H3C H3C S3600 Series Command Manual Download Page 196

Page: 196 / 1277

1-17

By default, the system disables a port for 20 seconds.

The

port-security timer disableport

command is used in conjunction with the

port-security

intrusion-mode

disableport-temporarily

command to set the length of time during which the port

remains disabled.

Related commands:

port-security intrusion-mode

Examples

# Set the intrusion protection mode on Ethernet 1/0/1 to

disableport-temporarily

. It is required that

when intrusion protection is triggered, the port be shut down temporarily and then go up 30 seconds

later.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] port-security timer disableport 30

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] port-security intrusion-mode disableport-temporarily

port-security trap

Syntax

port-security trap

{

addresslearned

dot1xlogfailure

dot1xlogoff

dot1xlogon

intrusion

ralmlogfailure

ralmlogoff

ralmlogon

}

undo port-security trap

{

addresslearned

dot1xlogfailure

dot1xlogoff

dot1xlogon

intrusion

ralmlogfailure

ralmlogoff

ralmlogon

}

View

System view

Parameters

addresslearned

: Enables/disables sending traps for MAC addresses learning events.

dot1xlogfailure

: Enables/disables sending traps for 802.1x authentication failures.

dot1xlogoff

: Enables/disables sending traps for 802.1x-authenticated user logoff events.

dot1xlogon

: Enables/disables sending traps for 802.1x-authenticated user logon events.

intrusion

: Enables/disables sending traps for detections of intrusion packets.

ralmlogfailure

: Enables/disables sending traps for MAC authentication failures.

ralmlogoff

: Enables/disables sending traps for MAC-authenticated user logoff events.

ralmlogon

: Enables/disables sending traps for MAC-authenticated user logon events.

Summary of Contents for H3C S3600 Series

Page 1: ...H3C S3600 Series Ethernet Switches Command Manual Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version 20090618 C 1 02 Product Version Release 1602 ...

Page 2: ... V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statement...

Page 3: ...ity Port Binding Introduces the commands used for port security configuration and port binding 12 DLDP Introduces the commands used for DLDP configuration 13 MAC Address Table Management Introduces the commands used for MAC address forwarding table management 14 Auto Detect Introduces the commands used for auto detect configuration 15 MSTP Introduces the STP related commands 16 Routing Protocol In...

Page 4: ...nd TFTP 38 Information Center Introduces the commands used for information center configuration 39 System Maintenance and Debugging Introduces the commands used for system maintenance and debugging 40 VLAN VPN Introduces the commands used for VLAN VPN configuration 41 HWPing Introduces the commands used for HWPing configuration 42 IPv6 Management Introduces the commands used for IPv6 Management co...

Page 5: ...tary description Related Documentation In addition to this manual each H3C S3600 Series Ethernet Switches documentation set includes the following Manual Description H3C S3600 Series Ethernet Switches Operation Manual Release 1602 It is used for assisting the users in data configurations and typical applications H3C S3600 Series Ethernet Switches Installation Manual It provides information for the...

Page 6: ...Documentation Feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments ...

Page 7: ...i Table of Contents 1 CLI Configuration Commands 1 1 CLI Configuration Commands 1 1 command privilege level 1 1 display history command 1 3 super 1 4 super authentication mode 1 5 super password 1 5 ...

Page 8: ...any CLI view that the Ethernet switch supports The S3600 series support only the CLI views listed in Table 1 1 Table 1 1 Available CLI views for the view argument CLI view Description acl adv Advanced ACL view acl basic Basic ACL view acl ethernetframe Layer 2 ACL view acl user User defined ACL view aux Aux 1 0 0 port view that is console port view cluster Cluster view detect group Detected group ...

Page 9: ...upported by only the S3600 EI series poe profile PoE profile view qinq QinQ view qos profile QoS profile view radius template RADIUS scheme view rip RIP view route policy Routing policy view shell User view smlk group Smart link group view system System view user interface User interface view vlan VLAN view vlan interface VLAN interface view command Command for which the level is to be set Descrip...

Page 10: ...ds Examples Set the level of the system view command in user view shell to 0 Sysname system view System View return to User View with Ctrl Z Sysname command privilege level 0 view shell system view display history command Syntax display history command View Any view Parameters None Description Use the display history command command to display the history commands of the current user so that the u...

Page 11: ...quires the corresponding authentication The authentication mode can be set through the super authentication mode command z For security purpose the password entered is not displayed when you switch to another user level You will remain at the original user level if you have tried three times but failed to enter the correct authentication information Related commands super authentication mode super...

Page 12: ...s executed to specify the authentication mode for user level switching the super password authentication is preferred and the HWTACACS authentication mode is the backup z If the super authentication mode scheme super password command is executed to specify the authentication mode for low to high user level switching the HWTACACS authentication is preferred and the super password authentication mod...

Page 13: ...ly input a cipher text password that is a string of 1 to 24 characters which must correspond to a plain text password For example The cipher text password _ TT8F Y 5SQ Q MAF4 1 corresponds to the plain text password 1234567 Description Use the super password command to set a switching password for a specified user level which will be used when users switch from a lower user level to the specified ...

Page 14: ...3 ip http shutdown 1 14 lock 1 15 parity 1 16 protocol inbound 1 16 screen length 1 17 send 1 18 service type 1 19 set authentication password 1 20 shell 1 21 speed 1 22 stopbits 1 22 telnet 1 23 telnet ipv6 1 24 telnet source interface 1 25 telnet source ip 1 25 telnet server source interface 1 26 telnet server source ip 1 26 user interface 1 27 user privilege level 1 28 2 Commands for User Contr...

Page 15: ...l password remember to set the local password using the set authentication password command Otherwise AUX users can log in to the switch successfully without password but VTY users will fail the login VTY users must enter the correct authentication password to log in to the switch z If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords the actual...

Page 16: ...ocol is specified as all both the TCP 23 and TCP 22 port will be enabled Examples z Example of the password authentication mode configuration Configure to authenticate users using the local password on the console port and set the authentication password to aabbcc in plain text Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 authenticati...

Page 17: ...m being automatically executed By default no command is configured to be executed automatically after a user logs in Normally the telnet command is specified to be executed automatically to enable the user to Telnet to a specific network device automatically z The auto execute command command may cause you unable to perform common configuration in the user interface so use it with caution z Before...

Page 18: ...rmation displaying is enabled That is the copyright information is displayed after a user logs into a switch successfully Note that these two commands apply to users logging in through the console port and by means of Telnet Examples Disable copyright information displaying Copyright c 2004 2008 Hangzhou H3C Tech Co Ltd All rights reserved Without the owner s prior written consent no decompiling o...

Page 19: ...ny view Parameters None Description Use the display telnet server source ip command to display the source IP address configured for the switch operating as the Telnet server That is when the switch operates as the Telnet server the client uses this IP address to log in to the switch z If the source IP address or source interface is specified for the switch this command displays the IP address or t...

Page 20: ...urce IP address configured for the switch operating as the Telnet client That is the source IP address of the Telnet service packets sent when the switch operates as the Telnet client to log in to the remote device z If the source interface is specified for the switch this command displays the IP address of the source interface z If no source address or source IP interface is specified for the swi...

Page 21: ...y keyword is specified this command displays the number and type of the user interfaces including those that are in use and those that are not in use Examples Display the information about user interface 0 Sysname display user interface 0 Idx Type Tx Rx Modem Privi Auth Int Super F 0 AUX 0 9600 3 N S Current user interface is active F Current user interface is active and work in async mode Idx Abs...

Page 22: ...Sysname display user interface summary User interface type AUX 0 UXXX XXXX User interface type VTY 8 UUUU X 5 character mode users U 8 UI never used X 5 total UI in use Table 1 2 Description on the fields of the display user interface summary command Field Description User interface type User interface type AUX or VTY 0 UXXX XXXX 8 UUUU X 0 and 8 represent the least absolute number for AUX user in...

Page 23: ...peration user work in async mode Table 1 3 Descriptions on the fields of the display users command Field Description UI The numbers in the left sub column are the absolute user interface indexes and those in the right sub column are the relative user interface indexes Delay The period in seconds the user interface idles for Type User type Ipaddress The IP address from which the user logs in Userna...

Page 24: ... Level Level of a Web user Login Time Time when a Web user logs in Last Req Time Time when the latest request is made free user interface Syntax free user interface type number View User view Parameters type User interface type which can be AUX for AUX user interface and VTY for VTY user interface number User interface index A user interface index can be relative or absolute z In relative user int...

Page 25: ...r user name and password If a user logs in to the switch through Web the banner text configured will be displayed on the banner page shell Sets the session banner which appears after a session is established If you specify to authenticate login users the banner appears after a user passes the authentication text Banner to be displayed If no keyword is specified this argument is the login banner Yo...

Page 26: ...ed with the header legal command and before login authentication z The banner configured with the header shell command is displayed after a non modem user session is established Examples Configure banners Sysname system view System View return to User View with Ctrl Z Sysname header login Welcome to login Sysname header shell Input banner text and quit with the character Welcome to shell Sysname h...

Page 27: ...mand to set the size of the history command buffer Use the undo history command max size command to revert to the default history command buffer size By default the history command buffer can contain up to ten commands Related commands display history command Examples Set the size of the history command buffer of AUX 0 to 20 to enable it to store up to 20 commands Sysname system view System View r...

Page 28: ... 1 minute Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 idle timeout 1 ip http shutdown Syntax ip http shutdown undo ip http shutdown View System view Parameters None Description Use the ip http shutdown command to shut down the WEB Server Use the undo ip http shutdown command to launch the WEB Server By default the WEB Server is launc...

Page 29: ...nt unauthorized operations in the user interface After you execute this command the system prompts you for the password and prompts you to confirm the password The user interface is locked only when the password entered is correct To unlock a user interface press Enter and then enter the password as prompted Note that if you set a password containing more than 16 characters the system matches only...

Page 30: ...scription Use the parity command to set the check mode of the user interface Use the undo parity command to revert to the default check mode By default no check is performed Examples Set to perform even checks Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 parity even protocol inbound Syntax protocol inbound all ssh telnet View VTY user...

Page 31: ...ere are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the supported protocol is specified as ssh TCP 22 will be enabled when the supported protocol is specified as all both the TCP 23 and TCP 22 port will be enabled To configure a user interface to support SSH you need to set the authentication mode to scheme for users to log in successfully If the ...

Page 32: ...ew User view Parameters all Sends messages to all user interfaces type User interface type which can be AUX for AUX user interface and VTY for VTY user interface number User interface index A user interface index can be relative or absolute z In relative user interface index scheme the type argument is required In this case AUX user interfaces are numbered from AUX0 through AUX7 VTY user interface...

Page 33: ... type command to cancel login type configuration Commands fall into four command levels visit monitor system and manage which are described as follows z Visit level Commands at this level are used to diagnose network and change the language mode of user interface such as the ping tracert and language mode command The telnet command is also at this level Commands at this level cannot be saved in co...

Page 34: ...iority level telnet Establish one TELNET connection tracert Trace route function undo Cancel current setting set authentication password Syntax set authentication password cipher simple password undo set authentication password View User interface view Parameters cipher Specifies to save the local password in cipher text simple Specifies to save the local password in plain text password Password t...

Page 35: ...with Ctrl Z Sysname user interface vty 0 Sysname ui vty0 set authentication password simple 123 shell Syntax shell undo shell View User interface view Parameters None Description Use the shell command to enable terminal services Use the undo shell command to disable terminal services By default terminal services are disabled in all user interfaces Note the following when using the undo shell comma...

Page 36: ...mission speed of the user interface Use the undo speed command to revert to the default transmission speed By default the transmission speed is 9 600 bps Examples Set the transmission speed of the user interface AUX 0 to 115 200 bps Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 speed 115200 stopbits Syntax stopbits 1 1 5 2 undo stopbit...

Page 37: ...e interface interface type interface number source ip ip address View User view Parameters hostname Host name of the remote device a string of 1 to 20 characters ip address IPv4 address of the remote device service port Number of the TCP port through which the remote device provides Telnet service This argument ranges from 0 to 65535 and defaults to 23 source interface interface type interface num...

Page 38: ...the outbound interface by interface type and interface number The outbound interface is required when the destination address is a local link address port number TCP port number assigned to Telnet service on the remote system in the range 0 to 65535 and defaults to 23 Description Use the telnet ipv6 command to Telnet to a device from the current device to perform remote management operation You ca...

Page 39: ... the specified interface the login succeeds only when there is a route between the specified source interface and the Telnet server Examples Specify VLAN interface 2 as the source interface for the Telnet client Sysname system view System View return to User View with Ctrl Z Sysname telnet source interface Vlan interface 2 telnet source ip Syntax telnet source ip ip address undo telnet source ip V...

Page 40: ...erface for a Telnet server Use the undo telnet server source interface command to remove the source interface The source interface can be a loopback interface or a VLAN interface If the specified interface does not exist the system prompts that this configuration fails and the login succeeds only when there is a route between the Telnet client and the specified source interface With the telnet ser...

Page 41: ...P address of the Telnet server as 192 168 1 1 Sysname system view System View return to User View with Ctrl Z Sysname telnet server source ip 192 168 1 1 user interface Syntax user interface type first number last number View System view Parameters type User interface type which can be AUX for AUX user interface and VTY for VTY user interface first number User interface index identifying the first...

Page 42: ...s visit monitor system and manage which are described as follows z Visit level Commands at this level are used to diagnose network such as the ping tracert and telnet command Commands at this level cannot be saved in configuration files z Monitor level Commands at this level are used to maintain the system to debug service problems and so on The display and debugging commands are at monitor level ...

Page 43: ... view commands cluster Run cluster command debugging Enable system debugging functions display Display current system information msdp tracert MSDP trace route to source RP mtracert Trace route to multicast source nslookup Query Internet name servers ping Ping function quit Exit from current command view reset Reset operation send Send information to other user terminal interfaces super Set the cu...

Page 44: ...om the current user interface outbound Applies the ACL for the users Telnetting to other devices from the current user interface This keyword is unavailable to Layer 2 ACLs Description Use the acl command to apply an ACL for Telnet users Use the undo acl command to cancel the configuration By default no ACL is applied Examples Apply ACL 2000 a basic ACL for the users Telnetting to the current swit...

Page 45: ...iew System view Parameters acl number ACL number ranging from 2000 to 2999 Description Use the ip http acl command to apply an ACL to filter Web users Use the undo ip http acl command to disable the switch from filtering Web users using the ACL By default the switch does not use the ACL to filter Web users Examples Apply ACL 2000 to filter Web users assuming that ACL 2000 already exists Sysname sy...

Page 46: ...t users Use the undo snmp agent community command to cancel community related configuration for the specified community By default SNMPv1 and SNMPv2c access a switch by community names Examples Set the community name to h123 enable users to access the switch in the name of the community with read only permission Apply ACL 2000 for network management users assuming that ACL 2000 already exists Sysn...

Page 47: ...mmand to apply an ACL to filter network management users Use the undo snmp agent group command to remove a specified SNMP group By default the SNMP group configured through the snmp agent group v3 command is not authenticated or encrypted Examples Create an SNMP group named h123 and apply ACL 2001 for network management users assuming that basic ACL 2001 already exists Sysname system view System V...

Page 48: ...xt a 32 bit hexadecimal number in cipher text if MD5 algorithm is used and a 40 bit hexadecimal number in cipher text if SHA algorithm is used acl number Basic ACL number ranging from 2000 to 2999 local Specifies local entity users engineid string Engine ID associated with the user a string of even number of hexadecimal numbers and comprising of 10 to 64 hexadecimal digits Description Use the snmp...

Page 49: ...1 1 File Attribute Configuration Commands 1 1 display current configuration 1 1 display current configuration vlan 1 6 display saved configuration 1 6 display startup 1 9 display this 1 10 reset saved configuration 1 11 save 1 12 startup saved configuration 1 14 ...

Page 50: ... can directly input the file name text txt as the file URL File Attribute Configuration Commands display current configuration Syntax display current configuration configuration configuration type interface interface type interface number by linenum begin exclude include regular expression View Any view Parameters configuration configuration type Specifies to display non interface configuration If...

Page 51: ...he beginning of a line For example regular expression user matches lines beginning with user not Auser Ending sign the string to the left of this character appears only at the end of a line For example regular expression user matches lines ending with user not userA Full stop a wildcard used in place of any character including blank None Asterisk the character to the left of the asterisk should ma...

Page 52: ...e interfaces on the current switch Sysname display current configuration interface interface Vlan interface1 ip address 192 168 0 36 255 255 255 0 igmp enable interface Vlan interface20 ip address 10 10 10 10 255 255 255 0 interface Aux1 0 0 interface Ethernet1 0 1 interface Ethernet1 0 2 port monitor link group 3 uplink interface Ethernet1 0 3 port monitor link group 3 downlink port access vlan 1...

Page 53: ... Ethernet1 0 20 interface Ethernet1 0 21 interface Ethernet1 0 22 interface Ethernet1 0 23 interface Ethernet1 0 24 interface GigabitEthernet1 1 1 priority trust interface GigabitEthernet1 1 2 priority trust interface GigabitEthernet1 1 3 interface GigabitEthernet1 1 4 interface NULL0 interface LoopBack0 return Display the lines that include the strings matching 10 in the configuration information...

Page 54: ... interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface Ethernet1 0 17 interface Ethernet1 0 18 interface Ethernet1 0 19 interface Ethernet1 0 20 interface Ethernet1 0 21 interface Ethernet1 0 22 interface Ethernet1 0 23 interface Ethernet1 0 24 interface GigabitEthernet1 1 1 interface GigabitE...

Page 55: ...nfiguration information about all the VLANs that exist on the switch If there are contiguous VLANs without any configuration the system combines these VLANs together in the format of vlan id to vlan id when displaying the VLAN configuration information Related commands save reset saved configuration display saved configuration Examples Display the VLAN configuration information of the current swit...

Page 56: ...ch starts up the command displays the last saved configuration Related commands save reset saved configuration display current configuration Examples Display the initial configuration file of the current switch Sysname display saved configuration sysname Sysname gvrp MAC authentication vlan 1 interface Vlan interface1 ip address 192 168 0 36 255 255 255 0 LOCCFG MUST NOT DELETE interface Aux1 0 0 ...

Page 57: ... 8 interface Ethernet1 0 9 voice vlan enable interface Ethernet1 0 10 port link type hybrid port hybrid vlan 1 3 to 4 untagged port hybrid protocol vlan vlan 4 0 lacp enable interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface Ethernet1 0 17 interface Ethernet1 0 18 interface Ethernet1 0 19 i...

Page 58: ...privilege level 3 set authentication password simple 1 return The configuration information output above in turn is the system configuration logical interface configuration physical port configuration and user interface configuration display startup Syntax display startup unit unit id View Any view Parameters unit unit id Specifies the unit ID of a switch With this keyword argument combination spe...

Page 59: ...kup startup saved configuration file flash backup cfg Bootrom access enable state enabled Table 1 2 Description on the fields of the display startup command Field Description Current Startup saved configuration file The configuration file used for the current startup Next main startup saved configuration file The main configuration file used for the next startup Next backup startup saved configura...

Page 60: ...set saved configuration display saved configuration display current configuration Examples Display the configuration parameters that take effect in all user interface views Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 display this user interface aux 0 4 idle timeout 0 0 user interface aux 5 7 user interface vty 0 authentication mode n...

Page 61: ...rade software the old configuration file does not match the new software z The startup configuration file is corrupted or not the one you need z This command will permanently delete the configuration file from the switch z An error occurs when you execute this command if the configuration file to be deleted does not exist Related commands save Examples Erase the main configuration file to be used ...

Page 62: ... during the process z Safe mode This is the mode when you use the save command with the safely keyword The mode saves the file slower but can retain the original configuration file in the Flash even if the switch reboots or the power fails during the process When you use the save safely command to save the configuration file if the switch reboots or the power fails during the saving process the sw...

Page 63: ...it id View User view Parameters cfgfile Path name or file name of a configuration file in the Flash a string of 5 to 56 characters backup Specifies the configuration file to be the backup configuration file main Specifies the configuration file to be the main configuration file unit unit id Specifies a switch by its unit ID You can configure a switch in the fabric to use null configuration when it...

Page 64: ...ll specify the specified unit in the fabric to use null configuration when it restarts The configuration file must use cfg as its extension name and the startup configuration file must be saved at the root directory in the Flash of the switch Related commands display startup Examples Configure the configuration file named config cfg as the main configuration file to be used for the next startup of...

Page 65: ...wn 1 6 vlan 1 7 Port Based VLAN Configuration Commands 1 9 display port 1 9 port 1 9 port access vlan 1 10 port hybrid pvid vlan 1 11 port hybrid vlan 1 11 port link type 1 12 port trunk permit vlan 1 13 port trunk pvid vlan 1 14 Protocol Based VLAN Configuration Commands 1 15 display protocol vlan interface 1 15 display protocol vlan vlan 1 16 port hybrid protocol vlan vlan 1 17 protocol vlan 1 1...

Page 66: ...ces or network segment attached to the VLAN or VLAN interface and so on Use the undo description command to restore the default By default the description of a VLAN is its VLAN ID for example VLAN 0001 the description of a VLAN interface is its name for example Vlan interface 1 Interface You can display the description of a VLAN or VLAN interface with the display vlan or display interface Vlan int...

Page 67: ...urrent state UP Line protocol current state UP IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc14 000b Internet Address is 192 168 0 31 24 Primary Description Vlan interface1 Interface The Maximum Transmit Unit is 1500 Vlan interface20 current state DOWN Line protocol current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc14 000b Internet Add...

Page 68: ...because no IP address is configured z UP The protocol state of this VLAN interface is up IP Sending Frames Format is PKTFMT_ETHNT_2 Format of the frames sent from the VLAN interface PKTFMT_ETHNT 2 indicates that this VLAN interface sends Ethernet II frames Refer to the VLAN configuration part in the accompanied operation manual for information about frame formats Hardware address MAC address corre...

Page 69: ...er ports of a VLAN If no keyword or argument is specified the command displays the number of existing VLANs in the system and the ID of each VLAN Related commands vlan Examples Display information about VLAN 1 Sysname display vlan 1 VLAN ID 1 VLAN Type static Route Interface configured IP Address 192 168 0 39 Subnet Mask 255 255 255 0 Description VLAN 0001 Name VLAN 0001 Tagged Ports Ethernet1 0 1...

Page 70: ...face Vlan interface command to delete a VLAN interface You can create a VLAN interface only for an existing VLAN and must ensure that the ID of the VLAN interface is the same as the VLAN ID You can use the ip address command in VLAN interface view refer to the IP Address and Performance Command part for the command description to configure an IP address for this VLAN interface to enable it to rout...

Page 71: ...ame of VLAN 2 as test vlan Sysname system view System View return to User View with Ctrl Z Sysname vlan 2 Sysname vlan2 name test vlan shutdown Syntax shutdown undo shutdown View VLAN interface view Parameters None Description Use the shutdown command to administratively shut down the VLAN interface Use the undo shutdown command to bring up the VLAN interface By default a VLAN interface is adminis...

Page 72: ...an interface Examples Disable the VLAN interface2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 shutdown vlan Syntax vlan vlan id1 to vlan id2 all undo vlan vlan id1 to vlan id2 all View System view Parameters vlan id1 Specifies the ID of the VLAN you want to create or remove in the range of 1 to 4094 to vlan id2 In conju...

Page 73: ...ng as the default VLAN of a trunk or a hybrid port the configuration of the default VLAN on the trunk port or hybrid port does not change The port will continue to use the removed VLAN as its default VLAN Examples Create VLAN 5 and enter its VLAN view Sysname system view System View return to User View with Ctrl Z Sysname vlan 5 Sysname vlan5 Remove VLAN 5 Sysname vlan5 quit Sysname undo vlan 5 Cr...

Page 74: ...nd Ethernet 1 0 2 port Syntax port interface list undo port interface list View VLAN view Parameters interface list List of the Ethernet ports to be added to or removed from the current VLAN In this list you can specify individual ports and port ranges An individual port takes the form of interface type interface number and a port range takes the form of interface type interface number1 to interfa...

Page 75: ...he VLAN to which you want to assign the current port in the range of 1 to 4094 The specified VLAN must already exist By default all access ports belong to VLAN 1 You cannot assign an access port to or remove an access port from VLAN 1 with the port access vlan command or its undo form To assign an access port that has been assigned to a VLAN other than VLAN 1 you can use the undo port access vlan ...

Page 76: ... will be unable to receive VLAN untagged packets You can configure a hybrid port to permit the packets of its default VLAN to pass through with the port hybrid vlan command Related commands port link type port hybrid vlan The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly Examples Set the default VLAN ID of the hybrid ...

Page 77: ...ackets from VLAN 1 to pass through untagged You can configure the port hybrid vlan vlan id list tagged untagged command multiple times The VLANs specified each time does not overwrite those configured before if any The VLAN specified by the vlan id argument must already exist Otherwise this command is invalid Related commands port link type Examples Assign hybrid port Ethernet 1 0 1 to VLAN 2 VLAN...

Page 78: ...individual VLAN IDs each in the form of vlan id and VLAN ID ranges each in the form of vlan id1 to vlan id2 Specify each VLAN ID in the range of 1 to 4094 and ensure that vlan id2 is no less than vlan id1 The total number of individual VLAN IDs and VLAN ID ranges defined in the list must not exceed 10 all Assigns the trunk port to all VLANs On a GVRP enabled trunk port you must configure the port ...

Page 79: ...n id Specifies the default VLAN ID of the current port in the range of 1 to 4094 Description Use the port trunk pvid vlan command to set the default VLAN ID for the trunk port A trunk port sends packets of the default VLAN untagged Use the undo port trunk pvid command to restore the default By default the default VLAN ID of a trunk port is VLAN 1 After configuring the default VLAN of a trunk port ...

Page 80: ...on to specify a port range to display the protocol template information of the ports bound with protocol VLAN s in the range When defining a port range note that the second port must not be less than the first port all Displays all the ports bound with at least one protocol VLAN and the associated protocol templates Description Use the display protocol vlan interface command to display information...

Page 81: ...formation is to be displayed to vlan id2 In conjunction with vlan id1 define a VLAN range to display the protocol template configurations of all protocol VLANs in the range The vlan id2 argument takes a value in the range of 1 to 4094 and must not be less than that of vlan id1 all Displays all protocol VLANs and their protocol template information Description Use the display protocol vlan vlan com...

Page 82: ...rotocol template must have been configured for the VLAN protocol index Specifies a protocol template in the range of 0 to 4 to protocol index end In conjunction with protocol index specify a protocol index range The protocol index end argument takes a value in the range of 0 to 4 and must be greater than protocol index all Specifies all protocol indexes With the all keyword the port hybrid protoco...

Page 83: ...does not exist If a part of the specified protocol indexes to be removed do not exist the switch will remove the existing indexes when it prompts errors Related commands display protocol vlan interface Examples Bind Ethernet 1 0 1 with the protocols indexed from 0 to 2 of VLAN 3 assuming that VLAN 3 is a protocol VLAN Sysname system view System View return to User View with Ctrl Z Sysname interfac...

Page 84: ... ranging from 0 to 4 If you do not specify this argument the beginning protocol index will be determined by the system protocol index end End protocol index ranging from 0 to 4 Note that this argument must be larger than or equal to the protocol index argument all Deletes all the protocol templates When you use the mode keyword to configure a user defined protocol template if you set the etype id ...

Page 85: ...port in case that ARP packets and IP packets are not assigned to the same VLAN which will cause IP address resolution failure Configure an ARP protocol template The code for the ARP protocol is 0x0806 z Perform the following command when Ethernet encapsulation is used Sysname vlan3 protocol vlan mode ethernetii etype 0806 z Perform the following configuration when 802 3 encapsulation format is use...

Page 86: ...ib ip address 2 2 display fib acl 2 3 display fib 2 4 display fib ip prefix 2 5 display fib statistics 2 5 display icmp statistics 2 6 display ip socket 2 7 display ip statistics 2 8 display tcp statistics 2 10 display tcp status 2 12 display udp statistics 2 13 icmp redirect send 2 14 icmp unreach send 2 15 ip forward broadcast 2 15 reset ip statistics 2 16 reset tcp statistics 2 16 reset udp sta...

Page 87: ...rfaces is displayed Examples Display information about VLAN interface 1 Sysname display ip interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP Internet Address is 192 168 0 39 24 Primary Broadcast address 192 168 0 255 The Maximum Transmit Unit 1500 bytes IP packets input number 9678 bytes 475001 multicasts 7 IP packets output number 8622 bytes 391084 multica...

Page 88: ...mber of packets bytes and multicast packets forwarded and received on the interface TTL invalid packet number Number of received invalid TTL packets ICMP packet input number 0 Echo reply 0 Unreachable 0 Source quench 0 Routing redirect 0 Echo request 0 Router advert 0 Router solicit 0 Time exceed 0 IP header bad 0 Timestamp request 0 Timestamp reply 0 Information request 0 Information reply 0 Netm...

Page 89: ...ely down l loopback s spoofing Interface IP Address Physical Protocol Description Vlan interface1 192 168 0 39 up up Vlan inte Table 1 2 Description on the fields of the display ip interface brief command Field Description down The interface is administratively shut down with the shutdown command s Spoofing attribute of the interface It indicates that the interface whose link layer protocol is dis...

Page 90: ...ddress command without any parameter the switch deletes both primary and secondary IP addresses of the interface z The undo ip address ip address mask mask length command is used to delete the primary IP address z The undo ip address ip address mask mask length sub command is used to delete specified secondary IP addresses z You can assign at most five IP address to an interface among which one is...

Page 91: ...9 12 1 1 to VLAN interface 1 with subnet mask 255 255 255 0 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address 129 12 0 1 255 255 255 0 Sysname Vlan interface1 ip address 129 12 1 1 255 255 255 0 sub ...

Page 92: ... Display all FIB information Sysname display fib Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeStamp Interface 10 153 17 0 24 10 153 17 99 U t 37 Vlan interface1 10 153 18 88 32 127 0 0 1 GHU t 37 InLoopBack0 10 153 18 0 24 10 153 18 88 U t 37 LoopBack0 10 153 17 99 32 127 0 0 1 GHU t 37 I...

Page 93: ...sk2 mask length2 longer longer View Any view Parameters ip address1 ip address2 Destination IP addresses in dotted decimal notation ip address1 and ip address2 together define an address range The FIB entries in this address range will be displayed mask1 mask2 Subnet masks in dotted decimal notation mask length1 mask length2 Length of the subnet masks the number of consecutive ones in the masks in...

Page 94: ... Flag TimeStamp Interface 12 158 10 0 24 12 158 10 1 U t 85391 Vlan interface10 Display FIB entry information which has a destination in the range of 12 158 10 0 24 to 12 158 10 6 24 and has a mask length of 24 Sysname display fib 12 158 10 0 255 255 255 0 12 158 10 6 255 255 255 0 Route Entry Count 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L ...

Page 95: ...egular expression View Any view Parameters Uses a regular expression to match FIB entries For detailed information about regular expression refer to Configuration File Management Command begin Displays a specific FIB entry and all the FIB entries following it The specific FIB entry is the first entry that matches the specified regular expression exclude Displays the FIB entries that do not match t...

Page 96: ... with Ctrl Z Sysname ip ip prefix abc permit 211 71 75 0 24 Sysname display ip ip prefix abc name index conditions ip prefix mask GE LE abc 10 permit 211 71 75 0 24 Display the FIB entries matching IP prefix list abc Sysname display fib ip prefix abc Route Entry matched by prefix list abc Summary Counts 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi pat...

Page 97: ...CMP packets Sysname display icmp statistics Input bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information request 0 mask requests 0 mask replies 0 time exceeded 0 Output echo 10 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask reques...

Page 98: ...uench Number of sent source quench packets redirects Number of sent redirection packets echo reply Number of sent replies parameter problem Number of sent parameter problem packets timestamp Number of sent time stamp packets information reply Number of sent information reply packets mask requests Number of sent mask requests mask replies Number of sent mask replies Output time exceeded Number of s...

Page 99: ...192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Table 2 3 Description on the fields of the display ip socket command Field Description SOCK_STREAM Indicates the socket type is TCP SOCK_DGRAM Indicates the socket type is UDP SOCK_RAW Indicates the socket type is raw IP Task Task ID socketid Socket ID P...

Page 100: ... protocol Total number of unknown protocol packets Unknown protocol packets are destined to the local device but the upper layer protocol specified in their IP header cannot be processed by the device For example if a switch is not enabled with the Layer 3 multicast function it considers IGMP packets as unknown protocol packets bad format Total number of packets with incorrect header format that c...

Page 101: ...ameters None Description Use the display tcp statistics command to display the statistics about TCP packets Related commands display tcp status reset tcp statistics Examples Display the statistics about TCP connections Sysname display tcp statistics Received packets Total 753 packets in sequence 412 11032 bytes window probe packets 0 window update packets 0 checksum error 0 offset error 0 short er...

Page 102: ...ets in sequence Number of packets arriving in sequence window probe packets Number of window probe packets received window update packets Number of window update packets received checksum error Number of checksum error packets received offset error Number of offset error packets received short error Number of received packets with length being too small duplicate packets Number of completely dupli...

Page 103: ...ken due to retransmission timeouts Keepalive timeout Number of keepalive timer timeouts keepalive probe Number of keepalive probe packets sent Keepalive timeout so connections disconnected Number of connections broken due to keepalive probe failures Initiated connections Number of connections initiated accepted connections Number of connections accepted established connections Number of connection...

Page 104: ...re is an asterisk before a connection it means that the TCP connection is authenticated through the MD5 algorithm TCPCB TCP control block Local Add port Local IP address and port number Foreign Add port Remote IP address and port number State State of the TCP connection display udp statistics Syntax display udp statistics View Any view Parameters None Description Use the display udp statistics com...

Page 105: ...al broadcast or multicast packets Total number of received broadcast or multicast packets no socket broadcast or multicast packets Total number of broadcast or multicast packets without socket on port not delivered input socket full Number of not delivered packets due to a full socket cache Received packets input packets missing pcb cache Number of packets without matching PCB cache Sent packets T...

Page 106: ...itch upon receiving a packet with an unreachable destination discards the packet and then sends a destination unreachable packet to the source host Use the undo icmp unreach send command to disable the device from sending ICMP destination unreachable packets By default the device is enabled to send ICMP destination unreachable packets Examples Disable the device from sending ICMP destination unrea...

Page 107: ... receive directed broadcasts to a directly connected network Sysname system view System View return to User View with Ctrl Z Sysname ip forward broadcast reset ip statistics Syntax reset ip statistics View User view Parameters None Description Use the reset ip statistics command to clear the statistics about IP packets You can use the display ip statistics command to view the current IP packet sta...

Page 108: ...Examples Clear the statistics about UDP packets Sysname reset udp statistics tcp timer fin timeout Syntax tcp timer fin timeout time value undo tcp timer fin timeout View System view Parameters time value TCP finwait timer in seconds with the value ranging from 76 to 3600 Description Use the tcp timer fin timeout command to configure the TCP finwait timer Use the undo tcp timer fin timeout command...

Page 109: ...timeout command to restore the default value of the TCP synwait timer By default the value of the TCP synwait timer is 75 seconds When sending the SYN packet TCP starts the synwait timer If the response packet is not received before synwait times out the TCP connection will be terminated Related commands tcp timer fin timeout tcp window Examples Configure the value of the TCP synwait timer to 80 s...

Page 110: ...of the transmission and receiving buffers of the connection oriented socket By default the size of the transmission and receiving buffers is 8 KB Related commands tcp timer fin timeout tcp timer syn timeout Examples Configure the size of the transmission and receiving buffers of the connection oriented socket to 3 KB Sysname system view System View return to User View with Ctrl Z Sysname tcp windo...

Page 111: ...ion Commands 1 1 display voice vlan error info 1 1 display voice vlan oui 1 1 display voice vlan status 1 2 display vlan 1 3 voice vlan 1 4 voice vlan aging 1 5 voice vlan enable 1 6 voice vlan legacy 1 6 voice vlan mac address 1 7 voice vlan mode 1 8 voice vlan security enable 1 8 ...

Page 112: ... the ports on which the voice VLAN function fails to be enabled When ACL number applied to a port reaches to its threshold voice VLAN cannot be enabled on this port Examples Display the ports on which voice VLAN fails to be enabled Sysname display voice vlan error info Fail to apply voice VLAN ACL rules to the following port s Ethernet1 0 10 Ethernet1 0 15 display voice vlan oui Syntax display voi...

Page 113: ...e 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3Com phone display voice vlan status Syntax display voice vlan status View Any view Parameters None Description Use the display voice vlan status command to display voice VLAN related information The output of the command displays information such as the voice VLAN security mode ...

Page 114: ...n enabled Note that not all of them are transmitting packets in the voice VLAN To view the ports operating in the voice VLAN currently use the display vlan command display vlan Syntax display vlan vlan id View Any view Parameters vlan id Specifies the ID of the current voice VLAN in the range of 1 to 4094 Description Use the display vlan command to display information about the specified VLAN For ...

Page 115: ...N is disabled globally After a VLAN is configured as the voice VLAN the switch will modify QoS priorities for the traffic in the VLAN to improve its transmission preference guaranteeing that the voice data can be transmitted preferentially To make the voice VLAN function take effect on a port you must enable the function both globally and on the port with the voice vlan enable command z If you wan...

Page 116: ...ice VLAN aging timer does not take effect on ports working in manual voice VLAN assignment mode because these ports are assigned to the voice VLAN statically When setting the voice VLAN aging timer consider the usage frequency of IP phones Note that z A large voice VLAN aging timer setting can prevent a port from being assigned to or removed from the voice VLAN frequently keeping voice communicati...

Page 117: ...elated commands display voice vlan error info display voice vlan status Examples Enable the voice VLAN function on Ethernet1 0 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 voice vlan enable voice vlan legacy Syntax voice vlan legacy undo voice vlan legacy View Ethernet port view Parameters None Description Use the voice vl...

Page 118: ... list text Description of the MAC address containing 1 to 30 characters Description Use the voice vlan mac address command to add an OUI entry to the OUI list for the specified MAC address The OUI list contains the MAC addresses of recognizable voice devices A packet is considered as a voice packet only when its source MAC address can match an entry in the OUI list Use the undo voice vlan mac addr...

Page 119: ...et whose source MAC address matches the OUI list the port is assigned to the voice VLAN automatically and the packet is tagged with the voice VLAN tag If the port has not received any voice data before the voice VLAN aging timer expires the port is removed from the voice VLAN automatically By default an Ethernet port works in automatic voice VLAN assignment mode A port working in manual voice VLAN...

Page 120: ...a voice VLAN and with voice devices attached to can only forward voice data Data packets with their MAC addresses not among the OUI addresses that can be identified by the system will be filtered out This mode has no effects on other VLANs By default the voice VLAN security mode is enabled Related commands display voice vlan status Examples Disable the voice VLAN security mode Sysname system view ...

Page 121: ...P Configuration Commands 1 1 display garp statistics 1 1 display garp timer 1 2 garp timer 1 3 garp timer leaveall 1 4 reset garp statistics 1 5 GVRP Configuration Commands 1 6 display gvrp statistics 1 6 display gvrp status 1 7 gvrp 1 7 gvrp registration 1 8 ...

Page 122: ... not specified this command displays the GARP statistics on all the ports The switch automatically collects statistics about GVRP packets sent received and dropped on GVRP enabled ports Upon system reboot or the execution of the reset garp statistics command the system automatically deletes the statistics and starts collecting statistics again You can check whether GVRP is running normally on a po...

Page 123: ...w Any view Parameters interface list Specifies a list of Ethernet ports of which the GARP timer settings are to be displayed In this list you can specify individual ports and port ranges An individual port takes the form of interface type interface number and a port range takes the form of interface type interface number1 to interface type interface number2 with interface number2 taking a value gr...

Page 124: ...e in centiseconds of the GARP timer Hold Join or Leave to be set Description Use the garp timer command to set a GARP timer that is the Hold timer the Join timer or the Leaver timer for an Ethernet port Use the undo garp timer command to restore the default setting of a GARP timer By default the Hold Join and Leave timers are set to 10 20 and 60 centiseconds Note that z The setting of each timer m...

Page 125: ... changing the timeout time of the Join timer This upper threshold is less than the timeout time of the LeaveAll timer You can change the threshold by changing the timeout time of the LeaveAll timer LeaveAll This lower threshold is greater than the timeout time of the Leave timer You can change threshold by changing the timeout time of the Leave timer 32 765 centiseconds In networking the following...

Page 126: ...econds Sysname system view System View return to User View with Ctrl Z Sysname garp timer leaveall 100 reset garp statistics Syntax reset garp statistics interface interface list View User view Parameters interface list Specifies a list of Ethernet ports In this list you can specify individual ports and port ranges An individual port takes the form of interface type interface number and a port ran...

Page 127: ...rt type the interface number argument represents the port number and 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Note that this command displays GVRP statistics only on the trunk ports included in the list Statistics on non trunk ports will not be displayed Description Use the display gvrp statistics command to display the GVRP statistics of trunk port...

Page 128: ...meters None Description Use the gvrp command to enable GVRP globally in system view or for a port in Ethernet port view Use the undo gvrp command to disable GVRP globally in system view or on a port in Ethernet port view By default GVRP is disabled both globally and on ports Note that z To enable GVRP for a port you need to enable GVRP globally first GVRP does not take effect automatically on port...

Page 129: ...stration mode A port operating in this mode cannot register or deregister VLAN information dynamically It permits only VLAN 1 that is it propagates only the information about VLAN 1 to the other GARP members normal Specifies the normal mode A port operating in this mode can dynamically register or deregister VLAN information and can propagate both dynamic and static VLAN information Description Us...

Page 130: ...w control 1 17 flow interval 1 18 giant frame statistics enable 1 18 interface 1 19 jumboframe enable 1 20 link delay 1 20 loopback 1 21 loopback detection control enable 1 22 loopback detection enable 1 23 loopback detection interval time 1 24 loopback detection per vlan enable 1 24 mdi 1 25 multicast suppression 1 25 reset counters interface 1 26 reset packet drop interface 1 27 shutdown 1 27 sp...

Page 131: ... to speed auto z The command used to set the port state change delay was added to this manual For details refer to link delay Port Basic Configuration Commands broadcast suppression Syntax broadcast suppression ratio pps max pps undo broadcast suppression View System view Ethernet port view Parameters ratio Maximum ratio of the broadcast traffic allowed on a port to the total transmission capacity...

Page 132: ...adcast suppression setting configured by the broadcast suppression command in system view takes effect on all Ethernet ports in the system except for the reflection ports stack ports and ports having their own broadcast suppression settings If you configure broadcast suppression command in both system view and Ethernet port view the configuration in Ethernet port view will take effect Examples All...

Page 133: ...t Refer to Table 1 1 for the configurations that can be copied Table 1 1 Configurations that can be copied Configuration category Contents VLAN VLANs carried on the port and the default VLAN ID Protocol based VLAN Protocol VLAN IDs and protocol indexes LACP Link Aggregation Control protocol The enable disable status of LACP As the configuration commands of manual and static link aggregation groups...

Page 134: ...an aggregation group port to have the same configuration with the source port you can specify the aggregation group of the port as the destination with the destination agg id argument z Any voice VLAN enabled port you input in the destination port list will be removed from the list Copy the configurations of GigabitEthernet 1 1 1 to Ethernet 1 0 1 Sysname copy configuration source g1 1 1 destinati...

Page 135: ...ethernet 1 0 1 Sysname Ethernet1 0 1 description home display brief interface Syntax display brief interface interface type interface number begin include exclude regular expression View Any view Parameters interface type Port type interface number Port number Specifies to use a regular expression to filter the configuration information entries to be displayed begin Each entry must begin with a sp...

Page 136: ...1 port Sysname display brief interface Ethernet 1 0 1 Interface Eth Ethernet GE GigabitEthernet TENGE tenGigabitEthernet Loop LoopBack Vlan Vlan interface Cas Cascade Speed Duplex A auto negotiation Interface Link Speed Duplex Type PVID Description Eth1 0 1 DOWN A A hybrid 1 home Table 1 2 Description on the fields of the display brief interface command Field Description Interface Port type Link C...

Page 137: ...isplay port configuration When using this command z If you specify neither port type nor port number the command displays information about all ports z If you specify only port type the command displays information about all ports of the specified type z If you specify both port type and port number the command displays information about the specified port Examples Display the configuration inform...

Page 138: ...er Table 1 4 Description on the fields of the display interface command Field Description Ethernet1 0 1 current state Current Ethernet port status UP DOWN or ADMINISTRATIVELY DOWN IP Sending Frames Format Ethernet frame format Hardware address Port hardware address Media type Media type Port hardware type Port hardware type 100Mbps speed mode full duplex mode Current speed mode and duplex mode Lin...

Page 139: ...s of incoming normal packets on the port including incoming normal packets and normal PAUSE frames The number of normal incoming broadcast packets the number of normal incoming multicast packets and the number of normal incoming PAUSE frames of the port A hyphen indicates that the statistical item is not supported input errors The total number of incoming error frames runts The number of incoming ...

Page 140: ... Output normal packets bytes broadcasts multicasts pauses Count in packets and in bytes of outgoing normal packets on the port including outgoing normal packets and normal Pause frames The number of normal outgoing broadcast packets the number of normal outgoing multicast packets and the number of normal outgoing Pause frames on the port A hyphen indicates that the statistical item is not supporte...

Page 141: ...mission display link delay Syntax display link delay View Any view Parameters None Description Use the display link delay command to display the information about the ports with the link delay command configured including the port name and the configured delay Related commands link delay Examples Display the information about the ports with the link delay command configured Sysname display link de...

Page 142: ... is running Loopback detection is enabled globally Detection interval time is 30 seconds Time interval for loopback detection is 30 seconds There is no port existing loopback link No loopback port exists display packet drop Syntax display packet drop interface interface type interface number summary View Any view Parameters interface type Port type interface number Port number summary Displays the...

Page 143: ...ed By others Number of packets dropped because of other reasons display storm constrain Syntax display storm constrain interface interface type interface number begin exclude include regular expression View Any view Parameters interface type Port type interface number Port number Uses a regular expression to filter the output configuration information begin Displays the configurations that begin w...

Page 144: ...rrent status of the port which can be normal or control Trap on trap information is output when a type of traffic received on the port exceeds the upper threshold or falls below the lower threshold off trap information is not output when a type of traffic received on the port exceeds the upper threshold or falls below the lower threshold Log on log information is output when traffic received on th...

Page 145: ...output 0 packets sec 0 bytes sec Input total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Input normal packets bytes broadcasts multicasts pauses Input 0 input errors 0 runts 0 giants throttles 0 CRC 0 frame overruns 0 aborts 0 ignored parity errors Output total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output normal packets bytes broadcasts multicasts pauses Output 0 output err...

Page 146: ...view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 duplex auto enable log updown Syntax enable log updown undo enable log updown View Ethernet port view Parameters None Description Use the enable log updown command to enable Up Down log information output Use the undo log enable updown command to disable Up Down log information output By default...

Page 147: ...control Syntax flow control undo flow control View Ethernet port view Parameters None Description Use the flow control command to enable flow control on the current Ethernet port Use the undo flow control command to disable flow control on the port Suppose flow control is enabled on both the local and peer switches When congestion occurs on the local switch the local switch sends a message to noti...

Page 148: ...ommand to display the information of a port the system performs statistical analysis on the traffic flow passing through the port during the specified interval and displays the average rates in the interval For example if you set the interval to 100 seconds the displayed information is as follows Last 100 seconds input 0 packets sec 0 bytes sec Last 100 seconds output 0 packets sec 0 bytes sec Rel...

Page 149: ...nction Sysname system view System View return to User View with Ctrl Z Sysname giant frame statistics enable interface Syntax interface interface type interface number View System view Parameters interface type Port type which can be Aux Ethernet GigabitEthernet LoopBack NULL or VLAN interface interface number Port number in the format of Unit ID slot number port number where Unit ID is in the ran...

Page 150: ... on an Ethernet port is 9 216 bytes Examples Set the maximum frame size allowed on Ethernet 1 0 1 to 1 536 bytes Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 jumboframe enable link delay Syntax link delay delay time undo link delay View Ethernet port view Parameters delay time Port state change delay to be set This argument ...

Page 151: ...nk delay 8 loopback Syntax loopback external internal View Ethernet port view Parameters external Performs external loop test In the external loop test self loop headers must be used on the port of the switch The external loop test can locate the hardware failures on the port For 100M port the self loop headers are made from four cores of the 8 core cables for 1000M port the self loop headers are ...

Page 152: ...k detection function For details refer to the loopback detection enable command When a loopback is detected in a VLAN on a trunk or hybrid port you can use this function to control the working status of the port z If this feature is enabled on a trunk or hybrid port when loopback is found on the port the system puts the port into the controlled working status and removes the MAC address entries co...

Page 153: ...back is found on a trunk or hybrid port the system sends a Trap message to the client If the loopback port control function is enabled on the port with the loopback detection control enable command the system disables the port sends a Trap message to the client and removes the corresponding MAC forwarding entry The loopback detection feature takes effect on a port only when the loopback detection ...

Page 154: ...urn to User View with Ctrl Z Sysname loopback detection interval time 10 loopback detection per vlan enable Syntax loopback detection per vlan enable undo loopback detection per vlan enable View Ethernet port view Parameters None Description Use the loopback detection per vlan enable command to configure the system to run loopback detection on all VLANs of the current trunk or hybrid port Use the ...

Page 155: ...y z An RJ 45 interface can operate in MDI or MDI X mode z To connect two RJ 45 interfaces operating in the same MDI mode use a crossover cable to connect two RJ 45 interfaces operating in different MDI modes use a straight through cable z The MDI mode of an optical port is fixed to auto Description Use the mdi command to set the MDI mode for a port Use the undo mdi command to restore the default s...

Page 156: ...cast traffic threshold you set the system drops the packets exceeding the threshold to reduce the multicast traffic ratio to the reasonable range so as to keep normal network service By default the switch does not suppress multicast traffic Examples Allow the incoming multicast traffic on Ethernet 1 0 1 to occupy at most 20 of the transmission capacity of the port and suppress the multicast traffi...

Page 157: ...packet drop interface Syntax reset packet drop interface interface type interface number View User view Parameters interface type Port type Interface number Port number Description Use the reset packet drop interface command to clear the statistics on the packets dropped on a port or all the ports z If interface type interface number is not specified this command clears the statistics on the packe...

Page 158: ...NK STATUS CHANGE 1 Ethernet1 0 4 is DOWN Apr 13 23 13 53 927 2000 Sysname L2INF 5 VLANIF LINK STATUS CHANGE 1 Vlan interface3 is DOWN Apr 13 23 13 54 057 2000 Sysname IFNET 5 UPDOWN 1 Line protocol on the interface Vlan interface3 is DOWN Enable Ethernet 1 0 1 Sysname Ethernet1 0 1 undo shutdown Apr 13 23 14 54 454 2000 Sysname L2INF 2 PORT LINK STATUS CHANGE 1 Trap 1 3 6 1 6 3 1 1 5 4 linkUp port...

Page 159: ...t the speed of Ethernet 1 0 1 to 10 Mbps Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 speed 10 speed auto Syntax speed auto 10 100 1000 View Ethernet port view Parameters 10 Configures 10 Mbps as an auto negotiation speed of the port 100 Configures 100 Mbps as an auto negotiation speed of the port 1000 Configures 1 000 Mbps ...

Page 160: ...thresholds of the broadcast multicast unicast traffic received on the port Use the undo storm constrain command to cancel the threshold configuration z With traffic upper and lower thresholds specified on a port the system periodically collects statistics about the broadcast multicast unicast traffic on the port Once it finds that a type of traffic exceeds the specified upper threshold it blocks t...

Page 161: ...and is configured on a port you cannot configure the storm control function on the port and vice versa z You are not recommended to set the upper and lower traffic thresholds to the same value z The system can take one of the actions when the broadcast multicast unicast traffic received on a port exceeds the upper threshold block and shutdown The block action blocks only those types of traffic tha...

Page 162: ... received on the port exceeds the upper threshold or falls below the lower threshold By default log trap information is output when traffic received on the port exceeds the upper threshold or falls below the lower threshold Related commands display storm constrain storm constrain Examples Disable log information from being output when traffic received on Ethernet 1 0 1 exceeds the upper threshold ...

Page 163: ...n the Ethernet port in pps This argument ranges from 1 to 148 810 for Ethernet ports or 1 to 262 143 for GigabitEthernet ports Description Use the unicast suppression command to limit the unknown unicast traffic allowed to be received on the current port Use the undo broadcast suppression command to restore the default unknown unicast suppression setting on the port When incoming unknown unicast t...

Page 164: ...he cable z Cable status including normal abnormal abnormal open abnormal short and failure z Cable length z If the cable is in normal state the displayed length value is the total length of the cable z If the cable is in any other state the displayed length value is the length from the port to the faulty point z Pair impedance mismatch z Pair skew z Pair swap z Pair polarity z Insertion loss z Ret...

Page 165: ...sname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 virtual cable test Cable status normal 0 meter s Pair Impedance mismatch Pair skew ns Pair swap Pair polarity Insertion loss db Return loss db Near end crosstalk db ...

Page 166: ...nk aggregation interface 1 1 display link aggregation summary 1 2 display link aggregation verbose 1 3 display lacp system id 1 4 lacp enable 1 5 lacp port priority 1 5 lacp system priority 1 6 link aggregation group description 1 6 link aggregation group mode 1 7 port link aggregation group 1 8 reset lacp statistics 1 8 ...

Page 167: ...e command to display the link aggregation details about a specified port or port range Note that as ports in a manual link aggregation groups do not acquire the information about their peers automatically so the entries in the information about the peer ports displayed are all 0 instead of the actual values Examples Display the link aggregation details on Ethernet 1 0 1 Sysname display link aggreg...

Page 168: ...ggregation summary Syntax display link aggregation summary View Any view Parameters None Description Use the display link aggregation summary command to display summary information of all aggregation groups Note that as ports in a manual link aggregation groups do not acquire the information about their peers automatically so the entries in the information about the peer ports displayed are all 0 ...

Page 169: ...LACP packet is received the partner ID is displayed as 0x8000 0000 0000 0000 Select Ports Number of the selected ports Unselect Ports Number of the unselected ports Share Type Load sharing type Shar load sharing or NonS non load sharing Master Port the smallest port number in an aggregation group display link aggregation verbose Syntax display link aggregation verbose agg id View Any view Paramete...

Page 170: ...et1 0 2 S 32768 1 Ethernet1 0 3 U 32768 1 Remote Actor Partner Priority Key SystemID Flag Ethernet1 0 2 0 0 0 0x0000 0000 0000 0000 Ethernet1 0 3 0 0 0 0x0000 0000 0000 0000 Table 1 3 Description on the fields of the display link aggregation verbose command Field Description Loadsharing Type Loadsharing type including Loadsharing and Non Loadsharing Flags Flag types of LACP Aggregation ID Aggregat...

Page 171: ...acp enable View Ethernet port view Parameters None Description Use the lacp enable command to enable LACP on the current port Use the undo lacp enable command to disable LACP By default LACP is disabled on a port Examples Enable the LACP protocol on Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 lacp enable lacp ...

Page 172: ... Ethernet1 0 1 lacp port priority 64 lacp system priority Syntax lacp system priority system priority undo lacp system priority View System view Parameters system priority System priority ranging from 0 to 65 535 Description Use the lacp system priority command to set the system priority Use the undo lacp system priority command to restore the default system priority By default the system priority...

Page 173: ...ons gets lost You can use the display link aggregation verbose command to check the configuration result Examples Set the description abc for aggregation group 1 Sysname system view System View return to User View with Ctrl Z Sysname link aggregation group 1 description abc link aggregation group mode Syntax link aggregation group agg id mode manual static undo link aggregation group agg id View S...

Page 174: ...the undo port link aggregation group command to remove the current Ethernet port from the aggregation group Related commands display link aggregation verbose Examples Add Ethernet 1 0 1 to aggregation group 22 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 port link aggregation group 22 reset lacp statistics Syntax reset lacp s...

Page 175: ...tatistics command to clear LACP statistics on specified port s or on all ports if no port is specified Related commands display link aggregation interface Examples Clear LACP statistics on all Ethernet ports Sysname reset lacp statistics ...

Page 176: ...i Table of Contents 1 Port Isolation Configuration Commands 1 1 Port Isolation Configuration Commands 1 1 display isolate port 1 1 port isolate 1 1 ...

Page 177: ...name display isolate port Isolated port s on UNIT 1 Ethernet1 0 2 Ethernet1 0 3 Ethernet1 0 4 The information above shows that Ethernet1 0 2 Ethernet1 0 3 and Ethernet1 04 are in the isolation group Neither Layer 2 nor Layer 3 packets can be exchanged between these ports port isolate Syntax port isolate undo port isolate View Ethernet port view Parameters None Description Use the port isolate comm...

Page 178: ... view z Assigning an isolated port to an aggregation group causes all the ports in the aggregation group on the local unit to join the isolation group z The S3600 series Ethernet switches support cross device port isolation if IRF fabric is enabled By default the isolation group contains no port Examples Assign Ethernet 1 0 1 and Ethernet 1 0 2 to the isolation group Sysname system view System Vie...

Page 179: ...rt security enable 1 6 port security intrusion mode 1 7 port security authorization ignore 1 9 port security max mac count 1 10 port security ntk mode 1 11 port security oui 1 12 port security port mode 1 13 port security timer disableport 1 16 port security trap 1 17 2 Port Binding Commands 2 1 Port Binding Commands 2 1 am user bind 2 1 display am user bind 2 2 ...

Page 180: ...e vlan id argument is 1 to 4094 count Displays the number of matching security MAC addresses Description Use the display mac address security command to display security MAC address entries If no argument is specified the command displays information about all security MAC address entries For each security MAC address entry the output of the command displays the MAC address the VLAN that the MAC a...

Page 181: ...rity vlan 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 0000 0000 0001 1 Security Ethernet1 0 20 NOAGED 0000 0000 0002 1 Security Ethernet1 0 20 NOAGED 0000 0000 0003 1 Security Ethernet1 0 20 NOAGED 0000 0000 0004 1 Security Ethernet1 0 20 NOAGED 4 mac address es found in vlan 1 Display the total number of security MAC address entries Sysname display mac address security count 6 mac address es...

Page 182: ...urations of all Ethernet ports The output of the command includes the global configurations such as whether port security is enabled on the switch and whether the sending of specified Trap messages is enabled and port configurations such as the security mode and the port security features By checking the output of this command you can verify the current configuration Examples Display the global po...

Page 183: ...escription Equipment port security is enabled Port security is enabled on the switch AddressLearn trap is Enabled The sending of address learning trap messages is enabled Intrusion trap is Enabled The sending of intrusion detection trap messages is enabled Dot1x logon trap is Enabled The sending of 802 1x user authentication success trap messages is enabled Dot1x logoff trap is Enabled The sending...

Page 184: ...n vlan id undo mac address security mac address interface interface type interface number vlan vlan id In Ethernet port view mac address security mac address vlan vlan id undo mac address security mac address vlan vlan id View System view Ethernet port view Parameters mac address Security MAC address in the H H H format interface interface type interface number Specify the port on which the securi...

Page 185: ...ystem View return to User View with Ctrl Z Sysname port security enable Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 port security max mac count 100 Sysname Ethernet1 0 1 port security port mode autolearn Sysname Ethernet1 0 1 mac address security 0001 0001 0001 vlan 1 Use the display mac address interface command to verify the configuration result Sysname display mac address interface Et...

Page 186: ...urity is enabled Please wait Done port security intrusion mode Syntax port security intrusion mode blockmac disableport disableport temporarily undo port security intrusion mode View Ethernet port view Parameters blockmac Adds the source MAC addresses of illegal packets to the blocked MAC address list As a result the packets sourced from the blocked MAC addresses will be filtered out A blocked MAC...

Page 187: ... port security intrusion mode blockmac command you can only use the display port security command to view blocked MAC addresses Related commands display port security port security timer disableport Examples Configure the intrusion protection mode on Ethernet 1 0 1 as blockmac Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 por...

Page 188: ...security intrusion mode disableport temporarily Configure the intrusion protection mode on Ethernet 1 0 1 as disableport As a result when intrusion protection is triggered the port will be disconnected permanently Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security intrusion mode disableport You can bring up a port th...

Page 189: ...Configure Ethernet 1 0 2 to ignore the authorization information delivered by the RADIUS server Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 port security authorization ignore port security max mac count Syntax port security max mac count count value undo port security max mac count View Ethernet port view Parameters count v...

Page 190: ...resses allowed on the port to 100 Sysname system view System View return to User View with Ctrl Z Sysname port security enable Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security max mac count 100 port security ntk mode Syntax port security ntk mode ntkonly ntk withbroadcasts ntk withmulticasts undo port security ntk mode View Ethernet port view Parameters ntkonly Allows the port ...

Page 191: ...ce Ethernet 1 0 1 Sysname Ethernet1 0 1 port security ntk mode ntk withbroadcasts port security oui Syntax port security oui OUI value index index value undo port security oui index index value View System view Parameters OUI value OUI value You can input a 48 bit MAC address in the form of H H H for this argument and the system will take the first 24 bits as the OUI value and ignore the rest inde...

Page 192: ...ogin secure mac else userlogin secure ext secure userlogin userlogin secure userlogin secure ext userlogin secure or mac userlogin secure or mac ext userlogin withoui undo port security port mode View Ethernet port view Parameters Table 1 3 shows the description on the security mode keywords Table 1 3 Keyword description Keyword Security mode Description autolearn autolearn In this mode MAC addres...

Page 193: ...t the same time there can be more than one MAC address authenticated user on the port mac else userlogin secure ext macAddressElseUs erLoginSecureExt This mode is similar to the macAddressElseUserLoginSecure mode except that in this mode there can be more than one 802 1x authenticated user on the port secure secure In this mode MAC address learning is disabled on the current port Only packets whos...

Page 194: ...n one MAC address authenticated user on the port userlogin secure or mac e xt macAddressOrUser LoginSecureExt This mode is similar to the macAddressOrUserLoginSecure mode except that in this mode there can be more than one 802 1x authenticated user on the port userlogin withoui userLoginWithOUI Similar to the userLoginSecure mode in this mode there can be only one 802 1x authenticated user on the ...

Page 195: ... mode you cannot do the following z Configure the maximum number of MAC addresses that can be learned z Configure the port as a reflector port for port mirroring z Configure the port as a Fabric port z Configure link aggregation Related commands display port security Examples Set the security mode of Ethernet 1 0 1 on the switch to userLogin Sysname system view System View return to User View with...

Page 196: ...curity trap Syntax port security trap addresslearned dot1xlogfailure dot1xlogoff dot1xlogon intrusion ralmlogfailure ralmlogoff ralmlogon undo port security trap addresslearned dot1xlogfailure dot1xlogoff dot1xlogon intrusion ralmlogfailure ralmlogoff ralmlogon View System view Parameters addresslearned Enables disables sending traps for MAC addresses learning events dot1xlogfailure Enables disabl...

Page 197: ...es When you use the display port security command to display global information the system will display which types of trap messages are allowed to send Related commands display port security Examples Allow the sending of intrusion packet detected trap messages Sysname system view System View return to User View with Ctrl Z Sysname port security trap intrusion Use the display port security command...

Page 198: ... be bound The interface type interface number arguments specify the port type and port number ip addr ip address Specify the IP address to be bound mac addr mac address Specify the MAC address to be bound The mac address argument is in the form of H H H Description Use the am user bind command to bind the MAC address and IP address of a user to a specified port Use the undo am user bind command to...

Page 199: ...rface type interface number ip addr ip address mac addr mac address View Any view Parameters interface interface type interface number Specify the port to be bound The interface type interface number arguments indicate the port type and port number ip addr ip address Specify the IP address to be bound mac addr mac address Specify the MAC address to be bound The mac address argument is in the form ...

Page 200: ...2 3 z MAC address 000f e200 5101 and IP address 10 153 1 1 are bound to Ethernet 1 0 1 z MAC address 000f e200 5102 and IP address 10 153 1 2 are bound to Ethernet 1 0 2 ...

Page 201: ...DP Configuration Commands 1 1 DLDP Configuration Commands 1 1 display dldp 1 1 dldp 1 2 dldp authentication mode 1 3 dldp interval 1 4 dldp reset 1 5 dldp unidirectional shutdown 1 5 dldp work mode 1 6 dldp delaydown timer 1 7 ...

Page 202: ...ration of a unit or a port Examples Display the DLDP configuration of unit 1 Sysname display dldp 1 dldp interval 10 dldp work mode enhance dldp authentication mode md5 cipher is 01 YGQ Q MAF4 1 dldp unidirectional shutdown manual dldp delaydown timer 1 The port number of unit 1 with DLDP is 1 interface GigabitEthernet1 1 1 dldp port state advertisement dldp link state up The neighbor number of th...

Page 203: ...dldp link state DLDP link state The neighbor number of the port Number of the neighbor ports neighbor mac address MAC address of a neighbor port neighbor port index Neighbor port index neighbor state Neighbor state which can be two way or unknown neighbor aged time Neighbor aging time dldp Syntax dldp enable disable View System view Ethernet port view Parameters None Description In system view Use...

Page 204: ...on mode none simple simple password md5 md5 password undo dldp authentication mode View System view Parameters none Sets the authentication mode to none Performs no authentication simple Sets the authentication mode to plain text simple password Authentication password in plain text a string of 1 to 16 characters md5 Sets the authentication mode to MD5 md5 password MD5 authentication password a st...

Page 205: ...bc dldp interval Syntax dldp interval timer value undo dldp interval View System view Parameters timer value Interval for sending DLDP advertisement packets in the range 1 to 100 in seconds Description Use the dldp interval command to set the interval for sending DLDP advertisement packets for all DLDP enabled ports in the advertisement state Use the undo dldp interval command to restore the defau...

Page 206: ...urrent port disabled by DLDP After the dldp reset command is executed the DLDP status of a port changes from disable to active and DLDP restarts to detect the link status of the fiber cable or copper twisted pair Examples Reset the DLDP status of all the ports disabled by DLDP Sysname system view System View return to User View with Ctrl Z Sysname dldp reset dldp unidirectional shutdown Syntax dld...

Page 207: ...idirectional shutdown auto dldp work mode Syntax dldp work mode enhance normal undo dldp work mode View System view Parameters enhance Configures DLDP to work in enhanced mode In this mode DLDP detects whether neighbors exist when neighbor tables are aging normal Configures DLDP to work in normal mode In this mode DLDP does not detect whether neighbors exist when neighbor tables are aging Descript...

Page 208: ...e the default delaydown timer setting By default the DelayDown timer is set to 1 second A period of 5 seconds is recommended When a device in the active advertisement or probe DLDP state receives a port down message it does not remove the corresponding neighbor immediately nor does it transit to the inactive state Instead it transits to the delaydown state and starts the DelayDown timer In delaydo...

Page 209: ...ands 1 1 MAC Address Table Management Configuration Commands 1 1 display mac address aging time 1 1 display mac address 1 2 display port mac 1 4 mac address 1 4 mac address aging destination hit enable 1 5 mac address max mac count 1 6 mac address timer 1 7 port mac 1 8 ...

Page 210: ...s was introduced For detailed description refer to the description of the commands display port mac and port mac MAC Address Table Management Configuration Commands display mac address aging time Syntax display mac address aging time View Any view Parameters None Description Use the display mac address aging time command to display the aging time of the dynamic MAC address entries in the MAC addre...

Page 211: ...t Displays information about the MAC address entries concerning a specified port vlan vlan id count Displays information about the MAC address entries concerning a specified VLAN count Displays the total number of the MAC address entries maintained by the switch statistics Displays statistics of the MAC address entries maintained by the switch mac address Specifies a MAC address in the form of H H...

Page 212: ... 1 Learned Ethernet1 0 4 AGING 000f e207 f2e0 1 Learned Ethernet1 0 4 AGING 000f e209 ecf9 1 Learned Ethernet1 0 4 AGING 7 mac address es found on port Ethernet1 0 4 Display the total number of MAC address entries for VLAN 2 Sysname display mac address vlan 2 count 9 mac address es found in vlan 2 Table 1 2 Description on the fields of the display mac address command Field Description MAC ADDR MAC...

Page 213: ...thernet port view mac address static dynamic blackhole mac address vlan vlan id undo mac address static dynamic blackhole mac address vlan vlan id View System view Ethernet port view Parameters static Specifies a static MAC address entry dynamic Specifies a dynamic MAC address entry blackhole Specifies a blackhole MAC address entry mac address Specifies a MAC address in the form of H H H When ente...

Page 214: ...se the mac address command to add or modify a MAC address entry Use the undo mac address command to remove one or more MAC address entries In Ethernet port view the MAC address entry configured with the mac address command in Ethernet port view takes the current Ethernet port as the outgoing port If the MAC address you input in the mac address command already exists in the MAC address table the sy...

Page 215: ...address max mac count Syntax mac address max mac count count undo mac address max mac count View Ethernet port view Parameters count Maximum number of MAC addresses a port can learn This argument ranges from 0 to 4096 A value of 0 disables the port from learning MAC addresses Description Use the mac address max mac count command to set the maximum number of MAC addresses an Ethernet port can learn...

Page 216: ...e MAC address aging timer Use the undo mac address timer command to restore the default The default MAC address aging timer is 300 seconds The timer applies only to dynamic address entries including both entries learnt and configured Setting an appropriate MAC address aging timer is important for the switch to run efficiently z If the aging timer is set too short the MAC address entries that are s...

Page 217: ...ess Description Use the port mac command to configure the start MAC address for the Ethernet ports on the device This MAC address is assigned to port Ethernet 1 0 1 and is called the start port MAC address Use the undo port mac command to remove the configuration Examples Set the start port MAC address to 000f e200 0001 Sysname system view System View return to User View with Ctrl Z Sysname port m...

Page 218: ...ommands 1 1 Auto Detect Configuration Commands 1 1 detect group 1 1 detect list 1 2 display detect group 1 2 ip route static detect group 1 3 option 1 4 retry 1 5 standby detect group 1 6 timer loop 1 7 timer wait 1 7 vrrp vrid track detect group 1 8 ...

Page 219: ...ew System view Parameters group number Detected group number ranging from 1 to 25 Description Use the detect group command to create a detected group and enter detected group view Use the undo detect group command to remove a detected group When a detected group is used by applications the detected group cannot be deleted unless you delete the applications first Examples Create detected group 10 S...

Page 220: ...mmand to remove a specified detected object When performing Auto Detect a switch detects the configured detected objects in the order specified by their sequence numbers If you have configured multiple detected objects you can use the option command to set the logical relationships between the detected objects Related commands option Examples Add the detected object 202 13 1 55 to detected group 1...

Page 221: ...in seconds detect retry times Number of retries of an auto detect operation detect ip option The logic relationship between the detected objects in the detected group It can be and or or group state Current state of the detected group register module num Number of registered modules that is the number of the modules utilizing the detected group detect ip count Number of the IP addresses contained ...

Page 222: ...dless of the next hop In addition the system discards any packet transmitted along this route without informing the source group number Detected group number ranging from 1 to 25 Description Use the ip route static detect group command to configure a static route whose validity depends on detecting results as follows z The route is valid when the detecting result is reachable z The route is invali...

Page 223: ...esult only if all the detected objects in the detected group are detected reachable z If you specify the or keyword the switch returns reachable as the detecting result only if one of the detected objects in the detected group is detected reachable and the remaining detected objects will not be detected any more Examples Specify the relationship between the three detected objects in detected group...

Page 224: ...o disable the interface backup function After you configure the standby detect group command whether the backup interface is enabled depends on the auto detecting results z The primary interface keeps in use when the detected group is reachable z The backup interface is enabled when the detected group is unreachable z The backup interface is disabled and the primary interface is re enabled when th...

Page 225: ...tecting interval to 60 seconds for detected group 10 Sysname system view System View return to User View with Ctrl Z Sysname detect group 10 Sysname detect group 10 timer loop 60 timer wait Syntax timer wait seconds undo timer wait View Detected group view Parameters seconds Timeout waiting for an ICMP reply This argument ranges from 1 to 30 in seconds and defaults to 2 Description Use the timer w...

Page 226: ...vrid track detect group command to cancel the configuration You can enable Auto Detect on the master switch in a VRRP group use the Auto Detect function to detect the links from the master to other networks and use the detection results reachable unreachable to control the priority of the master so as to realize the automatic master backup switchover z The master keeps as master when the detected ...

Page 227: ...1 9 After this configuration if detected group 10 is reachable the master keeps as master and if detected group 10 is unreachable the master decreases its priority by 20 and becomes a backup ...

Page 228: ...ig digest snooping 1 16 stp cost 1 18 stp dot1d trap 1 19 stp edged port 1 19 stp interface 1 20 stp interface compliance 1 21 stp interface config digest snooping 1 22 stp interface cost 1 24 stp interface edged port 1 25 stp interface loop protection 1 26 stp interface mcheck 1 27 stp interface no agreement check 1 28 stp interface point to point 1 29 stp interface port priority 1 30 stp interfa...

Page 229: ...primary 1 42 stp root secondary 1 43 stp root protection 1 44 stp tc protection 1 45 stp tc protection threshold 1 45 stp timer forward delay 1 46 stp timer hello 1 47 stp timer max age 1 48 stp timer factor 1 49 stp transmit limit 1 50 vlan mapping modulo 1 50 vlan vpn tunnel 1 51 ...

Page 230: ...panning tree MST region Configuring MST region related parameters especially the VLAN to MSTI mapping table is probable to result in network topology jitter To reduce network topology jitter caused by the configuration multiple spanning tree protocol MSTP does not recalculate spanning trees immediately after the configuration it does this only after you activate the new MST region related settings...

Page 231: ...ceives the BPDU packets it will forward them to other switches As a result STP calculation is performed repeatedly which may occupy too much CPU of the switches or cause errors in the protocol state of the BPDU packets In order to avoid this problem you can enable BPDU dropping on Ethernet ports Once the function is enabled on a port the port will not receive or forward any BPDU packets In this wa...

Page 232: ...gned to the same MST region This command is used to display the configuration information of inactivated MST regions You can use this command to find the MST region the switch currently belongs to or check to see whether or not the MST region related configuration is correct Related commands instance region name revision level vlan mapping modulo active region configuration Examples Display the MS...

Page 233: ...ee information about the specified MSTIs and the specified ports in the order of MSTI ID MSTP state information includes 1 Global CIST parameters Protocol operating mode switch priority in the CIST instance MAC address hello time max age forward delay max hops the common root of the CIST the external path cost for the switch to reach the CIST common root region root the internal path cost for the ...

Page 234: ...g z ROOT Root protection z LOOP Loop protection z BPDU BPDU protection z NONE No protection Display the detailed MSTP status information and statistics information Sysname display stp instance 0 interface Ethernet 1 0 2 CIST Global Info Mode MSTP CIST Bridge 32768 00e0 fc12 4001 Bridge Times Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root ERPC 32768 000f cb00 6600 200 CIST RegRoot IRPC 32768 00e...

Page 235: ...e and ARP entries within each 10 seconds Bridge Config Digest Snooping Indicates whether Digest Snooping is enabled globally on the bridge TC or TCN received Number of received TC TCN packets Time since last TC Time of the latest topology change Port Protocol Indicates whether STP is enabled on the port Port Role Port role which can be Alternate Backup Root Designated Master or Disabled Port Prior...

Page 236: ...Ns mapped to the current MSTI PortTimes Major parameters for the port z Hello Hello timer z MaxAge Max Age timer z FwDly Forward delay timer z MsgAge Message Age timer z Remain Hop Remaining hops BPDU Sent Statistics on sent BPDUs BPDU Received Statistics on received BPDUs display stp abnormalport Syntax display stp abnormalport View Any view Parameters None Description Use the display stp abnorma...

Page 237: ...play stp portdown command to display the ports that are shut down by STP guard functions Examples Display the ports that are shut down by STP guard functions Sysname display stp portdown Port Down Reason Ethernet1 0 20 BPDU Protection Table 1 5 Description on the fields of the display stp portdown command Field Description Port Port that has been shut down Down Reason The function shutting down th...

Page 238: ... Table 1 6 Description on the fields of the display stp region configuration command Field Description Format selector The selector specified by MSTP Region name The name of the MST region Revision level The revision level of the MST region Instance Vlans Mapped VLAN to STI mappings in the MST region display stp root Syntax display stp root View Any view Parameters None Description Use the display...

Page 239: ...to 10 VLAN IDs VLAN ID ranges for this argument Normally a VLAN ID can be a number ranging from 1 to 4094 Description Use the instance command to map specified VLANs to a specified MSTI Use the undo instance command to remove the mappings from the specified VLANs to the specified MSTI and remap the specified VLANs to the CIST MSTI 0 If you specify no VLAN in the undo instance command all VLANs tha...

Page 240: ...on name command to restore the MST region name to the default value The default MST region name of a switch is its MAC address MST region name along with VLAN to MSTI mapping table and MSTP revision level determines the MST region which a switch belongs to Related commands instance revision level check region configuration vlan mapping modulo active region configuration Examples Set the MST region...

Page 241: ...erface list argument this command clears the spanning tree statistics on all ports Related commands display stp Examples Clear the spanning tree statistics on Ethernet 1 0 1 through Ethernet 1 0 3 Sysname reset stp interface Ethernet 1 0 1 to Ethernet 1 0 3 revision level Syntax revision level level undo revision level View MST region view Parameters level MSTP revision level to be set for the swi...

Page 242: ...l operating mode which can be STP compatible mode RSTP compatible mode or MSTP mode is determined by the user defined protocol mode A switch becomes a transparent bridge if MSTP is disabled After being enabled MSTP maintains spanning trees by processing configuration BPDUs of different VLANs After being disabled it stops maintaining spanning trees Related commands stp mode stp interface Examples E...

Page 243: ...will reach edge ports But malicious users can attack a network by sending configuration BPDUs deliberately to edge ports to cause network jitter You can prevent such attacks by enabling the BPDU guard function With this function enabled on a switch the switch shuts down the edge ports that receive configuration BPDUs and then reports these cases to the administrator If an edge port is shut down on...

Page 244: ...to CIST It is invalid for MSTIs Related commands stp timer forward delay stp timer hello stp timer max age Examples Set the network diameter to 5 Sysname system view System View return to User View with Ctrl Z Sysname stp bridge diameter 5 stp compliance Syntax stp compliance auto legacy dot1s undo stp compliance View Ethernet port view Parameters auto Specifies the port to recognize and send MSTP...

Page 245: ...t1s format are received the port turns to discarding state to prevent network storm When a port operates in the 802 1s mode z The port only recognizes and sends MSTP packets in dot1s format In this case the port can only communicate with the peer through packets in dot1s format z If packets in legacy format are received the port turns to discarding state to prevent network storm Examples Configure...

Page 246: ...en the digest snooping feature is enabled on a port the port turns to the discarding state That is the port stops sending BPDU packets The port is not involved in the STP calculation until it receives BPDU packets from the peer port z The digest snooping feature is needed only when your switch is connected to another manufacturer s switches adopting proprietary spanning tree protocols z To enable ...

Page 247: ...n a specified MSTI Use the undo stp cost command to restore the default path cost of the current port in the specified MSTI By default a switch automatically calculates the path costs of a port in different MSTIs based on a specified standard If you specify the instance id argument to be 0 or do not specify this argument the stp cost command sets the path cost of the port in CIST The path cost of ...

Page 248: ...stp dot1d trap command to enable a switch to send trap messages conforming to 802 1d standard when MSTP network topology changes Use the undo stp dot1d trap command to disable this function A switch sends trap messages conforming to 802 1d standard to the network management device when z The switch becomes the root bridge of an MSTI z Network topology changes are detected Examples Enable a switch ...

Page 249: ...ly configuration BPDUs cannot reach an edge port because the port is not connected to another switch But when the BPDU guard function is disabled on an edge port configuration BPDUs sent deliberately by a malicious user may reach the port If an edge port receives a BPDU it turns to a non edge port Related commands stp interface edged port With the loop guard function enabled the root guard functio...

Page 250: ...ompliance Syntax stp interface interface list compliance auto legacy dot1s undo stp interface interface list compliance View System view Parameter interface list Ethernet port list You can specify multiple Ethernet ports by providing this argument in the format of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 p...

Page 251: ... recognizes and sends MSTP packets in legacy format In this case the port can only communicate with the peer through packets in legacy format z If packets in dot1s format are received the port turns to discarding state to prevent network storm When a port operates in the 802 1s mode z The port only recognizes and sends MSTP packets in dot1s format In this case the port can only communicate with th...

Page 252: ... as region ID and configuration digest As some another manufacturer s switches adopt proprietary spanning tree protocols they cannot interwork with other switches in an MST region even if they are configured with the same MST region related settings as other switches in the MST region This kind of problems can be overcome by implementing the digest snooping feature If a switch port is connected to...

Page 253: ...me MST region z When the digest snooping feature is enabled globally the VLAN to MSTI mapping table cannot be modified z The digest snooping feature is not applicable to boundary ports in an MST region z The digest snooping function is not applicable to edge ports in an MST region Examples Enable the digest snooping feature for Ethernet 1 0 1 Sysname system view System View return to User View wit...

Page 254: ...to achieve VLAN based load balancing Changing the path cost of a port in an MSTI may change the role of the port in the instance and put it in state transition The default port path cost varies with port speed Refer to Table 1 8 for details Related commands stp cost Examples Set the path cost of Ethernet 1 0 3 in MSTI 2 to 400 Sysname system view System View return to User View with Ctrl Z Sysname...

Page 255: ... to another switch But when the BPDU guard function is disabled on an edge port configuration BPDUs sent deliberately by a malicious user may reach the port If an edge port receives a BPDU it turns to a non edge port Related commands stp edged port With the loop guard function enabled the root guard function and the edge port configuration are mutually exclusive Examples Configure Ethernet 1 0 3 a...

Page 256: ...ernet port list You can specify multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the stp interface mcheck command to perform the mCheck operation on specified port s in system view A p...

Page 257: ...anning tree protocols that are similar to RSTP in the way to implement rapid transition on designated ports When a switch of this kind operates as the upstream switch of H3C series switches running MSTP the upstream designated port fails to change their states rapidly The rapid transition feature is developed on the H3C series switches to avoid this case When an H3C series switch running MSTP is c...

Page 258: ...ied Ethernet ports are point to point links force false Specifies that the links connected to the specified Ethernet ports are not point to point links auto Specifies to automatically determine whether or not the links connected to the specified Ethernet ports are point to point links Description Use the stp interface point to point command to specify whether the links connected to the specified E...

Page 259: ...st interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument instance id MSTI ID ranging from 0 to 16 The value of 0 refers to the CIST priority Port priority to be set This argument ranges from 0 to 240 and must be a multiple of 16 such as 0 16 32 and so on Description Use the stp interfa...

Page 260: ...mmand to restore the root guard function to the default state on specified port s in system view By default the root guard function is disabled Because of configuration errors or malicious attacks the root bridge in the network may receive configuration BPDUs with priorities higher than that of a root bridge which causes new root bridge to be elected and network topology jitter to occur In this ca...

Page 261: ...ent ranges from 1 to 255 and defaults to 10 Description Use the stp interface transmit limit command to set the maximum number of configuration BPDUs each specified port can send in each hello time Use the undo stp interface transmit limit command to restore the maximum number to the default value The larger the packetnum argument is the more packets a port can transmit in each hello time while th...

Page 262: ...The loop guard function suppresses loops With this function enabled if link congestions or unidirectional link failures happen a root port becomes a designated port and the port turns to the discarding state The blocked port also becomes the designated port and the port turns to the discarding state that is the port does not forward packets and thereby loops can be prevented Examples Enable the lo...

Page 263: ...gion to 35 Sysname system view System View return to User View with Ctrl Z Sysname stp max hops 35 stp mcheck Syntax stp mcheck View System view Ethernet port view Parameters None Description Use the stp mcheck command to perform the mCheck operation on the current port When a port on an MSTP enabled upstream switch connects with an STP enabled downstream switch the port operates in the STP compat...

Page 264: ...tch send STP BPDUs to neighboring devices If STP enabled switches exist in a switched network you can use the stp mode stp command to configure an MSTP enabled switch to operate in STP compatible mode z RSTP compatible mode where the ports of a switch send RSTP BPDUs to neighboring devices If RSTP enabled switches exist in a switched network you can use the stp mode rstp command to configure an MS...

Page 265: ...ree protocols you can enable the rapid transition feature on the ports of the H3C series switch operating as the downstream switch Among these ports those operating as the root ports will then actively send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports instead of waiting for agreement packets from the upstream switch This enables d...

Page 266: ...orts 100 95 95 95 200 000 1 000 000 666 666 500 000 2 000 1 800 1 600 1 400 100 Mbps Half duplex Full duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link 4 ports 19 15 15 15 200 000 100 000 66 666 50 000 200 180 160 140 1 000 Mbps Full duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link 4 ports 4 3 3 3 200 000 10 000 6 666 5 000 20 18 16 14 10 Gbps Full duplex...

Page 267: ...to restore the link connected to the current Ethernet port to its default link type which is automatically determined by MSTP By default whether the link type of a port is point to point is automatically determined by the switch If no keyword is specified in the stp point to point command the auto keyword is used by default and so MSTP automatically determines the type of the link connected to the...

Page 268: ...t port priority of the current port in the specified MSTI The default port priority of a port in any MSTI is 128 If you specify the instance id argument to 0 or do not specify the argument the two commands apply to the port priorities of ports on the CIST The role a port plays in a MSTI is determined by the port priority in the instance A port on a MSTP enabled switch can have different port prior...

Page 269: ...utput for the ports of instance 0 Examples Enable log and trap message output for the ports of instance 1 Sysname system view System View return to User View with Ctrl Z Sysname stp instance 1 portlog stp portlog all Syntax stp portlog all undo stp portlog all View System view Parameters None Description Use the stp portlog all command to enable log and trap message output for the ports of all ins...

Page 270: ...MSTI The default priority of a switch is 32 768 The priorities of switches are used for spanning tree calculation Switch priorities are spanning tree specific That is you can set different priorities for the same switch in different MSTIs If you do not specify the instance id argument the two commands apply to only the CIST Examples Set the bridge priority of the switch in MSTI 1 to 4 096 Sysname ...

Page 271: ...ion Sysname mst region stp root primary Syntax stp instance instance id root primary bridge diameter bridgenum hello time centi seconds undo stp instance instance id root View System view Parameters instance id MSTI ID ranging from 0 to 16 The value of 0 refers to the CIST bridgenum Network diameter of the specified spanning tree This argument ranges from 2 to 7 and defaults to 7 centi seconds Hel...

Page 272: ...ot bridge or a secondary root bridge its priority cannot be modified Examples Configure the current switch as the root bridge of MSTI 1 set the network diameter of the switched network to 4 and set the hello time to 500 centiseconds Sysname system view System View return to User View with Ctrl Z Sysname stp instance 1 root primary bridge diameter 4 hello time 500 stp root secondary Syntax stp inst...

Page 273: ...m View return to User View with Ctrl Z Sysname stp instance 4 root secondary bridge diameter 5 hello time 300 stp root protection Syntax stp root protection undo stp root protection View Ethernet port view Parameters None Description Use the stp root protection command to enable the root guard function on the current switch Use the undo stp root protection command to restore the root guard functio...

Page 274: ...ng TC BPDUs If a malicious user sends a large amount of TC BPDUs to a switch in a short period the switch may be busy in removing the MAC address table and ARP entries frequently which may affect spanning tree calculation occupy large amount of bandwidth and increase switch CPU utilization With the TC BPDU attack guard function enabled a switch performs a removing operation upon receiving a TC BPD...

Page 275: ...s the removing operation for limited times up to six times by default regardless of the number of the TC BPDUs it receives Such a mechanism prevents a switch from being busy in removing the MAC address table and ARP entries You can use the stp tc protection threshold command to set the maximum times for a switch to remove the MAC address table and ARP entries in a specific period When the number o...

Page 276: ...forward delay and max age parameters the following formulas must be met to prevent frequent network jitter 2 x forward delay 1 second max age Max age 2 x hello time 1 second You are recommended to specify the network diameter of the switched network and the hello time by using the stp root primary or stp root secondary command After that the three proper time related parameters are automatically c...

Page 277: ...ge stp bridge diameter Examples Set the hello time to 400 centiseconds Sysname system view System View return to User View with Ctrl Z Sysname stp timer hello 400 stp timer max age Syntax stp timer max age centi seconds undo stp timer max age View System view Parameters centi seconds Max age to be set in the range of 600 to 4 000 in centiseconds Description Use the stp timer max age command to set...

Page 278: ... a multiple of the hello time Use the undo stp timer factor command to restore the hello time factor to the default value By default the hello time factor of the switch is 3 A switch regularly sends protocol packets to its neighboring devices at the interval specified by the hello time parameter to test the links Generally a switch regards its upstream switch faulty if the former does receive any ...

Page 279: ...DUs to be transmitted in each hello time which may occupy more switch resources So you are recommended configure it to a proper value to avoid network topology jitter and prevent MSTP from occupying too many bandwidth resources Related commands stp interface transmit limit Examples Set the maximum number of configuration BPDUs that can be transmitted through Ethernet 1 0 1 in each hello time to 15...

Page 280: ...s mapped to MSTI 2 VLAN 16 is mapped to MSTI 16 VLAN 17 is mapped to MSTI 1 and so on Related commands check region configuration revision level region name active region configuration Examples Map VLANs to MSTIs with the modulo being 16 Sysname system view System View return to User View with Ctrl Z Sysname stp region configuration Sysname mst region vlan mapping modulo 16 vlan vpn tunnel Syntax ...

Page 281: ...the VLAN VPN tunnel function make sure the links between operator s networks are trunk links z If a fabric port exists on a switch you cannot enable the VLAN VPN function for any port of the switch Examples Enable the VLAN VPN tunnel function for the switch Sysname system view System View return to User View with Ctrl Z Sysname vlan vpn tunnel ...

Page 282: ...ics protocol 1 12 2 Static Route Configuration Commands 2 1 Static Route Configuration Commands 2 1 delete static routes all 2 1 ip route static 2 1 3 RIP Configuration Commands 3 1 RIP Configuration Commands 3 1 checkzero 3 1 default cost 3 2 display rip 3 2 display rip interface 3 3 display rip routing 3 4 filter policy export 3 5 filter policy import 3 6 host route 3 7 import route 3 8 network ...

Page 283: ...ay ospf peer 4 22 display ospf request queue 4 25 display ospf retrans queue 4 26 display ospf routing 4 26 display ospf vlink 4 27 filter policy export 4 29 filter policy import 4 30 import route 4 31 log peer change 4 32 multi path number 4 32 network 4 33 nssa 4 33 ospf 4 35 ospf authentication mode 4 36 ospf cost 4 37 ospf dr priority 4 37 ospf mib binding 4 38 ospf mtu enable 4 39 ospf networ...

Page 284: ...g 5 2 display ip ip prefix 5 2 display route policy 5 3 if match acl ip prefix 5 4 if match cost 5 4 if match interface 5 5 if match ip next hop 5 6 if match tag 5 6 ip ip prefix 5 7 route policy 5 8 6 Route Capacity Configuration Commands 6 1 Route Capacity Configuration Commands 6 1 display memory 6 1 display memory limit 6 2 memory 6 3 memory auto establish disable 6 4 memory auto establish ena...

Page 285: ...mands display ip routing table Syntax display ip routing table begin exclude include regular expression View Any view Parameters regular expression Regular expression a string of 1 to 256 case sensitive characters used for specifying routing entries Uses the regular expression to match the output routing information begin Displays the routing information from the route entry containing the specifi...

Page 286: ...e routing information from the entry containing the character string interface4 in the current routing table Sysname display ip routing table begin interface4 Routing Table public net 4 4 4 0 24 DIRECT 0 0 4 4 4 1 Vlan interface4 4 4 4 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 127 0 0 0 8 DIRECT 0 0 127 0 0 1 InLoopBack0 127 0 0 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 Display the routing information con...

Page 287: ...th this keyword specified detailed information of routes in the active or inactive state that match the ACL is displayed With this keyword not specified brief information of only the routes in the active state that match the ACL is displayed Description Use the display ip routing table acl command to display the information of routes that match the specified ACL Examples Display the information of...

Page 288: ...8 1 2 Vlan interface2 State Int ActiveU Retain Unicast Age 21 34 13 Cost 0 0 Destination 192 168 1 2 Mask 255 255 255 255 Protocol DIRECT Preference 0 NextHop 127 0 0 1 Interface 127 0 0 1 InLoopBack0 State NoAdvise Int ActiveU Retain Gateway Unicast Age 21 34 13 Cost 0 0 Table 1 2 Description on the fields of the display ip routing table command Field Description Destination Destination address M...

Page 289: ...vise route when advertising routes in accordance with a routing policy NotInstall A NotInstall route cannot be added to the core routing table but may be advertised A route with the highest priority is generally selected from the routing table added to the core routing table and then advertised Reject The routes marked with reject do not guide the router to forward packets as a normal route does T...

Page 290: ...routing table ip address mask This command only displays the routes exactly matching the specified destination address and mask z display ip routing table ip address longer match This command displays all destination address routes matching the specified destination address in the natural mask range z display ip routing table ip address mask longer match This command displays all destination addre...

Page 291: ... displays the verbose information of both active and inactive routes Without this argument provided this command displays the summary of active routes only Description Use the display ip routing table ip address1 ip address2 command to display the route information in the specified destination address range Examples Display the routing information of destination addresses ranging from 1 1 1 0 to 2...

Page 292: ...Pre Cost Nexthop Interface 10 1 1 0 24 DIRECT 0 0 10 1 1 2 Vlan interface1 10 1 1 2 32 DIRECT 0 0 127 0 0 1 InLoopBack0 For descriptions of the above fields see Table 1 1 Display the detailed information of routes in the active or inactive state that match the prefix list abc2 Sysname display ip routing table ip prefix abc2 verbose Routes matched by ip prefix abc2 Active Route Last Active Both Nex...

Page 293: ...ified brief information of only the routes in the active state is displayed Description Use the display ip routing table protocol command to display the route information of a specific protocol Examples Display the summary of all direct connect routes Sysname display ip routing table protocol direct DIRECT Routing tables Summary count 4 DIRECT Routing tables status active Summary count 3 Destinati...

Page 294: ...Routes Number of routes display ip routing table statistics Syntax display ip routing table statistics View Any view Parameters None Description Use the display ip routing table statistics command to display the integrated routing information The integrated routing information includes the total number of routes the number of active routes the number of routes added by protocols and the number of ...

Page 295: ...table verbose Syntax display ip routing table verbose View Any view Parameters None Description Use the display ip routing table verbose command to display the detailed information of a routing table including inactive routes and null routes The information displayed includes route state descriptor statistics of the routing table and detailed information of each route Examples Display the verbose ...

Page 296: ...n Number of suppressed routes Delete Number of deleted routes Hidden Number of hidden routes reset ip routing table statistics protocol Syntax reset ip routing table statistics protocol all protocol View User view Parameters all Specifies all protocols protocol Specifies a protocol which can be direct ospf ospf_ase ospf_nssa rip or static Description Use the reset ip routing table statistics proto...

Page 297: ...tistics protocol all Display the routing statistics in the IP routing table Sysname display ip routing table statistics Routing tables Proto route active added deleted DIRECT 4 4 0 0 STATIC 0 0 0 0 RIP 0 0 0 0 OSPF 0 0 0 0 O_ASE 0 0 0 0 O_NSSA 0 0 0 0 Total 4 4 0 0 The above information shows that the routing statistics in the IP routing table is cleared ...

Page 298: ... routes The system will request your confirmation before it deletes all the configured static routes Related commands ip route static display ip routing table Examples Delete all the static routes in the router Sysname system view System View return to User View with Ctrl Z Sysname delete static routes all Are you sure to delete all the unicast static routes Y N y ip route static Syntax ip route s...

Page 299: ...dropped without the source host being notified description text Provides a description for the current route which is a string of 1 to 60 characters detect group group number Specifies a detect group number which ranges from 1 to 25 z If you specify the next hop outgoing interface when configuring a static route the type of outgoing interface can be Null only z The packets sent to a Null interface...

Page 300: ... You can configure a different preference to implement flexible route management policy Related commands display ip routing table Examples Configure the next hop of the default route as 129 102 0 2 Sysname system view System View return to User View with Ctrl Z Sysname ip route static 0 0 0 0 0 0 0 0 129 102 0 2 ...

Page 301: ...heck for RIP 1 packets By default RIP 1 performs the must be zero field check According to the protocol RFC 1058 specifications some fields in RIP 1 packets must be zero and these fields are called zero fields You can use the checkzero command to enable disable the must be zero field check for RIP 1 packets When the must be zero field check is enabled if the must be zero field in an incoming RIP 1...

Page 302: ...ther routing protocol the routes will be redistributed with the default cost specified with the default cost command Related commands import route Examples Redistribute static routes and set the default cost of the redistributed routes to 3 Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip import route static Sysname rip default cost 3 display rip Syntax displ...

Page 303: ...st Default cost for redistributed routes Summary State of the automatic route summarization function on Enabled off Disabled Preference RIP preference Period update timer Length of the period update timer in seconds Timeout timer Length of the timeout timer in seconds Garbage collection timer Length of the garbage collection timer in seconds No peer router No destination address of a transmission ...

Page 304: ...terface running RIP The IP address of the interface corresponds to that in the Address field Ver Version of RIP running on the interface MetrIn Out Additional metric added when a route is received sent Input Indicates whether to allow the interface to receive RIP packets on means yes off means no Output Indicates whether to allow the interface to send RIP packets on means yes off means no Split ho...

Page 305: ...P filter policy export Syntax filter policy acl number ip prefix ip prefix name export protocol process id undo filter policy acl number ip prefix ip prefix name export protocol process id filter policy route policy route policy name export undo filter policy route policy route policy name export View RIP view Parameters acl number Number of the basic or advanced ACL used to filter routing informa...

Page 306: ...System View return to User View with Ctrl Z Sysname rip Sysname rip filter policy 2000 export filter policy import Syntax filter policy acl number ip prefix ip prefix name gateway ip prefix name route policy route policy name import undo filter policy acl number ip prefix ip prefix name gateway ip prefix name route policy route policy name import filter policy gateway ip prefix name import undo fi...

Page 307: ...2000 to filter the incoming routing information Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip filter policy 2000 import host route Syntax host route undo host route View RIP view Parameters None Description Use the host route command to enable RIP to receive host routes Use the undo host route command to disable RIP from receiving host routes By default RI...

Page 308: ...cters Description Use the import route command to enable RIP to redistribute routes from other protocols Use the undo import route command to disable RIP from redistributing routes from other protocols By default RIP does not redistribute routes from other protocols If the value is not specified routes will be redistributed with the default cost defined by the default cost command If the cost of a...

Page 309: ...you need to specify the network after enabling RIP to validate RIP on a specific interface By default RIP is disabled on all interfaces The differences between the network and rip work commands are as follows z The network command enables RIP on an interface attached to the specified network segment z The rip work command enables an interface to receive and send RIP packets Related commands rip wo...

Page 310: ...preference Syntax preference value undo preference View RIP view Parameters value Preference level in the range of 1 to 255 Description Use the preference command to configure the preference of RIP routes Use the undo preference command to restore the default By default the preference of RIP routes is 100 Every routing protocol has its own preference Its default value is determined by the specific...

Page 311: ... view System View return to User View with Ctrl Z Sysname rip Sysname rip reset Reset RIP s configuration and restart RIP Y N y rip Syntax rip undo rip View System view Parameters None Description Use the rip command to enable RIP or enter RIP view Use the undo rip command to disable RIP By default the system does not run RIP You must enable RIP and enter RIP view before configuring RIP global par...

Page 312: ...RFC2082 rfc2453 Specifies that MD5 cipher text authentication packets will use the packet format stipulated by RFC2453 key string MD5 cipher text authentication key If it is typed in the plain text mode the length does not exceed 16 characters If it is typed in the cipher text mode the length is 24 characters The system will display the MD5 cipher text authentication key with a length of 24 charac...

Page 313: ...ket format of rfc2453 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 rip authentication mode md5 rfc2453 aaa rip input Syntax rip input undo rip input View Interface view Parameters None Description Use the rip input command to enable an interface to receive RIP packets Use the undo rip input command to disable an interf...

Page 314: ...e metric of RIP routes received on the interface will increase accordingly If the sum of the additional metric and the original metric is greater than 16 the metric of the route will be 16 Related commands rip metricout Examples Set the additional metric of RIP routes received on the interface VLAN interface 10 to 2 Sysname system view System View return to User View with Ctrl Z Sysname interface ...

Page 315: ...Syntax rip output undo rip output View Interface view Parameters None Description Use the rip output command to enable an interface to transmit RIP packets Use the undo rip output command to disable an interface from transmitting RIP packets By default all interfaces except loopback interfaces are enabled to transmit RIP packets Related commands rip input rip work Examples Disable the interface VL...

Page 316: ...rface VLAN interface 10 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 undo rip split horizon rip version Syntax rip version 1 2 broadcast multicast undo rip version View Interface view Parameters 1 Specifies the version of RIP running on an interface as RIP 1 2 Specifies the version of RIP running on an interface as RIP...

Page 317: ...an interface10 rip version 2 broadcast rip work Syntax rip work undo rip work View Interface view Parameters None Description Use the rip work command to enable the interface to receive and send RIP packets Use the undo rip work command to disable the interface from neither receiving nor sending RIP packets By default all interfaces except loopback interfaces are enabled to receive and send RIP pa...

Page 318: ...Route summarization can be used to reduce the routing traffic on the network as well as to reduce the size of the routing table The summary routes contain the natural masks when advertised If RIP 2 is used route summarization can be disabled with the undo summary command when it is necessary to broadcast subnet routes RIP 1 always uses automatic route summarization but the undo summary command is ...

Page 319: ...on of RIP timers is validated immediately As specified in RFC 1058 RIP is controlled by the above three timers z The update timer defines the interval between routing updates z The timeout timer defines the route aging time If no routing update related to a route is received within the aging time the metric of the route is set to 16 in the routing table z The garbage collect timer defines the inte...

Page 320: ...reaches the upper limit z If this function is enabled the newly learned equivalent route replaces the existing equivalent route in the routing table z If this function is disabled the first aged route entry is replaced by the newly learned route If no route entry is aged the newly learned equivalent route will be dropped Examples Enable traffic to be forwarded along multiple equivalent RIP routes ...

Page 321: ...ry route If this argument is not provided the summary route will be advertised not advertise Specifies not to advertise the summary route Description Use the abr summary command to enable route summarization on an area border router ABR Use the undo abr summary command to disable route summarization on an ABR By default route summarization is disabled on an ABR This command is applicable to ABRs o...

Page 322: ... 42 0 0 255 255 0 0 area Syntax area area id undo area area id View OSPF view Parameters area id ID of an OSPF area which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP address Description Use the area command to enter OSPF area view Use the undo area command to cancel the specified area Examples Enter OSPF area 0 view Sysname system view System View return to User V...

Page 323: ...the specified network If an NSSA area is configured this command also summarizes the redistributed Type 7 LSAs falling into the specified network If the local router acts as an NSSA ABR this command summarizes Type 5 LSAs translated from Type 7 LSAs falling into the specified network This command does not take effect on non NSSA ABRs Related commands display ospf asbr summary Examples Configure tw...

Page 324: ...ation mode on interfaces When configuring virtual link authentication you can use the authentication mode command to specify the authentication mode as MD5 cipher text or simple text for the backbone area Related commands ospf authentication mode vlink peer Examples Enter area 0 view Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 0 Specify the OS...

Page 325: ... reasonably set the default cost of redistributed routes the default interval for redistributing routes and the limit of routes that can be redistributed at one time Examples Set the default cost interval limit tag and type of redistributed routes to 10 20 seconds 300 15 and 1 respectively Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 default cost 10...

Page 326: ... an NSSA ASBR only when a default route is available on the ASBR can the router generate the default route into the attached area Related commands stub nssa Examples Set area 1 to a Stub area and the cost of the default route advertised to this Stub area to 60 Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 area 0 0 0 1 network 20...

Page 327: ...e command to generate a default route in the OSPF routing domain Use the undo default route advertise command to disable OSPF from redistributing a default route By default OSPF does not redistribute any default route The import route command cannot redistribute any default route To redistribute the default route to the route area the default route advertise command must be used If the local route...

Page 328: ...mples Display the information about the OSPF ABRs and ASBRs Sysname display ospf abr asbr OSPF Process 1 with Router ID 1 1 1 1 Routing Table to ABR and ASBR I Intra i Inter A ASBR B ABR S SumASBR Destination Area Cost Nexthop Interface IA 2 2 2 2 0 0 0 0 10 10 153 17 89 Vlan interface1 Table 4 1 Description on the fields of the display ospf abr asbr command Field Description I Intra i Inter A ASB...

Page 329: ...on Description Use the display ospf asbr summary command to display the summary information of OSPF redistributed routes If you do not specify an IP address or subnet mask the summary information of all OSPF redistributed routes will be displayed Related commands asbr summary Examples Display the summary information of all OSPF redistributed routes Sysname display ospf asbr summary OSPF Process 1 ...

Page 330: ...F process ID in the range of 1 to 65535 If you do not specify a process ID this command applies to all current OSPF processes Description Use the display ospf brief command to display brief OSPF information Examples Display brief OSPF information Sysname display ospf brief OSPF Process 1 with Router ID 7 7 7 7 OSPF Protocol Information RouterID 7 7 7 7 Border Router Nssa Area AS Spf schedule inter...

Page 331: ... RouterID Router ID of the router Border Router Whether the router is a border router Area ABR AS ASBR Nssa Area AS NSSA ABR Spf schedule interval Interval of SPF schedule Routing preference OSPF route preference including Inter Intra Inter area intra area route preference External External route preference Default ASE parameters Default ASE parameters of OSPF redistributed routes including Metric...

Page 332: ... state machine DOWN No protocol packet is sent or received on the interface Waiting The interface starts sending and receiving Hello packets and is trying to identify the Backup designated router for the network PtoP The interface sends Hello packets at the interval of HelloInterval and tries to establish an adjacency with the peer router DR The router itself is the designated router on the attach...

Page 333: ...ics Sysname display ospf cumulative OSPF Process 1 with Router ID 1 1 1 1 Cumulations IO Statistics Type Input Output Hello 0 10430 DB Description 0 0 Link State Req 0 0 Link State Update 0 0 Link State Ack 0 0 ASE 0 Checksum Sum 0 LSAs originated by this router Router 180 SumNet 116 LSAs Originated 296 LSAs Received 0 Area 0 0 0 0 Neighbors 0 Interfaces 0 Spf 2 Checksum Sum 15B27 rtr 1 net 0 suma...

Page 334: ... LSA Originated Number of originated LSAs LSAs Received Number of received LSAs generated by other routers Router Number of all Router LSAs SumNet Number of all Sumnet LSAs SumASB Number of all SumASB LSAs Neighbors Number of neighbors in this area Interfaces Number of interfaces in this area Spf Number of SPF computation count in this area Area rtr net sumasb sumnet Number of all LSAs in this are...

Page 335: ...h 0 DD unknown LSA type 0 LS ACK neighbor state low 0 LS ACK wrong ack 0 LS ACK duplicate ack 0 LS ACK unknown LSA type 0 LS ACK ACK length wrong 0 LS REQ neighbor state low 0 LS REQ empty request 0 LS REQ wrong request 0 LS REQ wrong length 0 LS UPD neighbor state low 0 LS UPD newer self generate LSA 0 LS UPD LSA checksum wrong 0 LS UPD received less recent LSA 0 LS UPD unknown LSA type 0 OSPF ro...

Page 336: ... neighbor state LS ACK wrong ack Link state acknowledgment packet ack error LS ACK duplicate ack Link state acknowledgment packet ack duplication LS ACK unknown LSA type Link state acknowledgment packet unknown LSA type LS ACK ACK length wrong Link state acknowledgment packet ACK length error LS REQ neighbor state low Link state request LS REQ packet asynchronous neighbor state LS REQ empty reques...

Page 337: ...kup Designated Router 10 110 10 2 Timers Hello 10 Dead 40 Poll 10 Retransmit 5 Transmit Delay 1 Table 4 6 Description on the fields of the display ospf interface command Field Description Cost Cost of the interface State State of the interface state machine DOWN No protocol packet is sent or received on the interface Waiting The interface starts sending and receiving Hello packets and is trying to...

Page 338: ...ommand applies to all current OSPF processes area id OSPF area ID which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP address brief Displays brief database information asbr Displays the database information about Type 4 LSAs summary Asbr LSAs ase Displays the database information about the Type 5 LSAs AS external LSAs This argument is unavailable if you have provide...

Page 339: ... Rtr 1 1 1 1 1 1 1 1 449 36 80000004 0 SpfTree Rtr 3 3 3 3 3 3 3 3 429 36 8000000a 0 Clist Net 10 153 18 89 3 3 3 3 429 32 80000003 0 SpfTree SNet 10 153 17 0 1 1 1 1 355 28 80000003 10 Inter List ASB 2 2 2 2 1 1 1 1 355 28 80000003 10 SumAsb List AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric Where ASE 10 153 18 0 1 1 1 1 1006 36 80000002 1 Ase List ASE 10 153 16 0 2 2 2...

Page 340: ...e AS and is reachable Ase Infinity The LSA is outside the AS and is unreachable Nssa List The LSA is in an NSSA Nssa Infinity The LSA is in an unreachable NSSA Sysname display ospf lsdb ase OSPF Process 1 with Router ID 1 1 1 1 Link State Database Type ASE Ls id 10 0 0 0 Adv rtr 2 2 2 2 Ls age 87 Len 36 Seq 80000001 Chksum 0xb45d Options DC Net mask 255 0 0 0 Tos 0 metric 1 E type 2 Forwarding Add...

Page 341: ...orwarding Address Forwarding address Tag Tag display ospf nexthop Syntax display ospf process id nexthop View Any view Parameters process id OSPF process ID in the range of 1 to 65535 If you do not specify a process ID this command applies to all current OSPF processes Description Use the display ospf nexthop command to display the OSPF next hop information Examples Display the OSPF next hop infor...

Page 342: ...nd applies to all current OSPF processes brief Displays brief information of OSPF neighbors statistics Displays the statistics of OSPF neighbors Description Use the display ospf peer command to display the information of OSPF neighbors Examples Display the information of OSPF neighbors Sysname display ospf peer OSPF Process 1 with Router ID 1 1 1 1 Neighbors Area 0 0 0 0 interface 10 153 17 88 Vla...

Page 343: ... sends Link State Request packets to the neighbor requesting more recent LSAs Full In this state the neighboring routers are fully adjacent Mode Master Slave mode formed by negotiation in exchanging DD packet Priority Priority of DR BDR for neighbor election DR DR in the subnet the interface is attached to BDR BDR in the subnet the interface is attached to Dead timer expires in 31s If no hello pac...

Page 344: ...uch as Frame Relay X 25 or ATM It indicates that OSPF router does not receive the message from a certain neighbor router within a period of time but still attempts to send Hello packet to the adjacent routers for their communications with a lower frequency Init It indicates that OSPF router has received Hello packet from a neighbor router but its IP address is not contained in the Hello packet The...

Page 345: ... display the information about the OSPF request queue Examples Display the information about the OSPF request queue Sysname display ospf request queue The Router s Neighbors is RouterID 1 1 1 1 Address 1 1 1 1 Interface 1 1 1 3 Area 0 0 0 0 LSID 1 1 1 3 AdvRouter 1 1 1 3 Sequence 80000017 Age 35 Table 4 13 Description on the fields of the display ospf request queue command Field Description Router...

Page 346: ... 1 1 Retransmit List The Router s Neighbors is RouterID 162 162 162 162 Address 103 169 2 2 Interface 103 169 2 5 Area 0 0 0 1 Retrans list Type ASE LSID 129 11 77 0 AdvRouter 103 160 1 1 Type ASE LSID 129 11 108 0 AdvRouter 103 160 1 1 Table 4 14 Description on the fields of the display ospf retrans queue command Field Description RouterID ID of a neighbor router Address IP address of the interfa...

Page 347: ...110 10 1 10 10 10 1 0 0 0 0 10 10 0 0 16 1 Stub 10 10 0 1 3 3 3 3 0 0 0 0 Total Nets 2 Intra Area 2 Inter Area 0 ASE 0 NSSA 0 Table 4 15 Description on the fields of the display ospf routing command Field Description Destination IP address of the destination network Cost Cost of a route Type Type of route NextHop Next hop of route AdvRouter ID of the router that advertises the route Area Area ID T...

Page 348: ...on Virtual link Neighbor id ID of a virtual link neighbor router State State of a neighbor router It can be Down Init Attempt 2 Way Exstart Exchange Loading or Full Cost Route cost of the interface State State of the interface state machine DOWN No protocol packet is sent or received on the interface Waiting The interface starts sending and receiving Hello packets and is trying to identify the Bac...

Page 349: ...se the filter policy export command to configure the filtering of outgoing redistributed routes Use the undo filter policy export command to disable such filtering By default filtering of outgoing redistributed routes is not configured In some cases it may be required that only the routing information meeting some conditions can be advertised You can use the filter policy command to set the filter...

Page 350: ...t command to configure the filtering of incoming routes Use the undo filter policy import command to disable such filtering By default no filtering of incoming routes is configured In some cases it may be required that only the routing information meeting some conditions can be received You can use the filter policy import command to set the matching rules for the routing information to be receive...

Page 351: ...fies the type of redistributed routes The type value is 1 or 2 and defaults to 2 tag value Specifies the tag of redistributed routes A tag can be used by a route policy The tag value ranges from 0 to 4294967295 and defaults to 1 Description Use the import route command to redistribute external routes Use the undo import route command to disable importing redistribution from other protocols You are...

Page 352: ...the Full state or to the Down state Neighbor states include Down Init Attempt 2 Way Exstart Exchange Loading and Full Examples Enable logging of neighbor state changes Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 log peer change multi path number Syntax multi path number value undo multi path number View OSPF view Parameters value Number of equal co...

Page 353: ...ol Use the undo network command to disable an interface from running OSPF By default the interface does not belong to any area To run OSPF on an interface the master IP address of this interface must be in the range of the network segment specified by this command If only the slave IP address of the interface is in the range of the network segment specified by this command this interface will not ...

Page 354: ...able only on an NSSA ABR that is also the ASBR of the OSPF routing domain It disables redistributed routes from entering the NSSA area but allows them to enter other OSPF areas The no summary keyword is usable only on an NSSA ABR to advertise only a default route in a Type 3 summary LSA into the NSSA area In this way all the other summary LSAs are not advertised into the area Such an area is known...

Page 355: ...name ospf 1 area 1 Sysname ospf 1 area 0 0 0 1 network 36 0 0 0 0 255 255 255 Sysname ospf 1 area 0 0 0 1 nssa ospf Syntax ospf process id router id router id undo ospf process id View System view Parameters process id OSPF process ID in the range of 1 to 65535 By default the process ID is 1 process id is locally significant router id Router ID of an OSPF process in dotted decimal notation Descrip...

Page 356: ...tring of up to eight characters key id ID of the authentication key in MD5 authentication mode ranging from 1 to 255 key MD5 authentication key If it is input in a plain text form MD5 key is a string of 1 to 16 characters It is displayed in a cipher text form with 24 characters in length when the display current configuration command is executed Inputting the MD5 key in a cipher text form with 24 ...

Page 357: ...terface10 ospf authentication mode md5 15 abc ospf cost Syntax ospf cost value undo ospf cost View Interface view Parameters value Cost for running an OSPF process on an interface in the range of 1 to 65535 Description Use the ospf cost command to configure the OSPF cost on an interface Use the undo ospf cost command to restore the default By default the OSPF cost on an interface is 10 You can use...

Page 358: ...en selected cannot become the DR or BDR immediately Examples Set the DR election priority of the interface VLAN interface 10 to 8 Sysname system view System View return to User View with Ctrl Z Sysname interface vlan interface 10 Sysname Vlan interface10 ospf dr priority 8 ospf mib binding Syntax ospf mib binding process id undo ospf mib binding View System view Parameters process id OSPF process ...

Page 359: ...a Hello packet via the OSPF interface and the router that receives the hello packet checks parameters carried in the packet If parameters of the two routers match they become neighbors Not every pair of neighboring routers become adjacent which depends on network types Only by synchronizing the LSDB via exchanging DD packets and LSAs can two routers become adjacent If the MTU values of the DD pack...

Page 360: ... type of the interface can be changed to NBMA For a non broadcast multi accessible network to be of NBMA type any two routers in the network must be directly reachable to each other through a virtual circuit In other words the network must be fully meshed For a network not meeting this condition the network type of the interface must be changed to point to multipoint In this way routing informatio...

Page 361: ...The dead interval of OSPF peers means that within this interval if no Hello message is received from the peer the peer will be considered to be invalid The value of dead seconds should be at least four times of that of the Hello seconds The dead seconds for the interfaces on the same network segment must be identical Related commands ospf timer hello Examples Set the peer dead interval on the inte...

Page 362: ...return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 ospf timer hello 20 ospf timer poll Syntax ospf timer poll seconds undo ospf timer poll View Interface view Parameters seconds Poll Hello interval in seconds It ranges from 1 to 65535 Description Use the ospf timer poll command to configure the poll interval at which the interface sends hello packets to th...

Page 363: ...tting an LSA is 5 seconds If a router running OSPF transmits a link state advertisement LSA to the peer it needs to wait for the acknowledgement packet from the peer If no acknowledgement is received from the peer within the LSA retransmission interval this LSA will be retransmitted The LSA retransmit between adjacent routers should not be set too short otherwise unexpected retransmission will occ...

Page 364: ...Vlan interface10 ospf trans delay 3 peer Syntax peer ip address dr priority dr priority undo peer ip address View OSPF view Parameters ip address IP address of a neighbor router dr priority Value of the corresponding priority of a neighbor in the NBMA network It ranges from 0 to 255 and defaults to 1 Description Use the peer command to specify a neighbor and its DR priority on an NBMA network Use ...

Page 365: ...ng protocols could be running on a router there is the problem of routing information sharing among routing protocols and selection Therefore a default preference is specified for each routing protocol When a route is identified by different protocols the protocol with the highest preference selected for forwarding IP packets Examples Specify the preference of an imported external route of the AS ...

Page 366: ...F process 200 Sysname reset ospf 200 reset ospf statistics Syntax reset ospf statistics all process id View User view Parameters all Clears the statistics of all OSPF processes process id OSPF process ID in the range of 1 to 65535 Description Use the reset ospf statistics command to clear the statistic of OSPF process es Examples Clear the statistics of all OSPF processes Sysname reset ospf statis...

Page 367: ... router ID selection process z To validate a new router ID you need to execute the reset command Related commands ospf Examples Set the router ID to 10 1 1 3 Sysname system view System View return to User View with Ctrl Z Sysname router id 10 1 1 3 silent interface Syntax silent interface silent interface type silent interface number undo silent interface silent interface type silent interface num...

Page 368: ...s id OSPF process ID in the range of 1 to 65535 If you do not specify a process ID this command applies to all current OSPF processes ifstatechange virifstatechange nbrstatechange virnbrstatechange ifcfgerror virifcfgerror ifauthfail virifauthfail ifrxbadpkt virifrxbadpkt iftxretransmit viriftxretransmit originatelsa maxagelsa lsdboverflow lsdbapproachoverflow Types of TRAP packets that the switch...

Page 369: ...f as the root and determine the next hop to the destination network according to the shortest path tree Adjusting SPF calculation interval restrains frequent network changes which may occupy too many bandwidth resources and router resources Examples Set the OSPF route calculation interval of H3C to 6 seconds Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname osp...

Page 370: ... 1 area 0 0 0 1 stub vlink peer Syntax vlink peer router id hello seconds retransmit seconds trans delay seconds dead seconds simple password md5 keyid key undo vlink peer router id View OSPF area view Parameters route id Router ID of virtual link peer hello seconds Specifies the interval in seconds at which the router transmits hello packet It ranges from 1 to 8192 and defaults to 10 This value m...

Page 371: ... and the more network resources are consumed z A too small retransmission interval will lead to unnecessary retransmissions A big value is appropriate for a low speed link z You need to specify an appropriate transmission delay with the trans delay keyword Note that virtual link authentication adopts the MD5 cipher text or simple text authentication mode set with the authentication mode command fo...

Page 372: ...o remove the configuration By default no cost is applied to routes satisfying matching rules The apply clause is one that sets a cost for the routes satisfying matching rules in a routing policy Related commands if match interface if match acl if match ip prefix if match ip next hop if match cost if match tag route policy apply tag Examples Create a routing policy named policy and node 1 with the ...

Page 373: ...named policy and node 1 with the matching mode being permit Apply the tag 100 to routes matching ACL 2000 Sysname system view System View return to User View with Ctrl Z Sysname route policy policy permit node 1 New sequence of this list Sysname route policy if match acl 2000 Sysname route policy apply tag 100 display ip ip prefix Syntax display ip ip prefix ip prefix name View Any view Parameters...

Page 374: ...mit of subnet mask length of the matched IP address LE Less equal that is upper limit of subnet mask length of the matched IP address display route policy Syntax display route policy route policy name View Any view Parameters route policy name Name of a routing policy a string of up to 19 characters Description Use the display route policy command to display information about routing policies If y...

Page 375: ... the range of 2000 to 3999 ip prefix name Name of the IP prefix list used for filtering a string of up to 19 characters Description Use the if match command to match routes permitted by an ACL or IP prefix list Use the undo if match command to remove the configuration By default the if match clause is not configured Related commands if match interface if match ip next hop if match cost if match ta...

Page 376: ...me route policy if match cost 8 if match interface Syntax if match interface interface type interface number undo if match interface View Route policy view Parameters interface type interface number Specifies the interface type and interface number Description Use the if match interface command to match routes having the specified outgoing interface Use the undo if match interface command to remov...

Page 377: ...fied in an ACL or IP prefix list Use the undo if match ip next hop command to remove the matching rule with an ACL Use the undo if match ip next hop ip prefix command to remove the matching rule with an IP prefix list By default no next hop matching rule is defined Related commands if match interface if match acl if match ip prefix if match cost if match tag route policy apply cost apply tag Examp...

Page 378: ...ers It identifies an address prefix list uniquely index number Identifier of an entry in the IP address prefix list in the range 1 to 2047 The entry with a smaller index number will be tested first permit Specifies the match mode of the defined IP prefix entries as permit mode If the permit mode is specified and the IP address to be filtered is in the ip prefix range specified by the entry the ent...

Page 379: ...atch the prefix ranges of these two parts If you specify network len as 0 0 0 0 0 it matches the default route only To match all the routes use 0 0 0 0 0 less equal 32 Examples Define an ip prefix named p1 to permit only the routes whose mask lengths are 17 or 18 on network segment 10 0 192 0 8 to pass Sysname system view System View return to User View with Ctrl Z Sysname ip ip prefix p1 permit 1...

Page 380: ...y clause defines the actions after filtering through this node The filtering relationship between the if match clauses of the node is AND That is all if match clauses of the node must be met The filtering relation between Route policy nodes is OR That is filtering through one node means filtering through this Route policy If the information does not filter through any node it cannot filter through...

Page 381: ...Unit ID Description Use the display memory command to display the memory usage Examples Display the current memory usage of the switch Sysname display memory Unit 1 System Available Memory bytes 33631488 System Used Memory bytes 16122304 Used Rate 47 The following table describes the fields of the command Table 6 1 Description on the fields of the display memory command Field Description Unit Spec...

Page 382: ...y memory limit Current memory limit configuration information system memory safety 5 MBytes system memory limit 4 MBytes auto establish enabled Free Memory 17506496 Bytes The state information about connection The times of disconnect 0 The times of reconnect 0 The current state Normal Table 6 2 Description on the fields of the display memory limit command Field Description system memory safety Saf...

Page 383: ...ess than the limit value all the routing protocol connections will be disconnected forcibly Use the memory safety safety value command to configure the safety value of the switch free memory If you use the memory auto establish enable command the default configuration the routing protocol connection that is forcibly disconnected automatically recovers when the free memory of the switch reaches the...

Page 384: ...will always recover when the free memory of the switch decreases to a lower limit the connection will be disconnected forcibly After this command is used connections of all the routing protocols will not recover when the free memory of the switch recovers to a safety value In this case you need to restart the routing protocol to recover the connections Use this command with caution Related command...

Page 385: ... a safety value connections of all the routing protocols will always recover when the free memory of the switch decreases to a lower limit the connection will be disconnected forcibly By default this function is enabled Related commands memory auto establish disable memory display memory limit Examples Enable automatic connections of all routing protocols when the free memory of the current switch...

Page 386: ...ket 1 13 multicast source deny 1 13 reset multicast forwarding table 1 14 reset multicast routing table 1 15 unknown multicast drop enable 1 16 2 IGMP Configuration Commands 2 1 IGMP Configuration Commands 2 1 display igmp group 2 1 display igmp interface 2 2 igmp enable 2 3 igmp group limit 2 4 igmp group policy 2 5 igmp group policy vlan 2 6 igmp host join port 2 7 igmp host join vlan 2 8 igmp l...

Page 387: ...iguration Commands 4 1 cache sa enable 4 1 display msdp brief 4 1 display msdp peer status 4 2 display msdp sa cache 4 4 display msdp sa count 4 6 import source 4 7 msdp 4 7 msdp tracert 4 8 originating rp 4 10 peer connect interface 4 10 peer description 4 11 peer mesh group 4 12 peer minimum ttl 4 12 peer request sa enable 4 13 peer sa cache maximum 4 13 peer sa policy 4 14 peer sa request polic...

Page 388: ...g max response time 5 10 igmp snooping nonflooding enable 5 11 igmp snooping querier 5 12 igmp snooping query interval 5 13 igmp snooping router aging time 5 13 igmp snooping version 5 14 igmp snooping vlan mapping 5 15 igmp host join port 5 15 igmp host join 5 16 multicast static group interface 5 17 multicast static group vlan 5 18 multicast static router port 5 19 multicast static router port v...

Page 389: ...c router port vlan z Configuring VLAN tags of query messages The related command is igmp snooping vlan mapping Common Multicast Configuration Commands display mac address multicast static Syntax display mac address multicast static mac address vlan vlan id count View Any view Parameters mac address Displays the static multicast MAC entry information for the specified MAC address Without this argum...

Page 390: ...r the multicast MAC address are forwarded AGING TIME s Remaining lifetime of the entry NOAGED indicates that the entry never expires display mpm forwarding table Syntax display mpm forwarding table group address View Any view Parameters group address IP address of a multicast group in the range 224 0 0 0 to 239 255 255 255 With this argument configured this command displays only those forwarding e...

Page 391: ...first outgoing VLAN interface is VLAN interface 32 with one outgoing port under it Ethernet 1 0 19 Total 1 entry entries Listed The multicast forward table contains one S G entry display mpm group Syntax display mpm group vlan vlan id View Any view Parameters vlan vlan id Specifies a VLAN With a VLAN specified this command displays the IGMP group information in the specified VLAN otherwise the com...

Page 392: ...on is for VLAN 1200 Static Router Port s Static router ports Dynamic router port s Dynamic router ports IP group s the following ip group s match to one mac group IP multicast groups corresponding to the same MAC multicast group IP group address Address of the IP multicast group Static host port s Static host ports Dynamic host port s Dynamic host ports MAC group s MAC multicast groups Host port s...

Page 393: ...ing interface is the PIM SM register interface Description Use the display multicast forwarding table command to display the information of multicast forwarding tables As the multicast forwarding table directly guides the forwarding of multicast traffic you can view the information of the forwarding entries to determine whether a multicast stream is correctly forwarded Related commands display mul...

Page 394: ...s the multicast routing entries for the specified multicast source mask Mask of the multicast group address or multicast source address 255 255 255 255 by default mask length Mask length of the multicast group address or multicast source address For a multicast group address this argument is in the range of 4 to 32 for a multicast source address this argument is in the range of 0 to 32 The system ...

Page 395: ...cription Multicast Routing Table Multicast routing table Total 3 entries There are three entries in all in the multicast routing table 4 4 4 4 224 2 149 17 An S G entry Uptime 00 15 16 Timeout in 272 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list Vlan interface2 2 2 2 4 Protocol 0x1 IGMP The entry has been there for 15 minutes and 16 seconds and it will expire in 272 seco...

Page 396: ...dress multicast mac address interface interface list vlan vlan id undo mac address multicast mac address interface interface list vlan vlan id View System view Parameters mac address Multicast MAC address in the form of H H H interface interface list Specifies forwarding ports for the specified multicast MAC group address With the interface list argument you can define one or more individual ports...

Page 397: ...he VLAN the current port belongs to The effective range for vlan id is 1 to 4094 Description Use the mac address multicast vlan command to create a multicast MAC address entry on the current port Use the undo mac address multicast vlan command to remove the specified multicast MAC address entry or all multicast MAC address entries on the current port Each multicast MAC address entry contains the m...

Page 398: ...dress 192 168 2 2 Previous Hop Router Address 192 168 2 1 Input packet count on incoming interface 0 Output packet count on outgoing interface 0 Total number of packets for this source group pair 0 Protocol PIM Forwarding TTL 0 Forwarding Code No error 2 192 168 2 1 Incoming Interface Address 192 168 3 2 Previous Hop Router Address 192 168 3 1 Input packet count on incoming interface 0 Output pack...

Page 399: ...routing protocol in use Forwarding TTL The minimum TTL that a packet is required to have before it can be forwarded over the outgoing interface multicast route limit Syntax multicast route limit limit undo multicast route limit View System view Parameters limit Maximum number of multicast routing table entries in the range of 0 to 256 Description Use the multicast route limit command to configure ...

Page 400: ...ture Use the undo multicast routing enable command to disable the IP multicast routing feature IP multicast routing is disabled by default Examples Enable the IP multicast routing feature Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable multicast storing enable Syntax multicast storing enable undo multicast storing enable View System view Parameters ...

Page 401: ...ast forwarding entry ranging from 10 to 100 Description Use the multicast storing packet command to specify the maximum number of packets that can be buffered per multicast forwarding entry By default up to 100 packets can be buffered per multicast forwarding entry Examples Configure to allow a maximum of 50 packets to be buffered per multicast group Sysname system view System View return to User ...

Page 402: ...ture is enabled on all the ports of the switch if one or more ports or port lists are specified the multicast source port suppression feature is enabled on the specified ports z In Ethernet port view you can use the command to enable the multicast source port suppression feature on the current port only Examples Enable the multicast source port suppression feature on all the ports of the switch Sy...

Page 403: ... However they must be valid addresses otherwise the system prompts an error message Related commands display multicast forwarding table Examples Clear the forwarding entries whose group address is 225 5 4 3 from the multicast forwarding table Sysname reset multicast forwarding table 225 5 4 3 Clear the statistics about the forwarding entries whose group address is 225 5 4 3 from the multicast forw...

Page 404: ... multicast forwarding table Examples Clear the routing entries whose group address is 225 5 4 3 from the multicast core routing table Sysname reset multicast routing table 225 5 4 3 unknown multicast drop enable Syntax unknown multicast drop enable undo unknown multicast drop enable View System view Parameters None Description Use the unknown multicast drop enable command to enable the function of...

Page 405: ...up information Without any parameters provided the command displays the information of all IGMP multicast groups Related commands igmp host join Examples Display the information of all IGMP multicast groups on the switch Sysname display igmp group Total 3 IGMP groups reported on this router LoopBack0 20 20 20 20 Total 3 IGMP Groups reported Group Address Last Reporter Uptime Expires 225 1 1 1 20 2...

Page 406: ...nds 60 Value of other querier time out for IGMP in seconds 120 Value of maximum query response time for IGMP in seconds 10 Value of robust count for IGMP 2 Value of startup query interval for IGMP in seconds 15 Value of last member query interval for IGMP in seconds 1 Value of query timeout for IGMP version 1 in seconds 400 Policy to accept IGMP reports none Querier for IGMP 10 153 17 99 this rout...

Page 407: ...d otherwise the applied policy is displayed For example acl 2000 only for IGMP version 1 means ACL 2000 is applied only on IGMPv1 reports Querier for IGMP 10 1 0 5 this router The IGMP querier address is 10 1 0 5 this device IGMP group limit 256 The maximum number of IGMP multicast groups that can be joined on the VLAN interface is 256 Total 1 IGMP group reported Total number of IGMP multicast gro...

Page 408: ... can be joined to an interface If you use the command for a second time the new configuration overwrites the existing one z After the maximum number of multicast groups is reached the interface will not join any new multicast group z If you configure the maximum number of multicast groups allowed on the interface to 1 a new group registered on the interface supersedes the existing one automaticall...

Page 409: ... total number of individual ports plus port ranges cannot exceed 10 For port types and port numbers refer to the parameter description in the Port Basic Configuration part in this manual In LoopBack interface view this command does not support the port interface list option Description Use the igmp group policy command to configure a multicast group filter on the current interface to control the a...

Page 410: ...Use the igmp group policy vlan command to configure a multicast group filter on the current port to control the access to the multicast groups in the defined group range Use the undo igmp group policy vlan command to remove the configured multicast group filter By default no filter is configured that is a host can join any multicast group To restrict the hosts attached to a port from joining certa...

Page 411: ...nterface number2 where interface number2 must be greater than interface number1 The total number of individual ports plus port ranges cannot exceed 10 For port types and port numbers refer to the parameter description in the Port Basic Configuration part in this manual In LoopBack interface view this command does not support the port interface list option Description Use the igmp host join port co...

Page 412: ...figure Ethernet 1 0 1 under VLAN interface 10 as a simulated member host to join multicast group 225 0 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port access vlan 10 Sysname Ethernet1 0 1 igmp host join 225 0 0 1 vlan 10 igmp lastmember queryinterval Syntax igmp lastmember queryinterval seconds undo igmp lastmember que...

Page 413: ... Parameters seconds Maximum response time in seconds in the IGMP general query messages ranging from 1 to 25 Description Use the igmp max response time command to configure the maximum response time carried in the IGMP general query messages Use the undo igmp max response time command to restore the default The maximum response time is 10 seconds by default Related commands display igmp interface ...

Page 414: ... the last configuration takes effect Related commands pim neighbor policy Examples Configure VLAN interface 1 as the IGMP proxy interface for VLAN interface 2 on the Layer 3 switch Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname interface vlan interface 1 Sysname Vlan interface1 pim dm Sysname Vlan interface1 igmp enable Sysname Vlan interfa...

Page 415: ...sent command to restore the default value By default the other querier present interval is twice the value of IGMP query interval that is 120 seconds if the IGMP query interval has not been manually configured On a multi access network that is the same network segment including multiple multicast routers the query router known as querier is responsible for sending general query messages periodical...

Page 416: ... subnets to determine whether multicast group members are present on the subnets The IGMP query interval can be tuned according to the practical conditions of the network Related commands igmp timer other querier present Examples Set the IGMP query interval to 150 seconds on VLAN interface 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname ...

Page 417: ...ars the IGMP multicast group information on the specified interface group address Multicast group address in the range of 224 0 0 0 to 239 255 255 255 With this argument provided the command clears the specified multicast group or group range group mask Mask of the multicast group address 255 255 255 255 by default Description Use the reset igmp group command to clear IGMP multicast group informat...

Page 418: ...it is configured namely all received messages are considered legal The source keyword in the rule command is translated into BSR address in the bsr policy command Examples Configure a BSR filtering policy on devices to allow only the multicast devices on subnet 101 1 1 1 32 to become BSR Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname pim Sy...

Page 419: ...m Examples Configure VLAN interface 10 on the switch as a C BSR with a priority of 2 and the hash mask length of 24 Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname pim Sysname pim c bsr vlan interface 10 24 2 c rp Syntax c rp interface type interface number group policy acl number priority priority value undo c rp interface type interface nu...

Page 420: ... Syntax crp policy acl number undo crp policy View PIM view Parameters acl number Advanced ACL number ranging from 3000 to 3999 When defining the ACL use the source keyword in the rule command to specify a C RP address and use the destination keyword to specify a multicast address range that the C RP will serve Description Use the crp policy command to configure a valid C RP address range and a mu...

Page 421: ... BSR information Related commands c bsr c rp Examples Display the BSR information Sysname display pim bsr info Current BSR Address 20 20 20 30 Priority 0 Mask Length 30 Expires 00 01 55 Local host is BSR Table 3 1 display pim bsr info command output description Field Description Current BSR Address BSR address Priority BSR priority Mask Length 30 Hash mask length Expires 00 01 55 Remaining lifetim...

Page 422: ...l is 30 seconds PIM neighbor limit is 128 PIM neighbor policy is none Total 1 PIM neighbor on interface PIM DR designated router is 10 10 1 20 Table 3 2 display pim interface command output description Field Description IP address of the interface IP address of the VLAN interface PIM version PIM version running on the interface PIM mode PIM mode enabled on the VLAN interface DM or SM PIM query int...

Page 423: ...88 Table 3 3 display pim neighbor command output description Field Description Neighbor Address Neighbor address Interface Name VLAN interface on which the neighbor has been discovered Uptime Time elapsed since the multicast group was discovered Expires Remaining lifetime of the PIM neighbor display pim routing table Syntax display pim routing table g group address mask mask length mask rp rp addr...

Page 424: ...ludes the SPT information and RPF information Examples Display the information about the PIM multicast routing table Sysname display pim routing table PIM SM Routing Table Total 1 S G entry 1 G entry 0 RP entry 228 0 0 0 RP 23 12 0 1 Protocol 0x20 PIMSM Flag 0x3 RPT WC Uptime 00 00 13 Timeout in 197 sec Upstream interface Vlan interface1 RPF neighbor 200 1 0 1 Downstream interface list Vlan interf...

Page 425: ...an RP RPF neighbor field of the S G entry is Null Downstream interface list List of downstream interfaces display pim rp info Syntax display pim rp info group address View Any view Parameters group address Multicast group address With this argument provided the command displays the RP information about the specified multicast group otherwise the command displays the RP information about all multic...

Page 426: ...ted Expires Remaining lifetime of the RP pim Syntax pim undo pim View System view Parameters None Description Use the pim command to enter PIM view so that you can configure PIM parameters globally Note that this command is not used to enable PIM Use the undo pim command to clear PIM configurations made in PIM view Examples Enter PIM view Sysname system view System View return to User View with Ct...

Page 427: ...his configuration you can divide a PIM SM network into regions with different BSRs Note that this command is not used to set up a multicast boundary Related commands c bsr Examples Configure a PIM domain border on VLAN interface 10 Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname pim Sysname interface Vlan interface 10 Sysname Vlan interface1...

Page 428: ...ber of PIM neighbors on the current interface The switch will add no more neighbors for the interface when the limit is reached Use the undo pim neighbor limit command to restore the default By default a switch can have a maximum of 128 PIM neighbors on an interface If you figure a threshold smaller than the current number of PIM neighbors the existing PIM neighbors will not be deleted immediately...

Page 429: ...n the current interface Examples Configure a PIM neighbor filter on VLAN interface 10 so that only 10 10 1 2 can become its PIM neighbor Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 10 10 1 2 0 Sysname acl basic 2000 rule deny source any Sysname acl basic 2000 quit Sysname interface Vlan interface 10 Sysname Vlan ...

Page 430: ...ssages at the interval of 30 seconds After PIM SM is enabled on an interface the switch periodically sends Hello messages to all the PIM capable devices to discover PIM neighbors If the interface receives Hello messages it means that the interface is connected to neighboring network devices that support PIM and the interface will add the neighbors to its own neighbor list If the interface receives...

Page 431: ...f 225 1 0 0 16 Sysname system view System View return to User View with Ctrl Z Sysname acl number 3010 Sysname acl adv 3010 rule permit ip source 10 10 0 0 0 0 255 255 destination 225 1 0 0 0 0 255 255 Sysname acl adv 3010 quit Sysname pim Sysname pim register policy 3010 reset pim neighbor Syntax reset pim neighbor all neighbor address interface interface type interface number View User view Para...

Page 432: ... Use the reset pim routing table command to clear PIM route entries You can provide a source address before or after a group address in the command as long as they are valid An error message will be given if you type an invalid address In this command if the group address is 224 0 0 0 24 and source address is the RP address where group address can have a mask but the resulted IP address must be 22...

Page 433: ...ives the first multicast packet Note that z To adjust the order of an ACL that already exists in the group policy list you can use the acl number argument to specify this ACL and set its order value This will insert the ACL to the position of order value in the group policy list The order of the other existing ACLs in the group policy list will remain unchanged z To use an ACL in the group policy ...

Page 434: ... a multicast source is 210 seconds The configured multicast source lifetime applies to all S G entries in the PIM routing table and the multicast routing table rather than on a specific S G entry and the configuration changes the aging time of all the existing S G entries Examples Set the multicast source lifetime to 3000 seconds Sysname system view System View return to User View with Ctrl Z Sysn...

Page 435: ...you run the command for a second time Examples Configure the switch to accept the multicast data packets from any multicast source but 10 10 1 1 Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname pim Sysname pim source policy 2000 Sysname pim quit Sysname acl number 2000 Sysname acl basic 2000 rule deny source 10 10 1 1 0 Sysname acl basic 2000...

Page 436: ...xisting one if you execute the command for a second time Related commands display pim rp info Examples Configure the device that has an interface address of 10 110 0 6 as a static RP that will serve only the multicast groups in the range of 225 0 0 0 to 225 255 255 255 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source ...

Page 437: ...nism By default the SA message caching mechanism is enabled With the SA message caching mechanism enabled the switch sends no SA request message to the specified MSDP peer upon receiving a Join message Related commands display msdp sa cache reset msdp sa cache display msdp sa count Examples Disable the SA message caching mechanism Sysname system view System View return to User View with Ctrl Z Sys...

Page 438: ...ted z Down Connection failed Up Down time Time passed since MSDP peer connection establishment failure AS Number of the AS where the MSDP peer is located indicates that the system was unable to obtain the AS number SA Count The number of S G entries cached in the SA Reset Count Number of MSDP peer connection reset times display msdp peer status Syntax display msdp peer status peer address View Any...

Page 439: ...SA requests 0 0 Incoming outgoing SA responses 0 0 Incoming outgoing data packets 0 0 Table 4 2 display msdp peer status command output description Field Description MSDP Peer MSDP peer address AS Number of the AS where the MSDP peer is located indicates that the system was unable to obtain the AS number State MSDP peer status z Up Session set up MSDP peer in session z Listen Session set up local ...

Page 440: ...A messages SA cache maximum for the peer Maximum number of SA messages from the specified MSDP peer that can be cached Input queue size Data size cached in the input queue Output queue size Data size cached in the output queue Counters for MSDP message MSDP peer statistics z Count of RPF check failure Number of SA messages discarded due to RPF check failure z Incoming outgoing SA messages Number o...

Page 441: ...entries Source Group Origin RP Pro AS Uptime Expires 10 10 1 2 225 1 1 1 10 10 10 10 00 00 10 00 05 50 10 10 1 3 225 1 1 1 10 10 10 10 00 00 11 00 05 49 10 10 1 2 225 1 1 2 10 10 10 10 00 00 11 00 05 49 10 10 2 1 225 1 1 2 10 10 10 10 00 00 11 00 05 49 10 10 1 2 225 1 2 2 10 10 10 10 00 00 11 00 05 49 MSDP matched 5 entries Table 4 3 display msdp sa cache command output description Field Descripti...

Page 442: ... of SA 10 10 10 10 5 Number of source and group counted by AS AS Number of source Number of group 100 3 3 Total Source Active entries 5 Table 4 4 display msdp sa count command output description Field Description Number of cached Source Active entries counted by Peer Number of cached S G entries per peer Peer s Address Address of the MSDP peer that sends SA messages Number of SA Number of S G entr...

Page 443: ...e command to cancel the configuration By default an SA message advertise any S G entries in the domain In addition you can use the peer sa policy import command or the peer sa policy export command to filter forwarded SA messages Examples Configure the MSDP peer to advertise only the S G entries for multicast sources in the range of 10 10 0 0 16 and multicast groups in the range of 225 1 0 0 16 wh...

Page 444: ...e address for the tracert operation group address Specifies a multicast group address for the tracert operation rp address IP address of the origin RP max hops Maximum number of hops to be traced ranging from 1 to 255 The default value is 16 next hop info Collects the next hop information sa info Collects the SA entity information peer info Collects the MSDP peer information skip hops Number of ho...

Page 445: ...ish a peering session with the Peer RPF neighbor Peer Uptime The time of the peering session between the local switch and a Peer RPF neighbor in minutes The maximum value is 255 Cache Entry Uptime Up time of the S G RP entry in SA cache of the local switch in minutes The maximum value is 255 D bit 1 An S G RP entry exists in the SA cache of the local switch but the RP is different from the RP spec...

Page 446: ...ce type interface number Specifies an interface by its type and number Description Use the originating rp command to configure the address of the specified interface as the RP address in SA messages Use the undo originating rp command to cancel configuration By default the RP address in an SA message is the RP address of the PIM domain Examples Configure the IP address of VLAN interface 100 as the...

Page 447: ... is 125 10 7 6 as the MSDP peer of the switch and establish a peering connection with the MSDP peer through VLAN interface 100 Sysname system view System View return to User View with Ctrl Z Sysname msdp Sysname msdp peer 125 10 7 6 connect interface Vlan interface 100 peer description Syntax peer peer address description text undo peer peer address description View MSDP view Parameters peer addre...

Page 448: ...figuration By default an MSDP peer does not belong to any mesh group Examples Configure the MSDP peer with the address of 125 10 7 6 as a member of mesh group Grp1 Sysname system view System View return to User View with Ctrl Z Sysname msdp Sysname msdp peer 125 10 7 6 mesh group Grp1 peer minimum ttl Syntax peer peer address minimum ttl ttl value undo peer peer address minimum ttl View MSDP view ...

Page 449: ...iew MSDP view Parameters peer address Specifies an MSDP peer by its IP address Description Use the peer request sa enable command to enable the switch to send an SA request message to the specified MSDP peer upon receipt of a Join message Use the undo peer request sa enable command to remove the configuration By default upon receipt of a Join message the switch sends no SA request message to the M...

Page 450: ...ies learned from the MSDP peer with the address of 125 10 7 6 Sysname system view System View return to User View with Ctrl Z Sysname msdp Sysname msdp peer 125 10 7 6 sa cache maximum 100 peer sa policy Syntax peer peer address sa policy import export acl acl number undo peer peer address sa policy import export View MSDP view Parameters peer address Specifies an MSDP peer by its IP address impor...

Page 451: ...equest messages from which will be filtered acl number Basic ACL number in the range of 2000 to 2999 If no ACL is specified all SA request messages will be ignored Description Use the peer sa request policy command to filter the SA request messages from the specified MSDP peer Use the undo peer sa request policy command to restore the default By default the switch accepts all SA request messages f...

Page 452: ...cs Examples Reset the TCP connection with the MSDP peer 125 10 7 6 and clear the statistics about the MSDP peer Sysname reset msdp peer 125 10 7 6 reset msdp sa cache Syntax reset msdp sa cache group address View User view Parameters group address Multicast group address the cached S G entries matching this address are to be deleted from the SA cache If no multicast group address is specified all ...

Page 453: ...Clear the statistics information about MSDP peer 125 10 7 6 Sysname reset msdp statistics 125 10 7 6 shutdown Syntax shutdown peer address undo shutdown peer address View MSDP view Parameters peer address Specifies an MSDP peer by its IP address Description Use the shutdown command to shut down the connection with the specified MSDP peer Use the undo shutdown command to reactivate an MSDP peering ...

Page 454: ...ding to the prefix list configured only SA messages whose RP addresses pass the filtering are received If multiple static RPF peers using the same rp policy keyword are configured when any of the peers receives an SA message it will forward the SA message to the other peers z Use the rp policy keyword for none of the MSDP peers In this case based on the configuration sequence only the first static...

Page 455: ...try command to configure the connection request retry interval Use the undo timer retry command to restore the default By default the connection request retry interval is 30 seconds Related commands peer connect interface Examples Set the connection request retry interval to 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname msdp Sysname msdp timer retry 60 ...

Page 456: ... z aging time of multicast member ports z non flooding feature status Related commands igmp snooping igmp snooping router aging time igmp snooping max response time igmp snooping host aging time igmp snooping nonflooding enable Examples Display IGMP Snooping configuration information on the switch Sysname display igmp snooping configuration Enable IGMP Snooping The router port timeout is 105 secon...

Page 457: ...st join multicast static group vlan multicast static group interface multicast static group vlan multicast static router port multicast static router port vlan Examples Display the information about the multicast groups in VLAN 100 Sysname display igmp snooping group vlan 100 Total 1 IP Group s Total 1 MAC Group s Vlan id 100 Total 1 IP Group s Total 1 MAC Group s Static Router port s Ethernet1 0 ...

Page 458: ...ber port IP group address IP address of a multicast group MAC group s MAC multicast group MAC group address Address of a MAC multicast group Host port s Member ports display igmp snooping statistics Syntax display igmp snooping statistics View Any view Parameters None Description Use the display igmp snooping statistics command to display IGMP Snooping statistics This command displays the followin...

Page 459: ...eives z one IGMP general query messages z zero IGMP specific query messages z zero IGMPv1 report messages z three IGMPv2 report messages z zero IGMP leave messages z zero IGMP error packets IGMP Snooping sends z zero IGMP specific query messages igmp snooping Syntax igmp snooping enable disable View System view VLAN view Parameters enable Enables the IGMP Snooping feature disable Disables the IGMP...

Page 460: ... System View return to User View with Ctrl Z Sysname igmp snooping enable Enable IGMP Snooping ok igmp snooping fast leave Syntax igmp snooping fast leave vlan vlan list undo igmp snooping fast leave vlan vlan list View System view Ethernet port view Parameters vlan vlan list Specifies a VLAN list With the vlan list argument you can provide one or more individual VLAN IDs in the form of vlan id an...

Page 461: ...essing on Ethernet 1 0 1 in VLAN 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 igmp snooping fast leave vlan 2 igmp snooping general query source ip Syntax igmp snooping general query source ip current interface ip address undo igmp snooping general query source ip View VLAN view Parameters current interface Specifies the I...

Page 462: ...owest IP address vlan vlan list Specifies a VLAN list With the vlan list argument you can provide one or more individual VLAN IDs in the form of vlan id and or one or more VLAN ID ranges in the form of vlan id1 to vlan id2 where vlan id2 must be greater than vlan id1 The effective range for a VLAN ID is 1 to 4094 and the total number of individual VLANs plus VLAN ranges cannot exceed 10 Descriptio...

Page 463: ...in VLAN 2 to join a maximum of 200 multicast groups Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 igmp snooping group limit 200 vlan 2 igmp snooping group policy Syntax igmp snooping group policy acl number vlan vlan list undo igmp snooping group policy vlan vlan list View System view Ethernet port view Parameters acl number ...

Page 464: ... the configuration takes effect on the port only if the port belongs to the specified VLAN s Examples Configure a multicast group filter to allow receivers attached to Ethernet 1 0 1 to access the multicast streams for groups 225 0 0 0 to 225 255 255 255 z Configure ACL 2000 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit s...

Page 465: ...s Use the undo igmp snooping host aging time command to restore the default aging time By default the aging time of multicast member ports is 260 seconds The aging time of multicast member ports determines the refresh frequency of multicast group members In an environment where multicast group members change frequently a relatively shorter aging time is required Related commands display igmp snoop...

Page 466: ...oping nonflooding enable View System view Parameters None Description Use the igmp snooping nonflooding enable command to enable the IGMP Snooping non flooding function With this function enabled unknown multicast packets are passed to the router ports of the switch rather than being flooded in the VLAN Use the undo igmp snooping nonflooding enable command to disable the IGMP Snooping non flooding...

Page 467: ...d unknown multicast dropping Sysname system view System View return to User View with Ctrl Z Sysname igmp snooping enable Sysname igmp snooping nonflooding enable igmp snooping querier Syntax igmp snooping querier undo igmp snooping querier View VLAN view Parameters None Description Use the igmp snooping querier command to enable the IGMP Snooping querier feature on the current VLAN Use the undo i...

Page 468: ...e IGMP query interval is 60 seconds These commands are effective only after the IGMP Snooping querier feature is enabled Otherwise the switch will not send general queries The configured query interval must be longer than the maximum response time in general queries Related commands igmp snooping enable igmp snooping querier igmp snooping max response time igmp snooping general query source ip Exa...

Page 469: ...em View return to User View with Ctrl Z Sysname igmp snooping router aging time 500 igmp snooping version Syntax igmp snooping version version number undo igmp snooping version View VLAN view Parameters version number IGMP Snooping version in the range of 2 to 3 and defaulting to 2 Description Use the igmp snooping version command to configure the IGMP Snooping version in the current VLAN Use the ...

Page 470: ... enable Sysname igmp snooping vlan mapping vlan 2 igmp host join port Syntax igmp host join group address source ip source address port interface list undo igmp host join group address source ip source address port interface list View VLAN interface view Parameters group address Address of the multicast group to join source address Address of the multicast source to join You can specify a multicas...

Page 471: ...ands igmp snooping enable multicast static group interface multicast static group vlan Before configuring simulated joining enable IGMP Snooping in the VLAN corresponding to the current VLAN interface Examples Configure Ethernet 1 0 1 under VLAN interface 10 as a simulated host member host to join multicast group 225 0 0 1 Sysname system view System View return to User View with Ctrl Z Sysname igm...

Page 472: ...cast static group interface multicast static group vlan z Before configuring a port as a simulated host enable IGMP Snooping in VLAN view first z The current port must belong to the specified VLAN otherwise this configuration does not take effect Examples Configure Ethernet 1 0 1 in VLAN 1 as a simulated member host for multicast source 1 1 1 1 and multicast group 225 0 0 1 Sysname system view Sys...

Page 473: ... undo multicast static group interface command to remove the specified port s in the current VLAN as static member port s for the specified multicast group By default no port is configured as a static multicast group member port The ports configured with this command handle Layer 2 multicast traffic only rather than Layer 3 multicast traffic Examples Configure ports Ethernet 1 0 1 to Ethernet 1 0 ...

Page 474: ...w System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 multicast static group 225 0 0 1 vlan 2 multicast static router port Syntax multicast static router port interface type interface number undo multicast static router port interface type interface number View VLAN view Parameters interface type interface number Specifies a port by its type and numbe...

Page 475: ...static router port vlan command to remove the current port in the specified VLAN as a static router port By default the static router port function is disabled Examples Configure Ethernet 1 0 1 in VLAN 10 as a static router port Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet 1 0 1 multicast static router port vlan 10 reset igmp sno...

Page 476: ...s the information security z One port belongs to only one multicast VLAN z The port connected to a user terminal must be a hybrid port z The multicast member port must be in the same multicast VLAN with the router port Otherwise the port cannot receive multicast packets z If a router port is in a multicast VLAN the router port must be configured as a trunk port or a hybrid port that allows tagged ...

Page 477: ...1x version check 1 20 reset dot1x statistics 1 20 2 Quick EAD Deployment Configuration Commands 2 1 Quick EAD Deployment Configuration Commands 2 1 dot1x free ip 2 1 dot1x timer acl timeout 2 2 dot1x url 2 2 3 HABP Configuration Commands 3 1 HABP Configuration Commands 3 1 display habp 3 1 display habp table 3 2 display habp traffic 3 2 habp enable 3 3 habp server vlan 3 3 habp timer 3 4 4 System ...

Page 478: ...ii system guard ip enable 4 5 system guard l3err enable 4 6 system guard tcn enable 4 7 system guard tcn rate threshold 4 7 ...

Page 479: ...y the 802 1x related information about a specified port interface list Ethernet port list in the form of interface list interface type interface number to interface type interface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the display dot1x c...

Page 480: ...ng times 2 EAD Quick Deploy configuration Url http 192 168 19 23 Free ip 192 168 19 0 255 255 255 0 Acl timeout 30 m Total maximum 802 1x user resource number is 1024 Total current used 802 1x resource number is 1 Ethernet1 0 1 is link up 802 1X protocol is enabled Proxy trap checker is disabled Proxy logoff checker is disabled Version Check is disabled The port is an authenticator Authentication ...

Page 481: ...through a proxy z Disable means the switch does not disconnect a supplicant system when it detects that the latter logs in through a proxy z Enable means the switch disconnects a supplicant system when it detects that the latter logs in through a proxy EAD Quick Deploy is enabled Quick EAD deployment is enabled Transmit Period Setting of the Transmission period timer the tx period Handshake Period...

Page 482: ...le means the switch does not disconnect a supplicant system when it detects that the latter logs in through a proxy z Enable means the switch disconnects a supplicant system when it detects that the latter logs in through a proxy Version Check is disabled Whether or not the client version checking function is enabled z Disable means the switch does not checks client version z Enable means the swit...

Page 483: ...ports In Ethernet port view the interface list argument is not available and the command enables 802 1x for only the current Ethernet port 802 1x related configurations take effect on a port only after 802 1x is enabled both globally and on the port z The settings of 802 1x and MAC address learning limit are mutually exclusive Enabling 802 1x on a port will prevent you from setting the limit on MA...

Page 484: ...shaking procedure In this method user names are transmitted rather than passwords Therefore this method is safer In EAP authentication a switch authenticates supplicant systems by encapsulating 802 1x authentication information in EAP packets and sending the packets to the RADIUS server instead of converting the packets into RADIUS packets before forwarding to the RADIUS server You can use EAP aut...

Page 485: ...undo dot1x guest vlan interface interface list View System view Ethernet port view Parameters vlan id VLAN ID of a guest VLAN in the range 1 to 4094 interface list Ethernet port list in the form of interface list interface type interface number to interface type interface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The s...

Page 486: ...he dot1x dhcp launch command is executed on the switch because the switch does not send authentication request packets in this case Examples Configure the switch to operate in the port based authentication mode Sysname system view System View return to User View with Ctrl Z Sysname dot1x port method portbased Enable the guest VLAN function for all the ports Sysname dot1x guest vlan 1 dot1x handsha...

Page 487: ...aking function Sysname system view System View return to User View with Ctrl Z Sysname dot1x handshake enable dot1x handshake secure Syntax dot1x handshake secure undo dot1x handshake secure View Ethernet port view Parameters None Description Use the dot1x handshake secure command to enable the handshaking packet protection function protecting the device against attacks from fake clients Use the u...

Page 488: ...of the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x max user command to set the maximum number of users an Ethernet port can accommodate Use the undo dot1x max user command to revert to the default maximum user number By default a port can accommodate up to 256 users In system view z If you do not provide the interface list argument these two comman...

Page 489: ...ort list in the form of interface list interface type interface number to interface type interface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x port control command to specify the access control mode for specified Ethernet ports Use t...

Page 490: ... based authentication mode the users connected to the port are authenticated separately Thus log off of a user will not affect other users z In port based authentication mode all the users connected to the port can access the network without being authenticated if a user among them passes the authentication When the user logs off the network is inaccessible to all other supplicant systems too z Ch...

Page 491: ...nticator system performs no 802 1x authentication of the user By default the quiet period timer is disabled Related commands display dot1x dot1x timer Examples Enable the quiet period timer Sysname system view System View return to User View with Ctrl Z Sysname dot1x quiet period dot1x retry Syntax dot1x retry max retry value undo dot1x retry View System view Parameters max retry value Maximum num...

Page 492: ...switch sends version request packets to a user This argument ranges from 1 to 10 Description Use the dot1x retry version max command to set the maximum number of times that a switch sends version request packets to a user Use the undo dot1x retry version max command to revert to the default value By default a switch sends version request packets to a user for up to 3 times After a switch sends a v...

Page 493: ... specific ports or on all ports of the switch By default 802 1x re authentication is disabled on all ports In system view z If you do not specify the interface list argument this command will enable 802 1x re authentication on all ports z If you specify the interface list argument the command will enable 802 1x on the specified ports In Ethernet port view the interface list argument is not availab...

Page 494: ...ot1x supp proxy check command to disable 802 1x proxy checking for specified ports By default 802 1x proxy checking is disabled on all Ethernet ports In system view z If you do not specify the interface list argument the configurations performed by these two commands are global z If you specify the interface list argument these two commands apply to the specified Ethernet ports In Ethernet port vi...

Page 495: ... function takes effect only after the client version checking function is enabled on the switch using the dot1x version check command Related commands display dot1x Examples Configure to disconnect the users connected to Ethernet 1 0 1 through Ethernet 1 0 8 ports if they are detected logging in through proxies Sysname system view System View return to User View with Ctrl Z Sysname dot1x supp prox...

Page 496: ... timer This timer sets the supp timeout period and is triggered by the switch after the switch sends a request challenge packet to a supplicant system The packet is used to request the supplicant system for the MD5 encrypted string The switch sends another request challenge packet to the supplicant system if the switch does not receive the response from the supplicant system when this timer times ...

Page 497: ...er to 150 seconds Sysname system view System View return to User View with Ctrl Z Sysname dot1x timer server timeout 150 dot1x timer reauth period Syntax dot1x timer reauth period reauth period value undo dot1x timer reauth period View System view Parameters reauth period reauth period value Specifies re authentication interval in seconds After this timer expires the switch initiates 802 1x re aut...

Page 498: ...mmand to disable 802 1x client version checking for specified Ethernet ports By default 802 1x client version checking is disabled on all the Ethernet ports In system view z If you do not provide the interface list argument these two commands apply to all the ports of the switch z If you specify the interface list argument these commands apply to the specified ports In Ethernet port view the inter...

Page 499: ...o clear 802 1x related statistics To retrieve the latest 802 1x related statistics you can use this command to clear the existing 802 1x related statistics first When you execute this command If the interface list argument is not specified this command clears the global 802 1x statistics and the 802 1x statistics on all the ports If the interface list argument is specified this command clears the ...

Page 500: ...s in the range 0 to 32 Description Use the dot1x free ip command to configure a free IP range A free IP range is an IP range that users can access before passing 802 1x authentication Use the undo dot1x free ip command to remove a specified free IP range or all free IP ranges By default no free IP range is configured z You must configure the URL for HTTP redirection before configuring a free IP ra...

Page 501: ...dot1x configuration commands Examples Set the ACL timeout period to 40 minutes Sysname system view System View return to User View with Ctrl Z Sysname dot1x timer acl timeout 40 dot1x url Syntax dot1x url url string undo dot1x url View System view Parameters url string URL for HTTP redirection in the format of http x x x x Description Use the dot1x url command to configure the URL for HTTP redirec...

Page 502: ...2 3 System View return to User View with Ctrl Z Sysname dot1x url http 192 168 19 23 ...

Page 503: ...tion HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 3 1 Description on the fields of the display habp command Field Description HABP Mode Indicates the HABP mode of the switch A switch can operate as an HABP server displayed as Server or an HABP client displayed as Client Sending HABP request packets every 20 seconds The HABP request packet transmission interval...

Page 504: ...isplay habp table command Field Description MAC MAC addresses contained in the HABP MAC address table Holdtime Hold time of the entries in the HABP MAC address table An entry is removed from the table if it is not updated in a period determined by the hold time Receive Port The port from which a MAC address is learned display habp traffic Syntax display habp traffic View Any view Parameters None D...

Page 505: ...ent failed Number of the HABP packets that failed to be sent habp enable Syntax habp enable undo habp enable View System view Parameters None Description Use the habp enable command to enable HABP for a switch Use the undo habp enable command to disable HABP for a switch By default HABP is enabled on a switch If an 802 1x enabled switch does not have HABP enabled it cannot manage the switches atta...

Page 506: ... an HABP server and the HABP packets to be broadcast in VLAN 2 Assume that HABP is enabled Sysname system view System View return to User View with Ctrl Z Sysname habp server vlan 2 habp timer Syntax habp timer interval undo habp timer View System view Parameters interval Interval in seconds to send HABP request packets This argument ranges from 5 to 600 Description Use the habp timer command to s...

Page 507: ...3 5 Sysname habp timer 50 ...

Page 508: ...ed times of aging time 3 Number of suspicious hosts that can be detected 30 Number of suspicious hosts detected 0 Table 4 1 Description on the fields of the display system guard ip state command Field Description System guard IP is running System Guard against IP attacks is running IP record threshold Threshold of the number of IP addresses that can be learnt within 10 seconds Deny threshold The m...

Page 509: ...stem guard ip record M Master port of link aggregation Index Source IP Destination IP Port 1 000 000 000 000 000 000 000 000 0 0 0 2 000 000 000 000 000 000 000 000 0 0 0 3 000 000 000 000 000 000 000 000 0 0 0 4 000 000 000 000 000 000 000 000 0 0 0 5 000 000 000 000 000 000 000 000 0 0 0 Table 4 2 Description on the fields of the display system guard ip record command Field Description Index Ind...

Page 510: ... Description Use the display system guard tcn state command to view the status of TCN Examples View the status of TCN System Guard Sysname display system guard tcn state System guard TCN state enabled system guard ip detect maxnum Syntax system guard ip detect maxnum number undo system guard ip detect maxnum View System view Parameters number Maximum number of hosts that can be monitored in the ra...

Page 511: ...he range of 1 to 100 record times threshold Maximum number of times an IP address must be hit before an action can be taken in the range of 1 to 10 isolate time Isolation time in the range of 3 to 100 After System Guard takes an action on an suspected IP address the system will wait isolate time before it learns destination address es again for that source IP address Description Use the system gua...

Page 512: ...me system view System View return to User View with Ctrl Z Sysname system guard ip detect threshold 50 3 5 system guard ip enable Syntax system guard ip enable undo system guard ip enable View System view Parameters None Description Use the system guard ip enable command to enable System Guard against IP attacks Use the undo system guard ip enable command to disable System Guard against IP attacks...

Page 513: ...eature disabled the switch delivers all Layer 3 packets which the switch considers to be error packets including IP packets with the options field to the CPU for further processing With the Layer 3 error control feature enabled the switch directly discards all Layer 3 packets which the switch considers to be error packets without delivering them to the CPU In normal situations we recommend that yo...

Page 514: ...ARP entries from being frequently deleted by STP or RSTP in addition when the TCN TC packet rate exceeds the preset threshold proper measures can be taken based on the output trap and log information By default this feature is disabled Examples Enable System Guard against TCN attacks Sysname system view System View return to User View with Ctrl Z Sysname system guard tcn enable system guard tcn ra...

Page 515: ... trap or log information by default if more than 10 TCN TC packets are received within 10 seconds If the TCN TC packet receiving rate is lower than the set threshold within a 10 second monitoring cycle the system will not send trap or log information in the next 10 second monitoring cycle Examples Sets the threshold of TCN TC receiving rate to 20 pps Sysname system view System View return to User ...

Page 516: ... 15 level 1 16 local user 1 17 local user password display mode 1 18 messenger 1 18 name 1 19 password 1 20 radius scheme 1 21 scheme 1 21 self service url 1 22 service type 1 23 state 1 24 vlan assignment mode 1 25 RADIUS Configuration Commands 1 27 accounting optional 1 27 accounting on enable 1 27 calling station id mode 1 29 data flow format 1 30 display local server statistics 1 30 display ra...

Page 517: ...ser name format 1 54 HWTACACS Configuration Commands 1 55 data flow format 1 55 display hwtacacs 1 56 display stop accounting buffer 1 57 hwtacacs nas ip 1 58 hwtacacs scheme 1 58 key 1 59 nas ip 1 60 primary accounting 1 60 primary authentication 1 61 primary authorization 1 62 reset hwtacacs statistics 1 63 reset stop accounting buffer 1 63 retry stop accounting 1 64 secondary accounting 1 64 se...

Page 518: ...w ISP domain view Parameters disable Specifies not to limit the number of access users that can be contained in current ISP domain enable max user number Specifies the maximum number of access users that can be contained in current ISP domain The max user number argument ranges from 1 to 2 072 Description Use the access limit command to set the maximum number of access users that can be contained ...

Page 519: ...ription Use the accounting command to configure an accounting scheme for current ISP domain Use the undo accounting command to cancel the accounting scheme configuration for current ISP domain By default no separate accounting scheme is configured for an ISP domain When you use the accounting command to reference a RADIUS or HWTACACS scheme in current ISP domain the RADIUS or HWTACACS scheme must ...

Page 520: ...ect the user as long as the accounting optional command has been executed z The accounting optional command is commonly used in the cases where only authentication is needed and accounting is not needed z If you configure the accounting optional command in ISP domain view it is effective to all users in the domain if you configure it in RADIUS scheme view it is effective to users the RADIUS scheme...

Page 521: ...s When binding the user to a local port you need not use nas ip ip address port port number Sets the port to which you want to bind the user Here port number is in the format of device ID slot number port number the device ID ranges from 1 to 8 the slot number ranges from 0 to 15 if the bound port has no slot number just input 0 for this item and the port number ranges from 1 to 255 Description Us...

Page 522: ...uthentication will be performed otherwise local authentication will be performed z If you execute the authentication hwtacacs scheme hwtacacs scheme name local command the local scheme is used as the secondary authentication scheme in case no TACACS server is available That is if the communication between the switch and a TACACS server is normal no local authentication will be performed otherwise ...

Page 523: ...se the undo authentication super command to remove the specified HWTACACS authentication scheme By default no HWTACACS authentication scheme is configured for user level switching When you execute the authentication super command to specify a HWTACACS authentication scheme for user level switching the HWTACACS scheme must exist The S3600 series switches adopt hierarchical protection for command li...

Page 524: ...ng of the ISP domain By default no separate authorization scheme is configured for an ISP domain Related commands scheme radius scheme hwtacacs scheme Examples Allow users in ISP domain aabbcc net to access network services without being authorized Sysname system view System View return to User View with Ctrl Z Sysname domain aabbcc net New Domain added Sysname isp aabbcc net authorization none au...

Page 525: ...ess radius scheme radius scheme name vlan vlan id ucibindex ucib index user name user name View System view Parameters all Cuts down all user connections access type dot1x mac authentication Cuts down user connections of a specified access type dot1x is used to cut down all 802 1x user connections and mac authentication is used to cut down all MAC authentication user connections domain isp name Cu...

Page 526: ...lan id ucibindex ucib index user name user name View Any view Parameters access type dot1x mac authentication Displays user connections of a specified access type Here dot1x is used to display all 802 1x user connections and mac authentication is used to display all MAC authentication user connections domain isp name Displays all user connections under specified ISP domain Here isp name is the nam...

Page 527: ...commands cut connection Examples Display information about all user connections Sysname display connection unit 1 Index 40 Username user1 domain1 MAC 000f 3d80 4ce5 IP 0 0 0 0 On Unit 1 Total 1 connections matched 1 listed Display information about the user connection with index 0 Sysname display connection ucibindex 0 Index 0 Username user1 system MAC 000f 3d80 4ce5 IP 192 168 0 3 Access 8021X Au...

Page 528: ...le cut Enable Time 60 min Flow 200 byte Self service URL http aabbcc net Messenger Time Maxlimit 30 min span 10 min Default Domain Name system Total 1 domain s 1 listed Table 1 2 Description on the fields of the display domain command Field Description Domain Domain name State Status of the domain which can be active or block Scheme AAA scheme that the domain uses Access Limit Maximum number of lo...

Page 529: ...able the idle cut function Here disable specifies the inhibited local users and enable specifies the allowed local users vlan vlan id Displays the local users belonging to a specified VLAN Here vlan id ranges from 1 to 4094 service type Displays the local users of a specified type You can specify one of the following user types ftp lan access generally this type of users are Ethernet access users ...

Page 530: ...he display local user command Field Description State Status of the local user ServiceType Mask Service type mask T means Telnet service S means SSH service C means client service LM means lan access service F means FTP service None means no defined service Idle cut Status of the idle cut function Access limit Limit on the number of access users Current AccessNum Number of current access users Bin...

Page 531: ...o delete a specified ISP domain The ISP domain system is used as the default ISP domain before you manually configure the default ISP domain and you can use the display domain command to check the settings of the default ISP domain system After you execute the domain command the system creates a new ISP domain if the specified ISP domain does not exist Once an ISP domain is created it is in the ac...

Page 532: ... a username that contains multiple the first will be used as the domain delimiter z If you have configured to use as the delimiter the must not appear more than once in the username If is the delimiter the username must not contain any Related commands domain Examples Specify as the delimiter between the username and the ISP domain name Sysname system view Enter system view return to user view wit...

Page 533: ...50 500 level Syntax level level undo level View Local user view Parameters level Privilege level to be set for the user It is an integer ranging from 0 to 3 Description Use the level command to set the privilege level of the user The privilege level of the user corresponds to the command level of the user For detailed information refer to the description of the command privilege level command in t...

Page 534: ...er than 16 characters will appear in the form of system prompt the first 15 characters of the username 4 digit index in the view prompt to avoid word wrap all Specifies all local users service type Specifies the local users of a specified type You can specify one of the following user types ftp lan access generally this type of users are Ethernet access users for example 802 1x users ssh telnet an...

Page 535: ... display mode command to set the password display mode of all local users Use the undo local user password display mode command to restore the default password display mode of all local users By default the password display mode of all access users is auto If the cipher force mode is adopted all passwords will be displayed in cipher text even though you have specified to display some users passwor...

Page 536: ...r remaining online time through clients by message dialog box Examples Enable the switch to send prompt messages at intervals of 5 minutes to the users in the ISP domain system after their remaining online time is less than 30 minutes Sysname system view System View return to User View with Ctrl Z Sysname domain system Sysname isp system messenger time enable 30 5 name Syntax name string undo name...

Page 537: ...n Use the password command to set a password for the local user Use the undo password command to cancel the password of the local user Note that z With the local user password display mode cipher force command configured the password is always displayed in cipher text regardless of the configuration of the password command z With the cipher keyword specified a password of up to 16 characters in pl...

Page 538: ...nt to the scheme radius scheme command Related commands radius scheme scheme display radius scheme Examples Configure the ISP domain aabbcc net to use the RADIUS scheme extended Sysname system view System View return to User View with Ctrl Z Sysname domain aabbcc net New Domain added Sysname isp aabbcc net radius scheme extended scheme Syntax scheme local none radius scheme radius scheme name loca...

Page 539: ...ACACS server is normal no local authentication is performed If the TACACS server is not reachable or there is a key error or NAS IP error local authentication is performed z If you execute the scheme local or scheme none command to use local or none as the primary scheme the local authentication is performed or no authentication is performed In this case no secondary scheme can be specified and th...

Page 540: ...hrough the following operation choose change user password on the 802 1x client the client opens the default browser for example IE or Netscape and locates the URL page used to change user password on the self service server Then the user can change the password z A user can choose the change user password option on the client only after passing the authentication If the user fails the authenticat...

Page 541: ...me local user user1 New local user added Sysname luser user1 service type telnet state Syntax state active block View ISP domain view local user view Parameters active Activates the current ISP domain in ISP domain view or local user in local user view to allow users in current ISP domain or current local user to access the network block Blocks the current ISP domain in ISP domain view or local us...

Page 542: ...he switch By default the VLAN assignment mode is integer that is the switch supports its RADIUS authentication server to assign integer VLAN IDs The dynamic VLAN assignment feature enables a switch to dynamically add the ports of successfully authenticated users to different VLANs according to the attributes assigned by the RADIUS server so as to control the network resources that different users ...

Page 543: ... 4 Commonly used servers and their dynamic VLAN assignment modes Server Dynamic VLAN assignment mode CAMS Integer For the latest CAMS version you can determine the assignment mode by attribute value ACS String FreeRADIUS You can determine the assignment mode by attribute value for example 100 is integer 100 is string Shiva Access Manager String Steel Belted Radius Administrator String In string mo...

Page 544: ...ct the user as long as the accounting optional command has been executed This command is commonly used in the cases where only authentication is needed and accounting is not needed z This configuration takes effect only on the ISP domains using this RADIUS scheme z If you configure the accounting optional command in ISP domain view it is effective to all users in the domain if you configure it in ...

Page 545: ...sage to the RADIUS server to tell the server that it has restarted and ask the server to log out its users The following gives the operations after the switch restarts 1 The switch generates an Accounting On message which mainly contains the following information NAS ID NAS IP address source IP address and session ID You can configure the NAS IP address argument manually by using the nas ip comman...

Page 546: ...e view Parameters mode1 Sets the MAC address format to XXXX XXXX XXXX where each X represents a hexadecimal number mode2 Sets the MAC address format to XX XX XX XX XX XX lowercase Uses lowercase letters in the MAC address uppercase Uses uppercase letters in the MAC address Description Use the calling station id mode command to configure the MAC address format of the Calling Station Id Type 31 fiel...

Page 547: ...t units By default the data unit and packet unit of outgoing RADIUS flows are byte and one packet respectively Note that the specified unit of data flows sent to the RADIUS server must be consistent with the traffic statistics unit of the RADIUS server Otherwise accounting cannot be performed correctly Related commands display radius scheme Examples Specify to measure data and packets in data flow...

Page 548: ... RADIUS scheme a string of up to 32 characters Description Use the display radius scheme command to display configuration information about one specific or all RADIUS schemes Related commands radius scheme Examples Display configuration information about all RADIUS schemes Sysname display radius scheme SchemeName system Index 0 Type extended Primary Auth IP 127 0 0 1 Port 1645 Primary Acct IP 127 ...

Page 549: ...ort IP address port number of the secondary accounting server Auth Server Encryption Key Shared key for the authentication servers Acct Server Encryption Key Shared key for the accounting servers Accounting method Accounting method Accounting On packet enable send times 15 interval 3s The switch sends up to 15 Accounting On messages at intervals of 3 seconds after restarting TimeOutValue in second...

Page 550: ...ntax display radius statistics View Any view Parameters None Description Use the display radius statistics command to display the RADIUS message statistics Related commands radius scheme Examples Display RADIUS message statistics Sysname display radius statistics state statistic total 2072 DEAD 2072 AuthProc 0 AuthSucc 0 AcctStart 0 RLTSend 0 RLTWait 0 AcctStop 0 OnLine 0 Stop 0 StateErr 0 Receive...

Page 551: ...loc_Mem_Err 0 State Mismatch 0 Other_Error 0 No response acct stop packet 0 Discarded No response acct stop packet for buffer overflow 0 display stop accounting buffer Syntax display stop accounting buffer radius scheme radius scheme name session id session id time range start time stop time user name user name View Any view Parameters radius scheme radius scheme name Displays the buffered stop ac...

Page 552: ... switch gets no response in a specified time period after sending a stop accounting request to a RADIUS server it will buffer the request and transmit the buffered one until the maximum number of transmission attempts set by the retry stop accounting command is reached Related commands reset stop accounting buffer stop accounting buffer enable retry stop accounting Examples Display the buffered st...

Page 553: ...ust be respectively consistent with the shared key on the authentication authorization server and the shared key on the accounting server Related commands primary accounting primary authentication radius scheme Examples Set hello as the shared key for RADIUS authentication authorization messages in RADIUS scheme radius1 Sysname system view System View return to User View with Ctrl Z Sysname radius...

Page 554: ...cal RADIUS services Here ip address is in dotted decimal notation key password Sets the shared key between the local RADIUS server and the NAS Here password is a string of up to 16 characters Description Use the local server nas ip command to set the related parameters of the local RADIUS server Use the undo local server nas ip command to cancel a specified NAS setting for the local RADIUS server ...

Page 555: ... D address Description Use the nas ip command to set the source IP address of outgoing RADIUS messages Use the undo nas ip command to remove the source IP address setting By default the IP address of the outbound interface is used as the source IP address of RADIUS messages The nas ip command in RADIUS scheme view has the same function as the radius nas ip command in system view and the configurat...

Page 556: ...address and port number of the primary RADIUS accounting server which are 0 0 0 0 and 1813 respectively In the system default RADIUS scheme system the default IP address of the primary accounting server is 127 0 0 1 and the default UDP port number is 1646 In a new RADIUS scheme the default IP address of the primary accounting server is 0 0 0 0 and the default UDP port number is 1813 Related comman...

Page 557: ... Note that z After creating a new RADIUS scheme you should configure the IP address and UDP port number of each RADIUS server you want to use in this scheme These RADIUS servers fall into two types authentication authorization and accounting For each kind of server you can configure two servers in a RADIUS scheme primary and secondary servers z In an actual network environment you can make RADIUS ...

Page 558: ...ew return to User View with Ctrl Z Sysname undo radius client enable radius nas ip Syntax radius nas ip ip address undo radius nas ip View System view Parameters ip address Source IP address to be set an IP address of this device This address can neither be the all 0 s address nor be a Class D address Description Use the radius nas ip command to set the source IP address of outgoing RADIUS message...

Page 559: ...cheme command to delete a specified RADIUS scheme By default a RADIUS scheme named system has already been created in the system Note that z All the attributes of RADIUS scheme system take the default values which you can see by using the display radius scheme command z The RADIUS protocol configuration is performed on a RADIUS scheme basis For each RADIUS scheme you should specify at least the IP...

Page 560: ... RADIUS accounting server turns down Description Use the radius trap command to enable the switch to send trap messages when a RADIUS server turns down Use the undo radius trap command to disable the switch from sending trap messages when a RADIUS authentication server or a RADIUS accounting server turns down By default this function is disabled This configuration takes effect on all RADIUS scheme...

Page 561: ...ontain any of the following characters session id session id Deletes the buffered stop accounting requests of a specified session Here session id is a session ID which is a string of up to 50 characters time range start time stop time Deletes the buffered stop accounting requests generated within a specified time period Here start time is the start time of the time period stop time is the end time...

Page 562: ...smission attempts is 3 Note that z The communication in RADIUS is unreliable because this protocol adopts UDP packets to carry its data Therefore it is necessary for the switch to retransmit a RADIUS request if it gets no response from the RADIUS server after the server response timeout timer expires If the switch gets no answer after it has tried the maximum number of times to transmit a RADIUS r...

Page 563: ...account request may be transmitted multiple times in an accounting attempt the maximum number of transmission attempts is set by the retry command in RADIUS scheme view If no response is received after the switch tries the maximum number of attempts to send the request the switch considers the accounting fails Suppose that the response timeout time of RADIUS server is three seconds set by the time...

Page 564: ... to billing and will eventually affect the charges of users they are important to both users and ISPs Therefore the switch should do its best to transmit them to RADIUS accounting servers When getting no response to such a request the switch should first buffer the request on itself and then retransmit the request to the RADIUS accounting server until it gets a response or the maximum number of tr...

Page 565: ...ame system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 secondary accounting 10 110 1 1 1813 secondary authentication Syntax secondary authentication ip address port number undo secondary authentication View RADIUS scheme view Parameters ip address IP address of the secondary authentication authorization server to be used i...

Page 566: ...pecifies to support standard RADIUS server that is use the procedure and message format of a standard RADIUS protocol RFC 2865 2866 or above to interact with a standard RADIUS server Description Use the server type command to configure the switch to support a specified type of RADIUS server Use the undo server type command to restore the default setting By default the switch supports RADIUS server...

Page 567: ...ue to some server trouble the switch will turn to the secondary server and exchange messages with the secondary server z After the primary server remains in the block state for a set time set by the timer quiet command the switch will try to communicate with the primary server again when it receives a RADIUS request If it finds that the primary server has recovered the switch immediately restores ...

Page 568: ... the request to the RADIUS accounting server until it gets a response or the maximum number of transmission attempts is reached in this case it discards the request Related commands reset stop accounting buffer radius scheme display stop accounting buffer Examples In RADIUS scheme radius1 enable the switch to buffer the stop accounting requests that get no response from the servers Sysname system ...

Page 569: ...ystem z The timer command has the same function with the timer response timeout command Related commands radius scheme retry Examples Set the timeout time of the response timeout timer for RADIUS scheme radius1 to 5 seconds Sysname system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer 5 timer quiet Syntax timer quiet mi...

Page 570: ... accounting interval After the setting the switch periodically sends online users accounting information to the RADIUS server at the set interval z The setting of the real time accounting interval depends to some degree on the performance of the switch and the RADIUS server The higher the performance of the switch and the RADIUS server is the shorter the interval can be It is recommended to set th...

Page 571: ... the switch can wait for the response is called the response timeout time of RADIUS servers and the corresponding timer in the switch system is called the response timeout timer of RADIUS servers You can use the timer response timeout command to set the timeout time of this timer and if the switch gets no answer before the response timeout timer expires it needs to retransmit the request to ensure...

Page 572: ...not ISP domain names are carried in the usernames to be sent to the RADIUS server z For a RADIUS scheme if you have specified to exclude ISP domain names from usernames you should not use this RADIUS scheme in more than one ISP domain Otherwise such errors may occur the RADIUS server regards two different users having the same name but belonging to different ISP domains as the same user because th...

Page 573: ...se accounting cannot be performed correctly Related commands display hwtacacs Examples Specify to measure data and packets in data flows to TACACS servers in kilo bytes and kilo packets respectively in HWTACACS scheme hwt1 Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 data flow format data kilo byte Sysname hwtacacs hwt1 data flo...

Page 574: ... authentication 790131 key authorization 790131 key accounting 790131 Quiet interval min 5 Response timeout Interval sec 5 Realtime accouting Interval min 12 Stop acct PKT resending times 100 Domain included No Traffic unit B Packet traffic unit one packet display stop accounting buffer Syntax display stop accounting buffer hwtacacs scheme hwtacacs scheme name View Any view Parameters hwtacacs sch...

Page 575: ...g outbound interface is used as the source address Note that z You can specify the source address of outgoing HWTACACS messages to avoid messages returned from server from being unable to reach their destination due to physical interface trouble It is recommended to use a Loopback interface address as the source IP address z You can specify only one source IP address by using this command When you...

Page 576: ... to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 key Syntax key accounting authentication authorization string undo key accounting authentication authorization View HWTACACS scheme view Parameters accounting Sets a shared key for HWTACACS accounting messages authentication Sets a shared key for HWTACACS authentication messages authorization Sets a shared key for HWTACAC...

Page 577: ... the default setting Note that z You can set the source address of HWTACACS messages to avoid messages returned from server from being unable to reach their destination due to physical interface trouble It is recommended to use a Loopback interface address as the source IP address z You can set only one source IP address by using this command When you re execute this command again the newly set so...

Page 578: ...ll overwrite the old one z You can remove an accounting server setting only when there is no active TCP connection that is sending accounting messages to the server Examples Set the IP address and UDP port number of the primary accounting server for HWTACACS scheme test1 to 10 163 155 12 and 49 respectively Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme tes...

Page 579: ... 163 155 13 49 primary authorization Syntax primary authorization ip address port undo primary authorization View HWTACACS scheme view Parameters ip address IP address of the primary authorization server to be used a valid unicast address in dotted decimal notation port Port number of the primary authorization server ranging from 1 to 65535 Description Use the primary authorization command to set ...

Page 580: ...HWTACACS authorization statistics all Clears all HWTACACS statistics Description Use the reset hwtacacs statistics command to clear HWTACACS statistics Related commands display hwtacacs Examples Clear all HWTACACS protocol statistics Sysname reset hwtacacs statistics all reset stop accounting buffer Syntax reset stop accounting buffer hwtacacs scheme hwtacacs scheme name View User view Parameters ...

Page 581: ...est retransmission function and set the maximum number of attempts to transmit a stop accounting request Use the undo retry stop accounting command to restore the default setting By default this function is enabled and the maximum number of transmission attempts is 100 Related commands reset stop accounting buffer hwtacacs scheme display stop accounting buffer Examples Enable the stop accounting r...

Page 582: ...ion that is sending accounting messages to the server Examples Set the IP address and UDP port number of the secondary accounting server for HWTACACS scheme hwt1 to 10 163 155 12 and 49 respectively Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 secondary accounting 10 163 155 12 49 secondary authentication Syntax secondary authen...

Page 583: ...dress IP address of the secondary authorization server a valid unicast address in dotted decimal notation port Port number of the secondary authorization server ranging from 1 to 65535 Description Use the secondary authorization command to set the IP address and port number of the secondary HWTACACS authorization server to be used by the current scheme Use the undo secondary authorization command ...

Page 584: ... active Use the undo timer quiet command to restore the default wait time By default the switch waits five minutes Related commands display hwtacacs Examples Configure the switch to wait 10 minutes before it tries to restore the status of the primary server to active Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 timer quiet 10 ti...

Page 585: ...e number of users is relatively great 1000 The following table lists the recommended intervals for different numbers of users Table 1 7 Numbers of users and recommended intervals Number of users Real time accounting interval 1 to 99 3 100 to 499 6 500 to 999 12 1000 15 Examples Set the real time accounting interval in HWTACACS scheme hwt1 to 51 minutes Sysname system view System View return to Use...

Page 586: ...ver in a HWTACACS scheme carry ISP domain names Note that z Generally an access user is named in the userid isp name format Here isp name behind the character represents the ISP domain name by which the device determines which ISP domain a user belongs to However some old TACACS servers cannot accept the usernames that carry ISP domain names In this case it is necessary to remove domain names from...

Page 587: ...1 70 Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 user name format without domain ...

Page 588: ... policy server address settings You can configure up to eight security policy server addresses in each RADIUS scheme The switch only responds to those session control messages that come from authentication server or security policy server Examples Set a security policy server address 192 168 0 1 on the switch Sysname system view System View return to User View with Ctrl Z Sysname radius scheme ext...

Page 589: ...n configuration 1 1 display web authentication connection 1 2 web authentication cut connection 1 3 web authentication enable 1 3 web authentication free ip 1 4 web authentication free user 1 5 web authentication max connection 1 6 web authentication select method 1 6 web authentication timer idle cut 1 7 web authentication web server 1 8 ...

Page 590: ...l Web authentication configurations including global configurations and configurations on individual ports Examples Display Web authentication configuration information Sysname display web authentication configuration Status enabled Web Server IP 30 1 1 2 Port 80 Idle cut time 900 sec Free IP 1 IP 10 1 1 0 Net Mask 255 255 255 0 Free User 1 IP 192 168 0 108 MAC 000d 88f6 44c1 Interface Configurati...

Page 591: ...nline users allowed on the port display web authentication connection Syntax display web authentication connection all interface interface type interface number user name user name View Any view Parameters all Displays information about all online Web authentication users interface type interface number Type and number of an interface user name Name of a user a string of 1 to 184 characters Descri...

Page 592: ...rface number View System view Parameters all Specifies all online users mac mac address Specifies an user by the user s MAC address user name user name Specifies a user by the user s name which is a string of 1 to 184 characters interface type interface number Specifies all users on a port Description Use the web authentication cut connection command to forcibly log out the specified or all users ...

Page 593: ...ith Ctrl Z Sysname web authentication web server ip 192 168 0 56 port 80 Sysname web authentication enable web authentication free ip Syntax web authentication free ip ip address mask length mask undo web authentication free ip ip address mask length mask all View System view Parameters ip address IP address mask length Mask length ranging from 1 to 32 mask Mask address Description Use the web aut...

Page 594: ...in the format of H H H for example 000d 88f6 44c1 all Deletes all authentication free user settings Description Use the web authentication free user command to set an authentication free user so that a user whose source IP and MAC addresses are both identical with those of the authentication free user can access the network without the necessary to pass the Web authentication Use the undo web auth...

Page 595: ...uthentication users on the current port When this threshold is reached no more users can pass the Web authentication on the port This configuration can only be performed on ports in shared access method By default a port allows up to 128 online Web authentication users Examples Configure Ethernet 1 0 1 to allow at most 100 online Web authentication users Sysname system view System View return to U...

Page 596: ... not enabled globally this configuration will only be saved You are not allowed to enable Web authentication on a port if z The port is an access port or z The port belongs to an aggregation group Examples Enable Web authentication on Ethernet 1 0 1 and set the Web authentication access method to shared Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 ...

Page 597: ...conds for Web authentication Sysname system view System View return to User View with Ctrl Z Sysname web authentication timer idle cut 500 web authentication web server Syntax web authentication web server ip ip address port port number undo web authentication web server View System view Parameters ip address IP address of the Web authentication server It must be a valid unicast address port numbe...

Page 598: ...he IP address of the Web authentication server Examples Set the IP address and port number of the Web authentication server to 192 168 0 56 and 80 Sysname system view System View return to User View with Ctrl Z Sysname web authentication web server ip 192 168 0 56 port 80 ...

Page 599: ...ntication authmode usernameasmacaddress 1 6 mac authentication authmode usernamefixed 1 6 mac authentication authpassword 1 7 mac authentication authusername 1 8 mac authentication domain 1 8 mac authentication timer 1 9 reset mac authentication 1 9 MAC Address Authentication Enhanced Function Configuration Commands 1 10 mac authentication guest vlan 1 10 mac authentication max auth num 1 11 mac a...

Page 600: ...interface list View Any view Parameters interface interface list List of Ethernet ports You can specify multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the display mac authentication ...

Page 601: ...ddress authentication is enabled Authentication mode Username type used in the MAC address authentication z UsernameFixed Uses the fixed username for authentication z UsernameAsMacAddress Uses the MAC address of a user as the username for authentication The default is the MAC address UsernameAsMacAddress Fixed password Meaning of this field varies by the username type for MAC address authenticatio...

Page 602: ...d password the switch sets the user to be in quiet state During quiet period the switch does not process the authentication request of this user Ethernet1 0 1 is link up The link connected to Ethernet1 0 1 port is up MAC address authentication is Enabled MAC address authentication is enabled for Ethernet1 0 1 port max auth num Maximum number of MAC address authentication users that the port can ac...

Page 603: ...eing executed in Ethernet port view the mac authentication command enables MAC address authentication on the current port To make the MAC address authentication take effect you must enable MAC address authentication globally and on the relevant ports You can configure MAC address authentication on a port before enabling it globally However the configuration will not take effect unless MAC address ...

Page 604: ...s By default MAC address authentication is disabled on a port z This command is essential for MAC address authentication to work on a port or on particular ports after MAC address authentication is globally enabled z You cannot configure the maximum number of dynamic MAC address entries for a port through the mac address max mac count command with MAC address authentication enabled Likewise you ca...

Page 605: ... password for MAC address authentication as the specified fixed password instead of user MAC addresses password is a string of 1 to 63 characters Description Use the mac authentication authmode usernameasmacaddress command to set the username type for MAC address authentication to MAC address and specify the username format Use the undo mac authentication authmode command to restore the default us...

Page 606: ... mac authentication authmode usernamefixed mac authentication authpassword Syntax mac authentication authpassword password undo mac authentication authpassword View System view Parameters password Password to be set a string comprising 1 to 63 characters Description Use the mac authentication authpassword command to set a password for MAC address authentication when the user name in fixed mode is ...

Page 607: ...me system view System View return to User View with Ctrl Z Sysname mac authentication authusername vipuser mac authentication domain Syntax mac authentication domain isp name undo mac authentication domain View System view Parameters isp name ISP domain name a string of 1 to 128 characters Note that this argument cannot be null and cannot contain these characters and Description Use the mac authen...

Page 608: ...60 After a user fails to pass the authentication performed by a switch the switch quiets for a specific period the quiet period before it authenticates the user again server timeout value Server timeout timer setting in seconds This argument ranges from 1 to 65 535 and defaults to 100 During authentication the switch prohibits a user from accessing the network if the connection between the switch ...

Page 609: ...cation Enhanced Function Configuration Commands mac authentication guest vlan Syntax mac authentication guest vlan vlan id undo mac authentication guest vlan View Ethernet port view Parameters vlan id ID of the guest VLAN configured for the current port This argument is in the range of 1 to 4 094 Description Use the mac authentication guest vlan command to configure a guest VLAN for the current po...

Page 610: ...thentication cannot be enabled for a port configured with a Guest VLAN z The Guest VLAN function for MAC address authentication does not take effect when port security is enabled Related commands mac authentication timer guest vlan reauth Examples Configure VLAN 4 as the Guest VLAN for Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 S...

Page 611: ...imum number of MAC address authentication users allowed to access Ethernet 1 0 2 to 100 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 mac authentication max auth num 100 mac authentication timer guest vlan reauth Syntax mac authentication timer guest vlan reauth interval undo mac authentication timer guest vlan reauth View Sy...

Page 612: ...les Configure the switch to re authenticate users in Guest VLANs at the interval of 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname mac authentication timer guest vlan reauth 60 ...

Page 613: ...tatistics 1 3 reset vrrp statistics 1 5 vrrp method 1 5 vrrp ping enable 1 6 vrrp vlan interface vrid track 1 7 vrrp vrid authentication mode 1 8 vrrp vrid preempt mode 1 9 vrrp vrid priority 1 10 vrrp vrid timer advertise 1 10 vrrp vrid track interface 1 11 vrrp vrid track detect group 1 12 vrrp vrid virtual ip 1 13 ...

Page 614: ...virtual router id View Any view Parameters verbose Displays detailed state information of VRRP vlan interface vlan id Displays VRRP state information of the specified VLAN interface vlan id is the VLAN interface ID vrid virtual router id Displays state information of the specified VRRP group virtual router id is the VRRP group ID in the range 1 to 255 Description Use the display vrrp command to di...

Page 615: ...ption Run Method Current VRRP running method including REAL MAC and VIRTUAL MAC Virtual IP ping Whether you can ping the virtual IP address of the VRRP group Interface Interface where the VRRP group resides VRID ID of the virtual router State Status of the current switch in the VRRP group including Master Backup and Initialize Run Pri Running priority Adver Timer Interval for sending VRRP advertis...

Page 616: ...of the VRRP group Virtual MAC Virtual MAC address corresponding to the virtual IP address of the VRRP group It is displayed only when the switch is in the state of master Master IP Primary IP address of the master s interface where the VRRP group is configured display vrrp statistics Syntax display vrrp statistics interface vlan interface vlan id vrid virtual router id View Any view Parameters vla...

Page 617: ...Invalid Type Pkts Rcvd 0 Table 1 3 Description on the fields of the display vrrp statistics command Field Description Interface Interface where the VRRP group resides VRID VRRP group ID CheckSum Errors Number of checksum errors Version Errors Number of version errors VRID Errors Number of virtual router ID errors Advertisement Interval Errors Number of errors of the interval for sending VRRP adver...

Page 618: ... statistics information about all the VRRP groups on the switch is cleared z If only a VLAN interface is specified the statistics information about all the VRRP groups on the specified VLAN interface is cleared z If both a VLAN interface and a VRRP group are specified the statistics information about the specified VRRP group on the specified VLAN interface is cleared You can view the current VRRP ...

Page 619: ... you are not allowed to modify the mapping relationship Examples Map the MAC address of a VLAN interface to the virtual IP address of the VRRP group Sysname system view System View return to User View with Ctrl Z Sysname vrrp method real mac vrrp ping enable Syntax vrrp ping enable undo vrrp ping enable View System view Parameters None Description Use the vrrp ping enable command to enable a VRRP ...

Page 620: ...atus of the port If a fault occurs on the port the function decreases the priority of the switch where the port resides by a specified value Usually this function is used to track the status of the uplink port of the master in a VRRP group Thereby when the uplink port of the master fails the master s priority will decrease by a specified value so as to trigger a new master election in the VRRP gro...

Page 621: ...uthentication key for a VRRP group to receive and send VRRP packets Use the undo vrrp vrid authentication mode command to restore the default By default no VRRP authentication is configured Note that z The authentication key is case sensitive z Before configuring VRRP authentication on a VLAN interface you need to create a VRRP group and configure the virtual IP address of it on the VLAN interface...

Page 622: ...ven if they are with a higher priority later do not preempt the master as long as the master is not down z In a VRRP group where switches are enabled with the preemptive mode a backup sends out VRRP advertisements to trigger a new master election if it finds its priority is higher than that of the current master and finally becomes the new master The former master becomes a backup accordingly You ...

Page 623: ...n a VRRP group is 100 Switch priority determines the possibility for the switch to become a master A switch with higher priority is more likely to become a master Switch priority ranges from 0 to 255 a larger number indicates a higher switch priority and defaults to 100 Note that only 1 through 254 are available to users Switch priority 0 and 255 are reserved for special uses and IP address owner ...

Page 624: ...vertisements to other members of the VRRP group to elect a new master Note that configuration error occurs if switches of the same VRRP group are configured with different adver interval values Examples Set the interval for the master to send VRRP advertisements to 15 seconds Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 ...

Page 625: ...ltaneously Examples On VLAN interface 2 configure to track VLAN interface 1 and configure the priority of the master of VRRP group 1 on VLAN interface 2 to decrease by 50 when VLAN interface 1 goes down Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 vrrp vrid 1 track interface vlan interface 1 reduced 50 vrrp vrid track de...

Page 626: ... address of 202 12 1 55 Sysname system view System View return to User View with Ctrl Z Sysname detect group 10 Sysname detect group 10 detect list 1 ip address 202 12 1 55 Specify to decrease the priority of the master of VRRP group 1 by 20 when detected group 10 is unreachable Sysname interface vlan interface 2 Sysname Vlan interface2 vrrp vrid 1 track detect group 10 reduced 20 vrrp vrid virtua...

Page 627: ...nt with the IP address of the interface where the VRRP group is configured Otherwise the VRRP group cannot work normally It is not recommended to perform VRRP group related configurations on the VLAN interface of a remote probe VLAN Otherwise packet mirroring may be affected Examples Create a VRRP group Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interfac...

Page 628: ...p static 1 7 arp timer aging 1 8 display arp 1 8 display arp 1 9 display arp count 1 10 display arp detection statistics interface 1 11 display arp timer aging 1 12 gratuitous arp period resending enable 1 12 gratuitous arp learning enable 1 13 reset arp 1 13 2 Proxy ARP Configuration Commands 2 1 Proxy ARP Configuration Commands 2 1 arp proxy enable 2 1 display arp proxy 2 1 3 Resilient ARP Confi...

Page 629: ...ded For related commands refer to arp proxy enable and display arp proxy ARP Configuration Commands arp check enable Syntax arp check enable undo arp check enable View System view Parameters None Description Use the arp check enable command to enable the ARP entry checking function on a switch Use the undo arp check enable command to disable the ARP entry checking function With the ARP entry check...

Page 630: ...rt If the mapping of the source IP address and source MAC address is not included in the DHCP snooping entries or IP static binding entries or the number of the receiving port and the VLAN of the port do not match the DHCP snooping entries or IP static binding entries the ARP packet will be discarded Use the undo arp detection enable command to disable the ARP attack detection function on all port...

Page 631: ...p protective down recover enable Syntax arp protective down recover enable undo arp protective down recover enable View System view Parameters None Description Use the arp protective down recover enable command to enable the port state auto recovery function on the switch Use the undo arp protective down recover enable command to disable the port state auto recovery function of a switch With this ...

Page 632: ...ry interval is 300 seconds Note that z You need to enable the port state auto recovery feature before you can configure the auto recovery interval z If you use the arp protective down recover interval command to modify the recovery time when the current port has been already shut down due to an excessive ARP packet receiving rate the previously configured interval applies to the first port state r...

Page 633: ... Sysname Ethernet1 0 11 arp rate limit enable Sysname Ethernet1 0 11 arp rate limit 100 arp rate limit enable Syntax arp rate limit enable undo arp rate limit enable View Ethernet port view Parameters None Description Use the arp rate limit enable command to enable the ARP packet rate limit function on the port that is to limit the rate of ARP packets passing through the port If a rate the maximum...

Page 634: ...RP restricted forwarding is disabled Related commands arp detection enable arp detection trust Syntax Enable ARP restricted forwarding in VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname vlan 1 Sysname vlan1 arp restricted forwarding enable arp send gratuitous enable vrrp Syntax arp send gratuitous enable vrrp undo arp send gratuitous enable vrrp View System view Para...

Page 635: ...ress contained in the ARP mapping entry to be created in the format of H H H vlan id ID of the VLAN to which the static ARP entry belongs in the range of 1 to 4 094 interface type Type of the port to which the static ARP entry belongs interface number Number of the port to which the static ARP entry belongs Description Use the arp static command to create a static ARP entry Use the undo arp comman...

Page 636: ...nt ranges from 1 to 1 440 Description Use the arp timer aging command to configure the aging time for dynamic ARP entries Use the undo arp timer aging command to restore the default By default the aging time for dynamic ARP entries is 20 minutes Related commands display arp timer aging Examples Configure the aging time to be 10 minutes for dynamic ARP entries Sysname system view System View return...

Page 637: ...16 D 192 168 0 3 0014 222c aa69 1 Ethernet1 0 2 16 D 192 168 0 17 000d 88f6 379c 1 Ethernet1 0 2 17 D 192 168 0 115 000d 88f7 9f7d 1 Ethernet1 0 2 18 D 192 168 0 43 000c 760a 172d 1 Ethernet1 0 2 18 D 192 168 0 33 000d 88f6 44ba 1 Ethernet1 0 2 20 D 192 168 0 35 000f e20f 2181 1 Ethernet1 0 2 20 D 192 168 0 5 000f 3d80 2b38 1 Ethernet1 0 2 20 D 14 entries found Table 1 1 Description on the fields ...

Page 638: ... the display arp command to display the ARP entries related to string in a specified way Related commands arp static reset arp Examples Display all the ARP entries that contain the string 77 Sysname display arp include 77 Type S Static D Dynamic IP Address MAC Address VLAN ID Port Name AL ID Aging Type 192 168 0 77 0000 e8f5 6a4a 1 Ethernet1 0 2 12 D 1 entry found Display all the ARP entries that ...

Page 639: ...arameter is specified the total number of ARP entries is displayed Related commands arp static reset arp Examples Display the total number of ARP entries Sysname display arp count 14 entries found display arp detection statistics interface Syntax display arp detection statistics interface interface type interface number View Any view Parameters interface type interface number Type and number of a ...

Page 640: ...scription Use the display arp timer aging command to display the setting of the ARP aging time Related commands arp timer aging Examples Display the setting of the ARP aging time Sysname display arp timer aging Current ARP aging time is 20 minute s default The displayed information shows that the ARP aging time is set to 20 minutes gratuitous arp period resending enable Syntax gratuitous arp perio...

Page 641: ...w with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 undo gratuitous arp period resending enable gratuitous arp learning enable Syntax gratuitous arp learning enable undo gratuitous arp learning enable View System view Parameters None Description Use the gratuitous arp learning enable command to enable the gratuitous ARP packet learning function Then a switch receiving a gratui...

Page 642: ...Clears static ARP entries interface interface type interface number Clears ARP entries of the specified port Description Use the reset arp command to clear specific ARP entries Related commands arp static display arp Examples Clear static ARP entries Sysname reset arp static ...

Page 643: ...lt proxy ARP is disabled on the VLAN interfaces of a switch Related commands display arp proxy Examples Enable proxy ARP on VLAN interface 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 arp proxy enable display arp proxy Syntax display arp proxy interface Vlan interface vlan id View Any view Parameters interface vlan int...

Page 644: ...ame display arp proxy Interface Vlan interface1 Proxy ARP status enabled Interface Vlan interface2 Proxy ARP status enabled Interface Vlan interface3 Proxy ARP status disabled Display the proxy ARP status on VLAN interface 2 Sysname display arp proxy interface Vlan interface 2 Interface Vlan interface2 Proxy ARP status enabled Table 2 1 Description on the fields of the display arp proxy command Fi...

Page 645: ...nt arp command to display the Resilient ARP state information of each unit and the VLAN interface that can transmit Resilient ARP packets If the unit id argument is not specified this command is to display the Resilient ARP state information of all units If the unit id argument is specified this command is to display the Resilient ARP state information of the specified unit Examples Display the in...

Page 646: ... default the Resilient ARP function is enabled Related commands display resilient arp Examples Enable the Resilient ARP function Sysname system view System View return to User View with Ctrl Z Sysname resilient arp enable resilient arp interface vlan interface Syntax resilient arp interface Vlan interface vlan id undo resilient arp interface Vlan interface vlan id View System view Parameters vlan ...

Page 647: ...while all VLAN interfaces can receive Resilient ARP packets Related commands display resilient arp Examples Configure the Resilient ARP packets to be sent from the VLAN interface 2 Sysname system view System View return to User View with Ctrl Z Sysname resilient arp interface vlan interface 2 ...

Page 648: ... 1 16 dhcp server option 1 17 dhcp server ping 1 18 dhcp server relay information enable 1 19 dhcp server static bind 1 19 dhcp server tftp server domain name 1 20 dhcp server tftp server ip address 1 21 dhcp server voice config 1 22 display dhcp server conflict 1 23 display dhcp server expired 1 24 display dhcp server free ip 1 25 display dhcp server ip in use 1 26 display dhcp server statistics ...

Page 649: ...g 3 1 dhcp snooping information enable 3 1 dhcp snooping information format 3 2 dhcp snooping information packet format 3 3 dhcp snooping information remote id 3 3 dhcp snooping information strategy 3 4 dhcp snooping information vlan circuit id 3 5 dhcp snooping information vlan remote id 3 6 dhcp snooping trust 3 7 display dhcp snooping 3 7 display dhcp snooping trust 3 8 display ip source static...

Page 650: ...iii display bootp client 5 3 ip address bootp alloc 5 4 ...

Page 651: ... remote id z IP filtering is a new feature in this manual For specific commands see display ip source static binding ip check source ip address and ip source static binding z DHCP packet rate limit is a new feature in this manual For specific commands see Rate Limit Configuration Commands The contents of this chapter are only applicable to the S3600 EI series among S3600 Series Ethernet Switches D...

Page 652: ...y of the remote BIMS server The key argument is a string containing 1 to 16 characters It cannot be null Description Use the bims server command to specify the IP address port number and shared key of a BIMS server in the DHCP global address pool for the client Use the undo bims server command to remove specified BIMS server information from the DHCP global address pool By default the related info...

Page 653: ...ress pool By default no bootfile name is specified If you execute the bootfile name command repeatedly the latest configuration will overwrite the previous one Examples Specify the bootfile name aaa cfg in DHCP global address pool 0 for the client Sysname system view Enter system view return to user view with Ctrl Z Sysname dhcp server ip pool 0 Sysname dhcp ip pool 0 bootfile name aaa cfg dhcp en...

Page 654: ...z After DHCP is disabled by executing the undo dhcp enable command even if the DHCP server and DHCP relay functions are configured UDP port 67 and UDP port 68 ports is disabled Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enable DHCP Sysname dhcp enable dhcp select global Syntax VLAN interface view dhcp select global undo dhcp select System view dhcp s...

Page 655: ... in global DHCP address pool mode so that when a DHCP packet is received from a DHCP client on one of these interfaces the DHCP server assigns an IP address from a global DHCP address pool to the DHCP client Sysname dhcp select global interface vlan interface 1 to vlan interface 3 Configure all interfaces to operate in global DHCP address pool mode so that when a DHCP packet is received from a DHC...

Page 656: ...d by DHCP are enabled only when DHCP is enabled z UDP 67 and UDP 68 ports are disabled when DHCP is disabled The corresponding implementation is as follows z After a DHCP interface address pool is created by executing the dhcp select interface command UDP 67 and UDP 68 ports used by DHCP are enabled z After a DHCP interface address pool is deleted by executing the undo dhcp select interface comman...

Page 657: ...nterface number keyword and argument combination specifies a port range all Specifies all ports Description Use the dhcp server bims server command to specify the IP address port number and shared key of a BIMS server in the DHCP interface address pool s for the client Use the undo dhcp server bims server command to remove specified BIMS server information from the DHCP interface address pool s By...

Page 658: ... number argument specifies an interface number Description Use the dhcp server bootfile name command to specify the bootfile name in interface address pool for the client Use the undo dhcp server bootfile name command to remove the bootfile name from interface address pool No bootfile name is specified in an interface address pool by default If you execute the dhcp server bootfile name command rep...

Page 659: ...rver dns list Syntax In VLAN interface view use the following commands to specify the DNS server IP address in the current DHCP interface address pool for the client dhcp server dns list ip address 1 8 undo dhcp server dns list ip address all In system view use the following commands to specify the DNS server IP address in multiple DHCP interface address pools for the client dhcp server dns list i...

Page 660: ...ter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface Vlan interface 1 Configure the DNS server IP address 1 1 1 254 for the DHCP address pool of the VLAN interface 1 for the client Sysname Vlan interface1 dhcp server dns list 1 1 1 254 dhcp server domain name Syntax In VLAN interface view use the following commands to configu...

Page 661: ...do dhcp server domain name command to remove the configured domain name suffix By default no domain name suffix is configured for the DHCP client Related commands domain name Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface Vlan interface 1 Configure the domain name suffix aabbcc com for the DHCP clients whose ...

Page 662: ...ifies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all Specifies all interface address pools Description Use the dhcp server expired command to configure the lease time of the IP addresses dynamically obtained in the specified DHCP interface address pool s Use the undo dhcp server ...

Page 663: ...ver forbidden ip command to cancel the forbiddance By default all IP addresses in an address pool are allowed to be automatically assigned Related commands dhcp server ip pool network static bind ip address dhcp server static bind z When you execute the undo dhcp server forbidden ip command make sure that the specified address range does not contain any statically bound IP address z You can config...

Page 664: ...following functions z UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled z UDP 67 and UDP 68 ports are disabled when DHCP is disabled The corresponding implementation is as follows z After a DHCP address pool is created by executing the dhcp server ip pool command the UDP 67 and UDP 68 ports used by DHCP are enabled z After a DHCP address pool is deleted by executing the un...

Page 665: ...mber argument specifies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all In comparison with the ip address argument Specifies all WINS server IP addresses all In comparison with the interface keyword Specifies all interface address pools Description Use the dhcp server nbns list co...

Page 666: ...ifies the m typed node Nodes of this type are p nodes with some broadcasting features h node Specifies the h typed node Nodes of this type are b nodes with peer to peer communicating features interface interface type interface number to interface type interface number Specifies the DHCP interface address pool The interface type argument specifies an interface type the interface number argument spe...

Page 667: ...cii ascii string Specifies a string that is of 1 to 63 characters Note that each character of the string must be an ASCII character hex hex string 1 10 Specifies strings each of which comprises 1 to 8 hexadecimal digits 1 10 means you can provide up to 10 such strings When inputting more than one string separate two neighboring strings with a space The device currently supports total 64 hex digits...

Page 668: ...echo request packets The number argument ranges from 0 to 10 and defaults to 2 Value 0 means no ping operation will be performed timeout milliseconds Specifies the timeout time in milliseconds the device waits for an echo response The milliseconds argument ranges from 0 to 10 000 and defaults to 500 Description Use the dhcp server ping command to set the maximum number of the echo request packets ...

Page 669: ...enable dhcp server static bind Syntax dhcp server static bind ip address ip address client identifier client identifier mac address mac address undo dhcp server static bind client identifier client identifier ip address ip address mac address mac address View VLAN interface view Parameters ip address IP address to be statically bound Note that the specified IP address must belong to the same netwo...

Page 670: ...ess 10 1 1 1 Assume that the DHCP interface address pool of VLAN interface 1 already exists and the IP address belongs to the address pool Sysname interface vlan interface 1 Sysname Vlan interface1 dhcp server static bind ip address 10 1 1 1 client identifier aaaa bbbb Statically bind the IP address 10 1 1 2 to the MAC address 0000 e03f 0305 Assume that the DHCP interface address pool of VLAN inte...

Page 671: ...previous one Related commands tftp server domain name Examples Specify the TFTP server name as domain1 in the DHCP interface address pool of VLAN interface 1 for the client Sysname system view Enter system view return to user view with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 dhcp server tftp server domain name domain1 dhcp server tftp server ip address Syntax In VLAN inte...

Page 672: ...name Vlan interface1 dhcp server tftp server ip address 10 1 1 1 dhcp server voice config Syntax In VLAN interface view use the following commands to configure specified Option 184 and its sub options in the current DHCP interface address pool for the client dhcp server voice config ncp ip ip address as ip ip address voice vlan vlan id enable disable fail over ip address dialer string undo dhcp se...

Page 673: ...ly after the DHCP client requests for Option 184 Before configuring other sub options you must configure the sub option ncp ip otherwise other sub options do not take effect By default a DHCP server interface address pool does not assign Option 184 and the corresponding sub options to the client Related commands voice config Examples Enter system view Sysname system view System View return to User...

Page 674: ...command Field Description Address Conflicting IP address Discover Time Time when the conflict is detected display dhcp server expired Syntax display dhcp server expired ip ip address pool pool name interface interface type interface number all View Any view Parameters ip ip address Specifies an IP address pool pool name Specifies a global address pool The pool name argument a string of 1 to 35 cha...

Page 675: ...terface pool IP address Client identifier Lease expiration Type Hardware address total 0 entry Table 1 2 Description on the fields of the display dhcp server expired command Field Description Global pool The information about the expired IP addresses of global address pools Interface pool The information about the expired IP addresses of interface address pools IP address Bound IP addresses Client...

Page 676: ... Specifies a VLAN interface If you do not specify a VLAN interface this command applies to all VLAN interfaces all Specifies all address pools Description Use the display dhcp server ip in use command to display the address binding information of one IP address the specified DHCP address pool s or all DHCP address pools Related commands reset dhcp server ip in use Examples Display the address bind...

Page 677: ...iration Time when the lease expires Type Address binding type display dhcp server statistics Syntax display dhcp server statistics View Any view Parameters None Description Use the display dhcp server statistics command to display the statistics on a DHCP server Related commands reset dhcp server statistics Examples Display the statistics on a DHCP server Sysname display dhcp server statistics Glo...

Page 678: ... Inform 0 Statistics about the DHCP packets received from DHCP clients Boot Reply 4 Dhcp Offer 1 Dhcp Ack 3 Dhcp Nak 0 Statistics about the DHCP packets sent to DHCP clients Bad Messages Number of the error DHCP packets display dhcp server tree Syntax display dhcp server tree pool pool name interface interface type interface number all View Any view Parameters pool pool name Specifies a global add...

Page 679: ...n Global pool Information about global address pools Interface pool Information about interface address pools Pool name Address pool name network Assignable IP address range Child node The child node address pool of this node This field can display the information about the following types of node Child node Displays the information about an address pool that is a child of the current address pool...

Page 680: ... dns list command to configure one or multiple DNS server IP addresses in a DHCP global address pool for the DHCP client Use the undo dns list command to remove one or all DNS server IP addresses configured for the DHCP client By default no DNS server IP address is configured If you execute the dns list command repeatedly the new configuration overwrites the previous one Related commands dhcp serv...

Page 681: ...the DHCP global address pool 0 for the DHCP client Sysname dhcp server ip pool 0 Sysname dhcp pool 0 domain name mydomain com expired Syntax expired day day hour hour minute minute unlimited undo expired View DHCP address pool view Parameters day day Specifies the number of days The day argument ranges from 0 to 365 hour hour Specifies the number of hours The hour argument ranges from 0 to 23 minu...

Page 682: ...more than one IP address separate two neighboring IP addresses with a space all Specifies all configured gateway IP addresses Description Use the gateway list command to configure one or multiple gateway IP addresses in the DHCP global address pool for the DHCP client Use the undo gateway list command to remove one or all the configured gateway IP addresses configured for the DHCP client By defaul...

Page 683: ...INS server IP addresses configured for the DHCP client By default no WINS server IP address is configured If you execute the nbns list command repeatedly the new configuration overwrites the previous one Related commands dhcp server ip pool dhcp server nbns list netbios type Examples Enter system view Sysname system view System View return to User View with Ctrl Z Configure the WINS server IP addr...

Page 684: ... Examples Enter system view Sysname system view System View return to User View with Ctrl Z Specify b node as the NetBIOS node type in the DHCP global address pool 0 for the clients Sysname dhcp server ip pool 0 Sysname dhcp pool 0 netbios type b node network Syntax network network address mask mask undo network View DHCP address pool view Parameters network address IP address of a network segment...

Page 685: ...character hex hex string 1 10 Specifies strings each of which comprises of 1 to 8 hexadecimal digits The 1 10 means that you can provide up to 10 such strings When entering more than one strings separate two neighboring strings with a space The device currently supports total 64 hex digits not including spaces ip address ip address 1 8 Specifies IP addresses The 1 8 string means that you can provi...

Page 686: ... ip in use all interface interface type interface number ip ip address pool pool name View User view Parameters all Clears the dynamic address binding information about all IP addresses interface interface type interface number Clears the dynamic address binding information about a specified interface address pool If you do not specify the interface number argument this command clears the dynamic ...

Page 687: ... packets request packets response packets Related commands display dhcp server statistics Examples Clear the statistics on a DHCP server Sysname reset dhcp server statistics static bind client identifier Syntax static bind client identifier client identifier undo static bind client identifier View DHCP address pool view Parameters client identifier The client ID of a static binding a string with 4...

Page 688: ...ame dhcp server ip pool 0 Sysname dhcp pool 0 static bind ip address 10 1 1 1 mask 255 255 255 0 Sysname dhcp pool 0 static bind client identifier aaaa bbbb static bind ip address Syntax static bind ip address ip address mask mask undo static bind ip address View DHCP address pool view Parameters ip address IP address to be bound mask mask Subnet mask of the specified IP address If no mask is prov...

Page 689: ...e host to which the IP address is to be bound You need to provide this argument in the form of H H H Description Use the static bind mac address command to specify a MAC address to which an IP address will be bound statically in a DHCP global address pool Use the undo static bind mac address command to remove such a MAC address By default no such MAC address is specified Note that z The static bin...

Page 690: ... name in a global address pool for the DHCP client Use the undo tftp server domain name command to remove the TFTP server name from a global address pool By default no TFTP server name is specified Using the tftp server domain name command repeatedly will overwrite the previous configuration Related commands dhcp server tftp server domain name Examples Specify the TFTP server name as aaa in the gl...

Page 691: ...config ncp ip as ip voice vlan fail over View DHCP address pool view Parameters ncp ip ip address Specifies the IP address of the primary network calling processor as ip ip address Specifies the IP address of the backup network calling processor voice vlan vlan id Specifies the voice VLAN ID in the range of 2 to 4094 z disable Disables the specified VLAN meaning DHCP clients will not take this VLA...

Page 692: ...n 184 in global address pool 123 The NCP IP address is 1 1 1 1 and the IP address of the alternate server is 2 2 2 2 The voice VLAN is enabled with the ID being 3 The fail over IP address is 3 3 3 3 and the dialer string is 99 Sysname dhcp select global all Sysname dhcp server ip pool 123 Sysname dhcp pool 123 voice config ncp ip 1 1 1 1 Sysname dhcp pool 123 voice config as ip 2 2 2 2 Sysname dhc...

Page 693: ... if not the client cannot access outside networks via the DHCP relay agent Use the address check disable command to disable IP address match checking on the DHCP relay agent By default IP address match checking on the DHCP relay agent is disabled Note that among S3600 series switches only S3600 EI series switches support the two commands Examples Enter system view Sysname system view System View r...

Page 694: ...g S3600 series switches only S3600 EI series switches support the two commands z Currently the DHCP relay agent handshake function on a S3600 EI series switch can only interoperate with a Windows 2000 DHCP server Examples Disable the DHCP relay handshake function Sysname system view System View return to User View with Ctrl Z Sysname dhcp relay hand disable dhcp relay information enable Syntax dhc...

Page 695: ...ep replace undo dhcp relay information strategy View System view Parameters drop Specifies to drop messages containing Option 82 keep Specifies to forward messages containing Option 82 without any change replace Specifies to forward messages containing Option 82 after replacing the original Option 82 with the Option 82 padded with the specified content Description Use the dhcp relay information st...

Page 696: ...hcp security static command to configure a static DHCP address binding entry Use the undo dhcp security command to remove one or all address binding entries or all address binding entries of a specified type Note that among S3600 series switches only S3600 EI series switches support the two commands Related commands display dhcp security Examples Enter system view Sysname system view System View r...

Page 697: ...two commands Examples Enter system view Sysname system view System View return to User View with Ctrl Z Set the interval to refresh dynamic binding entries to 60 seconds Sysname dhcp security tracker 60 dhcp server Syntax dhcp server groupNo undo dhcp server View VLAN interface view Parameters groupNo DHCP server group number This argument ranges from 0 to 19 Description Use the dhcp server comman...

Page 698: ... When the mapping between a VLAN interface and a DHCP server group is removed with the undo dhcp server command DHCP services are disabled At the same time UDP 67 and UDP 68 ports used by DHCP are disabled Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface vlan interface 1 Specify that VLAN interface 1 correspond...

Page 699: ...that up to eight IP addresses can be input with any two IP addresses separated by a space Description Use the dhcp server ip command to configure the DHCP server IP address es in a specified DHCP server group Use the undo dhcp server command to remove all DHCP server IP addresses in a DHCP server group Related commands dhcp server display dhcp server Examples Enter system view Sysname system view ...

Page 700: ...ddress binding entries Sysname display dhcp security IP Address MAC Address IP Address Type 10 1 1 1 0001 0001 0001 Static 192 168 10 2 000d 88f7 b090 Dynamic_ack 2 dhcp security item s found Table 2 1 Description on the fields of the display dhcp security command Field Description IP Address IP address of the DHCP client MAC Address MAC address of the DHCP client IP Address Type Type of the user ...

Page 701: ...es 0 BOOTP_REQUEST messages 0 BOOTP_REPLY messages 0 Table 2 2 Description on the fields of the display dhcp server command Field Description IP address of DHCP server group 0 DHCP server IP addresses of DHCP server group 0 Messages from this server group Number of the packets the DHCP relay receives from the DHCP server group Messages to this server group Number of the packets the DHCP relay send...

Page 702: ...e Syntax display dhcp server interface Vlan interface vlan id View Any view Parameters vlan id VLAN ID Description Use the display dhcp server interface command to display information about the DHCP server group to which a VLAN interface is mapped Related commands dhcp server display dhcp server Examples Display information about the DHCP server group to which VLAN interface 2 is mapped Sysname di...

Page 703: ...dhcp server command to clear the statistics information of the specified DHCP server group Related commands dhcp server display dhcp server Examples Clear the statistics information of DHCP server group 2 Sysname reset dhcp server 2 ...

Page 704: ...ver without recording the IP to MAC bindings of the DHCP clients By default the DHCP snooping function is disabled Note that z You need to disable DHCP relay agent before enabling DHCP snooping on the switch z The clients connected to a DHCP snooping device cannot obtain an IP address through BOOTP Related commands dhcp server display dhcp snooping Examples Enter system view Sysname system view Sy...

Page 705: ...on format Syntax dhcp snooping information format hex ascii View System view Parameters hex Specifies the storage format of Option 82 as HEX namely hexadecimal string ascii Specifies the storage format of Option 82 as ASCII Description Use the dhcp snooping information format command to configure the storage format of non user defined Option 82 as HEX or ASCII By default the Option 82 is in HEX fo...

Page 706: ...as the extended or standard one By default the padding format for Option 82 is the extended one Examples Configure the padding format for Option 82 as the standard one Sysname system view System View return to User View with Ctrl Z Sysname dhcp snooping information packet format standard dhcp snooping information remote id Syntax dhcp snooping information remote id sysname string string undo dhcp ...

Page 707: ...acket keep If a packet contains Option 82 DHCP snooping keeps and forwards this packet replace If a packet contains Option 82 DHCP snooping replaces the original Option 82 field with the Option 82 field having the specified padding content and forwards the packet Description Use the dhcp snooping information strategy command in system view to configure a handling policy for DHCP requests that cont...

Page 708: ...D sub option string Content of the circuit ID sub option a string of 3 to 63 ASCII characters Description Use the dhcp snooping information vlan circuit id command to configure the content of the circuit ID field in Option 82 Use the undo dhcp snooping information circuit id command to restore the default With vlan vlan id specified the customized circuit ID sub option applies only to the DHCP pac...

Page 709: ...he content of the remote ID in Option 82 Use the undo dhcp snooping information remote id command to restore the default remote ID in Option 82 With vlan vlan id specified the customized remote ID sub option applies only to the DHCP packets from the specified VLAN Without vlan vlan id specified the customized remote ID sub option applies to all DHCP packets that pass through the current port Use t...

Page 710: ...ore an Ethernet port to a DHCP snooping untrusted port By default with the DHCP snooping enabled all the ports of a switch are untrusted ports Note that After DHCP snooping is enabled you need to specify the port connected to a valid DHCP server as trusted to ensure that DHCP clients can obtain valid IP addresses The trusted port and the ports connected to DHCP clients must be in the same VLAN Rel...

Page 711: ... Sysname display dhcp snooping DHCP Snooping is enabled The client binding table for all untrusted ports Type D Dynamic S Static Unit ID 1 Type IP Address MAC Address Lease VLAN Interface D 10 1 1 1 000f e200 0006 200 1 Ethernet1 0 1 1 dhcp snooping item s of unit 1 found display dhcp snooping trust Syntax display dhcp snooping trust View Any view Parameters None Description Use the display dhcp s...

Page 712: ...ries for the specified VLAN will be displayed If you specify a port all the IP static binding entries for the specified port will be displayed Examples Display all IP static binding entries configured Sysname display ip source static binding Type IP Address MAC Address Remaining VLAN Interface lease S 192 168 0 25 0015 e20f 0101 infinite 1 Ethernet1 0 2 S 192 168 0 58 0001 e201 4f01 infinite 1 Eth...

Page 713: ... based on the source IP address of the packets Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 11 Sysname Ethernet1 0 11 ip check source ip address ip source static binding Syntax ip source static binding ip address ip address mac address mac address undo ip source static binding ip address ip address View Ethernet port view Parameters ip address ip a...

Page 714: ...ding among source IP address 1 1 1 1 source MAC address 0015 e20f 0101 and Ethernet 1 0 3 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 3 Sysname Ethernet1 0 3 ip source static binding ip address 1 1 1 1 mac address 0015 e20f 0101 ...

Page 715: ...e port state auto recovery With the port state auto recovery function a port that is shut down because the DHCP traffic rate limit configured on it is exceeded can automatically be brought up after a specified interval By default the port state auto recovery function on the switch is disabled Examples Enable port state auto recovery on the switch Sysname system view System View return to User View...

Page 716: ...amples Set the port state auto recovery interval to 30 seconds Sysname system view System View return to User View with Ctrl Z Sysname dhcp protective down recover enable Sysname dhcp protective down recover interval 30 dhcp rate limit Syntax dhcp rate limit rate undo dhcp rate limit View Ethernet port view Parameters rate Maximum rate of DHCP traffic in pps This argument ranges from 10 to 150 Des...

Page 717: ...he DHCP traffic passing through an Ethernet port When the number of DHCP packets received on the port per second exceeds the specified threshold the default value is 15 pps the switch will discard the exceeding DHCP packets Use the undo dhcp rate limit enable command to disable the function You can use this command to relieve the DHCP traffic limit configured on an Ethernet port By default the fun...

Page 718: ... DHCP clients Sysname display dhcp client verbose DHCP client statistic information Vlan interface1 Current machine state BOUND Allocated IP 192 168 0 2 255 255 255 0 Allocated lease 86400 seconds T1 43200 seconds T2 75600 seconds Lease from 2002 09 20 01 05 03 to 2002 09 21 01 05 03 Server IP 192 168 0 1 Transaction ID 0x3d8a7431 Default router 192 168 0 1 Next timeout will happen after 0 days 11...

Page 719: ...on Use the ip address dhcp alloc command to configure a VLAN interface to obtain an IP address through DHCP Use the undo ip address dhcp alloc command to cancel the configuration By default a VLAN interface does not use DHCP to obtain an IP address To improve security and avoid malicious attacks to the unused sockets S3600 Ethernet switches provide the following functions z UDP ports 67 and 68 use...

Page 720: ...mation including the MAC address of the BOOTP client and the IP address obtained Examples Display the BOOTP client related information Sysname display bootp client interface Vlan interface 1 Vlan interface1 Allocated IP 192 168 0 2 255 255 255 0 Transaction ID 0x3d8a7431 Mac Address 000f e20a c3ef Default router 192 168 0 1 Table 5 2 Description on the fields of the display bootp client command Fi...

Page 721: ... address through BOOTP Use the undo ip address bootp alloc command to cancel the configuration By default a VLAN interface does not use BOOTP to obtain an IP address Related commands display bootp client Examples Configure VLAN interface 1 to obtain an IP address through BOOTP Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1...

Page 722: ...escription 1 2 display acl 1 3 display drv qacl_resource 1 4 display packet filter 1 5 display time range 1 6 packet filter 1 7 packet filter vlan 1 8 rule for Basic ACLs 1 9 rule for Advanced ACLs 1 11 rule for Layer 2 ACLs 1 18 rule for user defined ACLs 1 20 rule comment 1 23 time range 1 24 ...

Page 723: ...range 2000 to 2999 identifies a basic ACL z An ACL number in the range 3000 to 3999 identifies an advanced ACL Note that 3998 and 3999 cannot be configured because they are reserved for cluster management z An ACL number in the range 4000 to 4999 identifies a layer 2 ACL z An ACL number in the range 5000 to 5999 identifies a user defined ACL match order Specifies the match order for ACL rules Foll...

Page 724: ...it source 2 2 2 2 0 0 255 255 Sysname acl basic 2000 rule 3 permit source 3 3 3 3 0 0 0 255 Use the display acl command to display the configuration information of ACL 2000 Sysname acl basic 2000 display acl 2000 Basic ACL 2000 3 rules match order is auto Acl s step is 1 rule 3 permit source 3 3 3 0 0 0 0 255 rule 2 permit source 2 2 0 0 0 0 255 255 rule 1 permit source 1 0 0 0 0 255 255 255 As sh...

Page 725: ... used for filtering all HTTP packets Acl s step is 1 Remove the description string of ACL 3000 Sysname acl adv 3000 undo description display acl Syntax display acl all acl number View Any view Parameters all Displays all ACLs acl number Number of the ACL to be displayed in the range of 2000 to 5999 Description Use the display acl command to display the configuration information of a specified or a...

Page 726: ...urce 3 3 3 0 0 0 0 255 Detailed information of a rule display drv qacl_resource Syntax display drv qacl_resource View Any view Parameters None Description Use the display drv qacl_resource to display the usage of ACL resources on a switch According to the output you can view the information of the consumed ACL resources and determine whether the exhaustion of ACL resources causes that ACL rules ca...

Page 727: ...Ethernet 1 1 1 Sysname GigabitEthernet1 1 1 packet filter inbound ip group 2001 Applying Acl 2001 rule 0 failed Reason Resource unavailable GigabitEthernet1 1 1 The above output information shows that the application failed because there is no available rule resource on port GigabitEthernet 1 1 1 display packet filter Syntax display packet filter interface interface type interface num unitid unit ...

Page 728: ...of the rule s time range display time range Syntax display time range all time name View Any view Parameters all Displays all time ranges time name Name of a time range a string of 1 to 32 characters that starts with a to z or A to Z Description Use the display time range command to display the configuration and status of a time range or all the time ranges For active time ranges this command disp...

Page 729: ...nd Filters outbound packets acl rule ACL ACL rules to be applied This argument can be one of those listed in Table 1 5 Table 1 5 Combined application of ACLs Combination mode The acl rule argument Apply all the rules of an ACL that is of IP type The ACL can be a basic ACL or an advanced ACL ip group acl number Apply a rule of an ACL that is of IP type ip group acl number rule rule id Apply all the...

Page 730: ...L 4000 on Ethernet 1 0 2 to filter outbound packets Here it is assumed that the ACL and its rule numbered 1 are already configured Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 packet filter outbound link group 4000 rule 1 Sysname Ethernet1 0 2 quit Apply rule 2 of user defined ACL 5000 on Ethernet 1 0 3 to filter inbound packets Here it is assumed that the ACL and its rule numbered 2 are...

Page 731: ...th Ctrl Z Sysname packet filter vlan 10 inbound ip group 2000 Apply rule 1 of Layer 2 ACL 4000 on all ports in VLAN 20 to filter outbound packets Here it is assumed that the ACL and its rule numbered 1 and the VLAN are already configured Sysname packet filter vlan 20 outbound link group 4000 rule 1 Apply rule 2 of user defined ACL 5000 on all ports in VLAN 30 to filter inbound packets Here it is a...

Page 732: ...nge in which the rule is active a string comprising 1 to 32 characters sour wildcard is the complement of the wildcard mask of the source subnet mask For example you need to input 0 0 255 255 to specify the subnet mask 255 255 0 0 Parameters of the undo rule command rule id Rule ID which must the ID of an existing ACL rule You can obtain the ID of an ACL rule by using the display acl command fragm...

Page 733: ...s by depth first principle but the numbers of the existent rules are unaltered Examples Create basic ACL 2000 and define rule 1 to deny packets whose source IP addresses are 192 168 0 1 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule 1 deny source 192 168 0 1 0 Sysname acl basic 2000 quit Create basic ACL 2001 and define rule 1 to...

Page 734: ...a host as the source address by providing 0 for the sour wildcard argument The any keyword specifies any source address destination dest addr dest wildcard any Destination address Specifies the destination address information for the ACL rule The dest addr dest wildcard arguments specify the destination address of the packets expressed in dotted decimal notation You can specify the IP address of a...

Page 735: ... need to input 0 0 255 255 to specify the subnet mask 255 255 0 0 If you specify the dscp keyword you can directly input a value ranging from 0 to 63 or input one of the keywords listed in Table 1 8 as DSCP Table 1 8 DSCP values and the corresponding keywords Keyword DSCP value in decimal DSCP value in binary af11 10 001010 af12 12 001100 af13 14 001110 af21 18 010010 af22 20 010100 af23 22 010110...

Page 736: ...ine 0 000 priority 1 001 immediate 2 010 flash 3 011 flash override 4 100 critical 5 101 internet 6 110 network 7 111 If you specify the tos keyword you can directly input a value ranging from 0 to 15 or input one of the keywords listed in Table 1 10 as the ToS value Table 1 10 ToS value and the corresponding keywords Keyword ToS in decimal ToS in binary normal 0 0000 min monetary cost 1 0001 max ...

Page 737: ... as numerals the value range is 0 to 65535 With the range operator the value of port2 does not need to be greater than that of port1 because the switch can automatically judge the value range If the value of port1 is the same as that of port2 the switch will convert the operator range to eq Note that if you specify a combination of lt 1 or gt 65534 the switch will convert it to eq 0 or eq 65535 es...

Page 738: ...n Parameters Type Function Description icmp type icmp type icmp code Type and message code information of ICMP packets Specifies the type and message code information of ICMP packets in the ACL rule icmp type ICMP message type ranging from 0 to 255 icmp code ICMP message code ranging from 0 to 255 If the protocol type is ICMP you can also just input the ICMP message name after the icmp type keywor...

Page 739: ...tings in the ACL rule time range Removes the time range settings in the ACL rule fragment Removes the settings concerning non tail fragments in the ACL rule Description Use the rule command to define an ACL rule Use the undo rule command to remove an ACL rule or specified settings of an ACL rule To remove an ACL rule using the undo rule command you need to provide the ID of the ACL rule If no othe...

Page 740: ...stination port number of 80 Sysname acl number 3001 Sysname acl adv 3001 rule 1 permit tcp source 129 9 0 0 0 0 255 255 destination 202 38 160 0 0 0 0 255 destination port eq 80 After completing the above configuration you can use the display acl command to view the configuration information of the ACLs rule for Layer 2 ACLs Syntax rule rule id deny permit rule string undo rule rule id View Layer ...

Page 741: ...of the destination MAC address in the format of H H H cos cos Priority Specifies the 802 1p priority of the rule cos VLAN priority in the range of 0 to 7 c tag vlan c tag vlan begin to c tag vlan end Inner VLAN information Specifies information about inner VLAN of the rule c tag vlan begin c tag vlan end VLAN ID in the range of 1 to 4094 This keyword and argument combination is usually used in coo...

Page 742: ...l and the system prompts that the rule already exists Examples Create Layer 2 ACL 4000 and define rule 1 to deny packets that are sourced from MAC address 000d 88f5 97ed destined for MAC address 0011 4301 991e and using the 802 1p priority of 3 Sysname system view Sysname acl number 4000 Sysname acl ethernetframe 4000 rule 1 deny cos 3 source 000d 88f5 97ed ffff ffff ffff dest 0011 4301 991e ffff ...

Page 743: ...user defined string into multiple offset units each of which is 4 byte long Available offset units fall into eight groups which are numbered from Offset1 to Offset8 z With the S3600 series a user defined rule string may or may not contain spaces and can be up to 32 bytes in length It can occupy up to eight mask offset units and any two of the offset units cannot belong to the same offset group Oth...

Page 744: ...port each packet in the switch carries two VLAN tags which occupy eight bytes Frequently used protocol types and offsets are listed in the following table Table 1 17 Frequently used protocol types and offsets Protocol Protocol number in hexadecimal Offset when VLAN VPN is not enabled on any port Offset when VLAN VPN is enabled on a port ARP 0x0806 16 20 RARP 0x8035 16 20 IP 0x0800 16 20 IPX 0x8137...

Page 745: ... Offset6 as shown in Table 1 16 The rule can be assigned successfully Create user defined ACL 5003 and define rule 1 specifying a 32 byte rule string a rule mask of all Fs and an offset of 24 Then apply the ACL to Ethernet 1 0 2 Sysname acl number 5003 Sysname acl user 5003 rule 1 deny 1234567890123456789012345678901234567890123456789012345678901234 ffffffffffffffffffffffffffffffffffffffffffffffff...

Page 746: ...acl number 3001 Sysname acl adv 3001 rule 0 comment This rule is to be applied to Ethernet 1 0 1 Use the display acl command to view the configuration information of advanced ACL 3001 Sysname acl adv 3001 display acl 3001 Advanced ACL 3001 1 rule Acl s step is 1 rule 0 deny IP source 1 1 1 1 0 destination 2 2 2 2 0 rule 0 comment This rule is to be applied to Ethernet 1 0 1 time range Syntax time ...

Page 747: ...time ranges and 12 absolute time ranges z If only a periodic time section is defined in a time range the time range is active only when the system time is within the defined periodic time section If multiple periodic time sections are defined in a time range the time range is active only when the system time is within one of the periodic time sections z If only an absolute time section is defined ...

Page 748: ...tion information of the time ranges Sysname display time range all Current time is 17 37 23 Nov 27 2007 Tuesday Time range tr1 Inactive 08 00 to 12 00 working day Time range tr2 Inactive From 12 00 Jan 1 2008 to 12 00 Jun 1 2008 ...

Page 749: ...lay qos interface traffic statistic 1 10 display queue scheduler 1 11 line rate 1 11 mirrored to 1 12 priority 1 14 priority trust 1 15 protocol priority protocol type 1 16 qos cos local precedence map 1 18 queue scheduler 1 19 reset traffic statistic 1 21 traffic limit 1 22 traffic priority 1 25 traffic priority vlan 1 27 traffic redirect 1 28 traffic remark vlanid 1 29 traffic statistic 1 30 wre...

Page 750: ...mode enable Syntax burst mode enable undo burst mode enable View System view Parameters None Description Use the burst mode enable command to enable the burst function Use the undo burst mode enable command to disable the burst function By default the burst function is disabled The burst function improves packet buffering and forwarding performance in the following scenarios z Dense broadcast or m...

Page 751: ...play protocol priority Syntax display protocol priority View Any view Parameters None Description Use the display protocol priority command to display the list of protocol priorities you assigned with the protocol priority command An S3600 series switch supports setting priorities for certain protocol packets generated by it The supported protocols are Telnet SNMP ICMP and OSPF Depending on your c...

Page 752: ...al precedence map View Any view Parameters None Description Use the display qos cos local precedence map command to display the 802 1p priority to local precedence mapping illustrated by an 802 1p priority to local precedence mapping table as shown in the following example After a packet enters a switch the switch sets the 802 1p priority and local precedence for the packet according to its own ca...

Page 753: ... if two switches form a fabric with the unit IDs being 3 and 5 respectively the unit IDs of the two switches can only be 3 and 5 Description Use the display qos interface all command to display all the QoS related configuration settings of a port or a unit Examples Display all the QoS related configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet 1 0 1 all Ethernet1 0 1 traffic lim...

Page 754: ...qos interface all command Field Description Ethernet1 0 1 QoS functions configured on a port including z traffic limit traffic policing configuration z traffic priority priority marking configuration z traffic redirect traffic redirecting configuration z traffic statistic traffic accounting configuration z mirrored to traffic mirroring configuration z line rate port speed limit configuration z tra...

Page 755: ...c limit Mirrored to z monitor interface indicates that the packets are duplicated to a port z cpu indicates that the packets are duplicated to the CPU Queue scheduling mode Queue scheduling algorithm which can be z strict priority z weighted round robin WRR z weighted fair queuing WFQ Remark vlan Target VLAN ID used in VLAN mapping display qos interface line rate Syntax display qos interface inter...

Page 756: ...range for the unit id argument refer to Table 1 2 Description Use the display qos interface mirrored to command to display the traffic mirroring configuration of a port or a unit Related commands mirrored to Examples Display the traffic mirroring configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet1 0 1 mirrored to Ethernet1 0 1 mirrored to Inbound Matches Acl 2000 rule 0 running...

Page 757: ...cp cs7 Refer to Table 1 3 for the description on the output fields display qos interface traffic priority Syntax display qos interface interface type interface number unit id traffic priority View Any view Parameters interface type interface number Specifies the type and number of a port for which priority marking configuration is to be displayed unit id Unit ID of the switch whose priority markin...

Page 758: ...play the traffic redirecting configuration of a port or a unit Related commands traffic redirect Examples Display the traffic redirecting configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet1 0 1 traffic redirect Ethernet1 0 1 traffic redirect Inbound Matches Acl 3000 rule 0 running Redirected to interface Ethernet1 0 2 Refer to Table 1 3 for the description on the output fields ...

Page 759: ...type interface number Specifies the type and number of a port for which traffic accounting configuration is to be displayed unit id Unit ID of the switch for which traffic accounting configuration and traffic statistics are to be displayed For the value range for the unit id argument refer to Table 1 2 Description Use the display qos interface traffic statistic command to display the traffic accou...

Page 760: ... display queue scheduler Queue scheduling mode weighted round robin weight of queue 0 1 weight of queue 1 2 weight of queue 2 3 weight of queue 3 4 weight of queue 4 5 weight of queue 5 9 weight of queue 6 13 weight of queue 7 15 Refer to Table 1 3 for the description of the output fields line rate Syntax line rate inbound outbound target rate burst bucket burst bucket size undo line rate inbound ...

Page 761: ...want to limit the rate of all the inbound or outbound packets passing through a port as a whole Related commands display qos interface line rate Examples Limit the inbound packet rate to 128 kbps on Ethernet 1 0 1 and provide 32 KB of buffer for burst traffic Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 line rate inbound 128 ...

Page 762: ...cifies the number of a user defined ACL in the range 5000 to 5999 Rule id ACL rule number in the range 0 to 65534 If this argument is not provided all the rules in the ACL are specified monitor interface Duplicates packets to the specified destination port the monitor port cpu Duplicates packets to the CPU Description Use the mirrored to command to configure traffic mirroring Use the undo mirrored...

Page 763: ...ating the inbound packets matching ACL 2000 to the CPU Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 mirrored to inbound ip group 2000 cpu Sysname Ethernet1 0 2 return Display the traffic mirroring configuration of Ethernet 1 0 1 and Ethernet 1 0 2 Sysname display qos interface Ethernet 1 0 1 mirrored to Ethernet1 0 1 mirrored to Inbound Matches Acl 2000 rule 0 running Mirrored to monitor...

Page 764: ...e Ethernet1 0 1 Sysname Ethernet1 0 1 priority 6 priority trust Syntax priority trust undo priority View Ethernet port view Parameters None Description Use the priority trust command to configure the switch to trust the 802 1p priority of an inbound packet Use the undo priority command to restore the default settings By default port priority is trusted and the priority of a port is 0 After you exe...

Page 765: ...e range 0 to 7 Alternatively you can specify the IP precedence in words available keywords are listed in Table 1 6 Table 1 6 IP precedence values in words and in digits IP precedence in words IP precedence in digits routine 0 priority 1 immediate 2 flash 3 flash override 4 critical 5 internet 6 network 7 dscp dscp value Specifies an DSCP precedence in digits for the specified protocol in the range...

Page 766: ...he DSCP precedence are 0 for all protocol packets generated by the current switch Related commands display protocol priority z On an S3600 EI switch you can set priority for protocol packets of Telnet OSPF SNMP and ICMP z On an S3600 SI switch you can set priority for protocol packets of Telnet SNMP and ICMP Examples Set the IP precedence to 3 for SNMP protocol packets Sysname system view System V...

Page 767: ...h 802 1p 3 is to be mapped in the range 0 to 7 cos4 map local prec Local precedence to which 802 1p 4 is to be mapped in the range 0 to 7 cos5 map local prec Local precedence to which 802 1p 5 is to be mapped in the range 0 to 7 cos6 map local prec Local precedence to which 802 1p 6 is to be mapped in the range 0 to 7 cos7 map local prec Local precedence to which 802 1p 7 is to be mapped in the ra...

Page 768: ... queue3 width queue4 width queue5 width queue6 width queue7 width wrr queue0 weight queue1 weight queue2 weight queue3 weight queue4 weight queue5 weight queue6 weight queue7 weight undo queue scheduler View System view Ethernet port view Parameters strict priority Uses the Strict Priority SP algorithm for queue scheduling wfq Uses the Weighted Fair Queuing WFQ algorithm for queue scheduling queue...

Page 769: ...r WFQ still applies In this case both SP and WRR or WFQ are adopted Note that z The queue scheduling algorithm specified by executing the queue scheduler command in system view takes effect on all the ports The queue scheduling algorithm configured in port view must be the same as that configured in system view Otherwise the system will prompt configuration errors For example if you configure queu...

Page 770: ... 2 4 4 6 6 8 8 Configure Ethernet 1 0 1 to adopt the WRR queue scheduling algorithm setting the weights of queue 0 through queue 7 to 1 2 3 4 5 6 7 and 8 Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 queue scheduler wrr 1 2 3 4 5 6 7 8 Display the global queue scheduling configuration Sysname Ethernet1 0 1 display queue scheduler Queue scheduling mode weighted round robin weight of queue ...

Page 771: ...r the statistics about inbound packets matching ACL 2008 on Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 reset traffic statistic inbound ip group 2008 Display the current traffic statistics of Ethernet 1 0 1 Sysname Ethernet1 0 1 display qos interface Ethernet 1 0 1 traffic statistic Ethernet1 0 1 traffic stat...

Page 772: ...fic limit command is configured to limit the rate of packets sourced from IP address 1 1 1 1 within 128 kbps Whether packets conforming to the rate limit of 128 kbps sourced from IP address 1 1 1 1 and destined to IP address 2 2 2 2 referred to as packets A later will be dropped depends on the union effect keyword of the traffic limit command z If the union effect keyword is not specified the traf...

Page 773: ...d off to N 1 64 burst bucket burst bucket size Specifies the maximum burst traffic size in KB allowed The burst bucket size argument ranges from 4 to 512 and defaults to 512 Note that it must be an integer power of 2 exceed action Specifies the action to be taken when the traffic rate exceeds the threshold The action argument can be z drop Drops the packets z remark dscp value Sets a new DSCP valu...

Page 774: ...alue in digits in the range of 0 to 7 for the pre value argument or in words as shown in Table 1 6 Alternatively you can specify the from cos keyword for the switch to extract the 802 1p priority for the IP precedence cos pre value from ipprec Sets the 802 1p priority You can assign a value in digits in the range of 0 to 7 for the pre value argument or in words as shown in Table 1 10 Alternatively...

Page 775: ...y of the inbound packets with 802 1p priority 5 to 1 on Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname acl number 4000 Sysname acl ethernetframe 4000 rule permit cos 5 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 traffic priority inbound link group 4000 cos 1 Set the DSCP precedence of inbound DNS protocol packet...

Page 776: ... of 0 to 7 for the pre value argument or in words as shown in Table 1 6 Alternatively you can specify the from cos keyword for the switch to extract the 802 1p priority for the IP precedence cos pre value from ipprec Sets the 802 1p priority You can assign a value in digits in the range of 0 to 7 for the pre value argument or in words as shown in Table 1 10 Alternatively you can specify the from i...

Page 777: ...out this argument refer to Table 1 4 and Table 1 5 Note that the ACL rules referenced must be those defined with the permit keyword cpu Redirects the packets to the CPU interface interface type interface number Specifies the target port to which the packets are to be redirected The interface type interface number argument refers to the port type and port number link aggregation group agg id Specif...

Page 778: ...r to VLAN VPN module of this manual for information about selective QinQ Examples Redirect the inbound packets sourced from the IP network segment 1 1 1 0 24 to Ethernet 1 0 7 on Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 1 1 1 0 0 0 0 255 Sysname acl basic 2000 quit Sysname interface Ethernet 1 0...

Page 779: ... statistic inbound acl rule undo traffic statistic inbound acl rule View Ethernet port view Parameters inbound Enables traffic accounting for the inbound packets acl rule ACL rules to be applied for traffic classification This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 4 and Table 1 5 Note that the ACL rules referenced must be those d...

Page 780: ...ters queue index Queue number in the range of 0 to 7 qstart Number of the packets contained in the queue in the range 1 to 128 probability Dropping probability in the range of 0 to 92 in percentage Description Use the wred command to enable the WRED function Use the undo wred command to restore the default By default the WRED function is disabled Examples Enable the WRED function for queue 2 on Et...

Page 781: ...iding this argument in the form of interface type interface number to interface type interface number Description Use the apply qos profile command to apply a QoS profile to a port in Ethernet port view or multiple ports in system view Use the undo apply qos profile command to remove a QoS profile from a port in Ethernet port view or multiple ports in system view Examples Apply the QoS profile nam...

Page 782: ...ofiles Examples Display the configuration of the QoS profile named test Sysname display qos profile name test qos profile test 3 actions packet filter inbound ip group 2000 rule 0 traffic limit inbound ip group 3000 rule 0 64 traffic priority inbound ip group 4000 rule 0 cos controlled load Display the configuration of the QoS profile applied to the 802 1x user abc net Sysname display qos profile ...

Page 783: ...000 to 64 kbps traffic priority inbound ip group 4000 rule 0 cos controlled load Set the 802 1p precedence of the inbound packets matching rule 0 of ACL 4000 to controlled load that is 802 1p precedence 0 User abc net applied qos profile test 3 actions The QoS profile applied to 802 1x user abc net is named test and contains three actions User s qos profile applied mode The QoS profile is dynamica...

Page 784: ...qos profile a123 Sysname qos profile a123 packet filter inbound link group 4000 qos profile Syntax qos profile profile name undo qos profile profile name View System view Parameters profile name QoS profile name a case insensitive string of 1 to 32 characters starting with an English letter in the range a to z and A to Z Note that a QoS profile name cannot be all interface user undo or name Descri...

Page 785: ... of a QoS profile is user based Note that z If the 802 1x authentication is MAC based you need to configure the QoS profile application mode to be user based z If the 802 1x authentication is port based you need to configure the QoS profile application mode to be port based Examples Configure the QoS profile application mode on Ethernet 1 0 1 to be port based Sysname system view System View return...

Page 786: ... destined to IP address 2 2 2 2 and the traffic limit command is configured to limit the rate of packets sourced from IP address 1 1 1 1 within 128 kbps Whether packets conforming to the rate limit of 128 kbps sourced from IP address 1 1 1 1 and destined to IP address 2 2 2 2 referred to as packets A later are dropped depends on the union effect of the traffic limit command z If the union effect k...

Page 787: ...in KB allowed in the range 4 to 512 This argument defaults to 512 and must be an integer power of 2 exceed action Specifies the action to be taken when the traffic rate exceeds the threshold The action can be z drop Drops the packets z remark dscp value Sets a new DSCP value for the packets and then forwards the packets Description Use the traffic limit command to add the traffic policing action t...

Page 788: ...1 10 for the pre value argument The from ipprec keyword specifies to use the IP precedence as the 802 1p priority local precedence pre value Sets the local precedence value in the range of 0 to 7 Description Use the traffic priority command to add a priority marking action to a QoS profile Use the undo traffic priority command to remove a priority marking action from a QoS profile Do not configure...

Page 789: ...i Table of Contents 1 Web Cache Redirection Configuration Commands 1 1 Web Cache Redirection Configuration Commands 1 1 display webcache 1 1 webcache address 1 2 webcache redirect vlan 1 4 ...

Page 790: ...one Description Use the display webcache command to view Web cache redirection configuration and the status of Web cache Examples Display Web cache redirection configuration and the status of Web cache Sysname display webcache webcache IP address 1 1 1 1 webcache MAC address 000f e20f 0000 webcache port Ethernet1 0 1 webcache VLAN 1 webcache TCP port 80 webcache redirect VLAN VLAN 2 Valid VLAN 3 I...

Page 791: ...s not enabled z Enable but no detection Indicates that the redirection function is enabled but Web cache detection is not started z Enable and detecting Indicates that the redirection function is enabled and the system is detecting the Web cache device z Enable but hardware not support Indicates that the redirection function is enabled but the hardware does not support this function z Enable but d...

Page 792: ...rver belongs to must be up otherwise the Web cache redirection function will not take effect z If you configured both the Web cache redirection function and the STP function to ensure that the Web cache redirection function can take effect you are recommended to configure the port connecting the Web cache server as a trunk or hybrid port and configure the port to permit packets of the VLAN through...

Page 793: ...d to create the VLAN interface for the VLAN z You can configure multiple redirected VLANs by executing the webcache redirect vlan command repeatedly You can configure up to 8 redirected VLANs z If you do not specify the vlan id argument when executing the undo webcache redirect vlan command the command will remove all the configured redirected VLANs z The VLAN interface of a redirected VLAN must b...

Page 794: ...splay mirror 1 1 display mirroring group 1 2 mirroring group 1 4 mirroring group mirroring port 1 4 mirroring group monitor port 1 6 mirroring group reflector port 1 7 mirroring group remote probe vlan 1 8 mirroring port 1 8 monitor port 1 9 remote probe vlan enable 1 10 ...

Page 795: ... monitor port This command is available only on the S3600 SI series Ethernet switches Examples Display the port mirroring settings on your S3600 SI series Ethernet switch Sysname display mirror Monitor port Ethernet1 0 1 Mirroring port Ethernet1 0 2 both Table 1 1 Description on the fields of the display mirror command Field Description Monitor port Destination port in port mirroring Mirroring por...

Page 796: ...ter settings of all mirroring groups local Specifies to display the parameter settings of local port mirroring groups remote destination Specifies to display the parameter settings of the destination groups for remote mirroring remote source Specifies to display the parameter settings of the source groups for remote mirroring Description Use the display mirroring group command to display port mirr...

Page 797: ... can be local remote source or remote destination status Status of the port mirroring group which can be active or inactive mirroring port Source port in port mirroring This field is available only for local mirroring groups or remote source mirroring groups both inbound outbound The direction of the mirrored packets which can be one of the following z both means packets received on and sent from ...

Page 798: ... a port mirroring group The mirroring group you created can take effect only after you configure other parameters for it Note that an S3600 EI series Ethernet switch supports configuring only one destination port in local port mirroring or one reflector port in remote port mirroring That is on an S3600 EI switch there can be only one effective local mirroring group or one effective remote source m...

Page 799: ...e the mirroring group mirroring port command to configure the source ports for a local mirroring group or a remote source mirroring group Use the undo mirroring group mirroring port command to remove the source ports of a local mirroring group or a remote source mirroring group Note that z You cannot configure a member port of an existing mirroring group or a fabric port as a source port for port ...

Page 800: ...rroring group or a remote destination mirroring group Note that z You cannot configure a member port of an existing mirroring group a member port of an aggregation group a fabric port or a port enabled with LACP or STP as the destination port z Before configuring a destination port for a local mirroring group make sure that the corresponding mirroring group has already been created z It is recomme...

Page 801: ...rt cannot be a member port of an existing mirroring group a fabric port a member port of an aggregation group or a port enabled with LACP or STP It must be an access port and cannot be configured with functions like VLAN VPN port loopback detection packet filtering QoS port security and so on z When a port is configured as a reflector port the switch configures its link state as up duplex mode as ...

Page 802: ...robe VLAN for a remote source destination mirroring group Note that before configuring a VLAN as the remote probe VLAN for a remote source destination mirroring group you need to use the remote probe vlan enable command to configure the VLAN as a remote probe VLAN first Related commands display mirroring group remote probe vlan enable This command is only available for S3600 EI series Ethernet swi...

Page 803: ...ng group display mirror z When you configure mirroring source port on an Ethernet port of an S3600 EI series Ethernet switch if mirroring group 1 does not exist the switch will automatically create local mirroring group 1 and add the source port to the group if mirroring group 1 already exists but is not a local mirroring group your configuration of the source port will fail z When you configure m...

Page 804: ...gure mirroring destination port on an Ethernet port of an S3600 EI series Ethernet switch if mirroring group 1 does not exist the switch will automatically create local mirroring group 1 and add the destination port to the group if mirroring group 1 already exists but is not a local mirroring group your configuration of the destination port will fail z When you configure mirroring destination port...

Page 805: ...gement VLAN or a dynamic VLAN as the remote probe VLAN z A remote probe VLAN cannot be removed directly To do that you need to run the undo remote probe vlan enable command in VLAN view first Related commands mirroring group remote probe vlan This command is only available for S3600 EI series Ethernet switches Examples Configure VLAN 5 as the remote probe VLAN Sysname system view System View retur...

Page 806: ...ange unit id 1 2 display ftm 1 4 display irf fabric 1 7 fabric member auto update software enable 1 8 fabric save unit id 1 9 fabric port enable 1 11 ftm fabric vlan 1 12 irf fabric authentication mode 1 12 port link type irf fabric 1 13 reset ftm statistics 1 14 set unit name 1 14 sysname 1 15 ...

Page 807: ...ID of the current switch note the following z If the modified unit ID is not used in the IRF fabric the system sets its priority to 5 and saves it in the Flash memory of the current switch z If the modified unit ID is being used the system prompts you to confirm if you really want to change the unit ID If you choose to change it the existing unit ID is replaced and the priority is set to 5 The ori...

Page 808: ...umbering mode Description Use the change unit id command to configure the unit ID of a specified switch in an IRF fabric to a new value By default when a switch is added to an IRF fabric it uses the automatically assigned unit ID When you change the unit ID of a switch in an IRF fabric note the following z If the modified unit ID of the switch is not used in the fabric the system sets its priority...

Page 809: ...00f e20f 5132 10 Left 1 A 3 000f e20f 5252 10 Right 1 A 4 000f e20f 8922 10 Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A Change the unit ID of the switch from 6 to 4 Sysname system view System View return to User View with Ctrl Z Sysname change unit id 6 to 4 The unit 4 already exists in fabric Continue Y N y Apr 2 0...

Page 810: ...tatistics topology database Displays the topology database information of the fabric Description Use the display ftm command to display the protocol information or the topology database information of the current fabric Examples Display the FTM module information of the switch Sysname display ftm information FTM State HB STATE Unit ID 2 FTM Master Fabric Type Line Fabric Auth NONE Fabric Vlan ID 4...

Page 811: ...c name of the fabric are different z Isolated different version The software version of the directly connected device and that of the current device are different z Isolated auth failure The IRF fabric authentication modes configured for the local device and that of the fabric are not the same or the password configured does not match z Isolated connection error Fabric port connection error occurs...

Page 812: ...ID A M 1 000f e20f 5002 10 Left Right 1 A 2 000f e20f 5132 10 Left Right 1 A 3 000f e20f 5252 10 Left Right 1 A 4 000f cbb7 3264 5 Left Right 1 M 5 000f cbb7 2142 10 Left Right 1 A 6 000f e20f 8922 10 Left Right 1 A 7 000f cbb7 2260 10 Left Right 1 A 8 000f cbb7 2734 10 Left Right 1 A Table 1 2 display ftm topology database command output description Field Description UID Unit ID Priority Priority...

Page 813: ... From the above example you can see the following z The name of the fabric is Sysname z The system operation mode is Layer 3 forwarding z The current device is 1 marked by z The name of the current device is First the name of a device can be configured by using the set unit name command z The other unit in the fabric is numbered 2 Display fabric operation status on the console port of unit 1 Sysna...

Page 814: ...fabric are different thus reducing the manual maintenance workload z You need to enable the IRF automatic fabric function on all the devices including the candidate switch in the fabric to enable the candidate switch to download software and discovery neighbors and thus be added to the fabric normally z If the candidate switch is going to download software from a unit in an IRF fabric you are reco...

Page 815: ... topology database Total number of units in fabric 8 My Unit ID 1 UID CPU Mac Priority Stack Port Board ID A M 1 000f e20f 5002 10 Right 1 A 2 000f e20f 5132 10 Left 1 A 3 000f e20f 5252 10 Right 1 A 4 000f e20f 8922 10 Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A Save the unit IDs of all the units in an IRF fabric t...

Page 816: ...it 1 removed unit ID successfully Apr 2 19 43 24 368 2000 Sysname FTM 3 FTMCHIDAUTO 1 Change unitid to auto successful unit 1 removed UnitID from flash Unit 2 removed unit ID successfully Unit 3 removed unit ID successfully Unit 4 removed unit ID successfully Unit 5 removed unit ID successfully Unit 6 removed unit ID successfully Unit 7 removed unit ID successfully Unit 8 removed unit ID successfu...

Page 817: ...figured as fabric ports at a time Given a group either GigabitEthernet 1 1 1 or GigabitEthernet 1 1 3 can be configured as the left fabric port and either GigabitEthernet 1 1 2 or GigabitEthernet 1 1 4 can be configured as the right fabric port z Establishing an IRF system requires a high consistency of the configuration of each device Hence before you bring up the fabric port do not perform any c...

Page 818: ...mit IRF data among devices avoiding packets being sent to non fabric ports You need to specify the IRF fabric VLAN before the IRF fabric is established Because after the fabric is established the VLAN cannot be modified Examples Specify VLAN 2 of the switch as an IRF fabric VLAN Sysname system view System View return to User View with Ctrl Z Sysname ftm fabric vlan 2 irf fabric authentication mode...

Page 819: ...ation mode simple hello port link type irf fabric Syntax port link type irf fabric View Ethernet port view Parameters None Description Use the port link type command to configure an Ethernet port as the fabric port This command has the same function with the fabric port enable command and is available only in gigabit port view By default no port is configured as the fabric port Note that After you...

Page 820: ...sname reset ftm statistics set unit name Syntax set unit unit id name unit name View System view Parameters unit id Unit ID of a device unit name Name of the specified unit a string of 1 to 64 characters Description Use the set unit name command to set a name for a device Device name visually identifies a device by showing its location role in the fabric and connected networks thus facilitating co...

Page 821: ...e undo sysname command to restore the default fabric name Before a new device is added into a fabric make sure that the fabric name of the device and the fabric name of the devices in the fabric are consistent You can enable the IRF automatic fabric function by using the fabric member auto update software enable command to configure the device to synchronize the fabric name automatically By defaul...

Page 822: ...p timer port delay 1 12 Cluster Configuration Commands 1 12 add member 1 12 administrator address 1 13 auto build 1 14 build 1 16 cluster 1 18 cluster enable 1 18 cluster switch to 1 19 cluster mac 1 20 cluster mac syn interval 1 21 delete member 1 21 display cluster 1 22 display cluster candidates 1 24 display cluster members 1 26 ftp cluster 1 27 ftp server 1 28 holdtime 1 29 ip pool 1 30 loggin...

Page 823: ...8 black list 1 38 display cluster base members 1 39 display cluster base topology 1 40 display cluster black list 1 41 display cluster current topology 1 42 display ntdp single device mac address 1 43 topology accept 1 44 topology restore from 1 45 topology save to 1 46 ...

Page 824: ...rval to send NDP packets the holdtime of NDP information and the NDP status and neighbor information on all ports If executed with the interface keyword the display ndp command will display the NDP status of the specified interfaces and the related information of the peer device If executed without the interface keyword the command will display the global NDP configuration information and the stat...

Page 825: ...g Timer Holdtime for neighbors to keep the NDP information of the switch which is configured through the ndp timer aging command Interface Port index used to identify a port Status NDP state on the port enabled disabled Pkts Snd Number of NDP packets sent by the port Pkts Rvd Number of NDP packets received by the port Pkts Err Number of error NDP packets received by the port Neighbor 1 Aging Time ...

Page 826: ...le and execution of the command will enable NDP on the current port only By default NDP is enabled both globally and on ports Note that NDP can take effect on a port only when NDP is enabled both globally and on the port Examples Enable NDP globally and then enable NDP on port Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname ndp enable Sysname interface Ethern...

Page 827: ...ds undo ndp timer hello View System view Parameters timer in seconds Interval between sending NDP packets ranging from 5 to 254 seconds Description Use the ndp timer hello command to set the interval between sending NDP packets Use the undo ndp timer hello command to restore the default interval By default this interval is 60 seconds A switch should update the NDP information of its neighbors regu...

Page 828: ...P statistics on the specified ports if you do not specify the interface keyword the command will clear NDP statistics on all ports You can use the display ndp command to view the NDP statistics before and after the execution of the reset ndp statistics command to verify the execution result Examples Display the NDP statistics on port Ethernet 1 0 6 Sysname display ndp interface ethernet 1 0 6 Inte...

Page 829: ...his device Hops Hop count for topology collection which is configured through the ntdp hop command Timer Interval to collect topology information which is configured through the ntdp timer command disable means this switch is not a management device and does not perform periodic topology collection Hop Delay Delay for other devices to forward topology collection requests which is configured throug...

Page 830: ...vice IP IP address and mask length of the management VLAN interface on the collected device PLATFORM Platform information about the collected device Display detailed device information collected by NTDP Sysname display ntdp device list verbose Hostname H3C MAC 000f e20f 1234 Hop 0 Platform S3600 IP 100 100 1 1 24 Version H3C Comware Platform Software Comware Software Version 3 10 Copyright c 2004 ...

Page 831: ...vice Platform Software platform of the collected device IP IP address and mask length of the cluster management VLAN interface on the collected device Version Software version of the collected device Cluster The role of the collected device for the cluster Peer MAC MAC address of a neighbor device connected to the collected device Peer Port ID Index of the port on the neighbor device connected to ...

Page 832: ... ntdp explore command to manually start a topology collection process NTDP is able to periodically collect topology information In addition you can use this command to manually start a topology collection process at any moment If you do this NTDP collects NDP information from all devices in a specific network range which can be set through the ntdp hop command as well as the connection information...

Page 833: ...mmand is applicable to both the periodic and manual topology collection z This command is only applicable to topology collecting device and a wider collection range requires more memory of the topology collecting device Examples Set the topology collection range to 5 hops aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname ntdp hop 5 ntdp timer Syntax ntdp timer int...

Page 834: ...rs time Device forwarding delay in milliseconds This argument ranges from 1 to 1 000 Description Use the ntdp timer hop delay command to set the delay for devices to forward topology collection requests Use the undo ntdp timer hop delay command to restore the default device forwarding delay By default the device forwarding delay is 200 ms Network congestion may occur if large amount of topology re...

Page 835: ... device in a short period To avoid this case after a collected switch forwards a received topology collection request through a port it delays for a period before it forwards the request through the next port You can use the ntdp timer port delay command to set the delay You can use the command on a collecting switch The delay value you set by the ntdp timer port delay command is carried in the to...

Page 836: ...t available member number to the new member If you want to specify the member manually you need to specify a number that is never used by a member device of the cluster After you add a candidate device to the cluster the super password of the device automatically changes to the super password of the management device If the management device changes its super password the member devices will autom...

Page 837: ...ember device from the cluster Examples Remove the current member device from the cluster aaa_1 Sysname system view System View return to User View with Ctrl Z aaa_1 Sysname cluster aaa_1 Sysname cluster undo administrator address auto build Syntax auto build recover View Cluster view Parameters recover Recovers all member devices Description Use the auto build command to start an automatic cluster...

Page 838: ... ACL 3998 and ACL 3999 can neither be configured modified nor removed Examples Start an automatic cluster building process Sysname system view System View return to User View with Ctrl Z Sysname cluster Sysname cluster auto build There is no base topology if set up from local flash file Y N n Please input cluster name aaa Collecting candidate list please wait Apr 3 08 12 32 832 2000 aaa_0 Sysname ...

Page 839: ...in cluster aaa Apr 3 08 12 38 367 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e200 5600 is joined in cluster aaa Cluster auto build Finish 8 member s added successfully aaa_0 Sysname cluster build Syntax build name undo build View Cluster view Parameters name Name to be set for the cluster a string of up to 8 characters which can only be alphanumeric characters minus signs and underscores _ Descri...

Page 840: ...as follows z When you execute the add member command on the management device to add a candidate device to a cluster the candidate device changes to a member device and its UDP port 40000 is opened at the same time z When you execute the auto build command on the management device to have the system automatically add candidate devices to a cluster the candidate devices change to member devices and...

Page 841: ... System View return to User View with Ctrl Z Sysname cluster Sysname cluster cluster enable Syntax cluster enable undo cluster enable View System view Parameters None Description Use the cluster enable command to enable the cluster function Use the undo cluster enable command to disable the cluster function By default the cluster function is enabled Note that z To create a cluster on a management ...

Page 842: ... to command to switch between the management device and a member device for configuration and management On the management device you can switch to the view of a member device to configure and manage the member device and then switch back to the management device Both switching directions from the management device to a member device and from a member device to the management device will use Telne...

Page 843: ...0000 0180 C200 000A 0180 C200 0020 to 0180 C200 002F Description Use the cluster mac command to configure a multicast destination MAC address for HGMPv2 protocol packets Use the undo cluster mac command to restore the default multicast destination MAC address of HGMPv2 protocol packets The default multicast destination MAC address of HGMPv2 protocol packets is 0180 C200 000A Note that you can only...

Page 844: ... one minute HGMPv2 multicast MAC synchronization packets are used for synchronizing the HGMPv2 multicast MAC address configuration configured through the cluster mac command between devices in a cluster so that HGMPv2 protocol packets can be forwarded normally within the cluster HGMPv2 multicast MAC synchronization packets are Layer 2 multicast packets If you set this interval to zero on a managem...

Page 845: ...ith the to black list keyword specified to remove a device and add the device to the blacklist of the cluster z Before using the delete member command to remove a device from the cluster use the undo ndp enable and undo ntdp enable command to disable NDP and NTDP on the ports of the device which connect with the cluster member devices This command is applicable to management devices only Related c...

Page 846: ...rator Management vlan 100 Handshake timer 10 sec Handshake hold time 60 sec IP Pool 20 1 1 1 24 cluster mac 0180 c200 000a No logging host configured No SNMP host configured No FTP server configured No TFTP server configured 3 member s in the cluster and 0 of them down Display cluster information on a member device aaa_2 3600 3 display cluster Cluster name aaa Role Member Member number 2 Managemen...

Page 847: ...date devices of a cluster You can only use this command on a management device Note that after a cluster is set up on an S3600 series switch the switch will collect the topology information of the network at the topology collection interval you set and automatically add the candidate devices it discovers into the cluster As a result if the topology collection interval is too short the default inte...

Page 848: ...600 3 MAC 000f e20f 3190 Hop 1 Platform S3600 IP 16 1 1 1 24 Display detailed information about all candidate devices aaa_0 Sysname cluster display cluster candidates verbose Hostname H3C MAC 3600 0000 3334 Hop 2 Platform S3600 IP 16 1 1 11 24 Hostname 3600 3 MAC 000f e20f 3190 Hop 1 Platform S3600 IP 16 1 1 1 24 Table 1 7 Description on the fields of display cluster candidates verbose Field Descr...

Page 849: ...ter members SN Device MAC Address Status Name 0 S3600 000f e20f 3901 Admin aaa_0 Sysname 1 S3600 3900 0000 3334 Up aaa_1 H3C 2 S3600 000f e20f 3190 Up aaa_2 3600 3 Table 1 8 Description on the fields of the display cluster members command Field Description SN Member number of a device in the cluster Device Device type MAC Address Device MAC address Status Device status Name Device name Display det...

Page 850: ...Address 000f e20f 3190 Member status Up Hops to administrator device 1 IP 16 1 1 1 24 Version H3C Comware Platform Software Comware Software Version 3 10 Copyright c 2004 2007 Hangzhou H3C Tech Co Ltd All rights reserved S3600 28P EI S3600 EI 1545 Table 1 9 Description on the fields of display cluster members verbose Field Description Member number Member number of the device in the cluster Name D...

Page 851: ...tion file backup of the cluster members Related commands ftp server For how to access other FTP servers using the ftp command refer to the FTP SFTP TFTP part of the manual Examples Connect to the FTP server shared by the cluster 123_1 Sysname ftp cluster Trying Press CTRL K to abort Connected 220 FTP service ready User none hello 331 Password required for hello Password 230 User logged in ftp serv...

Page 852: ...gement device will translate the private IP address of the member device to a public network address forward the requests of the member device to the FTP server and forward the responses of FTP server to the member device according to the NAT record Examples Configure FTP server 1 0 0 9 on the management device of a cluster aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_...

Page 853: ...of a cluster ip mask Mask of the cluster IP address pool ip mask length Mask length of the cluster IP address pool Description Use the ip pool command to configure a private IP address pool on the management device Use the undo ip pool command to cancel the IP address pool configuration Before creating a cluster you must first configure a private IP address pool When a candidate device joins a clu...

Page 854: ...ce Note that you must execute the command on a management device For how to configure a switch to send logs to the log host refer to Information Center Operation Examples Configure the device with IP address 10 10 10 9 as the log host of a cluster aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster logging host 10 10 10 9 management vla...

Page 855: ...Examples Specify VLAN 2 as the management VLAN of the current switch Sysname system view System View return to User View with Ctrl Z Sysname management vlan 2 nm interface Vlan interface Syntax nm interface Vlan interface vlan id View Cluster view Parameters vlan id VLAN ID in the range 1 to 4094 The VLAN specified by this argument must have been configured with a VLAN interface address Descriptio...

Page 856: ...rouble due to some configuration errors you can use the remote control function on the management device to maintain the member device remotely For example from the management device you can delete the configuration file on a member device and reboot the member device and recover the device to the normal state with the backup configuration The eraseflash keyword specifies to delete the startup con...

Page 857: ...ame cluster aaa_0 Sysname cluster snmp host 1 0 0 9 tftp get Syntax tftp cluster tftp server get source file destination file View User view Parameters cluster Downloads files through the shared TFTP server of the cluster tftp server IP address or host name of the TFTP server source file Name of the file to be downloaded from the shared TFTP server of the cluster destination file Name of the file ...

Page 858: ...be uploaded to the shared TFTP server destination file Name of the file to which the uploaded file will be saved in the storage directory of the TFTP server Description Use the tftp put command to upload a file from the switch to a specified directory on the TFTP server You can use the tftp server command on the management device to configure the shared TFTP server of the cluster which is used for...

Page 859: ...tp cluster get or tftp cluster put command to download or upload a file from the shared TFTP server the management device translates the private IP address of the member device to a public network address forwards the requests of the member device to the TFTP server and forwards the responses of TFTP server to the member device according to the NAT record Note that you can only use the commands on...

Page 860: ... handshake packets to 3 seconds aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster timer 3 tracemac Syntax tracemac by mac mac address vlan vlan id by ip ip address nondp View Any view Parameters by mac Specifies to trace a device through the specified destination MAC address mac address MAC address of the device to be traced vlan vlan...

Page 861: ...VLAN 1 through its MAC address 00e0 f032 0005 aaa_0 Sysname tracemac by mac 000f e232 0005 vlan 1 Tracing MAC address 000f e232 0005 in vlan 1 1 000f e232 0001 H3C01 Ethernet1 0 2 2 000f e232 0002 H3C02 Ethernet1 0 7 3 000f e232 0003 H3C03 Ethernet1 0 4 4 000f e232 0005 H3C05 Local Trace the device that belongs to VLAN 1 through its IP address 192 168 1 5 aaa_0 Sysname tracemac by ip 192 168 1 5 T...

Page 862: ... and then add it to the cluster blacklist In this case the black list add mac command is equivalent to the delete member member id to black list command Examples Add the device with the MAC address 0010 3500 e001 to the blacklist aaa_0 Sysname system view Enter system view return to user view with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster black list add mac 0010 3500 e001 Delete all addre...

Page 863: ... above or below the node specified by the MAC address member member id Displays the structure of the standard topology three layers above or below the node specified by the member ID Description Use the display cluster base topology command to display the standard topology of the cluster The standard topology of a cluster refers to the topology saved through the topology save to command The standa...

Page 864: ...tax display cluster black list View Any view Parameters None Description Use the display cluster black list command to display the information of devices in the current cluster blacklist Related commands black list Examples Display the contents of the current cluster blacklist aaa_0 Sysname display cluster black list Device ID Access Device ID Access port 000f e200 5502 000f e202 2180 Ethernet1 0 ...

Page 865: ...e in the specified route topology displayed to member id member id2 Displays the topology structure of the route from member id1 to member id2 Description Use the display cluster current topology command to display the topology of the current cluster If to mac address or to member id is not specified the system displays the topology structure three layers below the node specified by the MAC addres...

Page 866: ...ice whose detailed information is to be displayed Description Use the display ntdp single device mac address command to display the detailed information which is collected through NTDP protocol packets about a single device The information displayed by the command is similar to that displayed by the display cluster members command However if you want to display information about a device that is e...

Page 867: ...ace of the device Version Version information Cluster Role the device plays in the cluster Peer MAC MAC address of the peer device Peer Port ID Name of the port on the peer device connecting to the local device Native Port ID Name of the port on the local device connecting to the peer device Speed Rate of the local port connecting to the peer device Duplex Duplex mode of the local port connecting ...

Page 868: ...a slave device in an IRF fabric the standard topology information is saved only to the Flash of the master device in the IRF fabric Related commands display cluster base topology topology restore from topology save to Examples Save the current cluster topology as the base topology and save it in the local flash aaa_0 Sysname system view Enter system view return to user view with Ctrl Z aaa_0 Sysna...

Page 869: ...pology from the flash of the management device in the cluster aaa_0 Sysname system view Enter system view return to user view with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster topology restore from local flash topology save to Syntax topology save to local flash View Cluster view Parameters None Description Use the topology save to command to save the standard topology of the cluster to the ...

Page 870: ... System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster Save the standard topology of the cluster to the local Flash aaa_0 Sysname cluster topology save to local flash Base topology backup to file OK ...

Page 871: ...ply 1 4 display poe temperature protection 1 5 poe enable 1 5 poe legacy enable 1 6 poe max power 1 7 poe mode 1 7 poe power management 1 8 poe priority 1 9 poe temperature protection 1 9 poe update 1 10 update fabric 1 11 2 PoE Profile Configuration Commands 2 1 PoE Profile Configuration Commands 2 1 apply poe profile 2 1 display poe profile 2 2 poe profile 2 3 ...

Page 872: ...mand to view the PoE status of a specific port or all ports of the switch If the interface type interface number argument is not specified the command displays the PoE status of all ports of the switch Related commands poe enable poe max power poe mode poe power management poe priority Examples Display the PoE status of Ethernet 1 0 10 Sysname display poe interface Ethernet1 0 10 Port power enable...

Page 873: ... Low Port max power The maximum available power on the port Port current power The current power on the port Port average power The average power on the port Port peak power The peak power on the port Port current The current on the port Port voltage The voltage on the port Display the PoE status of all ports Sysname display poe interface PORT INDEX POWER ENABLE MODE PRIORITY STATUS Ethernet1 0 1 ...

Page 874: ...rt and the port is not connected to a standard PD for example a PC non standard PD connected will be displayed display poe interface power Syntax display poe interface power interface type interface number View Any view Parameters interface type interface number Port type and port number Description Use the display poe interface power command to view the power information of a specific port of the...

Page 875: ...pply Unit 1 PSE ID 0 PSE Legacy Detection disable PSE Total Power Consumption 0 mW PSE Available Power 300000 mW PSE Peak Value 0 mW PSE Average Value 0 mW PSE Software Version 290 PSE Hardware Version 000 PSE CPLD Version 078 PSE Power Management mode auto Table 1 3 display poe powersupply command output description Field Description PSE ID Identification of the PSE PSE Legacy Detection The enabl...

Page 876: ...ted z The manual keyword indicates that the manual mode is adopted in the PoE management on the port display poe temperature protection Syntax display poe temperature protection View Any view Parameters None Description Use the display poe temperature protection command to display the enable disable status of the PoE over temperature protection function on the switch Related commands poe temperatu...

Page 877: ...tem View return to User View with Ctrl Z Sysname interface Ethernet 1 0 3 Sysname Ethernet1 0 3 poe enable poe legacy enable Syntax poe legacy enable undo poe legacy enable View System view Parameters None Description Use the poe legacy enable command to enable the PD compatibility detection function Use the undo poe legacy enable command to disable the PD compatibility detection function PDs comp...

Page 878: ...of the power is mW and you can set the power in the granularity of 100 mW The actual maximum power will be 5 larger than what you have set allowing for the effect of transient peak power You can use the display poe interface and display poe interface power commands to display the power supply information of a port Examples Set the maximum power supplied by Ethernet 1 0 3 to 15000 mW Sysname system...

Page 879: ...ndo poe power management View System view Parameters auto Adopts the auto mode namely a PoE management mode based on PoE priority of the port manual Adopts the manual mode Description Use the poe power management command to configure the PoE management mode of port used in the case of power overloading Use the undo poe power management command to restore the default mode By default the PoE managem...

Page 880: ...to the new PDs if the available power of the PSE is less than 18 8 W 2 When the auto PoE management mode is adopted z If a PD is plugged into the port with a higher priority when the available power of the PSE is less than 18 8 W the power supply to the port with the biggest number in the port group with the lowest priority is turned off so that a part of power is released for the new PD z If the ...

Page 881: ...rature protection is enabled on the switch Examples Disable PoE over temperature protection on the switch Sysname system view System View return to User View with Ctrl Z Sysname undo poe temperature protection enable The temperature protection is disabled poe update Syntax poe update refresh full filename View System view Parameters refresh The refresh update mode is used when the PSE processing s...

Page 882: ...h 0400_001 S19 Update PoE board successfully update fabric Syntax update fabric file url device name file url View User view Parameters file url File path file name of the host software in the flash memory a string of 1 to 64 characters The specified PSE processing software is a file with the extension s19 device name Specified device in the fabric in the format of unit NO flash which means that t...

Page 883: ...ile transmission Y N y The fabric is being updated 100 The poe2046 s19 is stored on unit 1 successfully The poe2046 s19 is stored on unit 2 successfully Do you want to set poe2046 s19 to be running agent next time to boot Y N y The poe2046 s19 is configured successfully ...

Page 884: ...view Parameters profile name Name of a PoE profile a string of 1 to 15 characters It starts with a letter from a to z or from A to Z and it cannot be any of reserved keywords like all interface user undo and mode interface type interface number Port type and port number With this argument provided you can specify the Ethernet port on which the existing PoE profile configuration is applied in syste...

Page 885: ...be used to query which PoE profile is applied to a port However the command cannot be used to query which PoE features in a PoE profile are applied successfully Examples Apply the existing PoE profile profile test configuration to ports Ethernet 1 0 1 through Ethernet 1 0 9 of the switch Sysname system view System View return to User View with Ctrl Z Sysname apply poe profile profile test interfac...

Page 886: ...de Description Use the poe profile command to create a PoE profile and then enter PoE profile view If the PoE profile is already created you will enter PoE profile view directly Use the undo poe profile command to delete an existing PoE profile The following PoE features can be configured in the PoE profile mode poe enable poe mode signal spare poe priority critical high low poe max power max powe...

Page 887: ...f Contents 1 UDP Helper Configuration Commands 1 1 UDP Helper Configuration Commands 1 1 display udp helper server 1 1 reset udp helper packet 1 1 udp helper enable 1 2 udp helper port 1 3 udp helper server 1 4 ...

Page 888: ...ecified VLAN interface is displayed Examples Display the UDP broadcast relay forwarding information on VLAN interface 1 Sysname display udp helper server interface Vlan interface 1 Interface name Server address Packets sent Vlan interface1 192 1 1 2 0 The information above shows that the IP address of the destination server corresponding to VLAN interface 1 is 192 1 1 2 and no packets have been fo...

Page 889: ...rt numbers into unicasts and forwards them to the destination server Use the undo udp helper enable command to disable UDP Helper function By default UDP Helper is disabled Note that On an S3600 Series Ethernet Switch the reception of directed broadcast packets to a directly connected network is disabled by default As a result UDP Helper is available only when the ip forward broadcast command is c...

Page 890: ... port command to remove the configuration By default the UDP Helper enabled device forwards broadcast packets with any of the six UDP port numbers 53 138 137 49 69 and 37 Note that z You need to enable the UDP Helper function before specifying any UDP port otherwise the system prompts error information When the UDP helper function is disabled all configured UDP ports are disabled including the def...

Page 891: ...dp helper server command to remove the specified destination server No destination server is specified by default Note that z Executing the undo udp helper server command without specifying the ip address argument removes all the destination servers configured on the current interface z You can specify up to 20 destination server IP addresses on a VLAN interface Related commands display udp helper...

Page 892: ...nmp agent local engineid 1 16 snmp agent log 1 17 snmp agent mib view 1 18 snmp agent packet max size 1 19 snmp agent sys info 1 20 snmp agent target host 1 21 snmp agent trap enable 1 22 snmp agent trap ifmib 1 23 snmp agent trap life 1 24 snmp agent trap queue size 1 24 snmp agent trap source 1 25 snmp agent usm user v1 v2c 1 26 snmp agent usm user v3 1 27 2 RMON Configuration Commands 2 1 RMON ...

Page 893: ... entity engine ID remote engineid Displays all the remote SNMP entity engine IDs At present the device does not support application of the keyword Description Use the display snmp agent command to display the local SNMP entity engine ID or all the remote SNMP entity engine IDs Each device managed by the NMS needs a unique engine ID to identify an SNMP agent By default each device has a default eng...

Page 894: ...sion SNMPv1 and SNMPv2c use community name authentication Therefore the SNMPv1 and SNMPv2c messages carry community names if the carried community names are not permitted by the NMS agent the messages will be discarded You need to create a read community name and a write community name separately and these two kinds of community names on the NMS and on the device should be consistent If you execut...

Page 895: ...ll not be lost if the system is rebooted z permanent Modification is permitted but deletion is forbidden z readOnly Read only that is no modification no deletion z other Other storage types display snmp agent group Syntax display snmp agent group group name View Any view Parameters group name Name of the desired SNMP group a string of 1 to 32 characters Description Use the display snmp agent group...

Page 896: ...SNMP group Writeview Writable MIB view corresponding to the SNMP group Notifyview Notify MIB view in which traps can be sent It corresponds to the SNMP group storage type Storage type which can be z volatile Information will be lost if the system is rebooted z nonVolatile Information will not be lost if the system is rebooted z permanent Modification is permitted but deletion is forbidden z readOn...

Page 897: ...orage type nonVolatile View Type included View status active View name ViewDefault MIB Subtree snmpUsmMIB Subtree mask Storage type nonVolatile View Type excluded View status active View name ViewDefault MIB Subtree snmpVacmMIB Subtree mask Storage type nonVolatile View Type excluded View status active View name ViewDefault MIB Subtree snmpModules 18 Subtree mask Storage type nonVolatile View Type...

Page 898: ...uchName error status 0 SNMP PDUs which had tooBig error status Maximum packet size 1500 3669 MIB objects retrieved successfully 26 MIB objects altered successfully 420 GetRequest PDU accepted and processed 832 GetNextRequest PDU accepted and processed 0 GetBulkRequest PDU accepted and processed 1276 GetResponse PDU accepted and processed 24 SetRequest PDU accepted and processed 15 Trap PDUs accept...

Page 899: ... total number of SNMP PDUs which were delivered to the SNMP protocol entity and for which the value of the error status field is tooBig MIB objects retrieved successfully The total number of MIB objects which have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get Request and Get Next PDUs MIB objects altered successfully The total number of MIB objec...

Page 900: ...display snmp agent sys info Syntax display snmp agent sys info contact location version View Any view Parameters contact Displays the contact information of the current device location Displays the physical location of the current device version Displays the version information about the SNMP running in the system Description Use the display snmp agent sys info command to display the system SNMP i...

Page 901: ...ubmodules is enabled Related commands snmp agent trap enable Examples Display the modules that can generate traps and whether the trap function is enabled on the modules Sysname display snmp agent trap list configuration trap enable flash trap enable ospf trap enable standard trap disable system trap enable vrrp trap enable oadp trap disable Enable traps 5 Disable traps 2 In the above output infor...

Page 902: ...e the validity of the sending end of the packets preventing access of illegal users the latter is used to encrypt packets between the NMS and agent preventing the packets from being intercepted A more secure communication between SNMP NMS and SNMP agent can be ensured by configuring whether to perform authentication and privacy or not You can configure whether to perform authentication and privacy...

Page 903: ...the sending of port interface linkUp linkDown traps is enabled Note that you need to enable the generation of port interface linkUp linkDown traps both on the port interface and globally if you want a port interface to generate port interface linkUp linkDown traps when the state of the port interface changes To enable this function on a port interface use the enable snmp trap updown command to ena...

Page 904: ...xamples Start the SNMP agent Sysname system view System View return to User View with Ctrl Z Sysname snmp agent An S3600 Ethernet switch provides the following functions to prevent attacks through unused UDP ports z Starting the SNMP agent opens UDP port used by SNMP agents and the UDP port used by SNMP trap respectively z Shutting down the SNMP agent closes UDP ports used by SNMP agents and SNMP ...

Page 905: ...yption algorithm When creating an SNMPv3 user if you specify an authentication or privacy password as in cipher text you need to use this command to generate a cipher text password by using the specified algorithm and copy the generated cipher text password to use The generated password is related to engine ID password generated under an engine ID can only take effect on this engine ID Related com...

Page 906: ...me and configure read or write access right and ACL Use the undo snmp agent community command to remove an SNMP community Typically public is used as a read community name and private is used as a write community name For the security purposes you are recommended to configure another community name except these two Examples Create an SNMP community named comaccess which has read only permission to...

Page 907: ...mp agent group command to create an SNMP group and set the security mode and corresponding SNMP view of the group Use the undo snmp agent group command to remove an SNMP group For SNMPv3 group name and security mode whether authentication and privacy are performed can jointly define a group Groups with the same group name but different security mode are different groups For the details see the fol...

Page 908: ...l engineid View System view Parameters engineid Engine ID an even number of hexadecimal characters in the range 10 to 64 Description Use the snmp agent local engineid command to set an engine ID for the local SNMP entity Use the undo snmp agent local engineid command to restore the default engine ID By default the engine ID of an SNMP entity is formed by appending the device information to the ent...

Page 909: ...rds and then saves the information related to the operations into the information center of the device z When SNMP logging is enabled on a device SNMP logs are output to the information center of the device With the output destinations of the information center set the output destinations of SNMP logs will be decided z The severity level of SNMP logs is informational that is the logs are taken as ...

Page 910: ...ed in the current MIB view and included indicates that the current MIB includes all the nodes on the subtree By default the view name is ViewDefault which includes all the MIB objects under the ISO MIB subtree except snmpUsmMIB snmpVacmMIB and snmpModules 18 If you specify a mask value in hexadecimal number when creating a MIB view each bit number of the mask value corresponds with each sub OID of...

Page 911: ...t community write rip2write mib view rip2 Create an SNMP MIB view with the name of view a MIB subtree of 1 3 6 1 5 4 3 4 and subtree mask of FE MIB nodes with the OID of 1 3 6 1 5 4 3 x are included in this view with x indicating any integer number Sysname system view System View return to User View with Ctrl Z Sysname snmp agent mib view included view a 1 3 6 1 5 4 3 4 mask FE snmp agent packet m...

Page 912: ...location of the switch contact information for system maintenance and the SNMP version employed by the switch Use the undo snmp agent sys info location command to restore the default contact information and geographical location or stop the running of the corresponding SNMP version If the switch fails you can contact the switch manufacturer according to the system information The SNMP versions of ...

Page 913: ...ess of the host that is to receive the traps port number Number of the UDP port that is to receive the traps in the range 1 to 65 535 params Specifies SNMP target host information to be used in the generation of SNMP traps security string SNMPv1 SNMPv2c community name or SNMPv3 username a string of 1 to 32 characters v1 Specifies SNMPv1 v2c Specifies SNMPv2c v3 Specifies SNMPv3 authentication Conf...

Page 914: ...sh ospf process id ospf trap list standard authentication coldstart linkdown linkup warmstart system vrrp authfailure newmaster View System view Parameters configuration Specifies to send configuration traps flash Specifies to send Flash traps ospf process id ospf trap list Specifies to send OSPF traps The process id argument is a process ID The ospf trap list argument indicates a list of traps to...

Page 915: ...ent trap ifmib link extended View System view Parameters None Description Use the snmp agent trap ifmib link extended command to configure the extended trap Interface description and interface type are added into the extended linkUp linkDown trap Use the undo snmp agent trap ifmib link extended command to restore the default setting By default the linkUp linkDown trap uses the standard format defi...

Page 916: ...tating fault location snmp agent trap life Syntax snmp agent trap life seconds undo snmp agent trap life View System view Parameters seconds SNMP trap aging time in seconds to be set ranging from 1 to 2 592 000 Description Use the snmp agent trap life command to set the SNMP trap aging time SNMP traps exceeding the aging time will be discarded Use the undo snmp agent trap life command to restore t...

Page 917: ...iew System View return to User View with Ctrl Z Sysname snmp agent trap queue size 200 snmp agent trap source Syntax snmp agent trap source interface type interface number undo snmp agent trap source View System view Parameters interface type interface number Interface type and interface number The source IP address of the trap is the IP address of this interface Description Use the snmp agent tra...

Page 918: ...32 characters group name Name of the group corresponding to the user a string of 1 to 32 characters acl number ID of a basic ACL in the range 2000 to 2999 Using basic ACL can restrict the source addresses of SNMP messages namely permitting or refusing the SNMP messages with specific source addresses thus restricting access between the NMS and the agent Description Use the snmp agent usm user v1 v2...

Page 919: ...ny Sysname acl basic 2001 quit Sysname snmp agent sys info version v2c Sysname snmp agent group v2c readCom Sysname snmp agent usm user v2c userv2c readCom acl 2001 Specify the SNMP version of the NMS with an IP address 1 1 1 1 as SNMPv2c fill the write community name field with userv2c Then the NMS can access the agent snmp agent usm user v3 Syntax snmp agent usm user v3 user name group name ciph...

Page 920: ...agent usm user command to remove a user from an SNMP group This command is applicable to SNMPv3 If the agent and the NMS communicate using SNMPv3 messages you need to create an SNMPv3 user first To make the configured user take effect you need to create a group first You can configure whether to perform authentication or privacy when you create a group and configure the algorithm and password for ...

Page 921: ... authentication password to authkey the privacy algorithm to DES and the privacy password to prikey and establish a connection with the device Then the NMS can access the MIB objects in the view ViewDefault on the device Add a user named testUser to the SNMPv3 group named testGroup in cipher mode namely the authentication and privacy passwords should be in cipher text Set the security mode to auth...

Page 922: ... last sampled value Related commands rmon alarm Examples Display the configuration of all the alarm entries Sysname display rmon alarm Alarm table 1 owned by user1 is VALID Samples type absolute Variable formula 1 3 6 1 2 1 16 1 1 1 4 1 etherStatsOctets 1 Sampling interval 20 sec Rising threshold 100 linked with event 1 Falling threshold 10 linked with event 2 When startup enables risingOrFallingA...

Page 923: ...arm is triggered when the falling threshold is reached Latest value The value of the latest sample display rmon event Syntax display rmon event event entry View Any view Parameters event entry RMON event entry index in the range 1 to 65535 If you do not specify the event entry argument the configuration of all the RMON event entries is displayed Description Use the display rmon event command to di...

Page 924: ...play rmon eventlog command to display the log of an RMON event On creating an RMON event you can configure to record the event information into the logbuffer when an event is triggered thus facilitating displaying of the information The recorded information includes z RMON event entry Index z Current RMON event entry status z The time in seconds when an event log is generated in terms of the time ...

Page 925: ...interface type interface number unit unit number View Any view Parameters interface type Interface type interface number Interface number unit unit number Specifies a unit number Description Use the display rmon history command to display the RMON history information about a specified port The information about the latest sample including bandwidth utilization the number of errors the total number...

Page 926: ...uckets Number of the records in the history control table Latest sampled values Latest sampled values dropevents Number of the packet dropping events octets Number of the received transmitted bytes during sampling duration packets Number of the received transmitted packets during sampling duration broadcastpackets Number of the broadcast packets multicastpackets Number of the multicast packets CRC...

Page 927: ...6 1 2 1 16 1 1 1 4 1 100 Description Sampling interval 10 sec Rising threshold 10000 linked with event 1 Falling threshold 2000 linked with event 1 When startup enables risingOrFallingAlarm This entry will exist forever Latest value 0 Table 2 5 display rmon prialarm command output description Field Description Prialarm table Index of an entry in the extended alarm table owned by user1 Entry owner ...

Page 928: ...er View Any view Parameters interface type Interface type interface number Interface number unit unit number Specifies a unit number Description Use the display rmon statistics command to display the RMON statistics on a specified port or a specified unit If you do not specify the port or the unit this command displays the RMON statistics on all the ports or units The information displayed include...

Page 929: ...ticastPkts Number of multicast packets received etherStatsUndersizePkts Number of undersize packets received etherStatsOversizePkts Number of oversize packets received etherStatsFragments Number of undersize packets received with CRC errors etherStatsJabbers Number of oversize packets received with CRC errors etherStatsCRCAlignErrors Number of packets received with CRC errors etherStatsCollisions ...

Page 930: ...t specify the owner text keyword argument combination the owner of the entry is displayed as null Use the undo rmon alarm command to remove an alarm entry from the alarm table You can use the rmon alarm command to define an alarm entry so that a specific alarm event can be triggered under specific circumstances The act such as logging and sending traps to NMS taken after an alarm event occurs is d...

Page 931: ...net 1 0 1 Sysname Ethernet1 0 1 rmon statistics 1 Sysname Ethernet1 0 1 quit Sysname rmon event 1 log Sysname rmon event 2 none Sysname rmon alarm 1 1 3 6 1 2 1 16 1 1 1 4 1 10 absolute rising_threshold 50 1 falling_threshold 5 2 owner user1 Remove the alarm entry numbered 15 from the alarm table Sysname undo rmon alarm 15 rmon event Syntax rmon event event entry description string log trap trap c...

Page 932: ...configure it to be a log event Sysname system view System View return to User View with Ctrl Z Sysname rmon event 10 log rmon history Syntax rmon history entry number buckets number interval sampling interval owner text undo rmon history entry number View Ethernet port view Parameters entry number History entry index in the range of 1 to 65535 buckets number Specifies the size of the history table...

Page 933: ... Expression used to perform operations on the alarm variables a string of 1 to 256 characters The alarm variables in the expression must be represented by OIDs for example 1 3 6 1 2 1 2 1 10 1 8 The operations available are addition subtraction multiplication and division operations The operation results are rounded to values that are of long integer type To prevent invalid operation results make ...

Page 934: ...ned extended alarm expression prialarm formula z Comparing the operation result with the set thresholds and perform corresponding operations as described in Table 2 8 Table 2 8 Operation result and corresponding operation Comparison Operation The operation result is larger than or equal to the set upper threshold threshold value1 Triggering the event identified by the event entry1 argument The ope...

Page 935: ...ner text keyword argument combination the owner of the entry is displayed as null Use the undo rmon statistics command to remove an entry from the statistics table The RMON statistics management function is used to take statistics of the usage of the monitored ports and errors occurred on them The statistics includes the number of the following items z Collisions z Packets with CRC errors z Unders...

Page 936: ...2 15 System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 rmon statistics 20 ...

Page 937: ... authentication enable 1 6 ntp service authentication keyid 1 7 ntp service broadcast client 1 7 ntp service broadcast server 1 8 ntp service in interface disable 1 8 ntp service max dynamic sessions 1 9 ntp service multicast client 1 10 ntp service multicast server 1 10 ntp service reliable authentication keyid 1 11 ntp service source interface 1 12 ntp service unicast peer 1 12 ntp service unica...

Page 938: ... and ntp service multicast server commands enables the NTP feature and opens UDP port 123 at the same time z Execution of the undo form of one of the above six commands disables all implementation modes of the NTP feature and closes UDP port 123 at the same time NTP Configuration Commands display ntp service sessions Syntax display ntp service sessions verbose View Any view Parameters verbose Disp...

Page 939: ...lock is the clock of another switch on the network the value of this field will be the IP address of that switch stra Stratum of the clock of the synchronization source reach Reachability count of the clock source 0 indicates that the clock source is unreachable poll Polling interval in seconds that is the maximum interval between two successive packets now Time elapsing since the last NTP packet ...

Page 940: ...TP services Examples View the status of the NTP service of the local switch Sysname display ntp service status Clock status synchronized Clock stratum 4 Reference clock ID 1 1 1 11 Nominal frequency 100 0000 Hz Actual frequency 100 0000 Hz Clock precision 2 18 Clock offset 0 8174 ms Root delay 37 86 ms Root dispersion 45 98 ms Peer dispersion 35 78 ms Reference time 16 30 46 078 UTC Mar 29 2007 C9...

Page 941: ... dispersion of the remote NTP server in milliseconds Reference time Reference timestamp display ntp service trace Syntax display ntp service trace View Any view Parameters None Description Use the display ntp service trace command to display the brief information of each NTP time server along the time synchronization chain from the local switch to the reference clock source Examples View the brief...

Page 942: ...lled control query refers to query of state of the NTP service including alarm information authentication status clock source information and so on synchronization Synchronization right This level of right permits the peer device to synchronize its clock to the local switch but does not permit the peer device to perform control query server Server right This level of right permits the peer device ...

Page 943: ...peer 2076 Configure the access right from the remote device in ACL 2028 to the local NTP server as server Sysname system view System View return to User View with Ctrl Z Sysname ntp service access server 2028 ntp service authentication enable Syntax ntp service authentication enable undo ntp service authentication enable View System view Parameters None Description Use the ntp service authenticati...

Page 944: ...the Message Digest 5 MD5 algorithm After configuring the NTP authentication key you need to use the ntp service reliable authentication keyid command to specify the authentication key as a trusted key Related commands ntp service reliable authentication keyid Examples Configure an MD5 authentication key with the key ID being 10 and the key being abc Sysname system view System View return to User V...

Page 945: ...u do not need to configure authentication keyid key id if authentication is not required version number Specifies the NTP version number The number argument ranges from 1 to 3 and defaults to 3 Description Use the ntp service broadcast server command to configure an Ethernet switch to operate in the NTP broadcast server mode and send NTP broadcast packets through the current interface Use the undo...

Page 946: ...rvice max dynamic sessions Syntax ntp service max dynamic sessions number undo ntp service max dynamic sessions View System view Parameters number Maximum number of the dynamic NTP sessions that can be established locally This argument ranges from 0 to 100 Description Use the ntp service max dynamic sessions command to set the maximum number of dynamic NTP sessions that can be established locally ...

Page 947: ...h the multicast IP address being 224 0 1 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ntp service multicast client 224 0 1 2 ntp service multicast server Syntax ntp service multicast server ip address authentication keyid key id ttl ttl number version number undo ntp service multicast server ip address View VLAN interf...

Page 948: ... ntp service reliable authentication keyid key id undo ntp service reliable authentication keyid key id View System view Parameters key id Authentication key ID in the range of 1 to 4294967295 Description Use the ntp service reliable authentication keyid command to specify an authentication key as a trusted key Use the undo ntp service reliable authentication keyid command to remove the configurat...

Page 949: ...emove the configuration If you do not want the IP addresses of the other interfaces on the local switch to be the destination addresses of response packets you can use this command to specify a specific interface to send all NTP packets In this way the IP address of the interface is the source IP address of all NTP packets sent by the local device Examples Specify the source IP addresses of all se...

Page 950: ...e ntp service unicast peer command to configure an Ethernet switch to operate in the symmetric active peer mode Use the undo ntp service unicast peer command to remove the configuration By default no NTP operate mode is configured If you use remote ip or peer name to specify a remote device as the peer of the local Ethernet switch the local switch operates in the symmetric active peer mode In this...

Page 951: ... of NTP packets sent by the local switch to the server version number Specifies the NTP version number The number argument ranges from 1 to 3 and defaults to 3 Description Use the ntp service unicast server command to configure an Ethernet switch to operate in the NTP client mode Use the undo ntp service unicast server command to remove the configuration By default no NTP operate mode is configure...

Page 952: ...ort dsa 1 15 public key peer 1 17 public key peer import sshkey 1 17 public key code begin 1 18 public key code end 1 19 rsa local key pair create 1 20 rsa local key pair destroy 1 21 rsa peer public key 1 22 rsa peer public key import sshkey 1 23 ssh authentication type default 1 24 ssh client assign 1 25 ssh client first time enable 1 26 ssh server authentication retries 1 27 ssh server compatib...

Page 953: ...rrent switch s DSA key pair rsa Displays the public key part of the current switch s RSA key pair s Description Use the display public key local command to display the public key part of the current switch s key pairs Related commands public key local create Examples Display the public key part of the current switch s RSA key pair s Sysname display public key local rsa public Time of Key pair crea...

Page 954: ...EF72CE14A0D3A5222FE08CECE65BE6C265854889DC1E DBD13EC8B274DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B06FD60FE01941D DD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B36895038 7811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F0281810082269009E1 4EC474BAF2932E69D3B1F18517AD9594184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD 35D02492B3959EC6499625BC4FA5082E22C5B374E16DD00132CE71B...

Page 955: ...rrent switch by using the public key peer command or the public key peer import sshkey command Related commands public key peer public key peer import sshkey Examples Display brief information about all peer public keys Sysname display public key peer brief Type Module Name RSA 1023 idrsa DSA 1024 127 0 0 1 RSA 1024 18 Display the information about the public key named pubkey name Sysname display ...

Page 956: ...the current switch s RSA key pair s Sysname display rsa local key pair public Time of Key pair created 20 08 35 2000 04 02 Key name Sysname_Host Key type RSA encryption Key Key code 3047 0240 DE99B540 87B666B9 69C948CD BBCC2B60 997F9C18 9AA6651C 6066EF76 242DEAD1 DEFEA162 61677BD4 1A7BFAE7 668EDAA9 FB048C37 A0F1354D 5798C202 2253F4F5 0203 010001 Time of Key pair created 20 08 46 2000 04 02 Key nam...

Page 957: ...w Parameters brief Displays brief information about the public keys of all SSH peers keyname Specifies a key by its name which is a string of 1 to 64 characters Description Use the display rsa peer public key command to display information about the locally saved public keys of all SSH peers If no key name is specified the command displays detailed information about the locally saved public keys o...

Page 958: ...9F6696D31930203010001 display ssh server Syntax display ssh server session status View Any view Parameters session Displays SSH session information status Displays SSH status information Description Use the display ssh server command on an SSH server to display SSH status or session information Related commands ssh server authentication retries ssh server timeout ssh server compatible ssh1x enable...

Page 959: ...State Retry SerType Username VTY 0 2 0 AES started 0 stelnet kk VTY 1 2 0 AES started 0 sFTP abc Table 1 1 Description on the fields of the display ssh server session command Field Description Conn Number of VTY interface used for user login Ver SSH version Encry Encryption algorithm used by SSH State Session status Retry Number of connection retries SerType Service type Username User name display...

Page 960: ... It cannot contain any of these characters slash backslash colon asterisk question mark less than sign greater than sign and the vertical bar sign In addition the sign can appear up to once the username part that is the string before the sign cannot be more than 55 characters and the domain name part cannot be more than 128 characters Description Use the display ssh user information command on an ...

Page 961: ...he SSH Client Sysname display ssh2 source ip The source IP you specified is 192 168 0 1 display ssh server source ip Syntax display ssh server source ip View Any view Parameters None Description Use the display ssh server source ip command to display the current source IP address or the IP address of the source interface specified for the SSH server If neither source IP address nor source interfac...

Page 962: ...Z Sysname rsa peer public key Switch003 RSA public key view return to System View with peer public key end Sysname rsa public key peer public key end Sysname protocol inbound Syntax protocol inbound all ssh telnet View VTY user interface view Parameters all Supports both Telnet and SSH ssh Supports only SSH telnet Supports only Telnet Description Use the protocol inbound command to configure speci...

Page 963: ...ne commands can be executed Examples Configure vty0 through vty4 to support SSH only Sysname system view System View return to User View with Ctrl Z Sysname user interface vty 0 4 Sysname ui vty0 4 authentication mode scheme Sysname ui vty0 4 protocol inbound ssh public key local create Syntax public key local create dsa rsa View System view Parameters dsa Specifies the DSA key pair rsa Specifies ...

Page 964: ...3 14 23 2000 04 06 Key name Sysname_Host Key type RSA encryption Key Key code 305C300D06092A864886F70D0101010500034B003048024100D6665EFEC14F48A5B42A413E 2FACCAA9F02C772AEDC4911E76AAEE55BA49C4A0233D2D80504068BD9C892C0DD9EBBBC7EB 8842ED61CDB418A29CA1362BB48C190203010001 Time of Key pair created 03 14 36 2000 04 06 Key name Sysname_Server Key type RSA encryption Key Key code 307C300D06092A864886F70D0...

Page 965: ... 3724C2EC0736EE31C80291021500C773218C737EC8EE993B4F2DED30F48EDACE915F024062 6D027839EA0A13413163A55B4CB500299D5522956CEFCB3BFF10F399CE2C2E71CB9DE5FA24 BABF58E5B79521925C9CC42E9F6F464B088CC572AF53E6D7880203430002406FBDE6C9BD57 8722585CDF4F3BFB31DD739865D1EA0312EDF2BAF4841C0A963E400640E467206817292CDF E5D91D86FDB9C3A16141E675E6FFC6C2577E660FF1 public key local destroy Syntax public key local destroy...

Page 966: ... SSH1 ssh2 Specifies the format of the exported file as SSH2 filename Name of the file for saving the host public key a string of 1 to 142 characters For file naming rules refer to File System Management Command Description Use the public key local export rsa command to display the host public key of the current switch s RSA key pair on the screen or export it to a specified file If you specify a ...

Page 967: ...t of OpenSSH and save the public key file as pub_ssh_file2 Sysname public key local export rsa openssh pub_ssh_file2 Export the host public key of the RSA key pair in the format of SSH1 and save the public key file as pub_ssh_file3 Sysname public key local export rsa ssh1 pub_ssh_file3 public key local export dsa Syntax public key local export dsa openssh ssh2 filename View System view Parameters ...

Page 968: ...ew minutes Input the bits in the modulus default 1024 Generating keys Display the public key in the SSH2 format Sysname public key local export dsa ssh2 BEGIN SSH2 PUBLIC KEY Comment dsa key 20000406 AAAAB3NzaC1kc3MAAACA11cmLEWExEwhHxi9luXwYcTwpCP3 mtrhbNM73LOFKDTpSIv4Izs5l vmwmWFSIncHtvRPsiydNqfdbomzLmHcjYCeH6SK6hEIfIsPInLmwb9YP4BlB3dd 5rEok9p27r wdEo2X8GeNdyK1NByFBvNYIUsWovrEs2iVA4eBHH2jMAAAAUx3...

Page 969: ...ublic key code begin command to configure the peer public key This public key configuration method requires that you obtain the public key in hexadecimal format in advance Only the public key whose module is of 512 to 2 048 bits can be configured on the device currently Related commands public key code begin public key code end Examples Enter public key view Sysname system view System View return ...

Page 970: ... command the system will automatically identify the format of the public key transforms the public key into the PKCS format and saves the public key locally This public key configuration method requires that the public key file be uploaded to the current switch through FTP or TFTP Examples Import the public key of the user from the public key file named pub ppk and name it as peer pk Sysname syste...

Page 971: ...name rsa public key public key code end Syntax public key code end View Public key edit view Parameters None Description Use the public key code end command to return from public key edit view to public key view and save the public key you input After you use this command to end editing the public key the system will check the validity of the public key before saving the key z If there is any ille...

Page 972: ... length of a server host key must be in the range 512 to 2048 bits and defaults to 1024 If the key pair already exists the system will ask you whether you want to overwrite it z The configuration of this command can survive a reboot You only need to configure it once z After the RSA key pair is generated the display rsa local key pair public command displays two public keys the host public key and...

Page 973: ...03 FA805F72 B2780C9A 041ED99E 2841F600 AB30DB10 821EF338 1FA54FE5 3DC79E46 74E45127 3D4CA70F 253645DA 57524DC3 513BAC53 2C1B7F8F 2481FA79 D4AA15C7 0203 010001 Time of Key pair created 02 32 06 2000 04 09 Key name Sysname_Server Key type RSA encryption Key Key code 3067 0260 C9BEF5C8 1AF3E457 AD007039 DDB21785 28B0204F A9ED61A6 AD381860 9491B700 0286568F 4CAF27B1 1B17B1A2 0D516E74 8DAFA6C1 0F71624B...

Page 974: ...sa peer public key keyname View System view Parameters keyname Name of the public key to be configured a string of 1 to 64 characters Description Use the rsa peer public key command to enter public key view Use the undo rsa peer public key command to remove the setting After using this command you can use the public key code begin command to configure the peer public key This public key configurat...

Page 975: ...om the public key file Use the undo rsa peer public key command to remove the setting z Only public key files in the format of SSH1 or SSH2 are supported z Currently only public keys whose modules are in the range 512 to 2048 bits can be imported to the switch z You may use this command to configure an SSH peer s public key on the current switch After you issue this command the system will automat...

Page 976: ...ntication The authentication modes specified by the rsa keyword and publickey keyword are implemented in the same way Description Use the ssh authentication type default command to specify a default authentication mode for SSH users After this command is configured when an SSH user is added by using the ssh user command the default authentication mode is adopted for the user if no authentication m...

Page 977: ...mented with the same method Description Use the ssh client assign command to specify the name of the public key of the server on the client so that the client can authenticate whether the server to be accessed is reliable Use the undo ssh client assign command to remove the mapping between the client and the public key of the server By default a client does not have the name of the server s public...

Page 978: ...t to run first time authentication for the SSH server it accesses for the first time Use the undo ssh client first time command to disable the client from running first time authentication z With first time authentication enabled an SSH client that is not configured with the server s host public key can continue accessing the server when it accesses the server for the first time and it will save t...

Page 979: ...ffect for all users logging in later Use the undo ssh server authentication retries command to restore the default authentication retry times By default the number of authentication retry times is 3 If you have used the ssh user authentication type command to configure the authentication type of a user to password publickey you must set the authentication retry times to a number greater than or eq...

Page 980: ...tem view System View return to User View with Ctrl Z Sysname ssh server compatible ssh1x enable ssh server rekey interval Syntax ssh server rekey interval hours undo ssh server rekey interval View System view Parameters hours Interval to update the server keys ranging from 1 to 24 in hours Description Use the ssh server rekey interval command to set the interval to update the RSA server keys regul...

Page 981: ...the undo ssh server timeout command to restore the default timeout time that is 60 seconds The configuration here will take effect at next login Related commands display ssh server Examples Set the authentication timeout time to 80 seconds Sysname system view System View return to User View with Ctrl Z Sysname ssh server timeout 80 ssh user Syntax ssh user username undo ssh user username View Syst...

Page 982: ...tication type the SSH service type and the public key for the SSH user An existing SSH user will be removed automatically if it has none of the authentication type the SSH service type and the public key configured Related commands ssh authentication type default ssh user authentication type Examples Specify the default authentication type as password authentication Create an SSH user with the nam...

Page 983: ...subject to the one assigned last time The new public key takes effect when the user logs in next time z On an SSH server you need to assign a public key to each SSH user using publickey authentication z Both publickey and rsa key indicate specifying the publickey key They are implemented with the same method Related commands display ssh user information Examples Assign a public key named 127 0 0 1...

Page 984: ...tication rsa Specifies the authentication mode for the SSH user as publickey RSA key or DSA key authentication The authentication modes specified by the rsa keyword and publickey keyword are implemented in the same way For the password publickey authentication type z SSH1 client users can access the switch as long as they pass one of the two authentications z SSH2 client users can access the switc...

Page 985: ... sftp Specifies that the user can access the SFTP service all Specifies that the user can access both services secure Telnet and SFTP Description Use the ssh user service type command to configure service type for a user so that the user can access specified service s Use the undo ssh user service type command to remove the service type specified for an SSH user The default service type for an SSH...

Page 986: ...fault prefer_stoc_cipher Specifies the preferred server to client encryption algorithm which is AES128 by default z 3des 3DES_cbc encryption algorithm z des DES_cbc encryption algorithm z aes128 AES_128 encryption algorithm prefer_ctos_hmac Specifies the preferred client to server HMAC Hash based message authentication code algorithm which is SHA1_96 by default prefer_stoc_hmac Specifies the prefe...

Page 987: ...x dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96 ssh2 source interface Syntax ssh2 source interface interface type interface number undo ssh2 source interface View System view Parameters interface type Source interface type interface number Source interface number Description Use the ssh2 source interface command to specify a source interface for the SSH ...

Page 988: ...r source interface Syntax ssh server source interface interface type interface number undo ssh server source interface View System view Parameters interface type Source interface type interface number Source interface number Description Use the ssh server source interface command to specify a source interface for the SSH server If the specified interface does not exist the command fails Use the un...

Page 989: ...ress for the SSH server If the specified IP address is not an IP address of the device the command fails Use the undo ssh server source ip command to cancel the source IP address setting Then a local device address determined by the system can be used by users to access the switch Examples Specify source IP address 192 168 0 1 for the SSH server Sysname system view System View return to User View ...

Page 990: ...rename 1 12 reset recycle bin 1 12 rmdir 1 15 undelete 1 15 update fabric 1 16 File Attribute Configuration Commands 1 17 boot attribute switch 1 17 boot boot loader 1 18 boot boot loader backup attribute 1 18 boot web package 1 19 display boot loader 1 20 display web package 1 21 startup bootrom access enable 1 21 Configuration File Backup and Restore Commands 1 22 backup current configuration 1 ...

Page 991: ...ting with flash For example the URL of file text txt in the root directory of the Flash on the current unit is flash text txt z To access a file in the current directory enter the path name or file name directly For example to access file text txt in the current directory you can directly input the file name text txt as the file URL File System Configuration Commands Note to limit the lengths of d...

Page 992: ...Name of the target file Description Use the copy command to copy a file If the fileurl dest argument identifies an existing file the existing file will be overwritten after the command is executed successfully If the path rather than the name of the target file is specified the source file name is used as the target file name by default Examples Copy file config cfg from the root directory to dire...

Page 993: ... the specified file is removed to the recycle bin and you can use the undelete command to restore it You can delete files based on file attribute z If you execute the delete running files command all the files with the main attribute will be deleted z If you execute the delete standby files command all the files with the backup attribute will be deleted For a file that has both the main and backup...

Page 994: ... test test txt Y N y Delete file unit1 flash test test txt Done Delete all the main Web files on the local unit Sysname delete running files Delete all the running files Y N n Delete the running image file Y N n Delete the running config file Y N n Delete the running web file Y N y Start deleting Deleting done Delete all the main files in the fabric Sysname delete running files fabric Delete the r...

Page 995: ...bric If executed without the fabric keyword the command will display information about files and folders in the root directory of the current device z If executed with the file url argument the command will display information about files and folders in the specified directory If executed without the file url argument the command will display information about files and folders in the current work...

Page 996: ...0 rwh 4 Apr 01 2000 23 55 24 snmpboots 1 rw 4724347 Apr 01 2000 23 59 45 test bin 2 rw 1475 Apr 01 2000 23 59 53 config cfg 3 rw 1737 Apr 02 2000 00 46 21 cfg cfg 4 rw 279296 Apr 02 2000 00 21 55 love rar 5 rw 428 Apr 02 2000 13 07 11 hostkey 6 rwh 151 Apr 01 2000 23 58 39 private data txt 7 rw 572 Apr 02 2000 13 07 20 serverkey 8 rw 1589 Apr 02 2000 00 58 20 1 cfg 15367 KB total 10475 KB free wit...

Page 997: ...uration command after this command is configured successfully otherwise this command may not be executed correctly Examples Execute the batch file named test bat under the directory flash Sysname system view System View return to User View with Ctrl Z Sysname execute test bat Sysname Created dir unit1 flash test3 file prompt Syntax file prompt alert quiet View System view Parameters alert Specifie...

Page 998: ...l be displayed when you delete a file Sysname delete unit1 flash te txt Delete file unit1 flash te txt Done Examples Set the prompt mode to quiet for file related operations Sysname system view System View return to User View with Ctrl Z Sysname file prompt quiet fixdisk Syntax fixdisk device View User view Parameters device Name of a device Description Use the fixdisk command to restore space on ...

Page 999: ...ysname format unit1 flash All data on unit1 flash will be lost proceed with format Y N y Format unit1 flash completed mkdir Syntax mkdir directory View User view Parameters directory Name of a directory Description Use the mkdir command to create a subdirectory in the specified directory of a Flash memory Note that z The name of the subdirectory to be created must be unique under the specified dir...

Page 1000: ...e of a file in the Flash memory Description Use the more command to display the contents of a specified file Currently the file system only supports to display the contents of text files Examples Display the content of the file test txt Sysname more test txt AppWizard has created this test application for you This file contains a summary of what you will find in each of the files that make up your...

Page 1001: ...e is used as the target file name by default Examples Move the file 1 txt from flash to flash a within unit1 with the name unchanged Sysname move unit1 flash 1 txt unit1 flash a Move unit1 flash 1 txt to unit1 flash a 1 txt Y N y Moved file unit1 flash 1 txt to unit1 flash a 1 txt Move the file flash 22 txt to unit1 flash test and overwrite the file in the directory unit1 flash test Sysname move 2...

Page 1002: ...t Target path name or file name Description Use the rename command to rename a file or a directory If the target file name or directory name is the same with any existing file name or directory name you will fail to perform the rename operation Examples Rename the file config txt to config bak Sysname rename config txt config bak Rename unit1 flash config txt to unit1 flash config bak Y N y Rename...

Page 1003: ...ll not ask for your confirmation Use the reset recycle bin fabric command to permanently delete files in the recycle bin of all the devices in the fabric The system will not prompt you to confirm deletion of each file when you clear recycle bins throughout the fabric The files deleted by the delete command without the unreserved keyword are moved to the recycle bin To delete them permanently you c...

Page 1004: ...g cfg 2 rw 8036197 May 14 2000 10 13 18 main bin 3 rw 2386 Apr 26 2000 13 30 30 back cfg 4 drw May 08 2000 09 49 25 test 5 rwh 716 Apr 24 2007 16 17 30 hostkey 6 rwh 572 Apr 24 2007 16 17 44 serverkey 15367 KB total 6734 KB free The above information indicates that file flash a cfg and flash b cfg are deleted permanently z In directory flash test see whether the file in the recycle bin is deleted ...

Page 1005: ...y unit1 flash dd undelete Syntax undelete file url View User view Parameters file url Path name or file name of a file in the Flash memory Description Use the undelete command to restore a deleted file from the recycle bin If the name of the file to be restored is the same as that of an existing file the existing file will be overwritten after the command is executed successfully Examples Restore ...

Page 1006: ...the file used for upgrading will be copied to the root directories of other units in the fabric z When you execute the update fabric command the system first collects the free space information of each unit and then decides whether the available Flash memory space is enough on each unit The available space of the Flash should be at least 1 K larger than the size of the file used for upgrading If a...

Page 1007: ...t to set test bin to be running agent next time to boot Y N y The test bin is configured successfully File Attribute Configuration Commands boot attribute switch Syntax boot attribute switch all app configuration web fabric View User view Parameters all Specifies all the files including app files configuration files and Web files app Specifies app files configuration Specifies configuration files ...

Page 1008: ...ce in the fabric to be with the main attribute The app file specified by this command becomes the main startup file when the device starts up next time If you execute the boot boot loader command without the fabric keyword the configuration applies to the local unit only Before configuring the main or backup attribute for a file in the fabric make sure the file already exists on all devices in the...

Page 1009: ...tion applies to the local unit only Before configuring the main or backup attribute for a file in the fabric make sure the file already exists on all devices in the fabric This is because Ethernet switches do not allows you to specify an app file in other unit s Flash memory as the app startup file of the local unit Examples Configure the file backup bin to be the backup startup file of the fabric...

Page 1010: ...e named boot web to be with the main attribute Sysname boot web package boot web main display boot loader Syntax display boot loader unit unit id View Any view Parameters unit unit id Specifies the unit ID of a switch The APP startup file information of the specified unit will be displayed Description Use the display boot loader command to display the information about the APP startup files of the...

Page 1011: ...ackage is flash h3c http3 1 5 0040 web The main web package is unit1 flash h3c http3 1 5 0040 web The backup web package is unit1 flash startup bootrom access enable Syntax startup bootrom access enable undo startup bootrom access enable View User view Parameters None Description Use the startup bootrom access enable command to specify a switch to prompt users to use customized password to enter t...

Page 1012: ...s of a TFTP server dest hostname Host name of a TFTP server filename cfg Name of the configuration file to which the current configuration will be backed up a string of 5 to 56 characters including the extension cfg Description Use the backup unit unit id current configuration to command to back up the current configuration of the specified switch to the specified TFTP server Use the backup fabric...

Page 1013: ...tion of the whole fabric system source addr IP address of a TFTP server source hostname Host name of a TFTP server filename cfg Name of the configuration file to be restored to a string of 5 to 56 characters including the extension cfg Description Use the restore unit unit id startup configuration from command to restore the startup configuration of the specified switch from the configuration file...

Page 1014: ...ss 1 1 1 253 Sysname restore fabric startup configuration from 1 1 1 253 bbb cfg Restore startup configuration from 1 1 1 253 Please wait File will be transferred in binary mode Downloading file from remote tftp server please wait TFTP 2029 bytes sent in 0 second s File downloaded successfully Unit 7 Restore startup current configuration finished Unit 8 Restore startup current configuration finish...

Page 1015: ...tion Commands 1 7 ascii 1 7 binary 1 8 bye 1 8 cd 1 9 cdup 1 9 close 1 10 delete 1 10 dir 1 11 disconnect 1 12 display ftp source ip 1 12 ftp 1 13 ftp cluster remote server source interface 1 13 ftp cluster remote server source ip 1 14 ftp source interface 1 15 ftp source ip 1 15 get 1 16 lcd 1 17 ls 1 17 mkdir 1 18 open 1 19 passive 1 19 put 1 20 pwd 1 21 quit 1 21 remotehelp 1 22 rename 1 22 rmd...

Page 1016: ...1 32 quit 1 33 remove 1 33 rename 1 34 rmdir 1 34 sftp 1 35 sftp source interface 1 36 sftp source ip 1 37 2 TFTP Configuration Commands 2 1 TFTP Configuration Commands 2 1 display tftp source ip 2 1 tftp ascii binary 2 1 tftp get 2 2 tftp put 2 3 tftp tftp server source interface 2 4 tftp tftp server source ip 2 5 tftp source interface 2 5 tftp source ip 2 6 tftp server acl 2 7 ...

Page 1017: ...t Examples Display the FTP server related settings of the switch assuming that the switch is operating as an FTP server Sysname display ftp server FTP server is running Max user number 1 User count 0 Timeout value in minute 30 Table 1 1 display ftp server command output description Field Description FTP server is running The FTP server is started If the FTP server is not started FTP server has bee...

Page 1018: ...nt can only use this address as the destination address to connect to the FTP server z If neither source interface nor source IP address is specified 0 0 0 0 will be displayed In this case the FTP client can use any reachable IP address on the FTP server as the destination address to connect to the FTP server To set the source IP address for an FTP server use the ftp server source interface or the...

Page 1019: ...rs characters behind the tenth will be displayed in the second line with a left aligning mode Take username username test for example the result is Sysname display ftp user UserName HostIP Port Idle HomeDir administra tor 192 168 0 152 1031 0 flash Table 1 2 display ftp user command output description Field Description HostIP IP address of the FTP client Port Port used when the FTP client logs in ...

Page 1020: ...192 168 0 152 1029 0 flash Disconnect the user named admin from the FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp disconnect admin The user connection will be disconnected after the data transfer finished Sysname Apr 2 01 06 14 915 2000 Sysname FTPS 5 USEROUT 1 User admin 192 168 0 152 logged out ftp server enable Syntax ftp server enable undo ftp server Vi...

Page 1021: ...he idle timeout time of an FTP client When the idle time of the FTP client exceeds this timeout time the FTP server terminates the connection with the FTP client Use the undo ftp timeout command to restore the default idle timeout time By default the idle timeout time is 30 minutes If an FTP connection between an FTP server and an FTP client breaks down abnormally but the FTP server cannot be awar...

Page 1022: ...t no source interface is specified for an FTP server and an FTP client can use any reachable interface address on the FTP server as the destination address to connect to the FTP server Related commands ftp server source ip Examples Specify VLAN interface 1 as the source interface of the FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp server source interface V...

Page 1023: ...e omitted to avoid repetition For the configuration of the command for entering FTP client view refer to ftp z When executing the FTP client configuration commands in this section confirm whether the corresponding access rights are configured on the FTP server for example query file lists under a working directory read download the specified files create a directory upload a file and rename delete...

Page 1024: ... Related commands ascii Examples Specify to transfer files in binary mode ftp binary 200 Type set to I bye Syntax bye View FTP client view Parameters None Description Use the bye command to terminate the control connection and data connection with the FTP server and return to user view This command has the same effect as that of the quit command Examples Terminate the connections with the remote F...

Page 1025: ... cd flash temp Display the current working directory ftp pwd 257 flash temp is current directory cdup Syntax cdup View FTP client view Parameters None Description Use the cdup command to exit the current working directory and enter the parent directory The parent directory must be a directory that a user is authorized to access otherwise the command cannot be executed Related commands cd pwd Examp...

Page 1026: ...ew This command has the same effect as that of the disconnect command Examples Terminate the FTP connection without quitting FTP client view ftp close 221 Server closing ftp delete Syntax delete remotefile View FTP client view Parameters remotefile Name of the file to be deleted Description Use the delete command to delete a specified remote file Examples Delete the file temp c ftp delete temp c 2...

Page 1027: ...mmand Related commands pwd Examples Display the information about all the files in the current directory on the remote FTP server ftp dir 227 Entering Passive Mode 192 168 0 152 4 0 125 ASCII mode data connection already open transfer starting for rwxrwxrwx 1 noone nogroup 377424 Apr 26 13 05 s3r01 btm rwxrwxrwx 1 noone nogroup 377424 Oct 10 2006 s3r01_15 btm rwxrwxrwx 1 noone nogroup 2833 May 11 ...

Page 1028: ...d in 5 818 second s 11 00 byte s sec disconnect Syntax disconnect View FTP client view Parameters None Description Use the disconnect command to terminate an FTP connection without quitting FTP client view This command has the same effect as that of the close command Examples Terminate the FTP connection without quitting FTP client view ftp disconnect 221 Server closing ftp display ftp source ip S...

Page 1029: ...w User view Parameters cluster Connects to the configured FTP server of a cluster For the configuration of the FTP server of a cluster refer to the Cluster part of this manual remote server Host name or IP address of an FTP server a string of 1 to 20 characters port number Port number of the FTP server in the range 0 to 65535 The default is 21 Description Use the ftp command to establish a control...

Page 1030: ...ce interface to connect to the FTP server whose IP address is 192 168 8 8 Sysname ftp 192 168 8 8 source interface Vlan interface 1 ftp cluster remote server source ip Syntax ftp cluster remote server source ip ip address View User view Parameters cluster Connects to the configured FTP server of a cluster For the configuration of the FTP server of a cluster refer to the Cluster part of this manual...

Page 1031: ...tem decides which interface will be used for accessing FTP servers By default the switch uses the IP address of the outbound interface in the local routing table as the source IP address for connecting to an FTP server The destination of the outbound interface is the subnet where the FTP server resides To configure the source interface used only for the current connection to an FTP server use the ...

Page 1032: ...switch uses every time it connects to an FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp source ip 192 168 0 1 get Syntax get remotefile localfile View FTP client view Parameters remotefile Name of a file to be downloaded localfile File name used when a file is downloaded and saved to the local device If this argument is not specified the source file name is ...

Page 1033: ... cannot modify the local working directory of the FTP client to modify the local working directory you need to terminate the connection with the FTP server quit FTP client view execute the cd command in user view and reconnect to the FTP server Examples Display the local working directory on the FTP client ftp lcd Local directory now flash temp ls Syntax ls remotefile localfile View FTP client vie...

Page 1034: ...he current directory on the remote FTP server ftp ls 227 Entering Passive Mode 2 2 2 2 4 4 125 ASCII mode data connection already open transfer starting for s3r01 btm s3r01_15 btm config cfg default diag test test txt mytest bak a txt myopenssh public temp c swithc001 226 Transfer complete FTP 200 byte s received in 0 145 second s 1 00Kbyte s sec mkdir Syntax mkdir pathname View FTP client view Pa...

Page 1035: ...iption Use the open command to establish a control connection with an FTP server If you have connected to an FTP server you cannot use the open command to connect to another server and you need to terminate the connection with the current FTP server and then execute the open command Related commands close Examples Establish a control connection with the FTP server whose IP address is 1 1 1 1 in FT...

Page 1036: ...rt If an FTP client initiates a connection with an FTP server through a firewall the firewall may block the connection request because the FTP server initiates the connection with Port1 through an external network and thus data transmission will be affected Therefore you are recommended to set the data transmission mode of the FTP client to passive when accessing the FTP server through a firewall ...

Page 1037: ...ated commands cd cdup dir ls Examples Display the working directory on the FTP server ftp pwd 257 flash temp is current directory quit Syntax quit View FTP client view Parameters None Description Use the quit command to terminate FTP control connection and FTP data connection and return to user view This command has the same effect as that of the bye command Examples Terminate the FTP control conn...

Page 1038: ... server z If you use other FTP server software refer to related instructions to know whether the FTP server provides help information about FTP protocol commands Examples Display the syntax of the user command ftp remotehelp user 214 Syntax USER sp username rename Syntax rename remote source remote dest View FTP client view Parameters remote source Name of a file on a remote host remote dest Desti...

Page 1039: ... are empty Examples Remove the directory flash temp1 on the FTP server Assume that the directory is empty ftp rmdir flash temp1 200 RMD command successful user Syntax user username password View FTP client view Parameters username Username used to log in to an FTP server password Password used to log in to an FTP server Description Use the user command to log in to an FTP server with the specified...

Page 1040: ...inished successfully FTP 100 byte s received in 5 109 second s 20 00 byte s sec Disable the verbose function ftp undo verbose Download the file with name test cfg ftp get test cfg FTP 1740 byte s received in 9 367 second s 185 00 byte s sec The above output indicates that if the verbose function is disabled only execution information of users operations is obtained from the system of the switch wh...

Page 1041: ...imeout time out value undo sftp timeout View System view Parameters time out value Timeout time in the range 1 to 35 791 in minutes The default value is 10 Description Use the sftp timeout command to set the idle timeout time on an SFTP server Use the undo sftp timeout command to restore the idle timeout time to the default value If the idle timeout time exceeds the specified threshold the system ...

Page 1042: ...xamples Terminate the connection with the remote SFTP server sftp client bye Bye Sysname cd Syntax cd remote path View SFTP client view Parameters remote path Path of the target directory on the remote server Description Use the cd command to change the working path on the remote SFTP server If no remote path is specified this command displays the current working path z Use the cd command to retur...

Page 1043: ...ry Examples Change the working path and return to the parent directory sftp client cdup Received status Success Current Directory is delete Syntax delete remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names should be separated by spaces Description Use the delete command to delete a sp...

Page 1044: ...a specified directory on the remote SFTP server If a or l is not specified the command displays details about the files and folders in the specified directory in a list If no remote path is specified this command displays the files in the current working directory This command has the same effect as that of the Is command Examples Display the files in the current directory sftp client dir rwxrwxrw...

Page 1045: ...rface otherwise this command displays the IP address 0 0 0 0 Examples Display the source IP address for the current SFTP client Sysname display sftp source ip The source IP you specified is 192 168 1 1 exit Syntax exit View SFTP client view Parameters None Description Use the exit command to terminate a connection with the remote SFTP server and return to system view This command has the same effe...

Page 1046: ... tt txt This operation may take a long time please wait Remote file tt bak Local file tt txt Received status End of file Received status Success Downloading file successfully ended help Syntax help all command View SFTP client view Parameters all Displays all the command names command Command name Description Use the help command to display the help information about SFTP client commands If no com...

Page 1047: ...files in the current working directory This command has the same effect as that of the dir command Examples Display the files in the current directory sftp client ls rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0 ...

Page 1048: ... By default the local file name is used for the remote file if no remote file name is specified Examples Upload the file named config cfg to the remote SFTP server and save it as 1 txt sftp client put config cfg 1 txt This operation may take a long time please wait Local file config cfg Remote file 1 txt Received status Success Uploading file successfully ended pwd Syntax pwd View SFTP client view...

Page 1049: ... Bye Sysname remove Syntax remove remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names should be separated by spaces Description Use the remove command to delete a specified file from the remote SFTP server This command has the same effect as that of the delete command Examples Delete ...

Page 1050: ...p txt sftp client rename temp bat temp txt File successfully renamed rmdir Syntax rmdir remote path 1 10 View SFTP client view Parameters remote path 1 10 Name of a directory on the remote SFTP server 1 10 indicates that up to ten file names can be input These file names should be separated by spaces Description Use the rmdir command to remove a specified directory from the remote SFTP server Exam...

Page 1051: ... hellman group1 sha1 It is the default key exchange algorithm z dh_exchange_group Key exchange algorithm diffie hellman group exchange sha1 prefer_ctos_cipher Preferred client to server encryption algorithm The default algorithm is aes128 prefer_stoc_cipher Preferred server to client encryption algorithm The default algorithm is aes128 z 3des 3des_cbc encryption algorithm z des des_cbc encryption ...

Page 1052: ...ftp source interface interface type interface number undo sftp source interface View System view Parameters interface type Type of a source interface It can be loopback or VLAN interface interface number Number of a source interface Description Use the sftp source interface command to specify a source interface for the SFTP client If the specified interface does not exist the system prompts that t...

Page 1053: ...ed IP address is not the IP address of the local device the system prompts that the configuration fails Use the undo sftp source ip command to remove the specified source IP address Then the client accesses the SFTP server with the local device address determined by the system Examples Specify 192 168 0 1 as the source IP address of the SFTP client Sysname system view System View return to User Vi...

Page 1054: ...ses every time it connects to a TFTP server use the tftp source ip command If a source interface is specified for the TFTP client with the tftp source interface command the IP address of the source interface is displayed If neither source IP address nor source interface is specified for the TFTP client 0 0 0 0 is displayed Related commands tftp source ip tftp source interface Examples Display the ...

Page 1055: ...o the Cluster part in this manual source file Name of the file to be downloaded from the TFTP server dest file File name used when a file is downloaded and saved to the switch Description Use the tftp get command to download a file from a TFTP server and save it to the local storage device Different from the FTP function the working directory of a TFTP server cannot be changed or specified on a TF...

Page 1056: ...e failed Downloaded data will be deleted Deleting file successful Download file temp txt from the TFTP server 1 1 1 1 and save it as test2 txt suppose that free space of the Flash is insufficient and the TFTP server supports file size negotiation Sysname tftp 1 1 1 1 get temp txt test2 txt File will be transferred in binary mode Downloading file from remote tftp server please wait Not enough space...

Page 1057: ...he switch belongs to a cluster the value cluster means to connect to the TFTP server of the cluster For the configuration of the TFTP server of a cluster refer to the Cluster part in this manual interface type Type of the source interface interface number Number of the source interface get Specifies to download a file from the TFTP server source file Name of the file to be downloaded dest file Fil...

Page 1058: ... file to the TFTP server source file url Path and name of the file to be uploaded to the TFTP server dest file File name used when a file is uploaded and saved to a TFTP server Description Use the tftp tftp server source ip command to connect to a TFTP server through the specified source IP address and perform download or upload operations If the specified source IP address does not exist a prompt...

Page 1059: ... interface Vlan interface 1 tftp source ip Syntax tftp source ip ip address undo tftp source ip View System view Parameters ip address The source IP address that the switch uses every time it connects to a TFTP server Description Use the tftp source ip command to specify the source IP address that a TFTP client uses every time it connects with a TFTP server The specified IP address must exist othe...

Page 1060: ... to 2999 Description Use the tftp server acl command to specify the ACL adopted for the connection between a TFTP client and a TFTP server Use the undo tftp server acl command to cancel all ACLs adopted Examples Specify to adopt ACL 2000 on the TFTP client Sysname system view System View return to User View with Ctrl Z Sysname tftp server acl 2000 ...

Page 1061: ...o center enable 1 8 info center logbuffer 1 8 info center loghost 1 9 info center loghost source 1 10 info center monitor channel 1 10 info center snmp channel 1 11 info center source 1 12 info center synchronous 1 14 info center switch on 1 15 info center timestamp 1 16 info center timestamp loghost 1 16 info center timestamp utc 1 17 info center trapbuffer 1 18 reset logbuffer 1 19 reset trapbuf...

Page 1062: ...e Channel name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the display channel command to display the settings of an information channel If no argument is specified in the command the settings of all channels are displayed Examples Display the settings of information channel 0 Sy...

Page 1063: ...n Center enabled Log host the interface name of the source address Vlan interface1 192 168 0 2 channel number 2 channel name loghost language english host facility local 7 Console channel number 0 channel name console Monitor channel number 1 channel name monitor SNMP Agent channel number 5 channel name snmpagent Log buffer enabled max buffer size 1024 current buffer size 512 current messages 512 ...

Page 1064: ...aximum size current size current messages channel number and name number of dropped messages and number of overwritten messages Information timestamp setting Information about the time stamp setting showing the time stamp format of the log trap and debugging information IRF SWITCH OF Device Unit 1 Information about the information output state of the device enabled or disabled showing whether the ...

Page 1065: ...ing the specified characters regular expression Regular expression Description Use the display logbuffer command to display the status of the log buffer and the records in the log buffer Examples Display the status of the log buffer and the records in the log buffer Sysname display logbuffer Logging buffer configuration and contents enabled Allowed max buffer size 1024 Actual buffer size 512 Chann...

Page 1066: ...ntax display logbuffer summary level severity View Any view Parameters level severity Specifies an information severity level The severity argument ranges from 1 to 8 Description Use the display logbuffer summary command to display the statistics of the log buffer Examples Display the summary of the log buffer Sysname display logbuffer summary EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG 0 0 0 0 9...

Page 1067: ...ges 0 Current messages 19 Apr 1 23 55 35 859 2006 Sysname L2INF 2 PORT LINK STATUS CHANGE 1 Trap 1 3 6 1 6 3 1 1 5 4 linkUp portIndex is 4227762 ifAdminStatus is 1 ifOperStatus is 1 Apr 1 23 55 36 059 2006 Sysname L2INF 2 PORT LINK STATUS CHANGE 1 Trap 1 3 6 1 6 3 1 1 5 4 linkUp portIndex is 4227794 ifAdminStatus is 1 ifOperStatus is 1 Omitted info center channel name Syntax info center channel ch...

Page 1068: ...ding to the 10 channels of the system channel name Channel name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the info center console channel command to set the channel through which information is output to the console Use the undo info center console channel command to restore th...

Page 1069: ...e the information center Sysname system view System View return to User View with Ctrl Z Sysname info center enable Information center is enabled info center logbuffer Syntax info center logbuffer channel channel number channel name size buffersize undo info center logbuffer channel size View System view Parameters channel Sets the channel through which information outputs to the log buffer channe...

Page 1070: ...dr IP address of a log host channel Sets the information channel for the log host channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9 facility local number The logging facility of t...

Page 1071: ...ource View System view Parameters interface type Specifies an interface type interface number Specifies an interface number Description Use the info center loghost source command to configure the source interface through which information is sent to the log host Use the undo info center loghost source command to cancel the source interface configuration Related commands info center enable display ...

Page 1072: ... Related commands info center enable display info center Examples Set the system to output information to user terminals through channel 0 Sysname system view System View return to User View with Ctrl Z Sysname info center monitor channel 0 info center snmp channel Syntax info center snmp channel channel number channel name undo info center snmp channel View System view Parameters channel number C...

Page 1073: ...figures whether to output the system information The value of state can be on enabled or off disabled Description Use the info center source command to specify the output rules of the system information Use the undo info center source command to remove the specified output rules By default the output rules for the system information are listed in Table 1 4 This command can be used to set the filte...

Page 1074: ...P module only receives the trap information and discards the log and debugging information Table 1 4 Default output rules for different output destinations LOG TRAP DEBUG Output destinati on Modules allowed Enabled disabled Severity Enabled disabled Severity Enabled disabled Severity Console default all modules Enabled warnings Enabled debuggin g Enabled debuggin g Monitor terminal default all mod...

Page 1075: ...tion are echoed after the output note that the command prompt is echoed in command edit state but is not echoed in interactive state Use the undo info center synchronous command to disable synchronous information output By default the synchronous information output function is disabled z The synchronous information output function is used in the case that your input is interrupted by a large amoun...

Page 1076: ...ng information output is enabled and log and trap information output is disabled for the master switch in the fabric Debugging log and trap information output for other switches in the fabric is disabled z After the switches supporting IRF form a fabric the log debugging and trap information of each switch in the fabric can be synchronized Each switch sends its own information to other switches in...

Page 1077: ...or example 7 z hh mm ss sss The local time with hh ranging from 00 to 23 mm and ss ranging from 00 to 59 and sss ranging from 0 to 999 z yyyy Represents the year none Specifies not to include time stamp in the specified output information Description Use the info center timestamp command to set the format of time stamp included in the log trap debugging information Use the undo info center timesta...

Page 1078: ...System View return to User View with Ctrl Z Sysname info center timestamp loghost no year date info center timestamp utc Syntax info center timestamp utc undo info center timestamp utc View System view Parameters None Description Use the info center timestamp utc command to configure to add UTC time zone to the time stamp of the date type output in each direction of the information center Use the ...

Page 1079: ...ges 0 overwritten messages 0 Information timestamp setting with utc log date trap date debug boot IRF SWITCH OF Device Unit 1 LOG disable TRAP disable DEBUG enable If you configure to add the UTC time zone in the time stamp the system information is output as follows Dec 8 10 12 21 708 2006 GMT 08 00 00 Sysname SHELL 5 LOGIN 1 VTY 1 1 0 2 in unit1 login info center trapbuffer Syntax info center tr...

Page 1080: ... command takes effect only after the information center function is enabled Related commands info center enable display info center Examples Enable the system to output trap information to the trap buffer whose size is set to 30 Sysname system view System View return to User View with Ctrl Z Sysname info center trapbuffer size 30 reset logbuffer Syntax reset logbuffer unit unit id View User view P...

Page 1081: ...d to enable debugging terminal display Use the undo terminal debugging command to disable debugging terminal display By default debugging terminal display is disabled You can execute the terminal debugging command to display debugging information on a user terminal Related commands debugging commands in the System Maintenance and Debugging module of the manual Examples Enable debugging terminal di...

Page 1082: ...ole users and terminal users This command works only on the current terminal The debugging log trap information can be output on the current terminal only after this command is executed in user view z Disabling the function has the same effect as executing the following three commands undo terminal debugging undo terminal logging and undo terminal trapping That is no debugging log trap information...

Page 1083: ...n Use the terminal trapping command to enable trap terminal display Use the undo terminal trapping command to disable trap terminal display By default trap terminal display is enabled Examples Enable trap terminal display Sysname terminal trapping ...

Page 1084: ... Network Connectivity Test Commands 2 1 Network Connectivity Test Commands 2 1 ping 2 1 tracert 2 3 3 Device Management Commands 3 1 Device Management Commands 3 1 boot boot loader 3 1 boot bootrom 3 1 display boot loader 3 2 display cpu 3 3 display device 3 3 display fan 3 4 display memory 3 5 display patch information 3 6 display power 3 7 display schedule reboot 3 7 display transceiver alarm in...

Page 1085: ...ii schedule reboot delay 3 18 schedule reboot regularity 3 19 system monitor enable 3 20 update fabric 3 21 xmodem get 3 22 ...

Page 1086: ...info interface z The language mode command is deleted Basic System Configuration Commands clock datetime Syntax clock datetime HH MM SS YYYY MM DD MM DD YYYY View User view Parameters HH MM SS Current time namely hour minute second HH ranges from 0 to 23 and MM and SS range from 0 to 59 YYYY MM DD or MM DD YYYY Current date where YYYY represents year ranging from 2000 to 2099 MM represents month r...

Page 1087: ...date of the summer time in the form of YYYY MM DD or MM DD YYYY offset time Offset of the summer time relative to the standard time in the form of HH MM SS Description Use the clock summer time command to set the summer time including the name time range and time offset After the setting you can use the display clock command to check the results Examples Set the summer time named abc1 which starts...

Page 1088: ...e form of HH MM SS Description Use the clock timezone command to set the local time zone Use the undo clock timezone command to restore the local time zone to the default UTC time zone After the setting you can use the display clock command to check the setting The log information time and the debugging information time adopts the local time after the time zone and the summer time have been adjust...

Page 1089: ...n to User View with Ctrl Z Sysname quit Sysname Return to system view from Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 quit Sysname return Syntax return View Views other than user view Parameters None Description Use the return command to return from current view to user view The composite key Ctrl Z has ...

Page 1090: ... the system name will affect the CLI prompt For example if the system name of the switch is H3C the prompt for user view is H3C Examples Set the system name of the Ethernet switch to LSW Sysname system view System View return to User View with Ctrl Z Sysname sysname LSW LSW system view Syntax system view View User view Parameters None Description Use the system view command to enter system view fr...

Page 1091: ... the system Sysname display clock 18 36 31 beijing Sat 2002 02 02 Time Zone beijing add 01 00 00 Summer Time bj one off 01 00 00 2003 01 01 01 00 00 2003 08 08 01 00 00 Table 1 1 Description on the fields of the display clock command Field Description 18 36 31 beijing Sat 2002 02 02 Current date and time of the system Time Zone Configured time zone information Summer Time Configured summer time in...

Page 1092: ... is on Rip send debugging switch is on display version Syntax display version View Any view Parameters None Description Use the display version command to display the version information about the switch system Specifically you can use this command to check the software version and release time the basic hardware configuration and some other information about the switch Examples Display the versio...

Page 1093: ... all debugging is disabled Note that z Enabled debugging will generate a great deal of debugging information and thus will affect the efficiency of the system Therefore it is recommended not to enable debugging for multiple functions at the same time To disable all debugging at a time you can use the undo debugging all command z The specific debugging information can be displayed on a terminal onl...

Page 1094: ... N y Diagnostic information is saved to Flash or displayed Y save N display Y N y Please input the file name diag flash default diag The file is already existing overwrite it Y N y Output information to file flash default diag Please wait After saving the information you can use the more default diag command in user view to view the contents of the file default diag with the Page Up and Page Down ...

Page 1095: ...terminal monitor commands z If you execute the undo terminal monitor command you will disable the monitoring of the log trap and debugging information on the current terminal Thereby no log trap or debugging information will be displayed on the terminal z The configuration of the terminal debugging command takes effect for the current connection only If the terminal re establishes a connection the...

Page 1096: ... sending interface by its type and number With the interface specified the TTL of packets are set to 1 automatically to test the directly connected device the IP address of the device is in the same network segment with that of the interface ip Specifies the device to support IPv4 By default the device supports IPv4 n Specifies to directly regard the host argument as an IP address without performi...

Page 1097: ...k the network connectivity and the quality of a network line This command can output the following information z Response status of the destination to each ICMP ECHO REQUEST packet including the number of bytes packet sequence number TTL and response time of the response packet if the response packet is received within the timeout time If no response packet is received within the timeout time the ...

Page 1098: ...ith this argument this command only displays the addresses of those gateways from the source address to hop according to the hop count specified by the argument For example if the max ttl argument is 5 the command displays the addresses of the gateways from the source to the fifth hop The max ttl argument ranges from 1 to 255 and defaults to 30 p port Specifies the destination port of the packets ...

Page 1099: ... output the IP addresses of all the gateways that the packets pass through to the destination It outputs the string if the response from a gateway times out Examples Trace the gateways that the packets pass through to the destination with IP address 18 26 0 115 Sysname tracert 18 26 0 115 tracert to 18 26 0 115 18 26 0 115 30 hops max 40 bytes packet 1 128 3 112 1 128 3 112 1 0 ms 0 ms 0 ms 2 128 ...

Page 1100: ...file is stored in the Flash memory of a specified switch Description Use the boot boot loader command to specify the host software that will be used when the switch starts up next time You can use this command to specify a bin file in the Flash as the host software to be adopted at next startup Examples Specify the host software that will be used when the current switch starts up next time Sysname...

Page 1101: ... id View Any view Parameters unit id Unit ID of a switch Description Use the display boot loader command to display the host software bin file that will be adopted when the switch starts up next time Examples Display the host software that will be adopted when the switch starts up next time Sysname display boot loader Unit 1 The current boot app is s3600 bin The main boot app is s3600 bin The back...

Page 1102: ... busy status CPU usage status 12 in last 5 seconds 12 in last 1 minute 12 in last 5 minutes The CPU usage in the last five seconds is 12 The CPU usage in the last one minute is 12 The CPU usage in the last five minutes is 12 display device Syntax display device manuinfo unit unit id unit unit id View Any view Parameters manuinfo Specifies to display the manufacture information of the specified swi...

Page 1103: ...iption on the fields of the display device command Field Description SlotNo Serial number of the slot SubSNo Serial number of the sub slot PortNum Number of ports PCBVer Version number of the PCB card FPGAVer Version number of the FPGA encapsulation CPLDVer Logical version number of the hardware CPLD BootRomVer Version number of the Boot ROM AddrLM MAC address learning mode Type Card type State Ru...

Page 1104: ...ch Sysname display memory Unit 1 System Available Memory bytes 30045312 System Used Memory bytes 15698468 Used Rate 52 Table 3 4 Description on the fields of the display memory command Field Description System Available Memory bytes Available memory size of the system in bytes System Used Memory bytes Used memory size of the system in bytes Used Rate Percentage of the used memory Display the curre...

Page 1105: ...e state information about connection Information about the current routing protocol connection The times of disconnect Number of times that the system automatically disconnects the routing protocol connection The times of reconnect Number of times that the system automatically re establishes the routing protocol connection The current state The current routing protocol connection status display pa...

Page 1106: ...d Unit ID of a switch power id Power ID Description Use the display power command to display the working state of the power supply of the switch Examples Display the working state of the power supply Sysname display power Unit 1 power 1 State Normal Type AC The above information indicates that the power supply type is AC and works normally display schedule reboot Syntax display schedule reboot Vie...

Page 1107: ...all transceivers If no error occurs None is displayed Table 3 7 shows the alarm information that may occur for the four types of transceivers Table 3 7 Description on the fields of display transceiver alarm interface Field Remarks GBIC SFP RX loss of signal RX signal is lost RX power high RX power is high RX power low RX power is low TX fault TX fault TX bias high TX bias current is high TX bias l...

Page 1108: ...ectric Cooler fault Wavelength unlocked Wavelength of optical signal exceeds the manufacturer s tolerance Temp high Temperature is high Temp low Temperature is low Voltage high Voltage is high Voltage low Voltage is low Transceiver info I O error Transceiver information read and write error Transceiver info checksum error Transceiver information checksum error Transceiver type and port configurati...

Page 1109: ... Temperature is high Temp low Temperature is low Transceiver info I O error Transceiver information read and write error Transceiver info checksum error Transceiver information checksum error Transceiver type and port configuration mismatch Transceiver type does not match port configuration Transceiver type not supported by port hardware Transceiver type is not supported on the port For pluggable ...

Page 1110: ...ng pluggable optical transceiver customized by H3C on interface GigabitEthernet 1 1 2 Sysname display transceiver diagnosis interface gigabitethernet 1 1 2 GigabitEthernet1 1 2 transceiver diagnostic information Current diagnostic parameters Temp C Voltage V Bias mA RX power dBM TX power dBM 36 3 31 6 13 35 64 5 19 Table 3 9 Description on the fields of display transceiver diagnosis interface Fiel...

Page 1111: ...iver Type 1000_BASE_LX_SFP Connector Type LC Wavelength nm 1310 Transfer Distance km 10 9um Digital Diagnostic Monitoring YES Vendor Name H3C Ordering Name SFP GE LX10 SM1310 Table 3 10 Description on the fields of the display transceiver interface command Field Description transceiver information Transceiver information of the interface Transceiver Type Transceiver type Connector Type Type of the...

Page 1112: ...he anti spoofing transceiver customized by H3C H3C is displayed z Other transceivers The original vendor name is displayed Ordering Name Ordering name of the transceiver display transceiver manuinfo interface Syntax display transceiver manuinfo interface interface type interface number View Any view Parameters interface type interface number Interface type and interface number Description Use the ...

Page 1113: ...w System view Parameters None Description Use the patch activate command to place DEACTIVE patches into the ACTIVE state replacing the original codes The active patches will become inactive after a system reboot If you want to run these patches again you need to use the command to activate and run these patches Examples Load patch file S3600_1510_P001 pat Sysname system view System View return to ...

Page 1114: ... load filename View System view Parameters filename Patch file name to be specified a string of 1 to 142 characters Patch files are named in the format of product name _ baseline version number _ patch version number pat An example is S3600_1510_P001 pat To ensure a successful patch loading make sure that the baseline version of the patch file is consistent with the current software version of the...

Page 1115: ...stem reboot running patches remain in the RUNNING state and keep working Examples Load patch file S3600_1510_P001 pat Sysname system view System View return to User View with Ctrl Z Sysname patch load S3600_1510_P001 pat Activate the loaded patch Sysname patch activate Place ACTIVE patches into the RUNNING state Sysname patch run reboot Syntax reboot unit unit id View User view Parameters unit id ...

Page 1116: ...1 148 2006 Sysname DEV 5 DEV_LOG 1 Switch is rebooting Starting schedule reboot at Syntax schedule reboot at hh mm mm dd yyyy yyyy mm dd undo schedule reboot View User view Parameters hh mm Reboot time where hh hour ranges from 0 to 23 and mm minute ranges from 0 to 59 mm dd yyyy and yyyy mm dd Two formats used to specify the reboot date where yyyy year ranges from 2 000 to 2 099 mm month ranges f...

Page 1117: ...rwrite the previous one if there is a setting already exists z If you adjust the system time by the clock command after executing the schedule reboot at command the configured schedule reboot at command will be invalid and the scheduled reboot will not happen Related commands reboot display schedule reboot Examples Suppose the current time is 05 06 schedule a reboot so that the switch reboots at 2...

Page 1118: ...boot display schedule reboot Examples Suppose the current time is 05 15 schedule a reboot so that the switch reboots after 70 minutes Sysname schedule reboot delay 70 Reboot system at 06 25 2000 04 02 in 1 hours and 10 minutes confirm Y N y Sysname schedule reboot regularity Syntax schedule reboot regularity at hh mm period undo schedule reboot regularity View System view Parameters hh mm Reboot t...

Page 1119: ... reboot so that the switch reboots at 10 00 every Thursday Sysname system view System View return to User View with Ctrl Z Sysname schedule reboot regularity at 10 00 thursday Schedule reboot regularity are you sure Y N y Sysname system monitor enable Syntax system monitor enable undo system monitor enable View System view Parameters None Description Use the system monitor enable command to enable...

Page 1120: ...e specified file is stored in the Flash of a specified switch Description Use the update fabric command to upgrade the host software of all devices in a Fabric Examples Use the file named s3600 bin in the Flash memory of Unit 2 to upgrade the host software of the devices in a Fabric Sysname update fabric unit2 flash s3600 bin This will update the Fabric Continue Y N y The software is verifying The...

Page 1121: ...ed with the Console port of a switch through XModem This command can be configured only when the device logging onto a switch through the Console port Note that the communication parameter settings of the Console port of the switch and those of the serial port of the local device must be consistent and the interface type of the Console port must be AUX Examples Download files through XModem Sysnam...

Page 1122: ...r cos trust 1 3 vlan vpn priority 1 3 vlan vpn tpid 1 5 2 Selective QinQ Configuration Commands 2 1 Selective QinQ Configuration Commands 2 1 mac address mapping 2 1 raw vlan id inbound 2 2 vlan vpn vid 2 3 3 BPDU Tunnel Configuration Commands 3 1 BPDU Tunnel Configuration Commands 3 1 bpdu tunnel 3 1 bpdu tunnel tunnel dmac 3 2 display bpdu tunnel 3 3 ...

Page 1123: ...le VLAN VPN TPID 8100 Table 1 1 Description on the fields of the display port vlan vpn command Field Description Ethernet1 0 6 The port with the VLAN VPN feature enabled VLAN VPN status The operation status of the VLAN VPN feature on the port enabled indicates that VLAN VPN is enabled on the port You can use the vlan vpn enable command to enable VLAN VPN on a port VLAN VPN VLAN The VLAN correspond...

Page 1124: ...t already carries a VLAN tag the packet becomes a dual tagged packet z Otherwise the packet becomes a packet carrying the default VLAN tag of the port If IRF fabric is enabled on a device the VLAN VPN feature cannot be enabled on any port of the device You can use the display port vlan vpn command to display the configuration information of VLAN VPN on the ports to verity your configuration After ...

Page 1125: ...s the outer tag priority of packets For descriptions on receiving port priority refer to QoS QoS Profile Operation Note that z This feature can be enabled only on VLAN VPN enabled ports z This command is mutually exclusive with the vlan vpn priority command Examples Enable the inner to outer tag priority replicating feature for Ethernet 1 0 2 Sysname system view System View return to User View wit...

Page 1126: ...an outer tag that has the corresponding priority Use the undo vlan vpn priority command to remove the configuration By default no mapping between the inner tag priority and the outer tag priority is configured and the switch uses the priority of the receiving port as the outer tag priority of packets For descriptions on receiving port priority refer to QoS QoS Profile Operation Note that z This co...

Page 1127: ...fault TPID value The default TPID value is 0x8100 For the position and function of the TPID field in a packet refer to VLAN Operation The TPID field in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag To prevent other devices in the network from recognizing the tag encapsulated packets of the current switch as protocol packets you are not allowed t...

Page 1128: ...1 6 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 vlan vpn tpid 9100 ...

Page 1129: ...he form of vlan id to vlan id 1 10 where the VLAN ID after the to keyword must be larger than or equal to the VLAN ID before the to keyword and 1 10 means that you can specify up to 10 VLANs VLAN ranges for this argument dest vlan id ID of the destination VLAN for replication in the range 1 to 4094 all Removes all the inter VLAN MAC address replicating configurations created on the current port De...

Page 1130: ...C address entries between the MAC address table of VLAN 4 the default VLAN and that of the outer VLAN 10 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 mac address mapping 0 source vlan 4 destination vlan 10 Sysname Ethernet1 0 1 mac address mapping 1 source vlan 10 destination vlan 4 raw vlan id inbound Syntax raw vlan id inb...

Page 1131: ... QinQ policy Related commands vlan vpn vid Examples Configure Ethernet 1 0 1 to add the tag of VLAN 20 as the outer tag to packets with their inner VLAN IDs being 8 through 15 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 vlan vpn vid 20 Sysname Ethernet1 0 1 vid 20 raw vlan id inbound 8 to 15 vlan vpn vid Syntax vlan vpn vid...

Page 1132: ...need to use the raw vlan id inbound command to specify which VLANs packets will be encapsulated with the specified outer VLAN tag Otherwise the configuration of the outer VLAN tag is of no use Related commands raw vlan id inbound Examples Specify Ethernet 1 0 1 add VLAN 20 tag as the outer tag to the packets with their inner VLAN IDs being 2 through 14 Sysname system view System View return to Use...

Page 1133: ... Description cdp Enable Disable BPDU tunnel for CISCO discovery protocol CDP hgmp Enable Disable BPDU tunnel for Huawei group management protocol HGMP related protocols including neighbor discovery protocol NDP neighbor topology discovery protocol cluster member remote control MRC and Huawei authentication bypass protocol HABP lacp Enable Disable BPDU tunnel for link aggregation control protocol L...

Page 1134: ...ckets to a specified multicast MAC address z If this command is enabled on a port for a specific protocol the specific protocol cannot be enabled on the port For example if you have configured the bpdu tunnel lacp command the lacp enable command cannot be enabled on the port z The commands configured for service provider s devices at both ends of a BPDU tunnel must be consistent Otherwise BPDU pac...

Page 1135: ...resses configured at the two ends of a BPDU tunnel must be the same otherwise the protocol packets cannot be transmitted and forwarded normally Related commands display bpdu tunnel Examples Set the destination MAC address for protocol packets transmitted along BPDU tunnels to 010f e266 c3ab Sysname system view System View return to User View with Ctrl Z Sysname bpdu tunnel tunnel dmac 010f e266 c3...

Page 1136: ...el packet s destination mac address 010f e2cd 0003 The above output information indicates that all the protocol packets transmitted along the BPDU tunnel s use 010f e2cd 0003 as their destination MAC addresses ...

Page 1137: ...history records 1 14 http operation 1 14 http string 1 15 hwping 1 16 hwping agent enable 1 16 jitter interval 1 17 jitter packetnum 1 17 password 1 18 probe failtimes 1 19 send trap 1 20 source interface 1 20 source ip 1 21 source port 1 22 test type 1 23 test enable 1 24 test failtimes 1 24 timeout 1 25 tos 1 25 username 1 26 HWPing Server Commands 1 27 hwping server enable 1 27 hwping server tc...

Page 1138: ...meters times Number of probes in each HWPing test The times argument ranges from 1 to 15 Description Use the count command to set the number of probes in each HWPing test Use the undo count command to restore the default For tests except jitter test only one packet is sent in a probe In a jitter test you can use the jitter packetnum command to set the number of packets to be sent in a probe By def...

Page 1139: ...4 to 8100 100 Description Use the datasize command to configure the size of a test packet in a test Use the undo datasize command to restore the default Examples Set the size of ICMP test packets to 50 bytes Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp datasize 50...

Page 1140: ...3 Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp destination ip 169 254 10 3 destination port Syntax destination port port number undo destination port View HWPing test group view Parameters port number Destination port number for an HWPing test in the range of 1 to...

Page 1141: ...or name operation tag View Any view Parameters results Displays results of the last test history Displays the history records of tests administrator name Name of the administrator who created the HWPing test operation a string of 1 to 32 characters operation tag Operation tag a string of 1 to 32 characters Description Use the display hwping command to display the result of the last HWPing test or ...

Page 1142: ...of the last successful test SD Maximal delay Maximum delay from the source to the destination DS Maximal delay Maximum delay from the destination to the source Packet lost in test Average packet loss ratio Disconnect operation number Number of times the test was disconnected by the remote end System busy operation number Number of times the test failed because the system was busy Operation sequenc...

Page 1143: ...nableToResolveDnsName Unable to resolve DNS domain name 11 invalidHostAddress Invalid host address LastRC Response code in the last ICMP response packet received The device does not support this field at present so this field is always displayed as 0 Time Test completion time Display the test results of the test group with administrator name administrator and operation tag http Sysname hwping admi...

Page 1144: ...es DNS resolution timeout times HTTP Transmission Timeout Times HTTP transmission timeout times TCP Connect Time Total time used to establish a TCP connection HTTP Operation Min Time Minimum time used to establish an HTTP connection TCP Connect Min Time Minimum time used to establish a TCP connection HTTP Operation Max Time Maximum time used to establish an HTTP connection TCP Connect Max Time Max...

Page 1145: ...tive jitter delay from the destination to the source Positive SD Number Number of positive jitter delays from the source to the destination Positive DS Number Number of positive jitter delays from the destination to the source Positive SD Sum Sum of positive jitter delays from the source to the destination Positive DS Sum Sum of positive jitter delays from the destination to the source Positive SD...

Page 1146: ... test results of the test group with administrator name administrator and operation tag dns Sysname display hwping results administrator dns HWPing entry admin administrator tag dns test result Destination ip address 10 2 2 2 Send operation times 10 Receive response times 10 Min Max Average Round Trip Time 6 10 8 Square Sum of Round Trip Time 756 Last succeeded test time 2006 11 28 11 50 40 9 Exte...

Page 1147: ... command to configure the IP address of a DNS server Use the undo dns server command to remove the IP address of a DNS server By default no DNS server IP address is configured z This command applies to DNS and HTTP tests only z For an HTTP test if configuring the destination address as the host name you must configure the IP address of the DNS server to resolve the host name into an IP address whi...

Page 1148: ... is configured This command applies to DNS tests only Examples Configure the domain name to be resolved as www test com Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator dns Sysname hwping administrator dns test type dns Sysname hwping administrator dns dns resolve target www test com filename Syntax filename file name undo filename View HWPing test group...

Page 1149: ... Sysname hwping administrator ftp test type ftp Sysname hwping administrator ftp filename config txt frequency Syntax frequency interval undo frequency View HWPing test group view Parameters interval Automatic test interval in seconds It ranges from 0 to 65 535 Description Use the frequency command to configure the time interval of performing automatic tests Use the undo frequency command to resto...

Page 1150: ... Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp destination ip 169 254 10 3 Sysname hwping administrator icmp frequency 10 ftp operation Syntax ftp operation get put View HWPing test group view Parameters get Specifies the test operation as download from the FTP server put Specifies the test operation as upload to the FTP server...

Page 1151: ...aved in a test group Use the undo history records to restore the default By default up to 50 records can be saved in a test group Examples Set the maximum number of history records that can be saved to 10 Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp history record...

Page 1152: ...characters version HTTP version a string of 1 to 255 characters At present this argument can only be HTTP 1 0 where HTTP must be capitalized Description Use the http string command to configure the HTTP operation string and HTTP version Use the undo http string command to remove the configured HTTP operation string and version By default no HTTP operation string and HTTP version are configured Not...

Page 1153: ...rectly Use the undo hwping command to delete an HWPing test group Examples Create an HWPing test group of which the administrator name is administrator and operation tag is icmp Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp hwping agent enable Syntax hwping agent enable undo hwping agent enable View System view P...

Page 1154: ...e interval between sending jitter test packets Use the undo jitter interval command to restore the default By default the interval between sending jitter test packets is 20 milliseconds Related commands jitter packetnum The jitter interval command applies to jitter tests only Examples Set the interval between sending jitter test packets to 30 milliseconds Sysname system view System View return to ...

Page 1155: ...es Configure to send 30 packets in a probe for a jitter test Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator jitter Sysname hwping administrator jitter test type jitter Sysname hwping administrator jitter jitter packetnum 30 password Syntax password password undo password View HWPing test group view Parameters password Password for logging in to an FTP ...

Page 1156: ... times undo probe failtimes View HWPing test group view Parameters times Number of consecutive failed probes in the range of 1 to 15 Description Use the probe failtimes command to configure the number of consecutive times the probe fails before the switch sends out a trap message Use the undo probe failtimes command to restore the default By default the switch sends a trap about probe failure each...

Page 1157: ...p message after an ICMP test is finished Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp send trap testcomplete source interface Syntax source interface interface type interface number undo source interface View HWPing test group view Parameters interface type interf...

Page 1158: ...igured with the source interface command the test destination address should be configured as the address of the device directly connected to the interface Otherwise the test will fail z The interface to be specified in this command can be only a VLAN interface z The interface to be specified must be Up otherwise the test will fail Examples Configure the source interface that sends test packets in...

Page 1159: ... User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp source ip 169 254 10 2 source port Syntax source port port number undo source port View HWPing test group view Parameters port number Protocol source port number in the range of 1 to 65 535 Description Use the source port command to configure the protocol sour...

Page 1160: ...sion z snmpquery Indicates an SNMP test z tcpprivate Indicates a TCP test on a specified unknown port z tcppublic Indicates a TCP test on port 7 z udpprivate Indicates a UDP test on a specified unknown port z udppublic Indicates a UDP test on port 7 Description Use the test type command to configure the test type The default test type is icmp If you modify the test type the parameter configuration...

Page 1161: ...st result Examples Perform a HWPing test on an ICMP test group with the administrator name and operation tag being administrator and icmp respectively Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp destination ip 169 254 10 3 Sysname hwping administrator icmp test e...

Page 1162: ...es 3 timeout Syntax timeout time undo timeout View HWPing test group view Parameters time Timeout time for one probe in the range of 1 to 60 in seconds Description Use the timeout command to set the timeout time for a probe Use the undo timeout command to restore the default value The HWPing client starts the probe timer after sending a test packet If the HWPing client receives no response before ...

Page 1163: ... header of an ICMP test packet to 1 Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp tos 1 username Syntax username name undo username View HWPing test group view Parameters name Username for logging in to an FTP server a string of 1 to 32 characters Description Use t...

Page 1164: ...p test type ftp Sysname hwping administrator ftp username administrator HWPing Server Commands z A HWPing server is required for only jitter TCP and UDP tests z You are not recommended to configure HWPing jitter UDP TCP servers on ports 1 through 1023 well known ports otherwise HWPing probes may fail or the services corresponding to these ports may be unavailable hwping server enable Syntax hwping...

Page 1165: ...r some special ports that is those used for fixed functions such as port 1701 Otherwise the HWPing test may fail Description Use the hwping server tcpconnect command to create a TCP listening service on the HWPing server Use the undo hwping server tcpconnect command to remove the created TCP listening service When performing a TCP connection test on a specified port of a HWPing client you must cre...

Page 1166: ...se the hwping server udpecho command to enable UDP listening on a HWPing server Use the undo hwping server udpecho command to disable UDP listening When performing a jitter test or a UDP connection test on a specified port of a HWPing client you must enable UDP listening on the server if an S3600 switch serves as a HWPing server otherwise the test may fail Related commands hwping server enable Exa...

Page 1167: ...s auto link local 1 19 ipv6 address eui 64 1 20 ipv6 address link local 1 22 ipv6 host 1 22 ipv6 icmp error 1 23 ipv6 nd dad attempts 1 24 ipv6 nd hop limit 1 24 ipv6 nd ns retrans timer 1 25 ipv6 nd nud reachable time 1 25 ipv6 neighbor 1 26 ipv6 neighbors max learning num 1 27 ipv6 route static 1 27 reset dns ipv6 dynamic host 1 28 reset ipv6 neighbors 1 29 reset ipv6 statistics 1 29 reset tcp i...

Page 1168: ...NS entries You can use the reset dns ipv6 dynamic host command to clear all IPv6 dynamic domain name information from the cache Examples Display IPv6 dynamic domain name information in the cache Sysname display dns ipv6 dynamic host No Domain name IPv6 Address TTL 1 aaa 2001 2 6 Table 1 1 Description on the fields of the display dns ipv6 dynamic host command Field Description No Sequence number Do...

Page 1169: ...tch looks up a matching IPv6 FIB entry for forwarding an IPv6 packet Examples Display all the IPv6 FIB entries Sysname display ipv6 fib FIB Table Total number of Routes 5 Flag U Useable G Gateway H Host B Blackhole D Dynamic S Static Destination 1 PrefixLength 128 NextHop 1 Flag HU TimeStamp Date 5 7 2006 Time 14 35 32 Interface InLoopBack0 Destination FE80 PrefixLength 10 NextHop Flag BU TimeStam...

Page 1170: ...op address when a packet is forwarded to the destination Flag Route flag U Usable route G Gateway route H Host route B Blackhole route D Dynamic route S Static route TimeStamp Generation time of an FIB entry Interface Interface from which a packet is forwarded display ipv6 host Syntax display ipv6 host View Any view Parameters None Description Use the display ipv6 host command to display the mappi...

Page 1171: ...If no interface is specified the IPv6 information of all interfaces for which IPv6 addresses can be configured is displayed if only interface type is specified the IPv6 information of the interfaces of the specified type for which IPv6 addresses can be configured is displayed if interface type interface number is specified the IPv6 information of the specified interface is displayed If the brief k...

Page 1172: ... it IPv6 is enabled in the example link local address Link local address configured on an interface Global unicast address es Aggregatable global unicast address configured on an interface Joined group address es Address of the multicast group that an interface joins MTU Maximum transmission unit of an interface ND DAD is enabled number of DAD attempts Number of duplicate address detection DAD att...

Page 1173: ...igured z up Indicates the link layer protocol state of the VLAN interface is up IPv6 Address IPv6 address of the interface If no address is configured for the interface Unassigned will be displayed display ipv6 neighbors Syntax display ipv6 neighbors ipv6 address all dynamic static interface interface type interface number vlan vlan id begin exclude include regular expression View Any view Paramet...

Page 1174: ...rs command Field Description IPv6 Address IPv6 address of a neighbor Link layer Link layer address MAC address of a neighbor VID ID of the VLAN to which the interface connected to a neighbor belongs Interface Interface connected to a neighbor State State of a neighbor which can be z INCMP Address resolution is in progress so the link layer address of the neighbor is unknown yet z REACH The neighbo...

Page 1175: ...ighbor entries Description Use the display ipv6 neighbors count command to display the total number of neighbor entries satisfying the specified condition Examples Display the total number of neighbor entries acquired dynamically Sysname display ipv6 neighbors dynamic count Total dynamic entry ies 3 display ipv6 route table Syntax display ipv6 route table verbose View Any view Parameters verbose D...

Page 1176: ...isplay ipv6 route table command Field Description Destinations Number of reachable destination networks hosts Routes Number of routing entries Destination Destination network host IPv6 address The part following indicates the prefix length Protocol Routing protocol discovering the route NextHop Next hop address Interface Egress interface through which a packet is sent Display detailed information ...

Page 1177: ...range of 1 to 3 The value 1 represents a TCP socket 2 a UDP socket and 3 a raw IP socket task id ID of a task in the range of 1 to 100 socket id ID of a socket in the range of 0 to 3072 Description Use the display ipv6 socket command to display information related to a specified socket With no argument specified this command displays the information about all the sockets with only the socket type ...

Page 1178: ...of the sending buffer rcvbuf Size of the receiving buffer sb_cc Number of bytes sent by the sending buffer rb_cc Number of bytes received by the receiving buffer socket option Socket option set by the application socket state State of the socket SOCK_DGRAM UDP socket SOCK_RAW Raw IP socket display ipv6 statistics Syntax display ipv6 statistics View Any view Parameters None Description Use the disp...

Page 1179: ... hopcount exceeded 0 reassembly timeout 0 parameter problem 0 echo request 30 echo replied 17 neighbor solicit 43 neighbor advert 42 router solicit 0 router advert 0 redirected 0 Send failed ratelimited 0 other errors 0 Received packets Total 126 checksum error 0 too short 0 bad code 0 unreached 10 too big 0 hopcount exceeded 0 reassembly timeout 0 parameter problem 0 unknown error type 0 echoed 1...

Page 1180: ...ncorrect options z Number of packets with incorrect protocol z Number of received fragment packets z Number of reassembled packets z Number of packets whose reassembly fails z Number of packets whose reassembly times out ICMPv6 protocol Statistics of ICMPv6 packets Sent packets Total 132 unreached 0 too big 0 hopcount exceeded 0 reassembly timeout 0 parameter problem 0 echo request 30 echo replied...

Page 1181: ... of packets with parameter errors z Number of packets with unknown errors z Number of request packets z Number of response packets z Number of neighbor solicitation messages z Number of neighbor advertisement packets z Number of router solicitation packets z Number of router advertisement packets z Number of redirected packets z Number of packets recounted by the router z Number of unknown informa...

Page 1182: ... ipv6 statistics command Field Description Received packets Total 436 packets in sequence 182 327 bytes window probe packets 0 window update packets 0 checksum error 0 offset error 0 short error 0 duplicate packets 0 0 bytes partially duplicate packets 0 0 bytes out of order packets 3 0 bytes packets with data after window 0 0 bytes packets after close 0 ACK packets 239 6141 bytes duplicate ACK pa...

Page 1183: ...f retransmission timeout Keepalive timeout Number of keepalive timeouts Keepalive probe Number of keepalive probes Keepalive timeout so connections disconnected Number of connections dropped because of keepalive response timeout Initiated connections Number of initiated connections accepted connections Number of accepted connections established connections Number of established connections Closed ...

Page 1184: ...in_Wait1 Closing Last_Ack Fin_Wait2 Time_Wait display udp ipv6 statistics Syntax display udp ipv6 statistics View Any view Parameters None Description Use the display udp ipv6 statistics command to display statistics of IPv6 UDP packets You can use the reset udp ipv6 statistics command to clear statistics of all IPv6 UDP packets Examples View statistics of IPv6 UDP packets Sysname display udp ipv6...

Page 1185: ...r of packets not handled because of the receiving buffer being full input packet missing pcb cache Number of packets that do not match any entry in the PCB cache dns server ipv6 Syntax dns server ipv6 ipv6 address interface type interface number undo dns server ipv6 ipv6 address interface type interface number View VLAN interface view Parameters ipv6 address IPv6 address of a DNS server interface ...

Page 1186: ... addresses configured on only one VLAN interface The total number of IPv6 global unicast addresses and site local addresses configured on an interface can be up to four z You will remove all IPv6 addresses except the automatically configured link local address if you carry out the undo ipv6 address command without any parameter specified Examples Set the aggregatable global IPv6 unicast address of...

Page 1187: ...because the system automatically generates one for the interface If no IPv6 site local address or aggregatable global unicast address is configured the interface has no link local address z Manual assignment takes precedence over automatic generation That is if you first adopt automatic generation and then manual assignment the manually assigned link local address will overwrite the automatically ...

Page 1188: ... address es in the EUI 64 format is configured Examples Configure an IPv6 address in the EUI 64 format for the VLAN interface 1 The prefix of the address is 2001 1 64 and the interface ID is generated based on the MAC address of the device Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ipv6 address 2001 1 64 eui 64 Display...

Page 1189: ...irst adopt automatic generation and then manual assignment the manually assigned link local address will overwrite the automatically generated one If you first adopt manual assignment and then automatic generation the automatically generated link local address will not take effect and the link local address of an interface is still the manually assigned one If you delete the manually assigned addr...

Page 1190: ...e ratelimit interval undo ipv6 icmp error View System view Parameters bucket size Number of tokens in a token bucket in the range of 1 to 200 The default value is 10 interval Update period of the token bucket in milliseconds in the range of 0 to 2 147 483 647 Description Use the ipv6 icmp error command to configure the maximum number of IPv6 ICMP error packets sent within a specified time Use the ...

Page 1191: ...itation message for duplicate address detection to the default By default the number of attempts to send a neighbor solicitation message for duplicate address detection is 1 Related commands display ipv6 interface Examples Set the attempts to send a neighbor solicitation message for duplicate address detection to 20 Sysname system view System View return to User View with Ctrl Z Sysname interface ...

Page 1192: ...mitting an NS message Use the undo ipv6 nd ns retrans timer command to restore the interval for retransmitting an NS message to the default By default the local interface sends NS messages at intervals of 1 000 milliseconds Related commands display ipv6 interface Examples Specify the VLAN interface 1 to send an NS message at intervals of 10 000 milliseconds Sysname system view System View return t...

Page 1193: ...dress in a static neighbor entry 48 bits long in the format of H H H vlan id VLAN ID corresponding to a static neighbor entry in the range of 1 to 4094 port type port number Ethernet port type and port number corresponding to a static neighbor entry interface type interface number VLAN interface type and interface number corresponding to a static neighbor entry Description Use the ipv6 neighbor co...

Page 1194: ...mber Maximum number of neighbors that can be dynamically learned by an interface in the range of 1 to 2048 Description Use the ipv6 neighbors max learning num command to configure the maximum number of neighbors that can be dynamically learned on a specified interface Use the undo ipv6 neighbors max learning num command to restore the configuration to the default By default the maximum number is 1...

Page 1195: ...able the device will use a default IPv6 route to forward the IPv6 packet Related commands display ipv6 route table Examples Configure a static IPv6 route with the destination address of 1 1 2 48 and the next hop address of 1 1 3 1 Sysname system view System View return to User View with Ctrl Z Sysname ipv6 route static 1 1 2 48 1 1 3 1 Configure a static IPv6 route with the next hop address of 1 1...

Page 1196: ...ption Use the reset ipv6 neighbors command to clear IPv6 neighbor information You can use the display ipv6 neighbors command to display the current IPv6 neighbor information Examples Clear all neighbor information on all interfaces Sysname reset ipv6 neighbors all Clear dynamic neighbor information on all interfaces Sysname reset ipv6 neighbors dynamic Clear all neighbor information on VLAN interf...

Page 1197: ... IPv6 TCP packets Examples Clear the statistics of all IPv6 TCP packets Sysname reset tcp ipv6 statistics reset udp ipv6 statistics Syntax reset udp ipv6 statistics View User view Parameters None Description Use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets You can use the display udp ipv6 statistics command to display the statistics of IPv6 UDP packets Exam...

Page 1198: ...t 800 tcp ipv6 timer syn timeout Syntax tcp ipv6 timer syn timeout wait time undo tcp ipv6 timer syn timeout View System view Parameters wait time Length of the synwait timer of IPv6 TCP packets in seconds in the range of 2 to 600 Description Use the tcp ipv6 timer syn timeout command to set the synwait timer of IPv6 TCP packets Use the undo tcp ipv6 timer syn timeout command to restore the synwai...

Page 1199: ... the size of IPv6 TCP receiving sending buffer Use the undo tcp ipv6 window command to restore the size of IPv6 TCP receiving sending buffer to the default By default the size of the IPv6 TCP packet buffer is 8 KB Examples Set the size of IPv6 TCP receiving sending buffer to 4 KB Sysname system view System View return to User View with Ctrl Z Sysname tcp ipv6 window 4 ...

Page 1200: ...tes of packets sent for requesting ICMPv6 echo ranging from 20 to 8 100 with the default of 56 bytes t timeout Specifies the timeout in milliseconds of receiving ICMPv6 echoes ranging from 0 to 65 535 with the default of 2 000 milliseconds remote system IPv6 address or host name a string a 1 to 46 characters of the destination device i interface type interface number Specifies the type and number ...

Page 1201: ...t 2001 1 is reachable 56 data bytes Number of bytes in the ICMPv6 echo request press CTRL_C to break Press Ctrl C to terminate the ping operation after the ping ipv6 command is executed Reply from 2001 1 An ICMPv6 reply message is received from the device at 2001 1 If no ICMPv6 reply is received within the timeout time Request time out is displayed bytes Number of data bytes in the ICMPv6 reply me...

Page 1202: ...ommand to log onto another device for remote management from the local device You can break Telnet logging in by entering Ctrl K Examples Connect to a remote Telnet server with IPv6 address of 3001 1 Sysname telnet ipv6 3001 1 Trying 3001 1 Press CTRL K to abort Connected to 3001 1 Copyright c 2004 2007 Hangzhou H3C Tech Co Ltd All rights reserved Without the owner s prior written consent no decom...

Page 1203: ...le from TFTP server to local z Upload a file Upload a specified source file from local to TFTP server Examples Download a file from TFTP server Sysname tftp ipv6 fe80 250 daff fe91 e058 i Vlan interface 300 get filetoget File will be transferred in binary mode Downloading file from remote tftp server please wait received 4469 bytes in 1 243 seconds tracert ipv6 Syntax tracert ipv6 f first ttl m ma...

Page 1204: ...tracert ipv6 command is executed Examples Trace the route of the IPv6 packets from source to destination 3002 1 Sysname tracert ipv6 3002 1 traceroute to 3002 1 30 hops max 60 bytes packet 1 3003 1 30 ms 0 ms 0 ms 2 3002 1 10 ms 10 ms 0 ms 3 Table 2 2 Description on the fields of the tracert ipv6 command Field Description traceroute to 3002 1 Traceroute the device at 3002 1 to view the passed rout...

Page 1205: ...Commands 1 1 DNS Configuration Commands 1 1 display dns domain 1 1 display dns dynamic host 1 1 display dns server 1 2 display ip host 1 3 dns domain 1 4 dns resolve 1 5 dns server 1 5 ip host 1 6 nslookup type 1 6 reset dns dynamic host 1 7 ...

Page 1206: ... protocols Description Use the display dns domain command to display the DNS suffixes Related commands dns domain Examples Display DNS suffixes Sysname display dns domain No Domain name 0 aaa com Table 1 1 Description on the fields of the display dns domain command Field Description No Sequence number Domain name DNS suffix display dns dynamic host Syntax display dns dynamic host View Any view Par...

Page 1207: ...name Domain name Ipaddress IP address of the corresponding domain name TTL Time for which an entry is cached in seconds Alias Alias for the domain name There can be four aliases at most DNS resolution has two types Forward resolution domain name IP address Reverse resolution IP address domain name display dns server Syntax display dns server dynamic View Any view Parameters dynamic Displays the DN...

Page 1208: ...rs IPv6 DNS server Domain server Number of the DNS server which is assigned automatically by the system and starts from 1 Such numbering for IPv4 DNS servers is independent of that for IPv6 ones For details about IPv6 DNS refer to IPv6 Management Command display ip host Syntax display ip host View Any view Parameters None Description Use the display ip host command to display mappings between host...

Page 1209: ... be letters numbers hyphens underscores _ and dots Description Use the dns domain command to configure a DNS suffix The system can automatically add the suffix to part of the domain name you entered for resolution Use the undo dns domain command to delete the configured DNS suffix No DNS suffix is configured by default You can configure a maximum of 10 DNS suffixes You must enter the DNS suffix be...

Page 1210: ...ain name resolution Dynamic domain name resolution is disabled by default Examples Enable dynamic domain name resolution Sysname system view System View return to User View with Ctrl Z Sysname dns resolve dns server Syntax dns server ip address undo dns server ip address View System view Parameters ip address IP address of the DNS Server Description Use the dns server command to configure an IP ad...

Page 1211: ...r ip address IP address of the specified host in dotted decimal notation Description Use the ip host command to create a mapping between host name and IP address in the static DNS database Use the undo ip host command to remove the mapping No mappings are created by default Each host name can correspond to only one IP address When IP addresses are configured for the same host for multiple times on...

Page 1212: ...y the corresponding domain name for 192 168 3 2 Sysname nslookup type ptr 192 168 3 2 Trying DNS server 10 72 66 36 Name www host com Address 192 168 3 2 Display the corresponding IP address for www host com Sysname nslookup type a www host com Trying DNS server 10 72 66 36 Name www host com Address 192 168 3 2 reset dns dynamic host Syntax reset dns dynamic host View User view Parameters None Des...

Page 1213: ... vlan 1 3 link aggregation group 1 3 port 1 4 port smart link group 1 5 reset smart link packets counter 1 6 smart link flush enable 1 6 smart link group 1 7 2 Monitor Link Configuration Commands 2 1 Monitor Link Configuration Commands 2 1 display monitor link group 2 1 link aggregation group 2 1 monitor link group 2 2 port 2 3 port monitor link group 2 4 smart link group 2 5 ...

Page 1214: ... 23 2006 04 01 Source MAC of last flush packet received 000f e20f 5566 Device ID of last flush packet received 000f e20f 5566 Control VLAN ID of last flush packet received 1 Table 1 1 Description on the fields of the display smart link flush command Field Description Flush interface Interface that receives the latest legal flush message Count of flush packets received Total number of flush message...

Page 1215: ...link group command to display the information about the specific smart link group or all the smart link groups Examples Display the information about smart link group 1 Sysname display smart link group 1 Smart Link Group 1 information Device ID 000f e212 3456 Control VLAN ID 1 Member Role State Flush count Last flush time Ethernet1 0 1 MASTER ACTVIE 1 16 37 20 2006 04 21 AGG 1 SLAVE STANDBY 2 17 4...

Page 1216: ...ommand to disable the function of sending flush messages to the specified control VLAN By default no control VLAN is specified Examples Configure to send flush messages within control VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname smart link group 1 Sysname smlk group1 flush enable control vlan 1 link aggregation group Syntax link aggregation group group id master s...

Page 1217: ...group 1 Sysname smlk group1 link aggregation group 8 slave port Syntax port interface type interface number master slave undo port interface type interface number View Smart link group view Parameters interface type Port type interface number Port number master Specifies the specified port as the master port of the smart link group slave Specifies the specified port as the slave port of the smart ...

Page 1218: ...es the port as the master port of the smart link group slave Specifies the port as the slave port of the smart link group Description Use the port smart link group command to assign the current port to a smart link group Use the undo port smart link group command to remove the current port from the specified smart link group The port where you configure the command cannot be a link aggregation gro...

Page 1219: ... the flush message statistics of Smart Link Examples Clear the flush message statistics of Smart Link Sysname reset smart link packets counter smart link flush enable Syntax z In Ethernet port view smart link flush enable control vlan vlan id undo smart link flush enable z In system view smart link flush enable control vlan vlan id port interface type interface number to interface type interface n...

Page 1220: ...link group this VLAN will become a static VLAN and related prompt information is displayed Examples Enable Ethernet 1 0 4 to process flush messages received from control VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 4 Sysname Ethernet1 0 4 smart link flush enable control vlan 1 Enable Ethernet 1 0 5 through Ethernet 1 0 10 to process flush me...

Page 1221: ... link group Related commands port smart link group link aggregation group port Make sure that the smart link group has no members before executing the undo smart link group command Examples Create a smart link group Sysname system view System View return to User View with Ctrl Z Sysname smart link group 1 New Smart Link Group has been created Sysname smlk group1 ...

Page 1222: ...k group 1 Sysname display monitor link group 1 Monitor link group 1 information Member Role Status Last up time Last down time SMLK 2 UPLINK UP 16 37 20 2006 4 21 16 37 20 2006 4 20 AGG 1 DOWNLINK UP Table 2 1 Description on the fields of the display monitor link group command Field Description Member Member of the monitor link group Role Role of monitor link group member port UPLINK or DOWNLINK S...

Page 1223: ...roup member can be a single port a manual or static link aggregation group but not a dynamic link aggregation group Uplink port can also be a smart link group Use this command only on the link aggregation groups that are not smart link group members A port or a link aggregation group cannot serve as a member port for two smart link groups On the other hand a port or a link aggregation group cannot...

Page 1224: ...ecuting the undo monitor link group command Examples Create a monitor link group Sysname system view System View return to User View with Ctrl Z Sysname monitor link group 1 New Monitor Link Group has been created Sysname mtlk group1 port Syntax port interface type interface number uplink downlink undo port interface type interface number View Monitor link group view Parameters interface type Port...

Page 1225: ...Ctrl Z Sysname monitor link group 1 Sysname mtlk group1 port Ethernet 1 0 7 downlink port monitor link group Syntax port monitor link group group id uplink downlink undo port monitor link group group id View Ethernet port view Parameters group id Monitor link group ID ranging 1 to 24 uplink Specifies the port as the uplink port of the specified monitor link group downlink Specifies the port as the...

Page 1226: ...link group group id uplink undo smart link group group id View Monitor link group view Parameters group id Smart link group ID ranging 1 to 24 uplink Specifies the specified smart link group as the uplink port of the monitor link group Description Use the smart link group command to configure the specified smart link group as the uplink port of the monitor link group Use the undo smart link group ...

Page 1227: ...i Table of Contents 1 Access Management Configuration Commands 1 1 Access Management Configuration Commands 1 1 am enable 1 1 am ip pool 1 1 am trap enable 1 2 display am 1 3 ...

Page 1228: ...ult Access management function is disabled Before enabling access management you are recommended to cancel the static ARP configuration to ensure that the binding of IP address and Ethernet switch can take effect Examples Enable the access management function Sysname system view System View return to User View with Ctrl Z Sysname am enable am ip pool Syntax am ip pool address list undo am ip pool ...

Page 1229: ...of a port you need to configure the interface IP address of the VLAN to which the port belongs and the IP addresses in the access management IP address pool of a port must be in the same network segment as the interface IP address of the VLAN which the port belongs to z If an access management address pool configured contains IP addresses that belong to the static ARP entries of other ports the sy...

Page 1230: ... interface type interface number 1 10 where interface type is port type interface number is port number and 1 10 means that you can specify up to ten ports port lists Description Use the display am command to display the current access management configuration including the status enabled disabled and the access management IP address pool configuration information If you do not specify the interfa...

Page 1231: ...of a port enabled or disabled IP Pools Access management IP pools NULL means the access management IP pool is not configured Each IP address range is represented as X X X X number among which X X X X is the starting address and number indicates the number of successive IP addresses contained in the IP address range ...

Page 1232: ... acl 25 ACL Command 1 1 active region configuration 15 MSTP Command 1 1 add member 30 Cluster Command 1 12 address check 24 DHCP Command 2 1 administrator address 30 Cluster Command 1 13 am enable 45 Access Management Command 1 1 am ip pool 45 Access Management Command 1 1 am trap enable 45 Access Management Command 1 2 am user bind 11 Port Security Port Binding Command 2 1 apply cost 16 Routing P...

Page 1233: ... 4 2 ascii 37 FTP SFTP TFTP Command 1 7 attribute 19 AAA Command 1 3 authentication 19 AAA Command 1 4 authentication super 19 AAA Command 1 6 authentication mode 02 Login Command 1 1 authentication mode 16 Routing Protocol Command 4 3 authorization 19 AAA Command 1 7 authorization vlan 19 AAA Command 1 7 auto build 30 Cluster Command 1 14 auto execute command 02 Login Command 1 3 B backup current...

Page 1234: ...n Command 1 1 bsr policy 17 Multicast Command 3 1 build 30 Cluster Command 1 16 burst mode enable 26 QoS QoS Profile Command 1 1 bye 37 FTP SFTP TFTP Command 1 8 bye 37 FTP SFTP TFTP Command 1 26 C cache sa enable 17 Multicast Command 4 1 calling station id mode 19 AAA Command 1 29 c bsr 17 Multicast Command 3 1 cd 36 File System Management Command 1 1 cd 37 FTP SFTP TFTP Command 1 9 cd 37 FTP SFT...

Page 1235: ...ommand 1 1 copy 36 File System Management Command 1 2 copy configuration 08 Port Basic Configuration Command 1 2 copyright info enable 02 Login Command 1 4 count 41 HWPing Command 1 1 c rp 17 Multicast Command 3 2 crp policy 17 Multicast Command 3 3 cut connection 19 AAA Command 1 8 D databits 02 Login Command 1 4 data flow format 19 AAA Command 1 30 data flow format 19 AAA Command 1 55 datasize 4...

Page 1236: ... recover enable 24 DHCP Command 4 1 dhcp protective down recover interval 24 DHCP Command 4 1 dhcp rate limit 24 DHCP Command 4 2 dhcp rate limit enable 24 DHCP Command 4 3 dhcp relay information enable 24 DHCP Command 2 2 dhcp relay information strategy 24 DHCP Command 2 3 dhcp select global 24 DHCP Command 1 4 dhcp select interface 24 DHCP Command 1 5 dhcp server bims server 24 DHCP Command 1 7 ...

Page 1237: ...ver ip 24 DHCP Command 2 7 dhcp snooping 24 DHCP Command 3 1 dhcp snooping information enable 24 DHCP Command 3 1 dhcp snooping information format 24 DHCP Command 3 2 dhcp snooping information packet format 24 DHCP Command 3 3 dhcp snooping information remote id 24 DHCP Command 3 3 dhcp snooping information strategy 24 DHCP Command 3 4 dhcp snooping information vlan circuit id 24 DHCP Command 3 5 ...

Page 1238: ...play clock 39 System Maintenance and Debugging Command 1 6 display cluster 30 Cluster Command 1 22 display cluster base members 30 Cluster Command 1 39 display cluster base topology 30 Cluster Command 1 40 display cluster black list 30 Cluster Command 1 41 display cluster candidates 30 Cluster Command 1 24 display cluster current topology 30 Cluster Command 1 42 display cluster members 30 Cluster ...

Page 1239: ...isplay dhcp snooping 24 DHCP Command 3 7 display dhcp snooping trust 24 DHCP Command 3 8 display diagnostic information 39 System Maintenance and Debugging Command 1 9 display dldp 12 DLDP Command 1 1 display dns domain 43 DNS Command 1 1 display dns dynamic host 43 DNS Command 1 1 display dns ipv6 dynamic host 42 IPv6 Management Command 1 1 display dns server 43 DNS Command 1 2 display domain 19 ...

Page 1240: ...display gvrp status 07 GVRP Command 1 7 display habp 18 802 1x and System Guard Command 3 1 display habp table 18 802 1x and System Guard Command 3 2 display habp traffic 18 802 1x and System Guard Command 3 2 display history command 01 CLI Command 1 3 display hwping 41 HWPing Command 1 4 display hwtacacs 19 AAA Command 1 56 display icmp statistics 05 IP Address and Performance Command 2 6 display...

Page 1241: ...ip routing table statistics 16 Routing Protocol Command 1 10 display ip routing table verbose 16 Routing Protocol Command 1 11 display ip socket 05 IP Address and Performance Command 2 7 display ip source static binding 24 DHCP Command 3 9 display ip statistics 05 IP Address and Performance Command 2 8 display ipv6 fib 42 IPv6 Management Command 1 2 display ipv6 host 42 IPv6 Management Command 1 3...

Page 1242: ... 1 1 display mac address security 11 Port Security Port Binding Command 1 1 display mac authentication 21 MAC Address Authentication Command 1 1 display memory 16 Routing Protocol Command 6 1 display memory 39 System Maintenance and Debugging Command 3 5 display memory limit 16 Routing Protocol Command 6 2 display mirror 28 Mirroring Command 1 1 display mirroring group 28 Mirroring Command 1 2 dis...

Page 1243: ...16 Routing Protocol Command 4 17 display ospf lsdb 16 Routing Protocol Command 4 18 display ospf nexthop 16 Routing Protocol Command 4 21 display ospf peer 16 Routing Protocol Command 4 22 display ospf request queue 16 Routing Protocol Command 4 25 display ospf retrans queue 16 Routing Protocol Command 4 26 display ospf routing 16 Routing Protocol Command 4 26 display ospf vlink 16 Routing Protoco...

Page 1244: ...ic key peer 35 SSH Command 1 2 display qos cos local precedence map 26 QoS QoS Profile Command 1 3 display qos interface all 26 QoS QoS Profile Command 1 4 display qos interface line rate 26 QoS QoS Profile Command 1 6 display qos interface mirrored to 26 QoS QoS Profile Command 1 7 display qos interface traffic limit 26 QoS QoS Profile Command 1 7 display qos interface traffic priority 26 QoS QoS...

Page 1245: ...edule reboot 39 System Maintenance and Debugging Command 3 7 display sftp source ip 37 FTP SFTP TFTP Command 1 29 display smart link flush 44 Smart Link Monitor Link Command 1 1 display smart link group 44 Smart Link Monitor Link Command 1 2 display snmp agent 33 SNMP RMON Command 1 1 display snmp agent community 33 SNMP RMON Command 1 2 display snmp agent group 33 SNMP RMON Command 1 3 display sn...

Page 1246: ...em guard l3err state 18 802 1x and System Guard Command 4 2 display system guard tcn state 18 802 1x and System Guard Command 4 3 display tcp ipv6 statistics 42 IPv6 Management Command 1 14 display tcp ipv6 status 42 IPv6 Management Command 1 16 display tcp statistics 05 IP Address and Performance Command 2 10 display tcp status 05 IP Address and Performance Command 2 12 display telnet source ip 0...

Page 1247: ...ommand 1 7 display vlan 04 VLAN Command 1 3 display vlan 06 Voice VLAN Command 1 3 display voice vlan error info 06 Voice VLAN Command 1 1 display voice vlan oui 06 Voice VLAN Command 1 1 display voice vlan status 06 Voice VLAN Command 1 2 display vrrp 22 VRRP Command 1 1 display vrrp statistics 22 VRRP Command 1 3 display web package 36 File System Management Command 1 21 display web users 02 Log...

Page 1248: ... 30 dot1x 18 802 1x and System Guard Command 1 4 dot1x authentication method 18 802 1x and System Guard Command 1 5 dot1x dhcp launch 18 802 1x and System Guard Command 1 6 dot1x free ip 18 802 1x and System Guard Command 2 1 dot1x guest vlan 18 802 1x and System Guard Command 1 7 dot1x handshake 18 802 1x and System Guard Command 1 8 dot1x handshake secure 18 802 1x and System Guard Command 1 9 d...

Page 1249: ... Guard Command 1 19 dot1x url 18 802 1x and System Guard Command 2 2 dot1x version check 18 802 1x and System Guard Command 1 20 duplex 08 Port Basic Configuration Command 1 15 E enable log updown 08 Port Basic Configuration Command 1 16 enable snmp trap updown 33 SNMP RMON Command 1 11 execute 36 File System Management Command 1 6 exit 37 FTP SFTP TFTP Command 1 29 expired 24 DHCP Command 1 31 F ...

Page 1250: ...in Command 1 10 free web users 02 Login Command 2 1 frequency 41 HWPing Command 1 12 ftm fabric vlan 29 IRF Fabric Command 1 12 ftp 37 FTP SFTP TFTP Command 1 13 ftp cluster remote server source interface 37 FTP SFTP TFTP Command 1 13 ftp cluster remote server source ip 37 FTP SFTP TFTP Command 1 14 ftp cluster 30 Cluster Command 1 27 ftp disconnect 37 FTP SFTP TFTP Command 1 3 ftp server enable 3...

Page 1251: ... Command 3 3 habp server vlan 18 802 1x and System Guard Command 3 3 habp timer 18 802 1x and System Guard Command 3 4 header 02 Login Command 1 11 help 37 FTP SFTP TFTP Command 1 30 history command max size 02 Login Command 1 13 history records 41 HWPing Command 1 14 holdtime 30 Cluster Command 1 29 host route 16 Routing Protocol Command 3 7 http operation 41 HWPing Command 1 14 http string 41 HW...

Page 1252: ...mand 2 4 igmp group policy 17 Multicast Command 2 5 igmp group policy vlan 17 Multicast Command 2 6 igmp host join 17 Multicast Command 5 16 igmp host join port 17 Multicast Command 2 7 igmp host join port 17 Multicast Command 5 15 igmp host join vlan 17 Multicast Command 2 8 igmp lastmember queryinterval 17 Multicast Command 2 8 igmp max response time 17 Multicast Command 2 9 igmp proxy 17 Multic...

Page 1253: ...enter console channel 38 Information Center Command 1 7 info center enable 38 Information Center Command 1 8 info center logbuffer 38 Information Center Command 1 8 info center loghost 38 Information Center Command 1 9 info center loghost source 38 Information Center Command 1 10 info center monitor channel 38 Information Center Command 1 10 info center snmp channel 38 Information Center Command 1...

Page 1254: ...ipv6 address 42 IPv6 Management Command 1 19 ipv6 address auto link local 42 IPv6 Management Command 1 19 ipv6 address eui 64 42 IPv6 Management Command 1 20 ipv6 address link local 42 IPv6 Management Command 1 22 ipv6 host 42 IPv6 Management Command 1 22 ipv6 icmp error 42 IPv6 Management Command 1 23 ipv6 nd dad attempts 42 IPv6 Management Command 1 24 ipv6 nd hop limit 42 IPv6 Management Comman...

Page 1255: ... group 44 Smart Link Monitor Link Command 2 1 link aggregation group description 09 Link Aggregation Command 1 6 link aggregation group mode 09 Link Aggregation Command 1 7 link delay 08 Port Basic Configuration Command 1 20 local server 19 AAA Command 1 36 local server nas ip 19 AAA Command 1 37 local user 19 AAA Command 1 17 local user password display mode 19 AAA Command 1 18 lock 02 Login Comm...

Page 1256: ...s security 11 Port Security Port Binding Command 1 5 mac address timer 13 MAC Address Table Management Command 1 7 mac address mapping 40 VLAN VPN Command 2 1 mac authentication 21 MAC Address Authentication Command 1 4 mac authentication authmode usernameasmacaddress 21 MAC Address Authentication Command 1 6 mac authentication authmode usernamefixed 21 MAC Address Authentication Command 1 6 mac a...

Page 1257: ...mirroring group 28 Mirroring Command 1 4 mirroring group mirroring port 28 Mirroring Command 1 4 mirroring group monitor port 28 Mirroring Command 1 6 mirroring group reflector port 28 Mirroring Command 1 7 mirroring group remote probe vlan 28 Mirroring Command 1 8 mirroring port 28 Mirroring Command 1 8 mkdir 36 File System Management Command 1 9 mkdir 37 FTP SFTP TFTP Command 1 18 mkdir 37 FTP S...

Page 1258: ...ti path number 16 Routing Protocol Command 4 32 N name 04 VLAN Command 1 5 name 19 AAA Command 1 19 nas ip 19 AAA Command 1 38 nas ip 19 AAA Command 1 60 nbns list 24 DHCP Command 1 33 ndp enable 30 Cluster Command 1 2 ndp timer aging 30 Cluster Command 1 3 ndp timer hello 30 Cluster Command 1 4 netbios type 24 DHCP Command 1 33 network 16 Routing Protocol Command 3 9 network 16 Routing Protocol C...

Page 1259: ... source interface 34 NTP Command 1 12 ntp service unicast peer 34 NTP Command 1 12 ntp service unicast server 34 NTP Command 1 13 O open 37 FTP SFTP TFTP Command 1 19 option 14 Auto Detect Command 1 4 option 24 DHCP Command 1 35 originating rp 17 Multicast Command 4 10 ospf 16 Routing Protocol Command 4 35 ospf authentication mode 16 Routing Protocol Command 4 36 ospf cost 16 Routing Protocol Comm...

Page 1260: ... patch run 39 System Maintenance and Debugging Command 3 16 peer 16 Routing Protocol Command 3 9 peer 16 Routing Protocol Command 4 44 peer connect interface 17 Multicast Command 4 10 peer description 17 Multicast Command 4 11 peer mesh group 17 Multicast Command 4 12 peer minimum ttl 17 Multicast Command 4 12 peer request sa enable 17 Multicast Command 4 13 peer sa cache maximum 17 Multicast Comm...

Page 1261: ...d 1 10 poe profile 31 PoE PoE Profile Command 2 3 port 04 VLAN Command 1 9 port 44 Smart Link Monitor Link Command 1 4 port 44 Smart Link Monitor Link Command 2 3 port access vlan 04 VLAN Command 1 10 port hybrid protocol vlan vlan 04 VLAN Command 1 17 port hybrid pvid vlan 04 VLAN Command 1 11 port hybrid vlan 04 VLAN Command 1 11 port isolate 10 Port Isolation Command 1 1 port link aggregation g...

Page 1262: ... 1 16 port security trap 11 Port Security Port Binding Command 1 17 preference 16 Routing Protocol Command 3 10 preference 16 Routing Protocol Command 4 45 primary accounting 19 AAA Command 1 39 primary accounting 19 AAA Command 1 60 primary authentication 19 AAA Command 1 39 primary authentication 19 AAA Command 1 61 primary authorization 19 AAA Command 1 62 priority 26 QoS QoS Profile Command 1 ...

Page 1263: ... 1 32 Q qos cos local precedence map 26 QoS QoS Profile Command 1 18 qos profile 26 QoS QoS Profile Command 2 4 qos profile port based 26 QoS QoS Profile Command 2 5 queue scheduler 26 QoS QoS Profile Command 1 19 quit 37 FTP SFTP TFTP Command 1 21 quit 37 FTP SFTP TFTP Command 1 33 quit 39 System Maintenance and Debugging Command 1 3 R radius client 19 AAA Command 1 40 radius nas ip 19 AAA Comman...

Page 1264: ...mmand 1 37 reset dhcp server 24 DHCP Command 2 10 reset dns dynamic host 43 DNS Command 1 7 reset dns ipv6 dynamic host 42 IPv6 Management Command 1 28 reset dot1x statistics 18 802 1x and System Guard Command 1 20 reset ftm statistics 29 IRF Fabric Command 1 14 reset garp statistics 07 GVRP Command 1 5 reset hwtacacs statistics 19 AAA Command 1 63 reset igmp group 17 Multicast Command 2 13 reset ...

Page 1265: ...d 3 15 reset radius statistics 19 AAA Command 1 44 reset recycle bin 36 File System Management Command 1 12 reset saved configuration 03 Configuration File Management Command 1 11 reset smart link packets counter 44 Smart Link Monitor Link Command 1 6 reset stop accounting buffer 19 AAA Command 1 44 reset stop accounting buffer 19 AAA Command 1 63 reset stp 15 MSTP Command 1 11 reset tcp ipv6 stat...

Page 1266: ...ol Command 3 12 rip input 16 Routing Protocol Command 3 13 rip metricin 16 Routing Protocol Command 3 14 rip metricout 16 Routing Protocol Command 3 14 rip output 16 Routing Protocol Command 3 15 rip split horizon 16 Routing Protocol Command 3 15 rip version 16 Routing Protocol Command 3 16 rip work 16 Routing Protocol Command 3 17 rmdir 36 File System Management Command 1 15 rmdir 37 FTP SFTP TFT...

Page 1267: ...and Debugging Command 3 17 schedule reboot delay 39 System Maintenance and Debugging Command 3 18 schedule reboot regularity 39 System Maintenance and Debugging Command 3 19 scheme 19 AAA Command 1 21 screen length 02 Login Command 1 17 secondary accounting 19 AAA Command 1 47 secondary accounting 19 AAA Command 1 64 secondary authentication 19 AAA Command 1 48 secondary authentication 19 AAA Comm...

Page 1268: ... 6 smart link group 44 Smart Link Monitor Link Command 1 7 smart link group 44 Smart Link Monitor Link Command 2 5 snmp agent 33 SNMP RMON Command 1 12 snmp agent calculate password 33 SNMP RMON Command 1 12 snmp agent community 02 Login Command 2 2 snmp agent community 33 SNMP RMON Command 1 13 snmp agent group 02 Login Command 2 3 snmp agent group 33 SNMP RMON Command 1 14 snmp agent local engin...

Page 1269: ...ed 08 Port Basic Configuration Command 1 28 speed auto 08 Port Basic Configuration Command 1 29 spf schedule interval 16 Routing Protocol Command 4 49 spt switch threshold 17 Multicast Command 3 15 ssh authentication type default 35 SSH Command 1 24 ssh client assign 35 SSH Command 1 25 ssh client first time enable 35 SSH Command 1 26 ssh server authentication retries 35 SSH Command 1 27 ssh serve...

Page 1270: ...1 39 static rp 17 Multicast Command 3 18 static rpf peer 17 Multicast Command 4 18 stop accounting buffer enable 19 AAA Command 1 50 stopbits 02 Login Command 1 22 storm constrain 08 Port Basic Configuration Command 1 30 storm constrain control 08 Port Basic Configuration Command 1 31 storm constrain enable 08 Port Basic Configuration Command 1 32 storm constrain interval 08 Port Basic Configurati...

Page 1271: ... MSTP Command 1 32 stp loop protection 15 MSTP Command 1 32 stp max hops 15 MSTP Command 1 33 stp mcheck 15 MSTP Command 1 34 stp mode 15 MSTP Command 1 35 stp no agreement check 15 MSTP Command 1 35 stp pathcost standard 15 MSTP Command 1 36 stp point to point 15 MSTP Command 1 38 stp port priority 15 MSTP Command 1 39 stp portlog 15 MSTP Command 1 39 stp portlog all 15 MSTP Command 1 40 stp prio...

Page 1272: ... detect threshold 18 802 1x and System Guard Command 4 4 system guard ip enable 18 802 1x and System Guard Command 4 5 system guard l3err enable 18 802 1x and System Guard Command 4 6 system guard tcn enable 18 802 1x and System Guard Command 4 7 system guard tcn rate threshold 18 802 1x and System Guard Command 4 7 system monitor enable 39 System Maintenance and Debugging Command 3 20 system view...

Page 1273: ...mation Center Command 1 20 terminal monitor 38 Information Center Command 1 21 terminal trapping 38 Information Center Command 1 21 test enable 41 HWPing Command 1 24 test failtimes 41 HWPing Command 1 24 test type 41 HWPing Command 1 23 tftp ascii binary 37 FTP SFTP TFTP Command 2 1 tftp get 30 Cluster Command 1 34 tftp get 37 FTP SFTP TFTP Command 2 2 tftp ipv6 42 IPv6 Management Command 2 3 tft...

Page 1274: ...ACL Command 1 24 timers 16 Routing Protocol Command 3 19 topology accept 30 Cluster Command 1 44 topology restore from 30 Cluster Command 1 45 topology save to 30 Cluster Command 1 46 tos 41 HWPing Command 1 25 tracemac 30 Cluster Command 1 37 tracert 39 System Maintenance and Debugging Command 2 3 tracert ipv6 42 IPv6 Management Command 2 4 traffic limit 26 QoS QoS Profile Command 1 22 traffic li...

Page 1275: ...ate fabric 39 System Maintenance and Debugging Command 3 21 user 37 FTP SFTP TFTP Command 1 23 user privilege level 02 Login Command 1 28 user interface 02 Login Command 1 27 username 41 HWPing Command 1 26 user name format 19 AAA Command 1 54 user name format 19 AAA Command 1 69 V verbose 37 FTP SFTP TFTP Command 1 24 virtual cable test 08 Port Basic Configuration Command 1 34 vlan 04 VLAN Comman...

Page 1276: ...rp vrid preempt mode 22 VRRP Command 1 9 vrrp vrid priority 22 VRRP Command 1 10 vrrp vrid timer advertise 22 VRRP Command 1 10 vrrp vrid track detect group 14 Auto Detect Command 1 8 vrrp vrid track detect group 22 VRRP Command 1 12 vrrp vrid track interface 22 VRRP Command 1 11 vrrp vrid virtual ip 22 VRRP Command 1 13 W web authentication cut connection 20 Web Authentication Command 1 3 web aut...

Page 1277: ...che address 27 Web Cache Redirection Command 1 2 webcache redirect vlan 27 Web Cache Redirection Command 1 4 wred 26 QoS QoS Profile Command 1 31 X xmodem get 39 System Maintenance and Debugging Command 3 22 Y Z ...

Search results

Summary of Contents for H3C S3600 Series

Reviews:

Related manuals for H3C S3600 Series

Brands by name

Popular brands

H3C H3C S3600 Series, Command Manual

Search results

Summary of Contents for H3C S3600 Series

Reviews:

Related manuals for H3C S3600 Series

Brands by name

Popular brands