1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 6125XLG
  6. Command reference manual

HP 6125XLG Command Reference Manual

Blade switch layer 3 - ip services
Hide thumbs Also See for 6125XLG:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Command Reference Manual
HP 6125XLG Blade Switch
Layer 3—IP Services

Command Reference

Part number: 5998-3733
Software version: Release 2306
Document version: 6W100-20130912

Advertisement

Table of Contents
loading

Related Manuals for HP 6125XLG

Summary of Contents for HP 6125XLG

  • Page 1: Command Reference

    HP 6125XLG Blade Switch Layer 3—IP Services Command Reference Part number: 5998-3733 Software version: Release 2306 Document version: 6W100-20130912...
  • Page 2 HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

  • Page 3: Table Of Contents

    Contents ARP commands ····························································································································································· 1   arp check enable ······················································································································································ 1   arp max-learning-num ·············································································································································· 1   arp multiport ······························································································································································ 2   arp static ···································································································································································· 3   arp timer aging ························································································································································· 4   display arp ································································································································································ 5   display arp ip-address ············································································································································· 7  ...
  • Page 4 dhcp server ping packets ····································································································································· 37   dhcp server ping timeout ······································································································································ 38   dhcp server relay information enable ················································································································· 39   display dhcp server conflict ·································································································································· 39   display dhcp server expired ································································································································· 40   display dhcp server free-ip ··································································································································· 41  ...
  • Page 5 dhcp snooping binding record ···························································································································· 85   dhcp snooping check mac-address ····················································································································· 85   dhcp snooping check request-message ··············································································································· 86   dhcp snooping enable ·········································································································································· 87   dhcp snooping information circuit-id ··················································································································· 87   dhcp snooping information enable ····················································································································· 89  ...
  • Page 6 display rawip verbose ········································································································································ 129   display tcp ···························································································································································· 130   display tcp statistics ············································································································································· 131   display tcp verbose ············································································································································· 133   display udp ·························································································································································· 134   display udp statistics ··········································································································································· 135   display udp verbose ············································································································································ 135   ip forward-broadcast ··········································································································································...
  • Page 7 ipv6 nd autoconfig managed-address-flag ······································································································· 180   ipv6 nd autoconfig other-flag ····························································································································· 181   ipv6 nd dad attempts ·········································································································································· 182   ipv6 nd ns retrans-timer ······································································································································ 183   ipv6 nd nud reachable-time ······························································································································· 183   ipv6 nd ra halt ····················································································································································· 184  ...
  • Page 8 Tunneling commands ·············································································································································· 228   default ··································································································································································· 228   description ···························································································································································· 228   destination ···························································································································································· 229   display interface tunnel ······································································································································· 230   interface tunnel ···················································································································································· 233   mtu ········································································································································································ 234   reset counters interface ······································································································································· 235   service ··································································································································································· 235  ...

  • Page 9: Arp Commands

    ARP commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Predefined user roles...

  • Page 10: Arp Multiport

    Default An interface can learn a maximum of 16384 dynamic ARP entries. Views Ethernet interface view, VLAN interface view, aggregate interface view Predefined user roles network-admin Parameters number: Specifies the maximum number of dynamic ARP entries, in the range of 0 to 16384. Usage guidelines An interface can dynamically learn ARP entries.

  • Page 11: Arp Static

    Parameters ip-address: Specifies an IP address for the multiport ARP entry. mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H. vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN for the multiport ARP entry.

  • Page 12: Arp Timer Aging

    mac-address: Specifies the MAC address in an ARP entry, in the format of H-H-H. vlan-id: Specifies the ID of a VLAN to which a static ARP entry belongs, in the range of 1 to 4094. The VLAN must already exist. interface-type interface-number: Specifies the interface type and interface number.

  • Page 13: Display Arp

    Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated.
  • Page 14 vlan vlan-id: Displays the ARP entries for the specified VLAN. The VLAN ID is in the range of 1 to 4094. interface interface-type interface-number: Displays the ARP entries for the interface specified by the argument interface-type interface-number. count: Displays the number of ARP entries. verbose: Displays detailed information about ARP entries.

  • Page 15: Display Arp Ip-Address

    Field Description Interface Output interface in an ARP entry. Aging time for a dynamic ARP entry in minutes. N/A means unknown aging time Aging or no aging time. ARP entry type: • D—Dynamic. • Type S—Static. • M—Multiport. • I—Ineffective. Name of VPN instance.

  • Page 16: Display Arp Timer Aging

    Related commands arp static • reset arp • display arp timer aging Use display arp timer aging to display the aging timer for dynamic ARP entries. Syntax display arp timer aging Views Any view Predefined user roles network-admin network-operator Examples # Display the aging timer for dynamic ARP entries.

  • Page 17: Mac-Address Mac-Move Fast-Update

    <Sysname> display arp vpn-instance test Type: S-Static D-Dynamic M-Multiport I-Invalid IP Address MAC Address VLAN ID Interface Aging Type 20.1.1.1 00e0-fc00-0001 Related commands arp static • reset arp • mac-address mac-move fast-update Use mac-address mac-move fast-update to enable ARP fast update for MAC move. Use undo mac-address mac-move fast-update to restore the default.
  • Page 18 static: Clears all static ARP entries. slot slot-number: Clears the ARP entries of an IRF member device. The slot-number argument specifies the ID of the IRF member device. interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number.

  • Page 19: Gratuitous Arp Commands

    Gratuitous ARP commands arp send-gratuitous-arp Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the sending interval on an interface. Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets. Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Default Periodic sending of gratuitous ARP is disabled.

  • Page 20: Gratuitous-Arp-Learning Enable

    gratuitous-arp-learning enable Use gratuitous-arp-learning enable to enable learning of gratuitous ARP packets. Use undo gratuitous-arp-learning enable to disable learning of gratuitous ARP packets. Syntax gratuitous-arp-learning enable undo gratuitous-arp-learning enable Default Learning of gratuitous ARP packets is enabled. Views System view Predefined user roles network-admin Usage guidelines...
  • Page 21 Predefined user roles network-admin Examples # Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet. <Sysname> system-view [Sysname] undo gratuitous-arp-sending enable...

  • Page 22: Proxy Arp Commands

    Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays the local proxy ARP status for the specified interface. Usage guidelines The local ARP proxy status can be enabled or disabled.

  • Page 23: Local-Proxy-Arp Enable

    Parameters interface interface-type interface-number: Displays the proxy ARP status for the specified interface. Usage guidelines The proxy ARP status can be enabled or disabled. If you specify an interface, this command displays proxy ARP status for the specified interface. If you do not specify any interface, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on VLAN-interface 1.

  • Page 24: Proxy-Arp Enable

    Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on VLAN-interface 2. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable # Enable local proxy ARP on VLAN-interface 2 for a specific IP address range. <Sysname>...
  • Page 25 Related commands display proxy-arp...

  • Page 26: Arp Snooping Commands

    ARP snooping commands arp snooping enable Use arp snooping enable to enable ARP snooping. Use undo arp snooping enable to disable ARP snooping. Syntax arp snooping enable undo arp snooping enable Default ARP snooping is disabled. Views VLAN view Predefined user roles network-admin Examples # Enable ARP snooping on VLAN 2.

  • Page 27: Reset Arp Snooping

    ip ip-address: Displays the ARP snooping entry for the specified IP address. slot slot-number: Specifies an IRF member device. The slot-number argument is the member device ID in the IRF fabric. Usage guidelines If you do not specify any keywords or arguments, the command displays all ARP snooping entries. Examples # Display ARP snooping entries for VLAN 2.
  • Page 28 Usage guidelines If you do not specify any keywords or arguments, the command removes all ARP snooping entries. Examples # Remove ARP snooping entries for VLAN 2. <Sysname> reset arp snooping vlan 2...

  • Page 29: Ip Addressing Commands

    IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface or all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
  • Page 30 Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 3 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown command.

  • Page 31: Display Ip Interface Brief

    Field Description ICMP packet input number: Total number of ICMP packets received on the interface (statistics start at the Echo reply: device startup): • Echo reply packets. Unreachable: • Unreachable packets. Source quench: • Source quench packets. Routing redirect: • Routing redirect packets.

  • Page 32: Ip Address

    If you do not specify the interface type and interface number, this command displays brief IP configuration information about all Layer 3 interfaces. If you specify only the interface type, this command displays brief IP configuration information about all Layer 3 interfaces of the specified type. If you specify both the interface type and interface number, this command displays brief IP configuration information about the specified interface.
  • Page 33 Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ] Default No IP address is assigned to an interface. Views Interface view Predefined user roles...

  • Page 34: Ip Address Unnumbered

    ip address unnumbered Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP address from the specified interface. Use undo ip address unnumbered to disable IP unnumbered on the interface. Syntax ip address unnumbered interface interface-type interface-number undo ip address unnumbered Default The interface does not borrow IP addresses from other interfaces.

  • Page 35: Dhcp Commands

    DHCP commands Common DHCP commands dhcp enable Use dhcp enable to enable DHCP. Use undo dhcp enable to disable DHCP. Syntax dhcp enable undo dhcp enable Default DHCP is disabled. Views System view Predefined user roles network-admin Usage guidelines Enable DHCP before you perform DHCP server or relay agent configurations. Examples # Enable DHCP.
  • Page 36 Views Interface view Predefined user roles network-admin Parameters relay: Enables the DHCP relay agent on the interface. server: Enables the DHCP server on the interface. Usage guidelines Before changing the DHCP server mode to the DHCP relay agent mode on an interface, use the reset dhcp server ip-in-use command to remove address bindings.

  • Page 37: Dhcp Server Commands

    DHCP server commands address range Use address range to configure an IP address range in a DHCP address pool for dynamic allocation. Use undo address range to remove the IP address range in the address pool. Syntax address range start-ip-address end-ip-address undo address range Default No IP address range is configured.

  • Page 38: Bims-Server

    bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key undo bims-server Default No BIMS server information is specified.

  • Page 39: Class

    Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters bootfile-name: Specifies the boot file name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use the bootfile-name command multiple times, the most recent configuration takes effect. Examples # Specify the boot file name boot.cfg in DHCP address pool 0.

  • Page 40: Dhcp Class

    Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any client. start-ip-address: Specifies the start IP address.

  • Page 41: Dhcp Server Always-Broadcast

    Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. Usage guidelines In the DHCP user class view, use the if-match option command to configure a match rule to match specific clients. Then use the class command to specify an IP address range for the matching clients. Examples # Create a DHCP user class test and enter DHCP user class view.

  • Page 42: Dhcp Server Apply Ip-Pool

    <Sysname> system-view [Sysname] dhcp server always-broadcast dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration. Syntax dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool Default No address pool is applied on an interface Views...

  • Page 43: Dhcp Server Bootp Reply-Rfc-1048

    Default The DHCP server does not ignore BOOTP requests. Views System view Predefined user roles network-admin Usage guidelines The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests. Examples # Configure the DHCP server to ignore BOOTP requests.

  • Page 44: Dhcp Server Forbidden-Ip

    dhcp server forbidden-ip Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation. Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip start-ip-address [ end-ip-address ] undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] Default No IP addresses are excluded from dynamic allocation.

  • Page 45: Dhcp Server Ping Packets

    Syntax dhcp server ip-pool pool-name undo dhcp server ip-pool pool-name Default No DHCP address pool is created. Views System view Predefined user roles network-admin Parameters pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63 characters used to uniquely identify this pool.

  • Page 46: Dhcp Server Ping Timeout

    Usage guidelines To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client. If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client.

  • Page 47: Dhcp Server Relay Information Enable

    display dhcp server conflict • • reset dhcp server conflict dhcp server relay information enable Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82. Syntax dhcp server relay information enable undo dhcp server relay information enable...

  • Page 48: Display Dhcp Server Expired

    Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and • discovers that it has been used by other host. The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address •...

  • Page 49: Display Dhcp Server Free-Ip

    Examples # Display all lease expiration information. <Sysname> display dhcp server expired IP address Client-identifier/Hardware address Lease expiration 4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2007 -2d45-7468-6572-6e65-7430-2f31 Table 6 Command output Field Description IP address Expired IP address. Client-identifier/Hardware address Client ID or MAC address. Lease expiration Time when the lease expired.

  • Page 50: Display Dhcp Server Ip-In-Use

    Pool name: 2 Network: 20.1.1.0 mask 255.255.255.0 IP ranges from 20.1.1.0 to 20.1.1.255 Table 7 Command output Field Description Pool name Name of the address pool. Network Assignable network. IP ranges Assignable IP address range. Secondary networks Assignable secondary networks. Related commands •...

  • Page 51: Display Dhcp Server Pool

    662e-3030-3033-2d45- 7468-6572-6e65-7430- 2f31 10.1.1.3 1111-1111-1111 After 2100 Static(C) Table 8 Command output Field Description IP address IP address assigned. Client identifier/Hardware Client ID or hardware address. address Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire.
  • Page 52 Parameters pool-name: Displays information of the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify any pool-name, the command displays information about all address pools. Examples # Display information about all DHCP address pools. <Sysname>...

  • Page 53: Display Dhcp Server Statistics

    Pool name: 3 static bindings: ip-address 10.10.1.2 mask 255.0.0.0 hardware-address 00e0-00fc-0001 ethernet ip-address 10.10.1.3 mask 255.0.0.0 client-identifier aaaa-bbbb expired unlimited Table 9 Command output Field Description Pool name Name of an address pool. Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range.
  • Page 54 Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all address pools. Examples # Display the DHCP server statistics.

  • Page 55: Dns-List

    Field Description Total number of conflict addresses. This field is not displayed if you display Conflict statistics for a specific address pool. DHCP packets received from clients: • DHCPDISCOVER • DHCPREQUEST • DHCPDECLINE Messages received • DHCPRELEASE • DHCPINFORM • BOOTPREQUEST This field is not displayed if you display statistics for a specific address pool.

  • Page 56: Domain-Name

    Usage guidelines If you use the dns-list command multiple times, the most recent configuration takes effect. The undo dns-list command without any parameter specified deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. <Sysname>...

  • Page 57: Forbidden-Ip

    Use undo expired to restore the default lease duration for a DHCP address pool. Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles...

  • Page 58: Gateway-List

    Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. Usage guidelines The excluded IP addresses in an address pool are still assignable in other address pools.

  • Page 59: If-Match Option

    Parameters ip-address&<1-8>: Specifies gateways. &<1-8> indicates that you can specify up to eight gateway addresses separated by spaces. Gateway addresses must reside on the same subnet as the assignable IP addresses. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Without any parameters specified, the undo gateway-list command deletes all gateway addresses.

  • Page 60: Nbns-List

    offset offset: Specifies the offset to match the option, in the range of 0 to 254 bytes. If the offset argument is not specified, the server matches the entire option with the rule. length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The specified length must be the same as the hex-string length.

  • Page 61: Netbios-Type

    Syntax nbns-list ip-address&<1-8> undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to eight WINS server addresses separated by spaces. Usage guidelines If you use this command multiple times, the most recent configuration takes effect.

  • Page 62: Network

    Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.

  • Page 63: Next-Server

    secondary: Specifies the subnet as a secondary subnet. Without this keyword, this command specifies the primary subnet. If the addresses in the primary subnet are used up, the DHCP server can select addresses from a secondary subnet for the clients. Usage guidelines You can use the secondary keyword to specify a secondary subnet and enter its view, where you can specify gateways by using the gateway-list command for the DHCP clients in the secondary subnet.

  • Page 64: Option

    Usage guidelines Upon startup, the DHCP client obtains its own IP address and the specified server IP address, and then contacts the specified server, such as a TFTP server, to get other boot information. If you use the next-server command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 10.1.1.254 in DHCP address pool 0.

  • Page 65: Reset Dhcp Server Conflict

    Add options for which the CLI does not provide a dedicated configuration command. For example, • you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients. Add all option values if the actual requirement exceeds the limit for a dedicated option •...

  • Page 66: Reset Dhcp Server Expired

    reset dhcp server expired Use reset dhcp server expired to clear binding information for expired IP addresses. Syntax reset dhcp server expired [ ip ip-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears binding information for the specified expired IP address. pool pool-name: Clears binding information for the expired IP addresses in the specified address pool.

  • Page 67: Reset Dhcp Server Statistics

    Examples # Clear binding information for the IP address 10.1 10.1.1. <Sysname> reset dhcp server ip-in-use ip 10.110.1.1 Related commands display dhcp server ip-in-use reset dhcp server statistics Use reset dhcp server statistics to clear DHCP server statistics. Syntax reset dhcp server statistics Views User view Predefined user roles...

  • Page 68: Tftp-Server Domain-Name

    mask mask: Specifies the mask, in dotted decimal format. client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…., in which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers.

  • Page 69: Tftp-Server Ip-Address

    Predefined user roles network-admin Parameters domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server name aaa in DHCP address pool 0. <Sysname>...

  • Page 70: Voice-Config

    tftp-server domain-name • voice-config Use voice-config to configure the content for Option 184 in a DHCP address pool. Use undo voice-config to remove the Option 184 content from a DHCP address pool. Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] Default...

  • Page 71: Dhcp Relay Agent Commands

    DHCP relay agent commands dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent. Syntax dhcp relay check mac-address undo dhcp relay check mac-address Default The MAC address check function is disabled.

  • Page 72: Dhcp Relay Client-Information Refresh

    Syntax dhcp relay client-information record undo dhcp relay client-information record Default The DHCP relay agent does not record client information in relay entries. Views System view Predefined user roles network-admin Usage guidelines Disabling recording of client information deletes all recorded relay entries. Examples # Enable recording of relay entries on the relay agent.

  • Page 73: Dhcp Relay Client-Information Refresh Enable

    Examples # Set the refresh interval to 100 seconds. <Sysname> system-view [Sysname] dhcp relay client-information refresh interval 100 Related commands dhcp relay client-information record • dhcp relay client-information refresh enable • dhcp relay client-information refresh enable Use dhcp relay client-information refresh enable to enable the relay agent to periodically refresh dynamic relay entries.

  • Page 74: Dhcp Relay Information Circuit-Id

    Related commands dhcp relay client-information record • dhcp relay client-information refresh • • reset dhcp relay client-information dhcp relay information circuit-id Use dhcp relay information circuit-id to configure the padding content and padding format for the circuit ID sub-option of Option 82. Use undo dhcp relay information circuit-id to restore the default.

  • Page 75: Dhcp Relay Information Enable

    Usage guidelines If you use this command multiple times, the most recent configuration takes effect. The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. The following matrix shows how the padding format is determined for different modes.

  • Page 76: Dhcp Relay Information Remote-Id

    Default The DHCP relay agent does not support Option 82. Views Interface view Predefined user roles network-admin Usage guidelines With this feature enabled, the DHCP relay agent adds Option 82 to a DHCP request that does not contain Option 82 before forwarding it to the DHCP server. You can configure the content of Option 82 with the dhcp relay information circuit-id and dhcp relay information remote-id commands.

  • Page 77: Dhcp Relay Information Strategy

    Parameters normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface. format: Specifies the code type for the remote ID sub-option. The default code type is Hex. ascii: Specifies the ASCII code type. hex: Specifies the hex code type.

  • Page 78: Dhcp Relay Release Ip

    Parameters drop: Drops messages containing Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only for DHCP requests containing Option 82. When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server.

  • Page 79: Dhcp Relay Server-Address

    dhcp relay server-address Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent. Use undo dhcp relay server-address to remove DHCP servers. Syntax dhcp relay server-address ip-address undo dhcp relay server-address [ ip-address ] Default No DHCP server is specified on the relay agent. Views Interface view Predefined user roles...
  • Page 80 Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance.

  • Page 81: Display Dhcp Relay Information

    display dhcp relay information Use display dhcp relay information to display Option 82 configuration information on the DHCP relay agent. Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays Option 82 configuration information on the specified interface.

  • Page 82: Display Dhcp Relay Server-Address

    Field Description Handling strategy for request messages containing Option 82, Drop, Strategy Keep, or Replace. Padding content mode of the circuit ID sub-option, Verbose, Normal, or Circuit ID Pattern User Defined. Padding content mode of the remote ID sub-option, Sysname, Normal, or Remote ID Pattern User Defined.

  • Page 83: Display Dhcp Relay Statistics

    Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent. Syntax display dhcp relay statistics [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters...

  • Page 84: Reset Dhcp Relay Client-Information

    BOOTPREPLY: DHCP packets sent to servers: DHCPDISCOVER: DHCPREQUEST: DHCPINFORM: DHCPRELEASE: DHCPDECLINE: BOOTPREQUEST: DHCP packets sent to clients: DHCPOFFER: DHCPACK: DHCPNAK: BOOTPREPLY: Related commands reset dhcp relay statistics reset dhcp relay client-information Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent. Syntax reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]...

  • Page 85: Reset Dhcp Relay Statistics

    reset dhcp relay statistics Use reset dhcp relay statistics to clear relay agent statistics. Syntax reset dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Clears DHCP relay agent statistics on the specified interface. If you do not specify any interface, this command clears all DHCP relay agent statistics.

  • Page 86: Dhcp Client Commands

    DHCP client commands dhcp client dad enable Use dhcp client dad enable to enable duplicate address detection. Use undo dhcp client dad enable to disable duplicate address detection. Syntax dhcp client dad enable undo dhcp client dad enable Default The duplicate address detection feature is enabled on an interface. Views System view Predefined user roles...

  • Page 87: Display Dhcp Client

    Parameters ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID. hex string: Specifies a hex string of 4 to 64 characters as the client ID. mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID.

  • Page 88: Field Description

    # Display verbose DHCP client information. <Sysname> display dhcp client verbose Vlan-interface10 DHCP client information: Current state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from May 21 19:00:29 2012 May 31 19:00:29 2012 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2...

  • Page 89: Ip Address Dhcp-Alloc

    Field Description Transaction ID, a random number chosen by the client to identify Transaction ID an IP address allocation. Default router Gateway address assigned to the client. Classless static routes Classless static routes assigned to the client. Static routes Classful static routes assigned to the client. DNS servers DNS server address assigned to the client.
  • Page 90 Usage guidelines When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. Examples # Configure VLAN-interface 10 to use DHCP for IP address acquisition. <Sysname>...

  • Page 91: Dhcp Snooping Commands

    DHCP snooping commands DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay agent. dhcp snooping binding database filename Use dhcp snooping binding database filename to specify a file to store DHCP snooping entries.

  • Page 92: Dhcp Snooping Binding Database Update Now

    Syntax dhcp snooping binding database update interval seconds undo dhcp snooping binding database update interval Default The device does not update DHCP snooping entries periodically. Views System view Predefined user roles network-admin Parameters Seconds: Sets the update interval in the range of 60 to 864000 seconds. Usage guidelines When a DHCP snooping entry is learned or removed, the device does not update the database file until after the specified waiting period.

  • Page 93: Dhcp Snooping Binding Record

    Related commands dhcp snooping binding database filename dhcp snooping binding record Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries. Use undo dhcp snooping binding record to disable the function. Syntax dhcp snooping binding record undo dhcp snooping binding record Default DHCP snooping does not record client information.

  • Page 94: Dhcp Snooping Check Request-Message

    Usage guidelines With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request.

  • Page 95: Dhcp Snooping Enable

    dhcp snooping enable Use dhcp snooping enable to enable DHCP snooping. Use undo dhcp snooping enable to disable DHCP snooping. Syntax dhcp snooping enable undo dhcp snooping enable Default DHCP snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines When DHCP snooping is disabled, the device forwards all responses received from DHCP servers and does not record DHCP client information.
  • Page 96 string circuit-id: Specifies the padding content for the circuit ID sub-option, a case-sensitive string of 3 to 63 characters. normal: Specifies the normal padding format. The padding content includes the VLAN ID and interface number. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier.

  • Page 97: Dhcp Snooping Information Enable

    Examples # Configure verbose as the padding format, system name as the node identifier, and ASCII as the code type for the circuit ID sub-option. <Sysname> system-view [Sysname] interface Ten-GigabitEthernet 1/1/5 [Sysname-Ten-GigabitEthernet1/1/5] dhcp snooping information enable [Sysname-Ten-GigabitEthernet1/1/5] dhcp snooping information strategy replace [Sysname-Ten-GigabitEthernet1/1/5] dhcp snooping information circuit-id verbose node-identifier sysname format ascii Related commands...

  • Page 98: Dhcp Snooping Information Remote-Id

    dhcp snooping information strategy • dhcp snooping information remote-id Use dhcp snooping information remote-id to configure the padding content and code type for the remote ID sub-option. Use undo dhcp snooping information remote-id to restore the default. Syntax dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } } undo dhcp snooping information remote-id [ vlan vlan-id ] Default...

  • Page 99: Dhcp Snooping Information Strategy

    Related commands dhcp snooping information enable • dhcp snooping information strategy • • display dhcp snooping information dhcp snooping information strategy Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages. Use undo dhcp snooping information strategy to restore the default. Syntax dhcp snooping information strategy { drop | keep | replace } undo dhcp snooping information strategy...

  • Page 100: Dhcp Snooping Trust

    Use dhcp snooping rate-limit to configure the maximum rate at which an interface can receive DHCP packets. Use undo dhcp snooping rate-limit to disable the rate limit. Syntax dhcp snooping rate-limit rate undo dhcp snooping rate-limit Default Incoming DHCP packets on an interface are not rate limited. Views Ethernet interface view, aggregate interface view Predefined user roles...

  • Page 101: Display Dhcp Snooping Binding

    Predefined user roles network-admin Usage guidelines Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted ports so DHCP clients can obtain valid IP addresses. Examples # Specify the Ethernet interface Ten-GigabitEthernet 1/1/5 as a trusted port. <Sysname>...

  • Page 102: Display Dhcp Snooping Binding Database

    Field Description When both DHCP snooping and QinQ are enabled or the DHCP packet VLAN contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCP client resides. When both DHCP snooping and QinQ are enabled or the DHCP packet SVLAN contains two VLAN tags, this field identifies the inner VLAN tag.

  • Page 103: Display Dhcp Snooping Information

    display dhcp snooping information Use display dhcp snooping information to display Option 82 configuration on the DHCP snooping device. Syntax display dhcp snooping information { all | interface interface-type interface-number } Views Any view Predefined user roles network-admin network-operator Parameters all: Displays Option 82 configuration on all Ethernet interfaces.

  • Page 104: Display Dhcp Snooping Packet Statistics

    Field Description Node identifier Access node identifier. User defined Content of the user-defined sub-option. Code type of Option 82 sub-option: • Format For circuit ID sub-option, the code type can be ASCII, Default, or Hex. • For remote ID sub-option, the code type can be ASCII or Hex. Remote ID Content of the remote ID sub-option.

  • Page 105: Reset Dhcp Snooping Binding

    Predefined user roles network-admin network-operator Examples # Display information about trusted ports. <Sysname> display dhcp snooping trust DHCP snooping is enabled. DHCP snooping trust becomes active. Interface Trusted ========================= ============ Ten-GigabitEthernet1/1/5 Trusted Related commands dhcp snooping trust reset dhcp snooping binding Use reset dhcp snooping binding to clear DHCP snooping entries.
  • Page 106 Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device. The slot-number argument specifies the member device ID in the IRF fabric. Usage guidelines Without slot slot-number, this command clears DHCP packet statistics for the IRF device where the command is executed.

  • Page 107: Bootp Client Commands

    BOOTP client commands display bootp client Use display bootp client to display information about a BOOTP client. Syntax display bootp client [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If you do not specify any interface, the command displays BOOTP client information for all interfaces.

  • Page 108: Ip Address Bootp-Alloc

    ip address bootp-alloc Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition. Use undo ip address bootp-alloc to cancel an interface from using BOOTP from acquiring an IP address. Syntax ip address bootp-alloc undo ip address bootp-alloc Default An interface does not use BOOTP for IP address acquisition.

  • Page 109: Dns Commands

    DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.

  • Page 110: Display Dns Host

    display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries.

  • Page 111: Display Dns Server

    Field Description Time in seconds that a mapping can be stored in the cache. For a static mapping, a hyphen (-) is displayed. Query type Query type, type A or type AAAA. Replied IP address: • IP address For type A query, the replied IP address is an IPv4 address. •...

  • Page 112: Display Ipv6 Dns Server

    Table 23 Command output Field Description Sequence number. DNS server type: • Type S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information.

  • Page 113: Dns Domain

    Field Description DNS server type: • S—A manually configured DNS server. Type • D—DNS server information dynamically obtained through DHCP or other protocols. IPv6 address IPv6 address of the DNS server. Outgoing Interface Output interface. Related commands ipv6 dns server dns domain Use dns domain to configure a domain name suffix.

  • Page 114: Dns Proxy Enable

    [Sysname] dns domain com Related commands display dns domain dns proxy enable Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to restore the default. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Predefined user roles...

  • Page 115: Dns Source-Interface

    Parameters ip-address: Specifies an IPv4 address of a DNS server. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To specify an IPv4 address on the public network, do not use this option. Usage guidelines The device sends DNS query request to the DNS servers in the order their IPv4 addresses are specified.

  • Page 116: Dns Spoofing

    You can specify source interfaces for the public network and a maximum of 1024 VPNs. You can specify only one source interface for the public network or each VPN. Make sure the specified interface is on the VPN specified by the vpn-instance vpn-instance-name option. Examples # Specify VLAN-interface 2 as the source interface for DNS packets on the public network.

  • Page 117: Dns Trust-Interface

    Related commands dns proxy enable dns trust-interface Use dns trust-interface to specify the DNS trusted interface. Use undo dns trust-interface to remove the specified DNS trusted interface. If no interface is specified, the undo dns trust-interface command removes all DNS trusted interfaces. Syntax dns trust-interface interface-type interface-number undo dns trust-interface [ interface-type interface-number ]...

  • Page 118: Ipv6 Dns Server

    Default No mappings are created. Views System view Predefined user roles network-admin Parameters host-name: Specifies a host name. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.) (for example, aabbcc.com). The host name can contain at most 253 characters, and each separated string contains no more than 63 characters.

  • Page 119: Ipv6 Dns Spoofing

    Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of a DNS server. interface-type interface-number: Specifies the output interface by its type and number. If no interface is specified, the device forwards DNS packets out of the output interface of the matching route. You must specify the output interface when the IPv6 address of the DNS server is a link-local address.

  • Page 120: Ipv6 Host

    Usage guidelines Use the ipv6 dns spoofing command together with the dns proxy enable command. DNS spoofing enables the DNS proxy on the device to send a spoofed reply with an IPv6 address in response to a type AAAA DNS request. Without DNS spoofing, the device does not forward or answer a request if no DNS server is specified or no DNS server is reachable.

  • Page 121: Reset Dns Host

    For the public network or a VPN, each host name maps to only one IPv6 address. If you use the command multiple times, the most recent configuration takes effect. Examples # Map IPv6 address 2001::1 to host name aaa on the public network. <Sysname>...

  • Page 122: Ddns Commands

    DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update. Syntax ddns apply policy policy-name [ fqdn domain-name ] undo ddns apply policy policy-name...

  • Page 123: Ddns Policy

    ddns policy Use ddns policy to create a DDNS policy and enter its view. Use undo ddns policy to delete a DDNS policy. Syntax ddns policy policy-name undo ddns policy policy-name Default No DDNS policy is created. Views System view Predefined user roles network-admin Parameters...
  • Page 124 Examples # Display information about the DDNS policy steven_policy. <Sysname> display ddns policy steven_policy DDNS policy: steven_policy : http://members.3322.org/dyndns/update? system=dyndns&hostname=<h>&myip=<a> Username : steven Password : ****** Method : GET SSL client policy: Interval : 1 days 0 hours 1 minutes # Display information about all DDNS policies.

  • Page 125: Interval

    Field Description Password to be included in the URL address for DDNS update requests. This field is blank Password if no password is configured and displays ****** if a password is configured. Parameter transmission method used to send HTTP/HTTPS-based DDNS update requests. Method Method types include GET and POST.

  • Page 126: Method

    Examples # Set the interval for sending DDNS update requests to one day and one minute for the DDNS policy steven_policy. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] interval 1 0 1 Related commands ddns policy • display ddns policy •...

  • Page 127: Password

    display ddns policy • password Use password to specify the password to be included in the URL address for DDNS update requests. Use undo password to remove the password. Syntax password { cipher | simple } password undo password Default No password is specified for the URL address.

  • Page 128: Url

    Syntax ssl-client-policy policy-name undo ssl-client-policy Default No SSL client policy is associated with any DDNS policy. Views DDNS policy view Predefined user roles network-admin Parameters policy-name: Specifies the SSL client policy name, a case-insensitive string of 1 to 31 characters. Usage guidelines The SSL client policy is effective only for HTTPS-based DDNS update requests.
  • Page 129 Parameters request-url: Specifies the URL address, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information. Usage guidelines The URL addresses configured for update requests vary by DDNS servers. Common DDNS server URL address format are shown in Table Table 26 Common URL addresses for DDNS update request DDNS server...

  • Page 130: Username

    The port number in the URL address is optional. If no port number is specified, the default port number is used. HTTP uses port 80, HTTPS uses port 443, and the PeanutHull server uses port 6060. The system automatically fills <h> with the FQDN that is specified when the DDNS policy is applied to the interface and automatically fills <a>...
  • Page 131 Parameters username: Specifies the username, a string of 1 to 32 characters. Examples # Specify the username as steven to be included in the URL address for update requests of DDNS policy steven_policy. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] username steven Related commands •...

  • Page 132: Basic Ip Forwarding Commands

    Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] View Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Displays the FIB table of the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
  • Page 133 127.0.0.0/8 127.0.0.1 InLoop0 Null 127.0.0.1/32 127.0.0.1 InLoop0 Null # Display the FIB entries matching the destination IP address 10.2.1.1. <Sysname> display fib 10.2.1.1 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay F:FRR Destination/Mask Nexthop Flag OutInterface/Token...

  • Page 134: Ip Performance Optimization Commands

    IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax display icmp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays ICMP statistics for an IRF member device. The slot-number argument specifies the ID of the IRF member device.

  • Page 135: Display Ip Statistics

    display ip statistics Use display ip statistics to display IP packet statistics. Syntax display ip statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays IP packet statistics for the specified IRF member device. The slot-number argument specifies the ID of the IRF member device.

  • Page 136: Display Rawip

    Field Description local Total number of packets locally sent. dropped Total number of packets discarded. no route Total number of packets for which no route is available. compress fails Total number of packets failed to be compressed. input Total number of fragments received. output Total number of fragments sent.

  • Page 137: Display Rawip Verbose

    Table 29 Command output Field Description Local Addr Local IP address. Foreign Addr Peer IP address. Protocol Protocol number. Slot ID of an IRF member device. Protocol control block. display rawip verbose Use display rawip verbose to display detailed information about RawIP connections. Syntax display rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views...

  • Page 138: Display Tcp

    inpcb flags: N/A inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) send VRF: 0xffff receive VRF: 0xffff Table 30 Command output Field Description Total RawIP Socket Number Total number of RawIP sockets. slot ID of an IRF member device. Name of the operation that created the socket. The number in brackets is the creator process number of the creator.

  • Page 139: Display Tcp Statistics

    Examples # Display brief information about TCP connections. <Sysname> display tcp *: TCP MD5 Connection Local Addr:port Foreign Addr:port State Slot PCB *0.0.0.0:21 0.0.0.0:0 LISTEN 0x000000000000c387 192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 0x0000000000000009 192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 0x0000000000000002 Table 31 Command output Field Description Indicates the TCP connection uses MD5 authentication.
  • Page 140 packets dropped for lack of memory: 0 packets dropped due to PAWS: 0 duplicate packets: 12 (36 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 3531 (795048 bytes) duplicate ACK packets: 33, ACK packets for unsent data: 0 Sent packets:...

  • Page 141: Display Tcp Verbose

    initiated connections: 29, accepted connections: 12, established connections: closed connections: 50051 (dropped: 0, initiated dropped: 0) bad connection attempt: 0 ignored RSTs in the window: 0 listen queue overflows: 0 RTT updates: 3518(attempt segment: 3537) correct ACK header predictions: 0 correct data packet header predictions: 568 resends due to MTU discovery: 0 packets dropped with MD5 authentication: 0...

  • Page 142: Display Udp

    rcvbuf(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A sndbuf(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A type: 1 protocol: 6 connection info: src = 192.168.20.200:23 , dst = 192.168.20.14:4181 inpcb flags: N/A inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) connection state: ESTABLISHED send VRF: 0x0 receive VRF: 0x0 display udp...

  • Page 143: Display Udp Statistics

    display udp statistics Use display udp statistics to display UDP traffic statistics. Syntax display udp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays UDP traffic statistics for the specified IRF member device. The argument slot-number specifies the ID of the IRF member device.
  • Page 144 Parameters pcb pcb-index: Displays detailed UDP connection information for the PCB specified by the pcb-index argument. The value range is 1 to 16. slot slot-number: Displays detailed UDP connection information for the specified IRF member device. The slot-number argument specifies the ID of the IRF member device. Usage guidelines Detailed UDP connection information includes the socket creator, status, option, type, the protocol number, the source IP address and port number, and the destination IP address and port number for UDP...

  • Page 145: Ip Forward-Broadcast

    Field Description protocol Number of the protocol using the socket. inpcb flags Flags in the Internet PCB. inpcb vflag IP version flags in the Internet PCB. ip forward-broadcast Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets destined for the directly connected network.

  • Page 146: Ip Mtu

    Use undo ip icmp fragment discarding to enable forwarding of ICMP fragments. Syntax ip icmp fragment discarding undo ip icmp fragment discarding Default Forwarding of ICMP fragments is enabled. Views System view Predefined user roles network-admin Usage guidelines Disable forwarding of ICMP fragments can prevent ICMP fragment attacks. Examples # Disable forwarding of ICMP fragments.

  • Page 147: Ip Redirects Enable

    Fragmentation and reassembling consume system resources, so set an appropriate MTU for an interface to avoid fragmentation. If an interface supports both the mtu and ip mtu commands, the device fragments a packet based on the MTU set by the ip mtu command. The MTU configured for an interface takes effect on only packets that are sent to the CPU for software forwarding, including packets sent from or destined for this interface.

  • Page 148: Ip Ttl-Expires Enable

    ip ttl-expires enable Use ip ttl-expires enable to enable sending ICMP time-exceeded packets. Use undo ip ttl-expires enable to disable sending ICMP time-exceeded packets. Syntax ip ttl-expires enable undo ip ttl-expires enable Default Sending ICMP time-exceeded packets is disabled. Views System view Predefined user roles network-admin...

  • Page 149: Reset Ip Statistics

    Predefined user roles network-admin Usage guidelines A device sends ICMP destination unreachable packets by following these rules: • If a packet does not match any specific route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error packet to the source. If a packet is destined for the device but the transport layer protocol of the packet is not supported •...

  • Page 150: Reset Tcp Statistics

    display ip statistics • reset tcp statistics Use reset tcp statistics to clear TCP traffic statistics. Syntax reset tcp statistics Views User view Predefined user roles network-admin Examples # Clear TCP traffic statistics. <Sysname> reset tcp statistics Related commands display tcp statistics reset udp statistics Use reset udp statistics to clear UDP traffic statistics.

  • Page 151: Tcp Path-Mtu-Discovery

    Default No TCP MSS is configured. Views Interface view Predefined user roles network-admin Parameters value: Specifies the TCP MSS in the range of 128 to 2048 bytes. Usage guidelines This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist.

  • Page 152: Tcp Syn-Cookie Enable

    Parameters aging age-time: Sets the aging time for the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes. no-aging: Does not age out the path MTU. Usage guidelines After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.

  • Page 153: Tcp Timer Fin-Timeout

    The server establishes a TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the sender. Examples # Enable SYN Cookie. <Sysname> system-view [Sysname] tcp syn-cookie enable tcp timer fin-timeout Use tcp timer fin-timeout to configure the TCP FIN wait timer. Use undo tcp timer fin-timeout to restore the default.

  • Page 154: Tcp Window

    Default The TCP SYN wait timer is 75 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds. Usage guidelines TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection.

  • Page 155: Udp Helper Commands

    UDP helper commands display udp-helper interface Use display udp-helper interface to display information about packets forwarded by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines This command shows information about the destination server and the number of UDP packets forwarded to the destination server.

  • Page 156: Udp-Helper Enable

    Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the statistics of UDP packets forwarded by UDP helper. <Sysname> reset udp-helper statistics Related commands display udp-helper interface udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper.

  • Page 157: Udp-Helper Server

    undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } Default No UDP port number is specified for UDP helper. Views System view Predefined user roles network-admin Parameters port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). dns: Specifies the UDP port 53 used by DNS packets.
  • Page 158 Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a destination server, in dotted decimal notation. Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets. You can specify a maximum of 20 destination servers on an interface. If you do not specify the ip-address argument, the undo udp-helper server command removes all destination servers on the interface.

  • Page 159: Ipv6 Basics Commands

    IPv6 basics commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address [ prefix-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters.

  • Page 160: Display Ipv6 Icmp Statistics

    Table 35 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of IPv6 FIB entries. Destination Destination address. Prefix length Prefix length of the destination address. Nexthop Next hop. Route flag: • U—Usable route. •...

  • Page 161: Display Ipv6 Interface

    Input: bad code too short checksum error bad length path MTU changed destination unreachable too big parameter problem echo request echo reply neighbor solicit neighbor advertisement router solicit router advertisement redirect router renumbering output: parameter problem echo request echo reply unreachable no route unreachable admin unreachable beyond scope 0...
  • Page 162 <Sysname> display ipv6 interface vlan-interface 2 Vlan-interface2 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::1234:56FF:FE65:4322 [TENTATIVE] Global unicast address(es): 10::1234:56FF:FE65:4322, subnet is 10::/64 [TENTATIVE] [AUTOCFG] [valid lifetime 4641s/preferred lifetime 4637s] 20::1234:56ff:fe65:4322, subnet is 20::/64 [TENTATIVE] [EUI-64] 30::1, subnet is 30::/64 [TENTATIVE] [ANYCAST] 40::2, subnet is 40::/64 [TENTATIVE] [DHCP] 50::3, subnet is 50::/64 [TENTATIVE]...
  • Page 163 Table 36 Command output Field Description Physical state of the interface: • Administratively DOWN—The VLAN interface has been administratively shut down with the shutdown command. Vlan-interface2 current state • DOWN—The VLAN interface is administratively up but its physical state is down because all ports in the VLAN are down. •...
  • Page 164 Field Description Received IPv6 packets that are too short, with a length less than 40 bytes, for InTooShorts example. InTruncatedPkts Received IPv6 packets with a length less than that specified in the packets. InHopLimitExceeds Received IPv6 packets with a hop count exceeding the limit. InBadHeaders Received IPv6 packets with incorrect basic headers.

  • Page 165: Display Ipv6 Interface Prefix

    Table 37 Command output Field Description *down: administratively The interface has been administratively shut down with the shutdown command. down Spoofing attribute of the interface. (s): spoofing The link protocol state of the interface is up, but the link is temporarily set up on demand or does not exist.

  • Page 166: Display Ipv6 Neighbors

    Lifetime(Valid/Preferred): 2592000/604800 Table 38 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: • Origin STATIC—Manually configured with the ipv6 nd ra prefix command. • ADDRESS—Generated by a manually configured address. Aging time in seconds. If the prefix does not age out, a hyphens (-) is displayed. Flags advertised in RA messages.
  • Page 167 vlan vlan-id: Displays information about neighbors in the specified VLAN. The VLAN ID ranges from 1 to 4094. verbose: Displays detailed neighbor information. Usage guidelines You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Examples # Display all neighbor information.

  • Page 168: Display Ipv6 Neighbors Count

    Related commands ipv6 neighbor • reset ipv6 neighbors • display ipv6 neighbors count Use display ipv6 neighbors count to display the number of neighbor entries. Syntax display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count Views Any view...

  • Page 169: Display Ipv6 Pathmtu

    network-operator Parameters vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. The VPN must already exist. count: Displays the total number of neighbor entries in the specified VPN. Examples # Display neighbor information about the VPN vpn1. <Sysname>...
  • Page 170 Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays IPv6 Path MTU information about the public network.

  • Page 171: Display Ipv6 Rawip

    reset ipv6 pathmtu • display ipv6 rawip Use display ipv6 rawip to display brief information about IPv6 RawIP connections. Syntax display ipv6 rawip [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief information about IPv6 RawIP connections for the specified IRF member device.
  • Page 172 Syntax display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the PCB specified by the pcb-index argument. The value range is 1 to 16. slot slot-number: Displays detailed information about IPv6 RawIP connections for the specified IRF member device.

  • Page 173: Display Ipv6 Statistics

    Field Description options Socket options. Receiving buffer information: the used space, maximum space, minimum space, and the state in the parentheses. The state can be: • SBS_CANTSENDMORE—Unable to send data to the peer. rcvbuf(cc/hiwat/lowat/state) • SBS_CANTRCVMORE—Unable to receive data from the peer. •...
  • Page 174 Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays IPv6 and ICMPv6 packet statistics for the specified IRF member device. The slot-number specifies the ID of the IRF member device. Usage guidelines This command displays statistics about received and sent IPv6 and ICMPv6 packets. Use the reset ipv6 statistics command to clear the statistics of all IPv6 and ICMPv6 packets.

  • Page 175: Display Ipv6 Tcp

    Send failed: Rate limitation: Other errors: Received packets: Total: Checksum errors: Too short: Bad codes: Unreachable: Too big: Hop limit exceeded: Reassembly timeouts: Parameter problems: Unknown error types: Echo requests: Echo replies: Neighbor solicits: Neighbor adverts: Router solicits: Router adverts: Redirects: Router renumbering: Unknown info types:...

  • Page 176: Display Ipv6 Tcp Verbose

    07:2008->1200 07:3008->1200 2001::1->23 2001::5->1284 ESTABLISHED 0x0000000000000008 2003::1->25 2001::2->1283 LISTEN 0x0000000000000009 Table 44 Command output Field Description Indicates the TCP connection uses MD5 authentication. LAddr->port Local IPv6 address and port number. FAddr->port Peer IPv6 address and port number. TCP connection state: •...
  • Page 177 Usage guidelines Detailed information about an IPv6 TCP connection includes socket's creator, state, option, type, protocol number, source IPv6 address and port number, destination IPv6 address and port number, and the connection state. Examples # Display detailed information about an IPv6 TCP connection. <Sysname>...
  • Page 178 Field Description Sending buffer information: the used space, maximum space, minimum space, and state in the parentheses. The state can be: • SBS_CANTSENDMORE—Unable to send data to the peer. sndbuf(cc/hiwat/lowat/state) • SBS_CANTRCVMORE—Unable to receive data from the peer. • SBS_RCVATMARK—Receiving tag. •...

  • Page 179: Display Ipv6 Udp

    Field Description send VRF Sent instances. receive VRF Received instances. display ipv6 udp Use display ipv6 udp to display brief information about IPv6 UDP connections. Syntax display ipv6 udp [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief information about IPv6 UDP connections on the specified IRF member...
  • Page 180 Syntax display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 UDP connections of the PCB specified by the pcb-index argument. The value range is 1 to 16. slot slot-number: Displays detailed information about IPv6 UDP connections for the specified IRF member device.

  • Page 181: Ipv6 Address

    Field Description state Socket state. options Socket options. Receiving buffer information: the used space, maximum space, minimum space, and state in the parentheses. The state can be: • SBS_CANTSENDMORE—Unable to send data to the peer. rcvbuf(cc/hiwat/lowat/state) • SBS_CANTRCVMORE—Unable to receive data from the peer. •...

  • Page 182: Ipv6 Address Anycast

    Use undo ipv6 address to remove the IPv6 global unicast address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface. Views Interface view Predefined user roles...

  • Page 183: Ipv6 Address Auto Link-Local

    Views Interface view Predefined user roles network-admin Parameters ipv6-address: IPv6 anycast address. prefix-length: Prefix length in the range of 1 to 128. Examples # Set the IPv6 anycast address of VLAN-interface 100 to 2001::1 with prefix length 64. Method 1: <Sysname>...

  • Page 184: Ipv6 Address Eui-64

    Only use the undo ipv6 address auto link-local command to remove the link-local addresses generated through the ipv6 address auto link-local command. After the undo ipv6 address auto link-local command is used on an interface that has an IPv6 • global unicast address configured, the interface still has a link-local address.

  • Page 185: Ipv6 Address Link-Local

    Usage guidelines An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated interface identifier and is displayed by using the display ipv6 interface command. The prefix length of an EUI-64 IPv6 address cannot be greater than 64. Examples # Configure an EUI-64 IPv6 address for VLAN-interface 100.

  • Page 186: Ipv6 Hop-Limit

    remains. After you delete the manually assigned address, the automatically generated link-local address takes effect. For automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command. Examples # Configure a link-local address for VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address fe80::1 link-local Related commands...

  • Page 187: Ipv6 Hoplimit-Expires Enable

    ipv6 hoplimit-expires enable Use ipv6 hoplimit-expires enable to enable sending ICMPv6 Time Exceeded messages. Use undo ipv6 hoplimit-expires to disable sending ICMPv6 Time Exceeded messages. Syntax ipv6 hoplimit-expires enable undo ipv6 hoplimit-expires enable Default Sending ICMPv6 Time Exceeded messages is enabled. Views System view Predefined user roles...

  • Page 188: Ipv6 Mtu

    Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host. For example, if Host A (an attacker) sends an echo request to a multicast address with Host B as the source, all hosts in the multicast group send echo replies to Host B.

  • Page 189: Ipv6 Nd Autoconfig Other-Flag

    Use undo ipv6 nd autoconfig managed-address-flag to restore the default. Syntax ipv6 nd autoconfig managed-address-flag undo ipv6 nd autoconfig managed-address-flag Default The M flag is set to 0 so that the host can obtain an IPv6 address through stateless autoconfiguration. Views Interface view Predefined user roles...

  • Page 190: Ipv6 Nd Dad Attempts

    If the O flag is set to 1, the host uses stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 address. Otherwise, the host uses stateless autoconfiguration. Examples # Configure the host to obtain configuration information other than IPv6 address through stateless autoconfiguration.

  • Page 191: Ipv6 Nd Ns Retrans-Timer

    ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. Use undo ipv6 nd ns retrans-timer to restore the default. Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0, so that the interval for retransmitting an NS message is determined by the receiving device.

  • Page 192: Ipv6 Nd Ra Halt

    Default The neighbor reachable time on the local interface is 30000 milliseconds and the value of the Reachable Time field in RA messages is 0, so that the reachable time is determined by the receiving device. Views Interface view Predefined user roles network-admin Parameters value: Neighbor reachable time in the range of 1 to 3600000 milliseconds.

  • Page 193: Ipv6 Nd Ra Hop-Limit Unspecified

    [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] undo ipv6 nd ra halt ipv6 nd ra hop-limit unspecified Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages. Use undo ipv6 nd ra hop-limit unspecified to restore the default. Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default...

  • Page 194: Ipv6 Nd Ra No-Advlinkmtu

    Predefined user roles network-admin Parameters max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Specifies the minimum interval for advertising RA messages in seconds, in the range of 3 to three-fourths of the maximum interval. Usage guidelines The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval.

  • Page 195: Ipv6 Nd Ra Prefix

    [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra no-advlinkmtu ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages. Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] *...

  • Page 196: Ipv6 Nd Ra Router-Lifetime

    [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/64 100 10 Method 2: <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra router-lifetime Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default.

  • Page 197: Ipv6 Neighbor

    Syntax ipv6 nd router-preference { high | low | medium } undo ipv6 nd router-preference Default The router preference is medium. Views Interface view Predefined user roles network-admin Parameters high: Sets the router preference to the highest. low: Sets the router preference to the lowest. medium: Sets the router preference to the medium.

  • Page 198: Ipv6 Neighbor Link-Local Minimize

    Parameters ipv6-address: Specifies the IPv6 address of the static neighbor entry. mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H. vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094. port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.

  • Page 199: Ipv6 Neighbor Stale-Aging

    undo ipv6 neighbor link-local minimize Default All ND entries are assigned to the driver. Views System view Predefined user roles network-admin Usage guidelines Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries comprising link-local addresses. By default, the device assigns all ND entries to the driver.

  • Page 200: Ipv6 Neighbors Max-Learning-Num

    Examples # Set the aging timer for ND entries in the stale state to 120 minutes. <Sysname> system-view [Sysname] ipv6 neighbor stale-aging 120 ipv6 neighbors max-learning-num Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn, to prevent the interface from occupying too many neighbor table resources.

  • Page 201: Ipv6 Pathmtu Age

    Default No static Path MTU is configured. Views System view Predefined user roles network-admin Parameters vpn-instance vpn-instance-name: Specifies the MPLS L3VPN that the Path MTU belongs to. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the Path MTU is for the public network, do not specify this option.

  • Page 202: Ipv6 Redirects Enable

    Parameters age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100. Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU. After the aging time expires, the dynamic Path MTU is removed and the source host re-determines a dynamic path MTU through the Path MTU mechanism.

  • Page 203: Ipv6 Unreachables Enable

    ipv6 unreachables enable Use ipv6 unreachables enable to enable sending ICMPv6 destination unreachable packets. Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable packets. Syntax ipv6 unreachables enable undo ipv6 unreachables enable Default Sending ICMPv6 destination unreachable packets is disabled. Views System view Predefined user roles...

  • Page 204: Reset Ipv6 Pathmtu

    slot slot-number: Clears dynamic neighbor information for the specified IRF member device. The slot-number argument specifies the ID of the IRF member device. static: Clears static neighbor information for all interfaces. Usage guidelines You can use the display ipv6 neighbors command to display IPv6 neighbor information. Examples # Clear neighbor information for all interfaces.

  • Page 205: Reset Ipv6 Statistics

    reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics. Syntax reset ipv6 statistics [ slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Clears IPv6 and ICMPv6 packet statistics for the specified IRF member device. The slot-number specifies the ID of the IRF member device.

  • Page 206: Dhcpv6 Server Commands

    DHCPv6 server commands address range Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo address range to remove the non-temporary IPv6 address range in the address pool. Syntax address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo address range Default...

  • Page 207: Display Ipv6 Dhcp Duid

    [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 [Sysname-dhcp6-pool-1] address range 3ffe:501:ffff:100::10 3ffe:501:ffff:100::31 Related commands display ipv6 dhcp pool • network • temporary address range • display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles...
  • Page 208 Examples # Display information about DHCPv6 address pool 1. <Sysname> display ipv6 dhcp pool 1 DHCPv6 pool: 1 Network: 3FFE:501:FFFF:100::/64 Preferred lifetime 604800, valid lifetime 2592000 Prefix pool: 1 Preferred lifetime 24000, valid lifetime 36000 Addresses: Range: from 3FFE:501:FFFF:100::1 to 3FFE:501:FFFF:100::99 Preferred lifetime 70480, valid lifetime 200000 Total address number: 153 Available: 153...

  • Page 209: Display Ipv6 Dhcp Prefix-Pool

    Field Description valid lifetime Valid lifetime in seconds. Addresses Non-temporary IPv6 address range. Range IPv6 address range for dynamic allocation. Total address number Total number of IPv6 addresses. Available Total number of available IPv6 addresses. In-use Total number of assigned IPv6 addresses. Temporary addresses Temporary IPv6 address range for dynamic allocation.

  • Page 210: Display Ipv6 Dhcp Server

    <Sysname> display ipv6 dhcp prefix-pool 1 Prefix: 5::/64 Assigned length: 70 Total prefix number: 64 Available: 64 In-use: 0 Static: 0 Table 49 Command output Field Description Prefix-pool Prefix pool number. Prefix Prefix specified in the prefix pool. Available Number of available prefixes. In-use Number of assigned prefixes.

  • Page 211: Display Ipv6 Dhcp Server Conflict

    Preference value: 0 Allow-hint: Enabled Rapid-commit: Disabled Table 50 Command output Field Description Interface Interface enabled with DHCPv6 server. Address pool applied to the interface. If no address pool is applied to the interface, global is displayed. The Pool DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client.

  • Page 212: Display Ipv6 Dhcp Server Expired

    <Sysname> display ipv6 dhcp server conflict IPv6 address Detect time 2001::1 Apr 25 16:57:20 2007 1::1:2 Apr 25 17:00:10 2007 Table 51 Command output Field Description IPv6 address Conflicted IPv6 address. Detect time Time when the conflict was discovered. Related commands reset ipv6 dhcp server conflict display ipv6 dhcp server expired Use display ipv6 dhcp server expired to display lease expiration information.

  • Page 213: Display Ipv6 Dhcp Server Ip-In-Use

    Table 52 Command output Field Description IPv6 address Expired IPv6 address. DUID Client DUID bound to the expired IPv6 address. Lease expiration Time when the lease expired. Related commands reset ipv6 dhcp server expired display ipv6 dhcp server ip-in-use Use display ipv6 dhcp server ip-in-use to display binding information for assigned IPv6 addresses. Syntax display ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ] Views...
  • Page 214 IPv6 address Type Lease expiration 2:1::1 Auto(O) Jul 10 22:22:22 2008 3:1::2 Static(C) Jan 1 11:11:11 2008 # Display binding information for the specified IPv6 address. <Sysname> display ipv6 dhcp server ip-in-use address 2:1::3 Pool: 1 Client: FE80::C800:CFF0:FE18:0 Type: Auto(O) DUID: 00030001CA000C180000 IAID: 0x00030001 IPv6 address: 2:1::3...

  • Page 215: Display Ipv6 Dhcp Server Pd-In-Use

    display ipv6 dhcp server pd-in-use Use display ipv6 dhcp server pd-in-use to display binding information for the assigned IPv6 prefixes. Syntax display ipv6 dhcp server pd-in-use [ pool pool-name | prefix prefix/prefix-len ] Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by its...

  • Page 216: Display Ipv6 Dhcp Server Statistics

    Preferred lifetime 400, valid lifetime 500 Expires at Jul 10 09:45:01 2008 (288 seconds left) Table 54 Command output Field Description IPv6 prefix IPv6 prefix assigned. Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned. •...
  • Page 217 network-operator Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify any pool, the command displays DHCPv6 packet statistics for all address pools. Examples # Display all DHCPv6 packet statistics on the DHCPv6 server.

  • Page 218: Dns-Server

    Field Description Number of messages received by the DHCPv6 server. The message types include: • Solicit. • Request. • Confirm. • Renew. • Rebind. Packets received • Release. • Decline. • Information-request. • Relay-forward. If statistics about a specific address pool are displayed, this field is not displayed.

  • Page 219: Domain-Name

    Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1. <Sysname>...

  • Page 220: Ipv6 Dhcp Pool

    ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter its view. If the pool has been created, you directly enter its view. Use undo ipv6 dhcp pool to remove the specified DHCPv6 address pool. Syntax ipv6 dhcp pool pool-name undo ipv6 dhcp pool pool-name...

  • Page 221: Ipv6 Dhcp Select

    Default No prefix pool is configured. Views System view Predefined user roles network-admin Parameters prefix-pool-number: Specifies a prefix pool number in the range of 1 to 128. prefix prefix/prefix-len: Specifies a prefix/prefix length for the pool. The value range for the prefix-len argument is 1 to 128.

  • Page 222: Ipv6 Dhcp Server

    Predefined user roles network-admin Parameters server: Enables the DHCPv6 server on the interface. Examples # Enable the DHCPv6 server on VLAN-interface 10. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ipv6 dhcp select server Related commands display ipv6 dhcp server ipv6 dhcp server Use ipv6 dhcp server to configure global address assignment on an interface.

  • Page 223: Ipv6 Dhcp Server Apply Pool

    Examples # Configure global address assignment on the interface VLAN-interface 2 to support desired address/prefix assignment and rapid address/prefix assignment and set the server preference to the highest 255. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ipv6 dhcp server allow-hint preference 255 rapid-commit Related commands display ipv6 dhcp server •...

  • Page 224: Ipv6 Dhcp Server Forbidden-Address

    A non-existing address pool can be applied to an interface, but the server cannot assign any prefix, address, or other configuration information from the address pool until the address pool is created. Examples # Apply address pool 1 to VLAN-interface 2, configure the address pool to support desired address/prefix assignment and address/prefix rapid assignment, and set the preference to 255.

  • Page 225: Ipv6 Dhcp Server Forbidden-Prefix

    Examples # Exclude IPv6 addresses of 2001:10:1 10::1 through 2001:10:1 10::20 from dynamic assignment. <Sysname> system-view [Sysname] ipv6 dhcp server forbidden-address 2001:10:110::1 2001:10:110::20 Related commands ipv6 dhcp server forbidden-prefix • static-bind • ipv6 dhcp server forbidden-prefix Use ipv6 dhcp server forbidden-prefix to exclude specific IPv6 prefixes from dynamic allocation. Use undo ipv6 dhcp server forbidden-prefix to remove the configuration.

  • Page 226: Network

    static-bind • network Use network to specify an IPv6 subnet for dynamic allocation in a DHCPv6 address pool. Use undo network to remove the specified IPv6 subnet. Syntax network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo network Default No IPv6 subnet is specified in an address pool. Views DHCPv6 address pool view Predefined user roles...

  • Page 227: Option

    option Use option to configure a self-defined DHCPv6 option in a DHCPv6 address pool. Use undo option to remove a self-defined DHCPv6 option from a DHCPv6 address pool. Syntax option code hex hex-string undo option code Default No self-defined DHCPv6 option is configured in a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles...

  • Page 228: Prefix-Pool

    Related commands display ipv6 dhcp pool • dns-server • • domain-name sip-server • prefix-pool Use prefix-pool to apply a prefix pool to a DHCPv6 address pool, so the DHCPv6 server can dynamically select a prefix from the prefix pool for a client. Use undo prefix-pool to remove the configuration.

  • Page 229: Reset Ipv6 Dhcp Server Conflict

    <Sysname> system-view [Sysname] ipv6 dhcp pool 2 [Sysname-dhcp6-pool-2] prefix-pool 2 preferred-lifetime 86400 valid-lifetime 259200 Related commands display ipv6 dhcp pool • ipv6 dhcp prefix-pool • reset ipv6 dhcp server conflict Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information. Syntax reset ipv6 dhcp server conflict [ address ipv6-address ] Views...

  • Page 230: Reset Ipv6 Dhcp Server Ip-In-Use

    pool pool-name: Clears binding information for lease-expired IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines If you do not specify any parameter, this command clears binding information for all lease-expired IPv6 addresses.

  • Page 231: Reset Ipv6 Dhcp Server Pd-In-Use

    reset ipv6 dhcp server pd-in-use Use reset ipv6 dhcp server pd-in-use to clear binding information for assigned IPv6 prefixes. Syntax reset ipv6 dhcp server pd-in-use [ pool pool-name | prefix prefix/prefix-len ] Views User view Predefined user roles network-admin Parameters pool pool-name: Clears binding information for assigned IPv6 prefixes in the address pool specified by its name, a case-insensitive string of 1 to 63 characters.

  • Page 232: Sip-Server

    Examples # Clear DHCPv6 server statistics. <Sysname> reset ipv6 dhcp server statistics Related commands display ipv6 dhcp server statistics sip-server Use sip-server to specify the IPv6 address or domain name of a SIP server in the DHCPv6 address pool. Use undo sip-server to remove a SIP server. Syntax sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name }...
  • Page 233 Use undo static-bind to remove a static binding. Syntax static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len } duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len } Default No static binding is configured in a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles...

  • Page 234: Temporary Address Range

    Related commands display ipv6 dhcp pool temporary address range Use temporary address range to configure a temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo temporary address range to remove the temporary IPv6 address range from the address pool. Syntax temporary address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]...
  • Page 235 address range • • network...

  • Page 236: Tunneling Commands

    Tunneling commands default Use default to restore the default settings for the tunnel interface. Syntax default Views Tunnel interface view Predefined user roles network-admin Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network.

  • Page 237: Destination

    Parameters text: Specifies a description for the interface, a string of 1 to 80 case-sensitive characters. Usage guidelines Configure descriptions for different interfaces for identification and management purposes. This command configures an interface description and has no any other function. You can use the display interface command to view the configured interface description.

  • Page 238: Display Interface Tunnel

    Examples # VLAN-interface 100 of Sysname 1 uses the IP address 193.101.1.1 and VLAN-interface 100 of Sysname 2 uses the IP address 192.100.1.1. Configure the source address 193.101.1.1 and destination address 192.100.1.1 for the tunnel interface of Sysname 1. <Sysname1> system-view [Sysname1] interface tunnel 1 mode ipv6-ipv4 [Sysname1-Tunnel1] source 193.101.1.1 [Sysname1-Tunnel1] destination 192.100.1.1...
  • Page 239 Examples # Display detailed information about interface Tunnel 1. <Sysname> display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1456 Internet Address is 10.1.2.1/24 Primary Tunnel source 2002::1:1, destination 2001::2:1 Tunnel bandwidth 64 (kbps) Tunnel TTL 255 Tunnel protocol/transport GRE/IPv6...
  • Page 240 Field Description Tunnel mode and transport protocol: • GRE/IP—GRE over IPv4 tunnel mode. • GRE/IPv6—GRE over IPv6 tunnel mode. • IP/IP—IPv4 over IPv4 tunnel mode. Tunnel protocol/transport • IPv6—IPv6 tunnel mode. • IPv6/IP—IPv6 over IPv4 manual tunnel mode. • IPv6/IP 6to4—IPv6 over IPv4 6to4 tunnel mode. •...

  • Page 241: Interface Tunnel

    Field Description Physical link state of the interface: • UP—The link is physically up. • DOWN—The link is physically down. Link • ADM—The link has been administratively shut down. To bring it up, use the undo shutdown command. • Stby—The interface is a backup interface. Protocol state: •...

  • Page 242: Mtu

    mode ipv6-ipv4 isatap: Specifies ISATAP tunnel mode. Usage guidelines To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the view of an existing tunnel interface, you do not need to specify the tunnel mode. A tunnel interface number is locally significant.

  • Page 243: Reset Counters Interface

    <Sysname> system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] mtu 10000 Related commands display interface tunnel reset counters interface Use reset counters interface to clear the statistics of tunnel interfaces. Syntax reset counters interface [ tunnel [ number ] ] Views User view Predefined user roles network-admin Parameters...

  • Page 244: Shutdown

    Views Tunnel interface view Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device. The slot-number argument specifies the ID of the IRF member device. Usage guidelines If no IRF member device is specified for forwarding the traffic on the current interface, the traffic is processed on the IRF member device that receives the traffic.

  • Page 245: Source

    <Sysname> system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] shutdown Related commands display interface tunnel source Use source to specify the source address or source interface for the tunnel interface. Use undo source to restore the default. Syntax source { ip-address | ipv6-address | interface-type interface-number } undo source Default No source address or source interface is specified for the tunnel interface.

  • Page 246: Tunnel Bandwidth

    Related commands destination • display interface tunnel • • interface tunnel tunnel bandwidth Use tunnel bandwidth to set the bandwidth of a tunnel interface. Use undo tunnel bandwidth to restore the default. Syntax tunnel bandwidth bandwidth-value undo tunnel bandwidth Default The bandwidth of a tunnel interface is 64 kbps.

  • Page 247: Tunnel Discard Ipv4-Compatible-Packet

    Default The DF bit is not set for tunneled packets. Views Tunnel interface view Predefined user roles network-admin Usage guidelines To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than tunneled packets. Otherwise, do not set the DF bit to avoid discarding tunneled packets larger than the path MTU.

  • Page 248: Tunnel Tos

    tunnel tos Use tunnel tos to set the Type of Service (ToS) of tunneled packets. Use undo tunnel tos to restore the default. Syntax tunnel tos tos-value undo tunnel tos Default The ToS of tunneled packets is the same as the ToS of the original packets. Views Tunnel interface view Predefined user roles...
  • Page 249 Predefined user roles network-admin Parameters ttl-value: TTL of tunneled packets, in the range of 1 to 255. Usage guidelines The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packet is discarded to avoid loops. Examples # Set the TTL of tunneled packets to 100 on the interface Tunnel 1.

  • Page 250: Gre Commands

    GRE commands keepalive Use keepalive to enable the GRE keepalive function, and set the keepalive interval and the keepalive number. Use undo keepalive to disable the keepalive function. Syntax keepalive [ interval [ times ] ] undo keepalive Default The GRE keepalive function is disabled. Views Tunnel interface view Predefined user roles...

  • Page 251: Support And Other Resources

    Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • Technical support registration number (if applicable) • • Product serial numbers Error messages •...

  • Page 252: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 253 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 254: Index

    Index A B C D E F G I K L M N O P R S T U V W dhcp server always-broadcast,33 dhcp server apply ip-pool,34 address range,29 dhcp server bootp ignore,34 address range,198 dhcp server bootp reply-rfc- 1 048,35 arp check enable,1...
  • Page 255 display dhcp server pool,43 display tcp,130 display dhcp server statistics,45 display tcp statistics,131 display dhcp snooping binding,93 display tcp verbose,133 display dhcp snooping binding database,94 display udp,134 display dhcp snooping information,95 display udp statistics,135 display dhcp snooping packet statistics,96 display udp verbose,135 display dhcp snooping trust,96...
  • Page 256 ipv6 address auto link-local,175 method,1 18 ipv6 address eui-64,176 mtu,234 ipv6 address link-local,177 ipv6 dhcp pool,212 nbns-list,52 ipv6 dhcp prefix-pool,212 netbios-type,53 ipv6 dhcp select,213 network,54 ipv6 dhcp server,214 network,218 ipv6 dhcp server apply pool,215 next-server,55 ipv6 dhcp server forbidden-address,216 ipv6 dhcp server forbidden-prefix,217 ipv6 dns server,1 10...
  • Page 257 shutdown,236 tunnel bandwidth,238 sip-server,224 tunnel dfbit enable,238 source,237 tunnel discard ipv4-compatible-packet,239 ssl client policy,1 19 tunnel tos,240 static-bind,59 tunnel ttl,240 static-bind,224 Subscription service,243 udp-helper enable,148 udp-helper port,148 mss,142 udp-helper server,149 path-mtu-discovery,143 url,120 tcp syn-cookie enable,144 username,122 tcp timer fin-timeout,145 tcp timer syn-timeout,145 voice-config,62 window,146...

Table of Contents