manualshive.com logo in svg

H3C MS4520V2-30F, Command Reference Manual, Page: 54 / 59

Share
Download
H3C MS4520V2-30F Command Reference Manual Download Page 54

 

47 

Predefined user roles 

network-admin 

Parameters 

domain-name

: Specifies a PKI domain name, a case-sensitive string of 1 to 31 characters. The PKI 

domain must already exist and contain a complete certificate and key. 

Usage guidelines 

To communicate with controllers through SSL, you must specify a PKI domain. 

For the specified PKI domain to take effect, you must execute the 

ovsdb server enable

 

command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it 
has been enabled. 

For more information about PKI domains, see PKI in 

Security Configuration Guide

Examples 

# Specify PKI domain 

ovsdb_test

 for establishing OVSDB SSL connections. 

<Sysname> system-view 

[Sysname] ovsdb server pki domain ovsdb_test 

Related commands 

ovsdb server bootstrap ca-certificate 

ovsdb server enable 

ovsdb server pssl 

ovsdb server ssl 

ovsdb server pssl 

Use 

ovsdb server pssl

 to enable the device to listen for OVSDB SSL connection requests. 

Use 

undo ovsdb server pssl

 to restore the default. 

Syntax 

ovsdb server pssl

 

[

 

port

 

port-number

 

]

 

undo ovsdb server pssl 

Default 

The device does not listen for OVSDB SSL connection requests. 

Views 

System view 

Predefined user roles 

network-admin 

Parameters 

port

 

port-number

: Specifies a port to  listen for OVSDB  SSL connection  requests. The value 

range for the 

port-number

 argument is 1 to 65535. If you do not specify a port, the device uses the 

port number 6640. 

Usage guidelines 

Before you use this command, you must specify a PKI domain for SSL. 

Summary of Contents for MS4520V2-30F

Page 1: ...licable to the following switches and software versions H3C S5560X EI switch series Release 6308 and later H3C S5500V2 EI switch series Release 6308 and later H3C MS4520V2 30F switch Release 6308 and...

Page 2: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Page 3: ...races enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which y...

Page 4: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Page 5: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Page 6: ...e 22 shutdown 23 statistics enable Ethernet service instance view 23 statistics enable VSI view 24 tunnel 24 tunnel global source address 25 vsi 26 vxlan 27 vxlan ip forwarding 27 vxlan local mac repo...

Page 7: ...ii ovsdb server enable 46 ovsdb server pki domain 46 ovsdb server pssl 47 ovsdb server ptcp 48 ovsdb server ssl 49 ovsdb server tcp 49 vtep access port 50 vtep acl disable 51 vtep enable 51...

Page 8: ...packet statistics for the Ethernet service instances automatically created for VLAN based VXLAN assignment Before you enable this feature you must use the vxlan vlan based command to enable VLAN base...

Page 9: ...behalf of the VM If no match is found the VTEP floods the request to both local and remote sites Examples Enable ARP flood suppression for VSI vsi1 Sysname system view Sysname vsi vsi1 Sysname vsi vs...

Page 10: ...pecify a member device this command displays entries on the master device count Displays the number of ARP flood suppression entries that match the command Examples Display ARP flood suppression entri...

Page 11: ...the command Examples Display ND flood suppression entries Sysname display ipv6 nd suppression vsi IPv6 address MAC address VSI name Link ID Aging min 1000 2 000f e201 0101 vsi1 0x70000 5 1000 3 000f...

Page 12: ...s entries Usage guidelines If you do not specify the count or verbose keyword this command displays brief information about MAC address entries Examples Display brief information about MAC address ent...

Page 13: ...ddress this field displays the tunnel interface name Aging Entry aging state Aging NotAging Display detailed information about MAC address entries for all VSIs Sysname display l2vpn mac address verbos...

Page 14: ...r service instance instance id verbose Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Specifies a Layer 2 Ethernet interface o...

Page 15: ...ate Up Down Type L2VPN type of the Ethernet service instance VSI VPWS Display detailed information about all Ethernet service instances on GigabitEthernet 1 0 1 Sysname display l2vpn service instance...

Page 16: ...tihomed EVPN site BDF The device is a backup designated forwarder DF The device is the designated forwarder This field is not displayed if no Ethernet segment identifier is configured on the interface...

Page 17: ...e VSI Index MTU State vpna 0 1500 Up Table 7 Command output Field Description MTU MTU on the VSI State VSI state Up The VSI is up Down The VSI is down Admin down The VSI has been manually shut down by...

Page 18: ...ot set Unlimited is displayed Multicast Restrain This field is not supported in the current software version Multicast restraint bandwidth in kbps If the multicast restraint bandwidth is not set Unlim...

Page 19: ...unnel assignment method Auto The tunnel was automatically assigned to the VXLAN For an EVPN network VXLAN tunnels are automatically assigned to VXLANs For a multicast mode VXLAN the tunnel MTunnel was...

Page 20: ...00002 Up Manual Disabled MTunnel0 0x6002710 Up Auto Disabled Table 9 Command output Field Description Link ID Tunnel s link ID in the VXLAN State Tunnel state Up The tunnel is operating correctly Bloc...

Page 21: ...pecify the only tagged keyword untagged Matches any frames that do not have an 802 1Q VLAN tag Usage guidelines An Ethernet service instance can contain only one frame match criterion To change the fr...

Page 22: ...default the device floods broadcast unknown unicast and unknown multicast frames received from the local site to the following interfaces in the frame s VXLAN All site facing interfaces except for th...

Page 23: ...nd remote sites Examples Enable ND flood suppression for VSI vsi1 Sysname system view Sysname vsi vsi1 Sysname vsi vsi1 ipv6 nd suppression enable Related commands display ipv6 nd suppression vsi rese...

Page 24: ...nterface number The specified tunnel interface must already exist This option applies to remote MAC addresses vsi vsi name Specifies a VSI name a case sensitive string of 1 to 31 characters Usage guid...

Page 25: ...ned user roles network admin Usage guidelines The 802 1X or MAC authentication feature can use the authorization VSI the guest VSI the Auth Fail VSI and the critical VSI to control the access of users...

Page 26: ...e string of 1 to 31 characters If you do not specify a VSI this command clears ARP flood suppression entries on all VSIs Examples Clear ARP flood suppression entries on all VSIs Sysname reset arp supp...

Page 27: ...do not specify a VSI this command clears all dynamic MAC address entries on all VSIs Usage guidelines Use this command when the number of dynamic MAC address entries reaches the limit or the device l...

Page 28: ...istics on VSIs Syntax reset l2vpn statistics vsi name vsi name Views User view Predefined user roles network admin Parameters name vsi name Specifies a VSI by its name a case sensitive string of 1 to...

Page 29: ...commands flooding disable service instance Use service instance to create an Ethernet service instance and enter its view or enter the view of an existing Ethernet service instance Use undo service in...

Page 30: ...ou bring up the VSI again the VSI provides services based on the latest settings Examples Shut down VSI vpn1 Sysname system view Sysname vsi vpn1 Sysname vsi vpn1 shutdown Related commands display l2v...

Page 31: ...ay l2vpn service instance verbose reset l2vpn statistics ac statistics enable VSI view Use statistics enable to enable packet statistics for a VSI Use undo statistics enable to disable packet statisti...

Page 32: ...number option When the primary VXLAN tunnel is operating correctly the backup VXLAN tunnel does not forward traffic When the primary VXLAN tunnel goes down traffic is switched to the backup VXLAN tun...

Page 33: ...tunnel uses the global source address if you do not specify a source interface or source address for the tunnel The global source address takes effect only on VXLAN tunnels Examples Specify 1 1 1 1 as...

Page 34: ...a VXLAN and enter its view or enter the view of an existing VXLAN Use undo vxlan to restore the default Syntax vxlan vxlan id undo vxlan Default No VXLANs exist Views VSI view Predefined user roles n...

Page 35: ...LANs You must delete all VSIs VSI interfaces and VXLAN tunnel interfaces before you can change the forwarding mode Examples Enable Layer 3 forwarding for all VXLANs Sysname system view Sysname vxlan i...

Page 36: ...l mac learning disable undo vxlan tunnel mac learning disable Default Remote MAC address learning is enabled Views System view Predefined user roles network admin Usage guidelines When network attacks...

Page 37: ...ed Default VLAN based VXLAN assignment is disabled Views System view Predefined user roles network admin Usage guidelines You can assign customer traffic to a VXLAN by using one of the following metho...

Page 38: ...XLANs enable VLAN based VXLAN assignment by using the vxlan vlan based command You cannot map VLAN 1 to any VXLAN Do not map a VLAN to the L3 VXLAN ID of EVPN If you map a VLAN to a nonexistent VXLAN...

Page 39: ...r Ethernet frames assigned to the VSI The device supports the VLAN access mode In this mode Ethernet frames received from or sent to the local site must contain 802 1Q VLAN tags For an Ethernet frame...

Page 40: ...not forward ARP packets destined for its local VSI interfaces to other gateways For distributed VXLAN IP gateways to have the same ARP entries you must enable dynamic ARP entry synchronization A cont...

Page 41: ...h to set the expected bandwidth for a VSI interface Use undo bandwidth to restore the default Syntax bandwidth bandwidth value undo bandwidth Default The expected bandwidth in kbps of a VSI interface...

Page 42: ...these commands 2 Use their undo forms or follow the command reference to restore their default settings 3 If the restoration attempt still fails follow the error message instructions to resolve the p...

Page 43: ...ce id option this command displays information about all interfaces Make sure the specified VSI interfaces have been created on the device brief Display brief interface information If you do not speci...

Page 44: ...isabled The interface is not assigned an IP address and cannot process IP packets Internet address IP address of the interface The primary attribute indicates that the address is the primary IP addres...

Page 45: ...s physically up DOWN The interface is physically down ADM The interface has been shut down by using the shutdown command To restore the physical state of the interface use the undo shutdown command St...

Page 46: ...erent VTEPs To avoid IP address conflicts you must specify the VSI interface on each VTEP as a distributed gateway Examples Specify VSI interface 100 as a distributed gateway Sysname system view Sysna...

Page 47: ...to the VSI If you remove the gateway interface from the VSI the VSI s subnet settings are automatically deleted For VSIs that share a gateway interface the subnets must be unique Examples Assign subne...

Page 48: ...Usage guidelines When you delete a VSI interface by using the undo interface vsi interface command the gateway interface setting of the VSI interface is also deleted Examples Create VSI interface 100...

Page 49: ...t enable dynamic ND entry synchronization Examples Enable dynamic ND entry synchronization for distributed VXLAN IP gateways Sysname system view Sysname ipv6 nd distributed gateway dynamic entry synch...

Page 50: ...ytes Examples Set the MTU to 1430 bytes for VSI interface 100 Sysname system view Sysname interface vsi interface 100 Sysname Vsi interface100 mtu 1430 shutdown Use shutdown to shut down a VSI interfa...

Page 51: ...e ARP learning when the controller and VTEPs are synchronizing entries After the entry synchronization is completed use the undo vxlan tunnel arp learning disable command to enable remote ARP learning...

Page 52: ...L connections Use undo ovsdb server bootstrap ca certificate to restore the default Syntax ovsdb server bootstrap ca certificate ca filename undo ovsdb server bootstrap ca certificate Default SSL uses...

Page 53: ...ation data from controllers you must enable the OVSDB server Before you enable the OVSDB server you must establish an OVSDB SSL or TCP connection with a minimum of one controller Examples Enable the O...

Page 54: ...OVSDB SSL connections Sysname system view Sysname ovsdb server pki domain ovsdb_test Related commands ovsdb server bootstrap ca certificate ovsdb server enable ovsdb server pssl ovsdb server ssl ovsdb...

Page 55: ...r ptcp to restore the default Syntax ovsdb server ptcp port port number undo ovsdb server ptcp Default The device does not listen for OVSDB TCP connection requests Views System view Predefined user ro...

Page 56: ...port for the SSL connection The value range for the port number argument is 1 to 65535 Usage guidelines Before you use this command you must specify a PKI domain for SSL The device can have a maximum...

Page 57: ...t active OVSDB TCP connections To establish the connection you must execute the ovsdb server enable command You must disable and then re enable the OVSDB server if it has been enabled Examples Set up...

Page 58: ...isable Default The ACLs issued by the OVSDB controller are enabled on the device Views System view Predefined user roles network admin Usage guidelines Before you use this command you must use the vte...

Page 59: ...52 Default The OVSDB VTEP service is disabled Views System view Predefined user roles network admin Examples Enable the OVSDB VTEP service Sysname system view Sysname vtep enable...

Reviews:

No comments