manualshive.com logo in svg

H3C SecPath F5000-AK Series, Command Reference Manual

The H3C SecPath F5000-AK Series offers top-notch security features for network protection. Maximize its potential with the comprehensive Command Reference Manual, available for free download at manualshive.com. This manual provides detailed instructions and insights, ensuring seamless operation and efficient utilization of this exceptional product.

Share
Download
background image

  

H3C SecPath F50X0-D[F5000-AK] 

Firewall Series 

Comware 7 VXLAN Command Reference 

 

 
 

 
 

 
 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
New H3C Technologies Co., Ltd.  
http://www.h3c.com 
 
Software version: F9620 
Document version: 6W401-20200901

 

 

Summary of Contents for SecPath F5000-AK Series

Page 1: ...H3C SecPath F50X0 D F5000 AK Firewall Series Comware 7 VXLAN Command Reference New H3C Technologies Co Ltd http www h3c com Software version F9620 Document version 6W401 20200901 ...

Page 2: ...w H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice All contents in this document including statements information and recommendations are believed to be accurate but they are presented without warranty of any kind express or implied H3C shall not be l...

Page 3: ...and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from ...

Page 4: ...hat contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Convention Description Represents a generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding an...

Page 5: ...s document might use devices that differ from your device in hardware model configuration or software version It is normal that the port numbers sample output screenshots and other information in the examples differ from what you have on your device Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments ...

Page 6: ... fast forwarding enable 16 vxlan invalid udp checksum discard 17 vxlan local mac report 17 vxlan tunnel mac learning disable 18 vxlan udp port 19 xconnect vsi 19 VXLAN IP gateway commands 20 arp distributed gateway dynamic entry synchronize 20 bandwidth 21 default 21 description 22 display interface vsi interface 23 distributed gateway local 26 gateway subnet 27 gateway vsi interface 28 interface ...

Page 7: ...ters text Specifies a description a case sensitive string of 1 to 80 characters Examples Configure a description for VSI vpn1 Sysname system view Sysname vsi vpn1 Sysname vsi vpn1 description vsi for vpn1 Related commands display l2vpn vsi display l2vpn interface Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs Syntax display l2vpn interface v...

Page 8: ...r all Layer 3 interfaces that are mapped to VSIs Sysname display l2vpn interface Total number of interfaces 2 1 up 1 down Interface Owner Link ID State Type GE1 2 5 1 vxlan3 1 Up VSI GE1 2 5 2 vxlan4 2 Down VSI Table 1 Command output Field Description Interface Layer 3 interface name Owner VSI name Link ID The interface s link ID on the VSI State Physical state of the interface Up The interface is...

Page 9: ...s If you do not specify a VSI this command displays MAC address entries for all VSIs dynamic Specifies dynamic MAC address entries learned in the data plane If you do not specify this keyword the command displays all MAC address entries including Dynamic remote and local MAC entries Manually added static remote MAC entries VXLAN does not support static local MAC entries count Displays the number o...

Page 10: ...i Use display l2vpn vsi to display information about VSIs Syntax display l2vpn vsi name vsi name verbose Views Any view Predefined user roles network admin network operator context admin context operator Parameters name vsi name Specifies a VSI by its name a case sensitive string of 1 to 31 characters If you do not specify a VSI this command displays information about all VSIs verbose Displays det...

Page 11: ...Gateway Interface VSI interface 100 VXLAN ID 10 Tunnels Tunnel Name Link ID State Type Flood Proxy Split horizon Tunnel1 0x5000001 Up Manual Disabled Enabled Tunnel2 0x5000002 Up Manual Disabled Enabled ACs AC Link ID State GE1 2 5 1 0 Up Table 5 Command output Field Description VSI Description Description of the VSI If the VSI does not have a description the command does not display this field VS...

Page 12: ... The VTEP floods unknown unicast frames only to local sites Gateway Interface VSI interface name State Tunnel state Up The tunnel is operating correctly Blocked The tunnel is a backup tunnel Its tunnel interface is up but the tunnel is blocked because the primary tunnel is operating correctly Defect The tunnel interface is up but BFD cannot detect the remote VTEP This state is not supported in the...

Page 13: ...tunnels associated with the specified VXLAN Examples Display VXLAN tunnel information for all VXLANs Sysname display vxlan tunnel Total number of VXLANs 1 VXLAN ID 10 VSI name vpna Total tunnels 3 3 up 0 down 0 defect 0 blocked Tunnel name Link ID State Type Flood proxy Split horizon Tunnel1 0x5000001 Up Manual Disabled Enabled Tunnel2 0x5000002 Up Manual Disabled Enabled Display VXLAN tunnel info...

Page 14: ...server replicates and forwards flood traffic to remote VTEPs Disabled Flood proxy is disabled Split horizon State of split horizon Enabled Split horizon is enabled on the VXLAN tunnel The VXLAN tunnel does not forward the traffic that is received on other VXLAN tunnels Disabled Split horizon is disabled on the VXLAN tunnel The VXLAN tunnel forwards the traffic that is received on other VXLAN tunne...

Page 15: ...able Default L2VPN is disabled Views System view Predefined user roles network admin context admin Usage guidelines You must enable L2VPN before you can configure L2VPN settings Examples Enable L2VPN Sysname system view Sysname l2vpn enable mac address static vsi Use mac address static vsi to add a static remote MAC address entry for a VXLAN VSI Use undo mac address static vsi to remove static rem...

Page 16: ...address is the MAC address of a VM in a remote site Remote MAC entries can be manually added or dynamically learned When you add a remote MAC address entry make sure the specified VSI s VXLAN has been assigned the specified VXLAN tunnel The undo mac address static vsi vsi name command removes all static MAC address entries for a VSI Examples Add MAC address 000f e201 0101 to VSI vsi1 Specify Tunne...

Page 17: ...400 bytes for VSI vxlan1 Sysname system view Sysname vsi vxlan1 Sysname vsi vxlan1 mtu 1400 Related commands display l2vpn vsi reserved vxlan Use reserved vxlan to specify a reserved VXLAN Use undo reserved vxlan to restore the default Syntax reserved vxlan vxlan id undo reserved vxlan Default No VXLAN has been reserved Views System view Predefined user roles network admin context admin Parameters...

Page 18: ... limit or the device learns incorrect MAC addresses Examples Clear the dynamic MAC address entries on VSI vpn1 Sysname reset l2vpn mac address vsi vpn1 Related commands display l2vpn mac address vsi selective flooding mac address Use selective flooding mac address to enable selective flood for a MAC address Use undo selective flooding mac address to disable selective flood for a MAC address Syntax...

Page 19: ...hut down a VSI Use undo shutdown to bring up a VSI Syntax shutdown undo shutdown Default VSIs are not manually shut down Views VSI view Predefined user roles network admin context admin Usage guidelines Use this command to temporarily disable a VSI to provide Layer 2 switching services The shutdown action does not change settings on the VSI You can continue to configure the VSI After you bring up ...

Page 20: ...st traffic to each tunnel in the VXLAN You can assign multiple VXLAN tunnels to a VXLAN and configure a VXLAN tunnel to trunk multiple VXLANs Examples Assign VXLAN tunnels 1 and 2 to VXLAN 10000 Sysname system view Sysname vsi vpna Sysname vsi vpna vxlan 10000 Sysname vsi vpna vxlan 10000 tunnel 1 Sysname vsi vpna vxlan 10000 tunnel 2 Related commands display vxlan tunnel tunnel global source addr...

Page 21: ...e undo vsi to delete a VSI Syntax vsi vsi name undo vsi vsi name Default No VSIs exist Views System view Predefined user roles network admin context admin Parameters vsi name Specifies a VSI name a case sensitive string of 1 to 31 characters Usage guidelines A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP A VSI has all functions of a physical Ethernet swi...

Page 22: ...e VXLAN for a VSI The VXLAN ID for each VSI must be unique Examples Create VXLAN 10000 for VSI vpna and enter VXLAN view Sysname system view Sysname vsi vpna Sysname vsi vpna vxlan 10000 Sysname vsi vpna vxlan 10000 Related commands vsi vxlan fast forwarding enable Use vxlan fast forwarding enable to enable VXLAN fast forwarding Use undo vxlan fast forwarding enable to disable VXLAN fast forwardin...

Page 23: ...ard to enable the device to drop the VXLAN packets that fail UDP checksum check Use undo vxlan invalid udp checksum discard to restore the default Syntax vxlan invalid udp checksum discard undo vxlan invalid udp checksum discard Default The device does not check the UDP checksum of VXLAN packets Views System view Predefined user roles network admin context admin Usage guidelines This command enabl...

Page 24: ...g and output rules including output destinations For more information about configuring the information center see Network Management and Monitoring Configuration Guide Examples Enable local MAC logging Sysname system view Sysname vxlan local mac report vxlan tunnel mac learning disable Use vxlan tunnel mac learning disable to disable remote MAC address learning Use undo vxlan tunnel mac learning ...

Page 25: ...Parameters port number Specifies a UDP port number in the range of 1 to 65535 As a best practice specify a port number in the range of 1024 to 65535 to avoid conflict with well known ports Usage guidelines You must configure the same destination UDP port number on all VTEPs in a VXLAN Examples Set the destination UDP port number to 6666 for VXLAN packets Sysname system view Sysname vxlan udp port ...

Page 26: ...Sysname vsi vpn1 quit Sysname interface gigabitethernet 1 2 5 1 Sysname GigabitEthernet1 2 5 1 xconnect vsi vpn1 Related commands display l2vpn interface vsi VXLAN IP gateway commands arp distributed gateway dynamic entry synchronize Use arp distributed gateway dynamic entry synchronize to enable dynamic ARP entry synchronization for distributed VXLAN IP gateways Use undo arp distributed gateway d...

Page 27: ...roxy arp enable Layer 3 IP Services Command Reference bandwidth Use bandwidth to set the expected bandwidth for a VSI interface Use undo bandwidth to restore the default Syntax bandwidth bandwidth value undo bandwidth Default The expected bandwidth in kbps equals the interface baudrate divided by 1000 Views VSI interface view Predefined user roles network admin context admin Parameters bandwidth v...

Page 28: ...re their default settings 3 If the restoration attempt still fails follow the error message instructions to resolve the problem Examples Restore the default settings for VSI interface 100 Sysname system view Sysname interface vsi interface 100 Sysname Vsi interface100 default This command will restore the default settings Continue Y N y description Use description to configure the description of a...

Page 29: ...faces If you specify a VSI interface this command displays information about the specified interface For more information about VA interfaces see PPP configuration in PPP and PPPoE Configuration Guide brief Display brief interface information If you do not specify this keyword the command displays detailed interface information description Displays complete interface descriptions If you do not spe...

Page 30: ...nternet address ip address mask length Type IP address of the interface and type of the address in parentheses Possible IP address types include Primary Manually configured primary IP address Sub Manually configured secondary IP address If the interface has both primary and secondary IP addresses the primary IP address is displayed If the interface has only secondary IP addresses the lowest second...

Page 31: ...rief information about all VSI interfaces Sysname display interface vsi interface brief Brief information on interfaces in route mode Link ADM administratively down Stby standby Protocol s spoofing Interface Link Protocol Primary IP Description Vsi100 DOWN DOWN Display brief information and complete description for VSI interface 100 Sysname display interface vsi interface 100 brief description Bri...

Page 32: ...en manually shut down by using the shutdown command To restore the physical state of the interface use the undo shutdown command Not connected The interface is not mapped to any VSI or the mapped VSI does not have any AC or VXLAN tunnel Related commands reset counters interface vsi interface distributed gateway local Use distributed gateway local to specify a VSI interface as a distributed gateway...

Page 33: ...t s IP address are identical to the do care bits in the specified subnet address the packet is assigned to the VSI All don t care bits are ignored The 0s and 1s in a wildcard mask can be noncontiguous For example 0 255 0 255 is a valid wildcard mask ipv6 address prefix length Specifies an IPv6 subnet address and the address prefix length in the range of 1 to 128 Usage guidelines You must configure...

Page 34: ...8191 Usage guidelines A VSI can have only one gateway interface Multiple VSIs can share a gateway interface Examples Specify VSI interface 100 as the gateway interface for VSI vpna Sysname system view Sysname vsi vpna Sysname vsi vpna gateway vsi interface 100 Related commands interface vsi interface interface vsi interface Use interface vsi interface to create a VSI interface and enter its view o...

Page 35: ...gn a MAC address to a VSI interface Use undo mac address to restore the default Syntax mac address mac address undo mac address Default The MAC address of a VSI interface is the bridge MAC address Views VSI interface view Predefined user roles network admin context admin Parameters mac address Specifies a MAC address in H H H format Examples Assign MAC address 0001 0001 0001 to VSI interface 100 S...

Page 36: ...fined user roles network admin context admin Parameters vsi interface vsi interface id Specifies a VSI interface by its number Make sure the specified VSI interface has been created on the device If you do not specify the vsi interface vsi interface id option this command clears packet statistics on all interfaces except for VA interfaces If you specify only the vsi interface keyword this command ...

Page 37: ...Sysname interface vsi interface 100 Sysname Vsi interface100 shutdown vtep group member local Use vtep group member local to assign the local VTEP to a VTEP group Use undo vtep group member local to remove the local VTEP from a VTEP group Syntax vtep group group ip member local member ip undo vtep group group ip member local Default A VTEP is not assigned to any VTEP group Views System view Predef...

Page 38: ... a VTEP group and its member VTEPs Syntax vtep group group ip member remote member ip 1 8 undo vtep group group ip member remote Default No VTEP group is specified Views System view Predefined user roles network admin context admin Parameters group ip Specifies a VTEP group by its group IP address member ip 1 8 Specifies a space separated list of up to eight member VTEP IP addresses Examples Speci...

Page 39: ...erfaces To save resources on VTEPs in an SDN transport network you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries After the entry synchronization is completed use the undo vxlan tunnel arp learning disable command to enable remote ARP learning As a best practice disable remote ARP learning for VXLANs only when the controller and VTEPs are synchr...

Reviews:

No comments

Related manuals for SecPath F5000-AK Series

Watchguard XCS 880 Hardware Manual preview
XCS 880
Brand: Watchguard Pages: 20
Fortinet FortiGate 5001FA2-LENC Manual preview
FortiGate 5001FA2-LENC
Brand: Fortinet Pages: 34
H3C SecPath T9000 IPS Series Installation, Quick Start preview
SecPath T9000 IPS Series
Brand: H3C Pages: 17
Motorola SURFboard SVG2500 Quick Installation Manual preview
SURFboard SVG2500
Brand: Motorola Pages: 32
Dell NSA E5500 Getting Started Manual preview
NSA E5500
Brand: Dell Pages: 74

Brands by name

Popular brands

Load more brands