HP E4510-48G Command Reference Manual Download Page 835

Page: 835 / 1334

14-16

If you specify no optional keywords, the

undo

rule

command removes the entire ACL rule; otherwise,

the command removes only the specified criteria. Before performing the

undo

rule

command, you

may use the

display acl

command to view the ID of the rule.

When defining ACL rules, you do not need to assign them IDs; the system can automatically assign

rule IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the

smallest multiple of the step that is bigger than the current biggest number. For example, if the rule

numbering step is 5 and the current highest rule ID is 28, the next rule will be numbered 30.

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing

rule in the ACL.

You can only modify the existing rules of an ACL that uses the match order of

config

. When modifying

a rule of such an ACL, you may choose to change just some of the settings, in which case the other

settings remain the same.

When the ACL match order is

auto

, a newly created rule will be inserted among the existing rules in

the depth-first match order. Note that the IDs of the rules still remain the same.

If the ACL match order is

auto

, rules are displayed in the depth-first match order rather than by rule

number.

For an advanced IPv4 ACL to be referenced by a QoS policy for traffic classification:

The

logging

and

reflective

keywords are not supported.

The operator cannot be

neq

if the ACL is for the inbound traffic.

The operator cannot be

neq

, or

range

if the ACL is for the outbound traffic.

Related commands:

display acl

Examples

# Define a rule to permit TCP packets with the destination port of 80 from 129.9.0.0 to 202.38.160.0.

<Sysname> system-view

[Sysname] acl number 3101

[Sysname-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0

0.0.0.255 destination-port eq 80

rule (Ethernet frame header ACL view)

Syntax

rule

[

rule-id

] {

deny

permit

} [

cos vlan-pri

dest-mac

dest-addr

dest-mask

lsap lsap-code

lsap-wildcard

source-mac

sour-addr

source-mask

time-range

time-range-name

type

type-code

type-wildcard

] *

undo

rule

rule-id

View

Ethernet frame header ACL view

Summary of Contents for E4510-48G

Page 1: ...4510G Family Command Reference Guide Switch 4510G 24 Port Switch 4510G 48 Port Product Version Release 2202 Manual Version 6W100 20100112 www 3com com 3Com Corporation 350 Campus Drive Marlborough MA USA 01752 3064 ...

Page 2: ...rcial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered tr...

Page 3: ...lticast Volume IGMP Snooping Multicast VLAN MLD Snooping IPv6 Multicast VLAN QoS Policy Priority Mapping Traffic Shaping and Line Rate Congestion Management 05 QoS Volume Traffic Mirroring User Profile AAA RADIUS HWTACACS 802 1X EAD Fast Deployment HABP MAC Authentication Port Security IP Source Guard SSH2 0 PKI SSL 06 Security Volume Public Key ACL Smart Link Monitor Link RRPP DLDP 07 High Availa...

Page 4: ...n be selected x y Optional alternative items are grouped in square brackets and separated by vertical bars Many or none can be selected 1 n The argument s before the ampersand sign can be entered 1 to n times A line starting with the sign is comments GUI conventions Convention Description Button names are inside angle brackets For example click OK Window names menu items data table and field names...

Page 5: ...ease 2202 Describe how to configure your 4510G Switch using the supported protocols and CLI commands 3Com Switch 4510G Family Getting Started Guide This guide provides all the information you need to install and use the 3Com Switch 4510G Family Obtaining Documentation You can access the most up to date 3Com product documentation on the World Wide Web at this URL http www 3com com ...

Page 6: ...ity Volume 1 5 accounting optional Security Volume 1 6 acl Security Volume 14 5 acl System Volume 2 1 acl copy Security Volume 14 6 acl ipv6 Security Volume 14 20 acl ipv6 copy Security Volume 14 21 acl ipv6 logging frequence Security Volume 14 32 acl ipv6 name Security Volume 14 22 acl logging frequence Security Volume 14 32 acl name Security Volume 14 7 activation key System Volume 1 1 active re...

Page 7: ...tack valid ack enable IP Services Volume 4 8 arp check enable IP Services Volume 2 1 arp detection enable IP Services Volume 4 9 arp detection mode IP Services Volume 4 10 arp detection static bind IP Services Volume 4 10 arp detection trust IP Services Volume 4 11 arp detection validate IP Services Volume 4 12 arp max learning num IP Services Volume 2 1 arp rate limit IP Services Volume 4 8 arp r...

Page 8: ... Volume 6 7 bind attribute Security Volume 1 15 black list add mac System Volume 20 17 black list delete mac System Volume 20 18 boot loader file System Volume 4 1 bootrom System Volume 4 2 bootrom update security check enable System Volume 4 4 bpdu drop any Access Volume 4 2 bpdu tunnel dot1q Access Volume 11 1 bpdu tunnel tunnel dmac Access Volume 11 2 broadcast suppression Access Volume 1 1 bui...

Page 9: ...pback High Availability Volume 6 5 cfd ma High Availability Volume 6 6 cfd md High Availability Volume 6 7 cfd mep High Availability Volume 6 7 cfd mep enable High Availability Volume 6 8 cfd mip rule High Availability Volume 6 9 cfd remote mep High Availability Volume 6 10 cfd service instance High Availability Volume 6 11 check region configuration Access Volume 4 2 checkzero IP Routing Volume 3...

Page 10: ...stem Volume 18 1 command accounting System Volume 1 4 command authorization System Volume 1 5 command alias enable System Volume 3 5 command alias mapping System Volume 3 5 command privilege level System Volume 3 6 common name Security Volume 11 6 configuration replace file System Volume 5 20 control vlan High Availability Volume 3 1 copy System Volume 5 2 copyright info enable System Volume 3 8 c...

Page 11: ... description any NQA test type view System Volume 18 4 description for IPv4 Security Volume 14 8 description for IPv6 Security Volume 14 22 destination ip System Volume 18 5 destination port System Volume 18 5 dhcp relay address check IP Services Volume 5 1 dhcp relay information circuit id format type IP Services Volume 5 2 dhcp relay information circuit id string IP Services Volume 5 2 dhcp rela...

Page 12: ...remote id string IP Services Volume 7 6 dhcp snooping information strategy IP Services Volume 7 7 dhcp snooping trust IP Services Volume 7 7 dir Security Volume 10 18 dir System Volume 5 4 dir System Volume 6 11 disconnect System Volume 6 13 display acl Security Volume 14 9 display acl ipv6 Security Volume 14 23 display acl resource Security Volume 14 1 display archive configuration System Volume ...

Page 13: ...ystem Volume 3 9 display cluster System Volume 20 28 display cluster base topology System Volume 20 30 display cluster black list System Volume 20 32 display cluster candidates System Volume 20 32 display cluster current topology System Volume 20 34 display cluster members System Volume 20 36 display command alias System Volume 3 10 display connection Security Volume 1 17 display cpu usage System ...

Page 14: ...cs High Availability Volume 4 3 display dns domain IP Services Volume 9 1 display dns dynamic host IP Services Volume 9 2 display dns ipv6 dynamic host IP Services Volume 12 1 display dns ipv6 server IP Services Volume 12 2 display dns server IP Services Volume 9 3 display domain Security Volume 1 18 display dot1x Security Volume 4 1 display environment System Volume 4 12 display fan System Volume...

Page 15: ...olume 6 2 display ip check source Security Volume 9 1 display ip host IP Services Volume 9 4 display ip http System Volume 8 1 display ip https System Volume 9 1 display ip interface IP Services Volume 1 1 display ip interface brief IP Services Volume 1 3 display ip ip prefix IP Routing Volume 6 7 display ip ipv6 prefix IP Routing Volume 6 13 display ip routing table IP Routing Volume 1 1 display ...

Page 16: ...Volume 1 12 display ipv6 routing table acl IP Routing Volume 1 13 display ipv6 routing table ipv6 address IP Routing Volume 1 14 display ipv6 routing table ipv6 address1 ipv6 address2 IP Routing Volume 1 15 display ipv6 routing table ipv6 prefix IP Routing Volume 1 16 display ipv6 routing table protocol IP Routing Volume 1 17 display ipv6 routing table statistics IP Routing Volume 1 18 display ipv...

Page 17: ... 1 display mac address aging time System Volume 13 2 display mac authentication Security Volume 7 1 display mac vlan Access Volume 6 18 display mac vlan interface Access Volume 6 19 display memory System Volume 4 13 display mib style System Volume 11 1 display mirroring group Access Volume 12 1 display mld snooping group IP Multicast Volume 3 1 display mld snooping statistics IP Multicast Volume 3...

Page 18: ...ay pki certificate access control policy Security Volume 11 11 display pki certificate attribute group Security Volume 11 12 display pki crl domain Security Volume 11 12 display port Access Volume 6 9 display port combo Access Volume 1 12 display port group manual Access Volume 1 13 display port isolate group Access Volume 3 1 display port security Security Volume 8 1 display port security mac add...

Page 19: ...base IP Routing Volume 3 5 display rip interface IP Routing Volume 3 6 display rip route IP Routing Volume 3 7 display ripng IP Routing Volume 5 2 display ripng database IP Routing Volume 5 3 display ripng interface IP Routing Volume 5 5 display ripng route IP Routing Volume 5 6 display rmon alarm System Volume 12 1 display rmon event System Volume 12 2 display rmon eventlog System Volume 12 3 dis...

Page 20: ...Volume 10 5 display snmp agent sys info System Volume 10 7 display snmp agent trap queue System Volume 10 8 display snmp agent trap list System Volume 10 8 display snmp agent usm user System Volume 10 9 display ssh client source Security Volume 10 8 display ssh server Security Volume 10 1 display ssh server info Security Volume 10 9 display ssh user information Security Volume 10 2 display ssl cli...

Page 21: ...ecurity Volume 14 2 display track High Availability Volume 7 1 display traffic behavior QoS Volume 1 8 display traffic classifier QoS Volume 1 1 display transceiver System Volume 4 22 display transceiver alarm System Volume 4 18 display transceiver diagnosis System Volume 4 21 display transceiver manuinfo System Volume 4 23 display trapbuffer System Volume 16 7 display udp ipv6 statistics IP Servi...

Page 22: ... 9 5 dns resolve IP Services Volume 9 6 dns server IP Services Volume 9 6 dns server ipv6 IP Services Volume 12 22 domain Security Volume 1 23 domain default enable Security Volume 1 23 domain ring High Availability Volume 3 10 dot1x Security Volume 4 4 dot1x authentication method Security Volume 4 5 dot1x free ip Security Volume 5 1 dot1x guest vlan Security Volume 4 6 dot1x handshake Security Vo...

Page 23: ...view IP Multicast Volume 1 3 fast leave MLD Snooping view IP Multicast Volume 3 3 file prompt System Volume 5 6 filename System Volume 18 16 filter QoS Volume 1 9 filter policy export IP Routing Volume 5 7 filter policy export RIP view IP Routing Volume 3 9 filter policy import RIP view IP Routing Volume 3 10 filter policy import RIPng view IP Routing Volume 5 8 fixdisk System Volume 5 7 flow cont...

Page 24: ...arp timer join Access Volume 9 6 garp timer leave Access Volume 9 7 garp timer leaveall Access Volume 9 8 get Security Volume 10 20 get System Volume 6 17 gratuitous arp learning enable IP Services Volume 2 7 gratuitous arp sending enable IP Services Volume 2 7 group Security Volume 1 25 group member Access Volume 1 17 group policy IGMP Snooping view IP Multicast Volume 1 4 group policy MLD Snoopi...

Page 25: ... cut enable Security Volume 1 25 idle timeout System Volume 1 13 if match QoS Volume 1 2 if match acl IP Routing Volume 6 8 if match cost IP Routing Volume 6 4 if match interface IP Routing Volume 6 4 if match ip IP Routing Volume 6 9 if match ip prefix IP Routing Volume 6 10 if match ipv6 IP Routing Volume 6 14 if match tag IP Routing Volume 6 5 igmp snooping IP Multicast Volume 1 6 igmp snooping...

Page 26: ...ing static router port IP Multicast Volume 1 20 igmp snooping version IP Multicast Volume 1 21 import QoS Volume 2 2 import route IP Routing Volume 5 8 import route RIP view IP Routing Volume 3 11 info center channel name System Volume 16 9 info center console channel System Volume 16 9 info center enable System Volume 16 10 info center logbuffer System Volume 16 11 info center loghost System Volu...

Page 27: ...em Volume 8 2 ip http port System Volume 8 3 ip https acl System Volume 9 2 ip https certificate access control policy System Volume 9 2 ip https enable System Volume 9 3 ip https port System Volume 9 4 ip https ssl server policy System Volume 9 4 ip ip prefix IP Routing Volume 6 10 ip ipv6 prefix IP Routing Volume 6 14 ip redirects enable IP Services Volume 10 15 ip route static IP Routing Volume...

Page 28: ...32 ipv6 nd nud reachable time IP Services Volume 12 32 ipv6 nd ra halt IP Services Volume 12 33 ipv6 nd ra interval IP Services Volume 12 34 ipv6 nd ra prefix IP Services Volume 12 34 ipv6 nd ra router lifetime IP Services Volume 12 35 ipv6 neighbor IP Services Volume 12 36 ipv6 neighbors max learning num IP Services Volume 12 37 ipv6 pathmtu IP Services Volume 12 38 ipv6 pathmtu age IP Services V...

Page 29: ...ation load sharing mode system view Access Volume 2 12 link aggregation mode Access Volume 2 14 link delay Access Volume 1 19 lldp admin status Access Volume 5 15 lldp check change interval Access Volume 5 16 lldp compliance admin status cdp Access Volume 5 16 lldp compliance cdp Access Volume 5 17 lldp enable Access Volume 5 18 lldp encapsulation snap Access Volume 5 18 lldp fast count Access Vol...

Page 30: ...r vlan enable Access Volume 1 23 ls Security Volume 10 21 ls System Volume 6 18 M mac address Interface view System Volume 13 3 mac address system view System Volume 13 4 mac address information enable Ethernet interface view System Volume 14 1 mac address information enable system view System Volume 14 2 mac address information interval System Volume 14 2 mac address information mode System Volum...

Page 31: ...g group remote probe vlan Access Volume 12 6 mirroring port Access Volume 12 7 mirror to QoS Volume 5 1 mkdir Security Volume 10 22 mkdir System Volume 5 8 mkdir System Volume 6 20 mld snooping IP Multicast Volume 3 7 mld snooping enable IP Multicast Volume 3 8 mld snooping fast leave IP Multicast Volume 3 9 mld snooping general query source ip IP Multicast Volume 3 9 mld snooping group limit IP M...

Page 32: ...e 5 10 multicast suppression Access Volume 1 25 multicast vlan IP Multicast Volume 2 2 multicast vlan ipv6 IP Multicast Volume 4 2 N name Access Volume 6 6 nas ip HWTACACS scheme view Security Volume 3 6 nas ip RADIUS scheme view Security Volume 2 8 ndp enable System Volume 20 4 ndp timer aging System Volume 20 5 ndp timer hello System Volume 20 6 nest Access Volume 10 1 network IP Routing Volume ...

Page 33: ...Volume 19 10 ntp service multicast server System Volume 19 11 ntp service reliable authentication keyid System Volume 19 12 ntp service source interface System Volume 19 12 ntp service unicast peer System Volume 19 13 ntp service unicast server System Volume 19 14 O oam enable High Availability Volume 5 9 oam errored frame period High Availability Volume 5 10 oam errored frame threshold High Avail...

Page 34: ...P packet filter Security Volume 14 33 packet filter ipv6 Security Volume 14 34 parity System Volume 1 15 passive System Volume 6 22 password Security Volume 1 28 password FTP test type view System Volume 18 24 patch active System Volume 17 2 patch deactive System Volume 17 2 patch delete System Volume 17 3 patch install System Volume 17 4 patch load System Volume 17 5 patch location System Volume ...

Page 35: ...P Multicast Volume 2 2 port access vlan Access Volume 6 10 port hybrid ip subnet vlan vlan Access Volume 6 30 port hybrid protocol vlan Access Volume 6 24 port hybrid pvid vlan Access Volume 6 11 port hybrid vlan Access Volume 6 12 port link aggregation group Access Volume 2 15 port link type Access Volume 6 14 port monitor link group High Availability Volume 2 3 port multicast vlan IP Multicast V...

Page 36: ...WTACACS scheme view Security Volume 3 7 primary accounting RADIUS scheme view Security Volume 2 9 primary authentication HWTACACS scheme view Security Volume 3 8 primary authentication RADIUS scheme view Security Volume 2 10 primary authorization Security Volume 3 9 probe count System Volume 18 24 probe packet interval System Volume 18 25 probe packet number System Volume 18 26 probe packet timeou...

Page 37: ...ccess Volume 10 3 qinq ethernet type Access Volume 10 4 qinq vid Access Volume 10 5 qos apply policy QoS Volume 1 21 qos apply policy global QoS Volume 1 21 qos bandwidth queue QoS Volume 4 4 qos gts QoS Volume 3 2 qos lr outbound QoS Volume 3 3 qos map table QoS Volume 2 2 qos policy QoS Volume 1 22 qos priority QoS Volume 2 3 qos sp QoS Volume 4 4 qos trust QoS Volume 2 5 qos vlan policy QoS Vol...

Page 38: ...remark dscp QoS Volume 1 11 remark ip precedence QoS Volume 1 13 remark local precedence QoS Volume 1 13 remotehelp System Volume 6 24 remove Security Volume 10 24 rename Security Volume 10 25 rename System Volume 5 11 report aggregation IGMP Snooping view IP Multicast Volume 1 23 report aggregation MLD Snooping view IP Multicast Volume 3 23 reset acl counter Security Volume 14 10 reset acl ipv6 c...

Page 39: ... IP Routing Volume 1 20 reset ip statistics IP Services Volume 10 17 reset ipc performance System Volume 22 9 reset ipv6 neighbors IP Services Volume 12 39 reset ipv6 pathmtu IP Services Volume 12 40 reset ipv6 routing table statistics IP Routing Volume 1 20 reset ipv6 statistics IP Services Volume 12 41 reset lacp statistics Access Volume 2 16 reset logbuffer System Volume 16 21 reset mac authent...

Page 40: ...eset udp helper packet IP Services Volume 11 1 reset unused porttag System Volume 4 25 restore startup configuration System Volume 5 25 retry Security Volume 2 16 retry realtime accounting Security Volume 2 17 retry stop accounting HWTACACS scheme view Security Volume 3 11 retry stop accounting RADIUS scheme view Security Volume 2 18 return System Volume 3 20 revision level Access Volume 4 16 ring...

Page 41: ...5 14 rmdir System Volume 6 27 rmon alarm System Volume 12 10 rmon event System Volume 12 12 rmon history System Volume 12 13 rmon prialarm System Volume 12 14 rmon statistics System Volume 12 17 root certificate fingerprint Security Volume 11 24 route option bypass route System Volume 18 30 route policy IP Routing Volume 6 6 router aging time IGMP Snooping view IP Multicast Volume 1 25 router agin...

Page 42: ... accounting RADIUS scheme view Security Volume 2 18 secondary authentication HWTACACS scheme view Security Volume 3 12 secondary authentication RADIUS scheme view Security Volume 2 19 secondary authorization Security Volume 3 13 security policy server Security Volume 2 20 self service url enable Security Volume 1 29 send System Volume 1 17 server type Security Volume 2 21 service type Security Vol...

Page 43: ...mart link group High Availability Volume 1 9 snmp agent System Volume 10 11 snmp agent calculate password System Volume 10 12 snmp agent community System Volume 10 13 snmp agent group System Volume 10 15 snmp agent local engineid System Volume 10 16 snmp agent log System Volume 10 17 snmp agent mib view System Volume 10 17 snmp agent packet max size System Volume 10 18 snmp agent sys info System V...

Page 44: ...1 ssh client source Security Volume 10 12 ssh server authentication retries Security Volume 10 3 ssh server authentication timeout Security Volume 10 4 ssh server compatible ssh1x enable Security Volume 10 5 ssh server enable Security Volume 10 5 ssh server rekey interval Security Volume 10 6 ssh user Security Volume 10 7 ssh2 Security Volume 10 12 ssh2 ipv6 Security Volume 10 14 ssl client policy...

Page 45: ...Volume 1 34 stp bpdu protection Access Volume 4 17 stp bridge diameter Access Volume 4 18 stp compliance Access Volume 4 19 stp config digest snooping Access Volume 4 19 stp cost Access Volume 4 20 stp edged port Access Volume 4 21 stp enable Access Volume 4 22 stp loop protection Access Volume 4 23 stp max hops Access Volume 4 24 stp mcheck Access Volume 4 25 stp mode Access Volume 4 25 stp no ag...

Page 46: ...ng Volume 3 26 super System Volume 3 21 super password System Volume 3 22 sysname System Volume 1 21 sysname System Volume 3 23 system failure System Volume 4 32 system view System Volume 3 24 T tcp ipv6 timer fin timeout IP Services Volume 12 42 tcp ipv6 timer syn timeout IP Services Volume 12 43 tcp ipv6 window IP Services Volume 12 43 tcp timer fin timeout IP Services Volume 10 18 tcp timer syn...

Page 47: ...scheme view Security Volume 3 15 timer realtime accounting RADIUS scheme view Security Volume 2 24 timer response timeout HWTACACS scheme view Security Volume 3 16 timer response timeout RADIUS scheme view Security Volume 2 25 time range Security Volume 14 3 timers IP Routing Volume 3 26 timers IP Routing Volume 5 15 topology accept System Volume 20 46 topology restore from System Volume 20 47 top...

Page 48: ...em Volume 18 37 user name format HWTACACS scheme view Security Volume 3 17 user name format RADIUS scheme view Security Volume 2 26 user profile QoS Volume 6 2 user profile enable QoS Volume 6 2 V validate source address IP Routing Volume 3 27 verbose System Volume 6 28 version IP Routing Volume 3 28 version Security Volume 12 9 virtual cable test Access Volume 1 37 vlan Access Volume 6 7 vlan pre...

Page 49: ...A 44 voice vlan security enable Access Volume 8 6 vpn instance ICMP echo test type view System Volume 18 38 W X Y Z ...

Page 50: ...able 1 18 link delay 1 19 loopback 1 20 loopback detection control enable 1 21 loopback detection enable 1 21 loopback detection interval time 1 22 loopback detection per vlan enable 1 23 mdi 1 24 multicast suppression 1 25 port group manual 1 26 reset counters interface 1 27 reset packet drop interface 1 27 shutdown 1 28 speed 1 29 speed auto 1 30 storm constrain 1 31 storm constrain control 1 32...

Page 51: ...on Commands 3 1 Port Isolation Configuration Commands 3 1 display port isolate group 3 1 port isolate enable 3 2 4 MSTP Configuration Commands 4 1 MSTP Configuration Commands 4 1 active region configuration 4 1 bpdu drop any 4 2 check region configuration 4 2 display stp 4 3 display stp abnormal port 4 8 display stp down port 4 9 display stp history 4 10 display stp region configuration 4 11 displ...

Page 52: ...mation 5 5 display lldp statistics 5 10 display lldp status 5 11 display lldp tlv config 5 13 lldp admin status 5 15 lldp check change interval 5 16 lldp compliance admin status cdp 5 16 lldp compliance cdp 5 17 lldp enable 5 18 lldp encapsulation snap 5 18 lldp fast count 5 19 lldp hold multiplier 5 20 lldp management address format string 5 20 lldp management address tlv 5 21 lldp notification r...

Page 53: ...ol vlan 6 25 IP Subnet Based VLAN Configuration Commands 6 27 display ip subnet vlan interface 6 27 display ip subnet vlan vlan 6 28 ip subnet vlan 6 29 port hybrid ip subnet vlan vlan 6 30 7 Isolate User VLAN Configuration Commands 7 1 Isolate User VLAN Configuration Commands 7 1 display isolate user vlan 7 1 isolate user vlan 7 2 isolate user vlan enable 7 4 8 Voice VLAN Configuration Commands 8...

Page 54: ...raw vlan id inbound 10 2 qinq enable 10 3 qinq ethernet type 10 4 qinq vid 10 5 11 BPDU Tunneling Configuration Commands 11 1 BPDU Tunneling Configuration Commands 11 1 bpdu tunnel dot1q 11 1 bpdu tunnel tunnel dmac 11 2 12 Port Mirroring Configuration Commands 12 1 Port Mirroring Configuration Commands 12 1 display mirroring group 12 1 mirroring group 12 2 mirroring group mirroring port 12 3 mirr...

Page 55: ...on granularity larger than 1 is specified on the device the value of the pps keyword should be no smaller than and an integral multiple of the granularity The broadcast suppression threshold value configured through this keyword on an Ethernet port may not be the one that actually takes effect To display the actual broadcast suppression threshold value on an Ethernet port you can use the display i...

Page 56: ... allow broadcast traffic equivalent to 20 of the total transmission capability of GigabitEthernet 1 0 1 to pass Sysname system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 broadcast suppression 20 For all the ports of the manual port group named group1 allow broadcast traffic equivalent to 20 of the total transmission capability of each port to pass and suppress excess...

Page 57: ... breaking a Unicode character into two As a result garbled characters may be displayed at the end of a line Description Use the description command to set the description string of the current interface Use the undo description command to restore the default By default the description of an interface is the interface name followed by the interface string GigabitEthernet1 0 1 Interface for example ...

Page 58: ...en only information of the specified interface will be displayed Related commands interface Examples Display the brief information of interfaces Sysname display brief interface The brief information of interface s under route mode Interface Link Protocol link Protocol type Main IP Loop1 UP UP spoofing LOOP 2 2 2 1 NULL0 UP UP spoofing NULL Vlan1 UP UP ETHERNET 192 168 0 153 Vlan10 DOWN DOWN ETHERN...

Page 59: ...e display brief interface exclude GE The brief information of interface s under route mode Interface Link Protocol link Protocol type Main IP Loop1 UP UP spoofing LOOP 2 2 2 1 NULL0 UP UP spoofing NULL Vlan1 UP UP ETHERNET 192 168 0 153 Vlan10 DOWN DOWN ETHERNET 1 1 1 1 Vlan100 ADM DOWN DOWN ETHERNET The brief information of interface s under bridge mode Interface Link Speed Duplex Link type PVID ...

Page 60: ...ed then only information of this particular type of interface will be displayed z If both interface type and interface number are specified then only information of the specified interface will be displayed Related commands interface Examples Display the current state of interface GigabitEthernet 1 0 1 and related information Sysname display interface GigabitEthernet 1 0 1 GigabitEthernet1 0 1 cur...

Page 61: ...ytes 0 unicasts 13 broadcasts 1273860 multicasts 0 pauses Output 0 output errors underruns buffer failures 0 aborts 0 deferred 0 collisions 0 late collisions 0 lost carrier no carrier Table 1 2 display interface command output description Field Description GigabitEthernet1 0 1 current state Current physical link state of the Ethernet port IP Packet Frame Type Frame type of the Ethernet port Descri...

Page 62: ...ound direction of the interface Input normal 61745144 packets bytes 205227373 unicasts 47519150 broadcasts 12121681 multicasts Normal packet statistics on the inbound direction of the interface including the statistics of normal packets in packets and bytes Number of unicast packets broadcast packets and multicast packets on the inbound direction of the interface input errors Input packets with er...

Page 63: ...ts 1273860 multicasts 0 pauses Packet statistics on the outbound direction of the interface including the statistics of normal packets abnormal packets and normal pause frames in packets and bytes Number of unicast packets broadcast packets multicast packets and pause frames on the outbound direction of the interface Output normal 1395522 packets bytes 0 unicasts 13 broadcasts 1273860 multicasts 0...

Page 64: ...splay loopback detection information on a port If loopback detection is already enabled this command will also display the detection interval and information on the ports currently detected with a loopback Examples Display loopback detection information on a port Sysname display loopback detection Loopback detection is running Detection interval time is 30 seconds No port is detected with loopback...

Page 65: ...l the interfaces on the device z If you specify an interface type only this command displays information about dropped packets on the specified type of interfaces z If you specify both the interface type and interface number this command displays information about dropped packets on the specified interface Examples Display information about dropped packets on GigabitEthernet 1 0 1 Sysname display ...

Page 66: ...ackets that are dropped because the buffer is used up or the bandwidth is insufficient Packets dropped by FFP Packets that are filtered out Packets dropped by STP non forwarding state Packets that are dropped because STP is in the non forwarding state display port combo Syntax display port combo View Any view Default Level 1 Monitor level Parameters None Description Use the display port combo comm...

Page 67: ...ault Level 2 System level Parameters all Specifies all the manual port groups name port group name Specifies the name of a manual port group a string of 1 to 32 characters Description Use the display port group manual command to display the information about a manual port group or all the manual port groups z If you provide the port group name argument this command displays the details for a speci...

Page 68: ...erface type interface number Specifies an interface by its type and number Description Use the display storm constrain command to display the information about storm constrain If you provide no argument or keyword this command displays the information about storm constrain for all types of packets on all the interfaces Examples Display the information about storm constrain for all types of packets...

Page 69: ...disabled Log State of log sending on indicates log sending is enabled off indicates log sending is disabled SwiNum Number of the forwarding state switching This field is numbered modulo 65 535 duplex Syntax duplex auto full half undo duplex View Ethernet port view Default Level 2 System level Parameters auto Indicates that the interface is in auto negotiation state full Indicates that the interfac...

Page 70: ...low control View Ethernet port view Default Level 2 System level Parameters None Description Use the flow control command to enable flow control on an Ethernet port Use the undo flow control command to disable flow control on an Ethernet port By default flow control on an Ethernet port is disabled The flow control function takes effect on the local Ethernet port only when it is enabled on both the...

Page 71: ...interval for collecting interface statistics Use the undo flow interval command to restore the default interval Examples Set the time interval for collecting interface statistics to 100 seconds Sysname system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 flow interval 100 group member Syntax group member interface list undo group member interface list View Port group vi...

Page 72: ...m view Sysname port group manual group1 Sysname port group manual group1 group member GigabitEthernet 1 0 1 interface Syntax interface interface type interface number View System view Default Level 2 System level Parameters interface type interface number Interface type and interface number Description Use the interface command to enter interface view Examples Enter GigabitEthernet 1 0 1 interface...

Page 73: ...e current Ethernet port z Execution of this command under port group view will apply the configurations to the Ethernet port s in the port group Examples Enable jumbo frames to pass through all the Ethernet ports in the manual port group named group1 Sysname system view Sysname port group manual group1 Sysname port group manual group1 group member GigabitEthernet 1 0 1 Sysname port group manual gr...

Page 74: ...ort view Default Level 2 System level Parameters external Enables external loopback testing on an Ethernet port internal Enables internal loopback testing on an Ethernet port Description Use the loopback command to enable Ethernet port loopback testing Use the undo loopback command to disable Ethernet port loopback testing By default Ethernet port loopback testing is disabled z Ethernet port loopb...

Page 75: ...ith loopback it will be shut down A Trap message will be sent to the terminal and the corresponding MAC address forwarding entries will be deleted z When the loopback detection is disabled if a port has been detected with loopback a Trap message will be sent to the terminal The port is still working properly Note that this command is inapplicable to an Access port as its loopback detection is enab...

Page 76: ... if the loopback testing function is enabled on them In addition a Trap message will be sent to the terminal and the corresponding MAC address forwarding entries will be deleted Related commands loopback detection control enable z Loopback detection on a given port is enabled only after the loopback detection enable command has been configured in both system view and interface view of the port z L...

Page 77: ...n to 10 seconds Sysname system view Sysname loopback detection interval time 10 loopback detection per vlan enable Syntax loopback detection per vlan enable undo loopback detection per vlan enable View Ethernet port view Default Level 2 System level Parameters None Description Use the loopback detection per vlan enable command to enable loopback detection in all VLANs with Trunk ports or Hybrid po...

Page 78: ...l Parameters across Specifies the MDI mode as across auto Specifies the MDI mode as auto normal Specifies the MDI mode as normal Description Use the mdi command to configure the MDI mode for an Ethernet port Use the undo mdi command to restore the system default By default the MDI mode of an Ethernet port is auto that is the Ethernet port determines the physical pin roles transmit or receive throu...

Page 79: ...ally takes effect To display the actual multicast suppression threshold value on an Ethernet port you can use the display interface command z When no suppression granularity is specified or the suppression granularity is set to 1 the value of the pps keyword should be no smaller than 1 and the multicast suppression threshold value is the one that actually takes effect on the Ethernet port Descript...

Page 80: ...ast traffic equivalent to 20 of the total transmission capability of each port to pass Sysname system view Sysname port group manual group1 Sysname port group manual group1 group member GigabitEthernet 1 0 2 Sysname port group manual group1 group member GigabitEthernet 1 0 3 Sysname port group manual group1 multicast suppression 20 port group manual Syntax port group manual port group name undo po...

Page 81: ...ting statistics z If neither interface type nor interface number is specified this command clears the statistics of all the interfaces z If only the interface type is specified this command clears the statistics of the interfaces that are of the interface type specified z If both the interface type and interface number are specified this command clears the statistics of the specified interface Exa...

Page 82: ...ples Clear statistics of dropped packets on GigabitEthernet 1 0 1 Sysname reset packet drop interface GigabitEthernet 1 0 1 Clear statistics of dropped packets on all interfaces Sysname reset packet drop interface shutdown Syntax shutdown undo shutdown View Ethernet port view Default Level 2 System level Parameters None Description Use the shutdown command to shut down an Ethernet port Use the und...

Page 83: ... 100 Mbps The optical interface of an SFP port does not support the 100 keyword 1000 Specifies the interface rate as 1 000 Mbps auto Specifies to determine the interface rate through auto negotiation Description Use the speed command to configure Ethernet port data rate Use the undo speed command to restore Ethernet port data rate Note that z On the electrical interface of an Ethernet port the pur...

Page 84: ...nfigure the rate of an interface only the latest configuration takes effect For example if you configure speed 100 after configuring speed auto 100 1000 on an interface the rate is 100 Mbps by force with no negotiation performed between the interface and the peer end if you configure speed auto 100 1000 after configuring speed 100 on the interface the rate through negotiation can be either 100 Mbp...

Page 85: ... auto 10 1000 storm constrain Syntax storm constrain broadcast multicast pps kbps ratio max values min values undo storm constrain all broadcast multicast View Ethernet port view Default Level 2 System level Parameters all Disables the storm constrain function for all types of packets that is multicast packets and broadcast packets broadcast Enables Disables the storm constrain function for broadc...

Page 86: ...ain function is not enabled z Do not use the storm constrain command along with the unicast suppression command the multicast suppression command or the broadcast suppression command Otherwise traffics may be suppressed in an unpredictable way z An upper threshold cannot be less than the corresponding lower threshold Besides do not configure the two thresholds as the same value Examples Enable the...

Page 87: ...e default By default no action is taken when a type of traffic exceeds the corresponding threshold Examples Configure to block interface GigabitEthernet 1 0 1 when a type of traffic reaching it exceeds the corresponding upper threshold Sysname system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 storm constrain control block storm constrain enable log Syntax storm const...

Page 88: ...nable trap command to enable trap message sending With trap message sending enabled the system sends trap messages when traffic reaching a port exceeds the corresponding threshold or the traffic drops down below the lower threshold after exceeding the upper threshold Use the undo storm constrain enable trap command to disable trap message sending By default trap message sending is enabled Examples...

Page 89: ... statistics to a value that is not shorter than the default Examples Set the interval for generating traffic statistics to 60 seconds Sysname system view Sysname storm constrain interval 60 unicast suppression Syntax unicast suppression ratio pps max pps undo unicast suppression View Ethernet port view port group view Default Level 2 System level Parameters ratio Maximum percentage of unicast traf...

Page 90: ...p view the configurations take effect on all ports in the port group Note that when unicast traffic exceeds the maximum value configured the system will discard the extra packets so that the unknown unicast traffic ratio can drop below the limit to ensure that the network functions properly z If you set different suppression ratios in Ethernet port view or port group view repeatedly the latest con...

Page 91: ...he failed position z 10 Gigabit ports and optical interfaces of SFP ports do not support this command z A link in the up state goes down and then up automatically if you execute this command on one of the Ethernet ports forming the link z The test result is for your information only The maximum error in the tested cable length is 5 m A hyphen indicates that the corresponding test item is not suppo...

Page 92: ...ceed the specified length z To use a type of Unicode characters or symbols in a port description you need to install the corresponding Input Method Editor IME and log in to the device through remote login software that supports this character type z Each Unicode character or symbol non English characters takes the space of two regular characters When the length of a description string reaches or e...

Page 93: ... change the LACP priority of the local system When you do that the LACP priority value you specify in the command is in decimal format However it is displayed as a hexadecimal value with the display lacp system id command Related commands lacp system priority Examples Display the local system ID Sysname display lacp system id Actor System ID 0x8000 00e0 fc00 0100 Table 2 1 display lacp system id c...

Page 94: ...al link aggregation load sharing mode Sysname display link aggregation load sharing mode Link Aggregation Load Sharing Mode Layer 2 traffic destination mac address source mac address Layer 3 traffic destination ip address source ip address Display the configured global link aggregation load sharing mode Sysname display link aggregation load sharing mode Link Aggregation Load Sharing Mode destinati...

Page 95: ...mac address source mac address The default load sharing mode for Layer 2 traffic In this sample output it is based on source MAC address and destination MAC address Layer 3 traffic destination ip address source ip address The default load sharing mode for Layer 3 traffic In this sample output it is based on source IP address and destination IP address destination mac address source mac address The...

Page 96: ...imeout C Aggregation D Synchronization E Collecting F Distributing G Defaulted H Expired GigabitEthernet1 0 1 Aggregation Interface Bridge Aggregation1 Port Number 1 Oper Key 1 Display the detailed link aggregation information of GigabitEthernet 1 0 2 which is in a dynamic aggregation group Sysname display link aggregation member port GigabitEthernet 1 0 2 Flags A LACP_Activity B LACP_Timeout C Ag...

Page 97: ...ng system is using default operational partner information 1 for true and 0 for false z H indicates whether the receive state machine of the sending system is in the expired state 1 for true and 0 for false If a flag bit is set to 1 the corresponding English letter that otherwise is not output is displayed Aggregation Interface Aggregate interface to which the port belongs Local Port Number Port P...

Page 98: ...Actor System ID 0x8000 000f e267 6c6a AGG AGG Partner ID Select Unselect Share Interface Mode Ports Ports Type BAGG1 S none 1 0 Shar BAGG10 D 0x8000 000f e267 57ad 2 0 Shar Table 2 4 display link aggregation summary command output description Field Description Aggregation Interface Type Aggregate interface type z BAGG for a Layer 2 aggregate interface z RAGG for a Layer 3 aggregate interface Aggre...

Page 99: ...orresponding to the aggregate interfaces To display the information of a specific Layer 2 aggregate group use the display link aggregation verbose bridge aggregation interface number command To display the information of all Layer 2 aggregate groups use the display link aggregation verbose bridge aggregation command To display the information of all aggregate groups use the display link aggregatio...

Page 100: ...nk is considered as synchronized by the sending system 1 for true and 0 for false z E indicates whether the sending system considers that collection of incoming frames is enabled on the link 1 for true and 0 for false z F indicates whether the sending system considers that distribution of outgoing frames is enabled on the link 1 for true and 0 for false z G indicates whether the receive state mach...

Page 101: ...isable linkUp linkDown trap generation for the current aggregate interface By default linkUp linkDown trap generation is enabled for an aggregate interface Note that for an aggregate interface to generate linkUp linkDown traps when its link state changes you must also enable linkUp linkDown trap generation globally with the snmp agent trap enable standard linkdown linkup command Refer to SNMP Comm...

Page 102: ...tically Removing the Layer 2 aggregate interface also removes the Layer 2 aggregation group At the same time the member ports of the aggregation group if any leave the aggregation group Examples Create Layer 2 aggregate interface Bridge aggregation 1 Sysname system view Sysname interface bridge aggregation 1 Sysname Bridge Aggregation1 lacp port priority Syntax lacp port priority port priority und...

Page 103: ...nge of 0 to 65535 Description Use the lacp system priority command to set the LACP priority of the local system Use the undo lacp system priority command to restore the default By default the system LACP priority is 32768 Examples Set the system LACP priority to 64 Sysname system view Sysname lacp system priority 64 link aggregation load sharing mode system view Syntax link aggregation load sharin...

Page 104: ...de command to restore the default By default link aggregation load sharing for Layer 2 packets is performed based on source MAC addresses and destination MAC addresses and that for Layer 3 packets is performed based on source IP addresses and destination IP addresses Note that z The load sharing mode you configured overwrites rather than adds to the old one if any Therefore to change the load shar...

Page 105: ...ing mode is the default for all link aggregation groups Note that z The load sharing mode you configured overwrites rather than adds to the old one if any Therefore to change the load sharing mode from source mac based to source and destination mac based for example you must configure the link aggregation load sharing mode destination mac source mac to overwrite the link aggregation load sharing m...

Page 106: ... interface bridge aggregation 1 Sysname Bridge Aggregation1 link aggregation mode dynamic port link aggregation group Syntax port link aggregation group number undo port link aggregation group View Ethernet interface view Default Level 2 System level Parameters number Aggregate group number The value range is 1 to 128 Description Use the port link aggregation group command to assign the current Et...

Page 107: ...erfaces Before collecting statistics for a Layer 2 aggregate interface within a specific period you need to clear the existing statistics of the interface Note that z If none of the keywords and argument is specified this command clears the statistics of all interfaces in the system z If only the bridge aggregation or route aggregation keyword is specified the command clears the statistics of all ...

Page 108: ...CP statistics for the specified interface s or all interfaces if no interface is specified Related commands display link aggregation member port Examples Clear the LACP statistics for all Ethernet ports Sysname reset lacp statistics shutdown Syntax shutdown undo shutdown View Layer 2 aggregate interface view Default Level 2 System level Parameters None Description Use the shutdown command to shut ...

Page 109: ...2 18 Sysname interface bridge aggregation 1 Sysname Bridge Aggregation1 shutdown ...

Page 110: ...amples On a single isolation group device display information about the isolation group Sysname display port isolate group Port isolate group information Uplink port support NO Group ID 1 Group members GigabitEthernet1 0 1 Table 3 1 display port isolate group command output description Field Description Port isolate group information Display the information of a port isolation group Uplink port su...

Page 111: ...egate interface it stops applying the configuration to the aggregation member ports If it fails to do that on an aggregation member port it simply skips the port and moves to the next port For detailed information about Layer 2 aggregate interfaces refer to Link Aggregation Configuration in the Access Volume Examples On a single isolation group device assign ports GigabitEthernet 1 1 and GigabitEt...

Page 112: ...Bridge Aggregation1 quit Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 port link aggregation group 1 Sysname GigabitEthernet1 0 1 quit Sysname interface GigabitEthernet 1 0 2 Sysname GigabitEthernet1 0 2 port link aggregation group 1 Sysname GigabitEthernet1 0 2 quit Sysname interface bridge aggregation 1 Sysname Bridge Aggregation1 port isolate enable rt isolate uplink port...

Page 113: ...ning tree calculation process when processing MST region related configurations instead such configurations will take effect only after you activate the MST region related parameters using this command or enable MSTP using the stp enable command in the case that MSTP is not enabled z Before running this command you are recommended to use the check region configuration command to check whether the ...

Page 114: ...rward them to other switches As a result STP calculation is performed repeatedly which may occupy too much CPU of the switches or cause errors in the protocol state of the BPDU packets In order to avoid this problem you can enable BPDU dropping on Ethernet ports Once the function is enabled on a port the port will not receive or forward any BPDU packets In this way the switch is protected against ...

Page 115: ...region configurations only if the result returns positive Related commands instance region name revision level vlan mapping modulo active region configuration Examples View MST region configurations that are not yet activated Sysname system view Sysname stp region configuration Sysname mst region check region configuration Admin Configuration Format selector 0 Region name 000fe26a58ed Revision lev...

Page 116: ...isplay the MSTP information of all MSTIs on all ports The displayed information is sorted by MSTI ID and by port name in each MSTI z If you specify an MSTI but not a port this command will display the MSTP information on all ports in that MSTI The displayed information is sorted by port name z If you specify some ports but not an MSTI this command will display the MSTP information of all MSTIs on ...

Page 117: ...abitEthernet1 0 1 DESI FORWARDING NONE 0 GigabitEthernet1 0 2 DESI FORWARDING NONE 0 GigabitEthernet1 0 3 DESI FORWARDING NONE 0 GigabitEthernet1 0 4 DESI FORWARDING NONE Table 4 2 display stp brief command output description Field Description MSTID MSTI ID in the MST region Port Port name corresponding to each MSTI Role Port role which can be one of the following z ALTE The port is an alternate p...

Page 118: ... Edged Config disabled Active disabled Point to point Config auto Active true Transmit Limit 10 packets hello time Protection Type None MST BPDU Format Config auto Active legacy Port Config Digest Snooping disabled Rapid transition false Num of Vlans Mapped 1 PortTimes Hello 2s MaxAge 20s FwDly 15s MsgAge 2s RemHop 20 BPDU Sent 186 TCN 0 Config 0 RST 0 MST 186 BPDU Received 0 TCN 0 Config 0 RST 0 ...

Page 119: ...DING The port does not learn MAC addresses or forward user traffic LEARNING The port learns MAC addresses but does not forward user traffic Port Protocol Indicates whether STP is enabled on the port Port Role Port role which can be Alternate Backup Root Designated Master or Disabled Port Priority Port priority Port Cost Legacy Path cost of the port The field in the bracket indicates the standard u...

Page 120: ... delay timer z MsgAge Message Age timer z Remain Hop Remaining hops BPDU Sent Statistics on sent BPDUs BPDU Received Statistics on received BPDUs MSTI RegRoot IRPC MSTI regional root internal path cost MSTI RootPortId MSTI root port ID MSTI Root Type MSTI root type which can be primary root or secondary root Master Bridge MSTI root bridge ID Cost to Master Path cost from the MSTI to the master bri...

Page 121: ...ed Port Reason 1 GigabitEthernet1 0 1 ROOT Protected 2 GigabitEthernet1 0 2 LOOP Protected 2 GigabitEthernet1 0 3 Formatcompatibility Protected Table 4 4 display stp abnormal port command output description Field Description MSTID ID of the MSTI to which an abnormally blocked port belongs Blocked Port Name of an abnormally blocked port Reason Reason that caused abnormal blocking of the port z ROOT...

Page 122: ... Formatfrequency Protected MSTP BPDU format frequent change protection function display stp history Syntax display stp instance instance id history slot slot number View Any view Default Level 0 Visit level Parameters instance instance id Displays the historic port role calculation information of a particular MSTI The minimum value of instance id is 0 representing the common internal spanning tree...

Page 123: ...tion information of the IRF member device 1 in MSTI 2 Sysname display stp instance 2 history slot 1 STP slot 1 history trace Instance 2 Port GigabitEthernet1 0 1 Role change ROOT DESI Aged Time 2009 02 08 00 22 56 Port priority 0 00e0 fc01 6510 0 0 00e0 fc01 6510 128 1 Port GigabitEthernet1 0 2 Role change ALTER ROOT Time 2009 02 08 00 22 56 Port priority 0 00e0 fc01 6510 0 0 00e0 fc01 6510 128 2 ...

Page 124: ...ration Oper Configuration Format selector 0 Region name hello Revision level 0 Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20 Table 4 7 display stp region configuration command output description Field Description Format selector MSTP defined format selector which defaults to 0 and is not configurable Region name MST region name Revision level Revision level of the MST region which can be...

Page 125: ...configure the path cost of a port Root Port Root port name displayed only if a port of the current device is the root port of MSTIs display stp tc Syntax display stp instance instance id tc slot slot number View Any view Default Level 0 Visit level Parameters instance instance id Displays the statistics of TC TCN BPDUs received and sent by all ports in the specified MSTI The minimum value of insta...

Page 126: ...e 1 in MSTI 0 Sysname display stp instance 0 tc slot 1 STP slot 1 TC or TCN count MSTID Port Receive Send 0 GigabitEthernet1 0 1 6 4 0 GigabitEthernet1 0 2 0 2 Table 4 9 display stp tc command output description Field Description MSTID MSTI ID Port Port name Receive Number of TC TCN BPDUs received on each port Send Number of TC TCN BPDUs sent by each port instance Syntax instance instance id vlan ...

Page 127: ...y stp region configuration check region configuration active region configuration Examples Map VLAN 2 to MSTI 1 Sysname system view Sysname stp region configuration Sysname mst region instance 1 vlan 2 region name Syntax region name name undo region name View MST region view Default Level 2 System level Parameters name MST region name a string of 1 to 32 characters Description Use the region name ...

Page 128: ... or port ranges Description Use the reset stp command to clear the MSTP statistics information The MSTP statistics information includes the numbers of TCN BPDUs configuration BPDUs RST BPDUs and MST BPDUs sent received through the specified ports STP BPDUs and TCN BPDUs are counted only for the CIST Note that this command clears the spanning tree related statistics information on the specified por...

Page 129: ...n name and VLAN to instance mapping table are both the same for two MST regions you can still tell them apart by their MSTP revision levels z After configuring this command you need to run the active region configuration command to activate the configured MST region level Related commands instance region name vlan mapping modulo display stp region configuration check region configuration active re...

Page 130: ...rk Use the undo stp bridge diameter command to restore the default By default the network diameter of the switched network is 7 Note that z An appropriate setting of hello time forward delay and max age can speed up network convergence The values of these timers are related to the network size You can set these three timers indirectly by setting the network diameter Based on the network diameter y...

Page 131: ...fault By default a port automatically recognizes the formats of received MSTP packets and determines the formats of MSTP packets to be sent based on the recognized formats Note that z Configured in Ethernet interface view the setting takes effect on the current interface only configured in port group view the setting takes effect on all ports in the port group z Configured in Layer 2 aggregate int...

Page 132: ...group the setting can take effect only after the port leaves the aggregation group z You need to enable this feature both globally and on ports connected to third party devices to make it take effect It is recommended to enable the feature on all associated ports first and then globally making all configured ports take effect at the same time to minimize the impact on the network and disable the f...

Page 133: ...e view the setting takes effect on the current interface only configured in port group view the setting takes effect on all ports in the port group z Configured in Layer 2 aggregate interface view the setting takes effect only on the aggregate interface configured on a member port in an aggregation group the setting can take effect only after the port leaves the aggregation group z Path cost is an...

Page 134: ...l rather than another device or a shared LAN segment this port is regarded as an edge port When the network topology changes an edge port will not cause a temporary loop Therefore configuring a port as an edge port can enable the port to transition to the forwarding state rapidly We recommend that you configure a port directly connecting to a user terminal as an edge port to enable it to transitio...

Page 135: ...te interface configured on a member port in an aggregation group the setting can take effect only after the port leaves the aggregation group z After you enable MSTP the device works in STP compatible mode RSTP mode or MSTP mode depending on the MSTP mode setting z After being enabled MSTP dynamically maintains the spanning tree status of VLANs based on received configuration BPDUs after being dis...

Page 136: ... leaves the aggregation group Examples Enable the loop guard function on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 stp loop protection stp max hops Syntax stp max hops hops undo stp max hops View System view Default Level 2 System level Parameters hops Maximum hops in the range of 1 to 40 Description Use the stp max hops command ...

Page 137: ...rt to migrate to the MSTP or RSTP mode Note that z The device works in STP compatible mode RSTP mode or MSTP mode depending on the MSTP mode setting z The stp mcheck command is meaningful only when the device works in RSTP or MSTP mode z Configured in system view the setting takes effect globally configured in Ethernet interface view the setting takes effect on the current interface only configure...

Page 138: ...fault an MSTP enabled device works in MSTP mode Related commands stp mcheck stp enable Examples Configure the MSTP enabled device to work in STP compatible mode Sysname system view Sysname stp mode stp stp no agreement check Syntax stp no agreement check undo stp no agreement check View Ethernet interface view port group view Layer 2 aggregate interface view Default Level 2 System level Parameters...

Page 139: ... 1d 1998 dot1t The device calculates the default path cost for ports based on IEEE 802 1t legacy The device calculates the default path cost for ports based on a private standard Description Use the stp pathcost standard command to specify a standard for the device to use when calculating the default path costs for ports of the device Use the undo stp pathcost standard command to restore the syste...

Page 140: ...rts Aggregate Link 4 Ports 4 4 4 4 20 000 10 000 6 666 5 000 20 18 16 14 10 Gbps Single Port Aggregate Link 2 Ports Aggregate Link 3 Ports Aggregate Link 4 Ports 2 2 2 2 2 000 1 000 666 500 2 1 1 1 Related commands stp cost display stp Examples Configure the device to calculate the default path cost for ports based on IEEE 802 1d 1998 Sysname system view Sysname stp pathcost standard dot1d 1998 st...

Page 141: ...t you use the default setting namely let MSTP detect the link status automatically z This setting takes effect on the CIST and all MSTIs If a port is configured as connecting to a point to point link or a non point to point link the setting takes effect for the port in all MSTIs If the physical link to which the port connects is not a point to point link and you force it to be a point to point lin...

Page 142: ...different physical links thus to achieve VLAN based load balancing z When the priority of a port is changed in an MSTI MSTP will re compute the role of the port and initiate a state transition in the MSTI Related commands display stp Examples Set the priority of port GigabitEthernet 1 0 3 in MSTI 2 to 16 Sysname system view Sysname interface gigabitethernet 1 0 3 Sysname GigabitEthernet1 0 3 stp i...

Page 143: ...s changed to forwarding stp priority Syntax stp instance instance id priority priority undo stp instance instance id priority View System view Default Level 2 System level Parameters instance instance id Sets the priority of the device in a MSTI The minimum value of instance id is 0 representing the CIST and the maximum value of instance id is 32 priority Device priority in the range of 0 to 61440...

Page 144: ...ress all VLANs are mapped to the CIST and the MSTP revision level is 0 After you enter MST region view you can configure the MST region related parameters including the region name VLAN to instance mappings and revision level Examples Enter MST region view Sysname system view Sysname stp region configuration Sysname mst region stp root primary Syntax stp instance instance id root primary undo stp ...

Page 145: ...dary Syntax stp instance instance id root secondary undo stp instance instance id root View System view Default Level 2 System level Parameters instance instance id Configures the device as a secondary root bridge in a particular MSTI The minimum value of instance id is 0 representing the CIST and the maximum value of instance id is 32 Description Use the stp root secondary command to configure th...

Page 146: ...the port s Use the undo stp root protection command to restore the default By default the root guard function is disabled Note that z Configured in Ethernet interface view the setting takes effect on the current interface only configured in port group view the setting takes effect on all ports in the port group z Configured in Layer 2 aggregate interface view the setting takes effect only on the a...

Page 147: ...ion disable stp tc protection threshold Syntax stp tc protection threshold number undo stp tc protection threshold View System view Default Level 2 System level Parameters number Maximum number of immediate forwarding address entry flushes that the switch can perform within a certain period of time after it receives the first TC BPDU The value range for the argument is 1 to 255 Description Use the...

Page 148: ...mediate state the learning state before it transitions from the discarding state to the forwarding state and must wait a certain period of time before it transitions from one state to another to keep synchronized with the remote device during state transition The forward delay timer set on the root bridge determines the time interval of state transition If the current device is the root bridge the...

Page 149: ...ve configuration BPDUs within the set period of time a new spanning tree calculation process will be triggered due to timeout The root bridge sends configuration BPDUs at the interval of the hello time set through this command while non root bridges use the hello time set on the root bridge The settings of the hello time forward delay and max age timers must meet the following formulae thus avoidi...

Page 150: ... age timer is not meaningful for MSTIs If the current device is the root bridge of the CIST it determines whether a configuration BPDU has expired based on the configured max age timer if the current device is not the root bridge of the CIST it uses the max age timer set on the CIST root bridge The settings of the hello time forward delay and max age timers must meet the following formulae thus av...

Page 151: ...imes the hello time it will assume that the upstream device has failed and start a new spanning tree calculation process z In a very stable network this kind of spanning tree calculation may occur because the upstream device is busy In this case you can avoid such unwanted spanning tree calculations by lengthening the timeout time thus saving the network resources We recommend that you set the tim...

Page 152: ...will send within each hello time but this means that more system resources will be used An appropriate maximum transmission rate setting can limit the speed at which a port sends BPDUs and prevent MSTP from using excessive bandwidth resources during network topology changes You are recommended to use the default value Examples Set the maximum transmission rate of port GigabitEthernet 1 0 1 to 5 Sy...

Page 153: ...ple then VLAN 1 will be mapped to MSTI 1 VLAN 2 to MSTI 2 VLAN 15 to MSTI 15 VLAN 16 to MSTI 1 and so on Related commands region name revision level display stp region configuration check region configuration active region configuration Examples Map VLANs to MSTIs as per modulo 8 Sysname system view Sysname stp region configuration Sysname mst region vlan mapping modulo 8 ...

Page 154: ... global LLDP information to be transmitted which will be contained in the LLDP TLVs and sent to neighbor devices If no keyword or argument is specified this command displays all the LLDP information to be sent including the global LLDP information and the LLDP information about the LLDP enabled ports in the up state Examples Display all the LLDP information to be sent Sysname display lldp local in...

Page 155: ...s interface type IfIndex Management address interface ID 54 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 1 Port and protocol VLAN supported Yes Port and protocol VLAN enabled No VLAN name of VLAN 1 VLAN 0001 Auto negotiation supported Yes Auto negotiation enabled Yes OperMau speed 1000 duplex Full PoE supported No Link aggregation supported Yes Link aggregation enab...

Page 156: ...inal device A device of this type is media capable That is besides the capabilities of a normal terminal device it also supports media streams z Class III indicating a communication terminal device A device of this type supports IP communication systems of end user A device of this type supports all the capabilities of a normal terminal device and a media terminal device and can be used directly b...

Page 157: ...ates whether or not link aggregation is enabled Aggregation port ID Aggregation group ID which is 0 if link aggregation is not enabled Maximum frame Size Maximum frame size supported MED information MED LLDP information Media policy type Media policy type which can be z unknown z voice z voiceSignaling z guestVoice z guestVoiceSignaling z softPhoneVoice z videoconferencing z streamingVideo z video...

Page 158: ...lays the LLDP information about a specified neighboring device in the form of a list where system name indicates the system name of a neighboring device and is a string of 1 to 255 characters If this keyword argument combination is not specified this command displays the LLDP information sent by all the neighboring devices in the form of a list Description Use the display lldp neighbor information...

Page 159: ...ass PD PSE power supported No PSE power enabled No PSE pairs control ability No Power pairs Signal Port power classification Class 0 Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Maximum frame Size 1536 LLDP neighbor information of port 2 GigabitEthernet1 0 2 Neighbor index 1 Update time 0 days 0 hours 1 minutes 1 seconds Chassis type MAC address Chassis ID 000f ...

Page 160: ...ss 0 Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Maximum frame Size 1536 Display the LLDP information about all the neighboring devices in the form of a list Sysname display lldp neighbor information list System Name Local Interface Chassis ID Port ID System1 GE1 0 1 000f e25d ee91 GigabitEthernet1 0 5 System2 GE1 0 2 000f e25d ee92 GigabitEthernet1 0 6 System3...

Page 161: ...e System capabilities supported Capabilities supported on the neighboring device which can be z Repeater indicating forwarding z Bridge indicating switching z Router indicating routing System capabilities enabled Capabilities currently enabled on the neighboring device which can be z Repeater indicating forwarding is currently enabled z Bridge indicating switching is currently enabled z Router ind...

Page 162: ...on is supported Link aggregation enabled Indicates whether or not link aggregation is enabled Aggregation port ID Aggregation group ID which is 0 if link aggregation is not enabled Maximum frame Size Maximum frame size supported Location format Location information format which can be z Invalid indicating the format of the location information is invalid z Coordinate based LCI indicating the locat...

Page 163: ...ifies a port by its type and number Description Use the display lldp statistics command to display the global LLDP statistics or the LLDP statistics of a port If no keyword argument is specified this command displays all the LLDP statistics Examples Display all the LLDP statistics Sysname display lldp statistics LLDP statistics global Information LLDP neighbor information last change time 0 days 0...

Page 164: ... information entries that have aged out LLDP statistics Information of port 1 LLDP statistics of port 1 The number of LLDP frames transmitted Total number of the LLDP frames transmitted The number of LLDP frames received Total number of the LLDP frames received The number of LLDP frames discarded Total number of the LLDP frames dropped The number of LLDP error frames Total number of the LLDP error...

Page 165: ...tiplier 4 Reinit delay 2s Transmit delay 2s Trap interval 5s Fast start times 3 Port 1 GigabitEthernet1 0 1 Port status of LLDP Enable Admin status Tx_Rx Trap flag No Rolling interval 0s Number of neighbors 5 Number of MED neighbors 2 Number of CDP neighbors 0 Number of sent optional TLV 12 Number of received unknown TLV 5 Table 5 4 display lldp status command output description Field Description ...

Page 166: ...P polling interval A value of 0 indicates LLDP polling is disabled Number of neighbors Number of the LLDP neighbors connecting to the port Number of MED neighbors Number of MED neighbors connecting to the port Number of CDP neighbors Number of the CDP neighbors connecting to the port Number of sent optional TLV Number of the optional TLVs contained in an LLDPDU sent through the port Number of rece...

Page 167: ... YES YES LLDP MED extend TLV Capabilities TLV YES YES Network Policy TLV YES YES Location Identification TLV NO NO Extended Power via MDI TLV YES YES Inventory TLV YES YES Table 5 5 display lldp tlv config command output description Field Description LLDP tlv config of port 1 Advertisable TLVs of port 1 NAME TLV type STATUS Indicates whether or not TLVs of a specific type are currently sent throug...

Page 168: ...et interface view port group view Default level 2 System level Parameters disable Specifies the Disable mode A port in this mode does not send or receive LLDPDUs rx Specifies the Rx mode A port in this mode receives LLDPDUs only tx Specifies the Tx mode A port in this mode sends LLDPDUs only txrx Specifies the TxRx mode A port in this mode sends and receives LLDPDUs Description Use the lldp admin ...

Page 169: ...ion changes periodically A local configuration change triggers LLDPDU sending through which neighboring devices can be informed of the configuration change timely Examples Enable LLDP polling on GigabitEthernet1 0 1 setting the polling interval to 30 seconds Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 lldp check change interval 30 lldp compliance admin ...

Page 170: ...1 lldp compliance admin status cdp txrx lldp compliance cdp Syntax lldp compliance cdp undo lldp compliance cdp View System view Default Level 2 System level Parameters None Description Use the lldp compliance cdp command to enable CDP compatibility globally Use the undo lldp compliance cdp command to restore the default By default CDP compatibility is disabled globally Note that as the maximum TT...

Page 171: ...s effect on a port only when it is enabled both globally and on the port Examples Disable LLDP on GigabitEthernet1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 undo lldp enable lldp encapsulation snap Syntax lldp encapsulation snap undo lldp encapsulation snap View Ethernet interface view port group view Default level 2 System level Parameters None D...

Page 172: ... snap lldp fast count Syntax lldp fast count count undo lldp fast count View System view Default level 2 System level Parameters count Number of the LLDPDUs to be sent successively when a new neighboring device is detected This argument ranges from 1 to 10 Description Use the lldp fast count command to set the number of the LLDPDUs to be sent successively when a new neighboring device is detected ...

Page 173: ...iplier The TTL of the information about a device is determined by the following expression TTL multiplier LLDPDU transmit interval You can set the TTL of the local device information by configuring the TTL multiplier Note that the TTL can be up to 65535 seconds TTLs longer than it will be rounded off to 65535 seconds Related commands lldp timer tx interval Examples Set the TTL multiplier to 6 Sysn...

Page 174: ...t address tlv View Ethernet interface view port group view Default level 2 System level Parameters ip address Management address to be set Description Use the lldp management address tlv command to enable the management address sending This command also sets the management address Use the undo lldp management address tlv command to disable management address sending By default the management addre...

Page 175: ...le trap for a port or all the ports in a port group Use the undo lldp notification remote change enable command to restore the default By default trap is disabled on a port Examples Enable LLDP trap for GigabitEthernet1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 lldp notification remote change enable lldp timer notification interval Syntax lldp tim...

Page 176: ... lldp timer reinit delay delay undo lldp timer reinit delay View System view Default level 2 System level Parameters delay Initialization delay period to be set in the range 1 to 10 in seconds Description Use the lldp timer reinit delay command to set the initialization delay period Use the undo lldp timer reinit delay command to restore the default By default the initialization delay period is 2 ...

Page 177: ...interval interval undo lldp timer tx interval View System view Default level 2 System level Parameters interval Interval to send LLDPDUs in the range 5 to 32768 in seconds Description Use the lldp timer tx interval command to set the interval to send LLDPDUs Use the undo lldp timer tx interval command to restore the default By default the interval to send LLDPDUs is 30 seconds To enable local devi...

Page 178: ...organizationally specific LLDP TLVs when the all keyword is specified for basic tlv dot1 tlv or dot3 tlv or sends all the MED related LLDP TLVs except location identification TLVs when the all keyword is specified for med tlv basic tlv Sends basic LLDP TLVs port description Sends port description TLVs system capability Sends system capabilities TLVs system description Sends system description TLVs...

Page 179: ...licy TLVs power over ethernet Sends extended power via MDI TLVs Description Use the lldp tlv enable command to configure advertisable TLVs for a port or all the ports in a port group Use the undo lldp tlv enable command to disable the sending of specific TLVs By default all the TLVs except location identification TLVs are advertisable on a port Note that z To enable MED related LLDP TLV sending yo...

Page 180: ... or VLAN interface Use the undo description command to restore the default For a VLAN the default description is the VLAN ID for example VLAN 0001 for a VLAN interface the default description is the name of the interface for example Vlan interface 1 Interface You can configure a description to describe the function or connection of a VLAN or VLAN interface for management sake Examples Configure th...

Page 181: ...ype PKTFMT_ETHNT_2 Hardware Address 001e c16f ae69 Table 6 1 display interface vlan interface command output description Field Description Vlan interface2 current state The physical state of the VLAN interface which can be one of the following z Administratively DOWN The administrative state of the VLAN interface is down because it has been manually shut down with the shutdown command z DOWN The a...

Page 182: ...f VLANs specified by a VLAN ID range Note that vlan id2 must be equal to or greater than vlan id1 all Displays all current VLAN information except for the reserved VLANs dynamic Displays the number of dynamic VLANs and the ID of each dynamic VLAN Dynamic VLANs refer to VLANs that are generated through GVRP or those distributed by a RADIUS server reserved Displays information of the reserved VLANs ...

Page 183: ...configured Description VLAN description Name Name configured for the VLAN IP Address Primary IP address of the VLAN interface available only on a VLAN interface configured with an IP address You can use the display interface vlan interface command in any view or the display this command in VLAN interface view to display its secondary IP address es if any Subnet Mask Subnet mask of the primary IP a...

Page 184: ...mples Create VLAN interface 2 Sysname system view Sysname vlan 2 Sysname vlan2 quit Sysname interface vlan interface 2 Sysname Vlan interface2 ip address Syntax ip address ip address mask mask length sub undo ip address ip address mask mask length sub View VLAN interface view Default Level 2 System level Parameters ip address IP address to be assigned to the current VLAN interface in dotted decima...

Page 185: ...ask length sub command Related commands display ip interface IP Address Commands in the IP Services Volume Examples Specify the IP address as 1 1 0 1 the subnet mask as 255 255 255 0 for VLAN interface 1 Sysname system view Sysname interface vlan interface 1 Sysname Vlan interface1 ip address 1 1 0 1 255 255 255 0 name Syntax name text undo name View VLAN interface view Default Level 2 System leve...

Page 186: ...he undo shutdown command to bring up a VLAN interface after configuring related parameters and protocols for the VLAN interface When a VLAN interface fails you can shut down the interface with the shutdown command and then bring it up with the undo shutdown command In this way the interface may resume The state of any Ethernet port in a VLAN is independent of the VLAN interface state Examples Shut...

Page 187: ... create a range of VLANs specified by vlan id1 to vlan id2 except reserved VLANs Use the undo vlan command to remove the specified VLAN s z As the default VLAN VLAN 1 cannot be created or removed z You cannot create remove reserved VLANs reserved for specific functions z You cannot use the undo vlan command to directly remove reserved VLANs voice VLANs management VLANs dynamic VLANs VLANs configur...

Page 188: ...ysname display port hybrid Interface PVID VLAN passing GE1 0 6 1 Tagged 1002 Untagged 1 2 5 50 100 200 Display information about the trunk ports in the system Sysname display port trunk Interface PVID VLAN passing GE1 0 1 100 2 6 50 100 GE1 0 11 1 1 2 5 50 100 200 1002 GE1 0 12 1 1 2 5 50 100 200 1002 Table 6 3 display port command output description Field Description Interface Port name PVID Defa...

Page 189: ...o port command to remove the specified access port s from the current VLAN By default all ports are in VLAN 1 Note that z This command is only applicable on access ports z All ports are access ports by default However you can manually configure the port type For more information refer to port link type Related commands display vlan Examples Assign GigabitEthernet 1 0 1 through GigabitEthernet 1 0 ...

Page 190: ...gate interface and its aggregation member ports If the system fails to do that on the aggregate interface it stops applying the configuration to the aggregation member ports If it fails to do that on an aggregation member port it simply skips the port and moves to the next port For information about Layer 2 aggregate interfaces refer to Link Aggregation Configuration in the Access Volume Examples ...

Page 191: ...that on an aggregation member port it simply skips the port and moves to the next port For information about Layer 2 aggregate interfaces refer to Link Aggregation Configuration in the Access Volume z The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly z After configuring the default VLAN for a hybrid port you must use ...

Page 192: ... about port groups refer to Ethernet Interface Configuration in the Access Volume z In Layer 2 aggregate interface view this command applies to the Layer 2 aggregate interface and all its member ports After you perform the configuration the system starts applying the configuration to the aggregate interface and its aggregation member ports If the system fails to do that on the aggregate interface ...

Page 193: ...tEthernet1 0 3 are the member ports of the aggregation group corresponding to Bridge aggregation 1 port link type Syntax port link type access hybrid trunk undo port link type View Ethernet interface view port group view Layer 2 aggregate interface view Default Level 2 System level Parameters access Configures the link type of a port as access hybrid Configures the link type of a port as hybrid tr...

Page 194: ...p group1 as hybrid ports Sysname system view Sysname port group manual group1 Sysname port group manual group1 group member gigabitethernet 1 0 2 Sysname port group manual group1 group member gigabitethernet 1 0 3 Sysname port group manual group1 port link type hybrid Configure Layer 2 aggregate interface Bridge aggregation 1 and its member ports as hybrid ports Sysname system view Sysname interfa...

Page 195: ...e system starts applying the configuration to the aggregate interface and its aggregation member ports If the system fails to do that on the aggregate interface it stops applying the configuration to the aggregation member ports If it fails to do that on an aggregation member port it simply skips the port and moves to the next port For information about Layer 2 aggregate interfaces refer to Link A...

Page 196: ...ult VLAN on the port z In port group view this command applies to all ports in the port group For information about port groups refer to Ethernet Interface Configuration in the Access Volume z In Layer 2 aggregate interface view this command applies to the Layer 2 aggregate interface and all its member ports After you perform the configuration the system starts applying the configuration to the ag...

Page 197: ...runk pvid vlan 100 Error Failed to configure on interface GigabitEthernet1 0 2 This port is not a Trunk port The output above shows that the configuration on Bridge aggregation 1 and the member port GigabitEthernet 1 0 3 succeeded the configuration on GigabitEthernet 1 0 2 failed because GigabitEthernet 1 0 2 was not a trunk port MAC Address Based VLAN Configuration Commands display mac vlan Synta...

Page 198: ...er D stands for the MAC address to VLAN entries that are configured dynamically MAC ADDR MAC address of a MAC address to VLAN entry MASK Mask of the MAC address of a MAC address to VLAN entry VLAN ID VLAN ID of a MAC address to VLAN entry PRIO 802 1p priority corresponding to the MAC address of a MAC address to VLAN entry STATE The state of a MAC address to VLAN entry which can be z S indicating t...

Page 199: ...lan enable View Ethernet port view Default Level 2 System level Parameters None Description Use the mac vlan enable command to enable MAC address based VLAN on a port Use the undo mac vlan enable command to disable MAC address based VLAN on a port By default MAC address based VLAN is disabled on a port Examples Enable MAC address based VLAN on GigabitEthernet 1 0 1 Sysname system view Sysname inte...

Page 200: ...LAN 100 and 802 1p priority 7 Sysname system view Sysname mac vlan mac address 0 1 1 vlan 100 priority 7 vlan precedence Syntax vlan precedence mac vlan ip subnet vlan undo vlan precedence View Ethernet port view Default Level 2 System level Parameters mac vlan Specifies to match VLANs based on MAC addresses preferentially ip subnet vlan Specifies to match VLANs based on IP subnet settings prefere...

Page 201: ... view Default Level 2 System level Parameters interface type interface number1 Specifies an interface by its type and number interface type interface number1 to interface type interface number2 Specifies an interface range all Displays information about protocol based VLANs on all ports Description Use the display protocol vlan interface command to display information about protocol based VLANs fo...

Page 202: ...rgument specifies a protocol based VLAN ID in the range of 1 to 4094 but you must ensure that its value is greater than or equal to that of vlan id1 all Displays information about all protocol based VLANs Description Use the display protocol vlan vlan command to display the protocols and protocol indexes configured on the specified VLAN s Related commands display vlan Examples Display the protocol...

Page 203: ...group view this command applies to all ports in the port group For information about port groups refer to Ethernet Interface Configuration in the Access Volume z In Layer 2 aggregate interface view this command applies to the Layer 2 aggregate interface and all its member ports After you perform the configuration the system starts applying the configuration to the aggregate interface and its aggre...

Page 204: ...gation 1 with protocol 0 in VLAN 2 Among the member ports of the aggregation group corresponding to Bridge aggregation 1 GigabitEthernet 1 0 2 is an access port and GigabitEthernet 1 0 3 is a trunk port Sysname system view Sysname vlan 2 Sysname Vlan2 protocol vlan at Sysname Vlan2 quit Sysname interface bridge aggregation 1 Sysname Bridge Aggregation2 port link type access Please wait Done Config...

Page 205: ...under the snap encapsulation format protocol index Protocol index ranging from 0 to 15 which specifies the protocol template to be bound with the current VLAN System will automatically assign an index if this parameter is not specified to protocol end Specifies the end protocol index ranging from 0 to 15 The protocol end argument must be greater than or equal to the protocol index argument all Spe...

Page 206: ...ernet you are recommended to configure the IP and ARP templates in the same VLAN and associate them with the same port to prevent communication failure Create an ARP protocol template for VLAN 3 ARP code is 0x0806 to make VLAN 3 transmit ARP packets z To use Ethernet encapsulation use the command Sysname vlan3 protocol vlan mode ethernetii etype 0806 z To use 802 3 encapsulation use the command Sy...

Page 207: ...on GigabitEthernet 1 0 1 Sysname system view Sysname display ip subnet vlan interface gigabitethernet 1 0 1 Interface GigabitEthernet1 0 1 VLAN ID Subnet Index IP ADDRESS NET MASK 3 0 192 168 1 0 255 255 255 0 Table 6 6 display ip subnet vlan interface command output description Field Description Interface Interface of which you want to view the information VLAN ID VLAN ID Subnet Index Index of th...

Page 208: ...Subnet Mask Mask of the IP subnet ip subnet vlan Syntax ip subnet vlan ip subnet index ip ip address mask undo ip subnet vlan ip subnet index to ip subnet end all View VLAN view Default Level 2 System level Parameters ip subnet index Beginning IP subnet Index in the range of 0 to 11 This value can be configured by users or automatically numbered by system based on the order in which the IP subnets...

Page 209: ...d undo port hybrid ip subnet vlan vlan vlan id all View Ethernet interface view port group view Layer 2 aggregate interface view Default Level 2 System level Parameters vlan id VLAN ID in the range of 1 to 4094 all Specifies all VLANs Description Use the port hybrid ip subnet vlan vlan command to associate the current Ethernet port with the specified IP subnet based VLAN Use the undo port hybrid i...

Page 210: ... port hybrid ip subnet vlan vlan 3 Associate the hybrid Layer 2 aggregate interface Bridge aggregation 1 with the IP subnet based VLAN 3 assuming that Bridge aggregation 1 does not have member ports Sysname system view Sysname vlan 3 Sysname vlan3 ip subnet vlan ip 192 168 1 0 255 255 255 0 Sysname vlan3 quit Sysname interface bridge aggregation 1 Sysname Bridge Aggregation1 port link type hybrid ...

Page 211: ...6 32 Configuring GigabitEthernet1 0 2 Done Configuring GigabitEthernet1 0 3 Done Sysname Bridge Aggregation1 port hybrid ip subnet vlan vlan 3 ...

Page 212: ... user vlan and secondary VLAN s and the information of these VLANs Related commands isolate user vlan isolate user vlan enable Examples Display the mapping between an isolate user vlan and secondary VLANs Sysname display isolate user vlan Isolate user VLAN VLAN ID 2 Secondary VLAN ID 3 4 VLAN ID 2 VLAN Type static Isolate user VLAN type isolate user VLAN Route Interface configured IP Address 1 1 1...

Page 213: ...amic Isolate user VLAN type Current VLAN type isolate user VLAN or secondary VLAN Route Interface Whether a VLAN interface is configured for the VLAN IP Address IP address of the VLAN interface if configured This field is not displayed if no IP address is configured for the VLAN interface Subnet Mask Subnet mask of the VLAN interface if configured This field is not displayed if no mask is configur...

Page 214: ...VLAN of the port must be its isolate user VLAN or secondary VLAN z The undo isolate user vlan command without the secondary secondary vlan id parameter specified removes the association between the specified isolate user VLAN and all its secondary VLANs while the undo isolate user vlan command with the secondary secondary vlan id parameter specified only removes the association between the specifi...

Page 215: ...an enable command to configure the current VLAN as an isolate user VLAN Use the undo isolate user vlan enable command to remove the isolate user VLAN configuration for the current VLAN By default no VLAN is an isolate user VLAN An isolate user VLAN may include multiple ports including the one connected to the upstream device Related commands display isolate user vlan Examples Configure VLAN 5 as a...

Page 216: ...an OUI address is a globally unique identifier assigned to a vendor by IEEE OUI addresses mentioned in this document however are different from those in common sense OUI addresses in this document are used to determine whether a received packet is a voice packet They are the results of the AND operation of the two arguments mac address and oui mask in the voice vlan mac address command Examples Di...

Page 217: ...y voice vlan state Syntax display voice vlan state View Any view Default Level 1 Monitor level Parameters None Description Use the display voice vlan state command to display voice VLAN configuration Related commands voice vlan vlan id enable voice vlan enable Examples Display voice VLAN configurations Sysname display voice vlan state Maximum of Voice VLANs 8 Current Voice VLANs 2 Voice VLAN secur...

Page 218: ...ult Level 2 System level Parameters minutes Voice VLAN aging time in the range 5 to 43200 minutes Description Use the voice vlan aging command to configure the voice VLAN aging time Use the undo voice vlan aging command to restore the default By default the voice VLAN aging time is 1440 minutes When a port in automatic voice VLAN assignment mode receives a voice packet the system decides whether t...

Page 219: ...lt the voice VLAN feature is disabled on ports You can enable the voice VLAN feature on a hybrid or trunk port operating in automatic voice VLAN assignment mode but not on an access port operating in automatic voice VLAN assignment mode You can configure different voice VLANs for different ports An Switch 4510G ts up to eight voice VLANs globally Examples Enable the voice VLAN feature on GigabitEt...

Page 220: ...ess command to remove a recognizable OUI address The system supports up to 16 OUI addresses By default the system is configured with the default OUI addresses as illustrated in Table 8 3 You can remove the default OUI addresses and then add recognizable OUI addresses manually Table 8 3 Default OUI addresses Number OUI Description 1 0001 e300 0000 Siemens phone 2 0003 6b00 0000 Cisco phone 3 0004 0...

Page 221: ...automatic voice VLAN assignment mode Use the undo voice vlan mode auto command to configure the current port to operate in manual voice VLAN assignment mode By default a port operates in automatic voice VLAN assignment mode The voice VLAN modes of different ports are independent of one another To make voice VLAN take effect on a port which is enabled with voice VLAN and operates in manual voice VL...

Page 222: ...n security enable command to enable voice VLAN security mode Use the undo voice vlan security enable command to disable voice VLAN security mode By default voice VLAN security mode is not enabled Examples Disable voice VLAN security mode Sysname system view Sysname undo voice vlan security enable ...

Page 223: ...orts if no ports are specified This command displays the statistics about GVRP packets received transmitted and dropped on GVRP enabled ports When the system is restarted or after you perform the reset garp statistics command the existing packet statistics are cleared and the system starts to collect new GARP statistics With the statistics you can judge whether a GVRP enabled port is operating nor...

Page 224: ...e interface number or a port range in the form of interface type interface number1 to interface type interface number2 where the end port number specified by interface number2 must be greater than the start port number specified by interface number1 If no ports are specified this command displays the GARP timer settings on all ports Description Use the display garp timer command to display GARP ti...

Page 225: ...Ethernet 1 0 1 Sysname display gvrp local vlan interface gigabitethernet 1 0 1 Following VLANs exist in GVRP local database 1 default 2 500 display gvrp state Syntax display gvrp state interface interface type interface number vlan vlan id View Any view Default Level 0 Visit level Parameters interface interface type interface number Specifies an interface by its type and number vlan vlan id Specif...

Page 226: ...fied this command displays the GVRP statistics for all trunk ports Description Use the display gvrp statistics command to display the GVRP statistics of specified or all trunk ports Examples Display statistics about GVRP for trunk port GigabitEthernet 1 0 1 Sysname display gvrp statistics interface gigabitethernet 1 0 1 GVRP statistics on port GigabitEthernet1 0 1 GVRP Status Enabled GVRP Running ...

Page 227: ...rface type interface number View Any view Default Level 0 Visit level Parameters interface interface type interface number Specifies an interface by its type and number Description Use the display gvrp vlan operation interface command to display the information about dynamic VLAN operations performed on a port Examples Display the information about dynamic VLAN operations performed on GigabitEther...

Page 228: ...sive One second equals 100 centiseconds Description Use the garp timer hold command to set the GARP Hold timer for an Ethernet port Layer 2 aggregate interface or all ports in a port group Use the undo garp timer hold command to restore the default of the GARP Hold timer This may fail if the default is beyond the valid value range for the Hold timer By default the hold timer is set to 10 centiseco...

Page 229: ...lt the Join timer is set to 20 centiseconds Related commands display garp timer garp timer hold garp timer leave Examples Set the GARP Join timer to 25 centiseconds assuming that both the Hold timer and the Leave timer are using the default Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 garp timer join 25 garp timer leave Syntax garp timer leave timer valu...

Page 230: ...View System view Default Level 2 System level Parameters timer value Leaveall timer setting in centiseconds which must be a multiple of 5 in the range of the maximum Leave timer on the device exclusive and 32765 inclusive When the Leave timers on all ports are set to the default the value range for the LeaveAll timer is 65 inclusive to 32765 inclusive Description Use the garp timer leaveall comman...

Page 231: ...s in a port group depending on the view where the command is executed By default GVRP is disabled Note that z To enable GVRP on a port you need to enable it globally first and then on the port z You can use this command on trunk ports only z You cannot change the link type of a GVRP enabled trunk port Related commands display gvrp status Examples Enable GVRP globally Sysname system view Sysname gv...

Page 232: ...gabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 port link type trunk Sysname GigabitEthernet1 0 1 gvrp registration fixed reset garp statistics Syntax reset garp statistics interface interface list View User view Default Level 2 System level Parameters interface interface list Defines one or multiple Ethernet ports for which the GARP statistics are to be cleared You can provide up to 10 Ethernet ...

Page 233: ...P packets sent received and dropped You can use this command in conjunction with the display garp statistics command to display GARP statistics Related commands display gvrp statistics Examples Clear the GARP statistics on all ports Sysname reset garp statistics ...

Page 234: ...the QoS Volume QinQ Configuration Commands nest Syntax nest top most vlan id vlan id undo nest top most View Traffic behavior view Default Level 2 System Level Parameters vlan id vlan id ID of the VLAN The vlan id argument is in the range 1 to 4094 Description Use the nest command to configure an outer VLAN tag for a traffic behavior Use the undo nest command to remove the outer VLAN tag Note that...

Page 235: ... individual VLAN ID in the form of vlan id or a VLAN ID range in the form of vlan id to vlan id where the VLAN ID after to must be greater than the VLAN ID before to The vlan id argument ranges from 1 to 4094 all Specifies all VLAN IDs Description Use the raw vlan id inbound command to tag frames of the specified CVLANs with the current SVLAN Use the undo raw vlan id inbound command to remove the ...

Page 236: ... A basic QinQ enabled port tags received frames with the port s default VLAN tag Note that z Configuration made in Ethernet interface view takes effect on the current port only Configuration made in Layer 2 aggregate interface view takes effect on the Layer 2 aggregate interface and the member ports in its aggregation group Configuration made in port group view takes effect on all ports in the por...

Page 237: ...FFF However do not set it to any of the protocol type values listed in Table 10 1 Table 10 1 Common protocol type values Protocol type Value ARP 0x0806 PUP 0x0200 RARP 0x8035 IP 0x0800 IPv6 0x86DD PPPoE 0x8863 0x8864 MPLS 0x8847 0x8848 IPX SPX 0x8137 IS IS 0x8000 LACP 0x8809 802 1x 0x888E Cluster 0x88A7 Reserved 0xFFFD 0xFFFE 0xFFFF Description Use the qinq ethernet type command to configure the T...

Page 238: ...ration made in Ethernet interface view takes effect on the current port only Configuration made in Layer 2 aggregate interface view takes effect on the Layer 2 aggregate interface and the member ports in its aggregation group Configuration made in port group view takes effect on all ports in the port group z You can configure this command on a Layer 2 aggregate interface and its member ports separ...

Page 239: ...10 6 Sysname port group manual 1 Sysname port group manual 1 group member gigabitethernet 1 0 1 to gigabitethernet 1 0 6 Sysname port group manual 1 qinq vid 10 ...

Page 240: ... Specifies to enable BPDU tunneling for Ethernet Operation Administration and Maintenance EOAM gvrp Specifies to enable BPDU tunneling for the GARP VLAN Registration Protocol GVRP hgmp Specifies to enable BPDU tunneling for the HW Group Management Protocol HGMP lacp Specifies to enable BPDU tunneling for the Link Aggregation Control Protocol LACP lldp Specifies to enable BPDU tunneling for the Lin...

Page 241: ...the port from the dynamic aggregation group first Examples Disable STP on GigabitEthernet1 0 1 and then enable BPDU tunneling for STP on the port Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 undo stp enable Sysname GigabitEthernet1 0 1 bpdu tunnel dot1q stp Disable STP for port group 1 and then enable BPDU tunneling for STP on all the ports in the port g...

Page 242: ... Use the bpdu tunnel tunnel dmac command to configure the destination multicast MAC address for BPDUs Use the undo bpdu tunnel tunnel dmac command to restore the default value By default the destination multicast MAC address for BPDUs is 0x010F E200 0003 Examples Set the destination multicast MAC address for BPDUs to 0x0100 0CCD CDD0 Sysname system view Sysname bpdu tunnel tunnel dmac 0100 0ccd cd...

Page 243: ...splays remote destination mirroring groups remote source Displays remote source port mirroring groups Description Use the display mirroring group command to display information about the specified port mirroring group or groups The output varies by port mirroring group type and is sorted by mirroring group number Examples Display information about all the port mirroring groups Sysname display mirr...

Page 244: ...ameters groupid Specifies the number of the port mirroring group to be created or removed in the range of 1 to 4 all Removes all port mirroring groups local Creates a local mirroring group or removes all local mirroring groups with the undo command remote destination Creates a remote destination mirroring group or removes all remote destination mirroring groups with the undo command remote source ...

Page 245: ...ng group specified by groupid The total number of single ports plus port ranges cannot exceed eight In the list a single port takes the form of interface type interface number A port range takes the form interface type start interface number to interface type end interface number where the end port number must be greater than the start port number both Mirrors both inbound and outbound packets on ...

Page 246: ... egress monitor egress port id undo mirroring group groupid monitor egress monitor egress port id In Ethernet port view mirroring group groupid monitor egress undo mirroring group groupid monitor egress View System view Ethernet port view Default Level 2 System level Parameters groupid Number of a remote source mirroring group in the range of 1 to 4 monitor egress port id Port to be configured as ...

Page 247: ...ntax mirroring group groupid monitor port monitor port id undo mirroring group groupid monitor port monitor port id View System view Default Level 2 System level Parameters groupid Number of a local or remote destination mirroring group in the rang of 1 to 4 monitor port id Port to be assigned to the specified mirroring group as the monitor port The argument takes the form of interface type interf...

Page 248: ...e vlan rprobe vlan id View System view Default Level 2 System level Parameters groupid Number of a remote source or destination mirroring group in the range of 1 to 4 rprobe vlan id ID of the VLAN to be configured as the remote probe VLAN This VLAN must be a static VLAN that already exists Description Use the mirroring group remote probe vlan command to specify a VLAN as the remote probe VLAN for ...

Page 249: ...g port Use the undo mirroring port command to remove the current port from the port mirroring group When assigning a port to a mirroring group as a mirroring port note that z If no mirroring group is specified the port is assigned to port mirroring group 1 z Whether you assign the port to port mirroring group 1 or any other mirroring group ensure that the mirroring group already exists z A mirrori...

Page 250: ...ied the port is assigned to port mirroring group 1 z The port cannot belong to any other mirroring group z Whether you assign the port to port mirroring group 1 or any other mirroring group ensure that the mirroring group already exists z The remote destination mirroring port can be an access trunk or hybrid port It must be assigned to the remote mirroring VLAN z Do not enable STP RSTP or MSTP on ...

Page 251: ...y arp enable 3 2 proxy arp enable 3 2 4 ARP Attack Defense Configuration Commands 4 1 ARP Source Suppression Configuration Commands 4 1 arp source suppression enable 4 1 arp source suppression limit 4 1 display arp source suppression 4 2 ARP Defense Against IP Packet Attack Configuration Commands 4 3 arp resolving route enable 4 3 ARP Active Acknowledgement Configuration Commands 4 3 arp anti atta...

Page 252: ...se ip 5 7 dhcp relay security static 5 8 dhcp relay security tracker 5 9 dhcp relay server detect 5 10 dhcp relay server group 5 10 dhcp relay server select 5 11 dhcp select relay 5 12 display dhcp relay 5 13 display dhcp relay information 5 13 display dhcp relay security 5 14 display dhcp relay security statistics 5 15 display dhcp relay security tracker 5 16 display dhcp relay server group 5 16 ...

Page 253: ...y dns server 9 3 display ip host 9 4 dns domain 9 4 dns proxy enable 9 5 dns resolve 9 6 dns server 9 6 ip host 9 7 reset dns dynamic host 9 7 10 IP Performance Optimization Configuration Commands 10 1 IP Performance Optimization Configuration Commands 10 1 display fib 10 1 display fib ip address 10 3 display icmp statistics 10 4 display ip socket 10 5 display ip statistics 10 8 display tcp statis...

Page 254: ...stics 12 17 display tcp ipv6 status 12 20 display udp ipv6 statistics 12 21 dns server ipv6 12 22 ipv6 12 23 ipv6 address 12 23 ipv6 address auto link local 12 24 ipv6 address eui 64 12 25 ipv6 address link local 12 26 ipv6 hoplimit expires enable 12 27 ipv6 host 12 27 ipv6 icmp error 12 28 ipv6 icmpv6 multicast echo reply enable 12 28 ipv6 nd autoconfig managed address flag 12 29 ipv6 nd autoconf...

Page 255: ...12 42 tcp ipv6 timer fin timeout 12 42 tcp ipv6 timer syn timeout 12 43 tcp ipv6 window 12 43 13 sFlow Configuration Commands 13 1 sFlow Configuration Commands 13 1 display sflow 13 1 sflow agent ip 13 2 sflow collector ip 13 3 sflow enable 13 3 sflow interval 13 4 sflow sampling mode 13 5 sflow sampling rate 13 6 ...

Page 256: ... all Layer 3 interfaces Examples Display information about interface VLAN interface 1 Sysname display ip interface vlan interface 1 Vlan interface1 current state DOWN Line protocol current state DOWN Internet Address is 1 1 1 1 8 Primary Broadcast address 1 255 255 255 The Maximum Transmit Unit 1500 bytes input packets 0 bytes 0 multicasts 0 output packets 0 bytes 0 multicasts 0 ARP packet input n...

Page 257: ...t the protocol state of the interface is down which is usually because that no IP address is assigned to the interface z UP Indicates that the protocol state of the interface is up Internet Address IP address of an interface followed by z Primary Identifies a primary IP address or z Sub Identifies a secondary IP address Broadcast address Broadcast address of the subnet attached to an interface The...

Page 258: ...equest packets z Information reply packets z Netmask request packets z Netmask reply packets z Unknown type packets display ip interface brief Syntax display ip interface brief interface type interface number View Any view Default Level 1 Monitor level Parameters interface type Interface type interface number Interface number Description Use the display ip interface brief command to display brief ...

Page 259: ...interface is administratively up but its physical state is down which may be caused by a connection or link failure z up Indicates that both the administrative and physical states of the interface are up Protocol Link layer protocol state of the interface which can be z down Indicates that the protocol state of the interface is down which is usually because that no IP address is assigned to the in...

Page 260: ...rface consider the following z You can assign only one primary IP address to an interface z The primary and secondary IP addresses can be located in the same network segment z Before removing the primary IP address remove all secondary IP addresses z You cannot assign a secondary IP address to the interface that is configured to borrow an IP address through IP unnumbered or obtain one through BOOT...

Page 261: ... entry is not allowed either otherwise the system displays error messages Use the undo arp check enable command to disable the function After the ARP entry check is disabled the device can learn the ARP entry with a multicast MAC address and you can also configure such a static ARP entry on the device By default ARP entry check is enabled Examples Enable ARP entry check Sysname system view Sysname...

Page 262: ...rp static Syntax arp static ip address mac address vlan id interface type interface number undo arp ip address View System view Default Level 2 System level Parameters ip address IP address in an ARP entry mac address MAC address in an ARP entry in the format H H H vlan id ID of a VLAN to which a static ARP entry belongs to in the range 1 to 4094 interface type interface number Interface type and ...

Page 263: ...net 1 0 1 arp timer aging Syntax arp timer aging aging time undo arp timer aging View System view Default Level 2 System level Parameters aging time Aging time for dynamic ARP entries in minutes in the range 1 to 1 440 Description Use the arp timer aging command to set aging time for dynamic ARP entries Use the undo arp timer aging command to restore the default By default the aging time for dynam...

Page 264: ...ining the specified string exclude Displays the ARP entries that do not contain the specified string include Displays the ARP entries containing the specified string regular expression A case sensitive string for matching consisting of 1 to 256 characters count Displays the number of ARP entries Description Use the display arp command to display ARP entries in the ARP mapping table If no parameter...

Page 265: ...he device if the device is not in any IRF the slot number argument represents the device ID Uses a regular expression to specify the ARP entries to be displayed For detailed information about regular expressions refer to Basic System Configuration in the System Volume begin Displays the ARP entries from the first one containing the specified string exclude Displays the ARP entries that do not cont...

Page 266: ...lot number static interface interface type interface number View User view Default Level 2 System level Parameters all Clears all ARP entries except authorized ARP entries dynamic Clears all dynamic ARP entries static Clears all static ARP entries slot slot number Clears the ARP entries for the specified device If the device is in an IRF the slot number argument represents the member ID of the dev...

Page 267: ...nding enable undo gratuitous arp sending enable View System view Default Level 2 System level Parameters None Description Use the gratuitous arp sending enable command to enable a device to send gratuitous ARP packets when receiving ARP requests from another network segment Use the undo gratuitous arp sending enable command to restore the default By default a device cannot send gratuitous ARP pack...

Page 268: ...function enabled a device receiving a gratuitous ARP packet can add the source IP and MAC addresses carried in the packet to its own dynamic ARP table if it finds no ARP entry in the cache corresponding to the source IP address of the ARP packet exists if the corresponding ARP entry exists in the cache the device updates the ARP entry regardless of whether this function is enabled Examples Enable ...

Page 269: ...local proxy arp command to display the status of the local proxy ARP Related commands local proxy arp enable Examples Display the status of the local proxy ARP on VLAN interface 2 Sysname display local proxy arp interface vlan interface 2 Interface Vlan interface2 Local Proxy ARP status enabled display proxy arp Syntax display proxy arp interface vlan interface vlan id View Any view Default Level ...

Page 270: ...s disabled local proxy arp enable Syntax local proxy arp enable undo local proxy arp enable View VLAN interface view Default Level 2 System level Parameters None Description Use the local proxy arp enable command to enable local proxy ARP Use the undo local proxy arp enable command to disable local proxy ARP By default local proxy ARP is disabled Related commands display local proxy arp Examples E...

Page 271: ... enable command to enable proxy ARP Use the undo proxy arp enable command to disable proxy ARP By default proxy ARP is disabled Related commands display proxy arp Examples Enable proxy ARP on VLAN interface 2 Sysname system view Sysname interface vlan interface 2 Sysname Vlan interface2 proxy arp enable ...

Page 272: ...ble command to enable the ARP source suppression function Use the undo arp source suppression enable command to disable the function By default the ARP source suppression function is disabled Related commands display arp source suppression Examples Enable the ARP source suppression function Sysname system view Sysname arp source suppression enable arp source suppression limit Syntax arp source sup...

Page 273: ...ied threshold the device suppress the sending host from triggering any ARP requests within the following five seconds Related commands display arp source suppression Examples Set the maximum number of packets with the same source address but unresolvable destination IP addresses that the device can receive in five seconds to 100 Sysname system view Sysname arp source suppression limit 100 display ...

Page 274: ...solving route enable Syntax arp resolving route enable undo arp resolving route enable View System view Default Level 2 System level Parameters None Description Use the arp resolving route enable command to enable ARP defense against IP packet attacks Use the undo arp resolving route enable command to disable the function By default the function of ARP defense against IP packet attacks is enabled ...

Page 275: ...ated within the last minute z If yes the ARP entry is not updated z If not the gateway sends a unicast request to the source MAC address of the ARP entry Then z If a response is received within five seconds the ARP packet is ignored z If no response is received the gateway sends a unicast request to the source MAC address of the ARP packet Then z If a response is received within five seconds the g...

Page 276: ...lays an alarm and filters out the ARP packets from the MAC address z In monitor detection mode the device only displays an alarm Note that If no detection mode is specified in the undo arp anti attack source mac command both detection modes are disabled Examples Enable filter mode source MAC address based ARP attack detection Sysname system view Sysname arp anti attack source mac filter arp anti a...

Page 277: ...addresses that you can configure The maximum of the n argument is 10 Description Use the arp anti attack source mac exclude mac command to configure protected MAC addresses which will be excluded from ARP packet detection Use the undo arp anti attack source mac exclude mac command to remove the configured protected MAC addresses By default no protected MAC address is configured Note that If no MAC...

Page 278: ...p anti attack source mac Syntax display arp anti attack source mac slot slot number interface interface type interface number View Any view Default Level 1 Monitor level Parameters interface interface type interface number Displays attacking MAC addresses detected on the interface slot slot number Displays attacking MAC addresses detected on the specified device If the device is in an IRF the slot...

Page 279: ...arp anti attack valid check enable command to enable ARP packet source MAC address consistency check on the gateway After you execute this command the gateway device can filter out ARP packets with the source MAC address in the Ethernet header different from the sender MAC address in the ARP message Use the undo arp anti attack valid check enable command to disable ARP packet source MAC address co...

Page 280: ...t ARP packet rate limit is enabled and the ARP packet rate limit is 100 pps Examples Specify the ARP packet rate on GigabitEthernet 1 0 1 as 60 pps and exceeded packets are discarded Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 arp rate limit rate 60 drop ARP Detection Configuration Commands arp detection enable Syntax arp detection enable undo arp detec...

Page 281: ...ic bind Implements ARP attack detection based on static IP to MAC binding entries This mode is mainly used to prevent gateway spoofing attacks Description Use the arp detection mode command to specify an ARP attack detection mode Use the undo arp detection mode command to cancel the specified ARP detection mode By default no ARP detection mode is specified that is all packets are considered to be ...

Page 282: ...ce IP and MAC addresses of the ARP packet against the static IP to MAC bindings z If an entry with a matching IP address but different MAC address is found the ARP packet is considered invalid and discarded z If an entry with both matching IP and MAC addresses is found the ARP packet is considered valid and can pass the detection z If no match is found the ARP packet is considered valid and can pa...

Page 283: ...s in the Ethernet header the packet is considered invalid and discarded ip Checks the source and destination IP addresses of ARP packets The all zero all one or multicast IP addresses are considered invalid and the corresponding packets are discarded With this keyword specified the source and destination IP addresses of ARP replies and the source IP address of ARP requests will be checked src mac ...

Page 284: ...LAN s enabled with ARP detection Related commands arp detection enable Examples Display the VLANs enabled with ARP detection Sysname display arp detection ARP detection is enabled in the following VLANs 1 2 4 5 Table 4 2 display arp detection command output description Field Description ARP detection is enabled in the following VLANs VLANs that are enabled with ARP detection display arp detection ...

Page 285: ... 0 0 0 0 GE1 0 4 U 0 0 30 0 Table 4 3 display arp detection statistics command output description Field Description Interface State State T or U identifies a trusted or untrusted port IP Number of ARP packets discarded due to invalid source and destination IP addresses Src MAC Number of ARP packets discarded due to invalid source MAC address Dst MAC Number of ARP packets discarded due to invalid d...

Page 286: ...s command to clear ARP detection statistics of a specified interface If no interface is specified the statistics of all the interfaces will be cleared Examples Clear the ARP detection statistics of all the interfaces Sysname reset arp detection statistics ...

Page 287: ...on Use the dhcp relay address check enable command to enable IP address match check on the relay agent Use the dhcp relay address check disable command to disable IP address match check on the relay agent By default the function is disabled If a requesting client s IP and MAC addresses do not match any binding both dynamic and static bindings on the DHCP relay agent the client cannot access extern...

Page 288: ...ircuit id format type command to restore the default By default the code type for the circuit ID sub option depends on the specified padding format of Option 82 Each field has its own code type Note that This command applies to configuring the non user defined circuit ID sub option only After you configure the padding content for the circuit ID sub option using the dhcp relay information circuit i...

Page 289: ...he circuit ID sub option using this command ASCII is adopted as the code type Related commands dhcp relay information format Examples Configure the padding content for the circuit ID sub option as company001 Sysname system view Sysname interface vlan interface 1 Sysname Vlan interface1 dhcp relay information circuit id string company001 dhcp relay information enable Syntax dhcp relay information e...

Page 290: ... padding format node identifier mac sysname user defined node identifier Specifies access node identifier By default the node MAC address is used as the node identifier z mac indicates using MAC address as the node identifier z sysname indicates using the device name of a node as the node identifier z user defined node identifier indicates using a specified character string as the node identifier ...

Page 291: ...n 82 Sysname system view Sysname interface vlan interface 1 Sysname Vlan interface1 dhcp relay information enable Sysname Vlan interface1 dhcp relay information strategy replace Sysname Vlan interface1 dhcp relay information format verbose dhcp relay information remote id format type Syntax dhcp relay information remote id format type ascii hex undo dhcp relay information remote id format type Vie...

Page 292: ... 63 characters sysname Specifies the device name as the padding content for the remote ID sub option Description Use the dhcp relay information remote id string command to configure the padding content for the user defined remote ID sub option Use the undo dhcp relay information remote id string command to restore the default By default the padding content for the remote ID sub option depends on t...

Page 293: ...ining Option 82 after replacing the original Option 82 with the Option 82 padded in the specified padding format Description Use the dhcp relay information strategy command to configure DHCP relay agent handling strategy for messages containing Option 82 Use the undo dhcp relay information strategy command to restore the default handling strategy The handling strategy for messages containing Optio...

Page 294: ...P address for creating a static binding mac address Client MAC address for creating a static binding in the format H H H interface interface type interface number Specifies a Layer 3 interface connecting to the DHCP client interface type interface number specifies the interface type and interface number all Specifies all client entries to be removed dynamic Specifies dynamic client entries to be r...

Page 295: ...nterval auto undo dhcp relay security tracker interval View System view Default Level 2 System level Parameters interval Refreshing interval in seconds in the range of 1 to 120 auto Specifies the auto refreshing interval which is the value of 60 seconds divided by the number of binding entries Thus the more entries are the shorter interval is but the shortest interval is no less than 500 ms Descri...

Page 296: ... all DHCP servers which ever offered IP addresses to the DHCP client and the receiving interface Each server detected is recorded only once The administrator can get this information from logs to check out unauthorized DHCP servers After the information of recorded DHCP servers is cleared the relay agent will re record server information following this mechanism Examples Enable unauthorized DHCP s...

Page 297: ...rver 1 1 1 1 for DHCP server group 1 on the relay agent Sysname system view Sysname dhcp relay server group 1 ip 1 1 1 1 dhcp relay server select Syntax dhcp relay server select group id undo dhcp relay server select View Interface view Default Level 2 System level Parameters group id DHCP server group number to be correlated in the range of 0 to 19 Description Use the dhcp relay server select com...

Page 298: ...ide DHCP servers for IP address allocation Use the undo dhcp select relay command to restore the default After DHCP is enabled the DHCP server is enabled on an interface by default That is upon receiving a client s request from the interface the DHCP server allocates an IP address from the DHCP address pool to the client When the working mode of the interface is changed from DHCP server to DHCP re...

Page 299: ... DHCP server groups correlated to an interface or all interfaces Examples Display information about DHCP server groups correlated to all interfaces Sysname display dhcp relay all Interface name Server group Vlan interface1 2 Table 5 1 display dhcp relay all command output description Field Description Interface name Interface name Server group DHCP server group number correlated to the interface d...

Page 300: ...entifier abaci User defined Circuit ID company001 Interface Vlan interface200 Status Enable Strategy Keep Format Normal Circuit ID format type HEX Remote ID format type ASCII User defined Remote ID device001 display dhcp relay security Syntax display dhcp relay security ip address dynamic static View Any view Default Level 1 Monitor level Parameters ip address Displays the binding information of a...

Page 301: ...dynamic static and temporary Interface Layer 3 interface connecting to the DHCP client If no interface is recorded in the binding entry N A is displayed display dhcp relay security statistics Syntax display dhcp relay security statistics View Any view Default Level 1 Monitor level Parameters None Description Use the display dhcp relay security statistics command to display statistics information a...

Page 302: ...rameters None Description Use the display dhcp relay security tracker command to display the interval for refreshing dynamic bindings on the relay agent Examples Display the interval for refreshing dynamic bindings on the relay agent Sysname display dhcp relay security tracker Current tracker interval 10s The interval is 10 seconds display dhcp relay server group Syntax display dhcp relay server g...

Page 303: ...cs Syntax display dhcp relay statistics server group group id all View Any view Default Level 1 Monitor level Parameters group id Specifies a server group number in the range of 0 to 19 about which to display DHCP packet statistics all Specifies all server groups about which to display DHCP packet statistics Information for each group will be displayed Description Use the display dhcp relay statis...

Page 304: ... relayed 0 BOOTPREQUEST packets relayed 0 DHCP packets relayed to clients 0 DHCPOFFER packets relayed 0 DHCPACK packets relayed 0 DHCPNAK packets relayed 0 BOOTPREPLY packets relayed 0 DHCP packets sent to servers 0 DHCPDISCOVER packets sent 0 DHCPREQUEST packets sent 0 DHCPINFORM packets sent 0 DHCPRELEASE packets sent 0 DHCPDECLINE packets sent 0 BOOTPREQUEST packets sent 0 DHCP packets sent to ...

Page 305: ...roup id Specifies a server group ID in the range of 0 to 19 about which to remove statistics from the relay agent Description Use the reset dhcp relay statistics command to remove statistics from the relay agent If no server group is specified all statistics will be removed from the relay agent Related commands display dhcp relay statistics Examples Remove all statistics from the DHCP relay agent ...

Page 306: ...ddress DHCP Client Configuration Commands display dhcp client Syntax display dhcp client verbose interface interface type interface number View Any view Default Level 1 Monitor level Parameters verbose Specifies verbose DHCP client information to be displayed interface interface type interface number Specifies an interface of which to display DHCP client information Description Use the display dhc...

Page 307: ...D 3030 3066 2e65 3234 392e 3830 3438 2d56 6c61 6e2d 696e 7465 7266 6163 6531 T1 will timeout in 1 day 11 hours 58 minutes 52 seconds Table 6 1 display dhcp client command output description Field Description Vlan interface1 DHCP client information Information of the interface acting as the DHCP client Current machine state DHCP client current machine state Allocated IP The IP address allocated by ...

Page 308: ... IP address Description Use the ip address dhcp alloc command to configure an interface to use DHCP for IP address acquisition Use the undo ip address dhcp alloc command to cancel an interface from using DHCP By default an interface does not use DHCP for IP address acquisition Note that z If no parameter is specified the client uses a character string comprised of the current interface name and MA...

Page 309: ...6 4 Sysname interface vlan interface 1 Sysname Vlan interface1 ip address dhcp alloc ...

Page 310: ...client DHCP client may fail to obtain an IP address DHCP Snooping Configuration Commands dhcp snooping Syntax dhcp snooping undo dhcp snooping View System view Default Level 2 System level Parameters None Description Use the dhcp snooping command to enable DHCP snooping Use the undo dhcp snooping command to disable DHCP snooping With DHCP snooping disabled all ports can forward responses from any ...

Page 311: ... the default By default the code type for the circuit ID sub option depends on the padding format of Option 82 Each field has its own code type Note that This command applies to configuring the non user defined circuit ID sub option only After you configure the padding content for the circuit ID sub option using the dhcp snooping information circuit id string command ASCII is adopted as the code t...

Page 312: ...s command ASCII is adopted as the code type z If a VLAN is specified the configured circuit ID sub option only takes effect within the VLAN if no VLAN is specified the configured circuit ID sub option takes effect in all VLANs The former case has a higher priority that is the circuit ID sub option specified for a VLAN will be padded for packets within the VLAN Related commands dhcp snooping inform...

Page 313: ...er 2 Ethernet interface view Default Level 2 System level Parameters normal Specifies the normal padding format verbose Specifies the verbose padding format node identifier mac sysname user defined node identifier Specifies access node identifier By default the node MAC address is used as the node identifier z mac indicates using MAC address as the node identifier z sysname indicates using the dev...

Page 314: ...mat type View Layer 2 Ethernet port view Default Level 2 System level Parameters ascii Specifies the code type for the remote ID sub option as ascii hex Specifies the code type for the remote ID sub option as hex Description Use the dhcp snooping information remote id format type command to configure the code type for the non user defined remote ID sub option Use the undo dhcp snooping information...

Page 315: ...ub option depends on the padding format of Option 82 Note that z After you configure the padding content for the remote ID sub option using this command ASCII is adopted as the code type z If a VLAN is specified the configured remote ID sub option only takes effect within the VLAN if no VLAN is specified the configured remote ID sub option takes effect in all VLANs The former case has a higher pri...

Page 316: ...ginal Option 82 with the one padded in specified format Description Use the dhcp snooping information strategy command to configure the handling strategy for Option 82 in requesting messages Use the undo dhcp snooping information strategy command to restore the default By default the handling strategy for Option 82 in requesting messages is replace Examples Configure the handling strategy for Opti...

Page 317: ...obtain valid IP addresses Related commands display dhcp snooping trust Examples Specify GigabiEthernet 1 0 1 as a trusted port and enable it to record the IP to MAC bindings of clients Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabiEthernet1 0 1 dhcp snooping trust display dhcp snooping Syntax display dhcp snooping ip ip address View Any view Default Level 1 Monitor leve...

Page 318: ...t in seconds VLAN VLAN where the port connecting the DHCP client resides Interface Port to which the DHCP client is connected display dhcp snooping information Syntax display dhcp snooping information all interface interface type interface number View Any view Default Level 1 Monitor level Parameters all Displays the Option 82 configuration information of all Layer 2 Ethernet interfaces interface ...

Page 319: ...ping packet statistics Syntax display dhcp snooping packet statistics slot slot number View Any view Default Level 1 Monitor level Parameters slot slot number Displays the DHCP packet statistics of the specified device If the device is in an IRF the slot number argument represents the member ID of the device if the device is not in any IRF the slot number argument represents the device ID Descript...

Page 320: ...Parameters None Description Use the display dhcp snooping trust command to display information about trusted ports Related commands dhcp snooping trust Examples Display information about trusted ports Sysname display dhcp snooping trust DHCP Snooping is enabled DHCP Snooping trust becomes active Interface Trusted GigabiEthernet1 0 1 Trusted The above output shows that DHCP snooping is enabled DHCP...

Page 321: ...r view Default Level 2 System level Parameters slot slot number Clears the DHCP packet statistics of the specified device If the device is in an IRF the slot number argument represents the member ID of the device if the device is not in any IRF the slot number argument represents the device ID Description Use the reset dhcp snooping packet statistics command to clear DHCP packet statistics on the ...

Page 322: ...nt Syntax display bootp client interface interface type interface number View Any view Default Level 1 Monitor level Parameters interface interface type interface number Displays the BOOTP client information of the interface Description Use the display bootp client command to display related information about a BOOTP client Note z If interface interface type interface number is not specified the c...

Page 323: ...e from the BOOTP server If the values of the XID field are different in the BOOTP response and request the BOOTP client will drop the BOOTP response Mac Address MAC address of a BOOTP client ip address bootp alloc Syntax ip address bootp alloc undo ip address bootp alloc View Interface view Default Level 2 System level Parameters None Description Use the ip address bootp alloc command to enable an...

Page 324: ...8 3 Sysname interface vlan interface 1 Sysname Vlan interface1 ip address bootp alloc ...

Page 325: ...isplay dns domain Syntax display dns domain dynamic View Any view Default Level 1 Monitor level Parameters dynamic Displays the domain name suffixes dynamically obtained through DHCP or other protocols Description Use the display dns domain command to display the domain name suffixes Related commands dns domain Examples Display domain name suffixes Sysname display dns domain Type D Dynamic S Stati...

Page 326: ...the display dns dynamic host command to display the information of the dynamic domain name resolution cache Examples Display the information of the dynamic domain name resolution cache Sysname display dns dynamic host No Host IP Address TTL 1 www baidu com 202 108 249 134 63000 2 www yahoo akadns net 66 94 230 39 24 3 www hotmail com 207 68 172 239 3585 4 www eyou com 61 136 62 70 3591 Table 9 2 d...

Page 327: ...n Use the display dns server command to display the DNS server information Related commands dns server Examples Display the DNS server information Sysname display dns server Type D Dynamic S Static DNS Server Type IP Address 1 S 169 254 65 125 Table 9 3 display dns server command output description Field Description DNS Server Sequence number of the DNS server configured automatically by the devic...

Page 328: ...e resolution table Sysname display ip host Host Age Flags Address My 0 static 1 1 1 1 Aa 0 static 2 2 2 4 Table 9 4 display ip host command output description Field Description Host Host name Age Time to live 0 means that the static mapping will never age out You can only manually remove the static mappings between host names and IP addresses Flags Indicates the mapping type Static represents stat...

Page 329: ...ns domain command to delete a domain name suffix with a domain name suffix specified or all domain name suffixes with no domain name suffix specified No domain name suffix is configured by default that is only the provided domain name is resolved You can configure a maximum of 10 domain name suffixes Related commands display dns domain Examples Configure com as a DNS suffix Sysname system view Sys...

Page 330: ... command to disable dynamic domain name resolution Dynamic domain name resolution is disabled by default Examples Enable dynamic domain name resolution Sysname system view Sysname dns resolve dns server Syntax dns server ip address undo dns server ip address View System view Default Level 2 System level Parameters ip address IP address of the DNS server Description Use the dns server command to sp...

Page 331: ... hyphens underlines _ or dots The host name must include at least one letter ip address IP address of the specified host in dotted decimal notation Description Use the ip host command to create a host name to IP address mapping in the static resolution table Use the undo ip host command to remove a mapping No mappings are created by default You can configure only one mapping for a host name A mapp...

Page 332: ...meters None Description Use the reset dns dynamic host command to clear the dynamic domain name resolution information Related commands display dns dynamic host Examples Clear the dynamic domain name resolution information Sysname reset dns dynamic host ...

Page 333: ...entries that do not match the specified regular expression include Displays the FIB entries that match the specified regular expression regular expression A case sensitive string of 1 to 256 characters excluding spaces acl acl number Displays FIB entries matching a specified ACL numbered from 2000 to 2999 If the specified ACL does not exist all FIB entries are displayed ip prefix ip prefix name Di...

Page 334: ...face InnerLabel Token 10 2 0 0 16 10 2 1 1 U VLAN1 Null Invalid 10 2 1 1 32 127 0 0 1 UH InLoop0 Null Invalid Display all entries that contain the string 127 and start from the first one Sysname display fib begin 127 Flag U Useable G Gateway H Host B Blackhole D Dynamic S Static R Relay Destination Mask Nexthop Flag OutInterface InnerLabel Token 10 2 1 1 32 127 0 0 1 UH InLoop0 Null Invalid 127 0 ...

Page 335: ...p address Syntax display fib ip address mask mask length View Any view Default Level 1 Monitor level Parameters ip address Destination IP address in dotted decimal notation mask IP address mask mask length Length of IP address mask Description Use the display fib ip address command to display FIB entries that match the specified destination IP address If no mask or mask length is specified the FIB...

Page 336: ...ent represents the member ID of the device if the device is not in any IRF the slot number argument represents the device ID Description Use the display icmp statistics command to display ICMP statistics Related commands display ip interface in IP Addressing Commands of the IP Services Volume reset ip statistics Examples Display ICMP statistics Sysname display icmp statistics Input bad formats 0 b...

Page 337: ...nput output mask replies information reply Number of output information reply packets time exceeded Number of input output expiration packets display ip socket Syntax display ip socket socktype sock type task id socket id slot slot number View Any view Default Level 1 Monitor level Parameters socktype sock type Displays the socket information of this type The sock type is in the range 1 to 3 corre...

Page 338: ...C Task VTYD 38 socketid 4 Proto 6 LA 192 168 1 40 23 FA 192 168 1 52 1917 sndbuf 8192 rcvbuf 8192 sb_cc 237 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_REUSEPORT SO_SENDVPNID 0 SO_SETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Task VTYD 38 socketid 3 Proto 6 LA 192 168 1 40 23 FA 192 168 1 84 1503 sndbuf 8192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_...

Page 339: ... 0 0 0 sndbuf 9216 rcvbuf 41600 sb_cc 0 rb_cc 0 socket option SO_UDPCHECKSUM socket state SS_PRIV SOCK_RAW Task ROUT 69 socketid 8 Proto 89 LA 0 0 0 0 FA 0 0 0 0 sndbuf 262144 rcvbuf 262144 sb_cc 0 rb_cc 0 socket option SO_SENDVPNID 0 SO_RCVVPNID 0 socket state SS_PRIV SS_ASYNC Task ROUT 69 socketid 3 Proto 2 LA 0 0 0 0 FA 0 0 0 0 sndbuf 32767 rcvbuf 256000 sb_cc 0 rb_cc 0 socket option SO_SENDVPN...

Page 340: ...e address and remote port number sndbuf Sending buffer size of the socket in bytes rcvbuf Receiving buffer size of the socket in bytes sb_cc Current data size in the sending buffer It is available only for TCP that can buffer data rb_cc Data size currently in the receiving buffer socket option Socket option socket state Socket state display ip statistics Syntax display ip statistics slot slot numb...

Page 341: ...eing local bad protocol Total number of unknown protocol packets bad format Total number of packets with incorrect format bad checksum Total number of packets with incorrect checksum Input bad options Total number of packets with incorrect option forwarding Total number of packets forwarded local Total number of packets sent from the local dropped Total number of packets discarded no route Total n...

Page 342: ...0 offset error 0 short error 0 duplicate packets 1 8 bytes partially duplicate packets 0 0 bytes out of order packets 17 0 bytes packets of data after window 0 0 bytes packets received after close 0 ACK packets 4625 141989 bytes duplicate ACK packets 1702 too much ACK packets 0 Sent packets Total 6726 urgent packets 0 control packets 21 including 0 RST window probe packets 0 window update packets ...

Page 343: ... the receiving window packets received after close Number of packets that arrived after connection is closed ACK packets Number of ACK packets received duplicate ACK packets Number of duplicate ACK packets received Received packets too much ACK packets Number of ACK packets for data unsent Total Total number of packets sent urgent packets Number of urgent packets sent control packets Number of con...

Page 344: ...tion display tcp status Syntax display tcp status View Any view Default Level 1 Monitor level Parameters None Description Use the display tcp status command to display status of all TCP connections for monitoring TCP connections Examples Display status of all TCP connections Sysname display tcp status TCP MD5 Connection TCPCB Local Add port Foreign Add port State 03e37dc4 0 0 0 0 4001 0 0 0 0 0 Li...

Page 345: ...han header 0 data length larger than packet 0 unicast no socket on port 0 broadcast multicast no socket on port 0 not delivered input socket full 0 input packets missing pcb cache 0 Sent packets Total 0 Table 10 7 display udp statistics command output description Field Description Total Total number of UDP packets received checksum error Total number of packets with incorrect checksum shorter than...

Page 346: ...er in the range 2000 to 3999 From 2000 to 2999 are numbers for basic ACLs and from 3000 to 3999 are numbers for advanced ACLs Only directed broadcasts permitted by the ACL can be forwarded Description Use the ip forward broadcast command to enable the interface to forward directed broadcasts to a directly connected network Use the undo ip forward broadcast command to disable the interface from for...

Page 347: ...g directed broadcasts By default the device is disabled from receiving directed broadcasts Examples Enable the device to receive directed broadcasts Sysname system view Sysname ip forward broadcast ip redirects enable Syntax ip redirects enable undo ip redirects View System view Default Level 2 System level Parameters None Description Use the ip redirects enable command to enable sending of ICMP r...

Page 348: ...he sending of ICMP timeout packets Use the undo ip ttl expires command to disable sending ICMP timeout packets Sending ICMP timeout packets is enabled by default If the feature is disabled the device will not send TTL timeout ICMP packets but still send reassembly timeout ICMP packets Examples Disable sending ICMP timeout packets Sysname system view Sysname undo ip ttl expires ip unreachables enab...

Page 349: ...t ip statistics slot slot number View User view Default Level 2 System level Parameters slot slot number Clears IP packet statistics on the specified device If the device is in an IRF the slot number argument represents the member ID of the device if the device is not in any IRF the slot number argument represents the device ID Description Use the reset ip statistics command to clear statistics of...

Page 350: ...cs of TCP traffic Sysname reset tcp statistics reset udp statistics Syntax reset udp statistics View User view Default Level 2 System level Parameters None Description Use the reset udp statistics command to clear statistics of UDP traffic Examples Display statistics of UDP traffic Sysname reset udp statistics tcp timer fin timeout Syntax tcp timer fin timeout time value undo tcp timer fin timeout...

Page 351: ...nwait timer Related commands tcp timer syn timeout tcp window Examples Set the length of the TCP finwait timer to 800 seconds Sysname system view Sysname tcp timer fin timeout 800 tcp timer syn timeout Syntax tcp timer syn timeout time value undo tcp timer syn timeout View System view Default Level 2 System level Parameters time value TCP finwait timer in seconds in the range 2 to 600 Description ...

Page 352: ...n KB in the range 1 to 32 Description Use the tcp window command to configure the size of the TCP send receive buffer Use the undo tcp window command to restore the default The size of the TCP send receive buffer is 8 KB by default Related commands tcp timer fin timeout tcp timer syn timeout Examples Configure the size of the TCP send receive buffer as 3 KB Sysname system view Sysname tcp window 3...

Page 353: ... specified interface or all interfaces If interface type interface number is not specified this command displays the information of forwarded UDP packets on all interfaces Examples Display the information of forwarded UDP packets on the interface VLAN interface 1 Sysname display udp helper server interface vlan interface 1 Interface name Server address Packets sent Vlan interface1 192 1 1 2 0 The ...

Page 354: ... System view Default Level 2 System level Parameters None Description Use the udp helper enable command to enable UDP Helper The device enabled with UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified destination server Use the undo udp helper enable command to disable UDP Helper By default UDP Helper is disabled Examples ...

Page 355: ... packet The corresponding UDP port number is 49 tftp Forwards TFTP data packets The corresponding UDP port number is 69 time Forwards time service data packets The corresponding UDP port number is 37 Description Use the udp helper port command to enable the forwarding of packets with the specified UDP port number Use the undo udp helper port command to remove the configured UDP port numbers By def...

Page 356: ... configured by default Currently you can configure up to 20 destination servers on an interface Note that you will remove all the destination servers on an interface if you carry out the undo udp helper server command without the ip address argument Related commands display udp helper server Examples Specify the IP address of the destination server as 192 1 1 2 on the interface VLAN interface 100 ...

Page 357: ...ng the domain name IPv6 address and TTL of the DNS entries You can use the reset dns ipv6 dynamic host command to clear all IPv6 dynamic domain name information from the cache Examples Display IPv6 dynamic domain name information Sysname display dns ipv6 dynamic host NoHost IPv6 Address TTL 1 aaa 2001 2 6 Table 12 1 display dns ipv6 dynamic host command output description Field Description No Sequ...

Page 358: ...rver information Examples Display IPv6 DNS server information Sysname display dns ipv6 server Type D Dynamic S Static DNS Server Type IPv6 Address Interface Name 1 S 1 1 2 S FE80 1111 2222 3333 4444 5555 6666 7777 Vlan2 Table 12 2 display dns ipv6 server command output description Field Description DNS Server Sequence number of the DNS server which is assigned automatically by the system starting ...

Page 359: ...lay IPv6 FIB entries If no argument is specified all IPv6 FIB entries will be displayed The device looks up a matching IPv6 FIB entry for forwarding an IPv6 packet Examples Display all IPv6 FIB entries Sysname display ipv6 fib FIB Table Total number of Routes 1 Flag U Useable G Gateway H Host B Blackhole D Dynamic S Static Destination 1 PrefixLength 128 NextHop 1 Flag HU Label NULL Tunnel ID 0 Tim...

Page 360: ...e Description Use the display ipv6 host command to display the mappings between host names and IPv6 addresses in the static domain name resolution table Related commands ipv6 host Examples Display the mappings between host names and IPv6 addresses in the static domain name resolution table Sysname display ipv6 host Host Age Flags IPv6Address aaa 0 static 2002 1 bbb 0 static 2002 2 Table 12 4 displ...

Page 361: ...pecified the IPv6 information of all interfaces for which IPv6 addresses can be configured is displayed if only interface type is specified the IPv6 information of the interfaces of the specified type for which IPv6 addresses can be configured is displayed if interface type interface number is specified the IPv6 information of the specified interface is displayed If the verbose keyword is also spe...

Page 362: ...face verbose command output description on a switch Field Description Vlan interface2 current state Physical state of the interface z Administratively DOWN Indicates that the VLAN interface is administratively down that is the interface is shut down using the shutdown command z DOWN Indicates that the VLAN interface is administratively up but its physical state is down that is no ports in the VLAN...

Page 363: ... to acquire IPv6 addresses InReceives All IPv6 packets received by the interface including all types of error packets InTooShorts Received IPv6 packets that are too short with a length less than 40 bytes for example InTruncatedPkts Received IPv6 packets with a length less than that specified in the packets InHopLimitExceeds Received IPv6 packets with a hop count exceeding the limit InBadHeaders Re...

Page 364: ...sses can be configured Sysname display ipv6 interface down administratively down s spoofing Interface Physical Protocol IPv6 Address Vlan interface1 down down Unassigned Vlan interface2 up up 2001 1 Vlan interface100 up down Unassigned Table 12 6 display ipv6 interface command output description Field Description down administratively down The interface is down that is the interface is closed by u...

Page 365: ...cally static Displays information of all neighbors configured statically slot slot number Displays information of the neighbors of a specified device in an IRF If no IRF is formed the neighbors of the current device are displayed only The slot number argument indicates the member ID of the device interface interface type interface number Displays information of the neighbors of a specified interfa...

Page 366: ...ink layer address of the neighbor is unknown z REACH The neighbor is reachable z STALE The reachability of the neighbor is unknown The device will not verify the reachability any longer unless data is sent to the neighbor z DELAY The reachability of the neighbor is unknown The device sends an NS message after a delay z PROBE The reachability of the neighbor is unknown The device sends an NS messag...

Page 367: ...ace vlan vlan id Displays the total number of neighbor entries of a specified VLAN whose ID ranges from 1 to 4094 Description Use the display ipv6 neighbors count command to display the total number of neighbor entries satisfying the specified condition Examples Display the total number of neighbor entries acquired dynamically Sysname display ipv6 neighbors dynamic count Total dynamic entry ies 2 ...

Page 368: ...o 3 The value 1 represents a TCP socket 2 a UDP socket and 3 a raw IP socket task id Displays the socket information of the task The task ID is in the range 1 to 100 socket id Displays the information of the socket The socket ID is in the range 0 to 3072 slot slot number Displays the socket information of a specified device in an IRF If no IRF is formed the socket information of the current device...

Page 369: ...V SS_NBIO SS_ASYNC Task TRAP 52 socketid 2 Proto 17 LA 1024 FA 0 sndbuf 9216 rcvbuf 42080 sb_cc 0 rb_cc 0 socket option socket state SS_PRIV SOCK_RAW Task ROUT 86 socketid 5 Proto 89 LA FA sndbuf 262144 rcvbuf 262144 sb_cc 0 rb_cc 0 socket option SO_REUSEADDR socket state SS_PRIV SS_ASYNC Table 12 9 display ipv6 socket command output description Field Description SOCK_STREAM TCP socket SOCK_DGRAM ...

Page 370: ... current device is displayed only The slot number argument indicates the member ID of the device Description Use the display ipv6 statistics command to display statistics of IPv6 packets and ICMPv6 packets You can use the reset ipv6 statistics command to clear all IPv6 and ICMPv6 packet statistics Examples Display the statistics of IPv6 packets and ICMPv6 packets Sysname display ipv6 statistics IP...

Page 371: ... 0 router solicit 0 router advert 0 redirected 0 router renumbering 0 unknown info type 0 Deliver failed bad length 0 ratelimited 0 Table 12 10 display ipv6 statistics command output description Field Description IPv6 Protocol Statistics of IPv6 packets Sent packets Total 0 Local sent out 0 forwarded 0 raw packets 0 discarded 0 routing failed 0 fragments 0 fragments failed 0 Statistics of sent IPv...

Page 372: ...s Total 0 unreached 0 too big 0 hopcount exceeded 0 reassembly timeout 0 parameter problem 0 echo request 0 echo replied 0 neighbor solicit 0 neighbor advert 0 router solicit 0 router advert 0 redirected 0 Send failed ratelimited 0 other errors 0 Statistics of sent ICMPv6 packets including z Total number of sent packets z Number of packets whose destination is unreachable z Number of too large pac...

Page 373: ...mes out z Number of packets with parameter errors z Number of packets with unknown errors z Number of request packets z Number of response packets z Number of neighbor solicitation messages z Number of neighbor advertisement packets z Number of router solicitation packets z Number of router advertisement packets z Number of redirected packets z Number of packets recounted by the router z Number of...

Page 374: ...te ACK packets 0 too much ACK packets 0 Sent packets Total 0 urgent packets 0 control packets 0 including 0 RST window probe packets 0 window update packets 0 data packets 0 0 bytes data packets retransmitted 0 0 bytes ACK only packets 0 0 delayed Retransmitted timeout 0 connections dropped in retransmitted timeout 0 Keepalive timeout 0 keepalive probe 0 Keepalive timeout so connections disconnect...

Page 375: ...fter the connection is closed z Number of ACK packets z Number of duplicate ACK packets z Number of excessive ACK packets Sent packets Total 0 urgent packets 0 control packets 0 including 0 RST window probe packets 0 window update packets 0 data packets 0 0 bytes data packets retransmitted 0 0 bytes ACK only packets 0 0 delayed Statistics of sent packets including z Total number of packets z Numbe...

Page 376: ...play tcp ipv6 command to display the IPv6 TCP connection status including IP address of the IPv6 TCP control block local and peer IPv6 addresses and status of the IPv6 TCP connection Examples Display the IPv6 TCP connection status Sysname display tcp ipv6 status TCP6CB Local Address Foreign Address State 045d8074 21 0 Listening Table 12 12 display tcp ipv6 status command output description Field D...

Page 377: ...he display udp ipv6 statistics command to display the statistics of IPv6 UDP packets You can use the reset udp ipv6 statistics command to clear the statistics of all IPv6 UDP packets Examples Display the statistics information of IPv6 UDP packets Sysname display udp ipv6 statistics Received packets Total 0 checksum error 0 shorter than header 0 data length larger than packet 0 unicast no socket on...

Page 378: ...cket full Number of packets not handled because of the receive buffer being full input packet missing pcb cache Number of packets failing to match the protocol control block PCB cache dns server ipv6 Syntax dns server ipv6 ipv6 address interface type interface number undo dns server ipv6 ipv6 address interface type interface number View System view Default Level 2 System level Parameters ipv6 addr...

Page 379: ...s ipv6 address prefix length ipv6 address prefix length undo ipv6 address ipv6 address prefix length ipv6 address prefix length View Interface view Default Level 2 System level Parameters ipv6 address IPv6 address prefix length Prefix length of the IPv6 address in the range 1 to 128 Description Use the ipv6 address command to configure an IPv6 site local address or aggregatable global unicast addr...

Page 380: ... level Parameters None Description Use the ipv6 address auto link local command to automatically generate a link local address for an interface Use the undo ipv6 address auto link local command to remove the automatically generated link local address for the interface By default a link local address will automatically be generated after a site local or global IPv6 unicast address is configured for...

Page 381: ...address Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface100 ipv6 address auto link local ipv6 address eui 64 Syntax ipv6 address ipv6 address prefix length eui 64 undo ipv6 address ipv6 address prefix length eui 64 View Interface view Default Level 2 System level Parameters ipv6 address prefix length IPv6 address and IPv6 prefix The ipv6 address and prefix length arg...

Page 382: ...ess for the interface Use the undo ipv6 address link local command to remove the configured link local address for the interface Note that Manual assignment takes precedence over automatic generation That is if you first adopt automatic generation and then manual assignment the manually assigned link local address will overwrite the automatically generated one If you first adopt manual assignment ...

Page 383: ... packets is enabled Note that After you disable the sending of ICMPv6 time exceeded packets the device will not send time to live count exceeded packets but will still send fragment reassembly time exceeded packets Examples Disable the sending of ICMPv6 time exceeded packets Sysname system view Sysname undo ipv6 hoplimit expires ipv6 host Syntax ipv6 host hostname ipv6 address undo ipv6 host hostn...

Page 384: ...mber of tokens in the token bucket in the range of 1 to 200 ratelimit interval Update period of the token bucket in milliseconds in the range of 0 to 2 147 483 647 The update period 0 indicates that the number of ICMPv6 error packets sent is not restricted Description Use the ipv6 icmp error command to configure the size and update period of the token bucket Use the undo ipv6 icmp error command to...

Page 385: ...sname ipv6 icmpv6 multicast echo reply enable ipv6 nd autoconfig managed address flag Syntax ipv6 nd autoconfig managed address flag undo ipv6 nd autoconfig managed address flag View Interface view Default Level 2 System level Parameters None Description Use the ipv6 nd autoconfig managed address flag command to set the managed address configuration M flag to 1 so that the host can acquire an IPv6...

Page 386: ...figuration flag O to 1 so that the host can acquire information other than IPv6 address through stateful autoconfiguration for example from a DHCP server Use the undo ipv6 nd autoconfig other flag command to restore the default By default the O flag is set to 0 so that the host can acquire other information through stateless autoconfiguration Examples Configure the host to acquire information othe...

Page 387: ...stem view Sysname interface vlan interface 100 Sysname Vlan interface100 ipv6 nd dad attempts 20 ipv6 nd hop limit Syntax ipv6 nd hop limit value undo ipv6 nd hop limit View System view Default Level 2 System level Parameters value Number of hops in the range of 0 to 255 When it is set to 0 the Hop Limit field in RA messages sent by the device is 0 That is the number of hops is determined by the r...

Page 388: ...his value Use the undo ipv6 nd ns retrans timer command to restore the default By default the local interface retransmits an NS message at intervals of 1 000 milliseconds and the Retrans Timer field in RA messages sent by the local interface is 0 Related commands display ipv6 interface Examples Specify VLAN interface 100 to retransmit NS messages at intervals of 10 000 milliseconds Sysname system ...

Page 389: ...l interface is 30 000 milliseconds and the Reachable Timer field in RA messages is 0 Related commands display ipv6 interface Examples Set the neighbor reachable time on VLAN interface 100 to 10 000 milliseconds Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface100 ipv6 nd nud reachable time 10000 ipv6 nd ra halt Syntax ipv6 nd ra halt undo ipv6 nd ra halt View Interfac...

Page 390: ...nterval Use the undo ipv6 nd ra interval command to restore the default By default the maximum interval between RA messages is 600 seconds and the minimum interval is 200 seconds Note the following z The minimum interval should be three fourths of the maximum interval or less z The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages Examples ...

Page 391: ... not to be directly reachable on the link If this keyword is not provided the address with the prefix is directly reachable on the link Description Use the ipv6 nd ra prefix command to configure the prefix information in RA messages Use the undo ipv6 nd ra prefix command to remove the prefix information from RA messages By default no prefix information is configured in RA messages and the IPv6 add...

Page 392: ...r Syntax ipv6 neighbor ipv6 address mac address vlan id port type port number interface interface type interface number undo ipv6 neighbor ipv6 address interface type interface number View System view Default Level 2 System level Parameters ipv6 address IPv6 address of the static neighbor entry mac address MAC address of the static neighbor entry 48 bits long in the format of H H H vlan id VLAN ID...

Page 393: ... entry for Layer 2 port GigabitEthernet1 0 1 of VLAN 100 Sysname system view Sysname ipv6 neighbor 2000 1 fe e0 89 100 gigabitethernet 1 0 1 ipv6 neighbors max learning num Syntax ipv6 neighbors max learning num number undo ipv6 neighbors max learning num View Interface view Default Level 2 System level Parameters number Maximum number of neighbors that can be dynamically learned by the interface ...

Page 394: ...command to remove the PMTU configuration for a specified IPv6 address By default no static PMTU is configured Examples Configure a static PMTU for a specified IPv6 address Sysname system view Sysname ipv6 pathmtu fe80 12 1300 ipv6 pathmtu age Syntax ipv6 pathmtu age age time undo ipv6 pathmtu age View System view Default Level 2 System level Parameters age time Aging time for PMTU in minutes in th...

Page 395: ...lt Level 2 System level Parameters None Description Use the reset dns ipv6 dynamic host command to clear IPv6 dynamic domain name cache information You can use the display dns ipv6 dynamic host command to display the current IPv6 dynamic domain name cache information Examples Clear IPv6 dynamic domain name cache information Sysname reset dns ipv6 dynamic host reset ipv6 neighbors Syntax reset ipv6...

Page 396: ...ipv6 neighbors command to clear IPv6 neighbor information You can use the display ipv6 neighbors command to display the current IPv6 neighbor information Examples Clear neighbor information on all interfaces Sysname reset ipv6 neighbors all Clear dynamic neighbor information on all interfaces Sysname reset ipv6 neighbors dynamic Clear all neighbor information on VLAN interface 1 Sysname reset ipv6...

Page 397: ...ar the statistics of IPv6 packets and ICMPv6 packets You can use the display ipv6 statistics command to display the statistics of IPv6 and ICMPv6 packets Examples Clear the statistics of IPv6 packets and ICMPv6 packets Sysname reset ipv6 statistics reset tcp ipv6 statistics Syntax reset tcp ipv6 statistics View User view Default Level 2 System level Parameters None Description Use the reset tcp ip...

Page 398: ...ets Sysname reset udp ipv6 statistics tcp ipv6 timer fin timeout Syntax tcp ipv6 timer fin timeout wait time undo tcp ipv6 timer fin timeout View System view Default Level 2 System level Parameters wait time Length of the finwait timer for IPv6 TCP connections in seconds in the range of 76 to 3 600 Description Use the tcp ipv6 timer fin timeout command to set the finwait timer for IPv6 TCP connect...

Page 399: ...do tcp ipv6 timer syn timeout command to restore the default By default the length of the synwait timer of IPv6 TCP connections is 75 seconds Examples Set the synwait timer length of IPv6 TCP connections to 100 seconds Sysname system view Sysname tcp ipv6 timer syn timeout 100 tcp ipv6 window Syntax tcp ipv6 window size undo tcp ipv6 window View System view Default Level 2 System level Parameters ...

Page 400: ...12 44 By default the size of the IPv6 TCP send receive buffer is 8 KB Examples Set the size of the IPv6 TCP send receive buffer to 4 KB Sysname system view Sysname tcp ipv6 window 4 ...

Page 401: ...onditions in the current IRF If no IRF exists the slot number argument is the current device number Description Use the display sflow command to display the sFlow configuration information Examples Display the sFlow configuration information of member device 1 in an IRF stack Sysname display sflow slot 1 sFlow Version 5 sFlow Global Information Agent IP 10 10 10 1 Collector IP 10 10 10 2 Port 6343...

Page 402: ...a fixed number of packets z Random Samples a random number of packets Status Status of the sFlow enabled port z Suspend Indicates the port is suspended and it stops sampling z Active Indicates the port is active and performs sampling sflow agent ip Syntax sflow agent ip ip address undo sflow agent ip View System view Default Level 2 System level Parameters ip address IP address of the sFlow agent ...

Page 403: ...the sflow collector ip command to specify the IP address and port number of an sFlow collector Use the undo sflow collector ip command to remove an sFlow collector By default no sFlow collector is specified Note that z The sFlow collector and sFlow agent must not have the same IP address z Currently you can specify at most two sFlow collectors with one as the backup sFlow collector z sFlow does no...

Page 404: ...stead of logical interfaces VLAN interfaces If you want to enable sFlow on an aggregation group you need to enable sFlow on each member port Examples Enable sFlow in the outbound direction on GigabitEthernet 1 0 1 Sysname system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 sflow enable outbound sflow interval Syntax sflow interval interval time undo sflow interval View...

Page 405: ...ts random Sample packets randomly Description Use the sflow sampling mode command to specify the packet sampling mode Use the undo sflow sampling mode command to restore the default By default the packet sampling mode is random Note that this command should be used after sFlow is enabled on the current port Currently the determine mode is not supported on Switch 4510G Family Examples Configure the...

Page 406: ...ut of which the interface will sample a packet Use the undo sflow sampling rate command to restore the default By default the packet sampling rate is 200000 Note that this command should be used after sFlow is enabled on the current port Examples Specify the interface to sample a packet out of 100000 inbound packets Sysname system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEtherne...

Page 407: ...routing table statistics 1 18 display ipv6 routing table verbose 1 19 reset ip routing table statistics protocol 1 20 reset ipv6 routing table statistics 1 20 2 Static Routing Configuration Commands 2 1 Static Routing Configuration Commands 2 1 delete static routes all 2 1 ip route static 2 2 ip route static default preference 2 3 3 RIP Configuration Commands 3 1 RIP Configuration Commands 3 1 che...

Page 408: ...ng Configuration Commands 5 1 RIPng Configuration Commands 5 1 checkzero 5 1 default cost RIPng view 5 2 display ripng 5 2 display ripng database 5 3 display ripng interface 5 5 display ripng route 5 6 filter policy export 5 7 filter policy import RIPng view 5 8 import route 5 8 preference 5 9 ripng 5 10 ripng default route 5 11 ripng enable 5 11 ripng metricin 5 12 ripng metricout 5 13 ripng pois...

Page 409: ... ip address next hop 6 7 display ip ip prefix 6 7 if match acl 6 8 if match ip 6 9 if match ip prefix 6 10 ip ip prefix 6 10 reset ip ip prefix 6 12 IPv6 Route Policy Configuration Commands 6 12 apply ipv6 next hop 6 12 display ip ipv6 prefix 6 13 if match ipv6 6 14 ip ipv6 prefix 6 14 reset ip ipv6 prefix 6 16 ...

Page 410: ...sic System Configuration in the System Volume begin Displays route entries starting from the one specified by the regular expression exclude Displays route entries not matching the regular expression include Displays route entries matching the regular expression regular expression Regular expression a string of 1 to 256 case sensitive characters used for specifying routing entries Description Use ...

Page 411: ...1 display ip routing table command output description Field Description Destinations Number of destination addresses Routes Number of routes Destination Mask Destination address mask length Proto Protocol that presents the route Pre Priority of the route Cost Cost of the route Nexthop Address of the next hop on the route Interface Outbound interface for packets to be forwarded along the route Disp...

Page 412: ...00m36s Tag 0 Displayed first are statistics for the whole routing table followed by detailed description of each route in sequence Table 1 2 display ip routing table verbose command output description Field Description Destination Destination address mask length Protocol Protocol that presents the route Process ID Process ID Preference Priority of the route Cost Cost of the route NextHop Address o...

Page 413: ...he highest priority is installed into the core routing table and advertised while a NotInstall route cannot be installed into the core routing table but may be advertised Reject The packets matching a Reject route will be dropped Besides the router sends ICMP unreachable messages to the sources of the dropped packets The Reject routes are usually used for network testing Static A static route is n...

Page 414: ...asic ACL 2000 and set the route filtering rules Sysname system view Sysname acl number 2000 Sysname acl basic 2000 rule permit source 10 1 0 0 0 0 255 255 Sysname acl basic 2000 rule deny source any Display brief information about active routes permitted by basic ACL 2000 Sysname acl basic 2000 display ip routing table acl 2000 Routes Matched by Access list 2000 Summary Count 6 Destination Mask Pr...

Page 415: ...on 10 1 2 0 24 Protocol Direct Process ID 0 Preference 0 Cost 0 NextHop 10 1 2 1 Interface Vlan interface2 RelyNextHop 0 0 0 0 Neighbour 0 0 0 0 Tunnel ID 0x0 Label NULL State Active Adv Age 00h05m42s Tag 0 Destination 10 1 2 1 32 Protocol Direct Process ID 0 Preference 0 Cost 0 NextHop 127 0 0 1 Interface InLoopBack0 RelyNextHop 0 0 0 0 Neighbour 0 0 0 0 Tunnel ID 0x0 Label NULL State Active NoAd...

Page 416: ...sent the command displays only brief information about active routes Description Use the display ip routing table ip address command to display information about routes to a specified destination address Executing the command with different parameters yields different output z display ip routing table ip address The system ANDs the input destination IP address with the subnet mask in each route en...

Page 417: ...display route entries with destination addresses within a specified range Examples Display route entries for the destination IP address 11 1 1 1 Sysname display ip routing table 11 1 1 1 Routing Table Public Summary Count 4 Destination Mask Proto Pre Cost NextHop Interface 0 0 0 0 0 Static 60 0 0 0 0 0 NULL0 11 0 0 0 8 Static 60 0 0 0 0 0 NULL0 11 1 0 0 16 Static 60 0 0 0 0 0 NULL0 11 1 1 0 24 Sta...

Page 418: ...y ip routing table ip prefix ip prefix name verbose View Any view Default Level 1 Monitor level Parameters ip prefix name IP prefix list name a string of 1 to 19 characters verbose Displays detailed routing table information including that for inactive routes With this argument absent the command displays only brief information about active routes Description Use the display ip routing table ip pr...

Page 419: ...ed by Prefix list test Summary Count 2 Destination 2 2 2 0 24 Protocol Direct Process ID 0 Preference 0 Cost 0 NextHop 2 2 2 1 Interface Vlan interface2 RelyNextHop 0 0 0 0 Neighbour 0 0 0 0 Tunnel ID 0x0 Label NULL State Active Adv Age 00h20m52s Tag 0 Destination 2 2 2 1 32 Protocol Direct Process ID 0 Preference 0 Cost 0 NextHop 127 0 0 1 Interface InLoopBack0 RelyNextHop 0 0 0 0 Neighbour 0 0 0...

Page 420: ...outing table Status Active Summary Count 4 Destination Mask Proto Pre Cost NextHop Interface 2 2 2 0 24 Direct 0 0 2 2 2 1 Vlan2 2 2 2 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Direct Routing table Status Inactive Summary Count 0 Display brief information about static routes Sysname display ip routing table protocol static ...

Page 421: ...ble 1 3 display ip routing table statistics command output description Field Description Proto Origin of the routes route Number of routes from the origin active Number of active routes from the origin added Number of routes added into the routing table since the router started up or the routing table was last cleared deleted Number of routes marked as deleted which will be freed after a period fr...

Page 422: ...rect NextHop 1 Preference 0 Interface InLoop0 Cost 0 Table 1 4 display ipv6 routing table command output description Field Description Destination IPv6 address of the destination network host NextHop Nexthop address Preference Route priority Interface Outbound interface Protocol Routing protocol Cost Route cost display ipv6 routing table acl Syntax display ipv6 routing table acl acl6 number verbos...

Page 423: ...table ipv6 address prefix length longer match verbose View Any view Default Level 1 Monitor level Parameters ipv6 address Destination IPv6 address prefix length Prefix length in the range 0 to 128 longer match Displays the matched route having the longest prefix length verbose Displays both active and inactive verbose routing information Without this keyword only brief active routing information i...

Page 424: ...xamples Display brief information about the route matching the specified destination IPv6 address Sysname display ipv6 routing table 10 1 127 Routing Table Summary Count 3 Destination 10 64 Protocol Static NextHop Preference 60 Interface NULL0 Cost 0 Destination 10 68 Protocol Static NextHop Preference 60 Interface NULL0 Cost 0 Destination 10 120 Protocol Static NextHop Preference 60 Interface NUL...

Page 425: ...name display ipv6 routing table 100 64 300 64 Routing Table Summary Count 3 Destination 100 64 Protocol Static NextHop Preference 60 Interface NULL0 Cost 0 Destination 200 64 Protocol Static NextHop Preference 60 Interface NULL0 Cost 0 Destination 300 64 Protocol Static NextHop Preference 60 Interface NULL0 Cost 0 Refer to Table 1 4 for description about the above output display ipv6 routing table...

Page 426: ...otocol protocol inactive verbose View Any view Default Level 1 Monitor level Parameters protocol Displays routes of a routing protocol which can be direct ripng and static inactive Displays only inactive routes Without the keyword all active and inactive routes are displayed verbose Displays both active and inactive verbose routing information Without this keyword only brief active routing informa...

Page 427: ...l route number added route number and deleted route number Examples Display routing statistics Sysname display ipv6 routing table statistics Protocol route active added deleted freed DIRECT 1 1 1 0 0 STATIC 3 0 3 0 0 RIPng 0 0 0 0 0 Total 4 1 4 0 0 Table 1 5 display ipv6 routing table statistics command output description Field Description Protocol Routing protocol route Route number of the protoc...

Page 428: ...routes Sysname display ipv6 routing table verbose Routing Table Destinations 1 Routes 1 Destination 1 PrefixLength 128 NextHop 1 Preference 0 RelayNextHop Tag 0H Neighbour ProcessID 0 Interface InLoopBack0 Protocol Direct State Active NoAdv Cost 0 Tunnel ID 0x0 Label NULL Age 22161sec Table 1 6 display ipv6 routing table verbose command output description Field Description Destination Destination ...

Page 429: ...w Default Level 2 System level Parameters protocol Clears statistics for the IPv4 routing protocol which can be direct rip or static all Clears statistics for all IPv4 routing protocols Description Use the reset ip routing table statistics protocol command to clear routing statistics for the routing table Examples Clear all the routing statistics information Sysname reset ip routing table statisti...

Page 430: ...ipng or static all Clears statistics for all IPv6 routing protocols Description Use the reset ipv6 routing table statistics command to clear the route statistics of the routing table Examples Clear statistics for all routing protocols Sysname reset ipv6 routing table statistics protocol all ...

Page 431: ...tes all command to delete all static routes When you use this command to delete static routes the system will prompt you to confirm the operation before deleting all the static routes Related commands ip route static and display ip routing table in IP Routing Table Display Commands in the IP Routing Volume Examples Delete all static routes on the router Sysname system view Sysname delete static ro...

Page 432: ...he static route which consists of 1 to 60 characters including special characters like space but excluding track track entry number Associates the static route with a track entry Use the track entry number argument to specify a track entry number in the range 1 to 1024 Description Use the ip route static command to configure a unicast static route Use the undo ip route static command to delete a u...

Page 433: ...2 2 2 2 tag 45 description for internet intranet ip route static default preference Syntax ip route static default preference default preference value undo ip route static default preference View System view Default Level 2 System level Parameters default preference value Default preference for static routes which is in the range of 1 to 255 Description Use the ip route static default preference c...

Page 434: ...2 4 Examples Set the default preference of static routes to 120 Sysname system view Sysname ip route static default preference 120 ...

Page 435: ...able the zero field check on RIPv1 messages Use the undo checkzero command to disable the zero field check The zero field check is enabled by default After the zero field check is enabled the router discards RIPv1 messages in which zero fields are non zero If all messages are trusty you can disable this feature to reduce the processing time of the CPU Examples Disable the zero field check on RIPv1...

Page 436: ...n you use the import route command to redistribute routes from other protocols without specifying a metric the metric specified by the default cost command applies Related command import route Examples Configure the default metric for redistributed routes to 3 Sysname system view Sysname rip 100 Sysname rip 100 default cost 3 default route Syntax default route only originate cost cost undo default...

Page 437: ...s 1 to send only a default route with a metric of 2 to RIP neighbors Sysname system view Sysname rip 100 Sysname rip 100 default route only cost 2 display rip Syntax display rip process id View Any view Default Level 1 Monitor level Parameters process id RIP process ID in the range of 1 to 65535 Description Use the display rip command to display the current status and configuration information of ...

Page 438: ...mmary Indicates whether route summarization is enabled Hostroutes Indicates whether to receive host routes Maximum number of balanced paths Maximum number of load balanced routes Update time RIP update interval Timeout time RIP timeout time Suppress time RIP suppress interval update output delay RIP packet sending interval output count Maximum number of RIP packets sent at each interval Garbage co...

Page 439: ...Parameters process id RIP process ID in the range of 1 to 65535 Description Use the display rip database command to display active routes in the database of the specified RIP process which are sent in normal RIP routing updates Examples Display the active routes in the database of RIP process 100 Sysname display rip 100 database 10 0 0 0 8 cost 1 ClassfulSumm 10 0 0 0 24 cost 1 nexthop 10 0 0 1 Ri...

Page 440: ...ll the interface information of RIP process 1 Sysname display rip 1 interface Interface name Vlan interface1 Address Mask 1 1 1 1 24 Version RIPv1 MetricIn 5 MetricIn route policy 123 MetricOut 5 MetricOut route policy 234 Split horizon Poison reverse on off Input Output on on Default route off Current packets number Maximum packets number 234 2000 Table 3 3 display rip interface command output de...

Page 441: ...e interface display rip route Syntax display rip process id route ip address mask mask length peer ip address statistics View Any view Default Level 1 Monitor level Parameters process id RIP process ID in the range of 1 to 65535 ip address mask mask length Displays route information about a specified IP address peer ip address Displays all routing information learned from a specified neighbor stat...

Page 442: ... Tag Flags Sec 56 0 0 0 8 21 0 0 23 1 0 RA 102 34 0 0 0 8 21 0 0 23 1 0 RA 23 Table 3 4 display rip route command output description Field Description Route Flags R RIP route T TRIP route P The route never expires A The route is aging S The route is suppressed G The route is in Garbage collect state Peer 21 0 0 23 on Vlan interface1 Routing information learned on a RIP interface from the specified...

Page 443: ... Name of an IP prefix list used to filter outbound routes a string of 1 to 19 characters protocol Filters outbound routes redistributed from a specified routing protocol which can be direct rip and static process id Process ID of the specified routing protocol in the range of 1 to 65535 You need to specify a process ID when the routing protocol is rip interface type interface number Specifies an i...

Page 444: ...to 3999 ip prefix ip prefix name References an IP prefix list to filter incoming routes The ip prefix name is a string of 1 to 19 characters gateway ip prefix name References an IP prefix list to filter routes from the gateway ip prefix name is a string of 1 to 19 characters interface type interface number Specifies an interface by its interface type and interface number Description Use the filter...

Page 445: ... the same network segment These routes are not helpful for routing and occupy a large amount of network resources You can use the undo host route command to disable receiving of host routes RIPv2 can be disabled from receiving host routes but RIPv1 cannot Examples Disable RIP from receiving host routes Sysname system view Sysname rip 1 Sysname rip 1 undo host route import route RIP view Syntax imp...

Page 446: ...ute command to enable route redistribution from another routing protocol Use the undo import route command to disable route redistribution By default RIP does not redistribute routes from other routing protocols Note that z Only active routes can be redistributed You can use the display ip routing table protocol command to display route state information z You can specify a routing policy using th...

Page 447: ...RIP to validate RIP on a specific interface z For a single process you can use the network 0 0 0 0 command to enable RIP on all interfaces while the command is not applicable in case of multi process Examples Enable RIP on the interface attached to the network 129 102 0 0 Sysname system view Sysname rip 100 Sysname rip 100 network 129 102 0 0 output delay Syntax output delay time count count undo ...

Page 448: ...P address of a neighbor in the non broadcast multi access NBMA network where routing updates destined for the peer are unicast rather than multicast or broadcast Use the undo peer command to remove the IP address of a neighbor By default no neighbor is specified Note that you need not use the peer ip address command when the neighbor is directly connected otherwise the neighbor may receive both th...

Page 449: ...z If a priority is set for matched routes in the routing policy the priority applies to these routes The priority of other routes is the one set by the preference command z If no priority is set for matched routes in the routing policy the priority of all routes is the one set by the preference command Examples Set the RIP route priority to 120 Sysname system view Sysname rip 1 Sysname rip 1 prefe...

Page 450: ...rocess By default no RIP process runs Note that z You must enable the RIP process before configuring the global parameters This limitation is not for configuration of interface parameters z The configured interface parameters become invalid after you disable the RIP process Examples Create a RIP process and enter RIP process view Sysname system view Sysname rip Sysname rip 1 rip authentication mod...

Page 451: ...cation mode and parameters Use the undo rip authentication mode command to cancel authentication Note that the key string you configured can overwrite the old one if there is any Related commands rip version Examples Configure MD5 authentication on VLAN interface 10 with the key string being rose in the format defined in RFC 2453 Sysname system view Sysname interface vlan interface 10 Sysname Vlan...

Page 452: ...ors Related commands default route Examples Configure VLAN interface 10 to advertise only a default route with a metric of 2 Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 rip default route only cost 2 rip input Syntax rip input undo rip input View Interface view Default Level 2 System level Parameters None Description Use the rip input command to enable the inter...

Page 453: ...ce is increased If the sum of the additional metric and the original metric is greater than 16 the metric of the route will be 16 If a routing policy is referenced with the route policy keyword z Routes matching the policy is added with the metric specified in the apply cost command configured in the policy while routes not matching it is added with the metric specified in the rip metricout comman...

Page 454: ...t command configured in the policy while routes not matching it is added with the metric specified in the rip metricout command Note that the rip metricout command does not support the or keyword used to add or reduce a metric specified in the apply cost command For details about the apply cost command refer to Routing Policy Commands in the IP Routing Volume z If the apply cost command is not con...

Page 455: ...equests Use the undo rip mib binding command to restore the default By default MIB operations are bound to RIP process 1 that is RIP process 1 is enabled to receive SNMP requests Examples Enable RIP process 100 to receive SNMP requests Sysname system view Sysname rip mib binding 100 Restore the default Sysname undo rip mib binding rip output Syntax rip output undo rip output View Interface view De...

Page 456: ... undo rip poison reverse View Interface view Default Level 2 System level Parameters None Description Use the rip poison reverse command to enable the poison reverse function Use the undo rip poison reverse command to disable the poison reverse function By default the poison reverse function is disabled Examples Enable the poison reverse function for RIP routing updates on VLAN interface 10 Sysnam...

Page 457: ... function Only the poison reverse function takes effect if both the split horizon and poison reverse functions are enabled Examples Enable the split horizon function on VLAN interface 10 Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 rip split horizon rip summary address Syntax rip summary address ip address mask mask length undo rip summary address ip address mas...

Page 458: ...ersion 2 broadcast Sends RIPv2 messages in broadcast mode multicast Sends RIPv2 messages in multicast mode Description Use the rip version command to specify a RIP version for the interface Use the undo rip version command to remove the specified RIP version By default no RIP version is configured for an interface which uses the global RIP version If the global RIP version is not configured the in...

Page 459: ... Syntax silent interface interface type interface number all undo silent interface interface type interface number all View RIP view Default Level 2 System level Parameters interface type interface number Specifies an interface by its type and number all Silents all interfaces Description Use the silent interface command to disable an interface or all interfaces from sending routing updates That i...

Page 460: ...t all subnet routes can be broadcast By default automatic RIPv2 summarization is enabled Enabling automatic RIPv2 summarization can reduce the size of the routing table to enhance the scalability and efficiency of large networks Related commands rip version Examples Disable RIPv2 automatic summarization Sysname system view Sysname rip Sysname rip 1 undo summary timers Syntax timers garbage collect...

Page 461: ...P route stays in the suppressed state When the metric of a route is 16 the route enters the suppressed state In the suppressed state only routes which come from the same neighbor and whose metric is less than 16 will be received by the router to replace unreachable routes z The garbage collect timer defines the interval from when the metric of a route becomes 16 to when it is deleted from the rout...

Page 462: ...e source IP address validation on incoming RIP routing updates Sysname system view Sysname rip rip 100 Sysname rip 100 undo validate source address version Syntax version 1 2 undo version View RIP view Default Level 2 System level Parameters 1 Specifies the RIP version as RIPv1 2 Specifies the RIP version as RIPv2 RIPv2 messages are multicast Description Use the version command to specify a global...

Page 463: ...rits RIPv1 and it can send RIPv1 broadcasts and receive RIPv1 broadcasts and unicasts z If no RIP version is specified for the interface and the global version is RIPv2 the interface operates in the RIPv2 multicast mode and it can send RIPv2 multicasts and receive RIPv2 broadcasts multicasts and unicasts Examples Specify RIPv2 as the global RIP version Sysname system view Sysname rip 100 Sysname r...

Page 464: ...Description Use the delete ipv6 static routes all command to delete all static routes including the default route When using this command you will be prompted whether to continue the deletion and only after you confirm the deletion will the static routes be deleted Related commands display ipv6 routing table ipv6 route static Examples Delete all IPv6 static routes Sysname system view Sysname delet...

Page 465: ...e value Route preference value in the range of 1 to 255 The default is 60 Description Use the ipv6 route static command to configure an IPv6 static route Use the undo ipv6 route static command to remove an IPv6 static route An IPv6 static route that has the destination address configured as 0 a prefix length of 0 is the default IPv6 route If the destination address of an IPv6 packet does not match...

Page 466: ... zero field check on RIPng packets Use the undo checkzero command to disable the zero field check The zero field check is enabled by default Some fields in RIPng packet headers must be zero These fields are called zero fields You can enable the zero field check on RIPng packet headers If any such field contains a non zero value the RIPng packet will be discarded Examples Disable the zero field che...

Page 467: ...t command to restore the default The default metric of redistributed routes is 0 The specified default metric applies to the routes redistributed by the import route command with no metric specified Related commands import route Examples Set the default metric of redistributed routes to 2 Sysname system view Sysname ripng 100 Sysname ripng 100 default cost 2 display ripng Syntax display ripng proc...

Page 468: ...s sent 0 Table 5 1 display ripng command output description Field Description RIPng process RIPng process ID Preference RIPng route priority Checkzero Indicates whether zero field check for RIPng packet headers is enabled Default Cost Default metric of redistributed routes Maximum number of balanced paths Maximum number of load balanced routes Update time RIPng update interval in seconds Timeout t...

Page 469: ...ed 100 32 via FE80 200 5EFF FE04 3302 cost 2 3FFE C00 C18 1 64 via FE80 200 5EFF FE04 B602 cost 2 3FFE C00 C18 1 64 via FE80 200 5EFF FE04 B601 cost 2 3FFE C00 C18 2 64 via FE80 200 5EFF FE04 B602 cost 2 3FFE C00 C18 3 64 via FE80 200 5EFF FE04 B601 cost 2 4000 1 64 via FE80 200 5EFF FE04 3302 cost 2 4000 2 64 via FE80 200 5EFF FE04 3302 cost 2 1111 64 cost 0 RIPng interface Table 5 2 display ripn...

Page 470: ...rface information of RIPng process 1 Sysname display ripng 1 interface Interface name Vlan interface100 Link Local Address FE80 20F E2FF FE30 C16C Split horizon on Poison reverse off MetricIn 0 MetricOut 1 Default route off Summary address 3 64 3 16 Table 5 3 display ripng interface command output description Field Description Interface name Name of an interface running RIPng Link Local Address Li...

Page 471: ...he summarized IPv6 prefix and the summary IPv6 prefix on the interface display ripng route Syntax display ripng process id route View Any view Default Level 1 Monitor level Parameters process id RIPng process ID in the range of 1 to 65535 Description Use the display ripng route command to display all RIPng routes and timers associated with each route of a RIPng process Examples Display the routing...

Page 472: ...e of 2000 to 3999 ipv6 prefix ipv6 prefix name Specifies the name of an IPv6 prefix list used to filter routing information a string of 1 to 19 characters protocol Filters routes redistributed from a routing protocol currently including direct ripng and static process id Process number of the specified routing protocol in the range of 1 to 65535 This argument is available only when the routing pro...

Page 473: ...es the name of an IPv6 prefix list to filter incoming routes in the range 1 to 19 characters Description Use the filter policy import command to define an inbound route filtering policy Only routes which match the filtering policy can be received Use the undo filter policy import command to disable inbound route filtering By default RIPng does not filter incoming routing information Examples Refer...

Page 474: ...o import route command to disable redistributing routes from another routing protocol By default RIPng does not redistribute routes from other routing protocols z You can configure a routing policy to redistribute only needed routes z You can specify a cost for redistributed routes using the cost keyword Related commands default cost Examples Redistribute static routes and specify the metric as 7 ...

Page 475: ... the RIPng route priority to 120 Sysname system view Sysname ripng 100 Sysname ripng 100 preference 120 Restore the default RIPng route priority Sysname ripng 100 undo preference ripng Syntax ripng process id undo ripng process id View System view Default Level 2 System level Parameters process id RIPng process ID in the range of 1 to 65535 The default value is 1 Description Use the ripng command ...

Page 476: ...d to stop advertising or forwarding the default route By default a RIP process does not advertise any default route After you execute this command the generated RIPng default route is advertised in a route update over the specified interface This IPv6 default route is advertised without considering whether it already exists in the local IPv6 routing table Examples Advertise only the default route ...

Page 477: ...enable ripng metricin Syntax ripng metricin value undo ripng metricin View Interface view Default Level 2 System level Parameters value Additional metric for received routes in the range of 0 to 16 Description Use the ripng metricin command to specify an additional metric for received RIPng routes Use the undo ripng metricin command to restore the default By default the additional metric to receiv...

Page 478: ...do rip metricout command to restore the default The default additional routing metric is 1 Related commands ripng metricin Examples Set the additional metric to 12 for routes advertised by VLAN interface 100 Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface100 ripng metricout 12 ripng poison reverse Syntax ripng poison reverse undo ripng poison reverse View Interface ...

Page 479: ...arameters None Description Use the rip split horizon command to enable the split horizon function Use the undo rip split horizon command to disable the split horizon function By default the split horizon function is enabled Note that z The split horizon function is necessary for preventing routing loops Therefore you are not recommended to disable it z In special cases make sure that it is necessa...

Page 480: ... to configure a summary network to be advertised through the interface Use the undo ripng summary address command to remove the summary Networks falling into the summary network will not be advertised The cost of the summary route is the lowest cost among summarized routes Examples Assign an IPv6 address with the 64 bit prefix to VLAN interface 100 and configure a summary with the 35 bit prefix le...

Page 481: ...how long a RIPng route stays in the suppressed state When the metric of a route is 16 the route enters the suppressed state In the suppressed state only routes which come from the same neighbor and whose metric is less than 16 will be received by the router to replace unreachable routes z The garbage collect timer defines the interval from when the metric of a route becomes 16 to when it is delete...

Page 482: ...command to set a cost for routing information Use the undo apply cost command to remove the clause configuration No cost is set for routing information by default Related commands if match interface if match acl if match ip prefix if match ip next hop if match cost if match tag route policy apply ip address next hop apply tag Examples Configure node 10 in permit mode of route policy policy1 set a ...

Page 483: ... If you have set preferences for routing protocols with the preference command using the apply preference command will set a new preference for the matching routing protocol Non matching routing protocols still use the preferences set by the preference command Examples Configure node 10 in permit mode of route policy policy1 If a route matches existing ACL 2000 set the preference for the routing p...

Page 484: ...s exsting ACL 2000 set the tag of the route to 100 Sysname system view Sysname route policy policy1 permit node 10 Sysname route policy if match acl 2000 Sysname route policy apply tag 100 display route policy Syntax display route policy route policy name View Any view Default Level 1 Monitor level Parameters route policy name Route policy name a string of 1 to 19 characters Description Use the di...

Page 485: ...uting information having the specified cost Use the undo if match cost command to remove the match criterion The match criterion is not configured by default Related commands if match interface if match acl if match ip prefix if match ip next hop if match tag route policy apply ip address next hop apply cost apply tag Examples Configure node 10 in permit mode of route policy policy1 define an if m...

Page 486: ...p if match cost if match tag route policy apply ip address next hop apply cost apply tag Examples Configure node 10 in permit mode of route policy policy1 to permit routing information with the outbound interface as VLAN interface 1 Sysname system view Sysname route policy policy1 permit node 10 Sysname route policy if match interface vlan interface 1 if match tag Syntax if match tag value undo if...

Page 487: ...e as deny If a route satisfies all the if match clauses of the node it cannot pass the node and will not go to the next node node node number Node number in the range 0 to 65535 A node with a smaller number is matched first Description Use the route policy command to create a route policy and a node of it and enter route policy view Use the undo route policy command to remove a route policy or a n...

Page 488: ...he undo apply ip address next hop command to remove the clause configuration No next hop is set for IPv4 routing information by default This command cannot set a next hop for redistributed routes Related commands if match interface if match acl if match ip prefix if match ip next hop if match cost if match tag route policy apply local preference apply cost apply origin apply tag Examples Configure...

Page 489: ...bc Sysname display ip ip prefix abc Prefix list abc Permitted 0 Denied 0 index 10 permit 1 0 0 0 11 ge 22 le 32 Table 6 2 display ip ip prefix command output description Field Description Prefix list Name of the IPv4 prefix list Permitted Number of routes satisfying the match criterion Denied Number of routes not satisfying the match criterion index Index of the IPv4 prefix list permit Matching mo...

Page 490: ... if match acl 2000 if match ip Syntax if match ip next hop route source acl acl number ip prefix ip prefix name undo if match ip next hop route source acl ip prefix View Route policy view Default Level 2 System level Parameters next hop Matches the next hop of routing information to the filter route source Matches the source address of routing information to the filter acl acl number Matches an AC...

Page 491: ...ix list based match criterion Use the undo if match ip prefix command to remove the match criterion No IP prefix list based match criterion is configured by default Related commands if match interface if match ip next hop if match cost if match tag route policy apply ip address next hop apply cost apply tag Examples Configure node 10 of route policy policy2 to permit routes whose destination addre...

Page 492: ...ength 32 If only the min mask length is specified the prefix length range is min mask length 32 If only the max mask length is specified the prefix length range is mask length max mask length If both min mask length and max mask length are specified the prefix length range is min mask length max mask length Description Use the ip ip prefix command to configure an IPv4 prefix list or an item of it ...

Page 493: ...es Clear the statistics of IPv4 prefix list abc Sysname reset ip ip prefix abc IPv6 Route Policy Configuration Commands apply ipv6 next hop Syntax apply ipv6 next hop ipv6 address undo apply ipv6 next hop View Route policy view Default Level 2 System level Parameters ipv6 address Next hop IPv6 address Description Use the apply ipv6 next hop command to set a next hop for IPv6 routes Use the undo ap...

Page 494: ...p ipv6 prefix command to display the statistics of the specified IPv6 prefix list If no IPv6 prefix list is specified the statistics of all IPv6 prefix lists will be displayed Examples Display the statistics of all IPv6 prefix lists Sysname display ip ipv6 prefix Prefix list6 abc Permitted 0 Denied 0 index 10 permit 0 index 20 permit 1 ge 1 le 128 Table 6 3 display ip ipv6 prefix command output de...

Page 495: ... and 2000 to 2999 for next hop and route source prefix list ipv6 prefix name Specifies the name of a IPv6 prefix list for filtering a string of 1 to 19 characters Description Use the if match ipv6 command to configure a destination next hop or source address based match criterion for IPv6 routes Use the undo if match ipv6 command to remove the match criterion The match criterion is not configured ...

Page 496: ...Greater than or equal to the minimum prefix length less equal max prefix length Less than or equal to the maximum prefix length The length relation is mask length min mask length max mask length 128 If only the min prefix length is specified the prefix length range is min prefix length 128 If only the max prefix length is specified the prefix length range is prefix length max prefix length If both...

Page 497: ...equal 128 reset ip ipv6 prefix Syntax reset ip ipv6 prefix ipv6 prefix name View User view Default Level 2 System level Parameters ipv6 prefix name IPv6 prefix list name a string of 1 to 19 characters Description Use the reset ip ipv6 prefix command to clear the statistics of the specified IPv6 prefix list If no name is specified the statistics of all IPv6 prefix lists will be cleared Examples Cle...

Page 498: ...p snooping overflow replace 1 15 igmp snooping querier 1 15 igmp snooping query interval 1 16 igmp snooping router aging time 1 17 igmp snooping source deny 1 17 igmp snooping special query source ip 1 18 igmp snooping static group 1 19 igmp snooping static router port 1 20 igmp snooping version 1 21 last member query interval IGMP Snooping view 1 21 max response time IGMP Snooping view 1 22 overf...

Page 499: ...terval 3 14 mld snooping max response time 3 15 mld snooping overflow replace 3 15 mld snooping querier 3 16 mld snooping query interval 3 17 mld snooping router aging time 3 18 mld snooping source deny 3 18 mld snooping special query source ip 3 19 mld snooping static group 3 20 mld snooping static router port 3 21 mld snooping version 3 22 overflow replace MLD Snooping view 3 22 report aggregati...

Page 500: ... member number of the device in the IRF which you can display with the display irf command The value range for the slot number argument depends on the number of members and numbering conditions in the current IRF If no IRF exists the slot number argument is the current device number verbose Specifies to display the detailed IGMP Snooping multicast group information Description Use the display igmp...

Page 501: ...amic port S Static port C Copy port Port flags D for dynamic port S for static port C for port copied from a G entry to an S G entry Subvlan flags R Real VLAN C Copy VLAN Sub VLAN flags R for real egress sub VLAN under the current entry C for sub VLAN copied from a G entry to an S G entry Router port s Number of router ports 00 01 30 Remaining time of the dynamic member port or router port aging t...

Page 502: ...ong records 0 Received IGMPv3 specific queries 0 Received IGMPv3 specific sg queries 0 Sent IGMPv3 specific queries 0 Sent IGMPv3 specific sg queries 0 Received error IGMP messages 19 Table 1 2 display igmp snooping statistics command output description Field Description general queries General query messages specific queries Group specific query messages reports Report messages leaves Leave messa...

Page 503: ...nabled VLANs z If you do not specify any VLAN the command will take effect for all VLANs if you specify a VLAN or multiple VLANs the command will take effect for the specified VLAN s only Related commands igmp snooping fast leave Examples Enable fast leave processing globally in VLAN 2 Sysname system view Sysname igmp snooping Sysname igmp snooping fast leave vlan 2 group policy IGMP Snooping view...

Page 504: ...mmand will take effect for the specified VLAN s only z If the specified ACL does not exist or the ACL rule is null all multicast groups will be filtered out z You can configure different ACL rules for a port in different VLANs for a given VLAN a newly configured ACL rule will override the existing one Related commands igmp snooping group policy Examples Apply ACL 2000 as a multicast group filter i...

Page 505: ...300 igmp snooping Syntax igmp snooping undo igmp snooping View System view Default Level 2 System level Parameters None Description Use the igmp snooping command to enable IGMP Snooping globally and enter IGMP Snooping view Use the undo igmp snooping command to disable IGMP Snooping globally By default IGMP Snooping is disabled Related commands igmp snooping enable Examples Enable IGMP Snooping gl...

Page 506: ...mand takes effect only if IGMP Snooping is enabled in the VLAN Examples In VLAN 2 enable the function of dropping unknown multicast data Sysname system view Sysname vlan 2 Sysname vlan2 igmp snooping drop unknown igmp snooping enable Syntax igmp snooping enable undo igmp snooping enable View VLAN view Default Level 2 System level Parameters None Description Use the igmp snooping enable command to ...

Page 507: ...port or group of ports With this function enabled when the switch receives an IGMP leave message on a port it directly removes that port from the multicast forwarding entry of the specific group Use the undo igmp snooping fast leave command to disable fast leave processing on the current port or group of ports By default fast leave processing is disabled Note that z This command works on IGMP Snoo...

Page 508: ...used as the source IP address of IGMP general queries ip address Specifies the source address of IGMP general queries which can be any legal IP address Description Use the igmp snooping general query source ip command to configure the source address of IGMP general queries Use the undo igmp snooping general query source ip command to restore the default configuration By default the source IP addre...

Page 509: ...If you do not specify any VLAN when using this command in Ethernet port view or Layer 2 aggregate port view the command will take effect for all VLANs the port belongs to if you specify a VLAN or multiple VLANs the command will take effect only if the port belongs to the specified VLAN s z If you do not specify any VLAN when using this command in port group view the command will take effect on all...

Page 510: ...amely a host can join any valid multicast group Note that z If you do not specify any VLAN when using this command in Ethernet port view or Layer 2 aggregate port view the command will take effect for all VLANs the port belongs to if you specify a VLAN or multiple VLANs the command will take effect only if the port belongs to the specified VLAN s z If you do not specify any VLAN when using this co...

Page 511: ...AN 2 Sysname system view Sysname vlan 2 Sysname vlan2 igmp snooping host aging time 300 igmp snooping host join Syntax igmp snooping host join group address source ip source address vlan vlan id undo igmp snooping host join group address source ip source address vlan vlan id View Ethernet port view Layer 2 aggregate port view port group view Default Level 2 System level Parameters group address Ad...

Page 512: ...a query message z If configured in Ethernet port view or Layer 2 aggregate port view this feature takes effect only if the port belongs to the specified VLAN z If configured in port group view this feature takes effect only on those ports in this port group that belong to the specified VLAN Examples Configure GIgabitEthernet1 0 1 as a simulated member host in VLAN 2 for multicast source 1 1 1 1 an...

Page 513: ...igmp snooping max response time interval undo igmp snooping max response time View VLAN view Default Level 2 System level Parameters interval Maximum response time to IGMP general queries in seconds The effective range is 1 to 25 Description Use the igmp snooping max response time command to configure the maximum response time to IGMP general queries in the VLAN Use the undo igmp snooping max resp...

Page 514: ...the current port s By default the multicast group replacement function is disabled Note that z This command works on IGMP Snooping enabled VLANs z If you do not specify any VLAN when using this command in Ethernet port view or Layer 2 aggregate port view the command will take effect for all VLANs the port belongs to if you specify a VLAN or multiple VLANs the command will take effect only if the p...

Page 515: ... multicast VLAN Related commands subvlan in Multicast VLAN Commands in the IP Multicast Volume Examples Enable the IGMP Snooping querier function in VLAN 2 Sysname system view Sysname vlan 2 Sysname vlan2 igmp snooping querier igmp snooping query interval Syntax igmp snooping query interval interval undo igmp snooping query interval View VLAN view Default Level 2 System level Parameters interval I...

Page 516: ...evel Parameters interval Dynamic router port aging time in seconds The effective range is 1 to 1 000 Description Use the igmp snooping router aging time command to configure the aging time of dynamic router ports in the current VLAN Use the undo igmp snooping router aging time command to restore the default setting By default the aging time of dynamic router ports is 105 seconds This command takes...

Page 517: ...nooping special query source ip current interface ip address undo igmp snooping special query source ip View VLAN view Default Level 2 System level Parameters current interface Sets the source address of IGMP group specific queries to the address of the current VLAN interface If the current VLAN interface does not have an IP address the default IP address 0 0 0 0 will be used as the source IP addr...

Page 518: ... is specified vlan vlan id Specifies the VLAN that comprises the port s where vlan id is in the range of 1 to 4094 Description Use the igmp snooping static group command to configure the static G or S G joining function namely to configure the current port or port group as static multicast group or source group member s Use the undo igmp snooping static group command to restore the system default ...

Page 519: ... snooping static router port command to configure the current port s as static router port s Use the undo igmp snooping static router port command to restore the system default By default no ports are static router ports Note that z This command works on IGMP Snooping enabled VLANs z This command does not take effect in a sub VLAN of a multicast VLAN z If configured in Ethernet port view or Layer ...

Page 520: ...n take effect only if IGMP Snooping is enabled in the VLAN z This command does not take effect in a sub VLAN of a multicast VLAN Related commands igmp snooping enable subvlan in Multicast VLAN Commands in the IP Multicast Volume Examples Enable IGMP Snooping in VLAN 2 and set the IGMP Snooping version to version 3 Sysname system view Sysname igmp snooping Sysname igmp snooping quit Sysname vlan 2 ...

Page 521: ...mp snooping Sysname igmp snooping last member query interval 3 max response time IGMP Snooping view Syntax max response time interval undo max response time View IGMP Snooping view Default Level 2 System level Parameters interval Maximum response time to IGMP general queries in seconds The effective range is 1 to 25 Description Use the max response time command to configure the maximum response ti...

Page 522: ...lticast group replacement function globally Use the undo overflow replace command to disable the multicast group replacement function globally By default the multicast group replacement function is disabled Note that z This command works on IGMP Snooping enabled VLANs z If you do not specify any VLAN the command will take effect for all VLANs if you specify a VLAN or multiple VLANs the command wil...

Page 523: ...User view Default Level 2 System level Parameters group address Clears the information about the specified multicast group The value range of group address is 224 0 1 0 to 239 255 255 255 all Clears all IGMP Snooping multicast group information vlan vlan id Clears the IGMP Snooping multicast group information in the specified VLAN The effective range of vlan id is 1 to 4094 Description Use the res...

Page 524: ...ooping view Syntax router aging time interval undo router aging time View IGMP Snooping view Default Level 2 System level Parameters interval Dynamic router port aging time in seconds The effective range is 1 to 1 000 Description Use the router aging time command to configure the aging time of dynamic router ports globally Use the undo router aging time command to restore the default setting By de...

Page 525: ...t interface number to interface type end interface number where the end interface number must be greater than the start interface number Description Use the source deny command to enable multicast source port filtering so that all multicast data packets are blocked Use the undo source deny command to disable multicast source port filtering By default multicast source port filtering is not enabled ...

Page 526: ...ayed Description Use the display multicast vlan command to view the information about the specified multicast VLAN Examples View the information about all multicast VLANs Sysname display multicast vlan Total 1 multicast vlan s Multicast vlan 100 subvlan list vlan 2 4 6 port list no port Table 2 1 display multicast vlan command output description Field Description Total 1 multicast vlan s Total num...

Page 527: ...e specified VLAN to be configured as a multicast VLAN must exist z For a sub VLAN based multicast VLAN you need to enable IGMP Snooping only in the multicast VLAN for a port based multicast VLAN you need to enable IGMP Snooping in both the multicast VLAN and all the user VLANs Related commands igmp snooping enable in the IGMP Snooping Commands in the IP Multicast Volume Examples Enable IGMP Snoopi...

Page 528: ...port s or all ports from the current multicast VLAN By default a multicast VLAN has no ports Note that z A port can belong to only one multicast VLAN z Only the following types of ports can be configured as multicast VLAN ports Ethernet or Layer 2 aggregate ports Examples Assign ports GigabitEthernet1 0 1 through GigabitEthernet1 0 5 to multicast VLAN 100 Sysname system view Sysname multicast vlan...

Page 529: ...the form of vlan id or a VLAN range in the form of start vlan id to end vlan id where the end VLAN ID must be greater than the start VLAN ID The effective range of a VLAN ID is 1 to 4094 all Deletes all the sub VLANs of the current multicast VLAN Description Use the subvlan command to configure sub VLAN s for the current multicast VLAN Use the undo subvlan command to remove the specified sub VLAN ...

Page 530: ...2 5 Sysname mvlan 100 subvlan 10 to 15 ...

Page 531: ...argument is the member number of the device in the IRF which you can display with the display irf command The value range for the slot number argument depends on the number of members and numbering conditions in the current IRF If no IRF exists the slot number argument is the current device number verbose Displays the detailed MLD Snooping multicast group information Description Use the display ml...

Page 532: ...t flags D Dynamic port S Static port C Copy port Port flags D for dynamic port S for static port C for port copied from a G entry to an S G entry Subvlan flags R Real VLAN C Copy VLAN Sub VLAN flags R for real egress sub VLAN under the current entry C for sub VLAN copied from a G entry to an S G entry Router port s Number of router ports 00 01 30 Remaining time of the dynamic member port or router...

Page 533: ...rds 0 Received MLDv2 specific queries 0 Received MLDv2 specific sg queries 0 Sent MLDv2 specific queries 0 Sent MLDv2 specific sg queries 0 Received error MLD messages 0 Table 3 2 display mld snooping statistics command output description Field Description general queries General query messages specific queries Multicast address specific query messages reports Report messages dones Done messages r...

Page 534: ...VLANs z If you do not specify any VLAN the command will take effect for all VLANs if you specify a VLAN or multiple VLANs the command will take effect for the specified VLAN s only Related commands mld snooping fast leave Examples Enable fast leave processing globally in VLAN 2 Sysname system view Sysname mld snooping Sysname mld snooping fast leave vlan 2 group policy MLD Snooping view Syntax gro...

Page 535: ... if you specify a VLAN or multiple VLANs the command will take effect for the specified VLAN s only z If the specified IPv6 ACL does not exist or the ACL rule is null all IPv6 multicast groups will be filtered out z You can configure different IPv6 ACL rules for each port in different VLANs for a given VLAN a newly configured IPv6 ACL rule will override the existing one Related commands mld snoopi...

Page 536: ...tener query interval View MLD Snooping view Default Level 2 System level Parameters interval MLD last listener query interval in units of seconds namely the length of time the device waits between sending MLD multicast address specific queries The effective range is 1 to 5 Description Use the last listener query interval command to configure the MLD last listener query interval globally Use the un...

Page 537: ...l queries globally Use the undo max response time command to restore the system default By default the maximum response time for MLD general queries is 10 seconds This command works on MLD Snooping enabled VLANs Related commands mld snooping max response time mld snooping query interval Examples Set the maximum response time for MLD general queries globally to 5 seconds Sysname system view Sysname...

Page 538: ...e Syntax mld snooping enable undo mld snooping enable View VLAN view Default Level 2 System level Parameters None Description Use the mld snooping enable command to enable MLD Snooping in the current VLAN Use the undo mld snooping enable command to disable MLD Snooping in the current VLAN By default MLD Snooping is disabled in a VLAN MLD Snooping must be enabled globally before it can be enabled i...

Page 539: ...mand to disable fast leave processing on the current port or group of ports By default fast leave processing is disabled Note that z This command works on MLD Snooping enabled VLANs z If you do not specify any VLAN when using this command in Ethernet port view or Layer 2 aggregate port view the command will take effect for all VLANs the port belongs to if you specify a VLAN or multiple VLANs the c...

Page 540: ...re the default configuration By default the source IPv6 address of MLD general queries is FE80 02FF FFFF FE00 0001 This command takes effect only if MLD Snooping is enabled in the VLAN Examples In VLAN 2 specify FE80 0 0 1 1 as the source IPv6 address of MLD general queries Sysname system view Sysname vlan 2 Sysname vlan2 mld snooping general query source ip fe80 0 0 1 1 mld snooping group limit S...

Page 541: ...allow a maximum of 10 IPv6 multicast groups to be joined on GigabitEthernet 1 0 1 in VLAN 2 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet 1 0 1 mld snooping group limit 10 vlan 2 mld snooping group policy Syntax mld snooping group policy acl6 number vlan vlan list undo mld snooping group policy vlan vlan list View Ethernet port view Layer 2 aggregate port view...

Page 542: ...this group if you specify a VLAN or multiple VLANs the command will take effect only on those ports in this group that belong to the specified VLAN s z If the specified ACL does not exist or the ACL rule is null all IPv6 multicast groups will be filtered out z You can configure different IPv6 ACL rules for each port in different VLANs for a given VLAN a newly configured IPv6 ACL rule will override...

Page 543: ...address Address of IPv6 multicast group which the simulated host is to join The effective range is FFxy 16 excluding FFx0 16 FFx1 16 FFx2 16 and FF0y where x and y represent any hexadecimal number between 0 and F inclusive ipv6 source address Address of the IPv6 multicast source that the simulated host is to join vlan vlan id Specifies a VLAN that comprises the port s where vlan id is in the range...

Page 544: ... enable Sysname vlan2 mld snooping version 2 Sysname vlan2 quit Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet 1 0 1 mld snooping host join ff3e 101 source ip 2002 22 vlan 2 mld snooping last listener query interval Syntax mld snooping last listener query interval interval undo mld snooping last listener query interval View VLAN view Default Level 2 System level Parameters interva...

Page 545: ...the maximum response time for MLD general queries in the VLAN Use the undo mld snooping max response time command to restore the default setting By default the maximum response time for MLD general queries is 10 seconds This command takes effect only if MLD Snooping is enabled in the VLAN Related commands max response time mld snooping query interval Examples Set the maximum response time for MLD ...

Page 546: ...abled VLANs z If you do not specify any VLAN when using this command in Ethernet port view or Layer 2 aggregate port view the command will take effect for all VLANs the port belongs to if you specify a VLAN or multiple VLANs the command will take effect only if the port belongs to the specified VLAN s z If you do not specify any VLAN when using this command in port group view the command will take...

Page 547: ...VLAN 2 Sysname system view Sysname vlan 2 Sysname vlan2 mld snooping querier mld snooping query interval Syntax mld snooping query interval interval undo mld snooping query interval View VLAN view Default Level 2 System level Parameters interval MLD query interval in seconds namely the length of time the device waits between sending MLD general queries The effective range is 2 to 300 Description U...

Page 548: ...router aging time command to configure the aging time of dynamic router ports in the current VLAN Use the undo mld snooping router aging time command to restore the default setting By default the dynamic router port aging time is 260 seconds This command takes effect only if MLD Snooping is enabled in the VLAN Related commands router aging time Examples Set the aging time of dynamic router ports t...

Page 549: ...rameters current interface Specifies the source IPv6 link local address of the VLAN interface of the current VLAN as the source IPv6 address of MLD multicast address specific queries If the current VLAN interface does not have an IPv6 address the default IPv6 address FE80 02FF FFFF FE00 0001 will be used as the source IPv6 address of MLD multicast address specific queries ipv6 address Specifies an...

Page 550: ...l be configured to join as static member port s vlan vlan id Specifies the VLAN that comprises the Ethernet port s where vlan id is in the range of 1 to 4094 Description Use the mld snooping static group command to configure the static IPv6 G or S G joining function namely to configure the port or port group as static IPv6 multicast group or source group member s Use the undo mld snooping static g...

Page 551: ...cifies a VLAN in which one or more static router ports are to be configured where vlan id is in the range of 1 to 4094 Description Use the mld snooping static router port command to configure the current port s as static router port s Use the undo mld snooping static router port command to restore the system default By default no ports are static router ports Note that z This command works on MLD ...

Page 552: ...the undo mld snooping version command to restore the default setting By default the MLD version is 1 Note that z This command can take effect only if MLD Snooping is enabled in the VLAN z This command does not take effect in a sub VLAN of an IPv6 multicast VLAN Related commands mld snooping enable subvlan in IPv6 Multicast VLAN Commands in the IP Multicast Volume Examples Enable MLD Snooping in VL...

Page 553: ...isable the IPv6 multicast group replacement function globally By default the IPv6 multicast group replacement function is disabled globally Note that z This command works on MLD Snooping enabled VLANs z If you do not specify any VLAN the command will take effect for all VLANs if you specify a VLAN or multiple VLANs the command will take effect for the specified VLAN s only Related commands mld sno...

Page 554: ... the specified multicast group The effective range of ipv6 group address is FFxy 16 excluding FFx0 16 FFx1 16 FFx2 16 and FF0y where x and y represent any hexadecimal number between 0 and F inclusive all Clears all MLD Snooping multicast group information vlan vlan id Clears the MLD Snooping multicast group information in the specified VLAN The effective range of vlan id is 1 to 4094 Description U...

Page 555: ... Snooping view Default Level 2 System level Parameters interval Dynamic router port aging time in seconds The effective range is 1 to 1 000 Description Use the router aging time command to configure the aging time of dynamic router ports globally Use the undo router aging time command to restore the default setting By default the dynamic router port aging time is 260 seconds This command works on ...

Page 556: ...erface number is port number Description Use the source deny command to enable IPv6 multicast source port filtering namely to filter out all the received IPv6 multicast packets Use the undo source deny command to disable IPv6 multicast source port filtering By default IPv6 multicast source port filtering is disabled This command works on MLD Snooping enabled VLANs Examples Enable source port filte...

Page 557: ...y multicast vlan ipv6 command to view the information about the specified IPv6 multicast VLAN or all IPv6 multicast VLANs Examples View the information about all IPv6 multicast VLANs Sysname display multicast vlan ipv6 Total 1 IPv6 multicast vlan s IPv6 Multicast vlan 100 subvlan list vlan 2 4 6 port list no port Table 4 1 display multicast vlan ipv6 command output description Field Description To...

Page 558: ...default Note that z The specified VLAN to be configured as an IPv6 multicast VLAN must exist z For a sub VLAN based IPv6 multicast VLAN you need to enable MLD Snooping only in the IPv6 multicast VLAN for a port based IPv6 multicast VLAN you need to enable MLD Snooping in both the IPv6 multicast VLAN and all the user VLANs Related commands mld snooping enable in the MLD Snooping Commands in the IP ...

Page 559: ...rent IPv6 multicast VLAN Use the undo port command to delete port s from the current IPv6 multicast VLAN By default an IPv6 multicast VLAN has no ports Note that z A port can belong to only one IPv6 multicast VLAN z Only the following types of ports can be configured as IPv6 multicast VLAN ports Ethernet and Layer 2 aggregate ports Examples Assign ports GigabitEthernet1 0 1 through GigabitEthernet...

Page 560: ...do subvlan all vlan list View IPv6 multicast VLAN view Default Level 2 System level Parameters vlan list Specifies a VLAN in the form of vlan id or a VLAN range in the form of start vlan id to end vlan id where the end VLAN ID must be greater than the start VLAN ID The effective range of a VLAN ID is 1 to 4094 all Deletes all the sub VLANs of the current IPv6 multicast VLAN Description Use the sub...

Page 561: ...4 5 Examples Configure VLAN 10 through VLAN 15 as sub VLANs of IPv6 multicast VLAN 100 Sysname system view Sysname multicast vlan ipv6 100 Sysname ipv6 mvlan 100 subvlan 10 to 15 ...

Page 562: ...olicy 1 15 display qos policy global 1 16 display qos policy interface 1 18 display qos vlan policy 1 19 qos apply policy 1 21 qos apply policy global 1 21 qos policy 1 22 qos vlan policy 1 23 reset qos policy global 1 23 reset qos vlan policy 1 24 2 Priority Mapping Configuration Commands 2 1 Priority Mapping Table Configuration Commands 2 1 display qos map table 2 1 qos map table 2 2 import 2 2 ...

Page 563: ... 4 1 display qos wfq interface 4 1 display qos wrr interface 4 2 qos bandwidth queue 4 4 qos sp 4 4 qos wfq 4 5 qos wfq weight 4 6 qos wrr 4 6 qos wrr group 4 7 5 Traffic Mirroring Configuration Commands 5 1 Traffic Mirroring Configuration Commands 5 1 mirror to 5 1 6 User Profile Configuration Commands 6 1 User Profile Configuration Commands 6 1 display user profile 6 1 user profile enable 6 2 us...

Page 564: ...information about all the user defined classes Examples Display the information about the user defined classes Sysname display traffic classifier user defined User Defined Classifier Information Classifier p Operator AND Rule s If match acl 2001 Table 1 1 display traffic classifier user defined command output description Field Description User Defined Classifier Information The information about t...

Page 565: ...tionship between rules defined in the referenced IPv6 ACL is or any Specifies to match all packets customer dot1p 8021p list Specifies to match packets by 802 1p precedence of the customer network The 8021p list argument is a list of CoS values in the range of 0 to 7 Even though you can provide up to eight space separated CoS values for this argument the Switch 4510G series switches support only o...

Page 566: ... of a specified protocol The protocol name argument can be IP or IPv6 service dot1p 8021p list Specifies to match packets by 802 1p precedence of the service provider network The 8021p list argument is a list of CoS values in the range of 0 to 7 Even though you can provide up to eight space separated CoS values for this argument the Switch 4510G series switches support only one CoS value in a rule...

Page 567: ...addresses being 0050 ba27 bed2 Sysname system view Sysname traffic classifier class2 Sysname classifier class2 if match source mac 0050 ba27 bed2 Define a rule for class3 to match the advanced IPv4 ACL 3101 Sysname system view Sysname traffic classifier class3 Sysname classifier class3 if match acl 3101 Define a rule for class4 to match the advanced IPv6 ACL 3101 Sysname system view Sysname traffi...

Page 568: ...tch the packets of service VLAN 1000 Sysname system view Sysname traffic classifier class12 Sysname classifier class12 if match service vlan id 1000 traffic classifier Syntax traffic classifier classifier name operator and or undo traffic classifier classifier name View System view Default Level 2 System Level Parameters and Specifies the relationship among the rules in the class as logic AND That...

Page 569: ...g action for a traffic behavior Use the undo accounting command to remove the traffic accounting action Related commands qos policy traffic behavior classifier behavior Examples Configure the traffic accounting action for a traffic behavior Sysname system view Sysname traffic behavior database Sysname behavior database accounting car Syntax car cir committed information rate cbs committed burst si...

Page 570: ... to neither CIR nor PIR The action argument can be z discard Drops the packets z pass Forwards the packets z remark dscp pass new dscp Marks the packets with a new DSCP precedence and forwards them to their destinations The new dscp argument is in the range 0 to 63 By default packets conforming to neither CIR nor PIR are dropped yellow action Specifies the action to be conducted for the traffic co...

Page 571: ...tion about all the user defined traffic behaviors Sysname display traffic behavior user defined User Defined Behavior Information Behavior test Marking Remark dot1p COS 4 Committed Access Rate CIR 64 kbps CBS 4000 byte EBS 4000 byte PIR 640 kbps Green Action pass Red Action discard Yellow Action pass Table 1 3 display traffic behavior user defined command output description Field Description User ...

Page 572: ... Level Parameters deny Drops packets permit Forwards packets Description Use the filter command to configure traffic filtering action for a traffic behavior Use the undo filter command to remove the traffic filtering action Related commands qos policy traffic behavior classifier behavior Examples Configure traffic filtering action for a traffic behavior Sysname system view Sysname traffic behavior...

Page 573: ...Ethernet 1 0 1 remark dot1p Syntax remark dot1p 8021p undo remark dot1p View Traffic behavior view Default Level 2 System Level Parameters 8021p 802 1p precedence to be set for packets in the range 0 to 7 Description Use the remark dot1p command to configure the action of setting 802 1p precedence for a traffic behavior Use the undo remark dot1p command to remove the action of setting 802 1p prece...

Page 574: ...rop precedence for a traffic behavior Use the undo remark drop precedence command to remove the action of setting drop precedence Related commands qos policy traffic behavior classifier behavior Examples Configure the action to set drop precedence to 2 for a traffic behavior Sysname system view Sysname traffic behavior database Sysname behavior database remark drop precedence 2 remark dscp Syntax ...

Page 575: ... 011000 24 cs4 100000 32 cs5 101000 40 cs6 110000 48 cs7 111000 56 ef 101110 46 Description Use the remark dscp command to configure the action of setting DSCP precedence for a traffic behavior Use the undo remark dscp command to remove the action of setting DSCP precedence Related commands qos policy traffic behavior classifier behavior Examples Configure the action to set DSCP precedence to 6 fo...

Page 576: ...ing IP precedence Related commands qos policy traffic behavior classifier behavior Examples Configure the action to set IP precedence to 6 for a traffic behavior Sysname system view Sysname traffic behavior database Sysname behavior database remark ip precedence 6 remark local precedence Syntax remark local precedence local precedence undo remark local precedence View Traffic behavior view Default...

Page 577: ...avior database Sysname behavior database remark local precedence 2 traffic behavior Syntax traffic behavior behavior name undo traffic behavior behavior name View System view Default Level 2 System Level Parameters behavior name Name of the traffic behavior to be created a case sensitive string of 1 to 31 characters No spaces are allowed in a traffic behavior name Description Use the traffic behav...

Page 578: ...o spaces are allowed in a behavior name Description Use the classifier behavior command to associate a traffic behavior with a class Use the undo classifier command to remove a class from a policy Note that each class can be associated with only one traffic behavior Related commands qos policy Examples Associate the behavior named test with the class named database in the policy user1 Sysname syst...

Page 579: ...nd the associated traffic behaviors in the policy Examples Display the configuration of all the user specified policies Sysname display qos policy user defined User Defined QoS Policy Information Policy test Classifier test Behavior test Accounting Enable Committed Access Rate CIR 64 kbps CBS 4000 byte EBS 4000 byte PIR 640 kbps Green Action pass Red Action discard Yellow Action pass Table 1 5 dis...

Page 580: ...policy global inbound Direction Inbound Policy abc_policy Classifier abc Operator AND Rule s If match dscp cs1 Behavior abc Committed Access Rate CIR 640 kbps CBS 4000 byte EBS 4000 byte Green Action pass Red Action discard Yellow Action pass Green 0 Packets Table 1 6 display qos policy global command output description Field Description Direction Direction in which the policy is applied globally ...

Page 581: ...irection Description Use the display qos policy interface command to display the configuration and statistics information about the policy applied on a port If no interface is provided the configuration and statistics information about the policies applied on all the ports is displayed Examples Display the configuration and statistics information about the policy applied to port GigabitEthernet 1 ...

Page 582: ...ame policy name Specifies to display the information about the VLAN policy with the specified name a case sensitive string of 1 to 31 characters No spaces are allowed in a VLAN policy name vlan vlan id Specifies to display the information about the VLAN policy applied to the specified VLAN If no VLAN ID is specified the VLAN policy information of all VLANs is displayed slot number Specifies to dis...

Page 583: ...00 kbps CBS 4000 byte EBS 4000 byte Green Action pass Red Action discard Yellow Action pass Green 0 Packets Table 1 9 display qos vlan policy command output description Field Description Vlan 300 ID of the VLAN where the VLAN policy is applied Inbound VLAN policy is applied in the inbound direction of the VLAN Classifier Name of the class in the policy and its configuration Operator Logical relati...

Page 584: ...ound Specifies the inbound direction policy name Specifies a QoS policy name a case sensitive string of 1 to 31 characters No spaces are allowed in a QoS policy name Description Use the qos apply policy command to apply a QoS policy on a port or a port group Use the undo qos apply policy command to remove the policy applied on a port or a port group Examples Apply the policy named test in the inbo...

Page 585: ...1 in the inbound direction globally Sysname system view Sysname qos apply policy user1 global inbound qos policy Syntax qos policy policy name undo qos policy policy name View System view Default Level 2 System Level Parameters policy name Name of the policy to be created a case sensitive string of 1 to 31 characters No spaces are allowed in a policy name Description Use the qos policy command to ...

Page 586: ...o apply the VLAN policy in the inbound direction of the VLAN Description Use the qos vlan policy command to apply the VLAN policy to the specific VLAN s Use the undo qos vlan policy command to remove the VLAN policy from the specific VLAN s Do not apply policies to a VLAN and the ports in the VLAN at the same time Examples Apply the VLAN policy named test in the inbound direction of VLAN 200 VLAN ...

Page 587: ...t qos vlan policy Syntax reset qos vlan policy vlan vlan id inbound View User view Default Level 1 Monitor level Parameters vlan id VLAN ID in the range 1 to 4 094 inbound Clears the QoS policy statistics in the inbound direction of the specified VLAN Description Use the reset qos vlan policy command to clear the statistics information about VLAN QoS policies If no VLAN ID is specified QoS policy ...

Page 588: ...drop precedence mapping table dscp dot1p Specifies the DSCP to 802 1p precedence mapping table dscp dscp Specifies the DSCP to DSCP mapping table Description Use the display qos map table command to display the configuration of a priority mapping table If the type of the priority mapping table is not specified the configuration of all the priority mapping tables is displayed Related commands qos m...

Page 589: ...le dot1p dp Specifies the 802 1p precedence to drop precedence mapping table dscp dp Specifies the DSCP to drop precedence mapping table dscp dot1p Specifies the DSCP to 802 1p precedence mapping table dscp dscp Specifies the DSCP to DSCP mapping table Description Use the qos map table command to enter specific priority mapping table view Related commands display qos map table Examples Enter 802 1...

Page 590: ...rop precedence 1 Related commands display qos map table Examples Configure the 802 1p precedence to drop precedence mapping table to map 802 1p precedence 4 and 5 to drop precedence 1 Sysname system view Sysname qos map table dot1p dp Sysname maptbl dot1p dp import 4 5 export 1 Port Priority Configuration Commands qos priority Syntax qos priority priority value undo qos priority View Ethernet inte...

Page 591: ...trust interface interface type interface number View Any view Default Level 1 Monitor level Parameters interface type Port type interface number Port number Description Use the display qos trust interface command to display the port priority trust mode of a port If no port is specified this command displays the port priority trust modes of all the ports Examples Display the port priority trust mod...

Page 592: ...ters dscp Specifies to trust DSCP precedence carried in the packet and adopt this priority for priority mapping dot1p Specifies to trust 802 1p precedence carried in the packet and adopt this priority for priority mapping Description Use the qos trust command to configure the port priority trust mode Use the undo qos trust command to restore the default port priority trust mode By default the port...

Page 593: ...ion If no port is specified traffic shaping configuration information of all ports is displayed Examples Display traffic shaping configuration information of all ports Sysname display qos gts interface Interface GigabitEthernet1 0 1 Rule s If match queue 2 CIR 640 kbps CBS 40960 byte Table 3 1 display qos gts command output description Field Description Interface Port name identified by port type ...

Page 594: ...ltiple of 4096 that is bigger than and nearest to 62 5 ms committed information rate The maximum CBS is 16777216 For example if the CIR is 640 kbps then 62 5 ms CIR is 62 5 ms 640 40000 As 40000 is not a multiple of 4096 40960 which is the multiple of 4096 that is bigger than and nearest to 40000 is taken as the default CBS Description Use the qos gts command to configure traffic shaping Use the u...

Page 595: ...bps CBS 400000 byte Table 3 2 display qos lr command output description Field Description Interface Port name composed of port type and port number Direction Specify the direction of limited rate as inbound CIR Committed information rate in kbps CBS Committed burst size in byte qos lr outbound Syntax qos lr outbound cir committed information rate cbs committed burst size undo qos lr outbound View ...

Page 596: ... not used the system uses the default committed burst size that is 62 5 ms x committed information rate or 16000000 if the multiplication is more than 16000000 Description Use the qos lr outbound command to limit the rate of outbound traffic via physical interfaces Use the undo qos lr outbound command to cancel the limit Examples Limit the outbound traffic rate on GigabitEthernet 1 0 1 within 640 ...

Page 597: ...isplay qos sp interface command to display the strict priority SP queuing configuration on a specified port If no port is specified this command displays the SP queuing configuration on all ports Related commands qos sp Examples Display the SP queuing configuration on GigabitEthernet 1 0 1 Sysname display qos sp interface GigabitEthernet 1 0 1 Interface GigabitEthernet1 0 1 Output queue Strict pri...

Page 598: ...0 1 Sysname display qos wfq interface GigabitEthernet 1 0 1 Interface GigabitEthernet1 0 1 Output queue Hardware weighted fair queue Queue ID Weight Min Bandwidth 0 1 64 1 2 64 2 4 64 3 6 64 4 8 64 5 10 64 6 12 64 7 14 64 Table 4 1 display qos wfq interface command output description Field Description Interface Port name composed of port type and port number Output queue The type of the current ou...

Page 599: ...es of GigabitEthernet 1 0 1 Sysname display qos wrr interface GigabitEthernet 1 0 1 Interface GigabitEthernet1 0 1 Output queue Weighted round robin queue Queue ID Group Weight 0 sp N A 1 sp N A 2 1 3 3 1 4 4 1 5 5 1 6 6 1 7 7 1 8 Table 4 2 display qos wrr interface command output description Field Description Interface Port name composed of port type and port number Output queue The type of the c...

Page 600: ...orts in the port group Use the undo qos bandwidth queue command to remove the configuration By default the minimum guaranteed bandwidth of a queue is 64 kbps Note that z In Ethernet interface view the configuration takes effect only on the current port in port group view the configuration takes effect on all ports in the port group z To configure minimum guaranteed bandwidth for queues on a port p...

Page 601: ...me system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 qos sp qos wfq Syntax qos wfq undo qos wfq View Ethernet interface view port group view Default Level 2 System Level Parameters None Description Use the qos wfq command to enable weighted fair queuing WFQ on a port or port group Use the undo qos wfq command to restore the default By default all the ports adopt the ...

Page 602: ...s wfq command to restore the default On a WFQ enable port port group the scheduling weight of a queue is 1 by default Related commands display qos wfq interface qos bandwidth queue Examples Enable WFQ on GigabitEthernet 1 0 1 and assign weight values 1 2 4 6 8 10 12 and 14 to queues 0 through 7 Sysname system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 qos wfq Sysname...

Page 603: ... view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 qos wrr qos wrr group Syntax qos wrr queue id group sp group id weight schedule value undo qos wrr View Ethernet interface view port group view Default Level 2 System Level Parameters queue id ID of the queue in the range of 0 to 7 group id It can only be 1 weight schedule value Specifies the scheduling weight of a queue ra...

Page 604: ...g to the strict priority of each queue while the queues in the WRR queue scheduling group are scheduled according the weight value of each queue Related commands display qos wrr interface Examples Configure SP WRR queue scheduling algorithm on GigabitEthernet 1 0 1 as follows assign queue 0 queue 1 queue 2 and queue 3 to the SP scheduling group and assign queue 4 queue 5 queue 5 and queue 7 to WRR...

Page 605: ...erface interface type interface number Port type and port number of the destination port for the traffic mirroring action Description Use the mirror to command to configure traffic mirroring action for a traffic behavior Use the undo mirror to command to remove the traffic mirroring action Examples Configure traffic behavior 1 and define the action of mirroring traffic to GigabitEthernet1 0 2 in t...

Page 606: ...ll the user profiles that have been created Sysname display user profile Status User profile AuthType enabled b123 DOT1X Total user profiles 1 Enabled user profiles 1 Table 6 1 display user profile command output description Field Description Status Status of the current user profile z enabled z disabled User profile User profile name AuthType Authentication type of the current user profile Total ...

Page 607: ...to disable the specified user profile By default a created user profile is disabled Note that z When you execute the command the specified user profile must be created otherwise the command fails z Only an enabled user profile can be used by users You cannot modify or remove the configuration items in a user profile until the user profile is disabled z Disabling a user profile logs out the users u...

Page 608: ...ill directly enter the corresponding user profile view without the need to create a user profile Use the undo user profile command to remove an existing disabled user profile By default no user profiles exist on the device Note that z The dot1x keyword is required when you creating a user profile and it s optional when you entering the user profile view or deleting an existing user profile z An en...

Page 609: ...tion attribute 1 13 bind attribute 1 15 cut connection 1 16 display connection 1 17 display domain 1 18 display local user 1 20 display user group 1 22 domain 1 23 domain default enable 1 23 expiration date 1 24 group 1 25 idle cut enable 1 25 local user 1 26 local user password display mode 1 27 password 1 28 self service url enable 1 29 service type 1 30 state 1 30 user group 1 31 2 RADIUS Confi...

Page 610: ...nds 3 1 HWTACACS Configuration Commands 3 1 data flow format HWTACACS scheme view 3 1 display hwtacacs 3 1 display stop accounting buffer 3 4 hwtacacs nas ip 3 4 hwtacacs scheme 3 5 key HWTACACS scheme view 3 6 nas ip HWTACACS scheme view 3 6 primary accounting HWTACACS scheme view 3 7 primary authentication HWTACACS scheme view 3 8 primary authorization 3 9 reset hwtacacs statistics 3 10 reset st...

Page 611: ... display habp traffic 6 2 habp enable 6 3 habp server vlan 6 4 habp timer 6 4 7 MAC Authentication Configuration Commands 7 1 MAC Authentication Configuration Commands 7 1 display mac authentication 7 1 mac authentication 7 3 mac authentication domain 7 4 mac authentication timer 7 4 mac authentication user name format 7 5 reset mac authentication statistics 7 7 8 Port Security Configuration Comma...

Page 612: ...sh server compatible ssh1x enable 10 5 ssh server enable 10 5 ssh server rekey interval 10 6 ssh user 10 7 SSH2 0 Client Configuration Commands 10 8 display ssh client source 10 8 display ssh server info 10 9 ssh client authentication server 10 10 ssh client first time enable 10 10 ssh client ipv6 source 10 11 ssh client source 10 12 ssh2 10 12 ssh2 ipv6 10 14 SFTP Server Configuration Commands 10...

Page 613: ...control policy 11 11 display pki certificate attribute group 11 12 display pki crl domain 11 12 fqdn 11 14 ip PKI entity view 11 14 ldap server 11 15 locality 11 16 organization 11 16 organization unit 11 17 pki certificate access control policy 11 17 pki certificate attribute group 11 18 pki delete certificate 11 19 pki domain 11 19 pki entity 11 20 pki import certificate 11 21 pki request certif...

Page 614: ...cal export dsa 13 7 public key local export rsa 13 8 public key peer 13 9 public key peer import sshkey 13 10 14 ACL Configuration Commands 14 1 Common Configuration Commands 14 1 display acl resource 14 1 display time range 14 2 time range 14 3 IPv4 ACL Configuration Commands 14 5 acl 14 5 acl copy 14 6 acl name 14 7 description for IPv4 14 8 display acl 14 9 reset acl counter 14 10 rule basic IP...

Page 615: ...ew 14 25 rule advanced IPv6 ACL view 14 26 rule comment for IPv6 14 30 step for IPv6 14 31 ACL Application Commands 14 32 acl logging frequence 14 32 acl ipv6 logging frequence 14 32 packet filter 14 33 packet filter ipv6 14 34 ...

Page 616: ... allowed maximum number After the number of user connections reaches the maximum number allowed no more users will be accepted Use the undo access limit enable command to restore the default By default there is no limit to the number of user connections in an ISP domain As user connections may compete for network resources setting a proper limit to the number of user connections helps provide a re...

Page 617: ...y when local accounting is configured Related commands display local user Examples Enable the limit on the number of user connections using the username abc and set the allowed maximum number to 5 Sysname system view Sysname local user abc Sysname luser abc access limit 5 accounting command Syntax accounting command hwtacacs scheme hwtacacs scheme name undo accounting command View ISP domain view ...

Page 618: ...cal undo accounting default View ISP domain view Default Level 2 System level Parameters hwtacacs scheme hwtacacs scheme name Specifies an HWTACACS scheme by its name which is a string of 1 to 32 characters local Performs local accounting none Does not perform any accounting radius scheme radius scheme name Specifies a RADIUS scheme by its name which is a string of 1 to 32 characters Description U...

Page 619: ...unting default radius scheme rd local accounting lan access Syntax accounting lan access local none radius scheme radius scheme name local undo accounting lan access View ISP domain view Default Level 2 System level Parameters local Performs local accounting none Does not perform any accounting radius scheme radius scheme name Specifies a RADIUS scheme by its name which is a string of 1 to 32 char...

Page 620: ...rms local accounting It is not used for charging purposes but for collecting statistics on and limiting the number of local user connections none Does not perform any accounting radius scheme radius scheme name Specifies a RADIUS scheme by its name which is a string of 1 to 32 characters Description Use the accounting login command to configure the accounting method for login users Use the undo ac...

Page 621: ...ured for a domain z A user that will be disconnected otherwise can use the network resources even when there is no accounting server available or communication with the current accounting server fails This command applies to scenarios where authentication is required but accounting is not z If accounting for a user in the domain fails the device will not send real time accounting updates for the u...

Page 622: ...or the current ISP domain must have been configured z The authentication method specified with the authentication default command is for all types of users and has a priority lower than that for a specific access mode Related commands authorization default accounting default hwtacacs scheme radius scheme Examples Configure the default ISP domain system to use local authentication for all types of ...

Page 623: ...rent ISP domain must have been configured Related commands authentication default radius scheme Examples Configure the default ISP domain system to use local authentication for LAN access users Sysname system view Sysname domain system Sysname isp system authentication lan access local Configure the default ISP domain system to use RADIUS authentication scheme rd for LAN access users and use local...

Page 624: ...onfigured Related commands authentication default hwtacacs scheme radius scheme Examples Configure the default ISP domain system to use local authentication for login users Sysname system view Sysname domain system Sysname isp system authentication login local Configure the default ISP domain system to use RADIUS authentication scheme rd for login users and use local authentication as the backup S...

Page 625: ...authorization will fail Related commands authorization default hwtacacs scheme Examples Configure the default ISP domain system to use HWTACACS authorization scheme hw for command line users Sysname system view Sysname domain system Sysname isp system authorization command hwtacacs scheme hw Configure the default ISP domain system to use HWTACACS authorization scheme hw for command line users and ...

Page 626: ...when the RADIUS authorization scheme is the same as the RADIUS authentication scheme If the RADIUS authorization scheme is different from the RADIUS authentication scheme RADIUS authorization will fail In addition if a RADIUS authorization fails the error message returned to the NAS says that the server is not responding Related commands authentication default accounting default hwtacacs scheme ra...

Page 627: ... the RADIUS authorization scheme is the same as the RADIUS authentication scheme If the RADIUS authorization scheme is different from the RADIUS authentication scheme RADIUS authorization will fail Related commands authorization default radius scheme Examples Configure the default ISP domain system to use local authorization for LAN access users Sysname system view Sysname domain system Sysname is...

Page 628: ...n the RADIUS authorization scheme is the same as the RADIUS authentication scheme If the RADIUS authorization scheme is different from the RADIUS authentication scheme RADIUS authorization will fail Related commands authorization default hwtacacs scheme radius scheme Examples Configure the default ISP domain system to use local authorization for login users Sysname system view Sysname domain syste...

Page 629: ...orized work directory of the local user s if the user or users are authorized the FTP or SFTP service type directory name Authorized work directory a case insensitive string of 1 to 135 characters This directory must already exist Description Use the authorization attribute command to configure authorization attributes for the local user or user group After the local user or a local user of the us...

Page 630: ...lot number subslot number port number mac mac address vlan vlan id undo bind attribute call number ip location mac vlan View Local user view Default Level 3 Manage level Parameters call number call number Specifies a calling number for ISDN user authentication The call number argument is a string of 1 to 64 characters subcall number Specifies the sub calling number The total length of the calling ...

Page 631: ...nd attribute mac command applies to only LAN users for example 802 1X users If you configure it for other types of users such as FTP or Telnet users local authentication of the users will fail Examples Configure the bound IP of local user abc as 3 3 3 3 Sysname system view Sysname local user abc Sysname luser abc bind attribute ip 3 3 3 3 cut connection Syntax cut connection access type dot1x mac ...

Page 632: ...ice type Examples Tear down all connections in ISP domain aabbcc net Sysname system view Sysname cut connection domain aabbcc net display connection Syntax display connection access type dot1x mac authentication domain isp name interface interface type interface number ip ip address mac mac address ucibindex ucib index user name user name vlan vlan id slot slot number View Any view Default Level 1...

Page 633: ...bout specified or all AAA user connections Note that z With no parameter specified the command displays brief information about all AAA user connections z If you specify the ucibindex ucib index combination the command displays detailed information otherwise the command displays brief information z This command does not apply to FTP user connections Related commands cut connection Examples Display...

Page 634: ...lt authentication scheme local Default authorization scheme local Default accounting scheme local Domain User Template Idle cut Disabled Self service Disabled 1 Domain aabbcc State Active Access limit Disable Accounting method Required Default authentication scheme local Default authorization scheme local Default accounting scheme local Lan access authentication scheme radius test local Lan access...

Page 635: ...able service type ftp lan access ssh telnet terminal state active block user name user name vlan vlan id slot slot number View Any view Default Level 1 Monitor level Parameters idle cut disable enable Specifies local users with the idle cut function disabled or enabled service type Specifies the local users of a type z ftp refers to users using FTP z lan access refers to users accessing the networ...

Page 636: ...001 0002 0003 Vlan ID 100 Authorization attributes Idle TimeOut 10 min Work Directory flash User Privilege 3 Acl ID 2000 Vlan ID 100 User Profile prof1 Expiration date 12 12 12 2018 09 16 Total 1 local user s matched Table 1 3 display local user command output description Field Description Slot Slot number of the card State Status of the local user Active or Block ServiceType Service types that th...

Page 637: ...play user group group name View Any view Default Level 2 System level Parameters group name User group name a case insensitive string of 1 to 32 characters Description Use the display user group command to display configuration information about one or all user groups Related commands user group Examples Display configuration information about user group abc Sysname display user group abc The cont...

Page 638: ...P domain does not exist the system will create a new ISP domain All the ISP domains are in the active state when they are created z There is a default domain in the system which cannot be deleted and can only be changed A user providing no ISP domain name is considered in the default domain For details about the default domain refer to command domain default enable Related commands state display d...

Page 639: ... ISP domain Sysname system view Sysname domain aabbcc net Sysname isp aabbcc net quit Sysname domain default enable aabbcc net expiration date Syntax expiration date time undo expiration date View Local user view Default Level 3 Manage level Parameters time Expiration time of the local user in the format HH MM SS MM DD YYYY or HH MM SS YYYY MM DD HH MM SS indicates the time where HH ranges from 0 ...

Page 640: ...s Configure the expiration time of user abc to be 12 10 20 on May 31 2008 Sysname system view Sysname local user abc Sysname luser abc expiration date 12 10 20 2008 05 31 group Syntax group group name undo group View Local user view Default Level 3 Manage level Parameters group name User group name a case insensitive string of 1 to 32 characters Description Use the group command to specify the use...

Page 641: ...minutes for ISP domain aabbcc net Sysname system view Sysname domain aabbcc net Sysname isp aabbcc net idle cut enable 50 local user Syntax local user user name undo local user user name all service type ftp lan access ssh telnet terminal View System view Default Level 3 Manage level Parameters user name Name for the local user a case sensitive string of 1 to 55 characters that does not contain th...

Page 642: ... Level 2 System level Parameters auto Displays the password of a user based on the configuration of the user by using the password command cipher force Displays the passwords of all users in cipher text Description Use the local user password display mode command to set the password display mode for all local users Use the undo local user password display mode command to restore the default The de...

Page 643: ...pher text Description Use the password command to configure a password for a local user Use the undo password command to delete the password of a local user Note that z With the local user password display mode cipher force command configured the password is always displayed in cipher text regardless of the configuration of the password command z With the cipher keyword specified a password of up ...

Page 644: ...e and control his or her accounting information or card number A server with self service software is a self service server z After you configure the self service url enable command a user can locate the self service server by selecting Service Change Password from the 802 1X client The client software automatically launches the default browser IE or Netscape and opens the URL page of the self ser...

Page 645: ...SH service telnet Authorizes the user to use the Telnet service terminal Authorizes the user to use the terminal service allowing the user to login from the console port or AUX port Description Use the service type command to specify the service types that a user can use Use the undo service type command to delete one or all service types configured for a user By default a user is authorized with ...

Page 646: ...hat are offline from requesting network services Note that the online users are not affected By blocking a user you disable the user from requesting network services No other users are affected Related commands domain Examples Place the current ISP domain aabbcc net to the state of blocked Sysname system view Sysname domain aabbcc net Sysname isp aabbcc net state block Place the current user user1...

Page 647: ...cal users in the group Currently you can configure authorization attributes for a user group Note that z A user group with one or more local users cannot be removed z The default system user group system cannot be removed but you can change its configurations Related commands display user group Examples Create a user group named abc and enter its view Sysname system view Sysname user group abc Sys...

Page 648: ...r data flows or packets to be sent to a RADIUS server Use the undo data flow format command to restore the default By default the unit for data flows is byte and that for data packets is one packet Note that z The specified unit of data flows sent to the RADIUS server must be consistent with the traffic statistics unit of the RADIUS server Otherwise accounting cannot be performed correctly z You c...

Page 649: ...ommand will display the configurations of the RADIUS schemes on only the specified member device Related commands radius scheme Examples Display the configurations of all RADIUS schemes Sysname display radius scheme SchemeName radius1 Index 0 Type extended Primary Auth IP 1 1 1 1 Port 1812 State active Primary Acct IP 1 1 1 1 Port 1813 State active Second Auth IP 0 0 0 0 Port 1812 State block Seco...

Page 650: ...ss access port number current status of the secondary accounting server active or block Auth Server Encryption Key Shared key of the authentication server Acct Server Encryption Key Shared key of the accounting server Accounting On packet disable The accounting on function is disabled send times Retransmission times of accounting on packets interval Interval to retransmit accounting on packets Int...

Page 651: ... 1 Sysname display radius statistics slot 1 Slot 1 state statistic total 4096 DEAD 4096 AuthProc 0 AuthSucc 0 AcctStart 0 RLTSend 0 RLTWait 0 AcctStop 0 OnLine 0 Stop 0 StateErr 0 Received and Sent packets statistic Sent PKT total 1547 Received PKT total 23 Resend Times Resend total 1 508 2 508 Total 1016 RADIUS received packets statistic Code 2 Num 15 Err 0 Code 3 Num 4 Err 0 Code 5 Num 4 Err 0 C...

Page 652: ...d Description slot The specified member device in an IRF The slot indicates the member device ID state statistic state statistics DEAD Number of idle users AuthProc Number of users waiting for authentication AuthSucc Number of users who have passed authentication AcctStart Number of users for whom accounting has been started RLTSend Number of users for whom the system sends real time accounting pa...

Page 653: ...ession ctrl pkt Number of session control messages Normal author request Number of normal authorization requests Succ Number of acknowledgement messages Set policy result Number of responses to the Set policy packets RADIUS sent messages statistic Number of messages that have been sent by RADIUS Auth accept Number of accepted authentication packets Auth reject Number of rejected authentication pac...

Page 654: ...g of 1 to 80 characters Whether the user name argument should include the domain name depends on the setting by the user name format command for the RADIUS scheme slot slot number Specifies the specified member device in an IRF The slot number argument indicates the member device ID Description Use the display stop accounting buffer command to display information about the stop accounting requests...

Page 655: ...ou must ensure that the same shared key is set on the device and the RADIUS server z If authentication authorization and accounting are performed on two servers with different shared keys you must set separate shared key for each on the device z You can use the commands to change the settings only when no user is using the RADIUS scheme Related commands display radius scheme Examples Set the share...

Page 656: ...where the packets sent back by the RADIUS server cannot reach the device as the result of a physical interface failure The address of a loopback interface is recommended z The nas ip command in RADIUS scheme view is only for the current RADIUS scheme while the radius nas ip command in system view is for all RADIUS schemes However the nas ip command in RADIUS scheme view overwrites the configuratio...

Page 657: ...o change the settings only when no user is using the RADIUS scheme Related commands key radius scheme state Examples Specify the IP address of the primary accounting server for RADIUS scheme radius1 as 10 110 1 2 and the UDP port of the server as 1813 Sysname system view Sysname radius scheme radius1 Sysname radius radius1 primary accounting 10 110 1 2 1813 primary authentication RADIUS scheme vie...

Page 658: ...nds to change the settings only when no user is using the RADIUS scheme Related commands key radius scheme state Examples Specify the primary authentication authorization server for RADIUS scheme radius1 Sysname system view Sysname radius scheme radius1 Sysname radius radius1 primary authentication 10 110 1 1 1812 radius client Syntax radius client enable undo radius client View System view Defaul...

Page 659: ...dress of the device and cannot be all 0s address all 1s address a class D address a class E address or a loopback address Description Use the radius nas ip command to set the IP address for the device to use as the source address of the RADIUS packets to be sent to the server Use the undo radius nas ip command to remove the configuration By default the source IP address of a packet sent to the ser...

Page 660: ... z The RADIUS protocol is configured scheme by scheme Every RADIUS scheme must at least specify the IP addresses and UDP ports of the RADIUS authentication authorization accounting servers and the parameters necessary for a RADIUS client to interact with the servers z A RADIUS scheme can be referenced by more than one ISP domain at the same time z You cannot remove the RADIUS scheme being used by ...

Page 661: ...r authentication request to the RADIUS server but gets no response the NAS retransmits the request With the RADIUS trap function enabled when the NAS transmits the request for half of the specified maximum number of transmission attempts it sends a trap message when the NAS transmits the request for the specified maximum number it sends another trap message z If the specified maximum number of tra...

Page 662: ...cters time range start time stop time Specifies a time range by its start time and end time in the format of hh mm ss mm dd yyyy or hh mm ss yyyy mm dd user name user name Specifies a user name based on which to reset the stop accounting buffer The username is a case sensitive string of 1 to 80 characters The format of the user name argument for example whether the domain name should be included m...

Page 663: ... the RADIUS request If the number of transmission attempts exceeds the limit but the device still receives no response from the RADIUS server the device regards that the authentication fails z The maximum number of transmission attempts defined by this command refers to the sum of all transmission attempts sent by the device to the primary server and the secondary server For example assume that th...

Page 664: ...st transmission attempts Once the limit is reached but the NAS still receives no response the NAS disconnects the user z Suppose that the RADIUS server response timeout period is 3 seconds set with the timer response timeout command the timeout retransmission attempts is 3 set with the retry command and the real time accounting interval is 12 minutes set with the timer realtime accounting command ...

Page 665: ...ion attempts is 20 set with the retry stop accounting command This means that for each stop accounting request if the device receives no response within 3 seconds it will initiate a new request If still no responses are received within 5 renewed requests the stop accounting request is deemed unsuccessful Then the device will temporarily store the request in the device and resend a request and repe...

Page 666: ...that z The IP addresses of the primary and secondary accounting servers cannot be the same Otherwise the configuration fails z The RADIUS service port configured on the device and that of the RADIUS server must be consistent z You can use the commands to change the settings only when no user is using the RADIUS scheme Related commands key radius scheme state Examples Specify the secondary accounti...

Page 667: ...nfiguration fails z The RADIUS service port configured on the device and that of the RADIUS server must be consistent z You can use the commands to change the settings only when no user is using the RADIUS scheme Related commands key radius scheme state Examples Specify the secondary authentication authorization server for RADIUS scheme radius1 Sysname system view Sysname radius scheme radius1 Sys...

Page 668: ...generally iMC which requires the RADIUS client and RADIUS server to interact according to the procedures and packet formats provisioned by the private RADIUS protocol standard Specifies the standard RADIUS server which requires the RADIUS client end and RADIUS server to interact according to the regulation and packet format of the standard RADIUS protocol RFC 2865 2866 or newer Description Use the...

Page 669: ...device turns to the secondary server In this case if the secondary server is available the device triggers the primary server quiet timer After the quiet timer times out the status of the primary server is active again and the status of the secondary server remains the same If the secondary server fails the device restores the status of the primary server to active immediately If the primary serve...

Page 670: ... to buffer stop accounting requests getting no responses Since stop accounting requests affect the charge to users a NAS must make its best effort to send every stop accounting request to the RADIUS accounting servers For each stop accounting request getting no response in the specified period of time the NAS buffers and resends the packet until it receives a response or the number of transmission...

Page 671: ... default Related commands display radius scheme Examples Set the quiet timer for the primary server to 10 minutes Sysname system view Sysname radius scheme test1 Sysname radius test1 timer quiet 10 timer realtime accounting RADIUS scheme view Syntax timer realtime accounting minutes undo timer realtime accounting View RADIUS scheme view Default Level 2 System level Parameters minutes Real time acc...

Page 672: ...100 to 499 6 500 to 999 12 1000 or more 15 or more Related commands retry realtime accounting radius scheme Examples Set the real time accounting interval to 51 minutes for RADIUS scheme radius1 Sysname system view Sysname radius scheme radius1 Sysname radius radius1 timer realtime accounting 51 timer response timeout RADIUS scheme view Syntax timer response timeout seconds undo timer response tim...

Page 673: ...nput with domain Includes the ISP domain name in the username sent to the RADIUS server without domain Excludes the ISP domain name from the username sent to the RADIUS server Description Use the user name format command to specify the format of the username to be sent to a RADIUS server By default the ISP domain name is included in the username Note that z A username is generally in the format of...

Page 674: ...he RADIUS server z If the RADIUS scheme is for wireless users specify the keep original keyword Otherwise authentication of the wireless users may fail Related commands radius scheme Examples Specify the device to remove the domain name in the username sent to the RADIUS servers for the RADIUS scheme radius1 Sysname system view Sysname radius scheme radius1 Sysname radius radius1 user name format ...

Page 675: ... kilo packet mega packet or giga packet Description Use the data flow format command to specify the unit for data flows or packets to be sent to a HWTACACS server Use the undo data flow format command to restore the default By default the unit for data flows is byte and that for data packets is one packet Related commands display hwtacacs Examples Define HWTACACS scheme hwt1 to send data flows and...

Page 676: ...CACS scheme on the main processing unit Related commands hwtacacs scheme Examples Display configuration information about HWTACACS scheme gy Sysname display hwtacacs gy HWTACACS server template name gy Primary authentication server 172 31 1 11 49 Primary authorization server 172 31 1 11 49 Primary accounting server 172 31 1 11 49 Secondary authentication server 0 0 0 0 0 Secondary authorization se...

Page 677: ...y accounting server IP address and port number of the secondary accounting server Current authentication server IP address and port number of the currently used authentication server Current authorization server IP address and port number of the currently used authorization server Current accounting server IP address and port number of the currently used accounting server NAS IP address IP address...

Page 678: ...display information about the stop accounting requests buffered in the device Related commands reset stop accounting buffer stop accounting buffer enable retry stop accounting Examples Display information about the buffered stop accounting requests for HWTACACS scheme hwt1 Sysname display stop accounting buffer hwtacacs scheme hwt1 Total 0 record s Matched hwtacacs nas ip Syntax hwtacacs nas ip ip...

Page 679: ...rrent HWTACACS scheme while the hwtacacs nas ip command in system view is for all HWTACACS schemes However the nas ip command in HWTACACS scheme view overwrites the configuration of the hwtacacs nas ip command Related commands nas ip Examples Set the IP address for the device to use as the source address of the HWTACACS packets to 129 10 10 1 Sysname system view Sysname hwtacacs nas ip 129 10 10 1...

Page 680: ...ACS authentication packets authorization Sets the shared key for HWTACACS authorization packets string Shared key a string of 1 to 16 characters Description Use the key command to set the shared key for HWTACACS authentication authorization or accounting packets Use the undo key command to remove the configuration By default no shared key is configured Related commands display hwtacacs Examples Se...

Page 681: ...ce as the result of a physical interface failure z If you configure the command for more than one time the last configuration takes effect z The nas ip command in HWTACACS scheme view is only for the current HWTACACS scheme while the hwtacacs nas ip command in system view is for all HWTACACS schemes However the nas ip command in HWTACACS scheme view overwrites the configuration of the hwtacacs nas...

Page 682: ...packets is using it Examples Specify the primary accounting server Sysname system view Sysname hwtacacs scheme test1 Sysname hwtacacs test1 primary accounting 10 163 155 12 49 primary authentication HWTACACS scheme view Syntax primary authentication ip address port number undo primary authentication View HWTACACS scheme view Default Level 2 System level Parameters ip address IP address of the serv...

Page 683: ...address of the server a valid unicast address in dotted decimal notation The default is 0 0 0 0 port number Port number of the server It ranges from 1 to 65535 and defaults to 49 Description Use the primary authorization command to specify the primary HWTACACS authorization server Use the undo primary authorization command to remove the configuration By default no primary HWTACACS authorization se...

Page 684: ...tatistics authentication Clears HWTACACS authentication statistics authorization Clears HWTACACS authorization statistics slot slot number Clears HWTACACS statistics on the specified member device in an IRF The slot number argument indicates the member device ID Description Use the reset hwtacacs statistics command to clear HWTACACS statistics Related commands display hwtacacs Examples Clear all H...

Page 685: ...r hwtacacs scheme hwt1 retry stop accounting HWTACACS scheme view Syntax retry stop accounting retry times undo retry stop accounting View HWTACACS scheme view Default Level 2 System level Parameters retry times Maximum number of stop accounting request transmission attempts It ranges from 1 to 300 and defaults to 100 Description Use the retry stop accounting command to set the maximum number of s...

Page 686: ...S accounting server is specified Note that z The IP addresses of the primary and secondary accounting servers cannot be the same Otherwise the configuration fails z The HWTACACS service port configured on the device and that of the HWTACACS server must be consistent z If you configure the command for more than one time the last configuration takes effect z You can remove an accounting server only ...

Page 687: ...onfigured on the device and that of the HWTACACS server must be consistent z If you configure the command for more than one time the last configuration takes effect z You can remove an authentication server only when no active TCP connection for sending authentication packets is using it Related commands display hwtacacs Examples Specify the secondary authentication server Sysname system view Sysn...

Page 688: ...uthorization server Sysname system view Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 secondary authorization 10 163 155 13 49 stop accounting buffer enable HWTACACS scheme view Syntax stop accounting buffer enable undo stop accounting buffer enable View HWTACACS scheme view Default Level 2 System level Parameters None Description Use the stop accounting buffer enable command to enable the de...

Page 689: ...timer quiet View HWTACACS scheme view Default Level 2 System level Parameters minutes Primary server quiet period in minutes It ranges from 1 to 255 and defaults to 5 Description Use the timer quiet command to set the quiet timer for the primary server that is the duration that the status of the primary server stays blocked before resuming the active state Use the undo timer quiet command to resto...

Page 690: ...formance of the NAS and the HWTACACS server a shorter interval requires higher performance You are therefore recommended to adopt a longer interval when there are a large number of users more than 1000 inclusive The following table lists the recommended ratios of the interval to the number of users Table 3 2 Recommended ratios of the accounting interval to the number of users Number of users Real ...

Page 691: ... scheme view Syntax user name format keep original with domain without domain View HWTACACS scheme view Default Level 2 System level Parameters keep original Sends the username to the HWTACACS server as it is input with domain Includes the ISP domain name in the username sent to the HWTACACS server without domain Excludes the ISP domain name from the username sent to the HWTACACS server Descriptio...

Page 692: ...d situation where the HWTACACS server regards two users in different ISP domains but with the same userid as one z If the HWTACACS scheme is for wireless users specify the keep original keyword Otherwise authentication of the wireless users may fail Related commands hwtacacs scheme Examples Specify the device to remove the ISP domain name in the username sent to the HWTACACS servers for the HWTACA...

Page 693: ...p to 10 port indexes port index lists for this argument The start port number must be smaller than the end number and the two ports must be of the same type Description Use the display dot1x command to display information about 802 1X If you specify neither the sessions keyword nor the statistics keyword the command displays all information about 802 1X including session information statistics and...

Page 694: ...EAPOL Packet Tx 1087 Rx 986 Sent EAP Request Identity Packets 943 EAP Request Challenge Packets 60 EAP Success Packets 29 Fail Packets 55 Received EAPOL Start Packets 60 EAPOL LogOff Packets 24 EAP Response Identity Packets 724 EAP Response Challenge Packets 54 Error Packets 0 1 Authenticated user MAC address 0015 e9a6 7cfe Controlled User s amount to 1 Table 4 1 display dot1x command output descr...

Page 695: ...andshake secure is disabled Indicates whether handshake secure is enabled on the port Periodic reauthentication is disabled Indicates whether periodic re authentication is enabled on the port The port is an authenticator Role of the port Authenticate Mode is Auto Access control mode for the port 802 1X Multicast trigger is enabled Indicates whether the 802 1X multicast trigger function is enabled ...

Page 696: ...mat of interface list interface type interface number to interface type interface number 1 10 where interface type represents the port type interface number represents the port number and 1 10 means that you can provide up to 10 port indexes port index lists for this argument The start port number must be smaller than the end number and the two ports must be of the same type Description Use the do...

Page 697: ...itEthernet 1 0 1 Sysname GigabitEthernet1 0 1 dot1x Sysname GigabitEthernet1 0 1 quit Sysname interface GigabitEthernet 1 0 5 Sysname GigabitEthernet1 0 5 dot1x Sysname GigabitEthernet1 0 5 quit Sysname interface GigabitEthernet 1 0 6 Sysname GigabitEthernet1 0 6 dot1x Sysname GigabitEthernet1 0 6 quit Sysname interface GigabitEthernet 1 0 7 Sysname GigabitEthernet1 0 7 dot1x Enable 802 1X globall...

Page 698: ...this case you can configure the user name format command but it does not take effect For information about the user name format command refer to AAA Commands in the Security Volume Note that z Local authentication supports PAP and CHAP z For RADIUS authentication the RADIUS server must be configured accordingly to support PAP CHAP or EAP authentication Related commands display dot1x Examples Set t...

Page 699: ...not specify the interface list argument and can only configure guest VLAN for the current port z You must enable 802 1X for a guest VLAN to take effect z You must enable the 802 1X multicast trigger function for a PGV to take effect z After an PGV takes effect if you change the port access method from portbased to macbased the port will leave the guest VLAN z You are not allowed to delete a VLAN t...

Page 700: ... disable the function By default the function is enabled Note that To ensure that the online user handshake function can work normally you are recommended to use the iNode 802 1X client software Examples Enable online user handshake Sysname system view Sysname interface GigabitEthernet 1 0 4 Sysname GigabitEthernet1 0 4 dot1x handshake dot1x mandatory domain Syntax dot1x mandatory domain domain na...

Page 701: ...authentication domain For detailed information about the display connection command refer to AAA Commands in the Security Volume Related commands display dot1x Examples Configure the mandatory authentication domain my domain for 802 1X users on GigabitEthernet 1 0 1 Sysname system view Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 dot1x mandatory domain my domain After 802 1...

Page 702: ...e smaller than the end number and the two ports must be of the same type Description Use the dot1x max user command to set the maximum number of users to be supported simultaneously for specified or all ports Use the undo dot1x max user command to restore the default With no interface specified the command sets the threshold for all ports Related commands display dot1x Examples Set the maximum num...

Page 703: ...ystem level Parameters authorized force Places the specified or all ports in the authorized state allowing users of the ports to access the network without authentication auto Places the specified or all ports in the unauthorized state initially to allow only EAPOL frames to pass and turns the ports into the authorized state to allow access to the network after the users pass authentication This i...

Page 704: ...ult Level 2 System level Parameters macbased Specifies to use the macbased authentication method With this method each user of a port must be authenticated separately and when an authenticated user goes offline no other users are affected portbased Specifies to use the portbased authentication method With this method after the first user of a port passes authentication all other users of the port ...

Page 705: ...Ethernet 1 0 1 Sysname GigabitEthernet1 0 1 dot1x port method portbased dot1x quiet period Syntax dot1x quiet period undo dot1x quiet period View System view Default Level 2 System level Parameters None Description Use the dot1x quiet period command to enable the quiet timer function Use the undo dot1x quiet period command to disable the function By default the function is disabled After a supplic...

Page 706: ...tication timer which is configured by the dot1x timer reauth period command This is intended to track the connection status of online users and update the authorization attributes assigned by the server such as the ACL VLAN and QoS Profile ensuring that the users are in normal online state Related commands dot1x timer reauth period Examples Enable the 802 1X re authentication function on GigabitEt...

Page 707: ...ion request to a supplicant as 9 Sysname system view Sysname dot1x retry 9 dot1x timer Syntax dot1x timer handshake period handshake period value quiet period quiet period value reauth period reauth period value server timeout server timeout value supp timeout supp timeout value tx period tx period value undo dot1x timer handshake period quiet period reauth period server timeout supp timeout tx pe...

Page 708: ...e will continue to re authenticate such users according to the original re authentication interval setting for one time Then the device will use the new interval for re authentication of all online users z Server timeout timer server timeout Once an authenticator sends a RADIUS Access Request packet to the authentication server it starts this timer If this timer expires but it receives no response...

Page 709: ...ide up to 10 port indexes port index lists for this argument The start port number must be smaller than the end number and the two ports must be of the same type Description Use the reset dot1x statistics command to clear 802 1X statistics With the interface interface list argument specified the command clears 802 1X statistics on the specified ports With the argument unspecified the command clear...

Page 710: ... ip command to configure a freely accessible network segment that is a network segment that users can access before passing 802 1X authentication Use the undo dot1x free ip command to remove one or all freely accessible network segments By default no freely accessible network segment is configured Note that z The free IP function is mutually exclusive with the global MAC authentication function th...

Page 711: ... Related commands display dot1x Examples Set the EAD rule timeout time to 5 minutes Sysname system view Sysname dot1x timer ead timeout 5 dot1x url Syntax dot1x url url string undo dot1x url string View System view Default Level 2 System level Parameters url string Redirect URL a case sensitive string of 1 to 64 characters in the format http string Description Use the dot1x url command to configur...

Page 712: ...e network segment otherwise the URL may be inaccessible z You can configure the dot1x url command for more than once but only the last one takes effect Related commands display dot1x dot1x free ip Examples Configure the redirect URL as http 192 168 0 1 Sysname system view Sysname dot1x url http 192 168 0 1 ...

Page 713: ...figuration information Sysname display habp Global HABP information HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 6 1 display habp command output description Field Description HABP Mode HABP mode of the current device server or client Sending HABP request packets every 20 seconds Interval to send HABP request packets Bypass VLAN ID of the VLAN in which HABP pac...

Page 714: ...mmand output description Field Description MAC MAC address Holdtime Lifetime of an entry in seconds The initial value is three times of the interval to send HABP request packets An entry will age out if it is not updated during the period Receive Port Port that learned the MAC address display habp traffic Syntax display habp traffic View Any view Default Level 1 Monitor level Parameters None Descr...

Page 715: ...ets with an incorrect type Version error Number of packets with an incorrect version number Sent failed Number of packets failed to be sent habp enable Syntax habp enable undo habp enable View System view Default Level 2 System level Parameters None Description Use the habp enable command to enable HABP Use the undo habp enable command to disable HABP By default HABP is enabled HABP is required wh...

Page 716: ...ommand to configure HABP to work in the default mode By default HABP works in client mode Examples Configure HABP to work in server mode and specify the VLAN for HABP packets as VLAN 2 Sysname system view Sysname habp server vlan 2 habp timer Syntax habp timer interval undo habp timer View System view Default Level 2 System level Parameters interval Interval in seconds to send HABP request packets...

Page 717: ...6 5 This command is required only on the HABP server Examples Set the interval to send HABP request packets to 50 seconds Sysname system view Sysname habp timer 50 ...

Page 718: ...interface number and the start interface number must be of the same type and the former must be greater than the latter Description Use the display mac authentication command to display global MAC authentication information or MAC authentication information about specified ports Examples Display global MAC authentication information Sysname display mac authentication MAC address authentication is ...

Page 719: ...Setting of the server timeout timer the max allowed user number Maximum number of users each slot in the device supports Current user number amounts to Number of online users Current domain not configured use default domain Currently used ISP domain Silent Mac User info Information about silent MAC addresses GigabitEthernet1 0 1 is link up Status of the link on port GigabitEthernet 1 0 1 MAC addre...

Page 720: ... more ports By default MAC authentication is neither enabled globally nor enabled on any port Note that z In system view if you provide the interface list argument the command enables MAC authentication for the specified ports otherwise the command enables MAC authentication globally In Ethernet interface view the command enables MAC authentication for the port because the interface list argument ...

Page 721: ...terisk question mark less than sign greater than sign or Description Use the mac authentication domain command to specify the ISP domain for MAC authentication Use the undo mac authentication domain command to restore the default By default the default ISP domain is used for MAC authentication users For information about the default ISP domain refer to the domain default enable command in AAA Comm...

Page 722: ...dle timeout interval for users If no packet is received from a user over two consecutive timeout intervals the system disconnects the user connection and notifies the RADIUS server z Quiet timer Whenever a user fails MAC authentication the device does not perform MAC authentication of the user during such a period z Server timeout timer During authentication of a user if the device receives no res...

Page 723: ...e the mac authentication user name format command to configure the MAC authentication username type and if the type of fixed username is used the username and password for MAC authentication Use the undo mac authentication user name format command to restore the default By default each user s source MAC address is used as the username and password for MAC authentication with in the MAC address Not...

Page 724: ...face number portion comprises only one port Description Use the reset mac authentication statistics command to clear MAC authentication statistics Note that z If you do not specify the interface list argument the command clears the global MAC authentication statistics and the MAC authentication statistics on all ports z If you specify the interface list argument the command clears the MAC authenti...

Page 725: ...figuration information operation information and statistics about one or more specified ports or all ports Related commands port security enable port security port mode port security ntk mode port security intrusion mode port security max mac count port security mac address security port security authorization ignore port security oui port security trap Examples Display port security configuration...

Page 726: ...ot1x logoff trap is enabled 802 1X logoff trap is enabled Dot1x logfailure is enabled 802 1X authentication failure trap is enabled RALM logon trap is enabled MAC authentication success trap is enabled RALM logoff trap is enabled MAC authenticated user logoff trap is enabled RALM logfailure trap is enabled MAC authentication failure trap is enabled Disableport Timeout Silence timeout of the port i...

Page 727: ...plays information about all blocked MAC addresses Related commands port security intrusion mode Examples Display information about all blocked MAC addresses Sysname display port security mac address block MAC ADDR From Port VLAN ID 0002 0002 0002 GigabitEthernet1 0 1 1 000d 88f8 0577 GigabitEthernet1 0 1 1 On slot 2 2 mac address es found 2 mac address es found Display the count of all blocked MAC...

Page 728: ...dress block command output description Field Description MAC ADDR Blocked MAC address From Port Port having received frames with the blocked MAC address being the source address VLAN ID ID of the VLAN to which the port belongs 2 mac address es found Number of blocked MAC addresses display port security mac address security Syntax display port security mac address security interface interface type ...

Page 729: ...OAGED 000d 88f8 0577 1 Security GigabitEthernet1 0 1 NOAGED 2 mac address es found Display information about secure MAC addresses on the specified port Sysname display port security mac address security interface GigabitEthernet1 0 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 000d 88f8 0577 1 Security GigabitEthernet1 0 1 NOAGED 1 mac address es found Display information about secure MAC addre...

Page 730: ...d to restore the default By default a port uses the authorization information from the RADIUS server After a user passes RADIUS authentication the RADIUS server performs authorization based on the authorization attributes configured for the user s account For example it may assign a VLAN Related commands display port security Examples Configure port GigabitEthernet 1 0 1 to ignore the authorizatio...

Page 731: ...ort security cannot be disabled if there is any user present on a port Related commands display port security dot1x dot1x port method dot1x port control in 802 1X Commands of the Security Volume mac authentication in MAC Authentication Commands of the Security Volume Examples Enable port security Sysname system view Sysname port security enable port security intrusion mode Syntax port security int...

Page 732: ... is triggered Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 port security intrusion mode blockmac port security mac address security Syntax In Layer 2 Ethernet interface view port security mac address security mac address vlan vlan id In system view port security mac address security mac address interface interface type interface number vlan vlan id undo ...

Page 733: ...1 0 1 port security port mode autolearn Sysname GigabitEthernet1 0 1 quit Sysname port security mac address security 0001 0001 0002 interface gigabitethernet 1 0 1 vlan 10 Enable port security set the port security mode of port GigabitEthernet 1 0 1 to autoLearn and add a secure MAC address of 0001 0002 0003 belonging to VLAN 4 for port GigabitEthernet 1 0 1 in interface view Sysname system view S...

Page 734: ... the maximum number of secure MAC addresses allowed on port GigabitEthernet 1 0 1 to 100 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 port security max mac count 100 port security ntk mode Syntax port security ntk mode ntk withbroadcasts ntk withmulticasts ntkonly undo port security ntk mode View Ethernet interface view Default Level 2 System level Param...

Page 735: ...view Default Level 2 System level Parameters oui value Organizationally unique identifier OUI string a 48 bit MAC address in the H H H format The system automatically uses only the 24 high order bits as the OUI value index value OUI index in the range 1 to 16 Description Use the port security oui command to configure an OUI value for user authentication This value is used when the port security mo...

Page 736: ...AddressOrUserLoginSecureExt mode userlogin withoui Operates in userLoginWithOUI mode Description Use the port security port mode command to set the port security mode of a port Use the undo port security port mode command to restore the default By default a port operates in noRestrictions mode where port security does not take effect Note that z Configuration of port security mode on a port is mut...

Page 737: ...h the port remains disabled in seconds It ranges from 20 to 300 Description Use the port security timer disableport command to set the silence timeout during which the port remains disabled Use the undo port security timer disableport command to restore the default By default the silence timeout is 20 seconds If you configure the intrusion protection policy as disabling the port temporarily whenev...

Page 738: ... logoff events intrusion Trap for illegal frames ralmlogfailure Trap for MAC authentication failure ralmlogoff Trap for MAC authentication user logoff events ralmlogon Trap for successful MAC authentication RALM RADIUS Authenticated Login using MAC address means RADIUS authentication based on MAC address Description Use the port security trap command to enable port security traps Use the undo port...

Page 739: ...8 15 Sysname system view Sysname port security trap addresslearned ...

Page 740: ... number ip address ip address Displays the dynamic bindings of an IP address mac address mac address Displays the dynamic bindings of an MAC address in the format of H H H Description Use the display ip check source command to display dynamic bindings With no options specified the command displays the dynamic bindings of all interfaces Related commands ip check source Examples Display all dynamic ...

Page 741: ...ac address View Any view Default Level 1 Monitor level Parameters interface interface type interface number Displays the static bindings of the interface specified by its type and number ip address ip address Displays the static bindings of an IP address mac address mac address Displays the static bindings of an MAC address in the format of H H H Description Use the display user bind command to di...

Page 742: ...m level Parameters ip address Specifies to bind source IP address to the port ip address mac address Specifies to bind source IP address and MAC address to the port mac address Specifies to bind source MAC address to the port Description Use the ip check source command to configure the dynamic binding function on a port Use the undo ip check source command to restore the default By default the dyn...

Page 743: ... Specifies the VLAN for the static binding vlan id is the ID of the VLAN to be bound in the range 1 to 4094 Description Use the user bind command to configure a static binding Use the undo user bind command to delete a static binding By default no static binding exists on a port Note that z The system does not support repeatedly configuring a binding entry to one port z For products supporting mul...

Page 744: ... on an SSH server to display SSH server status information or session information Related commands ssh server authentication retries ssh server rekey interval ssh server authentication timeout ssh server enable ssh server compatible ssh1x enable This command is also available on an SFTP server Examples Display the SSH server status information Sysname display ssh server status SSH Server Disable S...

Page 745: ...s enabled SFTP server Idle Timeout SFTP connection idle timeout period Display the SSH server session information Sysname display ssh server session Conn Ver Encry State Retry SerType Username VTY 0 2 0 DES Established 0 SFTP client001 Table 10 2 display ssh server session command output description Field Description Conn Connected VTY channel Ver SSH server protocol version Encry Encryption algor...

Page 746: ...ssh user information Total ssh users 2 Username Authentication type User public key name Service type yemx password null stelnet sftp test publickey pubkey sftp Table 10 3 display ssh user information command output description Field Description Username Name of the user Authentication type Authentication method If this field has a value of password the next field will have a value of null User pu...

Page 747: ...r of SSH connection authentication attempts must be at least 2 This is because SSH2 0 users must pass both password and publickey authentication Related commands display ssh server Examples Set the maximum number of SSH connection authentication attempts to 4 Sysname system view Sysname ssh server authentication retries 4 ssh server authentication timeout Syntax ssh server authentication timeout t...

Page 748: ...mand to enable the SSH server to work with SSH1 clients Use the undo ssh server compatible ssh1x command to disable the SSH server from working with SSH1 clients By default the SSH server can work with SSH1 clients This configuration takes effect only for users logging in after the configuration Related commands display ssh server Examples Enable the SSH server to work with SSH1 clients Sysname sy...

Page 749: ...ters hours Server key pair update interval in hours in the range 1 to 24 Description Use the ssh server rekey interval command to set the interval for updating the RSA server key Use the undo ssh server rekey interval command to remove the configuration By default the update interval of the RSA server key is 0 that is the RSA server key is not updated Related commands display ssh server z This com...

Page 750: ...entication z password publickey Specifies that SSH2 clients perform both password authentication and publickey authentication and that SSH1 clients perform either type of authentication z publickey Performs publickey authentication assign publickey keyname Assigns an existing public key to an SSH user keyname indicates the name of the client public key and is a string of 1 to 64 characters work di...

Page 751: ...sftp the authentication method as publickey the work folder of the SFTP server as flash and assigning a public key named key1 to the user Sysname system view Sysname ssh user user1 service type sftp authentication type publickey assign publickey key1 work directory flash SSH2 0 Client Configuration Commands display ssh client source Syntax display ssh client source View Any view Default Level 1 Mo...

Page 752: ...u can use this command to check the public key of the server saved on the client Related commands ssh client authentication server This command is also available on an SFTP client Examples Display the mappings between host public keys and SSH servers saved on the client Sysname display ssh server info Server Name IP Server public key name ______________________________________________________ 192 ...

Page 753: ...s not configured and when logging into the server the client uses the IP address or host name used for login as the public key name If the client does not support first authentication it will reject unauthenticated servers In this case you need to configure the public keys of the servers and specify the mappings between public keys and servers on the client so that the client uses the correct publ...

Page 754: ...nd specify the public key name for authentication Note that as the server may update its key pairs periodically clients must obtain the most recent public keys of the server for successful authentication of the server Examples Enable the first authentication function Sysname system view Sysname ssh client first time enable ssh client ipv6 source Syntax ssh client ipv6 source ipv6 ipv6 address inte...

Page 755: ...the ssh client source command to specify the source IPv4 address or source interface of the SSH client Use the undo ssh client source command to remove the configuration By default an SSH client uses the IP address of the interface specified by the route to access the SSH server Related commands display ssh client source Examples Specify the source IPv4 address of the SSH client as 192 168 0 1 Sys...

Page 756: ... stoc cipher Preferred encryption algorithm from server to client defaulted to aes128 prefer stoc hmac Preferred HMAC algorithm from server to client defaulted to sha1 Description Use the ssh2 command to establish a connection to an IPv4 SSH server and specify the public key algorithm the preferred key exchange algorithm and the preferred encryption algorithms and preferred HMAC algorithms between...

Page 757: ...prefer kex Preferred key exchange algorithm default to dh group exchange z dh group exchange Key exchange algorithm diffie hellman group exchange sha1 z dh group1 Key exchange algorithm diffie hellman group1 sha1 z dh group14 Key exchange algorithm diffie hellman group14 sha1 prefer stoc cipher Preferred encryption algorithm from server to client defaulted to aes128 prefer stoc hmac Preferred HMAC...

Page 758: ...enable Syntax sftp server enable undo sftp server enable View System view Default Level 2 System level Parameters None Description Use the sftp server enable command to enable SFTP server Use the undo sftp server enable command to disable SFTP server By default SFTP server is disabled Related commands display ssh server Examples Enable SFTP server Sysname system view Sysname sftp server enable sft...

Page 759: ...ssh server Examples Set the idle timeout period for SFTP user connections to 500 minutes Sysname system view Sysname sftp server idle timeout 500 SFTP Client Configuration Commands bye Syntax bye View SFTP client view Default Level 3 Manage level Parameters None Description Use the bye command to terminate the connection with a remote SFTP server and return to user view This command functions as t...

Page 760: ...n use the cd command to return to the upper level directory z You can use the cd command to return to the root directory of the system Examples Change the working path to new1 sftp client cd new1 Current Directory is new1 cdup Syntax cdup View SFTP client view Default Level 3 Manage level Parameters None Description Use the cdup command to return to the upper level directory Examples From the curr...

Page 761: ...ns as the remove command Examples Delete file temp c from the server sftp client delete temp c The following files will be deleted temp c Are you sure to delete it Y N y This operation may take a long time Please wait File successfully Removed dir Syntax dir a l remote path View SFTP client view Default Level 3 Manage level Parameters a Displays the filenames or the folder names of the specified d...

Page 762: ...pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 24 new1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 18 new2 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 30 pub2 display sftp client source Syntax display sftp client source View Any view Default Level 1 Monitor level Parameters None Description Use the display sf...

Page 763: ...erver sftp client exit Bye Sysname get Syntax get remote file local file View SFTP client view Default Level 3 Manage level Parameters remote file Name of a file on the remote SFTP server local file Name for the local file Description Use the get command to download a file from a remote SFTP server and save it locally If you do not specify the local file argument the file will be saved locally wit...

Page 764: ...nt command With neither the argument nor the keyword specified the command displays a list of all commands Examples Display the help information of the get command sftp client help get get remote path local path Download file Default local path is the same as remote path ls Syntax ls a l remote path View SFTP client view Default Level 3 Manage level Parameters a Displays the filenames or the folde...

Page 765: ...t ls rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 24 new1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 18 new2 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 30 pub2 mkdir Syntax mkdir remote path View SFTP client ...

Page 766: ...ed remotely with the same name as the local one Examples Upload local file temp c to the remote SFTP server and save it as temp1 c sftp client put temp c temp1 c Local file temp c Remote file temp1 c Uploading file successfully ended pwd Syntax pwd View SFTP client view Default Level 3 Manage level Parameters None Description Use the pwd command to display the current working directory of a remote...

Page 767: ...TP server sftp client quit Bye Sysname remove Syntax remove remote file 1 10 View SFTP client view Default Level 3 Manage level Parameters remote file 1 10 Name of a file on an SFTP server 1 10 means that you can provide up to 10 filenames which are separated by space Description Use the remove command to delete the specified file s from a remote server This command functions as the delete command...

Page 768: ...change the name of a specified file or directory on an SFTP server Examples Change the name of a file on the SFTP server from temp1 c to temp2 c sftp client rename temp1 c temp2 c File successfully renamed rmdir Syntax rmdir remote path 1 10 View SFTP client view Default Level 3 Manage level Parameters remote path 1 10 Name of the directory on the remote SFTP server 1 10 means that you can provide...

Page 769: ...hm aes128 cbc z des Encryption algorithm des cbc prefer ctos hmac Preferred HMAC algorithm from client to server defaulted to sha1 z md5 HMAC algorithm hmac md5 z md5 96 HMAC algorithm hmac md5 96 z sha1 HMAC algorithm hmac sha1 z sha1 96 HMAC algorithm hmac sha1 96 prefer kex Preferred key exchange algorithm defaulted to dh group exchange z dh group exchange Key exchange algorithm diffie hellman ...

Page 770: ...ce interface type interface number undo sftp client ipv6 source View System view Default Level 3 Manage level Parameters ipv6 ipv6 address Specifies a source IPv6 address interface interface type interface number Specifies a source interface by its type and number Description Use the sftp client ipv6 source command to specify the source IPv6 address or source interface for an SFTP client Use the u...

Page 771: ...TP client as 192 168 0 1 Sysname system view Sysname sftp client source ip 192 168 0 1 sftp ipv6 Syntax sftp ipv6 server port number identity key dsa rsa prefer ctos cipher aes128 des prefer ctos hmac md5 md5 96 sha1 sha1 96 prefer kex dh group exchange dh group1 dh group14 prefer stoc cipher aes128 des prefer stoc hmac md5 md5 96 sha1 sha1 96 View User view Default Level 3 Manage level Parameters...

Page 772: ...ted to sha1 Description Use the sftp ipv6 command to establish a connection to a remote IPv6 SFTP server and enter SFTP client view Note that when the client s authentication method is publickey the client needs to get the local private key for validation As the publickey authentication includes RSA and DSA algorithms you must specify an algorithm by using the identity key keyword in order to get ...

Page 773: ...er subject name Specifies the name of the certificate subject dn Specifies the distinguished name of the entity ctn Specifies the contain operation equ Specifies the equal operation nctn Specifies the not contain operation nequ Specifies the not equal operation attribute value Value of the certificate attribute a case insensitive string of 1 to 128 characters all Specifies all certificate attribut...

Page 774: ...eate a certificate attribute rule specifying that the IP address in the alternative subject name cannot be 10 0 0 1 Sysname pki cert attribute group mygroup attribute 3 alt subject name ip nequ 10 0 0 1 ca identifier Syntax ca identifier name undo ca identifier View PKI domain view Default Level 2 System level Parameters name Identifier of the trusted CA a case insensitive string of 1 to 63 charac...

Page 775: ...he configuration By default no entity is specified for a PKI domain Related commands pki entity Examples Specify the entity for certificate request as entity1 Sysname system view Sysname pki domain 1 Sysname pki domain 1 certificate request entity entity1 certificate request from Syntax certificate request from ca ra undo certificate request from View PKI domain view Default Level 2 System level P...

Page 776: ...sword for certificate revocation a case sensitive string of 1 to 31 characters cipher Specifies to display the password in cipher text simple Specifies to display the password in clear text manual Specifies to request a certificate in manual mode Description Use the certificate request mode command to set the certificate request mode Use the undo certificate request mode command to restore the def...

Page 777: ...g is executed every 20 minutes for up to 50 times After an applicant makes a certificate request the CA may need a long period of time if it verifies the certificate request manually During this period the applicant needs to query the status of the request periodically to get the certificate as soon as possible after the certificate is signed Related commands display pki certificate Examples Speci...

Page 778: ...lt no URL is specified for a PKI domain Examples Specify the URL of the server for certificate request Sysname system view Sysname pki domain 1 Sysname pki domain 1 certificate request url http 169 254 0 100 certsrv mscep mscep dll common name Syntax common name name undo common name View PKI entity view Default Level 2 System level Parameters name Common name of an entity a case insensitive strin...

Page 779: ...entity belongs It is a standard 2 character code for example CN for China Use the undo country command to remove the configuration By default no country code is specified Examples Set the country code of an entity to CN Sysname system view Sysname pki entity 1 Sysname pki entity 1 country CN crl check Syntax crl check disable enable View PKI domain view Default Level 2 System level Parameters disa...

Page 780: ...d View PKI domain view Default Level 2 System level Parameters hours CRL update period in the range 1 to 720 hours Description Use the crl update period command to set the CRL update period that is the interval at which the PKI entity downloads the latest CRLs Use the undo crl update period command to restore the default By default the CRL update period depends on the next update field in the CRL ...

Page 781: ...ou should acquire the CA certificate and a local certificate and then acquire a CRL through SCEP Examples Specify the URL of the CRL distribution point Sysname system view Sysname pki domain 1 Sysname pki domain 1 crl url ldap 169 254 0 30 display pki certificate Syntax display pki certificate ca local domain domain name request status View Any view Default Level 2 System level Parameters ca Displ...

Page 782: ...Country B L City Y CN pki test Subject Public Key Info Public Key Algorithm rsaEncryption RSA Public Key 512 bit Modulus 512 bit 00D41D1F Exponent 65537 0x10001 X509v3 extensions X509v3 Subject Alternative Name DNS hyf xxyyzz net X509v3 CRL Distribution Points URI http 1 1 1 1 447 myca crl Signature Algorithm md5WithRSAEncryption A3A5A447 4D08387D Table 11 1 display pki certificate command output ...

Page 783: ...a string of 1 to 16 characters all Specifies all certificate attribute based access control policies Description Use the display pki certificate access control policy command to display information about a specified or all certificate attribute based access control policies Examples Display information about the certificate attribute based access control policy named mypolicy Sysname display pki c...

Page 784: ...p mygroup Sysname display pki certificate attribute group mygroup attribute group name mygroup attribute 1 subject name dn ctn abc attribute 2 issuer name fqdn nctn app Table 11 3 display pki certificate attribute group command output description Field Description attribute group name Name of the certificate attribute group attribute number Number of the attribute rule subject name Name of the cer...

Page 785: ...st Root Last Update Jan 5 08 44 19 2004 GMT Next Update Jan 5 21 42 13 2004 GMT CRL extensions X509v3 Authority Key Identifier keyid 0F71448E E075CAB8 ADDB3A12 0B747387 45D612EC Revoked Certificates Serial Number 05a234448E Revocation Date Sep 6 12 33 22 2004 GMT CRL entry extensions Serial Number 05a278445E Revocation Date Sep 7 12 33 22 2004 GMT CRL entry extensions Table 11 4 display pki crl do...

Page 786: ... Level 2 System level Parameters name str Fully qualified domain name FQDN of an entity a case insensitive string of 1 to 127 characters Description Use the fqdn command to configure the FQDN of an entity Use the undo fqdn command to remove the configuration By default no FQDN is specified for an entity An FQDN is the unique identifier of an entity on a network It consists of a host name and a dom...

Page 787: ... ldap server ip ip address port port number version version number undo ldap server View PKI domain view Default Level 2 System level Parameters ip address IP address of the LDAP server in dotted decimal format port number Port number of the LDAP server in the range 1 to 65535 The default is 389 version number LDAP version number either 2 or 3 By default it is 2 Description Use the ldap server com...

Page 788: ...onfigure the geographical locality of an entity which can be for example a city name Use the undo locality command to remove the configuration By default no geographical locality is specified for an entity Examples Configure the locality of an entity as city Sysname system view Sysname pki entity 1 Sysname pki entity 1 locality city organization Syntax organization org name undo organization View ...

Page 789: ...org unit name Organization unit name for distinguishing different units in an organization a case insensitive string of 1 to 31 characters No comma can be included Description Use the organization unit command to specify the name of the organization unit to which this entity belongs Use the undo organization unit command to remove the configuration By default no organization unit name is specified...

Page 790: ... based access control policies No access control policy exists by default Examples Configure an access control policy named mypolicy and enter its view Sysname system view Sysname pki certificate access control policy mypolicy Sysname pki cert acp mypolicy pki certificate attribute group Syntax pki certificate attribute group group name undo pki certificate attribute group group name all View Syst...

Page 791: ...domain name View System view Default Level 2 System level Parameters ca Deletes the locally stored CA certificate local Deletes the locally stored local certificate domain name Name of the PKI domain whose certificates are to be deleted a string of 1 to 15 characters Description Use the pki delete certificate command to delete the certificate locally stored for a PKI domain Examples Delete the loc...

Page 792: ...Syntax pki entity entity name undo pki entity entity name View System view Default Level 2 System level Parameters entity name Name for the entity a case insensitive string of 1 to 15 characters Description Use the pki entity command to create a PKI entity and enter PKI entity view Use the undo pki entity command to remove a PKI entity By default no entity exists You can configure a variety of att...

Page 793: ...aracters It defaults to domain name_ca cer domain name_local cer or domain name_peerentity_entity name cer the name for the file to be created to save the imported certificate Description Use the pki import certificate command to import a CA certificate or local certificate from a file and save it locally Related commands pki domain Examples Import the CA certificate for PKI domain cer in the form...

Page 794: ...ain 1 pkcs10 Sysname pki request certificate domain 1 pkcs10 BEGIN CERTIFICATE REQUEST MIIBTDCBtgIBADANMQswCQYDVQQDEwJqajCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAw5Drj8ofs9THA4ezkDcQPBy8pvH1kumampPsJmx8sGG52NFtbrDTnTT5 ALx3LJijB3d ndKpcHT DfbJVDCn5gdw32tBZyCkEwMHZN3ol2z7Nvdu5TED6iN8 4m hfp1QWoV6lty3o9pxAXuQl8peUDcfN6WV3LBXYyl1WCtkLkECAwEAAaAAMA0G CSqGSIb3DQEBBAUAA4GBAA8E7BaIdmT6NVCZgv I 1tqZH3TS4e4H...

Page 795: ...I domain a string of 1 to 15 characters Description Use the pki retrieval crl domain command to retrieve the latest CRLs from the server for CRL distribution CRLs are used to verify the validity of certificates Related commands pki domain Examples Retrieve CRLs Sysname system view Sysname pki retrieval crl domain 1 pki validate certificate Syntax pki validate certificate ca local domain domain nam...

Page 796: ... 2 System level Parameters md5 Uses an MD5 fingerprint sha1 Uses a SHA1 fingerprint string Fingerprint to be used An MD5 fingerprint must be a string of 32 characters in hexadecimal A SHA1 fingerprint must be a string of 40 characters in hexadecimal Description Use the root certificate fingerprint command to configure the fingerprint to be used for verifying the validity of the CA root certificate...

Page 797: ...oup is considered valid and permitted group name Name of the certificate attribute group to be associated with the rule a case insensitive string of 1 to 16 characters It cannot be a al or all all Specifies all access control rules Description Use the rule command to create a certificate attribute access control rule Use the undo rule command to delete a specified or all access control rules By de...

Page 798: ... comma can be included Description Use the state command to specify the name of the state or province where an entity resides Use the undo state command to remove the configuration By default no state or province is specified Examples Specify the state where an entity resides Sysname system view Sysname pki entity 1 Sysname pki entity 1 state country ...

Page 799: ... the data encryption algorithm of 128 bit RC4 and the MAC algorithm of MD5 rsa_rc4_128_sha Specifies the key exchange algorithm of RSA the data encryption algorithm of 128 bit RC4 and the MAC algorithm of SHA Description Use the ciphersuite command to specify the cipher suite s for an SSL server policy to support By default an SSL server policy supports all cipher suites With no keyword specified ...

Page 800: ...ificate based authentication of the client during the SSL handshake process Use the undo client verify enable command to restore the default By default certificate based SSL client authentication is disabled Examples Enable certificate based client authentication Sysname system view Sysname ssl server policy policy1 Sysname ssl server policy policy1 client verify enable close mode wait Syntax clos...

Page 801: ...Set the SSL connection close mode to wait mode Sysname system view Sysname ssl server policy policy1 Sysname ssl server policy policy1 close mode wait display ssl client policy Syntax display ssl client policy policy name all View Any view Default Level 1 Monitor level Parameters policy name SSL client policy name a case insensitive string of 1 to 16 characters all Displays information about all S...

Page 802: ...el 1 Monitor level Parameters policy name SSL server policy name a case insensitive string of 1 to 16 characters all Displays information about all SSL server policies Description Use the display ssl server policy command to view information about a specified or all SSL server policies Examples Display information about SSL server policy policy1 Sysname display ssl server policy policy1 SSL Server...

Page 803: ...he server close the connection Session Timeout Session timeout time of the SSL server policy in seconds Session Cachesize Maximum number of buffered sessions of the SSL server policy Client verify Whether client authentication is enabled handshake timeout Syntax handshake timeout time undo handshake timeout View SSL server policy view Default Level 2 System level Parameters time Handshake timeout ...

Page 804: ...fault By default no PKI domain is configured for an SSL server policy or SSL client policy Related commands display ssl server policy and display ssl client policy Examples Configure SSL server policy policy1 to use the PKI domain named server domain Sysname system view Sysname ssl server policy policy1 Sysname ssl server policy policy1 pki domain server domain Configure SSL client policy policy1 ...

Page 805: ... for an SSL client policy Use the undo prefer cipher command to restore the default By default the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5 Related commands display ssl client policy Examples Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha Sysname system view Sysname ssl client policy policy1 Sysname ssl client policy policy1 prefer cip...

Page 806: ...mands display ssl server policy Examples Set the caching timeout time to 4 000 seconds and the maximum number of cached sessions to 600 Sysname system view Sysname ssl server policy policy1 Sysname ssl server policy policy1 session timeout 4000 cachesize 600 ssl client policy Syntax ssl client policy policy name undo ssl client policy policy name all View System view Default Level 2 System level P...

Page 807: ...SL server policy and enter its view Use the undo ssl server policy command to remove a specified or all SSL server policies Note that you cannot delete an SSL server policy that has been associated with one or more application layer protocols Examples Create an SSL server policy named policy1 and enter its view Sysname system view Sysname ssl server policy policy1 Sysname ssl server policy policy1...

Page 808: ...mand to restore the default By default the SSL protocol version for an SSL client policy is TLS 1 0 Related commands display ssl client policy Examples Specify the SSL protocol version for SSL client policy policy1 as SSL 3 0 Sysname system view Sysname ssl client policy policy1 Sysname ssl client policy policy1 version ssl3 0 ...

Page 809: ...Examples Display the public key information of the local RSA key pairs Sysname display public key local rsa public Time of Key pair created 19 59 16 2007 10 25 Key name HOST_KEY Key type RSA Encryption Key Key code 30819F300D06092A864886F70D010101050003818D0030818902818100BC4C392A97734A633BA0F1DB01F84E B51228EC86ADE1DBA597E0D9066FDC4F04776CEA3610D2578341F5D049143656F1287502C06D39D39F28F0F5 CBA630D...

Page 810: ...EE993B4F2DED30F48EDACE915F 0281810082269009E14EC474BAF2932E69D3B1F18517AD9594184CCDFCEAE96EC4D5EF93133E84B47093C52B 20CD35D02492B3959EC6499625BC4FA5082E22C5B374E16DD00132CE71B020217091AC717B612391C76C1FB2 E88317C1BD8171D41ECB83E210C03CC9B32E810561C21621C73D6DAAC028F4B1585DA7F42519718CC9B09EEF 0381850002818100CCF1F78E0860BE937FD3CA07D2F2A1B66E74E5D1E16693EB374D677A7A6124EBABD59FE4 8796C56F3FF919F99...

Page 811: ...9D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0C01C7CE136BA76 C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB39B3F39C5CE56C95B6AB7442D563 93BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFFB58BE6F035FAA2C596B27D1231D159846B7CB9A775 7C5800FADA9FD72F65672F4A549EE99F63095E11BD37789955020123 Display brief information about all locally saved public keys of the peers Sysna...

Page 812: ... that the format requirements are met Related commands public key peer public key code end Examples Enter public key code view and input the key Sysname system view Sysname public key peer key1 Sysname pkey public key public key code begin Sysname pkey key code 30819F300D06092A864886F70D010101050003818D0030818902818100C0EC801 4F82515F6335A0A Sysname pkey key code EF8F999C01EC94E5760A079BD73E4F4D97...

Page 813: ...stem view Sysname public key peer key1 Sysname pkey public key public key code begin Sysname pkey key code 30819F300D06092A864886F70D010101050003818D0030818902818100C0EC801 4F82515F6335A0A Sysname pkey key code EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D164313 5877E13B1C531B4 Sysname pkey key code FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80 EB5F52698FCF3D6 Sys...

Page 814: ...local destroy display public key local public Examples Create local RSA key pairs Sysname system view Sysname public key local create rsa The range of public key size is 512 2048 NOTES If the key modulus is greater than 512 It will take a few minutes Press CTRL C to abort Input the bits of the modulus default 1024 Generating Keys Create a local DSA key pair Sysname system view Sysname public key l...

Page 815: ...local export dsa openssh ssh2 filename View System view Default Level 1 Monitor level Parameters openssh Uses the format of OpenSSH ssh2 Uses the format of SSH2 0 filename Name of the file for storing public key For detailed information about file name refer to File System Management in the System Volume Description Use the public key local export dsa command to display the local DSA public key on...

Page 816: ...GxPp7Q2k uRuuHN0bJfBkOLo2 RyGqDJIqB4FQwmr kwJuauYGqQy mgE6dmHn0VG4gAkx9MQxDIBjzbZRX0bvxMdNKR22 END SSH2 PUBLIC KEY Display the local DSA public key in OpenSSH format Sysname system view Sysname public key local export dsa openssh ssh dss AAAAB3NzaC1kc3MAAACBANdXJixFhMRMIR8YvZbl8GHE8KQj9 5ra4WzTO9yzhSg06UiL CM7OZb5sJlhUiJ3B7b 0T7IsnTan3W6Jsy5h3I2Anh kiuoRCHyLDyJy5sG WD AZQd3Xf axKJPadu68HRKNl BnjXc...

Page 817: ...med key pub Sysname system view Sysname public key local export rsa openssh key pub Display the local RSA public key in SSH2 0 format Sysname system view Sysname public key local export rsa ssh2 BEGIN SSH2 PUBLIC KEY Comment rsa key 20070625 AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5N Ic5 jJxuRCU4 gMc76iS8d 2d50FqIweEkHHkSG ddgXt iAZ6cY81bdu CKxGiQlkUpb...

Page 818: ...mport sshkey Syntax public key peer keyname import sshkey filename undo public key peer keyname View System view Default Level 2 System level Parameters keyname Public key name a case sensitive string of 1 to 64 characters filename Public key file name For detailed information about file name refer to File System Management in the System Volume Description Use the public key peer import sshkey com...

Page 819: ...13 11 Sysname system view Sysname public key peer key2 import sshkey key pub ...

Page 820: ... is displayed The range for the slot number argument depends on the number of devices and the numbering of the devices in the IRF Description Use the display acl resource command to display the usage of ACL resources on a switch Examples Display the ACL uses on the switch Sysname display acl resource Interface GE1 0 1 to GE1 0 28 Type Total Reserved Configured Remaining VFP ACL 1024 0 0 1024 IFP A...

Page 821: ...and output description Field Description Interface Interface indicated by its type and number Type Resource type z ACL indicates ACL rule resources z Meter indicates traffic policing resources z Counter indicates traffic statistics resources z VFP indicates the count of resources that are before Layer 2 forwarding and applied in QinQ z IFP indicates the count of resources in the inbound direction ...

Page 822: ...sname display time range trname Current time is 22 20 18 1 5 2006 Thursday Time range trname Inactive from 15 00 1 28 2006 to 15 00 1 28 2008 Table 14 2 display time range command output description Field Description Current time Current system time Time range Configuration and status of the time range including the name of the time range its status active or inactive and its start time and end ti...

Page 823: ...r in the range 1970 to 2100 If not specified the start time is the earliest time available in the system namely 01 01 1970 00 00 00 AM to time2 date2 Indicates the end time and date of the absolute time range The format of the time2 argument is the same as that of the time1 argument but its value ranges from 00 00 to 24 00 The end time must be greater than the start time If not specified the end t...

Page 824: ...it to be active between 14 00 and 18 00 on Saturday and Sunday Sysname system view Sysname time range test 14 00 to 18 00 off day IPv4 ACL Configuration Commands acl Syntax acl number acl number name acl name match order auto config undo acl all name acl name number acl number View System view Default Level 2 System level Parameters number acl number Specifies the number of the IPv4 ACL which must...

Page 825: ... ACL z You can also use this command to modify the match order of an existing ACL but only when the ACL does not contain any rules Examples Create IPv4 ACL 2000 Sysname system view Sysname acl number 2000 Sysname acl basic 2000 Create IPv4 ACL 2002 naming it flow Sysname system view Sysname acl number 2002 name flow Sysname acl basic 2002 flow Enter the view of an unnamed IPv4 ACL by specifying it...

Page 826: ...4999 for Ethernet frame header ACLs name dest acl name Name of a non existent IPv4 ACL a case insensitive string of 1 to 32 characters It must start with an English letter and cannot be the English word of all to avoid confusion The system will automatically assign the new ACL a number which is the smallest among the available numbers of the same ACL type Description Use the acl copy command to cr...

Page 827: ...ame header ACL view Default Level 2 System level Parameters text ACL description a case sensitive string of 1 to 127 characters Description Use the description command to configure a description for an IPv4 ACL to for example describe the purpose of the ACL Use the undo description command to remove the ACL description By default an IPv4 ACL has no ACL description Examples Configure a description ...

Page 828: ...oid confusion Description Use the display acl command to display information about a specified IPv4 ACL or all IPv4 ACLs Note that this command displays ACL rules in the match order Examples Display information about IPv4 ACL 2001 Sysname display acl 2001 Basic ACL 2001 named flow 1 rule ACL s step is 5 rule 5 permit source 1 1 1 1 0 5 times matched rule 5 comment This rule is used in geth 1 0 1 T...

Page 829: ...es the name of the ACL which is a case insensitive string of 1 to 32 characters It must start with an English letter and cannot be the English word of all to avoid confusion Description Use the reset acl counter command to clear statistics on a specified IPv4 ACL or all IPv4 ACLs that are referenced by upper layer software Examples Clear statistics on IPv4 ACL 2001 Sysname reset acl counter 2001 C...

Page 830: ...iption Use the rule command to create a basic IPv4 ACL rule or modify an existing basic IPv4 ACL rule Use the undo rule command to remove a basic IPv4 ACL rule or remove some criteria from the rule If you specify no optional keywords the undo rule command removes the entire ACL rule otherwise the command removes only the specified criteria Before performing the undo rule command you may use the di...

Page 831: ...type icmp code icmp message logging precedence precedence reflective source sour addr sour wildcard any source port operator port1 port2 time range time range name tos tos vpn instance vpn instance name undo rule rule id established ack fin psh rst syn urg destination destination port dscp fragment icmp type logging precedence reflective source source port time range tos vpn instance View Advanced...

Page 832: ...or normal 0 dscp dscp Specifies a DSCP priority The dscp argument can be a number in the range 0 to 63 or in words af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 38 cs1 8 cs2 16 cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 default 0 or ef 46 logging Specifies to log matched packets This function requires that the module using the ACL support logging reflective S...

Page 833: ...these words biff 512 bootpc 68 bootps 67 discard 9 dns 53 dnsix 90 echo 7 mobilip ag 434 mobilip mn 435 nameserver 42 netbios dgm 138 netbios ns 137 netbios ssn 139 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpc 111 syslog 514 tacacs ds 65 talk 517 tftp 69 time 37 who 513 and xdmcp 177 With the range operator the value of port2 does not need to be greater than that of port1 because the switch can au...

Page 834: ...nced IPv4 ACL rules ICMP message name Type Code echo 8 0 echo reply 0 0 fragmentneed DFset 3 4 host redirect 5 1 host tos redirect 5 3 host unreachable 3 1 information reply 16 0 information request 15 0 net redirect 5 0 net tos redirect 5 2 net unreachable 3 0 parameter problem 12 0 port unreachable 3 3 protocol unreachable 3 2 reassembly timeout 11 1 source quench 4 0 source route failed 3 5 tim...

Page 835: ...the same When the ACL match order is auto a newly created rule will be inserted among the existing rules in the depth first match order Note that the IDs of the rules still remain the same If the ACL match order is auto rules are displayed in the depth first match order rather than by rule number For an advanced IPv4 ACL to be referenced by a QoS policy for traffic classification z The logging and...

Page 836: ...es a link layer protocol The type code argument is a 16 bit hexadecimal number indicating the frame type It corresponds to the type code field in Ethernet_II and Ethernet_SNAP frames The type wildcard argument is a 16 bit hexadecimal number indicating the wildcard Support for this keyword and argument combination depends on the device model Description Use the rule command to create an Ethernet fr...

Page 837: ...ACL view Ethernet frame header ACL view Default Level 2 System level Parameters rule id IPv4 ACL rule number in the range 0 to 65534 text IPv4 ACL rule description a case sensitive string of 1 to 127 characters Description Use the rule comment command to configure a description for an existing IPv4 ACL rule or modify the description of an IPv4 ACL rule You may use the rule description to for examp...

Page 838: ...tax step step value undo step View Basic IPv4 ACL view advanced IPv4 ACL view Ethernet frame header ACL view Default Level 2 System level Parameters step value IPv4 ACL rule numbering step in the range 1 to 20 Description Use the step command to set a rule numbering step for an ACL Use the undo step command to restore the default By default the rule numbering step is five Examples Set the rule num...

Page 839: ... are configured all Specifies all IPv6 ACLs Description Use the acl ipv6 command to enter IPv6 ACL view If the ACL does not exist it is created first Use the undo acl ipv6 command to remove a specified IPv6 ACL or all IPv6 ACLs By default the match order is config Note that z You can specify a name for an IPv6 ACL only when you create the ACL After creating an ACL you cannot specify a name for it ...

Page 840: ...r name dest acl6 name View System view Default Level 2 System level Parameters source acl6 number Number of an existing IPv6 ACL which must be in the following ranges z 2000 to 2999 for basic IPv6 ACLs z 3000 to 3999 for advanced IPv6 ACLs name source acl6 name Name of an existing IPv6 ACL a case insensitive string of 1 to 32 characters It must start with an English letter and cannot be the Englis...

Page 841: ... copy 2008 to 2009 acl ipv6 name Syntax acl ipv6 name acl6 name View System view Default Level 2 System level Parameters acl6 name Name of the IPv6 ACL a case insensitive string of 1 to 32 characters It must start with an English letter and cannot be the English word of all to avoid confusion Description Use the acl ipv6 name command to enter the view of an existing IPv6 ACL by specifying its name...

Page 842: ...ame system view Sysname acl ipv6 number 3000 Sysname acl6 adv 3000 description This acl is used in geth 1 0 1 display acl ipv6 Syntax display acl ipv6 acl6 number all name acl6 name View Any view Default Level 1 Monitor level Parameters acl6 number IPv6 ACL number which must be in the following ranges z 2000 to 2999 for basic IPv6 ACLs z 3000 to 3999 for advanced IPv6 ACLs all Specifies all IPv6 A...

Page 843: ...matches for the rule Only ACL matches performed by software are counted This field is not displayed when no match is found rule 0 comment This rule is used in geth 1 0 1 The description of ACL rule 0 is This rule is used in geth 1 0 1 reset acl ipv6 counter Syntax reset acl ipv6 counter acl6 number all name acl6 name View User view Default Level 2 System level Parameters acl6 number IPv6 ACL numbe...

Page 844: ...nts and non fragments logging Logs matched packets This function requires that the module using the ACL support logging source ipv6 address prefix length ipv6 address prefix length any Specifies a source address The ipv6 address and prefix length arguments specify a source IPv6 address and its address prefix length in the range 1 to 128 The any keyword indicates any IPv6 source address time range ...

Page 845: ... the IDs of the rules still remain the same For a basic IPv6 ACL to be referenced by a QoS policy for traffic classification the logging and fragment keywords are not supported Related commands display acl ipv6 Examples Create IPv6 ACL 2000 and add two rules Sysname system view Sysname acl ipv6 number 2000 Sysname acl6 basic 2000 rule permit source 2030 5060 9050 64 Sysname acl6 basic 2000 rule 8 ...

Page 846: ...t and dest prefix arguments specify a destination IPv6 address and its prefix length in the range 1 to 128 The any keyword indicates any IPv6 destination address dscp dscp Specifies a DSCP preference The dscp argument can be a number in the range 0 to 63 or in words af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 38 cs1 8 cs2 16 cs3 24 cs4 32 cs5 40 cs6...

Page 847: ...hese words biff 512 bootpc 68 bootps 67 discard 9 dns 53 dnsix 90 echo 7 mobilip ag 434 mobilip mn 435 nameserver 42 netbios dgm 138 netbios ns 137 netbios ssn 139 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpc 111 syslog 514 tacacs ds 65 talk 517 tftp 69 time 37 who 513 and xdmcp 177 With the range operator the value of port2 does not need to be greater than that of port1 because the switch can aut...

Page 848: ...rr Header field 4 0 frag time exceeded 3 1 hop limit exceeded 3 0 host admin prohib 1 1 host unreachable 1 3 neighbor advertisement 136 0 neighbor solicitation 135 0 network unreachable 1 0 packet too big 2 0 port unreachable 1 4 router advertisement 134 0 router solicitation 133 0 unknown ipv6 opt 4 2 unknown next hdr 4 1 Description Use the rule command to create an advanced IPv6 ACL rule or mod...

Page 849: ...ly created rule will be inserted among the existing rules in the depth first match order Note that the IDs of the rules still remain the same For an advanced IPv6 ACL to be referenced by a QoS policy for traffic classification z The logging and fragment keywords are not supported z The operator cannot be neq if the ACL is for the inbound traffic z The operator cannot be gt lt neq or range if the A...

Page 850: ...h 1 0 1 Define a rule in IPv6 ACL 3000 and create a description for the rule Sysname system view Sysname acl ipv6 number 3000 Sysname acl6 adv 3000 rule 0 permit tcp source 2030 5060 9050 64 Sysname acl6 adv 3000 rule 0 comment This rule is used in geth 1 0 1 step for IPv6 Syntax step step value undo step View Basic IPv6 ACL view advanced IPv6 ACL view Default Level 2 System level Parameters step ...

Page 851: ...ce command to set the interval for IPv4 packet filtering statistics At the specified interval the device outputs the statistics information including the number of filtered packets and the ACL rules used Use the undo acl logging frequence command to restore the default By default the interval is 0 that is no IPv4 packet filtering statistics is collected Examples Set the interval for IPv4 packet fi...

Page 852: ...inbound outbound undo packet filter acl number name acl name inbound outbound View Ethernet interface view VLAN interface view Default Level 2 System level Parameters acl number Specifies the number of an ACL which must be in the following ranges z 2000 to 2999 for basic IPv4 ACLs z 3000 to 3999 for advanced IPv4 ACLs z 4000 to 4999 for Ethernet frame header ACLs name acl name Specifies the name o...

Page 853: ...arameters acl6 number Specifies the number of a basic or advanced IPv6 ACL which must be in the range of 2000 to 3999 name acl6 name Specifies the name of the basic or advanced IPv6 ACL which is a case insensitive string of 1 to 32 characters It must start with an English letter and cannot be the English word of all to avoid confusion inbound Specifies to filter the IPv6 packets received by the in...

Page 854: ... 1 Sysname GigabitEthernet1 0 1 packet filter ipv6 2500 outbound Apply advanced IPv6 ACL 3000 to the outbound direction of interface VLAN interface 20 Sysname system view Sysname interface Vlan interface 20 Sysname Vlan interface20 packet filter ipv6 3000 outbound ...

Page 855: ...ands 2 1 display monitor link group 2 1 monitor link group 2 2 port 2 2 port monitor link group 2 3 3 RRPP Configuration Commands 3 1 RRPP Configuration Commands 3 1 control vlan 3 1 display rrpp brief 3 2 display rrpp ring group 3 3 display rrpp statistics 3 4 display rrpp verbose 3 7 domain ring 3 10 protected vlan 3 11 reset rrpp statistics 3 12 ring 3 12 ring enable 3 15 rrpp domain 3 15 rrpp ...

Page 856: ...ld 5 13 oam errored symbol period 5 13 oam errored symbol threshold 5 14 oam loopback 5 15 oam mode 5 15 reset oam 5 16 6 Connectivity Fault Detection Configuration Commands 6 1 Connectivity Fault Detection Configuration Commands 6 1 cfd cc enable 6 1 cfd cc interval 6 1 cfd enable 6 2 cfd linktrace 6 3 cfd linktrace auto detection 6 4 cfd loopback 6 5 cfd ma 6 6 cfd md 6 7 cfd mep 6 7 cfd mep ena...

Page 857: ...iii 7 Track Configuration Commands 7 1 Track Configuration Commands 7 1 display track 7 1 track nqa 7 2 ...

Page 858: ...acket GigabitEthernet1 0 1 Receiving time of the last flush packet 19 19 03 2009 06 27 Device ID of the last flush packet 000f e200 8500 Control VLAN of the last flush packet 1 Table 1 1 display smart link flush command output description Field Description Received flush packets Total number of received flush messages Receiving interface of the last flush packet The port that received the last flu...

Page 859: ...ected VLAN Reference Instance 0 to 2 4 Member Role State Flush count Last flush time GigabitEthernet1 0 1 MASTER ACTVIE 1 16 37 20 2009 04 21 GigabitEthernet1 0 2 SLAVE STANDBY 2 17 45 20 2009 04 21 Table 1 2 display smart link group command output description Field Description Smart link group 1 information Information about smart link group 1 Preemption mode Preemption mode which can be role for...

Page 860: ...an id argument ranges from 1 to 4094 Description Use the flush enable command to enable flush update Use the undo flush enable command to disable flush update By default flush update is enabled for smart link groups and VLAN 1 is used for flush message transmission Note that you need to configure different control VLANs for different smart link groups Related commands smart link flush enable Examp...

Page 861: ...er port to an aggregation group or service loopback group z You can assign a port to a smart link group with the port smart link group command in Ethernet interface view or Layer 2 aggregate interface view Related commands port smart link group Examples Configure GigabitEthernet 1 0 1 as the slave port of smart link group 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname Gigabi...

Page 862: ... group with the port command in smart link group view Related commands port Examples Configure GigabitEthernet 1 0 1 as the master port of smart link group 1 Sysname system view Sysname smart link group 1 Sysname smlk group1 protected vlan reference instance 0 Sysname smlk group1 quit Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 undo stp enable Sysname GigabitEthernet1 0 1 ...

Page 863: ...lated commands preemption mode Examples Enable role preemption and set the preemption delay to 10 seconds Sysname system view Sysname smart link group 1 Sysname smlk group1 preemption mode role Sysname smlk group1 preemption delay 10 preemption mode Syntax preemption mode role undo preemption mode View Smart link group view Default Level 2 System level Parameters role Configures the role preemptio...

Page 864: ...ve the specified protected VLANs from a smart link group by referencing the specified MSTIs If no MSTI is specified all the protected VLANs of the smart link group are removed By default no protected VLAN is configured for a smart link group Note that z Before assigning ports to a smart link group configure protected VLANs for the smart link group z You can remove all protected VLANs from a smart ...

Page 865: ...lan id list View Ethernet interface view Layer 2 aggregate interface view Default Level 2 System level Parameters control vlan vlan id list Specifies the control VLANs used for receiving flush messages The vlan id list is expressed in the form of vlan id list vlan id to vlan id 1 10 where the vlan id argument ranges from 1 to 4094 and 1 10 indicates that you can provide up to ten VLAN IDs or VLAN ...

Page 866: ...Sysname interface bridge aggregation 1 Sysname Bridge Aggregation1 smart link flush enable smart link group Syntax smart link group group id undo smart link group group id View System view Default Level 2 System level Parameters group id Smart link group ID The minimum value is 1 while the maximum value is 26 Description Use the smart link group command to create a smart link group and enter smart...

Page 867: ...ified or all smart link groups Examples Display information about monitor link group 1 Sysname display monitor link group 1 Monitor link group 1 information Group status DOWN Last up time 16 37 20 2009 4 21 Last down time 16 38 26 2009 4 21 Member Role Status GigabitEthernet1 0 1 UPLINK DOWN GigabitEthernet1 0 2 DOWNLINK DOWN Table 2 1 display monitor link group command output description Field De...

Page 868: ...escription Use the monitor link group command to create a monitor link group and enter monitor link group view If the specified monitor link group already exists you enter monitor link group view directly Use the undo monitor link group command to remove a monitor link group Related commands port monitor link group port Examples Create monitor link group 1 Sysname system view Sysname monitor link ...

Page 869: ...n a port to a monitor link group with the port monitor link group command in Ethernet interface view or Layer 2 aggregate interface view Related commands port monitor link group Examples Configure member ports for monitor link group 1 Sysname system view Sysname monitor link group 1 Sysname mtlk group1 port gigabitethernet 1 0 1 uplink Sysname mtlk group1 port gigabitethernet 1 0 2 downlink port m...

Page 870: ...terfaces can be assigned to a monitor link group z A port can be assigned to only one monitor link group z Alternatively you can assign a port to a monitor link group with the port command in monitor link group view Related commands port Examples Configure GigabitEthernet 1 0 1 as an uplink port of monitor link group 1 Sysname system view Sysname monitor link group 1 Sysname mtlk group1 quit Sysna...

Page 871: ...that is the primary control VLAN The system will automatically configure the VLAN whose VLAN ID is the primary control VLAN ID plus 1 as the secondary control VLAN for subrings Like the primary control VLAN the secondary control VLAN must be one not created yet For the control VLAN configuration to be successful you must make sure that the IDs for the two control VLANs have not been assigned yet z...

Page 872: ...er of RRPP Domains 2 Domain ID 1 Control VLAN Major 5 Sub 6 Protected VLAN Reference Instance 0 to 2 4 Hello Timer 1 sec Fail Timer 3 sec Ring Ring Node Primary Common Secondary Edge Enable ID Level Mode Port Port Status 1 1 M GigabitEthernet1 0 1 GigabitEthernet1 0 2 Yes Domain ID 2 Control VLAN Major 10 Sub 11 Hello Timer 1 sec Fail Timer 3 sec Protected VLAN Reference Instance 0 to 2 4 Ring Rin...

Page 873: ...er value in seconds Fail Timer Fail Timer value in seconds Ring ID RRPP ring ID Ring Level RRPP ring level z 0 representing primary ring z 1 representing subring Node Mode Node mode Primary Common Port z Primary port when the node mode is master node or transit node z Common port when the node mode is edge node or assistant edge node z appears when the port is not configured on the ring or the boa...

Page 874: ...ommands domain ring Examples Display the configuration of all RRPP ring groups Sysname display rrpp ring group Ring Group 1 domain 1 ring 1 to 3 5 domain 2 ring 1 to 3 5 domain 1 ring 1 is the sending ring Ring Group 2 domain 1 ring 4 6 to 7 domain 2 ring 4 6 to 7 Table 3 2 display rrpp ring group command output description Field Description Ring Group 1 RRPP ring group 1 domain 1 ring 1 to 3 5 Su...

Page 875: ...p statistics Examples Display the RRPPDU statistics for ring 1 in RRPP domain 1 Sysname display rrpp statistics domain 1 ring 1 Ring ID 1 Ring Level 1 Node Mode Master Active Status Yes Primary port GigabitEthernet1 0 1 Packet Link Common Complete Edge Major Packet Direct Hello Down Flush FDB Flush FDB Hello Fault Total Send 16424 0 0 1 0 0 16425 Rcv 0 0 0 0 0 0 0 Secondary port GigabitEthernet1 0...

Page 876: ... 0 0 0 0 0 0 0 Rcv 0 0 0 0 0 0 0 Edge port GigabitEthernet1 0 5 Packet Link Common Complete Edge Major Packet Direct Hello Down Flush FDB Flush FDB Hello Fault Total Send 0 0 0 0 0 0 0 Rcv 0 0 0 0 0 0 0 Table 3 3 display rrpp statistics command output description Field Description Ring ID RRPP ring ID Ring Level RRPP ring level z 0 for primary ring z 1 for subring Node Mode Node mode z Master node...

Page 877: ...n the port Link Down Link Down packet statistics received sent on the port Common Flush FDB Common Flush FDB packet statistics received sent on the port Complete Flush FDB Complete Flush FDB packet statistics received sent on the port Edge Hello Edge Hello packet statistics received sent on the port Major Fault Major Fault packet statistics received sent on the port Packet Total Total number of pa...

Page 878: ...D 2 Control VLAN Major 10 Sub 11 Protected VLAN Reference Instance 3 5 to 7 Hello Timer 1 sec Fail Timer 3 sec Ring ID 1 Ring Level 0 Node Mode Master Ring State Complete Enable Status Yes Active Status Yes Primary port GigabitEthernet1 0 4 Port status UP Secondary port GigabitEthernet1 0 5 Port status BLOCKED Ring ID 2 Ring Level 1 Node Mode Edge Ring State Enable Status No Active Status No Commo...

Page 879: ...can also use this field to identify whether the RRPP protocol are enabled Two statuses are available z Yes for active z No for inactive Primary Port The primary port field means the node mode is master node or transit node appears when the port is not configured on the ring or the board to which the port belongs does not start Secondary Port The secondary port field means the node mode is master n...

Page 880: ...roup must have the same link in the primary ring Otherwise the ring group cannot function properly z An edge node ring group and its corresponding assistant edge node ring group must be the same in configurations and activation status Moreover you must follow these guidelines when configuring an RRPP ring group on the edge node and the assistant edge node z When assigning an active ring to a ring ...

Page 881: ...ain are removed By default no protected VLAN is specified for an RRPP domain Note that z To be compatible with old version RRPP which does not support protected VLAN configuration an RRPP domain protects all VLANs on a device started with an old version configuration file z You can use the display stp region configuration command to check the VLANs corresponding to the specified MSTIs z Before con...

Page 882: ... an RRPP ring ID in the command RRPPDU statistics of the specified RRPP ring in the specified RRPP domain on the current device are cleared Otherwise RRPPDU statistics of all RRPP rings in the specified RRPP domain are cleared Related commands display rrpp statistics Examples Clear the RRPPDU statistics of ring 10 in RRPP domain 10 Sysname reset rrpp statistics domain 1 ring 10 ring Syntax ring ri...

Page 883: ...ring in a domain must be unique z The maximum number of rings that can be configured on a device in all RRPP domains is 16 z If a device resides on multiple RRPP rings in an RRPP domain only one primary ring exists within these rings The device plays a role of either edge node or assistant edge node on other subrings z When an RRPP is enabled you cannot configure its RRPP ports z When configuring ...

Page 884: ...rrpp domain1 ring 20 node mode transit primary port gigabitethernet 1 0 1 secondary port gigabitethernet 1 0 2 level 1 Specify the device as the transit node of primary ring 10 in RRPP domain 1 GigabitEthernet 1 0 1 as the primary port and GigabitEthernet 1 0 2 as the secondary port Then specify the device as the edge node of subring 20 in RRPP domain 1 GigabitEthernet 1 0 3 as the edge port Sysna...

Page 885: ... first disable all the subrings in the RRPP domain and then disable the primary ring z To activate the RRPP domain enable the RRPP protocol and the RRPP rings for the RRPP domain Related commands rrpp enable Examples Enable RRPP ring 10 in RRPP domain 1 Sysname system view Sysname rrpp domain 1 Sysname rrpp domain1 control vlan 100 Sysname rrpp domain1 protect vlan reference instance 0 1 2 Sysname...

Page 886: ...be sure that it has no RRPP rings Related commands control vlan protected vlan Examples Create RRPP domain 1 and enter RRPP domain 1 view Sysname system view Sysname rrpp domain 1 Sysname rrpp domain1 rrpp enable Syntax rrpp enable undo rrpp enable View System view Default Level 2 System level Parameters None Description Use the rrpp enable command to enable RRPP protocol Use the undo rrpp enable ...

Page 887: ... groups cannot interoperate with RRPP that does not support ring group configuration z When removing a ring group do that on the edge node first and then on the assistant edge node If you fail to follow the order the assistant edge node may fail to receive Edge Hello packets and thus mistakenly considers that the primary ring has failed z After a ring group is removed all subrings in the ring grou...

Page 888: ...ail timer value for the RRPP domain Use the undo timer command to restore it to the default value By default the Hello timer value is 1 second and the Fail timer value is 3 seconds Note that the Fail timer value must be greater than or equal to three times of the Hello timer value Examples Set the Hello timer value to 2 seconds and the Fail timer value to 7 seconds Sysname system view Sysname rrpp...

Page 889: ...ts this command displays the DLDP configuration of all the DLDP enabled ports Examples Display the DLDP configuration of all the DLDP enabled ports Sysname display dldp DLDP global status enable DLDP interval 5s DLDP work mode enhance DLDP authentication mode simple password is 123 DLDP unidirectional shutdown auto DLDP delaydown timer 2s The number of enabled ports is 2 Interface GigabitEthernet1...

Page 890: ...state enable or disable DLDP interval Interval for sending Advertisement packets in seconds DLDP work mode DLDP mode enhance or normal DLDP authentication mode DLDP authentication mode none simple or md5 password Password for DLDP authentication DLDP unidirectional shutdown Port shutdown mode auto or manual DLDP delaydown timer Setting of the DelayDown timer The number of enabled ports Number of t...

Page 891: ...ackets passing through all the DLDP enabled ports Sysname display dldp statistics Interface GigabitEthernet1 0 50 Packets sent 6 Packets received 5 Invalid packets received 2 Loop packets received 0 Authentication failed packets received 0 Valid packets received 3 Interface GigabitEthernet1 0 51 Packets sent 7 Packets received 7 Invalid packets received 3 Loop packets received 0 Authentication fai...

Page 892: ...System level Parameters md5 md5 password Specifies to perform MD5 authentication and sets the password The md5 password argument is the password a string of 1 to 16 characters or a 24 bit string The former indicates a plain text password and the latter indicates a cipher text password Note that this argument is case sensitive None Specifies not to perform authentication simple simple password Spec...

Page 893: ...mer View System view Default Level 2 System level Parameters Time Setting of the DelayDown timer in the range 1 to 5 in seconds Description Use the dldp delaydown timer command to set the DelayDown timer Use the undo dldp delaydown timer command to restore the default By default the setting of the DelayDown timer is 1 second Note that the DelayDown timer configured using this command applies to al...

Page 894: ...applicable to Layer 2 Ethernet ports including optical ports and electrical ports z DLDP can take effect only when it is enabled both globally and on a port Examples Enable DLDP globally and then enable DLDP on GigabitEthernet 1 0 50 Sysname system view Sysname dldp enable Sysname interface gigabitethernet 1 0 50 Sysname GigabitEthernet1 0 50 dldp enable Enable DLDP globally and then enable DLDP f...

Page 895: ...dvertisement packets You are recommended to use the default value Examples Set the interval for sending Advertisement packets to 20 seconds Sysname system view Sysname dldp interval 20 dldp reset Syntax dldp reset View System view Ethernet port view port group view Default Level 2 System level Parameters None Description Use the dldp reset command to reset DLDP state for ports shut down by DLDP to...

Page 896: ...em view Default Level 2 System level Parameters auto Sets the port shutdown mode as auto mode where when a unidirectional link is detected the port involved is shut down by DLDP manual Sets the port shutdown mode as manual mode where when a unidirectional link is detected DLDP prompts you to shut down the involved port instead of doing so automatically Description Use the dldp unidirectional shutd...

Page 897: ... work mode enhance reset dldp statistics Syntax reset dldp statistics interface type interface number View User view Default Level 1 Monitor level Parameters interface type interface number Port type and port number Description Use the reset dldp statistics command to clear the statistics on DLDP packets passing through a port If you do not provide the interface type or interface number argument t...

Page 898: ...n about an Ethernet OAM connection including connection status information contained in Ethernet OAM packet header and Ethernet OAM packet statistics If you do not specify the interface keyword this command displays the information about all the Ethernet OAM connections Related commands reset oam Examples Display the information about the Ethernet OAM connection established on the local port Gigab...

Page 899: ...flag bits being set z INFO indicating the port sends and receives only Information OAMPDUs z ANY indicating the port sends and receives Ethernet OAMPDUs of any type Local_mux_action Working mode of the local transmitter which can be z FWD indicating the port can send any packets z DISCARD indicating the port only sends Ethernet OAMPDUs Local_par_action Working mode of the local receiver which can ...

Page 900: ...OAMUniqueEventNotification Number of the unduplicated Event notification OAMPDUs sent or received uniquely OAMDuplicateEventNotificatio n Number of the duplicate Event notification OAMPDUs sent or received Display the Ethernet OAM information of the peer port GigabitEthernet 1 0 1 Sysname display oam remote interface gigabitethernet 1 0 1 Port GigabitEthernet1 0 1 Link Status Up Information of the...

Page 901: ...port Indicates whether Ethernet OAM loopback testing is supported YES or NO Link Events Indicates whether Ethernet OAM link error events are supported YES or NO Variable Retrieval Indicates whether MIB variable retrieval is supported YES or NO OAMRemoteFlagsField Values of the peer Ethernet OAM flag fields in OAM packets Link Fault Indicates whether a link fault is present 0 for no and 1 for yes D...

Page 902: ...od Event threshold 1 Errored frame seconds Event period in seconds 60 Errored frame seconds Event threshold 1 Table 5 3 display oam configuration command output description Field Description Configuration of the link event window threshold Detection intervals and triggering thresholds configured for link events Errored symbol Event period in seconds Errored symbol detection interval which defaults...

Page 903: ...nd displays the statistics on the critical Ethernet OAM link events occurred on all the ports of the switch Examples Display the statistics on critical Ethernet OAM link events occurred on all the ports Sysname display oam critical event Port GigabitEthernet1 0 1 Link Status Up Event statistic Link Fault 0 Dying Gasp 0 Critical Event 0 Table 5 4 display oam critical event command output descriptio...

Page 904: ... events If you do not specify the interface keyword this command displays the statistics on the Ethernet OAM link error events occurred on all the local peer ports Related commands display oam configuration reset oam Examples Display the statistics on Ethernet OAM link error events occurred on all the local ports Sysname display oam link event local Port GigabitEthernet1 0 1 Link Status Up OAMLoca...

Page 905: ...igured error frame period detection interval See oam errored frame period period command for more information z Errored Frame Threshold error threshold that triggers an error frame period event z Errored Frame the number of detected error frames over a detection interval z Error Running Total the total number of error frames that have detected z Event Running Total the total number of error frame ...

Page 906: ... triggers an errored frame event z Errored Frame The number of detected error frames over the specific detection interval z Error Running Total The total number of error frames z Event Running Total The total number of errored frame events that have occurred oam enable Syntax oam enable undo oam enable View Ethernet port view Default Level 2 System level Parameters None Description Use the oam ena...

Page 907: ...one second Related commands oam errored frame threshold display oam link event display oam configuration Examples Set the errored frame detection interval to 10 seconds Sysname system view Sysname oam errored frame period 10 oam errored frame threshold Syntax oam errored frame threshold threshold value undo oam errored frame threshold View System view Default Level 2 System level Parameters thresh...

Page 908: ...rrored frame period detection interval Use the undo oam errored frame period period command to restore the default By default the errored frame period detection interval is 1000 milliseconds As for errored frame period event detection the system first uses the following expression to convert the errored frame period detection interval to the maximum number of 64 byte frames that can be transmitted...

Page 909: ...t By default the errored frame period event triggering threshold is 1 Related commands oam errored frame period period display oam link event display oam configuration Examples Set the errored frame period event triggering threshold to 100 Sysname system view Sysname oam errored frame period threshold 100 oam errored frame seconds period Syntax oam errored frame seconds period period value undo oa...

Page 910: ...w Default Level 2 System level Parameters threshold value Errored frame seconds event triggering threshold ranging from 0 to 900 Description Use the oam errored frame seconds threshold command to set the errored frame seconds event triggering threshold Use the undo oam errored frame seconds threshold command to restore the default By default the errored frame seconds event triggering threshold is ...

Page 911: ...symbol detection interval to 10 seconds Sysname system view Sysname oam errored symbol period 10 oam errored symbol threshold Syntax oam errored symbol threshold threshold value undo oam errored symbol threshold View System view Default Level 2 System level Parameters threshold value Errored symbol event triggering threshold ranging from 0 to 4 294 967 295 Description Use the oam errored symbol th...

Page 912: ...t OAM loopback testing is disabled Ethernet OAM remote loopback is available only after the Ethernet OAM connection is established and can be performed only by the Ethernet OAM entities operating in active Ethernet OAM mode Related commands oam enable oam mode Examples Configure the active Ethernet OAM mode enable Ethernet OAM and enable Ethernet OAM remote loopback on GigabitEthernet1 0 1 Sysname...

Page 913: ...rnet OAM mode Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 undo oam enable Sysname GigabitEthernet1 0 1 oam mode active reset oam Syntax reset oam interface interface type interface number View User view Default Level 2 System level Parameters interface interface type interface number Specify a port by its type and number Description Use the reset oam co...

Page 914: ...5 17 Sysname reset oam ...

Page 915: ...ies the ID of an MEP ranging from 1 to 8191 Description Use the cfd cc enable command to enable CCM sending on a specified MEP Use the undo cfd cc enable command to cancel the configuration By default the CCM sending function is disabled Related commands cfd cc interval Examples On port GigabitEthernet 1 0 1 Enable CCM sending on service point 3 Sysname system view Sysname interface gigabitetherne...

Page 916: ...nship between the interval field value in the CCM messages the time interval to send CCM messages and the timeout time of the remote MEP is illustrated in Table 6 1 Table 6 1 Relationship of interval field value time interval for sending CCMs and timeout time of remote MEP Interval field value Time interval for CCM Timeout time of remote MEP 4 1 second 3 5 seconds 5 10 second 35 seconds 6 60 secon...

Page 917: ...p id Specifies the ID of the MEP that receives LTM ranging from 1 to 8191 target mac mac address Specifies the destination MAC address in the format of H H H ttl ttl value Specifies the time to live value ranging from 1 to 255 and defaulting to 64 hw only Indicates the hw only position of the LTMs sent When this keyword is present and the MIP that receives LTMs cannot find the destination MAC addr...

Page 918: ... forwarding device found the destination MAC address in its MAC address table z Unknown Indicates that the forwarding device failed to find the destination MAC address in its MAC address table z None Indicates that it is a MEP that responded to the LTM message A MEP does not need to find the destination MAC address cfd linktrace auto detection Syntax cfd linktrace auto detection size size value un...

Page 919: ...mber View System view Default level 2 System level Parameters service instance instance id Specifies the service instance ID ranging from 1 to 32767 mep mep id Specifies the ID of a MEP ranging from 1 to 8191 target mep target mep id Specifies the ID of the destination MEP for LBM packets ranging from 1 to 8191 target mac mac address Specifies the destination MAC address in the format of H H H num...

Page 920: ...LBR messages received Lost Number of lost LBMs cfd ma Syntax cfd ma ma name md md name vlan vlan id undo cfd ma ma name md md name View System view Default level 2 System level Parameters ma name Name of the MA a string of 1 to 48 characters composed of letters numbers or underlines but cannot start with an underline character md md name Specifies the name of an MD a string of 1 to 48 characters c...

Page 921: ...ith an underline character level level value Specifies an MD level ranging from 0 to 7 Description Use the cfd md command to create an MD Use the undo cfd md command to delete an MD By default no MD is created Note that z You can create only one MD with a specific level MD cannot be created if you enter an invalid MD name or an existing MD name z When deleting an MD you will also delete the config...

Page 922: ...o Examples Create inward facing MEP 3 in service instance 5 Sysname system view Sysname cfd md test_md level 3 Sysname cfd ma test_ma md test_md vlan 100 Sysname cfd service instance 5 md test_md ma test_ma Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 cfd mep 3 service instance 5 inbound cfd mep enable Syntax cfd mep service instance instance id mep mep id enable undo cfd m...

Page 923: ... ranging from 1 to 32767 explicit This rule means that if the lower level MA is not configured with MIPs whether the current MA will create MIPs depends on whether the lower level MA is configured with MEPs default This rule means that if the lower level MA is not configured with MIPs the current MA will create MIPs Description Use the cfd mip rule command to configure the rule for generating MIPs...

Page 924: ...ance 5 cfd remote mep Syntax cfd remote mep remote mep id service instance instance id mep mep id undo cfd remote mep remote mep id service instance instance id mep mep id View Ethernet port view Default level 2 System level Parameters remote mep id ID of the remote MEP ranging from 1 to 8191 service instance instance id Specifies the service instance ID ranging from 1 to 32767 mep mep id Specifie...

Page 925: ...es but cannot start with an underline character Description Use the cfd service instance command to create a service instance Use the undo cfd service instance command to delete a service instance By default no service instance is created Note that z You must create MD and MA prior to creating service instance z The service instance ID uniquely identifies an MA in an MD z When deleting a service i...

Page 926: ...ng service instance the information of LTRs of all MEPs is displayed Examples Display the information of LTR message Sysname display cfd linktrace reply Service instance 1 MEP ID 1003 MAC Address TTL Forwarded Relay Action 00E0 FC27 6502 63 Yes Found 00E0 FC00 6510 62 Yes Found 00E0 FC52 BAA0 61 No None Service instance 2 MEP ID 1023 MAC Address TTL Forwarded Relay Action 00E0 FC27 6502 63 No None...

Page 927: ...uto detections ranging from 1 to 100 Description Use the display cfd linktrace reply auto detection command to display the content of the LTR messages received as responses to the automatically sent LTMs Note that z These LTR messages are stored in the buffer after you executed the cfd linktrace auto detection command z With the size keyword not specified this command displays the information of a...

Page 928: ...the destination MAC address in its MAC address table z Unknown Indicates that the forwarding device failed to find the destination MAC address in its MAC address table z None Indicates that it is a MEP that responded to the LTM message A MEP does not need to find the destination MAC address display cfd ma Syntax display cfd ma ma name md md name View Any view Default level 2 System level Parameter...

Page 929: ... 6 Maintenance association matest_16 Service instance 0 VLAN 100 Level 6 Maintenance domain mdtest_7 1 maintenance association s belong s to maintenance domain mdtest_7 Maintenance association matest_7 Service instance 7 VLAN 7 Level 7 Table 6 7 display cfd ma command output description Field Description 3 maintenance domain s configured Number of MDs configured Maintenance domain Name of the MD 1...

Page 930: ... Level 4 Maintenance domain mdtest_4 Level 5 Maintenance domain mdtest_5 Level 6 Maintenance domain mdtest_6 Level 7 Maintenance domain mdtest_7 Table 6 8 display cfd md command output description Field Description 8 maintenance domain s configured Number of MDs configured Level Level of MD each level allows only one MD Maintenance domain Name of MD display cfd mep Syntax display cfd mep mep id se...

Page 931: ...R 0 ReceiveInOrderLBR 0 ReceiveOutOrderLBR 0 Linktrace NextSeqNumber 8877 SendLTR 0 ReceiveLTM 0 No CCM from some remote MEPs is received One or more streams of error CCMs is received The last received CCM Maintenance domain mdtest1 Maintenance association matest1 MEP 5 Sequence Number 0x50A MAC Address 000F E25D F31B Received Time 2008 04 26 12 51 31 One or more streams of cross connect CCMs is r...

Page 932: ...InOrderLBR Number of LBR messages received in correct sequence ReceiveOutOrderLBR Number of LBR messages received out of order Linktrace Information related to linktrace NextSeqNumber Sequence number of the next LTM to be sent SendLTR Number of LTRs sent ReceiveLTM Number of LTMs received No CCM from some remote MEPs is received Failure to receive CCMs from some remote MEPs This information is dis...

Page 933: ...umber Description Use the display cfd mp command to display the MP information Note that z If no port is specified this command displays the MP information on all ports z The information displayed is sorted by port name primarily in the ascending VLAN ID order within the same port and in the order of outward facing MEPs from low to high level MIPs and inward facing MEPs from high to low level with...

Page 934: ...onfiguration of the specified VLAN on the specified port MEP ID ID of the MEP MIP A MIP in the MP Level MD level that an MP belongs to Service instance Service instance to which the MP belongs Direction Direction of the MP Maintenance domain MD to which an MP belongs Maintenance association MA to which an MP belongs display cfd remote mep Syntax display cfd remote mep service instance instance id ...

Page 935: ... of the remote MEP when it is FAILED or OK MAC Status State of the port indicated by the last CCM received from the remote MEP either UP or DOWN display cfd service instance Syntax display cfd service instance instance id View Any view Default level 2 System level Parameters instance id Service instance ranging from 1 to 32767 Description Use the display cfd service instance command to display the...

Page 936: ...ay cfd service instance command output description Field Description 2 service instance s are configured Number of service instance configured Service instance 5 Service instance ID Maintenance domain MD of the service instance Maintenance association MA of the service instances Level MD level VLAN VLAN that the MA belongs to MIP rule MIP generation rules configured on service instance CCM interva...

Page 937: ...6 23 Parameters None Description Use the display cfd status command to display the status of CFD enabled or disabled Examples Display the status of CFD Sysname display cfd status CFD is enabled ...

Page 938: ...ion Use the display track command to display Track object information Examples Display information about all the Track objects Sysname display track all Track ID 1 Status Positive Reference Object NQA Entry admin test Reaction 10 Table 7 1 display track command output description Field Description Track ID ID of a Track object Status Status of a Track object z Positive The Track object is normal z...

Page 939: ...itive operation tag is the NQA operation tag a string of 1 to 32 characters case insensitive reaction item num Specifies the Reaction entry to be associated with the Track object item num is the Reaction entry ID in the range 1 to 10 Description Use the track command to create the Track object to be associated with the specified Reaction entry of the NQA test group Use the undo track command to re...

Page 940: ...story command max size 1 13 idle timeout 1 13 lock 1 14 parity 1 15 protocol inbound 1 16 screen length 1 16 send 1 17 set authentication password 1 18 shell 1 19 speed 1 20 stopbits 1 20 sysname 1 21 telnet 1 22 telnet ipv6 1 23 telnet client source 1 24 telnet server enable 1 24 terminal type 1 25 user interface 1 26 user privilege level 1 26 2 Commands for Controlling Login Users 2 1 Commands f...

Page 941: ...per 3 21 super password 3 22 sysname 3 23 system view 3 24 4 Device Management Commands 4 1 Device Management Commands 4 1 boot loader file 4 1 bootrom 4 2 bootrom update security check enable 4 4 display boot loader 4 4 display cpu usage 4 5 display cpu usage history 4 7 display device 4 10 display device manuinfo 4 11 display environment 4 12 display fan 4 13 display memory 4 13 display power 4 ...

Page 942: ...onfiguration File Management Commands 5 15 archive configuration 5 15 archive configuration interval 5 16 archive configuration location 5 17 archive configuration max 5 18 backup startup configuration 5 19 configuration replace file 5 20 display archive configuration 5 20 display saved configuration 5 21 display startup 5 23 reset saved configuration 5 24 restore startup configuration 5 25 save 5...

Page 943: ... open ipv6 6 21 passive 6 22 put 6 23 pwd 6 23 quit 6 24 remotehelp 6 24 rmdir 6 27 user 6 27 verbose 6 28 7 TFTP Configuration Commands 7 1 TFTP Client Configuration Commands 7 1 display tftp client configuration 7 1 tftp server acl 7 1 tftp 7 2 tftp client source 7 4 tftp ipv6 7 5 8 HTTP Configuration Commands 8 1 HTTP Configuration Commands 8 1 display ip http 8 1 ip http acl 8 2 ip http enable...

Page 944: ... 12 snmp agent community 10 13 snmp agent group 10 15 snmp agent local engineid 10 16 snmp agent log 10 17 snmp agent mib view 10 17 snmp agent packet max size 10 18 snmp agent sys info 10 19 snmp agent target host 10 20 snmp agent trap enable 10 22 snmp agent trap if mib link extended 10 23 snmp agent trap life 10 24 snmp agent trap queue size 10 24 snmp agent trap source 10 25 snmp agent usm use...

Page 945: ...rmation interval 14 2 mac address information mode 14 3 mac address information queue length 14 4 15 System Maintaining and Debugging Commands 15 1 System Maintaining Commands 15 1 ping 15 1 ping ipv6 15 4 tracert 15 6 tracert ipv6 15 7 System Debugging Commands 15 8 debugging 15 8 display debugging 15 9 16 Information Center Configuration Commands 16 1 Information Center Configuration Commands 16...

Page 946: ...NQA Configuration Commands 18 1 NQA Client Configuration Commands 18 1 advantage factor 18 1 codec type 18 1 data fill 18 2 data size 18 3 description any NQA test type view 18 4 destination ip 18 5 destination port 18 5 display nqa history 18 6 display nqa result 18 7 display nqa statistics 18 11 filename 18 16 frequency 18 16 history records 18 17 http version 18 18 next hop 18 18 nqa 18 19 nqa ...

Page 947: ...onfiguration Commands 19 1 display ntp service sessions 19 1 display ntp service status 19 3 display ntp service trace 19 4 ntp service access 19 5 ntp service authentication enable 19 6 ntp service authentication keyid 19 7 ntp service broadcast client 19 8 ntp service broadcast server 19 8 ntp service in interface disable 19 9 ntp service max dynamic sessions 19 9 ntp service multicast client 19...

Page 948: ...r mac 20 22 cluster mac syn interval 20 23 cluster snmp agent community 20 24 cluster snmp agent group v3 20 25 cluster snmp agent mib view included 20 26 cluster snmp agent usm user v3 20 26 delete member 20 28 display cluster 20 28 display cluster base topology 20 30 display cluster black list 20 32 display cluster candidates 20 32 display cluster current topology 20 34 display cluster members 2...

Page 949: ... mac address persistent 21 8 irf member priority 21 8 irf member renumber 21 10 irf member irf port 21 11 irf switch to 21 12 22 IPC Configuration Commands 22 1 IPC Configuration Commands 22 1 display ipc channel 22 1 display ipc link 22 2 display ipc multicast group 22 3 display ipc node 22 4 display ipc packet 22 4 display ipc performance 22 5 display ipc queue 22 7 ipc performance enable 22 8 r...

Page 950: ...ing of 1 to 3 characters to define a shortcut key In the latter case the system takes only the first character to define the shortcut key For example if you input an ASCII code value 97 the system will set the shortcut key to a if you input the string b c the system will set the shortcut key to b You may use the display current configuration command to verify the shortcut key you have defined By d...

Page 951: ... none Does not authenticate users password Authenticates users using the local password scheme Authenticates users locally or remotely using usernames and passwords Description Use the authentication mode command to specify the authentication mode z If you specify the password keyword to authenticate users using the local password remember to set the local password using the set authentication pas...

Page 952: ...ux0 authentication mode password auto execute command Syntax auto execute command text undo auto execute command View User interface view Default Level 3 Manage level Parameters text Command to be executed automatically Description Use the auto execute command command to set the command that is executed automatically after a user logs in Use the undo auto execute command command to disable the spe...

Page 953: ...you sure Y N y After the above configuration when a user logs onto the device through VTY 0 the device automatically executes the configured command and logs off the current user command accounting Syntax command accounting undo command accounting View User interface view Default Level 3 Manage level Parameters None Description Use the command accounting command to enable command accounting Use th...

Page 954: ...command authorization Use the undo command authorization command to restore the default By default command authorization is disabled that is logged in users can execute commands without authorization With command authorization enabled users logging in from the current user interface can perform commands authorized by the server Examples Enable command accounting for VTY 0 Then users logging in thr...

Page 955: ...is 8 3COM switch 4510G only support data bits 7 and 8 To establish the connection again you need to modify the configuration of the termination emulation utility running on your PC accordingly Examples Set the data bits to 7 Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 databits 7 display telnet client configuration Syntax display teln...

Page 956: ... if you provide the type argument summary Displays the summary information about a user interface Description Use the display user interface command to view information about the specified or all user interfaces When the summary keyword is absent the command will display the type of the user interface the absolute or relative number the speed the user privilege level the authentication mode and th...

Page 957: ...terface Type User interface type and the relative index Tx Rx Transmission speed of the user interface Modem Indicates whether or not a modem is used Privi The available command level Auth The authentication mode Int The physical position of the user interface display users Syntax display users all View Any view Default Level 1 Monitor level Parameters all Displays the information about all user i...

Page 958: ...bout the current user interface and the current user interface operates in asynchronous mode UI The numbers in the left sub column are the absolute user interface indexes and those in the right sub column are the relative user interface indexes Delay The period in seconds the user interface idles for Type User type Userlevel The level of the commands available to the users logging into the user in...

Page 959: ...View User interface view Default Level 3 Manage level Parameters default Restores the default escape key combination Ctrl C character Specifies the shortcut key for aborting a task a single character or its corresponding ASCII code value in the range 0 to 127 or a string of 1 to 3 characters Description Use the escape key command to define a shortcut key for aborting tasks Use the undo escape key ...

Page 960: ... 23 46 ping statistics 2 packet s transmitted 0 packet s received 100 00 packet loss Enter Q if the ping task is terminated and return to the current view the configuration is correct Sysname flow control Syntax flow control hardware none software undo flow control View AUX interface view Default Level 2 System level Parameters hardware Configures to perform hardware flow control none Configures n...

Page 961: ...dex of the type When the type is AUX the number is 0 when the type is VTY the number ranges from 0 to 4 z Absolute user interface index If you do not provide the type argument number indicates absolute user interface index which ranges from 0 to 5 Description Use the free user interface command to clear a specified user interface If you execute this command the corresponding user interface will be...

Page 962: ...ory command buffer Use the undo history command max size command to revert to the default history command buffer size Examples Set the size of the history command buffer to 20 to enable it to store up to 20 commands Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 history command max size 20 idle timeout Syntax idle timeout minutes second...

Page 963: ...ame user interface aux 0 Sysname ui aux0 idle timeout 1 0 lock Syntax lock View User view Default Level 3 Manage level Parameters None Description Use the lock command to lock the current user interface to prevent unauthorized users from operating the user interface With the execution of this command the system prompts to enter and confirm the password up to 16 characters and then locks the user i...

Page 964: ...rity command to set the check mode of the user interface Use the undo parity command to revert to the default check mode No check is performed by default 3COM switch 4510G support the even none and odd check modes only To establish the connection again you need to modify the configuration of the termination emulation utility running on your PC accordingly Examples Set to perform mark checks Sysnam...

Page 965: ...ted command user interface vty If you want to configure the user interface to support SSH to ensure a successful login you must first configure the authentication mode to scheme on the user interface If you set the authentication mode to password or none the protocol inbound ssh command will fail Refer to authentication mode Examples Configure VTY 0 to support only SSH protocol Sysname system view...

Page 966: ...i aux0 screen length 20 send Syntax send all number type number View User view Default Level 1 Monitor level Parameters all Specifies to send messages to all user interfaces type User interface type number Absolute user interface index or relative user interface index z Relative user interface index If you provide the type argument the number argument indicates the user interface index of the type...

Page 967: ...text if you specify the simple keyword in the set authentication password command If you specify the cipher keyword the password can be in either encrypted text or plain text Whether the password is in encrypted text or plain text depends on the password string entered Strings containing up to 16 characters such as 123 are regarded as plain text passwords and are converted to the corresponding 24 ...

Page 968: ...user interface Use the undo shell command to make terminal services unavailable to the user interface By default terminal services are available in all user interfaces Note the following when using the undo shell command z This command is available in all user interfaces except the AUX user interface because the AUX port also the Console is exclusively used for configuring the switch z This comman...

Page 969: ...undo speed command to revert to the default transmission speed After you use the speed command to configure the transmission speed of the AUX user interface you must change the corresponding configuration of the terminal emulation program running on the PC to keep the configuration consistent with that on the switch Examples Set the transmission speed of the AUX user interface to 9600 bps Sysname ...

Page 970: ...erminal emulation program with stopbits set to 1 5 z Changing the stop bits value of the switch to a value different from that of the terminal emulation utility does not affect the communication between them Examples Set the stop bits to 2 Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 stopbits 2 sysname Syntax sysname string undo sysna...

Page 971: ... the remote system The host name is a string of 1 to 20 characters which can be specified using the ip host command port number TCP port number assigned to Telnet service on the remote system in the range 0 to 65535 ip address Source IP address of the packets sent by the Telnet client interface type interface number Type and number of the interface through which the Telnet client sends packets Des...

Page 972: ...ddress can be up to 46 characters a host name is a string of 1 to 20 characters i interface type interface number Specifies the outbound interface by interface type and interface number The outbound interface is required when the destination address is a local link address port number TCP port number assigned to Telnet service on the remote system in the range 0 to 65535 and defaults to 23 Descrip...

Page 973: ... the telnet client source command to specify the source IP address or source interface for the Telnet packets to be sent Use the undo telnet client source command to remove the source IP address or source interface configured for Telnet packets By default source IP address or source interface of the Telnet packets sent is not configured Examples Specify the source IP address for Telnet packets Sys...

Page 974: ...t server enable Close Telnet server terminal type Syntax terminal type ansi vt100 undo terminal type View User interface view Default Level 2 System level Parameters ansi Specifies the terminal display type to ANSI vt100 Specifies the terminal display type to VT100 Description Use the terminal type command to configure the type of terminal display Use the undo terminal type command to restore the ...

Page 975: ...ace to be configured last number User interface index which identifies the last user interface to be configured Description Use the user interface command to enter one or more user interface views to perform configuration Examples Enter VTY 0 user interface view Sysname system view System View return to User View with Ctrl Z Sysname user interface vty 0 Sysname ui vty0 user privilege level Syntax ...

Page 976: ...ed in configuration files z System level Commands of this level are used to configure services Commands concerning routing and network layers are of system level You can utilize network services by using these commands z Manage level Commands of this level are for the operation of the entire system and the system supporting modules Services are supported by these commands Commands concerning file ...

Page 977: ...9 inbound Filters the users Telnetting to the current switch outbound Filters the users Telnetting to other switches from the current switch Description Use the acl command to apply an ACL to filter Telnet users Use the undo acl command to disable the switch from filtering Telnet users using the ACL Note that if you use Layer 2 ACL rules you can only choose the inbound keyword in the command here ...

Page 978: ...er userid Web user ID username User name of the Web user This argument can contain 1 to 80 characters all Specifies all Web users Description Use the free web users command to disconnect a specified Web user or all Web users by force Example Disconnect all Web users by force Sysname free web users all ...

Page 979: ... varies with months and YYYY is a year in the range 2000 to 2035 Description Use the clock datetime command to set the current time and date of the device The current time and date of the device must be set in an environment that requires the acquisition of absolute time You may choose not to provide seconds when inputting the time parameters Related commands clock summer time one off clock summer...

Page 980: ...t date to the end time of the end date Daylight saving time adds the add time to the current time of the device Use the undo clock summer time command to cancel the configuration of the daylight saving time After the configuration takes effect you can use the display clock command to view it Besides the time of the log or debug information is the local time of which the time zone and daylight savi...

Page 981: ...xcept for indicating 0 hours end date End date which can be set in two ways z Enter the year month and date at one time in the format of MM DD YYYY months days years or YYYY MM DD z Enter the year month and date one by one separated by spaces The year ranges from 2000 to 2035 the month can be January February March April May June July August September October November or December the end week can ...

Page 982: ...0 00 08 01 2007 06 00 00 09 01 2007 01 00 00 clock timezone Syntax clock timezone zone name add minus zone offset undo clock timezone View System view Default Level 3 Manage level Parameters zone name Time zone name a string of 1 to 32 characters It is case sensitive add Positive offset to universal time coordinated UTC time minus Negative offset to UTC time zone offset Offset to UTC time In the f...

Page 983: ...ble the command alias function Use the undo command alias enable command to disable the command alias function By default the command alias function is disabled that is you cannot configure command aliases Examples Enable the command alias function Sysname system view Sysname command alias enable Disable the command alias function Sysname system view Sysname undo command alias enable command alias...

Page 984: ...nd you can input the alias to view the system time and date Delete the command aliases by canceling the replacement of the display keyword Sysname system view Sysname undo command alias mapping display command privilege level Syntax command privilege level level view view command undo command privilege view view command View System view Default Level 3 Manage level Parameters level level Command l...

Page 985: ...tion filename argument z When you configure the undo command privilege view command the value of the command argument can be an abbreviated form of the specified command that is you only need to enter the keywords at the beginning of the command For example after the undo command privilege view system ftp command is executed all commands starting with the keyword ftp such as ftp server acl ftp ser...

Page 986: ...of 3Com Corporation and its licensors any reproduction republication redistribution decompiling reverse engineering is strictly prohibited Any unauthorized use of this software or any portion of it may result in severe civil and criminal penalties and will be prosecuted to the maximum extent possible under the applicable law Sysname z If a user has already logged in through the console port and th...

Page 987: ... content to the clipboard Move the cursor to the starting position of the content and press the Esc Shift combination is an English comma Move the cursor to the ending position of the content and press the Esc Shift combination is an English dot to copy the specified content to the clipboard Examples View the content of the clipboard Sysname display clipboard CLIPBOARD display arp all display cloc...

Page 988: ...rent time and date Sysname display clock 09 41 23 UTC Thu 12 15 2005 display command alias Syntax display command alias View Any view Default Level 1 Monitor level Parameters None Description Use the display configure user command to display defined command aliases and the corresponding commands Examples Display the defined command aliases and the corresponding commands Sysname display command ali...

Page 989: ... lines that do not match the regular expression z include Displays only the lines that match the regular expression regular expression Regular expression a string of 1 to 256 characters Note that this argument is case sensitive and can have spaces included Description Use the display current configuration command to display the current validated configuration of a device You can use the display cu...

Page 990: ...amples Display the factory defaults of the device The factory defaults vary with device models The detailed displays are omitted here Sysname display default configuration display diagnostic information Syntax display diagnostic information View Any view Default Level 1 Monitor level Parameters None Description Use the display diagnostic information command to display or save the statistics of eac...

Page 991: ...of each module s running status in the system Sysname display diagnostic information Save or display diagnostic information Y save N display Y N n display history command Syntax display history command View Any view Default Level 1 Monitor level Parameters None Description Use the display history command command to display commands saved in the history buffer The system will save validated history...

Page 992: ...ed hotkeys Hotkeys Command CTRL_T NULL CTRL_U NULL System hotkeys Hotkeys Function CTRL_A Move the cursor to the beginning of the current line CTRL_B Move the cursor one character left CTRL_C Stop current command function CTRL_D Erase current character CTRL_E Move the cursor to the end of the current line CTRL_F Move the cursor one character right CTRL_H Erase the character left of the cursor CTRL...

Page 993: ...of each line Description Use the display this command to display the validated configuration under the current view After finishing a set of configurations under a view you can use the display this command to check whether the configuration takes effect Note that z A parameter is not displayed if it has the default configuration z A parameter is not displayed if the configuration has not taken eff...

Page 994: ...face boards Examples Display system version information The system version information varies with devices Sysname display version header Syntax header incoming legal login motd shell text undo header incoming legal login motd shell View System view Default Level 2 System level Parameters incoming Sets the banner displayed when a Modem login user enters user view If authentication is needed the in...

Page 995: ...character Welcome to login header login Sysname header motd Please input banner content and quit with the character Welcome to motd header motd Sysname header shell Please input banner content and quit with the character Welcome to shell header shell The character is the starting ending character of text in this example Entering after the displayed text quits the header command As the starting and...

Page 996: ...lt Level 2 System level Parameters CTRL_G Assigns the hot key Ctrl G to a command CTRL_L Assigns the hot key Ctrl L to a command CTRL_O Assigns the hot key Ctrl O to a command CTRL_T Assigns the hot key Ctrl T to a command CTRL_U Assigns the hot key Ctrl U to a command command The command line associated with the hot key Description Use the hotkey command to assign a hot key to a command line Use ...

Page 997: ... left CTRL_C Stop current command function CTRL_D Erase current character CTRL_E Move the cursor to the end of the current line CTRL_F Move the cursor one character right CTRL_H Erase the character left of the cursor CTRL_K Kill outgoing connection CTRL_N Display the next command from the history buffer CTRL_P Display the previous command from the history buffer CTRL_R Redisplay the current line C...

Page 998: ...e current connection and quit the system Examples Switch from GigabitEthernet1 0 1 interface view to system view and then to user view Sysname GigabitEthernet1 0 1 quit Sysname quit Sysname return Syntax return View Any view except user view Default Level 2 System level Parameters None Description Use the return command to return to user view from current view not user view You can also use the ho...

Page 999: ...le screen output function of the current user By default a login user uses the settings of the screen length command The default settings of the screen length command are multiple screen output is enabled and 24 lines are displayed on the next screen For the details of the screen length command refer to Login Commands in the System Volume Note that this command is applicable to the current user on...

Page 1000: ...no password is configured the switching fails Therefore before switching a user to a higher user privilege level you should configure the password needed Related commands super password Examples Set the user privilege level to 2 The current user privilege level is 3 Sysname super 2 User privilege level is 2 and only those commands can be used whose level is equal or less than this Privilege note 0...

Page 1001: ...is specified the configuration file saves a simple password z If cipher is specified the configuration file saves a cipher password z The user must always enter a simple password no matter simple or cipher is specified z Cipher passwords are recommended as simple ones are easily getting cracked Examples Set the password to abc in simple form for switching user level to 3 Sysname system view Sysnam...

Page 1002: ... of the CLI For example if the device name is Sysname the prompt of user view is Sysname Examples Set the name of the device to Switch Sysname system view Sysname sysname Switch Switch system view Syntax system view View User view Default Level 2 System level Parameters None Description Use the system view command to enter system view from the current user view Related commands quit return Example...

Page 1003: ...fixed by bin Suffixes vary with devices z If you do not provide arguments drive and path the file with the name file name under the current path is specified You can use the cd command to switch to another path For details of the cd command refer to File System Management Commands in the System Volume slot slot number Specifies the member ID of a device z all Specifies a file as the boot file at t...

Page 1004: ...and join the stack again Related commands display boot loader Examples Specify the main boot file for the master the member ID is 1 for the next device boot as test bin Make sure that the file test bin is already saved on the storage medium of the master otherwise the system prompts error and the execution of the commend fails Sysname boot loader file test bin slot 1 main This command will set the...

Page 1005: ...iew the member IDs of stack members Description Use the bootrom command to read restore back up or upgrade the Boot ROM program on a specified member device s Note the following z To execute the bootrom command successfully you must save the Boot ROM program under the root directory of the storage media on a member device z If the storage medium is on the master you can specify the storage medium ...

Page 1006: ...ne Description Use the bootrom update security check enable command to enable the validity check function Use the undo bootrom update security check enable command to disable the validity check function By default the validity check function is enabled at the time of upgrading Boot ROM After the validity check function is enabled the device will strictly check whether the Boot ROM upgrade files ar...

Page 1007: ...tput description Field Description Slot 1 The member ID of the device is 1 The current boot app is Boot file used for the device for the current device boot The main boot app is Main boot file used for the device for the next device boot The backup boot app is Backup boot file used for the device for the next device boot display cpu usage Syntax display cpu usage slot slot number cpu cpu number di...

Page 1008: ...CPU usage statistics of all CPUs of the specified board or member device Description Use the display cpu usage command to display the CPU usage statistics The system takes statistics of CPU usage at intervals usually every 60 seconds and saves the statistical results in the history record area display cpu usage entry number indicates the system displays entry number records from the newest last re...

Page 1009: ...from 0 a smaller number equals a newer record idx index of the current record in the history record table If only the information of the current record is displayed no and idx are not displayed CPU Usage Stat Cycle CPU usage measurement interval in seconds For example if the value is 41 it indicates that the average CPU usage during the last 41 seconds is calculated The value range of this field i...

Page 1010: ...f the main CPU Description Use the display cpu usage history command to display the history statistics of the CPU usage in a chart If no argument is provided the system displays the CPU usage of the master The system takes statistics of the CPU usage at an interval and saves the statistical results in the history record area You can use the display cpu usage history command to display the CPU usag...

Page 1011: ... sixteenth and seventeenth minute 10 in the eighteenth minute 5 in the nineteenth minute and 2 or lower than 2 at other times Display the CPU usage statistics of task 6 Sysname display cpu usage history task 6 100 95 90 85 80 75 70 65 60 55 50 45 40 35 30 25 20 15 10 5 10 20 30 40 50 60 minutes cpu usage last 60 minutes T03M The above output information indicates the CPU usage of task 6 with the t...

Page 1012: ...umber Displays information of the specified subboard The subslot number represents the subslot of a subboard verbose Displays detailed information Description Use the display device command to display information about the device Examples Display the information of all stack members Sysname display device Slot 1 SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type State 0 28 REV C NULL 002...

Page 1013: ...evice during debugging or test of device The information includes name of the board device serial number and vendor name This command displays part of the electrical label information of the device Examples Display electrical label information Sysname display device manuinfo slot 1 DEVICE_NAME S4510G 28C EI DEVICE_SERIAL_NUMBER 210235A2540000000001 MAC_ADDRESS 001C C5BC 3111 MANUFACTURING_DATE 200...

Page 1014: ... the current temperature and temperature thresholds of boards Examples Display the temperature information of the device Sysname display environment System Temperature information degree centigrade SlotNo Temperature Lower limit Upper limit 1 34 0 55 2 34 0 55 Table 4 5 display environment command output description Field Description System Temperature information degree centigrade Temperature inf...

Page 1015: ...ot slot number depends on the device model You can use the display irf command to view the member IDs of devices in a stack system If the slot number argument is not provided the system displays the operating state of fans of all member devices Description Use the display fan command to display the operating state of built in fans Examples Display the operating state of all fans in a device Sysnam...

Page 1016: ...vice Sysname display memory System Total Memory bytes 431869088 Total Used Memory bytes 71963156 Used Rate 16 Table 4 6 display memory command output description Field Description System Total Memory bytes Total size of the system memory in bytes Total Used Memory bytes Size of the memory used in bytes Used Rate Percentage of the memory used to the total memory display power Syntax display power s...

Page 1017: ...number represents the member ID of the device You can use the display irf command to view the member IDs of devices in a stack system Description Use the display reboot type command to display the reboot mode of the device If no keyword is provided the system displays the reboot mode of the master Examples Display the reboot mode of the device Sysname display reboot type The rebooting type this ti...

Page 1018: ...ack system If the slot number argument is not provided the system displays the RPS status of all stack members rps id Displays the status of the specified RPS where rps id represents the RPS number The value varies with devices Description Use the display rps command to display status of the RPS Examples Display RPS status of the device Sysname display rps Slot 1 Power 2 State Absent Slot 2 Power ...

Page 1019: ...become invalid and then when you execute the display schedule job command again the system displays nothing display schedule reboot Syntax display schedule reboot View Any view Default Level 3 Manage level Parameters None Description Use the display schedule reboot command to display the device reboot time set by the user Related commands schedule reboot at and schedule reboot delay Examples Displ...

Page 1020: ...he current alarm information of the pluggable transceiver plugged in the specified interface interface type interface number represents interface type and interface number If it is not specified the command displays the current alarm information of the pluggable transceiver in all the interfaces Description Use the display transceiver alarm command to display the current alarm information of a sin...

Page 1021: ...ot supported by port hardware Transceiver type is not supported on the port XFP RX loss of signal Incoming RX signal is lost RX not ready RX is not ready RX CDR loss of lock RX clock cannot be recovered RX power high RX power is high RX power low RX power is low TX not ready TX is not ready TX fault TX fault TX CDR loss of lock TX clock cannot be recovered TX bias high TX bias current is high TX b...

Page 1022: ...layer receive local fault RX power high RX power is high RX power low RX power is low Laser bias current fault Laser bias current fault Laser temperature fault Laser temperature fault Laser output power fault Laser output power fault TX fault TX fault PMA PMD receiver local fault PMA PMD receiver local fault PCS receive local fault PCS receive local fault PHY XS receive local fault PHY XS receive ...

Page 1023: ...f digital diagnosis parameters of the 3COM customized anti spoofing pluggable optical transceiver plugged in the specified interface interface type interface number represents interface type and interface number If it is not specified the command displays the currently measured value of digital diagnosis parameters of 3COM customized anti spoofing pluggable optical transceivers in all the interfac...

Page 1024: ...ansceiver Syntax display transceiver interface interface type interface number View Any view Default Level 2 System level Parameters interface interface type interface number Displays main parameters of the pluggable transceiver plugged in the specified interface interface type interface number represents interface type and interface number If it is not specified the command displays main paramete...

Page 1025: ...ance with xx representing km for single mode transceivers and m for other transceivers If the transceiver supports multiple transfer medium every two values of the transfer distance are separated by a comma The corresponding transfer medium is included in the bracket following the transfer distance value The following are the transfer media z 9 um 9 125 um single mode fiber z 50 um 50 125 um multi...

Page 1026: ...ti spoofing pluggable transceiver plugged in interface GigabitEthernet1 0 4 Sysname display transceiver manuinfo interface gigabitethernet1 0 4 GigabitEthernet1 0 4 transceiver manufacture information Manu Serial Number 213410A0000054000251 Manufacturing Date 2006 09 01 Vendor Name 3COM Table 4 11 display transceiver manuinfo command output description Field Description Manu Serial Number Serial n...

Page 1027: ...ackup boot file to restart the device z If you are performing file operations when the device is to be rebooted the system does not execute the command for the sake of security Examples If the current configuration does not change reboot the device Sysname reboot Start to check configuration with next startup configuration file please wait DONE This command will reboot the device Continue Y N y No...

Page 1028: ...rom 0 to 59 The value of hh mm cannot exceed 23 59 z date Execution date of the command in the format of MM DD YYYY month day year or YYYY MM DD year month day The YYYY value ranges from 2000 to 2035 the MM value ranges from 1 to 12 and the DD value range depends on a specific month delay time2 Specifies the execution waiting time of a specified command time2 represents the waiting time which can ...

Page 1029: ...ified command you do not need to input any information If there is information for you to confirm the system automatically inputs Y or Yes if certain characters need to be input the system automatically inputs a default character string and inputs an empty character string when there is no default character string z For the commands used to switch user interfaces such as telnet ftp and ssh2 the co...

Page 1030: ... time is earlier than the current time the device will be rebooted at the reboot time the next day z If you are performing file operations when the device is to be rebooted the system does not execute the command for the sake of security Note that z The precision of the device timer is 1 minute One minute before the reboot time the device will prompt REBOOT IN ONE MINUTE and will be rebooted in on...

Page 1031: ...lt Level 3 Manage level Parameters hh mm Device reboot wait time in the format of hh mm hours minutes The value of the hh argument ranges from 0 to 720 and the value of the mm argument ranges from 0 to 59 and the value of the hh mm argument cannot exceed 720 00 mm Device reboot wait time in minutes in the range of 0 to 43 200 Description Use the schedule reboot delay command to enable the schedule...

Page 1032: ...88 minutes supposing the current time is 11 48 Sysname schedule reboot delay 88 Reboot system at 13 16 06 06 2006 in 1 hour s and 28 minute s confirm Y N If you have used the terminal logging command to enable the log display function on the terminal before setting a reboot time the system will automatically display related log information after you enter y By default the log display function is e...

Page 1033: ... T1 the interface which is down will be brought up immediately Examples Set the detection interval to 100 seconds Sysname system view Sysname shutdown interval 100 startup bootrom access enable Syntax startup bootrom access enable undo startup bootrom access enable View User view Default Level 2 System level Parameters None Description Use the startup bootrom access enable command to enable Boot R...

Page 1034: ...es that when the system detects any software abnormality it recovers itself through automatic reboot Description Use the system failure command to configure the exception handling method on all member devices By default all member devices adopt the reboot method to handle exceptions The exception handling method is effective to the failed member device only and does not influence the operations of...

Page 1035: ... medium which is flash for the switch 4510G s not specified it indicates the file or subfolder under the current directory Returns to the upper directory If the current working directory is the root directory or there is no such an upper directory the current working directory is not changed after the execution of the cd command No command line help for this keyword Returns to the root directory o...

Page 1036: ...e or folder Description Use the copy command to copy a file If you specify a target folder the system will copy the file to the specified folder and use the name of the source file as the file name Examples Copy file testcfg cfg under the current folder and save it as testbackup cfg Sysname copy testcfg cfg testbackup cfg Copy flash test cfg to flash testbackup cfg Y N y Copy file flash test cfg t...

Page 1037: ...r permanently delete it with the reset recycle bin command The dir all command can display the files moved to the recycle bin These files are enclosed in pairs of brackets If you delete two files in different directories but with the same filename only the last one is retained in the recycle bin Examples Remove file tt cfg from the root directory of the storage medium on the master after logging i...

Page 1038: ...n files hidden sub folders and the files in the recycle bin that originally belong to the current directory The names of these deleted files are enclosed in pairs of brackets The dir file url command displays information about a file or folder Examples Display information about all files and folders in the storage medium of the master after logging in to the device Sysname dir all Directory of fla...

Page 1039: ...key 7 rwh 548 Apr 26 2008 14 31 52 dsakey 8 rw 3035 Apr 26 2008 13 45 36 new config cfg 9 drw Apr 26 2008 12 11 53 oldver 31496 KB total 1839 KB free Table 5 1 dir command output description Field Description Directory of The current working directory d Directory If it is not displayed it indicates that the displayed item is a file r The directory or file is readable w The directory or file is wri...

Page 1040: ...meaning that the valid configuration information can be displayed with the display current configuration command after this command is configured successfully otherwise this command may not be executed correctly Examples Execute the batch file test bat in the root directory Sysname system view Sysname execute test bat file prompt Syntax file prompt alert quiet View System view Default Level 3 Mana...

Page 1041: ...e abnormal operation Note that you can execute the fixdisk command for the storage medium on the master but you cannot execute the command for the storage medium on the slaves Examples Restore the space of the flash Sysname fixdisk flash Fixdisk flash may take some time to complete Fixdisk flash completed format Syntax format device View User view Default Level 3 Manage level Parameters device Nam...

Page 1042: ...meters directory Name of a folder Description Use the mkdir command to create a folder under a specified directory on the storage medium Note that z The name of the folder to be created must be unique under the specified directory Otherwise you will fail to create the folder under the directory z To use this command to create a folder the specified directory must exist For instance to create folde...

Page 1043: ...ame Description Use the more command to display the contents of the specified file So far this command is valid only for text files Examples Display the contents of file test txt Sysname more test txt Welcome to 4510G Display the contents of file testcfg cfg Sysname more testcfg cfg version 5 20 ESS 2201 sysname Sysname vlan 2 return Sysname Display the contents of file testcfg cfg on a slave with...

Page 1044: ...stem will move the source file to the specified folder with the file name unchanged Examples Move file flash test sample txt to flash and save it as 1 txt Sysname move test sample txt 1 txt Move flash test sample txt to flash 1 txt Y N y Moved file flash test sample txt to flash 1 txt Move file b cfg to the subfolder test2 Sysname move b cfg test2 Move flash b cfg to flash test2 b cfg Y N y Moved ...

Page 1045: ...ce Name of the source file or folder fileurl dest Name of the target file or folder Description Use the rename command to rename a file or folder The target file name must be unique under the current path Examples Rename file sample txt as sample bat Sysname rename sample txt sample bat Rename flash sample txt to flash sample bat Y N y Renamed file flash sample txt to flash sample bat reset recycl...

Page 1046: ... the file to be deleted is not the current directory use the cd command to enter the original directory of the file and then execute the reset recycle bin command Examples Delete file b cfg under the current directory and in the recycle bin z Display all the files in the recycle bin and under the current directory Sysname dir all Directory of flash 0 rw 10471471 Sep 18 2008 02 45 15 4510G bin 1 rw...

Page 1047: ... 55 serverkey 8 rwh 548 Apr 26 2000 12 04 00 dsakey 9 rw 478164 Apr 26 2000 14 52 35 4510G_505 btm 10 rw 368 Apr 26 2000 12 04 04 patch_xxx bin 11 rw 2195 Apr 26 2000 12 43 08 sfp cfg 12 rw 2195 Apr 26 2000 13 08 47 a cfg 31496 KB total 11015 KB free The above information indicates that file flash b cfg is deleted permanently Delete file aa cfg in the subdirectory test and in the recycle bin z Ent...

Page 1048: ...iles in the recycle bin under the folder will be automatically deleted Examples Remove folder mydir Sysname rmdir mydir Rmdir flash mydir Y N y Removed directory flash mydir undelete Syntax undelete file url View User view Default Level 3 Manage level Parameters file url Name of the file to be restored Description Use the undelete command to restore a file from the recycle bin If another file with...

Page 1049: ...guration Syntax archive configuration View User view Default Level 3 Manage level Parameters None Description Use the archive configuration command to save the current running configuration manually After the execution of this command the system saves the current running configuration with the specified filename filename prefix serial number to the specified path Note the following z Before execut...

Page 1050: ...onfiguration with the specified filename to the specified path at a specified interval the value of the minutes argument Configure an automatic saving interval according to the storage medium performance and the frequency of configuration modification z If the configuration of the device does not change frequently you are recommended to save the current running configuration manually as needed z I...

Page 1051: ...cation command to restore the default By default the path and filename prefix of a saved configuration file are not configured and the system does not save the configuration file periodically Note the following z Before the current running configuration is saved either manually or automatically the file path and filename prefix must be configured z If the undo archive configuration location comman...

Page 1052: ...t if the available memory space is small Description Use the archive configuration max command to set the maximum number of configuration files that can be saved Use the undo archive configuration max command to restore the default By default a maximum of 5 configuration files can be saved Since excessive configuration files occupy large memory space you can use this command to control the number ...

Page 1053: ...tartup on the server Description Use the backup startup configuration command to back up the startup configuration file used at the next system startup to a specified TFTP server If you do not specify this filename the original filename is used For a device that has main and backup startup configuration files this command only backs up the main startup configuration file Presently the device uses ...

Page 1054: ...lename Examples Roll back from the current running configuration to a previous configuration state based on a saved configuration file my_archive_1 cfg Sysname system view Sysname configuration replace file my_archive_1 cfg Info Now replacing the current configuration Please wait Info Succeeded in replacing current configuration with the file my_archive_1 cfg display archive configuration Syntax d...

Page 1055: ...configuration by linenum View Any view Default Level 2 System level Parameters by linenum Identifies each line of displayed information with a line number Description Use the display saved configuration command to display the contents of the configuration file saved for the next startup of the device During device management and maintenance you can use this command to check whether important confi...

Page 1056: ...face NULL0 More The configurations are displayed in the order of global port and user interface More means that all information on this screen has been displayed and if you press the Space key the next screen will be displayed Display the contents of the configuration file saved for the next startup of the device with a number identifying each line Sysname display saved configuration by linenum 1 ...

Page 1057: ...The slaves are started and run based on the current configurations of the master therefore the current startup configuration files displayed on all the member devices in a stack are always the same z After the master is changed the new master does not restart using the configuration file but runs with the current configuration instead Therefore when you execute the display startup command the star...

Page 1058: ...file The backup configuration file used for the next startup Slot 2 The configuration files used for the current and the next startup of the slave with the member ID 2 reset saved configuration Syntax reset saved configuration backup main View User view Default Level 2 System level Parameters backup Deletes the backup startup configuration file main Deletes the main startup configuration file Desc...

Page 1059: ...Default Level 2 System level Parameters src addr IP address or name of a TFTP server The address cannot be an IPv6 address src filename Filename of the configuration file to be downloaded from the specified server Description Use the restore startup configuration command to download a configuration file from the specified TFTP server to the device and specify the configuration file as the startup ...

Page 1060: ...vices in a stack slot slot number Saves the current configuration in the specified filename to a slave slot number represents the member ID of a member device The value range depends on the device model You can use the display stack command to view the member IDs of the member devices in a stack safely Sets the configuration saving mode to safe If this argument is not specified the configuration f...

Page 1061: ...lash successfully Save the current configuration to the root directory of the storage medium on a member device and specify the file as the configuration file for the next startup Sysname display startup MainBoard Current startup saved configuration file NULL Next main startup saved configuration file flash aa cfg Next backup startup saved configuration file NULL Slot 2 Current startup saved confi...

Page 1062: ...test cfg Continue Y N y Now saving current configuration to the device Saving configuration slot2 flash test cfg Please wait Configuration is saved to slot2 flash successfully Or you can use the following command approach 2 Sysname save slot2 flash test cfg slave auto update config Syntax slave auto update config undo slave auto update config View System view Default Level 2 System level Parameter...

Page 1063: ... for the next startup of all the member devices must the same Therefore before using the command ensure that the specified configuration file has been saved to the root directories of the storage media of all the member devices otherwise the command will fail z The startup saved configuration and startup saved configuration main commands have the same effect Both of them are used to specify the ma...

Page 1064: ...5 30 Slot 2 Set next configuration file successfully ...

Page 1065: ...enable ftp timeout ftp update Examples Display the FTP server configuration Sysname display ftp server FTP server is running Max user number 1 User count 1 Timeout value in minute 30 Put Method fast Table 6 1 display ftp server command output description Field Description Max user number Maximum number of login users at a time User count Number of the current login users Timeout value in minute Al...

Page 1066: ... If the name of the logged in user exceeds 10 characters the exceeded characters will be displayed in the next line and right justified for example if the logged in user name is administrator the information is displayed as follows Sysname display ftp user UserName HostIP Port Idle HomeDir administra tor 192 168 0 152 1031 0 flash Table 6 2 display ftp user command output description Field Descrip...

Page 1067: ...P server is terminated after the file transmission Examples Manually release the FTP connection established with username ftpuser Sysname free ftp user ftpuser Are you sure to free FTP user ftpuser Y N y Sysname ftp server acl Syntax ftp server acl acl number undo ftp server acl View System view Default Level 3 Manage level Parameters acl number Basic access control list ACL number in the range 20...

Page 1068: ...ugh FTP Sysname system view Sysname acl number 2001 Sysname acl basic 2001 rule 0 permit source 1 1 1 1 0 Sysname acl basic 2001 rule 1 deny source any Sysname acl basic 2001 quit Sysname ftp server acl 2001 ftp server enable Syntax ftp server enable undo ftp server View System view Default Level 3 Manage level Parameters None Description Use the ftp server enable command to enable the FTP server ...

Page 1069: ...stem resources and affect the login of other FTP users To address this problem you can set an idle timeout timer so that the FTP server can disconnect from the user if no information is received or and transmitted before the timer expires Examples Set the idle timeout timer to 36 minutes Sysname system view Sysname ftp timeout 36 ftp update Syntax ftp update fast normal undo ftp update View System...

Page 1070: ...mpt information in the examples of this section varies with FTP server types ascii Syntax ascii View FTP client view Default Level 3 Manage level Parameters None Description Use the ascii command to set the file transfer mode to ASCII By default the file transfer mode is ASCII The carriage return characters vary with operating systems For example to indicate the end of a line and transfer to the n...

Page 1071: ...lient view Default Level 3 Manage level Parameters None Description Use the binary command to set the file transfer mode to binary also called flow mode By default the transfer mode is ASCII mode Related commands ascii Examples Set the file transfer mode to binary ftp binary 200 Type set to I bye Syntax bye View FTP client view Default Level 3 Manage level Parameters None ...

Page 1072: ...as cdup If the current working directory is the root directory or there is no such an upper directory the current working directory is not changed after the execution of the cd command No command line help for this keyword Returns to the root directory of the storage medium No command line help for this keyword Description Use the cd command to change the current working directory on the remote FT...

Page 1073: ... is work directory Related commands cd pwd Examples Change the current working directory path to the upper directory ftp cdup 200 CDUP command successful close Syntax close View FTP client view Default Level 3 Manage level Parameters None Description Use the close command to terminate the connection to the FTP server but remain in FTP client view This command is equal to the disconnect command Exa...

Page 1074: ... current directory of the FTP server Sysname terminal monitor Sysname terminal debugging Sysname ftp 192 168 1 46 Trying 192 168 1 46 Press CTRL K to abort Connected to 192 168 1 46 220 FTP service ready User 192 168 1 46 none ftp 331 Password required for ftp Password 230 User logged in ftp undo passive ftp debugging ftp get sample file PORT 192 168 1 44 4 21 200 Port command okay The parsed repl...

Page 1075: ...ransfer starts and the signal light is turned on FTPC File transfer completed with the signal light turned off File transfer is completed and the signal light is turned off delete Syntax delete remotefile View FTP client view Default Level 3 Manage level Parameters remotefile File name Description Use the delete command to permanently delete a specified file on the remote FTP server To do this you...

Page 1076: ...der and file related information such as the size and the date they were created If you only need to view the name of all the files and subdirectories under the current directory you can use the Is command Examples View the detailed information of the files and subdirectories under the current directory on the remote FTP server ftp dir 227 Entering Passive Mode 192 168 1 46 5 68 125 ASCII mode dat...

Page 1077: ... 34 ar router cfg disconnect Syntax disconnect View FTP client view Default Level 3 Manage level Parameters None Description Use the disconnect command to disconnect from the remote FTP server but remain in FTP client view This command is equal to the close command Examples Disconnect from the remote FTP server but remain in FTP client view ftp disconnect 221 Server closing display ftp client conf...

Page 1078: ... characters of a remote FTP server service port TCP port number of the remote FTP server in the range 0 to 65535 The default value is 21 interface interface type interface number Specifies the source interface by its type and number The primary IP address configured on this interface is the source address of the transmitted packets If no primary IP address is configured on the source interface the...

Page 1079: ...ss CTRL K to abort Connected to 192 168 0 211 220 FTP Server ready User 192 168 0 211 none abc 331 Password required for abc Password 230 User logged in ftp ftp client source Syntax ftp client source interface interface type interface number ip source ip address undo ftp client source View System view Default Level 2 System level Parameters interface interface type interface number Source interfac...

Page 1080: ...lay ftp client configuration Examples Specify the source IP address of the FTP client as 2 2 2 2 Sysname system view Sysname ftp client source ip 2 2 2 2 Specify the source interface of the FTP client as Vlan interface 1 Sysname system view Sysname ftp client source interface vlan interface 1 ftp ipv6 Syntax ftp ipv6 server address service port source ipv6 source ipv6 address i interface type inte...

Page 1081: ...onnected to 3000 200 220 Welcome User 3000 200 none MY_NAME 331 Please specify the password Password 230 Login successful ftp get Syntax get remotefile localfile View FTP client view Default Level 3 Manage level Parameters remotefile Name of the file to be downloaded localfile File name used after a file is downloaded and saved locally If this argument is not specified the file is saved locally us...

Page 1082: ... Mode 192 168 1 46 4 48 125 ASCII mode data connection already open transfer starting for startup cfg 226 Transfer complete FTP 3608 byte s received in 2 322 second s 1 00K byte s sec lcd Syntax lcd View FTP client view Default Level 3 Manage level Parameters None Description Use the lcd command to display the local working directory of the FTP client Examples Display the local working directory f...

Page 1083: ...and directories on the FTP server whereas the dir command can display other related information of the files and directories such as the size and the date they were created Examples View the information of all files and subdirectories under the current directory of the FTP server ftp ls 227 Entering Passive Mode 192 168 1 50 17 165 125 ASCII mode data connection already open transfer starting for ...

Page 1084: ...FTP server To do this you must be a user with the permission on the FTP server Examples Create subdirectory mytest on the current directory of the remote FTP server ftp mkdir mytest 257 mytest new directory created open Syntax open server address service port View FTP client view Default Level 3 Manage level Parameters server address IP address or host name of a remote FTP server service port Port...

Page 1085: ... 192 168 1 50 220 FTP service ready User 192 168 1 50 none aa 331 Password required for aa Password 230 User logged in ftp open ipv6 Syntax open ipv6 server address service port i interface type interface number View FTP client view Default Level 3 Manage level Parameters server address IP address or host name of the remote FTP server service port Port number of the remote FTP server in the range ...

Page 1086: ... client view Default Level 3 Manage level Parameters None Description Use the passive command to set the data transmission mode to passive Use the undo passive command to set the data transmission mode to active The default transmission mode is passive Data transmission modes fall into the passive mode and the active mode The active mode means that the data connection request is initiated by a ser...

Page 1087: ...d Examples Upload source file vrpcfg cfg on the master to the remote FTP server and save it as ftpclient cfg ftp put vrpcfg cfg ftpclient cfg 227 Entering Passive Mode 192 168 1 46 4 50 125 ASCII mode data connection already open transfer starting for ftpclient cfg 226 Transfer complete FTP 1366 byte s sent in 0 064 second s 21 00Kbyte s sec Upload source file a cfg on the slave with the member ID...

Page 1088: ...rmation indicates that the servertemp folder under the root directory of the remote FTP server is being accessed by the user quit Syntax quit View FTP client view Default Level 3 Manage level Parameters None Description Use the quit command to disconnect from the remote FTP server and exit to user view Examples Disconnect from the remote FTP server and exit to user view ftp quit 221 Server closing...

Page 1089: ...V TYPE STRU MODE RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD LIST NLST SITE SYST STAT HELP NOOP XCUP XCWD XMKD XPWD XRMD 214 Direct comments to 3COM company Display the help information for the user command ftp remotehelp user 214 Syntax USER sp username ftp Table 6 4 remotehelp command output description Field Description 214 Here is a list of available ftp commands The followin...

Page 1090: ...a folder MKD Create a folder PWD Print working directory LIST List files NLST List file description SITE Locate a parameter SYST Display system parameters STAT State HELP Help NOOP No operation XCUP Extension command the same meaning as CUP XCWD Extension command the same meaning as CWD XMKD Extension command the same meaning as MKD XPWD Extension command the same meaning as PWD XRMD Extension com...

Page 1091: ... the directory before you delete a directory For the deletion of files refer to the delete command z After you execute the rmdir command successfully the files in the remote recycle bin under the directory will be automatically deleted Examples Delete the temp1 directory from the authorized directory on the FTP server ftp rmdir temp1 200 RMD command successful user Syntax user username password Vi...

Page 1092: ...n ftp verbose Syntax verbose undo verbose View FTP client view Default Level 3 Manage level Parameters None Description Use the verbose command to enable the protocol information function to display detailed prompt information Use the undo verbose command to disable the protocol information function By default the protocol information function is enabled Examples Enable the protocol information fu...

Page 1093: ...operation ftp verbose FTP verbose is on ftp get startup cfg aa cfg 227 Entering Passive Mode 192 168 1 46 5 85 125 ASCII mode data connection already open transfer starting for startup cfg 226 Transfer complete FTP 3608 byte s received in 0 193 second s 18 00K byte s sec ...

Page 1094: ...uration command to display the configuration information of the TFTP client Related commands tftp client source Examples Display the current configuration information of the TFTP client Sysname display tftp client configuration The source IP address is 192 168 0 123 Currently this command displays the configured source IP address or source interface of the TFTP client tftp server acl Syntax tftp s...

Page 1095: ... information about ACL refer to ACL Configuration in the Security Volume Examples In IPv4 networking environment allow the device to access the TFTP server with the IP address of 1 1 1 1 only Sysname system view Sysname acl number 2000 Sysname acl basic 2000 rule permit source 1 1 1 1 0 Sysname acl basic 2000 quit Sysname tftp server acl 2000 In IPv6 networking environment allow the device to acce...

Page 1096: ...aved using the same name as that on the remote FTP server to the current working directory of the user namely the working directory where the tftp command is executed z The priority of the source address specified with this command is higher than that specified with the tftp client source command If you use the tftp client source command to specify the source address first and then with the tftp c...

Page 1097: ...de Downloading file from remote TFTP server please wait TFTP 2737556 bytes received in 14 second s File downloaded successfully Download the BIN file from the TFTP server to the root directory on the flash of the slave tftp client source Syntax tftp client source interface interface type interface number ip source ip address undo tftp client source View System view Default Level 2 System level Par...

Page 1098: ...configuration Examples Specify the source IP address of the TFTP client as 2 2 2 2 Sysname system view Sysname tftp client source ip 2 2 2 2 Specify the source interface of the TFTP client as Vlan interface 1 Sysname system view Sysname tftp client source interface vlan interface 1 tftp ipv6 Syntax tftp ipv6 tftp ipv6 server i interface type interface number get put source file destination file Vi...

Page 1099: ...rver This command applies to IPv6 networks Examples Download filetoget txt from the TFTP server Sysname tftp ipv6 fe80 250 daff fe91 e058 i vlan interface 1 get filetoget txt File will be transferred in binary mode Downloading file from remote TFTP server please wait TFTP 411100 bytes received in 2 second s File downloaded successfully ...

Page 1100: ...TP Sysname display ip http HTTP port 80 Basic ACL 2222 Current connection 0 Operation status Running Table 8 1 display ip http command output description Field Description HTTP port Port number used by the HTTP service Basic ACL A basic ACL number associated with the HTTP service Current connection The number of current connections Operation status Operation status which takes the following values...

Page 1101: ...is associated with an ACL only the clients permitted by the ACL can access the device Related commands acl number in ACL Commands in the Security Volume Examples Configure to associate the HTTP service with ACL 2001 and only allow the clients within the 10 10 0 0 16 network segment to access the device through the Web function Sysname system view Sysname acl number 2001 Sysname acl basic 2001 rule...

Page 1102: ...number undo ip http port View System view Default Level 3 Manage level Parameters port number Port number of the HTTP service in the range 1 to 65535 Description Use the ip http port command to configure the port number of the HTTP service Use the undo ip http port command to restore the default By default the port number of the HTTP service is 80 Note that this command does not check whether the ...

Page 1103: ...r policy test Certificate access control policy Basic ACL 2222 Current connection 0 Operation status Running Table 9 1 display ip https command output description Field Description HTTPS port Port number used by the HTTPS service SSL server policy The SSL server policy associated with the HTTPS service Certificate access control policy The certificate attribute access control policy associated wit...

Page 1104: ...e HTTPS service is not associated with any ACL After the HTTPS service is associated with an ACL only the clients permitted by the ACL can access the device Related commands acl number in ACL Commands in the Security Volume Examples Associate the HTTPS service with ACL 2001 and only allow the clients within the 10 10 0 0 16 network segment to access the HTTPS server through the Web function Sysnam...

Page 1105: ...ess control policy can control the access rights of clients Related commands pki certificate access control policy In PKI Commands in the Security Volume Examples Associate the HTTPS server to certificate attribute access control policy myacl Sysname system view Sysname ip https certificate access control policy myacl ip https enable Syntax ip https enable undo ip https enable View System view Def...

Page 1106: ...ew Sysname ip https enable ip https port Syntax ip https port port number undo ip https port View System view Default Level 3 Manage level Parameters port number Port number of the HTTPS service in the range 1 to 65535 Description Use the ip https port command to configure the port number of the HTTPS service Use the undo ip https port command to restore the default By default the port number of t...

Page 1107: ...rver end policy By default the HTTPS service is not associated with any SSL server end policy Note that z The HTTPS service can be enabled only after this command is configured successfully z You cannot modify an SSL server end policy or remove the association between the HTTPS service and an SSL server end policy after the HTTS service is enabled Related commands ssl server policy in SSL Commands...

Page 1108: ... the information of communities with read and write access right Description Use the display snmp agent community command to display community information for SNMPv1 or SNMPv2c Examples Display the information of all the communities that have been configured Sysname display snmp agent community Community name aa Group name aa Acl 2001 Storage type nonVolatile Community name bb Group name bb Storag...

Page 1109: ...s that matches the ACL rule can access the device Storage type Storage type which could be z volatile Information will be lost if the system is rebooted z nonVolatile Information will not be lost if the system is rebooted z permanent Information will not be lost if the system is rebooted Modification is permitted but deletion is forbidden z readOnly Information will not be lost if the system is re...

Page 1110: ...notify MIB view associated with the SNMP group the view with entries that can generate traps Storage type Storage type which includes volatile nonVolatile permanent readOnly and other For detailed information refer to Table 10 1 display snmp agent local engineid Syntax display snmp agent local engineid View Any view Default Level 1 Monitor level Parameters None Description Use the display snmp age...

Page 1111: ...y snmp agent mib view command to display MIB view information Absence of parameters indicates that information for all MIB views will be displayed Examples Display all SNMP MIB views of the device Sysname display snmp agent mib view View name ViewDefault MIB Subtree iso Subtree mask Storage type nonVolatile View Type included View status active View name ViewDefault MIB Subtree snmpUsmMIB Subtree ...

Page 1112: ...ed z Included indicates that all nodes of the MIB tree are included in current view namely you are allowed to access all the MIB objects of the subtree z Excluded indicates that none of the nodes of the MIB tree are included in current view namely you are allowed to access none of the MIB objects of the subtree View status The status of MIB view display snmp agent statistics Syntax display snmp ag...

Page 1113: ...h used a SNMP community name not known Number of packets that use an unknown community name Messages which represented an illegal operation for the community supplied Number of packets carrying an operation that the community has no right to perform ASN 1 or BER errors in the process of decoding Number of packets with ASN 1 or BER errors in the process of decoding Messages passed from the SNMP ent...

Page 1114: ... snmp agent sys info contact location version View Any view Default Level 1 Monitor level Parameters contact Displays the contact information of the current network administrator location Displays the location information of the current device version Displays the version of the current SNMP agent Description Use the display snmp agent sys info command to display the current SNMP system informatio...

Page 1115: ...ommands snmp agent trap life snmp agent trap queue size Examples Display the current configuration and usage of the trap queue Sysname display snmp agent trap queue Queue name SNTP Queue size 100 Message number 6 Table 10 5 display snmp agent trap queue command output description Field Description Queue name Trap queue name Queue size Trap queue size Message number Number of traps in the current t...

Page 1116: ... is allowed to generate traps whereas disable indicates the module is not allowed to generate traps You can configure the trap function enable or disable of each module through command lines display snmp agent usm user Syntax display snmp agent usm user engineid engineid username user name group group name View Any view Default Level 1 Monitor level Parameters engineid engineid Displays SNMPv3 use...

Page 1117: ...tity Storage type Storage type which can be the following z volatile z nonvolatile z permanent z readOnly z other See Table 10 1 for details UserStatus SNMP user status enable snmp trap updown Syntax enable snmp trap updown undo enable snmp trap updown View Interface view Default Level 2 System level Parameters None Description Use the enable snmp trap updown command to enable the trap function fo...

Page 1118: ...bitEthernet 1 0 1 and use the community name public Sysname system view Sysname snmp agent trap enable Sysname snmp agent target host trap address udp domain 10 1 1 1 params securityname public Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 enable snmp trap updown snmp agent Syntax snmp agent undo snmp agent View System view Default Level 3 Manage level Parameters None Descri...

Page 1119: ...ext authentication password In this case the authentication protocol must be MD5 Or this algorithm can convert the plain text encryption password to a cipher text encryption password In this case the authentication protocol must be MD5 and the encryption algorithm can be either AES or DES when the authentication protocol is specified as MD5 cipher text passwords are the same by using the encryptio...

Page 1120: ... community read write community name View System view Default Level 3 Manage level Parameters read Indicates that the community has read only access right to the MIB objects that is the NMS can perform read only operations when it uses this community name to access the agent write Indicates that the community has read and write access right to the MIB objects that is the NMS can perform read and w...

Page 1121: ...P version on the NMS to SNMPv1 or SNMPv2c z Fill in the read only community name readaccess z Establish a connection and the NMS can perform read only operations to the MIB objects in the ViewDefault view on the device Create a community with the name of writeaccess allowing only the NMS with the IP address of 1 1 1 1 to configure the values of the agent MIB objects by using this community name ot...

Page 1122: ...ntication and privacy read view read view Read view a string of 1 to 32 characters The default read view is ViewDefault write view write view Write view a string of 1 to 32 characters By default no write view is configured namely the NMS cannot perform the write operations to all MIB objects on the device notify view notify view Notify view for sending traps a string of 1 to 32 characters By defau...

Page 1123: ...ngine ID By default the engine ID of a device is the combination of company ID and device ID Device ID varies by product it could be an IP address a MAC address or a self defined string of hexadecimal numbers An engine ID has two functions z For all devices managed by one NMS each device needs a unique engine ID to identify the SNMP agent By default each device has an engine ID The network adminis...

Page 1124: ... command to restore the default By default SNMP logging is disabled If specified SNMP logging is enabled when the NMS performs a specified operation to the SNMP agent the latter records the operation related information and saves it to the information center With parameters for the information center set output rules of the SNMP logs are decided that is whether logs are permitted to output and the...

Page 1125: ...odes of a MIB subtree that is the access to all nodes of this MIB subtree is permitted or may exclude all nodes of a MIB subtree that is the access to all nodes of this MIB subtree is forbidden You can use the display snmp agent mib view command to view the access right of the default view Also you can use the undo snmp agent mib view command to remove the default view after that however you may n...

Page 1126: ...agent you can use the command to configure the maximum SNMP packet size and thus to prevent giant packets from being discarded Typically you are recommended to apply the default value Examples Configure the maximum size of the SNMP packets that can be received or sent by the SNMP agent as 1 042 bytes Sysname system view Sysname snmp agent packet max size 1042 snmp agent sys info Syntax snmp agent ...

Page 1127: ...evice will drop the received SNMPv1 packets To enable the device to communicate with different NMSs you can enable SNMP of different versions on a device Related commands display snmp agent sys info Network maintenance engineers can use the system contact information to get in touch with the manufacturer in case of network failures The system location information is a management variable under the...

Page 1128: ...security model to be authentication with privacy Privacy is to encrypt the data part of a packet to prevent it from being intercepted You need to configure the authentication password and privacy password when creating an SNMPv3 user Description Use the snmp agent target host command to configure the related settings for a trap target host Use the undo snmp agent target host command to remove the ...

Page 1129: ...tart traps when the SNMP restarts system Sends 3Com SYS MAN MIB a private MIB traps Description Use the snmp agent trap enable command to enable the trap function globally Use the undo snmp agent trap enable command to disable the trap function globally By default the trap function of other modules is enabled Only after the trap function is enabled can each module generate corresponding traps Note...

Page 1130: ...nkUp trap is in the following format Apr 24 11 43 09 896 2008 Sysname IFNET 4 INTERFACE UPDOWN Trap 1 3 6 1 6 3 1 1 5 4 linkUp Interface 983555 is Up ifAdminStatus is 1 ifOperStatus is 1 ifDescr is GigabitEthernet1 0 1 ifType is 6 z A standard linkDown trap is in the following format Apr 24 11 47 35 224 2008 Sysname IFNET 4 INTERFACE UPDOWN Trap 1 3 6 1 6 3 1 1 5 3 linkDown Interface 983555 is Dow...

Page 1131: ...e of traps in the queue By default the holding time of SNMP traps in the queue is 120 seconds The SNMP module sends traps in queues As soon as the traps are saved in the trap queue a timer is started If traps are not sent out until the timer times out namely the holding time configured by using this command expires the system removes the traps from the trap sending queue Related commands snmp agen...

Page 1132: ...trap sending queue to 200 Sysname system view Sysname snmp agent trap queue size 200 snmp agent trap source Syntax snmp agent trap source interface type interface number undo snmp agent trap source View System view Default Level 3 Manage level Parameters interface type interface number Specifies the interface type and interface number Description Use the snmp agent trap source command to specify t...

Page 1133: ...ment If the agent and the NMS use SNMPv2c packets to communicate with each other this keyword is needed user name User name a string of 1 to 32 characters It is case sensitive group name Group name a string of 1 to 32 characters It is case sensitive acl acl number Associates a basic ACL with the user acl number is in the range 2000 to 2999 By using a basic ACL you can restrict the source IP addres...

Page 1134: ...01 rule deny source any Sysname acl basic 2001 quit Sysname snmp agent sys info version v2c Sysname snmp agent group v2c readCom Sysname snmp agent usm user v2c userv2c readCom acl 2001 z Set the IP address of the NMS to 1 1 1 1 z Set the SNMP version on the NMS to SNMPv2c z Fill in both the read community and write community options with userv2c and then the NMS can access the agent snmp agent us...

Page 1135: ...des56 keyword is specified priv password is a string of 40 hexadecimal characters acl acl number Associates a basic ACL with the user acl number is in the range 2000 to 2999 By using a basic ACL you can restrict the source IP address of SNMP packets that is you can configure to allow or prohibit SNMP packets with a specific source IP address so as to allow or prohibit the specified NMS to access t...

Page 1136: ...in text password when you create a user Related commands snmp agent calculate password snmp agent group snmp agent usm user v1 v2c Examples Add a user testUser to the SNMPv3 group testGroup Configure the security model as authentication without privacy the authentication protocol as MD5 the plain text authentication password as authkey Sysname system view Sysname snmp agent group v3 testGroup auth...

Page 1137: ...ssword authkey mode md5 local engineid The secret key is 09659EC5A9AE91BA189E5845E1DDE0CC Sysname snmp agent calculate password prikey mode md5 local engineid The secret key is 800D7F26E786C4BECE61BF01E0A22705 Sysname snmp agent usm user v3 testUser testGroup cipher authentication mode md5 09659EC5A9AE91BA189E5845E1DDE0CC privacy mode des56 800D7F26E786C4BECE61BF01E0A22705 z Set the SNMP version o...

Page 1138: ...an select matched 3Com network management software based on the MIB style Related commands mib style Examples After getting the device ID from node sysObjectID you find that it is an 3Com device and hope to know the current MIB style or the MIB style after next boot of the device Sysname display mib style Current MIB style new Next reboot MIB style new The above output information indicates that t...

Page 1139: ...ated under the 3Com enterprise ID 25506 and private MIB is located under the enterprise ID 2011 Description Use the mib style command to set the MIB style of the device By default the MIB style of the device is new Note that the configuration takes effect only after the device reboots Examples Modify the MIB style of the device as compatible Sysname system view Sysname mib style compatible Sysname...

Page 1140: ...mmands rmon alarm Examples Display the configuration of all RMON alarm table entries Sysname display rmon alarm AlarmEntry 1 owned by user1 is VALID Samples type absolute Variable formula 1 3 6 1 2 1 16 1 1 1 4 1 etherStatsOctets 1 Sampling interval 10 sec Rising threshold 50 linked with event 1 Falling threshold 5 linked with event 2 When startup enables risingOrFallingAlarm Latest value 0 Table ...

Page 1141: ...ode alarmRisingThreshold Falling threshold Alarm falling threshold When the sampling value is smaller than or equal to this threshold a falling alarm is triggered corresponding to the MIB node alarmFallingThreshold When startup enables How an alarm can be triggered corresponding to the MIB node alarmStartupAlarm Latest value The last sampled value corresponding to the MIB node alarmValue display r...

Page 1142: ...esponding rmon commands corresponding to the MIB node eventStatus Description Description for the event corresponding to the MIB node eventDescription cause log trap when triggered The actions that the system will take when the event is triggered z none The system will take no action z log The system will log the event z snmp trap The system will send a trap to the NMS z log and trap The system wi...

Page 1143: ...LogEntry Event log entry corresponding to the MIB node logIndex owned by Owner of the entry corresponding to the MIB node eventOwner VALID Status of the entry identified by the index VALID means the entry is valid and UNDERCREATION means invalid You can use the display rmon command to view the invalid entry while with the display current configuration and display this commands you cannot view the ...

Page 1144: ...ay rmon history GigabitEthernet 1 0 1 HistoryControlEntry 1 owned by null is VALID Samples interface GigabitEthernet1 0 1 ifIndex 1 Sampling interval 10 sec with 5 buckets max Sampled values of record 1 dropevents 0 octets 0 packets 0 broadcast packets 0 multicast packets 0 CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampled values...

Page 1145: ...tion of an interface periodically buckets max The maximum number of history table entries that can be saved corresponding to the MIB node historyControlBucketsGranted If the specified value of the buckets argument exceeds the history table size supported by the device the supported history table size is displayed If the current number of the entries in the table has reached the maximum number the ...

Page 1146: ...ing packets received during the sampling period corresponding to the MIB node etherHistoryCollisions utilization Bandwidth utilization during the sampling period corresponding to the MIB node etherHistoryUtilization display rmon prialarm Syntax display rmon prialarm entry number View Any view Default Level 1 Monitor level Parameters entry number Private alarm entry index in the range 1 to 65535 If...

Page 1147: ...val Sampling interval in seconds The system performs absolute sample or delta sample to sampling variables according to the sampling interval Rising threshold Alarm rising threshold An event is triggered when the sampled value is greater than or equal to this threshold Falling threshold Alarm falling threshold An event is triggered when the sampled value is less than or equal to this threshold lin...

Page 1148: ...ns invalid You can use the display rmon command to view the invalid entry while with the display current configuration and display this commands you cannot view the corresponding rmon commands corresponding to the MIB node etherStatsStatus Interface Interface on which statistics are gathered corresponding to the MIB node etherStatsDataSource etherStatsOctets Number of octets received and sent by t...

Page 1149: ...uring the statistical period Hardware support is needed for the statistics If the hardware does not support the function all statistics are displayed as 0 in which z Information of the field 64 corresponds to the MIB node etherStatsPkts64Octets z Information of the field 65 127 corresponds to the MIB node etherStatsPkts65to127Octets z Information of the field 128 255 corresponds to the MIB node et...

Page 1150: ...esents the falling threshold in the range 2 147 483 648 to 2 147 483 647 and event entry2 represents the index of the event triggered when the falling threshold is reached event entry2 ranges from 1 to 65 535 owner text Owner of the entry a string of 1 to 127 characters It is case sensitive and space is supported Description Use the rmon alarm command to create an entry in the RMON alarm table Use...

Page 1151: ... 3 6 1 2 1 16 1 1 1 4 1 where 1 indicates the serial number of the interface statistics entry Therefore if you execute the rmon statistics 5 command you can use etherStatsOctets 5 to replace the parameter The above configuration implements the following z Sampling and monitoring interface GigabitEthernet 1 0 1 z Obtaining the absolute value of the number of received packets If the total bytes of t...

Page 1152: ...guration the system can log the event send a trap do both or do neither at all Related commands display rmon event rmon alarm rmon prialarm z When you create an entry if the values of the specified event description description string event type log trap logtrap or none and community name trap community or log trapcommunity are identical to those of the existing event entry the system considers th...

Page 1153: ... sampling period When you create an entry in the history table if the specified history table size exceeds that supported by the device the entry will be created However the validated value of the history table size corresponding to the entry is that supported by the device You can use the display rmon history command to view the configuration result z When you create an entry if the value of the ...

Page 1154: ... and event entry1 represents the index of the event triggered when the rising threshold is reached event entry1 ranges from 0 to 65 535 with 0 meaning no corresponding event is triggered and no event action is taken when an alarm is triggered falling threshold threshold value2 event entry2 Sets the falling threshold where threshold value2 represents the falling threshold in the range 2 147 483 648...

Page 1155: ...lling threshold of 5 corresponds to event 2 but neither log it nor send a trap Set the lifetime of the entry to forever and owner to user1 Sysname system view Sysname rmon event 1 log Sysname rmon event 2 none Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 rmon statistics 1 Sysname GigabitEthernet1 0 1 quit Sysname rmon prialarm 1 1 3 6 1 2 1 16 1 1 1 6 1 100 1 3 6 1 2 1 16 1...

Page 1156: ... continuously calculates the information of the interface It provides statistics about network collisions CRC alignment errors undersize oversize packets broadcasts multicasts bytes received packets received bytes sent packets sent and so on The statistics are cleared after the device reboots To display information for the RMON statistics table use the display rmon statistics command z Only one st...

Page 1157: ... whose destination MAC addresses match destination blackhole MAC address entries are dropped vlan vlan id Displays MAC address entries of the specified VLAN where vlan id is in the range 1 to 4094 count Displays the total number of MAC addresses in the MAC address table mac address Displays MAC address entries in a specified MAC address in the format of H H H dynamic Displays dynamic MAC address e...

Page 1158: ...fig static static entry configured by the user manually z Config dynamic dynamic entry configured by the user manually z Learned entry learned by the device z Blackhole destination blackhole entry z Source Blackhole source blackhole entry PORT INDEX Number of the port corresponding to the MAC address that is packets destined to this MAC address will be sent out from this port Displayed as N A for ...

Page 1159: ...ress in the format of H H H where 0s at the beginning of each H 16 bit hexadecimal digit can be omitted for example inputting f e2 1 indicates that the MAC address is 000f 00e2 0001 vlan vlan id Specifies an existing VLAN to which the Ethernet interface belongs where vlan id is the specified VLAN ID in the range 1 to 4094 Description Use the mac address command to add or modify a MAC address entry...

Page 1160: ... packets whose destination MAC addresses match destination blackhole MAC address entries are dropped mac address Specifies a MAC address in the format of H H H where 0s at the beginning of each H 16 bit hexadecimal digit can be omitted for example inputting f e2 1 indicates that the MAC address is 000f 00e2 0001 vlan vlan id Specifies an existing VLAN to which the Ethernet interface belongs where ...

Page 1161: ...rameters None Description Use the mac address mac learning disable command to disable MAC address learning on a VLAN Use the undo mac address mac learning disable command to enable MAC address learning on a VLAN By default MAC address learning is enabled on all VLANs Note that z You may need to disable MAC address learning sometimes to prevent the MAC address table from being saturated for example...

Page 1162: ...igure the maximum number of MAC addresses that can be learned on an Ethernet port Use the undo mac address max mac count command to restore the default maximum number of MAC addresses that can be learned on an Ethernet port By default the maximum number of MAC addresses that can be learned on an Ethernet port is not configured If the command is executed in interface view the configuration takes ef...

Page 1163: ...igure the aging timer for dynamic MAC address entries Use the undo mac address timer command to restore the default By default the default aging timer is 300 seconds Set the aging timer appropriately a long aging interval may cause the MAC address table to retain outdated entries and fail to accommodate the latest network changes a short interval may result in removal of valid entries and hence un...

Page 1164: ...s learned on the Ethernet port deleted Enables the device to record security information when an existing MAC address is deleted Description Use the mac address information enable command to enable MAC Information on the Layer 2 Ethernet interface Use the undo mac address information enable command to disable MAC Information on the Layer 2 Ethernet interface By default MAC Information is disabled ...

Page 1165: ... to enable MAC Information globally Use the undo mac address information enable command to disable MAC Information globally By default MAC Information is disabled globally Examples Enable MAC Information globally Sysname system view Sysname mac address information enable mac address information interval Syntax mac address information interval value undo mac address information interval View System...

Page 1166: ...rs syslog Specifies that the device sends Syslog messages to inform the remote network management device of MAC address changes trap Specifies that the device sends trap messages to inform the remote network management device of MAC address changes Description Use the mac address information mode command to set the MAC Information mode that is whether to use Syslog messages or Trap messages to inf...

Page 1167: ...command to set the MAC Information queue length Use the undo mac address information queue length command to restore the default By default the MAC Information queue length is 50 Setting the MAC Information queue length to 0 indicates that the device sends a Syslog or Trap message to the network management device as soon as a new MAC address is learned or an existing MAC address is deleted Example...

Page 1168: ...P echo request sending interface by its type and number m interval Specifies the interval in milliseconds to send an ICMP echo response in the range 1 to 65535 The default value is 200 ms z If a response from the destination is received within the timeout time the interval to send the next echo request equals the actual response period plus the value of interval z If no response from the destinati...

Page 1169: ...f the destination device Description Use the ping command to verify whether the destination device in an IP network is reachable and to display the related statistics Note that z You must use the command in the form of ping ip ip instead of ping ip if the destination name is a key word such as ip z Only the directly connected segment address can be pinged if the outgoing interface is specified wit...

Page 1170: ... to be displayed Sysname ping r 3 3 3 2 PING 3 3 3 2 56 data bytes press CTRL_C to break Reply from 3 3 3 2 bytes 56 Sequence 1 ttl 255 time 2 ms Record Route 3 3 3 2 3 3 3 1 Reply from 3 3 3 2 bytes 56 Sequence 2 ttl 255 time 1 ms Record Route 3 3 3 2 3 3 3 1 Reply from 3 3 3 2 bytes 56 Sequence 3 ttl 255 time 1 ms Record Route 3 3 3 2 3 3 3 1 Reply from 3 3 3 2 bytes 56 Sequence 4 ttl 255 time 2...

Page 1171: ... 1 5 ping statistics Statistics on data received and sent in the ping operation 5 packet s transmitted Number of ICMP echo requests sent 5 packet s received Number of ICMP echo requests received 0 00 packet loss Percentage of packets not responded to the total packets sent round trip min avg max 0 4 20 ms Minimum average maximum response time in ms ping ipv6 Syntax ping ipv6 a source ipv6 c count ...

Page 1172: ...o verify whether an IPv6 address is reachable and display the corresponding statistics You must use the command in the form of ping ipv6 ipv6 instead of ping ipv6 if the destination name is an ipv6 name During the execution of the command you can press Ctrl C to abort the ping ipv6 operation Examples Verify whether the IPv6 address 2001 1 is reachable Sysname ping ipv6 2001 1 PING 1 2 56 data byte...

Page 1173: ...n instance name Specifies the name of an MPLS VPN instance which is a string of 1 to 31 characters w timeout Specifies the timeout time of the reply packet of a probe packet in the range 1 to 65535 in milliseconds The default value is 5000 ms remote system IP address or host name a string of 1 to 20 characters of the destination device Description Use the tracert command to trace the path the pack...

Page 1174: ...current device to the device whose IP address is 18 26 0 115 30 hops max Maximum number of hops of the probe packets which can be set through the m keyword 60 bytes packet Number of bytes of a probe packet press CTRL_C to break During the execution of the command you can press Ctrl C to abort the tracert operation 1 128 3 112 1 10 ms 10 ms 10 ms The probe result of the probe packets whose TTL is 1...

Page 1175: ...racters Description Use the tracert ipv6 command to view the path the IPv6 packets traverse from the source to the destination device After having identified network failure with the ping command you can use the tracert command to determine the failed node s Output information of the tracert ipv6 command includes IPv6 addresses of all the Layer 3 devices the packets traverse from the source to the...

Page 1176: ...ing information may degrade system efficiency so you are recommended to enable the debugging of a specific module for diagnosing network failure and not to enable the debugging of multiple modules at the same time z Default Level describes the default level of the debugging all command Different debugging commands may have different default levels z You must configure the debugging terminal debugg...

Page 1177: ...dule name Description Use the display debugging command to display enabled debugging functions Related commands debugging Examples Display all enabled debugging functions Sysname display debugging IP packet debugging is on ...

Page 1178: ...uld be a default name or a self defined name The user needs to specify a channel name first before using it as a self defined channel name For more information refer to the info center channel name command Table 16 1 Information channels for different output destinations Output destination Information channel number Default channel name Console 0 console Monitor terminal 1 monitor Log host 2 logho...

Page 1179: ...the current channel belongs NAME The name of the module to which the information permitted to pass through the current channel belongs Default means all modules are allowed to output system information but the module type varies with devices ENABLE Indicates whether to enable or disable the output of log information which could be Y or N LOG_LEVEL The severity of log information refer to Table 16 ...

Page 1180: ...bug date loghost date Table 16 3 display info center command output description Field Description Information Center The current state of the information center which could be enabled or disabled Log host 2 2 2 2 channel number 8 channel name channel8 host facility local7 Configurations on the log host destination It can be displayed only when the info center loghost command is configured includin...

Page 1181: ...number of messages the number of dropped messages the number of messages that have been overwritten and the channel number and channel name used Information timestamp setting The timestamp configurations specifying the timestamp format for log trap debug and log host information display logbuffer Syntax display logbuffer reverse level severity size buffersize slot slot number begin exclude include...

Page 1182: ...ays the lines that match the regular expression regular expression Regular expression a string of 1 to 256 characters Note that this argument is case sensitive and can have spaces included Description Use the display logbuffer command to display the state of the log buffer and the log information recorded Absence of the size buffersize argument indicates that all log information recorded in the lo...

Page 1183: ... Displays the summary of the log buffer where severity represents information level in the range 0 to 7 slot slot number Displays the summary of the log buffer of the specified device If the device is in an IRF stack the slot number argument represents the member ID of the device if the device is not in any IRF stack the slot number argument represents the device ID Description Use the display log...

Page 1184: ...t the top If this keyword is not specified trap entries will be displayed chronologically with the oldest entry at the top size buffersize Displays specified number of the latest trap messages in a trap buffer where buffersize represents the number of the latest trap messages in a trap buffer in the range 1 to 1 024 Description Use the display trapbuffer command to display the state and the trap i...

Page 1185: ...l name The channel name of the trap buffer defaults to trapbuffer Dropped messages The number of dropped messages Overwritten messages The number of overwritten messages when the buffer size is not big enough to hold all messages the latest messages overwrite the old ones Current messages The number of the current messages enable log updown Syntax enable log updown undo enable log updown View Inte...

Page 1186: ... name a string of 1 to 30 characters It must be a combination of letters and numbers and start with a letter and is case insensitive Description Use the info center channel name command to name a channel with a specified channel number Use the undo info center channel command to restore the default name for a channel with a specified channel number Refer to Table 16 1 for details of default channe...

Page 1187: ...bled with channel 0 as the default channel known as console Note that the info center console channel command takes effect only after the information center is enabled first with the info center enable command Examples Set channel 0 to output system information to the console Sysname system view Sysname info center console channel 0 info center enable Syntax info center enable undo info center ena...

Page 1188: ...g buffer in the range 0 to 1 024 with 512 as the default value Description Use the info center logbuffer command to enable information output to a log buffer and set the corresponding parameters Use the undo info center logbuffer command to disable information output to a log buffer By default information is output to the log buffer with the default channel of channel 4 logbuffer and the default b...

Page 1189: ...g host and to configure the related parameters Use the undo info center loghost command to restore the default configurations on a log host By default output of system information to the log host is disabled When it is enabled the default channel name will be loghost and the default channel number will be 2 Note that z The info center loghost command takes effect only after the information center ...

Page 1190: ...ly after the information center is enabled with the info center enable command z The IP address of the specified source interface must be configured otherwise although the info center loghost source command can be configured successfully the log host will not receive any log information Examples By default the log information in the following format is displayed on the log host 188 Jul 22 05 58 06...

Page 1191: ...mation to the monitor is enabled with a default channel name of monitor and a default channel number of 1 Note that the info center monitor channel command takes effect only after the information center is enabled with the info center enable command Examples Output system information to the monitor through channel 0 Sysname system view Sysname info center monitor channel 0 info center snmp channel...

Page 1192: ...channel channel number channel name View System view Default Level 2 System level Parameters module name Specifies the output rules of the system information of the specified modules For instance if information on ARP module is to be output you can configure this argument as ARP You can use the info center source command to view the modules supported by the device default Specifies the output rule...

Page 1193: ...words the default output rules for the module are as follows the output of log and trap information is enabled with severity being informational the output of debugging information is disabled with severity being debug For example if you execute the command info center source snmp channel 5 the command is actually equal to the command info center source snmp channel 5 debug level debugging state o...

Page 1194: ... Log information of other modules cannot be output to this channel other types of information of this module may or may not be output to this channel Sysname system view Sysname info center source default channel snmpagent log state off Sysname info center source vlan channel snmpagent log level emergencies state on Set the output channel for the log information of VLAN module to snmpagent and to ...

Page 1195: ...ous Info center synchronous output is on Sysname display interface gigabitethe At this time the system receives log messages and it then displays the log messages first After the system displays all the log messages it displays the user s previous input which is display interface gigabitethe in this example Apr 29 08 12 44 71 2007 Sysname IFNET 4 LINK UPDOWN GigabitEthernet1 0 1 link status is UP ...

Page 1196: ...21990989 equals Jun 25 14 09 26 881 2007 date The current system date and time in the format of Mmm dd hh mm ss sss yyyy z Mmm The abbreviations of the months in English which could be Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov or Dec z dd The date starting with a space if less than 10 for example 7 z hh mm ss sss The local time with hh ranging from 00 to 23 mm and ss ranging from 00 to 59 and ss...

Page 1197: ... info center timestamp loghost Syntax info center timestamp loghost date no year date none undo info center timestamp loghost View System view Default Level 2 System level Parameters date Indicates the current system date and time in the format of Mmm dd hh mm ss ms yyyy However the display format depends on the log host no year date Indicates the current system date and time year exclusive none I...

Page 1198: ...he info center channel name command Description Use the info center trapbuffer command to enable information output to the trap buffer and set the corresponding parameters Use the undo info center trapbuffer command to disable information output to the trap buffer By default information output to the trap buffer is enabled with channel 3 trapbuffer as the default channel and a maximum buffer size ...

Page 1199: ... trapbuffer Syntax reset trapbuffer View User view Default Level 3 Manage level Parameters None Description Use the reset trapbuffer command to reset the trap buffer contents Examples Reset the trap buffer contents Sysname reset trapbuffer terminal debugging Syntax terminal debugging undo terminal debugging View User view Default Level 1 Monitor level Parameters None ...

Page 1200: ...connection is established the display of debugging information on the terminal restores the default Examples Enable the display of debugging information on the current terminal Sysname terminal debugging Current terminal debugging is on terminal logging Syntax terminal logging undo terminal logging View User view Default Level 1 Monitor level Parameters None Description Use the terminal logging co...

Page 1201: ...l monitor command to disable the monitoring of system information on the current terminal By default monitoring of the system information on the console is enabled and that on the monitor terminal is disabled Note that z You need to configure the terminal monitor command before you can display the log trap and debugging information z Configuration of the undo terminal monitor command automatically...

Page 1202: ...ion on the current terminal is enabled Note that z The trap information is displayed using the terminal trapping command only after the monitoring of system information is enabled on the current terminal first using the terminal monitor command z The configuration of this command is valid for only the current connection between the terminal and the device If a new connection is established the dis...

Page 1203: ...Running Start Address 1 XXX002 0 1 1 0 0 0x4accf74 2 XXX 0 0 0 0 0 0x4accf74 Table 17 1 display patch information command output description Field Description The location of patches Patch file location You can configure it using the patch location command Slot Member ID Version Patch version The first three characters represent the suffix of the PATCH FLAG For example if the PATCH FLAG of the a d...

Page 1204: ...aries with the device model and can be displayed through the display irf command Description Use the patch active command to activate the specified patch namely the system will run the patch After you execute the command all the DEACTIVE patches before the specified patch number are activated Note that z The command is not applicable to patches in the DEACTIVE state z After a system reboot the ori...

Page 1205: ...G state Examples Stop running patch 3 and all the ACTIVE patches before patch 3 on the device with member ID being 1 Sysname system view Sysname patch deactive 3 slot 1 patch delete Syntax patch delete patch number slot slot number View System view Default Level 3 Manage level Parameters patch number Sequence number of a patch The valid values of this argument depend on the patch file used slot sl...

Page 1206: ...location patch load patch active and patch run The patches remain RUNNING after system reboot z Entering n or N All the specified patches are installed and turn to the ACTIVE state from IDLE This equals execution of the commands patch location patch load and patch active The patches turn to the DEACTIVE state after system reboot Note that z Before executing the command save the patch files to root...

Page 1207: ...e patch file on the storage medium Before using the command save the patch files to the root directories of the member devices storage media Examples Load the patch files for the device with member ID being 1 Sysname system view Sysname patch load slot 1 patch location Syntax patch location patch location View System view Default Level 3 Manage level Parameters patch location Specifies the patch f...

Page 1208: ...le used slot slot number Specifies a member device by its member ID The value range of this argument varies with the device model and can be displayed through the display irf command Description Use the patch run command to confirm the running of the specified patch and all the ACTIVE patches before the specified patch number With the slot keyword specified the command confirms the running state o...

Page 1209: ...default the advantage factor is 0 The evaluation of voice quality depends on users tolerance to voice quality and this factor should be taken into consideration For users with higher tolerance to voice quality you can use the advantage factor command to configure the advantage factor When the system calculates the ICPIF value this advantage factor is subtracted to modify ICPIF and MOS values and t...

Page 1210: ...ce test as g729a Sysname system view Sysname nqa entry admin test Sysname nqa admin test type voice Sysname nqa admin test voice codec type g729a data fill Syntax data fill string undo data fill View ICMP echo UDP echo UDP jitter voice test type view Default Level 2 System level Parameters string String used to fill a probe packet in the range 1 to 200 It is case sensitive Description Use the data...

Page 1211: ... 68 bytes of the data field of a UDP packet have some specific usage the configured character string is used to fill the remaining bytes in the UDP packet z In a voice test because the first 16 bytes of the data field of a UDP packet have some specific usage the configured character string is used to fill the remaining bytes in the UDP packet Examples Configure the string used to fill an ICMP echo...

Page 1212: ...0 bytes Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo data size 80 description any NQA test type view Syntax description text undo description View Any NQA test type view Default Level 2 System level Parameters text Descriptive string of a test group in the range 1 to 200 It is case sensitive Description Use the description ...

Page 1213: ... address for a test operation Use the undo destination ip command to remove the configured destination IP address By default no destination IP address is configured for a test operation Examples Configure the destination IP address of an ICMP echo test operation as 10 1 1 1 Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo desti...

Page 1214: ... a test group If these two arguments are not specified history records of all test groups are displayed admin name represents the name of the administrator who creates the NQA operation It is a string of 1 to 32 characters case insensitive operation tag represents the test operation tag It is a string of 1 to 32 characters case insensitive Description Use the display nqa history command to display...

Page 1215: ...tus value of test results including z Succeeded z Unknown error z Internal error z Timeout Time Time when the test is completed display nqa result Syntax display nqa result admin name operation tag View Any view Default Level 2 System level Parameters admin name operation tag Displays results of the last test of a test group If this argument is not specified results of the last tests of all test g...

Page 1216: ...uare sum 1189 Positive DS square sum 640 Min negative SD 8 Min negative DS 1 Max negative SD 24 Max negative DS 30 Negative SD number 4 Negative DS number 7 Negative SD sum 56 Negative DS sum 99 Negative SD average 14 Negative DS average 14 Negative SD square sum 946 Negative DS square sum 1495 One way results Max SD delay 22 Max DS delay 23 Min SD delay 7 Min DS delay 7 Number of SD delay 10 Numb...

Page 1217: ...n SD delay 0 Min DS delay 0 Number of SD delay 0 Number of DS delay 0 Sum of SD delay 0 Sum of DS delay 0 Square sum of SD delay 0 Square sum of DS delay 0 SD lost packet s 0 DS lost packet s 0 Lost packet s for unknown reason 1000 Voice scores MOS value 0 99 ICPIF value 87 Table 18 3 display nqa result command output description Field Description Destination IP address IP address of the destinati...

Page 1218: ...itter delays from source to destination Positive DS sum Sum of positive jitter delays from destination to source Positive SD average Average of positive jitter delays from source to destination Positive DS average Average of positive jitter delays from destination to source Positive SD square sum Square sum of positive jitter delays from source to destination Positive DS square sum Square sum of p...

Page 1219: ...ce Number of SD delay Number of delays from source to destination Number of DS delay Number of delays from destination to source Sum of SD delay Sum of delays from source to destination Sum of DS delay Sum of delays from destination to source Square sum of SD delay Square sum of delays from source to destination Square sum of DS delay Square sum of delays from destination to source SD lost packet ...

Page 1220: ...t test statistics NO 1 Destination IP address 192 168 1 42 Start time 2008 05 29 11 33 29 9 Life time 8 Send operation times 70 Receive response times 70 Min Max Average round trip time 1 63 19 Square Sum of round trip time 36330 Extended results Packet lost in test 0 Failures due to timeout 0 Failures due to disconnect 0 Failures due to no connection 0 Failures due to sequence error 0 Failures du...

Page 1221: ... 0 Failures due to no connection 0 Failures due to sequence error 0 Failures due to internal error 0 Failures due to other errors 0 Packet s arrived late 0 Voice results RTT number 0 Min positive SD 0 Min positive DS 0 Max positive SD 0 Max positive DS 0 Positive SD number 0 Positive DS number 0 Positive SD sum 0 Positive DS sum 0 Positive SD average 0 Positive DS average 0 Positive SD square sum ...

Page 1222: ... owing to internal errors Failures due to other errors Failures due to other errors Packet s arrived late Number of response packets received after a probe times out UDP jitter results UDP jitter test results available only in UDP jitter tests Voice results Voice test results available only in voice tests RTT number Number of response packets received Min positive SD Minimum positive jitter delay ...

Page 1223: ...tter delays from destination to source Negative SD square sum Square sum of negative jitter delays from source to destination Negative DS square sum Square sum of negative jitter delays from destination to source One way results Uni direction delay test result displayed on in a UDP Jitter or voice test Max SD delay Maximum delay from source to destination Max DS delay Maximum delay from destinatio...

Page 1224: ...nd to restore the default By default no file is specified Examples Specify the file to be transferred between the FTP server and the FTP client as config txt Sysname system view Sysname nqa entry admin test Sysname nqa admin test type ftp Sysname nqa admin test ftp filename config txt frequency Syntax frequency interval undo frequency View Any NQA test type view Default Level 2 System level Parame...

Page 1225: ... admin test type icmp echo Sysname nqa admin test icmp echo frequency 1000 history records Syntax history records number undo history records View Any NQA test type view Default Level 2 System level Parameters number Maximum number of history records that can be saved in a test group in the range 0 to 50 Description Use the history records command to configure the maximum number of history records...

Page 1226: ...est Examples Configure the HTTP version as 1 0 in an HTTP test Sysname system view Sysname nqa entry admin test Sysname nqa admin test type http Sysname nqa admin test http http version v1 0 next hop Syntax next hop ip address undo next hop View ICMP echo test type view Default Level 2 System level Parameters ip address IP address of the next hop Description Use the next hop command to configure t...

Page 1227: ...itive operation tag Specifies the tag of a test operation a string of 1 to 32 characters with excluded It is case insensitive all All NQA test groups Description Use the nqa command to create an NQA test group and enter NQA test group view Use the undo nqa command to remove the test group Note that if the test type has been configured for the test group you will directly enter NQA test type view w...

Page 1228: ...nqa agent max concurrent number undo nqa agent max concurrent View System view Default Level 2 System level Parameters number Maximum number of the tests that the NQA client can simultaneously perform in the range 1 to 5 The default value is 2 Description Use the nqa agent max concurrent command to configure the maximum number of tests that the NQA client can simultaneously perform Use the undo nq...

Page 1229: ...e duration of the test operation lifetime Duration of the test operation in seconds in the range 1 to 2147483647 forever Specifies that the tests are performed for a test group forever Description Use the nqa schedule command to configure the test start time and test duration for a test group Use the undo nqa schedule command to stop the test for the test group Note that z It is not allowed to ent...

Page 1230: ... view Default Level 2 System level Parameters get Obtains a file from the FTP server put Transfers a file to the FTP server Description Use the operation command to configure the FTP operation type Use the undo operation command to restore the default By default the FTP operation type is get Examples Configure the FTP operation type as put Sysname system view Sysname nqa entry admin test Sysname n...

Page 1231: ...ace number undo operation interface View DHCP test type view Default Level 2 System level Parameters interface type interface number Type and number of the interface that is performing a DHCP test Description Use the operation interface command to specify the interface to perform a DHCP test Use the undo operation interface command to restore the default By default no interface is specified to per...

Page 1232: ...ssword is configured for logging onto the FTP server Related commands username operation Examples Configure the password used for logging onto the FTP server as ftpuser Sysname system view Sysname nqa entry admin test Sysname nqa admin test type ftp Sysname nqa admin test ftp password ftpuser probe count Syntax probe count times undo probe count View DHCP DLSw FTP HTTP ICMP echo SNMP TCP UDP echo ...

Page 1233: ...cess is repeated until the specified probes are completed Note that this command is not supported in a voice test Only one probe can be made in a voice test Examples Configure the number of probes in an ICMP echo test as 10 Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Syaname nqa admin test icmp echo probe count 10 probe packet interval Syntax probe packet...

Page 1234: ...00 Description Use the probe packet number command to configure the number of packets sent in a UDP jitter probe or a voice probe Use the undo probe packet number command to restore the default By default the number of packets sent in a probe is 10 in a UDP jitter test and 1000 in a voice test Examples Configure the number of packets sent in a UDP jitter probe as 100 Sysname system view Sysname nq...

Page 1235: ...tter probe packet timeout 100 probe timeout Syntax probe timeout timeout undo probe timeout View DHCP DLSw FTP HTTP ICMP echo SNMP TCP UDP echo test type view Default Level 2 System level Parameters timeout Timeout time in a probe except UDP jitter probe in milliseconds For an FTP or HTTP probe the value range is 10 to 86400000 for a DHCP DLSw ICMP echo SNMP TCP or UDP echo probe the value range i...

Page 1236: ...pe Triggered action type defaulting to none none No actions trigger only Triggers collaboration between other modules only Description Use the reaction command to establish a collaboration entry to monitor the probe results of the current test group If the number of consecutive probe failures reaches the threshold collaboration with other modules is triggered Use the undo reaction command to remov...

Page 1237: ... send a trap indicating a probe failure to the network management server if the total number of probe failures in an NQA test is larger than or equal to cumulate probe failures For one test the trap is sent only when the test is completed cumulate probe failures is the total number of consecutive probe failures in a test in the range 1 to 15 Description Use the reaction trap command to configure t...

Page 1238: ... the routing table bypass function is disabled Note that after this function is enabled the routing table is not searched and the packet is directly sent to the destination in a directly connected network Examples Enable the routing table bypass function Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo route option bypass route...

Page 1239: ...probe requests Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo source interface vlan interface 2 source ip Syntax source ip ip address undo source ip View DLSw FTP HTTP ICMP echo SNMP TCP UDP echo UDP jitter voice test type view Default Level 2 System level Parameters ip address Source IP address of a test operation Descriptio...

Page 1240: ...rt View SNMP UDP echo UDP jitter voice test type view Default Level 2 System level Parameters port number Source port number for a test operation in the range 1 to 50000 Description Use the source port command to configure the source port of ICMP probe requests in a test operation Use the undo source port command to remove the configured port number By default no source port number is specified Ex...

Page 1241: ...this command is supported on all types of tests except DHCP tests Examples Configure the hold time of a statistics group as 3 minutes Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo statistics hold time 3 statistics max group Syntax statistics max group number undo statistics max group View DLSw FTP HTTP ICMP echo SNMP TCP UDP...

Page 1242: ... Parameters interval Interval for collecting statistics of the test results in minutes in the range 1 to 35791394 Description Use the statistics interval command to configure the interval for collecting statistics of the test results Use the undo statistics interval command to restore the default By default the interval is 60 minutes NQA puts the NQA tests completed in a certain interval into one ...

Page 1243: ...header of an NQA probe packet is 0 Examples Configure the ToS field in a IP packet header in an NQA probe packet as 1 Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo tos 1 ttl Syntax ttl value undo ttl View DLSw FTP HTTP ICMP echo SNMP TCP UDP echo UDP jitter voice test type view Default Level 2 System level Parameters value M...

Page 1244: ...test icmp echo ttl 16 type Syntax type dhcp dlsw ftp http icmp echo snmp tcp udp echo udp jitter voice View NQA test group view Default Level 2 System level Parameters dhcp DHCP test dlsw DLSw test ftp FTP test http HTTP test icmp echo ICMP echo test snmp SNMP test tcp TCP test udp echo UDP echo test udp jitter UDP jitter test voice Voice test Description Use the type command to configure the test...

Page 1245: ...not contain spaces Examples Configure the website that an HTTP test visits as index htm Sysname system view Sysname nqa entry admin test Sysname nqa admin test type http Sysname nqa admin test http url index htm username FTP test type view Syntax username username undo username View FTP test type view Default Level 2 System level Parameters username Username used to log onto the FTP server a strin...

Page 1246: ...Parameters instance VPN instance name a string of 1 to 31 characters It is case sensitive Description Use the vpn instance command to specify a VPN instance Use the undo vpn instance command to restore the default By default no VPN instance is specified After you specify a VPN instance NQA will test the connectivity of the specified VPN tunnel Examples Specify the VPN instance vpn1 Sysname system ...

Page 1247: ...000 active udp echo IP Address Port Status 3 3 3 3 3000 inactive Table 18 5 display nqa server status command output description Field Description tcp connect NQA server status in the NQA TCP test udp echo NQA server status in the NQA UDP test IP Address IP address specified for the TCP UDP listening service on the NQA server Port Port number of the TCP UDP listening service on the NQA server Stat...

Page 1248: ...erver tcp connect Syntax nqa server tcp connect ip address port number undo nqa server tcp connect ip address port number View System view Default Level 2 System level Parameters ip address IP address specified for the TCP listening service on the NQA server port number Port number specified for the TCP listening service on the NQA server in the range 1 to 50000 Description Use the nqa server tcp ...

Page 1249: ...g service on the NQA server port number Port number specified for the UDP listening service on the NQA server in the range 1 to 50000 Description Use the nqa server udp echo command to create a UDP listening service on the NQA server Use the undo nqa server udp echo command to remove the UDP listening service created Note that z You need to configure the command on the NQA server for UDP jitter UD...

Page 1250: ...fy this keyword only the brief information of the NTP sessions will be displayed Description Use the display ntp service sessions command to view the information of all NTP sessions Examples View the brief information of NTP sessions Sysname display ntp service sessions source reference stra reach poll now offset delay disper 12345 1 1 1 1 127 127 1 0 3 377 64 178 0 0 40 1 22 8 note 1 source maste...

Page 1251: ...w The length of time from when the last NTP message was received or when the local clock was last updated to the current time The time is in second by default If the time length is greater than 2048 seconds it is displayed in minute if greater than 300 minutes in hour if greater than 96 hours in day offset The offset of the system clock relative to the reference clock in milliseconds delay the rou...

Page 1252: ...lay ntp service status command output description Field Description Clock status Status of the system clock including z Synchronized The system clock has been synchronized z Unsynchronized The system clock has not been synchronized Clock stratum Stratum level of the system clock Reference clock ID After the system clock is synchronized to a remote time server this field indicates the address of th...

Page 1253: ...cription Use the display ntp service trace command view the brief information of each NTP server along the NTP server chain from the local device back to the primary reference source The display ntp service trace command takes effect only if routes are available between the local device and all the devices on the NTP server chain otherwise this command will fail to display all the NTP servers on t...

Page 1254: ...chronize its clock to that of a peer device Control query refers to query of NTP status information such as alarm information authentication status and clock source information query Specifies to permit control query This level of right permits the peer devices to perform control query to the NTP service on the local device but does not permit a peer device to synchronize its clock to that of the ...

Page 1255: ...nfigured this ACL Examples Configure the peer devices on subnet 10 10 0 0 16 to have the full access right to the local device Sysname system view Sysname acl number 2001 Sysname acl basic 2001 rule permit source 10 10 0 0 0 0 255 255 Sysname acl basic 2001 quit Sysname ntp service access peer 2001 ntp service authentication enable Syntax ntp service authentication enable undo ntp service authenti...

Page 1256: ...nning NTP This feature enhances the network security by means of the client server key authentication which prohibits a client from synchronizing with a device that has failed authentication After the NTP authentication key is configured you need to configure the key as a trusted key by using the ntp service reliable authentication keyid command z Presently the system supports only the MD5 algorit...

Page 1257: ...vice to work in the broadcast client mode and receive NTP broadcast messages on VLAN interface 1 Sysname system view Sysname interface vlan interface 1 Sysname Vlan interface1 ntp service broadcast client ntp service broadcast server Syntax ntp service broadcast server authentication keyid keyid version number undo ntp service broadcast server View Interface view Default Level 2 System level Param...

Page 1258: ...ce1 ntp service broadcast server authentication keyid 4 version 3 ntp service in interface disable Syntax ntp service in interface disable undo ntp service in interface disable View Interface view Default Level 2 System level Parameters None Description Use the ntp service in interface disable command to disable an interface from receiving NTP messages Use the undo ntp service in interface disable...

Page 1259: ... association will be removed if the system fails to receive messages from it over a specific long time In the client server mode for example when you carry out a command to synchronize the time to a server the system will create a static association and the server will just respond passively upon the receipt of a message rather than creating an association static or dynamic In the symmetric mode s...

Page 1260: ...n keyid keyid ttl ttl number version number undo ntp service multicast server ip address View Interface view Default Level 2 System level Parameters ip address Multicast IP address defaulting to 224 0 1 1 authentication keyid keyid Specifies the key ID to be used for sending multicast messages to multicast clients where keyid is in the range of 1 to 4294967295 This parameter is not meaningful if a...

Page 1261: ...vice reliable authentication keyid command to specify that the created authentication key is a trusted key When NTP authentication is enabled a client can be synchronized only to a server that can provide a trusted authentication key Use the undo ntp service reliable authentication keyid command to remove the configuration No authentication key is configured to be trusted by default Examples Enabl...

Page 1262: ...ace Examples Specify the source interface of NTP messages as VLAN interface 1 Sysname system view Sysname ntp service source interface vlan interface 1 ntp service unicast peer Syntax ntp service unicast peer vpn instance vpn instance name ip address peer name authentication keyid keyid priority source interface interface type interface number version number undo ntp service unicast peer vpn insta...

Page 1263: ...n instance name in your command z If you include vpn instance vpn instance name in the undo ntp service unicast peer command the command will remove the symmetric passive peer with the IP address of ip address in the specified VPN if you do not include vpn instance vpn instance name in this command the command will remove the symmetric passive peer with the IP address of ip address in the public n...

Page 1264: ...ce number represents the interface type and number version number Specifies the NTP version where number is in the range of 1 to 3 and defaults to 3 Description Use the ntp service unicast server command to designate an NTP server for the device Use the undo ntp service unicast server command to remove an NTP server designated for the device No NTP server is designated for the device by default z ...

Page 1265: ...lists for this argument Description Use the display ndp command to display NDP configuration information which includes the interval to send NDP packets the time for the receiving device to hold NDP information and the information about the neighbors of all ports Examples Display NDP configuration information Sysname display ndp Neighbor Discovery Protocol is enabled Neighbor Discovery Protocol Ve...

Page 1266: ... Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface GigabitEthernet1 0 9 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface GigabitEthernet1 0 10 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface GigabitEthernet1 0 11 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface GigabitEthernet1 0 12 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface GigabitEthernet1 0 13 ...

Page 1267: ...Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface GigabitGigabitEthernet1 0 1 Status Enabled Pkts Snd 28438 Pkts Rvd 54160 Pkts Err 0 Neighbor 1 Aging Time 176 s MAC Address 000f cbb8 9528 Host Name Sysname Port Name GigabitGigabitEthernet1 0 2 Software Ver V600R006B02D076SP03 Device Name 3Com S7902E Port Duplex AUTO Product Ver 005 Interface GigabitGigabitEthernet1 0 2 Status Enabled Pkts...

Page 1268: ...er Boot ROM version of a neighbor device ndp enable Syntax In Ethernet interface view or Layer 2 aggregate interface view ndp enable undo ndp enable In system view ndp enable interface interface list undo ndp enable interface interface list View System view Ethernet interface view Layer 2 aggregate interface view Default Level 2 System level Parameters interface interface list Specifies an Etherne...

Page 1269: ...onfigurations refer to Link Aggregation Configuration in the Access Volume Examples Enable NDP globally Sysname system view Sysname ndp enable Enable NDP for port GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 ndp enable ndp timer aging Syntax ndp timer aging aging time undo ndp timer aging View System view Default Level 2 System leve...

Page 1270: ...and to set the interval to send NDP packets Use the undo ndp timer hello command to restore the default By default the interval to send NDP packets is 60 seconds Note that the interval for sending NDP packets cannot be longer than the time for the receiving device to hold NDP packets otherwise the NDP table may become instable Related commands ndp timer aging Examples Set the interval to send NDP ...

Page 1271: ... the reset ndp statistics command to clear NDP statistics If no interface interface list is specified NDP statistics of all ports are cleared otherwise NDP statistics of a specified port are cleared Examples Clear NDP statistics of all ports Sysname reset ndp statistics NTDP Configuration Commands display ntdp Syntax display ntdp View Any view Default Level 1 Monitor level Parameters None Descript...

Page 1272: ...ng the last collection display ntdp device list Syntax display ntdp device list verbose View Any view Default Level 1 Monitor level Parameters verbose Displays the detailed device information Description Use the display ntdp device list command to display the device information collected through NTDP Note that the information displayed may not be that of the latest device if you do not execute the...

Page 1273: ...0R001B01D021 Hop 2 Cluster Independent device Peer MAC Peer Port ID Native Port ID Speed Duplex 00e0 fc00 5111 GigabitEthernet1 0 12 GigabitEthernet1 0 22 1000 FULL Table 20 4 display ntdp device list verbose command output description Field Description Hostname System name of the device MAC MAC address of the device Hop Hops from the current device to the device that collect topology information ...

Page 1274: ...s of the device in the format of H H H Description Use the display ntdp single device mac address command to view the detailed NTDP information of a specified device Examples Display the detailed NTDP information of the device with a MAC address of 000f e200 5111 Sysname display ntdp single device mac address 000f e200 5111 Hostname test_2 Sysname MAC 000f e234 5678 Device 3Com S7902E IP 192 168 0...

Page 1275: ...execution of the command in interface view enables NTDP of the current port z Configured in Layer 2 aggregate interface view the configuration will not take effect on the member ports of the aggregation group that corresponds to the aggregate interface configured on a member port of an aggregation group the configuration will take effect only after the member port quit the aggregation group For de...

Page 1276: ...l Parameters hop value Maximum hop for collecting topology information in the range 1 to 16 Description Use the ntdp hop command to set maximum hop for collecting topology information Use the undo ntdp hop command to restore the default By default the value is 3 Note that this command is only applicable to the topology collecting device A bigger number of hops requires more memory of the topology ...

Page 1277: ...e the default By default the interval to collect topology information is 1 minute Note that the management device can start to collect the topology information only after the cluster is set up Examples Set the interval to collect the topology information to 30 minutes Sysname system view Sysname ntdp timer 30 ntdp timer hop delay Syntax ntdp timer hop delay time undo ntdp timer hop delay View Syst...

Page 1278: ... Default Level 2 System level Parameters time Delay time in milliseconds for a device to forward a topology collection request through its successive ports in the range 1 to 100 Description Use the ntdp timer port delay command to set the delay time for a device to forward a received topology collection request through its successive ports Use the undo ntdp timer port delay command to restore the ...

Page 1279: ...vice to a cluster you need not assign a number to the device The management device will automatically assign a usable number to the newly added member device z After a candidate device joins the cluster its level 3 password is replaced by the super password of the management device in cipher text Examples Add a candidate device to the cluster setting the member number to 6 Assume that the MAC addr...

Page 1280: ...luster aabbcc_1 Sysname cluster undo administrator address auto build Syntax auto build recover View Cluster view Default Level 2 System level Parameters recover Automatically reestablishes communication with all the member devices Description Use the auto build command to establish a cluster automatically Note that z This command can be executed on a candidate device or the management device z If...

Page 1281: ...m local flash Get file error can not finish base topology recover Please input cluster name aabbcc Collecting candidate list please wait Jul 22 14 35 18 841 2006 Sysname CLST 5 Cluster_Trap OID 1 3 6 1 4 1 2011 6 7 1 0 3 member 0 0 0 0 0 224 252 0 0 0 role change NTDP Index 0 0 0 0 0 0 224 252 0 0 0 Role 1 Candidate list Name Hops MAC Address Device Processing please wait Cluster auto build Finish...

Page 1282: ...f the device to be deleted from the blacklist in the form of H H H Description Use the black list delete mac command to delete a device from the blacklist Note that this command can be executed on the management device only Examples Delete a device with the MAC address of 0EC0 FC00 0001 from the blacklist aabbcc_0 Sysname system view aabbcc_0 Sysname cluster aabbcc_0 Sysname cluster black list del...

Page 1283: ...ify z The member number of the management device is 0 Examples Configure the current device as a management device and specify the cluster name as aabbcc Sysname system view Sysname cluster Sysname cluster build aabbcc Sysname cluster ip pool 172 16 0 1 255 255 255 248 Restore topology from local flash file for there is no base topology Please confirm in 30 seconds default No Y N Y Begin get base ...

Page 1284: ...ster enable undo cluster enable View System view Default Level 2 System level Parameters None Description Use the cluster enable command to enable the cluster function Use the undo cluster enable command to disable the cluster function By default the cluster function is enabled Note that z When you execute the undo cluster enable command on a management device you remove the cluster and its member...

Page 1285: ...evice in the format of H H H administrator Switches from a member device to the management device sysname member sysname System name of a member device a string of 1 to 32 characters Description Use the cluster switch to command to switch between the management device and member devices Examples Switch from the operation interface of the management device to that of the member device numbered 6 an...

Page 1286: ...n text or cipher text when the cipher keyword is specified A plain text password must be a string of 1 to 63 characters The cipher text password must have a fixed length of 24 or 88 characters The password is case sensitive Description Use the cluster local user command to configure Web user accounts in batches Use the undo cluster local user command to remove the configuration Note that the comma...

Page 1287: ...ster Sysname cluster ip pool 10 1 1 1 24 Sysname cluster build aaa aaa_0 Sysname cluster cluster mac 0180 c200 0000 cluster mac syn interval Syntax cluster mac syn interval interval time View Cluster view Default Level 2 System level Parameters interval time Interval in minutes to send broadcast packets in the range 0 to 30 If the interval is set to 0 the management device does not send broadcast ...

Page 1288: ... the cluster snmp agent community command to configure an SNMP community shared by a cluster and set its access authority Use the undo cluster snmp agent community command to remove a specified community name Note that z The command used to configure the SNMP community with read or read only authority can only be executed once on the management device This configuration will be synchronized to the...

Page 1289: ...name a string of 1 to 32 characters notify view View name in which Trap messages can be sent a string of 1 to 32 characters Description Use the cluster snmp agent group command to configure the SNMPv3 group shared by a cluster and set its access rights Use the undo cluster snmp agent group command to remove the SNMPv3 group shared by a cluster Note that z The command can be executed once on the ma...

Page 1290: ...a cluster By default the MIB view name shared by a cluster is ViewDefault in which the cluster can access ISO subtree Note that z This command can be executed once on the management device only This configuration will be synchronized to member devices on the whitelist which is equal to configuring multiple member devices at one time z The MIB view will be retained if a cluster is dismissed or a me...

Page 1291: ...scription Use the cluster snmp agent usm user v3 command to add a new user to the SNMP v3 group shared by a cluster Use the undo cluster snmp agent usm user v3 command to delete the SNMP v3 group user shared by the cluster Note that z The command can be executed once on the management device only This configuration will be synchronized to member devices on the whitelist which is equal to configuri...

Page 1292: ...ember device from the cluster Note that you should perform the operation to remove a member device from a cluster on the management device only Examples Remove the member device numbered 2 from the cluster Sysname system view Sysname cluster Sysname cluster ip pool 10 1 1 1 24 Sysname cluster build aaa aaa_0 Sysname cluster delete member 2 Remove the member device numbered 3 from the cluster and a...

Page 1293: ...of them down Display cluster information on a member device aaa_1 Sysname display cluster Cluster name aaa Role Member Member number 1 Management vlan 100 cluster mac 0180 c200 000a Handshake timer 10 sec Handshake hold time 60 sec Administrator device IP address 1 1 1 1 Administrator device mac address 000f e200 1d00 Administrator status Up Table 20 5 display cluster command output description Fi...

Page 1294: ...ology with the device as the root member number Specifies a device by its number The system will display the standard topology with the device as the root Description Use the display cluster topology command to display the standard topology of a cluster You can create a standard topology map when executing the build or auto build command or you can use the topology accept command to save the curre...

Page 1295: ... 7016 P_4 1 P_4 1 aaa_3 Sysname 000f e200 0000 P_4 1 P_1 9 Sysname 000f e200 4510 P_4 1 P_1 11 Sysname 000f e200 7000 P_4 1 P_1 9 Sysname 000f e200 4510 P_1 9 P_1 11 Sysname 000f e200 7000 P_4 1 P_1 11 Sysname 000f e200 7000 P_1 3 P_1 2 aaa_2 Sysname 00e0 fd00 4510 P_1 10 P_4 1 Sysname 000f e205 4300 P_1 8 P_1 12 aaa_1 Sysname 000f e200 7016 Table 20 6 display cluster base topology command output ...

Page 1296: ...sname display cluster black list Device ID Access Device ID Access port 000f e200 0010 000f e200 3550 GigabitEthernet1 0 1 Table 20 7 display cluster black list command output description Field Description Device ID ID of the blacklist device indicated by its MAC address Access Device ID ID of the device connected to the blacklist device indicated by its MAC address Access port Port connected to t...

Page 1297: ...31 31 56 24 Switch 4200G Table 20 8 display cluster candidates command output description Field Description MAC MAC address of a candidate device HOP Hops from a candidate device to the management device IP IP address of a candidate device Device Platform information of a device Display the information about a specified candidate device aaa_0 Sysname display cluster candidates mac address 000f e26...

Page 1298: ...ces Description Use the display cluster current topology command to display the current topology information of the cluster z If you specify both the mac address mac address and to mac address mac address arguments the topology information of the devices that are in a cluster and form the connection between two specified devices is displayed z If you specify both the member id member number and to...

Page 1299: ...0 display cluster current topology command output description Field Description PeerPort Peer port ConnectFlag Connection flag NativePort Local port SysName DeviceMac System name of the device normal connect Indicates a normal connection between the device and the management device odd connect Indicates a unidirectional connection between the device and the management device in blacklist Indicates...

Page 1300: ...bout all the devices in a cluster Description Use the display cluster members command to display the information about cluster members Note that this command can be executed on the management device only Examples Display the information about all the devices in a cluster aaa_0 Sysname display cluster members SN Device MAC Address Status Name 0 Switch 4200G 000f e200 1751 Admin 123_0 3100_1 2 Switc...

Page 1301: ... 3Com Corporation 3Com OS Software Version 5 20 Release 2202P17 Release 2202P17 Copyright c 2004 2009 3Com Corp and its licensors All rights reserved Switch 4510G PWR 48 Port V300R001B01D021 Member number 2 Name aaa_2 Sysname Device 3Com S7902E MAC Address 000f e234 5678 Member status Up Hops to administrator device 2 IP 192 168 0 71 24 Version 3Com Corporation 3Com OS Software Version 3ComComware...

Page 1302: ...ress of a device Member status State of a device Hops to administrator device Hops from the current device to the management device IP IP address of a device Version Software version of the current device ftp server Syntax ftp server ip address user name username password simple cipher password undo ftp server View Cluster view Default Level 3 Manage level Parameters ip address IP address of the F...

Page 1303: ...ectively Sysname system view Sysname cluster Sysname cluster ip pool 10 1 1 1 24 Sysname cluster build aaa aaa_0 Sysname cluster ftp server 1 0 0 9 user name ftp password simple ftp holdtime Syntax holdtime seconds undo holdtime View Cluster view Default Level 2 System level Parameters seconds Holdtime in seconds in the range 1 to 255 Description Use the holdtime command to configure the holdtime ...

Page 1304: ...ool command to configure a private IP address range for cluster members Use the undo ip pool command to remove the IP address range configuration By default no private IP address range is configured for cluster members Note that z You must configure the IP address range on the management device only and before establishing a cluster If a cluster has already been established you are not allowed to ...

Page 1305: ...st command in system view first for the logging host you configured to take effect For related configuration refer to the info center loghost command in Information Center Commands in the System Volume Examples Configure the IP address of the logging host shared by a cluster on the management device as 10 10 10 9 Sysname system view Sysname cluster Sysname cluster ip pool 10 1 1 1 24 Sysname clust...

Page 1306: ... the default VLAN ID of all cascade ports and the port connecting the management device and the member device is the management VLAN can the packets in the management VLAN packets be passed without a tag Otherwise you must configure the packets from a management VLAN to pass these ports For the configuration procedure refer to VLAN Configuration in the Access Volume Examples Specify VLAN 2 as the ...

Page 1307: ...ing VLAN interface ID Description Use the nm interface vlan interface command to configure the VLAN interface of the access management device including FTP TFTP server management host and log host as the network management interface of the management device Examples Configure VLAN interface 2 as the network management interface aaa_0 Sysname system view aaa_0 Sysname cluster aaa_0 Sysname cluster ...

Page 1308: ...uster view Default Level 3 Manage level Parameters ip address IP address of an SNMP host string1 Community name of read only access a string of 1 to 26 characters string2 Community name of read write access a string of 1 to 26 characters Description Use the snmp host command to configure a shared SNMP host for a cluster Use the undo snmp host command to cancel the SNMP host configuration By defaul...

Page 1309: ...d Note that this command can be executed on the management device only Examples Configure a shared TFTP server on the management device as 1 0 0 9 Sysname system view Sysname cluster Sysname cluster ip pool 10 1 1 1 24 Sysname cluster build aaa aaa_0 Sysname cluster tftp server 1 0 0 9 timer Syntax timer interval time undo timer View Cluster view Default Level 2 System level Parameters interval ti...

Page 1310: ...device by its MAC address The device will be accepted to join the standard topology of the cluster member id member number Specifies a device by its member number The device will be accepted to join the standard topology of the cluster The member number argument is in the range 0 to 31 save to Confirms the current topology as the standard topology and backs up the standard topology on the FTP serv...

Page 1311: ...lash Description Use the topology restore from command to restore the standard topology information from the FTP server or the local flash in case the cluster topology information is incorrect Note that z This command can be executed on the management device only z If the stored standard topology is not correct the device cannot be aware of if Therefore you must ensure that the standard topology i...

Page 1312: ...dard topology on the FTP server or the local flash is named topology top which includes both the information of blacklist and whitelist A blacklist contains the devices that are prohibited to be added to a cluster A whitelist contains devices that can be added to a cluster z This command can be executed on the management device only Examples Save the standard topology information to the local flas...

Page 1313: ... as its IRF member The command displays the information of IRF members and the information of the devices that are joining in this IRF Examples Display the information of the current IRF Sysname display irf Switch Role Priority CPU MAC 1 Slave 13 000f e2b8 1f84 2 Slave 1 000f e220 2122 3 Master 20 000f e2b8 1a82 4 SlaveWait 1 000f e2c8 1b82 indicates the device is the master indicates the device t...

Page 1314: ...isabled Mac persistent Whether the IRF bridge MAC address preservation is enabled z yes Enabled z no Disabled display irf configuration Syntax display irf configuration View Any view Default Level 1 Monitor level Parameters None Description Use the display irf configuration command to display the pre configurations of IRF members in the current IRF The pre configuration takes effect after the rebo...

Page 1315: ...sical IRF ports x and y if it is displayed as disable it indicates that IRF port 1 is not enabled IRF Port2 The physical IRF port number corresponding to IRF port 2 of a device after its reboot If it displayed in the format of x it indicates that IRF port 2 is bound to physical IRF port x if it is displayed in the format of x y it indicates that IRF port 2 is aggregated by physical IRF ports x and...

Page 1316: ...th any other device IRF port 2 of device 1 connects to IRF port 1 of device 2 IRF port 2 connects to IRF port 1 of device 3 IRF port 2 of device 3 does not connect with any other device z All the three devices belong to one IRF The bridge MAC address of the master is 000f cbb8 1a82 Network topology view is as shown in Figure 21 1 Figure 21 1 Network topology view 2 1 Device 1 4 Device 2 2 4 3 Devi...

Page 1317: ...lot id View Any view Default Level 1 Monitor level Parameters slot slot id ID of the IRF member With this argument the command displays the master slave switchover state of the specified IRF member Without this argument the command displays the master slave switchover state of the IRF master Description Use the display switchover state command to display the master slave switchover states of IRF m...

Page 1318: ... master and the slave are smoothing data Display the master slave switchover state of slave 3 Sysname display switchover state slot 3 Slave HA State Receiving realtime data The above information indicates that slave 3 is receiving real time backup data Table 21 5 display switchover state command output description for a slave Field Description Slave HA State Indicates that this output information ...

Page 1319: ...hether you need to save the one with the same filename or back it up before downloading the boot file Examples Enable auto upgrade of boot files in an IRF Sysname system view Sysname irf auto update enable irf link delay Syntax irf link delay interval undo irf link delay View System view Default Level 3 Manage level Parameters Interval Time interval in milliseconds for the link layer to report a l...

Page 1320: ... MAC address as soon as the master leaves By default IRF bridge MAC address is preserved for 6 minutes z Preserve for six minutes After the master leaves the bridge MAC address will not change within six minutes If the master does not come back after six minutes the IRF system will use the bridge MAC address of the newly elected master as that of the IRF z Preserve permanently No matter the master...

Page 1321: ...s ID in a member ID collision Note the following z You can specify a priority for a member of the current IRF only z The setting of priority takes effect right after your configuration Examples Specify a priority for the local device Sysname display irf Switch Role Priority CPU MAC 1 Slave 13 000f e2b8 1f84 2 Slave 1 000f e220 2122 3 Master 20 000f e2b8 1a82 4 SlaveWait 1 000f e2c8 1b82 indicates ...

Page 1322: ...e port configurations on different member devices in the configuration file Therefore modifying a member ID may cause device configuration changes or even losses so modify member ID with caution For example three members of same device model with the member IDs of 1 2 and 3 are connected to an IRF port Suppose that each member has several ports change the member ID of device 2 to 3 change that of ...

Page 1323: ...1 are numbered 1 and 2 and ports on the interface module in slot 2 are numbered 3 and 4 z 1 4 indicates that you can specify one to four ports at one time When multiple ports are specified they aggregate together to form an IRF port On the Switch 4510G series only the physical IRF ports that are on the same interface module can be aggregated together For the correspondence between an IRF port and ...

Page 1324: ... you execute this command you are redirected to the specified slave device which is equal to log in to the salve directly The operation interface of the access terminal switches from the console of the master to that of the slave and the system enters the user view of the slave You will see that the command prompt changes to the following format Sysname member ID for example Sysname 2 After this c...

Page 1325: ...21 13 Examples Redirect to member 2 Sysname irf switch to 2 Sysname Slave 2 ...

Page 1326: ...itor level Parameters node node id Displays channel information of the specified node where node id represents the number of the specified node in the range of 0 to 9 self node Displays the channel information of the local node Description Use the display ipc channel command to display the channel information of the specified node Examples Display channel information of node 6 Sysname display ipc ...

Page 1327: ... the internal software of the device is used to describe the functions of a channel For example FIB4 indicates that the channel is used for Layer 3 fast forwarding Prehistorical channel NO 2 indicates that no description is defined for the channel and the channel is the second channel established display ipc link Syntax display ipc link node node id self node View Any view Default Level 1 Monitor ...

Page 1328: ...n is terminated display ipc multicast group Syntax display ipc multicast group node node id self node View Any view Default Level 1 Monitor level Parameters node node id Displays the multicast group information of the specified node where node id represents the number of the specified node in the range of 0 to 9 self node Displays the multicast group information of the local node Description Use t...

Page 1329: ...ode View Any view Default Level 1 Monitor level Parameters None Description Use the display ipc node command to display node information Examples Display node information of the device Sysname display ipc node Self node ID 6 Current active node ID 2 3 6 8 Table 22 4 display ipc node command output description Field Description Self node ID Number of the local node Current active node ID List of th...

Page 1330: ... 0 14 5 3 5 5 15 0 0 0 0 16 0 0 0 0 17 50 50 37 35 19 0 0 0 0 Table 22 5 display ipc packet command output description Field Description ChannelID Channel number Sent fragments Number of fragments sent Sent packets Number of packets sent whether a packet is fragmented depends on the interface MTU If the number of bytes the packet is larger than the MTU the packet is fragmented if smaller than or e...

Page 1331: ...e statistics at the time when IPC performance statistics is disabled Related commands ipc performance enable Examples Display IPC performance statistics information of node 6 Sysname display ipc performance node 6 Peak Peak rate pps 10Sec Average rate in the last 10 seconds pps 1Min Average rate in the last 1 minute pps 5Min Average rate in the last 5 minutes pps Total Data Total number of data pa...

Page 1332: ...range of 0 to 9 self node Displays the sending queue information of the local node Description Use the display ipc queue command to display the sending queue information of the specified node Examples Display the sending queue information of the local node Sysname display ipc queue self node QueueType QueueID Dst NodeID Length FullTimes Packet UNICAST 0 0 4096 0 0 UNICAST 1 0 4096 0 0 UNICAST 2 0 ...

Page 1333: ...ode node id Enables IPC performance statistics of the specified node where node id represents the number of the specified node in the range of 0 to 9 self node Enables IPC performance statistics of the local node channel channel id Enables IPC performance statistics information of the specified channel where channel id represents the channel number in the range of 0 to 159 Description Use the ipc ...

Page 1334: ...the IPC performance statistics information of the local node channel channel id Clears the IPC performance statistics information of the specified channel where channel id represents the channel number in the range of 0 to 159 Description Use the reset ipc performance command to clear IPC performance statistics information After this command is executed the corresponding statistics information wil...

Search results

Summary of Contents for E4510-48G

Reviews:

Related manuals for E4510-48G

Brands by name

Popular brands

HP E4510-48G, Command Reference Manual

Search results

Summary of Contents for E4510-48G

Reviews:

Related manuals for E4510-48G

Brands by name

Popular brands