manualshive.com logo in svg

3Com Switch 8807, Command Reference Manual

The 3Com Switch 8807 is a high-performance networking device designed to meet the demands of enterprise-level organizations. With advanced features and reliable performance, this switch ensures seamless data transmission and network optimization. Easily access the comprehensive datasheet and user manual for free download from our website, manualshive.com.

Share
Download
background image

ACL Commands

229

Description

Use the 

rule

 command to add a rule to the ACL.

Use the 

undo rule

 command to delete a rule from the ACL.

You can define multiple rules for an ACL. Only the specified rules will be deleted if 
you select parameters in the 

undo rule

 command.

If you redefine an existing rule, the newly configured option automatically 
overwrites the corresponding option of the original rule, and the option not being 
redefined remains. For example:

With the original rule 0:

[acl number 2000]rule 0 permit source 10.1.1.1 0 time-range 3Com 

when redefine it as follows:

[acl number 2000]rule 0 permit source 10.1.1.2 0 fragment 

it becomes:

rule 0 permit source 10.1.1.2 0 fragment time-range 3Com 

That is, the source option is replaced with 10.1.1.2, the fragment option which 
the original rule does not contain is added, and the time-range 3Com option 
which the original rule contains is reserved.

CAUTION:

If you want to replace an existing rule, you are recommended to use the undo 
command to delete the original rule fist, and then reconfigure the rule. This 
makes sure the unwanted options are completely removed.

If you configure a rule without providing the rule number, the system will 
automatically generate a new rule if the rule is not identical to any existing 
rules.

The rule with the specified bt-flag cannot be used in the traffic-redirect 
command.

Related command: 

acl

.

Example

# Add a rule to the advanced ACL.

<SW8800> system-view

 

System View: return to User View with Ctrl+Z. 

 

[SW8800]acl number 3000

 

[3Com-acl-adv-3000] rule 1 permit tcp established source 1.1.1.1 0 

 

destination 2.2.2.2 0 

time-range

Syntax

time-range

 

time-name

 { 

start-time

 

to

 

end-time

 

days-of-the-week

 [ 

from

 

start-time start-date

 ] [ 

to

 

end-time end-date

 ] | 

from

 

start-time start-date

 [ 

to

 

end-time end-date

 ] | 

to

 

end-time end-date

 }

Summary of Contents for Switch 8807

Page 1: ...3Com Switch 8800 Family Command Reference Guide Switch 8807 Switch 8810 Switch 8814 www 3Com com Part No 10015595 Rev AA Published January 2007 ...

Page 2: ...2 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com and...

Page 3: ...y cost type 549 apply ip next hop 550 apply isis 550 apply local preference 551 apply mpls label 708 apply origin 551 apply tag 552 area 414 area authentication mode 461 arp enable size 820 arp max aggregation entry 819 arp max entry 819 arp non flooding 807 arp proxy enable 807 arp static 808 arp static multi port 810 arp timer aging 811 asbr summary 414 ascii 991 attribute 310 authentication mod...

Page 4: ...eckzero 397 clock datetime 1025 clock summer time 1025 clock timezone 1026 close 993 command privilege level 37 compare different as med 499 compare different as med 656 confederation id 500 confederation nonstandard 501 confederation peer as 501 connection 767 copy 971 copy configuration 130 cos 774 cost style 462 count 1071 c rp 619 crp policy 620 cut connection 311 dampening 502 databits 45 dat...

Page 5: ...pls ldp 690 debugging mpls lspm 681 debugging mpm 569 debugging msdp 637 debugging multicast forwarding 584 debugging multicast kernel routing 584 debugging multicast status forwarding 585 debugging nqa 1073 debugging ntp service 929 debugging ospf 416 debugging pim common 621 debugging pim dm 621 debugging pim sm 622 debugging portal 369 debugging radius 329 debugging ssh server 943 debugging stp...

Page 6: ... identifier 857 dhcp relay information strategy 856 dhcp relay security 851 dhcp relay security address check 852 dhcp select 823 dhcp server detect 824 dhcp server dns list 826 dhcp server domain name 827 dhcp server expired 828 dhcp server forbidden ip 829 dhcp server ip pool 830 dhcp server nbns list 830 dhcp server netbios type 831 dhcp server option 832 dhcp server ping 833 dhcp server relay ...

Page 7: ...ay bgp routing table 509 display bgp routing table as path acl 511 display bgp routing table cidr 512 display bgp routing table community 512 display bgp routing table community list 513 display bgp routing table dampened 514 display bgp routing table different origin as 515 display bgp routing table flap info 515 display bgp routing table label 712 display bgp routing table peer 517 display bgp r...

Page 8: ... flow temlate 218 display garp statistics 121 display garp timer 121 display gvrp statistics 124 display gvrp status 125 display history command 38 display hwtacacs 354 display icmp statistics 109 display igmp group 603 display igmp interface 604 display igmp snooping configuration 569 display igmp snooping group 570 display igmp snooping statistics 571 display info center 1003 display interface 1...

Page 9: ...regation interface 154 display link aggregation summary 152 display link aggregation verbose 152 display local server 330 display local user 314 display logbuffer 1005 display logbuffer summary 1007 display loopback detection 1048 display mac address 161 display mac address aging time 161 display mac address multicast static 600 display mac address vsi 776 display memory 985 display mirroring grou...

Page 10: ... 429 display ospf nexthop 431 display ospf peer 432 display ospf request queue 432 display ospf retrans queue 433 display ospf routing 434 display ospf vlink 436 display password control 1089 display password control blacklist 1089 display password control super 1090 display pim bsr info 623 display pim interface 624 display pim neighbor 624 display pim routing table 625 display pim rp info 626 di...

Page 11: ...display qos vlan traffic redirect 245 display qos vlan traffic statistic 245 display radius 330 display radius nas ip 332 display radius statistics 332 display rip 398 display rip vpn instance 716 display rmon alarm 917 display rmon event 918 display rmon eventlog 918 display rmon history 919 display rmon prialarm 920 display rmon statistics 921 display route policy 553 display rsa local key pair ...

Page 12: ...r interface 45 display users 1032 display users 46 display version 1032 display vlan 79 display vlan acl member ports 290 display vlan ip interface 88 display vlan ip vlan 87 display vlan protocol vlan vlan 85 display vpls connection 777 display vrrp 789 display vrrp ifm 790 display vrrp statistics 791 display vrrp summary 792 display vsi 778 display xbar 802 dns domain 865 dns resolve 865 dns ser...

Page 13: ...ort 554 filter policy export 663 filter policy export 717 filter policy import 400 filter policy import 439 filter policy import 440 filter policy import 471 filter policy import 519 filter policy import 555 filter policy import 664 filter policy import 718 fixdisk 974 flow control 136 flow control 47 flow interval 136 flow template user defined 220 flow template user defined template info 221 for...

Page 14: ...match mpls label 719 if match tag 560 if match vpn target 719 igmp enable 605 igmp fast leave 606 igmp group limit 608 igmp group policy 608 igmp host join port 609 igmp host join vlan 610 igmp lastmember queryinterval 610 igmp max response time 611 igmp proxy 616 igmp robust count 612 igmp timer other querier present 613 igmp timer query 614 igmp version 614 igmp report enhance enable 612 igmp sn...

Page 15: ...timestamp 1019 info center trapbuffer 1020 instance 176 interface 138 interface vlan interface 80 ip address 101 ip as path acl 560 ip binding vpn instance 721 ip community list 561 ip host 102 ip host 861 ip http shutdown 1040 ip icmp time exceed enable 103 ip ip prefix 562 ip managed multicast 591 ip netstream aggregation 872 ip netstream enable 871 ip netstream export host 873 ip netstream expo...

Page 16: ...olate user vlan 96 isolate user vlan enable 97 jumboframe enable 138 key 335 key 357 l2 binding vsi 780 l2vpn family 769 label range 779 lacp enable 155 lacp port priority 155 lacp system priority 156 language mode 52 lcd 996 level 319 link aggregation 156 link aggregation group agg id description 157 link aggregation group agg id mode 158 link status hold 137 local precedence 249 local server 336...

Page 17: ...mac table limit 782 md5 compatible 487 mdi 140 mirrored to 251 mirrored to 281 mirroring group 252 mkdir 966 mkdir 975 mkdir 997 modem 53 modem auto answer 54 modem timer answer 54 more 976 move 976 mpls 685 mpls l2vc 766 mpls l2vpn 770 mpls l2vpn encapsulation 770 mpls ldp 697 mpls ldp enable 697 mpls ldp hops count 698 mpls ldp label accept 699 mpls ldp label advertise 700 mpls ldp loop detect 6...

Page 18: ...t max requests 1078 nssa 444 ntp service access 932 ntp service authentication enable 933 ntp service authentication keyid 933 ntp service broadcast client 934 ntp service broadcast server 934 ntp service max dynamic sessions 935 ntp service multicast client 936 ntp service multicast server 936 ntp service refclock master 937 ntp service reliable authentication keyid 938 ntp service source interfa...

Page 19: ...allow as loop 523 peer allow as loop 667 peer allow as loop 728 peer as number 524 peer as number 729 peer as path acl export 524 peer as path acl export 667 peer as path acl export 730 peer as path acl import 525 peer as path acl import 668 peer as path acl import 730 peer connect interface 526 peer connect interface 731 peer default route advertise 526 peer default route advertise 732 peer defau...

Page 20: ...peer next hop local 673 peer next hop local 739 peer password 533 peer password 739 peer public as only 534 peer public as only 674 peer public as only 740 peer reflect client 535 peer reflect client 674 peer reflect client 741 peer request sa enable 647 peer restart timer 535 peer route policy export 536 peer route policy export 675 peer route policy export 741 peer route policy import 537 peer r...

Page 21: ...e power input thresh upper 893 poe power output thresh lower 894 poe power output thresh upper 894 policy vpn target 746 port 254 port 83 port access vlan 141 port can access vlan acl 289 port hybrid ip vlan vlan 89 port hybrid protocol vlan vlan 85 port hybrid pvid vlan 142 port hybrid vlan 142 port link aggregation group 158 port link type 143 port trunk mpls vlan 747 port trunk permit vlan 145 ...

Page 22: ...otocol inbound 948 protocol vlan 86 public key code begin 949 public key code end 949 put 966 put 998 pwd 966 pwd 977 pwd 998 pwsignal 785 qos conform level 256 qos cos drop precedence map 256 qos cos local precedence map 258 queue 260 queue scheduler 261 quick ping enable 1027 quit 56 quit 957 quit 967 quit 999 radius client 339 radius nas ip 340 radius scheme 341 reboot 986 reflect between clien...

Page 23: ...cacs statistics 360 reset igmp group 615 reset igmp snooping statistics 579 reset ip netstream statistics 877 reset ip statistics 116 reset isis all 489 reset isis peer 489 reset lacp statistics 159 reset logbuffer 1021 reset mac address 167 reset mac address multicast 601 reset mac address vsi 786 reset msdp peer 649 reset msdp sa cache 650 reset msdp statistics 650 reset multicast forwarding tab...

Page 24: ...n level 178 rip 404 rip authentication mode 405 rip input 406 rip metricin 407 rip metricout 407 rip output 408 rip split horizon 408 rip version 409 rip work 410 rmdir 1000 rmdir 968 rmdir 978 rmon alarm 922 rmon event 923 rmon history 924 rmon prialarm 925 rmon statistics 927 route distinguisher 750 route policy 563 router id 454 router route limit 565 router VRF limit 565 route rely 567 route t...

Page 25: ...et overload 490 sftp 968 sftp server enable 960 sham link 455 sham link 754 share descriptors 273 shell 60 shutdown 146 shutdown 651 shutdown 786 shutdown 81 silent interface 454 silent interface 490 slave auto update config 802 slave restart 803 slave switchover 803 slave update configuration 804 snmp agent community 276 snmp agent community 906 snmp agent group 277 snmp agent group 907 snmp agen...

Page 26: ...mpatible_ssh1x enable 952 ssh server rekey interval 953 ssh server timeout 953 ssh service type default 960 ssh user assign rsa key 954 ssh user authentication type 955 ssh user service type 961 ssh2 958 startup saved configuration 74 state 326 state 347 static bind ip address 848 static bind mac address 849 static lsp egress 687 static lsp egress l2vpn 763 static lsp ingress 688 static lsp ingres...

Page 27: ...ion 194 stp max hops 194 stp mcheck 195 stp mode 196 stp no agreement check 196 stp non flooding 197 stp pathcost standard 198 stp point to point 198 stp port priority 199 stp region configuration 200 stp reset arp 201 stp root protection 203 stp tc protection 203 stp timer forward delay 204 stp timer hello 205 stp timer max age 206 stp timer factor 207 stp transmit limit 208 stub 457 subvlan 92 s...

Page 28: ...ounting 350 timer realtime accounting 365 timer response timeout 351 timer response timeout 366 timer retry 652 timer spf 494 time range 229 timers 411 tos 1085 tracert 1037 traffic limit 263 traffic limit 283 traffic priority 266 traffic priority 285 traffic redirect 1065 traffic redirect 268 traffic redirect 287 traffic redirect 752 traffic shape 271 traffic statistic 272 traffic statistic 288 t...

Page 29: ... 148 vlan vpn enable 213 vlan vpn tpid 1068 vlan vpn tunnel 1069 vlan vpn tunnel 213 vlan vpn uplink enable 1069 vlink peer 458 vpls load share 785 vpn instance 1087 vpn instance 352 vpn instance capability simple 757 vpn target 758 vrrp authentication mode 793 vrrp log state 794 vrrp method vrrp log state 794 vrrp ping enable 795 vrrp un check ttl 796 vrrp vrid preempt mode 796 vrrp vrid priority...

Page 30: ......

Page 31: ... Port Based VLAN Configuration Commands 83 Protocol Based VLAN Configuration Commands 84 IP Subnet Based VLAN Configuration Commands 87 5 SUPER VLAN CONFIGURATION COMMANDS Super VLAN Configuration Commands 91 6 ISOLATE USER VLAN CONFIGURATION COMMANDS Isolate user vlan Configuration Commands 95 7 IP ADDRESS CONFIGURATION COMMANDS IP Address Configuration Commands 99 8 IP PERFORMANCE CONFIGURATION ...

Page 32: ...1 15 BPDU TUNNEL CONFIGURATION COMMANDS BPDU Tunnel Configuration Commands 213 16 ACL COMMANDS ACL Commands 215 17 QOS COMMANDS QoS Commands 233 18 ACL CONTROL COMMANDS TO CONTROL LOGIN USERS The ACL Control Commands to Control Login Users 275 19 VLAN ACL CONFIGURATION COMMANDS VLAN ACL Configuration Commands 281 20 802 1X CONFIGURATION COMMANDS 802 1x Configuration Commands 293 21 AAA AND RADIUS ...

Page 33: ...7 29 ROUTE CAPACITY CONFIGURATION COMMANDS Route Capacity Configuration Commands 565 30 RECURSIVE ROUTING CONFIGURATION Recursive Routing Configuration Commands 567 31 IGMP SNOOPING CONFIGURATION COMMANDS IGMP Snooping Configuration Commands 569 Multicast Static Routing Port Configuration Commands 579 32 MULTICAST VLAN CONFIGURATION COMMANDS Multicast VLAN Configuration Commands 581 33 MULTICAST C...

Page 34: ...s 761 Martini MPLS L2VPN Configuration Commands 765 Kompella MPLS L2VPN Configuration Commands 766 42 VPLS CONFIGURATION COMMANDS VPLS Configuration Commands 773 43 VRRP CONFIGURATION COMMANDS VRRP Configuration Commands 789 44 HA CONFIGURATION COMMANDS_HA_CONFIGURATION HA Configuration Commands 801 45 ARP CONFIGURATION COMMANDS ARP Configuration Commands 807 46 ARP TABLE SIZE CONFIGURATION COMMAN...

Page 35: ...URATION COMMANDS UDP Helper Configuration Commands 895 53 SNMP CONFIGURATION COMMANDS SNMP Configuration Commands 899 54 RMON CONFIGURATION COMMANDS RMON Configuration Commands 917 55 NTP CONFIGURATION COMMANDS NTP Configuration Commands 929 56 SSH TERMINAL SERVICE CONFIGURATION COMMANDS SSH Server Configuration Commands 943 SSH Client Configuration Commands 956 SFTP Server Configuration Commands ...

Page 36: ... Test Commands 1035 62 PROTOCOL PORT SECURITY CONFIGURATION COMMANDS Protocol Port security Configuration Commands 1039 63 PORT PACKET STATISTICS COMMANDS Port Packet Statistics Commands 1041 64 PORT LOOPBACK DETECTION COMMANDS Ethernet Port Detection Configuration Commands 1045 65 QINQ CONFIGURATION COMMANDS QinQ Configuration Commands 1065 66 NQA CONFIGURATION COMMANDS NQA Configuration Commands...

Page 37: ...able 1 lists icon conventions that are used throughout this guide Table 2 lists text conventions that are used throughout this guide Table 1 Notice Icons Icon Notice Type Description n Information note Information that describes important features or instructions c Caution Information that alerts you to potential loss of data or potential damage to an application system or device w Warning Informa...

Page 38: ... about your product If information in this guide differs from information in the release notes use the information in the Release Notes These documents are available in Adobe Acrobat Reader Portable Document Format PDF on the 3Com World Wide Web site http www 3com com Words in italics Italics are used to Emphasize a point Denote a new term at the place where it is defined in the text Identify menu...

Page 39: ...agement which are identified as 0 through 3 respectively An administrator assigns authorities as per user requirements and allows them to operate in corresponding views When a user logs in to the switch the command level that it can access depends on two points One is the command level that the user itself can access the other is the set command level of this user interface If the two levels are d...

Page 40: ... the string exclude Displays only the commands that do not match the match string Match string The regular expression to match Description The display history command command is used to query selectively the history commands All the history commands are stored in the history command buffer When the history command buffer is full the oldest information in the buffer will be replaced by new informat...

Page 41: ...ommand Number and a regular expression begin include exclude Match string the system will display the commands that match the regular expression among the Command Number pieces of commands executed recently Related command history command max size Example Display all history commands in the buffer SW8800 display history command system view user interface vty 0 user interface vty 0 4 history comman...

Page 42: ...xpression SW8800 display history command exclude ip system view user interface vty 0 user interface vty 0 4 history command max size 100 quit display vlan display vlan all acl name lc interface Vlan interface 1 quit quit display history command display history command 5 display history command include 10 11 113 14 displ super Syntax super level View User view Parameter level User level ranging 0 t...

Page 43: ...er mode the password can either be in encrypted text or in plain text The result is determined by the input A plain text password is a sequential character string of no more than 16 digits for example 3com918 The length of an encrypted password must be 24 digits and in encrypted text for example _ TT8F Y5SQ Q MAF4 1 Description Use the super password command to configure the password for changing ...

Page 44: ...42 CHAPTER 1 COMMAND LINE INTERFACE COMMANDS SW8800 system view System View return to User View with Ctrl Z SW8800 super password level 3 simple zbr ...

Page 45: ...ure no authentication This command with the password parameter indicates to perform local password authentication that is you need to configure a login password using the set authentication password cipher simple password command This command with the scheme parameter indicates to perform authentication of local or remote username and password The type of the authentication depends on your configu...

Page 46: ...atically The user will be disconnected after that Use the undo auto execute command command to configure not to run the command automatically This command is usually used to configure the telnet command on the terminal which will connect the user to a designated device automatically By default auto run is disabled c CAUTION If you execute this command the user interface can no longer be used to pe...

Page 47: ... user interface aux 0 3Com ui aux0 databits 7 display user interface Syntax display user interface type number number summary View Any view Parameter type Specifies the type of a user interface number Specifies the number of a user interface Summary Displays the summary of a user interface Description Use the display user interface command to view the relational information of the user interface T...

Page 48: ...me con0 display users Syntax display users all View Any view Parameter all Displays the information of all user interfaces Table 3 Description on the fields of the display user interface command Field Description Current user interface is in use F Current user interface is in use and work in asynchronous mode Idx Absolute index of user interface Type Type and relative index of user interface Tx Rx...

Page 49: ...fault flow control mode By default the value is none That is no flow control will be performed This command can only be performed in Console and AUX user interface view Example Configure software flow control on AUX port SW8800 system view System View return to User View with Ctrl Z Table 5 Description on the fields of the display users command Field Description Current user interface is in use an...

Page 50: ...ample Release user interface 1 after logged in to the switch via user interface 0 SW8800 free user interface 1 After the command is executed user interface 1 will be disconnected It will not be connected to the switch until you log in via the user interface 1 for the next time header Syntax header shell incoming login text undo header shell incoming login View System view Parameter login Login inf...

Page 51: ...yping any of the three keywords shell login and incoming in the command then what you type after the word header is the contents of the login information instead of identifying header type You can judge whether the initial character can be used as the header contents this way 1 Input texts in multiple lines You need to enter only one character in the first line The character and the last character...

Page 52: ...e characters contained in the first line The initial character is different from the ending one and the initial character pairs with the ending one The initial character is the text contents for example SW8800 system view System View return to User View with Ctrl Z SW8800 header shell hello Input banner text and quit with the character h my friend h The starting and ending characters must be the s...

Page 53: ...ter is contained in the header Hello Welcome SW8800 history command max size Syntax history command max size value undo history command max size View User interface view Parameter value Defines the size of the history buffer ranging from 0 to 256 By default the size is 10 that is 10 history commands can be saved Description Use the history command max size command to configure the size of the hist...

Page 54: ...imeout command to restore the default idle timeout idle timeout 0 means disabling idle timeout By default idle timeout is set to 10 minutes Example Configure the timeout value to 1 minute on the AUX user interface SW8800 system view System View return to User View with Ctrl Z SW8800 user interface aux 0 3Com ui aux0 idle timeout 1 0 language mode Syntax language mode chinese english View User view...

Page 55: ...dem Syntax modem call in both undo modem call in both View User interface view Parameter call in Configures to allow call in both Configures to allow call in and call out Description Use the modem command to configure the call in and call out attributes of the Modem Use the undo modem command to cancel the configuration of Modem call in and call out attributes The modem command without parameters ...

Page 56: ...swer Use the undo modem auto answer command to configure the answer mode as manual answer By default the mode is set to manual answer This command can only be performed in AUX user interface view Example Configure the answer mode of the Modem on the AUX port as auto answer SW8800 system view System View return to User View with Ctrl Z SW8800 user interface aux 0 SW8800 user interface aux 0 3Com ui...

Page 57: ...rity Syntax parity even mark none odd space undo parity View User interface view Parameter even Configures to perform even parity mark Configures to perform mark parity none Configures not to perform parity odd Configures to perform odd parity space Configures to perform space parity Description Use the parity command to configure the parity mode on the user interface Use the undo parity command t...

Page 58: ...e that only the VTY type of user interfaces support protocol setting Related command user interface vty Example Set the Telnet protocol to be used for user login SW8800 system view System View return to User View with Ctrl Z SW8800 user interface vty 0 3Com ui vty0 protocol inbound telnet quit Syntax quit View Any view Parameter None Description Use the quit command to return to the lower level vi...

Page 59: ... system view SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 2 3Com vlan2 return SW8800 screen length Syntax screen length screen length undo screen length View User interface view Parameter screen length Specifies how many lines can be displayed on a screen ranging from 0 to 512 The default value is 24 Description Use the screen length command to configure how many line...

Page 60: ... type which can be console aux or vty number Specifies the absolute relative number of the user interface If it follows type it is a relative number For Aux or Console user types it can be 0 only For VTY user type it ranges from 0 to 4 If the type is not specified it is an absolute number which ranges from 0 to 6 Description Use the send command to send messages between different user interfaces E...

Page 61: ...ement level These are commands that influence the basic operation of the system and system support module which plays a supporting role on service Commands of this level involve file system commands FTP commands TFTP commands XModem downloading commands user management commands and level setting commands Example Configure the user zbr to use commands at level 0 after login SW8800 system view Syste...

Page 62: ...ntication password on VTY 0 to aaa SW8800 system view System View return to User View with Ctrl Z SW8800 user interface vty 0 3Com ui vty0 set authentication password simple aaa shell Syntax shell undo shell View User interface view Parameter None Description Use the shell command to enable terminal service of a user interface Use the undo shell command to disable the terminal service of a user in...

Page 63: ...e speed command to configure the transmission rate on the user interface Use the undo speed command to restore the default rate This command can only be performed in Console and AUX user interface view Note that AUX user interface does not support the transmission rate 57600 bps and 115200 bps Example Configure the transmission speed on the AUX port as 4800 bps SW8800 system view System View retur...

Page 64: ...user interface aux 0 3Com ui aux0 stopbits 2 sysname Syntax sysname text undo sysname View System view Parameter text Specifies the hostname with a character string ranging from 1 to 30 characters The default name is 3Com Description Use the sysname command to configure the hostname of the switch Use the undo sysname command to restore the default hostname Changing the hostname of the switch will ...

Page 65: ...the remote system It is configured using the ip host command ip address Specifies the IP address of the remote switch service port Designates the TCP port on the remote switch providing Telnet service ranging from 0 to 65535 Description Use the telnet command to log in to another switch from the current one via telnet for remote management To terminate the Telnet login press Ctrl K By default when...

Page 66: ...ion SW8800 system view System View return to User View with Ctrl Z SW8800 user interface vty 0 3Com ui vty0 user privilege level Syntax user privilege level level undo user privilege level View User interface view Parameter level Specifies which level of command a user can use after login from the specifically user interface ranging from 0 to 3 Description Use the user privilege level command to c...

Page 67: ... 0 After you telnet from VTY 0 user interface to the switch you will view the terminal only displays commands at level 0 SW8800 User view commands debugging Enable system debugging functions language mode Specify the language environment ping Ping function quit Exit from current command view super Privilege current user a specified priority level telnet Establish one TELNET connection tracert Trac...

Page 68: ...66 CHAPTER 2 COMMANDS USED TO LOG IN TO SWITCH ...

Page 69: ...Aux Ethernet GigabitEthernet NULL Vlan interface M Ethernet LoopBack interface number Number of the interface configuration configuration Views the pre positive and post positive configuration information The value of configuration is the key word of the configuration such as system Views the host name timerange Views the configuration information of time range Filters the configuration informatio...

Page 70: ...xample View the running configuration parameters of the switch SW8800 display current configuration sysname 3Com radius scheme system server type nec primary authentication 127 0 0 1 1645 primary accounting 127 0 0 1 1646 user name format without domain domain system radius scheme system access limit disable Table 6 Special characters in the regular expression Special characters Description Restri...

Page 71: ... interface Aux0 0 1 interface M Ethernet0 0 0 interface Ethernet4 1 1 interface Ethernet4 1 2 interface Ethernet4 1 3 interface Ethernet4 1 4 interface Ethernet4 1 5 interface Ethernet4 1 6 interface Ethernet4 1 7 interface NULL0 ospf area 0 0 0 0 network 10 1 1 0 0 0 0 255 user interface aux 0 user interface vty 0 4 return View the lines containing the character string 10 110 in the configuration...

Page 72: ...n begin with user SW8800 display current configuration include user user interface aux 0 user interface vty 0 4 View the pre positive and post positive configuration information SW8800 display current configuration configuration sysname 3Com radius scheme system server type nec primary authentication 127 0 0 1 1645 primary accounting 127 0 0 1 1646 user name format without domain domain system rad...

Page 73: ...nd save reset saved configuration and display current configuration Example Display configuration files in flash memory or CF card of the switch SW8800 display saved configuration sysname 3Com local user abc password simple abc tcp window 8 interface Aux7 1 1 link protocol ppp interface Ethernet2 1 1 interface Ethernet2 1 2 interface Ethernet2 1 3 ip address 10 110 101 17 255 255 255 0 interface N...

Page 74: ...information when executing the display this command Associated configuration of the interface is displayed when executing the command in different interface views related configuration of the protocol view is displayed when executing this command in different protocol views and all the configuration of the protocol view is displayed when executing this command in protocol sub views Related command...

Page 75: ...rform this command with cautious It is suggested to consult technical support personnel first Generally this command is used in the following situations After upgrade of software configuration files in flash memory may not match the new version s software Perform the reset saved configuration command to erase the old configuration files If a used switch is applied to the new circumstance and the o...

Page 76: ...ation display saved configuration Example Get the current configuration files stored in the flash memory SW8800 save The configuration will be written to the device Are you sure Y N y Now saving current configuration to the device Saving configuration flash 8500 cfg Please wait Configuration is saved to flash memory successfully startup saved configuration Syntax startup saved configuration cfgfil...

Page 77: ...n file must be cfg and the startup configuration file must be saved under the directory where the memory resides The memory is Flash Related command display startup Example Configure the configuration file for the next start up SW8800 startup saved configuration vrpcfg cfg ...

Page 78: ...76 CHAPTER 3 CONFIGURATION FILE MANAGEMENT COMMANDS ...

Page 79: ... of the VLAN e g VLAN 0001 The default description character string of VLAN interface is the interface name e g Vlan interface1 interface Description Use the description command to configure a description for the current VLAN or VLAN interface Use the undo description command to restore the default description of current VLAN or VLAN interface Related command display vlan display interface vlan in...

Page 80: ...specified VLAN interface will be displayed If no vlan id is specified the information about all the existing VLAN interfaces will be displayed Related command interface vlan interface Example Display related information about VLAN interface 1 SW8800 display interface Vlan interface 1 Vlan interface1 current state DOWN Line protocol current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hard...

Page 81: ...be displayed VLAN description and the ports VLAN contains If parameter is not specified information of the VLANs that has been created is displayed If the parameter dynamic or static is selected information of VLANs created dynamically or statically by the system is displayed Related command vlan Example Display the information about VLAN2 SW8800 display vlan 2 VLAN ID 2 VLAN Type static ARP proxy...

Page 82: ...rface 1 SW8800 interface vlan interface 1 name Syntax name string undo name View VLAN view Parameter string Name of the current VLAN a string of 1 to 32 characters The default value is the VLAN ID of the VLAN Description Use the name command to name the current VLAN Use the undo name command to restore the default name of the current VLAN By default the name of the current VLAN is the VLAN ID of t...

Page 83: ...the Up state this VLAN interface is also Up This command can be used to start interface after the related parameters and protocols of VLAN interface are set Or when the VLAN interface fails the interface can be shut down first and then restarted In this way the interface may be restored to normal status Shutting down or bringing up a VLAN interface will not affect any Ethernet port of this VLAN Ex...

Page 84: ...n id 1 10 The vlan id before the keyword to must be larger than or equal to the vlan id after to 1 10 means that the preceding parameter can be repeated up to 10 times all All VLANs Description Use the trap to cpu disable vlan command to move the CPU port out of the specified VLANs Use the undo trap to cpu disable vlan command to move the CPU port into the specified VLANs Example Move the CPU port...

Page 85: ...N VPN enabled cannot be removed A Guest VLAN cannot be deleted A protocol enabled VLAN cannot be deleted Port Based VLAN Configuration Commands port Syntax port interface list undo port interface list View VLAN view Parameter interface list List of Ethernet ports expressed as interface list interface type interface number to interface type interface number 1 10 interface type is interface type int...

Page 86: ...face number interface type is interface type interface number is interface number The interface number after the keyword to must be larger than or equal to the interface number before to all Displays the protocol information of all ports Description Use the display protocol vlan interface command to view the protocol information and protocol index configured on the specific port to which you can r...

Page 87: ...tocol information and protocol index configured on the VLAN 522 SW8800 display protocol vlan vlan 522 VLAN ID 522 VLAN Type Protocol based VLAN Index Type Value 0 at 1 ethernetii etype 0x0600 2 llc dsap 0x1 ssap 0x02 3 snap etype 0x0700 4 ipx ethernetii 5 ipx llc 6 ipx raw 7 ipx snap port hybrid protocol vlan vlan Syntax port hybrid protocol vlan vlan vlan id vlan protocol list all undo port hybri...

Page 88: ...hernet1 1 1 port hybrid protocol vlan vlan 3 4 to 7 protocol vlan Syntax protocol vlan protocol index at ipx ethernetii llc raw snap mode ethernetii etype etype id llc dsap dsap id ssap ssap id snap etype etype id undo protocol vlan protocol index to protocol end all View VLAN view Parameter protocol index Initial value of protocol index ranging from 0 to 7 It must be smaller than protocol end pro...

Page 89: ...y view Parameter vlan list Displays the information of a specified IP subnet based VLAN in the form of vlan list vlan id to vlan id all Displays the protocol information and indexes of all the IP subnet based VLANs Protocol mode Parameter Description Ethernet II based VLAN ethernetii etype etype id etype id Indicates the Ethernet type of an inbound packet in the range of 600 to FFFF etype id Indic...

Page 90: ... 255 0 6 IPv4 1 2 9 0 255 255 255 0 7 IPv4 1 2 10 0 255 255 255 0 VLAN ID 11 VLAN Type IP based VLAN Index Type Value 0 IPv4 2 2 7 0 255 255 255 0 1 IPv4 2 2 8 0 255 255 255 0 2 IPv4 2 2 9 0 255 255 255 0 3 IPv4 2 2 10 0 255 255 255 0 4 IPv4 2 2 3 0 255 255 255 0 5 IPv4 2 2 4 0 255 255 255 0 6 IPv4 2 2 5 0 255 255 255 0 7 IPv4 2 2 6 0 255 255 255 0 display vlan ip interface Syntax display vlan ip ...

Page 91: ...v4 2 2 4 0 255 255 255 0 11 6 IPv4 2 2 5 0 255 255 255 0 11 7 IPv4 2 2 6 0 255 255 255 0 Interface Ethernet6 1 1 Vlan ID Index Type Value 10 0 IPv4 1 2 3 0 255 255 255 0 10 1 IPv4 1 2 4 0 255 255 255 0 10 2 IPv4 1 2 5 0 255 255 255 0 10 3 IPv4 1 2 6 0 255 255 255 0 10 4 IPv4 1 2 7 0 255 255 255 0 10 5 IPv4 1 2 8 0 255 255 255 0 10 6 IPv4 1 2 9 0 255 255 255 0 10 7 IPv4 1 2 10 0 255 255 255 0 port ...

Page 92: ...f no mask is specified the default mask is 255 255 255 0 net mask length Mask length of an IP address index begin Initial value of an IP subnet based VLAN index ranging from 0 to 11 The value must be less than index end index end End value of an IP subnet based VLAN index ranging from 0 to 11 Description Use the vlan type ip subnet command to configure an IP subnet based VLAN Use the undo vlan typ...

Page 93: ...hat identify the mapping relationship Related command supervlan subvlan Example Display the mapping relationship between the super VLAN and the sub VLAN SW8800 display supervlan 2 Supervlan ID 2 Subvlan ID 3 5 Subvlan in which arp proxy is disabled None Display detailed information about the super VLAN and the sub VLANs displayed above SW8800 display vlan 2 VLAN ID 2 VLAN Type static It is a Super...

Page 94: ...roxy enabled Route Interface not configured Description VLAN 0005 Tagged Ports none Untagged Ports Ethernet5 1 3 subvlan Syntax subvlan sub vlan list undo subvlan sub vlan list View VLAN view of super VLAN Parameter sub vlan list List of sub VLANs It is expressed in the form of sub vlan list vlan id to vlan id 1 10 The vlan id after the keyword to must be larger than or equal to that before to 1 1...

Page 95: ...ionship between super VLAN 10 and sub VLANs with VLAN IDs of 3 4 5 and 9 3Com vlan10 subvlan 3 to 5 9 supervlan Syntax supervlan undo supervlan View VLAN view Parameter None Description Use the supervlan command to set a VLAN to be a super VLAN Use the undo supervlan command to cancel the super VLAN type of a VLAN By default no type is configured for a VLAN Note that You cannot add ports to a supe...

Page 96: ...94 CHAPTER 5 SUPER VLAN CONFIGURATION COMMANDS ...

Page 97: ... relationships between isolate user vlan and Secondary VLAN Related command isolate user vlan enable isolate user vlan Example Display the mapping relationships between isolate user VLANs and Secondary VLANs SW8800 display isolate user vlan Isolate user VLAN VLAN ID 5 Secondary VLAN ID 3 4 VLAN ID 5 VLAN Type static Isolate user VLAN type isolate user VLAN ARP proxy disabled Route Interface not co...

Page 98: ...list secondary vlan num to secondary vlan num 1 10 The secondary vlan num parameter after the keyword to cannot be smaller than that before the keyword 1 10 indicates you can repeatedly input the preceding parameter up to 10 times Table 9 Description on the fields of the display isolate user vlan command Field Description Isolate user VLAN Vlan ID VLAN ID of Isolate user VLAN Secondary Vlan ID VLA...

Page 99: ...all Secondary VLANs to isolate user VLAN After undo isolate user vlan command is executed the mapping relationship between isolate user vlan and Secondary VLAN will be canceled The actual operation include delete the ports included in isolate user vlan from Secondary VLAN and delete the ports included in Secondary VLAN from isolate user vlan Related command display isolate user vlan Example Map is...

Page 100: ...solate user VLAN multicast VLAN super VLAN sub VLAN guest VLAN and VLAN running L2VPN services When you configure common VLAN as isolate user VLAN or Secondary VLAN the VLAN cannot contain trunk ports Otherwise the configuration will fail n One isolate user vlan can be mapped to up to 64 Secondary VLANs You can configure up to 32 isolate user VLANs for the system You can configure up to 1024 Secon...

Page 101: ...tatic 1 1 1 1 Aa 0 static 2 2 2 4 display ip interface Syntax display ip interface interface type interface number View Any view Table 10 Description on the fields of the display ip host command Field Description Host Host name Age Valid period Flags Indicates the relationship between the host name and the IP address If you configure the host name by using the ip host command the relationship betw...

Page 102: ...alid packet number 0 ICMP packet input number 0 Echo reply 0 Unreachable 0 Source quench 0 Routing redirect 0 Echo request 0 Router advert 0 Router solicit 0 Time exceed 0 IP header bad 0 Timestamp request 0 Timestamp reply 0 Information request 0 Information reply 0 Netmask request 0 Netmask reply 0 Unknown type 0 DHCP packet deal mode global Table 11 Description on the fields of the display ip i...

Page 103: ...address and the corresponding subnet mask assigned to the VLAN interface loopback interface console interface ICMP packet input number Echo reply Unreachable Source quench Routing redirect Echo request Router advert Router solicit Time exceed IP header bad Timestamp request Timestamp reply Information request Information reply Netmask request Netmask reply Unknown type Total received ICMP packets ...

Page 104: ...ddress while the undo ip address ip address mask mask length sub command can be used to delete the secondary IP address n When you use the ip address command to configure IP addresses of VLAN interfaces the system will prompts if you continue if the IP address you configure is in different network segment from the existing IP address If you do continue the IP address of the VLAN interface will be ...

Page 105: ...0 ip host Lanswitch1 10 110 0 1 ip icmp time exceed enable Syntax ip icmp time exceed enable undo ip icmp time exceed enable View System view Parameter None Description Use the ip icmp time exceed enable command to enable the switch to send the ICMP message time exceeded to the network management system when the switch receives an IP packet whose TTL is less than or equal to 1 thus preventing the ...

Page 106: ...nterface will no longer dynamically learn ARP mapping entries and existing dynamic ARP mapping entries will be removed At the same time the switch will enable the MAC address auto filling function so that the user can configure static ARP entries that have only IP address By default IP address protection is disabled You can use the display this command to view the status of IP address protection e...

Page 107: ...estamp and outbound interface Example Display the entries of the Forwarding Information Base SW8800 display fib Destination Mask Nexthop Flag TimeStamp Interface 10 153 17 0 24 10 153 17 99 U t 0 Vlan interface1 10 153 18 88 32 127 0 0 1 GHU t 0 InLoopBack0 10 153 18 0 24 10 153 18 88 U t 0 LoopBack0 10 153 17 99 32 127 0 0 1 GHU t 0 InLoopBack0 127 0 0 0 8 127 0 0 1 U t 0 InLoopBack0 Table 12 Des...

Page 108: ... address command to view the FIB entries matching the destination IP address range Each line outputs a FIB entry and the display contents for each entry include destination address mask length next hop current flag timestamp and outbound interface Example Display the FIB entries whose destination addresses match 169 253 0 0 in the natural mask range or which match most of 169 253 0 0 SW8800 displa...

Page 109: ...ring of 1 to 32 characters Description Use the display fib command to view the FIB entries matching a specific ACL Example Display the FIB entries matching ACL 2000 SW8800 display fib acl 2000 Route entry matched by access list 2000 Summary counts 1 Destination Mask Nexthop Flag TimeStamp Interface 127 0 0 0 8 127 0 0 1 U t 0 InLoopBack0 For the descriptions of the displayed fields refer to Table ...

Page 110: ...display fib ip prefix listname View Any view Parameter listname Prefix list name a string of 1 to 19 characters in length Description Use the display fib command to view the FIB entries matching the specific prefix list Example Display the FIB entries matching the prefix list abc0 SW8800 display fib ip prefix abc0 Route Entry matched by prefix list abc0 Summary count 3 Destination Mask Nexthop Fla...

Page 111: ...ed 0 Output echo 10 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask requests 0 mask replies 0 time exceeded 0 Table 13 Description on the fields of the display icmp statistics command Field Description bad formats Number of input packets in bad format bad checksum Number of input packets with wrong checksum echo Number of ...

Page 112: ...A 10 153 17 99 23 FA 10 153 17 56 1161 sndbuf 8192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Task VTYD 18 socketid 3 Proto 6 LA 10 153 17 99 23 FA 10 153 17 82 1121 sndbuf 8192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_ISCONNECTE...

Page 113: ...t 0 bad checksum 0 bad options 0 Output forwarding 0 local 27 dropped 0 no route 2 compress fails 0 Fragment input 0 output 0 dropped 0 fragmented 0 couldn t fragment 0 Reassembling sum 0 timeouts 0 rcvbuf The receiving buffer size of the socket sb_cc The current data size in the sending buffer The value makes sense only for the socket of TCP type because only TCP is able to cache data rb_cc The c...

Page 114: ...tocol number bad format Number of packets in bad format bad checksum Number of packets with wrong checksum bad options Number of packets that have wrong options Output forwarding Number of forwarded packets local Number of packets that are sent by the local device dropped Number of dropped packets during transmission no route Number of packets that cannot be routed compress fails Number of packets...

Page 115: ... Packets permitted with MD5 authentication 0 Table 16 Description on the fields of the display tcp statistics command Field Description Received packets Information followed is about received packets Total 753 Total number of received packets 753 packets in sequence 412 11032 bytes Up to 412 packets total of 11 032 bytes arrive in sequence window probe packets 0 window update packets 0 Number of w...

Page 116: ...ections dropped in retransmitted timeout 0 Number of retransmitted timeout events 0 Number of connections dropped due to the number of retransmitted timeout events exceeding the specified value 0 Keepalive timeout 0 keepalive probe 0 Keepalive timeout so connections Number of keepalive timeout events 0 Number of keepalive probe packets sent 0 disconnected 0 Number of connections disconnected when ...

Page 117: ...formation It displays the statistic information of all current UDP connections The statistics information about UDP packets are divided into two major kinds which are received packets and sent packets The packets are further divided into different types such as check packets and error packets There are also some statistics related closely to the connections such as the number of broadcast packets ...

Page 118: ...ics information Related command display tcp statistics checksum error 0 Number of checksum errors 0 shorter than header 0 data length larger than packet 0 Cases that the length of the packets is shorter than the header 0 Cases that the data length exceeds the packet length 0 no socket on port 0 Cases that there is no socket on port 0 broadcast 0 Number of broadcast packets 0 not delivered input so...

Page 119: ...TCP finwait timer value in second with the value ranging from 76 to 3600 By default it is 675 seconds Description Use the tcp timer fin timeout command to configure the TCP finwait timer Use the undo tcp timer fin timeout command to restore the default value of the TCP finwait timer When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2 the finwait timer is enabled If the switch does ...

Page 120: ...received Related command tcp timer fin timeout tcp window Example Configure the TCP synwait timer value as 80 seconds SW8800 system view System View return to User View with Ctrl Z SW8800 tcp timer syn timeout 80 tcp window Syntax tcp window window size undo tcp window View System view Parameter window size The size of the sending and receiving buffers measured in kilobytes KB whose value ranges f...

Page 121: ...IP Performance Configuration Commands 119 SW8800 system view System View return to User View with Ctrl Z SW8800 tcp window 3 ...

Page 122: ...120 CHAPTER 8 IP PERFORMANCE CONFIGURATION COMMANDS ...

Page 123: ... to 10 times Description Use the display garp statistics command to view the GARP statistics information including the number of packets received sent and discarded by GVRP GMRP Example Display the GARP statistics information on Ethernet port Ethernet2 1 1 SW8800 display garp statistics interface ethernet2 1 1 GARP statistics on port Ethernet2 1 1 Number Of GMRP Frames Received 0 Number Of GVRP Fr...

Page 124: ...n leave timer value undo garp timer hold join leave View Ethernet port view Parameter hold GARP Hold timer After receiving certain registration information the GARP application entity will not send Join Message at once Instead it starts the Hold timer All the registration information received within duration of the Hold timer will be transmitted in the same frame after the Hold timer times out the...

Page 125: ... Join timer You can change the lower limit and upper limit of Join timer by changing the value of Hold timer and Leave timer respectively You can change the lower limit and upper limit of Leave timer by changing the value of Join timer and LeaveAll timer respectively The upper limit of LeaveAll timer is 32765 centiseconds You can change its lower limit by changing the value of Leave timer Related ...

Page 126: ...e interface number to interface type interface num 1 10 interface type is interface type and interface number is interface number The interface number after the keyword to must be larger than or equal to that before to 1 10 means that the preceding parameter can be repeated up to 10 times Description Use the reset garp statistics command to reset the GARP statistics information such as the packets...

Page 127: ... GVRP Last Pdu Origin 0000 0000 0000 GVRP Registration Type Normal display gvrp status Syntax display gvrp status View Any view Parameter None Description Use the display gvrp status command to view the global GVRP status information Example Display the global status information about GVRP SW8800 display gvrp status GVRP is enabled The above information means that the global GVRP is enabled Table ...

Page 128: ... GVRP must be enabled disabled on Trunk ports Related command display gvrp status Example Enable global GVRP SW8800 gvrp gvrp registration Syntax gvrp registration fixed forbidden normal undo gvrp registration View Ethernet port view Parameter fixed Enables to create or register VLAN on the port manually and disables to register or deregister VLAN dynamically forbidden Deregisters all VLANs except...

Page 129: ...mand to restore the default type By default the registration type is normal This command can be only used on Trunk port Related command display gvrp statistics Example Set the GVRP registration type of Ethernet2 1 1 as fixed 3Com Ethernet2 1 1 gvrp registration fixed ...

Page 130: ...128 CHAPTER 9 GARP GVRP CONFIGURATION COMMANDS ...

Page 131: ... suppression command to set the broadcast suppression ratio or broadcast suppression bandwidth Use the undo broadcast suppression command to disable the broadcast suppression function The default broadcast suppression ratio is 50 You can use the broadcast suppression command repeatedly The effective broadcast suppression ratio value is the one last updated c CAUTION You cannot enable both broadcas...

Page 132: ...p agg id View System view Parameter interface type Source port type interface number Source port number interface list Destination port list interface list interface type interface number to interface type interface number 1 10 1 10 indicates that the former parameter can be input 10 times repeatedly at most agg id Source or destination aggregation group ID If it is a source aggregation group the ...

Page 133: ...eturn to User View with Ctrl Z SW8800 interface Ethernet 2 1 1 3Com Ethernet2 1 1 description lanswitch interface display counters Syntax display counters rate inbound outbound interface interface type View Any view Parameter rate Displays the rate information of the ports in the Up state during the latest sampling period If this keyword is not specified in the command the system displays packet c...

Page 134: ...eter interface type Specifies the port type interface number Specifies the port number For parameter description refer to the interface command Description Use the display interface command to view the configuration information on the port If the port type and number are not specified when displaying the port information the information of all the ports will be displayed If only the port type is s...

Page 135: ...ate The current status of Ethernet port enabled or disabled IP Sending Frames Format Ethernet frame format Hardware address Port hardware address The Maximum Transmit Unit Maximum transmit unit Media type Type of media loopback not set Port loopback test status Port hardware type Port hardware type 100 Mbps speed mode full duplex mode Link speed type is autonegotiation link duplex type is autonego...

Page 136: ...ximum Frame Length is 1552 display port Syntax display port hybrid trunk View Any view Input total 0 packets 0 bytes 0 broadcasts 0 multicasts Input normal 0 packets 0 bytes broadcasts multicasts Input 0 input errors 0 runts 0 giants 0 throttles 0 CRC 0 frame 0 overruns aborts 0 ignored parity errors Output total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output normal 0 packets 0 bytes ...

Page 137: ...s two hybrid ports Ethernet 3 1 1 and Ethernet 3 1 2 The tagged VLANs that pass Ethernet3 1 1 are 3 5 7 9 and 11 and the untagged VLANs that pass it are 1 2 4 and 6 No tagged VLAN passes Ethernet3 1 2 and untagged VLAN 1 passes Ethernet 3 1 2 Display the Trunk ports in the current system SW8800 display port trunk Interface VLAN passing Ethernet3 1 3 1 3 5 10 Ethernet3 1 4 none Ethernet3 1 7 1 The ...

Page 138: ...face Ethernet 2 1 1 3Com Ethernet2 1 1 duplex auto flow control Syntax flow control undo flow control View Ethernet port view Parameter None Description Use the flow control command to enable flow control feature on the Ethernet port to avoid discarding data packets due to congestion Use the undo flow control command to disable flow control feature By default flow control on the Ethernet port is d...

Page 139: ...3 1 1 flow interval 100 Restore the interval o f performing statistics on Ethernet 3 1 1 to the default value 3Com Ethernet3 1 1 undo flow interval link status hold Syntax link status hold hold time undo link status hold View System view Parameter hold time Sets time interval in seconds for port suppression The value 0 indicates that port suppression is not enabled By default the time interval is ...

Page 140: ... 7 are Fabric subslot number specifies the sub slot number of the port and ranges from 1 to 3 port number specifies the port number on the daughter card It is 1 or ranges from 1 to 12 20 or 48 depending on the module type M Ethernet is used to update and maintain It ranges from 0 0 0 Description Use the interface command to enter various types of Ethernet port views Before you can configure the re...

Page 141: ...2 section is 9192 and that for the 9193 10240 section is 10240 Example Permit jumbo frames to pass the card on slot 6 and set the maximum size of Jumbo frames to 9022 SW8800 system view SW8800 jumboframe enable 9022 slot 6 loopback Syntax loopback external internal undo loopback View Ethernet port view Parameter external Ethernet port in external loop mode Presently the Ethernet ports of the 3Com ...

Page 142: ...trical ports Example Configure the network cable type of Ethernet port Ethernet2 1 1 as auto SW8800 system view System View return to User View with Ctrl Z SW8800 interface ethernet2 1 1 3Com Ethernet2 1 1 mdi auto multicast suppression Syntax multicast suppression ratio bandwidth bandwidth undo multicast suppression View Ethernet port view Parameter ratio Specifies the maximum wire speed ratio of...

Page 143: ...ession is enabled broadcast packets are also suppressed at the same time while broadcast suppression does not work on multicast packets No distinction is made between known multicast and unknown multicast for multicast suppression Related command broadcast suppression Example Set the multicast suppression ratio to 40 SW8800 system view System View return to User View with Ctrl Z SW8800 interface E...

Page 144: ...nging from 1 to 4094 and the default vlan id is 1 Description Use the port hybrid pvid vlan command to configure the default VLAN ID of the local hybrid port Use the undo port hybrid pvid command to restore the default VLAN ID of the local hybrid port The default VLAN ID of local hybrid port shall be consistent with that of the peer one otherwise the packet cannot be properly transmitted Related c...

Page 145: ...ybrid vlan vlan id list tagged untagged command is used for many times the VLANs carried by the hybrid port is the set of vlan id list This command can be used on condition that the VLAN specified with vlan id must have been existed Related command port link type Example Join hybrid port Ethernet2 1 1 to VLAN of 2 4 and 50 100 and these VLAN will have tags SW8800 system view System View return to ...

Page 146: ...mode wan lan undo port mode View Ethernet port view Parameter wan Configures the port works in WAN mode and then only common data exchange can be implemented on the port lan Configures the port works in LAN mode and then data can be transferred on the port Description Use the port mode command to configure network mode available on the port Most ports adopt the LAN mode for general data exchange T...

Page 147: ...undo port trunk permit vlan command to cancel trunk port from specified VLAN Trunk port can belong to multiple VLANs If the port trunk permit vlan command is used many times then the VLAN enabled to pass on trunk port is the set of these vlan id list Related command port link type Example Remove the trunk port from the default VLAN SW8800 system view System View return to User View with Ctrl Z SW8...

Page 148: ...ce type interface number View User view Parameter interface type Specifies the port type interface number Specifies the port number For parameter description refer to the interface command Description Use the reset counters interface command to reset the statistical information on the port and count the related information again on the port for the user If the port type and number are not specifie...

Page 149: ...t port view Parameter 10 Speed on the port is 10 Mbps 100 Speed on the port is 100 Mbps 1000 Speed on the port is 1000 Mbps 10000 Speed on the port is 10 Gbps auto Port speed is in peer auto negotiation status Description Use the speed command to configure the port speed Use the undo speed command to restore the default speed The optional parameters of this command are determined by the port types...

Page 150: ...tax vlan vpn enable undo vlan vpn View Ethernet port view Parameter None Description Use the vlan vpn enable command to enable port VLAN VPN Use the undo vlan vpn command to disable port VLAN VPN Note that if anyone of GComware STP NTP or 802 1x has been enabled on a port VLAN VPN cannot be enabled on it By default the port VLAN VPN is disabled Example Enable VLAN VPN on Ethernet2 1 1 SW8800 syste...

Page 151: ...er to specifies several contiguous ports interface type indicates port type interface number indicates port number For more information see the parameter description of the interface command Description Use the debugging lacp packet command to enable LACP packet debugging for the port If you do not specify a port the command enables packet debugging on all LACP enabled ports Use the undo debugging...

Page 152: ...ce command actor churn Actor churn state machine debugging switch mux MUX state machine debugging switch partner churn Partner churn state machine debugging switch ptx PTX state machine debugging switch rx RX state machine debugging switch all debugging switch of all state machines Description Use the debugging lacp state command to enable LACP state machine debugging for the port Use the undo deb...

Page 153: ...ation event command to enable link aggregation event debugging Use the undo debugging link aggregation event command to disable link aggregation event debugging Example Enable link aggregation event debugging SW8800 debugging link aggregation event display lacp system id Syntax display lacp system id View Any view Parameter None Description Use the display lacp system id command to display the dev...

Page 154: ...Shar Loadsharing NonS Non Loadsharing Actor ID 0x8000 00e0 fc23 0d90 AL AL Partner ID Select Standby Share Master ID Type Ports Ports Type Port 1 M none 2 0 Shar GigabitEthernet3 1 1 3 M none 4 0 Shar Ethernet4 1 45 display link aggregation verbose Syntax display link aggregation verbose agg id Table 20 Description on the fields of the display lacp system id command Field Description Actor System ...

Page 155: ...roup cannot get the information of the peer end every item of the peer end is displayed as 0 which does not indicate the actual status of the peer system Example Display the detailed information of aggregation group 5 SW8800 display link aggregation verbose 5 Loadsharing Type Shar Loadsharing NonS Non Loadsharing Aggregation ID 5 AggregationType Manual Loadsharing Type Shar Aggregation Description...

Page 156: ...n of the peer end every item of the peer end is displayed as 0 which does not indicate the actual status of the peer system Example Display detailed link aggregation information of link aggregation group SW8800 display link aggregation interface ethernet2 1 1 Ethernet2 1 1 Attached AggID 1 Local Port Priority 32768 Oper key 1 Flag 0x00 Remote System ID 0x0 0000 0000 0000 Port Number 0 Port Priorit...

Page 157: ...iority port priority value undo lacp port priority View Ethernet port view Parameter port priority value Port priority in the range of 0 to 65 535 By default it is 32 768 Local Port Priority 32768 Oper key 1 Flag 0x00 Port priority operation key LACP state flag of the local end Remote System ID 0x0 0000 0000 0000 Port Number 0 Port Priority 0 Oper key 0 Flag 0x00 Device ID port priority operation ...

Page 158: ...system priority system priority value undo lacp system priority View System view Parameter system priority value System priority in the range of 0 to 65 535 By default it is 32 768 Description Use the lacp system priority command to configure system priority Use the undo lacp system priority command to restore the default system priority Related command display lacp system id Example Set system pr...

Page 159: ...k aggregation group agg id description Syntax link aggregation group agg id description alname undo link aggregation group agg id description View System view Parameter agg id Aggregation group ID in the range of 1 to 920 IDs 1 though 31 indicate manual or static aggregation groups IDs 32 through 64 are reserved IDs 65 though 192 indicate Routed Trunks IDs 193 through 920 indicate dynamic aggregat...

Page 160: ...n summary n Port aggregation includes manual aggregation static aggregation and dynamic aggregation In the manual aggregation mode ports working at different rates can be aggregated Manual aggregation can be load balancing aggregation if the aggregation resource is available In this case if the traffic rate shared by a low rate port exceeds the maximum rate of the port packets may be lost In the s...

Page 161: ...w System View return to User View with Ctrl Z SW8800 interface Ethernet2 1 1 3Com Ethernet2 1 1 port link aggregation group 22 reset lacp statistics Syntax reset lacp statistics interface interface type interface number to interface type interface number View System view Parameter interface interface type interface number to interface type interface number Specifies a port or ports The command wit...

Page 162: ...160 CHAPTER 11 ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS ...

Page 163: ...play the aging time of the dynamic entry in the MAC address table SW8800 display mac address aging time mac address aging time 300s The above information indicates that the aging time of the dynamic entry in the MAC address is 300s display mac address Syntax display mac address mac addr vlan vlan id static dynamic interface interface type interface number vlan vlan id count View Any view Parameter...

Page 164: ...ress timer Example Show the information of the entry with MAC address at 00e0 fc01 0101 SW8800 display mac address 00e0 fc01 0101 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 00e0 fc01 0101 1 Learned Ethernet1 1 1 300 mac address Syntax mac address static dynamic mac addr interface interface type interface number vlan vlan id undo mac address static dynamic mac addr interface interface type inte...

Page 165: ... display mac address Example Configure the port number corresponding to the MAC address 00e0 fc01 0101 as Ethernet2 1 1 in the address table and sets this entry as static entry SW8800 system view System View return to User View with Ctrl Z SW8800 mac address static 00e0 fc01 0101 interface ethernet 2 1 1 vlan 2 mac address max mac count Syntax mac address max mac count count undo mac address max m...

Page 166: ...imum number of MAC addresses learned by Ethernet port Ethernet3 1 3 to 600 SW8800 system view System View return to User View with Ctrl Z SW8800 interface Ethernet3 1 3 3Com Ethernet3 1 3 mac address max mac count 600 mac address max mac count enable Syntax mac address max mac count enable alarm forward undo mac address max mac count enable alarm forward View Ethernet port view Parameter None Desc...

Page 167: ... address mac address timer n The maximum number of MAC addresses on an I O Module ranges from 12 K to 16 K depending on various software versions and module types The aforementioned number of MAC addresses includes only the MAC addresses learned by the switch dynamically and excludes those configured by the user When executing the mac address max mac count command if the current number of MAC addr...

Page 168: ... undo mac address max mac count command to cancel the configuration If you have set the maximum number MAC addresses will not be learned in the VLAN when the maximum number is reached By default the number of learned MAC addresses is not limited in a VLAN n If you execute this command with the max mac num argument less than the current number of MAC addresses learned the switch does not remove the...

Page 169: ...mance If aging time is too long the switch will store a great number of out of date MAC address tables This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change c CAUTION The aging of dynamic MAC address is completed during the second aging cycle that has been configured Example Configure the entry aging time of Layer ...

Page 170: ...or the range of the vlan id argument see the introduction to the interface command in the port module of the command manual Description Use the reset mac address command to clear corresponding MAC address entries Related commands mac address display mac address Example Clear all MAC address entries SW8800 reset mac address all ...

Page 171: ...ng To bate such flapping MSTP applies the configured parameters and launches recalculation of the spanning tree only when you activate the configured MST region parameters or enable MSTP After you entered this command MSTP will apply the MST region parameters you have configured to the system and recalculate the spanning tree Related command instance region name revision level vlan mapping modulo ...

Page 172: ...region configuration Example Display the configuration information about the region SW8800 system view System View return to User View with Ctrl Z SW8800 stp region configuration 3Com mst region check region configuration Admin Configuration Format selector 0 Region name 00b010000001 Revision level 0 Instance Vlans Mapped 0 1 to 9 11 to 4094 16 10 debugging stp Syntax debugging stp global error gl...

Page 173: ...ng of MSTP Use the undo debugging stp packet command to disable packet debugging of MSTP Use the debugging stp instance instance id command to enable specified instance debugging of MTSP Use the undo debugging stp instance instance id command to disable specified instance debugging of MTSP Use the debugging stp lacp key command to enable MD5 summary information debugging of LACP protocol Use the u...

Page 174: ...ne Use the debugging stp state machine ppm command to enable debugging of the state machine for port protocol transition Use the undo debugging stp state machine ppm command to disable debugging of the state machine for port protocol transition Use the debugging stp state machine ptx command to enable debugging of the port transport state machine Use the undo debugging stp state machine ptx comman...

Page 175: ...ay the spanning tree information of the specified instance on all the port in port number order If only the port list is specified the command will display the information about all the MSTIs on the port in port number order If both instance ID and port list are specified the command will display the spanning tree information of the specified instance and port according to the port list of the ins...

Page 176: ...instance 0 interface Ethernet 2 1 1 to Ethernet 2 1 4 GigabitEthernet 3 2 1 to GigabitEthernet 3 2 4 GigabitEthernet 3 3 1 brief MSTID Port Role STP State Protection 0 Ethernet2 1 1 ALTE DISCARDING LOOP 0 Ethernet2 1 2 DESI FORWARDING NONE 0 Ethernet2 1 3 DESI FORWARDING NONE 0 Ethernet2 1 4 DESI FORWARDING NONE 0 GigabitEthernet3 2 1 DESI FORWARDING NONE 0 GigabitEthernet3 2 2 DESI FORWARDING NON...

Page 177: ...ter instance instanceid Instance to be displayed By default TC Topology Change statistics of all the instances will be displayed detected TC statistics detected by the bridge received TC statistics received at the bridge sent TC statistics sent from the bridge all All TC statistics including those detected received and sent by the bridge Description Use the display stp tc command to view TC transa...

Page 178: ...ce command to cancel the specified VLAN list from the specified MSTI and the removed VLAN will then be mapped to the CIST i e the Instance 0 If no VLAN is specified in the undo command all the VLANs associated with the specified MSTI will be mapped to CIST By default all the VLANs are mapped to CIST i e the Instance 0 MSTP describes the association between VLANs and MSTIs with the VLAN mapping tab...

Page 179: ...ame of a switch Use the undo region name command to restore the default MST region name By default the MST region name of the switch is the switch MAC address in hexadecimal notation The switch region name together with VLAN mapping table of the MST region and MSTP revision level is used for determining the region to which the switch belongs Related command instance revision level check region con...

Page 180: ...he specified port If you do not specify any port the command clears the spanning tree statistics information of all ports Related command display stp Example Clear the statistics information on the ports from Ethernet2 1 1 through Ethernet2 1 3 SW8800 reset stp interface Ethernet 2 1 1 to Ethernet 2 1 3 revision level Syntax revision level level undo revision level View MST region view Parameter l...

Page 181: ...r configurations The switch serves as a transparent bridge after MSTP is disabled After MSTP is enabled it will dynamically maintain the spanning tree state of the corresponding VLAN according to the received configuration BPDU until it is disabled After MSTP is disabled it will not maintain the state By default global and port MSTP are disabled When you enable MSTP on a device or a port both glob...

Page 182: ...ill automatically set them to non edge ports and recalculate the spanning tree which makes the network topology flap These ports will not receive any STP configuration BPDU in normal cases Anyway if someone maliciously attacks the switch with fake configuration BPDU the network will flap MSTP provides BPDU protection function to avoid such attack After configured with BPDU protection the switch wi...

Page 183: ...er of the switch MSTP will automatically set Hello Time Forward Delay and Max Age to moderate values When bridge diameter defaults to 7 the time parameters also take their respective default values Related command stp timer forward delay stp timer hello stp timer max age n The stp bridge diameter command configures the switching network diameter and determines the three MSTP time parameters Hello ...

Page 184: ...th cost Description Use the stp instance cost command to configure the port path cost on the specified MSTI for the current port Use the undo stp instance cost command to restore the path cost on the specified MSTI By default switch calculates the path costs of a port on different MSTIs You may specify the instance id parameter as 0 to configure CIST path cost of the port The path cost has effect ...

Page 185: ...rt as an edge port A port is considered as an edge port when it is directly connected to the user terminal instead of any other switches or shared network segments The edge port will not cause loop upon network topology changes Accordingly you can configure a port as an edge port so that it can transit to forwarding state fast For this purpose configure the Ethernet port directly connected to the ...

Page 186: ... If you execute these commands without using the instance instance id option your configuration takes effect only on the CIST instance When you set the instance id parameter to 0 its following parameter setting takes effect By default the switch does not server as a root bridge You can specify one root bridge for each MSTI regardless of the switch priority When setting a root bridge you can use th...

Page 187: ...ons of interface type and interface number parameters refer to the corresponding descriptions in Port Command Manual 1 10 means that the preceding parameters can be entered up to 10 times enable Enables MSTP on the port disable Disables MSTP on the port Description Use the stp interface command to enable disable MSTP on a switch port in system view By default if MSTP is enabled globally it is enab...

Page 188: ... interface cost command to restore the path cost of the specified port on the specified MSTI to the default value in system view By default switch automatically calculates the path costs of a port on different MSTIs based on corresponding standard You may specify the instance id parameter as 0 to configure CIST path cost of the port The path cost has effect on the port role selection You can confi...

Page 189: ...nnected to other switches you can use the stp interface edged port disable or undo stp interface edged port command to configure it as a non edge port The stp interface edged port enable command is used for configuring the port as an edge port A port is considered as an edge port when it is directly connected to the user terminal instead of any other switches or shared network segments The edge po...

Page 190: ...ndo stp interface instance port priority command to restore the default priority You may specify the instance id parameter as 0 to configure CIST priority of the port The port priority has effect on the port role selection for the specified MSTI A port can be configured with different priorities on different MSTIs Thus the traffic from different VLANs can run over different physical links thereby ...

Page 191: ...witch will select root port again In this case the former root port will turn into the specified port and the former blocked ports will change to the forwarding state and link loop appears The loop protection function can inhibit the generation of loop After it is enabled the root port role will change according to the uplink port state The blocked port will maintain in discarding state and do not...

Page 192: ... runs in MSTP mode which is compatible with RSTP and STP This mode can recognize MSTP BPDU STP config BPDU and RSTP config BPDU However the STP switch can only recognize config BPDU STP BPDU sent by the STP and RSTP bridges After the switch running STP compatible mode switches back to MSTP mode it will not send MSTP BPDU if you do not execute the stp mcheck command Therefore the connected device s...

Page 193: ...ce number parameters refer to the corresponding descriptions in Port Command Manual 1 10 means that the preceding parameters can be entered up to 10 times force true Indicates the Ethernet port connected to a point to point link force false Indicates the Ethernet port not connected to a point to point link auto Configures to automatically check if the link to the Ethernet port is a point to point ...

Page 194: ...ber parameters refer to the corresponding descriptions in Port Command Manual 1 10 means that the preceding parameters can be entered up to 10 times Description Use the stp interface root protection command to enable Root protection on the switch in system view Use the undo stp interface root protection command to restore the default Root protection state By default Root protection is disabled In ...

Page 195: ...imes packetnum Maximum number of configuration BPDUs that can be transmitted via the port per Hello Time ranging from 1 to 255 expressed as a counter value without any units By default the transmission limit on every port is 3 Description Use the stp interface transmit limit command to configure an amount limit to the configuration BPDU transmitted via a specified port during the Hello Time in sys...

Page 196: ... cannot send BPDU packets due to error operation and the port enters forwarding state directly for not receiving configuration message for a long time no loop will be generated by enabling the loop protection c CAUTION If the equipment connected to the port of the switch cannot send STP packets to the switch do not configure the loop protection command otherwise the port will be congested for a lo...

Page 197: ...iption Use the stp mcheck command to perform mCheck on the current port If a port of an MSTP switch on a switching network has ever been connected to an STP switch the port will automatically transit to operate in STP compatible mode However when the STP switch is removed the port stays in STP compatible mode and cannot automatically transit back to MSTP mode In this case you can perform mCheck op...

Page 198: ...nt the compatibility MSTP provides two operation modes STP compatible mode and MSTP mode In STP compatible mode the switch sends STP BPDU packets via every port In MSTP mode the switch ports send MSTP BPDU packets When detecting it is connected to an STP switch it receives config BPDU packets from the STP switch the switch port enters automatically STP compatible mode and sends config BPDU packets...

Page 199: ...1 1 1 stp non flooding Syntax stp non flooding slot slotnum undo stp non flooding slot slotnum View System view Parameter slot slotnum Specifies the slot of the I O Module line process unit The slotnum argument is the slot number Description Use the stp non flooding command to discard BPDU packets received by STP disabled ports Use the undo stp non flooding command to forward BPDU packets within t...

Page 200: ...ulation standard on STP port The port rate must be obtained first before you can calculate the path cost of a port as the path cost is associated with the port rate The three standards use their own way to work out the port rate based on which each standard calculates the port path cost by a certain algorithm By default the legacy standard is applied for the switch Switch 8800 Family Example Set t...

Page 201: ...IST and all the MSTIs The settings of a port whether to connect the point to point link will be applied to all the MSTIs where the port belongs Note that a temporary loop may be redistributed if you configure a port not physically connected with the point to point link as connected to such a link by force Related command stp interface point to point Example Configure Ethernet2 1 3 to be connected ...

Page 202: ...iguration takes effect only on the CIST instance Related command stp interface port priority Example Set the priority of Ethernet2 1 3 on MSTI 2 to 16 SW8800 system view System View return to User View with Ctrl Z SW8800 interface Ethernet2 1 3 3Com Ethernet2 1 3 stp instance 2 port priority 16 stp region configuration Syntax stp region configuration undo stp region configuration View System view ...

Page 203: ... default value of a dynamic ARP entry n If you enable the function of clearing dynamic ARP entries in system view the ARP entries of all the ports will be deleted If you enable the function of clearing dynamic ARP entries in port view only the ARP entries of the specified port will be deleted Example Enable the function of clearing dynamic ARP entries in system view SW8800 system view System View ...

Page 204: ...root bridge You can configure one or more secondary root bridges in an MSTI If the primary root is down or powered off the secondary root will take its place Among several secondary root bridges the one with the smallest MAC address takes the place of the failed primary root When configuring the secondary root bridge you may also specify the switching network diameter and the Hello Time of the swi...

Page 205: ...ed link and congestion will occur on the network MSTP provides Root protection function to protect the root bridge The port configured with Root protection only plays a role of designated port on every instance Whenever such a port receives a higher priority BPDU it will be set to listening state and not forward packets any more as if the link to the port is disconnected If the port has not receiv...

Page 206: ...ckets during this period Even if it detects a TC BPDU packet is received in a period shorter than the specified interval the switch shall not run the delete operation till the specified interval is reached This can avoid frequent delete operations to the MAC address table and ARP table Example Enable TC BPDU protection on the switch SW8800 system view System View return to User View with Ctrl Z SW...

Page 207: ...elay and Max Age affect each other Modifying any of them will affect the value of other two parameters Related command stp timer hello stp timer max age stp bridge diameter Example Set the Forward Delay of the device to 2000 centiseconds SW8800 system view System View return to User View with Ctrl Z SW8800 stp timer forward delay 2000 stp timer hello Syntax stp timer hello centi senconds undo stp ...

Page 208: ...00 centiseconds SW8800 system view System View return to User View with Ctrl Z SW8800 stp timer hello 400 stp timer max age Syntax stp timer max age centi senconds undo stp timer max age View System view Parameter centi seconds Specifies the Max Age which is in the range from 600 to 4000 and measured with centiseconds By default the Max Age of the switch is 2000 centiseconds Description Use the st...

Page 209: ...er factor Syntax stp timer factor number undo stp timer factor View System view Parameter number Specifies the multiple of hello time in the range of 1 to 10 The default value is 3 Description Use the stp timer factor command to configure the multiple of hello time for the switch Use the undo stp timer factor command to restore the default multiple value The Ethernet switch transmits STP packets e...

Page 210: ...ore packets can be transmitted in a time unit yet the more switch resources will be occupied With a moderate value the amount of the BPDUs transmitted during Hello Time via every port can be limited and MSTP will not occupy too many bandwidth resources when the network topology flaps Related command stp interface transmit limit Example Set a limit of 5 to the packets transmitted via Ethernet2 1 1 ...

Page 211: ... to CIST namely Instance 0 Related command region name revision level check region configuration active region configuration Example Map VLAN to MSTI based on modulo 16 SW8800 system view System View return to User View with Ctrl Z SW8800 stp region configuration 3Com mst region vlan mapping modulo 16 ...

Page 212: ...210 CHAPTER 13 MSTP CONFIGURATION COMMANDS ...

Page 213: ... the same domain by checking the configuration IDs of the bridge protocol data units BPDUs between them A configuration ID comprises information such as domain ID configuration digest As switches of some manufacturers come with some proprietary protocols concerning spanning trees employed a switch of this type cannot communicate with other switches in an MSTP domain even if it is configured with t...

Page 214: ...le digest snooping on these switches first to prevent possible broadcast storm caused by otherwise inconsistent mapping relationships between VLANs and VPN instances of each switch To enable digest snooping all ports in an MSTP domain connecting to switches coming from other manufacturers must have digest snooping enabled Do not enable digest snooping on border ports of an MSTP domain A digest sno...

Page 215: ...command vlan vpn enable to enable VLAN VPN QinQ on the port Use the undo vlan vpn command to disable VLAN VPN QinQ on the port By default VLAN VPN is disabled on all the ports Example Enable VLAN VPN on the switch note2 SW8800 system view System View return to User View with Ctrl Z SW8800 interface Ethernet3 1 3 3Com Ethernet3 1 3 vlan vpn enable vlan vpn tunnel Syntax vlan vpn tunnel undo vlan vp...

Page 216: ...n while maintaining a separate spanning tree from the operator network By default BPDU Tunnel is disabled c CAUTION To enable BPDU Tunnel on a switch you must first enable STP on it Otherwise the client network BPDU will not be processed by the CPU when entering the switch nor MAC address replacement or transparent transmission will be implemented To enable BPDU Tunnel on a port you must configure...

Page 217: ... started with an English letter i e a z or A Z and there should not be a space in it case insensitive key words all and any are not allowed to use advanced Advanced ACL basic Basic ACL link Layer 2 ACL config In configuration order during matching ACL rules auto In depth first order during matching ACL rules all Deletes all ACLs both number and name identified ones Description Use the acl command ...

Page 218: ...st the switch still matches them according to their application order If one rule is a subset of another rule in an ACL it is recommended to apply the rules according to the range of the specified packets The rule with the smallest range of the specified data packets is applied first and then other rules are applied based on this principle If one ACL is used you cannot use the undo acl all command...

Page 219: ... of ACL rules that are applied on the slot 5 SW8800 display acl remaining entry slot 5 Slot 5 Resource Total Reserved Configured Remaining Start End Type Number Number Number Number Port Name Port Name METER 256 0 0 256 GE5 1 1 GE5 1 12 METER 256 0 0 256 GE5 1 13 GE5 1 24 RULE 1024 0 0 1024 GE5 1 1 GE5 1 12 RULE 1024 0 0 1024 GE5 1 13 GE5 1 24 ACTION 1024 0 0 1024 GE5 1 1 GE5 1 12 ACTION 1024 0 0 ...

Page 220: ...an id the ID of the VLAN in the range of 1 4094 Description Use the display acl running packet filter command to display the ACL application information including the name of the ACL the name of the sub items and the application state Example Display the ACL application information of port Ethernet3 1 1 SW8800 display acl running packet filter ethernet3 1 1 Ethernet3 1 1 Inbound Acl 4000 rule 0 ru...

Page 221: ...ow template default default flow template ip protocol tcp flag sport dport icmp type icmp code sip 0 0 0 0 dip 0 0 0 0 vlanid display time range Syntax display time range all name View Any view Parameter all Displays all time ranges name Time range name string starting with an English letter a z A Z and in the range of 1 to 32 characters Description Use the display time range command to view the c...

Page 222: ...late on the current port or port group Table 29 Description of displayed information Field Description Current time is 14 36 36 4 3 2003 Thursday The current time of the system Time range hhy Inactive from 08 30 2 5 2005 to 18 00 2 19 2005 Time range testhhy Inactive means that the time range is inactive currently active means the time range is active and the time range is from 08 30 2 5 2005 to 1...

Page 223: ...ether with c tag cos in the flow template cos 802 1p priority in the most external 802 1QTag carried by the packet in the length of 2 bytes together with s tag vlan in the flow template dip wildcard Destination IP domain in the IP packet header in the length of 4 bytes dmac wildcard Destination MAC domain in the Ethernet packet header in the length of 6 bytes dport Destination port domain in the l...

Page 224: ...n IP packets You can determines whether the total length of template elements exceeds 16 bytes using these numbers The dscp exp ip precedence and tos fields jointly occupy one byte no matter you define any one of these four fields or the ip precedence and tos field simultaneously The cos and s tag vlan fields jointly occupy two bytes no matter you define one or both of these two fields The c tag c...

Page 225: ...id undo packet filter inbound ip group acl number acl name rule rule slot slotid Command Format Which Applies IP Group and Link Group ACL at Same time packet filter inbound ip group acl number acl name rule rule link group acl number acl name rule rule system index index link group acl number acl name rule rule undo packet filter inbound ip group acl number acl name rule rule link group acl number...

Page 226: ...nge in the system operation process However you are not recommended to manually assign a system index if not urgently necessary slot slotid Slot number of a service processor card Description Use the packet filter command to activate an ACL Use the undo packet filter command to deactivate an active ACL Example Activate ACL 2000 SW8800 system view System View return to User View with Ctrl Z SW8800 ...

Page 227: ...ule rule id permit deny cos cos value c tag cos c cos value exp exp value protocol type mac type any broadcast packet arp broadcast packet non arp broadcast packet unicast packet multicast packet known unknown ingress source vlan id to source vlan id end source mac addr source mac wildcard c tag vlan c tag vlanid any egress dest mac addr dest mac wildcard any s tag vlan s tag vlanid time range nam...

Page 228: ...ion addresses source port operator port1 port2 Source TCP or UDP port ID of the packet operator means port operator with options including eq equal to gt greater than lt less than neq not equal to and range in the range of Note that it appears only when the protocol parameter is set as TCP or UDP port1 port2 stands for source TCP or UDP port ID of the packet in characters or digits Digital value r...

Page 229: ...The parameter is applicable to defining the advanced ACLs vpn instance instance name VPN instance name The specified MPLS VPN packets will be identified if this parameter is selected Parameters specific to Layer 2 ACLs cos Specifies 802 1p priority in the most external 802 1QTag carried by the packet cos value In number format ranging 0 to 7 or just entering the priority name See Table 1 5 for the...

Page 230: ...1 0 0 fff specifies an address range 00e0 fc01 0000 to 00e0 fc01 ffff c tag vlan c tag vlanid Indicates the system identifies the source VLAN according to the information about VLAN ID in the internal 802 1QTag carried by the packet any represents all packets received from all the ports egress dest mac addr dest mac wildcard any Destination information of the packet dest mac addr dest mac wildcard...

Page 231: ... does not contain is added and the time range 3Com option which the original rule contains is reserved c CAUTION If you want to replace an existing rule you are recommended to use the undo command to delete the original rule fist and then reconfigure the rule This makes sure the unwanted options are completely removed If you configure a rule without providing the rule number the system will automa...

Page 232: ...y day of a week from start time start date Optional Starting date of the particular time range in the format of hh mm YYYY MM DD to end time end date Optional End date of the particular time range in the format of hh mm YYYY MM DD all All time ranges Description Use the time range command to define a time range Use the undo time range command to cancel a time range The defined time range includes ...

Page 233: ...d time ranges and absolute time ranges are both matched that is take the union set of multiple absolute time ranges and multiple period time ranges and then take the intersection set of the union set of multiple absolute time ranges and that of multiple period time ranges If the start time and end time are not configured the time range is one day 00 00 24 00 If the end time is not configured the t...

Page 234: ...232 CHAPTER 16 ACL COMMANDS ...

Page 235: ...ou cannot apply the ACL rule as per port display port group Syntax display port group View Any view Parameter None Description Use the display port group command to display all the port groups in the current system Related command port group Example Display the port groups in the current system SW8800 display port group Now the following port group exist s 1 display port group index Syntax display...

Page 236: ...se the display mirroring group command to view the configuration of a port mirroring group The information displayed includes the monitored ports direction of monitored packets monitoring ports etc Related command mirroring group Example Display the parameter configuration of a port mirroring group SW8800 display mirroring group mirroring group 1 inbound Ethernet6 1 1 mirrored to Ethernet6 1 2 dis...

Page 237: ...e display qos conform level command to view the DSCP Conform level Service parameter mapping table EXP Conform level Service parameter mapping table and Local precedence Conform level Priority mapping table Example Display the DSCP Conform level Service parameter mapping table SW8800 display qos conform level 0 dscp policed service map Conform level 0 Dscp policed service Map dscp dscp exp cos loc...

Page 238: ...e CoS Drop precedence mapping table Example Display the CoS Drop precedence mapping table SW8800 display qos cos drop precedence map cos drop precedence map cos 0 1 2 3 4 5 6 7 drop precedence 2 2 1 1 1 1 0 0 display qos cos local precedence ma p Syntax display qos cos local precedence map View Any view Parameter None Description Use the display qos cos local precedence map command to view the CoS...

Page 239: ...ue scheduling traffic shaping etc Example Display all the QoS configurations of the port Ethernet2 1 3 SW8800 display qos interface Ethernet2 1 3 all Ethernet2 1 3 Port Shaping Disable 0 kbps 0 burst 256 queue depth QID status max rate kbps burst size Kbyte queue depth 0 Disable 0 0 128 1 Disable 0 0 128 2 Disable 0 0 128 3 Disable 0 0 128 4 Disable 0 0 128 5 Disable 0 0 128 6 Disable 0 0 128 7 Di...

Page 240: ...o Syntax display qos interface interface type interface number mirrored to View Any view Parameter interface type interface number Port of the switch for detailed description please refer to Command Manual Port Description Use the display qos interface mirrored to command to view traffic mirroring configuration of a port Related command mirrored to Example Display traffic mirroring configuration S...

Page 241: ... group2 30 6 sp 0 7 sp 0 Ethernet5 1 Port scheduling QID scheduling group weight 0 sp 0 1 sp 0 2 sp 0 3 sp 0 4 sp 0 5 sp 0 6 sp 0 display qos interface traffic limit Syntax display qos interface interface type interface number traffic limit View Any view Parameter interface type interface number Port of the switch for detailed description please refer to Command Manual Port Description Use the dis...

Page 242: ... traffic priority command to view traffic priority configuration of a port including the target ACL priority type priority values etc Related command traffic priority Example Display traffic priority marking configuration SW8800 display qos interface traffic priority GigabitEthernet2 1 1 traffic priority Inbound Matches Acl 2021 rule 0 running Priority action remark policed service dscp 20 display...

Page 243: ...the maximum rate MBS in units of kbyte the maximum queue length If no port is specified traffic shaping configuration of all ports will be displayed Example Display traffic shaping configuration SW8800 display qos interface Ethernet2 1 3 traffic shape Ethernet2 1 3 Port Shaping Disable 0 kbps 0 burst 256 queue depth QID status max rate kbps burst size Kbyte queue depth 0 Disable 0 0 128 1 Disable ...

Page 244: ... Ethernet7 1 1 traffic statistic rate 3 Ethernet7 1 1 traffic statistic Inbound Matches Acl 3000 rule 0 running Last 3 second s rate 12 574 packet s sec 12 875 776 bit s sec Display traffic statistics information on port GigabitEthernet7 1 1 SW8800 display qos interface GigabitEthernet7 1 1 traffic statisti c GigabitEthernet7 1 1 traffic statistic Inbound Matches Acl 2000 rule 0 running 12002688 b...

Page 245: ...ate 8192 Kbps Committed Burst Size 10000 byte s Excess Burst Size 20000 byte s Peak Information Rate 0 Kbps Exceed action drop Outbound There is no configuration Vlan 2 traffic priority Inbound Matches Acl 2000 rule 1 running Action type Eacl Destination slot 3 Priority action remark policed service untrusted dscp 13 cos 6 Local precedence 6 drop priority 1 Outbound There is no configuration Vlan ...

Page 246: ...e 0 Kbps Exceed action drop Outbound There is no configuration display qos vlan traffic priority Syntax display qos vlan vlan id traffic priority View Any view Parameter vlan id ID of a VLAN in the range of 1 to 4094 Description Use the display qos vlan traffic priority command to display the priority marking configuration in VLAN including the ACL associated with the traffic priority marking the ...

Page 247: ...ot 3 Redirected to next hop 1 1 1 1 Outbound There is no configuration display qos vlan traffic statistic Syntax display qos vlan vlan id traffic statistic View Any view Parameter vlan id VLAN ID in the range of 1 to 4 094 Description Use the display qos vlan traffic statistic command to display the traffic statistics information in VLAN The displayed information includes the ACL corresponding to ...

Page 248: ...or traffic policing SW8800 display traffic params 1 traffic parameters configuration list index cir Kbps cbs byte ebs byte pir Kbps 1 20000 5000 5000 30000 drop mode Syntax drop mode tail drop wred wred index undo drop mode View Ethernet port view port group view Parameter tail drop Tail drop mode wred WRED drop mode wred index WRED index in the range of 0 to 3 By default it is 0 If you type nothi...

Page 249: ... View with Ctrl Z SW8800 interface Ethernet3 1 1 3Com Ethernet3 1 1 drop mode wred 0 dscp Syntax dscp dscp list dscp value exp value cos value local precedence value drop precedence undo dscp dscp list View Conform level view Parameter dscp list Original DSCP value which can be a single value or several values in the range of 0 to 63 For example you can type single DSCP value 46 or DSCP values 0 8...

Page 250: ...cp 16 18 16 0 2 2 0 3Com conform level 0 dscp 24 26 24 0 3 3 0 3Com conform level 0 dscp 32 34 32 0 4 4 0 3Com conform level 0 dscp 40 46 40 0 5 5 0 3Com conform level 0 dscp 48 48 0 6 6 0 3Com conform level 0 dscp 56 56 0 7 7 0 The configured mapping table exp Syntax exp exp list dscp value exp value cos value local precedence value drop precedence undo exp exp list View Conform level view Table ...

Page 251: ...el Use the undo exp command to restore default configuration of the EXP Conform level Service parameter mapping table After entering conform level view you can configure the EXP Conform level Service parameter mapping table of the corresponding level For example you can enter conform level 0 view and configure the EXP Conform level 0 Service parameter mapping table Example Configure the EXP Confor...

Page 252: ...2 1p priority mapping table of current conform level Use the undo local precedence command to restore default configuration of the Local precedence Conform level 802 1p priority mapping table After entering conform level view you can configure the Local precedence Conform level 802 1p priority mapping table of the corresponding level For example you can enter conform level 0 view and configure the...

Page 253: ...p view Parameter inbound Mirrors inbound packets at the port ip group acl number acl name Activates IP ACLs including basic and advanced ACLs acl number Sequence number of ACL ranging from 2000 to 3999 acl name Name of the ACL which must be a character string starting with an English letter a z or A Z and without any space in it link group acl number acl name Activates Layer 2 ACLs acl number Sequ...

Page 254: ...irroring group groupid inbound outbound mirroring port list mirrored to monitor port undo mirroring group groupid View System view Parameter groupid mirroring group ID in the range of 1 to 24 inbound Monitors only the inbound packets at the port outbound Monitors only the outbound packets at the port mirroring port list Ethernet port list including multiple Ethernet ports in the form of port list ...

Page 255: ...ng including inbound port mirroring and outbound port mirroring on the same GV48 or GP48 card only one monitoring port is allowed For all mirroring groups configured in the system only one monitoring port is allowed on the same GV48 or GP48 card By default two port groups of the XP4 card are created The member ports are port 0 1 and port 2 3 respectively Consider these issues when configuring port...

Page 256: ...d confider the following issues Do not add the ports of different cards to the same port group Do not add the same port to multiple port groups at the same time Do not add aggregated ports in the port group If a port in the port group needs to be aggregated the port must quit the port group first The port configuration is overwritten by that of the primary port in the aggregation group After a por...

Page 257: ...te port group 1 and enter port group view SW8800 system view System View return to User View with Ctrl Z SW8800 port group 1 3Com port group1 priority Syntax In Ethernet port view priority priority level undo priority In Ethernet port view priority priority level trust undo priority View Ethernet port view port group view Parameter priority level Port priority value in the range of 0 to 7 By defau...

Page 258: ...he range of 0 to 2 inclusive Description Use the qos conform level command to create a conform level and enter it There are three conform levels available numbered as 0 1 and 2 Type the conform level value and you can enter the corresponding view In the conform level view you can configure the DSCP Conform level Service parameter mapping table EXP Conform level Service parameter mapping table and ...

Page 259: ...ing value from CoS 7 to drop precedence in the range of 0 to 2 Description Use the qos cos drop precedence map command to configure the CoS Drop precedence mapping table Use the undo qos cos drop precedence map command to restore the default values of the CoS Drop precedence mapping table The system provides CoS Drop precedence mapping table as the default value After receiving a packet the switch...

Page 260: ...os5 map local prec cos6 map local prec cos7 map local prec undo qos cos local precedence map View System view Parameter cos0 map local prec Mapping value from CoS 0 to local precedence in the range of 0 to 7 cos1 map local prec Mapping value from CoS 1 to local precedence in the range of 0 to 7 cos2 map local prec Mapping value from CoS 2 to local precedence in the range of 0 to 7 cos3 map local p...

Page 261: ... parameters including CoS value local precedence and drop level are determined according to the packet 802 1p priority value CoS value is the packet 802 1p priority value while local and drop precedence values are obtained according to the CoS Local precedence mapping table and the CoS Drop precedence mapping table You can modify the CoS Local precedence mapping table using this command Example Co...

Page 262: ...n threshhold Minimum queue length to trigger random yellow packet dropping in the range of 0 to 65535 It must be a multiple of 256 bytes yellow max threshhold Queue length to trigger complete yellow packet dropping in the range of 0 to 65535 It must be a multiple of 256 bytes yellow max prob Maximum drop probability for yellow packets in the range of 1 to 15 red min threshhold Minimum queue length...

Page 263: ...old is 500 green max prob is 5 yellow min threshold is 100 yellow max threshold is 150 yellow max prob is 10 red min threshold is 50 red max threshold is 100 red max prob is 15 exponent is 10 SW8800 system view System View return to User View with Ctrl Z SW8800 wred 0 3Com wred 0 queue 7 150 500 5 100 150 10 50 100 15 10 queue scheduler Syntax queue scheduler wrr group1 queue id queue weight 1 8 g...

Page 264: ... respectively as 20 20 and 30 queues 3 4 and 5 belong to group 2 with weight respectively as 20 20 and 40 Set queues 6 and 7 in SP algorithm the default one SW8800 system view System View return to User View with Ctrl Z SW8800 interface e thernet3 1 1 3Com Ethernet3 1 1 queue scheduler wrr group1 0 20 1 20 2 30 group 2 3 20 4 20 5 40 reset traffic statistic Syntax reset traffic statistic inbound i...

Page 265: ... remark policed service exceed forward drop slot slotid undo traffic limit inbound ip group acl number acl name rule rule slot slotid Command format which applies IP group and link group ACL at the same time traffic limit inbound ip group acl number acl name rule rule link group acl number acl name rule rule system index index link group acl number acl name rule rule tc index index cir cbs ebs pir...

Page 266: ...ny space in it rule rule Specifies the subitem of an active ACL ranging from 0 to 127 if not specified all subitems of ACL will be activated system index index here is the system index for an ACL rule When delivering a rule the system assigns a globally unique index to it for convenience of later retrieval You can also assign a system index for it when delivering an ACL rule with this command but ...

Page 267: ...ded forward Forwards the packet drop Drops the packet traffic index index Traffic index slot slotid Slot number of a service processor card Description Use the traffic limit command to activate an ACL and set traffic limitation to take different actions for the packets within and beyond the preset traffic threshold Use the undo traffic limit command to remove traffic limitation setting This comman...

Page 268: ...nd Format Which Applies IP Group and Link Group ACL at Same time traffic priority inbound ip group acl number acl name rule rule link group acl number acl name rule rule system index index link group acl number acl name rule rule auto remark policed service trust dscp dscp dscp value untrusted dscp dscp value cos cos value local precedence local precedence drop priority drop level undo traffic pri...

Page 269: ...3 for MPLS packets other than that the dscp value stands for their DSCP priority value the three high order bits of the value represent the EXP flag field Set the EXP value when defining the dscp value untrusted dscp dscp value cos cos value local precedence local precedence drop priority drop level Customizes a set of service parameters For IP packets dscp value is the specified DSCP priority val...

Page 270: ...p value cos cos value local precedence local precedence drop priority drop level parameter in this command n The DSCP Conform Level Service parameter mapping table and EXP Conform Level Service parameter mapping table here is that for the conform level 0 Before selecting the second or third mode you should make sure that you have configured the DSCP Conform Level Service parameter mapping table an...

Page 271: ...s IP ACLs including basic and advanced ACLs acl number Sequence number of ACL ranging from 2000 to 3999 acl name Name of the ACL which must be a character string starting 1 to 32 characters with an English letter a z or A Z and without any space in it link group acl number acl name Activates Layer 2 ACLs acl number Sequence number of ACL ranging from 4000 to 4999 acl name Name of ACL which must be...

Page 272: ... be specified in the redirection applications related to MPLS such as VPLS L3VPN and interchangeably plugged cards Only the Ethernet and GigabitEthernet port views support join vlan currently Description Use the traffic redirect command to activate an ACL and configure traffic redirection Use the undo traffic redirect command to remove traffic redirection setting You can redirect packets to the CP...

Page 273: ...edirect inbound ip group 3000 next hop 202 119 85 1 202 119 95 1 slot 2 traffic shape Syntax traffic shape queue queue id max rate burst size undo traffic shape queue queue id View Ethernet port view port group view Parameter queue queue id Specifies queue ID in the range of 0 to 7 max rate Maximum traffic rate in Kbps of the port burst size Burst size in KB Its value should be the integer of 4 De...

Page 274: ... acl number acl name rule rule View Ethernet port view port group view Parameter inbound Sets traffic statistics for inbound packets at the port ip group acl number acl name Activates IP ACLs including basic and advanced ACLs acl number Sequence number of ACL ranging from 2000 to 3999 acl name Name of the ACL which must be a character string starting with an English letter a z or A Z and without a...

Page 275: ... group view to make statistics of traffic information of all the ports in the port group Related command display qos interface traffic statistic Example Run traffic statistics for the packets which match the permitted rules in the ACL 2000 SW8800 system view System View return to User View with Ctrl Z SW8800 interface e thernet3 1 1 3Com Ethernet3 1 1 traffic statistic inbound ip group 2000 share ...

Page 276: ...parameters The switch provides four sets of default WRED parameters respectively numbered as 0 1 2 and 3 The ten parameters for a port are green min threshhold yellow min threshhold red min threshhold green max threshhold yellow max threshhold red max threshhold green max prob yellow max prob red max prob and exponent Red yellow and green packets respectively refer to those with drop precedent lev...

Page 277: ...l switch using Telnet or SSH outbound Performs ACL control to the users who access other switches from the local switch using Telnet or SSH Description Use the acl command to apply an ACL to implement the ACL control to the users accessing through Telnet or SSH Use the undo acl command to remove the ACL control configured for users accessing through Telnet or SSH n You can only apply number based ...

Page 278: ...rface index value and the cause By default the system does not restrict incoming outgoing requests Example Perform ACL control to the users who access the local switch through Telnet assuming that ACL 2000 is previously created SW8800 system view System View return to User View with Ctrl Z SW8800 user interface vty 0 4 3Com user interface vty0 4 acl 2000 inbound snmp agent community Syntax snmp ag...

Page 279: ...w System View return to User View with Ctrl Z SW8800 snmp agent community read 3com acl 2000 snmp agent group Syntax snmp agent group v1 v2c group name read view read view write view write view notify view notify view acl acl number undo snmp agent group v1 v2c group name snmp agent group v3 group name authentication privacy read view read view write view write view notify view notify view acl acl...

Page 280: ...ready been defined SW8800 system view System View return to User View with Ctrl Z SW8800 snmp agent group v1 3com acl 2001 snmp agent usm user Syntax snmp agent usm user v1 v2c user name group name acl acl number undo snmp agent usm user v1 v2c user name group name snmp agent usm user v3 user name group name authentication mode md5 sha auth password privacy des56 priv password acl acl number undo ...

Page 281: ... user command to add a new user to an SNMP group and reference the ACL to perform ACL control to the network management users by acl acl number Use the undo snmp agent usm user command to remove the user from the related SNMP group as well as the configuration of the ACL control of the user Example Add a user 3com to the SNMP group 3comgroup Specify the security level to to be authenticated the au...

Page 282: ...280 CHAPTER 18 ACL CONTROL COMMANDS TO CONTROL LOGIN USERS ...

Page 283: ...e self defined flow template is deleted under the port the system will apply QACL rules in the VLAN to the new port automatically You will fail to apply the self defined flow template of a port with a VLAN ACL already applied to a customized flow template 2 If both a VLAN and one of its ports have QACL rules applied only those applied to the port work In this case the VLAN ACL takes effect only af...

Page 284: ...le you can also specify a system index value for the rule but this value may change while the system is running In general you are not recommended to specify this parameter manually cpu Mirrors traffic to the CPU Description Use the mirrored to command to activate an ACL and mirror matching data streams in VLAN to the CPU Use the undo mirrored to command to remove traffic mirroring setting This co...

Page 285: ...Use the undo packet filter command to deactivate an active ACL Example Activate ACL 2000 of each port in VLAN 2 SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 2 3Com vlan2 packet filter inbound ip group 2000 traffic limit Syntax traffic limit inbound ip group acl number acl name rule rule system index index tc index index traffic index traffic index cir cbs ebs pir conf...

Page 286: ...ffic parameters are configured with the traffic params command n When you specifies the same tc index value for different flows the parameter settings of the traffic policing action must be consistent completely otherwise the system will prompt errors when the tc index is set to 0 it means that the system will select the index automatically cir Committed information rate in Kbps cbs Committed burs...

Page 287: ...3000 Set the CIR to 2000 kbps the CBS to 2000 bytes and the EBS to 2500 bytes Drop packets when this threshold is exceeded SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 2 3Com vlan2 traffic limit inbound ip group 3000 200 2000 2500 conform remark policed service exceed drop traffic priority Syntax traffic priority inbound ip group acl number acl name rule rule system i...

Page 288: ...by users For MPLS packets the dscp value indicates the DSCP priority value In additional the least three bits of the value also acts as the EXP flag field which is set simultaneously when the user specifies the dscp value argument The local precedence argument is local precedence in the range of 0 to 7 The cos value argument is 802 1p priority in the range of 0 to 7 The drop level argument is drop...

Page 289: ...the data flow that the ports in VLAN receives SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 2 3Com vlan2 traffic priority inbound ip group 3000 auto traffic redirect Syntax traffic redirect inbound ip group acl number acl name rule rule system index index cpu next hop ip addr1 ip addr2 invalid forward drop undo traffic redirect inbound ip group acl number acl name rule...

Page 290: ...rmit ACL rules Use the undo traffic redirect command to remove traffic redirection setting You can redirect packets to the CPU or a specified IP address n Traffic redirection setting is only available for the permit rules in the ACL The packet redirected to the CPU cannot be forwarded normally You can achieve policy route by selecting the next hop keyword in this command Example Redirect to the CP...

Page 291: ...cs of these traffics Description Use the traffic statistic command to activate an ACL and run traffic statistics for the matching data flow in VLAN only available for the permit rules in the ACL Use the undo traffic statistic command to cancel traffic statistics The statistics information contains the hardware matching times in packet forwarding Example In VLAN 2 run traffic statistics for the pac...

Page 292: ...r ports command to view in this VLAN the ports with the ACL configuration of the VLAN synchronized to When a port is added to a VLAN you may fail to synchronize the VLAN ACL configuration of the VLAN because the resources are not enough or user defined flow templates are applied to ports You can use this command to view the ports to which the ACL rule configured on the specified VLAN is applied Ex...

Page 293: ......

Page 294: ...292 CHAPTER 19 VLAN ACL CONFIGURATION COMMANDS ...

Page 295: ...to disable packet attack prevention By default IP packet attack prevention is enabled and ARP packet attack prevention and dot1x packet attack prevention are disabled Example Enable ARP packet attack prevention SW8800 system view System View return to User View with Ctrl Z SW8800 anti attack arp enable Disable IP packet attack prevention SW8800 system view System View return to User View with Ctrl...

Page 296: ...ant information of 802 1x including configuration information running state session connection information and relevant statistics information By default all the relevant 802 1x information about each interface will be displayed This command can be used to display the following information on the specified interface 802 1x configuration state or statistics If no port is specified when executing th...

Page 297: ...l timer Handshake Period The interval of sending handshake packets of 802 1x Quiet Period Quiet period set by Quiet timer Quiet Period Timer is disable Quiet Period Timer is disable Supp Timeout Timeout timer for Supplicant authentication Server Timeout Timeout timer for Authentication Server The maximal retransmitting times The maximal times for the Ethernet switch to retransmit authentication re...

Page 298: ... parameter interface list is not specified 802 1x will be globally enabled If the parameter interface list is specified 802 1x will be enabled on the specified port When this command is used in Ethernet port view the parameter interface list cannot be input and 802 1x can only be enabled on the current port The configuration command can be used to configure the global or port 802 1x performance pa...

Page 299: ...cation Protocol PAP is a kind of authentication protocol with two handshakes It sends password in the form of simple text Challenge Handshake Authentication Protocol CHAP is a kind of authentication protocol with three handshakes It only transmits username but not password CHAP is more secure and reliable In the process of EAP authentication switch directly sends authentication information of 802 ...

Page 300: ...terface interface list View System view Ethernet interface view Parameter vlan id ID of the VLAN specified as the Guest VLAN It ranges from 1 to 4094 interface list List of Guest VLAN enabled ports expressed in the format interface list interface type interface number to interface type interface number 1 10 interface type means the interface type interface number is the interface number Refer to c...

Page 301: ...ype interface number to interface type interface number 1 10 interface type means the interface type interface number is the interface number Refer to command parameters in the Port section in the manual for the respective meanings and value ranges of them The interface number after the key word to should be no smaller than the interface number before to 1 10 in the command means that the precedin...

Page 302: ...in non authorized mode the switch does not respond to authentication requests and the user is not allowed to access the network resources interface interface list Ethernet interface list expressed in the format interface list interface type interface number to interface type interface number 1 10 interface type means the interface type interface number is the interface number Refer to command para...

Page 303: ... number Refer to command parameters in the Port section in the manual for the respective meanings and value ranges of them The interface number after the key word to should be no smaller than the interface number before to 1 10 in the command means that the preceding parameter can be entered up to 10 times Description Use the dot1x port method command to configure the base for 802 1x to perform ac...

Page 304: ... quiet period Command dot1x quiet period undo dot1x quiet period View System view Parameter None Description Use the dot1x quiet period command to enable the Quiet period timer Use the undo dot1x quiet period command to disable this timer If an 802 1x user has not passed the authentication the Authenticator will keep quiet for a while which is specified by quiet period timer before launching the a...

Page 305: ...ured to transmit authentication request frame once again when no response is received for the first time and so on This command has effect on all the port after configuration Related command display dot1x Example Configure the current device to transmit authentication request frame to the user for no more than 9 times SW8800 dot1x retry 9 dot1x supp proxy check Syntax dot1x supp proxy check logoff...

Page 306: ... dot1x Example Configure the switch cut network connection to a user upon detecting the use of proxy on Ethernet 2 1 1 through Ethernet 2 1 8 SW8800 dot1x supp proxy check logoff SW8800 dot1x supp proxy check logoff interface Ethernet 2 1 1 to Ethernet 2 1 8 Configure the switch to send trap message upon detecting the use of proxy on Ethernet 2 1 9 SW8800 dot1x supp proxy check trap SW8800 dot1x s...

Page 307: ...pted text the supp timeout timer of the Authenticator begins to run If the Supplicant does not respond back successfully within the time range set by this timer the Authenticator will resend the above packet supp timeout value Specifies how long the duration of an authentication timeout timer of a Supplicant is The value ranges from 10 to 120 in units of second and defaults to 30 tx period Has two...

Page 308: ... user should keep the default values of the timers Related command display dot1x Example Set the Authentication Server timeout timer is 150s SW8800 dot1x timer server timeout 150 reset dot1x statistics Syntax reset dot1x statistics interface interface list View User view Parameter interface interface list Ethernet interface list expressed in the format interface list interface type interface numbe...

Page 309: ... If the port type and port number are specified the 802 1x statistics on the specified port will be cleared Related command display dot1x Example Clear the 802 1x statistics on Ethernet 3 1 2 SW8800 reset dot1x statistics interface Ethernet 3 1 2 ...

Page 310: ...308 CHAPTER 20 802 1X CONFIGURATION COMMANDS ...

Page 311: ...icants in the current ISP domain Use the undo access limit command to restore the limit to the default setting By default there is no limit to the amount of supplicants in the current ISP domain This command limits the amount of supplicants contained in the current ISP domain The supplicants may contend with each other for the network resources So setting a suitable limit to the amount will guaran...

Page 312: ... address mac mac address idle cut second access limit max user number vlan vlanid location nas ip ip address port portnum port portnum undo attribute ip mac idle cut access limit vlan location View Local user view Parameter ip Specifies the IP address of a user mac mac address Specifies the MAC address of a user Where mac address takes on the hexadecimal format of X X X idle cut second Allows Disa...

Page 313: ...ss and MAC address attribute are valid only when the ISP domain authentication scheme is a local authentication scheme or the ISP domain authentication scheme is a RADIUS authentication scheme and the type of the RADIUS scheme is 3COM It should be noted that the argument nas ip must be defined for a user bound with a remote port which is unnecessary however in the event of a user bound with a loca...

Page 314: ...es from 1 to 4094 ucibindex ucib index Configures to cut the connection according to ucib index Here ucib index ranges from 0 to 2311 user name user name Configures to cut the connection according to user name user name is the argument specifying the username It is a character string not exceeding 32 characters excluding and The character can only be used once in one username The pure username the...

Page 315: ...ording the port ip ip address Configures to display the user specified with IP address vlan vlanid Configures to display the user specified with VLAN ID Here vlanid ranges from 1 to 4094 ucibindex ucib index Configures to display the user specified with ucib index Here ucib index ranges from 0 to 2311 user name user name Configures to display a user specifies with user name user name is the argume...

Page 316: ...p with ISP domain diagnosis and troubleshooting Related command access limit domain radius scheme user template state display domain Example Display the summary information of all ISP domains of the system SW8800 display domain 0 Domain system State Active Scheme LOCAL Access limit Disable Vlan assignment mode Integer Domain User Template Idle cut Disable Self service Disable Default Domain Name s...

Page 317: ...uesting network service user name user name Configures to display a local user specified with user name user name is the argument specifying the username It is a character string not exceeding 32 characters excluding and The character can only be used once in one username The pure username the part before namely the user ID cannot exceed 55 characters vlan vlanid Configures to display the local us...

Page 318: ...ain named as system has been created in the system The attributes of system are all default values ISP domain is a group of users belonging to the same ISP Generally for a username in the userid isp name format taking gw20010608 3com163 net as an example the isp name i e 3com163 net following the is the ISP domain name When 3Com Series Switches control user access as for an ISP user whose username...

Page 319: ...n Example Create a new ISP domain 3com163 net and enters its view SW8800 domain 3com163 net New Domain added 3Com isp 3com163 net idle cut Syntax idle cut disable enable minute flow View ISP domain view Parameter disable means disabling the user to use idle cut function enable means enabling the user to use idle cut function minute Specifies the maximum idle time ranging from 1 to 120 and measured...

Page 320: ... If you do not provide the high ip address argument then the address pool only contains the one specified by the low ip address argument Description Use the ip pool command to create a local IP address pool for PPP users Use the undo ip pool command to remove a specified local address pool By default no local IP address pool is created After creating an IP address pool in system view you can use t...

Page 321: ...nticate or to authenticate by passwords the levels of the commands available to an authenticated user are determined by the priority of the user interface If a user needs to provide user name and password to pass the authentication the levels of the commands available to an authenticated user are determined by the priority of the user Example Set the user priority to 3 3Com luser 3com1 level 3 loc...

Page 322: ...er command to configure a local user and enter the local user view Use the undo local user command to cancel a specified local user By default the user database of the system is empty If the client user wants to access FTP Server Switch 8800 Family devices through FTP this configuration is required Related commands display local user service type Example Add a local user named 3com1 SW8800 system ...

Page 323: ... cipher force name Syntax name string undo name View VLAN view Parameter string Name of the delivered VLAN The name can contain up to 32 characters Description Use the name command to configure the name of a delivered VLAN Use the undo name command to remove the name configured for a delivered VLAN By default a delivered VLAN has no name The name command works with the function of dynamic VLAN del...

Page 324: ...y mode to simple text simple will render useless Related command display local user Example Set the user 3com1 to display the password in simple text given the password is 20030422 3Com luser 3com1 password simple 20030422 scheme Syntax scheme radius scheme radius scheme name local hwtacacs scheme hwtacacs scheme name local local none undo scheme radius scheme hwtacacs scheme none View ISP domain ...

Page 325: ...tacacs scheme Example With 3com163 net as the current ISP domain specify to adopt the RADIUS scheme named 3com 3Com isp 3com163 net scheme radius scheme 3com Specify the ISP domain named 3com to adopt the Scheme named rd with Local authentication as the secondary authentication Scheme 3Com isp 3com scheme radius scheme rd local Specify the ISP domain named 3com to adopt hwtacacs scheme hwtac Schem...

Page 326: ... used to modify passwords This argument is a string that is of 1 to 64 characters in length Do not provide character of in this argument If an URL contains replace it with when inputting the URL in the command line Description Use the self service url enable command to configure self service server uniform resource locator URL Use the self service url disable command to remove the configuration of...

Page 327: ...mber callback nocheck callback number callback number ssh level level telnet terminal telnet level level ssh terminal terminal level level ssh telnet View Local user view Parameter ftp Specifies user types as FTP ftp directory directory Specifies the directory of FTP users directory is a character string of up to 64 characters lan access Specifies user type to Lan access which mainly refers to Eth...

Page 328: ...ain ISP domain view or the current user local user view to request network service Description Use the state command to configure the state of the current ISP domain current user By default after an ISP domain is created it is in the active state in ISP domain view A local user will be active in local user view upon its creation In ISP domain view every ISP can either be in Active or Block state I...

Page 329: ...LAN ID delivered by the RADIUS authentication server with the names of the VLANs existing on the switch If a matching entry is found the switch adds the port into the corresponding VLAN Otherwise the delivery fails and the user fails to pass the authentication n When configuring a VLAN delivering mode keep the mode configured on the switch consistent with the mode configured on the Radius Server F...

Page 330: ...accounting option is disabled If no RADIUS server is available or if RADIUS accounting server fails when the accounting optional is configured the user can still use the network resource otherwise the user will be disconnected The user configured with accounting optional command in RADIUS scheme will no longer send real time accounting update packet or stop accounting packet The accounting optiona...

Page 331: ...ket flow one packet Sets one packet as the unit of packet flow Description Use the data flow format command to configure the unit of data flow that send to RADIUS Server Use the undo data flow format command to restore the unit to the default setting By default the data unit is byte and the data packet unit is one packet Related command see display radius Example Set the unit of data flow that sen...

Page 332: ...ver statistics command to view the statistics of local RADIUS scheme Use the display local server nas ip command to view the Nas ip that is allowed to access the Local server Related command local server Example Display the statistics of local RADIUS scheme SW8800 display local server statistics The localserver packet statistics Receive 0 Send 0 Discard 0 Receive Packet Error 0 Auth Reveive 0 Auth...

Page 333: ...ame The name of Radius Scheme Index The index of Radius Scheme Type The type of Radius Scheme Primary Auth IP Port State The IP address of the primary authentication server the number of the access port the current state of the server Primary Acct IP Port State The IP address of the primary accounting server the number of the access port the current state of the server Second Auth IP Port State Th...

Page 334: ...adius nas ip Example Display all NAS IP information SW8800 display radius nas ip Radius VPN nas ip 192 168 1 1 vpn instance vpn1 Radius VPN nas ip 192 168 2 1 vpn instance vpn2 Radius global nas ip 192 168 3 1 display radius statistics Syntax display radius statistics View Any view Parameter None Description Use the display radius statistics command to view the statistics information of RADIUS pac...

Page 335: ...Num 0 Err 0 Succ 0 Realtime Account Num 2317 Err 0 Succ 2317 PKT response Num 0 Err 0 Succ 0 EAP reauth_request Num 0 Err 0 Succ 0 PORTAL access Num 0 Err 0 Succ 0 Update ack Num 0 Err 0 Succ 0 PORTAL access ack Num 0 Err 0 Succ 0 Session ctrl pkt Num 0 Err 0 Succ 0 RADIUS send messages statistic Normal auth accept Num 0 Normal auth reject Num 0 EAP auth accept Num 0 EAP auth reject Num 0 EAP auth...

Page 336: ...at hh mm ss yyyy mm dd When this parameter is specified all the stopping accounting requests saved in the time range since start time to stop time will be displayed user name user name Configures to display the saved stopping accounting requests according to the username User name specifies the username a character string not exceeding 32 characters excluding and The character can only be used onc...

Page 337: ... Configures to set the encryption key for RADIUS accounting packet authentication Configures to set the encryption key for RADIUS authentication authorization packet string Specifies the key with a character string not exceeding 16 characters By default the key is 3com Description Use the key command to configure encryption key for RADIUS authentication authorization or accounting packet Use the u...

Page 338: ...ADIUS servers Use the undo local server command to disable the local RADIUS server Port 1645 and port 1646 are disabled and RADIUS servers are unavailable in this case By default local RADIUS servers are enabled and port 1645 and port 1646 are enabled too Example Enable the local RADIUS server SW8800 system view SW8800 local server enable local server nas ip Syntax local server nas ip ip address k...

Page 339: ...iew When operating as a local RADIUS server a 3Com Switch 8800 Family Series Routing Switch supports CHAP and PAP authentications but not EAP MD5 challenge authentication 3Com series switches support up to 16 local RADIUS scheme Related command radius scheme state Example Set the IP address of local RADIUS scheme to 10 110 1 2 and the password to 3com SW8800 local server nas ip 10 110 1 2 key 3Com...

Page 340: ...ary RADIUS accounting server By default the primary accounting server of the RADIUS scheme created by the system whose name is system uses IP address of 127 0 0 1 and UDP port of 1646 The primary accounting server of a newly created RADIUS scheme uses IP address of 0 0 0 0 and UDP port of 1813 After creating a new RADIUS scheme you need to set the IP address and the UDP port for the RADIUS servers...

Page 341: ...The primary and secondary authentication server of a newly created RADIUS scheme uses IP address of 0 0 0 0 and UDP port of 1812 After creating a RADIUS scheme you are supposed to set IP addresses and UDP port numbers for the RADIUS servers including primary secondary authentication authorization servers and accounting servers In real networking environments the above parameters shall be set accor...

Page 342: ...00 system view SW8800 radius client enable radius nas ip Syntax radius nas ip ip address vpn instance vpn instance name undo radius nas ip vpn instance vpn instance name View System view Parameter ip address Source IP address expressed in the format of dotted decimal notation It must be a legal unicast address vpn instance name The name of VPN instances which is a string ranging of 1 to 19 charact...

Page 343: ...me shall at least have the specified IP address and UDP port number of the RADIUS authentication authorization accounting server and some necessary parameters exchanged with the RADIUS client end switch system So it is necessary to create the RADIUS scheme and enter its view before performing other RADIUS protocol configurations A RADIUS scheme can be used by several ISP domains at the same time Y...

Page 344: ...eding 32 characters session id session id Configures to delete the stopping accounting requests from the buffer according to the specified session ID session id specifies the Session ID with a character string not exceeding 50 characters time range start time stop time Configures to delete the stopping accounting requests from the buffer according to the saving time Start time specifies the start ...

Page 345: ...8800 reset stop accounting buffer user name user0001 3com163 net Delete the stopping accounting requests saved in the system buffer since 0 0 0 to 23 59 59 on August 31 2002 SW8800 reset stop accounting buffer time range 0 0 0 2002 08 31 23 59 59 2002 08 31 retry Syntax retry retry times undo retry View RADIUS scheme view Parameter retry times Specifies the maximum times of retransmission ranging ...

Page 346: ...be responded to the default value RADIUS server usually checks if a user is online with timeout timer If the RADIUS server has not received the real time accounting packet from NAS it will consider that there is line or device failure and stop accounting Accordingly it is necessary to disconnect the user at NAS end and on RADIUS server synchronously when some unexpected failure occurs 3Com Series ...

Page 347: ...ssage to RADIUS accounting server Accordingly if the message from the switch to RADIUS accounting server has not been responded the switch shall save it in the local buffer and retransmit it until the server responds or discard the messages after transmitting for specified times Related command reset stop accounting buffer radius scheme display stop accounting buffer Example Perform the following ...

Page 348: ...n View RADIUS scheme view Parameter ip address IP address in dotted decimal format By default the IP address of secondary authentication authorization server is 0 0 0 0 port number Specifies the UDP port number ranging from 1 to 65535 By default the authentication authorization service is provided via UDP 1812 Description Use the secondary authentication command to configure the IP address and por...

Page 349: ...iption Use the server type command to configure the RADIUS scheme type supported by the switch Use the undo server type command to restore the RADIUS scheme type to the default value The default RADIUS server type of a newly created RADIUS scheme is standard The RADIUS server type of the default RADIUS scheme with a name of system which is created by the system is 3com 3Com Switch 8800 Family Seri...

Page 350: ...uthentication authorization or an accounting server if the primary server is disconnected to NAS for some fault NAS will automatically turn to exchange packets with the secondary server However after the primary one recovers NAS will not resume the communication with it at once instead it continues communicating with the secondary one When the secondary one fails to communicate NAS will turn to th...

Page 351: ...ing for specified times Related command reset stop accounting buffer radius scheme display stop accounting buffer Example Enable the switch to buffer the stop accounting requests that get no answer from the server configured for the RADIUS scheme 3com 3Com radius 3com stop accounting buffer enable timer quiet Syntax timer quiet minutes undo timer quiet View RADIUS scheme view Parameter minutes The...

Page 352: ...l time accounting it is necessary to set a real time accounting interval After the attribute is set NAS will transmit the accounting information of online users to the RADIUS server regularly The value of minute is related to the performance of NAS and RADIUS server The smaller the value is the higher the requirement for NAS and RADIUS server is When there are a large amount of users more than 100...

Page 353: ...nse timeout 5 user name format Syntax user name format with domain without domain View RADIUS scheme view Parameter with domain Specifies to send the username with domain name to RADIUS server without domain Specifies to send the username without domain name to RADIUS server Description Use the user name format command to configure the username format sent to RADIUS server By default as for the ne...

Page 354: ...nd the username without domain name to RADIUS scheme 3Com radius 3com user name format without domain vpn instance Syntax vpn instance vpn name View RADIUS scheme view Parameter vpn name The name of the VPN instance which is a string of 1 to 19 characters Description Use the vpn instance command to configure the VPN that the RADIUS scheme belongs to Use the undo vpn instance command to cancel the ...

Page 355: ...t unit giga packet Sets giga packet as the unit of packet flow kilo packet Sets kilo packet as the unit of packet flow mega packet Sets mega packet as the unit of packet flow one packet Sets one packet as the unit of packet flow Description Use the data flow format command to configure the unit of data flow sent to TACACS Server Use the undo data flow format command to restore the unit to the defa...

Page 356: ...ugging hwtacacs command to enable HWTACACS debugging Use the undo debugging hwtacacs command to disable HWTACACS debugging By default HWTACACS debugging is disabled Example Enable the event debugging of HWTACACS SW8800 debugging hwtacacs event display hwtacacs Syntax display hwtacacs hwtacacs scheme name View Any view Parameter hwtacacs scheme name Scheme name of the HWTACACS server a string of 1 ...

Page 357: ...l min 5 Response timeout Interval sec 5 Domain included No Traffic unit B Packet traffic unit one packet display stop accounting buffer hwtacacs scheme Syntax display stop accounting buffer hwtacacs scheme hwtacacs scheme name View Any view Parameter hwtacacs scheme hwtacacs scheme name Displays information on buffered stop accounting requests related to the HWTACACS scheme specified by hwtacacs s...

Page 358: ...ource address is normally recommended to be a loopback interface address For the hwtacacs nas ip command the HWTACACS view takes precedence over the system view By default the source address is not specified that is the address of the interface sending the packet serves as the source address This command specifies only one source address therefore the newly configured source address may overwrite ...

Page 359: ...ared key for HWTACACS authentication authorization or accounting Use the undo key command to delete the configuration By default no key is set The HWTACACS client the switch system and HWTACACS server use MD5 algorithm to encrypt the exchanged packets The two ends verify packets using a shared key Only when the same key is used can both ends accept the packets from each other and give responses So...

Page 360: ...the IP address of the interface of the VLAN to which the port connecting the server belongs Related command display hwtacacs and hwtacacs nas ip Example Configure the source IP address for HWTACACS packets sent from the NAS switch to 10 1 1 1 SW8800 hwtacacs scheme test1 3Com hwtacacs test1 nas ip 10 1 1 1 primary accounting Syntax primary accounting ip address port number undo primary accounting ...

Page 361: ... Parameter ip address IP address of the server a valid unicast address in dotted decimal format port number Port number of the server which is in the range 1 to 65535 and defaults to 49 Description Use the primary authentication command to configure a primary TACACS authentication server Use the undo primary authentication command to delete the configured authentication server By default the IP ad...

Page 362: ...ary authorization command to delete the configured primary authorization server By default the IP address of the TACACS authorization server is all zeros You are not allowed to assign the same IP address to both primary and secondary authorization servers If you repeatedly use this command the latest configuration overwrites the previous one You can remove a TACACS scheme authorization server only...

Page 363: ...ter hwtacacs scheme hwtacacs scheme name Configures to delete the stop accounting requests from the buffer according to the specified HWTACACS scheme name The hwtacacs scheme name specifies the HWTACACS scheme name with a character string not exceeding 32 characters excluding Description Use the reset stop accounting buffer command to clear the stop accounting requests that have no response and ar...

Page 364: ...p accounting packet retransmission and allow up to 50 packets to be transmitted for each request SW8800 retry stop accounting 50 secondary accounting Syntax secondary accounting ip address port number undo secondary accounting View HWTACACS view Parameter ip address IP address of the server a valid unicast address in dotted decimal format port number Port number of the server which is in the range...

Page 365: ...nd defaults to 49 Description Use the secondary authentication command to configure a secondary TACACS authentication server Use the undo secondary authentication command to delete the configured secondary authentication server By default IP address of TACACS authentication server is all zeros You are not allowed to assign the same IP address to both primary and secondary authentication servers If...

Page 366: ...ured secondary authorization server By default IP address of TACACS authorization server is all zeros You are not allowed to assign the same IP address to both primary and secondary authorization servers If you repeatedly use this command the latest configuration overwrites the previous one You can remove a TACACS scheme authorization server only when no Active TCP connection used to send authoriz...

Page 367: ... 10 timer realtime accounting Syntax timer realtime accounting minutes undo timer realtime accounting View HWTACACS view Parameter minutes Real time accounting interval which is in the range of 3 to 60 minutes and must be a multiple of 3 By defaults it is 12 minutes Description Use the timer realtime accounting command to set the real time accounting interval Use the undo timer realtime accounting...

Page 368: ...meout command to set the TACACS server response timeout time Use the undo timer response timeout command to restore the default setting n Since HWTACACS is implemented based on TCP so server response timeout or TCP timeout may terminate the connection to the TACACS server Related command display hwtacacs Example Set the TACACS server response timeout time to 30 seconds SW8800 hwtacacs scheme test1...

Page 369: ...in name following The switch uses domain names to group users to different ISP domains While some earlier TACACS servers do not accept the username with domain name In this case you must remove the domain name before sending a username to the server n When you specify that no ISP domain name is contained in usernames for a HWTACACS scheme this scheme cannot be used in two or more ISP domains at th...

Page 370: ...368 CHAPTER 21 AAA AND RADIUS HWTACACS PROTOCOL CONFIGURATION COMMANDS ...

Page 371: ...ing for Portal arp handshake Enables the debugging for ARP handshake server Enables the debugging for Portal server tcp cheat Enables the debugging for TCP cheat Description Use the debugging portal command to enable the debugging for Portal Use the undo debugging portal command to disable the debugging output Example Enable all the debugging for Portal SW8800 debugging portal all display portal S...

Page 372: ...tics Displays the statistics about the Portal server tcp cheat statistics Displays the statistics about TCP cheats ipaddress Information about users using the specified IP address interface type Port type whose value is Ethernet or GigabitEthernet interface number Port number expressed in the form of slot number card number port number vlan vlan id Displays the information about all the users in a...

Page 373: ..._ACL 0 PT_MSG_TMR_MAC 0 PT_MSG_TMR_NIP 0 ERROR Statistics MEM Error 0 RCV MSG ERR 0 SND MSG ERR 0 Table 46 Description on the fields of the display portal command Field Description Run Method Portal servers run in one of the three methods direct ReDHCP and Layer3 Free IP Free IP addresses A Portal server will use one free IP address automatically Free User Authentication free users Portal Server T...

Page 374: ... Logout acknowledgement message PT_MSG_LEAVING_ACK Leaving acknowledgement message PT_MSG_CUT_REQ Cut request message to force the users to log out PT_MSG_MAC_ACK MAC acknowledgement message This value is 0 for Layer 3 method PT_MSG_ACL_ACK ACL acknowledgement message This value is 0 for ReDHCP method PT_MSG_ARPPKT ARP packet message This value is 0 for Layer 3 method PT_MSG_TMR_AUT Statistics abo...

Page 375: ...w System View return to User View with Ctrl Z SW8800 interface Vlan interface 10 3Com Vlan interface10 portal 3Com portal arp handshake Syntax portal arp handshake interval interval retry times retry times undo portal arp handshake interval retry times View System view Parameter interval Interval of ARP handshakes in seconds in the range of 10 to 180 Its step is 10 It is 60 seconds by default retr...

Page 376: ...id all View System view Parameter network address net mask Address and subnet mask of the authentication network section vlan id ID of the VLAN where the access port where the authentication users access into the switch across the network lies in all Disables all the configured authentication network sections Description Use the portal auth network command to configure the authentication network s...

Page 377: ...ddress Free IP address of the host mask Mask mask length Length of a mask Description Use the portal free ip command to set the free IP addressees for a Portal client Use the undo portal free ip command to delete the specified free IP address No free IP address is configured by default Free IP addresses can be the IP addresses of DNS servers or the IP addresses that ISP provides to access free web...

Page 378: ...94 interface Port of the switch that the authentication free users lie in This port must belong to the VLAN that this command specifies interface type Port type whose value is Ethernet or GigabitEthernet interface number Port number expressed in the form of slot number card number port number all Deletes all authentication free users Description Use the portal free user command to configure the Po...

Page 379: ...iew with Ctrl Z SW8800 portal free user mac 00e0 fc01 0101 ip 10 110 1 1 vlan 10 i nterface ethernet 2 1 1 portal method Syntax portal method direct layer3 redhcp undo portal method View System view Parameter direct Adopts the direct authentication method in Portal authentication layer3 Adopts the layer 3 Portal authentication method namely accoss layer 3 Portal authentication method in authentica...

Page 380: ... need not be bracketed when entered Description Use the portal server command to create a Portal server or modify the configuration of a Portal server Use the undo portal server command to delete the specified server or restore the default parameter configuration of the specified server c CAUTION When configuring a Portal server you must also configure the IP address for that server If the Portal ...

Page 381: ...en the switch receives the bandwidth limit rules for Portal users from the CAMS server the switch will limit the traffic on the upload interface where the portal upload interface command is executed that is to say the switch will perform bandwidth control for the upload rates of Portal users An upload interface is the interface to connect the switch with the upstream network devices c CAUTION Only...

Page 382: ...statistics about the Portal server tcp cheat Clears the statistics about TCP cheats Description Use the reset portal command to clear the related statistics about Portal Example Clear the statistics about ACM of the Portal client SW8800 reset portal acm statistics ...

Page 383: ...splay ip routing table command to view the routing table summary This command displays routing table information in summary form Each line represents one route The contents include destination address mask length protocol preference metric next hop and output interface Only current used route namely best route is displayed using display ip routing table command Example View the summary of the rout...

Page 384: ...d in track display of route policy to display the route that passed the filtering rule according the input basic ACL number or name The command is only applicable to display the route that passed basic ACL filtering rules Example Display the summary of Active routes that are filtered through basic acl 2000 SW8800 acl number 2000 3Com acl basic 2000 rule permit source 10 1 1 1 0 0 0 255 3Com acl ba...

Page 385: ...2 Vlan interface1 Vlinkindex 0 State Int ActiveU Retain Unicast Age 7 24 Cost 0 0 Tag 0 Destination 10 1 1 2 Mask 255 255 255 255 Protocol DIRECT Preference 0 NextHop 127 0 0 1 Interface 127 0 0 1 InLoopBack0 Vlinkindex 0 State NoAdvise Int ActiveU Retain Gateway Unicast Age 7 24 Cost 0 0 Tag 0 Table 49 Description of the fields of the display ip routing table acl verbose command Field Description...

Page 386: ...ols Int The route is discovered by interior gateway protocol IGP NoAdvise The routing protocol does not import NoAdvise route when it imports routes based on the policy NotInstall The routing protocol generally selects the route with the highest precedence from its routing table then places it in its core routing table and imports it Although the NotInstall route cannot be placed in the core routi...

Page 387: ...he following is the output description for different forms of this command display ip routing table ip address If destination address ip address has corresponding route in natural mask range this command will display all subnet routes or only the route best matching the destination address ip address is displayed And only the Active matching route is displayed display ip routing table ip address m...

Page 388: ...mmary count 3 Destination 169 0 0 0 Mask 255 255 0 0 Protocol STATIC Preference 60 NextHop 192 168 1 2 Interface 192 168 1 1 Vlan interface10 Vlinkindex 0 State Int ActiveU Gateway Static Unicast Age 10 20 Cost 0 0 Tag 0 Destination 169 0 0 0 Mask 255 0 0 0 Protocol STATIC Preference 60 NextHop 192 168 1 2 Interface 192 168 1 1 Vlan interface10 Vlinkindex 0 State Int ActiveU Gateway Static Unicast...

Page 389: ...n in the specified address range Example Display the routing information of destination addresses ranging from 1 1 1 0 to 2 2 2 0 SW8800 display ip routing table 1 1 1 0 24 2 2 2 0 24 Routing tables Summary count 3 Destination Mask Protocol Pre Cost Nexthop Interface 1 1 1 0 24 DIRECT 0 0 1 1 1 1 Vlan interface1 1 1 1 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 2 2 2 0 24 DIRECT 0 0 2 2 2 1 Vlan interfa...

Page 390: ... 0 SW8800 display ip routing table ip prefix abc2 Routes matched by ip prefix abc2 Summary count 2 Destination Mask Protocol Pre Cost Nexthop Interface 10 1 1 0 24 STATIC 60 0 48 48 48 2 Vlan interface48 10 1 1 2 32 STATIC 60 0 48 48 48 2 Vlan interface48 For detailed description of the output information see Table 48 Display the details of the active and inactive routes filtered by the prefix lis...

Page 391: ...tes a VPN instance name Description Use the display ip routing table protocol command to view the route information of specified protocol Example Display all direct connection routes summary SW8800 display ip routing table protocol direct DIRECT Routing tables Summary count 4 DIRECT Routing tables status active Summary count 3 Destination Mask Protocol Pre Cost Nexthop Interface 20 1 1 1 32 DIRECT...

Page 392: ...xample Display route information in tree format SW8800 display ip routing table radix Radix tree for INET 2 inodes 7 routes 5 32 210 0 0 1 0 8 127 0 0 0 32 127 0 0 1 1 8 20 0 0 0 32 20 1 1 1 display ip routing table statistics Syntax display ip routing table statistics View Any view Parameter None Description Use the display ip routing table statistics command to view the integrated routing inform...

Page 393: ...stance name VPN instance name Description Use the display ip routing table vpn instance command to view the routing information about the VPN instance Example View the routing information about the VPN instance SW8800 dis ip routing table vpn instance vpn49 1 vpn49 1 Route Information Routing Table vpn49 1 Route Distinguisher 49 1 Destination Mask Protocol Pre Cost Nexthop Interface Table 51 Descr...

Page 394: ...ute can be displayed using the display ip routing table verbose command Example Display the verbose routing table information SW8800 display ip routing table verbose Routing Tables Generate Default no Active Route Last Active Both Next hop in use Destinations 3 Routes 3 Holddown 0 Delete 62 Hidden 0 Destination 1 1 1 0 Mask 255 255 255 0 Protocol DIRECT Preference 0 NextHop 1 1 1 1 Interface 1 1 1...

Page 395: ...ng table Example Delete all the static routes in the router SW8800 delete static routes all Are you sure to delete all the unicast static routes Y N delete vpn instance Syntax delete vpn instance vpn instance name static routes all View System view Parameter vpn instance Specifies VPN instance parameter vpn instance name VPN instance name static routes VPN static route all All static routes Table ...

Page 396: ...nterface type interface number vpn instance vpn instance name gateway address preference preference value View System view Parameter vpn instance Specifies VPN instance parameter vpn instance name list VPN instance name list vpn instance name list vpn instance name 1 6 1 6 in the command represents that the preceding parameter can be input repeatedly up to 6 times ip address Destination IP address...

Page 397: ...btain the sub net route directly connected with the router If it is not specified as reject or blackhole the route will be reachable by default Precautions for static route configuration When the destination IP address and the mask are both 0 0 0 0 it is the configured default route If it is failed to detect the routing table a packet will be forwarded along the default route For different configu...

Page 398: ...396 CHAPTER 23 STATIC ROUTE CONFIGURATION COMMANDS ...

Page 399: ...ero undo checkzero View RIP view Parameter None Description Use the checkzero command to check the zero field of RIP 1 packet Use the undo checkzero command to disable the checking of the zero fields By default RIP 1 performs zero field check According to the protocol RFC1058 specifications some fields in RIP 1 packets must be zero called zero fields You can use the checkzero command to enable the...

Page 400: ...ormed with the default routing cost specified with the default cost command Related command import route Example Set the default routing cost of the imported route of another routing protocol to 3 3Com rip default cost 3 display rip Syntax display rip routing vpn instance View Any view Parameter routing Displays RIP routing information vpn instance Displays VPN instance information Description Use...

Page 401: ...resent Description Use the filter policy export command to configure to filter the advertised routing information by RIP Use the undo filter policy export command to configure not to filter the advertised routing information By default RIP does not filter the advertised routing information Table 53 Description of the fields of the display rip command Field Description RIP is running RIP is active ...

Page 402: ...g information gateway ip prefix name Name of address prefix list used for filtering the addresses of the neighboring routers advertising the routing information Description Use the filter policy gateway import command to configure to filter the received routing information distributed from the specified address Use the undo filter policy gateway import command to configure not to filter the receiv...

Page 403: ...host route Example Configure RIP to reject a host route 3Com rip undo host route import route Syntax import route protocol cost value route policy route policy name undo import route protocol View RIP view Parameter protocol Specifies the source routing protocol to be imported by RIP At present RIP can import the following routes direct bgp ospf ospf ase ospf nssa isis and static value Cost value ...

Page 404: ...tic cost 4 Set the default cost and import an OSPF route with the default cost 3Com rip default cost 3 3Com rip import route ospf network Syntax network network address undo network network address View RIP view Parameter network address IP address of the RIP interface It can be the IP network address of any interface Description Use the network command to enable Routing Information Protocol RIP f...

Page 405: ...ax peer ip address undo peer ip address View RIP view Parameter ip address The interface IP address of the peer router in dotted decimal format Description Use the peer command to configure the sending destination address of the peer device Use the undo peer command to cancel the set destination address By default do not send RIP packet to any destination RIP exchanges routing information with non...

Page 406: ... command can be used to modify the RIP preference manually Example Specify the RIP preference as 20 3Com rip preference 20 reset Syntax reset View RIP view Parameter None Description Use the reset command to reset the system configuration parameters of RIP When you need to re configure parameters of RIP this command can be used to restore to the default setting Example Reset the RIP system 3Com ri...

Page 407: ...her text authentication packet to use the general packet format RFC1723 standard format key string MD5 cipher text authentication key If it is input in a plain text form MD5 key is a character string not exceeding 16 characters And it will be displayed in a cipher text form in a length of 24 characters when the display current configuration command is executed Inputting the MD5 key in a cipher tex...

Page 408: ...0 interface Vlan interface 10 3Com Vlan interface10 rip version 2 3Com Vlan interface10 rip authentication mode md5 usual aaa rip input Syntax rip input undo rip input View Interface view Parameter None Description Use the rip input command to allow an interface to receive RIP packets Use the undo rip input command to disable an interface to receive RIP packets By default all interfaces except loo...

Page 409: ...ional route metric to 2 when the interface Vlan interface 10 receives RIP packets SW8800 interface Vlan interface 10 3Com Vlan interface10 rip metricin 2 rip metricout Syntax rip metricout value undo rip metricout View Interface view Parameter value Additional route metric added when an interface transmits a packet ranging from 1 to 16 By default the value is 1 Description Use the rip metricout co...

Page 410: ...used in cooperation with the other two commands rip input and rip work Functionally rip work is equivalent to rip input rip output The latter two control the receipt and the transmission of RIP packets respectively on an interface The former command equals the functional combination of the latter two commands Related command rip input rip work Example Disable the interface Vlan interface 10 to tra...

Page 411: ...ersion of RIP packets on an interface is RIP 2 broadcast Transmission mode of RIP 2 packet is broadcast multicast Transmission mode of RIP 2 packet is multicast Description Use the rip version command to configure the version of RIP packets on an interface Use the undo rip version command to restore the default value of RIP packet version on the interface By default the interface RIP version is RI...

Page 412: ...P on an interface By default RIP is running on an interface This command is used in cooperation with rip input rip output and network commands Refer to the usage guideline of the related commands Related command network rip input rip output Example Disable the interface Vlan interface 10 to run the RIP SW8800 interface Vlan interface 10 3Com Vlan interface10 undo rip work summary Syntax summary un...

Page 413: ...face10 quit SW8800 rip 3Com rip undo summary timers Syntax timers update update timer length timeout timeout timer length undo timers update timeout View RIP view Parameter update timer length Value of the Period Update timer ranging from 1 to 3600 seconds By default it is 30 seconds timeout timer length Value of the Timeout timer ranging from 1 to 3600 seconds By default it is 180 seconds Descrip...

Page 414: ...412 CHAPTER 24 RIP CONFIGURATION COMMANDS Example Set the values of Period Update timer and Timeout timer of RIP to 10 seconds and 30 seconds respectively SW8800 rip 3Com rip timers update 10 timeout 30 ...

Page 415: ...tches the specified IP address and mask not advertise Not advertises routes matching the specified IP address and mask Description Use the abr summary command to configure automatic route summarization on the area border router Use the undo abr summary command to disable the function of route summarization on the area border router By default the area border router does not summarize routes This c...

Page 416: ...g from 0 to 4 294 967 295 or in IP address format Description Use the area command to enter OSPF Area view Use the undo area command to remove the specified area Example Enter OSPF Area 0 view 3Com ospf 1 area 0 3Com ospf 1 area 0 0 0 0 asbr summary Syntax asbr summary ip address mask not advertise tag value undo asbr summary ip address mask View OSPF view Parameter ip address Matched IP address i...

Page 417: ...y ospf asbr summary Example Set summarization of 3Com imported routes SW8800 ospf 3Com ospf 1 asbr summary 10 2 0 0 255 255 0 0 not advertise authentication mode Syntax authentication mode simple md5 undo authentication mode View OSPF area view Parameter simple Uses simple text authentication mode md5 Uses MD5 cipher text authentication mode Description Use the authentication mode command to confi...

Page 418: ... dd hello interface interface type interface number request update lsa originate spf graceful restart View User view Parameter process id Process ID of OSPF The command enables disables all process debugging if you do not specify a process ID event Enables Disables OSPF event debugging packet Enables Disables OSPF packet debugging OSPF packets include ack LSAck packet dd Database Description packe...

Page 419: ...nable the debugging for OSPF GR SW8800 debugging ospf graceful restart default cost Syntax default cost value undo default cost View OSPF view Parameter value Default routing cost of an external route imported by OSPF ranging from 0 to 16 777 214 By default its value is 1 Description Use the default cost command to configure the default cost for OSPF to import external routes Use the undo default ...

Page 420: ... affect the performances of the device it is necessary to specify the default interval for the protocol to import external routes Example Specify the default interval for OSPF to import external routes as 10 seconds 3Com ospf 1 default interval 10 default limit Syntax default limit routes undo default limit View OSPF view Parameter routes Default value to the imported external routes in a unit tim...

Page 421: ... that OSPF assigns to imported routes When OSPF imports a route found by other routing protocols in the router and uses it as the external routing information of its own autonomous system some additional parameters are required including the default cost and the default tag of the route Related command default type Example Set the default tag that OSPF assigns to imported routes to 10 3Com ospf 1 ...

Page 422: ... to the Stub or NSSA area ranging from 0 to 16 777 214 The default value is 1 Description Use the default cost command to configure the cost of the default route transmitted by OSPF to the Stub or NSSA area Use the undo default cost command to restore the cost of the default route transmitted by OSPF to the Stub or NSSA area to the default value This command only applies to the border routers conn...

Page 423: ...ch the route policy specified by route policy name route policy will affect the value in ASE LSA The length of route policy name argument is a character string of 1 to 19 characters Description Use the default route advertise command to import default route to OSPF route area Use the undo default route advertise command to cancel the redistribution of default route By default OSPF does not import ...

Page 424: ...ew Parameter process id Process ID of OSPF The command is applied to all current OSPF processes if you do not specify a process ID Description Use the display ospf abr asbr command to view the information about the ABR and ASBR of OSPF Example Display the information of the OSPF area border routers and autonomous system border routers SW8800 display ospf abr asbr OSPF Process 1 with Router ID 10 1...

Page 425: ...all OSPF imported routes will be displayed Related command asbr summary Example Display the summary information of all OSPF imported routes SW8800 display ospf asbr summary OSPF Process 1 with Router ID 1 1 1 1 Summary Addresses Total summary address count 2 Summary Address net 168 10 0 0 mask 255 254 0 0 tag 1 status Advertise The Count of Route is 0 Summary Address net 1 1 0 0 mask 255 255 0 0 t...

Page 426: ...Flags SPF scheduled Interface 201 1 1 4 Vlan interface1 Cost 1 State DR Type Broadcast Priority 1 Designated Router 201 1 1 4 Backup Designated Router 201 1 1 3 Timers Hello 10 Dead 40 Poll 0 Retransmit 5 Transmit Delay 1 mask Mask tag Tag status Status information including two values DoNotAdvertise The summary routing information to the network segment will not be advertised Advertise The summar...

Page 427: ...at of the external route of OSPF is 150 by default Default ASE parameters Default ASE parameters of OSPF including metric type and tag SPF computation count SPF computation count since OSPF is enabled Area Count Areas for connection to this router Nssa Area Count Number of NSSA areas SPF scheduled SPF scheduled flag Interface Interface name belonging to this area Cost Cost of routes State State in...

Page 428: ...ields of the display ospf cumulative command Field Description IO Statistics Type Type of input output OSPF packet Input Number of received packets Output Number of transmitted packets ASE Number of all ASE LSAs checksum sum Checksum of ASE LSA LSAs originated Number of originated LSAs received Number of received LSAs generated by other routers Router Number of all Router LSAs SumNet Number of all...

Page 429: ...LS REQ empty request 0 LS REQ wrong request 0 LS UPD neighbor state low 0 LS UPD newer self generate LSA 0 LS UPD LSA checksum wrong 0 LS UPD received less recent LSA 0 LS UPD unknown LSA type 0 OSPF routing next hop not exist 0 DD MTU option mismatch 0 ROUTETYPE wrong type value Table 58 Description of the fields of the display ospf error command Field Description IP received my own packet Receiv...

Page 430: ...LS ACK packet states of neighbors are not synchronized LS ACK wrong ack Link state acknowledgment packet ack error LS ACK duplicate ack Link state acknowledgment packet ack duplication LS ACK unknown LSA type Link state acknowledgment packet unknown LSA type LS REQ neighbor state low Link state request LS REQ packet The states of neighbors are not synchronized LS REQ empty request Link state reque...

Page 431: ... LSA AS external LSA network Views the database information of Type 2 LSA Network LSA nssa Views the database information of Type 7 LSA NSSA external LSA router Views the database information of Type 1 LSA Router LSA summary Views the database information of Type 3 LSA Summary Net LSA ip address Link state ID in IP address format Table 59 Description of the fields of the display ospf interface com...

Page 432: ...0 153 18 89 3 3 3 3 429 32 80000003 0 SpfTree SNet 10 153 17 0 1 1 1 1 355 28 80000003 10 Inter List ASB 2 2 2 2 1 1 1 1 355 28 80000003 10 SumAsb List AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric Where ASE 10 153 18 0 1 1 1 1 1006 36 80000002 1 Ase List ASE 10 153 16 0 2 2 2 2 798 36 80000002 1 Uninitialized ASE 10 153 17 0 2 2 2 2 623 36 80000003 1 Uninitialized ASE 1...

Page 433: ...e2 202 38 160 2 Neighbor 1 202 38 160 1 Vlan interface2 Table 61 Description of the fields of the display ospf lsdb ase command Field Description type Type of the LSA ls id Link state ID of the LSA adv rtr Router ID of the router originating the LSA ls age Age of the LSA in seconds len Length of the LSA seq Sequence number of the LSA chksum Checksum of the LSA Options Options of the LSA Net mask N...

Page 434: ... Neighbor Brief Information Virtual Link Router ID Address Pri Interface State 85 1 1 2 63 56 1 1 0 Vlan interface561 Down display ospf request queue Syntax display ospf process id request queue View Any view Parameter process id ID of an OSPF process The command is applied to all current OSPF processes if you do not specify a process ID Intf Name The outgoing interface to the next hop Table 62 De...

Page 435: ...sion queue Example Display information about the OSPF retransmission queue SW8800 display ospf retrans queue OSPF Process 200 with Router ID 103 160 1 1 Retransmit List The Router s Neighbors is RouterID 162 162 162 162 Address 103 169 2 2 Interface 103 169 2 5 Area 0 0 0 1 Retrans list Type ASE LSID 129 11 77 0 AdvRouter 103 160 1 1 Type ASE LSID 129 11 108 0 AdvRouter 103 160 1 1 Table 64 Descri...

Page 436: ...Intra Area 2 Inter Area 0 ASE 0 NSSA 0 Table 65 Description of the fields of the display ospf retrans queue command Field Description RouterID Router ID of neighbor router Address Address of the interface through which neighbor routers communicate with the router Interface Address of the interface on the network segment Area Number of an OSPF area Type Type of the LSA LSID Link State ID of the LSA...

Page 437: ...Yes 2 3 0 0 255 255 0 0 16777215 advertise No display ospf graceful restart status Syntax display ospf process id graceful restart status NSSA Number of NSSA routes Table 66 Description of the fields of the display ospf routing command Field Description Table 67 Description of the fields of the display ospf abr summary command Fields Description Network Destination network segment Mask Mask Cost C...

Page 438: ...mpatible Restart Status Help Restart Help NBR Number 1 NBR ID 91 1 1 1 OOB NBR Number 1 NBR ID 91 1 1 1 OSPF Process 2 with Router ID 10 1 1 1 Restart Status Restart Mode Standard Restart Interval 120 Restart Status Help Restart Help NBR Number 1 NBR ID 10 1 1 2 Display the information about Graceful Restart of OSPF 1 SW8800 display ospf 1 graceful restart status OSPF Process 1 with Router ID 30 1...

Page 439: ...ist ip prefix name Name of the address prefix list used for filtering the destination addresses in routing information routing protocol Protocol advertising the routing information including direct isis bgp rip and static at present Table 68 Description of the fields of the display ospf vlink command Field Description Virtual link Neighbor id Router ID of virtual link neighbor router State State I...

Page 440: ...cified protocol are filtered If the routing protocol argument is not specified all imported routes are filtered Related command acl ip ip prefix Example Configure OSPF to advertise only the routing information permitted by acl 2000 SW8800 acl number 2000 3Com acl basic 2000 rule permit source 11 0 0 0 0 255 255 255 3Com acl basic 2000 rule deny source any 3Com ospf 1 filter policy 2000 export filt...

Page 441: ...rea 0 0 0 1 filter policy 2000 export filter policy import Syntax filter policy acl number ip prefix ip prefix name gateway ip prefix name import undo filter policy acl number ip prefix ip prefix name gateway ip prefix name import View OSPF view Parameter acl number Number of a basic or advanced access control list used for filtering the destination addresses of the routing information ip prefix n...

Page 442: ...port Syntax filter policy acl number ip prefix ip prefix name import undo filter policy acl number ip prefix ip prefix name import View OSPF area view Parameter acl number Specifies the number of the basic or advanced ACL used for filtering Type 3 LSAs ip prefix name Specifies the name of the address prefix list used for filtering Type 3 LSAs Description Use the filter policy import command to set...

Page 443: ...o perform GR in the way defined in the RFC3623 standard The value argument specifies the period of GR and it is 40 seconds by default Use the graceful restart compatible command to configure the OSPF protocol for the switch to perform GR in the compatible way Use the undo graceful start command to disable the OSPF GR function GR is not supported by default The OSPF GR function solves the problem o...

Page 444: ... to import the routes matching the specified Route policy Description Use the import route command to import routes from another routing protocol Use the undo import route command to disable OSPF to import routes from the specified routing protocol By default the routing information of other protocols is not imported n You are recommended to configure the route type cost and tag together in one co...

Page 445: ...00 log peer change Syntax log peer change undo log peer change View OSPF view Parameter None Description Use the log peer change command to enable the switch for reporting the OSPF peer changes Use the undo log peer change command to disable the switch for reporting the OSPF peer changes The switch for reporting the OSPF peer changes is disabled by default Example Enable the switch for reporting t...

Page 446: ...erfaces whose main IP addresses are in the segment range of 10 110 36 0 to run OSPF and specify the number of the OSPF area where these interfaces are located as 6 3Com ospf 1 area 6 3Com ospf 1 area 0 0 0 6 network 10 110 36 0 0 0 0 0 255 nssa Syntax nssa default route advertise no import route no summary undo nssa View OSPF area view Parameter default route advertise Imports default route to NSS...

Page 447: ...of an OSPF process in the range 1 to 65 535 By default the process ID is 1 process id is locally significant router id Router ID in dotted decimal format for the specified OSPF process vpn instance Specifies VPN instance parameter vpn instance name VPN instance name Description Use the ospf command to enable the OSPF protocol Use the undo ospf command to disable the OSPF protocol After starting OS...

Page 448: ...in a cipher text form with 24 characters is also supported Description Use the ospf authentication mode command to configure the authentication mode and key between adjacent routers Use the undo ospf authentication mode command to cancel the authentication key that has been set By default the interface does not authenticate OSPF packets The passwords for authentication keys of the routers on the s...

Page 449: ...Com Vlan interface10 ospf cost 33 ospf dr priority Syntax ospf dr priority value undo ospf dr priority View Interface view Parameter value Interface priority for electing the designated router ranging from 0 to 255 The default value is 1 Description Use the ospf dr priority command to configure the priority for electing the designated router on an interface Use the undo ospf dr priority command to...

Page 450: ...rocess You can use this command to bind MIB operation to another OSPF process Execute the undo ospf mib binding command if you want to cancel the setting OSPF will automatically re bind MIB operation to the first process that it enables By default MIB operation is bound to the first enabled OSPF process Example Bind MIB operation to OSPF process 100 SW8800 ospf mib binding 100 Restore the default ...

Page 451: ...3 ospf mtu enable ospf network type Syntax ospf network type broadcast nbma p2mp p2p undo ospf network type View Interface view Parameter broadcast Changes the interface network type to broadcast nbma Changes the interface network type to NBMA p2mp Changes the interface network type to p2mp p2p Changes the interface network type to point to point Note Due to the media type used on the Switch 8800 ...

Page 452: ...om the peer the peer will be considered to be invalid The value of dead seconds should be at least four times that of the Hello seconds The dead seconds for the routers on the same network segment must be identical Related command ospf timer hello Use the ospf timer dead minimal multi hello packets command to set Fast Hello function on the port The fixed dead interval is 1 The packets argument is ...

Page 453: ...etransmit interval undo ospf timer retransmit View Interface view Parameter interval Interval in seconds for re transmitting LSA on an interface It ranges from 1 to 65 535 The default value is 5 seconds Description Use the ospf timer retransmit command to configure the interval for LSA re transmitting on an interface Use the undo ospf timer retransmit command to restore the default interval value ...

Page 454: ...e Use the undo ospf trans delay command to restore the default value of the LSA transmitting delay on an interface LSA will age in the link state database LSDB of the router as time goes by add 1 for every second but it will not age during network transmission Therefore it is necessary to add a period of time set by this command to the aging time of LSA before transmitting it Example Specify the t...

Page 455: ...f an imported external route of the AS as 160 3Com ospf 1 preference ase 160 reset ospf Syntax reset ospf statistics all process id View User view Parameter statistics Resets OSPF statistics all Resets all OSPF processes process id ID of an OSPF process If no OSPF process is specified all OSPF processes are reset Description Use the reset ospf all command to reset all OSPF processes Use the reset ...

Page 456: ...bit unsigned integer that uniquely identifies a router in an OSPF autonomous system The user can specify the ID for a router If the user doesn t specify router ID the router will automatically select one from configured IP address as the ID of this router If no IP address is configured for any interface of the router the router ID must be configured in OSPF view Otherwise OSPF protocol cannot be e...

Page 457: ...ing information On a switch this command can disable enable a VLAN interface to send OSPF packets Example Disable interface Vlan interface 20 to transmit OSPF packets 3Com ospf 1 silent interface Vlan interface 20 Disable all ports from sending OSPF packets 3Com ospf 1 silent interface default sham link Syntax sham link source ip destination ip dead minimal multi hello packets undo sham link sourc...

Page 458: ...nge nbrstatechange virnbrstatechange ifcfgerror virifcfgerror ifauthfail virifauthfail ifrxbadpkt virifrxbadpkt iftxretransmit viriftxretransmit originatelsa maxagelsa lsdboverflow lsdbapproachoverflow View System view Parameter process id ID of an OSPF process The command is applied to all current OSPF processes if you do not specify a process ID ifstatechange virifstatechange nbrstatechange virn...

Page 459: ...the Link State Database LSDB the router running OSPF can calculate the shortest path tree taking itself as the root and determine the next hop to the destination network according to the shortest path tree By adjusting SPF calculation interval frequent network change can be restrained which may lead to excessive bandwidth and router resource consumption Example Set the OSPF route calculation inter...

Page 460: ...s The default value is 40 seconds dead minimal multi hello packets Specifies the virtual link to run Fast Hello function The default dead is 1 second The packets argument refers to the number of Hello packets sent within 1 second in the range of 3 to 10 retransmit seconds Specifies the interval for re transmitting the LSA packets on an interface It ranges from 1 to 8192 seconds The default value i...

Page 461: ... can use the vlink peer command to keep the connectivity Virtual link can be regarded as a common OSPF enabled interface so that you can easily understand why to configure the parameters such as Hello retransmit and trans delay on it One thing should be mentioned When configuring virtual link authentication the authentication mode command is used to set the authentication mode as MD5 cipher text o...

Page 462: ...460 CHAPTER 25 OSPF CONFIGURATION COMMANDS ...

Page 463: ...ter simple Configures to transmit the password in simple text md5 Configures to transmit the password encrypted with MD5 algorithm password Configures a password If simple authentication is used the password must be a simple text password If MD5 authentication is used the password can be a simple text or a cipher text password A simple text password can be a character string with no more than 16 c...

Page 464: ... isis all domain authentication mode isis authentication mode Example Set the area authentication password as hello and the authentication type as simple SW8800 isis 3Com isis area authentication mode simple hello cost style Syntax cost style narrow wide wide compatible compatible narrow compatible relax spf limit undo cost style View IS IS view Parameter narrow Only receives sends packets whose c...

Page 465: ...iginate update sending packet content snp packet spf event spf summary spf timer task error timer update packet undo debugging isis adjacency all authentication error checksum error circuit information configuration error datalink receiving packet datalink sending packet general error interface information memory allocating receiving packet content restart events self originate update sending pack...

Page 466: ...timer update packet Updated packets through IS IS protocol Description Use the debugging isis command to enable IS IS debugging Use the undo debugging isis command to disable the function Example Enable all the information debugging of IS IS SW8800 debugging isis all default route advertise Syntax default route advertise route policy route policy name undo default route advertise route policy rout...

Page 467: ...tion Use the display isis interface command to view the information of the enabled IS IS interface This command displays the information of the enabled IS IS interface including interface name IP address of the interface link state of the interface and so on Besides displaying all the information shown by the display isis interface command the display isis interface verbose command displays such i...

Page 468: ...f the link state database Description Use the display isis lsdb command to view the link state database of the IS IS Example Display the information of an LSP SW8800 display isis lsdb 0050 0500 5005 00 00 IS IS Level 1 Link State Database Lsp ID Sequence Holdtime A_P_O Checksum 0050 0500 5005 00 00 0x00000328 780 0_0_0 0xf211 display isis mesh group Syntax display isis mesh group View Any view Par...

Page 469: ... the display isis peer command but also the area address Uptime and IP address of the directly connected interface of the peer Example Display detailed information about IS IS neighbors SW8800 display isis peer verbose System ID Interface Circuit ID State HoldTime Type Pri 0002 0000 0000 Vlan interface251 0002 0000 0000 0a Up 6s L1 64 Area Address 00 0001 IP Address 192 3 1 3 192 4 1 3 192 5 1 3 1...

Page 470: ...6 6 6 6 Vlan interface1001 D 7 7 7 0 25 10 Direct Vlan interface1000 R L D 6 6 6 0 24 10 Direct Vlan interface1001 R L I 10 1 1 0 24 10 7 7 7 7 Vlan interface1000 R 6 6 6 6 Vlan interface1001 display isis spf log Syntax display isis spf log View Any view Parameter None Description Use the display isis spf log command to view the SPF calculation log information of the IS IS Example View the SPF cal...

Page 471: ...ipher text password A simple text password can be a character string with no more than 16 characters for example 3com918 Note that the simple text password defined for MD5 authentication is displayed in cipher text A cipher text password must have 24 characters in cipher text for example TT8F Y5SQ Q MAF4 1 password Specifies the authentication password which can be a character string with 1 to 16 ...

Page 472: ...ter policy acl number export routing protocol undo filter policy acl number export routing protocol View IS IS view Parameter acl number Specifies the number of the access control list ranging from 2000 to 3999 routing protocol Specifies the protocols that distribute routing information including direct static rip bgp ospf ospf nssa and ospf ase If it does not specify any protocol the distributed ...

Page 473: ...cases only the routing information meeting the specified conditions will be accepted You can configure the filter policy to specify the filter conditions so as to accept the desired routing information only Related command filter policy export Example Filter the received routes by using ACL 2000 3Com isis filter policy 2000 import graceful restart Syntax graceful restart undo graceful restart View...

Page 474: ...terval to the default value The restart interval is 300 seconds by default Example Set the restart interval of the IS IS process 1 to two minutes SW8800 system view SW8800 isis 1 3Com isis 1 graceful restart interval 120 graceful restart suppress sa Syntax graceful restart suppress sa undo graceful restart suppress sa View IS IS view Parameter None Description Use the graceful restart suppress sa ...

Page 475: ...tem view SW8800 isis 1 3Com isis 1 graceful restart suppress sa ignore lsp checksum err or Syntax ignore lsp checksum error undo ignore lsp checksum error View IS IS view Parameter None Description Use the ignore lsp checksum error command to configure the IS IS to discard LSPs with checksum errors Use the undo ignore lsp checksum error command to configure the IS IS to ignore the checksum error o...

Page 476: ...ble If the level is not specified it defaults to importing the routes into level 2 level 1 2 Configures to import the route into Level 1 and Level 2 routing table route policy route policy name Configures to import the routes matching the conditions defined in the specified route policy only Description Use the import route command to configure IS IS to import the routing information of other prot...

Page 477: ...area Related command import route Example Import routing information of a router from a Level 2 area to a Level 1 area through the ACL SW8800 isis 3Com isis import route isis level2 into level1 acl 2100 isis Syntax isis tag undo isis tag View System view Parameter tag The name given to the ISIS process The name length should be no longer than 128 characters and it can be 0 which means null Descrip...

Page 478: ...authentication is used the password must be a simple text password If MD5 authentication is used the password can be a simple text or a cipher text password A simple text password can be a character string with no more than 16 characters for example 3com918 Note that the simple text password defined for MD5 authentication is displayed in cipher text A cipher text password must have 24 characters i...

Page 479: ...ter level 1 Configures Level 1 instead of Level 2 adjacency on the current interface only level 1 2 Configures Level 1 2 adjacency on the current interface level 2 Configures Level 2 adjacency on the current interface only Description Use the isis circuit level command to have the Level 1 2 router set up link adjacency with the peer router Use the undo isis circuit level command to restore the def...

Page 480: ...t the link cost corresponds to Level 1 level 2 Indicates that the link cost corresponds to Level 2 Description Use the isis cost command to configure the link cost of this interface when performing SPF calculation Use the undo isis cost command to restore the default link cost If neither Level 1 nor Level 2 is specified in the configuration Level 1 will be the default value The user is recommended...

Page 481: ...d area authentication mode domain authentication mode Example Set the priority of Interface Vlan interface 10 to 127 SW8800 interface Vlan interface 10 3Com Vlan interface10 isis dis priority 127 level 2 isis enable Syntax isis enable tag undo isis enable tag View Interface view Parameter tag The name given to an IS IS routing process when executing the isis command in the system view If not speci...

Page 482: ...om 1 to 4 294 967 295 mesh blocked Configures to block a specified interface so that it will not flood the received LSP to other interfaces Description Use the isis mesh group command to add an interface to a specified mesh group Use the undo isis mesh group command to delete this interface from the mesh group By default the interface does not belong to any mesh group and floods LSP normally The i...

Page 483: ...nd CSNP packets therefore this command is valid only for the router that is selected as the DIS Furthermore DIS is divided into level 1 and level 2 and their intervals of sending CSNP packets must be set respectively Example Set the CSNP packet of Level 2 to be transmitted every 15 seconds on the interface Vlan interface 10 SW8800 interface Vlan interface 10 3Com Vlan interface10 isis timer csnp 1...

Page 484: ... isis timer hello minimal Syntax isis timer hello minimal level 1 level 2 undo isis timer hello minimal level 1 level 2 View Interface view Parameter minimal Sets the sending interval to the minimum value In this case the hold time is 1 second level 1 Specifies that the sending interval resulting from this command is for level 1 Hello packets level 2 Specifies that the sending interval resulting f...

Page 485: ...ghbor is considered dead if three consecutive Hello packets haven t been received from it Given a broadcast network you may configure this command specific to Level 1 or Level 2 neighbors by specifying the keyword level 1 or level 2 Given a PPP link you do not need to specify Level 1 or Level 2 because only one kind of Hello packet is available This command virtually specifies a hold down time If ...

Page 486: ...nd isis timer retransmit Example Set the LSP interval on Interface Vlan interface 10 to 500 milliseconds SW8800 interface Vlan interface 10 3Com Vlan interface10 isis timer lsp 500 timer lsp generation Syntax timer lsp generation x y z level 1 level 2 undo timer lsp generation level 1 level 2 View IS IS view Parameter x Maximum interval in seconds for generating LSP It ranges from 1 to 120 and def...

Page 487: ...Ps to 10 500 2500 3Com isis timer lsp generation 10 500 2500 isis timer retransmit Syntax isis timer retransmit seconds undo isis timer retransmit View Interface view Parameter seconds Specifies the retransmission interval of LSP packets in the unit of second in the range from 1 to 300 and the default value is five seconds Description Use the isis timer retransmit command to configure the LSP retr...

Page 488: ... level command to configure the level of the IS IS router Use the undo is level command to restore the default value By default the value is level 1 2 We recommend setting the system Level when you configure IS IS If there is only one area you are recommended to set the level of all the routers as Level 1 or Level 2 because it is not necessary for all the routers to maintain two identical database...

Page 489: ...patible undo md5 compatible View IS IS view Parameter None Description Use the md5 compatible command to set the IS IS to use the MD5 algorithm which is compatible with that of the other vendors Use the undo md5 compatible command to return to the defaults By default the system uses the MD5 algorithm in IS IS which is compatible with that of 3Com To authenticate the devices of the vendors other th...

Page 490: ...outers in the same area are identical Part two is system ID 6 bytes of this router which must be unique in the whole area and backbone area Part three the last byte SEL whose value must be 00 Usually one router can be configured with one NET When the area is redesigned by combination or separation after reconfiguration the correctness and continuity of the routes must be ensured Related command is...

Page 491: ...ription Use the reset isis all command to reset all the IS IS data structures By default IS IS data structure will not be cleared This command is used when LSPs need refreshing immediately For example after the area authentication mode and domain authentication mode commands are executed the old LSP still remain on the router This command can be used to clear them Related command area authenticati...

Page 492: ...gured with the overload flag the routes it calculates will be ignored by other routers in SPF calculation However the directly connected routes will not be ignored And other routers should not send this router the packets which should be forwarded by it Example Set overload flag on the current router 3Com isis set overload silent interface Syntax silent interface silent interface type silent inter...

Page 493: ...and to configure the number of routes to process before releasing CPU in the SPF calculation Use the undo spf delay interval command to restore the default setting When there are a large number of routes in the routing table this command can be used to set that CPU resources are released automatically after a certain number of routes are processed The unprocessed routes will be processed in one se...

Page 494: ...nable the SPF calculation in slices to prevent it from occupying the system resources for a long time The user is recommended to use the command when the number of routes reaches 150 000 or 200 000 and the value of seconds is recommended as 1 In other cases the default setting should be used that is SPF runs to the end with no slice If the spf delay interval command is also configured when SPF cal...

Page 495: ...max age Syntax timer lsp max age seconds undo timer lsp max age View IS IS view Parameter seconds Specifies the maximum lifetime of LSP measured in seconds The range is 1 to 65535 The default value is 1200 seconds Description Use the timer lsp max age command to configure the maximum lifetime of an LSP generated by the current router Use the undo timer lsp max age command to restore the default va...

Page 496: ...500 seconds 3Com isis timer lsp refresh 1500 timer spf Syntax timer spf x y z level 1 level 2 undo timer level 1 level 2 View IS IS view Parameter x Maximum interval in seconds for SPF calculation It ranges from 1 to 120 and defaults to 10 y Interval in milliseconds between a trigger operation and an SPF calculation operation It ranges from 1 to 120 000 and defaults to 5 500 z Interval in millisec...

Page 497: ... However if the SPF calculation is performed too frequently the system efficiency will be lowered By setting a proper interval for performing SPF calculation you can avoid the above situation This setting can be made according to actual conditions Example Set the SPF calculation interval of the router to 3 100 and 500 seconds 3Com isis timer spf 3 100 500 ...

Page 498: ...496 CHAPTER 26 INTEGRATED IS IS CONFIGURATION COMMANDS ...

Page 499: ...licy route policy name detail suppressed origin policy route policy name suppress policy route policy name undo aggregate address mask as set attribute policy route policy name detail suppressed origin policy route policy name suppress policy route policy name View BGP view Parameter address Address of the aggregated route in dotted decimal format mask Network mask of the aggregated route in dotte...

Page 500: ...Keyword Use as set Used to produce an aggregated route whose AS path information includes detailed routes Use this keyword carefully when many AS paths need to be aggregated for the frequent change of routes may lead to route vibration detail suppresse d This keyword does not suppress any aggregated route but it restrains the advertisement of all the specific routes If only some specific routes ar...

Page 501: ...tem does not run BGP This command is used to enable and disable BGP as well as to specify the local AS number of BGP Example Enable BGP SW8800 bgp 100 3Com bgp compare different as me d Syntax compare different as med undo compare different as med View BGP view Parameter None Description Use the compare different as med command to enable comparison of MED values from different AS neighboring route...

Page 502: ...many IBGP full connections in a large AS domain The solution is first dividing the AS domain into several smaller sub ASs and each sub ASs remains full connected These sub ASs form a confederation Key BGP attributes of the route such as next hop MED local preference are not discarded across each sub ASs The sub ASs still look like a whole from the point of view of a confederation although these su...

Page 503: ...eer as Example AS100 contains routers following nonstandard which is composed of two sub ASs 64000 and 65000 SW8800 bgp 64000 3Com bgp confederation id 100 3Com bgp confederation peer as 65000 3Com bgp confederation nonstandard confederation peer as Syntax confederation peer as as number 1 as number n undo confederation peer as as number 1 as number n View BGP view Parameter as number 1 as number ...

Page 504: ...hen the route is reachable The range is 1 to 45 minutes By default the value is 15 minutes half life unreachable Specifies the semi dampening when the route is unreachable The range is 1 to 45 minutes By default the value is 15 minutes reuse When the penalty is reduced under this value the route is reused The range is 1 to 20000 By default the value is 750 suppress When the penalty exceeds this va...

Page 505: ... event information debugging normal Indicates to enable information debugging of BGP normal functions keepalive Indicates to enable BGP Keepalive packet information debugging mp update Indicates to enable MBGP Update packet information debugging open Indicates to enable BGP Open packet information debugging packet Indicates to enable BGP packet information debugging route refresh Indicates to enab...

Page 506: ...967295 By default its value is 100 Description Use the default local preference command to configure the local preference Use the undo default local preference command to restore the default value Configuring different local preferences will affect BGP routing selection Example The two routers RTA and RTB in the same autonomous area connect with external autonomous areas The command can be used to...

Page 507: ... belongs to AS200 RTC is the peer of RTA and RTB So the MED of RTA can be configured as 25 to allow RTC to select the route transmitted by RTB first 3Com bgp default med 25 default route imported Syntax default route imported undo default route imported View BGP view Parameter None Description Use the default route imported command to allow BGP to import the default routes of other routing protoco...

Page 508: ...er group name Specified a peer group Description Use the display bgp group command to view the information of peer groups Example View the information of the peer group aaa SW8800 display bgp group aaa Group aaa type external as number 200 members in this group 10 1 1 1 11 1 1 1 configuration within the group no export policy route policy no export policy filter policy no export policy acl no expo...

Page 509: ...r expression Matched AS path regular expression Description Use the display bgp paths command to view the information about AS paths type Type of peer group IBGP or EBGP as number AS number of peer group members in this group Members in this peer group route policy Name of configured route policy filter policy Configured export and import route filter for BGP acl Configured access control list ip ...

Page 510: ...e suppressed suppressed Id Value of sequence number Hash Index Value of Hash index References Count of times that the route is referenced Aggregator Mask length of aggregate route Origin Origin attribute of route which indicates that the route updates its origin relative to the route originating it from AS It has three optional values IGP The route belongs to inside of AS BGP treats aggregate rout...

Page 511: ...mily Unicast advertised and received Configuration within the peer no export policy route policy no export policy ip prefix no export policy filter policy no export policy acl no import policy route policy no import policy ip prefix no import policy filter policy no import policy acl no default route produce display bgp routing table Syntax display bgp routing table ip address mask View Any view T...

Page 512: ...ble command Field Description Flags State flags valid valid best selected D damped discarded H history history I internal interior gateway protocol S aggregate suppressed suppressed B balance equivalent route Dest Mask Destination address Mask Next Hop IP address of next hop Med MULTI_EXIT_DISC attribute value which ranges from 0 to 4294967295 Local Pref Local preference which ranges from 0 to 429...

Page 513: ...256 10 10 10 1 0 IGP 200 1 1 2 0 24 256 10 10 10 1 0 IGP 200 1 1 3 0 24 256 10 10 10 1 0 IGP 200 2 2 3 0 24 256 10 10 10 1 0 INC 200 4 4 4 0 24 256 10 10 10 1 0 INC 200 9 9 9 0 24 256 10 10 10 1 0 INC 200 10 10 10 0 24 256 10 10 10 1 0 IGP 200 22 1 0 0 16 256 200 1 7 2 100 INC 200 88 1 0 0 16 60 0 0 0 0 IGP As path AS path attribute of route which records all AS areas that the route passes With it...

Page 514: ... advertise no export whole match View Any view Parameter aa nn Specifies a community number It can be input up to 13 times Origin Origin attribute of route which indicates that the route updates its origin relative to the route originating it from AS It has three optional values IGP The route belongs to inside of AS BGP treats aggregate route and the route defined by the command network as inside ...

Page 515: ...t Mask Pref Next Hop Med Local pref Origin As path 1 0 0 0 8 256 172 10 0 2 100 IGP 2 0 0 0 8 256 172 10 0 2 100 IGP For detailed description of the output information see Table 74 display bgp routing table community list Syntax display bgp routing table community list community list number whole match View Any view Parameter community list number Specifies a community list whole match Configures ...

Page 516: ...outes Example View BGP dampened information SW8800 display bgp routing table dampened Flags valid best D damped H history I internal S aggregate suppressed B balance Dest Mask Source Damping limit Origin As path D 11 1 0 0 16 133 1 1 2 1 20 00 IGP 200 Table 76 Description of the fields of the display bgp routing table dampened command Field Description Flags State flags valid valid best selected D...

Page 517: ...on as regular expression as path acl acl number network address mask longer match View Any view Parameter as regular expression The route flap info matching AS path regular expression Origin Origin attribute of route which indicates that the route updates its origin relative to the route originating it from AS It has three optional values IGP The route belongs to inside of AS BGP treats aggregate ...

Page 518: ...and Item Description Flags State flags valid valid best selected D damped discarded H history history I internal interior gateway protocol S aggregate suppressed suppressed D The valid and damped route Dest Mask The dampened route to the destination network 11 1 0 0 Source The nexthop of the route Keepup time The time that route damping has continued Damping limit The time before dampening turns i...

Page 519: ...ceived Related command display bgp peer Example Display the routing information advertised by BGP peer 10 10 10 1 SW8800 display bgp routing table peer 10 10 10 1 advertised Flags valid best D damped H history I internal S aggregate suppressed B balance Dest mask Next Hop Med Local pref Origin As path 10 10 10 0 24 0 0 0 0 INC For detailed description of the output information see Table 74 display...

Page 520: ...10 10 1 0 IGP 200 For detailed description of the output information see Table 74 display bgp routing table statistic Syntax display bgp routing table advertised received statistic View Any view Parameter advertised Routing information advertised by the peers received Routing information received by the peers statistic The total number of routes advertised or received by the peer Description Use t...

Page 521: ...tion Use the filter policy export command to filter the advertised routes and only the routes passing the filter can be advertised by BGP Use the undo filter policy export command to cancel the filtration to the advertised routes By default the advertised routes are not filtered If the protocol argument is specified only the imported route generated by the specified protocol is filtered and the im...

Page 522: ...ied address Use the filter policy import command to filter the received global routing information Use the undo filter policy import command to remove the filtration to the received global routing information By default filtration to the received routing information is not configured This command can be used to filter the routes received by BGP and determines whether to add the routes to the BGP r...

Page 523: ...policy name undo import route protocol View BGP view Parameter protocol Specifies source routing protocols which can be imported which include direct ospf ospf nssa ospf ase rip isis and static at present med med value Specifies the MED value loaded by an imported route ranging from 0 to 4294967295 route policy route policy name Specifies a route policy used for filtering imported routes of other ...

Page 524: ...mand to cancel the existing configuration By default the local BGP does not advertise any routes Example Advertise routes to the network segment 10 0 0 0 16 3Com bgp network 10 0 0 1 255 255 0 0 log peer change Syntax log peer change undo log peer change View BGP view Parameter None Description Use the log peer change command to enable the switch for reporting the BGP peer changes and print the BG...

Page 525: ...st apply community Example Transmit community attribute to the peer group named test 3Com bgp peer test advertise community peer allow as loop Syntax peer group name peer address allow as loop number undo peer group name peer address allow as loop View BGP view Parameter group name Specifies name of the peer group peer address Specifies IP address of the peer number Specifies the repeating times o...

Page 526: ...number of the specified peer group By default no peer AS number of the specified peer group is configured Example Specify the peer AS number for the peer group test as 100 3Com bgp peer test as number 100 peer as path acl export Syntax peer group name as path acl acl number export undo peer group name as path acl acl number export View BGP view Parameter group name Specifies name of the peer group...

Page 527: ...P view Parameter group name Specifies the name of the peer group peer address Specifies IP address of the peer in dotted decimal format acl number Specifies the filter list number of an AS regular expression The range is 1 to 199 import Applies the AS path list to received routes Description Use the peer as path acl import command to configure filtering policy of BGP received routes based on AS pa...

Page 528: ...ommand to restore the best source interface By default BGP uses the best source interface Usually BGP uses the optimal route to update the source interface of the packets However you can set the mode of the interface to Loopback in order to send route updates even if the interface is not work normally Example Specify loopback0 as the source interface of a route update packet 3Com bgp peer test con...

Page 529: ...ter group name Group name peer address Address of the peer description line Description information configured which can be letters or numbers with the maximum length of 79 Description Use the peer description command to configure the description information of the peer peer group Use the undo peer description command to cancel the description information of the peer peer group By default descript...

Page 530: ...ax peer group name peer address enable undo peer group name peer address enable View BGP view Parameter group name Specifies the name of the peer group which specifies the entire peer group peer address IP address of a peer which specifies a certain peer Description Use the peer enable command to enable the specified peer peer group Use the undo peer enable command to disable the specified peer pe...

Page 531: ... peer peer group has no access control list acl The peer filter policy export command can only be configured on peer groups Related command peer filter policy export ip as path acl peer as path acl Example Configure to use acl 2000 to filter the routes advertised by the peer group test 3Com bgp peer test filter policy 2000 export peer filter policy import Syntax peer group name peer address filter...

Page 532: ... group name Name of the peer group which can consist of 1 to 47 alphabetic letters and numerals peer address IP address of the peer Description Use the peer graceful restart command to enable the Graceful restart ability of the specified peer or peer group Use the undo peer graceful restart command to disable the Graceful restart ability of the specified peer or peer group If the Graceful restart ...

Page 533: ... peer peer group in the range of 1 to 65535 Description Use the peer group command to add a peer to the existing peer group Use the undo peer group command to delete the specified peer When you add a peer to an IBGP peer group the as number as number argument is not available When a peer is added to an EBGP peer group that has been assigned an AS number the peer inherits the configuration of the g...

Page 534: ...The peer ip prefix export command can only be configured on peer groups Related command peer ip prefix import Example Configure the route filtering policy of the peer group based on the ip prefix 1 3Com bgp peer group1 ip prefix list1 export peer ip prefix import Syntax peer group name ip prefix prefixname import undo peer group name ip prefix prefixname import View BGP view Parameter group name N...

Page 535: ...e of the peer group Description Use the peer next hop local command to configure to perform the process of the next hop in the route to be advertised to the peer peer group and take the address of itself as the next hop Use the undo peer next hop local command to cancel the existing configuration Example When BGP distributes the routes to the peer group test it will take its own address as the nex...

Page 536: ...h identical authentication modes and passwords Otherwise TCP connection will not be set up because of the failed authentication This command is used to configure MD5 authentication for the specific peer only when the peer group to which the peer belongs is not configured with MD5 authentication Otherwise the peer should be consistent with the peer group Example Adopt MD5 authentication on the TCP ...

Page 537: ...ame of the peer group which can consist of 1 to 47 alphabetic letters and numerals time value Restart time value of the peer in seconds Description Use the peer restart timer command to configure the Graceful restart Restart time of a peer or peer group Use the undo peer restart timer command to restore the default value of the Graceful restart Restart time of a peer or peer group The setting of t...

Page 538: ...lect client peer route policy export Syntax peer group name route policy route policy name export undo peer group name route policy route policy name export View BGP view Parameter group name Name of peer group route policy name The specified Route policy Description Use the peer route policy export command to assign the Route policy to the routes advertised to the peer group Use the undo peer rou...

Page 539: ...icy By default the peer peer group has no Route policy association The priority of the inbound filter policy configured for the peer is higher than that configured for the peer group Related command peer route policy export Example Apply the Route policy named test policy to the route coming from the peer group test 3Com bgp peer test route policy test policy import peer route update interval Synt...

Page 540: ...VRF view Parameter group name Peer group names which contain letters and numbers The name length ranges from 1 to 47 peer address Peer IP address Description Use the peer shutdown command to disconnect and not to reconnect BGP connections without deleting BGP configurations Example Disconnect without reconnecting Peer 1 1 1 1 in the BGP unicast view 3Com bgp peer 1 1 1 1 shutdown Disconnect withou...

Page 541: ...figured by using this command has a higher priority than the one configured by using the timer command Example Configure Keepalive and Holdtime intervals of the peer group test 3Com bgp peer test timer keep alive 60 hold 180 preference Syntax preference ebgp value ibgp value local value undo preference View BGP view Parameter ebgp value Sets preference value for routes learned from external peers ...

Page 542: ...e the between client reflection of a route Use the undo reflect between clients command to disable this function After the route reflector is configured the route reflector reflects the routes of one client to other clients by default By default the clients of a route reflector need not be fully connected If the clients are fully connected a route reflector is not required Related command reflecto...

Page 543: ...me cluster ID for all these route reflectors Related command reflect between clients peer reflect client Example Set the cluster ID of the route reflector as 80 3Com bgp reflector cluster id 80 3Com bgp peer 172 38 160 10 reflect client refresh bgp Syntax refresh bgp all peer address group group name multicast vpn instance instance name vpnv4 import export View User view Parameter all Resets all t...

Page 544: ... reset bgp peer address command to reset the connection of BGP with a specified BGP peer Use the reset bgp all command to reset all the connections with BGP If the BGP policy or the protocol configuration changes resetting the BGP connection can make the newly configured policy take effect immediately Example Reset all the BGP connections to enable the new configuration after configuring the new K...

Page 545: ... group name View User view Parameter group name Specifies the name of the peer group It is a character string of 1 to 47 characters Description Use the reset bgp group command to reset the connections between the BGP and all the members of a group Related command peer group Example Reset BGP connections of all members from group1 SW8800 reset bgp group group1 reset dampening Syntax reset bgp dampe...

Page 546: ...ummary command to configure auto aggregation of sub network routes Use the undo summary command to disable auto aggregation of sub network routes By default no auto aggregation of sub network routes is executed After the summary is configured BGP cannot receive the sub network routes imported from the IGP so the amount of the routing information can be reduced Example Make the auto aggregation of ...

Page 547: ...value is 180 seconds Description Use the timer command to configure the Keep alive and Hold time timer of BGP Use the undo timer command to restore the default value of the Keep alive and Hold time of the timer Example Configure the Keep alive timer as 120 seconds and Hold time timer as 360 seconds 3Com bgp timer keep alive 120 hold 360 ...

Page 548: ...546 CHAPTER 27 BGP CONFIGURATION COMMANDS ...

Page 549: ...ply mpls label if match mpls label and if match vpn target commands refer to the 08 MPLS command module in the 3Com Switch 8800 Family Series Routing Switches Command Manual apply as path Syntax apply as path as number as number as number undo apply as path View Route policy view Parameter as number 1 as number n AS number to be added Description Use the apply as path command to configure AS numbe...

Page 550: ...ommunity attribute of the additive route Description Use the apply community command to configure the set BGP community attribute of Route policy Use the undo apply community command to cancel the set BGP community attribute By default BGP community attribute is not set If the matching conditions defined in the Route policy are satisfied the BGP community attribute is set Related command ip commun...

Page 551: ...ply origin apply tag Example Define one Apply sub statement When it is used for setting route information attribute it sets the route metric value of route information as 120 3Com route policy apply cost 120 apply cost type Syntax apply cost type internal external undo apply cost type View Route policy View Parameter internal For BGP it indicates when a BGP peer advertises routes to its EBGP peer ...

Page 552: ...mation attribute it sets the next hop address area of route information passing filtration Related command if match interface if match acl if match ip prefix if match ip next hop if match cost if match tag route policy apply local preference apply cost apply origin apply tag Example Define an Apply sub statement Set the next hop address of route information as 193 1 1 8 when it is used for setting...

Page 553: ...reference local preference value undo apply local preference View Route policy view Parameter local preference Newly set local preference Description Use the apply local preference command to configure to apply the local preference of route information Use the undo apply local preference command to cancel the Apply sub statement Related command if match interface if match acl if match ip prefix if...

Page 554: ...ply tag Example Define an Apply sub statement When it is used for setting route information attribute it sets the route source of BGP route information as IGP 3Com route policy apply origin igp apply tag Syntax apply tag value undo apply tag View Route policy view Parameter value Specifies the tag value of route information Description Use the apply tag command to configure to set the tag area of ...

Page 555: ...mit 10 1 0 0 16 17 18 display route policy Syntax display route policy route policy name View Any view Parameter route policy name Specifies displayed Route policy name Description Use the display route policy command to view the configured Route policy If the route policy name argument is not specified all configured Route policies are displayed Related command route policy Table 78 Description o...

Page 556: ...ription Use the filter policy export command to configure to set the filtering conditions of the routing information advertised by a certain type of routing protocols Use the undo filter policy export command to cancel the filtering conditions set By default the advertised routing information is not filtered In some cases it may be required that only the routing information meeting some conditions...

Page 557: ...ccess control list number used for matching the destination address field of the routing information ip prefix ip prefix name The prefix address list name Its matching object is the destination address field of the routing information gateway ip prefix name The prefix address list name of the neighbor router address Its matching object is the routing information advertised by the specified neighbo...

Page 558: ... specify one matching rule for the route policy and configure the IP address range to match the Route policy Use the undo if match acl ip prefix command to cancel the setting of the match rule Filtration is performed by quoting an ACL or a prefix address list Related commands if match interface if match ip next hop if match cost if match tag route policy apply ip next hop apply cost apply local pr...

Page 559: ...0 SW8800 route policy test permit node 10 3Com route policy if match as path 2 if match community Syntax if match community basic community number whole match adv community number undo if match community View Route policy view Parameter basic community list number Basic community list number ranging from 1 to 99 adv community list number Advanced community list number ranging from 100 to 199 whole...

Page 560: ...Description Use the if match cost command to configure one of the match rules of the route policy to match the cost of the routing information Use the undo if match cost command to cancel the configuration of the match rule By default no if match sub statement is defined This is an if match sub statement of Route policy used to specify the cost of a route matches the specified condition Related co...

Page 561: ...n if match sub statement to match the route whose next hop interface is Vlan interface 1 3Com route policy if match interface Vlan interface 1 if match ip next hop Syntax if match ip next hop acl acl number ip prefix ip prefix name undo if match ip next hop ip prefix View Route policy view Parameter acl number Specifies the number of the access control list used for filtration The range is 2000 to...

Page 562: ...ute policy if match ip next hop ip prefix p1 if match tag Syntax if match tag value undo if match tag View Route policy view Parameter value Specifies the value in tag field of OSPF route information Description Use the if match tag command to configure to match the tag field of OSPF route information Use the undo if match tag command to cancel the existing matching rules Related command if match ...

Page 563: ...permit deny aa nn internet no export subconfed no advertise no export ip community list adv comm list number permit deny comm regular expression undo ip community list basic comm list number adv comm list number View System view Parameter basic comm list number Number of the basic community list ranging from 1 to 99 adv comm list number Number of the advanced community list ranging from 100 to 199...

Page 564: ...fix ip prefix name index index number permit deny View System view Parameter ip prefix name The specified address prefix list name It identifies one address prefix list uniquely index number Identifies an item in the prefix address list The item with a smaller index number will be tested first permit Specifies the match mode of the defined address prefix list items as permit mode In this case if t...

Page 565: ...is prefix address list The address prefix range may contain two parts which are determined by len and greater equal less equal respectively If the prefix ranges of these two parts are both specified the IP to be filtered must match the prefix ranges of these two parts If you specify network len as 0 0 0 0 0 it only matches the default route If you specify network len as 0 0 0 0 0 less equal 32 it ...

Page 566: ...nd each node comprises of some match and Apply sub statements The if match sub statement defines the match rules of this node and the Apply sub statement defines the actions after passing the filtration of this node The filtering relationship between the if match sub statements of the node is and i e all if match sub statements that meet the node The filtering relation between Route policy nodes i...

Page 567: ...er of route entries supported by current system to 512 K Description Use the router route limit command to set the maximum number of route entries supported by the current system If the maximum number of route entries supported by a card is less than this number the system will inhibit the card from working By default the maximum number of route entries is 128 K Example Set the maximum number of r...

Page 568: ...Fs supported by current system to 1024 Description Use the router VRF limit command to set the maximum number of VPN routing and forwarding instances VRFs supported by current system If the number of VRFs supported by a card is less than this number the system will inhibit the card from working This number is 256 by default Example Set the maximum number of VRFs supported by current system to 512 ...

Page 569: ...tes to be controlled static Specifies static routes as the type of routes to be controlled Description Use the route rely command to enable recursive routing Use the undo route rely command to disable the recursive routing By default both routes learned by the BGP and static routes support recursive routing Example Disable recursive routing for static routes SW8800 system view SW8800 undo route re...

Page 570: ...568 CHAPTER 30 RECURSIVE ROUTING CONFIGURATION ...

Page 571: ...nts debugging forward Enables IGMP snooping forwarding debugging groups Enables IGMP snooping multicast groups debugging packets Enables IGMP snooping packets debugging timers Enables IGMP snooping timers debugging Description Use the debugging mpm command to enable IGMP snooping debugging Use the undo debugging mpm to disable IGMP snooping debugging By default IGMP snooping debugging is disabled ...

Page 572: ...t IGMP Snooping is enabled the router port aging time is set to be 105 seconds the max response time of a query is set to be 1 seconds the aging time of a multicast group member is set to be 260 seconds Non broadcasting of unknown multicast data packets in a VLAN is enabled display igmp snooping group Syntax display igmp snooping group vlan vlan id group address View Any view Parameter vlan vlan i...

Page 573: ...t 2 1 1 The IP multicast group address is 230 45 45 1 The member port of the IP multicast group is Ethernet 2 1 2 MAC multicast group is 0100 5e2d 2d01 The member of the MAC multicast group is Ethernet 2 1 2 display igmp snooping statistics Syntax display igmp snooping statistics View Any view Parameter None Description Use the display igmp snooping statistics command to view the statistics inform...

Page 574: ...isable View System view VLAN view Parameter enable Enables IGMP Snooping disable Disables IGMP Snooping Description Use the igmp snooping enable command to enable IGMP Snooping Use the igmp snooping disable command to disable IGMP Snooping By default the switch disables IGMP Snooping c CAUTION When configuring IGMP Snooping first enable global IGMP Snooping in system view and then enable IGMP Snoo...

Page 575: ...vlan id to vlan id 1 10 undo igmp snooping fast leave vlan vlan id to vlan id 1 10 View System view Ethernet port view Parameter vlan vlan id to vlan id 1 10 Specifies any VLAN or VLAN scope for port you want to enable disable the IGMP Snooping fast leave feature on The vlan id argument ranges from 1 to 4094 Description Use the igmp snooping fast leave command to enable IGMP Snooping fast leave on...

Page 576: ...onfigure IGMP Snooping fast leave on aggregation ports the configuration takes effect only on primary aggregation ports If you add an IGMP V1 host of the same multicast group to the port the switch does not remove the port when the port receives an IGMP Leave packet of the multicast group even you enable IGMP Snooping fast leave for the port Fast leave is disabled by default Related command igmp s...

Page 577: ... fast leave vlan 5 Enable IGMP Snooping fast leave on all Ethernet ports in all VLANs SW8800 system view System View return to User View with Ctrl Z SW8800 igmp snooping fast leave Enable IGMP Snooping fast leave for all Ethernet ports except those in VLAN 5 SW8800 system view System View return to User View with Ctrl Z SW8800 igmp snooping fast leave SW8800 undo igmp snooping fast leave vlan 5 Di...

Page 578: ...e 0 permit source 224 1 1 1 0 3Com acl basic 2001 quit Create VLAN 2 SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 2 Configure the filtering rule of multicast groups in VLAN2 3Com vlan2 igmp snooping group policy 2001 Cancel the filtering rule in VLAN2 3Com vlan2 undo igmp snooping group policy igmp snooping host aging time Syntax igmp snooping host aging time seconds ...

Page 579: ...meter seconds Maximum response time for a query ranging from 1 to 25 seconds By default it is 1 second Description Use the igmp snooping max response time command to configure the maximum response time for a query Use the undo igmp snooping max response time command to restore the default value The set maximum response time decides the time limit for the switch to respond to IGMP Snooping query pa...

Page 580: ...d within the VLAN Example Enable multicast packets not to be broadcasted within the VLAN SW8800 system view System View return to User View with Ctrl Z SW8800 igmp snooping nonflooding enable igmp snooping router aging time Syntax igmp snooping router aging time seconds undo igmp snooping router aging time View System view Parameter seconds Router port aging time ranging from 1 to 1000 measured in...

Page 581: ...n Use the reset igmp snooping statistics command to reset the IGMP Snooping statistic information Related command igmp snooping Example Clear IGMP Snooping statistic information SW8800 reset igmp snooping statistics Multicast Static Routing Port Configuration Commands multicast static router port Syntax In VLAN view multicast static router port port number undo multicast static router port port nu...

Page 582: ...uting port configuration By default no static routing port is configured Example Configure GigabitEthernet 5 1 1 port to be a static routing port assuming that GigabitEthernet 5 1 1 port belongs to VLAN 10 SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 10 3Com vlan10 multicast static router port GigabitEthernet 5 1 1 Cancel the static routing port GigabitEthernet 5 1 1 ...

Page 583: ...N add the corresponding switch ports to the multicast VLAN and enable IGMP Snooping users in different VLANs can share one multicast VLAN and multicast flow can be transmitted in the multicast VLAN only thus saving bandwidth The completely isolated multicast VLAN and user VLAN can effectively ensure security n A port can belong to only one multicast VLAN The type of port connected with user termin...

Page 584: ...582 CHAPTER 32 MULTICAST VLAN CONFIGURATION COMMANDS ...

Page 585: ...ression command to set the broadcast suppression ratio or broadcast suppression bandwidth Use the undo broadcast suppression command to disable the broadcast suppression function The default broadcast suppression ratio is 50 You can use the broadcast suppression command repeatedly The effective broadcast suppression ratio value is the one last updated c CAUTION You cannot enable both broadcast sup...

Page 586: ...le broadcast suppression 3Com Ethernet2 1 1 undo broadcast suppression debugging multicast forwarding Syntax debugging multicast forwarding undo debugging multicast forwarding View User view Parameter None Description Use the debugging multicast forwarding command to enable multicast packet forwarding debugging functions Use the undo debugging multicast forwarding command to disable the debugging ...

Page 587: ...forwarding undo debugging multicast status forwarding View User view Parameter None Description Use the debugging multicast status forwarding command to enable multicast forwarding status debugging functions Use the undo debugging multicast status forwarding command to disable the debugging functions By default the multicast forwarding status debugging is disabled Example Enable multicast forwardi...

Page 588: ... Total 1 entry entries Listed The descriptions about the displayed information are shown in Table 82 display mpm group Syntax display mpm group vlan vlan id ip address View Any view Table 80 Description of information generated by the command display mpm forwarding table Field Description Multicast Forwarding Cache Table Multicast forwarding cache table Total 1 entry entries Total number of entrie...

Page 589: ...lticast group address Member port of MAC multicast group c CAUTION The information displayed by this command includes that displayed by the display igmp group command and port information The information displayed by this command is the same as that displayed by the display igmp snooping group command except the VLAN properties The display igmp snooping group command displays the information about...

Page 590: ...rwarding table command to view the information of multicast forwarding table c CAUTION You must use multicast routing enable command in system view to enable IP multicast routing before you can view the multicast forwarding table information Related command display multicast routing table Table 81 Description on the fields of the display mpm group command Field Description Vlan id 2 The output inf...

Page 591: ...group address used to specify a multicast group and display the corresponding routing table information of the group The value ranges from 224 0 0 0 to 239 255 255 255 source address Unicast IP address of the multicast source incoming interface Incoming interface of the multicast route entry Table 82 Description on the fields of display multicast forwarding table Field Description Multicast Forwar...

Page 592: ...ol 0x1 IGMP 4 4 4 4 224 2 254 84 Uptime 00 15 16 Timeout in 272 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list NULL 4 4 4 4 239 255 2 2 Uptime 00 02 57 Timeout in 123 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list NULL Matched 3 entries The descriptions about the displayed information are shown in Table 83 Table 83 Description on the fields of th...

Page 593: ...ith Ctrl Z SW8800 ip managed multicast local user multicast Syntax local user multicast domain domain name ip address mask length undo local user domain domain name ip address View System view Parameter ip address IP address of the multicast group mask length Mask length of the multicast group domain domain name Domain name of the multicast group Description Use the local user multicast command to...

Page 594: ...ticast group the managed multicast Use the undo multicast command to remove the configuration If you do not specify the mask length argument you can configure up to ten multicast group addresses at one time And if you specify the mask length argument you can configure only one multicast group address at one time You can configure up to 64 network segments Managed multicast is based on the port mod...

Page 595: ...ult value By default the capacity of multicast routing table is set to 512 Example Limit multicast routing table capacity at 128 SW8800 system view System View return to User View with Ctrl Z SW8800 multicast route limit 128 Limit multicast routing table capacity at 800 here the default value of the multicast routing table capacity is 512 and all interface I O Modules in the current system support...

Page 596: ...ing enable multicast suppression Syntax multicast suppression ratio bandwidth bandwidth undo multicast suppression View Ethernet port view Parameter ratio Maximum wire speed ratio of the multicast traffic allowed on the port The value range is 1 to 100 and the default value is 50 The smaller the ratio is the smaller the multicast traffic is allowed to pass bandwidth Multicast suppression bandwidth...

Page 597: ...t for multicast suppression Related command broadcast suppression Example Set the multicast suppression ratio to 40 SW8800 system view System View return to User View with Ctrl Z SW8800 interface Ethernet 2 1 1 3Com Ethernet2 1 1 multicast suppression 40 Set the multicast suppression bandwidth to 40Mbit 3Com Ethernet2 1 1 multicast suppression bandwidth 40 Disable multicast suppression 3Com Ethern...

Page 598: ...ystem prompts error information if you type in invalid addresses Related command reset pim routing table reset multicast routing table display multicast forwarding table Example Clear the forwarding entry with address of 225 5 4 3 from the MFC forwarding table SW8800 reset multicast forwarding table 225 5 4 3 Clear statistic information of the forwarding entry with address of 225 5 4 3 from the MF...

Page 599: ...able command to clear route entries from the core multicast routing table as well as MFC forwarding entries You can type in source address first and group address after in the command as long as they both are valid addresses The system prompts error information if you type in invalid addresses Related command reset pim routing table reset multicast forwarding table and display multicast forwarding...

Page 600: ...598 CHAPTER 33 MULTICAST COMMON CONFIGURATION COMMANDS ...

Page 601: ...ration part of the book to Defines a range of multicast MAC ports Before to is the initial interface and after to is the terminal interface Interfaces from the initial interface to the terminal interface form an interface list vlan id ID of the VLAN Description Use the mac address multicast command to add multiple ports into static multicast MAC group Use the undo mac address multicast command to ...

Page 602: ...multicast MAC address VLAN ID address status port name and aging time If all ports in the configured static multicast MAC group are out of position the corresponding module has been pulled out after configuration the port name in the MAC information is displayed as N A when you use this command Example Display all static multicast MAC address information SW8800 display mac address multicast static...

Page 603: ...yntax reset mac address multicast View User view Parameter None Description Use the reset mac address multicast command to delete all static multicast MAC groups Related command mac address multicast Example Delete all the static multicast MAC groups SW8800 reset mac address multicast ...

Page 604: ...602 CHAPTER 34 STATIC MULTICAST MAC ADDRESS CONFIGURATION COMMAND ...

Page 605: ... information of IGMP host packet Debugging information of IGMP packets timer Debugging information of IGMP timers Description Use the debugging igmp command to enable IGMP debugging functions Use the undo debugging igmp command to disable the debugging functions By default IGMP debugging functions are disabled Example Enable all IGMP debugging functions SW8800 debugging igmp all display igmp group...

Page 606: ... 00 02 04 00 01 15 225 1 1 3 20 20 20 20 00 02 04 00 01 15 225 1 1 2 20 20 20 20 00 02 04 00 01 17 display igmp interface Syntax display igmp interface vlan interface interface number View Any view Parameter vlan interface interface number VLAN interface number of the router used to specify the interface If the parameters are not provided information about all the interfaces running IGMP will be d...

Page 607: ...gmp enable command to disable IGMP on the interface Table 86 Description on the fields of the display igmp interface command Field Description IGMP version IGMP version query interval General query interval querier timeout Querier timeout time max query response time Maximum query response time robust count IGMP robust count namely the number of times IGMP querier sends IGMP specific group query p...

Page 608: ...n id to vlan id 1 10 View Ethernet port view system view Parameter vlan id VLAN ID which you want to configure the IGMP Snooping fast leave feature on The value range is from 1 to 4094 Description Use the igmp fast leave command to enable IGMP fast leave on ports or VLANs Use the undo igmp fast leave command to disable IGMP fast leave An IGMP enabled Layer 3 switch does not query packets of the sp...

Page 609: ... cleared When you configure IGMP fast leave on aggregation ports the configuration takes effect only on primary aggregation ports If you add an IGMP V1 host of the same multicast group to the port or configure a static host of the same multicast group by using the igmp host join command the switch does not remove the port when the port receives an IGMP Leave packet of the multicast group even you ...

Page 610: ...t multicast groups to be added on an interface After the limit is reached the router does not process IGMP join messages Use the undo igmp group limit command to restore the default setting By default the maximum number is 512 The new configuration overwrites the old one if you run the command for a second time Example Limit the maximum number of IGMP groups to be added on Vlan interface10 to 100 ...

Page 611: ... basic 2001 rule 0 permit source 224 1 1 1 0 3Com acl basic 2001 quit Create VLAN 2 SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 2 Configure the filtering rule of multicast groups on VLAN2 3Com vlan2 igmp group policy 2001 Cancel the filtering rule in VLAN2 3Com vlan2 undo igmp group policy igmp host join port Syntax igmp host join group address port interface type in...

Page 612: ...p address Address of the multicast group to be joined vlan id VLAN where the port belongs to Description Use the igmp host join vlan command to make an Ethernet join a multicast group Use the undo igmp host join vlan command to cancel the configuration By default an Ethernet port does not join any multicast group Related command igmp group policy Example Add port Ethernet 2 1 1 to the multicast gr...

Page 613: ...GMP query router Related command igmp robust count and display igmp interface Example Set the query interval at the Vlan interface10 as 3 seconds SW8800 system view System View return to User View with Ctrl Z SW8800 interface vlan interface 10 3Com Vlan interface10 igmp lastmember queryinterval 3 igmp max response time Syntax igmp max response time seconds undo igmp max response time View Interfac...

Page 614: ...sable command to disable the function With the compatibility control function enabled the switch processes the protocol packet with the destination IP address 224 0 0 1 among IGMP Report packets Otherwise the switch drops this kind of packets By default the compatibility control function of the switch is disabled This command is often executed after IGMP or IGMP Spooning protocol is enabled in the...

Page 615: ...do igmp timer other querier present View Interface view Parameter seconds IGMP querier present timer value in second ranging from 1 to 131070 By default the value is twice the value of IGMP query message interval i e 120 seconds Description Use the igmp timer other querier present command to configure the timer of presence of the IGMP querier Use the undo igmp timer other querier present command t...

Page 616: ...ch a router interface sends IGMP query messages Use the undo igmp timer query command to restore the default value A multicast router periodically sends out IGMP query messages to check whether there are multicast group members on the network The query interval can be modified according to the practical conditions of the network Related command igmp timer other querier present Example Configure to...

Page 617: ...face interface number all group address group mask View User view Parameter all All IGMP groups interface vlan interface interface number VLAN virtual interface type and number group address IGMP group address group mask Segment mask of the IGMP group address Description Use the reset igmp group command to delete an existing IGMP group from the interface The deleted group can added again on the in...

Page 618: ...MP proxy configuration By default IGMP proxy is disabled on the interface c CAUTION You need to enable PIM protocol for a VLAN interface before executing the igmp proxy command in its VLAN interface view If you configure the IGMP proxy interface for a VLAN interface multiple times the latest configured IGMP proxy interface will take effect A VLAN interface cannot be the IGMP proxy interface for tw...

Page 619: ... to be taken Prevent the router from being spoofed by hosts though faking legal BSR messages to modify RP mapping BSR messages are of multicast type and their TTL is 1 so this type of attacks often hit edge routers Fortunately BSRs are inside the network while assaulting hosts are outside therefore neighbor and RPF checks can be used to stop this type of attacks If a router in the network is manip...

Page 620: ...rule 0 permit source 101 1 1 1 0 c bsr Syntax c bsr interface type interface number hash mask len priority undo c bsr View PIM view Parameter interface type interface number Interface type and interface number used to specify the interface The candidate BSR is configured on the interface PIM SM must be enabled on the interface first hash mask len Length of the mask The value ranges from 0 to 32 pr...

Page 621: ...efines a group range which is the service range of the advertised RP The value ranges from 2000 to 2999 priority value Priority value of candidate RP in the range of 0 to 255 By default it is 0 The greatest value corresponds to the lowest priority level all Removes all candidate RP configurations Description Use the c rp command to configure the router to advertise itself as a candidate RP Use the...

Page 622: ...up In BSR mechanism a C RP router unicasts C RP messages to the BSR which then propagates the C RP messages among the network by BSR message To prevent C RP spoofing you need to configure crp policy on the BSR to limit legal C RP range and their service group range Since each C BSR has the chance to become BSR you must configure the same filtering policy on each C BSR router This command uses the ...

Page 623: ...imer Description Use the debugging pim common command to enable common PIM debugging functions Use the undo debugging pim common command to disable the debugging functions By default common PIM debugging functions are disabled Example Enable all common PIM debugging functions SW8800 debugging pim common all debugging pim dm Syntax debugging pim dm alert all mrt timer warning recv send all assert g...

Page 624: ...robe spt warning recv send assert bootstrap crpadv jp reg regstop undo debugging pim sm all mbr alert fresh verbose mrt msdp timer assert bsr crpadv jp jpdelay mrt probe spt warning recv send assert bootstrap crpadv jp reg regstop View User view Parameter all All debugging information of PIM SM mbr Debugging information of PIM SM multicast border router event Alert stands for debugging alert infor...

Page 625: ...info Syntax display pim bsr info View Any view Parameter None Description Use the display pim bsr command to view the BSR information Related command c bsr c rp Example SW8800 display pim bsr info Current BSR Address 192 168 1 1 Priority 0 Mask Length 30 Expires 00 01 26 Bootstrap Period 60 seconds Bootstrap Timeout 130 seconds Local host is BSR Table 87 Description on the fields of the display pi...

Page 626: ...LAN interface 2 IP address of the interface is 10 10 1 20 PIM is enabled on interface PIM version is 2 PIM mode is Sparse PIM query interval is 30 seconds PIM neighbor hold time is 105 seconds PIM neighbor limit is 128 PIM neighbor policy is none Total 1 PIM neighbor on interface PIM DR designated router is 10 10 1 20 display pim neighbor Syntax display pim neighbor interface interface type interf...

Page 627: ... mask mask length mask rp rp address mask mask length mask group address mask mask length mask source address mask mask length mask incoming interface interface interface type interface number null dense mode sparse mode View Any view Parameter g G route entry mask IP address mask mask length Length of the IP address mask rp p route entry rp address Address of the RP group address Address of the m...

Page 628: ... UpTime 23 59 Timeout after 196 seconds Upstream interface VLAN interface2 RPF neighbor NULL Downstream interface list NULL 192 168 1 2 224 2 181 90 Protocol 0x20 PIMSM Flag 0x4 SPT UpTime 23 59 Timeout after 196 seconds Upstream interface VLAN interface2 RPF neighbor NULL Downstream interface list NULL Total 2 entries listed display pim rp info Syntax display pim rp info group address View Any vi...

Page 629: ...hat the command does not enable the PIM protocol Use the undo pim command to return to system view clear the PIM global parameters configured before and clear the PIM view Table 91 Description on the fields of display pim rp info Field Description PIM SM RP SET information RP information BSR is 4 4 4 6 BSR is the virtual interface of the node 4 4 4 6 Group MaskLen 224 0 0 0 4 RP 4 4 4 6 Version 2 ...

Page 630: ...et You can use this command to set border of bootstrap messages that is to say bootstrap messages cannot pass interfaces that are configured with pim bsr boundary command while other PIM messages can In this way the network is divided into different BSR domains Each domain uses a different bootstrap router c CAUTION The pim bsr boundary command cannot build a multicast boundary It just sets up a P...

Page 631: ... 10 3Com Vlan interface10 pim dm pim neighbor limit Syntax pim neighbor limit limit undo pim neighbor limit View Interface view Parameter limit Limits of PIM neighbors on the interface in the range of 0 128 Description Use the pim neighbor limit command to limit the PIM neighbors on an interface No neighbor can be added any more when the limit is reached Use the undo pim neighbor limit command to ...

Page 632: ...g rule in the ACL can serve as a PIM neighbor of the current interface The new configuration overwrites the old one if you run the command for a second time Example Configure that 10 10 1 2 can serve as a PIM neighbor of the Vlan interface10 but not 10 10 1 1 SW8800 system view System View return to User View with Ctrl Z SW8800 interface vlan interface 10 3Com Vlan interface10 pim neighbor policy ...

Page 633: ...Hello packets Use the undo pim timer hello command to restore the default time interval After the protocol independent multicast sparse mode PIM SM protocol is enabled for a port a switch sends Hello packets periodically to all network devices supporting protocol independent multicast PIM to find its neighbors If a port receives the Hello packets it indicates the port has a neighbor network device...

Page 634: ...t hop router in the PIM SM network and to accept the specified messages only Use the undo register policy command to remove the configured message filtering Example If the local device is the RP in the network using the following command can only accept multicast message register of the source sending multicast address in the range of 225 1 0 0 16 on network segment 10 10 0 0 16 SW8800 system view...

Page 635: ...sk group mask Specifies group mask mask length group mask length Mask length of the group address source address Source address mask source mask Specifies source mask mask length source mask length Specifies mask length of the group address incoming interface Specifies incoming interface for the route entry in PIM routing table interface type interface number Interface type and interface number us...

Page 636: ...licy View PIM view Parameter acl number Basic or advanced ACL in the range of 2000 to 3999 Description Use the source policy command to set the router to filter the multicast data packets based on source or group address Use the undo static rp command to remove the configuration If resource address filtering is configured as well as basic ACLs then the router filters the resource addresses of all ...

Page 637: ...p passing the ACL Description Use the static rp command to configure static RP Use the undo static rp command to remove the configuration Static RP functions as the backup of dynamic RP so as to improve the network robustness If the RP elected by BSR mechanism is valid static RP will not work All routers in the PIM domain should be configured with this command and be specified with the same RP add...

Page 638: ...tem View return to User View with Ctrl Z SW8800 multicast routing enable SW8800 pim 3Com pim static rp 10 110 0 6 Remove the static RP with the IP address of 10 110 0 6 SW8800 system view System View return to User View with Ctrl Z SW8800 multicast routing enable SW8800 pim 3Com pim undo static rp 10 110 0 6 ...

Page 639: ...e the router to cache SA state Use the undo cache sa enable command to remove the cache from the router By default the router caches the SA state i e S G entry after it receives SA messages If the router is in cache state it will not send SA request message to the specified MSDP peer when it receives a new group join message Example Configure the router to cache all the SA states SW8800 system vie...

Page 640: ...o debugging msdp command to disable MSDP debugging functions By default MSDP debugging functions are disabled Example Enable all common MSDP debugging functions SW8800 debugging msdp all display msdp brief Syntax display msdp brief View Any view Parameter None Description Use the display msdp brief command to view the state of MSDP peer Example Display the state of MSDP peer SW8800 display msdp br...

Page 641: ...y none Export policy none Information about SA Requests Policy to accept SA Request messages none Sending SA Requests status disable Minimum TTL to forward SA with encapsulated data 0 SAs learned from this peer 0 SA cache maximum for the peer none Input queue size 0 Output queue size 0 Counters for MSDP message Count of RPF check failure 0 Incoming outgoing SA messages 0 0 Incoming outgoing SA req...

Page 642: ...10 10 BGP 100 00 00 11 00 05 49 10 10 2 1 225 1 1 2 10 10 10 10 BGP 100 00 00 11 00 05 49 10 10 1 2 225 1 2 2 10 10 10 10 BGP 100 00 00 11 00 05 49 MSDP matched 5 entries display msdp sa count Syntax display msdp sa count as number View Any view Parameter as number Number of sources and groups from the specified autonomous system Description Use the display msdp sa count command to view the number...

Page 643: ...mport source command to remove the configuration By default all the S G entries in the domain are advertised by the SA message Besides controlling SA messages creation you can filter the forwarded SA messages by the commands peer sa policy import and peer sa policy export Example Specify that the MSDP peer when creating an SA message advertises S G entries with their source addresses in the range ...

Page 644: ... traced ranging from 1 to 255 By default the value is 16 next hop info Specifies flag bit for collecting the next hop information sa info Specifies flag bit for collecting SA entity information peer info Specifies flag bit for collecting MSDP peer information skip hops Number of hops that are skipped before collecting detailed information ranging from 0 to 255 By default the value is 0 Description...

Page 645: ...ering session with Peer RPF neighbor in minute with the maximum value of 255 Cache Entry Uptime Present time of S G RP entry in SA cache of the local router in minute with the maximum value of 255 D bit 1 S G RP entry existing in SA cache of the local router But the RP is different from the RP specified in the request message RP bit 1 The local router is an RP but it is not necessarily the source ...

Page 646: ...A message originated SW8800 system view System View return to User View with Ctrl Z SW8800 msdp 3Com msdp originating rp Vlan interface 10 peer Syntax peer peer address connect interface interface type interface number undo peer peer address View MSDP view Parameter peer address Address of MSDP peer connect interface interface type interface number Interface type and number whose primary address i...

Page 647: ...aracters Description Use the peer description command to configure descriptive text to MSDP peer Use the undo peer description command to remove the descriptive text configured By default an MSDP peer has no descriptive text Administrator can conveniently differentiate MSDP peers by configuring descriptive text Related command display msdp peer status Example Add descriptive text CstmrA to router ...

Page 648: ...r minimum ttl Syntax peer peer address minimum ttl ttl undo peer peer address minimum ttl View MSDP view Parameter peer address Address of the MSDP peer to which the TTL limitation applies ttl TTL threshold ranging from 0 to 255 Description Use the peer minimum ttl command to configure the minimum TTL Time to Live value of the multicast data packets encapsulated in SA messages to be sent to specif...

Page 649: ...roup join message the router sends no SA request messages to MSDP peers but waits to receive the next SA message Related command cache sa enable Example Configure to send SA request message to the MSDP peer 125 10 7 6 SW8800 system view System View return to User View with Ctrl Z SW8800 msdp 3Com msdp peer 125 10 7 6 request sa enable peer sa cache maximum Syntax peer peer address sa cache maximum...

Page 650: ...t acl acl number undo peer peer address sa policy import export View MSDP view Parameter import Receives SA messages from the specified MSDP peer export Forwards SA messages from the specified MSDP peer peer address Address of the MSDP peer whose SA messages need to be filtered acl acl number Number of advanced IP ACL ranging from 3000 to 3999 If no ACL is specified all S G entries are filtered De...

Page 651: ...licy command to limit SA request messages that the router receives from MSDP peers Use the undo peer sa request policy command to remove the limitation By default the router receives all SA request messages from the MSDP peer If no ACL is specified all SA requests will be ignored If ACL is specified only those SA request messages from the groups permitted by the ACL will be processed and all the o...

Page 652: ...he group S G entries matching this address are cleared from the SA cache If no multicast group address is specified all SA cache entries will be cleared Description Use the reset msdp sa cache command to clear SMDP SA cache entries Related command cache sa enable and display msdp sa cache Example Clear the cache entries with group address 225 5 4 3 from the SA cache SW8800 reset msdp sa cache 225 ...

Page 653: ...ault no MSDP peer is disabled Related command peer Example Disable the MSDP peer 125 10 7 6 SW8800 system view System View return to User View with Ctrl Z SW8800 msdp 3Com msdp shutdown 125 10 7 6 static rpf peer Syntax static rpf peer peer address rp policy ip prefix name undo static rpf peer peer address View MSDP view Parameter peer address Address of the static RPF peer to receive SA messages ...

Page 654: ... Ctrl Z SW8800 ip ip prefix list1 permit 130 10 2 3 32 SW8800 ip ip prefix list2 permit 130 10 2 4 32 SW8800 msdp 3Com msdp peer 130 10 7 6 connect interface Vlan interface 10 3Com msdp peer 130 10 7 5 connect interface Vlan interface 10 3Com msdp static rpf peer 130 10 7 6 rp policy list1 3Com msdp static rpf peer 130 10 7 5 rp policy list2 In the above commands 130 10 2 3 is the IP address of th...

Page 655: ...Related command peer Example Configure the connection request re try period to 60 seconds SW8800 system view System View return to User View with Ctrl Z SW8800 msdp 3Com msdp timer retry 60 ...

Page 656: ...654 CHAPTER 37 MSDP CONFIGURATION COMMANDS ...

Page 657: ...olicy name View IPv4 multicast sub address family view Parameter address Address of the aggregated route mask Network mask of the aggregated route as set Generates a route with AS_SET segment This parameter is not recommended when aggregating many AS paths attribute policy route policy name Sets aggregate attribute detail suppressed Advertises the aggregated routes rather than the specific routes ...

Page 658: ... multicast sub address family view Parameter None Description Use the compare different as med command to enable to compare the route MED values of neighbors from different ASs Use the undo compare different as med command to disable this function By default the comparison function is disabled If there are multiple routes available to the same destination address you can select the route with the ...

Page 659: ...p update default local preference Syntax default local preference value undo default local preference View IPv4 multicast sub address family view Parameter value Default local precedence you configured in the range of 0 to 4294967295 By default it is 100 The greatest value corresponds to the highest precedence level Description Use the default local preference command to configure the default loca...

Page 660: ...the AS MED attribute is used in best route selection When a router running BGP travels through different external peers and get the routes with identical destination but different next hop addresses it selects these routes according to their MED values The route with smaller MED value will be selected as the external AS route if other attributes are the same Example Configure system MED value as 2...

Page 661: ...ew the network segment routing information MBGP advertises SW8800 display bgp multicast network display bgp multicast peer Syntax display bgp multicast peer peer address verbose View Any view Parameter peer address Peer address in dotted decimal format verbose Displays detailed information Description Use the display bgp multicast peer command to view the MBGP peer information Example View the MBG...

Page 662: ...acl acl number View Any view Parameter acl number Matched AS path list number ranging from 1 to 199 Description Use the display bgp multicast routing table as path acl command to view routes that match an as path acl Example Display routes that match the as path acl 2 SW8800 display bgp multicast routing table as path acl 2 display bgp multicast routing table cidr Syntax display bgp multicast rout...

Page 663: ...e display bgp multicast routing table community command to view routing information of a specified MBGP community Example Display routing information of the specified MBGP community SW8800 display bgp multicast routing table community 600 1 display bgp multicast routing table community list Syntax display bgp multicast routing table community list community list number whole match View Any view Pa...

Page 664: ...rk address mask statistic View Any view Parameter peer address Peer address in dotted decimal format received Routing information received from a specified peer advertised Routing information advertised from a specified peer network address IP address of the destination network mask Mask of the destination network statistic Statistic information of the route Description Use the display bgp multica...

Page 665: ...refix name Name of the IP prefix used in matching the destination address domain of routing information in the range of 1 to 19 Protocol Protocol specifing which kind of routing information shall be filtered out with options currently available include direct ospf ospf ase ospf nssa rip is is and static Description Use the filter policy export command to set to filter the advertised routes Only th...

Page 666: ...the neighbor router in the range of 1 to 19 to filter the routing information advertised by a specified neighbor router Description Use the filter policy gateway import command to set to filter the routes advertised by a specified neighbor router Only those pass through the filter can be advertised by BGP Use the undo filter policy gateway import command to cancel route filtering Use the filter po...

Page 667: ...ting By default MBGP will not import routing information of other protocols Example Import static routes SW8800 system view System View return to User View with Ctrl Z SW8800 bgp 100 3Com bgp ipv4 family multicast 3Com bgp af mul import route static ipv4 family multicast Syntax ipv4 family multicast undo ipv4 family multicast View BGP view VPN instance sub address family view VPNv4 sub address fam...

Page 668: ...tes advertised Description Use the network command to configure the network addresses to be sent by the local MBGP Use the undo network command to remove the configuration By default the local MBGP does not send any route Example Advertise routes to network segment 10 0 0 0 16 SW8800 system view System View return to User View with Ctrl Z SW8800 bgp 100 3Com bgp ipv4 family multicast 3Com bgp af m...

Page 669: ... of the peer group peer address IP address of the peer number Repetition number of local AS IDs in the range of 1 to 10 By default the repetition number is 3 Description Use the peer allow as loop command to specify repetition number of local AS IDs Use the undo peer allow as loop command to remove the configuration Related command display current configuration display bgp routing table peer and d...

Page 670: ...ist This command can only be configured on peer group Related command peer as path acl import ip as path acl refer to the Routing Protocol part Example Configure the peer group test to use AS path list 2 to filter the advertised routes SW8800 system view System View return to User View with Ctrl Z SW8800 bgp 100 3Com bgp ipv4 family multicast 3Com bgp af mul peer test as path acl 2 export peer as ...

Page 671: ...ed routes SW8800 system view System View return to User View with Ctrl Z SW8800 bgp 100 3Com bgp ipv4 family multicast 3Com bgp af mul peer test as path acl 3 import peer enable Syntax peer group name enable undo peer group name enable View IPv4 multicast sub address family view Parameter group name Name of the multicast peer group Description Use the peer enable command to enable the MBGP peer gr...

Page 672: ...to the advertised routes Use the undo peer filter policy export command to cancel the existing configuration By default no ACL based filter policy is configured The peer filter policy export command can only be configured on peer groups Related command peer filter policy import acl Example Configure the peer group test to use ACL 2000 to filter the advertised routes SW8800 system view System View ...

Page 673: ...tes SW8800 system view System View return to User View with Ctrl Z SW8800 bgp 100 3Com bgp ipv4 family multicast 3Com bgp af mul peer test filter policy 2000 import peer group Syntax peer peer address group group name undo peer peer address View IPv4 multicast sub address family view Parameter peer address IP address of the peer in dotted decimal format group name Name of the peer consisting of on...

Page 674: ...group based on the ip prefix Use the undo peer ip prefix export command to cancel the route filtering policy of the peer peer group based on the ip prefix By default the route filtering policy of the peer group is not specified The peer ip prefix export command can only be configured on the peer groups Related command ip ip prefix peer ip prefix import Example Configure the route filtering policy ...

Page 675: ...xport Example Configure the route filtering policy of the peer group1 based on the ip prefix list1 SW8800 system view System View return to User View with Ctrl Z SW8800 bgp 100 3Com bgp ipv4 family multicast 3Com bgp af mul peer group1 ip prefix list1 import peer next hop local Syntax peer group name next hop local undo peer group name next hop local View IPv4 multicast sub address family view Par...

Page 676: ...efault the private AS ID is carried when BGP sends MBGP Update message Generally MBGP sends MBGP Update message with the AS ID which can be either the public AS number or private AS number contained To enable some egress routers to ignore the private AS ID when sending MBGP Update message you can configure not to carry the private AS IDs when sending MBGP Update message Example Set not to carry pr...

Page 677: ... route policy policy name export View IPv4 multicast sub address family view Parameter group name Name of peer group peer address IP address of the peer Description Use the peer route policy export command to assign the Route policy to the routes advertised to the peer group Use the undo peer route policy export command to delete the specified Route policy By default the peer peer group has no Rou...

Page 678: ...s precedence over the configurations for the peer group Related command peer route policy export Example Apply the Route policy named test policy to the route coming from the peer group test SW8800 system view System View return to User View with Ctrl Z SW8800 bgp 100 3Com bgp ipv4 family multicast 3Com bgp af mul peer test route policy test policy import preference Syntax preference ebgp value ib...

Page 679: ...command to enable route reflection between clients Use the undo reflect between clients command to disable route reflection between clients When configured the route reflector can reflect routes of a client to other clients By default all connection is not required for the clients with route reflectors configured since the routes are by default reflected from one client to others For all connectio...

Page 680: ...fresh bgp all multicast import reflector cluster id Syntax reflector cluster id cluster id address undo reflector cluster id View IPv4 multicast sub address family view Parameter cluster id Route reflector cluster ID in integer number or IP address format range 1 to 4294967295 address Route reflector cluster ID in IP address format Description Use the reflector cluster id command to configure rout...

Page 681: ...cast sub address family view Parameter None Description Use the summary command to set to auto aggregate subnet routes Use the undo summary command to remove the configuration By default subnet routes cannot be aggregated automatically After the summary command is executed MBGP cannot receive the subnet routes imported by IGP You can use this command to reduce route selection information Example E...

Page 682: ...680 CHAPTER 38 MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS ...

Page 683: ...S related debugging event Enables debugging for various MPLS events ftn Enables MPLS FTN debugging interface Enables the MPLS debugging on the message sending receiving interface packet Enables MPLS packet debugging policy Enables MPLS policy debugging process Enables debugging of MPLS internal processing vpn Enables all MPLS VPN debugging Description Use the debugging mpls lspm command to enable ...

Page 684: ...xample Display the information of all MPLS enabled interfaces SW8800 display mpls interface MPLS interface information Interface Vlan interface12 Label Range 0 44800 Interface Vlan interface23 Label Range 0 44800 Interface Vlan interface21 Label Range 0 44800 Interface Vlan interface20 Label Range 0 44800 Interface Vlan interface194 Label Range 0 44800 Interface Vlan interface104 Label Range 0 448...

Page 685: ...0 20 32 127 0 0 1 3 4 5 5 5 5 32 127 0 0 1 3 5 10 100 20 0 24 10 100 20 20 3 6 80 80 80 80 32 127 0 0 1 3 7 70 70 70 70 32 200 5 5 4 3 Vlan2000 TOTAL 7 Record s Found display mpls static lsp Syntax display mpls static lsp include text verbose View Any view Parameter include text Displays the matching string including the specified information verbose Displays detailed information Description Use t...

Page 686: ... view the MPLS statistics about one specific VLAN interface LSP or all interfaces LSPs Related command display mpls interface and display mpls lsp Example Display MPLS statistics about all LSPs SW8800 display mpls statistics lsp all Building the information LSP Index LSP Name 10240 dynamic lsp There is no information of LSP incoming segment The statistics of lsp Out OutSegment octets of LSP is 162...

Page 687: ...l routes SW8800 system view SW8800 mpls 3Com mpls lsp trigger all mpls Syntax mpls undo mpls View System view VLAN interface view Parameter None Description In system view input the mpls command for an initial use to enable MPLS function globally and enter MPLS view Later you can go straight to the MPLS view with this command Use the mpls command in VLAN interface view to enable MPLS on the VLAN i...

Page 688: ... format of IP address used to identify an LSR Description Use the mpls lsr id command to configure an LSR ID Use the undo mpls lsr id command to delete an LSR ID By default no LSR has an ID You must configure the mpls lsr id command first and then you can use the other MPLS related commands An LSR ID is in the format of IP address thus a loopback address is recommended Related command display mpls...

Page 689: ...lsp Syntax snmp agent trap enable lsp undo snmp agent trap enable lsp View System view Parameter None Description Use the snmp agent trap enable lsp command to enable Trap function in MPLS LSP creation Use the undo snmp agent trap enable lsp command to disable Trap function in MPLS LSP creation By default Trap function is disabled during MPLS LSP creation Example Enable the Trap function during MP...

Page 690: ...ress bj sh incoming interface vlan interface 201 in label 233 static lsp ingress Syntax static lsp ingress lsp name destination dest addr addr mask mask length l2vpn nexthop next hop addr out label out label value undo static lsp ingress lsp name View MPLS view Parameter lsp name LSP name dest addr Destination IP address addr mask Destination IP address mask mask length Mask length of destination ...

Page 691: ... Interface number Interface type interface number next hop addr Next hop address in label value Value of inbound label ranging from 16 to 1023 out label value Value of outbound label ranging 3 implicit empty label and from 16 to 1023 Description Use the static lsp transit command to configure a static LSP for a transit LSR Use the undo static lsp transit command to delete an LSP for a transit LSR ...

Page 692: ... advertising session Displays debugging information during LDP session processing pdu Displays the debugging information during PDU packet processing notification Displays the debugging information during notification remote Displays debugging information of all Remote Peers filter Displays debugging information of all filters interface type interface number Interface type interface number Descrip...

Page 693: ...Request Off Label Distribution Control Mode Ordered display mpls ldp buffer info Syntax display mpls ldp buffer info View Any view Parameter None Description Use the display mpls ldp buffer info command to view the LDP buffer information Example Display the LDP buffer information SW8800 display mpls ldp buffer info Buffer Name Buffer ID Buffer Size Total Count Free Count ENTITY 0 292 199 195 LOCAL...

Page 694: ...interface Displaying information about all Ldp interface Interface Vlan interface12 address 12 12 12 2 Label distributing enabled bound to entity 2 2 2 2 0 Generic label range configured 16 44800 Label Advertisement Mode Downstream Unsolicited Configured KeepAlive hold time 60 Configured Hello hold time 15 Negotiated Hello hold time 15 Hello packets sent rcv 21158 21136 Interface Vlan interface21 ...

Page 695: ...view Parameter Displays matched outputs begin Displays the outputs matching the regular expression from the first line exclude Displays the outputs excluding those lines matching the regular expression include Displays only those outputs matching the regular expression text Contents of the regular expression Description Use the display mpls ldp lsp command to view relevant LSP information created ...

Page 696: ...ys the outputs excluding those lines matching the regular expression include Displays only those outputs matching the regular expression text Contents of the regular expression Description Use the display mpls ldp peer command to view peer information By default it displays all the peer information Example Display peer information SW8800 display mpls ldp peer Displaying information about all peers...

Page 697: ...tive Local LDP ID 2 2 2 2 0 Peer LDP ID 3 3 3 3 0 Internetwork Address Type IPv4 Internetwork Address 3 3 3 3 Maximum Peer PDU length 4096 Peer KeepAlive hold time 60 Peer Distribution Method Downstream Unsolicited Peer Type Local Peer RowStatus Active display mpls ldp remote Syntax display mpls ldp remote begin text exclude text include text View Any view Parameter Displays matched outputs begin ...

Page 698: ...ote Index 4 Peer Address 1 1 0 3 Transport Address 2 2 2 2 Configured KeepAlive hold time 60 Configured Hello hold time 45 Negotiated Hello hold time 0 Hello packets sent rcv 0 0 Remote Index 7 Peer Address 1 1 1 7 Transport Address 2 2 2 2 Configured KeepAlive hold time 60 Configured Hello hold time 45 Negotiated Hello hold time 0 Hello packets sent rcv 0 0 display mpls ldp session Syntax display...

Page 699: ... Packets Sent Received 85 67 KeepAlive Packets Sent Received 1 1 Negotiated Keepalive hold time 60 Peer PV Limit 0 LDP Basic Discovery Source A means active Inter vlan113 A Inter vlan112 Inter vlan111 mpls ldp Syntax mpls ldp undo mpls ldp View System view Parameter None Description Use the mpls ldp command to enable LDP Use the undo mpls ldp command to disable LDP By default LDP is disabled Befor...

Page 700: ... 3Com Vlan interface201 mpls 3Com vlan interface201 mpls ldp enable mpls ldp hops count Syntax mpls ldp hops count hop number undo mpls ldp hops count View System view Parameter hop number Maximum hop count of loop detection ranging from 1 to 32 Description Use the mpls ldp hops count command to set the maximum hop count of loop detection Use the undo mpls ldp hops count command to restore the def...

Page 701: ...ction Use the undo mpls ldp loop detect command to disable loop detection By default loop detection is not enabled in the system If you need to enable loop detection configure this command before LDP is enabled on any interface Related command mpls ldp hops count and mpls ldp path vectors Example Enable loop detection SW8800 system view SW8800 mpls ldp loop detect Disable loop detection SW8800 und...

Page 702: ...IP Prefix that will be used in the policy for filtering ingress label mapping SW8800 mpls ldp label accept fec mpls ldp label advertise Syntax mpls ldp label advertise fec ip prefix lsr ip prefix swap only undo mpls ldp label advertise fec ip prefix all View System view Parameter label advertise Specifies a filtering policy for label mapping advertisement fec ip prefix FEC address prefix list lsr ...

Page 703: ...IP Prefix of the peer address in the filtering policy for outgoing label mapping advertisement SW8800 system view SW8800 mpls ldp label advertise fec1 to peer1 Configure to advertise the FEC message corresponding to FEC2 but not to create Ingress LSP SW8800 mpls ldp label advertise fec2 to peer2 swap only mpls ldp password Syntax mpls ldp password cipher simple password undo mpls ldp password View...

Page 704: ... to restore the default maximum value of path vector By default pv number is 32 If you need to enable loop detection configure this command before LDP is enabled on all interfaces Its value which depends on actual networking situation determines the loop detection speed during LSP creation Related command mpls ldp loop detection and mps ldp hops count Example Set the maximum value of path vector t...

Page 705: ...ddress View VLAN interface view Parameter peer address Corresponding remote LDP Peer address in IP address format Description Use the mpls ldp reset session command to reset a specified session on an interface After LDP is configured on an interface and LDP session is created this command can be used to reset a specific session on the interface You only need to specify the address of the peer corr...

Page 706: ...ies the time interval for Targeted session hold timer to send a session packet in the range of 1 to 65535 seconds By default holdtime is 60 seconds and interval is 24 seconds holdtime Time interval for the hold timer interval Time interval to send a Keepalive packet Description Use the mpls ldp timer command to set the hold time for the Hello hold timer and Session hold timer Use the undo mpls ldp...

Page 707: ...ansport ip command to restore the default LDP transport address By default LSR ID is set as a transport address When there are multiple directly connected and MPLS LDP enabled links between two LSR neighbors all these links must be configured with the same transport address it is recommended to adopt the default LSR ID as the transport address Otherwise the system may be unable to set up a steady ...

Page 708: ... remote ip command to configure a Remote IP address The address should be the lsr id of the remote LSR As Remote Peers adopt LSR ID as their transport addresses the last two Remote Peers use the lsr id as their transport addresses for creating TCP connection Related command mpls ldp remote peer Example Configure the address of remote peer SW8800 system view SW8800 mpls ldp remote peer 12 3Com mpls...

Page 709: ...suppressed origin policy route policy name suppress policy route policy name View VPN instance sub address family view Parameter address IP address of an aggregated route in dotted decimal notation mask Network mask of an aggregated route in dotted decimal notation as set Generates routes with AS sets detail suppressed Advertises only aggregated routes suppress policy route policy name Suppresses ...

Page 710: ...3 Keywords function Keyword Function as set By setting this keyword you can create an aggregated route whose AS path contains the information of all the aggregation routes This keyword is not recommended when aggregating many AS paths because frequent changes of the specific route may result in routing oscillation detail suppresse d This keyword suppresses advertisement of all the specific routes ...

Page 711: ...acket Enables BGP packet debugging route refresh Enables BGP Route Refresh packet debugging update Enables BGP Update packet debugging receive Displays receive information send Displays send information verbose Displays detailed information Description Use the debugging bgp command to enable BGP debugging Use the undo debugging bgp command to disable BGP debugging Caution should be taken in decidi...

Page 712: ...ferred 3Com bgp af vpn default local preference 180 default med Syntax default med med value undo default med View VPNv4 sub address family view VPN instance sub address family view Parameter med value MED value ranging from 0 to 4294967295 The default value is 0 Description Use the default med command to configure the MED value of the system Use the undo default med command to restore the default...

Page 713: ...ay bgp vpnv4 Syntax display bgp vpnv4 all route distinguisher rd value vpn instance vpn instance name group group name network peer peer address verbose routing table options View Any view Parameter all Displays all the VPNv4 routings route distinguisher rd value Displays the information related to RD vpn instance vpn instance name Displays the information related to VPN instance group Displays th...

Page 714: ... table label command to view the routing information and label information in the BGP routing table For an unlabelled common IPv4 route the label in the displayed information is null If you use the display bgp routing table address mask command to view the BGP routing information the label information will be displayed if the route has a label Example View the BGP routing information SW8800 displa...

Page 715: ... with the VPN instance PEA disp ip routing table vpn instance vpna ce1 vpna ce1 Route Information Routing Table vpna ce1 Route Distinguisher 100 1 Destination Mask Protocol Pre Cost Nexthop Interface 20 20 20 0 24 BGP 256 0 40 40 40 40 Vlan interface24 40 40 40 0 24 DIRECT 0 0 40 40 40 10 Vlan interface24 40 40 40 10 32 DIRECT 0 0 127 0 0 1 InLoopBack0 80 80 80 0 24 BGP 256 0 40 40 40 40 Vlan inte...

Page 716: ...e ASBR Autonomous System Boundary Router egress LSP of egress VPN ingress LSP of ingress VPN vpn instance Specifies the name of VPN routing forwarding VPN instance include text Only matches the string including the specified information verbose Displays detailed information Description Use the display mpls l3vpn lsp command to view the information of MPLS L3VPN LSPs of the specified VPN instance E...

Page 717: ...th VPNV4 routes will be displayed in case of uni hop EBGP cross AS MPLS L3 VPN networking and tunneling labels labels advertised with unicast routes and labels advertised by LDP protocol will be displayed in case of multi hop EBGP cross AS MPLS L3 VPN networking NEXTHOP Next hop IN INTERFACE Ingress interface OUT INTERFACE Egress interface Table 95 Description on the fields of the command Field De...

Page 718: ...r 120 No peer router Network 192 168 0 0 domain id Syntax domain id id number id addr undo domain id View OSPF protocol view Parameter id number Domain id for a VPN instance an integer in the range of 0 to 4294967295 By default it is 0 id addr IP address format of Domain id for a VPN instance By default it is 0 0 0 0 Description Use the domain id command to specify Domain id for a VPN instance Use...

Page 719: ...ix name export protocol undo filter policy acl number ip prefix ip prefix name export protocol View VPNv4 sub address family view VPN instance sub address family view Parameter acl number ACL number ranging from 2000 to 3999 matching the destination address of routing ip prefix name Name of IP prefix to match the destination of routing information protocol Routing protocol whose routing informatio...

Page 720: ...st for the neighboring routers whose routing information will be filtered Description Use the filter policy gateway import command to filter the information imported from specified routers Use the undo filter policy gateway import command to cancel the setting Use the filter policy import command to set the filtering conditions to filter routing information Use the undo filter policy import comman...

Page 721: ...icy as the group does but can have different ingress policies Example Create an MP EBGP peer group named test 3Com bgp af vpn instance group test external if match mpls label Syntax if match mpls label undo if match mpls label View Route policy view Parameter None Description Use the if match mpls label command to configure the system to match only the public network routes that carries an MPLS la...

Page 722: ...atch vpn target vpn target command to list up to 10 vpn target attribute values to be matched Use the if match vpn target begin vpn target count command to set the start value and the total number of the vpn target values to be matched Example Define an if match clause to match the following VPN target attribute values 100 1 200 1 300 1 300 2 and 400 3 3Com route policy if match vpn target 100 1 2...

Page 723: ...ss with process id as the external route med value Specifies a route cost value which ranges from 0 to 4294967295 route policyname Name of Route policy consisting of 1 to 19 characters Description Use the import route ospf command to enable OSPF route import Use the undo import route ospf command to disable OSPF route import c CAUTION By default the process ID is 1 Example Configure to import an O...

Page 724: ...stance name destination ip address mask mask length interface name vpn instance vpn nexthop name nexthop ip address preference preference value public reject blackhole View System view Parameter vpn instance name Name of VPN instance 6 names can be configured at most and this value of character string is ranging from 1 to 19 characters destination ip address Destination address of a static route m...

Page 725: ...ss 100 1 1 1 and next hop address 1 1 1 2 SW8800 ip route static vpn instance vpn1 100 1 1 1 16 vpn instance vpn1 1 1 1 2 ip vpn instance Syntax ip vpn instance vpn instance name undo ip vpn instance vpn instance name View System view Parameter vpn instance name Name assigned to VPN instance Description Use the ip vpn instance command to create a VPN instance and enter VPN instance view Use the un...

Page 726: ...dress family Description Use the ipv4 family vpn instance command to enter MBGP VPN instance sub address family view Use the undo ipv4 family vpn instance command to delete the association of a VPN instance with MBGP address family and return to BGP unicast view Use the ipv4 family vpnv4 command to enter MBGP VPNv4 sub address family view Use the undo ipv4 family vpnv4 command to delete the config...

Page 727: ...o disable this function By default the nested VPN function is disabled If VPNv4 route advertisement is needed for a CE connected to a PE the nested VPN function must be enabled on the PE Example Enable the nested VPN function 3Com bgp af vpn nesting vpn network Syntax network ip address address mask route policy policy name undo network ip address address mask route policy policy name View VPN ins...

Page 728: ...ce name VPN instance bound to an OSPF process Description Use the ospf command to enable an OSPF process Use the undo ospf command to disable an OSPF process After enabling an OSPF process you can perform the configuration related to OSPF in the OSPF protocol view By default OSPF protocol is not used in the system Comware supports multiple OSPF processes so you can specify different process IDs to...

Page 729: ...s OSPF 1 VPN instance VPN1 mode That is the OSPF 1 and OSPF 1 VPN instance VPN1 commands are equivalent When an OSPF process is bound to a VPN instance the default OSPF router is PE router After executing the display OSPF process id brief command you will view the information PE router connected to VPN backbone c CAUTION A router can run no more than 1024 OSPF processes with up to 10 processes ena...

Page 730: ...nity command to cancel this configuration By default the BGP advertiser does not transmit the community attributes to peer group Related command if match community list and apply community Example Transmit the community attributes to the peer group test 3Com bgp ipv4 family vpnv4 3Com bgp af vpn peer test advertise community peer allow as loop Syntax peer group name peer address allow as loop asn ...

Page 731: ...id this by using the peer allow as loop command which makes PE router allow the route updates from CE to contain its AS number You can define asn imit to control the maximum times for which AS number is received by PE Example Enable route loop 3Com bgp ipv4 family vpnv4 3Com bgp af vpn peer 1 1 1 1 allow as loop 1 peer as number Syntax peer group name peer address group group name as number as num...

Page 732: ...S path list to the advertised routing information Use the undo peer as path acl export command to cancel the configuration By default there is no filtering policy based on AS path list You can only use the peer as path acl export command in the peer group Related command peer as path acl import Example Configure the test peer group to filter the advertised routing information with the AS path ACL ...

Page 733: ...ip address connect interface interface type interface_num undo peer group name ip address connect interface View VPN instance sub address family view Parameter group name Name of a neighbor peer group consisting of 1 to 47 alphanumeric characters ip address Peer IP address interface type interface number Interface type and interface number Description Use the peer connect interface command to conf...

Page 734: ...t a default route Use the undo peer default route advertise command to remove the existing configuration By default a peer group does not transmit a default route This command does not require any default route in the routing table but transmits a default route whose next hop address is itself to the peer unconditionally Example Enable the peer group test to transmit a default route 3Com bgp ipv4 ...

Page 735: ... group name peer address description description line undo peer group name peer address description View VPN instance sub address family view Parameter group name Name of a neighbor peer group consisting of 1 to 47 alphanumeric characters peer address Peer IP address in dotted decimal notation description line Description of the configuration up to 79 characters in length Description Use the peer ...

Page 736: ... peer ebgp max hop command to restore the default setting By default you can only make a connection with a direct accessing EBGP neighbor Example Enable the router to connect the EBGP peer group test that is attached to the network indirectly 3Com bgp ipv4 family vpn instance test 3Com bgp af vpn instance peer test ebgp max hop peer enable Syntax peer group name enable undo peer group name enable ...

Page 737: ...eer groups Description Use the peer filter policy export command to apply the ACL based filtering policy to the advertised route for the peer group Use the undo peer filter policy export command to cancel the configuration By default there is no ACL based filtering policy You can only use the peer filter policy export command to configure peer group Related command ip as path acl peer as path acl ...

Page 738: ...ncoming filtering policy configured for peers take precedence over the configuration for peer groups Example Configure the test peer group to filter the received route with ACL 3000 3Com bgp ipv4 family vpnv4 3Com bgp af vpn peer test filter policy 3000 import peer group Syntax peer peer address group group name as number as number undo peer peer address View VPNv4 sub address family view VPN inst...

Page 739: ...1 1 group test peer ip prefix export Syntax peer group name ip prefix prefixname export undo peer group name ip prefix prefixname export View VPNv4 sub address family view VPN instance sub address family view Parameter group name Name of a neighbor peer group consisting of 1 to 47 alphanumeric characters prefixname Name of prefix list a string of one to 19 characters Description Use the peer ip pr...

Page 740: ...t to the advertised route for peer groups Use the undo peer ip prefix import command to cancel the configuration By default the peer dose not use the routing filtering policy The incoming filtering policy configured for peers take precedence over the configuration for peer groups Related command peer ip prefix export Example Configure the peer group group1 to filter the received route with the IP ...

Page 741: ...s family view Parameter group name Name of a neighbor peer group consisting of 1 to 47 alphanumeric characters Description Use the peer next hop local command to cancel the processing of the next hop in the routes that BGP advertises to a peer group and configure to use its own address as the next hop Use the undo peer next hop local command to cancel the existing setting Example Specify the curre...

Page 742: ...s must have the same authentication mode and password otherwise no TCP connection can be established because MD5 authentication fails MD5 authentication can be performed on a specific peer only when the group to which the peer belongs is not configured with MD5 authentication Otherwise the configuration of the peer group applies Example Assign MD5 authentication to a TCP connection between the loc...

Page 743: ...pnv4 3Com bgp af vpn peer 168 public as only peer reflect client Syntax peer group name reflect client undo peer group name reflect client View VPNv4 sub address family view Parameter group name Name of a neighbor peer group consisting of 1 to 47 alphanumeric characters Description Use the peer reflect client command to set a specified peer group to be a client of a router reflector Use the undo p...

Page 744: ...Apply the routing policy test policy to the outgoing routes of the peer group test 3Com bgp ipv4 family vpnv4 3Com bgp af vpn peer test route policy test policy export peer route policy import Syntax peer group name peer address route policy policy name import undo peer group name peer address route policy policy name import View VPNv4 sub address family view VPN instance sub address family view P...

Page 745: ... neighbor peer group consisting of 1 to 47 alphanumeric characters seconds Update interval in seconds ranging from 0 to 600 Description Use the peer route update interval command to set the Update interval for peers Use the undo peer route update interval command to restore the default setting By default the Update interval is 5 seconds for IBGP peer group and for EBGP it is 30 seconds Example Set...

Page 746: ... with the peer timer command enjoys higher precedence than the timer with the timer command Related command timer keep alive hold Example Set the Keepalive interval and holdtime for the peer group test 3Com bgp af vpn instance peer test timer keep alive 60 hold 180 peer upe Syntax peer peer address upe undo peer peer address upe View VPNv4 sub address family view Parameter peer address Peer IP add...

Page 747: ...ily vpn instance vrf1 3Com bgp af vpn instance group ebgp external 3Com bgp af vpn instance quit 3Com bgp ipv4 family vpnv4 3Com bgp af vpn peer ebgp vpn instance vrf1 enable peer vpn instance group Syntax peer peer address vpn instance vpn instance name group group name undo peer peer address vpn instance vpn instance name View BGP VPNv4 sub address family view Parameter peer address IP address o...

Page 748: ...dotted decimal group name Name of a peer group vpn instance name Name of the VPN instance the CE peer belongs to policy name Name of the routing policy to be applied Description Use the peer vpn instance route policy import command to configure the routing policy applied by the CE peer to VPNv4 routes it received Use the undo peer vpn instance route policy import command to cancel the configuratio...

Page 749: ...n id range of MPLS VPN VLANs allowed to the port The value ranges from vlan id to vlan id 1023 Description Use the port trunk mpls vlan command to set the vlan id range of MPLS VPN VLANs allowed to pass the port Use the undo port trunk mpls command to restore the default value of vlan id The default value is 0 By default the range of MPLS VPN VLANs is from 0 to 1023 and the range of vlan id is fro...

Page 750: ... In this case you need to delete the labels manually Example Enable the range of MPLS VPN VLAN vlan id on Ethernet3 1 1 as 4K SW8800 system view SW8800 interface Ethernet 3 1 1 3Com Ethernet3 1 1 port vpn range share mode enable preference Syntax preference ebgp preference ibgp preference local preference undo preference View VPN instance sub address family view Parameter ebgp preference Preferenc...

Page 751: ...ommand to forbid routing reflection between clients PE to PE By default the routing reflection between clients is allowed The router reflector reflects one client s route to others after configuration Related command reflect cluster id and peer reflect client Example Disable the routing reflection from client to client 3Com bgp af vpn undo reflect between clients reflector cluster id Syntax reflec...

Page 752: ...PN IPv4 prefix by adding an 8 byte value to a VPN IPv4 prefix Description Use the route distinguisher command to configure RD for an MPLS VPN instance A VPN instance cannot run until it is configured with an RD A route distinguisher RD creates route and forwarding list for a VPN and specifies the default route identifier Add an RD to the beginning of a specific IPv4 prefix to make it a globally un...

Page 753: ... the PEs in the same VPN domain The Route tag is included in the type 5 7 LSA It is not transmitted in the extended community attributes of BGP and thus it is limited in the local area Therefore it can only be configured and function on the PE router which receives BGP routes and generates OSPF LSA Configure Route tag in OSPF protocol view Different processes can be configured with a same Route ta...

Page 754: ...e timer command Related command peer timer Example Set the time interval and hold time for sending Keepalive messages 3Com bgp af vpn instance timer keep alive 60 hold 180 traffic redirect Syntax traffic redirect inbound link group acl number acl name rule rule system index index ip group acl number acl name rule rule system index index interface interface name interface type interface number dest...

Page 755: ...ule with this command However generally you are not recommended to do so Description Use the traffic redirect command to redirect the data flow at the port of the EX card to the port of the MX card and make the port on the EX card act as an MPLS VPN CE side interface Use the undo traffic redirect command to cancel this configuration Example Redirect the data flow at the Ethernet3 1 4 of the EX car...

Page 756: ...the maximum routes in VPN instance vpn1 to 1000 SW8800 ip vpn instance vpn1 3Com vpn vpn1 route distinguisher 100 1 3Com vpn vpn1 vpn target 100 1 import extcommunity 3Com vpn vpn1 routing table limit 1000 syslog alert sham link Syntax sham link source addr destination addr cost cost value dead seconds hello seconds md5 keyid key seconds retransimit seconds simple passwor trans delay seconds undo ...

Page 757: ...a there are two sites which belong to the same VPN They are connected to different PE routers and there is an intra domain OSPF link Backdoor between them Though there may be other routes connecting the two sites via PE routers these routes are intra domain routes and OSPF will first select those routes through the Backdoor link Sometimes users desire to first select the routes through VPN Backbon...

Page 758: ...cription Use the summary command to enable BGP to perform auto summary of subnet routes Use the undo summary command to cancel this summary By default BGP does not perform the auto summary of subnet routes After auto summary is enabled BGP cannot receive the subnet routes imported from IGP Using this feature reduces the amount of routing information Example Perform auto summary of subnet routes 3C...

Page 759: ...do command to ensure that the configuration takes effect After the configuration on the card is canceled if the VLAN configured on a port exceeds 1K which is the default value the configuration will be deleted automatically In aggregation mode VPN range configuration will not be synchronized automatically and you can manually make remove the configuration on an individual port Example Configure th...

Page 760: ...c CAUTION OSPF processes will set up all its neighbors again after this command is executed Example Configure OSPF process 100 as Multi VPN Instance CE 3Com ospf 100 vpn instance capability simple Restore the OSPF process 100 as PE 3Com ospf 100 undo vpn instance capability vpn target Syntax vpn target vpn target ext community import extcommunity export extcommunity both undo vpn target vpn target...

Page 761: ...ch an extended community is configured as ingress VPN target VPN target specifies a target VPN extended community The same as RD an extended community is either composed of an ASN and an arbitrary number or composed of an IP address and an arbitrary number RD is in either of the following formats 16 bit ASN can be 0 here A custom 32 bit number for example 101 3 32 bit IP address can be 0 0 0 0 her...

Page 762: ...760 CHAPTER 40 BGP MPLS VPN CONFIGURATION COMMANDS ...

Page 763: ...of the VLAN whose interface is used to establish the connection It must be the ID of an existing VLAN transmit lsp name Name of transmitting LSP the ingress LSP receive lsp name Name of receiving LSP the egress LSP outinterface type outinterface number Name of the interface connecting to the second CE custom edge Description Use the ccc ccc connection name interface vlan interface vlan id transmit...

Page 764: ...ndo debugging mpls l2vpn all advertisement error event connections interface vlan interface vlan id View User view Parameter all Enables Disables all types of L2VPN Debugging advertisement Enables Disables Debugging for L2VPN BGP LDP advertisement messages error Enables Disables Debugging for L2VPN error messages event Enables Disables Debugging for L2VPN event messages connections Enables Disable...

Page 765: ...yntax static lsp egress lsp name l2vpn incoming interface vlan interface vlan id in label in label undo static lsp egress lsp name View MPLS view Parameter lsp name Name of the label switching path LSP vlan id ID of the VLAN whose interface is to be used to create the LSP in label value Value of the in label ranging from 16 to 1 023 Description Use the static lsp egress l2vpn command to create a s...

Page 766: ...atic L2VPN LSP You need to create two LSPs for transmitting and receiving before creating a remote CCC connection Related command static lsp egress l2vpn static lsp transit debugging mpls Example Create a static LSP with the destination IP address of 202 25 38 1 for the ingress LSR 3Com mpls static lsp ingress bj sh l2vpn nexthop 1 1 1 1 out label 100 static lsp transit l2vpn Syntax static lsp tra...

Page 767: ...way transmitting LSR with the in label of 123 and the out label of 253 3Com mpls static lsp transit bj sh l2vpn incoming interface vlan interface 201 in label 123 nexthop 202 34 114 7 out label 253 Martini MPLS L2VPN Configuration Commands display mpls l2vc Syntax display mpls l2vc interface vlan interface vlan id verbose View Any view Parameter vlan id ID of the VLAN whose interface is used to cr...

Page 768: ...4 967 295 Description Use the mpls l2vc command to create a Martini MPLS L2VPN virtual connection Use the undo mpls l2vc command to remove a Martini MPLS L2VPN virtual connection You need to enable MPLS L2VPN before using the command Related command mpls l2vpn display mpls l2vc Example Create a virtual connection with the ID of 23 3Com Vlan interface201 mpls l2vc 10 0 0 11 23 Kompella MPLS L2VPN C...

Page 769: ...ge the CE Range to a larger number when expanding the VPN if the previously set CE range is not large enough For example if the desired CE number is 20 after the expansion but the current CE Range is 10 you can change the CE range to 20 Related command mpls l2vpn encapsulation ccc Example Create a CE for VPNA named beijing with the CE ID of 1 Use the default range 10 SW8800 mpls l2vpn SW8800 mpls ...

Page 770: ...route distinguisher Displays the information about a specified VPN RD ASN Route identifier Description Use the display bgp l2vpn command to display the information about Kompella L2VPN Example Display all the L2VPN information SW8800 display bgp l2vpn all BGP local router ID is 172 16 1 5 Origin codes i IGP e EGP incomplete bgp l2vpn 3 destinations CE ID Label Offset Label Base nexthop pref as pat...

Page 771: ... which can be Aux Ethernet LoopBack M Ethernet NULL Vlan interface GigabitEthernet or 10 GigabitEthernet Description Use the display mpls l2vpn command to display the MPLS L2VPN information The command can display the state and configuration of the local remote CE of a specified VPN instance and the L2VPN information about a specified CE interface Example Display the L2VPN information about a spec...

Page 772: ... 3Com bgp af l2vpn mpls l2vpn Syntax mpls l2vpn undo mpls l2vpn View System view Parameter None Description Use the mpls l2vpn command to enable L2VPN Use the undo mpls l2vpn command to disable L2VPN To execute the command you need to enable MPLS first Related command mpls mpls lsr id Example Configure LSR ID and enable MPLS SW8800 mpls lsr id 10 0 0 1 SW8800 mpls Enable L2VPN SW8800 mpls l2vpn mp...

Page 773: ... you enable MPLS L2VPN All L2VPN parameters are configured in L2VPN view Example Create a Kompella MPLS L2VPN with the name of 3Com the encapsulation type of Ethernet SW8800 mpls l2vpn 3com encapsulation ethernet 3Com mpls l2vpn 3com mtu Syntax mtu mtu View MPLS L2VPN view Parameter mtu Layer 2 MTU maximum transmission unit of the VPN This argument ranges from 0 to 10 200 and the default value is ...

Page 774: ...scription Use the peer enable command to activate a specified peer or peer group in L2VPN address family view Use the undo peer enable command to deactivate a specified peer or peer group in L2VPN address family view By default the unicast peers or peer groups of IPv4 address family are active Whereas other types of peers or peer groups are inactive Example Activate peer 192 or peer group 192 in L...

Page 775: ...to configure a limit on VSI bandwidth Note that the rate actually supported ranges from 64 kbps to 2 097 152 kbps If the rate you set is above 2 097 152 kbps no rate limitation is performed and the part of traffic that is under the VSI and exceeding this bandwidth restriction is discarded by the system Example Configure the bandwidth of VSI 3Com as 20 Mbps SW8800 system view SW8800 vsi 3Com static...

Page 776: ...iption Use the cos command to map user priority 802 1Q COS to PSN COS PSN Public Switching Network COS Class Of Service When you specify a COS mapping relationship use the mapping table recommended by the protocol The protocol recommends the following COS mapping table With this mapping table the cos command specifies available classes of service from 1 to 8 and the CoS and the user priority speci...

Page 777: ...cription Use the description command to set the description of current VSI Use the undo description command to remove the description Example Set the description of VSI 3Com to 3Com Corporation Co Ltd SW8800 system view SW8800 vsi 3Com static 3Com vsi 3Com description 3Com Corporation Co Ltd debugging mpls l2vpn Syntax debugging mpls l2vpn advertisement all connections error event loadshare undo d...

Page 778: ... vlan interface number dynamic static count View Any view Parameter peer Specifies the peer IP address peer address Peer IP address local All local MAC addresses vlan interface Specifies the VLAN interface whose MAC address corresponds with the locally bound VSI vlan interface number VLAN interface number vsi Specifies the VSI to be displayed vsi name VSI Name dynamic Displays only dynamic VSI MAC...

Page 779: ...n Down state block Displays only the information of the Pseudowires in Block state verbose Displays the details of Pseudowires statistics Displays the statistics of Pseudowires Description Use the display vpls connection command to display the Pseudowire information of the VSI You can query the information of statistics of Pseudowires by any combination of VSI name peer IP address and Pseudowire s...

Page 780: ...000 Bandwidth 20480kbps Broadcast restrain 10 CoS 8 CoS table 2 0 1 3 4 5 6 7 Mac table limit 128 MTU Specifies the MTU of the VSI Status VSI service status open enabled or shutdown closed VCID Virtual circuit ID EncapType Encapsulation type PeerAddr IP address of peer PE Lcl Label Local label namely label that the local device assigns the peer PE Rmt Label Remote label namely label that the remot...

Page 781: ...sulation vlan label range Syntax label range label range id View VSI view Parameter label range id Specifies label range ID Description Use the label range command to manually configure the label range ID corresponding to the VSI After label range redirection is configured you can change the direction of VSI flow by changing the label range corresponding to the VSI namely redirect the new label ra...

Page 782: ...n a VLAN and a VSI You can specify the access type of VPLS The default access type is Ethernet access The port configuration on a VLAN interface differs depending on user access modes If user gets access by Ethernet you must enable VLAN VPN on the access port of the VLAN If user makes H VPLS access by VLAN or user s convergence multi tenant unit MTU makes H VPLS access by VLAN VPN you need not ena...

Page 783: ...interface You cannot configure an IP address for a VLAN interface with a VSI bound to it Similarly you cannot bind a VSI to a VLAN interface with an IP address configured You can bind one VSI to up to eight VLANs You cannot bind any VSI to Vlan interface1 mac address Syntax mac address static H H H vsi vsi name peer peer ip vlan interface vlan interface number undo mac address static H H H vsi vsi...

Page 784: ...om SW8800 system view view SW8800 mac address static 0000 fc39 a9b5 vsi 3Com vlan interface 1 0 SW8800 mac address static 0000 fc39 a9b4 vsi 3Com peer 2 2 2 2 mac table limit Syntax mac table limit mac limit View VSI view Parameter mac limit Maximum number of the MAC addresses of a specific VSI Description Use the mac table limit command to configure the maximum number of the MAC addresses in the ...

Page 785: ... vsi 3Com static 3Com vsi 3Com mtu 1400 peer Syntax peer peer ip vc id vc id upe dual npe encapsulation ethernet vlan undo peer peer ip vc id vc id View VSI LDP View Parameter peer Specifies the IP address of the peer PE of the VSI peer ip IP address of a VSI remote peer PE vc id Specifies the ID of the VC between the VSI and the peer PE It defaults to VSI ID vc id VSI VC ID upe Specifies the peer...

Page 786: ...s are needed among specified multiple remote peer NPEs but not needed between UPEs and NPEs By default VC ID is VSI ID Related command vsi vsi id Example In VPLS LDP view create a user convergence node UPE whose IP address is 4 4 4 4 in hierarchical architecture and set the VC ID for the UPE to 200 SW8800 system view view SW8800 vsi 3Com static 3Com vsi 3Com pwsignal ldp 3Com vsi 3Com ldp vsi id 1...

Page 787: ...el range vpls load share Syntax vpls load share enable vpls load share disable View System view Parameter None Description Use the vpls load share enable command to enable VPLS load sharing and allow VPLS module switchover upon failure Use the vpls load share disable command to disable VPLS load sharing and prohibit VPLS module switchover upon failure By default VPLS load sharing is enabled that i...

Page 788: ... address vsi vsi name peer peer ip vlan interface vlan num static dynamic all View User view Parameter vsi name Refer to the configuration of related commands for VSI vlan id VLAN interface ID static Specifies static MAC addresses dynamic Specifies dynamic MAC addresses Description Use the reset mac address vsi command to batch remove VPLS MAC addresses The reset mac address vsi command performs t...

Page 789: ...com static 3Com vsi 3Com undo shutdown undo mac address vsi Syntax undo mac address vsi vsi name peer peer ip vlan interface vlan id static dynamic View System view Parameter vsi name VSI name vlan id VLAN interface ID static Specifies static MAC addresses dynamic Specifies dynamic MAC addresses Description Use the undo mac address vsi command to batch remove VPLS MAC addresses Related command dis...

Page 790: ...ly configure the mechanism statically and manually and must specify the configuration mode explicitly Use the undo vsi command to delete a VSI Related command display vsi Example Create a VSI named 3Com and specify to manually configure the mechanism for discovering the peers of the VSI SW8800 system view SW8800 vsi 3com static vsi id Syntax vsi id vsi id View VSI LDP view Parameter vsi id VSI ID ...

Page 791: ...d to enable the VRRP debugging Use the undo debugging vrrp command to disable the VRRP debugging By default the VRRP debugging is disabled Example Enable VRRP state debugging SW8800 debugging vrrp state display vrrp Syntax display vrrp interface vlan interface interface number virtual router ID View Any view Parameter interface Displays the VRRP state of a specified VLAN interface vlan interface i...

Page 792: ...Interface Vlan interface1 VRID 1 Adver Timer 1 Admin Status UP State Initialize Config Pri 100 Run Pri 90 Preempt Mode YES Delay Time 0 Auth Type NONE Track IF Vlan interface2 Pri Reduced 10 Virtual IP 1 1 1 1 Master IP 0 0 0 0 display vrrp ifm Syntax display vrrp ifm View Any view Table 100 Description on the fields of the display vrrp command Field Description Run Method Run method real or virtu...

Page 793: ...escription Use the display vrrp statistics command to view the information about the VRRP statistics If the interface name and virtual router ID are not specified the statistics information about all the virtual routers on the switch will be displayed If only the interface name is specified the statistics information about all the virtual routers on the interface will be displayed If the interface...

Page 794: ...nitialize 100 1 NONE 6 6 6 192 7 7 Initialize 100 1 NONE 7 7 7 192 8 8 Initialize 100 1 NONE 8 8 8 192 9 9 Initialize 100 1 NONE 9 9 9 192 10 10 Initialize 100 1 NONE 10 10 10 192 11 11 Initialize 100 1 NONE 11 11 11 192 12 12 Initialize 100 1 NONE 12 12 12 192 13 13 Initialize 100 1 NONE 13 13 13 192 14 14 Initialize 100 1 NONE 14 14 14 192 15 15 Initialize 100 1 NONE 15 15 15 192 16 16 Initializ...

Page 795: ...terface name and virtual router ID are specified the statistics information about the specified virtual router on the interface will be cleared Example Clear the VRRP statistics on the switch SW8800 reset vrrp statistics vrrp authentication mode Syntax vrrp authentication mode authentication type authentication key undo vrrp authentication mode View VLAN interface view Parameter authentication typ...

Page 796: ...com vrrp log state Syntax vrrp log state undo vrrp log state View System view Parameter None Description Use the vrrp log state command to enable debugging of state transition logs of the VRRP virtual router Use the undo vrrp log state command to disable debugging of state transition logs of the VRRP virtual router Note that if you enable VRRP debugging after executing the vrrp log state command t...

Page 797: ...to the chips installed some switches support matching one IP address to multiple MAC addresses Then you may configure correspondence between the virtual IP address of the virtual router and the real virtual MAC address You should set correspondence between the IP address of the virtual router and the MAC address before configuring the virtual router Otherwise you cannot configure the correspondenc...

Page 798: ...terface view Parameter None Description Use the vrrp un check ttl command to disable the check of TTL value of VRRP packet Use the undo vrrp un check ttl command to enable the check of TTL value of VRRP packet The TTL value must be 225 If the Backup switch finds TTL is not 225 when receiving VRRP packet the packet will be discarded By default the switch checks TTL value of VRRP packets Example Dis...

Page 799: ... 3Com vlan interface2 undo vrrp vrid 1 preempt mode vrrp vrid priority Syntax vrrp vrid virtual router ID priority priority undo vrrp vrid virtual router ID priority View VLAN interface view Parameter virtual router ID VRRP virtual router ID ranging from 1 to 255 priority Priority value ranging from 1 to 254 By default the priority value is 100 Description Use the vrrp vrid priority command to con...

Page 800: ...ame virtual router to avoid wrong configuration Example Configure the Master to transmit VRRP packets every 15 seconds 3Com vlan interface2 vrrp vrid 1 timer advertise 15 vrrp vrid track Syntax vrrp vrid virtual router ID track ifm increased value increased vlan interface interface number reduced value reduced undo vrrp vrid virtual router ID track ifm vlan interface interface number View VLAN int...

Page 801: ...rack up to 8 interfaces Example Set to track vlan interface1 on vlan interface2 and lower the priority of virtual router 1 on vlan interface2 by 50 when the state of vlan interface1 goes Down 3Com vlan interface2 vrrp vrid 1 track vlan interface 1 reduced 50 vrrp vrid virtual ip Syntax vrrp vrid virtual router ID virtual ip ip address undo vrrp vrid virtual router ID virtual ip virtual address Vie...

Page 802: ...rtual IP address to an existing virtual router 3Com vlan interface2 vrrp vrid 1 virtual ip 10 10 10 11 Delete a virtual IP address 3Com vlan interface2 undo vrrp vrid 1 virtual ip 10 10 10 10 Delete a virtual router 3Com vlan interface2 undo vrrp vrid 1 ...

Page 803: ...itch message Debugging switch for messages received or sent by HA state HA state machine state information debugging switch Description Use the debugging ha command to enable HA debugging Use the undo debugging ha command to disable HA debugging By default HA debugging is disabled Example Enable all the HA debugging SW8800 debugging ha all display switchover state Syntax display switchover state s...

Page 804: ...iew System view Parameter None Description Use the display xbar command to view the load mode of master and slave fabrics which includes the configured system Xbar load mode and the active system Xbar load mode Note that the configured system Xbar load mode is not always the same as the active system Xbar load mode Only when the slave fabric is in position or is started can the system operate in t...

Page 805: ...estart Syntax slave restart View User view Parameter None Description Use the slave restart command to restart slave fabric When the slave system works abnormally and needs to be reloaded you can use this command to restart the slave fabric Example Implement the restart of the slave system SW8800 slave restart The slave will reset Continue Y N y slave switchover Syntax slave switchover View User v...

Page 806: ... update configuration command to manually synchronize the configuration file between the master and slave fabrics Related command slave auto update config Example Synchronize the configuration file between the master and slave fabrics SW8800 slave update configuration xbar Syntax xbar load balance load single View System view Parameter load balance Sets Xbar load balance mode load single Sets Xbar...

Page 807: ...HA Configuration Commands 805 Example Configure the system Xbar load mode SW8800 xbar load balance ...

Page 808: ...806 CHAPTER 44 HA CONFIGURATION COMMANDS_HA_CONFIGURATION ...

Page 809: ...this feature By default ARP request packets are broadcast in the VLAN where the port lies Example Enable the feature that ARP request packets of Ethernet 2 1 1 are not broadcast in the VLAN where Ethernet 2 1 1 lies SW8800 system view System View return to User View with Ctrl Z SW8800 interface ethernet2 1 1 3Com Ethernet2 1 1 arp non flooding enable Disable the feature above namely ARP request pa...

Page 810: ...ed command display arp proxy Example Enable ARP proxy function for VLAN 2 SW8800 system view System View return to User View with Ctrl Z SW8800 vlan 2 3Com vlan2 arp proxy enable arp static Syntax arp static ip address mac address vlan id interface type interface number vpn instance vpn instance name undo arp ip address View System view Parameter ip address IP address of the ARP mapping entry mac ...

Page 811: ...sponding ARP mapping entries to be automatically removed The argument vlan id must be the ID of an existing VLAN and the Ethernet port specified behind this parameter must belong to the VLAN The argument vpn instance name must be the VPN instance name of an existing MPLS VPN ARP mapping entries with port parameters can be configured on manually aggregated ports or static aggregated ports but canno...

Page 812: ...es a multicast ARP entry Use the undo arp multi port command to remove a multicast ARP port When you remove the last port the system removes the multicast ARP entry The multicast ARP feature allows you to associate a common unicast route to a Layer 2 multicast group that is add multiple outgoing ports for an outgoing ARP packet so that the packet can be sent to multiple ports As a result a static ...

Page 813: ...0 multi port Ethernet 6 1 3 arp timer aging Syntax arp timer aging aging time undo arp timer aging View System view Parameter aging time Aging time of dynamic ARP aging timer which is in the range of 1 to 1440 minutes By default the aging time is 20 minutes Description Use the arp timer aging command to configure the dynamic ARP aging timer Use the undo arp timer aging command to restore the defau...

Page 814: ...c address undo debugging arp packet View User view Parameter sip address Source IP address of all the permitted ARP packets expressed in dotted decimal format It can be combined with other restrictive conditions at discretion If it is set to all zeros ARP packets of all source IP addresses are permitted by default dip address Destination IP address of all the permitted ARP packets expressed in dot...

Page 815: ...print the ARP packets whose source IP address is 8 8 8 1 destination address is 8 8 8 26 and source MAC address is 000a ebf2 51a8 SW8800 debugging arp packet dip 8 8 8 26 sip 8 8 8 1 smac 000a ebf 2 51a8 dmac 0 0 0 Disable the debugging output SW8800 undo debugging arp packet display arp Syntax display arp ip address dynamic static begin include exclude text View Any view Parameter dynamic Display...

Page 816: ... of an ARP mapping entry Description Use the display arp multi port command to display configuration information about multicast ARP The multicast ARP that is multiple port ARP feature allows one ARP entry to correspond to multiple outgoing ports it is used to send one packet to multiple ports simultaneously Related command arp static Example Display configuration information about the multicast A...

Page 817: ...VLAN ID Description Use the display arp proxy command to display the state of the ARP proxy of a specified VLAN An ARP proxy can be in enabled or disabled state Related command arp proxy enable Example Display the state of the ARP proxy of VLAN 3 SW8800 display arp proxy vlan 3 vlan 3 Proxy ARP status disabled display arp timer aging Syntax display arp timer aging View Any view Parameter None Desc...

Page 818: ...ce MAC Address is 000a ebf2 51a8 gratuitous arp learning enable Syntax gratuitous arp learning enable undo gratuitous arp learning enable View System view Parameter None Description Use the gratuitous arp learning enable command to enable the gratuitous ARP packet learning function Use the undo gratuitous arp learning enable command to disable the gratuitous ARP packet learning function Table 104 ...

Page 819: ...eturn to User View with Ctrl Z SW8800 gratuitous arp learning enable reset arp Syntax reset arp dynamic static interface interface type interface number all View User view Parameter dynamic Clears the dynamic ARP mapping entries static Clears the static ARP mapping entries interface type is port type and interface number is port number For details refer to the description of interface command in t...

Page 820: ...818 CHAPTER 45 ARP CONFIGURATION COMMANDS ...

Page 821: ...ted by a specified card in the system Use the undo arp max entry command to cancel the configuration By default each card supports up to 4K ARP entries You can configure the maximum number of ARP entries to be 4K 5K 6K 7K or 8K modules 3C17525 3C1757 3C17530 and 3C17531 For all other modules the maximum number of ARP entries is 4K Example Configure the maximum number of ARP entries that can be sup...

Page 822: ... 8K modules 3C17525 3C1757 3C17530 and 3C17531 For all other modules the maximum number of ARP entries is 4K By default each card supports up to 1K aggregation ARP entries Example Configure the maximum number of aggregation ARP entries that can be supported by each card of the switch to 8K SW8800 system view System View return to User View with Ctrl Z SW8800 arp max aggregation entry 8 The configu...

Page 823: ...effect After the configurations do not perform active standby switchover before restarting the system Otherwise the configurations will not take effect even if you restart the system display arp max entry Syntax display arp max entry View Any view Parameter None Description Use the display arp max entry command to display the current maximum numbers of ARP entries and the intending counterparts th...

Page 824: ...822 CHAPTER 46 ARP TABLE SIZE CONFIGURATION COMMANDS max arp entry config of slot 13 8192 ...

Page 825: ...nd DHCP relay you must enable DHCP service first before performing other DHCP configurations The other related DHCP configurations take effect only after DHCP service is enabled Example Enable DHCP service SW8800 system view System View return to User View with Ctrl Z SW8800 dhcp enable dhcp select Syntax In VLAN interface view dhcp select global interface relay undo dhcp select In system view dhc...

Page 826: ...eck enable command Otherwise the ip relay address command or the dhcp relay security address check enable command will not take effect Description Use the dhcp select command to specify a method used by the switch to process the DHCP packets it received You can use this command in VLAN interface view to specify a processing method of DHCP packets for current VLAN interface or in system view to spe...

Page 827: ...nt packet undo debugging dhcp server all error event packet View User view Parameter all Used to enable disable all types of debugging for DHCP server error Used to enable disable error debugging for DHCP server errors including those occur when a DHCP server processes DHCP packets or assigns IP addresses event Used to enable disable debugging for DHCP server events including the assigning of IP a...

Page 828: ...3 3 3 1 Forbidden IP Range from 3 3 3 4 to 3 3 3 99 Forbidden IP Range from 3 3 3 101 to 3 3 3 254 Forbidden IP Range from 17 9 0 1 to 17 9 0 1 Forbidden IP Range from 17 9 0 3 to 17 9 0 5 Forbidden IP Range from 17 9 0 8 to 17 9 255 254 dhcp server dns list Syntax In VLAN interface view dhcp server dns list ip address ip address undo dhcp server dns list ip address all In system view dhcp server ...

Page 829: ... if you add a new DNS server address by executing the dhcp server dns list command the newly configured one overwrites the oldest one Related command dns list Example Configure the DNS server address 1 1 1 254 for the DHCP address pool of VLAN interface 1 SW8800 system view System View return to User View with Ctrl Z SW8800 interface Vlan interface 1 3Com Vlan interface1 dhcp server dns list 1 1 1...

Page 830: ...lient domain name of the DHCP address pool of the current VLAN interface to vlan interface1 com SW8800 system view System View return to User View with Ctrl Z SW8800 interface vlan interface 1 3Com Vlan interface1 dhcp server domain name vlan interface1 com dhcp server expired Syntax In VLAN interface view dhcp server expired day day hour hour minute minute unlimited undo dhcp server expired In sy...

Page 831: ...em View return to User View with Ctrl Z SW8800 interface vlan interface 1 3Com Vlan interface1 dhcp server expired unlimited dhcp server forbidden ip Syntax dhcp server forbidden ip low ip address high ip address undo dhcp server forbidden ip low ip address high ip address View System view Parameter low ip address Minimum IP address in the forbidden IP address range high ip address The highest IP ...

Page 832: ...l name uniquely identifies an address pool Description Use the dhcp server ip pool command to create a global DHCP address pool and enter the corresponding DHCP address pool view Use the undo dhcp server ip pool command to remove a specified global DHCP address pool No global DHCP address pool is created by default Related command dhcp enable Example Create a global DHCP address pool with a name o...

Page 833: ... NetBIOS server IP addresses configured for the DHCP address pool of current VLAN interface or for the DHCP address pool s of the specified VLAN interface s By default no NetBIOS server IP address is configured With eight NetBIOS server addresses already configured if you add a new one by executing the dhcp server nbns list command the newly configured one overwrites the oldest one Related command...

Page 834: ...s node type are b nodes which take peer to peer mechanism h stands for hybrid Description Use the dhcp server netbios type command to configure the NetBIOS node type for DHCP clients of DHCP address pool of current or specified VLAN interface Use the undo dhcp server netbios type command to remove the NetBIOS node type configured for DHCP clients of DHCP address pool of current or specified VLAN i...

Page 835: ...e or more VLAN interfaces all Specifies all VLAN interfaces Description Use the dhcp server option command to configure a custom DHCP option for the DHCP address pool of current VLAN interface or for the DHCP address pool s of the specified VLAN interface s Use the undo dhcp server option command to remove a custom DHCP option configured for the DHCP address pool of current VLAN interface or for t...

Page 836: ... seconds to 30 seconds When the ping command is used for collision detection the host will fail to apply for IP addresses if the server s time to wait for a response to a ping packet is longer than the host s interval of sending discover packets So you had better satisfy the condition that the server s time to wait for a response to a ping packet must be shorter than 15 seconds when the ping comma...

Page 837: ...ess pool only supports one to one MAC IP binding Example Statically bind the IP address 10 1 1 1 to the MAC address 0000 e03f 0305 SW8800 system view System View return to User View with Ctrl Z SW8800 interface vlan interface 1 3Com Vlan interface1 dhcp server static bind ip address 10 1 1 1 m ac address 0000 e03f 0305 display dhcp server conflict Syntax display dhcp server conflict all ip ip addr...

Page 838: ...the lease expired IP addresses in the pool to DHCP clients as needed Example Display information about lease expired addresses SW8800 display dhcp server expired all Global pool IP address Hardware address Lease expiration Type Interface pool IP address Hardware address Lease expiration Type Table 105 Description on the fields of the display dhcp server conflict command Field Description Address T...

Page 839: ...lay dhcp server ip in use ip ip address pool pool name interface vlan interface vlan id all View Any view Parameter ip ip address Specifies an IP address pool pool name Specifies a global address pool If you do not input a pool name all global address pools are included interface vlan interface vlan id Specifies a VLAN interface address pool If you do not input a vlan id all VLAN interface address...

Page 840: ...formation about the DHCP server SW8800 display dhcp server statistics Global Pool Pool Number 5 Binding Auto 0 Manual 1 Expire 0 Interface Pool Pool Number 1 Binding Auto 1 Manual 0 Expire 0 Boot Request 6 Dhcp Discover 1 Dhcp Request 4 Dhcp Decline 0 Dhcp Release 1 Table 107 Description on the fields of the display dhcp server ip in use command Fields Description Global pool The information follo...

Page 841: ...e command to display information about DHCP address pool hierarchy Table 108 Description on the fields of the display dhcp server statistics command Field Description Global Pool The information followed is about the statistics of the global address pools Interface Pool The information followed is about the statistics of the address pools of VLAN interfaces Pool Number Number of address pools Auto...

Page 842: ...0 3C Pool name 7 network 10 10 1 64 mask 255 255 255 192 PrevSibling node 5 option 1 ip address 255 0 0 0 gateway list 2 2 2 2 dns list 1 1 1 1 domain name 444444 nbns list 3 3 3 3 expired 1 0 0 option 58 hex 00 00 A8 C0 option 59 hex 00 00 00 3C Table 109 Description on the fields of the display dhcp server tree command Field Description Global pool The information followed is about global addres...

Page 843: ...ess pool named 6 corresponds is a child node of that of the address pool named 5 In this case node 6 stands for a subnet of the network node 5 stands for Parent node Indicates the node to which the address pool named 6 corresponds is the parent node of that of the address pool named 5 In this case node 6 stands for the network segment Sibling node Indicates the node to which the address pool named...

Page 844: ...ain name for the DHCP clients of a global DHCP address pool Use the undo domain name command to remove the domain name configured for the DHCP clients of a global DHCP address pool By default no domain name is configured for the DHCP clients of a global DHCP address pool Related command dhcp server ip pool dhcp server domain name Example Configure a domain name mydomain com for the DHCP clients of...

Page 845: ... User View with Ctrl Z SW8800 dhcp server ip pool 0 3Com dhcp 0 expired day 1 hour 2 minute 3 gateway list Syntax gateway list ip address ip address undo gateway list ip address all View DHCP address pool view Parameter ip address IP address of an outbound gateway You can specify up to eight IP addresses separated by spaces in one command all Specifies all outbound gateway IP addresses Description...

Page 846: ...nfigure one or more NetBIOS server addresses for a global DHCP address pool Use the undo nbns list command to remove one or all NetBIOS server addresses configured for a global DHCP address pool By default no NetBIOS server address is configured for a global DHCP address pool With eight NetBIOS server addresses already configured if you add a new NetBIOS server address by executing the nbns list c...

Page 847: ... are b nodes which take peer to peer mechanism Description Use the netbios type command to configure the NetBIOS node type for DHCP clients of a global DHCP address pool Use the undo netbios type command to remove NetBIOS node type configuration of a global DHCP address pool By default the DHCP clients are of h node type Related command dhcp server ip pool dhcp server netbios byte nbns list Exampl...

Page 848: ...168 8 0 24 as the address range for the global DHCP address pool 0 SW8800 system view System View return to User View with Ctrl Z SW8800 dhcp server ip pool 0 3Com dhcp 0 network 192 168 8 0 mask 255 255 255 0 option Syntax option code ascii ascii string hex hex string ip address ip address ip address undo option code View DHCP address pool view Parameter code Customized option value a number rang...

Page 849: ... 11 22 reset dhcp server conflict Syntax reset dhcp server conflict ip ip address all View User view Parameter ip address Clears statistics about the specified IP address conflicts all Clears all statistics about address conflicts Description Use the reset dhcp server conflict command to clear statistics information about DHCP address conflicts Related command display dhcp server conflict Example ...

Page 850: ... dhcp server ip in use ip 10 110 1 1 reset dhcp server statistics Syntax reset dhcp server statistics View User view Parameter None Description Use the reset dhcp server statistics command to clear statistics information about the DHCP servers such as the number of DHCP address pools the number of automatically bound manually bound IP addresses and expired IP addresses and the number of unrecogniz...

Page 851: ...h a MAC address of 0000 e03f 0305 to 10 1 1 1 whose subnet mask is 255 255 255 0 SW8800 system view System View return to User View with Ctrl Z SW8800 dhcp server ip pool 0 3Com dhcp 0 static bind ip address 10 1 1 1 mask 255 255 255 0 3Com dhcp 0 static bind mac address 0000 e03f 0305 static bind mac address Syntax static bind mac address mac address undo static bind mac address View DHCP address...

Page 852: ... debugging dhcp relay all packet error event View User view Parameter all Enables all types of debugging concerning DHCP Relay packet Enables debugging for packets error Enables debugging for error messages event Enables debugging for events Description Use the debugging dhcp relay command to enable debugging for DHCP Relay Use the undo debugging dhcp relay command to disable specified type of deb...

Page 853: ...for the DHCP server Use the undo dhcp relay security command to remove a user address entry configured for the DHCP server Before adding removing a user address entry you can check user address entries configured for the DHCP server using the display dhcprelay security command Example Configure a user address entry for a DHCP server with an IP address of 1 1 1 1 and a MAC address of 0005 5D02 F2B3...

Page 854: ... SW8800 system view System View return to User View with Ctrl Z SW8800 interface vlan interface 1 3Com Vlan interface1 dhcp relay security address check enable dhcp server detect Syntax dhcp server detect undo dhcp server detect View System view Parameter None Description Use the dhcp server detect command to enable fake DHCP server detecting Use the undo dhcp server detect command to disable fake...

Page 855: ...tion about DHCP servers configured for a VLAN interface Example Display information about DHCP servers configured for all VLAN interfaces SW8800 display dhcp relay address all Vlan interface192 DHCP Relay Address Relay Address 0 193 193 1 1 Relay Address 1 1 1 1 1 Display information about DHCP servers configured for VLAN interface 192 SW8800 display dhcp relay address interface vlan 192 Vlan inte...

Page 856: ...y the DHCP server to which the DHCP packets received by this VLAN interface are forwarded Use the undo ip relay address command to remove the DHCP server configured for the VLAN interface to forward DHCP packets No DHCP server is configured for a VLAN interface by default c CAUTION The IP address of the intended DHCP server for the Dhcp relay feature cannot be the IP address of the VLAN interface ...

Page 857: ... View VLAN interface view System view Parameter vlan id ID of the specific VLAN interface all All VLAN interfaces Description Use the dhcp relay information enable command to enable the function of Option 82 support on DHCP relay Use the undo dhcp relay information enable command to disable the function of Option 82 support on DHCP relay By default this function is disabled Related command dhcp se...

Page 858: ...e of DHCP Relay option 82 The normal mode is adopted by default Example Configure the mode of the relay option 82 on VLAN interface 1 as 3Com fixed network mode SW8800 system view System View return to User View with Ctrl Z SW8800 interface vlan1 3Com Vlan interface1 dhcp relay information format verbose Restore the default mode of the relay option 82 on VLAN interface 1 3Com Vlan interface1 undo ...

Page 859: ...ckets 3Com Vlan interface1 undo dhcp relay information strategy dhcp relay information format verbose node identifier Syntax dhcp relay information format verbose node identifier mac sysname user defined string 1 50 undo dhcp relay information format verbose node identifier View VLAN interface view Parameter mac Sets the bridge MAC as the node identifier of the Option 82 of a relay sysname Sets th...

Page 860: ...support on DHCP server Use the undo dhcp server relay information enable command to disable the function of Option 82 support on DHCP server When a client connected to a DHCP relay broadcasts a DHCP request packet the DHCP relay is responsible for forwarding the packet to a DHCP server After Option 82 support is enabled on the DHCP server if the request packet forwarded by the DHCP relay to the DH...

Page 861: ...0 system view System View return to User View with Ctrl Z SW8800 dhcp server relay information enable Disable the DHCP server from returning Option 82 carried in the request packets to the DHCP relay SW8800 undo dhcp server relay information enable ...

Page 862: ...860 CHAPTER 47 DHCP CONFIGURATION COMMANDS ...

Page 863: ... or and it must contain at least one letter ip address Host IP address the corresponding IP address to the host name in dotted decimal notation Description Use the ip host command to configure the host name and the host IP address Use the undo ip host command to cancel the host name and the host IP address By default Host name and corresponding IP address are null Related command display ip host E...

Page 864: ...y ip host Host Age Flags Address My 0 static 1 1 1 1 Aa 0 static 2 2 2 4 Dynamic DNS Configuration Commands debugging dns Syntax debugging dns undo debugging dns View User view Parameter None Description Use the debugging dns command to enable DNS debugging Use the undo debugging dns command to disable DNS debugging By default DNS debugging is disabled Table 112 Description on the fields of the di...

Page 865: ...icates that a correct answer packet is received from the server query timeout The information above indicates that the query for a domain name from a server times out because no answer is received display dns domain Syntax display dns domain View Any view Parameter None Description Use the display dns domain command to view the domain name suffix list Related command dns domain Example View domain...

Page 866: ... display dns server View Any view Parameter None Description Use the display dns server command to view the related information of the domain name server Related command dns server Example View the related information of the domain name server 3Com display dns server Domain server Ipaddress 0 172 16 1 1 1 172 16 1 2 Table 114 Description on the fields of the display dns dynamic host command Field ...

Page 867: ...x name and the specific suffix is deleted Otherwise all of the suffixes are deleted Related command display dns domain Example Configure a domain name suffix com 3Com system view System View return to User View with Ctrl Z SW8800 dns domain com dns resolve Syntax dns resolve undo dns resolve View System view Parameter None Description Use the dns resolve command to enable the dynamic domain name r...

Page 868: ...omain name server Description Use the dns server command to configure the IP address of a domain name server Use the undo dns server command to delete the IP address of a domain name server The system supports up to six domain name server To delete the domain name server input the IP address and the specific server is deleted Otherwise all of the servers are deleted Related command display dns ser...

Page 869: ...tion Commands 867 Description Use the reset dns dynamic host command to clear the dynamic domain name buffer Related command display dns dynamic host Example Clear the dynamic domain name buffer 3Com reset dns dynamic host ...

Page 870: ...868 CHAPTER 48 DNS CONFIGURATION COMMANDS ...

Page 871: ...ay ip Netstream cache slot 4 IP netstream cache information in slot 4 Stream active timeout minute 5 Stream inactive timeout second 60 Active IP stream entry 0 Active MPLS stream entry 0 IP Stream entry been statistics 382858 MPLS Stream entry been statistics 0 Last statistics reset time 09 52 40 2005 12 01 Protocol Total Packets Stream Packets Streams Sec Sec stream TCP other 382858 22 21 1 Total...

Page 872: ...ported stream number 0 Exported UDP datagram number failed number 0 0 Version 8 tos source prefix export information Stream source address 0 Stream destination IP UDP 192 168 1 2 9991 Exported stream number 2 Exported UDP datagram number failed number 2 0 Active IP stream entry 0 0 active IP stream entry is in the Netstream cache Active MPLS stream entry 0 0 active MPLS stream entry is in the Nets...

Page 873: ... enable slot slot no undo ip netstream enable slot no View System view Parameter slot no Number of the slot where the NMM Application Module resides Stream destination IP UDP Destination address and destination port number of the export packet Exported stream number Number of exported streams Exported UDP datagram number failed number Number of exported UDP packets times of sending failures Versio...

Page 874: ...tination prefix aggregation which classifies the stream according to the Netstream s destination AS number destination mask length the destination prefix and the outbound interface index keywords prefix Source and destination prefix aggregation which classifies the stream according to the Netstream s source AS number destination AS number source mask length destination mask length source prefix de...

Page 875: ...rface index keywords Description Use the ip netstream aggregation command to enter Netstream aggregation view In aggregation view you can enable disable the aggregation function and set the source interface destination IP address and destination port number of the version 8 UDP packet Related command enable ip netstream export host and ip netstream export source Example Enter Netstream AS aggregat...

Page 876: ...d UDP port number of the Netstream statistics export packet to 192 168 1 2 and 9991 respectively SW8800 system view SW8800 ip netstream export host 192 168 1 2 9991 ip netstream export source Syntax ip netstream export source ipaddress undo ip netstream export source View System view aggregation view Parameter ip address Source IP address of the Netstream statistics export packet expressed in dott...

Page 877: ...the specified IP address Description Use the ip netstream export version command to configure the version number and AS options of the Netstream statistics export packet Use the undo ip netstream export version command to restore the default setting By default the AS option is peer as the version number of MPLS packets is 9 the version number of aggregation statistics packets is 8 and the version ...

Page 878: ...utes SW8800 system view SW8800 ip netstream timeout active 60 ip netstream timeout inactive Syntax ip netstream timeout inactive seconds undo ip netstream timeout inactive View System view Parameter seconds Inactive aging time of Netstream in seconds Description Use the ip netstream timeout inactive command to configure the inactive aging time of Netstream Use the undo ip netstream timeout inactiv...

Page 879: ...tream cache SW8800 reset ip netstream statistics slot 2 ip netstream template refresh Syntax ip netstream template refresh packets undo ip netstream template refresh View System view Parameter packets Packet refresh rate of the template Description Use the ip stream template refresh command to set the packet refresh rate of the template Use the undo ip stream template refresh command to restore th...

Page 880: ...eam template timeout command to set the aging time of the template Use the undo ip stream template timeout command to restore the aging time of the template to the default value By default the aging time of the template is 30 minutes Example Set the aging time of the template to 60 minutes SW8800 system view SW8800 ip netstream template timeout 60 ...

Page 881: ...the PoE status of a specific port on the switch Use the display poe interface command without any option to display the PoE status of all the PoE capable ports on the switch Example Display the PoE status of the port GigabitEthernet3 1 1 SW8800 display poe interface GigabitEthernet3 1 1 Port power status delivering Port power mode signal Port PD class 2 port power priority high Port max power 1680...

Page 882: ...iption Port power status PoE status of the port 1 disabled PoE is disabled on the port 2 searching the port is searching for a PD 3 delivering the port is supplying power to the PD 4 PD disconnected the port is not connected with a PD 5 testing the port is in testing 6 fault the port detected an nonstandard or fault PD Port power mode PoE mode of the port 1 auto the system automatically selects th...

Page 883: ...SW8800 display poe pse PSE Information of slot 6 Power Current Value 67 W Power Remaining Value 738 W Power Max Value 806 W Power Peak Value 1 W Power Average Value 0 W Software Version 290 Hardware Version 000 CPLD Version 021 n The sampling cycle of the current power of the interface card is 1 minute and the sampling cycle of the peak power and average power is 5 minutes display poe slot Syntax ...

Page 884: ...Value 772 W Power Max Value 806 W Power Peak Value 34 W Power Average Value 33 W Software Version 290 Hardware Version 000 poe enable Syntax poe enable undo poe enable View Ethernet port view Parameter None Description Use the poe enable command to enable the PoE feature on a port Use the undo poe enable command to disable the PoE feature on a port By default PoE is disabled on port Example Enable...

Page 885: ...yntax poe legacy enable slot slot num undo poe legacy enable slot slot num View System view Parameter slot num Number of the slot where the module resides Description Use the poe legacy enable slot command to enable the module to detect the compatibility of the PD connected to it Use the undo poe legacy enable slot command so that the module does not detect the compatibility of the PD connected to...

Page 886: ... ranging from 3000 mW to 16800 mW Description Use the poe max power command to set the maximum PoE power on the current port Use the undo poe max power command to restore the default PoE power on current port By default the maximum PoE power on a port is 16800 mW Example Set the maximum PoE power on the current port GigabitEthernet3 1 1 to 12 000 mW 3Com GigabitEthernet3 1 1 poe max power 12000 Re...

Page 887: ...oe mode Syntax poe mode signal spare auto undo poe mode View Ethernet port view Parameter signal The port supplies power through signal lines spare The port supplies power through spare lines auto The port supplies power in automatically selected mode Description Use the poe mode command to configure the PoE mode on the current port Use the undo poe mode command to restore the default PoE mode on ...

Page 888: ... the PD connected to the port whose PoE priority is the highest For example assume that the PoE priority on port A is set to critical If a new PD is connected to port A when the external power supply by the switch is almost fully loaded the switch stops powering the PD connected to the port whose PoE priority is the lowest and begins to power the PD connected to port A Manual mode If new PDs are c...

Page 889: ... default PoE power of switch SW8800 undo poe power max value poe priority Syntax poe priority critical high low undo poe priority View Ethernet port view Parameter critical Sets the port priority to critical the highest high Sets the port priority to high low Sets the port priority to low Description Use the poe priority command to set the PoE priority on a port Use the undo poe priority command t...

Page 890: ...ER 50 POE CONFIGURATION COMMANDS Example Set the PoE priority of current port to critical 3Com GigabitEthernet3 1 1 poe priority critical Restore the default priority 3Com GigabitEthernet3 1 1 undo poe priority ...

Page 891: ...SW8800 display poe power ac input state PSU 1 AC Input State Lack Phase PSU 2 AC Input State Normal PSU 3 AC Input State Lack Phase display poe power alarm Syntax display poe power alarm View Any view Table 120 Description on the fields of the display poe power ac input state command Field Description NORMAL The AC input is normal Under Limit The AC input is below the lower threshold Upper Limit T...

Page 892: ...e PoE PSUs Example Display the current DC output state SW8800 display poe power dc output state DC Output State Normal Table 121 Description on the fields of the display poe power alarm command Field Description NORMAL Normal NOTLINK The PSU is disconnected That is the controller was able to communicate with the PSU but it cannot now Power cycling the unit or re inserting a new PSU can resolve thi...

Page 893: ...e Syntax display poe power switch state View Any view Parameter None Description Use the display poe power switch state command to display the number and current state of the AC power distribution switches of the PSUs Example Display the number and current state of the AC power distribution switches SW8800 display poe power switch state Switch Number 0 display supervision module information Syntax...

Page 894: ... Version Info NP 2500 PSU 2 Rating Output Power 2500 W Hard Version Info NP 2500 Table 123 Description on the fields of the display supervision module information command Field Description Supervision Module Version Software version of the supervision module Supervision Module Name Name of the supervision module Power Type Power type Power Rating Value Rated power of the power system Power Current...

Page 895: ... to set the threshold to 90 0 V Example Set the undervoltage alarm threshold of AC input to 181 0 V SW8800 poe power input thresh lower 181 0 Set lower input threshold power successfully poe power input thresh upper Syntax poe power input thresh upper string View System view Parameter string Overvoltage alarm threshold It ranges from 90 V to 264 V in the format of X X Description Use the poe power...

Page 896: ...alarm threshold of DC output to 45 00 V SW8800 poe power output thresh upper 57 0 Set lower output threshold power successfully poe power output thresh upper Syntax poe power output thresh upper string View System view Parameter string Overvoltage alarm threshold It ranges from 55 00 V to 57 00 V in the format of X X Description Use the poe power output thresh upper command to set the overvoltage ...

Page 897: ...ive Enables incoming packet debugging for UDP Helper send Enables outgoing packet debugging for UDP Helper Description Use the debugging udp helper command to enable UDP Helper debugging Use the undo debugging udp helper command to disable UDP Helper debugging By default UDP Helper debugging is disabled Example Enable packet debugging for UDP Helper SW8800 debugging udp helper packet display udp h...

Page 898: ...ts have been forwarded Display the configuration of the global UDP ports SW8800 display udp helper port Now the following config udp helper port exist s 37 time 49 tacacs 53 dns 34 89 456 10000 10005 The information above shows the configuration of the global UDP ports including the default port 37 49 53 and the configured ports when UDP helper is enabled udp helper enable Syntax udp helper enable...

Page 899: ...ose UDP port number is 138 netbios ns Refers to netBIOS name service netbios ns whose UDP port number is 137 tacacs Refers to terminal access controller access control system TACACS whose UDP port number is 49 tftp Refers to trivial transfer protocol TFTP whose UDP port number is 69 time Refers to time service whose UDP port number is 37 Description Use the udp helper port command to specify the p...

Page 900: ... on a VLAN virtual interface Description Use the udp helper server command to specify the destination server for the UDP packets to be forwarded No destination server is configured by default Related command display udp helper server Example Specify to forward UDP packets to the server whose IP address is 192 1 1 2 SW8800 system view System View return to User View with Ctrl Z SW8800 interface Vla...

Page 901: ...of sending receiving and authenticating SNMP message extracting PDU packet encapsulation and the communication with SNMP application and so on Example Display the engine ID of current device SW8800 display snmp agent local engineid SNMP local EngineID 800007DB00E0FC0000FF6877 The above displayed information SNMP local engine ID represents local SNMP engine ID display snmp agent community Syntax di...

Page 902: ...Description Use the display snmp agent group command to view group name security mode state of various views and storage modes Example Display SNMP group name and safe mode SW8800 display snmp agent group Group name 3com Security model v2c noAuthnoPriv Readview ViewDefault Writeview no specified Notifyview no specified Storage type nonVolatile The following table describes the output fields Table ...

Page 903: ...w View name ViewDefault MIB Subtree internet Subtree mask Storage type nonVolatile View Type included View status active View name ViewDefault MIB Subtree snmpUsmMIB Subtree mask Storage type nonVolatile View Type excluded View status active View name ViewDefault MIB Subtree snmpVacmMIB Subtree mask Storage type nonVolatile View Type excluded View status active The following table describes the ou...

Page 904: ...ages passed from the SNMP entity 0 SNMP PDUs which had badValue error status 0 SNMP PDUs which had genErr error status 0 SNMP PDUs which had noSuchName error status 0 SNMP PDUs which had tooBig error status Maximum packet size 2000 9 MIB objects retrieved successfully 0 MIB objects altered successfully 0 GetRequest PDU accepted and processed 9 GetNextRequest PDU accepted and processed 0 GetBulkReq...

Page 905: ...umber of SNMP packets with erroneous values 9 Get next PDUs accepted and processed Number of SNMP packets with general error 0 GetBulkRequest PDU accepted and processed Number or packets request for nonexistent MIB objects 0 GetResponse PDUs accepted and processed Number of too long SNMP packets 0 Set request PDU accepted and processed Number of variables requested by NMS 0 Trap PDUs accepted and ...

Page 906: ...hina The above information represents that the physical location of this machine is BeiJing China Display the version information of running SNMP SW8800 display snmp agent sys info version SNMP version running in the system SNMPv3 The above information represents that the SNMP version running in the system is SNMPv3 display snmp agent usm user Syntax display snmp agent usm user engineid engineid g...

Page 907: ...N trap messages Use the undo enable snmp trap updown command to disable current port or VLAN interface to transmit the LINK UP and LINK DOWN trap messages The enable snmp trap command should be used in cooperation with the snmp agent trap enable and the snmp agent target host commands The snmp agent target host command is used to specify which hosts can receive the trap messages To enable the tran...

Page 908: ...d Indicates that MIB object can only be read write Indicates that MIB object can be read and written community name Community name character string view name MIB view name acl acl list sets access control list for specified community Description Use the snmp agent community command to configure community access name and enable the access to SNMP Use the undo snmp agent community command to cancel ...

Page 909: ...igures to authenticate and encrypt the packet read view Configures to allow read only view settings read view Read only view name ranging from 1 to 32 bytes write view Configures to allow read write view settings write view Name of read write view ranging from 1 to 32 bytes notify view Configures to allow notify view settings notify view Specifies the notify view name ranging from 1 to 32 bytes ac...

Page 910: ...witch Use the command to Using undo snmp agent local engineid command you can restore the default setting of engine ID By default the engine ID is corporation number device information Device information is determined according to different products It can be IP address MAC address or user defined text However you must use numbers in hexadecimal form Example Configure the ID of a local or remote d...

Page 911: ...of MIB II SW8800 system view System View return to User View with Ctrl Z SW8800 snmp agent mib view included mib2 1 3 6 1 2 1 snmp agent packet max size Syntax snmp agent packet max size byte count undo snmp agent packet max size View System view Parameter byte count Specifies the size of SNMP packet measured in bytes ranging from 484 to 17940 By default the size is 2000 bytes Description Use the ...

Page 912: ...ree options v1 v2c and v3 Here you must select at least one option and you can select all the three options all all SNMP version includes SNMP V1 SNMP V2C SNMP V3 Description Use the snmp agent sys info command to configure system information such as geographical location of the device contact information for system maintenance and version information of running SNMP Use the undo snmp agent sys in...

Page 913: ...munity name of SNMPv1 v2c or the user name of SNMPv3 authentication Configures to authenticate the packet without encryption privacy Configures to authenticate and encrypt the packet Description Use the snmp agent target host command to configure destination of SNMP notification Use the undo snmp agent target host command to cancel the host that receives SNMP notification The snmp agent target hos...

Page 914: ...nkup warmstart system vrrp authfailure newmaster View System view Parameter standard authentication coldstart linkdown linkup Enables the sending of standard Trap messages authentication Enables the sending of SNMP authentication Trap messages coldstart Enables the sending of SNMP cold start Trap messages linkdown Enables the sending of SNMP link down Trap messages linkup Enables the sending of SN...

Page 915: ...er View with Ctrl Z SW8800 snmp agent trap enable standard authentication SW8800 snmp agent target host trap address udp domain 10 1 1 1 params securityname public snmp agent trap life Syntax snmp agent trap life seconds undo snmp agent trap life View System view Parameter seconds Specifies the timeouts ranging from 1 to 2 592 000 seconds By default the timeout interval is 120 seconds Description ...

Page 916: ...rap life Example Configure the queue length to 200 SW8800 system view System View return to User View with Ctrl Z SW8800 snmp agent trap queue size 200 snmp agent trap source Syntax snmp agent trap source vlan interface vlan id undo snmp agent trap source View System view Parameter vlan id Specifies the VLAN interface ID ranging from 1 to 4094 Description Use the snmp agent trap source command to ...

Page 917: ...e group name corresponding to that user a character string at the length ranging from 1 to 32 bytes authentication mode Specifies the safety level as authentication required md5 MD5 algorithm is adopted in authentication MD5 authentication uses the 128 digit password Computation speed of MD5 is faster than that of SHA sha SHA algorithm is adopted in authentication SHA authentication uses the 160 d...

Page 918: ... an SNMP group Example Add a user wang for 3com an SNMP group configures to authenticate with MD5 and sets authentication password as pass SW8800 system view System View return to User View with Ctrl Z SW8800 snmp agent usm user v3 wang 3com authentication mode md5 pass undo snmp agent Syntax undo snmp agent View System view Parameter None Description Use the undo snmp agent command to disable all...

Page 919: ...etherStatsDropEvents 1 Description Ethernet5 1 1 Sampling interval 10 sec Rising threshold 10 linked with event 1 Falling threshold 2 linked with event 1 When startup enables risingOrFallingAlarm Latest value 0 Table 129 Description on the fields of the display rmon alarm command Field Description Alarm table 1 Index 1 in alarm table monitor Owner VALID The alarm entry corresponding to this index ...

Page 920: ...when triggered last triggered at 0days 00h 02m 27s display rmon eventlog Syntax display rmon eventlog event number View Any view Parameter event number Entry index of event table startup First triggering When startup enables risingOrFallingAlarm Type of the first alarm The startup may trigger rising threshold alarm falling threshold alarm or both Latest value Last sample value Table 129 Descriptio...

Page 921: ...splay rmon history port num View Any view Parameter port num Ethernet port name Description Use the display rmon history command to view latest RMON history sampling information including utility error number and total packet number Related command rmon history Example Show the RMON history information SW8800 display rmon history ethernet 2 1 1 History control entry 1 owned by null is VALID Sample...

Page 922: ... 6 1 2 1 2 2 1 16 Table 132 Description on the fields of the display rmon history command Field Description Samples interface The sampled interface History control entry Index number in history control table VALID The entry corresponding to the index is valid Sampling interval Sampling interval buckets Records in history control table Latest sampled values The latest sample information dropevents ...

Page 923: ...y rmon prialarm command Field Description Prialarm table 1 Index of extended alarm entry owned by monitor Creator of the extended alarm entry UNDERCREATION Status of expansion alarms Samples type Type of sampling Variable formula Formula for expansion alarms Description Description information Sampling interval 10 sec Sampling interval Rising threshold Rising threshold When sampling value rises fr...

Page 924: ...xt undo rmon alarm entry number View System view Parameter entry number Number of the entry to be added deleted ranging from 1 to 65535 alarm variable Specifies the alarm variable with a character string ranging from 1 to 256 in the OID dotted format like 1 3 6 1 2 1 2 1 10 1 or ifInOctets 1 sampling time Specifies the sampling interval ranging from 5 to 65535 measured in seconds delta Sampling ty...

Page 925: ...ause log when triggered last triggered at 1days 01h 42m 09s Configure alarm group Add the first line in the alarm table Sample the nodes 1 3 6 1 2 1 16 1 1 1 4 1 every 10 seconds Trigger event 1 when the sampling value exceeds the upper threshold 50 and trigger event 2 when the sampling value gets below the lower threshold 5 The owner is user1 SW8800 system view SW8800 rmon alarm 1 1 3 6 1 2 1 16 ...

Page 926: ...r trap event owner text Creator for this entry The length of the character string ranges from 1 to 127 Description Use the rmon event command to add an entry to the event table Use the undo rmon event command to cancel an entry from this table RMON event management defines the event ID and the handling of the event You can handle the event in the following ways Keeping logs Sending the trap messag...

Page 927: ...story Example Create a history control table entry with the index number of 15 capacity of 100 and sampling interval of 10 seconds The owner is tester SW8800 system view System View return to User View with Ctrl Z SW8800 interface Ethernet 2 1 1 3Com Ethernet2 1 1 rmon history 15 buckets 100 interval 10 owner tester rmon prialarm Syntax rmon prialarm entry number prialarm formula prialarm des samp...

Page 928: ...d an entry to the extended RMON alarm table Use the undo rmon prialarm command to cancel an entry from the extended RMON alarm table The number of instances can be created in the table depends on the hardware resource of the product n Before adding an extended alarm entry you need first to define the event to be referenced in the extended alarm entry using the rmon event command You can define up ...

Page 929: ...ratio rising_threshold 50 1 falling_threshold 5 2 entrytype forever owner user1 Delete line 10 from the extended RMON alarm table SW8800 system view System View return to User View with Ctrl Z SW8800 undo rmon prialarm 10 rmon statistics Syntax rmon statistics entry number owner text string undo rmon statistics entry number View Ethernet port view Parameter entry number Number of the entry to be a...

Page 930: ...928 CHAPTER 54 RMON CONFIGURATION COMMANDS SW8800 system view System View return to User View with Ctrl Z SW8800 interface Ethernet 2 1 1 3Com Ethernet2 1 1 rmon statistic 20 ...

Page 931: ...ing adjustment Enables NTP clock adjustment debugging all Enables all NTP debugging functions authentication Enables NTP authentication debugging event Enables NTP event debugging filter Enables NTP filter information debugging packet Enables NTP packet debugging parameter Enables NTP clock parameter debugging refclock Enables NTP reference clock debugging selection Enables NTP clock selection inf...

Page 932: ...ONS maintained by NTP service provided by the local equipment will be displayed When you configure this command without the verbose argument the switch will display the brief information about all the SESSIONS it maintains With the verbose argument configured the switch will display the detail information about all the SESSIONS it maintains Example Display status of all SESSIONS maintained by the ...

Page 933: ... 136 Description on the fields of the display ntp service status command Field Description clock status unsynchronized Local clock status do not synchronize to any remote NTP server clock stratum 16 Indicates the NTP stratum of local clock reference clock ID Indicates the address of a remote server of the reference ID in the case that the local system has been synchronized by a remote NTP server o...

Page 934: ...ization Only allows the server to access server Allows query to server and access peer Full access authority acl number IP address list number Description Use the ntp service access command to set the authority to access the local equipment Use the undo ntp service access command to cancel the access authority settings By default there is no limit to the access Set authority to access the NTP serv...

Page 935: ...mmand to disable this function By default the authentication is disabled Example Enable NTP authentication function SW8800 system view System View return to User View with Ctrl Z SW8800 ntp service authentication enable ntp service authentication keyid Syntax ntp service authentication keyid number authentication mode md5 value undo ntp service authentication keyid number View System view Paramete...

Page 936: ...mode is disabled Designate an interface on the local Ethernet Switch to receive NTP broadcast messages and operate in broadcast client mode The local Ethernet Switch listens to the broadcast from the server When it receives the first broadcast packet it starts a brief Client Server mode to switch messages with a remote server for estimating the network delay Thereafter the local Ethernet Switch en...

Page 937: ... in broadcast server mode and regularly broadcasts packets to its clients Example Configure to broadcast NTP packets through Vlan Interface1 encrypt them with Key 4 and set the NTP version number as 3 SW8800 system view System View return to User View with Ctrl Z SW8800 interface vlan interface1 3Com Vlan interface1 ntp service broadcast server authentication key 4 version 3 ntp service max dynami...

Page 938: ... address defaults to 224 0 1 1 Designate an interface on the local Ethernet Switch to receive NTP multicast messages and operate in Multicast Client mode The local Ethernet Switch listens to the multicast packets from the server When it receives the first multicast packet it starts a brief Client Server mode to switch messages with a remote server for estimating the network delay Thereafter the lo...

Page 939: ...p service multicast server command to disable NTP multicast server mode if no IP address is specified the switch will disable the configuration of the multicast IP address 224 0 1 1 By default the multicast service is disabled IP address defaults to 224 0 1 1 and the version number defaults to 3 Designate an interface on the local equipment to transmit NTP multicast packet The local equipment oper...

Page 940: ...k is set as the NTP master clock by default You can also specify the stratum of the NTP master clock Example Set the local clock as the NTP master clock to provide synchronized time for its peers and locate it at stratum 3 SW8800 system view System View return to User View with Ctrl Z SW8800 ntp service refclock master 3 ntp service reliable authentication keyid Syntax ntp service reliable authent...

Page 941: ...service source interface command to designate an interface to transmit NTP message Use the undo ntp service source interface command to cancel the current setting By default the source address specifies where the packets are transmitted from You can use this command to designate an interface to transmit all the NTP packets and take the source address of these packets from its IP address If you do ...

Page 942: ...only VLAN interfaces and Loopback interfaces are supported priority Designates a server as the first choice Description Use the ntp service unicast peer command to configure NTP peer mode Use the undo ntp service unicast peer command to cancel NTP peer mode By default version number number defaults to 3 the authentication is disabled and the local server is not the first choice This command sets t...

Page 943: ...d determine an interface together with the interface type argument When the local switch sends an NTP packet to the timer server the source IP address carried in the packet is obtained from the interface Currently only VLAN interfaces and Loopback interfaces are supported priority Designates a server as the first choice Description Use the ntp service unicast server command to configure NTP server...

Page 944: ...942 CHAPTER 55 NTP CONFIGURATION COMMANDS SW8800 system view System View return to User View with Ctrl Z SW8800 ntp service unicast server 128 108 22 44 version 3 ...

Page 945: ... information center in the format of Debugging information You can also use it to debug a user interface individually Use the undo debugging ssh server command to disable the debugging By default the debugging is disabled Logs related to the SSH server are recorded into the log file or log buffer only if debugging is enabled Related command ssh server authentication retries ssh server rekey interv...

Page 946: ...505A SSH 8 SSH2 debug debug info SSH2_MSG_KEXDH_INIT received 0 1427875 8505A SSH 8 SSH2 debug debug info SSH2_MSG_KEXDH_REPLY sent 0 1427966 8505A SSH 8 SSH2 debug debug info SSH2_MSG_NEWKEYS sent 0 1428047 8505A SSH 8 SSH2 debug debug info SSH2_MSG_NEWKEYS received 0 1428138 8505A SSH 8 SSH2 debug debug info The key exchange is done 0 1428229 8505A SSH 8 SSH2 debug debug info User authentication...

Page 947: ...9 9E738319 AF366B8B 519D39F5 02030100 01 display rsa peer public key Syntax display rsa peer public key brief name keyname View Any view Parameter brief Displays the brief information about all client public keys keyname Public key name of the client to be displayed The key name is a consecutive string whose length ranges from 1 to 64 characters Description Use the display rsa peer public key comm...

Page 948: ...isplays the SSH session information Description Use the display ssh server command to display the status information or session information of an SSH server Related command ssh server authentication retries ssh server rekey interval ssh server timeout Example Display the status information of the SSH server SW8800 display ssh server status SSH version 2 0 SSH connection timeout 60 seconds SSH Auth...

Page 949: ...ey name Service type sshuser2 rsa sshuser2 stelnet sshuser1 password sshuser1 stelnet If the Username and User key name are too long the result of the dispaly ssh user information is displayed with wildcard An example is given below Display current SSH user information SW8800 display ssh user information Username Authentication type User public key name Service type admin password aaaaaaaaaabbbbbb...

Page 950: ...e supported This configuration takes effect at the next login Note that after enabling SSH by this command you still cannot log in through SSH if the client RSA key is not configured c CAUTION If the supported protocol configured in the user interface is SSH make sure to configure the corresponding authentication mode to authentication mode scheme using AAA authentication mode If the authenticatio...

Page 951: ...public key format and is randomly generated by the SSH 2 0 enabled client software or the client switch Related command rsa peer public key public key code end Example Enter the public key edit view and input the key SW8800 system view System View return to User View with Ctrl Z SW8800 rsa peer public key sw8800003 3Com rsa public key public key code begin RSA key code view return to last view wit...

Page 952: ...d 3Com rsa key code public key code end 3Com rsa public key rsa local key pair create Syntax rsa local key pair create View System view Parameter None Description Use the rsa local key pair create command to generate the RSA key pair including the host key and server key of the server The naming conventions for the keys are switch name host and switch name server respectively for example 3Com_host...

Page 953: ...l key pair destroy View System view Parameter None Description Use the rsa local key pair destroy command to destroy all the RSA key pairs of the server including the host keys and server keys Related command rsa local key pair create Example Destroy all the RSA keys of the server SW8800 system view System View return to User View with Ctrl Z SW8800 rsa local key pair destroy Keys to be removed ar...

Page 954: ... ssh server authentication retries times undo ssh server authentication retries View System view Parameter times Number of authentication retries in the range from 1 to 5 By default the value is 3 Description Use the ssh server authentication retries command to set the number of SSH connection authentication retries Use the ssh server authentication retries command to restore the default number of...

Page 955: ... enable ssh server rekey interval Syntax ssh server rekey interval hours undo ssh server rekey interval View System view Parameter hours Update interval of the server key in range of 1 to 24 hours It cannot be 0 Description Use the ssh server rekey interval command to set update interval of the server key Use the undo ssh server rekey interval command to remove the configuration By default the sys...

Page 956: ...t 80 ssh user assign rsa key Syntax ssh user username assign rsa key keyname undo ssh user username assign rsa key View System view Parameter keyname Name of the client public key It is a consecutive string whose length ranges from 1 to 64 characters username Valid SSH username It is a consecutive string whose length ranges from 1 to 80 characters Description Use the ssh user assign rsa key comman...

Page 957: ... either password authentication or public authentication Description Use the ssh user authentication type command to specify an authentication mode for a user Use the undo ssh user authentication type command to restore the user authentication mode to NULL namely the unable to login mode The new authentication mode takes effect at the next login By default no login authentication mode is specified...

Page 958: ... ssh authentication type default command to configure the default authentication mode for SSH users Use the undo ssh authentication type default command to cancel the default authentication mode for SSH users The default authentication mode is NULL which means that an authentication mode needs to be configured for each SSH user Example Configure the default user authentication mode as password aut...

Page 959: ...t assign rsa key Syntax ssh client server ip assign rsa key keyname undo ssh client server ip assign rsa key View System view Parameter server ip IP address of the server keyname Public key name of the client Description Use the ssh client assign rsa key command to specify the IP address and the corresponding public key name of the server on the client Use the undo ssh client assign rsa key comman...

Page 960: ...xt time it uses the saved public key to authenticate the server If the first time authentication is not supported when there is no local copy of the public key of the connected server the client assumes that the server is illegal and will refuse to access the server The user can save a copy of the server s public key locally by other means beforehand By default the client does not perform the firs...

Page 961: ...rred HMAC algorithm from the client to the server The default algorithm is sha1_96 prefer_stoc_hmac Preferred HMAC algorithm from the server to the client The default algorithm is sha1_96 sha1 HMAC algorithm hmac sha1 sha1_96 HMAC algorithm hmac sha1 96 md5 HMAC algorithm hmac md5 md5_96 HMAC algorithm hmac md5 96 Description Use the ssh2 command to enable the connection between the SSH client and...

Page 962: ... Use the sftp server enable command to start the SFTP server Use the undo sftp server enable command to shutdown the SFTP server By default the SFTP server is shutdown Example Start the SFTP server SW8800 system view System View return to User View with Ctrl Z SW8800 sftp server enable Shutdown the SFTP server SW8800 undo sftp server ssh service type default Syntax ssh service type default all sft...

Page 963: ...8800 ssh service type default sftp sftp directory cf ssh user service type Syntax ssh service type default all sftp directory directory sftp sftp directory directory stelnet undo ssh service type default View System view Parameter all Specifies that the default service type can be either Stelnet or SFTP sftp Configures the default service type as SFTP stelnet Configures the default service type as...

Page 964: ...turn to the user view This command has the same functionality as the exit and quit commands Example Terminate the connection with the remote SFTP server SW8800 system view System View return to User View with Ctrl Z sftp client bye SW8800 cd Syntax cd remote path View SFTP Client view Parameter remote path Name of a path on the server Description Use the cd command to change the current path on th...

Page 965: ... file Name of a file on the server Description Use the delete command to delete the specified file from the server This command has the same functionality as the remove command Example Delete file temp c from the server sftp client delete temp c dir Syntax dir remote path View SFTP Client view Parameter remote path Name of the directory to view Description Use the dir command to view the files in ...

Page 966: ...0 pub2 exit Syntax exit View SFTP Client view Parameter None Description Use the exit command to terminate the connection with the remote SFTP server and return to the user view This command has the same functionality as the bye and quit commands Example Terminate the connection with the remote SFTP server sftp client exit SW8800 get Syntax get remote file local file View SFTP Client view Paramete...

Page 967: ... file Default local path is the same with remote path ls Syntax ls remote path View SFTP Client view Parameter remote path Name of the directory to view Description Use the ls command to view the files in the specified directory If the remote path argument is not specified the files in the current directory will be displayed This command has the same functionality as the dir command Example View d...

Page 968: ...e SFTP server sftp client mkdir test put Syntax put local file remote file View SFTP Client view Parameter local file Name of a local file remote file Name of a file on the remote SFTP server Description Use the put command to upload a local file to the remote SFTP server By default if no name of the file on the remote server is specified it is assumed that the file on the remote server has the sa...

Page 969: ...ver and return to the user view This command has the same functionality as the bye and exit commands Example Terminate the connection with the remote SFTP server sftp client quit SW8800 remove Syntax remove remote file View SFTP Client view Parameter remote file Name of a file on the server Description Use the remove command to delete the specified file from the server This command has the same fu...

Page 970: ...scription Use the rmdir command to delete the specified directory from the SFTP server Example Delete the directory D temp1 from the SFTP server sftp client rmdir D temp1 sftp Syntax sftp ipaddr prefer_kex dh_group1 dh_exchange_group prefer_ctos_cipher des 3des aes128 prefer_stoc_cipher des 3des aes128 prefer_ctos_hmac sha1 sha1_96 md5 md5_96 prefer_stoc_hmac sha1 sha1_96 md5 md5_96 View System vi...

Page 971: ...fer_ctos_hmac Preferred HMAC algorithm from the client to the server The default algorithm is sha1_96 prefer_stoc_hmac Preferred HMAC algorithm from the server to the client The default algorithm is sha1_96 sha1 HMAC algorithm hmac sha1 sha1_96 HMAC algorithm hmac sha1 96 md5 HMAC algorithm hmac md5 md5_96 HMAC algorithm hmac md5 96 Description Use the sftp command to establish the connection with...

Page 972: ...970 CHAPTER 56 SSH TERMINAL SERVICE CONFIGURATION COMMANDS ...

Page 973: ...ers including device single directory and file names can be up to 136 characters long cd Syntax cd directory View User view Parameter directory Destination directory By default the directory is the working path configured by the user when the system starts Description Use the cd command to change the current user configuration path on the Switch The default directory is the user startup configurat...

Page 974: ...bak delete Syntax delete unreserved file url View User view Parameter unreserved Delete the file completely file url Path and name of the file you want to delete Description Use the delete command to cancel a specified file from the storage device of the switch This command supports wildcard characters The deleted files are kept in the recycle bin and will not be displayed when you use the dir com...

Page 975: ...es free Display the information about all the files including the deleted ones in the flash test directory SW8800 dir all flash test Directory of flash test rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14 28 52 test txt 1 rw 4 Apr 04 2005 20 13 47 snmpboots 31877 KB total 2182 KB free The files that have already been deleted and kept in the recycle bin are displayed with the prompt Display the inform...

Page 976: ...l Z SW8800 execute test bat file prompt Syntax file prompt alert quiet View System view Parameter alert Performs interactive confirmation on dangerous file operations quiet Does not prompt for the file operations Description Use the file prompt command to change the prompt modes of the file operation on the switch By default the prompt mode of the file operation is alert which performs interactive...

Page 977: ... User view Parameter filesystem Device name Description Use the format command to format the storage device Format operation will cause non recoverable loss of all the files on the device Specially configuration files will be lost after formatting the flash memory Example Format flash SW8800 format flash All data on Flash will be lost proceed with format Y N y Now begin to format flash please wait...

Page 978: ...of the files with txt suffix or cfg configuration suffix Example Display the contents of file test txt SW8800 more test txt AppWizard has created this test application for you This file contains a summary of what you will find in each of the files that make up your test application Test dsp This file the project file contains information at the project level and is used to build a single project o...

Page 979: ...r filename is 64 characters The maximum length of a full path filename including the device name directory name and filename is 136 characters The move command can be successfully executed only when the source file and the destination file are on the same device pwd Syntax pwd View User view Parameter None Description Use the pwd command to view the current path Error may occur without setting the...

Page 980: ... Use the reset recycle bin command to permanently delete files from the recycle bin The file url supports the wildcard character The delete command only puts the file into the recycle bin but reset recycle bin command will delete this file permanently Example Delete the file from the recycle bin SW8800 reset recycle bin flash vrpcfg vrrp Squeeze flash vrpcgf vrrp Y N rmdir Syntax rmdir directory V...

Page 981: ...stem SW8800 umount cf undelete Syntax undelete file url View User view Parameter file url Name of the file to be recovered Description Use the undelete command to recover the file that has not been deleted completely The file name to be recovered cannot be the same as an existing directory name If the destination file name is the same as an existing file name prompt whether to overwrite Example Re...

Page 982: ...980 CHAPTER 57 FILE SYSTEM MANAGEMENT COMMANDS ...

Page 983: ...started normally the switch fails to boot up n An Switch 8800 Family series routing switch supports system switchover both its active and standby SRPCs have an application program system You can operate on the programs on both SRPCs But when you specify a bootstrap program on the standby SRPC the URL of the program must begin with slot No flash cf where No is the slot number of the standby SRPC an...

Page 984: ...Bootrom Example Upgrade bootrom of No 1slot SW8800 boot bootrom PLATV100R002B09D002 app slot 1 display boot loader Syntax display boot loader View Any view Parameter None Description Use the display boot loader command to view APP file used this time and next time Example SW8800 display boot loader The primary app to boot of slot 0 at the next time is flash switch app The backup app to boot of slo...

Page 985: ...ame no Frame number slot no Slot number Description Use the display device command to display the module type and working status information of a card including physical card number physical daughter card number PCB version number hardware version number FPGA version number version number of BOOTROM software application version number address learning mode interface card type and interface card ty...

Page 986: ...ay environment View Any view Parameter None Description Use the display environment command to view environment information Example Display the environment information SW8800 display environment System temperature information degree centigrade Slot Temperature Lower limit Upper limit 0 33 10 45 2 35 10 65 4 34 10 65 display fan Syntax display fan fan id View Any view Parameter fan id the fan ID De...

Page 987: ...ed Rate 32 display power Syntax display power power ID View Any view Parameter power ID Power ID Description Use the display power command to view the working state of the built in power supply Example Show power state SW8800 display power Power 1 State Absent Power 2 State Normal Power 3 State Absent Table 139 Description on the fields of the display memory command Field Description System Total ...

Page 988: ...parameters of the current switch SW8800 display schedule reboot System will reboot at 16 00 00 2004 11 1 in 2 hours and 5 minutes reboot Syntax reboot slot slot no View User view Parameter slot slot no Specifies the physical card number Description Use the reboot command to reboot to restart the switch or the specified card Example Reset the switch SW8800 reboot schedule reboot at Syntax schedule ...

Page 989: ...ime point of that day if the configured time is before the current time the switch will be restarted at the time point of the next day It should be noted that the configured date should not exceed the current date more than 30 days In addition after the command is configured the system will prompt you to input confirmation information Only after the Y or the y is entered can the configuration be v...

Page 990: ...ute minutes But the total minutes should be no more than 30Ðó24Ðó60 minutes or 30 days After this command is configured the system will prompt you to input confirmation information Only after the Y or the y is entered can the configuration be valid If there is related configuration before it will be covered directly Moreover after the schedule reboot at command is configured and the system time is...

Page 991: ... file to be updated locates user name User name for file transfer protocol FTP login password User password for FTP login port num FTP port number in the range 0 to 65 535 By default it is 21 Description Use the update l3plus command to update service processing modules After the command is executed the system logs into an FTP Server with the host name user name and user password provided The syst...

Page 992: ...is place in the host with the IP address 192 168 1 100 and its name is L3PLUS app The user name and password for FTP login are 654321 and 123456 respectively SW8800 system view System View return to User View with Ctrl Z SW8800 update l3plus slot 2 filename L3PLUS app ftpserver 192 168 1 100 username 654321 password 123456 ...

Page 993: ...e transmission mode is ASCII mode Perform this command if the user needs to change the file transmission mode to default mode Example Configure to transmit data in the ASCII mode SW8800 ftp ftp ascii 200 Type set to A binary Syntax binary View FTP Client view Parameter None Description Use the binary command to configure file transmission type as binary mode Example Configure to transmit data in t...

Page 994: ...ction with the remote FTP Server Example Terminate connection with the remote FTP Server and return to user view SW8800 ftp ftp bye cd Syntax cd pathname View FTP Client view Parameter pathname Path name Description Use the cd command to change the working path on the remote FTP Server This command is used to access another directory on FTP Server Note that the user can only access the directories...

Page 995: ...P Client view Parameter None Description Use the close command to disconnect FTP client side from FTP server side without exiting FTP client side view That is to say you can terminate the control connection and data connection with the remote FTP Server at the same time Example Terminate connection with the remote FTP Server and stays in FTP Client view SW8800 ftp ftp close debugging Syntax debugg...

Page 996: ...File name Description Use the delete command to cancel the specified file Example Delete the file temp c SW8800 ftp ftp delete temp c dir Syntax dir filename localfile View FTP Client view Parameter filename File name to be queried localfile Saves local file name of the query result Description Use the dir command to query a specified file If no parameter of this command is specified then all the ...

Page 997: ...th the remote FTP Server and stays in FTP Client view SW8800 ftp ftp disconnect ftp Syntax ftp ipaddress host name port View User view Parameter ipaddress IP address of the remote FTP Server port Port number of remote FTP Server Host name Name of the remote FTP Server a string which is 1 to 30 characters long Description Use the ftp command to establish control connection with the remote FTP Serve...

Page 998: ...temp1 c and saves it as temp c SW8800 ftp ftp get temp1 c temp c lcd Syntax lcd View FTP Client view Parameter None Description Use the lcd command to view local working path of FTP Client Example Show local working path SW8800 ftp ftp lcd Local directory now flash temp ls Syntax ls remotefile localfile View FTP Client view Parameter remotefile Remote file to be queried localfile Saves local file ...

Page 999: ...n the remote FTP Server User can perform this operation as long as the remote FTP server has authorized Example Create the directory flash lanswitch on the remote FTP Server SW8800 ftp ftp mkdir flash lanswitch open Syntax open ipaddr port View FTP Client view Parameter ipaddr IP address of the remote FTP server port Port number of the remote server Description Use the open command to set up an FT...

Page 1000: ...ission to passive mode SW8800 ftp ftp passive put Syntax put localfile remotefile View FTP Client view Parameter localfile Local file name remotefile File name on the remote FTP Server Description Use the put command to upload a local file to the remote FTP Server If the user does not specify the filename on the remote server the system will consider it the same as the local file name by default E...

Page 1001: ...o user view Example Terminate connection with the remote FTP Server and returns to user view SW8800 ftp ftp quit SW8800 remotehelp Syntax remotehelp protocol command View FTP Client view Parameter protocol command FTP protocol command Description Use the remotehelp command to view help information about the FTP protocol command This command takes effects only when the FTP server provides the proto...

Page 1002: ...y executed only when the specified directory contains no files Example Delete the directory flash temp1 from FTP Server SW8800 ftp ftp rmdir flash temp1 user Syntax user username password View FTP Client view Parameter username Logon username password Logon password Description Use the user command to register an FTP user This command is available when you log in FTP server with a specified user a...

Page 1003: ...get Syntax tftp tftp server get source file dest file View User view Parameter tftp server IP address or hostname of the TFTP server The name of the TFTP server should be a string ranging from 1 to 20 characters source file Filename of the source file on the TFTP server dest file Filename of the destination file which will be saved on the switch Description Use the tftp get command to download a f...

Page 1004: ...to 20 characters source file Filename of the source file which is saved on the switch dest file Name of the saved as file uploaded to the specified directory on the TFTP server Description Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server Related command tftp get Example Upload the vrpcfg txt to the TFTP server at 1 1 3 214 and save it as temp ...

Page 1005: ...oghost monitor snmpagent trapbuffer logfile Description Use the display channel command to view the details about the information channel Without parameter the display channel command shows the configurations of all the channels Example Show details about the information channel 0 SW8800 display channel 0 channel number 0 channel name console MODU_ID NAME ENABLE LOG LEVEL ENABLE TRAP LEVEL ENABLE ...

Page 1006: ...file buffer size 32KB current file buffer size 7KB channel number 6 channel name logfile max log file number 5 max length of each log file 2MB log file directory cf logfile Information timestamp setting log date trap date debug boot Table 140 Description on the fields of the display info center command Field Description Information Center The status of the information center Log host The status of...

Page 1007: ...onfigures the size of buffer sizenum Size of buffer number of messages which can be kept ranging from 1 to 1024 By default the size of the buffer is 256 Filters the configuration information to be output by regular expression Log file The status of the log file including enable status maximum file buffer size channel number channel name maximum number of log files maximum size of the log file stor...

Page 1008: ...erse the system will search for the logsize matiching messages from the newest one the end of the log buffer then displays them from the newest message to the oldest one Example Show the system logbuffer attribute and the log information in logbuffer SW8800 display logbuffer Logging buffer configuration and contents enabled Allowed max buffer size 1024 Actual buffer size 512 Table 142 Special char...

Page 1009: ...ter console channel info center monitor channel Example Show the summary information recorded in logbuffer SW8800 display logbuffer summary EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG 0 0 0 0 94 0 1 0 display trapbuffer Syntax display trapbuffer summary level levelnum emergencies alerts critical debugging errors informational notifications warnings size sizenum View Any view Table 143 Severity le...

Page 1010: ... the system trapbuffer attribute and the log information in trapbuffer SW8800 display trapbuffer Trapping Buffer Configuration and contents enabled allowed max buffer size 1024 actual buffer size 256 channel number 3 channel name trapbuffer dropped messages 0 overwrote messages 0 current messages 6 Dec 31 14 01 25 2004 3Com DEV 2 LOAD FINISHED Trap 1 3 6 1 4 1 2011 2 23 1 12 1 20 frameIndex is 0 s...

Page 1011: ...r channel 0 name execconsole info center console channel Syntax info center console channel channel number channel name undo info center console channel View System view Parameter channel number Channel number ranging from 0 to 9 that is system has ten channels channel name Specifies the channel name The name can be channel7 channel8 channel9 console logbuffer loghost monitor snmpagent trapbuffer ...

Page 1012: ...o center enable command to enable the system log function Use the undo info center enable command to disable system log function By default system log function is enabled Only after the system log function is enabled can the system output the log information to the info center loghost and console and so on Related command info center loghost info center logbuffer info center console channel info c...

Page 1013: ...ter logbuffer command to cancel the information output to buffer By default the switch outputs information to the memory buffer whose size is 512 that is the memory buffer can hold 512 messages This command takes effect only after the system logging is enabled Related command info center enable display info center Example Send log information to buffer and sets the size of buffer to 50 SW8800 syst...

Page 1014: ... channel number Channel number ranging from 0 to 9 that is system has ten channels channel name Specifies the channel name The name can be channel7 channel8 channel9 console logbuffer loghost monitor snmpagent trapbuffer logfile Source Source address of the packet sent to the loghost interface type interface number Type and number of interface sending log file facility Configures the recording too...

Page 1015: ...e the info center loghost source command to specify source address of the packets sent to loghost as the address of the interface specified by the interface name Use the undo info center loghost source command to cancel the specified source address of the packets sent to loghost Related command info center enable display info center Example Specify source address of the packets sent to loghost as ...

Page 1016: ...ser terminal SW8800 system view System View return to User View with Ctrl Z SW8800 info center monitor channel 0 info center snmp channel Syntax info center snmp channel channel number channel name undo info center snmp channel View System view Parameter channel number Channel number ranging from 0 to 9 that is the system has ten channels By default channel 5 is used channel name Channel name The ...

Page 1017: ...module ADBM MAC address management module ARP ARP address resolution protocol module BGP BGP border gateway protocol module CFM Configuration file management module CMD Command module default Default setting of all modules DEV Device management module DHCP Dynamic host configuration protocol module DIAGCLI Diagnosis module DNS Domain name server module DRVMPLS MPLS multiprotocol label switching dr...

Page 1018: ...agement module MSDP MSDP multicast source discovery protocol module MSTP MSTP multiple spanning tree protocol module NTP NTP network time protocol module OSPF OSPF open shortest path first module PHY Physical sublayer physical layer module PPP PPP module PSSINIT PSSINIT module RDS RADIUS module RM Routing management module RMON Remote monitor module RSA RSA Revest Shamir and Adleman encryption mod...

Page 1019: ...ately critical 3 Critical errors errors 4 Errors requiring your attention but not critical warnings 5 Warning an error may occur notifications 6 Information requiring your attention informational 7 General prompt information debugging 8 Debugging information Table 147 Default information level of each channel channel Log information level Trap information level Debugging information level Console ...

Page 1020: ...ap debugging type For example for the filter of IP module log output you can configure to output the logs at a level higher than warnings to the log host and output those higher than informational to the log buffer You can also configure to output the trap information on the IP module to a specified trap host and so on The channels for filtering in all the directions are specified by this configur...

Page 1021: ...turn to User View with Ctrl Z SW8800 info center source vlan channel snmp log level emergencies info center timestamp Syntax info center timestamp log trap debugging boot date none undo info center timestamp log trap debugging View System view Parameter log Log information trap Trap information debugging Debugging information boot Time elapsing after system starts Format xxxxxx yyyyyy xxxxxx is th...

Page 1022: ...the size of the trap buffer buffersize Size of trap buffer numbers of messages channel Configures the channel to output information to trap buffer channel number Channel number ranging from 0 to 9 that is the system has ten channels channel name Channel name which can be the channel7 channel8 channel9 console logbuffer loghost monitor snmpagent trapbuffer logfile Description Use the info center tr...

Page 1023: ...fer Syntax reset logbuffer View User view Parameter None Description Use the reset logbuffer command to reset information in log buffer Example Clear information in log buffer SW8800 reset logbuffer reset trapbuffer Syntax reset trapbuffer View User view Parameter None Description Use the reset trapbuffer command to reset information in trap buffer Example Clear information in trap buffer SW8800 r...

Page 1024: ...ble the terminal display debugging SW8800 terminal debugging terminal logging Syntax terminal logging undo terminal logging View User view Parameter None Description Use the terminal logging command to enable terminal log information display Use the undo terminal logging command to disable terminal log information display By default the log information display is enabled on the console and disable...

Page 1025: ...yed in local terminal which is equals to having performed undo terminal debugging undo terminal logging undo terminal trapping commands When the terminal monitor is enabled you can use terminal debugging undo terminal debugging terminal logging terminal logging and terminal trapping undo terminal trapping respectively to enable or disable the corresponding functions Example Disable the terminal mo...

Page 1026: ...1024 CHAPTER 60 INFORMATION CENTER ...

Page 1027: ...on Use the clock datetime command to configure the current date and clock of the switch By default the date and clock of the switch is set to 0 0 0 2000 1 1 The current date and clock of the switch must be set by this command where absolute time is strictly required Related command display clock Example Set the current date of the switch to 0 0 0 2001 01 01 SW8800 clock datetime 0 0 0 2001 01 01 c...

Page 1028: ...ommand to set the name start and end time of the summer time Use the undo clock summer time command to restore the local time to the default UTC time After the configuration takes effect the display clock command can be used to check it Besides the time of the log or debugging information uses the local time after the adjustment of the time zone and summer time Related command clock timezone Examp...

Page 1029: ...ect the display clock command can be used to check it Besides the time of the log or debug information uses the local time after the adjustment of the time zone and summer time Related command clock summer time Example Set the name of the local time zone to Z5 with five hours adhead compared with the UTC time SW8800 clock timezone z5 add 05 00 00 quick ping enable Syntax quick ping enable undo qui...

Page 1030: ...rompt of command line interface For example if the system name of the switch is 3Com and the prompt in user view is SW8800 Use the undo sysname command to restore the system name of the switch to the default value Example Set the system name of the switch to 3ComLANSwitch SW8800 system view System View return to User View with Ctrl Z SW8800 sysname 3ComLANSwitch 3ComLANSwitch System Status and Sys...

Page 1031: ...le name Description Use the display debugging command to display debugging that has been enabled You can execute the display debugging to view the specific debugging that has been enabled If the command is executed without any parameter specified the system will display all debugging that has been enabled Related command debugging Example Display all debugging that has been enabled SW8800 display ...

Page 1032: ...ce number interface name command to display optical module information of the specified port Example Display the optical module information of all optical interfaces in position on the current shelf SW8800 display fiber module Pos3 1 1 Card info 10G XFP Fiber connect LC VendorName Intel Corp PartNumber TXN181072013X07 Mode SingleMode WaveLength 1310nm Length for 9um 10km Pos4 1 1 Card info 100BASE...

Page 1033: ...ode WaveLength 1310nm Length for 9um 10km GigabitEthernet6 1 3 Card info 10G XFP Fiber connect LC VendorName JDS Uniphase PartNumber 64P0215 Mode SingleMode WaveLength 1310nm Length for 9um 10km Please refer to the following table for the information above Table 151 Description on the fields of the display fiber module command Field Description Card info Card information Fiber connect Fiber connec...

Page 1034: ... 129 AUX 0 130 VTY 0 00 00 16 TEL 192 168 1 253 tb 131 VTY 1 132 VTY 2 133 VTY 3 134 VTY 4 display version Syntax display version View Any view Table 152 Description on the fields of the display users command Field Description Information about an active user UI The first number is the absolute number of the UI user interface and the second number is the relative number of the UI Delay The time el...

Page 1035: ...0 Family uptime is 0 week 2 days 1 hours 17 minutes SRPA 0 uptime is 0 weeks 2 days 1 hour 17 minutes 3ComSwitch 8800 Family with 1 MPC755 Processor 512M bytes SDRAM 16384K bytes Flash Memory 512K bytes NVRAM Memory PCB Version Ver F BootROM Version 111 CPLD Version 001 Software Version Switch 8800 Family Comware 310 r1265 3CV17538 uptime is 0 weeks 2 days 1 hour 15 minutes 3ComSwitch 8800 Family ...

Page 1036: ...ugging processes are disabled The switch provides various kinds of debugging functions for technical support personnel and experienced maintenance staff to troubleshoot the network Enabling the debugging will generate a large amount of debugging information and decrease the system efficiency Specially network system may collapse after all the debugging is enabled by the debugging all command So it...

Page 1037: ...8 Switch 8800 Family Software Version V100R002B02D018 Switch 8800 Family Product Version Switch 8800 Family Comware 310 r1266 Copyright c 2004 2005 3Com Corporation and its licensors All rights reserved Copyright c 1998 2003 3Com Corporation Co Ltd All rights reserved Compiled Sep 29 2005 03 43 00 RELEASE SOFTWARE 3Com Switch 8800 Family uptime is 0 week 2 days 5 hours 31 minutes This device is 3C...

Page 1038: ...ximum waiting time after sending the echo request measured in ms The time defaults to 2000 ms tos tos Specifies TOS value for echo requests to be sent range from 0 to 255 The default value is 0 v Displays other received ICMP packets non echo response By default no other non echo response ICMP packets is displayed vpn instance vpn instance nam VPN instance name host Destination host domain name or ...

Page 1039: ... 5 ttl 255 time 2ms 202 38 160 244 ping statistics 5 packets transmitted 5 packets received 0 packet loss round trip min avg max 1 2 3 ms tracert Syntax tracert a source IP f first TTL m max TTL p port q num packet vpn instance vpn instance name w timeout string View Any view Parameter a source IP Configures the source IP address used by tracert command f Configures to verify the f switch first TT...

Page 1040: ...mmand includes IP address of all the gateways to the destination If a certain gateway times out output c CAUTION For the moment you can not use the tracert command on the Switch 8800 Family routing switch to test whether the network connection is reachable or analyze where the fault happens in the network in the MPLS domain Example Test the gateways passed by the packets to the destination host at...

Page 1041: ...ing destination protocol port is not open the packet will be dropped Use the undo ip portsafe enable command to disable the protocol port security function Then all packets on the interface module are not checked By default the fabric enables the protocol port security function So do the standby module and the interface module At present the following protocols are being checked Table 153 State of...

Page 1042: ... undo ip http shutdown View System view Parameter None Description Use the ip http shutdown command to shutdown the port 80 of the HTTP protocol After the execution of this command all packets requiring the port 80 of this device will be dropped Use the undo ip http shutdown command to enable the port 80 of the HTTP protocol After the execution of the command all packets requiring the port 80 of t...

Page 1043: ...command will apply to all the ports on the card This command supports Ethernet ports vlan id VLAN ID defined in IEEE802 1Q If you do not specify a specific VLAN the command will apply to all VLANs traffic class Traffic class If you do not specify a specific traffic class the command will apply to all traffic classes drop precedence packet drop precedence If you do not specify a drop precedence lev...

Page 1044: ...on slot 4 so that it monitors port GigabitEthernet4 1 1 SW8800 set egress counter0 slot 4 interface GigabitEthernet4 1 1 display egress counter Syntax display egress counter0 counter1 slot slot num clear View Any view Parameter counter0 Counter 0 used for packet statistics monitoring counter1 Counter 1 used for packet statistics monitoring slot num Card slot number clear Clears the counting data a...

Page 1045: ...atistics Commands 1043 Drop Precedence all The outgoing packets Unicast 0 packets Multicast 0 packets Broadcast 0 packets Bridege egress filtered packets 0 packets TxQ filtered packets Due to TxQ congestion 0 packets ...

Page 1046: ...1044 CHAPTER 63 PORT PACKET STATISTICS COMMANDS ...

Page 1047: ...ernal loop on each port in a VLAN which is enabled with the loopback detection function If a loop is found on a port the switch will give out an alarm or give out an alarm and shutdown the port according to your configuration Use the undo loopback detection enable command to disable the global port loopback function By default the global port loopback detection function is disabled Related command...

Page 1048: ...to VLAN 2 SW8800 system view SW8800 loopback detection enable vlan 2 loopback detection interval time Syntax loopback detection interval time time undo loopback detection interval time View System view Parameter time Interval at which the external loopback detection is performed on ports in the range of 60 to 7200 in seconds The default value is 60 seconds Description Use the loopback detection in...

Page 1049: ...he trap information The port will work normally By default the loopback detection control function on ports is disabled Example Enable the port loopback detection control function SW8800 system view SW8800 interface Ethernet 2 1 1 3Com GigabitEthernet2 1 1 loopback detection control loopback detection disable Syntax loopback detection disable undo loopback detection disable View Ethernet port view...

Page 1050: ... are shutdown for loop Example Display whether the port loopback detection function is enabled or not SW8800 display loopback detection Loopback detection is running on Detection interval time is 60 seconds Following vlans enable loopback detection 1 Following ports are detected for loop GigabitEthernet2 1 1 Following ports are shutdown for loop NULL Table 154 Description on the fields of the disp...

Page 1051: ...Ethernet Port Detection Configuration Commands 1049 ...

Page 1052: ...1050 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1053: ...Ethernet Port Detection Configuration Commands 1051 ...

Page 1054: ...1052 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1055: ......

Page 1056: ...1054 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1057: ......

Page 1058: ...1056 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1059: ...Ethernet Port Detection Configuration Commands 1057 ...

Page 1060: ...1058 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1061: ......

Page 1062: ...1060 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1063: ...Ethernet Port Detection Configuration Commands 1061 ...

Page 1064: ...1062 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1065: ......

Page 1066: ...1064 CHAPTER 64 PORT LOOPBACK DETECTION COMMANDS ...

Page 1067: ...VPN uplink ports Example Display the VLAN VPN related configuration of the current system SW8800 display port vlan vpn VLAN VPN TPID 0x9100 GigabitEthernet1 1 1 VLAN VPN status enabled VLAN VPN VLAN 1 GigabitEthernet1 1 2 VLAN VPN uplink status enabled traffic redirect Syntax Use the following command to deliver Layer 3 traffic classification rules traffic redirect inbound ip group acl number acl ...

Page 1068: ...acl name argument is the ACL name a string that is of 1 to 32 characters in length The string must begin with an English letter that is a z or A Z and cannot contain spaces link group acl number acl name Specifies a Layer 2 ACL The acl number argument is the ACL number in the range of 4 000 to 4 999 The acl name argument is the ACL name a string that is of 1 to 32 characters in length The string m...

Page 1069: ... command Related commands traffic redirect acl Example Insert the VLAN tag of VLAN 4 in the packets that match ACL 4 100 as the outer VLAN tag With the assumption that ACL 4 100 and its rules already exist SW8800 system view System View return to User View with Ctrl Z SW8800 interface Ethernet2 1 1 3Com Ethernet2 1 1 traffic redirect inbound link group 4100 nested vlan 4 vlan vpn enable Syntax vla...

Page 1070: ...nnot be removed By default the VLAN VPN feature is disabled on a port or PVC Example Enable the VLAN VPN feature on the Ethernet2 1 1 port 3Com Ethernet2 1 1 vlan vpn enable vlan vpn tpid Syntax vlan vpn tpid value undo vlan vpn tpid View System view Parameter value TPID value to be set in hexadecimal format This argument ranges from 1 to 0xFFFF Description Use the vlan vpn tpid command to set the...

Page 1071: ...vlan vpn tunnel command to disable VLAN VPN tunnel VLAN VPN tunnel enables user networks in different regions to transmit BPDU packets transparently through VLAN VPN designated in the operator s network This function is disabled by default Example Enable VLAN VPN tunnel note2 SW8800 system view SW8800 vlan vpn tunnel vlan vpn uplink enable Syntax vlan vpn uplink enable undo vlan vpn uplink View Et...

Page 1072: ...t 3C17512 and LSBM1TGX1 cards do not support this command The vlan vpn uplink enable command and the vlan vpn enable command are mutually exclusive That is if you execute the vlan vpn enable command on a port you will fail to execute the vlan vpn uplink enable command on the same port if you execute the vlan vpn uplink enable command on a port you will fail to execute the vlan vpn enable command o...

Page 1073: ...e packet is sent n If you specify a value bigger than 1 for the times argument the system operates in either of the following two ways after sending the first probe packet If the system receives a response packet it sends a second probe packet If the system does not receive a response packet it sends a second probe packet after test operation timeout This process goes on until the last probe packe...

Page 1074: ...ling space of the packet Otherwise the system uses text to fill in the space If the content of text is too long the system uses the part of the content in the front if too short the system fills the content in a cyclic way Example Configure the filler data of the test packet as Hello I m here SW8800 system view System View return to User View with Ctrl Z SW8800 nqa administrator icmp 3Com administ...

Page 1075: ...ing nqa all error event undo debugging nqa all error event View User view Parameter all Specifies all types of debugging for NQA error Specifies debugging for NQA error information event Specifies debugging for NQA event information Description Use the debugging nqa command to enable debugging for NQA Use the undo debugging nqa command to disable debugging for NQA Example Enable debugging for NQA ...

Page 1076: ... the test Description Use the destination ip command to configure the destination IP address of the test Use the undo destination ip command to delete the configured destination IP address By default no destination IP address of the test is configured The test can be performed only after the destination IP address is configured Example Set the destination IP address of the test to 192 168 80 80 SW...

Page 1077: ... entry admin administrator tag icmp history record Index Response Status LastRC Time 1 1 1 0 2005 11 02 16 28 55 0 2 1 1 0 2005 11 02 16 28 55 0 3 1 1 0 2005 11 02 16 28 55 0 4 1 1 0 2005 11 02 16 28 55 0 5 1 1 0 2005 11 02 16 28 55 0 Table 156 Description on the fields of the display nqa result command Field Description Destion ip address Destination IP address Vpn instance VPN identification NUL...

Page 1078: ...nd the condition of sending Trap information to the network management system Example Set the automatic test interval to 10 seconds SW8800 system view System View return to User View with Ctrl Z SW8800 nqa agent enable Table 157 Description on the fields of the display nqa history command Field Description Response Round trip test time in milliseconds or the timeout time 0 means the test fails Sta...

Page 1079: ...ry record n When this command is executed the switch checks the redundant history records and deletes them Example If the configuration allows 30 test results to be stored in the history record while there are 50 test results in the test group the switch deletes the oldest 20 test results Example Set the number of test results stored in the history records to 10 SW8800 system view System View retu...

Page 1080: ...p Its name is administrator and its test tag is icmp SW8800 system view System View return to User View with Ctrl Z SW8800 nqa administrator icmp nqa agent enable Syntax nqa agent enable undo nqa agent enable View System view Parameter None Description Use the nqa agent enable command to enable the NQA client function Use the undo nqa agent enable command to disable the NQA client function You can...

Page 1081: ...ble SW8800 nqa agent max requests 4 probe failtimes Syntax probe failtimes times undo probe failtimes View NQA test group view Parameter times Number of times of constant probe failures Description Use the probe failtimes command to set the number of constant probe failures after which NQA will send the Trap information to the network management system Use the undo probe failtimes command to resto...

Page 1082: ...nistrator icmp probe failtimes 3 sendpacket passroute Syntax sendpacket passroute undo sendpacket passroute View NQA test group view Parameter None Description Use the sendpacket passroute command to assume the connection mode between the destination address and the equipment which enables the test as direct connection mode So called direct connection mode is that the connection between the destin...

Page 1083: ...anagement system when the test fails and the corresponding filter condition is satisfied all Sends the Trap information to the network management system when any of the above conditions happens Description Use the send trap command to configure the conditions of sending Trap information to the network management system Use the undo send trap command to cancel the configured the conditions of sendi...

Page 1084: ...finding the corresponding IP address If a source IP address is configured no IP address of the source interface will be used But the system still checks whether the interface is a Layer 3 interface or not as the ordinary ping operation does Example Configure the Vlan interface 60 as the source interface for sending test packet SW8800 system view System View return to User View with Ctrl Z SW8800 n...

Page 1085: ...o execute the NQA test Use the undo test enable command to compulsively stop the current NQA test n The test result can not be automatically displayed after the NQA test is executed You need to use the display nqa command to display the test result When the system is testing parameters in the test group can not be changed except the brief description of the operation and the condition of sending T...

Page 1086: ...The test succeeds as long as there is one successful probe The current probe failure times will be reset to zero after a test is finished that is the times is only valid for a single test and can not cross two tests for constant statistics If the probe succeeds this statistic value is reset to zero too Related command probe failtimes Example Set that the system sends Trap information after 3 const...

Page 1087: ...do timeout command to restore the timeout time to the default value By default the timeout time of test operation is 3 seconds Example Set the timeout time to 10 seconds SW8800 system view System View return to User View with Ctrl Z SW8800 nqa agent enable SW8800 nqa administrator icmp 3Com administrator icmp timeout 10 tos Syntax tos value undo tos View NQA test group view Parameter value TOS typ...

Page 1088: ...um number of hops that an NQA ICMP test packet can pass in the network in the range of 1 to 255 This parameter equals to the i parameter in the ping command of the Windows operation system Description Use the ttl command to configure the maximum number of hops that an NQA ICMP test packet can pass in the network that is the life time of the NQA packet Use the undo ttl command to restore the maximu...

Page 1089: ...se the undo vpn instance command to cancel the name of the VPN instance for the test By default no information of the VPN instance is set n You must set the name for VPN instance Otherwise the test will fail for the system can not find the corresponding VPN index Example Specify the name of the VPN instance for the test as vpn1 SW8800 system view System View return to User View with Ctrl Z SW8800 ...

Page 1090: ...1088 CHAPTER 66 NQA CONFIGURATION COMMANDS ...

Page 1091: ...s the alert time before password expiration the timeout time for password authentication the maximum number of password input attempts the processing mode after failed password input attempts the time when the password history was last cleared and so on Example Display the information about the current password control for all users SW8800 display password control Global password settings for all ...

Page 1092: ...ering passwords SW8800 display password control blacklist USERNAME IP Jack 10 1 1 2 The number of users in blacklist is 1 display password control super Syntax display password control super View Any view Parameter None Description Use the display password control super command to view the password control information for super passwords including password aging time and the minimum password lengt...

Page 1093: ...Set the system login password to 9876543210 SW8800 system view System View return to User View with Ctrl Z SW8800 local user test 3Com luser test password Password confirm Updating the password file please wait change the system login password to 0123456789 3Com luser test password Password Confirm Updating password file please waiting password control Syntax password control aging aging time leng...

Page 1094: ...The value range is 3 to 360 seconds and the default value is 120 seconds A locked user can log in to the switch again after the configured lock time Unlock The user can still log in after failed login attempts without being locked The default processing mode is the locktime mode after password authentication fails Namely the system will lock the user and allow the user to log in to the switch afte...

Page 1095: ...user to 10 SW8800 password control history 10 Configure the alert time so that users are alerted 7 days before their passwords expire SW8800 password control alert before expire 7 Configure the timeout time of the user password authentication to 100 seconds SW8800 password control authentication timeout 100 Configure the processing mode so that the system locks the user after failed password authe...

Page 1096: ...rol aging length history enable command to disable password control functions such as password aging the limitation of the minimum password length and history password recording By default all the above mentioned password control functions are disabled Related command password control Example Enable password aging SW8800 password control aging enable Password aging enabled for all users Default 90...

Page 1097: ... Syntax reset password control history record username username View User view Parameter Username Specifies a user whose history password record will be deleted Description Use the reset password control history record command to delete the history password records of all users Use the reset password control history record username username command to delete the history password record of a specif...

Page 1098: ...mand to delete the history records of the super passwords for the users at the specified level Use the reset password control history record super command to delete the history records of all super passwords After the history password record of a user is deleted the configuration of a new password will not be restricted by the previously configured history password records Example Delete the histo...

Page 1099: ...8800 display password control blacklist USERNAME IP test 192 168 30 25 tes 192 168 30 24 test2 192 168 30 23 Remove user test from the blacklist SW8800 reset password control blacklist user name test Are you sure to delete the blacklist users Y N y All the blacklist users have been cleared Check the current user information in the blacklist and verify that user test has been removed SW8800 display...

Reviews:

No comments

Related manuals for Switch 8807

3Com 486 Getting Started Manual preview
486
Brand: 3Com Pages: 20
Watchguard Wireless Router Quick Start Manual preview
Wireless Router
Brand: Watchguard Pages: 11
D-Link DWR-712 Quick Installation Manual preview
DWR-712
Brand: D-Link Pages: 32
D-Link DIR-456 Quick Installation Manual preview
DIR-456
Brand: D-Link Pages: 28
D-Link DIR-820 Quick Installation Manual preview
DIR-820
Brand: D-Link Pages: 48
D-Link EXO DIR-2660 Quick Installation Manual preview
EXO DIR-2660
Brand: D-Link Pages: 83
D-Link DIR-508L User Manual preview
DIR-508L
Brand: D-Link Pages: 155
4IPNET WHG301 User Manual preview
WHG301
Brand: 4IPNET Pages: 97
4RF Aprisa LTE Quick Start Manual preview
Aprisa LTE
Brand: 4RF Pages: 7
B+B SmartWorx CR10 v2 Start Manual preview
CR10 v2
Brand: B+B SmartWorx Pages: 4
F5 WANJet 500 Quick Start Card preview
WANJet 500
Brand: F5 Pages: 2
F5 ARX-500 Hardware Reference Manual preview
ARX-500
Brand: F5 Pages: 90
F5 ARX-4000 Parts Replacement Manual preview
ARX-4000
Brand: F5 Pages: 47
i-MO 540 Series Product Installation Manual preview
540 Series
Brand: i-MO Pages: 58
Idis DR-4100P Series Installation Manual preview
DR-4100P Series
Brand: Idis Pages: 30
IBM 3101 Maintenance Information preview
3101
Brand: IBM Pages: 63
Delta M125HV-113 Quick Installation Manual preview
M125HV-113
Brand: Delta Pages: 2
N.A.T. NAT-MCH Technical Reference Manual preview
NAT-MCH
Brand: N.A.T. Pages: 32

Brands by name

Popular brands

Load more brands