisement | session | pdu |...

  • Page 693: Display Mpls Ldp Buffer-Info

    LDP Configuration Commands Description Use the display mpls ldp command to display LDP and LSR information. By default, it displays information of LDP and LSR. Related command: mpls ldp, mpls ldp hops-count, mpls ldp loop-detection and mpls ldp path-vectors. Example # Display LDP and LSR information.

  • Page 694: Display Mpls Ldp Interface

    ----------------------------------------------------------------- Buffer no error. display mpls ldp Syntax interface display mpls ldp interface [ | begin text | exclude text | include text ] View Any view Parameter |: Displays matched outputs. begin: Displays the outputs matching the regular expression from the first line.

  • Page 695: Display Mpls Ldp Lsp

    Configured KeepAlive hold time:60, Configured Hello hold time:15 Negotiated Hello hold time:0 Hello packets sent/rcv:15296/0 display mpls ldp lsp Syntax display mpls ldp lsp [ | begin text | exclude text | include text ] View Any view Parameter |: Displays matched outputs.

  • Page 696: Display Mpls Ldp Peer

    ---- 23.23.23.3 Vlan23 display mpls ldp peer Syntax display mpls ldp peer [ | begin text | exclude text | include text ] View Any view Parameter |: Displays matched outputs. begin: Displays the outputs matching the regular expression from the first line.

  • Page 697: Display Mpls Ldp Remote

    Peer Distribution Method: Downstream Unsolicited Peer Type: Local Peer RowStatus: Active display mpls ldp remote Syntax display mpls ldp remote [ | begin text | exclude text | include text ] View Any view Parameter |: Displays matched outputs. begin: Displays the outputs matching the regular expression from the first line.

  • Page 698: Display Mpls Ldp Session

    Configured KeepAlive hold time:60, Configured Hello hold time:45 Negotiated Hello hold time:0 Hello packets sent/rcv:0/0 display mpls ldp session Syntax display mpls ldp session [ | begin text | exclude text | include text ] View Any view Parameter |: Displays matched outputs.

  • Page 699: Mpls Ldp

    Use the mpls ldp command to enable LDP. Use the undo mpls ldp command to disable LDP. By default, LDP is disabled. Before enabling LDP, you must enable MPLS and configure LSR ID first. Related command: mpls lsr-id. Example # Enable LDP.

  • Page 700: Mpls Ldp Hops-Count

    Use the mpls ldp disable command to disable LDP on a VLAN interface. By default, LDP is disabled on an interface. To enable an interface, you must enable LDP first. After LDP is enabled on an interface, peer discovery and session creation proceed.

  • Page 701: Mpls Ldp Label-Accept

    # Set the maximum hop count of loop detection to 22. <SW8800> system-view [SW8800] mpls ldp hops-count 22 # Set the maximum hop count of loop detection to its default value 32. [SW8800] undo mpls ldp hops-count mpls ldp loop-detect...

  • Page 702: Mpls Ldp Label-Advertise

    [SW8800] ip ip-prefix fec index 3 deny 1.1.1.3 32 [SW8800] ip ip-prefix fec index 100 permit 0.0.0.0 0 greater-equal 0 less-equal 32 # Then, configure a specific IP Prefix that will be used in the policy for filtering ingress label mapping. [SW8800] mpls ldp label-accept fec...

  • Page 703: Mpls Ldp Password

    4.1.1.1 32 [SW8800]ip ip-prefix peer2 index 2 permit 4.1.1.2 32 # Apply the configured IP Prefix of FEC address and the configured IP Prefix of the peer address in the filtering policy for outgoing label mapping advertisement. <SW8800> system-view [SW8800] mpls ldp label-advertise fec1 to peer1 # Configure to advertise the FEC message corresponding to FEC2 but not to create Ingress LSP.

  • Page 704: Mpls Ldp Path-Vectors

    Parameter pv-number: Maximum value of path vector, ranging from 1 to 32. Description Use the mpls ldp path-vectors command to set the maximum value of path vector. Use the undo mpls ldp path-vectors command to restore the default maximum value of path vector.

  • Page 705: Mpls Ldp Reset-Session

    After LDP is configured on an interface and LDP session is created, this command can be used to reset a specific session on the interface. You only need to specify the address of the peer corresponding to the session to be reset.
  • Page 706 6 to 65535 (seconds). By default it is 15 seconds. session-hold session-holdtime: Specifies the time interval for Session hold timer to send a session packet, in the range of 1 to 65535 (seconds). By default it is 60 seconds.

  • Page 707: Mpls Ldp Transport-Ip

    By default, an LSR ID is the address of some Loopback interface and the Remote peer can route to this address for a session. For a Local peer, the address of the local interface or the Router ID of LSR can be adopted as its transport address.

  • Page 708: Remote-Ip

    Use the remote-ip command to configure a Remote-IP address. The address should be the lsr-id of the remote LSR. As Remote Peers adopt LSR ID as their transport addresses, the last two Remote Peers use the lsr-id as their transport addresses for creating TCP connection.

  • Page 709: Aggregate

    Selects source route for aggregation. attribute-policy route-policy-name: Sets the attributes of an aggregated route. Description Use the aggregate command to create an aggregation entry in the BGP routing table of VPN instance. Use the undo aggregate command to disable this function.

  • Page 710: Apply Mpls-Label

    40: BGP/MPLS VPN C HAPTER ONFIGURATION OMMANDS The function of the keywords involved in the above commands is shown in the following table. Table 93 Keywords function Keyword Function as-set By setting this keyword, you can create an aggregated route whose AS path contains the information of all the aggregation routes.

  • Page 711: Debugging Bgp

    Syntax debugging bgp { all | event | normal | { keepalive | mp-update | open | packet | route-refresh | update } [ receive | send ] [ verbose ] } undo debugging bgp { all | event | normal | keepalive | mp-update | open |...

  • Page 712: Default Med

    Example # The routers RTA and RTB belong to AS100 and the router RTC belongs to AS200. RTC associates with RTA and RTB. Set the MED value of RTA 25. This makes the RTC prefer the route sent by RTB.

  • Page 713: Display Bgp Vpnv4

    Syntax display bgp vpnv4 { all | route-distinguisher rd-value | vpn-instance vpn-instance-name } { group [ group-name ] | network | peer [ [ peer-address ] verbose ] | routing-table [ options ] } View Any view Parameter all: Displays all the VPNv4 routings.

  • Page 714: Display Bgp Routing-Table Label

    BGP routing table. For an unlabelled common IPv4 route, the label in the displayed information is null. If you use the display bgp routing-table address [ mask ] command to view the BGP routing information, the label information will be displayed if the route has a label.

  • Page 715: Display Ip Vpn-Instance

    : 1563 In/Out label : 1024/- display ip routing-table Syntax vpn-instance display ip routing-table vpn-instance vpn-instance-name [ [ ip-address ] | [ verbose ] statistics ] View Any view Parameter vpn-instance-name: Name assigned to VPN-instance. ip-address: Displays information of the specified address statistics: Displays statistics of routes.

  • Page 716: Display Mpls L3Vpn-Lsp

    HAPTER ONFIGURATION OMMANDS Description Use the display ip vpn-instance command to view the information related to VPN-instance, such as RD, description, and interfaces of the VPN instance. Example # Display the information about VPN-instance VPN 1. <SW8800> display ip vpn-instance vpn1...
  • Page 717 I/O-LABEL Incoming/Outgoing label. VPN labels (labels advertised with VPNV4 routes) will be displayed in case of uni-hop EBGP cross-AS MPLS L3 VPN networking, and tunneling labels (labels advertised with unicast routes and labels advertised by LDP protocol) will be displayed in case of multi-hop EBGP cross-AS MPLS L3 VPN networking.

  • Page 718: Display Rip Vpn-Instance

    PE, their original OSPF attributes cannot be restored. As these BGP VPN IP routes are issued to CE as ASE LSA (type-5 LSA), OSPF cannot distinguish them from the routes imported from other route domains. In order to distinguish external routes...

  • Page 719: Filter-Policy Export

    Use the undo filter-policy export command to cancel the configuration. By default, the redistribute routing will not be filtered. Related command: filter-policy import. Example # Define that only the routes that can pass the filtering of ACL 3 can be received by BGP. [3Com-bgp-af-vpn-instance] filter-policy 3 export...

  • Page 720: Filter-Policy Import

    By default, no filtering is performed on the received information. Related command: filter-policy export. Example # Define a filtering rule for receiving routing information: Only the routing information matching the IP prefix ACL P1 can it be received by VPN. [3Com-bgp-af-vpn-instance] filter-policy ip-prefix p1 import group syntax...

  • Page 721: If-Match Mpls-Label

    LDP Configuration Commands Parameter group-name: Name of a neighbor peer group. It can be expressed in string of letters and numbers from 1 to 47 in length. internal: Creates an internal peer group. external: Creates an external peer group including other sub-AS groups in federation.
  • Page 722 With the above-mentioned configuration, if a route’s attribute value is 100:1 300:1, the route will pass the matching; if the route’s attribute value is 200:1 500:1, it will not pass the matching because 500:1 is not one of the attribute values that have been configured.

  • Page 723: Ip Binding Vpn-Instance

    { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip | static } [med value | route-policy route-policyname ] undo import-route { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip |...

  • Page 724: Ip Route-Static Vpn-Instance

    Destination address of a static route. mask: Subnet mask. mask-length: Length of the mask, ranging to 0 to 32. As it requires consecutive 1s in a 32-bit mask, the mask in dotted decimal notation can be substituted by mask-length (mask-length is represented by the number of consecutive 1s in the mask).

  • Page 725: Ip Vpn-Instance

    LDP Configuration Commands preference-value: Specifies preference value, ranging from 1 to 255, By default it is public: Configures a route as public network route. reject: Configures a route as unreachable. blackhole: Configures a route as blackhole. Description Use the ip route-static vpn-instance command to configure a static route by specifying an interface of a private network as an egress interface.

  • Page 726: Ipv4-Family

    Use the ipv4-family vpn-instance command to enter MBGP VPN-instance sub-address family view. Use the undo ipv4-family vpn-instance command to delete the association of a VPN-instance with MBGP address family, and return to BGP unicast view. Use the ipv4-family vpnv4 command to enter MBGP VPNv4 sub-address family view.

  • Page 727: Nesting-Vpn

    Use the undo nesting-vpn command to disable this function. By default, the nested VPN function is disabled. If VPNv4 route advertisement is needed for a CE connected to a PE, the nested VPN function must be enabled on the PE.

  • Page 728: Ospf

    OSPF process. If you want to enable multiple processes on a router, you are recommended to specify different Router IDs for different processes. To enable an OSPF process belonging to a public network without a Router ID, the following conditions should be satisfied: RM (Route Manage) is configured with a Router ID.
  • Page 729 VPN instance, the VPN instance should have an interface that is configured with an IP address. If you want to bind a process to a VPN instance, you must specify the VPN instance name. One VPN instance may include several processes. For example, for VPN1, you can configure the commands OSPF 1 VPN-instance VPN1, OSPF2 VPN-instance VPN1, and OSPF3 VPN-instance VPN1.

  • Page 730: Peer Advertise-Community

    View VPNv4 sub-address family view, VPN-instance sub-address family view Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. Description Use the peer advertise-community command to configure to transmit the community attributes to a specified peer group.

  • Page 731: Peer As-Number

    EBGP between PE and CE, PE carries its own AS number when advertising route information to CE. Accordingly, the updated route information will contain PE’s AS number when it is sent from CE. In this case, PE will not accept the route updates.

  • Page 732: Peer As-Path-Acl Export

    40: BGP/MPLS VPN C HAPTER ONFIGURATION OMMANDS Example # Set the opposite AS number of a specified peer (group) to 100. [3Com-bgp] ipv4-family vpn-instance test [3Com-bgp-af-vpn-instance] peer test as-number 100 peer as-path-acl export Syntax peer group-name as-path-acl acl-number export undo peer group-name as-path-acl acl-number export...

  • Page 733: Peer Connect-Interface

    The incoming filtering policy applied to peers takes precedence over the configuration to peer groups. Example # Configure the test peer group to filter the received routes with AS path ACL 3. [3Com-bgp] ipv4-family vpnv4 [3Com-bgp-af-vpn] peer test as-path-acl 3 import...

  • Page 734: Peer Default-Route-Advertise

    40: BGP/MPLS VPN C HAPTER ONFIGURATION OMMANDS Example # Allow the internal BGP session to use any operable interface for a TCP connection. [3Com-bgp] ipv4-family vpn-instance test [3Com-bgp-af-vpn-instance] peer 1.1.1.1 connect-interface loopback 0 peer Syntax default-route-advertise peer group-name default-route-advertise undo peer group-name default-route-advertise...

  • Page 735: Peer Description

    Use the undo peer default-route-advertise vpn-instance to restore the configuration. By default, a peer does not import a default route. This command does not require any default route in the routing table but transmits a default route whose next hop address is itself to the peer unconditionally.

  • Page 736: Peer Ebgp-Max-Hop

    By default, you can only make a connection with a direct accessing EBGP neighbor. Example # Enable the router to connect the EBGP peer group test that is attached to the network indirectly. [3Com-bgp] ipv4-family vpn-instance test [3Com-bgp-af-vpn-instance] peer test ebgp-max-hop...

  • Page 737: Peer Filter-Policy Export

    Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. acl-number: IP ACL number ranging from 2000 to 3999. That is, you can use basic ACL or advanced ACL. export: Uses the filtering policy for the advertised route and this policy is only effective for peer groups.

  • Page 738: Peer Group

    Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. peer-address: Peer IP address, in dotted decimal notation. acl-number: IP ACL number from 2000 to 3999, that is, you can use basic or advanced ACL. import: Performs the filtering policy on the received routes.

  • Page 739: Peer Ip-Prefix Export

    AS, the AS number is not needed. A peer must have been added in a group in BGP view before it can be added to another group in multicast sub-address family view or VPNv4 sub-address family view.

  • Page 740: Peer Label-Route-Capability

    The incoming filtering policy configured for peers take precedence over the configuration for peer groups. Related command: peer ip-prefix export. Example # Configure the peer group group1 to filter the received route with the IP prefix list 1. [3Com-bgp] ipv4-family vpnv4 [3Com-bgp-af-vpn] peer group1 ip-prefix list1 import...

  • Page 741: Peer Password

    Description Use the peer next-hop-local command to cancel the processing of the next hop in the routes that BGP advertises to a peer group and configure to use its own address as the next-hop. Use the undo peer next-hop-local command to cancel the existing setting.

  • Page 742: Peer Public-As-Only

    Password string. When you provide the cipher argument but input the password in plain text, or if you provide the simple argument, the password is one to 16 characters in length. When you provide the cipher argument and input the password in cipher text, the password must be 24 in length.

  • Page 743: Peer Reflect-Client

    Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. Description Use the peer reflect-client command to set a specified peer group to be a client of a router reflector. Use the undo peer reflect-client command to cancel this setting.

  • Page 744: Peer Route-Policy Import

    The peer route-policy export command is only used to configure peer groups. Related command: peer route-policy import. Example # Apply the routing policy test-policy to the outgoing routes of the peer group test. [3Com-bgp] ipv4-family vpnv4 [3Com-bgp-af-vpn] peer test route-policy test-policy export...

  • Page 745: Peer Route-Update-Interval

    Use the undo peer route-update-interval command to restore the default setting. By default, the Update interval is 5 seconds for IBGP peer group, and for EBGP it is 30 seconds. Example # Set the minimum interval for sending routing update packet to the BGP peer group group1 to be 10 seconds.

  • Page 746: Peer Upe

    180. Description Use the peer timer command to set the Keepalive interval and holdtime for peers. Use the undo peer timer command to restore the default setting. The timer set with the peer timer command enjoys higher precedence than the timer with the timer command.

  • Page 747: Peer Vpn-Instance Enable

    Name of the VPN instance the CE peer belongs to. group-name: Name of a peer group. Description Use the peer vpn-instance group command to join a CE neighbor into a BGP peer group. Use the undo peer vpn-instance group command to clear the CE neighbor from the BGP peer group.

  • Page 748: Peer Vpn-Instance Route-Policy Import

    The ingress routing policy configured for a peer takes precedence over the configuration for the peer group. Example # Configure the peer group ebgp to apply the routing policy named comtest to the ingress routes. [3Com-bgp-af-vpn] peer ebgp vpn-instance vrf1 route-policy comtest import...

  • Page 749: Port Trunk Mpls Vlan

    Use the undo port trunk mpls command to restore the default value of vlan-id. The default value is 0. By default, the range of MPLS/VPN VLANs is from 0 to 1023 and the range of vlan-id is from 1 to 3071. The command must be executed on a Trunk port.

  • Page 750: Preference

    ■ After you cancel the port vpn-range share-mode configuration, the label ■ range does not take effect if the VLAN configuration on the port exceeds 1K. In this case, you need to delete the labels manually. Example # Enable the range of MPLS/VPN VLAN vlan-id on Ethernet3/1/1 as 4K.

  • Page 751: Reflect Between-Clients

    LDP Configuration Commands Example # Set the preference of the preference of the routes learned from the EBGP peer to 2, the preference of the routes learned from the IBGP peer to 3 and the preference of the local routes to 4.

  • Page 752: Route-Distinguisher

    If an RD is associated with an autonomous system number (ASN), it is composed of the ASN and an arbitrary number; if the RD is associated with an IP address, it is a combination of the IP address and an arbitrary number.

  • Page 753: Route-Tag

    4294967295. By default, its first two bytes are fixed to 0xD000, while the last two bytes are the ASN of local BGP. For example, if the local BGP ASN is 100, then the default tag value in decimal is 3489661028. The value is an integer from 0 to 4294967295.

  • Page 754: Timer

    4000 to 4999. acl-name is a string beginning with English letters (a to z and A to Z) with no spaces or quotation marks between. rule rule: Optional, ACL matching statement, in the range of 0 to 127. All matching...

  • Page 755: Routing-Table Limit

    Description Use the traffic-redirect command to redirect the data flow at the port of the EX card to the port of the MX card and make the port on the EX card act as an MPLS VPN CE side interface.

  • Page 756: Sham-Link

    Destination address of a Sham-link, a Loopback interface address with a 32-bit mask. cost-value: Cost at Sham-link, in the range of 1 to 65535. By default, it is 1. password: Authentication in plain text on the interface, 8 characters at most. It must be consistent with the authentication of a Sham-link peer.
  • Page 757 LDP Configuration Commands key: Authentication on the interface. keyid is from 1 to 255 and key is a string up to 16 characters. It must be consistent with the authentication of a Sham-link peer. When the display current-configuration command is executed, the system displays the 24-character MD5 authentication in cipher text.

  • Page 758: Vlan Vpn-Range

    Syntax vlan vpn-range slot slot-number enable undo vlan vpn-range slot slot-number enable View System view Parameter slot-number: Slot number of interface card. Description Use the vlan vpn-range command to set the MPLS label range on the interface on the card.

  • Page 759: Vpn-Instance-Capability Simple

    After vpn-range is enabled on the card, the range of MPLS/VPN VLAN vlan-id that can be configured on the 12 interfaces on the card is 4K, but not the default value of 1K. Related command: port trunk mpls vlan.

  • Page 760: Vpn-Target

    Multi-VPN-Instance CE does not necessarily support BGP/OSPF interoperability. When an OSPF process is bound to a VPN instance, the default OSPF router is PE router. This command will remove the default setting and change a router into a Multi-VPN-Instance CE.
  • Page 761 VPN-target. VPN-target specifies a target VPN extended community. The same as RD, an extended community is either composed of an ASN and an arbitrary number, or composed of an IP address and an arbitrary number.
  • Page 762 40: BGP/MPLS VPN C HAPTER ONFIGURATION OMMANDS...
  • Page 763 CCC connection in the PE (provider edge). This argument is 1 to 20 characters in length. vlan-id: ID of the VLAN whose interface is used to establish the connection. It must be the ID of an existing VLAN.

  • Page 764: Debugging Mpls L2Vpn

    HAPTER ONFIGURATION OMMANDS Example # Create a remote CCC connection, with the name of clink, the transmitting LSP of tlsp, and the receiving LSP of rlsp. [SW8800] ccc clink interface vlan-interface 201 transmit-lsp tlsp receive-lsp rlsp # Create a local CCC connection, with the name of clink, and the interfaces connecting to the two CEs being the interfaces of VLAN 201 and VLAN 301 respectively.

  • Page 765: Static-Lsp Egress L2Vpn

    MPLS view Parameter lsp-name: Name of the label switching path (LSP). vlan-id: ID of the VLAN whose interface is to be used to create the LSP. in-label-value: Value of the in-label, ranging from 16 to 1,023. Description Use the static-lsp egress l2vpn command to create a static L2VPN LSP for the egress label switching router (LSR).

  • Page 766: Static-Lsp Transit L2Vpn

    CCC connection. Related command: static-lsp egress l2vpn, static-lsp transit, debugging mpls. Example # Create a static LSP with the destination IP address of 202.25.38.1 for the ingress LSR. [3Com-mpls] static-lsp ingress bj-sh l2vpn nexthop 1.1.1.1 out-label 100 static-lsp transit l2vpn...

  • Page 767: Display Mpls L2Vc

    Related command: static-lsp egress l2vpn, static-lsp ingress l2vpn. Example # Create a static L2VPN LSP for the interface of VLAN 201 on the midway transmitting LSR, with the in-label of 123 and the out-label of 253. [3Com-mpls] static-lsp transit bj-sh l2vpn incoming-interface vlan- interface 201 in-label 123 nexthop 202.34.114.7 out-label 253...

  • Page 768: Mpls L2Vc

    [ id id [ range range | default-offset offset ] undo ce name View MPLS L2VPN view Parameter name: Name of the CE, which must be unique in the current VPN of the PE. This argument is 1 to 20 characters in length.

  • Page 769: Connection

    Kompella MPLS L2VPN Configuration Commands id: CE ID, which is used to uniquely identify a CE in the VPN. This argument ranges from 0 to 499. offset: Specifies the default original CE offset. range: CE Range, the maximum number of CEs that can be connected to the CE.

  • Page 770: Display Bgp L2Vpn

    Syntax display mpls l2vpn [ vsi-name [ local-ce | remote-ce ] | connection [ vsi-name [ down | remote-ce | up | verbose ] | brief | interface Vlan-interface vlan-id ] | forwarding-info { vc-label | interface interface-type } ]...

  • Page 771: L2Vpn-Family

    Kompella MPLS L2VPN Configuration Commands Parameter vsi-name: Name of the VPN instance. local-ce: Displays the state and configuration of the local CE of a specified VPN instance. remote-ce: Displays the state and configuration of the remote CE of a specified VPN instance.

  • Page 772: Mpls L2Vpn

    View BGP view Parameter None Description Use the l2vpn-family command to create L2VPN address family view. Use the undo l2vpn-family command to remove L2VPN address family view. Example # Create L2VPN address family view. [SW8800] bgp 100 [3Com-bgp] l2vpn-family [3Com-bgp-af-l2vpn]...
  • Page 773 Description Use the mtu command to set the MTU for the Kompella MPLS L2VPN. The same MTU value must be configured for all the PE devices of the same VPN to make sure that the configuration is valid. Related command: mpls l2vpn encapsulation.

  • Page 774: Peer Enable

    IP address of a peer. This argument specifies a specific peer. Description Use the peer enable command to activate a specified peer or peer group in L2VPN address family view. Use the undo peer enable command to deactivate a specified peer or peer group in L2VPN address family view.

  • Page 775: Bandwidth

    Note that the rate actually supported ranges from 64 kbps to 2,097,152 kbps. If the rate you set is above 2,097,152 kbps, no rate limitation is performed, and the part of traffic that is under the VSI and exceeding this bandwidth restriction is discarded by the system.
  • Page 776 6 Interactive Voice 7 Network Control With this mapping table, the cos command specifies available classes of service from 1 to 8 and the CoS and the user priority specified combine to determine the COS of user data transmitted over PSN.

  • Page 777: Debugging Mpls L2Vpn

    VPLS Configuration Commands You can also customize the mapping relationship between user priority and PSN COS and directly specify the COS for user data transmitted over PSN for each of the user priorities 0 to 7 by configuring p-p-p-p-p-p-p-p. Example # Set the COS of VSI 3Com to 8.

  • Page 778: Display Mac-Address Vsi

    Displays only the number of VSI MAC forwarding entries. Description Use the display mac-address vsi command to display VSI MAC forwarding information.. You can display the MAC forwarding entries of either all VSIs or a specific VSI. Related command: vsi, mac-address static.

  • Page 779: Display Vpls Connection

    Vlan-interface10 AGING 1 mac address(es) found display vpls connection Syntax display vpls connection [ vsi vsi-name ] [ peer peer-ip ] [ up | down | block ] [ verbose | statistics ] View Any view Parameter vsi: Specifies a VSI.

  • Page 780: Display Vsi

    View Any view Parameter vsi-name: VSI name. Description Use the display vsi command to display the information of one specific or all VSIs. Related command: vsi. Example # Display the configuration of VSI 3Com. <SW8800> display vsi 3Com VPLS-Instance : 3Com...

  • Page 781: Encapsulation

    After label range redirection is configured, you can change the direction of VSI flow by changing the label range corresponding to the VSI, namely, redirect the new label range to the VPLS module for VSI flow processing so that the load on the VPLS module is shared.

  • Page 782: L2 Binding Vsi

    VLAN containing no port. Related command: vsi, peer. Example # Bind VSI 3Com to VLAN 100 in VLAN view. Enabled VLAN VPN on the port of the VLAN indicates the VSI can be accessed through Ethernet. <SW8800> system-view view [SW8800] interface GigabitEthernet3/1/4...

  • Page 783: Mac-Address

    Similarly, if you have enabled VLAN VPN feature for the port, you are prohibited from enabling IGMP Snooping or IGMP for the VLAN which the port belongs If you want to add the ports with VLAN VPN enabled to a VLAN, you cannot ■...

  • Page 784: Mac-Table Limit

    Description Use the mac-address command to configure a static MAC address for a VSI. The address you configured can be either a MAC address on a local VSI or a MAC address on a remote peer. Use the undo mac-address command to disable the configuration.

  • Page 785: Peer

    <SW8800> system-view view [SW8800] vsi 3Com static [3Com-vsi-3Com] mtu 1400 peer Syntax peer peer-ip [ vc-id vc-id ] [ upe | dual-npe ] [ encapsulation { ethernet | vlan } undo peer peer-ip [ vc-id vc-id ] View VSI-LDP View Parameter peer: Specifies the IP address of the peer PE of the VSI.
  • Page 786 By default, the peer type is NPE. When you specify UPE as the peer type, it indicates the peer is a user convergence node UPE in hierarchical VPLS architecture. You can also specify an ID for a VC to the peer, and the ID must be consistent with that of the remote. Multipoint-to-multipoint connections are needed among specified multiple remote peer NPEs, but not needed between UPEs and NPEs.

  • Page 787: Pwsignal

    Ðó 16K - 1. If no range-id is provided, by default, the label range corresponding to the rule is 128K ~ 256K - 1. Example # Create a rule of the Link ACL. The label range corresponding to the rule is 128K ~ 256K - 1. <SW8800> system-view...

  • Page 788: Reset Mac-Address Vsi

    Specifying LDP as the PW signaling protocol for the VSI takes you to the VSI-LDP view. By default, the VSI uses LDP as the PW signaling protocol. Example # Set LDP as the PW signaling protocol for VSI 3Com and enter the VSI-LDP view. <SW8800> system-view [SW8800] vsi 3com static [3Com-vsi-3com] pwsignal ldp...

  • Page 789: Undo Mac-Address Vsi

    Use the shutdown command to shut down the service of the VSI. When the service of the VSI is shut down, the system does not process any traffic for this VSI. Use the undo shutdown command to restore the service for the VSI.

  • Page 790: Vsi-Id

    VSI view. Description Use the vsi command to create a VSI or enter the VSI view. When you create an instance, you must specify the mechanism for discovering VSIs and the peers. At present, you can only configure the mechanism statically and manually and must specify the configuration mode explicitly.

  • Page 791: Debugging Vrrp

    Debugs VRRP packets. error: Debugs VRRP errors. Description Use the debugging vrrp command to enable the VRRP debugging. Use the undo debugging vrrp command to disable the VRRP debugging. By default, the VRRP debugging is disabled. Example # Enable VRRP state debugging.

  • Page 792: Display Vrrp Ifm

    If the interface name and virtual router ID are not specified, the state information about all the virtual routers on the switch will be displayed. If only the interface name is specified, the state information about all the virtual routers on the interface will be displayed.

  • Page 793: Display Vrrp Statistics

    If the interface name and virtual router ID are not specified, the statistics information about all the virtual routers on the switch will be displayed. If only the interface name is specified, the statistics information about all the virtual routers on the interface will be displayed.

  • Page 794: Display Vrrp Summary

    View Any view Parameter None Description Use the display vrrp summary command to view the VRRP summary information on the switch. Example # Display the VRRP summary information on the switch. <SW8800> display vrrp summary Run Method...

  • Page 795: Reset Vrrp Statistics

    If the interface name and virtual router ID are not specified, the statistics information about all the virtual routers on the switch will be cleared. If only the interface name is specified, the statistics information about all the virtual routers on the interface will be cleared.

  • Page 796: Vrrp Log-State

    VRRP virtual routers on an interface. As defined in the protocol, all the virtual routers on an interface shall use the same authentication type and key. And all the members joining the same virtual router shall also use the same authentication type and key.

  • Page 797: Vrrp Ping-Enable

    If you set correspondence between the IP address of the virtual router and the real MAC address, then you can configure only one virtual router on VLAN interface. Example # Set the real MAC address of the interface match the virtual IP address of the virtual router. [SW8800] vrrp method real-mac...

  • Page 798: Vrrp Un-Check Ttl

    Use the undo vrrp un-check ttl command to enable the check of TTL value of VRRP packet. The TTL value must be 225. If the Backup switch finds TTL is not 225 when receiving VRRP packet, the packet will be discarded.

  • Page 799: Vrrp Vrid Priority

    If a higher-priority switch is required to preempt the Master, you need to configure it as preemption. You can also set a delay for the preemption. If you configure it not to preempt, the delay will be set to 0 automatically.

  • Page 800: Vrrp Vrid Timer

    1 to 255; By default, the value is 1s. Description Use the vrrp vrid timer command to set the time interval for the Master in the virtual router to send VRRP packets. Use the undo vrrp vrid timer advertise command to restore the default value.

  • Page 801: Vrrp Vrid Virtual-Ip

    Virtual IP address. Description Use the vrrp vrid virtual-ip command to create a virtual router or add a virtual IP address to an existing virtual router. Use the undo vrrp vrid virtual-ip command to cancel an existing virtual router or an address from the virtual router.
  • Page 802 43: VRRP C HAPTER ONFIGURATION OMMANDS # Add a virtual IP address to an existing virtual router. [3Com-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11 # Delete a virtual IP address. [3Com-vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10 # Delete a virtual router.

  • Page 803: Debugging Ha

    HA Configuration Commands debugging ha Syntax debugging ha { all | event | message | state } undo debugging ha { all | event | message | state } View User view Parameter all: All HA debugging switches. event: HA batch backup or tamed event debugging switch.

  • Page 804: Display Xbar

    Use the display switchover state command to view the switchover state of master or slave fabric. This command is used to display the switchover state of the master or slave fabric according to the specified slot number. If slot-id is not specified, the status of the fabric will be displayed.

  • Page 805: Slave Restart

    None Description Use the slave restart command to restart slave fabric. When the slave system works abnormally, and needs to be reloaded, you can use this command to restart the slave fabric. Example # Implement the restart of the slave system.

  • Page 806: Slave Update Configuration

    ONFIGURATION OMMANDS ONFIGURATION using a command if he expects the slave fabric to operate in place of the master fabric. After the switchover, the slave fabric will control the system and the original master fabric will be forced to reset.
  • Page 807 HA Configuration Commands Example # Configure the system Xbar load mode. [SW8800] xbar load-balance...
  • Page 808 44: HA C _HA_C HAPTER ONFIGURATION OMMANDS ONFIGURATION...

  • Page 809: Arp Non-Flooding

    Description Use the arp non-flooding enable command to enable the feature that the ARP packets of a port are not broadcast in the VLAN where this port lies. Use the undo arp non-flooding command to disable this feature. By default, ARP request packets are broadcast in the VLAN where the port lies.

  • Page 810: Arp Static

    MAC address of the ARP mapping entry, whose format is H-H-H ( H indicates a hexadecimal number). vlan-id: VLAN to which the static ARP entry belongs, in the range of 1 to 4094. interface-type interface-number: The type and number of the port to which the static ARP entry belongs.
  • Page 811 Use the arp static command to configure the static ARP mapping entries in an ARP mapping table. Use the undo arp static command to delete a static ARP mapping entry from the ARP table. By default, the mapping table of the system ARP is empty and the switch can obtain its address mapping by means of dynamic ARP.

  • Page 812: Arp Static Multi-Port

    MAC address of the ARP mapping entry, in the format of H-H-H. For a multiple-outgoing-port ARP entry, this is a multicast MAC address. vlan-id: ID of the VLAN of the static ARP entry, in the range of 1 to 4094. interface-type: Port type.

  • Page 813: Arp Timer Aging

    ARP Configuration Commands You can add multiple ports one by one by setting the multicast static ARP entry. To view the configuration, use the display arp multi-port command. Related commands: reset arp, display arp, debugging arp, arp static. Example # In an ARP entry, the IP address is 10.10.10.98, and the MAC address is 0150-0098-0098.

  • Page 814: Debugging Arp Packet

    Source IP address of all the permitted ARP packets, expressed in dotted decimal format. It can be combined with other restrictive conditions at discretion. If it is set to all zeros, ARP packets of all source IP addresses are permitted by default.

  • Page 815: Display Arp

    # Disable the debugging output. <SW8800> undo debugging arp packet display arp Syntax display arp [ ip-address | [ dynamic | static ] [ | { begin | include | exclude } text View Any view Parameter dynamic: Displays the dynamic ARP entries in ARP mapping table.

  • Page 816: Display Arp Multi-Port

    Use the display arp multi-port command to display configuration information about multicast ARP. The multicast ARP (that is, multiple-port ARP) feature allows one ARP entry to correspond to multiple outgoing ports; it is used to send one packet to multiple ports simultaneously.

  • Page 817: Display Arp Proxy

    Ethernet6/1/7 Ethernet6/1/8 Ethernet6/1/9 Ethernet6/1/1 VPN-Name :Public-ARP When a "*" precedes a port, the port is in the Up state; otherwise, the port is in the Down state. display arp proxy Syntax display arp proxy [ vlan vlan-id ] View Any view Parameter vlan-id: Specifies the VLAN ID.

  • Page 818: Display Debugging Arp

    View Any view Parameter None Description Use the display debugging arp command to display the ARP packet debugging information. Example # Display the ARP packet debugging information. <SW8800> display debugging arp ARP packet debugging switch is on, Source IP Address is 8.8.8.1, Destination IP Address is 8.8.8.26, Source MAC Address is 000a-ebf2-51a8...

  • Page 819: Reset Arp

    System View: return to User View with Ctrl+Z. [SW8800] gratuitous-arp-learning enable reset arp Syntax reset arp [ dynamic | static | interface { interface-type interface-number } | all ] View User view Parameter dynamic: Clears the dynamic ARP mapping entries.
  • Page 820 45: ARP C HAPTER ONFIGURATION OMMANDS...

  • Page 821: Arp Max-Aggregation-Entry

    Slot number of the card. max-num: Maximum number of ARP entries that can be supported by the specified card. This argument counts in K (1K = 1024) and ranges from 4K to 8K. Description Use the arp max-entry command to configure the maximum number of ARP entries that can be supported by a specified card in the system.

  • Page 822: Arp Enable Size

    Use the undo arp max-aggregation-entry command to restore the default maximum number of aggregation ARP entries supported by each card. You can configure the maximum number of ARP entries to be 4K, 5K, 6K, 7K or 8K modules 3C17525, 3C1757, 3C17530, and 3C17531. For all other modules, the maximum number of ARP entries is 4K.

  • Page 823: Display Arp Max-Entry

    You must restart the system for each of the three configurations to take effect. ■ Do not remove a card or change the place of a card from one slot to another ■ before restarting the system. Otherwise, the configuration may fail to take effect.
  • Page 824 46: ARP T HAPTER ABLE ONFIGURATION OMMANDS ..... max arp entry config of slot 13: 8192...

  • Page 825: Dhcp Enable

    In VLAN interface view: dhcp select { global | interface | relay } undo dhcp select In system view: dhcp select { global | interface | relay } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }...

  • Page 826: Dhcp Server Detect

    Description Use the dhcp select command to specify a method used by the switch to process the DHCP packets it received. You can use this command in VLAN interface view to specify a processing method of DHCP packets for current VLAN interface, or in system view to specify a processing method for multiple VLAN interfaces.

  • Page 827: Debugging Dhcp Server

    Commands debugging dhcp server Syntax debugging dhcp server { all | error | event | packet } undo debugging dhcp server { all | error | event | packet } View User view Parameter all: Used to enable/disable all types of debugging for DHCP server.

  • Page 828: Dhcp Server Dns-List

    { ip-address | all } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } View VLAN interface view, system view Parameter ip-address: IP address of a DHCP server. You can specify up to eight IP addresses (separated by spaces) in one command.

  • Page 829: Dhcp Server Domain-Name

    Description Use the dhcp server dns-list command to configure one or more DNS server addresses for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s). Use the undo dhcp server dns-list command to remove one or more DNS server addresses configured for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).

  • Page 830: Dhcp Server Expired

    In system view: dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } undo dhcp server expired { interface vlan-interface vlan-id [ to...

  • Page 831: Dhcp Server Forbidden-Ip

    VLAN interface(s). The default lease time is one day. Related command: expired. Example # Set the IP address lease time of the DHCP address pool of VLAN interface 1 to unlimited. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 832: Dhcp Server Ip-Pool

    View System view Parameter pool-name: Name of the address pool, a string that is of 1 to 64 characters in length. An address pool name uniquely identifies an address pool. Description Use the dhcp server ip-pool command to create a global DHCP address pool and enter the corresponding DHCP address pool view.

  • Page 833: Dhcp Server Netbios-Type

    Description Use the dhcp server nbns-list command to configure one or more NetBIOS server IP addresses for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s). Use the undo dhcp server nbns-list command to remove one or all NetBIOS server IP addresses configured for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).

  • Page 834: Dhcp Server Option

    View VLAN interface view, system view Parameter b-node: Specifies b-node to be the NetBIOS node type. DHCP clients of this node type establish host name-to-IP address mapping by broadcasting. (b stands for broadcast.) p-node: Specifies p-node to be the NetBIOS node type. DHCP clients of this node type establish host name-to-IP address mapping by communicating with NetBIOS server.

  • Page 835: Dhcp Server Ping

    Example # Configure a custom DHCP option for the DHCP address pool of VLAN interface 1, with the code argument of 100 and the hex-string argument of 0x11 and 0x22. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 836: Dhcp Server Static-Bind

    30 seconds. When the ping command is used for collision detection, the host will fail to apply for IP addresses if the server’s time to wait for a response to a ping packet is longer than the host’s interval of sending discover packets. So you had better satisfy the condition that the server’s time to wait for a response to...

  • Page 837: Display Dhcp Server Conflict

    DHCP Server Configuration Commands Parameter ip-address: IP address to be bound statically. Note that the IP address must be a valid IP address in the address pool of the current VLAN interface. mac-address: MAC address for the IP address to be bound to.

  • Page 838: Display Dhcp Server Expired

    The IP address that causes the conflict Discover Time The time when the conflict is discovered display dhcp server Syntax expired display dhcp server expired { ip ip-address | pool [ pool-name ] | interface [ vlan-interface vlan-id ] | all } View Any view Parameter ip ip-address: Specifies an IP address.

  • Page 839: Display Dhcp Server Free-Ip

    IP Range from 5.5.5.2 5.5.5.255 display dhcp server Syntax ip-in-use display dhcp server ip-in-use { ip ip-address | pool [ pool-name ] | interface [ vlan-interface vlan-id ] | all } View Any view Parameter ip ip-address: Specifies an IP address.

  • Page 840: Display Dhcp Server Statistics

    Lease expiration Type 5.5.5.1 0050-ba28-930a Jun 5 2003 10:56: 7 AM Auto:COMMITED Table 107 Description on the fields of the display dhcp server ip-in-use command Fields Description Global pool The information followed is about bound IP addresses in global address pool(s)

  • Page 841: Display Dhcp Server Tree

    View Any view Parameter pool [ pool-name ]: Specifies a global address pool. If you do not specify a global address pool, all global address pools are included. interface [ vlan-interface vlan-id ]: Specifies the address pool of a VLAN interface.
  • Page 842 3.3.3.3 expired 1 0 0 option 58 hex 00 00 A8 C0 option 59 hex 00 00 00 3C Table 109 Description on the fields of the display dhcp server tree command Field Description Global pool The information followed is about global address pools...

  • Page 843: Dns-List

    Child node: Indicates the node to which the address pool named 6 corresponds is a child node of that of the address pool named 5. In this case, node 6 stands for a subnet of the network node 5 stands for Parent node: Indicates the node to which the address pool named 6 corresponds is the parent node of that of the address pool named 5.

  • Page 844: Domain-Name

    ONFIGURATION OMMANDS Related command: dhcp server dns-list, dhcp server ip-pool. Example # Configure a DNS server with an IP address of 1.1.1.254 for the global DHCP address pool 0. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] dhcp server ip-pool 0 [3Com-dhcp-0] dns-list 1.1.1.254...

  • Page 845: Gateway-List

    The default valid period is 1 day. Related command: dhcp server ip-pool, dhcp server expired. Example # Set the IP address lease time of the global DHCP address pool 0 to one day plus two hours and three minutes. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 846: Nbns-List

    { ip-address | all } View DHCP address pool view Parameter ip-address: IP address of a NetBIOS server. You can specify up to eight IP addresses (separated by spaces) in one command. all: Specifies all configured NetBIOS server IP addresses. Description Use the nbns-list command to configure one or more NetBIOS server addresses for a global DHCP address pool.

  • Page 847: Network

    View DHCP address pool view Parameter b-node: Specifies the NetBIOS node type of DHCP clients to be b-node (b stands for broadcast). Nodes of this type establish their host name-to-IP address mappings by broadcasting. p-node: Specifies the NetBIOS node type of DHCP clients to be p-node (p stands for peer-to-peer).

  • Page 848: Option

    47: DHCP C HAPTER ONFIGURATION OMMANDS mask-length: Length of the network mask of an IP address pool. It is an integer in the range of 0 to 32. Description Use the network command to configure an address range for dynamic IP address assignment.

  • Page 849: Reset Dhcp Server Conflict

    Related command: dhcp server ip-pool, dhcp server option. Example # Configure a custom option for the global DHCP address pool, with an option value of 100 and two hexadecimal numbers of 0x11 and 0x22. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 850: Reset Dhcp Server Statistics

    Specifies a global DHCP address pool. If you do not provide this argument, then all global DHCP address pools are included. vlan-id: Specifies a VLAN interface DHCP address pool. If you do not provide this argument, then all VLAN interface DHCP address pools are included.

  • Page 851: Static-Bind Mac-Address

    DHCP Server Configuration Commands mask netmask: Specifies the subnet mask of the IP address to be bound. If you do not provide the argument, the default subnet mask is used. Description Use the static-bind ip-address command to specify the IP address to be statically bound.

  • Page 852: Debugging Dhcp Relay

    ONFIGURATION OMMANDS Related command: dhcp server ip-pool and static-bind ip-address. Example # Bind the PC with a MAC address of 0000-e03f-0305 to 10.1.1.1, whose subnet mask is 255.255.255.0. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] dhcp server ip-pool 0 [3Com-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0...

  • Page 853: Dhcp Relay Security

    Before adding/removing a user address entry, you can check user address entries configured for the DHCP server using the display dhcprelay-security command. Example # Configure a user address entry for a DHCP server, with an IP address of 1.1.1.1 and a MAC address of 0005-5D02-F2B3. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 854: Dhcp Relay Security Address-Check

    Use the undo dhcp server detect command to disable fake DHCP server detecting. A private DHCP server in a network also answers IP address request packets and issues IP addresses to DHCP clients. However, the IP addresses they issued always bring addresses conflicts and cause users cannot access networks.

  • Page 855: Display Dhcp Relay Address

    VLAN number. interface vlan-interface: Specifies to display information about the DHCP servers configured for the VLAN interface. all: Specifies to display information about the DHCP servers configured for all VLAN interfaces. Description Use the display dhcp relay address command to display information about DHCP servers configured for a VLAN interface.

  • Page 856: Ip Relay Address

    IP Address User IP address MAC Address User MAC address IP Address Type Type of the user address entry, which can be static or dynamic ip relay address Syntax ip relay address ip-address undo ip relay address { ip-address | all }...

  • Page 857: Dhcp Relay Information Enable

    Related command: dhcp server relay information enable. Example # Enable Option 82 support on DHCP relay so that the relay on VLAN interface 1 adds Option 82 into the request packets from the DHCP clients before it sends these packets to a DHCP server.

  • Page 858: Dhcp Relay Information Format

    DHCP Relay option 82. The normal mode is adopted by default. Example # Configure the mode of the relay option 82 on VLAN interface 1 as 3Com fixed network mode. <SW8800> system-view System View: return to User View with Ctrl+Z...

  • Page 859: Dhcp Relay Information Format Verbose Node-Identifier

    VLAN interface view Parameter mac: Sets the bridge MAC as the node identifier of the Option 82 of a relay. sysname: Sets the system name as the node identifier of the Option 82 of a relay. user-defined string<1-50>: Sets the bridge-user-defined strings as the node identifier of the Option 82 of the relay.

  • Page 860: Dhcp Server Relay Information Enable

    HAPTER ONFIGURATION OMMANDS Example # Set the system name as the node identifier when the mode of the relay option 82 on VLAN interface 1 is 3Com fixed network mode. <SW8800> system-view System View: return to User View with Ctrl+Z...
  • Page 861 <SW8800> system-view System View: return to User View with Ctrl+Z [SW8800] dhcp server relay information enable # Disable the DHCP server from returning Option 82 carried in the request packets to the DHCP relay. [SW8800] undo dhcp server relay information enable...
  • Page 862 47: DHCP C HAPTER ONFIGURATION OMMANDS...
  • Page 863 View System view Parameter hostname: Name of the host. It is a character string that consists of 1 to 20 characters, including letters, numbers, "_" or ",", and it must contain at least one letter. ip-address: Host IP address (the corresponding IP address to the host name) in dotted decimal notation.

  • Page 864: Debugging Dns

    Any view Parameter None Description Use the display ip host command to view all the host names and the corresponding IP addresses. Example # Display all host names and the corresponding IP addresses of the hosts. <3Com< display ip host...

  • Page 865: Display Dns Domain

    The information above indicates that a correct answer packet is received from the server. query timeout The information above indicates that the query for a domain name from a server times out because no answer is received. display dns domain...

  • Page 866: Display Dns Server

    Ipaddress Corresponding IP name of the domain name RR-TTL(S) Time to live, that is, the time for an entry to be stored, in seconds. Alias Alias of the domain name. There can be four of them at the most. display dns server...

  • Page 867: Dns Domain

    Use the undo dns domain command to delete the domain name suffix. The system supports up to 10 domain name suffixes. To delete the domain name suffix, input the suffix name, and the specific suffix is deleted. Otherwise, all of the suffixes are deleted.

  • Page 868: Dns Server

    Use the dns server command to configure the IP address of a domain name server. Use the undo dns server command to delete the IP address of a domain name server. The system supports up to six domain name server. To delete the domain name server, input the IP address, and the specific server is deleted.
  • Page 869 Dynamic DNS Configuration Commands Description Use the reset dns dynamic-host command to clear the dynamic domain name buffer. Related command: display dns dynamic-host. Example # Clear the dynamic domain name buffer. <3Com< reset dns dynamic-host...
  • Page 870 48: DNS C HAPTER ONFIGURATION OMMANDS...

  • Page 871: Display Ip Netstream Cache

    /stream ---------------------------------------------------- TCP-other 382858 Total 382858 Table 116 Description on the fields of the display Netstream cache command Field Description Stream active timeout(minute) : 5 The current active aging time is 5 minutes Stream inactive timeout(second) : 60 The current inactive aging time is 60 seconds...

  • Page 872: Display Ip Netstream Export

    Stream source address Stream destination IP(UDP) : 192.168.1.2(9991) Exported stream number Exported UDP datagram number(failed number): 2(0) Table 117 Description on the fields of the display ip Netstream export command Field Description Version 5 export information Version 5 statistics export information...

  • Page 873: Enable

    Netstream Configuration Commands Table 117 Description on the fields of the display ip Netstream export command Field Description Stream destination IP(UDP) Destination address and destination port number of the export packet Exported stream number Number of exported streams Exported UDP datagram...

  • Page 874: Ip Netstream Aggregation

    Use the undo ip netstream enable command to disable the Netstream statistics function. The Netstream statistics function is disabled by default Example # Mirror the inbound packets of GigabitEthernet6/1/2 to the NMM module on slot 2, and enable the Netstream statistics function. <SW8800> system-view [SW8800] mirror-group 1 inbound GigabitEthernet6/1/2 mirror-to slot...

  • Page 875: Ip Netstream Export Host

    UDP port number of the destination host of Netstream statistics export packets. Description Use the ip netstream export host command to configure the destination host IP address and UDP port number of the Netstream statistics export packet.

  • Page 876: Ip Netstream Export Source

    You can configure different destination host IP addresses and port numbers in different aggregation modes. A packet can be sent to two different destination hosts at the same time. Example # Set the destination IP address and UDP port number of the Netstream statistics export packet to 192.168.1.2 and 9991 respectively.

  • Page 877: Ip Netstream Export Version

    Use the undo ip netstream export version command to restore the default setting. By default, the AS option is peer-as, the version number of MPLS packets is 9, the version number of aggregation statistics packets is 8, and the version number of other packets is 5.

  • Page 878: Ip Netstream Timeout Inactive

    NMM modules in the system. Use the undo ip netstream timeout active command to restore the default value of the active aging time of the streams on all the NMM modules in the system.

  • Page 879: Ip Netstream Template Refresh

    NMM Application Module and age all the streams in the stream cache. Example # Clear the Netstream statistics information of the NMM moduleon slot 2 and age all the streams in the stream cache. <SW8800> reset ip netstream statistics slot 2...
  • Page 880 Parameter minutes: Aging time of the template in minutes. Description Use the ip stream template timeout command to set the aging time of the template. Use the undo ip stream template timeout command to restore the aging time of the template to the default value.

  • Page 881: Display Poe Interface

    Use the display poe interface interface-type interface-num command to display the PoE status of a specific port on the switch. Use the display poe interface command without any option to display the PoE status of all the PoE-capable ports on the switch.

  • Page 882: Display Poe Interface Power

    Remaining power on the port power The sampling cycle of the power, current and voltage of ports is 1 second; ■ The sampling cycle of the peak power and average power of ports is 5 minutes ■ display poe interface Syntax...

  • Page 883: Display Poe Pse

    PSE software version Hardware Version PSE hardware version The sampling cycle of the current power of the interface card is 1 minute, and the sampling cycle of the peak power and average power is 5 minutes. display poe slot Syntax...

  • Page 884: Poe Enable

    Parameter slotnum: Slot number of a PoE card Description Use the display poe slot slotnum command to display the information of a PoE card in the switch. Example # Display the information of the PoE card in slot 8 of the switch.

  • Page 885: Poe Legacy Enable Slot

    When detecting the compatibility of PDs, the module can detect and power the PDs incompatible with the 802.3af standard. By default, the module does not detect the compatibility of the PD connected to it. CAUTION: Detecting an incompatible device slows down the detection and decreases system performance;...

  • Page 886: Poe Max-Power

    OMMANDS Example # Enable the module in slot 2 to detect the compatibility of the PD connected to it. [SW8800] poe legacy enable slot 2 # Disable the detection of the compatibility of the PD connected to the module in slot 2.

  • Page 887: Poe Mode

    By default, the port adopts signal lines to supply power. CAUTION: 3Com Switch 8800 Family series routing switches currently do not support the spare mode. If a PD only supports the spare mode, a conversion will be needed. Example # Configure the PoE mode on current port to signal.

  • Page 888: Poe Power-Management

    PD connected to the port whose PoE priority is the highest. For example, assume that the PoE priority on port A is set to critical. If a new PD is connected to port A when the external power supply by the switch is almost fully loaded, the switch stops powering the PD connected to the port whose PoE priority is the lowest and begins to power the PD connected to port A.

  • Page 889: Poe Power Max-Value

    Use the undo poe priority command to restore the default priority. By default, the PoE priority on each port is low. CAUTION: When the PoE power of the switch is not enough to support all the port, the switch supplies power to ports with higher priority, and powers down...
  • Page 890 50: P HAPTER ONFIGURATION OMMANDS Example # Set the PoE priority of current port to critical. [3Com-GigabitEthernet3/1/1] poe priority critical # Restore the default priority. [3Com-GigabitEthernet3/1/1] undo poe priority...

  • Page 891: Display Poe-Power Ac-Input State

    <SW8800> display poe-power ac-input state PSU 1 AC Input State : Lack Phase PSU 2 AC Input State : Normal PSU 3 AC Input State : Lack Phase Table 120 Description on the fields of the display poe-power ac-input state command Field Description NORMAL The AC input is normal.

  • Page 892: Display Poe-Power Dc-Output State

    Normal NOTLINK The PSU is disconnected. That is, the controller was able to communicate with the PSU; but it cannot now. Power-cycling the unit or re-inserting a new PSU can resolve this problem. INERROR The PSU input is in trouble. Restoring the AC input can resolve this problem.

  • Page 893: Display Poe-Power Dc-Output Value

    Use the display poe-power switch state command to display the number and current state of the AC power distribution switches of the PSUs. Example # Display the number and current state of the AC power distribution switches. <SW8800>display poe-power switch state Switch Number : 0...
  • Page 894 Rating Output Power Rated output power. When one or two PSUs are available, it is 2250 W for 220 VAC input and 1125 W for 110 VAC input. When three PSUs are available, it is 4500 W for 220 VAC input...

  • Page 895: Poe-Power Input-Thresh Lower

    View System view Parameter string: Overvoltage alarm threshold. It ranges from 90 V to 264 V in the format of X.X. Description Use the poe-power input-thresh upper command to set overvoltage alarm threshold of AC input (upper threshold): For 220 VAC input, it is recommended to set the threshold to 264.0 V.

  • Page 896: Poe-Power Output-Thresh Lower

    Description Use the poe-power output-thresh lower command to set the undervoltage alarm threshold of DC output (lower threshold): For both 220 VAC and 110 VAC input, it is recommended to set the threshold to 45.00 V. Example # Set the undervoltage alarm threshold of DC output to 45.00 V.

  • Page 897: Debugging Udp-Helper

    Commands debugging udp-helper Syntax debugging udp-helper { event | packet [ receive | send ] } undo debugging udp-helper { event | packet [ receive | send ] } View User view Parameter event: Enables event debugging for UDP Helper.

  • Page 898: Udp-Helper Enable

    Now, the following config udp-helper port exist(s): 37(time), 49(tacacs), 53(dns), 34, 89, 456, 10000-10005 The information above shows the configuration of the global UDP ports (including the default port 37, 49, 53 and the configured ports) when UDP helper is enabled. udp-helper enable Syntax...

  • Page 899: Udp-Helper Port

    UDP Helper Configuration Commands udp-helper port Syntax udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp | time } undo udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp | time }...
  • Page 900 IP address of the destination server, in dotted decimal notation. This argument can be the address of a host or the broadcast address of a subnet. Up to 20 destination servers can be configured on a VLAN virtual interface.

  • Page 901: Display Snmp-Agent

    Description Use the display snmp-agent command to view engine ID of current device. SNMP engine is the core of SNMP entity. It performs the function of sending, receiving and authenticating SNMP message, extracting PDU, packet encapsulation and the communication with SNMP application, and so on.

  • Page 902: Display Snmp-Agent Group

    # Display the currently configured community names. <SW8800> display snmp-agent community Community name:public Group name:public Storage-type: nonVolatile Community name:private Group name:private Storage-type: nonVolatile Table 124 Description on the fields of the display snmp-agent community command Field Description community Community name name Group name Group name...

  • Page 903: Display Snmp-Agent Mib-View

    The name of the notify MIB view corresponding to that group storage-type Storage mode display snmp-agent Syntax mib-view display snmp-agent mib-view [ exclude | include | { viewname mib-view } ] View Any view Parameter exclude: Displays the SNMP MIB view excluded. Include: Displays the SNMP MIB view included.

  • Page 904: Display Snmp-Agent Statistics

    53: SNMP C HAPTER ONFIGURATION OMMANDS Table 126 Description on the fields of the display snmp-agent mib-view command Field Description View name View name MIB Subtree MIB subtree Subtree Subtree mask mask storage-type Storage type View Type Permit or forbid access to an MIB object...

  • Page 905: Display Snmp-Agent Sys-Info

    SNMP Configuration Commands Table 127 Description on the fields of the display snmp-agent statistics command Field Description 9 Get-next PDUs accepted and Total number of the input SNMP packets processed 0 GetBulkRequest-PDU accepted Number of packets with version information error...

  • Page 906: Display Snmp-Agent Usm-User

    <SW8800> display snmp-agent sys-info contact The contact person for this managed node: R&D Beijing, 3Com Corporation co.,Ltd. The above information represents that the contact person for this machine is R&D Beijing, 3Com Corporation co.,Ltd # Display the character string describing the system location.

  • Page 907: Enable Snmp Trap

    Parameter None Description Use the enable snmp trap updown command to enable current port or VLAN interface to transmit the LINK UP and LINK DOWN trap messages. Use the undo enable snmp trap updown command to disable current port or VLAN interface to transmit the LINK UP and LINK DOWN trap messages.

  • Page 908: Snmp-Agent Community

    53: SNMP C HAPTER ONFIGURATION OMMANDS Example # Enable current port Ethernet6/1/1 to transmit the LINK UP and LINK DOWN trap information with the community name public <SW8800> system-view System View: return to User View with Ctrl+Z. [3Com-Ethernet6/1/1] snmp trap updown enable [SW8800] snmp-agent target-host trap address udp-domain 10.1.1.1...

  • Page 909: Snmp-Agent Group

    SNMP Configuration Commands snmp-agent group Syntax snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-list ] undo snmp-agent group { v1 | v2c } group-name snmp-agent group v3 group-name [ authentication | privacy ] [ read-view...

  • Page 910: Snmp-Agent Local-Engineid

    Specifies the engine ID with a character string, only composed of hexadecimal numbers between 5 and 32 including. Description Use the snmp-agent local-engineid command to configure a name for a local or remote SNMP engine on the switch. Use the command to Using undo snmp-agent local-engineid command, you can restore the default setting of engine ID.

  • Page 911: Snmp-Agent Packet Max-Size

    Specifies the view name, with a character string, ranging from 1 to 32 characters. oid-tree: MIB object subtree. It can be a character string of the variable OID, or a variable name, ranging from 1 to 255 characters. By default, OID is 1.3.6.1.

  • Page 912: Snmp-Agent Sys-Info

    { contact sysContact | location syslocation | version { { v1 | v2c | v3 } * | all } } undo snmp-agent sys-info { { contact | location }* | version { { v1 | v2c | v3 } * | all } }...

  • Page 913: Snmp-Agent Target-Host

    Represent the version of SNMPV2C. v3: Represent the version of SNMPV3. securityname: Specifies the community name, ranging 1 to 32 bytes. It can be the community name of SNMPv1/v2c or the user name of SNMPv3. authentication: Configures to authenticate the packet without encryption.

  • Page 914: Snmp-Agent Trap Enable

    [ bgp [ backwardtransition | established ]* | configuration | flash | ospf [ process-id ] [ ospf-trap-list ] | ldp | lsp | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system | vrrp [...

  • Page 915: Snmp-Agent Trap Life

    Example # Enable to send the trap packet of SNMP authentication failure to 10.1.1.1. The community name is public. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 916: Snmp-Agent Trap Queue-Size

    View System view Parameter length: Length of queue, ranging from 1 to 1,000. By default, the length is 100. Description Use the snmp-agent trap queue-size command to configure the information queue length of Trap packet sent to Destination Host.

  • Page 917: Snmp-Agent Usm-User

    { v1 | v2c } username groupname snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha } authpassstring [ privacy-mode { des56 privpassstring } ] ] [ acl acl-list ] undo snmp-agent usm-user v3 username groupname { local | engineid...

  • Page 918: Undo Snmp-Agent

    SNMP engineID (for authentication) is required when configuring remote user for an agent. This command will not be effective without engineID configured. For V1 and V2C, this command will add a new community name. For V3, it will add a new user for an SNMP group.

  • Page 919: Display Rmon Alarm

    : 10(linked with event 1) Falling threshold : 2(linked with event 1) When startup enables : risingOrFallingAlarm Latest value Table 129 Description on the fields of the display rmon alarm command Field Description Alarm table 1 Index 1 in alarm table monitor...

  • Page 920: Display Rmon Event

    Description Use the display rmon event command to view RMON events. The display includes event index in event table, owner of the event, description to the event, action caused by event (log or alarm information), and occurrence time of the latest event (counted on system initiate/boot time in centiseconds).

  • Page 921: Display Rmon History

    Use the display rmon eventlog command to view RMON event log. The display includes event index in the event table, the status of the event, the time at which the event log is generated (this time starts from the system initialization or booting and counted in milliseconds), and event description.

  • Page 922: Display Rmon Prialarm

    :0 , oversize packets fragments , jabbers collisions , utilization Table 132 Description on the fields of the display rmon history command Field Description Samples interface The sampled interface History control entry Index number in history control table...

  • Page 923: Display Rmon Statistics

    : 5(linked with event 1) When startup enables : risingOrFallingAlarm This entry will exist : forever. Latest value Table 133 Description on the fields of the display rmon prialarm command Field Description Prialarm table 1 Index of extended alarm entry.

  • Page 924: Rmon Alarm

    2147483647. event-entry2: Event number corresponding to the falling threshold, ranging from 0 to 65535. owner text: Specifies the creator of the alarm. Length of the character string ranges from 1 to 127. Description Use the rmon alarm command to add an entry to the alarm table.

  • Page 925: Rmon Event

    RMON Configuration Commands Use the undo rmon alarm command to cancel an entry from this table. In this way, the alarm event can be triggered in the abnormal situations and then decides to log and send trap to the NM station.

  • Page 926: Rmon History

    Keeping logs and sending the trap messages to NMS ■ Example # Add the entry 10 to the event table and marks it as log event. <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] rmon event 10 log...

  • Page 927: Rmon Prialarm

    Related command: display rmon history. Example # Create a history control table entry with the index number of 15, capacity of 100 and sampling interval of 10 seconds. The owner is tester. <SW8800> system-view System View: return to User View with Ctrl+Z.
  • Page 928 0 to 65535. forever | cycle cycle-period: Specifies the type of the alarm instance line. cycle-period specifies the functional cycle of the instance. owner text: Creator of this entry. Length of the character string ranges from 1 to 127. Description Use the rmon prialarm command to add an entry to the extended RMON alarm table.

  • Page 929: Rmon Statistics

    RMON Configuration Commands Example # Add an extended alarm entry in the fifth line of the extended alarm table. Perform operation on the corresponding variant by means of the formular ((.1.3.6.1.4.1.43.45.1.6.1.2.1.1.2.1-.1.3.6.1.4.1.43.45.1.6.1.2.1.1.3.1)*100/.1.3. 6.1.4.1.43.45.1.6.1.2.1.1.2.1) to get the port utilization of Gigabit Ethernet interface 1/1/1.
  • Page 930 54: RMON C HAPTER ONFIGURATION OMMANDS <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800]interface Ethernet 2/1/1 [3Com-Ethernet2/1/1] rmon statistic 20...

  • Page 931: Debugging Ntp-Service

    Syntax debugging ntp-service { access | adjustment | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity | all } undo debugging ntp-service { access | adjustment | authentication | event |...

  • Page 932: Display Ntp-Service Sessions

    Use the display ntp-service sessions command to display the status of all the SESSIONS maintained by NTP service provided by the local equipment. By default, the status of all the SESSIONS maintained by NTP service provided by the local equipment will be displayed.

  • Page 933: Display Ntp-Service Trace

    Syntax display ntp-service trace View Any view Parameter None Description Use the display ntp-service trace command to display the brief information about every NTP server on the way from the local device to the reference clock source.

  • Page 934: Ntp-Service Access

    By default, there is no limit to the access. Set authority to access the NTP services on a local Ethernet Switch. This is a basic and brief security measure, compared to authentication. An access request will be matched with peer, server, synchronization, and query in an ascending order of the limitation.

  • Page 935: Ntp-Service Authentication Enable

    NTP Configuration Commands # Give the authority of time request and query control of the local equipment to the peer in ACL 2000. [SW8800] ntp-service access synchronization 2000 ntp-service Syntax authentication enable ntp-service authentication enable undo ntp-service authentication enable View...

  • Page 936: Ntp-Service Broadcast-Client

    Designate an interface on the local Ethernet Switch to receive NTP broadcast messages and operate in broadcast client mode. The local Ethernet Switch listens to the broadcast from the server. When it receives the first broadcast packet, it starts a brief Client/Server mode to switch messages with a remote server for estimating the network delay.

  • Page 937: Ntp-Service Max-Dynamic-Sessions

    By default, the broadcast service is disabled and number defaults to 3. Designate an interface on the local equipment to broadcast NTP packets. The local equipment runs in broadcast-server mode and regularly broadcasts packets to its clients.

  • Page 938: Ntp-Service Multicast-Client

    VLAN interface view Parameter ip-address: Multicast IP address of Class D. By default, the ip-address argument is set to 224.0.1.1. Actually, for the Switch 8800 Family series, you can set 224.0.1.1 as the multicast IP address only. Description Use the ntp-service multicast-client command to configure the NTP multicast client mode.

  • Page 939: Ntp-Service Refclock-Master

    VLAN interface view Parameter ip-address: Multicast IP address of Class D. It defaults to 224.0.1.1. Actually, for the Switch 8800 Family series, you can set 224.0.1.1 as the multicast IP address only. authentication-keyid: Specifies authentication key. keyid: Key ID used in multicast, ranging from 1 to 4294967295.

  • Page 940: Ntp-Service Reliable Authentication-Keyid

    IP address of an external clock as 127.127.u. If no IP address is specified, the local clock is set as the NTP master clock by default. You can also specify the stratum of the NTP master clock.

  • Page 941: Ntp-Service Source-Interface

    You can use this command to designate an interface to transmit all the NTP packets and take the source address of these packets from its IP address. If you do not want any other interface to receive the acknowledgement packets, use this command to specify one interface to send all the NTP packets.
  • Page 942 NTP version number, ranging from 1 to 3. authentication-keyid: Defines authentication key. keyid: Key ID used for transmitting messages to a remote server, ranging from 1 to 4294967295. source-interface: Specifies the name of an interface, the interface can be VLAN interface and Loopback interface currently.

  • Page 943: Ntp-Service Unicast-Server

    NTP version number, ranging from 1 to 3. authentication-keyid: Defines authentication key. keyid: Key ID used for transmitting messages to a remote server, ranging from 1 to 4294967295. source-interface: Specifies the name of an interface, the interface can be VLAN interface and Loopback interface.
  • Page 944 55: NTP C HAPTER ONFIGURATION OMMANDS <SW8800> system-view System View: return to User View with Ctrl+Z. [SW8800] ntp-service unicast-server 128.108.22.44 version 3...

  • Page 945: Debugging Ssh Server

    Use the undo debugging ssh server command to disable the debugging. By default, the debugging is disabled. Logs related to the SSH server are recorded into the log file or log buffer only if debugging is enabled. Related command: ssh server authentication-retries, ssh server rekey-interval, ssh server timeout.

  • Page 946: Display Rsa Local-Key-Pair Public

    Syntax public display rsa local-key-pair public View Any view Parameter None Description Use the display rsa local-key-pair public command to display the public key of the server’s host key pair and server key pair. Related command: rsa local-key-pair create.

  • Page 947: Display Rsa Peer-Public-Key

    <SW8800> display rsa peer-public-key brief Address Bits Name 1023 abcd 1024 1024 1024 hq_all # Display the public key of the specified RSA key pair named abcd of the client. <SW8800> display rsa peer-public-key name 127.0.0.1 ===================================== Key name: 127.0.0.1 Key address:...

  • Page 948: Display Ssh Server

    Displays the SSH status information. session: Displays the SSH session information. Description Use the display ssh server command to display the status information or session information of an SSH server. Related command: ssh server authentication-retries, ssh server rekey-interval, ssh server timeout.

  • Page 949: Peer-Public-Key End

    Use the display ssh user-information command to display information about the current SSH user, including username, peer key name, authentication mode and the types of authorized services. If you specify the argument username in the command, the user information about the specified username will be displayed.

  • Page 950: Protocol Inbound

    By default, all protocols are supported. This configuration takes effect at the next login. Note that after enabling SSH by this command, you still cannot log in through SSH if the client RSA key is not configured. CAUTION: If the supported protocol configured in the user interface is SSH, make sure to ■...

  • Page 951: Public-Key-Code Begin

    <Enter> and then continue to input the key. Note that the public key must be a hexadecimal string coded in the public key format and is randomly generated by the SSH 2.0-enabled client software or the client switch.

  • Page 952: Rsa Local-Key-Pair Create

    CAUTION: When you log in through SSH user, the key generated by the server must be longer than 768 bits. The RSA key genetated by the server is 1,024 bits by default. Related command: rsa local-key-pair destroy.

  • Page 953: Rsa Local-Key-Pair Destroy

    % You already have RSA keys defined for rtvrp_Host % Do you really want to replace them? [yes/no]:y Choose the size of the key modulus in the range of 512 to 2048 for your Keys. Choosing a key modulus greater than 512 may take a few minutes.

  • Page 954: Ssh Server Authentication-Retries

    View System view Parameter times: Number of authentication retries, in the range from 1 to 5. By default, the value is 3. Description Use the ssh server authentication-retries command to set the number of SSH connection authentication retries.

  • Page 955: Ssh Server Rekey-Interval

    View System view Parameter hours: Update interval of the server key, in range of 1 to 24 (hours). It cannot be 0. Description Use the ssh server rekey-interval command to set update interval of the server key.

  • Page 956: Ssh User Assign Rsa-Key

    ONFIGURATION OMMANDS View System view Parameter seconds: Login timeout (in seconds), in the range from 1 to 120. By default, the value is 60. Description Use the ssh server timeout command to set the authentication timeout of SSH connections. Use the undo ssh server timeout command to restore the default SSH authentication timeout.

  • Page 957: Ssh Authentication-Type Default

    NULL, namely, the unable-to-login mode. The new authentication mode takes effect at the next login. By default, no login authentication mode is specified, that is, SSH users are unable to login. For a new user, you must specify an authentication mode; otherwise, the new user will not be able to log in.

  • Page 958: Display Ssh Server-Info

    Configures the default user authentication mode as RSA public key authentication. all: Specifies that the default user authentication mode can be either password authentication or public key authentication. password-publickey: Configures the default user authentication mode as a combination of password authentication and public key authentication.

  • Page 959: Quit

    Use the undo ssh client assign rsa-key command to cancel the configuration. Example # Specify the public key of a server with IP address 192.168.0.1 on the client as serverkey01. <SW8800> system-view System View: return to User View with Ctrl+Z.

  • Page 960: Ssh Client First-Time Enable

    The first-time authentication means that when the SSH client accesses the server for the first time in the case that there is no local copy of the server’s public key, the user can proceed to access the server and save a local copy of the server’s public key;...
  • Page 961 HMAC algorithm hmac-md5. md5_96: HMAC algorithm hmac-md5-96. Description Use the ssh2 command to enable the connection between the SSH client and the server, and specify the preferred key exchange algorithm, encryption algorithm and HMAC algorithm of the client and the server.

  • Page 962: Sftp Server Enable

    Syntax ssh service-type default { all [sftp-directory directory ] | sftp [ sftp-directory directory ] | stelnet } undo ssh service-type default View System view Parameter all: Specifies that the default service type can be either Stelnet or SFTP.

  • Page 963: Ssh User Service-Type

    Use the undo ssh service-type default command to cancel the default service type and the default directory for SFTP users. The default service type is NULL and the default directory for SFTP users is NULL. Example # Configure the default service type as SFTP and specify cf: as the default directory.

  • Page 964: Configuration Commands

    Parameter remote-path: Name of a path on the server. Description Use the cd command to change the current path on the SFTP server. If you do not specify the remote-path argument, the current path will be displayed. Example # Change the current path to d:/temp.

  • Page 965: Cdup

    SFTP Client view Parameter remote-path: Name of the directory to view. Description Use the dir command to view the files in the specified directory. If the remote-path argument is not specified, the files in the current directory will be displayed.

  • Page 966: Exit

    Use the get command to download a file from the remote server and save it locally. By default, if no local file name is specified, it is assumed that the local file has the same name as the file on the SFTP server.

  • Page 967: Help

    Name of the directory to view. Description Use the ls command to view the files in the specified directory. If the remote-path argument is not specified, the files in the current directory will be displayed. This command has the same functionality as the dir command.

  • Page 968: Mkdir

    Use the put command to upload a local file to the remote SFTP server. By default, if no name of the file on the remote server is specified, it is assumed that the file on the remote server has the same name as the local file.

  • Page 969: Remove

    SFTP Client Configuration Commands Description Use the pwd command to display the current directory on the SFTP server. Example # Display the current directory on the SFTP server. sftp-client> pwd flash: quit Syntax quit View SFTP Client view Parameter None...

  • Page 970: Rmdir

    [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [...
  • Page 971 HMAC algorithm hmac-md5. md5_96: HMAC algorithm hmac-md5-96. Description Use the sftp command to establish the connection with the remote SFTP server and enter the SFTP Client view. Example # Connect to the SFTP server with IP address 10.214.49.126 using the default encryption algorithm.
  • Page 972 56: SSH T HAPTER ERMINAL ERVICE ONFIGURATION OMMANDS...

  • Page 973: Copy

    File System The limitation on the names of directories and files on switch are as follows: It is recommended that the name of a directory or file should not contain more ■ than 64 characters; otherwise you will not be able to delete such a directory or file, even though the system supports directory or file names containing more than 64 characters.

  • Page 974: Delete

    You can use this command to copy a file from current directory to another directory, or vise versa. Where, the source filename must be the name of a file that has already existed in the specified directory, and the destination filename can be changed as required.

  • Page 975: Execute

    7932928 bytes total (4966400 bytes free) execute Syntax execute filename View System view Parameter filename: Name of the batch file, ranging from 1 to 256, with a suffix of ".bat". Description Use the execute command to execute the specified batch file.

  • Page 976: File Prompt

    By default, the prompt mode of the file operation is alert, which performs interactive confirmation on dangerous file operations. If the prompt mode is set as quiet, that is, no prompt for file operations, some non-recoverable operations may lead to system damage.

  • Page 977: Format

    Use the fixdisk command to restore the space of a storage device. Some of the space of a storage device may be unavailable due to some reason (such as abnormal operations). In this case, you can use this command to restore the space.

  • Page 978: More

    57: F HAPTER YSTEM ANAGEMENT OMMANDS The directory to be created cannot have the same name as that of other directory or file in the specified directory. Example # Create the directory dd. <SW8800> mkdir dd Created dir flash:/dd more...

  • Page 979: Rename

    File System When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it. Example # Move flash:/test/sample.txt to flash:/sample.txt. <SW8800> move flash:/test/sample.txt flash:/sample.txt Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y %Moved file flash:/test/sample.txt to flash:/sample.txt The switch has the following limitation on directory name and filename: The maximum length of a directory name or filename is 64 characters.

  • Page 980: Reset Recycle-Bin

    Description Use the rmdir command to cancel a directory. The directory to be deleted must be empty, that is, all the files under the directory should be removed first. When you delete a directory using the rmdir command, the files that originally...

  • Page 981: Umount

    Use the undelete command to recover the file that has not been deleted completely. The file name to be recovered cannot be the same as an existing directory name. If the destination file name is the same as an existing file name, prompt whether to overwrite.
  • Page 982 57: F HAPTER YSTEM ANAGEMENT OMMANDS...

  • Page 983: Boot Boot-Loader

    SRPC, the URL of the program must begin with "slot[No.]#[flash: | cf:]/", where, [No.] is the slot number of the standby SRPC and [flash: | cf:] is the name of the equipment, flash card or CF card. For example, if the slot number of the standby SRPC is 1, the URL of the 8500.app program under the root directory...

  • Page 984: Boot Bootrom

    Specifies the slot number list of switch. The formula is slot-num-list={ slot-num [ to slot-num ] }&<1-n>. &<1-n> indicates that the prior parameter can be input for n times. For Switch 8807, n is 7; for Switch 8814, n is Description Use the boot bootrom command to upgrade Bootrom.

  • Page 985: Display Cpu

    12% in last 5 minutes CPU usage in last 5 minutes is 12%. display device Syntax display device [ detail | [ shelf shelf-no ] [ frame frame-no ] [ slot slot-no ] ] View Any view Parameter detail: displays all slot detail information.

  • Page 986: Display Environment

    Parameter fan-id: the fan ID. Description Use the display fan command to view the working state of the built-in fans. User can perform this command to see if they work normally. Example # Display the working state of the fans.

  • Page 987: Display Memory

    [ power-ID ] View Any view Parameter power-ID: Power ID. Description Use the display power command to view the working state of the built-in power supply. Example # Show power state. <SW8800> display power Power 1 State: Absent...

  • Page 988: Display Schedule Reboot

    [ yyyy/mm/dd ] undo schedule reboot View User view Parameter hh:mm: Reboot time of the switch, in the format of "hour: minute" The hh ranges from 0 to 23, and the mm ranges from 0 to 59.

  • Page 989: Schedule Reboot Delay

    Reboot date of the switch, in the format of "year/month/day. The yyyy ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd is related to the specific month. Description Use the schedule reboot at command to enable the timing reboot function of the switch and set the specific reboot time and date.

  • Page 990: Temperature-Limit

    Waiting time for rebooting a switch, in the format of "hour: minute" The hhh ranges from 0 to 720, and the mm ranges from 0 to 59. mmm: Waiting delay for rebooting a switch, in the format of "absolute minutes" .

  • Page 991: Update L3Plus

    Slot for the service processing module to be updated. file-name: Name of upgrading file to be downloaded. The file suffix is .app. server-name: IP address or host name of FTP Server where the file to be updated locates. user-name: User name for file transfer protocol (FTP) login.
  • Page 992 OMMANDS Example # Update the service processing module in slot 2. The file to be downloaded is place in the host with the IP address 192.168.1.100, and its name is L3PLUS.app. The user name and password for FTP login are 654321 and 123456 respectively.

  • Page 993: Ascii

    Description Use the ascii command to configure data transmission mode as ASCII mode. By default, the file transmission mode is ASCII mode. Perform this command if the user needs to change the file transmission mode to default mode. Example # Configure to transmit data in the ASCII mode.

  • Page 994: Cdup

    Description Use the cd command to change the working path on the remote FTP Server. This command is used to access another directory on FTP Server. Note that the user can only access the directories authorized by the FTP server.

  • Page 995: Close

    None Description Use the cdup command to change working path to the upper level directory. This command is used to exit the current directory and return to the upper level directory. Example # Change working path to the upper level directory.

  • Page 996: Delete

    Saves local file name of the query result. Description Use the dir command to query a specified file. If no parameter of this command is specified, then all the files in the directory will be displayed. Example # Query the file temp.c and saves the results in the file temp1.

  • Page 997: Disconnect

    Parameter ipaddress: IP address of the remote FTP Server. port: Port number of remote FTP Server. Host-name: Name of the remote FTP Server, a string which is 1 to 30 characters long. Description Use the ftp command to establish control connection with the remote FTP Server and enter FTP Client view.
  • Page 998 Name of a file on the remote FTP Server. Description Use the get command to download a remote file and save it locally. If no local file name is specified, it will be considered the same as that on the remote FTP Server. Example # Download the file temp1.c and saves it as temp.c...

  • Page 999: Open

    Port number of the remote server. Description Use the open command to set up an FTP connection with a remote FTP server. Example # Set up a FTP connection with the FTP server with the IP address of 10.110.3.1. <SW8800> ftp [ftp] open 10.110.3.1 passive...
  • Page 1000 If the user does not specify the filename on the remote server, the system will consider it the same as the local file name by default. Example # Upload the local file temp.c to the remote FTP Server and saves it as temp1.c. <SW8800> ftp [ftp] put temp.c temp1.c...

  • Page 1001: Remotehelp

    FTP Client Commands Parameter None Description Use the pwd command to view the current directory on the remote FTP Server. Example # Show the current directory on the remote FTP Server. <SW8800> ftp [ftp] pwd "flash:/temp" is current directory. quit...

  • Page 1002: User

    Logon password. Description Use the user command to register an FTP user. This command is available when you log in FTP server with a specified user account. Example # Log in the FTP Server with username tom and password bjhw.

This manual is also suitable for:

88148810

Table of Contents