manualshive.com logo in svg

Huawei Quidway S3900 Series, Command Manual, Page: 520 / 1159

Share
Download
Huawei Quidway S3900 Series Command Manual Download Page 520

Command Manual – 802.1x 
Quidway S3900 Series Ethernet Switches-Release 1510 

Chapter 1  802.1x Configuration Commands

 

Huawei Technologies Proprietary 

1-11 

View 

System view, Ethernet port view 

Parameter 

auto

: Specifies to operate in 

auto

 access control mode.  In this mode, a port is 

initialized to take all users as unauthorized: it only allows EAPoL packets to pass 

through and grants users no permission to network resources. Only after the users 

have passed the authentication will the port classify them as authorized and allow them 

access to the network resources, which is often the case. 

authorized-force

: Specifies to operate in 

authorized-force

 access control mode. 

unauthorized-force

: Specifies to operate in 

unauthorized-force

 access control mode. 

Ports in this mode are constantly in unauthorized state. Supplicant systems connected 

to them cannot access the network. 

interface-list

: Ethernet port list. You can specify multiple Ethernet ports by providing this 

argument in the form of 

interface-list

 = { 

interface-name

 [ 

to

 

interface-

 

name

] & < 1-10 >. 

The 

interface-name

 argument is the port index of an Ethernet port and can be specified 

in this form: 

interface-name

 = { 

interface-type

 

interface-num

 }, in which, 

interface-type

 

specifies the type of a port and 

interface-num

 identifies the port number. Note that the 

interface name 

after the keyword 

to

 must have an 

interface-num

 that is greater than or 

equal to that of the 

interface-name

 before the 

to

 keyword. &<1-10> means that up to 10 

port indexes/port index lists can be provided. 

Description 

Use the 

dot1x

 

port-control

 command to specify the access control method for 

specified Ethernet ports. 

Use the 

undo dot1x

 

port-control

 command to revert to the default access control 

method. 

The default access control method is 

auto

Use the 

dot1x

 

port-control 

command to configure the access control method for 

specified 802.1x-enabled ports. 

When being executed in system view, these two commands apply to all Ethernet ports 

of the switch if you do not provide the 

interface-list

 argument. And if you specify the 

interface-list

 argument, these commands apply to the specified Ethernet ports. 

When being executed in Ethernet port view, these two commands apply to the current 

Ethernet port only. In this case, the 

interface-list

 argument is not needed.  

Related command: 

display dot1x

Example 

# Specify Ethernet1/0/1 port to operate in 

unauthorized-force

 access control mode. 

<Quidway> system-view 

Summary of Contents for Quidway S3900 Series

Page 1: ...Huawei Technologies Proprietary HUAWEI Quidway S3900 Series Ethernet Switches Command Manual Release 1510 ...

Page 2: ...service If you purchase the products from the sales agent of Huawei Technologies Co Ltd please contact our sales agent If you purchase the products from Huawei Technologies Co Ltd directly Please feel free to contact our local office customer care center or company headquarters Huawei Technologies Co Ltd Address Administration Building Huawei Technologies Co Ltd Bantian Longgang District Shenzhen ...

Page 3: ...bridge Tellwin Inmedia VRP DOPRA iTELLIN HUAWEI OptiX C C08iNET NETENGINE OptiX iSite U SYS iMUSE OpenEye Lansway SmartAX infoX and TopEng are trademarks of Huawei Technologies Co Ltd All other trademarks and trade names mentioned in this manual are the property of their respective holders Notice The information in this manual is subject to change without notice Every effort has been made in the p...

Page 4: ...figurations and typical applications Organization Quidway S3900 Series Ethernet Switches Command Manual consists of the following parts z 1 CLI Introduces the commands used for switching between the command levels and command level setting z 2 Login Introduces the commands used for logging into the Ethernet switch z 3 Configuration File Management Introduces the commands used for configuration fil...

Page 5: ... port security configuration and port binding z 13 DLDP Introduces the commands used for DLDP configuration z 14 MAC Address Table Introduces the commands used for MAC address forwarding table management z 15 Auto Detect Introduces the commands used for auto detect configuration z 16 MSTP Introduces the STP related commands z 17 Routing Protocol Introduces the commands used for routing protocol co...

Page 6: ...roduces the commands used for port mirroring z 29 IRF Fabric Introduces the commands used for IRF fabric configuration z 30 Cluster Introduces the commands used for cluster management z 31 PoE PoE Profile Introduces the commands used for PoE and PoE profile configuration z 32 UDP Helper Introduces the commands used for UDP Helper configuration z 33 SNMP RMON Introduces the commands used for SNMP a...

Page 7: ...nd manual in an alphabetic order The parts and pages where the commands are described are also given Intended Audience The manual is intended for the following readers z Network engineers z Network administrators z Customers who are familiar with network fundamentals Conventions The manual uses the following conventions I General conventions Convention Description Arial Normal paragraphs are in Ar...

Page 8: ...eparated by vertical bars Many or none can be selected A line starting with the sign is comments III GUI conventions Convention Description Boldface Button names and menu items are in Boldface For example click OK Multi level menus are in bold and separated by forward slashes For example select the File Create Folder menu IV Keyboard operation Format Description Key Press the key with the key name...

Page 9: ... button twice continuously and quickly without moving the pointer Drag Press and hold the primary mouse button and move the pointer to a certain position VI Symbols Eye catching symbols are also used in the manual to highlight the points worthy of special attention during the operation They are defined as follows Caution Warning Danger Means reader be extremely careful during the operation Note Co...

Page 10: ...ase 1510 Table of Contents Huawei Technologies Proprietary i Table of Contents Chapter 1 CLI Configuration Commands 1 1 1 1 CLI Configuration Commands 1 1 1 1 1 command privilege level 1 1 1 1 2 display history command 1 2 1 1 3 super 1 2 1 1 4 super password 1 3 ...

Page 11: ...ew Use the undo command privilege view command to restore the level of the specified command in the specified view to the default Commands fall into four command levels visit monitor system and manage which are identified as 0 1 2 and 3 respectively The administrator can change the level of a command to enable users of specific level to utilize the command By default the ping tracert and telnet co...

Page 12: ... overlaid Related command history command max size Example Display history commands Quidway display history command system view quit display history command 1 1 3 super Syntax super level View User view Parameter level User level This argument ranges from 0 to 3 and defaults to 3 If you execute this command with the level argument not provided this command switches the current user level to level ...

Page 13: ...ttempts to switch to a higher user level If the password is not configured an AUX user can switch to a higher user level directly z A password is necessary for a VTY user to switch to a higher user level You can use the super password level level simple cipher password command to set the password With the password not configured a VTY user is prompted the message reading Password is not set and re...

Page 14: ...iption Use the super password command to set the password for users to switch to a higher user level To prevent unauthorized accesses you can use this command to require users to provide the password when they switch to a higher user level For security purpose the password a user enters when switching to a higher user level is not displayed A user will remain at the original user level if the user...

Page 15: ...ize 1 11 1 1 11 idle timeout 1 11 1 1 12 ip http shutdown 1 12 1 1 13 lock 1 13 1 1 14 parity 1 14 1 1 15 protocol inbound 1 15 1 1 16 screen length 1 16 1 1 17 send 1 16 1 1 18 service type 1 17 1 1 19 set authentication password 1 19 1 1 20 shell 1 20 1 1 21 speed 1 20 1 1 22 stopbits 1 21 1 1 23 sysname 1 22 1 1 24 telnet 1 23 1 1 25 telnet server source interface 1 23 1 1 26 telnet server sour...

Page 16: ...Command Manual Login Quidway S3900 Series Ethernet Switches Release 1510 Table of Contents Huawei Technologies Proprietary ii 2 1 4 snmp agent community 2 3 2 1 5 snmp agent group 2 3 ...

Page 17: ...ication password cipher simple password command z If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords the actual authentication mode that is local or remote depends on other related configuration z If this command is executed with the command authorization keywords specified authorization is performed on the TACACS server whenever you attempt t...

Page 18: ...ported protocol is specified as ssh TCP 22 will be enabled when the supported protocol is specified as all both the TCP 23 and TCP 22 port will be enabled Example Configure to authenticate users using the local password on the AUX interface Quidway system view System View return to User View with Ctrl Z Quidway user interface aux 0 Quidway ui aux0 authentication mode password 1 1 2 auto execute co...

Page 19: ...onfigure the telnet 10 110 100 1 command to be executed automatically after users log into VTY 0 Quidway system view System View return to User View with Ctrl Z Quidway user interface vty 0 Quidway ui vty0 auto execute command telnet 10 110 100 1 This action will lead to configuration failure through ui vty0 Are you sure Y N y 1 1 3 databits Syntax databits 7 8 undo databits View User interface vi...

Page 20: ...scription Use the display telnet server source ip command to display the source IP address configured for the switch operating as the Telnet server If the source interface is also configured for the switch this command displays the IP address of the source interface If no source IP address is specified 0 0 0 0 is displayed Example Display the source IP address configured for the switch operating a...

Page 21: ...w Any view Parameter type User interface type number User interface number summary Displays the summary information about a user interface Description Use the display user interface command to display the information about a specified user interface or all user interfaces If the summary keyword is not specified this command displays user interface type absolute relative user interface number trans...

Page 22: ...r interface operates in asynchronous mode Idx The absolute index of the user interface Type User interface type and the relative index Tx Rx Transmission speed of the user interface Modem Indicates whether or not a modem is used Privi Available command level Auth Authentication mode Int Physical position of the user interface A The current user is authenticated by AAA N Users are not authenticated...

Page 23: ...06 08 TEL 192 168 0 3 Current operation user F Current operation user work in async mode F 0 AUX 0 00 00 00 Table 1 2 Descriptions on the fields of the display users command Field Description F The information is about the current user interface and the current user interface operates in asynchronous mode UI The numbers in the left sub column are the absolute user interface indexes and those in th...

Page 24: ...rface If you execute this command the corresponding user interface will be disconnected Note that the current user interface cannot be released Example Release user interface VTY 0 Quidway free user interface vty 0 Are you sure you want to free user interface vty0 Y N y OK After you execute this command user interface VTY 0 will be disconnected The user in it must log in again to connect to the sw...

Page 25: ... are displayed when a user logs into a switch The login banner is displayed on the terminal when the connection is established And the session banner is displayed on the terminal if a user successfully logs in Use the undo header command to disable displaying a specific banner or all banners Note that if you specify any one of the three keywords without providing the text argument the specified ke...

Page 26: ...ommand Quidway system view System View return to User View with Ctrl Z Quidway header shell SHELL Hello Welcome Make sure the beginning and end characters of the banner are the same When you log in the next time the session banner appears on the terminal as the following Quidway quit Quidway quit Please press ENTER SHELL Hello Welcome The beginning and end characters of the banner are not displaye...

Page 27: ...er This argument ranges from 0 to 256 and defaults to 10 That is the history command buffer can store 10 commands by default Description Use the history command max size command to set the size of the history command buffer Use the undo history command max size command to revert to the default history command buffer size Example Set the size of the history command buffer of AUX 0 to 20 to enable i...

Page 28: ...e within the timeout time Use the undo idle timeout command to revert to the default timeout time You can use the idle timeout 0 command to disable the timeout function The default timeout time is 10 minutes Example Set the timeout time of AUX 0 to 1 minute Quidway system view System View return to User View with Ctrl Z Quidway user interface aux 0 Quidway ui aux0 idle timeout 1 0 1 1 12 ip http s...

Page 29: ...P 80 will be disabled Caution After the Web file is upgraded you need to reboot and then specify the new Web file in the Boot menu Otherwise you cannot use the Web Server normally Example Shut down the Web server Quidway system view System View return to User View with Ctrl Z Quidway ip http shutdown Apr 4 01 30 12 080 2000 Quidway HTTPD 5 Log 1 Stopped HTTP server Launch the Web server Quidway un...

Page 30: ... once the first 16 characters are correct the user interface will be unlocked Example Lock the current user interface Quidway lock Password Again locked 1 1 14 parity Syntax parity even none odd undo parity View User interface view Parameter even Performs even checks none Does not check odd Performs odd checks Description Use the parity command to set the check mode of the user interface Use the u...

Page 31: ...2 ports for Telnet and SSH services respectively will be enabled or disabled after corresponding configurations z If the authentication mode is none TCP 23 will be enabled and TCP 22 will be disabled z If the authentication mode is password and the corresponding password has been set TCP 23 will be enabled and TCP 22 will be disabled z If the authentication mode is scheme there are three scenarios...

Page 32: ...creen can contain Use the undo screen length command to revert to the default number of lines By default the terminal screen can contain up to 24 lines You can use the screen length 0 command to disable the function to display information in pages Example Set the number of lines the terminal screen can contain to 20 Quidway system view System View return to User View with Ctrl Z Quidway user inter...

Page 33: ...be of LAN access type which normally means Ethernet users such as 802 1x users ssh Specifies the users to be of SSH type telnet Specifies the users to be of Telnet type terminal Makes terminal services available to users logging in through the Console port level level Specifies the user level for Telnet users Terminal users or SSH users The level argument ranges from 0 to 3 and defaults to 0 Descr...

Page 34: ...upporting modules Services are supported by these commands Commands concerning file system file transfer protocol FTP trivial file transfer protocol TFTP downloading using XModem user management and level setting are of administration level Example Configure commands of level 0 are available to the users logging in using the user name of zbr Quidway system view System View return to User View with...

Page 35: ... encrypted text or plain text When you enter the password in plain text containing up to 16 characters such as 123 the system converts the password to the corresponding 24 character encrypted password such as TP EMUHL 408 W7TH Q Make sure you are aware of the corresponding plain password if you enter the password in ciphered text such as TP EMUHL 408 W7TH Q Description Use the set authentication p...

Page 36: ...able to the user interface By default terminal services are available in all user interfaces Note the following when using the undo shell command z This command is available in all user interfaces except the AUX Console user interface z This command is unavailable in the current user interface z This command prompts for confirmation when being executed in any valid user interface Example Log into ...

Page 37: ... speed Use these two commands in the AUX user interface view only Example Set the transmission speed of the AUX user interface to 115 200 bps Quidway system view System View return to User View with Ctrl Z Quidway user interface aux 0 Quidway ui aux0 speed 115200 1 1 22 stopbits Syntax stopbits 1 1 5 2 undo stopbits View User interface view Parameter 1 Sets the stop bits to 1 1 5 Sets the stop bit...

Page 38: ...tax sysname string undo sysname View System view Parameter string Domain name of the switch This argument can contain 1 to 30 characters and defaults to Quidway Description Use the sysname command to set a domain name for the switch Use the undo sysname command to revert to the default domain name The CLI prompt reflects the domain name of a switch For example if the domain name of a switch is Qui...

Page 39: ...escription Use the telnet command to Telnet to another switch from the current switch to manage the former remotely You can terminate a Telnet connection by pressing Ctrl K or by executing the quit command The default TCP port number is 23 Related command display tcp status and ip host Example Telnet to the switch with the host name of Quidway2 and IP address of 129 102 0 1 from the current switch...

Page 40: ...by the system Example Specify VLAN interface 2 as the source interface for the Telnet server Quidway system view System View return to User View with Ctrl Z Quidway telnet server source interface Vlan interface 2 1 1 26 telnet server source ip Syntax telnet server source ip ip address undo telnet server source ip View System view Parameter ip address Source IP address to be set Description Use the...

Page 41: ...as the source interface Description Use the telnet source interface command to specify the source interface for a Telnet client If the interface specified does not exist your configuration fails Use the undo telnet source interface command to clear the source interface configuration After that you can access the Telnet server from Telnet client using the IP address determined by the system Example...

Page 42: ...the source IP address to be 192 168 1 1 for the Telnet client Quidway system view System View return to User View with Ctrl Z Quidway telnet source ip 192 168 1 1 1 1 29 user interface Syntax user interface type first number last number View System view Parameter type User interface type first number User interface index which identifies the first user interface to be configured last number User i...

Page 43: ...to the AUX user interface The commands of level 0 are available to the users logging into VTY user interfaces Example Configure that commands of level 0 are available to the users logging into VTY 0 Quidway system view System View return to User View with Ctrl Z Quidway user interface vty 0 Quidway ui vty0 user privilege level 0 You can verify the above configuration by Telneting to VTY 0 and disp...

Page 44: ...he current switch outbound Filters the users Telneting to other switches from the current switch Description Use the acl command to apply an ACL to filter Telnet users Use the undo acl command to disable the switch from filtering Telnet users using the ACL By default Telnet users are not filtered by ACLs Example Apply ACL 2000 to filter users Telneting to the current switch assuming that ACL 2 000...

Page 45: ...le Disconnect all Web users by force Quidway free web users all 2 1 3 ip http acl Syntax ip http acl acl number undo ip http acl View System view Parameter acl number ACL number ranging from 2 000 to 2 999 Description Use the ip http acl command to apply an ACL to filter Web users Use the undo ip http acl command to disable the switch from filtering Web users using the ACL By default the switch do...

Page 46: ... 2 000 to 2 999 Description Use the snmp agent community command to set a community name and to enable users to access the switch through SNMP You can also optionally use this command to apply an ACL to filter network management users Use the undo snmp agent community command to cancel community related configuration for the specified community By default SNMPv1 and SNMPv2c access a switch by comm...

Page 47: ...w to be set to read only This argument can be of 1 to 32 characters write view Sets a readable writable view write view Name of the view to be set to readable writable This argument can be of 1 to 32 characters notify view Sets a notifying view notify view Name of the view to be set to a notifying view This argument can be of 1 to 32 characters acl acl number Specifies an ACL The acl number argume...

Page 48: ...dway S3900 Series Ethernet Switches Release 1510 Chapter 2 Commands for User Control Huawei Technologies Proprietary 2 5 Quidway system view System View return to User View with Ctrl Z Quidway snmp agent group v1 h123 acl 2001 ...

Page 49: ...tary i Table of Contents Chapter 1 Configuration File Management Commands 1 1 1 1 File Attribute Configuration Commands 1 1 1 1 1 display current configuration 1 1 1 1 2 display saved configuration 1 7 1 1 3 display startup 1 10 1 1 4 display this 1 10 1 1 5 reset saved configuration 1 11 1 1 6 save 1 13 1 1 7 startup saved configuration 1 15 ...

Page 50: ...e used to specify the files saved in the flash of the current unit z Inputting the path name or file name directly This method can be used to specify the path to go to or a file in the current work directory 1 1 File Attribute Configuration Commands 1 1 1 display current configuration Syntax display current configuration configuration configuration type interface interface type interface number vl...

Page 51: ...expression Character Meaning Description Match the strings starting with the sub expressions following user matches configuration files starting with user Matches the strings starting with the sub expressions before user matches the configuration ending with user _ Underline which can represent the following characters space starting character and ending character If the first character of a regul...

Page 52: ...he default are not displayed As the display current configuration command can be used to view the currently valid parameters you can use this command to verify a group of configurations The configured parameter whose corresponding function does not take effect is not displayed Related command save reset saved configuration display saved configuration Example Display the currently valid configurati...

Page 53: ...port hybrid protocol vlan vlan 3 2 interface Ethernet1 0 4 mirroring group 1 monitor port interface Ethernet1 0 5 port link type trunk port trunk permit vlan 1 25 interface Ethernet1 0 6 interface Ethernet1 0 7 interface Ethernet1 0 8 interface Ethernet1 0 9 voice vlan enable interface Ethernet1 0 10 port link type hybrid port hybrid vlan 1 3 to 4 untagged port hybrid protocol vlan vlan 4 0 lacp e...

Page 54: ... interface Ethernet1 0 24 interface GigabitEthernet1 1 1 interface GigabitEthernet1 1 2 interface GigabitEthernet1 1 3 interface GigabitEthernet1 1 4 undo irf fabric authentication mode interface NULL0 user interface aux 0 4 idle timeout 0 0 user interface aux 5 7 user interface vty 0 4 authentication mode none user privilege level 3 set authentication password simple 1 return Display the lines th...

Page 55: ... 9 interface Ethernet1 0 10 port hybrid vlan 1 3 to 4 untagged interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface Ethernet1 0 17 interface Ethernet1 0 18 interface Ethernet1 0 19 interface Ethernet1 0 20 interface Ethernet1 0 21 interface Ethernet1 0 22 interface Ethernet1 0 23 interface Et...

Page 56: ...mmand to display the content of the primary configuration file in the Flash of a switch Related command save reset saved configuration display current configuration Example Display the content of the primary configuration file in the Flash Quidway display saved configuration sysname Quidway gvrp MAC authentication interface Aux1 0 0 interface Ethernet1 0 1 priority 7 webcache address 1 1 1 1 mac 0...

Page 57: ... mirroring group 1 monitor port interface Ethernet1 0 5 port link type trunk port trunk permit vlan 1 25 interface Ethernet1 0 6 interface Ethernet1 0 7 interface Ethernet1 0 8 interface Ethernet1 0 9 voice vlan enable interface Ethernet1 0 10 port link type hybrid port hybrid vlan 1 3 to 4 untagged port hybrid protocol vlan vlan 4 0 lacp enable interface Ethernet1 0 11 interface Ethernet1 0 12 in...

Page 58: ... 0 24 interface GigabitEthernet1 1 1 interface GigabitEthernet1 1 2 interface GigabitEthernet1 1 3 interface GigabitEthernet1 1 4 TOPOLOGYCFG MUST NOT DELETE undo irf fabric authentication mode GLBCFG MUST NOT DELETE interface NULL0 user interface aux 0 4 idle timeout 0 0 user interface aux 5 7 user interface vty 0 4 authentication mode none user privilege level 3 set authentication password simpl...

Page 59: ...e current startup configuration file the names of the primary startup configuration file and secondary startup configuration file to be used when the switch starts the next time and so on Related command startup saved configuration Example Display the startup configuration of unit 1 Quidway display startup unit 1 MainBoard Current Startup saved configuration file NULL Next main startup saved confi...

Page 60: ...layed When you execute this command in different protocol views the configurations performed in the corresponding protocol views are displayed And when you execute this command in different protocol sub views the configurations performed in the corresponding protocol sub views are displayed Related command save reset saved configuration display saved configuration and display current configuration...

Page 61: ...th the system software This may occur after you upgrade the software of the switch z The network where the switch operates changes In this case the existing configuration files may conflict with the new network You can remove the existing configuration files and configure the switch again Caution z Execute the reset saved configuration command with caution or with the presence of the technicians z...

Page 62: ...figuration file in the Flash If you execute this command with neither the backup nor the main keyword specified the current configuration is saved in the primary configuration file The safely keyword determines the way to save the current configuration as described in the following z If you execute this command with the safely keyword not specified the system saves the current configuration in the...

Page 63: ...idway save main The configuration will be written to the device Are you sure Y N y Please input the file name cfg To leave the existing filename unchanged press the enter key 123 cfg Now saving current configuration to the device Saving configuration Please wait Unit1 save configuration flash 123 cfg successfully Unit2 save configuration flash 123 cfg successfully Apr 2 02 58 01 682 2000 Quidway C...

Page 64: ...e startup saved configuration command to specify a configuration file to be the primary configuration file or the secondary configuration file Use the undo startup saved configuration command to specify a switch to start without loading the configuration file If you execute the startup saved configuration command with neither the backup nor the main keyword specified the configuration file identif...

Page 65: ...way startup saved configuration vrpcfg cfg main Please wait Done Apr 2 02 55 10 025 2000 Quidway CFM 3 CFM_LOG 1 Unit1 set the configuration successfully Quidway Apr 2 02 55 10 134 2000 Quidway CFM 3 CFM_LOG 1 Unit2 set the configuration successfully Configure the configuration file named 123 cfg as the secondary configuration file of Unit1 Quidway startup saved configuration unit1 flash 123 cfg b...

Page 66: ...on 1 1 1 1 2 display interface Vlan interface 1 1 1 1 3 display vlan 1 3 1 1 4 interface Vlan interface 1 4 1 1 5 name 1 5 1 1 6 shutdown 1 6 1 1 7 vlan 1 6 1 1 8 vlan to 1 7 1 2 Port Based VLAN Configuration Commands 1 9 1 2 1 port 1 9 1 3 Protocol Based VLAN Configuration Commands 1 10 1 3 1 display protocol vlan interface 1 10 1 3 2 display protocol vlan vlan 1 11 1 3 3 port hybrid protocol vla...

Page 67: ... interface Description Use the description command to assign a description string to the current VLAN or VLAN interface Use the undo description command to restore the default description string By default the description string of the current VLAN is its VLAN ID such as VLAN 0001 the description string of the current VLAN interface is its name such as Vlan interface 1 Interface Related command di...

Page 68: ...he created VLAN interfaces is displayed Related command interface Vlan interface Example Display the information about Vlan interface 2 Quidway display interface Vlan interface 2 Vlan interface2 current state DOWN Line protocol current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc07 4101 Internet Address is 10 1 1 1 24 Primary Description Vlan interface2 Interfa...

Page 69: ... Description Use the display vlan command to display the information about the specified VLANs or all VLANs If the vlan id argument or the all keyword is specified the information about the specified VLANs or the all VLANs is displayed including z VLAN ID z VLAN type dynamic or static z Whether the routing function is enabled If yes the primary IP address and mask are displayed z VLAN description ...

Page 70: ... 14 Ethernet1 0 15 Ethernet1 0 16 Ethernet1 0 17 Ethernet1 0 18 Ethernet1 0 19 Ethernet1 0 20 Ethernet1 0 21 Ethernet1 0 22 Ethernet1 0 23 Ethernet1 0 24 Table 1 2 Description on the fields of the display vlan command Field Description VLAN ID VLAN ID VLAN Type VLAN type dynamic or static Route Interface Whether the routing interface function is enable for this VLAN IP Address IP address Subnet Ma...

Page 71: ...e 1 view Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 1 Quidway Vlan interface1 1 1 5 name Syntax name text undo name View VLAN view Parameter text String that refers to the name of the current VLAN in the range of 1 character to 32 characters It can contain special characters and space Parameter Use the name command to assign a name to a VLAN Us...

Page 72: ...rnet ports of the VLAN interface are up the VLAN interface is up enabled If a VLAN interface is disabled its status is not determined by the status of its Ethernet ports You can use the undo shutdown command to enable a VLAN interface when its related parameters and protocols are configured When a VLAN interface fails you can use the shutdown command to disable the interface and then use the undo ...

Page 73: ... Caution z VLAN 1 is the default VLAN and cannot be removed z When you use the undo vlan command to remove a VLAN which is the default VLAN of a trunk port or a hybrid port on the device the configuration of the default VLAN of the trunk port or hybrid port does not change after the undo vlan command is executed that is the trunk port or the hybrid port will use the removed VLAN as its default VLA...

Page 74: ... vlan all command cannot be used to remove the VLANs kept by the protocol the Voice VLANs the default VLANs VLAN 1 the management VLANs and the probe VLANs for remote mirroring Example Create VLAN 4 through VLAN 100 Quidway system view System View return to User View with Ctrl Z Quidway vlan 4 to 100 Note The VLAN kept by protocol the voice VLAN the default VLAN the manageme nt VLAN and the remote...

Page 75: ...he port number to the right of the to keyword must be larger than or equal to the one to the left of the keyword z 1 10 means that you can provide this argument repeatedly for up to 10 times Parameter Use the port command to add a port or multiple ports to a VLAN Use the undo port command to remove a port or multiple ports from a VLAN Caution The port command is only applicable to access ports To ...

Page 76: ...ed If you do not use the to keyword only one port is specified If you use the to keyword multiple contiguous ports are specified The interface type argument refers to the port type and the interface number argument refers to the port number all Displays the protocol related information about all ports Description Use the display protocol vlan interface command to display the protocol information a...

Page 77: ...t to the right of this keyword is larger than or equal to the argument to the left of this keyword all Specifies all VLANs Description Use the display protocol vlan vlan command to display the protocol information and protocol indexes configured for specified VLANs Related command display vlan Example Display the protocol information and protocol indexes configured for VLAN 10 through VLAN 20 Quid...

Page 78: ... port with the protocol based VLAN Use the undo port hybrid protocol vlan vlan command to remove the association between the specified protocol based VLAN and a port Note z The port hybrid protocol vlan vlan command can be executed on hybrid ports only z Before you associate a port with the protocol based VLAN make sure the port belongs to the protocol based VLAN z When the undo port hybrid protoc...

Page 79: ...pecify the four IPX encapsulation types mode Configures user defined protocol templates ethernetii Ethernet II encapsulation format etype id Protocol type of the packet in the range of 600 to FFFF llc LLC encapsulation format dsap id Destination service access point This argument ranges from 0 to FF ssap id Source service access point This argument ranges from 0 to FF snap SNAP encapsulation forma...

Page 80: ...mand to disable the configuration Related command display protocol vlan vlan Example Configure VLAN 3 as a protocol based VLAN and assign IP packets to VLAN 3 for transmission Quidway system view System View return to User View with Ctrl Z Quidway vlan 3 Quidway vlan3 protocol vlan ip Caution Because the IP protocol is closely associated with the ARP protocol you are recommended to configure the A...

Page 81: ... 1 2 1 1 display fib 2 1 2 1 2 display fib ip address 2 2 2 1 3 display fib acl 2 3 2 1 4 display fib 2 4 2 1 5 display fib ip prefix 2 5 2 1 6 display fib statistics 2 6 2 1 7 display icmp statistics 2 7 2 1 8 display ip socket 2 8 2 1 9 display ip statistics 2 10 2 1 10 display tcp statistics 2 11 2 1 11 display tcp status 2 14 2 1 12 display udp statistics 2 15 2 1 13 ip forward broadcast 2 17 ...

Page 82: ...e interface command in Port Basic Configuration Command Manual brief Displays the basic interface configuration information Description Use the display ip interface command to display information about one specific or all interfaces Example Display information about VLAN interface 1 Quidway display ip interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP Intern...

Page 83: ... Description on the fields of the display ip interface command Field Description Vlan interface1 current state Current state of VLAN interface 1 Line protocol current state Current state of the Line protocol Internet Address IP address Broadcast address Broadcast address The Maximum Transmit Unit Max transmit unit IP packets input number 9678 bytes 475001 multicasts 7 IP packets output number 8622...

Page 84: ... Echo reply packet unreachable packet source quench packet routing redirect packet Echo request packet router advert packet router solicit packet time exceed packet IP header bad packet timestamp request packet timestamp reply packet information request packet information reply packet netmask request packet netmask reply packet and unknown types of packets 1 1 2 ip address Syntax ip address ip add...

Page 85: ...esses is as follows z When you configure a primary IP address for an interface which already has a primary IP address the new address will replace the old one z If you execute the undo ip address command without any parameter the switch deletes both primary and secondary IP addresses of the interface The undo ip address ip address mask mask length command is used to delete the primary IP address T...

Page 86: ...address mask length next hop current flag timestamp and output interface Example View the FIB summary Quidway display fib Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeStamp Interface 10 153 17 0 24 10 153 17 99 U t 191954 Vlan interface1 10 153 18 88 32 127 0 0 1 GHU t 191954 InLoopBack0 ...

Page 87: ...TimeStamp Timestamp Interface Forwarding interface 2 1 2 display fib ip address Syntax display fib ip address1 mask1 mask length1 ip address2 mask2 mask length2 longer longer View Any view Parameter ip address1 ip address2 Destination IP addresses in dotted decimal notation ip_address1 and ip_address2 together define an address range The FIB entries in this address range will be displayed mask1 ma...

Page 88: ...e D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeStamp Interface 12 158 10 0 24 12 158 10 1 U t 85391 Vlan interface10 Display the FIB entries whose destination addresses are in the range of 12 158 10 0 24 to 12 158 10 6 24 Quidway display fib 12 158 10 0 255 255 255 0 12 158 10 6 255 255 255 0 Route Entry Count 1 Flag U Usable G Ga...

Page 89: ... 37 InLoopBack0 127 0 0 1 32 127 0 0 1 GHU t 37 InLoopBack0 127 0 0 0 8 127 0 0 1 U t 37 InLoopBack0 1 1 1 1 32 127 0 0 1 GHU t 37 InLoopBack0 1 1 1 0 24 1 1 1 1 U t 37 Vlan interface2 View ACL 2001 Quidway display acl 2001 Basic ACL 2001 1 rule Acl s step is 1 rule 0 permit source 211 71 75 0 0 0 0 255 View the FIB entries filtered by ACL 2001 Quidway display fib acl 2001 Route Entry matched by a...

Page 90: ...xpression refer to the Configuration File Management module of this manual Example View the lines starting from the first one containing the string 169 254 0 0 Quidway display fib begin 169 254 0 0 169 254 0 0 16 2 1 1 1 U t 0 Vlan interface1 2 0 0 0 16 2 1 1 1 U t 0 Vlan interface1 For details about the displayed information see Table 2 1 2 1 5 display fib ip prefix Syntax display fib ip prefix l...

Page 91: ... 1 32 127 0 0 1 GHU t 37 InLoopBack0 1 1 1 0 24 1 1 1 1 U t 37 Vlan interface2 View the FIB entries matching prefix list abc Quidway display fib ip prefix abc Route Entry matched by prefix list abc Summary Counts 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeStamp Interface 211 71 75 0 2...

Page 92: ...way display icmp statistics Input bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information request 0 mask requests 0 mask replies 0 time exceeded 0 Output echo 10 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask requests 0 mask replie...

Page 93: ...r of input information request packets mask requests Number of input output mask request packets mask replies Number of input output mask reply packets information reply Number of output information reply packets time exceeded Number of time exceeded packets 2 1 8 display ip socket Syntax display ip socket socktype sock type task id socket id View Any view Parameter sock type Type of a socket rang...

Page 94: ...ETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Task VTYD 18 socketid 3 Proto 6 LA 10 153 17 99 23 FA 10 153 17 82 1121 sndbuf 8192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Table 2 3 Description on the fields of the display ip socket command Field Description SOCK_STREAM Type of a socket T...

Page 95: ...e the display ip statistics command to view the statistics about IP packets Related command display ip interface and reset ip statistics Example View the statistics about IP packets Quidway display ip statistics Input sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 Output forwarding 0 local 27 dropped 0 no route 2 compress fails 0 Fragment input 0 output 0 dropped 0 fra...

Page 96: ... options forwarding Number of forwarded packets local Number of packets sent by the local device dropped Number of dropped packets during transmission no route Number of packets that cannot be routed Output compress fails Number of packets that cannot be compressed input Number of input fragments output Number of output fragments dropped Number of dropped fragments fragmented Number of packets tha...

Page 97: ...artially duplicate packets 5 7 bytes out of order packets 0 0 bytes packets of data after window 0 0 bytes packets received after close 0 ACK packets 481 8776 bytes duplicate ACK packets 7 too much ACK packets 0 Sent packets Total 665 urgent packets 0 control packets 5 including 1 RST window probe packets 0 window update packets 2 data packets 618 8770 bytes data packets retransmitted 0 0 bytes AC...

Page 98: ...umber of partially duplicate packets out of order packets Number of out of order packets packets of data after window Number of packets out of window packets received after close Number of received packets after close ACK packets Number of ACK packets Received packets duplicate ACK packets too much ACK packets Number of duplicate ACK packets number of ACK packets for data not sent Total Total numb...

Page 99: ... to keepalive probe failure Initiated connections accepted connections established connections Number of initiated connections number of accepted connections number of established connections Closed connections dropped initiated dropped Number of closed connections number of dropped connections number of failed connection attempts Packets dropped with MD5 authentication Number of dropped packets w...

Page 100: ...splay tcp status command Field Description If there is an asterisk before a connection it means that the TCP connection is authenticated through the MD5 algorithm TCPCB Address of the TCP control block Local Add port Local IP address port number Foreign Add port Remote IP address port number State TCP connection state 2 1 12 display udp statistics Syntax display udp statistics View Any view Parame...

Page 101: ...r Number of packets with checksum errors shorter than header Number of packets whose lengths are shorter than their headers data length larger than packet Number of packets whose lengths are larger than the packets no socket on port Number of packets dropped because the socket corresponding to the port number is not found total broadcast or multicast packets Total number of transmitted broadcast o...

Page 102: ...e the undo ip forward broadcast command to disable broadcast from directly connected network segment By default it is disabled to receive broadcast from directly connected network segment Example Enable broadcast from directly connected broadcast Quidway system view System View return to User View with Ctrl Z Quidway ip forward broadcast 2 1 14 reset ip statistics Syntax reset ip statistics View U...

Page 103: ... User view Parameter None Description Use the reset tcp statistics command to clear the statistics about TCP packets Related command display tcp statistics Example Clear the statistics about TCP packets Quidway reset tcp statistics 2 1 16 reset udp statistics Syntax reset udp statistics View User view Parameter None Description Use the reset udp statistics command to clear the statistics about UDP...

Page 104: ...t value of the TCP finwait timer The default value is 675 seconds When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2 the finwait timer is enabled If the switch does not receive FIN packets before finwait timer time outs the TCP connection will be terminated Related command tcp timer syn timeout and tcp window Example Configure the default value of the TCP finwait timer to 800 seco...

Page 105: ... timer to 80 seconds Quidway system view System View return to User View with Ctrl Z Quidway tcp timer syn timeout 80 2 1 19 tcp window Syntax tcp window window size undo tcp window View System view Parameter window size The size of the transmission and receiving buffers measured in kilobytes KB whose value ranges from 1 to 32 Description Use the tcp window command to configure the size of the tra...

Page 106: ...d Manual IP Address and Confiugration Quidway S3900 Series Ethernet Switches Release 1510 Chapter 2 IP Performance Configuration Commands 2 21 System View return to User View with Ctrl Z Quidway tcp window 3 ...

Page 107: ...le ip address1 ip address2 1 12 1 1 9 display ip routing table ip prefix 1 13 1 1 10 display ip routing table protocol 1 14 1 1 11 display ip routing table radix 1 15 1 1 12 display ip routing table statistics 1 16 1 1 13 display ip routing table verbose 1 17 1 1 14 interface Vlan interface 1 19 1 1 15 ip address 1 19 1 1 16 ip host 1 20 1 1 17 ip route static 1 21 1 1 18 management vlan 1 22 1 1 ...

Page 108: ... example VLAN 0001 z The description string of a VLAN interface comprises 1 to 80 characters and defaults to the name of the VLAN interface for example Vlan interface1 Interface Description Use the description command to assign a description string to a VLAN or a VLAN interface Use the undo description command to restore the default description string Related command display vlan display interface...

Page 109: ...ace Vlan interface Example Display the information about the management VLAN interface Assume that VLAN 1 is the management VLAN Quidway display interface Vlan interface 1 Vlan interface1 current state DOWN Line protocol current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc07 4101 Internet Address is 192 168 0 39 24 Primary Description HUAWEI Quidway Series Vlan...

Page 110: ...splay the names of all the hosts and their IP addresses Example Display the names of all the hosts and their IP addresses Quidway display ip host Host Age Flags Address My 0 static 1 1 1 1 Aa 0 static 2 2 2 4 Table 1 2 Description on the fields of the display ip host command Field Description Host Host name Age Valid duration of the host address Flags Flag Only the static flag namely the host name...

Page 111: ...ormation about VLAN 1 interface Quidway display ip interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP Internet Address is 192 168 0 39 24 Primary Broadcast address 192 168 0 255 The Maximum Transmit Unit 1500 bytes IP packets input number 7420 bytes 557679 multicasts 1 IP packets output number 7509 bytes 385809 multicasts 0 TTL invalid packet number 0 ICMP p...

Page 112: ...ectively TTL invalid packet number Number of TTL invalid packets received ICMP packet input number 0 Echo reply 0 Unreachable 0 Source quench 0 Routing redirect 0 Echo request 0 Router advert 0 Router solicit 0 Time exceed 0 IP header bad 0 Timestamp request 0 Timestamp reply 0 Information request 0 Information reply 0 Netmask request 0 Netmask reply 0 Unknown type 0 The total number of ICMP packe...

Page 113: ... routes Example Display the summary information about the routing table Quidway display ip routing table Routing Table public net Destination Mask Protocol Pre Cost Nexthop Interface 1 1 1 0 24 DIRECT 0 0 1 1 1 1 Vlan interface1 1 1 1 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 127 0 0 0 8 DIRECT 0 0 127 0 0 1 InLoopBack0 127 0 0 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 Table 1 4 Description on the fields ...

Page 114: ...splay the summary information about the active routes permitted by ACL 2000 Quidway system view System View return to User View with Ctrl Z Quidway acl number 2000 Quidway acl basic 2000 rule permit source 10 1 1 1 0 0 0 255 Quidway acl basic 2000 rule deny source any Quidway acl basic 2000 display ip routing table acl 2000 Routes matched by access list 2000 Summary count 2 Destination Mask Protoc...

Page 115: ...7 0 0 1 Interface 127 0 0 1 InLoopBack0 Vlinkindex 0 State NoAdvise Int ActiveU Retain Gateway Unicast Age 7 24 Cost 0 0 tag 0 Table 1 5 Description on the fields of the display ip routing table acl command Field Description Destination Destination address Mask Mask Protocol Routing protocol that discovers the route Preference Route preference Nexthop Next hop IP address Interface Outbound interfa...

Page 116: ...eed of route unreachable information For details refer to corresponding routing protocols Int The route is discovered by the internal gateway protocol IGP NoAdvise The route is not advertised when the router advertises routes based on policies NotInstall The route are not loaded to the core routing table but can be advertised Normally the routes with the highest preference in the routing table are...

Page 117: ...the active routes is displayed Description Use the display ip routing table ip address command to display the information about the routes leading to the destination The output information of this command differs with the arguments keywords specified as follows z display ip routing table ip address For the destination address ip address if there are some routes matched within the natural mask rang...

Page 118: ...etailed information of the routes with destination addresses matched within the natural mask range Quidway display ip routing table 169 0 0 0 verbose Routing Tables Generate Default no Active Route Last Active Both Next hop in use Summary count 2 Destination 169 0 0 0 Mask 255 0 0 0 Protocol Static Preference 60 NextHop 2 1 1 1 Interface 2 1 1 1 LoopBack1 Vlinkindex 0 State Int ActiveU Static Unic...

Page 119: ... the IP address range is obtained by performing AND operation between the ip address2 and mask2 arguments mask1 mask2 IP address masks These two arguments can be in dotted decimal notation or two integers ranging from 0 to 32 verbose Displays the detailed information about the active and inactive routes If you do not specify this keyword only the summary information about the active routes is disp...

Page 120: ... the routes matching a specified IP prefix list If the specified IP prefix list does not exist the detailed information about all the active and inactive routes is displayed when you execute this command with the verbose keyword specified and only the summary information about all the active routes is displayed if you execute this command with the verbose keyword not specified Example Display the ...

Page 121: ...ble protocol Syntax display ip routing table protocol protocol inactive verbose View Any view Parameter protocol This argument can be one of the following z direct Displays the information about the direct routes z ospf Displays the information about OSPF routes z ospf ase Displays the information about ASE routes z ospf nssa Displays the information about NSSA routes z rip Displays the informatio...

Page 122: ...LoopBack0 127 0 0 0 8 DIRECT 0 0 127 0 0 1 InLoopBack0 127 0 0 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 DIRECT Routing tables status inactive Summary count 1 Destination Mask Protocol Pre Cost Nexthop Interface 210 0 0 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 Display the summary information about the static routing table Quidway display ip routing table protocol static STATIC Routing tables Summary coun...

Page 123: ... 8 127 0 0 0 32 127 0 0 1 Table 1 6 Description on the fields of the display ip routing table radix command Field Description INET Address family Inodes Number of nodes Routes Number of routes 1 1 12 display ip routing table statistics Syntax display ip routing table statistics View Any view Parameter None Description Use the display ip routing table statistics command to display the statistics of...

Page 124: ... the display ip routing table statistics command Field Description Proto Routing protocol O_ASE indicates OSPF_ASE routes O_NSSA indicates OSPF NSSA routes and AGGRE indicates the aggregated routes route Total number of routes active Number of the active routes that are in currently in use added Number of the routes that are added to the routing table after the switch starts or the routing table i...

Page 125: ...ve Both Next hop in use Destinations 2 Routes 2 Holddown 0 Delete 0 Hidden 0 Destination 127 0 0 0 Mask 255 0 0 0 Protocol DIRECT Preference 0 NextHop 127 0 0 1 Interface 127 0 0 1 InLoopBack0 State NoAdvise Int ActiveU Retain Unicast Age 57 12 Cost 0 0 Destination 127 0 0 1 Mask 255 255 255 255 Protocol DIRECT Preference 0 NextHop 127 0 0 1 Interface 127 0 0 1 InLoopBack0 State NotInstall NoAdvis...

Page 126: ...creating a management VLAN interface make sure the VLAN identified by the vlan id argument is created and is configured to be the management VLAN Note that To configure the management VLAN of a switch operating as a cluster management device to be a cluster management VLAN using the management vlan vlan id command successfully make sure the vlan id argument provided in the management vlan vlan id ...

Page 127: ... mask to a management VLAN interface Use the undo ip address command to remove the IP address assigned to a management VLAN interface Related command display interface Vlan interface Example Assign an IP address and the mask to the management VLAN interface Assume that VLAN 1 is the management VLAN Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 1 Q...

Page 128: ...ic ip address mask NULL null interface number next hop preference preference value reject blackhole detect group detect group id description text undo ip route static ip address mask NULL null interface number next hop preference preference value View System view Parameter ip address Destination IP address in dotted decimal notation mask IP address mask The mask length is expressed as dotted decim...

Page 129: ...es Among these routes the one with least preference which means the highest preference is chosen to be the current route A route configured using the ip route static command is a reachable route if neither of the reject and blackhole keywords is specified Note the following when configuring a static route z The next hop address of a static route cannot be the VLAN interface address of the local sw...

Page 130: ...ement vlan 2 1 1 19 shutdown Syntax shutdown undo shutdown View VLAN interface view Parameter None Description Use the shutdown command to shut down a management VLAN interface Use the undo shutdown command to bring up a management VLAN interface By default a management VLAN interface is down if all the Ethernet ports in the management VLAN are down and the management VLAN interface is up if one o...

Page 131: ...ent error Enables debugging for DHCP BOOTP client error messages including the information about unidentified packets event Enables debugging for DHCP BOOTP client events including address allocation and data update packet Enables debugging for packets received transmitted by a DHCP BOOTP client Description Use the debugging dhcp client command to enable debugging for the DHCP BOOTP client Use the...

Page 132: ... to disable the hot backup debugging for the DHCP BOOTP client The hot backup debugging for the DHCP BOOTP client is disabled by default Example Enable the hot backup debugging for the DHCP BOOTP client Quidway debugging dhcp irf xha 2 1 3 display dhcp client Syntax display dhcp client verbose View Any view Parameter verbose Displays the detailed the DHCP client information about address allocatio...

Page 133: ...chine is BOUND z The lease period of the address is 86400 seconds z The value of the renewal timer and rebinding timer is 43200 seconds and 75600 seconds respectively z The lease period is from 2002 09 20 01 05 03 to 2002 09 21 01 05 03 z The IP address of the DHCP server is 169 254 0 1 z The IP address of the gateway is 2 2 2 2 z Next timeout will happen after 11 hours 56 minutes 1 second Table 2...

Page 134: ...e the undo ip address dhcp alloc command to cancel the configuration By default a VLAN interface does not use DHCP to obtain an IP address Example Configure the management VLAN interface to obtain an IP address through DHCP Assume that VLAN 1 is the management VLAN Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 1 Quidway Vlan interface1 ip address ...

Page 135: ...Description on the fields of the display bootp client command Field Description Vlan interface1 Management VLAN interface 1 is configured to obtain an IP address through BOOTP Allocated IP IP address allocated to VLAN interface 1 Transaction ID Value of the XID field in BOOTP packets Mac Address MAC address of the BOOTP client 2 2 2 ip address bootp alloc Syntax ip address bootp alloc undo ip addr...

Page 136: ...guration Huawei Technologies Proprietary 2 6 Example Configure the management VLAN interface to obtain an IP address through BOOTP Assume that VLAN 1 is the management VLAN Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 1 Quidway Vlan interface1 ip address bootp alloc ...

Page 137: ...onfiguration Commands 1 1 1 1 Voice VLAN Configuration Commands 1 1 1 1 1 display voice vlan error info 1 1 1 1 2 display voice vlan oui 1 1 1 1 3 display voice vlan status 1 2 1 1 4 display vlan 1 3 1 1 5 voice vlan 1 4 1 1 6 voice vlan aging 1 5 1 1 7 voice vlan enable 1 6 1 1 8 voice vlan mac address 1 7 1 1 9 voice vlan mode 1 8 1 1 10 voice vlan security enable 1 8 ...

Page 138: ...None Description Use the display voice error info command to display the ports on which the voice VLAN function fails to be enabled Note When the number of ACL applied to a port reaches to its upper limit the voice VLAN function can not be enabled on the port Example Display the ports on which the voice VLAN function fails to be enabled Quidway display voice vlan error info Fail to apply voice VLA...

Page 139: ...b00 0000 ffff ff00 0000 Cisco phone 00ef e200 0000 ffff ff00 0000 H3C Aolynk phone 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3Com phone 1 1 3 display voice vlan status Syntax display voice vlan status View Any view Parameter None Description Use the display voice vlan status command to display voice VLAN related informatio...

Page 140: ... VLAN function Voice Vlan security mode The status of voice VLAN security mode enabled disabled Voice Vlan aging time The voice VLAN aging time Current voice vlan enable port mode The ports with the voice VLAN function enabled Caution The Current voice vlan enable port mode field lists the ports with the voice VLAN function enabled Note that a port listed in this field may not currently operate in...

Page 141: ...AN ID 6 VLAN Type static Route Interface not configured Description VLAN 0006 Name VLAN 0006 Tagged Ports Ethernet1 0 5 Untagged Ports Ethernet1 0 6 The output indicates that Ethernet1 0 5 and Ethernet1 0 6 ports are in the current voice VLAN 1 1 5 voice vlan Syntax voice vlan vlan id enable undo voice vlan enable View System view Parameter vlan id ID of the VLAN that needs to be enabled with the ...

Page 142: ...on for it Quidway system view System View return to User View with Ctrl Z Quidway vlan 2 Quidway vlan2 quit Quidway voice vlan 2 enable After the voice function of VLAN2 is enabled if you enable the voice VLAN function for other VLANs the system will prompt that your configuration fails Quidway voice vlan 4 enable Can t change voice vlan configuration when other voice vlan is running 1 1 6 voice v...

Page 143: ...meter None Description Use the voice vlan enable command to enable the voice VLAN function for a port Use the undo voice vlan enable command to disable the voice VLAN function for a port The voice VLAN function takes effect on a port only when it is enabled in both system view and port view Note that the operation to enable the voice VLAN function for a port is independent of that to enable the fu...

Page 144: ...on Use the voice vlan mac address command to set a MAC address used for a voice VLAN to identify voice devices Use the undo voice vlan mac address command to disable a MAC address from being used to identify voice devices A switch can use up to 16 MAC addresses to identify voice devices including the five default OUI addresses as listed in Table 1 2 When the number of MAC addresses reaches 16 you ...

Page 145: ...mmand to configure an Ethernet port to operate in the automatic voice VLAN mode Use the undo voice vlan mode auto command to configure an Ethernet port to operate in the manual voice VLAN mode By default an Ethernet port operates in the automatic voice VLAN mode Related command display voice vlan status Example Configure Ethernet1 0 2 port to operate in the manual voice VLAN mode Quidway system vi...

Page 146: ...LAN security mode In the voice VLAN security mode the ports in a voice VLAN and with voice devices attached to can only forward voice data Data packets with their MAC addresses not among the OUI addresses that can be identified by the system will be dropped This mode has no effects on other VLANs By default the voice VLAN security mode is enabled Related command display voice vlan status Example D...

Page 147: ...VRP Configuration Commands 1 1 1 1 GARP Configuration Commands 1 1 1 1 1 display garp statistics 1 1 1 1 2 display garp timer 1 2 1 1 3 garp timer 1 2 1 1 4 garp timer leaveall 1 4 1 1 5 reset garp statistics 1 5 1 2 GVRP Configuration Commands 1 6 1 2 1 display gvrp statistics 1 6 1 2 2 display gvrp status 1 7 1 2 3 gvrp 1 7 1 2 4 gvrp registration 1 8 ...

Page 148: ...that you can provide up to 10 port indexes port index lists for this argument Description Use the display garp statistics command to display the GARP statistics of specified ports or all ports This command displays the following information z Number of the GMRP packets received z Number of the GVRP packets received z Number of the GMRP packets transmitted z Number of the GVRP packets transmitted z...

Page 149: ...ndexes port index lists for this argument Description Use the display garp timer command to display the settings of the GARP timers on specified ports or all ports This command displays the settings of the following timers z Join timer z Leave timer z LeaveAll timer z Hold timer Related command garp timer garp timer leaveall Example Display the settings of the GARP timers on port Ethernet1 0 1 Qui...

Page 150: ...e timer and deregisters the attribute information if it does not receives a Join message again before the timer times out timer value Timeout time in centiseconds of the GARP timer Hold Join or Leave to be set This argument needs to be a multiple of 5 By default it is 10 20 and 60 for Hold Join and Leave timers respectively Description Use the garp timer command to set a GARP timer that is the Hol...

Page 151: ...n change the threshold by changing the timeout time of the LeaveAll timer LeaveAll This lower threshold is greater than the timeout time of the Leave timer You can change threshold by changing the timeout time of the Leave timer 32 765 centiseconds Related command display garp timer Example Set the GARP Join timer to 20 centiseconds for port Ethernet1 0 1 Quidway system view System View return to ...

Page 152: ...y garp timer Example Set the GARP LeaveAll timer to 100 centiseconds Quidway system view System View return to User View with Ctrl Z Quidway garp timer leaveall 100 1 1 5 reset garp statistics Syntax reset garp statistics interface interface list View User view Parameter interface list List of Ethernet ports You can specify multiple Ethernet ports by providing this argument in the form of interfac...

Page 153: ... type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index lists for this argument Description Use the display gvrp statistics command to display the GVRP statistics of specified or all trunk ports This command displays the following information z GVRP status z Number of the GVRP entries that fail to be registered z Source MAC address of the previous GVRP PD...

Page 154: ...ed or disabled Example Display the global GVRP status Quidway display gvrp status GVRP is enabled The above information indicates that GVRP is enabled globally 1 2 3 gvrp Syntax gvrp undo gvrp View System view Ethernet port view Parameter None Description Use the gvrp command to enable GVRP globally in system view or for a port in Ethernet port view Use the undo gvrp command to disable GVRP global...

Page 155: ...rp registration fixed forbidden normal undo gvrp registration View Ethernet port view Parameter fixed Allows the manual creation and registration of VLANs on the current port and inhibits the dynamic registration and deregistration of VLANs on the current port forbidden Deregisters all the VLANs except VLAN 1 on the current port and inhibits the creation and registration of any other VLAN on the c...

Page 156: ...VRP Configuration Commands Huawei Technologies Proprietary 1 9 Example Configure the GVRP registration type on the port Ethernet1 0 1 to fixed Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet1 0 1 Quidway Ethernet1 0 1 gvrp registration fixed ...

Page 157: ... 1 1 11 duplex 1 13 1 1 12 flow control 1 14 1 1 13 flow interval 1 14 1 1 14 giant frame statistics enable 1 15 1 1 15 interface 1 16 1 1 16 jumboframe enable 1 17 1 1 17 loopback 1 18 1 1 18 loopback detection control enable 1 19 1 1 19 loopback detection enable 1 20 1 1 20 loopback detection interval time 1 20 1 1 21 loopback detection per vlan enable 1 21 1 1 22 mdi 1 22 1 1 23 multicast suppr...

Page 158: ...o 262 143 z In Ethernet port view the max pps argument is in the range of 1 to 148 810 Description Use the broadcast suppression command to limit broadcast traffic allowed to be received on each port in system view or on a specified port in Ethernet port view Use the undo broadcast suppression command to restore the default broadcast suppression setting The broadcast suppression command is used to...

Page 159: ...Set the maximum number of broadcast packets that can be received per second by the Ethernet1 0 1 port to 1000 pps Quidway Ethernet1 0 1 broadcast suppression pps 1000 1 1 3 copy configuration Syntax copy configuration source interface type interface number aggregation group source agg id destination interface list aggregation group destination agg id aggregation group destination agg id View Syste...

Page 160: ...LAN ID of the port z Protocol based VLAN configuration includes IDs and indexes of the protocol based VLANs allowed on the port z Link aggregation control protocol LACP configuration includes LACP enable disable status z QoS configuration includes rate limit port priority and default 802 1p priority on the port z STP configuration includes STP enable disable status on the port link attribute on th...

Page 161: ... the source port you can specify the aggregation group of the port as the destination with the destination agg id argument z Any voice VLAN enabled port you input in the destination port list will be removed from the list 1 1 4 description Syntax description text undo description View Ethernet port view Parameter text Port description a string of 1 to 80 characters Description Use the description ...

Page 162: ...haracter string exclude Each entry must not include a specified character string string Regular expression a character string of 1 to 256 characters Note For details about regular expression refer to the Configuration File Management module in this manual Description Use the display brief interface command to display the brief configuration information about one or all interfaces including interfa...

Page 163: ...negotiation Interface Link Speed Duplex Type PVID Description Eth1 0 1 DOWN A A hybrid 1 home Table 1 1 Description on the fields of the display brief interface command Field Description Interface Port type Link Link state UP or DOWN Speed Link rate Duplex Duplex attribute Type Link type access hybrid or trunk PVID Default VLAN ID Description Port description string 1 1 6 display interface Syntax ...

Page 164: ...et1 0 1 current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 0012 a990 2240 Media type is twisted pair loopback not set Port hardware type is 100_BASE_TX 100Mbps speed mode full duplex mode Link speed type is force link link duplex type is force link Flow control is enabled The Maximum Frame Length is 9216 Broadcast MAX pps 500 Unicast MAX ratio 100 Multicast MAX ratio...

Page 165: ... speed type is force link link duplex type is force link Link speed and duplex status force or auto negotiation Flow control is enabled Status of flow control on the port The Maximum Frame Length Maximum frame length allowed on the port Broadcast MAX ratio Broadcast suppression ratio on the port Unicast MAX ratio Unknown unicast suppression ratio on the port Multicast MAX ratio Multicast suppressi...

Page 166: ...ffer failures 0 aborts 0 deferred 0 collisions 0 late collisions 0 lost carrier no carrier Statistics on the incoming and outgoing packets and errors on the port The indicates that the statistical item is not supported 1 1 7 display loopback detection Syntax display loopback detection View Any view Parameter None Description Use the display loopback detection command to display the loopback detect...

Page 167: ...conds There is no port existing loopback link No loopback port exists 1 1 8 display transceiver information interface Syntax display transceiver information interface interface type interface number View Any view Parameter interface type Port type interface number Port number Description Use the display port display transceiver information interface command to display information about a specified...

Page 168: ...rt hybrid trunk View Any view Parameter hybrid Displays hybrid ports trunk Displays trunk ports Description Use the display port command to check whether there are hybrid or trunk ports in the current system and display such ports if available Example Display the hybrid ports in the current system Quidway display port hybrid The following hybrid ports exist Ethernet1 0 1 Ethernet1 0 2 The above in...

Page 169: ...ck not set Port hardware type is 100_BASE_TX 100Mbps speed mode full duplex mode Link speed type is force link link duplex type is force link Flow control is enabled The Maximum Frame Length is 9216 Broadcast MAX pps 500 Unicast MAX ratio 100 Multicast MAX ratio 100 Allow jumbo frame to pass PVID 1 Mdi type auto Port link type access Tagged VLAN ID none Untagged VLAN ID 1 Last 300 seconds input 0 ...

Page 170: ...ption string of the AUX port is Aux Interface For the description of other fields refer to Table 1 2 1 1 11 duplex Syntax duplex auto full half undo duplex View Ethernet port view Parameter auto Sets the port to auto negotiation mode full Sets the port to full duplex mode half Sets the port to half duplex mode Description Use the duplex command to set the duplex mode of the current port Use the un...

Page 171: ...th the local and peer switches When congestion occurs on the local switch z the local switch sends a message to notify the peer switch of stopping sending packets to itself temporarily z the peer switch will stop sending packets to the local switch temporarily when it receives the message and vice versa By this way packet loss is avoided and the network service operates normally By default flow co...

Page 172: ...nterface number command to display the information of a port the system performs statistical analysis on the traffic flow passing through the port during the specified interval and displays the average rates in the interval For example if you set the interval to 100 seconds the displayed information is as follows Last 100 seconds input 0 packets sec 0 bytes sec Last 100 seconds output 0 packets se...

Page 173: ... with Ctrl Z Quidway giant frame statistics enable 1 1 15 interface Syntax interface interface type interface number View System view Parameter interface type Port type which can be Aux Ethernet GigabitEthernet LoopBack NULL or Vlan interface interface number Port number in the format of Unit ID slot number port number where z Unit ID is in the range of 1 to 8 z The slot number is 0 if the port is...

Page 174: ...to 48 1 to 4 Description Use the interface command to enter Ethernet port view To configure parameters for a port you must enter the port view first Example Enter Ethernet1 0 1 port view Quidway system view System View return to User View with Ctrl Z Quidway interface ethernet 1 0 1 Quidway Ethernet1 0 1 1 1 16 jumboframe enable Syntax jumboframe enable undo jumboframe enable View Ethernet port vi...

Page 175: ...ameter external Performs external loop test In the external loop test self loop headers which are made from four cores of the 8 core cables must be used on the port of the switch The external loop test can locate the hardware failures on the port internal Performs internal loop test In the internal loop test self loop is established in the switching chip to locate the chip failure which is related...

Page 176: ...mmand can be used to control the working status of the trunk port or hybrid port where loopback is found in a VLAN z If this feature is enabled on a trunk or hybrid port when loopback is found on the port the system sets the port to a controlled working state and removes the MAC address entries corresponding to the port z If this feature is disabled on a trunk or hybrid port when loopback is found...

Page 177: ... the port to a controlled working state z For a trunk or hybrid port the loopback detection control feature can be implemented by using this command and the loopback detection control enable command together The loopback detection feature takes effect on a specified port only when the loopback detection feature is enabled in both system view and the specified port view By default the loopback dete...

Page 178: ...the default time interval Example Set time interval for loopback detection to 10 seconds Quidway system view System View return to User View with Ctrl Z Quidway loopback detection interval time 10 Quidway 1 1 21 loopback detection per vlan enable Syntax loopback detection per vlan enable undo loopback detection per vlan enable View Ethernet port view Parameter None Description Use the loopback det...

Page 179: ...dway Ethernet1 0 1 port link type trunk Quidway Ethernet1 0 1 loopback detection per vlan enable Quidway Ethernet1 0 1 1 1 22 mdi Syntax mdi across auto normal undo mdi View Ethernet port view Parameter across Sets the port to support MDIX auto Sets the port to support auto MDI MDIX normal Sets the port to support MDI Description Use the mdi command to set port MDI attribute Use the undo mdi comma...

Page 180: ...n command to limit multicast traffic allowed to be received on the current port Use the undo multicast suppression command to restore the default multicast suppression setting on the current port When incoming multicast traffic on the port exceeds the multicast traffic threshold you set the system drops the packets exceeding the threshold to reduce the multicast traffic ratio to the reasonable ran...

Page 181: ... not allowed to add an access port to VLAN 1 or remove an access port from VLAN 1 Otherwise the system will prompt Can t delete ports from or add ports to the default VLAN Description Use the port access vlan command to add the access port into the specified VLAN Use the undo port access vlan command to remove the access port from the specified VLAN You must specify the ID of an existing VLAN in t...

Page 182: ...id pvid command to restore the default VLAN ID of the port Related command port link type Caution You are recommended to set the default VLAN ID of the local hybrid or trunk ports to the same value as that of the hybrid or trunk ports on the peer switch Otherwise packet forwarding may fail on the ports Example Set the default VLAN ID of the hybrid port Ethernet1 0 1 to 100 Quidway system view Syst...

Page 183: ... undo port hybrid vlan command to remove the hybrid port from specified VLANs A hybrid port can belong to multiple VLANs When you use the command several times all VLAN specified in the commands will be allowed to pass the port The VLAN specified by the vlan id argument must be existing Otherwise this command is invalid Related command port link type Example Add the hybrid port Ethernet1 0 1 to VL...

Page 184: ... the three types trunk hybrid and fabric To set a trunk hybrid fabric port to another type different from access you must first set the port to an access port and then set the access port to the required type For example a trunk port cannot be set to a hybrid port directly You must set the trunk port to an access port and then set it to a hybrid port z If you set a fabric port to an access port af...

Page 185: ...nk port can belong to multiple VLANs When you use the command several times all VLAN specified in the commands will be allowed to pass the port Related command port link type Example Add the trunk port Ethernet1 0 1 to VLAN 2 VLAN 4 and VLAN 50 through VLAN 100 Quidway system view System View return to User View with Ctrl Z Quidway interface ethernet1 0 1 Quidway Ethernet1 0 1 port link type trunk...

Page 186: ...lan 100 1 1 30 reset counters interface Syntax reset counters interface interface type interface type interface number View User view Parameter interface type Port type interface number Port number For details about the parameters see the parameter description of the interface command Description Use the reset counters interface command to clear the statistics of the port preparing for a new stati...

Page 187: ...an Ethernet port By default an Ethernet port is enabled Example Enable Ethernet1 0 1 Quidway system view System View return to User View with Ctrl Z Quidway interface ethernet 1 0 1 Quidway Ethernet1 0 1 shutdown Quidway Ethernet1 0 1 undo shutdown 1 1 32 speed Syntax speed 10 100 1000 auto undo speed View Ethernet port view Parameter 10 Specifies the port speed to 10 Mbps 100 Specifies the port s...

Page 188: ...ast suppression View Ethernet port view Parameter ratio Maximum ratio of received unknown unicast traffic to the total bandwidth on the Ethernet port The value ranges from 1 to 100 in step of 1 and defaults to 100 The smaller the ratio is the lesser unknown unicast traffic is allowed to be received max pps Maximum number of unknown unicast packets allowed to be received per second on the Ethernet ...

Page 189: ...packets that can be received per second by the Ethernet1 0 1 port to 1000 pps Quidway Ethernet1 0 1 unicast suppression pps 1000 1 1 34 virtual cable test Syntax virtual cable test View Ethernet port view Parameter None Description Use the virtual cable test command to enable the system to test the cable connected to a specific port and to display the results The system can test these attributes o...

Page 190: ...t the cable connected to the Ethernet port Note The combo port does not support the virtual cable test command Example Enable the system to test the cable connected to Ethernet1 0 1 Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet1 0 1 Quidway Ethernet0 1 virtual cable test Cable status abnormal open 7 metres Pair Impedance mismatch yes Pair skew 429496729...

Page 191: ...uration Commands 1 1 1 1 1 display link aggregation interface 1 1 1 1 2 display link aggregation summary 1 2 1 1 3 display link aggregation verbose 1 4 1 1 4 display lacp system id 1 5 1 1 5 lacp enable 1 6 1 1 6 lacp port priority 1 7 1 1 7 lacp system priority 1 7 1 1 8 link aggregation group agg id description 1 8 1 1 9 link aggregation group agg id mode 1 9 1 1 10 port link aggregation group 1...

Page 192: ...gregation interface command to display the link aggregation details about a specified port or port range including z Link aggregation group ID port priority operation key and protocol status flag of the port at the local end z Device ID port number port priority operation key and protocol status flag at the remote end and z LACP protocol packet statistics Note that for a manual aggregation group v...

Page 193: ...on on the fields of the display link aggregation interface command Field Description Selected AggID ID of the aggregation group to which the specified port belongs Local Information about the local end Port Priority Port priority Oper key Operation key Flag Protocol status flag Remote Information about the remote end is displayed below System ID Remote device ID Port number Port number Received LA...

Page 194: ...oadsharing Actor ID 0x8000 00e0 fc00 5104 AL AL Partner ID Select Unselect Share Master ID Type Ports Ports Type Port 1 S 0x8000 0000 0000 0000 0 1 NonS Ethernet1 0 2 2 M none 0 1 NonS Ethernet1 0 3 Table 1 2 Description on the fields of the display link aggregation summary command Field Description Aggregation Group Type Aggregation group type Actor ID Local device ID AL ID Aggregation group ID A...

Page 195: ...ription string and device ID z Local end details local port port status port priority operation key and protocol status flag z Remote end details local port remote port index remote port priority operation key device ID and protocol status flag Note that for a manual aggregation group value 0 is displayed for all the above items of the remote end which does not indicate the real information of the...

Page 196: ...4 0 32768 0 0x8000 0000 0000 0000 DEF Ethernet1 0 5 0 32768 0 0x8000 0000 0000 0000 DEF Table 1 3 Description on the fields of the display link aggregation verbose command Field Description Loadsharing Type Loadsharing type including Loadsharing and Non Loadsharing Flags Flag types of LACP Aggregation ID Aggregation group ID Aggregation Description Aggregation group description string AggregationT...

Page 197: ...tor System ID 0x8000 00e0 fc00 0100 Table 1 4 Description on the fields of the display lacp system id command Field Description Actor System ID Device ID of the local system including the system priority and the system MAC address 1 1 5 lacp enable Syntax lacp enable undo lacp enable View Ethernet port view Parameter None Description Use the lacp enable command to enable the LACP protocol Use the ...

Page 198: ...ity command to restore the default port priority Related command display link aggregation verbose and display link aggregation interface Example Set the priority of Ethernet1 0 1 to 64 Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet1 0 1 Quidway Ethernet1 0 1 lacp port priority 64 1 1 7 lacp system priority Syntax lacp system priority system priority undo...

Page 199: ... name Aggregation group name a string of 1 to 32 characters Description Use the link aggregation group agg id description command to set a description for an aggregation group Use the undo link aggregation group agg id description command to remove the description of the aggregation group Note If you have saved the current configuration with the save command after system reboot the manual and stat...

Page 200: ...static Creates a static aggregation group Description Use the link aggregation group agg id mode command to create a manual or static aggregation group Use the undo link aggregation group command to remove an aggregation group Related command display link aggregation summary Example Create manual aggregation group 22 Quidway system view System View return to User View with Ctrl Z Quidway link aggr...

Page 201: ...aggregation group 22 Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet1 0 1 Quidway Ethernet1 0 1 port link aggregation group 22 1 1 11 reset lacp statistics Syntax reset lacp statistics interface interface type interface number to interface type interface number View User view Parameter interface type Port type interface number Port number to Specifies a g...

Page 202: ...Ethernet Switches Release 1510 Table of Contents Huawei Technologies Proprietary i Table of Contents Chapter 1 Port Isolation Configuration Commands 1 1 1 1 Port Isolation Configuration Commands 1 1 1 1 1 display isolate port 1 1 1 1 2 port isolate 1 1 ...

Page 203: ...Parameter None Description Use the display isolate port command to display the information about the Ethernet ports added to an isolation group Example Display the information about the Ethernet ports added to the isolation group Quidway display isolate port Isolated port s on UNIT 1 Ethernet1 0 2 Ethernet1 0 3 Ethernet1 0 4 The information above shows that Ethernet1 0 2 Ethernet1 0 3 and Ethernet...

Page 204: ...ther ports which are in the same aggregation group with the current port in the local unit will be added to or removed from the isolation group together at the same time By default an isolation group contains no port Example Add Ethernet1 0 1 port to the isolation group Quidway system view System View return to User View with Ctrl Z Quidway interface ethernet1 0 1 Quidway Ethernet1 0 1 port isolat...

Page 205: ...1 3 mac address security 1 4 1 1 4 port security enable 1 5 1 1 5 port security intrusion mode 1 6 1 1 6 port security authorization ignore 1 8 1 1 7 port security max mac count 1 9 1 1 8 port security ntk mode 1 9 1 1 9 port security oui 1 11 1 1 10 port security port mode 1 12 1 1 11 port security timer disableport 1 14 1 1 12 port security trap 1 15 Chapter 2 Port Binding Commands 2 1 2 1 Port ...

Page 206: ...number of Security MAC addresses Description Use the display mac address security command to display the information about Security MAC address including the MAC address learned by the port VLAN ID of the port current port state port number and MAC address aging time By checking the output of this command you can verify the current configuration Example Display the Security MAC address configurati...

Page 207: ...on including global configuration and all or specific port configuration By checking the output of this command you can verify the current configuration Caution z This command will display global and all ports security configuration information if the interface list argument is not specified z This command will display global and particular port s security configuration information if the interfac...

Page 208: ...rmation is enabled Dot1x logon trap is Enabled The sending of 802 1x user logon authentication success trap information is enabled Dot1x logoff trap is Enabled The sending of 802 1x user logoff trap information is enabled Dot1x logfailure trap is Enabled The sending of 802 1x user authentication failure trap information is enabled RALM logon trap is Enabled The sending of RALM logon trap informati...

Page 209: ...the RADIUS server will be applied on the port 1 1 3 mac address security Syntax mac address security mac address interface interface type interface number vlan vlan id undo mac address security mac address interface interface type interface number vlan vlan id View System view Ethernet port view Parameter interface type Interface type interface number Interface number Note You may configure the pa...

Page 210: ... Ethernet1 0 1 port view Quidway interface Ethernet1 0 1 Configure the maximum number of MAC addresses allowed to access the port to 100 Quidway Ethernet1 0 1 port security max mac count 100 Configure the port mode to autolearn Quidway Ethernet1 0 1 port security port mode autolearn Add the Security MAC address 0001 0001 0001 to VLAN 1 Quidway Ethernet1 0 1 mac address security 0001 0001 0001 vlan...

Page 211: ...m view Quidway system view System View return to User View with Ctrl Z Enable port security Quidway port security enable Ethernet1 0 1 Notice The port control of 802 1x will be restricted to auto when port security is enabled Please wait Done 1 1 5 port security intrusion mode Syntax port security intrusion mode disableport disableport temporarily blockmac undo port security intrusion mode View Et...

Page 212: ...ts through a given port intrusion protection detects illegal packets and events and takes actions accordingly These include disconnecting ports temporarily permanently and filtering packets with the MAC address thereby ensuring port security Intrusion Protection is enabled in the following cases z With MAC address learning disabled the port receives the packets whose source address is an unknown M...

Page 213: ...e authorization information delivered by the RADIUS server Use the undo port security authorization ignore command to restore the default By default the authorization information delivered by the RADIUS server is applied on the port z With the port security authorization ignore command used issuing the display port security interface command displays the Authorization is ignore message z With the ...

Page 214: ...C addresses that pass 802 1x authentication z Number of MAC addresses that pass MAC address authentication z Number of Security MAC addresses Use the undo port security max mac count command to cancel this limit By default there is no limit on the number of MAC addresses allowed to access the port Example Enter system view Quidway system view System View return to User View with Ctrl Z Enable port...

Page 215: ...ecurity ntk mode command to set the packet transmission mode when the NTK feature is enabled Use the undo port security ntk mode command to cancel the packet transmission mode that has been set Table 1 2 shows the modes in which the NTK feature is enabled Note By checking the destination MAC addresses of the data frames to be sent from a port this feature ensures that only successfully authenticat...

Page 216: ...y IEEE to different equipment providers Each OUI uniquely identifies an equipment provider in the world and is the higher 24 bits of MAC address z You need only to input a complete hexadecimal MAC address for providing the OUI value argument in this command and the system will automatically convert the address to binary format and then take the higher 24 bits of the resulting binary data as the OU...

Page 217: ...ating mode of the port Port Security mainly functions to define various security modes that allow devices to learn legal source MAC addresses for network management Any packet whose source MAC address a device cannot learn in a security mode is considered illegal Table 1 2 details the available security modes Table 1 2 Description of the port security modes Security mode Description Feature autole...

Page 218: ...ithoui This mode is similar to the userlogin secure mode except that there can be one OUI carrying MAC address being successfully authenticated in addition to the single 802 1x authenticated user who is allowed to access the port When the port changes from the normal mode to this security mode the system automatically removes the existing dynamic authenticated MAC address entries on the port mac a...

Page 219: ... is set on the port Example Enter system view Quidway system view System View return to User View with Ctrl Z Enable port security Quidway port security enable Enter Ethernet1 0 1 port view Quidway interface Ethernet1 0 1 Set the security mode on Ethernet1 0 1 port to userlogin Quidway Ethernet1 0 1 port security port mode userlogin 1 1 11 port security timer disableport Syntax port security timer...

Page 220: ... ralmlogon ralmlogoff ralmlogfailure undo port security trap addresslearned intrusion dot1xlogon dot1xlogoff dot1xlogfailure ralmlogon ralmlogoff ralmlogfailure View System view Parameter addresslearned Enables disables the sending of MAC address learning trap messages intrusion Enables disables the sending of intrusion packet discovery trap messages dot1xlogon Enables disables the sending of 802 ...

Page 221: ...nding of any types of trap messages Note This command is designed based on the Device Tracking feature The Device Tracking feature enables the switch to send trap messages in case special data packets generated by special actions such as illegal intrusion and abnormal user logon logoff pass through a port for the convenience of network administrator to monitor these special actions When you use th...

Page 222: ...ress MAC address to be bound ip address IP address to be bound interface type Type of the port to be bound to interface number Number of the port to be bound to Description Use the am user bind interface command to bind the MAC and IP addresses of a legal user to a specified port Use the undo am user bind interface command to cancel the binding After such a binding operation only the valid user s ...

Page 223: ... ip address IP address to be bound Description Use the am user bind command to bind the MAC and IP addresses of a legal user to the current port Use the undo am user bind command to cancel the binding After such a binding operation only the valid user s packets can pass through the port Note The system allows only one binding operation for the same MAC address Example Bind the legal user whose MAC...

Page 224: ...binding information of IP address Description Use the display am user bind command to display the information about port binding By checking the output of this command you can verify the current configuration Example Display the information about port binding Quidway display am user bind Following User address bind have been configured Mac IP Port 00e0 fc00 5101 10 153 1 1 Ethernet1 0 1 00e0 fc00 ...

Page 225: ...ietary i Table of Contents Chapter 1 DLDP Configuration Commands 1 1 1 1 DLDP Configuration Commands 1 1 1 1 1 display dldp 1 1 1 1 2 dldp 1 2 1 1 3 dldp authentication mode 1 3 1 1 4 dldp interval 1 4 1 1 5 dldp reset 1 5 1 1 6 dldp unidirectional shutdown 1 5 1 1 7 dldp work mode 1 6 1 1 8 dldp delaydown timer 1 7 ...

Page 226: ...f the specified Unit or the specified port The configuration information includes the following z The configuration information of the DLDP enabled port includes the interval authentication mode password DLDP operating mode and handling mode when a unidirectional link is found z The status information includes the neighbor status local port status and link status z The neighbor table includes the ...

Page 227: ...he dldp enable command to enable DLDP globally on all optical ports of the switch Use the dldp disable command to disable DLDP globally on all optical ports of the switch In Ethernet port view Use the dldp enable command to enable DLDP on the current port Use the dldp disable command to disable DLDP on the current port The commands can apply to a non optical port as well as an optical port By defa...

Page 228: ...nsisting of 1 to 16 characters md5 Sets the authentication mode with the peer port to MD5 md5 password Authentication password with the peer port which is a string in plain text consisting of 1 to 16 characters or the text correspond to the plain text Description Use the dldp authentication mode command to set the DLDP authentication mode and password for the ports of the local and peer devices Us...

Page 229: ...integer undo dldp interval View System view Parameter Integer Interval of sending DLDP packets in the range of 5 seconds to 100 seconds It is 10 seconds by default Description Use the dldp interval command to set the interval of sending advertisement packets when all the DLDP enabled ports are in the Advertisement status Use the undo dldp interval command to restore the interval to the default val...

Page 230: ...em view Use the dldp reset command to reset the DLDP status of all the ports disabled by DLDP In Ethernet port view Use the dldp reset command to reset the DLDP status of the current port disabled by DLDP After the dldp reset command is executed the DLDP status of these ports changes from disable to active and DLDP restarts to probe the link status of the fiber cables or copper twisted pairs Relat...

Page 231: ...ing receiving on the port at the same time Description Use the dldp unidirectional shutdown command to set the DLDP handling mode when a unidirectional link is found Use the dldp unidirectional shutdown command to restore the default setting By default the operating mode of DLDP after unidirectional links are found is auto Related command dldp work mode Example Configure DLDP to automatically disa...

Page 232: ...ional links cross connected fibers z When the DLDP protocol works in enhanced mode the system can identify two types of unidirectional links the first type is the fiber which is cross connected and the second type is the fiber which is not connected or the fiber which is disconnected Example Configure DLDP to work in enhanced mode Quidway system view System View return to User View with Ctrl Z Qui...

Page 233: ... Configuration Commands Huawei Technologies Proprietary 1 8 Use the undo dldp delaydown timer command to restore the default delaydown timer setting Example Set the delaydown timer to 2 seconds Quidway system view System View return to User View with Ctrl Z Quidway dldp delaydown timer 2 ...

Page 234: ...ei Technologies Proprietary i Table of Contents Chapter 1 MAC Address Table Configuration Commands 1 1 1 1 MAC Address Table Configuration Commands 1 1 1 1 1 display mac address aging time 1 1 1 1 2 display mac address 1 2 1 1 3 mac address 1 4 1 1 4 mac address max mac count 1 5 1 1 5 mac address timer 1 6 ...

Page 235: ...thernet Switches Command Manual 1 1 MAC Address Table Configuration Commands 1 1 1 display mac address aging time Syntax display mac address aging time View Any view Parameter None Description Use the display mac address aging time command to display the aging time of the dynamic MAC address entries in the MAC address table Related command mac address mac address timer display mac address Example ...

Page 236: ...entry static dynamic blackhole interface interface type interface number vlan vlan id count Displays information about dynamic static or blackhole MAC address entries interface interface type interface number vlan vlan id count Displays information about the MAC address entries concerning a specified port vlan vlan id count Displays information about the MAC address entries concerning a specified ...

Page 237: ...ntries for the port Ethernet1 0 4 Quidway display mac address interface Ethernet 1 0 4 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 000d 88f6 44ba 1 Learned Ethernet1 0 4 AGING 000d 88f7 9f7d 1 Learned Ethernet1 0 4 AGING 000d 88f7 b094 1 Learned Ethernet1 0 4 AGING 000f e200 00cc 1 Learned Ethernet1 0 4 AGING 000f e200 2201 1 Learned Ethernet1 0 4 AGING 000f e207 f2e0 1 Learned Ethernet1 0 4 AG...

Page 238: ...s that the MAC address entry to be added updated is of static type dynamic Specifies that the MAC address entry to be added updated is of dynamic type blackhole Specifies the MAC address entry to be added updated is of blackhole type mac address MAC address interface type Port type interface number Port number vlan id VLAN ID This argument ranges from 1 to 4 094 mac address attribute String used t...

Page 239: ...ed in port view these two commands only apply to the current port In this case the interface keyword is unnecessary If the MAC address you input in the mac address command already exists in the MAC address table the system will modify the attributes of the corresponding MAC address entry according to your settings in the command You can remove all MAC address entries unicast MAC addresses only con...

Page 240: ...t command the port stops learning MAC addresses after the number of MAC addresses it learned reaches the value of the count argument you provided You can use the undo command to cancel this limit so that the port can learn an unlimited number of MAC addresses By default the port learns an unlimited number of MAC addresses Related command mac address mac address timer Example Set the maximum number...

Page 241: ...e is too short the MAC address entries that are still valid may be removed Upon receiving a packet destined for a MAC address that is already removed the switch broadcasts the packet through all its ports in the VLAN which the packet belongs to This decreases the operating performance of the switch z If the aging time is too long MAC address entries may still exist even if they turn invalid This c...

Page 242: ...1 1 1 1 Auto Detect Configuration Commands 1 1 1 1 1 detect group 1 1 1 1 2 detect list 1 1 1 1 3 display detect group 1 2 1 1 4 option 1 4 1 1 5 retry 1 5 1 1 6 timer loop 1 5 1 1 7 timer wait 1 6 Chapter 2 Commands for Auto Detect Implementation 2 1 2 1 Commands for Auto Detect Implementation 2 1 2 1 1 ip route static 2 1 2 1 2 standby detect group 2 2 2 1 3 vrrp vrid track detect group 2 3 ...

Page 243: ...er group number Detecting group number ranging from 1 to 25 Description Use the detect group command to create a detecting group and enter detecting group view Use the undo detect group command to remove a detecting group Example Create detecting group 10 Quidway system view System View return to User View with Ctrl Z Quidway detect group 10 Quidway detect group 10 1 1 2 detect list Syntax detect ...

Page 244: ...ct list command to specify to skip a specified IP address when performing auto detect operations When performing auto detect operations a switch detects the IP addresses by their list number values in an ascending order Up to 100 IP addresses can be configured in a detecting group You can specify how the detecting result is generated using the option command Related command option Example Add the ...

Page 245: ...the fields of the display detect group command Field Description detect group 1 Detecting group number 1 detect loop time s 15 Detecting interval is 15 seconds ping wait time s 2 Timeout time of a ping operation is two seconds detect retry times 2 Number of retries of an auto detect operation is 2 detect ip option and A detecting group is reachable only when all the IP addresses contained in it ar...

Page 246: ...e default way to generate detecting results By default the and keyword is specified When a detecting operation is being carried out the switch detects each IP address contained in the detecting group in an ascending order by the list number values of the IP addresses z If you specify the and keyword the switch returns unreachable as the detecting result when the switch fails to ping an IP address ...

Page 247: ...ng a detect operation Example Specify the maximum number of retires to 3 for detecting group 10 Quidway system view System View return to User View with Ctrl Z Quidway detect group 10 Quidway detect group 10 retry 3 1 1 6 timer loop Syntax timer loop seconds View Detecting group view Parameter seconds Detecting interval This argument ranges form 1 to 86 400 in seconds and defaults to 15 Descriptio...

Page 248: ...p 60 1 1 7 timer wait Syntax timer wait seconds View Detecting group view Parameter seconds Timeout time of detect operations This argument ranges from 1 to 30 in seconds and defaults to 2 Description Use the timer wait command to set the timeout time for detect operations Example Set the timeout time to 3 seconds for detecting group 10 Quidway system view System View return to User View with Ctrl...

Page 249: ... number undo ip route static ip address mask mask length next hop preference preference value View System view Parameter ip address IP address in dotted decimal notation mask Subnet mask mask length Length of the subnet mask that is the number of successive bits in the subnet mask whose values are 1 interface type Type of the next hop egress interface interface number Number of the next hop egress...

Page 250: ...achable Use the undo ip route static command to remove an existing static route Example Configure a static route to 192 168 0 5 24 with 192 168 0 2 as the next hop The route is to be enabled when the result of detecting group 10 is reachable Quidway system view System View return to User View with Ctrl Z Quidway ip route static 192 168 0 5 24 192 168 0 2 detect group 10 2 1 2 standby detect group ...

Page 251: ...rrp vrid virtual router id track detect group group number reduced value reduced undo vrrp vrid virtual router id track detect group group number View VLAN interface view Parameter virtual router id Virtual router ID ranging from 1 to 255 group number Detecting group number ranging from 1 to 25 value reduced Value by which the priority is to be reduced This argument ranges from 1 to 255 and defaul...

Page 252: ...Example Create detecting group 10 and specify to detect the IP address of 202 12 1 55 Quidway system view System View return to User View with Ctrl Z Quidway detect group 10 Quidway detect group 10 detect list 1 ip address 202 12 1 55 Specify to decrease the priority of backup group 1 by 20 when the result of detecting group 10 is unreachable Quidway interface vlan interface 2 Quidway Vlan interfa...

Page 253: ...1 13 1 1 14 stp config digest snooping 1 14 1 1 15 stp cost 1 15 1 1 16 stp edged port 1 16 1 1 17 stp interface 1 17 1 1 18 stp interface config digest snooping 1 18 1 1 19 stp interface cost 1 20 1 1 20 stp interface edged port 1 21 1 1 21 stp interface loop protection 1 22 1 1 22 stp interface mcheck 1 23 1 1 23 stp interface no agreement check 1 24 1 1 24 stp interface point to point 1 25 1 1 ...

Page 254: ...1 39 stp root secondary 1 41 1 1 40 stp root protection 1 42 1 1 41 stp tc protection 1 43 1 1 42 stp timer forward delay 1 44 1 1 43 stp timer hello 1 45 1 1 44 stp timer max age 1 46 1 1 45 stp timer factor 1 47 1 1 46 stp transmit limit 1 48 1 1 47 vlan mapping modulo 1 49 Chapter 2 BPDU Tunnel Configuration Commands 2 1 2 1 BPDU Tunnel Configuration Commands 2 1 2 1 1 vlan vpn tunnel 2 1 ...

Page 255: ... regenerated To reduce network topology jitter caused by the configuration MSTP multiple spanning tree protocol does not regenerate spanning trees immediately after the configuration it does this only after you activate the new MST region related settings or enable MSTP and then the new settings can really take effect This command causes the switch to operate with the new MST region related settin...

Page 256: ... to a switch for malicious purpose The switch forwards BPDU packets to other switches by receiving them making the STP calculation occurs constantly Those result in high CPU consumption error protocol state of BPDU packets and so on To avoid those problems you can enable the BPDU packets drop function on the Ethernet port of the switch With this function enabled the port will neither receive nor f...

Page 257: ...e switch currently belongs to or check to see whether or not the MST region related configuration is correct Related command instance region name revision level vlan mapping modulo and active region configuration Example Display the MST region configuration of the current switch Quidway system view System View return to User View with Ctrl Z Quidway stp region configuration Quidway mst region chec...

Page 258: ...and statistical information about MSTP can be used to analyze and maintain the topology of a network It also can be used to make MSTP operating properly z If neither spanning tree instance nor port list is specified the command displays spanning tree information about all spanning tree instances on all ports in order of port number z If only a spanning tree instance is specified the command displa...

Page 259: ...ath cost MSTI root port and master bridge z MSTI port parameters Port state role priority path cost designated bridge designated port and Remaining Hops The statistical information includes the numbers of the TCN BPDUs the configuration BPDUs the RST BPDUs and the MST BPDUs transmitted received by each port Related command reset stp Example Display the state and statistical information about a spa...

Page 260: ...n Example Display the activated MST region configuration Quidway display stp region configuration Oper Configuration Format selector 0 Region name hello Revision level 0 Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20 Table 1 3 Description on the fields of the display stp region configuration command Field Description Format selector The selector specified by MSTP Region name The name of t...

Page 261: ...d spanning tree instance and remap the specified VLANs to the CIST spanning tree instance 0 If you specify no VLAN in the undo instance command all VLANs that are mapped to the specified spanning tree instance are remapped to the CIST By default all VLANs are mapped to the CIST VLAN to spanning tree instance mappings are recorded in the VLAN mapping table of an MSTP switch So these two commands ar...

Page 262: ...itch is its MAC address MST region name along with VLAN mapping table and MSTP revision level determines the MST region which a switch belongs to Related command instance revision level check region configuration vlan mapping modulo and active region configuration Example Set the MST region name of the switch to hello Quidway system view System View return to User View with Ctrl Z Quidway stp regi...

Page 263: ...do not specify the interface list argument this command clears the spanning tree related statistics on all ports Related command display stp Example Clear the spanning tree related statistics on ports Ethernet1 0 1 through Ethernet1 0 3 Quidway reset stp interface Ethernet 1 0 1 to Ethernet 1 0 3 1 1 9 revision level Syntax revision level level undo revision level View MST region view Parameter le...

Page 264: ...lobally or on a port Use the undo stp command to revert to the default MSTP state globally or on a port By default MSTP is disabled After MSTP is enabled the actual operation mode which can be STP compatible mode RSTP compatible mode and MSTP mode is determined by the protocol mode configured by users A switch becomes a transparent bridge if MSTP is disabled After being enabled MSTP maintains span...

Page 265: ...ls such as PCs or file servers These ports are usually configured as edge ports to achieve rapid transition But they resume non edge ports automatically upon receiving configuration BPDUs which causes spanning trees regeneration and network topology jitter Normally no configuration BPDU will reach edge ports But malicious users can attack a network by sending configuration BPDUs deliberately to ed...

Page 266: ... set the network diameter of a switched network The network diameter of a switched network is represented by the maximum possible number of switches between any two terminals in a switched network Use the undo stp bridge diameter command to revert to the default network diameter After you configure the network diameter of a switched network MSTP adjusts its Hello time Forward delay and Max age set...

Page 267: ...d MSTP packets If the format of the received packets changes repeatedly MSTP will shut down the corresponding port to prevent network storm A port shut down in this way can only be enabled again by the network administrator z With the MSTP packet format set to legacy the port only processes and transmits MSTP packets in legacy format If packets in dot1s format are received the corresponding ports ...

Page 268: ...tches determine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them A configuration ID contains information such as region ID and configuration digest As some partners switches adopt proprietary spanning tree protocols they cannot interwork with other switches in an MST region even if they are configured with the same MST region related settin...

Page 269: ...abled on all the switch ports that connect to partners proprietary protocol adopted switches in the same MST region z With the digest snooping feature enabled the VLAN to MSTI mapping cannot be modified z The digest snooping feature is not applicable to MST region edge ports Example Enable the digest snooping feature for Ethernet1 0 1 port Quidway system view System View return to User View with C...

Page 270: ...anning tree instances By configuring different path costs for the same port in different MSTIs you can make flows of different VLANs traveling along different physical links so as to achieve VLAN based load balancing Changing the path cost of a port in a spanning tree instance may change the role of the port in the instance and put it in state transition Related command stp interface cost Example ...

Page 271: ...nd you are recommended to configure the Ethernet ports directly connected to user terminals as edge ports to enable them to transit to the forwarding state rapidly Normally configuration BPDUs cannot reach an edge port because the port is not connected to another switch But when the BPDU protection function is disabled on an edge port configuration BPDUs sent deliberately by a malicious user may r...

Page 272: ...p interface command to enable or disable MSTP on specified ports in system view By default MSTP is enabled on the ports of a switch if MSTP is globally enabled on the switch and is disabled on the ports if MSTP is globally disabled An MSTP disabled port does not participate in any calculation of spanning tree and is always in forwarding state Caution Disabling MSTP on ports may result in loops Rel...

Page 273: ...configuration Interconnected MSTP switches determine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them A configuration ID contains information such as region ID and configuration digest As some partners switches adopt proprietary spanning tree protocols they cannot interwork with other switches in an MST region even if they are configured wi...

Page 274: ...same MST region z With the digest snooping feature enabled the VLAN to MSTI mapping cannot be modified z The digest snooping feature is not applicable to MST region edge ports Example Enable the digest snooping feature on Ethernet1 0 1 port in system view Quidway system view System View return to User View with Ctrl Z Quidway stp interface Ethernet 1 0 1 config digest snooping 1 1 19 stp interface...

Page 275: ...ferent MSTIs you can make flows of different VLANs traveling along different physical links so as to achieve VLAN based load balancing Changing the path cost of a port in a spanning tree instance may change the role of the port in the instance and put it in state transition The default port path cost differs with port speed Refer to Table 1 4 for details Related command stp cost Example Set the pa...

Page 276: ...incurred by network topology changes You can enable a port to transit to the forwarding state rapidly by setting it to an edge port And you are recommended to configure the Ethernet ports directly connected to user terminals as edge ports to enable them to transit to the forwarding state rapidly Normally configuration BPDUs cannot reach an edge port because the port is not connected to another swi...

Page 277: ...Description Use the stp interface loop protection command to enable the loop prevention function in system view Use the undo stp interface loop protection command to revert to the default state of the loop prevention function in system view The loop prevention function is disabled by default Related command stp loop protection Caution Among loop prevention function root protection function and edg...

Page 278: ...nabled switch is disconnected from the port the port cannot toggle back to the MSTP mode automatically In this case you can force the port to toggle to the MSTP mode by performing the mCheck operation on the port Related command stp mcheck and stp mode Example Perform the mCheck operation for Ethernet1 0 3 port in system view Quidway system view System View return to User View with Ctrl Z Quidway ...

Page 279: ...ating as the root ports will then send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports instead of waiting for agreement packets from the upstream switch This enables designated ports of the upstream switch to change their states rapidly Related command stp no agreement check Note z The rapid transition feature can be enabled on root ...

Page 280: ...o point command the auto keyword is used by default and so MSTP automatically determines the types of the links connected to the specified ports The rapid transition feature is not applicable to ports on non point to point links If an Ethernet port is the master port of an aggregated port or operates in full duplex mode the link connected to the port is a point to point link You are recommended to...

Page 281: ...ree instance is 128 Description Use the stp interface port priority command to set a port priority for the specified ports in the specified spanning tree instance Use the undo stp interface port priority command to restore the specified ports to the default port priority in the specified spanning tree instance If you specify the instance id argument to be 0 these two commands apply to the port pri...

Page 282: ...d port s By default the root protection function is disabled Configuration errors or attacks may result in configuration BPDUs with their priorities higher than that of a root bridge which causes new root bridge to be elected and network topology jitter to occur In this case flows that should travel along high speed links may be led to low speed links and network congestion may occur You can avoid...

Page 283: ...x ranges for this argument packetnum Also known as maximum transmitting speed the maximum number of configuration BPDUs a port can send in each Hello time This argument ranges from 1 to 255 and defaults to 10 Description Use the stp interface transmit limit command to set the maximum number of configuration BPDUs each specified port can send in each Hello time Use the undo stp interface transmit l...

Page 284: ...switch These BPDUs may get lost because of network congestions and link failures If a switch does not receive BPDUs from the upstream switch for a certain period the switch selects a new root port the original root port becomes a designated port and the blocked ports transit to forwarding state This may cause loops in the network The loop prevention function suppresses loops With this function ena...

Page 285: ...DU And a switch discards the configuration BPDUs whose remaining hops are 0 After a configuration BPDU reaches a root bridge of a spanning tree in a MST region the value of the remaining hops field in the configuration BPDU is decreased by 1 every time the configuration BPDU passes a switch Such a mechanism disables the switches that are beyond the maximum hops from participating in spanning tree ...

Page 286: ...In this case you can force the port to transit to the MSTP mode by performing the mCheck operation on the port Similarly when a port on an RSTP enabled upstream switch connects with an STP enabled downstream switch the port transits to the STP compatible mode But when the STP enabled downstream switch is then replaced by an MSTP enabled switch the port cannot automatically transit to the MSTP mode...

Page 287: ...perates in MSTP mode To make a switch compatible with STP RSTP MSTP provides following three operation modes STP compatible mode where a switch sends out STP BPDU packets RSTP compatible mode where a switch sends out RSTP BPDU packets MSTP mode where a switch sends out MSTP BPDU packets Related command stp mcheck stp stp interface and stp interface mcheck Example Configure the switch to operate in...

Page 288: ...witch running proprietary spanning tree protocol you can enable the rapid transition feature on the ports of the S3900 series switch operating as the downstream switch Among these ports those operating as the root ports will then send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports instead of waiting for agreement packets from the up...

Page 289: ...ch uses the IEEE 802 1t standard to calculate the default path costs of ports Table 1 4 Transmission speeds and the corresponding path costs Transm ission speed Operation mode half full duplex 802 1D 1998 IEEE 802 1t Standard defined by Private 0 65 535 200 000 000 200 000 10 Mbps Half duplex Full duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link 4 ports 100 95 95 95 200 000 1...

Page 290: ...ed link which is measured in 100 Kbps Example Configure to use the IEEE 802 1D 1998 standard to calculate the default path costs of ports Quidway system view System View return to User View with Ctrl Z Quidway stp pathcost standard dot1d 1998 Configure to use the IEEE 802 1t standard to calculate the default path costs of ports Quidway system view System View return to User View with Ctrl Z Quidwa...

Page 291: ...let MSTP automatically determine the link types of ports These two commands only apply to CISTs and MSTIs If you configure the link to which a port is connected is a point to point link or a non point to point link the configuration applies to all spanning tree instances that is the port is configured to connect to a point to point link or a non point to point link in all spanning tree instances I...

Page 292: ...ority in the instance A port on a MSTP enabled switch can have different port priorities and play different roles in different MSTIs This enables packets of different VLANs to be forwarded along different physical paths so as to achieve load balancing by VLANs Changing port priorities result in port roles being re determined and may cause state transitions Related command stp interface port priori...

Page 293: ...es If you do not specify the instance id argument the two commands apply to the CIST Example Set the priority of the switch in spanning tree instance 1 to 4 096 Quidway system view System View return to User View with Ctrl Z Quidway stp instance 1 priority 4096 1 1 37 stp region configuration Syntax stp region configuration undo stp region configuration View System view Parameter None Description ...

Page 294: ...lts to 7 centi seconds Hello time in centiseconds of the specified spanning tree This argument ranges from 100 to 1 000 and defaults to 200 Description Use the stp root primary command to configure the current switch as the root bridge of a specified spanning tree instance Use the undo stp root command to cancel the current configuration By default a switch is not configured as a root bridge If yo...

Page 295: ...priority cannot be modified Example Configure the current switch as the root bridge of spanning tree instance 1 setting the network diameter of the switched network to 4 and the Hello time to 500 centiseconds Quidway system view System View return to User View with Ctrl Z Quidway stp instance 1 root primary bridge diameter 4 hello time 500 1 1 39 stp root secondary Syntax stp instance instance id ...

Page 296: ...the Hello time of the switch that you are configuring as a secondary root bridge The switch will then figures out the other two time parameters Forward delay and Max age You can configure only one root bridge for a spanning tree instance but you can configure one or more secondary root bridges for a spanning tree instance Once a switch is configured as the root bridge or a secondary root bridge it...

Page 297: ...ports in all spanning tree instances When a port of this type receives configuration BPDUs with higher priorities it changes to Discarding state rather than becomes a non designated port and stops forwarding packets as if it is disconnected from the link It resumes the normal state if it does not receive any configuration BPDUs with higher priorities for a specified period Related command stp inte...

Page 298: ...rforming removing operations Example Enable the TC BPDU prevention function on the switch Quidway system view System View return to User View with Ctrl Z Quidway stp tc protection enable 1 1 42 stp timer forward delay Syntax stp timer forward delay centi seconds undo stp timer forward delay View System view Parameter centi seconds Forward delay in centiseconds to be set This argument ranges from 4...

Page 299: ...ward delay to 2 000 centiseconds Quidway system view System View return to User View with Ctrl Z Quidway stp timer forward delay 2000 1 1 43 stp timer hello Syntax stp timer hello centi seconds undo stp timer hello View System view Parameter centi seconds Hello time in centiseconds to be set This argument ranges from 100 to 1 000 and defaults to 200 Description Use the stp timer hello command to s...

Page 300: ...centiseconds Quidway system view System View return to User View with Ctrl Z Quidway stp timer hello 400 1 1 44 stp timer max age Syntax stp timer max age centi seconds undo stp timer max age View System view Parameter centi seconds Max age in centiseconds to be set This argument ranges from 600 to 4 000 and defaults to 2 000 Description Use the stp timer max age command to set the Max age of the ...

Page 301: ...ds Quidway system view System View return to User View with Ctrl Z Quidway stp timer max age 1000 1 1 45 stp timer factor Syntax stp timer factor number undo stp timer factor View System view Parameter number Hello time factor This argument ranges from 1 to 10 and defaults to 3 Description Use the stp timer factor command to set the timeout time of MSTP protocol packets on a switch in the form of ...

Page 302: ...tnum Maximum number of configuration BPDUs a port can transmit in each Hello time This argument ranges from 1 to 255 and defaults to 10 Description Use the stp transmit limit command to set the maximum number of configuration BPDUs the current port can transmit in each Hello time Use the undo stp transmit limit command to revert to the default maximum number A larger number configured by the stp t...

Page 303: ...ng tree instances at the same time A VLAN to spanning tree instance mapping becomes invalid when you map the VLAN to another spanning tree instance Note You can map VLANs to specific spanning tree instances quickly by using the vlan mapping modulo modulo command The ID of the spanning tree instance to which a VLAN is mapped can be figured out by using the following expression VLAN ID 1 modulo 1 Wh...

Page 304: ...0 Series Ethernet Switches Release 1510 Chapter 1 MSTP Configuration Commands Huawei Technologies Proprietary 1 50 System View return to User View with Ctrl Z Quidway stp region configuration Quidway mst region vlan mapping modulo 16 ...

Page 305: ...etween geographically dispersed user networks through specified VLAN VPNs in operator s networks through which spanning trees can be generated across these user networks and are independent of those of the operator s network By default the BPDU Tunnel function is disabled Note z The BPDU Tunnel function can only be enabled on devices with STP employed z The BPDU Tunnel function can only be enabled...

Page 306: ...et Switches Release 1510 Chapter 2 BPDU Tunnel Configuration Commands Huawei Technologies Proprietary 2 2 Example Enable the BPDU Tunnel function for the switch Quidway system view System View return to User View with Ctrl Z Quidway vlan vpn tunnel ...

Page 307: ...ip routing table statistics 1 12 1 1 9 display ip routing table verbose 1 13 1 2 Static Route Configuration Commands 1 14 1 2 1 delete static routes all 1 14 1 2 2 ip route static 1 15 Chapter 2 RIP Configuration Commands 2 1 2 1 RIP Configuration Commands 2 1 2 1 1 checkzero 2 1 2 1 2 default cost 2 2 2 1 3 display rip 2 2 2 1 4 display rip interface 2 3 2 1 5 display rip routing 2 4 2 1 6 filter...

Page 308: ...ertise 3 9 3 1 12 display debugging ospf 3 11 3 1 13 display ospf abr asbr 3 11 3 1 14 display ospf asbr summary 3 12 3 1 15 display ospf brief 3 13 3 1 16 display ospf cumulative 3 15 3 1 17 display ospf error 3 17 3 1 18 display ospf interface 3 19 3 1 19 display ospf lsdb 3 21 3 1 20 display ospf nexthop 3 23 3 1 21 display ospf peer 3 24 3 1 22 display ospf request queue 3 27 3 1 23 display os...

Page 309: ...52 3 1 51 spf schedule interval 3 53 3 1 52 stub 3 54 3 1 53 vlink peer 3 54 Chapter 4 IP Routing Policy Configuration Commands 4 1 4 1 IP Routing Policy Configuration Commands 4 1 4 1 1 apply cost 4 1 4 1 2 apply tag 4 2 4 1 3 display ip ip prefix 4 2 4 1 4 display route policy 4 3 4 1 5 if match acl 4 4 4 1 6 if match cost 4 5 4 1 7 if match interface 4 6 4 1 8 if match ip next hop 4 7 4 1 9 if ...

Page 310: ...s The ospf ospf ase and ospf nssa commands are supported by the S3900 EI series but not supported by any other S3900 switch This will not be mentioned again in this manual 1 1 Routing Table Monitoring Commands 1 1 1 display ip routing table Syntax display ip routing table View Any view Parameter None Description Use the display ip routing table command to display the routing table summary This com...

Page 311: ...32 DIRECT 0 0 127 0 0 1 InLoopBack0 Table 1 1 Description on the fields of the display ip routing table command Field Description Destination Mask Destination address mask length Protocol Routing protocol Pre Route preference Cost Route cost Nexthop Next hop address Interface Output interface through which the data packets destined for the destination network segment are sent 1 1 2 display ip rout...

Page 312: ...e acl 2000 Routes matched by access list 2000 Summary count 2 Destination Mask Protocol Pre Cost Nexthop Interface 10 1 1 0 24 DIRECT 0 0 10 1 1 2 Vlan interface1 10 1 1 2 32 DIRECT 0 0 127 0 0 1 InLoopBack0 For detailed description of the output information see Table 1 1 Display the verbose information of the active and inactive routes that filtered through basic acl 2000 Quidway display ip routi...

Page 313: ...ds no ICMP unreachable message to the source end Delete The route is deleted Gateway The route is not directly reachable Hidden The route is hidden That is the route exists but it is hidden because it is unavailable for the moment due to some reason e g a configured policy or a down interface and is not expected to be deleted and it can be restored later Holddown Holddown is a route redistribution...

Page 314: ... route will discard the packets that select it as their route and the router will send ICMP unreachable message to the source end Reject route is usually used for the network test Retain When the routes from the routing table are deleted the routes with Retain flag will not be deleted Using this function you can set Retain flag for some static routes so that they can exist in the core routing tabl...

Page 315: ...is the command output with different arguments provided z display ip routing table ip address If the destination address ip address corresponds to a route in the natural mask range this command displays the route that is the longest match of the destination address ip address and is active z display ip routing table ip address mask This command only displays the routes exactly matching the specifi...

Page 316: ...Cost 0 0 Tag 0 There is no corresponding route in the natural mask range only the longest matched route is displayed Display the detailed information Quidway display ip routing table 169 253 0 0 verbose Routing Tables Active Route Last Active Both Next hop in use Summary count 1 Destination 169 0 0 0 Mask 255 0 0 0 Protocol Static Preference 60 NextHop 2 1 1 1 Interface 2 1 1 1 LoopBack1 Vlinkinde...

Page 317: ...rmation in the specified destination address range Example Display the routing information of destination addresses ranging from 1 1 1 0 to 2 2 2 0 Quidway display ip routing table 1 1 1 0 24 2 2 2 0 24 Routing tables Summary count 3 Destination Mask Protocol Pre Cost Nexthop Interface 1 1 1 0 24 DIRECT 0 0 1 1 1 1 Vlan interface1 1 1 1 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 2 2 2 0 24 DIRECT 0 0 2...

Page 318: ...o 32 Quidway ip ip prefix abc2 permit 10 1 1 0 24 less equal 32 Quidway display ip routing table ip prefix abc2 Routes matched by ip prefix abc2 Summary count 2 Destination Mask Protocol Pre Cost Nexthop Interface 10 1 1 0 24 DIRECT 0 0 10 1 1 2 Vlan interface1 10 1 1 2 32 DIRECT 0 0 127 0 0 1 InLoopBack0 For detailed description of the output information see Table 1 1 Display the verbose informat...

Page 319: ...the inactive route information Without this argument provided this command displays both active and inactive route information verbose With this argument provided this command displays the verbose route information Without this argument provided this command displays route summary only Description Use the display ip routing table protocol command to display the route information of a specific prot...

Page 320: ...STATIC Routing tables status inactive Summary count 1 Destination Mask Protocol Pre Cost Nexthop Interface 1 2 3 0 24 STATIC 60 0 1 2 4 5 Vlan interface10 For detailed description of the output information see Table 1 1 1 1 7 display ip routing table radix Syntax display ip routing table radix View Any view Parameter None Description Use the display ip routing table radix command to display the ro...

Page 321: ...play ip routing table statistics View Any view Parameter None Description Use the display ip routing table statistics command to display the integrated routing information The integrated routing information includes the total number of routes the number of active routes the number of routes added by protocols and the number of routes deleted Example Display the integrated route information Quidway...

Page 322: ...leted Such routes will be freed in a period of time Total Total number of the different kinds of routes 1 1 9 display ip routing table verbose Syntax display ip routing table verbose View Any view Parameter None Description Use the display ip routing table verbose command to display the verbose routing table information With the verbose argument provided this command displays the verbose routing t...

Page 323: ...face 127 0 0 1 InLoopBack0 State NoAdvise Int ActiveU Retain Gateway Unicast Age 20 17 42 Cost 0 0 Destination 2 2 2 0 Mask 255 255 255 0 Protocol DIRECT Preference 0 NextHop 2 2 2 1 Interface 2 2 2 1 Vlan interface2 State Int ActiveU Retain Unicast Age 20 08 05 Cost 0 0 First display statistics of the whole routing table Then output detailed information of every route entry in turn Table 1 2 show...

Page 324: ...dress mask mask length interface type interface number next hop preference preference value reject blackhole description text detect group group number undo ip route static ip address mask mask length interface type interface number next hop preference preference value reject blackhole description text detect group group number View System view Parameter ip address Destination IP address in dotted...

Page 325: ... group Description Use the ip route static command to configure a static route Use the undo ip route static command to delete a manually configured static route By default the system can obtain the subnet route directly connected to the router When you configure a static route if no preference is specified for the route the preference defaults to 60 and if the route is not specified as reject or b...

Page 326: ... checkzero Syntax checkzero undo checkzero View RIP view Parameter None Description Use the checkzero command to enable zero field check of RIP 1 packets Use the undo checkzero command to disable zero field check By default RIP 1 performs zero field check According to the protocol RFC 1058 specifications some fields in RIP 1 packets must be zero and these fields are called zero fields You can use ...

Page 327: ...cost command to set the default routing cost of imported routes Use the undo default cost command to restore the default value If no routing cost is specified when you use the import route command to import routes from another routing protocol the routes will be imported with the default routing cost specified with the default cost command Related command import route Example Set the default routi...

Page 328: ... timer 120 No peer router Network 202 38 168 0 Table 2 1 Description on the fields of the display rip command Field Description RIP is running RIP is active Checkzero is on Zero field checking is enabled Default cost 1 The default route cost is 1 Summary is on Routes are aggregated automatically Preference 100 The preference of RIP is 100 Period update timer 30 Timeout timer 180 Garbage collection...

Page 329: ...face command Field Description Address IP address of the interface running RIP You need to use the network command to enable the network segment on which the address resides Interface Name of the interface running RIP The IP address of the interface corresponds to that in the Address field Ver Version of RIP running on the interface MetrIn Out Additional routing metric added when a route is receiv...

Page 330: ...t 192 168 110 0 24 1 31 31 31 8 7s 31 31 31 8 A 200 1 1 0 24 1 31 31 31 8 7s 31 31 31 8 A 130 1 0 0 16 1 31 31 31 8 7s 31 31 31 8 A Table 2 3 Description on the fields of the display rip routing command Field Description Destination Mask Destination address Mask Cost Cost NextHop Net hop address Age Amount of time that elapsed after the route is advertised SourceGateway Gateway originating the rou...

Page 331: ...utes are to be sent received based on such fields as acl cost interface ip ip prefix tag routing protocol Routing protocol whose routing information is to be filtered Currently this can be direct ospf ospf ase ospf nssa or static Description Use the filter policy export command to enable RIP to filter the routing information to be advertised Use the undo filter policy export command to cancel the ...

Page 332: ...ters routing information A route policy can enable RIP to determine which routes are to be sent received based on such fields as acl cost interface ip ip prefix tag Description Use the filter policy gateway command to enable RIP to filter received routing information by a specified address so that the routing information advertised by the address can pass the filter Use the undo filter policy gate...

Page 333: ...of host routes from the same network segment These routes are of little help to path searching and occupy a lot of resources In this case the undo host route command can be used to reject host routes Example Enable RIP to reject host routes Quidway system view System View return to User View with Ctrl Z Quidway rip Quidway rip undo host route 2 1 9 import route Syntax import route protocol cost va...

Page 334: ...ance the capability of RIP to obtain routes thereby improving RIP performance If the cost value is not specified routes will be imported with the default routing cost set by the default cost command ranging from 1 to 16 If the cost of an imported route is 16 RIP marks the route as HOLD DOWN however the route can still be used to forward packets and continues to announce the route with this cost to...

Page 335: ...ce using either command will not receive transmit RIP routes any more The difference between them is that in the case of undo rip work other interfaces will still forward the routes of the interface on which the undo rip work command is executed In the case of undo network other interfaces will not forward the routes of the interface on which the undo network command is executed and it seems that ...

Page 336: ... a unicast address By default RIP does not send packets to any address in unicast mode This command is used to for non broadcast networks to which protocol packets cannot be sent in broadcast mode And you are not recommended to use this command in normal situation Example Specify a unicast destination address of 202 38 165 1 Quidway system view System View return to User View with Ctrl Z Quidway r...

Page 337: ...d to modify the RIP preference manually Example Specify the RIP preference as 20 Quidway system view System View return to User View with Ctrl Z Quidway rip Quidway rip preference 20 2 1 13 reset Syntax reset View RIP view Parameter None Description Use the reset command to reset the system configuration parameters of RIP When you need to re configure the parameters of RIP you can use this command...

Page 338: ...igure various RIP global parameters You can however configure the interface based parameters regardless of whether RIP is enabled Note Note that the interface parameters configured previously would be invalid when RIP is disabled Example Enable RIP and enter RIP view Quidway system view System View return to User View with Ctrl Z Quidway rip Quidway rip 2 1 15 rip authentication mode Syntax rip au...

Page 339: ... key id MD5 cipher text authentication identifier ranging from 1 to 255 Description Use the rip authentication mode command to configure RIP 2 authentication mode and its parameters Use the undo rip authentication mode command to cancel all authentication Only one authentication key is supported each time authentication is performed An authentication key newly input overwrites an old one Related c...

Page 340: ...RIP packets This command is used in cooperation with another two commands rip output and rip work Functionally rip work is equivalent to rip input rip output The latter two control the receipt and the transmission of RIP packets respectively on an interface The former command equals the functional combination of the latter two commands Related command rip output rip work Example Configure the inte...

Page 341: ...ived on an interface Use the undo rip metricin command to restore the default value of this additional route metric Related command rip metricout Example Set the additional route metric added to RIP routes received on Vlan interface 10 to 2 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 rip metricin 2 2 1 18 rip metricou...

Page 342: ...by the router and those generated by the router itself It does not apply to any route imported to RIP by any other routing protocol Related command rip metricin Example Set the additional route metric added to the RIP routes to be transmitted on Vlan interface 10 to 2 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 rip me...

Page 343: ...ts Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 undo rip output 2 1 20 rip split horizon Syntax rip split horizon undo rip split horizon View Interface view Parameter None Description Use the rip split horizon command to configure an interface to use split horizon when transmitting RIP packets Use the undo rip split ho...

Page 344: ...mand to restore the default RIP packet version on the interface By default the interface RIP version is RIP 1 RIP 1 transmits packets in broadcast mode while RIP 2 transmits packets in multicast mode by default When running RIP 1 the interface only receives and transmits RIP 1 broadcast packets and receives RIP 2 broadcast packets but does not receive RIP 2 multicast packets When running RIP 2 in ...

Page 345: ...sable RIP from transmitting and receiving RIP packets on an interface By default RIP is enabled from transmitting and receiving RIP packets on an interface This command is used in cooperation with rip input rip output and network commands Related command network rip input rip output Example Disable RIP from transmitting and receiving RIP packets on the interface Vlan interface 10 Quidway system vi...

Page 346: ...to broadcast subnet routes RIP 1 does not support subnet mask Forwarding subnet routes may cause ambiguity Therefore RIP 1always uses route aggregation Related command rip version Example Set RIP version on the interface Vlan interface 10 as RIP 2 and disable route aggregation Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface...

Page 347: ... of the Period Update timer Adjusting the Period Update timer will affect the Garbage collection timer The modification of RIP timers is validated immediately Related command display rip Example Set the values of the Period Update timer and the Timeout timer of RIP to 10 seconds and 30 seconds respectively Quidway system view System View return to User View with Ctrl Z Quidway rip Quidway rip time...

Page 348: ...RIP Configuration Commands Huawei Technologies Proprietary 2 23 By default traffic sharing across RIP interfaces is disabled Example Enable traffic sharing across RIP interfaces Quidway system view System View return to User View with Ctrl Z Quidway rip Quidway rip traffic share across interface ...

Page 349: ... common sense and Ethernet switches running a routing protocol To improve readability this will not be mentioned again in this manual 3 1 OSPF Configuration Commands 3 1 1 abr summary Syntax abr summary ip address mask advertise not advertise undo abr summary ip address mask View OSPF Area view Parameter ip address Network segment address mask Network mask advertise Specifies to advertise the aggr...

Page 350: ...aggregate multiple network segments Example Aggregate the routes in the two network segments 36 42 10 0 and 36 42 110 0 in OSPF area 1 into one summary route 36 42 0 0 and transmit it to other areas Quidway system view System View return to User View with Ctrl Z Quidway ospf 1 Quidway ospf 1 area 1 Quidway ospf 1 area 0 0 0 1 network 36 42 10 0 0 0 0 255 Quidway ospf 1 area 0 0 0 1 network 36 42 1...

Page 351: ...It ranges from 0 to 4294967295 and defaults to 1 Description Use the asbr summary command to configure the aggregation of imported routes by OSPF Use the undo asbr summary command to cancel the aggregation By default imported routes are not aggregated After the aggregation of imported routes is configured if the local router is an autonomous system border router ASBR this command aggregates the im...

Page 352: ...e of this area By default an area does not support authentication attribute All the routers in one area must use the same authentication mode no authentication simple text authentication or MD5 cipher text authentication If the mode of supporting authentication is configured all routers on the same segment must use the same authentication key Use the ospf authentication mode simple command to conf...

Page 353: ... external routes Use the undo default cost command to restore the default routing cost of external routes to its default value Since OSPF can import external routing information and propagate the information to the entire autonomous system routing cost of external routes can influence route selection and calculation Therefore it is necessary to specify the default routing cost for the protocol to ...

Page 354: ...evice Therefore it is necessary to specify the default interval for the protocol to import external routes Example Specify the default interval for OSPF to import external routes as 10 seconds Quidway system view System View return to User View with Ctrl Z Quidway ospf 1 Quidway ospf 1 default interval 10 3 1 7 default limit Syntax default limit routes undo default limit View OSPF view Parameter r...

Page 355: ...default tag View OSPF view Parameter tag Default tag ranging from 0 to 4294967295 Description Use the default tag command to configure the default tag of OSPF when it imports an external route Use the undo default tag command to restore the default tag of OSPF when it imports the external route When OSPF imports a route found by another routing protocol in the router and uses it as the external ro...

Page 356: ...s Use the undo default type command to restore the default type when OSPF imports external routes By default the external routes of type 2 are imported OSPF specifies the two types of external routing information You can use the command described in this section to specify the default type when external routes are imported Related command default tag Example Configure OSPF to import external route...

Page 357: ... to use the stub and default cost commands You must use the stub command on all the routers connected to a STUB area to configure the area with the STUB attribute Use the default cost command to configure the cost of the default route transmitted by an ABR to the STUB area or NSSA area Related command stub nssa Example Set area 1 as the STUB area and the cost of the default route transmitted to th...

Page 358: ... in ase lsa The route policy name argument is a string containing 1 to 19 characters Description Use the default route advertise command to import the default route to OSPF route area Use the undo default route advertise command to cancel the import of the default route By default OSPF does not import the default route The import route command cannot import the default route To import the default ...

Page 359: ...f OSPF process 1 debugging state OSPF EVENT debugging switch is on 3 1 13 display ospf abr asbr Syntax display ospf process id abr asbr View Any view Parameter process id OSPF Process ID If you do not specify a process ID this command applies to all current OSPF processes Description Use the display ospf abr asbr command to display the information about the ABR and ASBR of OSPF Example Display the...

Page 360: ... Syntax display ospf process id asbr summary ip address mask View Any view Parameter process id OSPF Process ID If you do not specify a process ID this command applies to all current OSPF processes ip address Matched IP address in dotted decimal notation mask IP address mask in dotted decimal notation Description Use the display ospf asbr summary command to display the summary information of OSPF ...

Page 361: ...r summary command Field Description net Destination network segment mask Mask tag Tag Status information which takes one of the following two values DoNotAdv ertise The summary routing information to the network segment will not be advertised status Advertise The summary routing information to the network segment will be advertised 3 1 15 display ospf brief Syntax display ospf process id brief Vie...

Page 362: ...1 1 4 Backup Designated Router 201 1 1 3 Timers Hello 10 Dead 40 Poll 40 Retransmit 5 Transmit Delay 1 Table 3 3 Description on the fields of the display ospf brief command Field Description RouterID Router ID of the router Border Router Border routers for connection to the area including ASBRs and ABRs spf schedule interval Interval of SPF schedule Authtype Authentication type of OSPF Routing pre...

Page 363: ...OSPF timers defined as follows Hello Interval of hello packet Dead Interval of dead neighbors Poll Interval of poll Timers Retransmit Interval of retransmitting LSA Transmit Delay Delay time of transmitting LSA 3 1 16 display ospf cumulative Syntax display ospf process id cumulative View Any view Parameter process id OSPF Process ID If you do not specify a process ID this command applies to all cu...

Page 364: ...ces 1 Spf 19 Checksum Sum 14EAD rtr 1 net 0 sumasb 1 sumnet 1 Routing Table Intra Area 2 Inter Area 0 ASE 1 Table 3 4 Description on the fields of the display ospf cumulative command Field Description Type Type of input output OSPF packet Input Number of received packets IO Statistics Output Number of transmitted packets ASE Number of all ASE LSAs checksum sum Checksum of ASE LSA originated Number...

Page 365: ...F error information Example Display the OSPF error information Quidway display ospf error OSPF Process 1 with Router ID 1 1 1 1 OSPF packet error statistics OSPF packet error statistics 0 IP received my own packet 0 OSPF wrong packet type 0 OSPF wrong version 0 OSPF wrong checksum 0 OSPF wrong area id 0 OSPF area mismatch 0 OSPF wrong virtual link 0 OSPF wrong authentication type 0 OSPF wrong auth...

Page 366: ...n OSPF version error OSPF wrong checksum OSPF checksum error OSPF wrong area id OSPF area ID error OSPF area mismatch OSPF area mismatch OSPF wrong virtual link OSPF virtual link error OSPF wrong authentication type OSPF authentication type error OSPF wrong authentication key OSPF authentication key error OSPF too small packet OSPF packet too small OSPF packet size ip length OSPF packet size excee...

Page 367: ...neighbor state low Link state request LS REQ packet LS REQ empty request Link state request packet empty request LS REQ wrong request Link state request packet erroneous request LS UPD neighbor state low Link state update packet asynchronous neighbor state LS UPD newer self generate LSA Link state update packet newer LSA generated by itself LS UPD LSA checksum wrong Link state update packet LSA ch...

Page 368: ...nterfaces Interface 10 110 10 2 Vlan interface1 Cost 1 State BackupDR Type Broadcast Priority 1 Designated Router 10 110 10 1 Backup Designated Router 10 110 10 2 Timers Hello 10 Dead 40 Poll 10 Retransmit 5 Transmit Delay 1 Table 3 6 Description on the fields of the display ospf interface command Field Description Cost Cost of the interface State State of the interface state machine Type Network ...

Page 369: ...se information about the Type 5 LSAs AS external LSAs This argument is unavailable if you have provided a value for area id network Displays the database information about the Type 2 LSAs network LSAs nssa Displays the database information about the Type 7 LSAs NSSA external LSAs router Displays the database information about the Type 1 LSAs router LSAs summary Displays the database information ab...

Page 370: ...5 28 80000003 10 Inter List ASB 2 2 2 2 1 1 1 1 355 28 80000003 10 SumAsb List AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric Where ASE 10 153 18 0 1 1 1 1 1006 36 80000002 1 Ase List ASE 10 153 16 0 2 2 2 2 798 36 80000002 1 Uninitialized ASE 10 153 17 0 2 2 2 2 623 36 80000003 1 Uninitialized ASE 10 153 17 0 1 1 1 1 1188 36 80000002 1 Ase List Table 3 7 Description on t...

Page 371: ...Field Description type Type of the LSA ls id Link state ID of the LSA adv rtr Router ID of the router that advertises the LSA ls age Age of the LSA len Length of the LSA seq Sequence number of the LSA chksum Checksum of the LSA Options Options of the LSA Net mask Network mask E type Type of external route Forwarding Address Forwarding address Tag Tag 3 1 20 display ospf nexthop Syntax display ospf...

Page 372: ... 2 Neighbor 1 202 38 160 1 Vlan interface2 Table 3 9 Description on the fields of the display ospf nexthop command Field Description Address Address of next hop Type Type of next hop Refcount Reference count of the next hop namely number of routes using the next hop Intf Addr IP address of the interface to the next hop Intf Name Interface to the next hop nexthop Next hop 3 1 21 display ospf peer S...

Page 373: ... DR 10 153 17 89 BDR 10 153 17 88 Dead timer expires in 31s Neighbor has been up for 01 14 14 Table 3 10 Description on the fields of the display ospf peer command Field Description RouterID Router ID of neighbor router Address Address of the interface through which neighbor router communicates with the router State State of adjacency relation Mode Master Slave mode formed by negotiation in exchan...

Page 374: ...router interface connected to the neighbor router State Neighbor router states If the neighbor router is a designated router its state is displayed as state DR If the neighbor router is a backup designated router its state is displayed as state BDR Display OSPF peer statistics Quidway display ospf peer statistics OSPF Process 1 with Router ID 1 1 1 1 Neighbor Statistics Area ID Down Attempt Init 2...

Page 375: ...nication between OSPF router and neighbor router has been established DR and BDR can be selected in this state or higher state ExStart In this state the router determines the sequence number of initial database description DD packet used for data exchange so that it can obtain the latest link state information Exchange It indicates that OSPF router sends DD packet to its neighbor routers to exchan...

Page 376: ... s Neighbors is RouterID 1 1 1 1 Address 1 1 1 1 Interface 1 1 1 3 Area 0 0 0 0 LSID 1 1 1 3 AdvRouter 1 1 1 3 Sequence 80000017 Age 35 Table 3 13 Description on the fields of the display ospf request queue command Field Description RouterID Router ID of neighbor router Address Address of the interface through which neighbor routers communicate with the router Interface Address of the interface on...

Page 377: ...trans queue OSPF Process 200 with Router ID 103 160 1 1 Retransmit List The Router s Neighbors is RouterID 162 162 162 162 Address 103 169 2 2 Interface 103 169 2 5 Area 0 0 0 1 Retrans list Type ASE LSID 129 11 77 0 AdvRouter 103 160 1 1 Type ASE LSID 129 11 108 0 AdvRouter 103 160 1 1 Table 3 14 Description on the fields of the display ospf retrans queue command Field Description RouterID Router...

Page 378: ...le Display OSPF routing information Quidway display ospf routing OSPF Process 1 with Router ID 1 1 1 1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10 110 0 0 16 1 Net 10 110 10 1 10 10 10 1 0 0 0 0 10 10 0 0 16 1 Stub 10 10 0 1 3 3 3 3 0 0 0 0 Total Nets 2 Intra Area 2 Inter Area 0 ASE 0 NSSA 0 Table 3 15 Description on the fields of the display ospf routing com...

Page 379: ...se the display ospf vlink command to display the information about OSPF virtual links Example Display OSPF virtual link information Quidway display ospf vlink OSPF Process 1 with Router ID 1 1 1 1 Virtual Links Virtual link Neighbor id 2 2 2 2 State Full Cost 0 State Full Type Virtual Transit Area 0 0 0 2 Timers Hello 10 Dead 40 Poll 0 Retransmit 5 Transmit Delay 1 Table 3 16 Description on the fi...

Page 380: ...Name of the address prefix list routing protocol Routing protocol advertising the routing information At present it can be direct rip or static Description Use the filter policy export command to configure the rule for filtering the advertised routing information by OSPF Use the undo filter policy export command to cancel the filtering rule configured By default no filtering of the advertised rout...

Page 381: ...o filter policy acl number ip prefix ip prefix name gateway ip prefix name import View OSPF view Parameter acl number Basic or advanced Access control list used for filtering the destination addresses of the routing information ip prefix name Name of the address prefix list used for filtering the destination addresses of the routing information gateway ip prefix name Specifies the name of the addr...

Page 382: ...uting information according to the rule defined by ACL 2000 Quidway system view System View return to User View with Ctrl Z Quidway acl number 2000 Quidway acl basic 2000 rule permit source 20 0 0 0 0 255 255 255 Quidway acl basic 2000 rule deny source any Quidway ospf 1 filter policy 2000 import 3 1 28 import route Syntax import route protocol cost value type value tag value route policy route po...

Page 383: ...he attribute By default the routing information of other protocols is not imported Example Configure to import RIP routes as type 2 routes with the route tag of 33 and the route cost of 50 Quidway system view System View return to User View with Ctrl Z Quidway ospf 1 Quidway ospf 1 import route rip type 2 tag 33 cost 50 3 1 29 log peer change Syntax log peer change View OSPF view Parameter None De...

Page 384: ...equivalent routes to 2 Quidway system view System View return to User View with Ctrl Z Quidway ospf 1 Quidway ospf 1 multi path number 2 3 1 31 network Syntax network ip address ip mask undo network ip address ip mask View OSPF Area view Parameter ip address Address of the network segment where the interface resides ip mask IP address wildcard shielded text similar to the complement of the IP addr...

Page 385: ... View with Ctrl Z Quidway ospf 1 Quidway ospf 1 area 6 Quidway ospf 1 area 0 0 0 6 network 10 110 36 0 0 0 0 0 255 3 1 32 nssa Syntax nssa default route advertise no import route no summary undo nssa View OSPF Area view Parameter default route advertise Imports the default route to the NSSA area no import route Specifies not to import route to the NSSA area no summary An ABR is disabled from trans...

Page 386: ...l Z Quidway ospf 1 Quidway ospf 1 area 1 Quidway ospf 1 area 0 0 0 1 network 36 0 0 0 0 255 255 255 Quidway ospf 1 area 0 0 0 1 nssa 3 1 33 ospf Syntax ospf process id router id router id undo ospf process id View System view Parameter process id OSPF Process ID ranging from 1 to 65535 By default the process ID is 1 process id is locally significant router id Router ID used by an OSPF process in d...

Page 387: ...displayed in a cipher text form with 24 characters in length when the display current configuration command is executed Inputting the MD5 key in a cipher text form with 24 characters in length is also supported Description Use the ospf authentication mode command to configure the authentication mode and key between adjacent routers Use the undo ospf authentication mode command to cancel the authen...

Page 388: ...o ospf cost View Interface view Parameter value Cost for running OSPF protocol ranging from 1 to 65 535 Description Use the ospf cost command to configure different packets sending costs so as to send packets from different interfaces Use the undo ospf cost command to restore the default costs For the switch the default cost for running OSPF protocol on a VLAN interface is 10 Example Specify the c...

Page 389: ...erface Vlan interface 10 to 8 during DR election Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 ospf dr priority 8 3 1 37 ospf mib binding Syntax ospf mib binding process id undo ospf mib binding View System view Parameter process id OSPF Process ID It ranges from 1 to 65535 and defaults to 1 Description Use the ospf mib...

Page 390: ... to enable the interface to write MTU value when sending DD packets Use the undo ospf mtu enable command to restore the default settings By default the MTU value is 0 when sending DD packets That is the actual MTU value of the interface is not written Database Description DD packets are used to describe its own LSDB when the router running OSPF protocol is synchronizing the database The default MT...

Page 391: ...adopted OSPF defaults the network type to broadcast z Non Broadcast Multi access nbma If Frame Relay ATM HDLC or X 25 is adopted OSPF defaults the network type to NBMA z Point to Multipoint p2mp OSPF will not default the network type of any link layer protocol to p2mp The general undertaking is to change a partially connected NBMA network to p2mp network if the NBMA network is not fully meshed z P...

Page 392: ...face Vlan interface 10 Quidway Vlan interface10 ospf network type nbma 3 1 40 ospf timer dead Syntax ospf timer dead seconds undo ospf timer dead View Interface view Parameter seconds Dead interval of the OSPF neighbor It is in seconds and ranges from 1 to 65535 Description Use the ospf timer dead command to configure the dead interval of the OSPF peer Use the undo ospf timer dead command to resto...

Page 393: ...ansmits hello packet It ranges from 1 to 255 Description Use the ospf timer hello command to configure the interval for transmitting Hello messages on an interface Use the undo ospf timer hello command to restore the interval to the default value By default the interval is 10 seconds for an interface of p2p or broadcast type to transmit Hello messages and 30 seconds for an interface of p2mp or nbm...

Page 394: ...ds You can configure the poll seconds to specify how often the interface transmits Hello packet before it establishes adjacency with the adjacent router Poll seconds should be no less than 3 times of Hello Example Configure to transmit poll Hello packet through interface Vlan interface 20 every 130 seconds Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan inter...

Page 395: ...transmission between the interface Vlan interface 10 and the adjacent routers to 12 seconds Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 ospf timer retransmit 12 3 1 44 ospf trans delay Syntax ospf trans delay seconds undo ospf trans delay View Interface view Parameter seconds LSA transmission delay on an interface It ...

Page 396: ...ority dr priority undo peer ip address View OSPF view Parameter ip address IP address of the peer dr priority Value of the corresponding priority of a neighbor in the NBMA network It ranges from 0 to 255 and defaults to 1 Description Use the peer command to configure the IP address of the neighbor router and specify DR priority on an NBMA network Use the undo peer command to cancel this configurat...

Page 397: ...use multiple dynamic routing protocols could be running on a router there is the problem of routing information sharing among routing protocols and selection Therefore a default preference is specified for each routing protocol When a route is identified by different protocols the protocol with the highest preference selected for forwarding IP packets Example Specify the preference of an imported ...

Page 398: ... re enable OSPF Example Reset all the OSPF processes Quidway reset ospf all Reset OSPF process 200 Quidway reset ospf 200 3 1 48 router id Syntax router id router id undo router id View System view Parameter router id Router ID in dotted decimal notation Description Use the router id command to configure the ID of a router running the OSPF protocol Use the undo router id command to cancel the rout...

Page 399: ...ly after OSPF is re enabled Related command ospf Example Set the router ID to 10 1 1 3 Quidway system view System View return to User View with Ctrl Z Quidway router id 10 1 1 3 3 1 49 silent interface Syntax silent interface silent interface type silent interface number undo silent interface silent interface type silent interface number View OSPF view Parameter silent interface type Interface typ...

Page 400: ...rocess id ifstatechange iftxretransmit virifstatechange nbrstatechange virnbrstatechange ifcfgerror virifcfgerror ifauthfail virifauthfail ifrxbadpkt virifrxbadpkt viriftxretransmit originatelsa maxagelsa lsdboverflow lsdbapproachoverflow View System view Parameter process id OSPF Process ID If you do not specify a process ID this command applies to all current OSPF processes ifstatechange virifst...

Page 401: ... seconds It ranges from 1 to 10 and defaults to 5 Description Use the spf schedule interval command to configure the route calculation interval of OSPF Use the undo spf schedule interval command to restore the default setting According to the Link State Database LSDB the router running OSPF can calculate the shortest path tree taking itself as the root and determine the next hop to the destination...

Page 402: ... the router is an ABR it will send a default route to the connected stub area Use the default cost command to configure the default route cost In addition you can specify the no summary argument in the stub command to disable the receiving of type 3 LSAs by the stub area connected to the ABR Related command default cost Example Set the type of OSPF area 1 to STUB Quidway system view System View re...

Page 403: ...authentication key ID It ranges from 1 to 255 It must be equal to the authentication key ID of the virtually linked peer key MD5 authentication key If you use simple text authentication key you can input a string containing 1 to 16 characters When you use the display current configuration command to display system information the MD5 authentication key is displayed in the form of cipher text with ...

Page 404: ... Quidway S3900 Series Ethernet Switches Release 1510 Chapter 3 OSPF Configuration Commands Huawei Technologies Proprietary 3 56 Quidway ospf 1 Quidway ospf 1 area 10 0 0 0 Quidway ospf 1 area 10 0 0 0 vlink peer 10 110 0 3 md5 3 345 ...

Page 405: ...IP Routing Policy Configuration Commands 4 1 1 apply cost Syntax apply cost value undo apply cost View Route policy view Parameter value Route cost value of route information Description Use the apply cost command to configure the route cost value of route information Use the undo apply cost command to cancel the apply clause By default no apply clause is defined An apply clause of Route policy se...

Page 406: ...tion Use the apply tag command to configure to set the tag area of route information Use the undo apply tag command to cancel the apply clause Related command if match interface if match acl if match ip prefix if match ip next hop if match cost if match tag route policy and apply cost Example Define an apply clause When it is used for setting route information attribute it sets the tag area of rou...

Page 407: ...w return to User View with Ctrl Z Quidway route policy policy permit node 1 New sequence of this list Quidway route policy apply tag 100 Table 4 1 Description on the fields of the display ip ip prefix command Field Description name Name of ip prefix index Internal sequence number of ip prefix conditions Mode permit or deny ip prefix mask Address and network segment length of ip prefix GE Greater e...

Page 408: ...1 apply cost 100 matched 0 denied 0 Table 4 2 Description on the fields of the display route policy command Field Description Route policy Name of ip prefix Information about the route policy with the mode configured as permit and the node as 10 if match prefixlist p1 if match clause configured apply cost 100 Apply routing cost 100 to the routes matching the conditions defined by if match clause m...

Page 409: ...clause When the clause is used for filtering route information the route information filtered by route destination address through address prefix list p1 is permitted to pass the if match clause Quidway system view System View return to User View with Ctrl Z Quidway route policy policy permit node 1 New sequence of this list Quidway route policy if match ip prefix p1 4 1 6 if match cost Syntax if ...

Page 410: ...x if match interface interface type interface number undo if match interface View Route policy view Parameter interface type Interface type interface number Interface number Description Use the if match interface command to configure to match the route whose next hop is the designated interface Use the undo if match interface command to cancel the setting of matching condition By default no if mat...

Page 411: ... information Use the undo if match ip next hop command to cancel the setting of ACL matching condition Use the undo if match ip next hop ip prefix command to cancel the setting of address prefix list matching condition By default no if match clause is defined An if match clause of route policy is used to specify the next hop matching the routing information when filtering the routes It performs fi...

Page 412: ... if match ip prefix if match ip next hop if match cost route policy apply cost and apply tag Example Define an if match clause to permit the OSPF route information whose tag value is 8 to pass the if match clause Quidway system view System View return to User View with Ctrl Z Quidway route policy policy permit node 1 New sequence of this list Quidway route policy if match tag 8 4 1 10 ip ip prefix...

Page 413: ...ss prefix network len has been matched The meaning of greater equal is greater than or equal to and the meaning of less equal is less than or equal to The range is len greater equal less equal 32 When only greater equal is used it denotes the prefix range greater equal 32 When only less equal is used it denotes the prefix range len less equal Description Use the ip ip prefix command to configure a...

Page 414: ...de will not be tested node Specifies the node of the route policy node number Index of the node in the route policy When this route policy is used for routing information filter the node with smaller node number will be matched first Description Use the route policy command to enter the Route policy view Use the undo route policy command to delete the created Route policy By default no Route polic...

Page 415: ...n Commands Huawei Technologies Proprietary 4 11 Example Configure Route policy policy1 with the node number of 10 and the match mode of permit and enter Route policy view Quidway system view System View return to User View with Ctrl Z Quidway route policy policy1 permit node 10 New sequence of this list Quidway route policy ...

Page 416: ...rs in common sense and Ethernet switches running a routing protocol To improve readability this will not be mentioned again in this manual 5 1 Route Capacity Configuration Commands 5 1 1 display memory Syntax display memory unit unit id Mode Any view Parameter unit id Unit ID Description Use the display memory command to display the memory setting Example Display the current memory setting of the ...

Page 417: ...t Mode Any view Parameter None Description Use the display memory limit command to display the memory setting and state information related to route capacity This command displays the current memory limit configuration free memory and state information about connections such as times of disconnection times of reconnection and whether the current state is normal Example Display the current memory s...

Page 418: ...he switch memory memory auto establish enabled Automatic connection restoration is enabled If automatic connection restoration is disabled auto establish disabled is displayed Free Memory Size of the current free memory in bytes The times of disconnect 0 The times of the disconnection of the routing protocol is 0 The times of reconnect 0 The times of reconnection of the routing protocol is 0 The c...

Page 419: ... Example Disable automatic restoration of the routing protocol connections when the free memory of the current switch recovers Quidway system view System View return to User View with Ctrl Z Quidway memory auto establish disable 5 1 4 memory auto establish enable Syntax memory auto establish enable View System view Parameter None Description Use the memory auto establish enable command to enable a...

Page 420: ...Use the memory limit limit value command to configure the lower limit of the switch free memory When the free memory of the switch is less than this limit all the routing protocol connections will be disconnected forcibly The limit value argument in the command must be less than the current free memory safety value otherwise the configuration will fail Use the memory safety safety value command to...

Page 421: ...o memory command to restore the default safety value and lower limit of the switch free memory Related command memory auto establish disable memory auto establish enable and display memory limit Example Set the lower limit of the switch free memory to 1 MB and the safety value to 3 MB Quidway system view System View return to User View with Ctrl Z Quidway memory safety 3 limit 1 ...

Page 422: ...p snooping router aging time 1 12 1 1 14 reset igmp snooping statistics 1 13 1 1 15 service type multicast 1 13 Chapter 2 Common IP Multicast Configuration Commands 2 1 2 1 Common IP Multicast Configuration Commands 2 1 2 1 1 display multicast forwarding table 2 1 2 1 2 display multicast routing table 2 2 2 1 3 display multicast source deny 2 4 2 1 4 multicast route limit 2 5 2 1 5 multicast routi...

Page 423: ...13 igmp timer other querier present 5 13 5 1 14 igmp timer query 5 14 5 1 15 igmp version 5 15 5 1 16 reset igmp group 5 16 Chapter 6 PIM Configuration Commands 6 1 6 1 PIM Configuration Commands 6 1 6 1 1 bsr policy 6 1 6 1 2 c bsr 6 2 6 1 3 c rp 6 3 6 1 4 crp policy 6 4 6 1 5 display pim bsr info 6 5 6 1 6 display pim interface 6 6 6 1 7 display pim neighbor 6 7 6 1 8 display pim routing table 6...

Page 424: ...3 7 1 5 display msdp sa count 7 5 7 1 6 import source 7 6 7 1 7 msdp 7 6 7 1 8 msdp tracert 7 7 7 1 9 originating rp 7 9 7 1 10 peer description 7 10 7 1 11 peer mesh group 7 11 7 1 12 peer minimum ttl 7 11 7 1 13 peer request sa enable 7 12 7 1 14 peer sa cache maximum 7 13 7 1 15 peer connect interface 7 14 7 1 16 peer sa policy 7 14 7 1 17 peer sa request policy 7 15 7 1 18 reset msdp peer 7 16...

Page 425: ...itches where the IP multicast protocol is running 1 1 IGMP Snooping Configuration Commands 1 1 1 display igmp snooping configuration Syntax display igmp snooping configuration View Any view Parameter None Description Use the display igmp snooping configuration command to display IGMP Snooping configuration information When IGMP Snooping is enabled on the switch this command displays the following ...

Page 426: ... Use the display igmp snooping group command to display information about the IP and MAC multicast groups under one specified VLAN with vlan vlan id or all VLANs without vlan vlan id This command displays the following information VLAN ID router port IP multicast group address member ports included in the IP multicast group MAC multicast group MAC multicast group address and member ports included ...

Page 427: ...ror IGMP messages received and the number of the IGMP group specific query messages sent Related command igmp snooping Example Display IGMP Snooping message statistics Quidway display igmp snooping statistics Received IGMP general query packet s number 0 Received IGMP specific query packet s number 0 Received IGMP V1 report packet s number 0 Received IGMP V2 report packet s number 0 Received IGMP ...

Page 428: ...he IGMP Snooping feature is disabled Example Enable the IGMP Snooping feature on the switch Quidway system view System View return to User View with Ctrl Z Quidway igmp snooping enable Enable IGMP Snooping ok 1 1 5 igmp snooping fast leave Syntax igmp snooping fast leave vlan vlan list undo igmp snooping fast leave vlan vlan list View System view Ethernet port view Parameter vlan list VLAN list re...

Page 429: ...ort has only one user enabling IGMP fast leave processing can save bandwidth Note z This feature is effective for IGMP V2 enabled clients z When this feature is enabled if one of the multiple users on a port leaves the multicast services for the other users in the same multicast group may be interrupted Example Enable IGMP fast leave processing on Ethernet1 0 1 port Quidway system view System View...

Page 430: ...ndo igmp snooping general query source ip command to configure the Layer 2 switch to use the default IP address as the source address when sending general query packets These commands are effective after the IGMP Snooping querier is enabled on the switch Otherwise the switch cannot send general query packets By default the Layer 2 multicast switch sends general query packets with the source IP add...

Page 431: ...st undo igmp snooping group policy vlan vlan list View System view Ethernet port view Parameter acl number Basic ACL number in the range of 2000 to 2999 vlan id ID of the VLAN for the Ethernet port in the range of 1 to 4094 Description Use the igmp snooping group policy command to configure an IGMP Snooping filtering ACL Use the undo igmp snooping group policy command to remove the IGMP Snooping f...

Page 432: ...u can configure only one ACL z If no ACL rule is configured or the port does not belong to the specified VLAN the filter ACL you configured does not take effect on the port z Since most devices broadcast unknown multicast packets this function is often used together with the unknown multicast packet drop function to prevent multicast streams from being broadcasted to a filtered port as unknown mul...

Page 433: ...ed in the deny rule of ACL 2001 Quidway interface Ethernet 1 0 2 Quidway Ethernet1 0 2 igmp snooping group policy 2001 vlan 2 1 1 9 igmp snooping host aging time Syntax igmp snooping host aging time seconds undo igmp snooping host aging time View System view Parameter seconds Aging time of multicast member ports in the range of 200 to 1000 in seconds Description Use the igmp snooping host aging ti...

Page 434: ...ription Use the igmp snooping max response time command to configure the query response timeout time Use the undo igmp snooping max response time command to restore the default timeout time By default the query response timeout time is 10 seconds The maximum response time you configured determines how long the switch can wait for a response to an IGMP Snooping query message Related command igmp sn...

Page 435: ...system view System view return to user view with Ctrl Z Quidway igmp snooping enable Quidway vlan 3 Quidway vlan3 igmp snooping enable Quidway vlan3 igmp snooping querier 1 1 12 igmp snooping query interval Syntax igmp snooping query interval seconds undo igmp snooping query interval View VLAN view Parameter seconds Interval for the Layer 2 multicast to send general query packets Description Use t...

Page 436: ...aging time seconds undo igmp snooping router aging time View System view Parameter seconds Aging time of the router port in the range of 1 to 1000 in seconds Description Use the igmp snooping router aging time command to configure the aging time of the router port Use the undo igmp snooping router aging time command to restore the default aging time By default the aging time of the router port is ...

Page 437: ...e Clear IGMP Snooping statistics Quidway reset igmp snooping statistics 1 1 15 service type multicast Syntax service type multicast undo service type multicast View VLAN view Parameter None Description Use the service type multicast command to set the current VLAN as a multicast VLAN Use the undo service type multicast command to cancel the multicast VLAN setting By default no VLAN is a multicast ...

Page 438: ... same multicast VLAN with the router port Otherwise the port cannot receive multicast packets z If a router port is added to a multicast VLAN the router port must be set as a trunk port or tagged hybrid port Otherwise all the multicast member ports in this multicast VLAN cannot receive multicast packets z If a multicast member port needs to receive packets forwarded by the router port which does n...

Page 439: ... multicast group in the range of 224 0 0 0 to 239 255 255 255 source address Unicast IP address of the multicast source incoming interface Specifies the incoming interface of multicast forwarding entries register Registration VLAN interface of PIM SM Description Use the display multicast forwarding table command to display the information about multicast forwarding tables Related command display m...

Page 440: ...ot have an outgoing interface Matched 122 pkts 183000 bytes Wrong If 0 pkts Forwarded 122 pkts 183000 bytes 122 packets which are 183 000 bytes in all match with the s g entry and 0 wrong packet matches with the s g entry 122 packets which are 183 000 bytes in all are forwarded 2 1 2 display multicast routing table Syntax display multicast routing table group address mask mask mask length source a...

Page 441: ...outing Table Total 3 entries 4 4 4 4 224 2 149 17 Uptime 00 15 16 Timeout in 272 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list Vlan interface2 2 2 2 4 Protocol 0x1 IGMP 4 4 4 4 224 2 254 84 Uptime 00 15 16 Timeout in 272 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list NULL 4 4 4 4 239 255 2 2 Uptime 00 02 57 Timeout in 123 sec Upstream interface ...

Page 442: ...ce type Port type interface number Port number Description Use the display multicast source deny command to display the configuration information about the multicast source port check When you use this command to display the information z If you specify neither the port type nor the port number the multicast source port check information about all the ports on the switch is displayed z If you spec...

Page 443: ...st route limit command to restore the default limit on the capacity of the multicast routing table The limit on the capacity of the multicast routing table is 256 by default If the number of existing routing entries exceeds the value to be configured when you configure this command the existing entries in the routing table will not be removed Instead the system will prompt that the number of exist...

Page 444: ...icast source deny Syntax multicast source deny interface interface list undo multicast source deny interface interface list View System view Ethernet port view Parameter interface list Specifies Ethernet port list expressed in the form of interface list interface type interface num interface name to interface type interface num interface name 1 10 The interface number argument refers to one single...

Page 445: ...source port suppression feature is enabled on the specified ports In Ethernet port view the interface list argument cannot be specified in the command and you can use the command to enable the multicast source port suppression feature on the current port only Example Enable the multicast source port suppression feature on all the ports of the switch Quidway system view System View return to User V...

Page 446: ...entries The order of the group address argument and the source address argument can be turned over However you must input valid group addresses and source addresses Otherwise the system prompts error Related command reset pim routing table reset multicast routing table and display multicast forwarding table Example Clear the forwarding entries whose group address is 225 5 4 3 in the MFC forwarding...

Page 447: ...terface type interface number VLAN interface type and VLAN interface number Description Use the reset multicast routing table command to clear the routing entries in the multicast core routing table and remove the corresponding forwarding entries in the MFC forwarding table The order of the group address argument and the source address argument can be turned over However you must input valid group...

Page 448: ...to interface type interface num 1 10 Where interface type is a port type interface number is a port number refer to the parameter description of the interface command in the port command module of this document to is used to specify a port range and 1 10 represents you can totally specify up to 10 ports and port ranges Description Use the mac address multicast command to manually add a multicast M...

Page 449: ...cast vlan command to add a multicast MAC address entry Use the undo mac address multicast vlan command to remove a multicast MAC address entry Each multicast MAC address entry contains multicast address VLAN ID and so on Related command display mac address multicast static Example Add a multicast MAC address entry on Ethernet1 0 1 with multicast address 0100 1000 1000 and VLAN 1 to which the entry...

Page 450: ... vlan id but without mac address will display the information about all the multicast MAC address entries manually added in the specified VLAN including the multicast MAC address VLAN ID state of the MAC address port number and aging time z Executing this command with both mac address and vlan vlan id will display the information about the multicast MAC address entries manually added in the specif...

Page 451: ...icast drop enable Syntax unknown multicast drop enable undo unknown multicast drop enable View System view Parameter None Description Use the unknown multicast drop enable command to enable the unknown multicast drop feature on the switch Use the undo unknown multicast drop enable command to disable the unknown multicast drop feature on the switch Example Enable the unknown multicast drop feature ...

Page 452: ... interface number View Any view Parameter group address Address of the multicast group interface type interface number VLAN interface type and VLAN interface number of the router which are used to specify a VLAN interface Description Use the display igmp group command to view the member information of the IGMP multicast group You can specify to show the information of a group or the member informa...

Page 453: ... display igmp interface Syntax display igmp interface interface type interface number View Any view Parameter interface type interface number VLAN interface type and VLAN interface number of the router which are used to specify a VLAN interface If this argument is not specified the information about all the VLAN interfaces where IGMP is running is displayed Description Use the display igmp interfa...

Page 454: ...me Maximum time of response to query robust count IGMP robust count that is the times of sending IGMP group specific query packets before the IGMP querier receives the IGMP leave packet from the host startup query interval The startup interval of IGMP to send query packets last member query interval The interval of sending IGMP group specific query packets when the IGMP querier receives the IGMP l...

Page 455: ...Example Enable IGMP on Vlan interface 10 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 igmp enable 5 1 4 igmp group limit Syntax igmp group limit limit undo igmp group limit View VALN interface view Parameter limit Quantity of multicast groups in the range of 0 to 256 Description Use the igmp group limit command to limi...

Page 456: ...t the maximum number of IGMP groups on Vlan interface10 to 100 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 igmp group limit 100 5 1 5 igmp group policy Syntax igmp group policy acl number 1 2 port interface list undo igmp group policy port interface list View VLAN interface view Parameter acl number Number of the basi...

Page 457: ...N interface is on to join some multicast groups and receive packets from the multicast groups to use this command to limit the range of the multicast groups serviced by the VLAN interface Related command igmp host join Caution Ethernet ports must belong to the igmp group policy enabled VLAN interfaces only Example Configure the access list 2000 Quidway system view System View return to User View w...

Page 458: ...e configured port must belong to the specified VLAN and the IGMP protocol must be enabled on this port otherwise the configuration does not function Related command igmp group policy igmp host join vlan and igmp host join port Example Configure that only the hosts matching ACL 2000 rules on Ethernet1 0 1 in VLAN interface10 can be added to the multicast group Quidway system view System View return...

Page 459: ...ion By default VLAN interfaces of a switch do not belong to any multicast group Related command igmp group policy Example Add port Ethernet 1 0 1 in VLAN interface10 to the multicast group at 225 0 0 1 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 igmp host join 225 0 0 1 port Ethernet 1 0 1 5 1 8 igmp host join vlan Sy...

Page 460: ...It is in the range of 1 second to 5 seconds Description Use the igmp lastmember queryinterval command to set the Interval for the IGMP querier to send IGMP group specific query packets when it receives IGMP leave packets from the host Use the undo igmp lastmember queryinterval command to restore the default value The interval for the IGMP querier to send IGMP group specific query packets is one se...

Page 461: ...this command cannot take effect for the host may not send the IGMP Leave message when it leaves a group For the related command see igmp robust count and display igmp interface Example Set the query interval at the Vlan interface10 as 3 seconds Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 10 Quidway Vlan interface10 igmp lastmember queryinterval ...

Page 462: ...e number undo igmp proxy View VLAN view Parameter interface number Proxy interface number Description Use the igmp proxy command to specify an interface of the Layer 3 endpoint switch as the IGMP proxy interface of another interface Use the undo igmp proxy command to disable this configuration The IGMP proxy feature is disabled by default You must enable the PIM protocol on the interface first bef...

Page 463: ... View with Ctrl Z Quidway multicast routing enable Quidway interface vlan interface 1 Quidway Vlan interface1 igmp enable Quidway Vlan interface1 igmp proxy vlan interface 2 5 1 12 igmp robust count Syntax igmp robust count robust value undo igmp robust count View VLAN interface view Parameter robust value IGMP robust value number of sending the IGMP group specific query packets after the IGMP que...

Page 464: ...packets within the specified maximum response time interval If it receives the IGMP Membership Report packets within the defined period equal to robust value seconds the IGMP query router continue to maintain the membership of this group When receiving no IGMP Membership Report packet from any hosts within the defined period the IGMP query router considers it as timeout and stops membership mainte...

Page 465: ...e valid period the router will consider the previous querier to be invalid and the router itself becomes a querier In IGMP version 1 the selection of a querier is determined by the multicast routing protocol In IGMP version 2 the router with the lowest IP address on the shared network segment acts as the querier Related command igmp timer query and display igmp interface Example Set the querier to...

Page 466: ...e to transmit the host query message every 150 seconds via VLAN interface2 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 2 Quidway Vlan interface2 igmp timer query 150 5 1 15 igmp version Syntax igmp version 1 2 undo igmp version View VLAN interface view Parameter 1 IGMP Version 1 2 IGMP Version 2 Description Use the igmp version command to specif...

Page 467: ...group address IGMP group address group mask Mask of IGMP group address Description Use the reset igmp group command to delete an existing IGMP group from the VLAN interface The deleted group can be added to the VLAN interface again Example Delete all IGMP groups on all the VLAN interfaces Quidway reset igmp group all Delete all IGMP groups on Vlan interface10 Quidway reset igmp group interface Vla...

Page 468: ...ious BSR proofing in the network the following two measures need to be taken z Prevent the router from being spoofed by hosts though faking legal BSR messages to modify RP mapping BSR messages are of multicast type and their TTL is 1 so this type of attacks often hit edge routers Fortunately BSRs are inside the network while assaulting hosts are outside therefore neighbor and RPF checks can be use...

Page 469: ...Z Quidway multicast routing enable Quidway pim Quidway pim bsr policy 2000 Quidway pim quit Quidway acl number 2000 Quidway acl basic 2000 rule 0 permit source 101 1 1 1 0 6 1 2 c bsr Syntax c bsr interface type interface number hash mask len priority undo c bsr View PIM view Parameter interface type interface number Specifies the VLAN interface The candidate BSR is configured on the VLAN interfac...

Page 470: ...iority priority value undo c rp interface type interface number all View PIM view Parameter interface type interface number Specifies the VLAN interface whose IP address is advertised as a candidate RP address acl number Number of the basic ACL that defines a group range which is the service range of the advertised RP The value ranges from 2000 to 2999 priority value Priority value of candidate RP...

Page 471: ... command to limit the range of legal C RP as well as target service group range of each C RP prevent C RP proofing Use the undo crp policy command to restore the default setting that is no range limit is set and all received messages are taken as legal In the PIM SM network using BSR mechanism every router can set itself as C RP candidate rendezvous point servicing particular groups If elected a C...

Page 472: ... C RP and to serve only for the groups 225 1 0 0 16 Quidway system view System View return to User View with Ctrl Z Quidway multicast routing enable Quidway pim Quidway pim crp policy 3000 Quidway pim quit Quidway acl number 3000 Quidway acl adv 3000 rule 0 permit source 1 1 1 1 0 destination 225 1 0 0 0 0 255 255 6 1 5 display pim bsr info Syntax display pim bsr info View Any view Parameter None ...

Page 473: ...scription Use the display pim interface command to view the PIM configuration information of the interface If neither the VLAN interface type nor the VLAN interface number is specified the PIM configuration information of all VLAN interfaces is displayed if both the VLAN interface type and the VLAN interface number are specified the PIM configuration information about the specified VLAN interface ...

Page 474: ...ring policy of the PIM neighbors on the current interface PIM DR Designated router 6 1 7 display pim neighbor Syntax display pim neighbor interface interface type interface number View Any view Parameter interface type interface number Interface type and interface number used to specify the VLAN interface Description Use the display pim neighbor command to view the PIM neighbor information discove...

Page 475: ...ress mask mask length mask source address mask mask length mask incoming interface interface type interface number null dense mode sparse mode View Any view Parameter rp RP route entry g G route entry group address Address of the multicast group source address IP address of the multicast source incoming interface interface type interface number View the route entry whose incoming VLAN interface is...

Page 476: ... interface list NULL 192 168 1 2 224 2 181 90 Protocol 0x20 PIMSM Flag 0x4 SPT UpTime 23 59 Timeout after 196 seconds Upstream interface VLAN interface2 RPF neighbor NULL Downstream interface list NULL Total 2 entries listed Table 6 4 Description on the fields of the display routing table command Field Description RP Rendezvous Point S G source address multicast group PIM SM PIM Sparse Mode SPT Sh...

Page 477: ...skLen 224 0 0 0 4 RP 4 4 4 6 Version 2 Priority 0 Uptime 00 39 50 Expires 00 01 40 Table 6 5 Description on the fields of the display pim rp info command Field Description PIM SM RP SET information Combination of RP information BSR is 4 4 4 6 BSR is the VLAN interface of 4 4 4 6 in the network Group MaskLen 224 0 0 0 4 RP 4 4 4 6 Version 2 Priority 0 Uptime 00 39 50 Expires 00 01 40 The RP whose g...

Page 478: ...ticast routing enable Quidway pim Quidway pim 6 1 11 pim bsr boundary Syntax pim bsr boundary undo pim bsr boundary View VLAN interface view Parameter None Description Use the pim bsr boundary command to configure a VLAN interface of the switch as the PIM domain boundary Use the undo pim bsr boundary command to remove the configured PIM domain boundary The switch does not set any PIM domain bounda...

Page 479: ...multicast routing enable Quidway pim Quidway interface Vlan interface 10 Quidway Vlan interface10 pim bsr boundary 6 1 12 pim dm Syntax pim dm undo pim dm View VLAN interface view Parameter None Description Use the pim dm command to enable PIM DM Use the undo pim dm command to disable PIM DM By default PIM DM is disabled Once enabled PIM DM on an interface PIM SM cannot be enabled on the same inte...

Page 480: ...e when the limit is reached Use the undo pim neighbor limit command to restore the default setting By default the number of PIM neighbors on a VLAN interface is limited within 128 If the number of existing PIM neighbors exceeds the configured limit they will not be deleted Example Limit the number of PIM neighbors on Vlan interface10 within 50 Quidway system view System View return to User View wi...

Page 481: ...erve as a PIM neighbor of the Vlan interface10 but not 10 10 1 1 Quidway system view System View return to User View with Ctrl Z Quidway multicast routing enable Quidway interface Vlan interface 10 Quidway Vlan interface10 pim neighbor policy 2000 Quidway Vlan interface10 quit Quidway acl number 2000 Quidway acl basic 2000 rule permit source 10 10 1 2 0 Quidway acl basic 2000 rule deny source 10 1...

Page 482: ...rval at which a VLAN interface sends Hello packets Use the undo pim timer hello command to restore the default value of the interval By default a VLAN interface sends Hello packets at the interval of 30 seconds When the PIM SM protocol is enabled on a VLAN interface the switch will periodically send Hello packets to the network devices supporting PIM If the VLAN interface receives Hello packets it...

Page 483: ...packets sent by the DR in the PIM SM network and to accept the specified packets only Use the undo register policy command to remove the configured packet filtering Example If the local device is the RP in the network using the following command can only accept multicast message register of the source sending multicast address in the range of 225 1 0 0 16 on network segment 10 10 0 0 16 Quidway sy...

Page 484: ...im neighbor 25 5 4 3 6 1 19 reset pim routing table Syntax reset pim routing table all group address mask group mask mask length group mask length source address mask source mask mask length source mask length incoming interface interface type interface number View User view Parameter all All PIM neighbors group address Specifies group address mask group mask Specifies group mask group mask length...

Page 485: ...e G item will be cleared This command shall clear not only multicast route entries from PIM routing table but also the corresponding route entries and forward entries in the multicast core routing table and MFC Related command reset multicast routing table reset multicast forwarding table and display pim routing table Example Clear the route entries with group address 225 5 4 3 from the PIM routin...

Page 486: ...will not switch the shared tree to the SPT If the acl number argument is not specified the threshold applies to all multicast groups Example Specify the switch at the last hop to switch the shared tree to the SPT when it receives the first multicast packet Quidway system view System View return to User View with Ctrl Z Quidway pim Quidway pim spt switch threshold 0 6 1 21 source policy Syntax sour...

Page 487: ... those from 10 10 1 1 Quidway system view System View return to User View with Ctrl Z Quidway multicast routing enable Quidway pim Quidway pim source policy 2000 Quidway pim quit Quidway acl number 2000 Quidway acl basic 2000 rule permit source 10 10 1 2 0 Quidway acl basic 2000 rule deny source 10 10 1 1 0 6 1 22 static rp Syntax static rp rp address acl number undo static rp View PIM view Parame...

Page 488: ...y BSR mechanism is valid static RP will not work All routers in the PIM domain must be configured with this command and be specified with the same RP address The new configuration overwrites the old one if you execute the command for a second time Related command display pim rp info Example Configure 10 110 0 6 as a static RP Quidway system view System View return to User View with Ctrl Z Quidway ...

Page 489: ...cription Use the cache sa enable command to enable the SA message cache mechanism Use the undo cache sa enable command to disable the cache mechanism By default a router caches S G entries after it receives an SA message If the router is in the cache state it does not send an SA request message to the specified MSDP peer when it receives a Join message Example Enable the router to cache all SA sta...

Page 490: ... s Address State Up Down time AS SA Count Reset Count 20 20 20 20 Up 00 00 13 100 0 0 Table 7 1 Description on the fields of the display msdp brief command Field Description Peer s Address Address of the MSDP peer State State Up Down time Up down time AS AS number SA Count SA count Reset Count Times of peer connection resets 7 1 3 display msdp peer status Syntax display msdp peer status peer addre...

Page 491: ...ters clear 14 42 40 Information about Source Group based SA filtering policy Import policy none Export policy none Information about SA Requests Policy to accept SA Request messages none Sending SA Requests status disable Minimum TTL to forward SA with encapsulated data 0 SAs learned from this peer 0 SA cache maximum for the peer none Input queue size 0 Output queue size 0 Counters for MSDP messag...

Page 492: ...MSDP peer You must configure the cache sa enable command before the system can display the cache state information Example Display SA messages learned from the MSDP peer Quidway display msdp sa cache MSDP Total Source Active Cache 5 entries Source Group Origin RP Pro AS Uptime Expires 10 10 1 2 225 1 1 1 10 10 10 10 00 00 10 00 05 50 10 10 1 3 225 1 1 1 10 10 10 10 00 00 11 00 05 49 10 10 1 2 225 ...

Page 493: ...in MSDP cache The debugging output of this command is available only after the configuration of the cache sa enable command Example View the number of sources and groups in MSDP cache Quidway display msdp sa count Number of cached Source Active entries counted by Peer Peer s Address Number of SA 10 10 10 10 5 Number of source and group counted by AS AS Number of source Number of group 100 3 3 Tota...

Page 494: ... S G entries in this domain that need to be advertised when an MSDP peer creates an SA message Use the undo import source command to cancel the configuration By default an SA message advertise all the S G entries in the domain In addition you can also use the peer sa policy import command or the peer sa policy export command to filter forwarded SA messages Example Specify the S G entries in the mu...

Page 495: ...w System View return to User View with Ctrl Z Quidway undo msdp 7 1 8 msdp tracert Syntax msdp tracert source address group address rp address max hops max hops next hop info sa info peer info skip hops skip hops View Any view Parameter source address Multicast source address group address Multicast group address rp address IP address of an RP max hops Maximum number of hops to be traced ranging f...

Page 496: ...t press CTRL_C to break D bit set if have this S G in cache but with a different RP RP bit set if this router is an RP NC bit set if this router is not caching SA s C bit set if this S G RP tuple is in the cache MSDP trace route path information Router Address 20 20 1 1 Fixed length response info Peer Uptime 10 minutes Cache Entry Uptime 30 minutes D bit 0 RP bit 1 NC bit 0 C bit 1 Return Code Rea...

Page 497: ...max hops Maximum number of hops is reached Another possible value is Hit src RP The router of this hop is the source RP in the S G RP entry Next Hop Router Address 0 0 0 0 If you use the next hop info keyword the address of Peer RPF neighbor is displayed Count of SA messages received for this S G RP The number of SA messages received to trace the S G RP entry Count of encapsulated data packets rec...

Page 498: ...he interface Vlan interface 100 as the RP address of the created SA message Quidway system view System View return to User View with Ctrl Z Quidway msdp Quidway msdp originating rp Vlan interface 100 7 1 10 peer description Syntax peer peer address description text undo peer peer address description View MSDP view Parameter peer address IP address of the MSDP peer text Description text which is ca...

Page 499: ...ess mesh group View MSDP view Parameter peer address IP address of an MSDP peer in a mesh group name Name of a mesh group case sensitive containing 1 to 32 characters Description Use the peer mesh group command to add an MSDP peer in a mesh group Use the undo peer mesh group command to cancel the configuration By default an MSDP peer does not belong to any mesh group Example Configure the MSDP pee...

Page 500: ...y default the value of TTL threshold is 0 Related command peer Example Set the TTL threshold to 10 so that only those multicast data packets with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer 110 10 10 1 Quidway system view System View return to User View with Ctrl Z Quidway msdp Quidway msdp peer 110 10 10 1 minimum ttl 10 7 1 13 peer request sa enable Syntax peer peer...

Page 501: ...ss sa cache maximum View MSDP view Parameter peer address IP address of the MSDP peer sa limit Maximum number of SA messages cached ranging from 1 to 2 048 Description Use the peer sa cache maximum command to set the maximum number of SA messages cached on the router Use the undo peer sa cache maximum command to restore the default configuration By default the maximum number of SA messages cached ...

Page 502: ...ource IP to establish TCP connection with the remote MSDP peer Description Use the peer connect interface command to configure a MSDP peer Use the undo peer connect interface command to disable the configured MSDP peer If the MSDP router of the local router is also a BGP peer the MSDP peer and the BGP peer must use the same IP addresses Related command static rpf peer Example Configure the router ...

Page 503: ...MSDP peer Use the undo peer sa policy command to remove the configuration By default no filtering is imposed on SA messages to be received or forwarded namely all SA messages from MSDP peers are received or forwarded Related command peer Example Configure a filtering list so that only those SA messages permitted by the advanced IP ACL 3100 are forwarded Quidway system view System View return to Us...

Page 504: ...t the router receives all SA request messages from the MSDP peer If no ACL is specified all SA requests will be ignored If an ACL is specified only those SA request messages from the groups that match the ACL rule will be processed while others are ignored Related command peer Example Configure an ACL so that SA request messages from the group address range of 225 1 1 0 24 and from the MSDP peer 1...

Page 505: ... peer 125 10 7 6 7 1 19 reset msdp sa cache Syntax reset msdp sa cache group address View User view Parameter group address Group address the cached S G entries matching this address are to be deleted from the SA cache If no multicast group address is specified all cached SA entries will be cleared Description Use the reset msdp sa cache command to clear cached SA entries of the MSDP peer Related ...

Page 506: ...o clear the statistics information of one or more MSDP peers without resetting the MSDP peer s Example Clear the statistics information of the MSDP peer 125 10 7 6 Quidway reset msdp statistics 125 10 7 6 7 1 21 shutdown Syntax shutdown peer address undo shutdown peer address View MSDP view Parameter peer address IP address of an MSDP peer Description Use the shutdown command to shut down the spec...

Page 507: ... must follow the following two configuration methods z In the case that all the peers use the rp policy keyword Multiple static RPF peers take effect at the same time RPs in SA messages are filtered according to the prefix list configured only SA messages whose RP addresses pass the filtering are received If multiple static RPF peers using the same rp policy keyword are configured when any of the ...

Page 508: ... 130 10 7 6 rp policy list1 7 1 23 timer retry Syntax timer retry seconds undo timer retry View MSDP view Parameter seconds Connection request retry interval in seconds ranging from 1 to 60 Description Use the timer retry command to configure a connection request retry interval Use the undo timer retry command to restore the default value By default the connection request retry interval is 30 seco...

Page 509: ...guest vlan 1 8 1 1 6 dot1x max user 1 9 1 1 7 dot1x port control 1 10 1 1 8 dot1x port method 1 12 1 1 9 dot1x quiet period 1 13 1 1 10 dot1x retry 1 14 1 1 11 dot1x retry version max 1 14 1 1 12 dot1x supp proxy check 1 15 1 1 13 dot1x timer 1 17 1 1 14 dot1x version check 1 19 1 1 15 reset dot1x statistics 1 20 Chapter 2 HABP Configuration Commands 2 1 2 1 HABP Configuration Commands 2 1 2 1 1 d...

Page 510: ...erface name interface type interface num in which interface type specifies the type of an Ethernet port and interface num identifies the number of the port Note that the interface name after the keyword to must have an interface num that is greater than or equal to that of the interface name before to 1 10 means that up to 10 port indexes port index lists can be provided Description Use the displa...

Page 511: ... 1024 Total current used 802 1x resource number is 1 Ethernet1 0 1 is link down 802 1X protocol is disabled Proxy trap checker is disabled Proxy logoff checker is disabled Version Check is disabled The port is an authenticator Authentication Mode is Auto Port Control Type is Mac based Max number of on line users is 256 Authentication Success 0 Failed 0 EAPOL Packets Tx 0 Rx 0 Sent EAP Request Iden...

Page 512: ...short is enabled on the switch CHAP authentication is enabled CHAP authentication is enabled DHCP launch is disabled DHCP triggered 802 1x authentication is disabled Proxy trap checker is disabled Whether to check a supplicant system that logs in through a proxy z Disable means the switch does not send Trap packets when it detects that a supplicant system logs in through a proxy z Enable means the...

Page 513: ...net1 0 1 is link up Ethernet1 0 1 port is in up state 802 1X protocol is disabled 802 1x is disabled on the port Proxy trap checker is disabled Whether to check a supplicant system that logs in through a proxy z Disable means the switch does not send Trap packets when it detects that a supplicant system logs in through a proxy z Enable means the switch sends Trap packets when it detects that a sup...

Page 514: ...type specifies the type of a port and interface num identifies the port number Note that the interface name after the keyword to must have an interface num that is greater than or equal to that of the interface name before to 1 10 means that up to 10 port indexes port index lists can be provided Description Use the dot1x command to enable 802 1x globally or for specified Ethernet ports Use the und...

Page 515: ...ximum number of MAX addresses that can be learnt for a port 802 1x is unavailable to it Related command display dot1x Example Enable 802 1x for Ethernet1 0 1 port Quidway system view System View return to User View with Ctrl Z Quidway dot1x interface Ethernet 1 0 1 Enable 802 1x globally Quidway system view System View return to User View with Ctrl Z Quidway dot1x 1 1 3 dot1x authentication method...

Page 516: ...fer In an EAP authentication method a switch sends 802 1x authentication information directly to the RADIUS server in EAP packets instead of having to convert them into RADIUS packets before forwarding to the RADIUS server EAP authentication can be realized in one of the four sub methods PEAP EAP TLS EAP TTLS and EAP MD5 Related command display dot1x Note When the device itself functions as the au...

Page 517: ...en it applies for a dynamic IP address through DHCP Quidway system view System View return to User View with Ctrl Z Quidway dot1x dhcp launch 1 1 5 dot1x guest vlan Syntax dot1x guest vlan vlan id interface interface list undo dot1x guest vlan vlan id interface interface list View System view Ethernet port view Parameter vlan id VLAN ID of a Guest VLAN in the range from 1 to 4 094 interface list E...

Page 518: ...apply to the current Ethernet port only In this case the interface list argument is not needed Caution z The Guest VLAN function is available only when the switch operates in a port based authentication mode z Only one Guest VLAN can be configured for each switch z The Guest VLAN function is unavailable when the dot1x dhcp launch command is configured on the switch because the switch does not send...

Page 519: ...vided Description Use the dot1x max user command to set the maximum number of supplicant systems an Ethernet port can accommodate Use the undo dot1x max user command to revert to the default maximum supplicant system number When being executed in system view these two commands apply to all Ethernet ports of the switch if you do not provide the interface list argument And if you specify the interfa...

Page 520: ... and can be specified in this form interface name interface type interface num in which interface type specifies the type of a port and interface num identifies the port number Note that the interface name after the keyword to must have an interface num that is greater than or equal to that of the interface name before the to keyword 1 10 means that up to 10 port indexes port index lists can be pr...

Page 521: ... that the interface name after the keyword to must have an interface num that is greater than or equal to that of the interface name before the to keyword 1 10 means that up to 10 port indexes port index lists can be provided The default access control method is MAC address based That is the macbased keyword is specified by default Description Use the dot1x port method command to specify the acces...

Page 522: ...Quidway system view System View return to User View with Ctrl Z Quidway dot1x port method portbased interface Ethernet 1 0 1 1 1 9 dot1x quiet period Syntax dot1x quiet period undo dot1x quiet period View System view Parameter None Description Use the dot1x quiet period command to enable the quiet period timer Use the undo dot1x quiet period command to disable the quiet period timer When a supplic...

Page 523: ...The default value is 2 times Having sent authentication request packets to a supplicant system a switch will resend the packets if within a preset period it still has not received any response from the supplicant system The dot1x retry command is used to set the maximum number of times that a switch will resend the request packets When set to 1 it means that the switch will only send request packe...

Page 524: ...ket if within a preset period as determined by the client version timer it still has not received any response from the supplicant system When the number set by this command has reached and there is still no response from the supplicant system the switch will continue its following authentication without sending further version requests This command applies to all ports Related commands display do...

Page 525: ...all Ethernet ports In system view execution of the dot1x supp proxy check command enables the supplicant system proxy checking function for specified ports if the interface list argument is provided in Ethernet port view the interface list argument is not needed only the current port can have the function In system view after enabling global supplicant proxy checking you also need to enable this f...

Page 526: ...elated command display dot1x Example Configure to disconnect any supplicant system connected to Ethernet1 0 1 through Ethernet1 0 8 ports if it has been detected logging in through a proxy Quidway system view System View return to User View with Ctrl Z Quidway dot1x supp proxy check logoff Quidway dot1x supp proxy check logoff interface Ethernet 1 0 1 to Ethernet 1 0 8 Configure the switch to send...

Page 527: ...switch will resend the request challenge packet supp timeout value Time interval of the authentication timer in seconds This value can range from 10 to 120 with a default value of 30 server timeout Server timeout timer if within the period no response has been sent back from the Authentication server the switch will resend the request Identity packet server timeout value Value of the server timeou...

Page 528: ...ed way you can use the dot1x timer command to set values for these timers as needed This may be necessary in certain situations or for some tough network environments Normally the defaults are recommended Note that some timers cannot be adjusted Related command display dot1x Example Set the server timeout to 150 seconds Quidway system view System View return to User View with Ctrl Z Quidway dot1x ...

Page 529: ...on enabled by executing this command and the interface list argument is not needed Example Configure Ethernet1 0 1 port to check the version of the 802 1x client upon receiving authentication packets Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet1 0 1 Quidway Ethernet1 0 1 dot1x version check 1 1 15 reset dot1x statistics Syntax reset dot1x statistics in...

Page 530: ...command to reset 802 1x related statistics In this command If the interface list argument is not specified this command clears statistics globally and the 802 1X statistics on all ports If the interface list argument is specified this command clears statistics on the ports specified by the argument Related command display dot1x Example Clear 802 1x related statistics on Ethernet1 0 1 port Quidway ...

Page 531: ...d status information Quidway system view System View return to User View with Ctrl Z Quidway display habp Global HABP information HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 2 1 Description on the fields of the display habp command Field Description HABP Mode Indicates the HABP mode of the switch A switch can operate as an HABP server displayed as Server or a...

Page 532: ...y HABP Quidway system view System View return to User View with Ctrl Z Quidway display habp table MAC Holdtime Receive Port 001f 3c00 0030 53 Ethernet1 0 1 Table 2 2 Description on the fields of the display habp table command Field Description MAC MAC addresses listed in the HABP MAC address table Holdtime Hold time of the entries in the HABP MAC address table An address will be removed from the t...

Page 533: ... traffic HABP counters Packets output 0 Input 0 ID error 0 Type error 0 Version error 0 Sent failed 0 Table 2 3 Description on the fields of the display habp traffic command Field Description Packets output Number of the HABP packets sent Input Number of the HABP packets received ID error Number of HABP packets with ID errors Type error Number of HABP packets with type errors Version error Number ...

Page 534: ...bp server View System view Parameter vlan id VLAN ID ranging from 1 to 4 094 Description Use the habp server vlan command to configure a switch to operate as an HABP server and HABP packets to be broadcast in specified VLAN Use the undo habp server vlan command to revert to the default HABP mode By default a switch operates as an HABP client To specify a switch to operate as an HABP server you nee...

Page 535: ...ment ranges from 5 to 600 Description Use the habp timer command to set the interval for a switch to send HABP request packets Use the undo habp timer command to revert to the default interval The default interval for a switch to send HABP request packets is 20 seconds Use these two commands on switches operating as HABP servers only Example Configure the switch to send HABP request packets once i...

Page 536: ... 1 11 domain 1 13 1 1 12 idle cut 1 14 1 1 13 level 1 15 1 1 14 local user 1 16 1 1 15 local user password display mode 1 17 1 1 16 messenger 1 18 1 1 17 name 1 19 1 1 18 password 1 19 1 1 19 radius scheme 1 20 1 1 20 scheme 1 21 1 1 21 self service url 1 22 1 1 22 service type 1 24 1 1 23 state 1 25 1 1 24 vlan assignment mode 1 26 1 2 RADIUS Configuration Commands 1 27 1 2 1 accounting optional ...

Page 537: ...nable 1 55 1 2 28 timer 1 56 1 2 29 timer quiet 1 57 1 2 30 timer realtime accounting 1 58 1 2 31 timer response timeout 1 59 1 2 32 user name format 1 60 1 3 HWTACACS Configuration Commands 1 61 1 3 1 data flow format 1 61 1 3 2 display hwtacacs 1 62 1 3 3 display stop accounting buffer 1 63 1 3 4 hwtacacs nas ip 1 64 1 3 5 hwtacacs scheme 1 65 1 3 6 key 1 66 1 3 7 nas ip 1 66 1 3 8 primary accou...

Page 538: ...HWTACACS EAD Quidway S3900 Series Ethernet Switches Release 1510 Table of Contents Huawei Technologies Proprietary iii Chapter 2 EAD Configuration Commands 2 1 2 1 EAD Configuration Commands 2 1 2 1 1 security policy server 2 1 ...

Page 539: ...current ISP domain Where max user number ranges from 1 to 2072 Description Use the access limit command to set the maximum number of access users that can be contained in current ISP domain Use the undo access limit command to restore the default maximum number By default the number of access users that can be contained in current ISP domain is unlimited Because resource contention may occur betwe...

Page 540: ...4 vlan vlan id Sets the VLAN attribute of the user that is which VLAN the user belongs to Where vlan id is an integer ranging from 1 to 4094 location Sets the port binding attribute of the user nas ip ip address Sets the IP address of the access server to which the user is bound to Where ip address is in dotted decimal notation and is 127 0 0 1 representing this device by default If the user is bo...

Page 541: ...ame of a HWTACACS scheme a string of up to 32 characters Description Use the accounting command to configure the accounting scheme that will be used by current ISP domain Use the undo accounting command to remove the accounting scheme used by current ISP domain By default no accounting scheme is configured for the ISP domain When you use the accounting command to reference a RADIUS scheme or HWTAC...

Page 542: ...l command to close the accounting optional switch By default the accounting optional switch is closed Note that When the system charges an online user but it does not find any available RADIUS accounting server or fails to communicate with any RADIUS accounting server the user can continue the access to network resources if the accounting optional command has been used otherwise the user is discon...

Page 543: ... use the authentication command to specify a RADIUS scheme to be referenced by current ISP domain the RADIUS scheme must has already been configured If you execute the authentication radius scheme radius scheme name local command the local scheme is used as the secondary authentication scheme in case the RADIUS server does not respond normally That is if the communication between the switch and th...

Page 544: ...cc net New Domain added Quidway isp aabbcc net authentication radius scheme radius Specify rd as the RADIUS authentication scheme to be referenced by the ISP domain aabbcc and the local scheme as the secondary authentication scheme Quidway system view System View return to User View with Ctrl Z Quidway domain aabbcc New Domain added Quidway isp aabbcc authentication radius scheme rd local 1 1 6 au...

Page 545: ...er all Cuts down all user connections access type dot1x mac authentication Cuts down user connections using the specified access method dot1x is used to cut down all 802 1x user connections and mac authentication is used to cut down all MAC authentication user connections domain isp name Cuts down all user connections in the specified ISP domain Where isp name is the name of an ISP domain It is a ...

Page 546: ...ore than 24 characters Description Use the cut connection command to cut down one user connection or one type of user connections forcibly This command cannot cut down the connections of Telnet and FTP users Related command display connection Example Cut down all user connections in the ISP domain named aabbcc net Quidway system view System View return to User View with Ctrl Z Quidway cut connecti...

Page 547: ...user connections using the specified RADIUS scheme Where hwtacacs scheme name is a character string of up to 32 characters vlan vlan id Displays all user connections of the specified VLAN Where vlan id ranges from 1 to 4094 ucibindex ucib index Displays the user connection with the specified connection index Where ucib index ranges from 0 to 2071 user name user name Displays the user connection wi...

Page 548: ...em MAC 000f 3d80 4ce5 IP 192 168 0 3 Access 8021X Auth CHAP Port Ether Port NO 0x10003001 Initial VLAN 1 Authorization VLAN 1 ACL Group Disable CAR Disable Priority Disable Start 2000 04 03 02 51 53 Current 2000 04 03 02 52 22 Online 00h00m29s On Unit 1 Total 1 connections matched 1 listed Total 1 connections matched 1 listed Here Port NO 0x10003001 means by the binary bits Table 1 1 Description o...

Page 549: ...splay domain 0 Domain system State Active Scheme LOCAL Access limit Disable Vlan assignment mode Integer Domain User Template Idle cut Disable Self service Disable Messenger Time Disable Default Domain Name system Total 1 domain s 1 listed Table 1 2 Description on the fields of the display domain command Field Description Domain Domain name State State Scheme AAA scheme Access Limit Limit on the n...

Page 550: ...fied VLAN Where vlan id ranges from 1 to 4094 service type Displays the local users of the specified type You can specify one of the following user types ftp lan access generally this type of users are Ethernet access users for example 802 1x users ssh telnet terminal this type of users are terminal users who log into the switch through the Console port state active block Displays the local users ...

Page 551: ...3 describes the fields in the above display output Table 1 3 Description on the fields of the display local user command Field Description State State of the local user ServiceType Mask Service type mark Idle Cut State of the idle cut function Access Limit Limit on the number of access users Current AccessNum Number of current access users Bind location Whether or not bound to a port Vlan ID VLAN ...

Page 552: ...u can use the display domain command to check the settings of this default ISP domain After you execute the domain command the system creates a new ISP domain if the specified ISP domain does not exist Once an ISP domain is created it is in the active state You can manually configure the default domain only when it has already existed Related command access limit scheme state and display domain Ex...

Page 553: ...50 500 1 1 13 level Syntax level level undo level View Local user view Parameter level Priority level of the user It is an integer ranging from 0 to 3 and defaulting to 0 Description Use the level command to set the priority level of the user The priority level of the user corresponds to the command level of the user Refer to the description of the command privilege level command in the command li...

Page 554: ...cters This string cannot contain the following characters It can contain no more than one character The pure user name user ID that is the part before cannot be longer than 55 characters and the domain name the part behind cannot be longer than 24 characters The local user name is case insensitive all Specifies all local users service type Specifies the local users of the specified type You can sp...

Page 555: ... mode so that the passwords of local users are displayed in the modes set with the password command Description Use the local user password display mode command to set the password display mode of all local users Use the undo local user password display mode command to restore the default password display mode of all local users By default the password display mode of all access users is auto When...

Page 556: ...unction Use the undo messenger time command to restore the messenger function to its default state By default the messenger function is disabled on the switch The purpose of this function is to remind online users of their remaining online time through clients in the form of message dialog You can use messenger time enable command to set a remaining online time limit and the interval to send promp...

Page 557: ...name command to cancel the VLAN name By default an VLAN uses its VLAN ID like VLAN 0001 as its name This command is used for the dynamic VLAN assignment function For details about this function refer to the vlan assignment mode command Related command vlan assignment mode Example Set the name of VLAN 100 to test Quidway system view System View return to User View with Ctrl Z Quidway vlan 100 Quidw...

Page 558: ...the local user Use the undo password command to cancel the password of the local user Note that after the local user password display mode cipher force command is executed the password will be displayed in cipher text even though you use the password command to set the display mode of the password to simple Related command display local user Example Set the password of user1 to 20030422 and specif...

Page 559: ...em View return to User View with Ctrl Z Quidway domain huawei163 net New Domain added Quidway isp huawei163 net radius scheme huawei 1 1 20 scheme Syntax scheme local none radius scheme radius scheme name local hwtacacs scheme hwtacacs scheme name local undo scheme none radius scheme hwtacacs scheme View ISP domain view Parameter radius scheme name Name of a RADIUS scheme a character string of up ...

Page 560: ...e becomes the secondary scheme in case the TACACS server does not response normally That is if the communication between the switch and the TACACS server is normal no local authentication is performed otherwise local authentication is performed z If you execute the scheme local command the local scheme is adopted as the primary scheme In this case only local authentication is performed no RADIUS a...

Page 561: ...ntrol their accounts or card numbers by themselves A server installed with the self service software is called a self service server z After this command is executed on the switch users can locate the self service server through the following operation choose change user password on the 802 1x client the client opens the default browser for example IE or NetScape and locates the specified URL page...

Page 562: ... example 802 1x user telnet Authorizes the user to access the Telnet service ssh Authorizes the user to access the SSH service terminal Authorizes the user to access the terminal service that is allows the user to log into the switch through the Console port level level Specifies the level of the Telnet terminal or SSH user Where level is an integer ranging from 0 to 3 and defaulting to 0 Descript...

Page 563: ... current ISP domain in ISP domain view or the status of the local user in local user view By default an ISP domain is in the active state once it is created and a local user is in the active state once the user is created After an ISP domain is set to the block state except the online users the users under this domain are not allowed to access the network After the local user is set to the block s...

Page 564: ... control to port based mode Currently the switch supports the RADIUS authentication server to assign the following two types of VLAN IDs integer and string z Integer If the RADIUS server assigns integer type of VLAN IDs you can set the VLAN assignment mode to integer on the switch this is also the default mode on the switch Then upon receiving an integer ID assigned by the RADIUS authentication se...

Page 565: ...ess Manager String Steel Belted Radius Administrator String Note In string mode if the VLAN ID assigned by the RADIUS server is a character string containing only digits for example 1024 the switch first regards it as an integer VLAN ID the switch transforms the string to an integer value and judges if the value is in the valid VLAN ID range if it is the switch adds the authenticated port to the V...

Page 566: ...o network resources if the accounting optional command has been used otherwise the user is disconnected from the system The accounting optional command is often used in the cases that only authentication is needed and no accounting is needed z After the accounting optional command is used for a RADIUS scheme the system will no longer send real time accounting update packets and stop accounting pac...

Page 567: ...ult this function is disabled The purpose of this function is to resolve this problem users cannot re log into the switch after the switch restarts because they are already online After this function is enabled every time the switch restarts z The switch generates an Accounting On packet which mainly contains the following information NAS ID NAS IP address source IP address and session ID z The sw...

Page 568: ...e the user re authentication upon device restart function for the RADIUS scheme named CAMS Quidway system view Quidway radius scheme CAMS Quidway radius CAMS accounting on enable 1 2 3 data flow format Syntax data flow format data byte giga byte kilo byte mega byte packet giga packet kilo packet mega packet one packet undo data flow format View RADIUS scheme view Parameter data Sets the unit of me...

Page 569: ...nt to RADIUS server in kilobytes and kilo packets respectively Quidway system view System View return to User View with Ctrl Z Quidway radius scheme radius1 New Radius scheme Quidway radius radius1 data flow format data kilo byte packet kilo packet 1 2 4 display local server statistics Syntax display local server statistics View Any view Parameter None Description Use the display local server stat...

Page 570: ...lay the configuration information about all RADIUS schemes Quidway display radius scheme SchemeName system Index 0 Type huawei Primary Auth IP 127 0 0 1 Port 1645 Primary Acct IP 127 0 0 1 Port 1646 Second Auth IP 0 0 0 0 Port 1812 Second Acct IP 0 0 0 0 Port 1813 Auth Server Encryption Key huawei Acct Server Encryption Key huawei Accounting method required Accounting On packet enable send times 1...

Page 571: ...ion Key Shared key of the accounting servers Accounting method Accounting method Accounting On packet enable send times 15 interval 3s The system sends up to 15 Accounting on packets at intervals of 3 seconds after restarting TimeOutValue seconds RADIUS server response timeout time RetryTimes Maximum number of transmission attempts RealtimeACCT in minute Real time accounting interval in minutes Pe...

Page 572: ...tistics command to display the statistics about RADIUS packets Related command radius scheme Example Display the statistics about RADIUS packets Quidway display radius statistics state statistic total 2072 DEAD 2072 AuthProc 0 AuthSucc 0 AcctStart 0 RLTSend 0 RLTWait 0 AcctStop 0 OnLine 0 Stop 0 StateErr 0 Received and Sent packets statistic Unit 1 Sent PKT total 0 Received PKT total 0 RADIUS rece...

Page 573: ... Err 0 Succ 0 Set policy result Num 0 Err 0 Succ 0 RADIUS sent messages statistic Auth accept Num 0 Auth reject Num 0 EAP auth replying Num 0 Account success Num 0 Account failure Num 0 Cut req Num 0 Set policy result Num 0 RecError_MSG_sum 0 SndMSG_Fail_sum 0 Timer_Err 0 Alloc_Mem_Err 0 State Mismatch 0 Other_Error 0 No response acct stop packet 0 Discarded No response acct stop packet for buffer...

Page 574: ...e the part behind cannot be longer than 24 characters The user name is case insensitive Description Use the display stop accounting buffer command to display the no response stop accounting request packets buffered in the device Note z You can choose to display the buffered stop accounting packets of a specified RADIUS scheme session ID or user name You can also specify a time range to display tho...

Page 575: ...is no shared key The RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packets exchanged with each other The two parties verify the validity of the exchanged packets by using the shared keys that have been set on them and can accept and respond to the packets sent from each other only if both of them have the same shared keys If the authentication authorization server and the acco...

Page 576: ...r enable undo local server View System view Parameter None Description Use the local server enable command to enable UDP port for local RADIUS authentication server Use the undo local server command to disable UDP port for local RADIUS authentication server By default UDP port for local RADIUS authentication server is enabled Related command radius scheme state and local server nas ip Example Enab...

Page 577: ...only supports the traditional RADIUS client service to accomplish user AAA management through foreign authentication authorization server and accounting server but also provides a simple local RADIUS server function for authentication and authorization This function is called local RADIUS authentication server function z When you use the local RADIUS authentication server function the UDP port num...

Page 578: ...r be the all zero address nor be a Class D address Description Use the nas ip command to set the source IP address used by the switch to send RADIUS packets Use the undo nas ip command to remove the source IP address setting By default the IP address of the outbound interface is used as the source IP address of the packet Note The nas ip command in RADIUS scheme view has the same function as the r...

Page 579: ...e primary accounting server is 0 0 0 0 port number UDP port number ranging from 1 to 65535 By default the UDP port number of the primary accounting service is 1813 Description Use the primary accounting command to set the IP address and port number of the primary RADIUS accounting server Use the undo primary accounting command to restore the default IP address and port number of the primary RADIUS...

Page 580: ...default IP address and port number of the primary RADIUS authentication authorization server Note that z After creating a new RADIUS scheme you should configure the IP address and UDP port number of each RADIUS server you want to use in this scheme These RADIUS servers fall into two types authentication authorization and accounting And for each kind of server you can configure two servers in a RAD...

Page 581: ... Radius scheme Quidway radius radius1 primary authentication 10 110 1 1 1812 1 2 14 radius client Syntax radius client enable undo radius client View System view Parameter None Parameter Use the radius client enable command to enable UDP port for AAA RADIUS client Use the undo radius client command to disable UDP port for AAA RADIUS client By default UDP port for AAA RADIUS client is enabled Relat...

Page 582: ...packet Note The nas ip command in RADIUS scheme view has the same function as the radius nas ip command in system view and the priority of configuration in RADIUS scheme view is higher than in system view Note that z You can specify the source IP address used to send RADIUS packet to prevent the unreachability of the packets returned from the server due to physical interface trouble It is recommen...

Page 583: ...uration is performed on a RADIUS scheme basis For each RADIUS scheme you should specify at least the IP addresses and UDP port numbers of the RADIUS authentication authorization and accounting servers and the parameters required for the RADIUS client to interact with the RADIUS servers You should first create a RADIUS scheme and enter its view before performing other RADIUS protocol configurations...

Page 584: ... to send trap messages when its RADIUS authentication or accounting server turns down Use the undo radius trap command to disable the switch from sending trap messages when its RADIUS authentication or accounting server turns down By default this function is disabled This configuration takes effect on all RADIUS scheme Note A device considers its RADIUS server as being down if it has tried the con...

Page 585: ...session id session id time range start time stop time user name user name View User view Parameter radius scheme radius scheme name Deletes the buffered stop accounting requests depending on the specified RADIUS scheme Where radius scheme name is the name of a RADIUS scheme This name is a character string of up to 32 characters session id session id Deletes the buffered stop accounting requests de...

Page 586: ...te the buffered no response stop accounting request packets Related command stop accounting buffer enable retry stop accounting and display stop accounting buffer Example Delete the stop accounting request packets buffered in the system for the user user0001 aabbcc net Quidway reset stop accounting buffer user name user0001 aabbcc net Delete the stop accounting request packets buffered from 0 0 0 ...

Page 587: ...on can improve the reacting speed of the system Related command radius scheme Example Set the maximum transmission times of RADIUS requests in the RADIUS scheme radius1 to five Quidway system view System View return to User View with Ctrl Z Quidway radius scheme radius1 New Radius scheme Quidway radius radius1 retry 5 1 2 21 retry realtime accounting Syntax retry realtime accounting retry times un...

Page 588: ...pts reaches the maximum the accounting attempt fails Suppose that the response timeout time of the RADIUS server is three seconds set by the timer response timeout command that the maximum number of transmission attempts set by the retry command is 3 and that the real time accounting interval is 12 minutes set by the timer realtime accounting command the maximum number of real time accounting requ...

Page 589: ... the charges of the users they are important for both the users and the ISP Therefore the switch should do its best to transmit them to the RADIUS accounting server If the RADIUS server does not respond to such a request the switch should first buffer the request on itself and then retransmit the request to the RADIUS accounting server until it gets a response or the maximum number of transmission...

Page 590: ...key radius scheme and state Example Set the IP address and UDP port number of the secondary accounting server of the RADIUS scheme radius1 to 10 110 1 1 and 1813 Quidway system view System View return to User View with Ctrl Z Quidway radius scheme radius1 New Radius scheme Quidway radius radius1 secondary accounting 10 110 1 1 1813 1 2 24 secondary authentication Syntax secondary authentication ip...

Page 591: ...us1 secondary authentication 10 110 1 2 1812 1 2 25 server type Syntax server type huawei standard undo server type View RADIUS scheme view Parameter huawei Specifies to use Huawei s private RADIUS protocol such as the procedure and packet format to interact with the Huawei RADIUS server which is generally the CAMS standard Specifies to use the standard RADIUS protocol That is it is required that ...

Page 592: ...ets the status of the specified RADIUS server to active that is the normal working state Description Use the state command to set the status of a RADIUS server By default all the RADIUS servers in a user defined RADIUS scheme are in the block state and the primary RADIUS servers in the default RADIUS scheme system are in the active state secondary RADIUS servers are in the block state For the prim...

Page 593: ...dius1 state secondary authentication active 1 2 27 stop accounting buffer enable Syntax stop accounting buffer enable undo stop accounting buffer enable View RADIUS scheme view Parameter None Description Use the stop accounting buffer enable command to enable the switch to buffer the stop accounting requests that bring no response Use the undo stop accounting buffer enable command to disable the s...

Page 594: ... Parameter seconds Response timeout time of RADIUS server ranging from 1 second to 10 seconds Description Use the timer command to set the response timeout time of RADIUS server that is the timeout time of the response timeout timer of RADIUS server Use the undo timer command to restore the default response timeout timer of RADIUS server By default the response timeout time of the RADIUS server is...

Page 595: ...Z Quidway radius scheme radius1 New Radius scheme Quidway radius radius1 timer 5 1 2 29 timer quiet Syntax timer quiet minutes undo timer quiet View RADIUS scheme view Parameter minutes Wait time ranging from 1 minute to 255 minutes By default it is 5 minutes Description Use the timer quiet command to set the wait time for the primary server to restore the active state Use the undo timer quiet com...

Page 596: ...al Note that z To charge the users in real time you should set the interval of real time accounting After the setting the switch sends the accounting information of online users to the RADIUS server at regular intervals z The setting of the real time accounting interval depends to some degree on the performance of the switch and the RADIUS server The higher the performance of the switch and the RA...

Page 597: ...Use the undo timer response timeout command to restore the default response timeout timer of RADIUS servers By default the response timeout time of the RADIUS server is 3 seconds Note that z If the switch gets no response from the RADIUS server after sending out a RADIUS request authentication authorization request or accounting request and waiting for a time it should retransmit the packet to ens...

Page 598: ...ser names to be sent to RADIUS server By default except for the default RADIUS scheme system the user names sent to RADIUS servers in any RADIUS scheme carry ISP domain names Note that z Generally an access user is named in the userid isp name format Where isp name behind the character represents the ISP domain name by which the device determines which ISP domain it should ascribe the user to Howe...

Page 599: ...scheme Quidway radius radius1 user name format without domain 1 3 HWTACACS Configuration Commands 1 3 1 data flow format Syntax data flow format data byte giga byte kilo byte mega byte data flow format packet giga packet kilo packet mega packet one packet undo data flow format data packet View HWTACACS view Parameter data Sets data unit byte Sets byte as the unit of data flow giga byte Sets giga b...

Page 600: ...turn to User View with Ctrl Z Quidway hwtacacs scheme hwt1 Quidway hwtacacs hwt1 data flow format data kilo byte Quidway hwtacacs hwt1 data flow format packet kilo packet 1 3 2 display hwtacacs Syntax display hwtacacs hwtacacs scheme name statistics View Any view Parameter hwtacacs scheme name HWTACACS scheme name a string of 1 to 32 case insensitive characters If no HWTACACS scheme is specified t...

Page 601: ...ounting buffer Syntax display stop accounting buffer hwtacacs scheme hwtacacs scheme name session id session id time range start time stop time user name user name View Any view Parameter hwtacacs scheme hwtacacs scheme name Displays information on buffered stop accounting requests according to the HWTACACS scheme specified by hwtacacs scheme name the name of HWTACACS scheme a character string of ...

Page 602: ...top accounting buffer stop accounting buffer enable and retry stop accounting Example Display the stop accounting requests buffered in the HWTACACS scheme hwt1 Quidway display stop accounting buffer hwtacacs scheme hwt1 1 3 4 hwtacacs nas ip Syntax hwtacacs nas ip ip address undo hwtacacs nas ip View System view Parameter ip address Specifies a source IP address for the switch which cannot be an a...

Page 603: ...ystem View return to User View with Ctrl Z Quidway hwtacacs nas ip 129 10 10 1 1 3 5 hwtacacs scheme Syntax hwtacacs scheme hwtacacs scheme name undo hwtacacs scheme hwtacacs scheme name View System view Parameter hwtacacs scheme name Specifies an HWTACACS server scheme with a character string of up to characters Description Use the hwtacacs scheme command to create an HWTACACS scheme and enter it...

Page 604: ...unting server authentication Specifies a shared key for the authentication server authorization Specifies a shared key for the authorization server string Shared key a string up to 16 characters Description Use the key command to configure a shared key for HWTACACS authentication authorization or accounting Use the undo key command to delete the configuration By default no key is set for any HWTAC...

Page 605: ...upon interface failure The source address is normally recommended to be a loopback interface address z This command specifies only one source address therefore the newly configured source address may overwrite the original one Related command display hwtacacs Example Set the source IP address of the HWTACACS packets to 10 1 1 1 Quidway system view System View return to User View with Ctrl Z Quidwa...

Page 606: ... not being used by any active TCP connections and the removal impacts only packets forwarded afterwards Example Configure a primary accounting server Quidway system view System View return to User View with Ctrl Z Quidway hwtacacs scheme test1 Quidway hwtacacs test1 primary accounting 10 163 155 12 49 1 3 9 primary authentication Syntax primary authentication ip address port undo primary authentic...

Page 607: ...system view System View return to User View with Ctrl Z Quidway hwtacacs scheme hwt1 Quidway hwtacacs hwt1 primary authentication 10 163 155 13 49 1 3 10 primary authorization Syntax primary authorization ip address port undo primary authorization View HWTACACS scheme view Parameter ip address IP address of the server a valid unicast address in dotted decimal format By default the IP address of th...

Page 608: ...er Quidway system view System View return to User View with Ctrl Z Quidway hwtacacs scheme hwt1 Quidway hwtacacs hwt1 primary authorization 10 163 155 13 49 1 3 11 reset hwtacacs statistics Syntax reset hwtacacs statistics accounting authentication authorization all View User view Parameter accounting Clears all the HWTACACS accounting statistics authentication Clears all the HWTACACS authenticati...

Page 609: ... information on buffered stop accounting requests according to the request time where start time is the start time of the stop accounting request stop time is the end time of stop accounting request This argument is in the format hh mm ss mm dd yyyy or hh mm ss yyyy mm dd and is used to display the buffered stop accounting requests from the start time to the end time user name user name Displays i...

Page 610: ...ing command to enable stop accounting packet retransmission and configure the maximum number of stop accounting request attempts Use the undo retry stop accounting command to restore the default setting By default stop accounting packet retransmission is enabled and has 100 attempts for each request Related command reset stop accounting buffer hwtacacs scheme and display stop accounting buffer Exa...

Page 611: ...erver Note that z You are not allowed to assign the same IP address to both primary and secondary accounting servers otherwise unsuccessful operation is prompted z If you repeatedly use this command the latest configuration overwrites the previous one z You can remove an accounting server only when it is not being used by any active TCP connections Example Configure a secondary accounting server Q...

Page 612: ... is prompted z If you repeatedly use this command the latest configuration overwrites the previous one z You can remove an authentication server only when it is not being used by any active TCP connections Related command display hwtacacs Example Configure a secondary authentication server Quidway system view System View return to User View with Ctrl Z Quidway hwtacacs scheme hwt1 Quidway hwtacacs...

Page 613: ...e an authorization server only when it is not being used by any active TCP connections Related command display hwtacacs Example Configure the secondary authorization server Quidway system view System View return to User View with Ctrl Z Quidway hwtacacs scheme hwt1 Quidway hwtacacs hwt1 secondary authorization 10 163 155 13 49 1 3 17 timer quiet Syntax timer quiet minutes undo timer quiet View HWT...

Page 614: ...nterval Use the undo timer realtime accounting command to restore the default interval By default the real time accounting interval is 12 minutes Note that z Real time accounting interval is necessary for real time accounting After an interval value is set the switch transmits the accounting information of online users to the TACACS accounting server at intervals of this value z The setting of rea...

Page 615: ...ut Syntax timer response timeout seconds undo timer response timeout View HWTACACS scheme view Parameter seconds Length of the response timer in seconds It ranges from 1 to 300 and defaults to 5 Description Use the timer response timeout command to set the response timeout timer of the TACACS server Use the undo timer response timeout command to restore the default five seconds As the HWTACACS is ...

Page 616: ...isp name format The part following the sign is the ISP domain name according to which the switch assigns a user to the corresponding ISP domain However some earlier TACACS servers reject the user name including an ISP domain name In this case the user name is sent to the TACACS server after its domain name is removed Accordingly the switch provides this command to decide whether the username sent ...

Page 617: ...ACS EAD Quidway S3900 Series Ethernet Switches Release 1510 Chapter 1 AAA RADIUS HWTACACS Configuration Commands Huawei Technologies Proprietary 1 79 Quidway hwtacacs scheme hwt1 Quidway hwtacacs hwt1 user name format without domain ...

Page 618: ...icy server Use the undo security policy server command to delete the specified IP address You may specify up to eight security policy servers in a RADIUS scheme Each RADIUS scheme supports at most eight IP addresses of security policy servers The switch only responds to the session control packets coming from the authentication server and security policy server Example Set the IP address of the se...

Page 619: ...Command Manual AAA RADIUS HWTACACS EAD Quidway S3900 Series Ethernet Switches Release 1510 Chapter 2 EAD Configuration Commands Huawei Technologies Proprietary 2 2 user name format without domain ...

Page 620: ...uration Commands 1 1 1 1 1 display vrrp 1 1 1 1 2 reset vrrp statistics 1 3 1 1 3 vrrp authentication mode 1 3 1 1 4 vrrp method 1 4 1 1 5 vrrp ping enable 1 5 1 1 6 vrrp vlan interface vrid track 1 6 1 1 7 vrrp vrid preempt mode 1 7 1 1 8 vrrp vrid priority 1 8 1 1 9 vrrp vrid timer advertise 1 9 1 1 10 vrrp vrid track 1 10 1 1 11 vrrp vrid track detect group 1 11 1 1 12 vrrp vrid virtual ip 1 12...

Page 621: ...n id VLAN interface ID statistics Displays VRRP statistics virtual router id VRRP backup group ID ranging from 1 to 255 Description Use the display vrrp command to display the information about the VRRP state or VRRP statistics When VRRP status information is displayed z If the interface index and backup group ID are not specified the state information about all the backup groups on the switch is ...

Page 622: ...match 0 Packet Length Errors 0 Address List Errors 0 Become Master 2 Priority Zero Pkts Rcvd 0 Advertise Rcvd 0 Priority Zero Pkts Sent 1 Invalid Type Pkts Rcvd 0 Table 1 1 Description on the fields of the display vrrp statistics command Field Description Interface Interface in which the backup group resides VRID Backup group ID CheckSum Errors Number of checksum errors Version Errors Number of ve...

Page 623: ...rom 1 to 255 Description Use the reset vrrp command to clear the statistics information about VRRP When you execute this command z If the interface index and backup group ID are not specified the statistics information about all the backup groups on the switch is cleared z If only the interface index is specified the statistics information about all the backup groups on the interface will be clear...

Page 624: ...uthentication key for a VRRP backup group Use the undo vrrp authentication mode command to clear the configured authentication type and authentication key If the simple or md5 authentication is configured the authentication key is required This command sets the authentication type and authentication key for all the VRRP backup groups on an interface As defined in the protocol all the backup groups...

Page 625: ...e default map settings By default the virtual MAC address of a backup group is mapped to the IP address of the virtual router Note that as the mapping relationship between the MAC addresses of a backup group and a virtual router IP address cannot be configured after the backup group is created configure the mapping relationship before you create a backup group Example Map the real MAC address of a...

Page 626: ...id vrid virtual router id track View Ethernet port view Parameter virtual router id VRRP backup group ID ranging from 1 to 255 vlan id VLAN ID value reduced Value by which the priority of a switch is to decrease This argument ranges from 1 to 255 Description Use the vrrp vlan Interface vrid track command to enable the port tracking function on the physical ports of a backup group Use the undo vrrp...

Page 627: ...er id preempt mode View VLAN interface view Parameter virtual router id VRRP backup group ID ranging from 1 to 255 delay value Delay period in seconds ranging from 0 to 255 Description Use the vrrp vrid preempt mode command to configure a switch to operate in the preemptive mode and set the delay period Use the undo vrrp vrid preempt mode command to cancel the configuration By default switches in ...

Page 628: ...rmined frequently With the configuration of delay period the backup switch will wait for a while if it does not receive packets from the master switch in time A new master is determined only after the backup switches do not receive packets from the master switch after the specified delay time Note You can use the undo vrrp vrid preempt mode command to set switches in a backup group to operate in n...

Page 629: ... of 255 is for IP address owners That is the priority of a switch that owns a virtual router IP address is fixed to 255 and cannot be modified Example Set the priority to 120 for the switch in the backup group Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 2 Quidway Vlan interface2 vrrp vrid 1 priority 120 1 1 9 vrrp vrid timer advertise Syntax vrr...

Page 630: ...view Parameter virtual router id VRRP backup group ID ranging form 1 to 255 vlan id Specifies a VLAN interface ID value reduced Value by which the priority is to decrease This argument ranges from 1 to 255 Description Use the vrrp vrid track command to set a VLAN interface to be tracked Use the undo vrrp vrid track command to disable a VLAN interface from being tracked By default the value by whic...

Page 631: ...oes down Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 2 Quidway Vlan interface2 vrrp vrid 1 track vlan interface 1 reduced 50 1 1 11 vrrp vrid track detect group Syntax vrrp vrid virtual router id track detect group group number reduced value reduced undo vrrp vrid virtual router id track detect group group number View VLAN interface view Paramet...

Page 632: ...le Create detecting group 10 and specify to detect the IP address of 202 12 1 55 Quidway system view System View return to User View with Ctrl Z Quidway detect group 10 Quidway detect group 10 detect list 1 ip address 202 12 1 55 Specify to decrease the priority of backup group 1 by 20 when the result of the detecting group is unreachable Quidway interface vlan interface 2 Quidway Vlan interface2 ...

Page 633: ...d can also be used to remove an existing backup group A backup group is removed if all the virtual router IP addresses configured for it are removed Example Create a backup group Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 2 Quidway Vlan interface2 vrrp vrid 1 virtual ip 10 10 10 10 Add a virtual router IP address to an existing backup group Qui...

Page 634: ...ized MAC Address Authentication Configuration Commands 1 1 1 1 1 display mac authentication 1 1 1 1 2 mac authentication 1 3 1 1 3 mac authentication interface 1 4 1 1 4 mac authentication authmode usernameasmacaddress 1 5 1 1 5 mac authentication authmode usernamefixed 1 6 1 1 6 mac authentication authpassword 1 7 1 1 7 mac authentication authusername 1 7 1 1 8 mac authentication domain 1 8 1 1 9...

Page 635: ...terface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the display mac authentication command to display global information about centralized MAC address authentication including z The state of centralized MAC address authentication enabled disabled z Timer settings z The ...

Page 636: ...ode which defaults to mac Fixed password Password used in the fixed mode which is not configured by default offline detect period Setting of the offline detect timer which sets the time interval to check whether a user goes offline and defaults to 300 seconds quiet period Setting of the quiet timer which sets the quiet period A switch goes through a quiet period if a user fails to pass the MAC add...

Page 637: ... the port MAC ADDR Peer MAC address Authenticate state The state of the users accessing the network through the port which can be z MAC_AUTHENTICATOR_CONNECTING Connecting z MAC_AUTHENTICATOR_SUCCESS Authentication passed z MAC_AUTHENTICATOR_FAILURE Fail to pass authentication z MAC_AUTHENTICATOR_LOGOFF Offline AuthIndex Index of the current MAC address with regard to the authentication port 1 1 2...

Page 638: ...faults are adopted when you enable centralized MAC address authentication Example Enable centralized MAC address authentication globally Quidway system view System View return to User View with Ctrl Z Quidway mac authentication MAC Authentication is already enabled globally Enable centralized MAC address authentication for Ethernet 1 0 1 port Quidway interface Ethernet 1 0 1 Quidway Ethernet1 0 1 ...

Page 639: ...ss authentication globally z The configuration of the maximum number of learned MAC addresses configured through the mac address max mac count command is unavailable for the ports with centralized MAC address authentication enabled Similarly the centralized MAC address authentication is unavailable for the ports with the maximum number of learned MAC addresses configured Example Enable centralized...

Page 640: ...s authentication Example Specify centralized MAC address authentication mode as MAC address using hyphened MAC addresses as the usernames and passwords Quidway system view System View return to User View with Ctrl Z Quidway mac authentication authmode usernameasmacaddress usernameformat with hyphen 1 1 5 mac authentication authmode usernamefixed Syntax mac authentication authmode usernamefixed und...

Page 641: ...ring comprising 1 to 63 characters Description Use the mac authentication authpassword command to set a password for centralized MAC address authentication when the fixed mode is adopted Use the undo mac authentication authpassword command to cancel the configured password By default no password is set when the fixed mode is adopted Example Set the password to mac Quidway system view System View r...

Page 642: ...ntication authusername vipuser 1 1 8 mac authentication domain Syntax mac authentication domain isp name undo mac authentication domain View System view Parameter isp name ISP domain name a string comprising up to 24 characters Note that this argument cannot be null and cannot contain these characters and Description Use the mac authentication domain command to configure an ISP domain for centrali...

Page 643: ...lts to 60 After a user fails to pass the authentication performed by a switch the switch quiets for a specific period the quiet period before it authenticates users again server timeout value Server timeout timer setting in seconds This argument ranges from 1 to 65 535 and defaults to 100 During authentication the switch prohibits a user from accessing the network through the corresponding port if...

Page 644: ...set mac authentication command to clear the centralized MAC address authentication statistics If you execute this command with the interface keyword specified the centralized MAC address authentication statistics of the specified port is cleared If the keyword is not specified the command clears the global centralized MAC address authentication statistics Example Clear the centralized MAC address ...

Page 645: ... enable 1 1 1 1 2 arp static 1 1 1 1 3 arp timer aging 1 2 1 1 4 display arp 1 3 1 1 5 display arp 1 5 1 1 6 display arp count 1 6 1 1 7 display arp timer aging 1 6 1 1 8 gratuitous arp learning enable 1 7 1 1 9 reset arp 1 8 Chapter 2 Resilient ARP Configuration Commands 2 1 2 1 Resilient ARP Configuration Commands 2 1 2 1 1 display resilient arp 2 1 2 1 2 resilient arp enable 2 1 2 1 3 resilient...

Page 646: ...ticast MAC address ARP entries for MAC addresses learned Use the undo arp check enable command to disable the ARP entry checking function In this case a switch creates multicast MAC address ARP entries for MAC addresses learned By default the ARP entry checking function is enabled Example Configure to create multicast MAC address ARP entries for MAC addresses learned Quidway system view System Vie...

Page 647: ...ynamic address mapping entries are generated by ARP Note that z Static ARP mapping entries are valid as long as the Ethernet switch operates However an ARP mapping entry is removed if the corresponding VLAN is removed By default a dynamic ARP mapping entry remains valid for 20 minutes z As for the arp static command the value of the vlan id argument must be the ID of an existing VLAN and the port ...

Page 648: ... dynamic ARP mapping entries is 20 minutes Related command display arp timer aging Example Configure the aging time to be 10 minutes for dynamic ARP mapping entries Quidway system view System View return to User View with Ctrl Z Quidway arp timer aging 10 1 1 4 display arp Syntax display arp dynamic static ip address View Any view Parameter dynamic Displays dynamic ARP mapping entries static Displ...

Page 649: ...8 0 32 0000 e8f5 73ee 1 Ethernet1 0 2 16 D 192 168 0 3 0014 222c aa69 1 Ethernet1 0 2 16 D 192 168 0 17 000d 88f6 379c 1 Ethernet1 0 2 17 D 192 168 0 115 000d 88f7 9f7d 1 Ethernet1 0 2 18 D 192 168 0 43 000c 760a 172d 1 Ethernet1 0 2 18 D 192 168 0 33 000d 88f6 44ba 1 Ethernet1 0 2 20 D 192 168 0 35 00e0 fc02 2181 1 Ethernet1 0 2 20 D 192 168 0 5 000f 3d80 2b38 1 Ethernet1 0 2 20 D 14 entries foun...

Page 650: ...g given by the text argument include Displays the ARP mapping entries that contain the specified string given by the text argument text String used to filter ARP mapping entries Description Use the display arp command to display the ARP mapping entries related to string in a specified way Related command arp static reset arp Example Display all the ARP mapping entries that contain the string 77 Qu...

Page 651: ...contains the string given by the text argument exclude Counts the ARP mapping entries that do not contain the string given by the text argument Include Counts the ARP mapping entries that contain the string given by the text argument text String used to filter ARP mapping entries ip address IP address The ARP mapping entries containing the IP address are to be counted in Description Use the displa...

Page 652: ...arp learning enable Syntax gratuitous arp learning enable undo gratuitous arp learning enable View System view Parameter None Description Use the gratuitous arp learning enable command to enable the gratuitous ARP packet learning function Use the undo gratuitous arp learning enable command to disable the gratuitous ARP packet learning function By default the gratuitous ARP packet learning function...

Page 653: ...dwayA QuidwayA system view System View return to User View with Ctrl Z QuidwayA gratuitous arp learning enable 1 1 9 reset arp Syntax reset arp dynamic static interface interface type interface number View User view Parameter dynamic Clears dynamic ARP mapping entries static Clears static ARP mapping entries interface type Port type interface number Port number Description Use the reset arp comman...

Page 654: ... this command is to display Resilient ARP state information of all units If the unit id is specified this command is to display the Resilient ARP state information of the specified unit Example Display the information about Resilient ARP state of unit 1 Quidway display resilient arp unit 1 The state of unit 1 is L3Master The sending interface s Vlan interface1 Vlan interface2 The above information...

Page 655: ...ARP function Quidway system view System View return to User View with Ctrl Z Quidway resilient arp enable 2 1 3 resilient arp interface vlan interface Syntax resilient arp interface Vlan interface vlan id undo resilient arp interface Vlan interface vlan id View System view Parameter vlan id VLAN interface ID Description Use the resilient arp interface Vlan interface command to configure the VLAN i...

Page 656: ...apter 2 Resilient ARP Configuration Commands Huawei Technologies Proprietary 2 3 Example Configure the Resilient ARP packets to be sent from the VLAN 2 interface Quidway system view System View return to User View with Ctrl Z Quidway resilient arp interface Vlan interface 2 ...

Page 657: ... 1 1 13 dhcp server netbios type 1 14 1 1 14 dhcp server option 1 16 1 1 15 dhcp server ping 1 17 1 1 16 dhcp server relay information enable 1 18 1 1 17 dhcp server static bind 1 18 1 1 18 dhcp server voice config 1 20 1 1 19 dhcp server voice config interface 1 21 1 1 20 display dhcp server conflict 1 23 1 1 21 display dhcp server expired 1 23 1 1 22 display dhcp server free ip 1 25 1 1 23 displ...

Page 658: ...cp relay information strategy 2 3 2 1 5 dhcp security static 2 4 2 1 6 dhcp security tracker 2 5 2 1 7 dhcp server 2 6 2 1 8 dhcp server detect 2 7 2 1 9 dhcp server ip 2 8 2 1 10 display dhcp security 2 8 2 1 11 display dhcp server 2 9 2 1 12 display dhcp server interface 2 11 2 1 13 reset dhcp server 2 12 Chapter 3 DHCP Snooping Configuration Commands 3 1 3 1 DHCP Snooping Configuration Commands...

Page 659: ...r ip ip address IP address of the remote BIMS server port port number Port number of the remote BIMS ranging from 1 to 65534 sharekey key Shared key of the remote BIMS server a string containing 1 to 16 characters It cannot be null Description Use the bims server command to configure the connection between a DHCP global address pool and a BIMS server Use the undo bims server command to remove the ...

Page 660: ...le Syntax dhcp enable undo dhcp enable View System view Parameter None Description Use the dhcp enable command to enable DHCP Use the undo dhcp enable command to disable DHCP By default DHCP is enabled You must first enable DHCP before performing other DHCP related configurations This configuration is necessary for both DHCP servers and DHCP relays Note To prevent malicious attacks to unused socke...

Page 661: ...system view System View return to User View with Ctrl Z Enable DHCP Quidway dhcp enable 1 1 3 dhcp select global Syntax VLAN interface view dhcp select global undo dhcp select System view dhcp select global interface interface type interface number to interface type interface number all undo dhcp select interface interface type interface number to interface type interface number all View System vi...

Page 662: ...Enter system view Quidway system view System View return to User View with Ctrl Z Configure all interfaces to operate in global DHCP address pool mode so that when a DHCP packet is received from a DHCP client through any interface the DHCP server assigns an IP address in local global DHCP address pools to the DHCP client Quidway dhcp select global all 1 1 4 dhcp select interface Syntax VLAN interf...

Page 663: ...witch security S3900 series Ethernet switches provide the following functions z When DHCP is enabled sockets UDP 67 and UDP 68 used by DHCP are enabled z When DHCP is disabled sockets UDP 67 and UDP 68 are disabled at the same time The preceding functions are implemented as follows z After you configure a DHCP interface address pool by using the dhcp select interface command sockets UDP 67 and UDP...

Page 664: ...umber to interface type interface number Specifies an interface operating in the interface address pool mode all Specifies all interfaces Description Use the dhcp server bims server command to configure the connection between a DHCP interface address pool and a remote BIMS server Use the undo dhcp server bims server command to remove the configuration of the connection between a DHCP interface glo...

Page 665: ...tecting function is disabled With the private DHCP server detecting function enabled a DHCP server tracks the information such as the IP addresses and interfaces of DHCP servers to enable the administrator to detect private DHCP servers in time and take proper measures Example Enter system view Quidway system view System View return to User View with Ctrl Z Enable the private DHCP server detecting...

Page 666: ...ss argument Specifies all DNS server IP addresses all In comparison with the interface keyword Specifies all interface address pools Description Use the dhcp server dns list command to configure DNS server IP address es for the DHCP address pool s of specified interface s Use the undo dhcp server dns list command to remove the DNS server IP address es configured for the DHCP address pool s of the ...

Page 667: ...IP addresses are from the specified interface address pool s This argument is a string of 3 to 50 characters interface interface type interface number to interface type interface number Specifies the interface s through which you can specify the corresponding interface address pool s all Specifies all interface address pools Description Use the dhcp server domain name command to configure a domain...

Page 668: ...System view VLAN interface view Parameter day day Specifies the number of days The day argument ranges from 0 to 365 hour hour Specifies the number of hours The hour argument ranges from 0 to 23 minute minute Specifies the number of minutes The minute argument ranges from 0 to 59 unlimited Specifies that the lease time is unlimited But actually the system limits the maximum lease time to about 25 ...

Page 669: ...omatically An IP address of this kind is known as a forbidden IP address This argument also marks the lower end of the range of the forbidden IP addresses high ip address IP address that is not available for being assigned to DHCP clients This argument also marks the higher end of the range of the forbidden IP addresses Note that this argument cannot be less than the low ip address argument If you...

Page 670: ...le Enter system view Quidway system view System View return to User View with Ctrl Z Forbid the IP addresses in the range 10 110 1 1 to 10 110 1 63 to be automatically assigned Quidway dhcp server forbidden ip 10 110 1 1 10 110 1 63 1 1 11 dhcp server ip pool Syntax dhcp server ip pool pool name undo dhcp server ip pool pool name View System view Parameter pool name Name of a DHCP address pool whi...

Page 671: ...UDP 67 and UDP 68 will be enabled z After you delete the DHCP address pool by using the undo dhcp server ip pool command and disable all the DHCP functions sockets UDP 67 and UDP 68 will be disabled Example Enter system view Quidway system view System View return to User View with Ctrl Z Create DHCP address pool 0 Quidway dhcp server ip pool 0 Quidway dhcp pool 0 1 1 12 dhcp server nbns list Synta...

Page 672: ...ss pools Description Use the dhcp server nbns list command to configure NetBIOS server IP address es for the specified DHCP interface address pool s Use the undo dhcp server nbns list command to remove the NetBIOS server IP address es configured for the specified DHCP interface address pool s By default no NetBIOS server IP address is configured for a DHCP interface address pool If you execute the...

Page 673: ...d h node Specifies the hybrid type Nodes of this type are b nodes with peer to peer communicating features interface interface type interface number to interface type interface number Specifies the interface s through which you can specify the corresponding interface address pools all Specifies all interface address pools Description Use the dhcp server netbios type command to configure the NetBIO...

Page 674: ...r voice config command and the dhcp server voice config interface command to configure option 184 You cannot configure option 184 by executing the dhcp server option command ascii ascii string Specifies a string that is of 1 to 63 characters Note that each character of the string must be an ASCII character hex hex string 1 10 Specifies strings each of which comprises 1 to 8 hexadecimal digits 1 10...

Page 675: ...d 0x22 for all DHCP interface address pools Quidway dhcp server option 100 hex 11 22 all 1 1 15 dhcp server ping Syntax dhcp server ping packets number timeout milliseconds undo dhcp server ping packets timeout View System view Parameter packets number Specifies the number of the packets to be sent in a ping test The number argument ranges from 0 to 10 and defaults to 2 Value 0 means no packet wil...

Page 676: ...ation enable View System view Parameter None Description Use the dhcp server relay information enable command to enable the DHCP server to support option 82 Use the undo dhcp server relay information enable command to disable the DHCP server from supporting option 82 By default the DHCP server supports option 82 Example Disable the DHCP sever from supporting option 82 Quidway system view System Vi...

Page 677: ...ally bound to only one MAC address or one client ID A MAC address or client ID can be bound with only one IP address statically z The IP address to be statically bound cannot be an interface IP address of the device otherwise the static binding does not take effect The bound MAC address can also obtain another IP address Example Enter system view Quidway system view System View return to User View...

Page 678: ... 094 enable Enables a VLAN disable Disables a VLAN dialer string Fail over dial number string The value contains 0 to 9 and the wildcard asterisk Description Use the dhcp server voice config command to enable the DHCP server to assign IP addresses with option 184 and its sub options from the current interface address pool Use the undo dhcp server voice config command to disable the DHCP server fro...

Page 679: ...uidway Vlan interface1 dhcp server voice config fail over 3 3 3 3 99 1 1 19 dhcp server voice config interface Syntax dhcp server voice config ncp ip ip address as ip ip address voice vlan vlan id enable disable fail over ip address dialer string interface interface type interface number to interface type interface number all undo dhcp server voice config ncp ip as ip voice vlan fail over interfac...

Page 680: ...A DHCP server sends Option 184 and the corresponding sub options to a DHCP client only when the latter requests for option 184 The NCP IP sub option is necessary for all other sub options You need to configure the NCP IP sub option first to enable other sub options By default option 184 and its sub options are not supported by a DHCP server Related command voice config Example Enter system view Qu...

Page 681: ... display the statistics of IP address conflicts on the DHCP server Related command reset dhcp server conflict Example Display the statistics of IP address conflicts Quidway display dhcp server conflict all Address Discover Time 10 110 1 2 Jan 11 2003 11 57 07 PM Table 1 1 Description on the fields of the display dhcp server conflict command Field Description Address Conflicting IP address Discover...

Page 682: ...ss or the lease expiration information about all IP addresses in one or all DHCP address pools When all the IP addresses in an address pool are assigned the DHCP server assigns the IP addresses that are expired to DHCP clients Example Display the lease expiration information about the IP addresses in all DHCP address pools Quidway display dhcp server expired all Global pool IP address Client ident...

Page 683: ...ion Use the display dhcp server free ip command to display the free that is unassigned IP addresses Example Display the free IP addresses Quidway display dhcp server free ip IP Range from 1 0 0 0 to 2 2 2 1 IP Range from 2 2 2 3 to 2 255 255 255 IP Range from 4 0 0 0 to 4 255 255 255 IP Range from 5 5 5 0 to 5 5 5 0 IP Range from 5 5 5 2 to 5 5 5 255 1 1 23 display dhcp server ip in use Syntax dis...

Page 684: ...d DHCP address pool s or all DHCP address pools Related command reset dhcp server ip in use Example Display the address binding information of all DHCP address pools Quidway display dhcp server ip in use all Global pool IP address Client identifier Lease expiration Type Hardware address 2 2 2 2 44444 4444 4444 NOT Used Manual Interface pool IP address Client identifier Lease expiration Type Hardwa...

Page 685: ...tatistics View Any view Parameter None Description Use the display dhcp server statistics command to display the statistics on a DHCP server Related command reset dhcp server statistics Example Display the statistics on a DHCP server Quidway display dhcp server statistics Global Pool Pool Number 5 Binding Auto 0 Manual 1 Expire 0 Interface Pool Pool Number 1 Binding Auto 1 Manual 0 Expire 0 Boot R...

Page 686: ...rface address pools Pool Number Number of address pools Auto Number of the automatically bound IP addresses Manual Number of the manually bound IP addresses Expire Number of the expired IP addresses Boot Request 6 Dhcp Discover 1 Dhcp Request 4 Dhcp Decline 0 Dhcp Release 1 Dhcp Inform 0 Statistics about the DHCP packets received from DHCP clients Boot Reply 4 Dhcp Offer 1 Dhcp Ack 3 Dhcp Nak 0 St...

Page 687: ...pplies to all VLAN interfaces all Specifies all address pools Description Use the display dhcp server tree command to display information about address pool tree Example Display the information about address pool tree Quidway display dhcp server tree all Global pool Pool name 5 network 10 10 1 0 mask 255 255 255 0 Child node 6 Sibling node 7 option 1 ip address 255 0 0 0 expired 1 0 0 Pool name 6 ...

Page 688: ...e information about the following types of node Child node Displays the information about an address pool that is a child of the current address pool Parent node Displays the information about the address pool that is the parent of the current address pool Sibling node Displays the information about the next sibling address pool of the current address pool The order of sibling address pools are de...

Page 689: ...ses with a space all Specifies all configured DNS server IP addresses Description Use the dns list command to configure one or multiple DNS server IP addresses for a global DHCP address pool Use the undo dns list command to remove one or all DNS server IP addresses configured for the DHCP address pool By default no DNS server IP address is configured If you execute the dns list command repeatedly ...

Page 690: ... for the DHCP clients of a global DHCP address pool Use the undo domain name command to remove the domain name By default no domain name is configured for the DHCP clients of a global DHCP address pool Related command dhcp server ip pool and dhcp server domain name Example Enter system view Quidway system view System View return to User View with Ctrl Z Configure the domain name mydomain com for t...

Page 691: ...pool Use the undo expired command to restore the default lease time The default lease time is one day Note that an IP address is considered to be expired if its lease time is after the year 2106 Related command dhcp server ip pool and dhcp server expired Example Enter system view Quidway system view System View return to User View with Ctrl Z Set the lease time of the IP addresses in the global DH...

Page 692: ...w return to User View with Ctrl Z Configure the gateway IP address 10 110 1 99 for the global DHCP address pool 0 Quidway dhcp server ip pool 0 Quidway dhcp pool 0 gateway list 10 110 1 99 1 1 30 nbns list Syntax nbns list ip address 1 8 undo nbns list ip address all View DHCP address pool view Parameter ip address 1 8 IP address of a NetBIOS server 1 8 means you can provide up to eight NetBIOS se...

Page 693: ...s type View DHCP address pool view Parameter b node Specifies the broadcast type Nodes of this type acquire host name to IP address mapping by broadcasting p node Specifies the peer to peer type Nodes of this type acquire host name to IP address mapping by communicating with the NetBIOS server m node Specifies the mixed type Nodes of this type are p nodes with some broadcasting features h node Spe...

Page 694: ...Specifies a subnet mask in dotted decimal notation If neither subnet mask nor mask length is specified in this command the default subnet mask is adopted Description Use the network command to configure a dynamically assigned IP address range where IP addresses will be dynamically assigned to DHCP clients Use the undo network command to remove a dynamically assigned IP address range By default no ...

Page 695: ...ing the option command ascii ascii string Specifies a string that is of 1 to 63 characters Note that each character of the string needs to be an ASCII character hex hex string 1 10 Specifies strings each of which comprises of 1 to 8 hexadecimal digits The 1 10 means that you can provide up to 10 such strings When entering more than one strings separate two neighboring strings with a space Note tha...

Page 696: ...server conflict all ip ip address View User view Parameter ip ip address Specifies an IP address whose conflict statistics will be cleared all Clears all address conflict statistics Description Use the reset dhcp server conflict command to clear address conflict statistics Related command display dhcp server conflict Example Clear all address conflict statistics Quidway reset dhcp server conflict ...

Page 697: ...is the name of an address pool If you do not provide this argument this command clears the dynamic address binding information about all global address pools Description Use the reset dhcp server ip in use command to clear the specified or all dynamic address binding information Related command display dhcp server ip in use Example Clear the dynamic address binding information about the IP address...

Page 698: ... client ID is statically bound Note that z The static bind client identifier command must be used together with the static bind ip address command to respectively specify a statically bound client ID and an IP address z If you execute this command or the static bind mac address command repeatedly the new configuration overwrites the previous one Related command dhcp server ip pool static bind ip a...

Page 699: ...ddress By default no IP address is statically bound Note that z The static bind ip address command must be used together with the static bind mac address command or the static bind client identifier command to respectively specify a statically bound IP address MAC address or client ID z If you execute the static bind ip address command repeatedly the new configuration overwrites the previous one R...

Page 700: ... the static bind mac address command to respectively specify a statically bound IP address and MAC address z If you execute the static bind mac address command or the static bind client identifier command repeatedly the new configuration overwrites the previous one Related command dhcp server ip pool and static bind ip address Example Enter system view Quidway system view System View return to Use...

Page 701: ...bal address pool Use the undo voice config command to remove option 184 and its sub options from the global address pool The DHCP server answers option 184 and the corresponding sub options only after the DHCP client requests option 184 By default the DHCP server does not support option 184 and the corresponding sub options Related command dhcp server voice config Example Enter system view Quidway...

Page 702: ...3900 Series Ethernet Switches Release 1510 Chapter 1 DHCP Server Configuration Commands Huawei Technologies Proprietary 1 44 Quidway dhcp pool 123 voice config voice vlan 3 enable Quidway dhcp pool 123 voice config fail over 3 3 3 3 99 ...

Page 703: ...LAN interface so as to start the validity check on user addresses under the VLAN interface Use the address check disable command to disable DHCP relay security so as to stop the validity check on user addresses under the VLAN interface By default DHCP relay security is disabled on a VLAN interface Note that among S3900 series switches only S3900 EI series switches support the two commands Example ...

Page 704: ...e the DHCP relay handshake function By default the DHCP relay handshake function is enabled Example Disable the DHCP relay handshake function Quidway system view System View return to User View with Ctrl Z Quidway dhcp relay hand disable 2 1 3 dhcp relay information enable Syntax dhcp relay information enable undo dhcp relay information enable View System view Parameter None Description Use the dh...

Page 705: ...ion 82 supporting is enabled on the DHCP relay the device does not change the configured processing policies Related command dhcp relay information strategy Example Enter system view Quidway system view System View return to User View with Ctrl Z Enable option 82 supporting on a DHCP relay Quidway dhcp relay information enable Disable option 82 supporting on a DHCP relay Quidway undo dhcp relay in...

Page 706: ... information enable Example Enter system view Quidway system view System View return to User View with Ctrl Z Instruct the DHCP relay to discard the DHCP request packets that carry option 82 Quidway dhcp relay information strategy drop Instruct the DHCP relay to perform the default operations to DHCP request packets that carry option 82 Quidway undo dhcp relay information strategy 2 1 5 dhcp secur...

Page 707: ...02 F2B3 Quidway dhcp security static 1 1 1 1 0005 5D02 F2B3 2 1 6 dhcp security tracker Syntax dhcp security tracker interval auto undo dhcp security tracker interval View System view Parameter interval Interval in seconds to update DHCP security entries This argument ranges from 1 to 120 seconds auto Specifies that the interval to update DHCP security entries is automatically determined by the nu...

Page 708: ... DHCP server group Use the undo dhcp server command to cancel the mapping Related command dhcp server ip display dhcp server and display dhcp server interface vlan interface Note To prevent malicious attacks to unused sockets and enhance security S3900 series Ethernet switches provide the following functions z When DHCP is enabled sockets UDP 67 and UDP 68 used by DHCP are enabled z When DHCP is d...

Page 709: ...8 dhcp server detect Syntax dhcp server detect undo dhcp server detect View System view Parameter None Description Use the dhcp server detect command to enable the switch serving as a DHCP relay to detect pseudo DHCP servers Use the undo dhcp server detect command to disable the pseudo DHCP server detection function By default the pseudo DHCP server detection function is disabled Related command d...

Page 710: ...escription Use the dhcp server ip command to configure the DHCP server IP address es in a specified DHCP server group Use the undo dhcp server command to remove all DHCP server IP addresses in a DHCP server group Related command dhcp server and display dhcp server Example Enter system view Quidway system view System View return to User View with Ctrl Z Configure three DHCP server IP addresses 1 1 ...

Page 711: ... user address entries in the valid user address table of a DHCP server group Note that among S3900 series switches only S3900 EI series switches support this command Example Display all user address entries contained in the valid user address table of the DHCP server group Quidway display dhcp security IP Address MAC Address IP Address Type 2 2 2 3 0005 5d02 f2b2 Static 3 3 3 3 0005 5d02 f2b3 Dyna...

Page 712: ...s of DHCP server group 0 3 3 3 3 IP address of DHCP server group 0 4 4 4 4 IP address of DHCP server group 0 5 5 5 5 IP address of DHCP server group 0 6 6 6 6 IP address of DHCP server group 0 7 7 7 7 IP address of DHCP server group 0 8 8 8 8 Messages from this server group 0 Messages to this server group 0 Messages from clients to this server group 0 Messages from this server group to clients 0 D...

Page 713: ...DHCP_OFFER messages Number of the received DHCP OFFER packets DHCP_ACK messages Number of the received DHCP ACK packets DHCP_NAK messages Number of the received DHCP NAK packets DHCP_DECLINE messages Number of the received DHCP DECLINE packets DHCP_DISCOVER messages Number of the received DHCP DISCOVER packets DHCP_REQUEST messages Number of the received DHCP REQUEST packets DHCP_INFORM messages N...

Page 714: ...group to which VLAN 2 interface is mapped Quidway display dhcp server interface vlan interface 2 Dhcp group 0 is configured on this interface The above display information indicates the VLAN 2 interface is mapped to DHCP server group 0 2 1 13 reset dhcp server Syntax reset dhcp server groupNo View User view Parameter groupNo DHCP server group number ranging from 0 to 19 Description Use the reset d...

Page 715: ... None Description Use the dhcp snooping command to enable the DHCP snooping function so as to allow the switch to listen to the DHCP broadcast packets Use the undo dhcp snooping command to disable the DHCP snooping function By default the DHCP snooping function is disabled Related command display dhcp snooping Example Enter system view Quidway system view System View return to User View with Ctrl ...

Page 716: ...nnect DHCP clients or networks z Trusted ports forward any received DHCP packets to ensure that DHCP clients can obtain IP addresses from valid DHCP servers Untrusted ports discard the DHCP ACK and DHCP OFF responses received from DHCP servers z By default all the ports of a switch are untrusted ports Related command display dhcp snooping trust Example Enter system view Quidway system view System ...

Page 717: ...nooping is enabled The client binding table for all untrusted ports Type D Dynamic S Static Unit ID 1 Type IP Address MAC Address Lease VLAN Interface 0 dhcp snooping item s of unit 1 found 3 1 4 display dhcp snooping trust Syntax display dhcp snooping trust View Any view Parameter None Description Use the display dhcp snooping trust command to display the enabled disabled state of the DHCP snoopi...

Page 718: ...witches Release 1510 Chapter 3 DHCP Snooping Configuratio n Commands Huawei Technologies Proprietary 3 4 Ethernet1 0 10 Trusted The above display information indicates that the DHCP snooping function is enabled and the Ethernet1 0 10 port is a trusted port ...

Page 719: ... view Parameter domain name Name of a domain a string of 1 to 24 characters You can use the domain command to create a domain Description Use the accounting domain command to enable the DHCP accounting function Use the undo accounting domain command to disable the DHCP accounting function Example Enter system view Quidway system view System View return to User View with Ctrl Z Enter DHCP address p...

Page 720: ...L Commands 1 1 1 1 ACL Configuration Commands 1 1 1 1 1 acl 1 1 1 1 2 description 1 2 1 1 3 display acl 1 3 1 1 4 display packet filter 1 4 1 1 5 display time range 1 4 1 1 6 packet filter 1 6 1 1 7 rule Basic ACL 1 7 1 1 8 rule Advanced ACL 1 8 1 1 9 rule Layer 2 ACL 1 14 1 1 10 rule user defined ACL 1 16 1 1 11 rule comment 1 18 1 1 12 time range 1 19 ...

Page 721: ...not available for Layer 2 ACLs or user defined ACLs Match orders include z config Specifies to match ACL rules in the order they are defined z auto Specifies to match ACL rules according to the depth first rule all Specifies to delete all ACLs Description Use the acl command to define an ACL and enter the corresponding ACL view Use the undo acl command to delete all entries of an ACL or to delete ...

Page 722: ... depth first order rules with smaller ranges are matched first to match rules If neither match orders are specified the configured match order will be adopted You cannot modify the match order for an ACL once you have specified it unless you delete all the entries of the ACL The ACL match order feature is effective only when the ACL is referenced by software for data filtering and traffic classifi...

Page 723: ...tailed configuration information of an ACL including each rule and its number as well as the number and size in bytes of the data packets that match the statement The number of times matched in the information displayed by this command is the number of matched times processed by the software namely the number of matched times of the ACL to be processed by the CPU of the switch To make statistics o...

Page 724: ...ication information of packet filtering including the ACL name rule names and application status Example Display the application information of packet filtering on Unit 1 Quidway display packet filter unitid 1 1 1 5 display time range Syntax display time range all name View Any view Parameter all Specifies to display all time ranges name Name of a time range a string that starts with a z A Z and c...

Page 725: ...s time range is currently in the inactive state while Active indicates that the time range is in the active state and the time range is from 8 30 February 5 2005 to 18 00 February 19 2005 Display the time range named tm1 Quidway display time range tm1 Current time is 14 37 31 Apr 3 2003 Thursday Time range tm1 Inactive from 08 30 2 5 2005 to 18 00 2 19 2005 Table 1 2 Description of the fields of t...

Page 726: ...anced ACL separately ip group acl number Apply one rule in an IP type ACL separately ip group acl number rule rule Apply all rules in a Layer 2 ACL separately link group acl number Apply one rule in a Layer 2 ACL separately link group acl number rule rule Apply all rules in a user defined ACL separately user group acl number Apply one rule in a user defined ACL separately user group acl number rul...

Page 727: ...any time range time name undo rule rule id fragment source time range View Basic ACL view Parameter 1 Parameters of the rule command rule id ACL rule ID in the range of 0 to 65 534 deny Drops packets that satisfy the condition permit Permits packets that satisfy the condition to pass fragment Specifies that the rule takes effect on non initial fragment packets source sour addr sour wildcard any Sp...

Page 728: ...splay acl command In the case that you specify the rule ID when defining a rule z If the rule corresponding to the specified rule ID already exists you will edit the rule and the modified part in the rule will replace the original content while other parts remain unchanged z If the rule corresponding to the specified rule ID does not exists you will create and define a new rule z The content of a ...

Page 729: ...he protocols carried by IP When expressed in numerals the value range is 1 to 255 When expressed with a name the value can be GRE ICMP IGMP IP IPinIP OSPF TCP and UDP source sour addr sour wildcard any Source address information Specifies the source address information in the rule sour addr sour wildcard is used to specify the source address of the packet expressed in dotted decimal notation any r...

Page 730: ... is active Note sour wildcard dest wildcard is the complement of the wildcard mask of the source destination subnet mask For example you need to input 0 0 255 255 to specify the subnet mask 255 255 0 0 The arguments can be set as 0 to represent the host IP address To define DSCP priority you can directly input a value ranging from 0 to 63 or input a keyword listed in 错误 未找到引用源 Table 1 5 Descriptio...

Page 731: ...ecific rule information Parameter Type Function Description source port operator port1 port2 Source port s Defines the source port information of UDP TCP packets destination port operator port1 port2 Destination port s Defines the destination port information of UDP TCP packets The value of operator can be lt less than gt greater than eq equal to neq not equal to or range within the range of Only ...

Page 732: ...formation of ICMP packets Specifies the type and message code information of ICMP packets in the rule icmp type ICMP message type ranging 0 to 255 icmp code ICMP message code ranging 0 to 255 If the protocol type is ICMP you can also directly input the ICMP message name after the icmp type argument Table 1 8 describes some common ICMP messages Table 1 8 ICMP messages Name ICMP TYPE ICMP CODE echo ...

Page 733: ...t in the rule corresponding to the rule ID source port Deletes the settings of the source port part in the rule corresponding to the rule ID This keyword is available only when TCP or UDP is defined in the rule destination Deletes the settings of the destination address part in the rule corresponding to the rule ID destination port Deletes the settings of the destination port part in the rule corr...

Page 734: ...ed z If the rule corresponding to the specified rule ID does not exists you will create and define a new rule z The content of a modified or created rule must not be identical with the content of any existing rule otherwise the rule modification or creation will fail and the system will prompt that the rule already exists If you do not specify a rule ID you will create and define a new rule and th...

Page 735: ...to specify the mask bit source source addr source mask vlan id Source MAC address information Specifies the source MAC address range in the rule source addr source MAC address in the format of H H H source mask source MAC address mask in the format of H H H vlan id source VLAN ID in the range of 1 to 4 094 dest dest addr dest mask Destination MAC address information Specifies the destination MAC a...

Page 736: ...rts remain unchanged z If the rule corresponding to the specified rule ID does not exists you will create and define a new rule z The content of a modified or created rule must not be identical with the content of any existing rule otherwise the rule modification or creation will fail and the system will prompt that the rule already exists If you do not specify a rule ID you will create and define...

Page 737: ...g into consideration when configuring the offset parameter z The packets processed by the switch have VLAN tags One VLAN tag occupies 4 bytes z If VLAN VPN is disabled the packets processed by the switch have 4 bytes of VLAN tag z If VLAN VPN is enabled a 4 bytes of VLAN tag is added to the packets that the switch receives The packets will have two VALN tags no matter the received packets have VLA...

Page 738: ...ew rule and the system will assign an ID for the rule automatically Example Define a rule to forbid all TCP packets to pass through Quidway system view System View return to User View with Ctrl Z Quidway acl number 5001 Quidway acl user 5001 rule 25 deny 06 ff 35 time range t1 1 1 11 rule comment Syntax rule rule id comment text undo rule rule id comment View Advanced ACL view Layer 2 ACL view use...

Page 739: ...of the week Day of the week when the special time range is effective Optional argument Available arguments and argument combinations are as follows z Numerals 0 to 6 z Monday Tuesday Wednesday Thursday Friday Saturday and Sunday z Working days Monday through Friday z Off days Saturday and Sunday z Daily namely everyday of the week from start time start date Specifies the start date of a special ti...

Page 740: ...solute time section are defined in a time range the time range is active only when the periodic time range and the absolute time range are both matched Assume that a time range defines an absolute time section from 00 00 January 1 2004 to 23 59 December 31 2004 and a periodic time section from 12 00 to 14 00 every Wednesday This time range is active only from 12 00 to 14 00 every Wednesday in 2004...

Page 741: ...terface traffic statistic 1 6 1 1 9 display queue scheduler 1 7 1 1 10 line rate 1 7 1 1 11 priority 1 8 1 1 12 priority trust 1 9 1 1 13 protocol priority protocol type 1 10 1 1 14 qos cos local precedence map 1 12 1 1 15 queue scheduler 1 14 1 1 16 reset traffic statistic 1 16 1 1 17 traffic limit 1 17 1 1 18 traffic priority 1 18 1 1 19 traffic redirect 1 20 1 1 20 traffic statistic 1 21 1 1 21...

Page 742: ...y protocol priority Syntax display protocol priority View Any view Parameter None Description Use the display protocol priority command to display the priority of the protocol packet Example Display the priority of the protocol packet Quidway display protocol priority Protocol telnet DSCP be 0 1 1 2 display qos cos local precedence map Syntax display qos cos local precedence map View Any view ...

Page 743: ... all Syntax display qos interface interface type interface number unit id all View Any view Parameter interface type interface number Port index unit id Unit ID of the switch Description Use the display qos interface all command to view all the QoS configuration of the ports If you do not input port parameters this command will display the QoS parameter configuration of all the ports of the switch...

Page 744: ...0 rule 0 running Priority action dscp ef Ethernet1 0 1 line rate Inbound 128 Kbps Outbound 1024 Kbps Ethernet1 0 1 Queue scheduling mode strict priority 1 1 4 display qos interface line rate Syntax display qos interface interface type interface number unit id line rate View Any view Parameter interface type interface number Port index unit id Unit ID of the switch Description Use the display qos i...

Page 745: ...rface interface type interface number unit id traffic limit View Any view Parameter interface type interface number Port index unit id Unit ID of the switch Description Use the display qos interface traffic limit command to view the traffic limit configuration of a port or all the ports of a switch including the applied ACLs for traffic limit committed average rate CAR and the corresponding action...

Page 746: ...ic priority command to view the traffic priority configuration The information displayed includes the ACL corresponding to the traffic tagged with priority priority type and value Related command traffic priority Example Display the traffic priority configuration Quidway display qos interface Ethernet 1 0 1 traffic priority Ethernet1 0 1 traffic priority Inbound Matches Acl 2000 rule 0 running Pri...

Page 747: ...y qos interface Ethernet 1 0 1 traffic redirect 1 1 8 display qos interface traffic statistic Syntax display qos interface interface type interface number unit id traffic statistic View Any view Parameter interface type interface number Port index unit id Unit ID of the switch Description Use the display qos interface traffic statistic command to view the traffic statistics information The informa...

Page 748: ...escription Use the display queue scheduler command to view queue scheduling mode and corresponding configuration Related command queue scheduler Example Display the queue scheduling mode Quidway display queue scheduler Queue scheduling mode strict priority 1 1 10 line rate Syntax line rate inbound outbound target rate undo line rate inbound outbound View Ethernet port view Parameter inbound Limits...

Page 749: ...t 64 to 1 000 000 Description Use the line rate command to limit the rate of the packets on the port Use the undo line rate command to cancel the rate limit configuration on the port The granularity of rate limit is 64 kbps Example Limit the rate of inbound packets on Ethernet 1 0 1 to 128 kbps Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 1 Quidway...

Page 750: ...rity of Ethernet 1 0 1 port to 7 Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 1 Quidway Ethernet1 0 1 priority 7 1 1 12 priority trust Syntax priority trust undo priority View Ethernet port view Parameter None Description Use the priority trust command to configure system to use the packet 802 1p priority instead of the port priority Use the undo p...

Page 751: ...ocol type protocol type View System view Parameter protocol type protocol type Specifies the protocol type Only TELNET SNMP ICMP and OSPF are supported currently ip precedence ip precedence Specifies the IP precedence in the range of 1 to 7 You can enter the keywords as shown in Table 1 1 Table 1 1 Description on IP precedence values Keyword IP precedence decimal IP precedence binary routine 0 000...

Page 752: ...af22 20 010100 af23 22 010110 af31 26 011010 af32 28 011100 af33 30 011110 af41 34 100010 af42 36 100100 af43 38 100110 cs1 8 001000 cs2 16 010000 cs3 24 011000 cs4 32 100000 cs5 40 101000 cs6 48 110000 cs7 56 111000 be default 0 000000 Description Use the protocol priority command to set the global traffic priority for a specific protocol type Use the undo protocol priority command to cancel the ...

Page 753: ... map View System view Parameter cos0 map local prec Local precedence to which the CoS 0 is to be mapped in the range of 0 to 7 cos1 map local prec Local precedence to which the CoS 1 is to be mapped in the range of 0 to 7 cos2 map local prec Local precedence to which the CoS 2 is to be mapped in the range of 0 to 7 cos3 map local prec Local precedence to which the CoS 3 is to be mapped in the rang...

Page 754: ... precedence map command to restore the default values The following is the default CoS to local precedence mapping table Table 1 3 Default CoS to local precedence mapping table CoS value Local precedence 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Example Configure the CoS to local precedence mapping table Quidway system view System View return to User View with Ctrl Z Quidway qos cos local precedence map 0 1...

Page 755: ...7 width wrr queue0 weight queue1 weight queue2 weight queue3 weight queue4 weight queue5 weight queue6 weight queue7 weight undo queue scheduler 2 In Ethernet port view queue scheduler wfq queue0 width queue1 width queue2 width queue3 width queue4 width queue5 width queue6 width queue7 width wrr queue0 weight queue1 weight queue2 weight queue3 weight queue4 weight queue5 weight queue6 weight queue...

Page 756: ...tore the default value The queue scheduling algorithm defined by executing the queue scheduler command in system view takes effect on all the ports of the switch The queue scheduling algorithm defined by executing the queue scheduler command in Ethernet port view takes effect on the current port only If the queue scheduling algorithm defined globally cannot satisfy the requirement of a port you ca...

Page 757: ... the rules in an IP ACL separately ip group acl number Apply a rule in an IP ACL separately ip group acl number rule rule Apply all the rules in a Link ACL separately link group acl number Apply a rule in a Link ACL separately link group acl number rule rule Apply a rule in an IP ACL and a rule in a Link ACL at the same time ip group acl number rule rule link group acl number rule rule Table 1 6 D...

Page 758: ...rule View Ethernet port view Parameter inbound Performs traffic limit to the packets received by the interface acl rule Applied ACL rules which can be the combination of various ACL rules For the ways of combining ACLs and the description on related parameters refer to Table 1 5 and Table 1 6 target rate The total rate in kbps to be set with the granularity of traffic limit being 64 kbps If the sp...

Page 759: ...turn to User View with Ctrl Z Quidway interface Ethernet 1 0 1 Quidway Ethernet1 0 1 traffic limit inbound link group 4000 128 exceed drop 1 1 18 traffic priority Syntax traffic priority inbound outbound acl rule dscp dscp value ip precedence pre value from cos cos pre value from ipprec local precedence pre value undo traffic priority inbound outbound acl rule View Ethernet port view Parameter inb...

Page 760: ...n on 802 1p priority values Keyword CoS value decimal CoS value binary best effort 0 000 background 1 001 spare 2 010 excellent effort 3 011 controlled load 4 100 video 5 101 voice 6 110 network management 7 111 local precedence pre value Set local priority The pre value argument ranges from 0 to 7 Description Use the traffic priority command to enable ACLs for traffic classification and remark pr...

Page 761: ...View Ethernet port view Parameter inbound Performs traffic redirecting to the packets received by the interface outbound Performs traffic redirecting to the packets sent by the interface acl rule Applied ACL rules which can be the combination of various ACL rules For the ways of combining ACLs and the description on related parameters refer to Table 1 5 and Table 1 6 cpu Configures to redirect the...

Page 762: ...rface Ethernet 1 0 1 Quidway Ethernet1 0 1 traffic redirect inbound ip group 2000 interface Ethernet 1 0 7 1 1 20 traffic statistic Syntax traffic statistic inbound acl rule undo traffic statistic inbound acl rule View Ethernet port view Parameter inbound Performs traffic statistic to the packets received by the interface outbound Performs traffic statistic to the packets sent by the interface acl...

Page 763: ... System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 1 Quidway Ethernet1 0 1 traffic statistic inbound ip group 2000 1 1 21 wred Syntax wred queue index qstart probability undo wred queue index View Ethernet port view Parameter queue index Queue index in the range of 0 to 7 qstart Number of the packets that the queue can hold in the range of 1 to 128 probability Drop probabi...

Page 764: ...ay S3900 Series Ethernet Switches Release 1510 Chapter 1 QoS Commands Huawei Technologies Proprietary 1 23 Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 1 Quidway Ethernet1 0 1 wred 2 64 20 ...

Page 765: ...g of 1 to 32 characters starting with English letters a z A Z and excluding all interface user undo user based port based and name which are reserved keywords Description Use the apply qos profile command to apply the QoS profile configuration to the current port manually Use the undo apply qos profile command to remove the configuration You cannot delete the specific QoS profile which has been ap...

Page 766: ...ultiple Ethernet ports expressed in the format of interface list interface type interface number to interface type interface number Description Use the apply qos profile interface command to apply the QoS profile to one or more consecutive ports manually Use the undo apply qos profile command to remove the QoS profile configuration from one or more consecutive ports You cannot delete the specific ...

Page 767: ...o a specific port user user name Displays the QoS profile mapped with a specific user user name is a string with up to 80 characters Description Use the display qos profile command to view QoS profile configuration information Example Display QoS profile configuration information Quidway display qos profile all 2 1 4 packet filter Syntax packet filter inbound outbound acl rule undo packet filter i...

Page 768: ...e a123 Quidway qos profile a123 packet filter inbound link group 4000 2 1 5 qos profile Syntax qos profile profile name undo qos profile profile name View System view Parameter profile name QoS profile name a string of one to 32 characters a string of one to 32 characters starting with English letters a z A Z and excluding all interface user undo user based port based and name which are reserved k...

Page 769: ...he MAC address you must configure the QoS profile application mode to be user based z If the 802 1x authentication is based on the port you must configure the QoS profile application mode to be port based After you configure the QoS profiles and the user pass the authentication the switch will deliver the right profile dynamically to the port from which the user is accessed The QoS profile can be ...

Page 770: ...xceed exceed action undo traffic limit inbound acl rule View QoS profile view Parameter inbound Set traffic limiting for the inbound packets on the port acl rule Applied ACL rules which can be the combination of various ACL rules For the ways of combining ACLs and the description on related parameters refer to Table 1 5 and Table 1 6 target rate Total traffic in kbps to be set with the granularity...

Page 771: ... Quidway system view System View return to User View with Ctrl Z Quidway qos profile a123 Quidway qos profile a123 traffic limit inbound ip group 2000 128 exceed drop 2 1 8 traffic priority Syntax traffic priority inbound outbound acl rule dscp dscp value ip precedence pre value from cos cos pre value from ipprec local precedence pre value undo traffic priority inbound outbound acl rule View QoS p...

Page 772: ...e value Sets local preference value in the range 0 to 7 Description Use the traffic priority command to enable the ACL and preference reset Use the undo traffic priority command to remove the preference reset You cannot remove preference reset from the specific QoS profile which has been applied to the port Note The COS precedence and the local precedence can not be applied simultaneously on the s...

Page 773: ...lease 1510 Table of Contents Huawei Technologies Proprietary i Table of Contents Chapter 1 Web Cache Redirection Configuration Commands 1 1 1 1 Web Cache Redirection Configuration Commands 1 1 1 1 1 display webcache 1 1 1 1 2 webcache address 1 2 1 1 3 webcache redirect vlan 1 3 ...

Page 774: ... Web Cache Redirection Configuration Commands 1 1 1 display webcache Syntax display webcache View Any view Parameter None Description Use the display webcache command to view Web cache redirection configuration and check whether or not the Web cache is accessible Example Display Web cache redirection configuration and check whether or not the Web cache is accessible Quidway display webcache webcac...

Page 775: ...ip address mac mac address vlan vlan id tcpport tcpport number View System view Ethernet port view Parameter ip address IP address to be assigned to the Web cache mac address MAC address to be assigned to the Web cache vlan id ID of the VLAN where Web cache is located port interface type interface number Specifies the port through which the switch is connected to the Web cache tcpport tcpport numb...

Page 776: ... Enable Web cache redirection on the switch in system view configuring the Web cache with the following parameters IP address 1 1 1 1 MAC address 00e0 fc01 0101 VLAN ID 40 the port through which the switch is connected to the Web cache to be Ethernet 1 0 4 and the default TCP port number used by HTTP packets to be 80 Quidway system view System View return to User View with Ctrl Z Quidway webcache ...

Page 777: ... disable the HTTP traffic of a specified VLAN from being redirected By default the HTTP traffic of the users in all VLANs is not redirected to the Web cache If you do not specify the vlan id argument when executing the undo webcache redirect vlan command Web cache redirection in all the VLANs is disabled Note This configuration will not be validated unless the VLAN interfaces corresponding to the ...

Page 778: ...ored to 1 2 1 1 3 mirrored to 1 3 1 1 4 mirroring group 1 4 1 1 5 mirroring group mirroring port 1 5 1 1 6 mirroring group monitor port 1 6 1 1 7 mirroring group reflector port 1 7 1 1 8 mirroring group remote probe vlan 1 7 1 1 9 mirroring port 1 8 1 1 10 monitor port 1 9 1 1 11 remote probe vlan 1 9 1 2 Mirroring Commands of S3900 SI 1 10 1 2 1 display mirror 1 10 1 2 2 display qos interface mir...

Page 779: ...estination The specified mirroring group is the destination group for remote mirroring remote source The specified mirroring group is the source group for remote mirroring all All mirroring groups Description Use the display mirroring group command to display the parameter settings of a port mirroring group Local mirroring group information includes z Group number z Group type local z Group status...

Page 780: ...tEthernet1 1 1 both monitor port GigabitEthernet1 1 4 1 1 2 display qos interface mirrored to Syntax display qos interface interface type interface number unit id mirrored to View Any view Parameter interface type interface number port of the switch If you enter this argument the switch will display the parameter settings of the specified port unit id Unit ID If you enter this argument the switch ...

Page 781: ...n the port acl rule Applied ACL rules which can be the combination of different types of ACL rules Table 1 1 describes the ACL combinations Table 1 1 Combined application of ACLs Combination mode Form of acl rule Apply all rules in an IP type ACL either a basic or an advanced ACL separately ip group acl number Apply one rule in an IP type ACL separately ip group acl number rule rule id Apply all r...

Page 782: ...emove traffic mirroring configuration This command applies to the rules whose actions are permit in matching the specified ACL LACP and TCP must be disabled on the destination port Traffic mirroring does not support aggregated synchronization and configuration copy Mirroring configuration takes effect only after a source port and a destination port are specified Related command display qos interfa...

Page 783: ...undo mirroring group command to delete a port mirroring group Example Configure a port mirroring group on the local switch Quidway system view System View return to User View with Ctrl Z Quidway mirroring group 1 local 1 1 5 mirroring group mirroring port Syntax mirroring group group id mirroring port mirroring port list both inbound outbound undo mirroring group group id mirroring port mirroring ...

Page 784: ...onitor port monitor port View System view Ethernet port view Parameter group id Group number of a port mirroring group in the range of 1 to 20 monitor port monitor port Specifies the destination port for port mirroring monitor port is available in system view only but not in Ethernet port view Description Use the mirroring group monitor port command to configure the destination port Use the undo m...

Page 785: ... Description Use the mirroring group reflector port command to specify the reflector port Use the undo mirroring group reflector port command to remove the configuration of the reflector port Note the following when you configure the reflector port z The reflector port must be an Access port z LACP and TCP must be disabled on the reflector port z After a port is configured as a reflector port the ...

Page 786: ...an command to remove the configuration of remote probe VLAN for a mirroring group Example Configure VLAN 100 as the remote probe VLAN Quidway system view System View return to User View with Ctrl Z Quidway mirroring group 1 remote probe vlan 100 1 1 9 mirroring port Syntax mirroring port inbound outbound both undo mirroring port View Ethernet port view Parameter inbound outbound both Direction of ...

Page 787: ...tor port View Ethernet port view Parameter None Description Use the monitor port command to configure the destination port Use the undo monitor port command to remove the configuration of a destination port You can configure only one destination port on the switch all mirrored packets will be sent to the destination port Related command display mirroring group Example Configure GigabitEthernet1 1 ...

Page 788: ...brid port belongs to this VLAN If any Trunk port exists in this VLAN the port PVID cannot be the ID of remote probe VLAN After setting a VLAN as remote probe VLAN it is recommended that you do not add Access or Hybrid port to the VLAN Example Configure VLAN 5 as remote probe vlan Quidway system view System View return to User View with Ctrl Z Quidway vlan 5 Quidway vlan5 remote probe vlan enable 1...

Page 789: ... display the parameter settings of the specified port unit id Unit ID If you enter this argument the switch will display the parameter settings on Unit Description Use the display qos interface mirrored to command to display the parameter settings of traffic mirroring Information displayed includes z Port name and action name of traffic mirroring z Direction of traffic mirroring z ACL for identify...

Page 790: ...a basic or an advanced ACL separately ip group acl number Apply one rule in an IP type ACL separately ip group acl number rule rule id Apply all rules in a Layer 2 ACL separately link group acl number Apply one rule in a Layer 2 ACL separately link group acl number rule rule id Apply one rule in a user defined ACL separately user group acl number Apply all rules in a user defined ACL separately us...

Page 791: ...t in matching the specified ACL LACP and TCP must be disabled on the destination port Traffic mirroring does not support aggregated synchronization and configuration copy Mirroring configuration takes effect only after a source port and a destination port are specified Related command display qos interface mirrored to monitor port Example Mirror packets that match ACL 2000 on port GigabitEthernet1...

Page 792: ...y mirror Example Configure GigabitEthernet1 1 1 as the source port and mirror all packets received and sent via this port Quidway system view System View return to User View with Ctrl Z Quidway interface GigabitEthernet1 1 1 Quidway GigabitEthernet1 1 1 mirroring port both 1 2 5 monitor port Syntax monitor port undo monitor port View Ethernet port view Parameter None Description Use the monitor po...

Page 793: ...es Ethernet Switches Release 1510 Chapter 1 Mirroring Commands Huawei Technologies Proprietary 1 15 Quidway system view System View return to User View with Ctrl Z Quidway interface GigabitEthernet1 1 4 Quidway GigabitEthernet1 1 4 monitor port ...

Page 794: ... Commands 1 1 1 1 1 change self unit 1 1 1 1 2 change unit id 1 1 1 1 3 display ftm 1 3 1 1 4 display irf fabric 1 4 1 1 5 display rmon history unit 1 5 1 1 6 display rmon statistics unit 1 6 1 1 7 fabric save unit id 1 6 1 1 8 fabric port enable 1 8 1 1 9 ftm fabric vlan 1 9 1 1 10 irf fabric authentication mode 1 10 1 1 11 reset ftm statistics 1 10 1 1 12 set unit name 1 11 1 1 13 sysname 1 12 ...

Page 795: ...it command to change the unit ID of the current switch By default the unit ID of a switch that belongs to no IRF fabric is 1 After a switch is added to an IRF fabric the switch performs automatic numbering through FTM function Unit ID ranges from 1 to 8 Note If you do not enable the fabric port you cannot change the unit ID of the local switch Example Configure the uint ID of the current switch to...

Page 796: ...replaced and the priority is set to 5 Then you can use the fabric save unit id command to save the modified unit ID into the unit Flash memory and clear the information about the existing one z If auto numbering is selected the system sets the unit ID priority to 10 You can use the fabric save unit id command to save the modified unit ID into the unit Flash memory and clear the information about t...

Page 797: ...ID CPU Mac Priority Stack Port Board ID A M 1 00e0 fc00 5002 10 Right 1 A 2 00e0 fc03 5132 10 Left 1 A 3 00e0 fc04 5252 10 Right 1 A 4 000f cbb7 3264 5 Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 00e0 fc05 8922 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A From the above example you can see the original unit ID of the device with MAC address 000f cbb7 3264 is 6 After the conf...

Page 798: ... information FTM State HB STATE Unit ID 2 FTM Master Fabric Type Line Fabric Auth NONE Fabric Vlan ID 4093 Left Port Disable Right Port Normal Advertise Send 5 Receive 3 Advertise ACK Send 0 Receive 5 Heart Beat Send 20 Receive 0 Left Port Index 255 IsEdge 0 Right Port Index 25 IsEdge 0 Units Num Left 1 Units Num Right 2 Units Num Backup 2 1 1 4 display irf fabric Syntax display irf fabric port st...

Page 799: ...ole port of unit 1 Quidway display irf fabric Fabric name is Quidway system mode is L3 Unit Name Unit ID First 1 Display fabric operation status on the Console port of unit 1 Quidway display irf fabric status Fabric name is Quidway system mode is L3 Unit Name Unit ID Status First 1 Master 1 1 5 display rmon history unit Syntax display rmon history unit unit id View Any view Parameter unit id Unit ...

Page 800: ...elated command rmon statistics Example Display the RMON statistics data of unit 2 Quidway display rmon statistics unit 2 1 1 7 fabric save unit id Syntax fabric save unit id undo fabric save unit id View User view Parameter None Description Use the fabric save unit id command to save the unit IDs of all the units in an IRF fabric into the unit Flash This command also sets the priority to 5 Use the...

Page 801: ...unit ID successfully Unit 3 saved unit ID successfully Unit 4 saved unit ID successfully Unit 5 saved unit ID successfully Unit 6 saved unit ID successfully Unit 7 saved unit ID successfully Unit 8 saved unit ID successfully Quidway display ftm topology database Total number of units in fabric 8 My Unit ID 4 UID CPU Mac Priority Stack Port Board ID A M 1 00e0 fc00 5002 5 Right 1 M 2 00e0 fc03 5132...

Page 802: ... fc05 8922 10 Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A From the above example you can see the priority of each unit restores to 10 and the numbering mode changes from M manual numbering to A automatic numbering 1 1 8 fabric port enable Syntax fabric port interface type interface number enable undo fabric port int...

Page 803: ...n of the current fabric port group before you execute the enable command on another group Otherwise the system will prompt that the current fabric port group is in use you cannot change the fabric port group Example Set GigabitEthernet1 1 3 port as a fabric port Quidway system view System View return to User View with Ctrl Z Quidway fabric port GigabitEthernet1 1 3 enable 1 1 9 ftm fabric vlan Syn...

Page 804: ...word for fabric authentication a string comprising of 1 to 16 characters md5 Uses MD5 encryption authentication mode key MD5 key a string comprising of 1 to 16 characters Description Use the irf fabric authentication mode command to configure the authentication mode for an IRF fabric Use the undo irf fabric authentication mode command to cancel the IRF fabric authentication configuration By defaul...

Page 805: ...tem view Parameter unit id Unit ID of a device unit name Unit name to be set a string comprising of 1 to 64 characters Description Use the set unit name command to set a name for a device Example Set the name hello for the device with unit ID 1 Quidway display irf fabric Fabric name HostName Quidway Fabric authentication md5 Fabric mode L3 number of units in stack 2 Unit Name Unit ID First 1 Secon...

Page 806: ...r the fabric where the current device belongs The modification will affect the prompt character in the command line interface For example if the fabric name of the Ethernet switch is Quidway the prompt character in user view is Quidway Use the undo sysname command to restore the default fabric name Example Change the fabric name of the device to hello Quidway display irf fabric Fabric name is Quid...

Page 807: ...dp hop 1 12 1 2 6 ntdp timer 1 12 1 2 7 ntdp timer hop delay 1 13 1 2 8 ntdp timer port delay 1 14 1 3 Cluster Configuration Commands 1 15 1 3 1 add member 1 15 1 3 2 administrator address 1 16 1 3 3 auto build 1 17 1 3 4 build 1 18 1 3 5 cluster 1 20 1 3 6 cluster enable 1 21 1 3 7 cluster switch to 1 22 1 3 8 cluster mac 1 23 1 3 9 cluster mac syn interval 1 23 1 3 10 delete member 1 24 1 3 11 d...

Page 808: ...uidway S3900 Series Ethernet Switches Release 1510 Table of Contents Huawei Technologies Proprietary ii 1 3 22 snmp host 1 37 1 3 23 tftp cluster get 1 38 1 3 24 tftp cluster put 1 38 1 3 25 tftp server 1 39 1 3 26 timer 1 40 ...

Page 809: ...ace number specifies the port number in the form of slot number port number to Specifies a port range 1 10 means that you can provide up to ten port indexes port index ranges for this argument Description Use the display ndp command to display the global NDP configuration information including the interval to send NDP packets the holdtime of NDP information and the information about the neighbors ...

Page 810: ...rface Ethernet1 0 9 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet1 0 10 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet1 0 11 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet1 0 12 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet1 0 13 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet1 0 14 Status Enabled ...

Page 811: ...f the NDP information sent by the local switch Interface Port index to specify a specific port Status NDP is enabled on the port Pkts Snd Number of the NDP packets transmitted through the port Pkts Rvd Number of the NDP packets received through the port Pkts Err Number of the error NDP packets received through the port Neighbor 1 Aging Time The holdtime of the NDP information received from the nei...

Page 812: ...provide up to ten port indexes port index ranges for this argument Description Use the ndp enable command to enable NDP globally or on a port Use the undo ndp enable command to disable NDP globally or on a port When the ndp enable command is executed in system view the NDP feature is enabled globally if the port list argument is not specified while the NDP feature is enabled on the specified port ...

Page 813: ...rmation Use the undo timer aging command to restore the default NDP information holdtime You can specify how long an adjacent device will hold the NDP information sent by the local device An adjacent device holds the NDP information of the local switch according to the holdtime carried in the NDP packets received from the local switch and removes the NDP information when the aging timer expires No...

Page 814: ...formation is larger than the NDP send interval Otherwise it may cause that the NDP neighbor information table becomes unstable Example Configure the interval to send NDP packets to be 80 seconds Quidway system view System View return to User View with Ctrl Z Quidway ndp timer hello 80 1 1 5 reset ndp statistics Syntax reset ndp statistics interface port list View User view Parameter interface port...

Page 815: ...topology information is collected the interval to collect topology information the NTDP timer the delay time for a device to forward topology collection requests the delay time for a topology collection request to be forwarded through a port and the time cost during the last topology collection Example Display the global NTDP information Quidway display ntdp NTDP is running Hops 4 Timer 0 min disa...

Page 816: ...st to be forwarded through a port Last collection total time Time cost during the last collection 1 2 2 display ntdp device list Syntax display ntdp device list verbose View Any view Parameter verbose Displays the detailed device information Description Use the display ntdp device list command to display the device information collected through NTDP Example Display the device list collected throug...

Page 817: ... MAC 00e0 fc00 3900 Hop 0 Platform S3900 IP 100 100 1 1 24 Version Huawei Versatile Routing Platform Software VRP tm Software Version 3 10 Copyright c 1998 2006 Huawei Tech Co Ltd All rights reserved S3900 3900 0002 Cluster Candidate switch Peer MAC Peer Port ID Native Port ID Speed Duplex 00e0 fc00 3190 Ethernet1 0 22 Ethernet3 0 21 100 FULL Hostname 3900 3 MAC 00e0 fc00 3190 Hop 1 Platform S3900...

Page 818: ...ber of hops from the device to the device which launches the topology collection Platform Software platform of the device IP IP address of the cluster management VLAN interface on the device Version Version of the device Cluster The role of the device in the cluster Peer MAC MAC address of a neighbor device Native Port ID Name of the local port which a neighbor device is connected to Peer Port ID ...

Page 819: ...enable 1 2 4 ntdp explore Syntax ntdp explore View User view Parameter None Description Use the ntdp explore command to start topology information collection manually Normally NTDP collects network topology information periodically You can also start topology information collection manually whenever needed by executing this command When you execute this command NTDP collects the NDP information of...

Page 820: ...nd you can specify to collect the topology information of the devices within a specified range to avoid infinitive collection The limit is performed by controlling the permitted hops from collection origination For example if you set the hop number limit to 2 only the switches less than 2 hops away from the switch starting the topology collection are collected Note that this command is only applic...

Page 821: ...r field of the display ntdp command means that the device is not the member of the cluster and does not perform periodical topology collection z After the cluster is set up the S3900 switch will collect the topology information in the network at the set interval and add the detected candidate switches into the cluster automatically z If it is unnecessary to add the candidate switches into the clus...

Page 822: ...ermines the delay time for a switch receiving topology collection request packets to forward them through its first port Example Set the delay time for the switch to forward topology collection request packets through the first port to 300 ms aaa_0 Quidway system view System View return to User View with Ctrl Z aaa_0 Quidway ntdp timer hop delay 300 1 2 8 ntdp timer port delay Syntax ntdp timer po...

Page 823: ...ime for the switch to forward topology collection request packets through the successive ports to 40 ms aaa_0 Quidway system view System View return to User View with Ctrl Z aaa_0 Quidway ntdp timer port delay 40 1 3 Cluster Configuration Commands 1 3 1 add member Syntax add member member number mac address H H H password password View Cluster view Parameter member number Member number assigned to...

Page 824: ...e member number to 6 Assume that the MAC address and user password of the candidate device are 00E0 fc00 35e7 and 123456 aaa_0 Quidway system view System View return to User View with Ctrl Z aaa_0 Quidway cluster aaa_0 Quidway cluster add member 6 mac address 00E0 fc00 35e7 password 123456 1 3 2 administrator address Syntax administrator address mac address name name undo administrator address Vie...

Page 825: ... the member devices again Description Use the auto build command to build a cluster automatically This command can be executed on a candidate device or a management device When you use this command on a candidate device you will be required to enter the cluster name and build a cluster Then the system will collect candidates and add the collected candidates into the cluster automatically When you ...

Page 826: ...ame aaa Collecting candidate list please wait Candidate list Name Hops MAC Address Device Processing please wait Cluster auto build Finish 0 member s added successfully aaa_0 Quidway cluster 1 3 4 build Syntax build name undo build View Cluster view Parameter name Cluster name a string comprising up to 8 characters which can only be alphanumeric characters subtraction sign and underline _ Descript...

Page 827: ...l collect the topology information of the network at the set interval and add the detected candidate devices into the cluster automatically If it is unnecessary to add the candidate switches into the cluster automatically you can set the interval of topology collection to 0 that is topology collection is not performed periodically Example Configure the current switch to be a management device and ...

Page 828: ...ble socket UDP 40000 at the same time This function is implemented on the member switch in the following scenarios z Use the add member command on the management device to add a candidate switch into the cluster and enable socket UDP 40000 of the new member z Use the auto build command on the management device to add a candidate switch into the cluster and enable socket UDP 40000 of the new member...

Page 829: ...is enabled on all the devices supporting cluster You need to create a cluster with the build command before using the cluster enable command on the management device These two commands can be used on any device supporting the cluster function When you execute the undo cluster enable command on a management device the cluster is removed and the switch stop operating as a management device When you ...

Page 830: ...m the management device to a member device Upon passing the member device authentication you will switch to the member device for configuration If the password of the member device is different from that of the management device the switchover is rejected z The view will be inherited from the management device when you switch to a member device from the management device For example user view rema...

Page 831: ...ress is 0180 C200 000A Execute this command on management devices only Multicast MAC addresses enable the member devices of a cluster to receive multicast information delivered by the management device and thus multicast information sending function is implemented on the management device Example Configure the multicast MAC address of the management device to be 0180 C200 0028 aaa_0 Quidway system...

Page 832: ...umber View Cluster view Parameter member number Member number of a switch in a cluster ranging from 0 to 255 Description Use the delete member command to remove a member device from the cluster Perform the operation to remove a member device from a cluster on the management device only Otherwise errors occur After the cluster is set up the S3900 switch will collect the topology information of the ...

Page 833: ...ment device holdtime and the interval to send packets When being executed on a management device this command displays the information such as cluster name the number of the member devices in the cluster cluster state holdtime and the interval to send packets Errors occur if you execute this command on a switch that does not belong to any cluster Example Display cluster information assuming that t...

Page 834: ...Administrator device mac address 00e0 fc00 3901 Administrator status Up Table 1 5 Description on the fields of the display cluster command Field Description Cluster name Name of the cluster Role Cluster role of the switch Member number Member number of the switch Handshake timer Value of handshake timer Handshake hold time Handshake holdtime Administrator device mac address MAC address of the mana...

Page 835: ...ice of the cluster for a short time If it is unnecessary to add the candidate switches into the cluster automatically you can set the interval of topology collection to 0 that is topology collection is not performed periodically Execute this command on management devices only Example Display the information about all the candidate devices aaa_0 Quidway cluster display cluster candidates MAC HOP IP...

Page 836: ...1 1 11 24 Hostname 3900 3 MAC 00e0 fc00 3190 Hop 1 Platform S3900 IP 16 1 1 1 24 Table 1 7 Description on the fields of the display cluster candidates command B Field Description Hostname Name of a candidate device MAC MAC address of a candidate device Hop Hops from a candidate device to the management device IP IP address of a candidate device Platform Platform of a candidate device 1 3 13 displa...

Page 837: ...00 3901 Admin aaa_0 Quidway 1 S3900 3900 0000 3334 Up aaa_1 Quidway 2 S3900 00e0 fc00 3190 Up aaa_2 3900 3 Table 1 8 Description on the fields of the display cluster members command A Field Description SN Member number Device Device type MAC Address MAC address of a device Status State of a device Name Name of a device Display the detailed information about the management device and all member dev...

Page 838: ...erved S3900 3900 0002 Member number 2 Name aaa_2 Quidway Device S3900 MAC Address 00e0 fc00 3190 Member status Up Hops to administrator device 1 IP 16 1 1 1 24 Version Huawei Versatile Routing Platform Software VRP tm Software Version 3 10 Copyright c 1998 2006 Huawei Tech Co Ltd All rights reserved S3900 3900 0002 Table 1 9 Description on the fields of the display cluster members verbose command ...

Page 839: ...cluster View User view Parameter None Description Use the ftp cluster command to establish control connection with the public FTP server of the cluster and enter FTP client view Example Connect the FTP clients to the remote FTP server of the cluster 123_1 Quidway ftp cluster Trying Press CTRL K to abort Connected 220 FTP service ready User none hello 331 Password required for hello Password 230 Us...

Page 840: ...IP address of an FTP server first for the member devices in a cluster to access the FTP server through the management device Example Configure the IP address of an FTP server on the management device aaa_0 Quidway system view System View return to User View with Ctrl Z aaa_0 Quidway cluster aaa_0 Quidway cluster ftp server 1 0 0 9 1 3 16 holdtime Syntax holdtime seconds undo holdtime View Cluster ...

Page 841: ...View Cluster view Parameter administrator ip address IP address of the management device of a cluster ip mask Mask of the cluster IP address pool ip mask length Mask length of the cluster IP address pool Description Use the ip pool command to configure a private IP address range for cluster members on the switch to be configured as the management device Use the undo ip pool command to cancel the I...

Page 842: ...ription Use the logging host command to configure a logging host on the management device for the member devices in the cluster Use the undo logging host command to cancel the logging host configuration By default no logging host is configured Note that you need to configure the IP address of a logging host first for the member devices in a cluster to send log information to the logging host throu...

Page 843: ... specified on different devices in the same cluster must be the same VLAN z The management VLAN can only be specified before the cluster is created Once a switch is added to a cluster the management VLAN configuration cannot be modified To modify management VLAN configuration on a switch belonging to a cluster you need to cancel the cluster related configurations on the switch specify the desired ...

Page 844: ...configured network management interface will replace the old one Example Configure VLAN interface 2 as the network management interface Quidway system view System View return to User View with Ctrl Z Quidway cluster Quidway cluster nm interface Vlan interface 2 1 3 21 reboot member Syntax reboot member member number mac address H H H eraseflash View Cluster view Parameter member number Member numb...

Page 845: ...View return to User View with Ctrl Z aaa_0 Quidway cluster aaa_0 Quidway cluster reboot member 2 1 3 22 snmp host Syntax snmp host ip address undo snmp host View Cluster view Parameter ip address IP address of a SNMP host to be configured for a cluster Description Use the snmp host command to configure an SNMP host for the member devices inside a cluster on the management device Use the undo snmp ...

Page 846: ...stination file Name of the downloaded file which is saved in the switch Description Use the tftp cluster get command to download files from the specified directory on the public TFTP server to the switch Related command tftp cluster put Example Download the file name LANSwitch app from the public TFTP server of the cluster to the switch and save it as vs app 123_1 Quidway tftp cluster get LANSwitc...

Page 847: ...uster view Parameter ip address IP address of a TFTP server to be configured for a cluster Description Use the tftp server command to configure a TFTP server for cluster members on the management device Use the undo tftp server command to cancel the TFTP server of the cluster members By default no TFTP server is configured You need to configure the IP address of the TFTP server for the cluster in ...

Page 848: ...al By default the interval to send handshake packets is 10 seconds Inside a cluster the connections between member devices and the management device are kept through transmitting handshake packets Handshake packets in a cluster enable the management device to acquire the information about member states link states Execute these two commands on management devices only All the member devices in a cl...

Page 849: ...interface power 1 4 1 1 3 display poe powersupply 1 5 1 1 4 display poe temperature protection 1 6 1 1 5 poe enable 1 7 1 1 6 poe legacy enable 1 8 1 1 7 poe max power 1 8 1 1 8 poe mode 1 9 1 1 9 poe power management 1 10 1 1 10 poe priority 1 11 1 1 11 poe temperature protection 1 12 1 1 12 poe update 1 12 Chapter 2 PoE Profile Configuration Commands 2 1 2 1 PoE Profile Configuration Commands 2 ...

Page 850: ...tion for details Description Use the display poe interface command to view the PoE status of a specific port of the switch If the interface type interface number argument is not specified the command displays the PoE status of all ports of the switch Example Display the PoE status of Ethernet 1 0 10 Quidway display poe interface Ethernet1 0 10 Port power enabled enable Port power ON OFF on Port po...

Page 851: ...rt Port current power The current power on the port Port average power The average power on the port Port peak power The peak power on the port Port current The current on the port Port voltage The voltage on the port Display the PoE status of all ports Quidway display poe interface PORT INDEX POWER ENABLE MODE PRIORITY STATUS Ethernet1 0 1 off disable signal low user command set port to off Ether...

Page 852: ...ff Ethernet1 0 29 off disable signal low user command set port to off Ethernet1 0 30 off disable signal low user command set port to off Ethernet1 0 31 off disable signal low user command set port to off Ethernet1 0 32 off disable signal low user command set port to off Ethernet1 0 33 off disable signal low user command set port to off Ethernet1 0 34 off disable signal low user command set port to...

Page 853: ...ection is in process PDs are being detected 1 1 2 display poe interface power Syntax display poe interface power interface type interface number View Any view Parameter interface type interface number Port on the switch Refer to Command Manual Port for details Description Use the display poe interface power command to view the power information of a specific port of the switch If the interface typ...

Page 854: ... 0 21 0 Ethernet1 0 22 0 Ethernet1 0 23 0 Ethernet1 0 24 0 Ethernet1 0 25 0 Ethernet1 0 26 0 Ethernet1 0 27 0 Ethernet1 0 28 0 Ethernet1 0 29 0 Ethernet1 0 30 0 Ethernet1 0 31 0 Ethernet1 0 32 0 Ethernet1 0 33 0 Ethernet1 0 34 0 Ethernet1 0 35 0 Ethernet1 0 36 0 Ethernet1 0 37 0 Ethernet1 0 38 0 Ethernet1 0 39 0 Ethernet1 0 40 0 Ethernet1 0 41 0 Ethernet1 0 42 0 Ethernet1 0 43 0 Ethernet1 0 44 0 E...

Page 855: ...us of the nonstandard PD detection PSE Total Power Consumption Total power consumption of the PSE PSE Available Power Available power of the PSE Power Peak Value Peak power value of the PSE Power Average Value Average power value of the PSE Power Software Version Version of the PSE software Power Hardware Version Version of the PSE hardware PSE CPLD Version Version of the PSE complex programmable ...

Page 856: ...ure protection function on the switch Quidway display poe temperature protection The temperature protection is enabled 1 1 5 poe enable Syntax poe enable undo poe enable View Ethernet port view Parameter None Description Use the poe enable command to enable the PoE feature on a port Use the undo poe enable command to disable the PoE feature on a port By default the PoE feature on each port is disa...

Page 857: ...command to enable the nonstandard PD detection function Use the undo poe legacy enable command to disable the nonstandard PD detection function PDs compliant with 802 3af standards are called standard PDs By default the nonstandard PD detection function is disabled Example Enable the nonstandard PD detection function Quidway system view System View return to User View with Ctrl Z Quidway poe legac...

Page 858: ... mW Note that the unit of the power is mW and you can set the power in the granularity of 100 mW The actual maximum power will be 5 larger than what you have set allowing for the effect of transient peak power Example Set the maximum power supplied by current port Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 3 Quidway Ethernet1 0 3 poe max power 15...

Page 859: ...wer management Syntax poe power management auto manual undo poe power management View System view Parameter auto Adopts the auto mode namely a PoE management mode based on PoE priority of the port manual Adopts the manual mode Description Use the poe power management command to configure the PoE management mode of port used in the case of power overloading Use the undo poe power management command...

Page 860: ...a port is low When the available power of the PSE is too small the PoE priority and the PoE management mode are used together to determine how to allocate PoE power for the new PDs When the manual PoE management mode is adopted The switch will not supply power to the new PDs if the available power of the PSE is less than 18 8 W When the auto PoE management mode is adopted If a PD is plugged into t...

Page 861: ...perature protection enable command to disable PoE over temperature protection on the switch The PoE over temperature protection operates as follows The switch disables the PoE feature on all ports when its internal temperature exceeds 65 C 149 F for self protect and restores the PoE feature settings on all its ports when the temperature drops below 60 C 140 F By default PoE over temperature protec...

Page 862: ...to update the PSE processing software online Note z The full mode is used only when you cannot use the refresh mode z When the PSE processing software is damaged that is all the PoE commands cannot be successfully executed you can use the full mode to update and restore the software z When the upgrading procedure in refresh update mode is interrupted for some unexpected reason such as power off or...

Page 863: ...net port view use the following commands apply poe profile profilename undo apply poe profile profilename View System view Parameter profilename Name of PoE profile a string of 1 to 15 characters It starts with a letter from a to z or from A to Z and it cannot be any of reserved keywords like all interface user undo and mode interface type interface number interface type indicates type of the inte...

Page 864: ...d properly to the port z If one or more features in the PoE profile are not applied properly on a port the switch will prompt explicitly which PoE features in the PoE profile are not applied properly on which ports z The display current configuration command can be used to query which PoE profiles are applied to a port However the command cannot be used to query which PoE features in a PoE profile...

Page 865: ...ntax poe profile profilename undo poe profile profilename View System view Parameter profilename Name of PoE profile a string with 1 to 15 characters It starts with a letter from a to z or from A to Z and it cannot be any of reserved keywords like all interface user undo and mode Description Use the poe profile command to create a PoE profile Use the undo poe profile command to delete an existing ...

Page 866: ...oE Profile Quidway S3900 Series Ethernet Switches Release 1510 Chapter 2 PoE Profile Configuration Comma nds Huawei Technologies Proprietary 2 4 System View return to User View with Ctrl Z Quidway poe profile profile test ...

Page 867: ...s Huawei Technologies Proprietary i Table of Contents Chapter 1 UDP Helper Configuration Commands 1 1 1 1 UDP Helper Configuration Commands 1 1 1 1 1 display udp helper server 1 1 1 1 2 reset udp helper packet 1 1 1 1 3 udp helper enable 1 2 1 1 4 udp helper port 1 2 1 1 5 udp helper server 1 3 ...

Page 868: ...n Use the display udp helper server command to display the information of the destination server corresponding to the VLAN interface Example Display the information of the destination server corresponding to VLAN interface 1 Quidway display udp helper server interface Vlan interface 1 interface name server address packets send Vlan interface1 192 1 1 2 0 The information above shows that the IP add...

Page 869: ...helper enable Syntax udp helper enable undo udp helper enable View System view Parameter None Description Use the udp helper enable command to enable UDP Helper function Use the undo udp helper enable command to disable UDP Helper function By default UDP Helper is disabled Example Enable UDP Helper Quidway system view System View return to User View with Ctrl Z Quidway udp helper enable 1 1 4 udp ...

Page 870: ... port 37 Description Use the udp helper port command to specify the UDP port whose UDP broadcast packets are to be forwarded Use the undo udp helper port command to cancel the configuration Example Specify port 651 to be the UDP port to forward UDP broadcast packets Quidway system view System View return to User View with Ctrl Z Quidway udp helper port dns 651 1 1 5 udp helper server Syntax udp he...

Page 871: ...1 4 No destination server is configured by default Related command display udp helper server Example Specify to forward UDP packets of VLAN1 interface to the destination server with IP address of 192 1 1 2 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 1 Quidway Vlan interface1 udp helper server 192 1 1 2 ...

Page 872: ...snmp agent community 1 10 1 1 12 snmp agent group 1 11 1 1 13 snmp agent local engineid 1 12 1 1 14 snmp agent log 1 13 1 1 15 snmp agent mib view 1 14 1 1 16 snmp agent packet max size 1 14 1 1 17 snmp agent sys info 1 15 1 1 18 snmp agent target host 1 16 1 1 19 snmp agent trap enable 1 17 1 1 20 snmp agent trap life 1 19 1 1 21 snmp agent trap queue size 1 19 1 1 22 snmp agent trap source 1 20 ...

Page 873: ...Command Manual SNMP and RMON Quidway S3900 Series Ethernet Switches Release 1510 Table of Contents Huawei Technologies Proprietary ii 2 1 11 rmon statistics 2 15 ...

Page 874: ...mmand to view engine ID of the local or remote SNMP entity An SNMP engine ID identifies an SNMP entity uniquely within an SNMP domain As an indispensable part of an SNMP entity an SNMP engine performs the function of sending receiving and authenticating SNMP message extracting PDU packet encapsulation and the communication with SNMP application Example Display the engine ID of a local device Quidw...

Page 875: ...Example Display the currently configured community names Quidway display snmp agent community Community name public Group name public Storage type nonVolatile Community name private Group name private Storage type nonVolatile Table 1 1 Description on the fields of the display snmp agent community command Field Description Community name Community name Group name Group name Storage type Storage typ...

Page 876: ... the fields of the display snmp agent group command Field Description Group name SNMP group name of the user Security model Security model of that group including authorization and encryption AuthPriv authorization and no encryption AuthnoPriv no authorization and no encryption noAuthnoPriv Readview Read only MIB view name corresponding to that group Writeview Writable MIB view corresponding to th...

Page 877: ...wDefault MIB Subtree internet Subtree mask Storage type nonVolatile View Type included View status active View name ViewDefault MIB Subtree snmpUsmMIB Subtree mask Storage type nonVolatile View Type excluded View status active View name ViewDefault MIB Subtree snmpVacmMIB Subtree mask Storage type nonVolatile View Type excluded View status active View name ViewDefault MIB Subtree snmpModules 18 Su...

Page 878: ...rmation about SNMP packets Quidway display snmp agent statistics 1276 Messages delivered to the SNMP entity 0 Messages which were for an unsupported version 0 Messages which used a SNMP community name not known 0 Messages which represented an illegal operation for the community supplied 0 ASN 1 or BER errors in the process of decoding 1291 Messages passed from the SNMP entity 0 SNMP PDUs which had...

Page 879: ...ntact information of the current device location Displays the physical location of the current device version Displays the version information about the SNMP running in the system Description Use the display snmp agent sys info command to view the system information about the current SNMP device This command displays all information if you choose no parameter Example Display the system information...

Page 880: ...ble standard trap enable system trap enable vrrp trap disable Enable traps 5 Disable traps 1 1 1 8 display snmp agent usm user Syntax display snmp agent usm user engineid engineid username user name group group name View Any view Parameter engineid Displays the SNMPv3 user information of the specified engine ID which ranges from 10 to 64 hexadecimal numerals username Displays information about the...

Page 881: ...er command Field Description User name SNMP user name Group name The group name which the SNMP user name belongs to Engine ID The character string identifying the SNMP device Storage type Storage type including volatile nonVolatile permanent readOnly and other UserStatus SNMP user status 1 1 9 enable snmp trap updown Syntax enable snmp trap updown undo enable snmp trap updown View Ethernet port vi...

Page 882: ... SNMP traps using the community name public to the NMS whose IP address is 10 1 1 1 Quidway system view System View return to User View with Ctrl Z Quidway snmp agent trap enable Quidway snmp agent target host trap address udp domain 10 1 1 1 params securityname public Quidway interface Ethernet1 0 1 Quidway Ethernet1 0 1 enable snmp trap updown 1 1 10 snmp agent Syntax snmp agent undo snmp agent ...

Page 883: ...ort 161 and 1024 are opened at the same time z When you disable SNMP Agent by using the undo snmp agent command UDP port 161 and 1024 are closed at the same time 1 1 11 snmp agent community Syntax snmp agent community read write community name acl acl number mib view view name undo snmp agent community community name View System view Parameter read Indicates that MIB object can only be read Only t...

Page 884: ...nity comaccess 1 1 12 snmp agent group Syntax 1 Versions V1 and V2C snmp agent group v1 v2c group name read view read view write view write view notify view notify view acl acl number undo snmp agent group v1 v2c group name 2 Version V3 snmp agent group v3 group name authentication privacy read view read view write view write view notify view notify view acl acl number undo snmp agent group v3 gro...

Page 885: ...r Example Create SNMPv3 group 1 Quidway system view System View return to User View with Ctrl Z Quidway snmp agent group v3 group1 1 1 13 snmp agent local engineid Syntax snmp agent local engineid engineid undo snmp agent local engineid View System view Parameter engineid Specifies the engine ID with a character string only composed of 10 to 64 hexadecimal numbers Two hexadecimal characters form a...

Page 886: ...l Logs the information about the set operations Description Use the snmp agent log command to enable the logging function for network management Use the undo snmp agent log command to disable the logging function By default the logging function is disabled Note z In the environment of a single device use the display logbuffer command to view the logging information for the get and set operations s...

Page 887: ...he character string can include wildcards such as 1 4 5 1 included Includes this MIB subtree excluded Excludes this MIB subtree Description Use snmp agent mib view command to create or update the view information limiting the MIB objects to be accessed by the NMS Use the undo snmp agent mib view command to cancel the current setting By default the view name is ViewDefault and OID is 1 Related comm...

Page 888: ...default the maximum size of the SNMP packet in bytes that the Agent can send receive is 1 500 bytes Example Set the maximum size of the SNMP packet that the Agent can send receive to 1 042 bytes Quidway system view System View return to User View with Ctrl Z Quidway snmp agent packet max size 1042 1 1 17 snmp agent sys info Syntax snmp agent sys info contact sys contact location sys location versi...

Page 889: ...em location is Hangzhou China the SNMP version is SNMP V3 Related command display snmp agent sys info Example Set contact information for system maintenance as Dial System Operator 1234 Quidway system view System View return to User View with Ctrl Z Quidway snmp agent sys info contact Dial System Operator 1234 1 1 18 snmp agent target host Syntax snmp agent target host trap address udp domain ip a...

Page 890: ...and the snmp agent trap enable or enable snmp trap updown command must be used at the same time on the device to send Trap packets 1 Use the snmp agent trap enable or enable snmp trap updown command to set Trap packets allowed to send all Trap packets can be sent by default 2 Use the snmp agent target host command to set the address of the destination host receiving SNMP Trap packets Related comma...

Page 891: ...d start Trap messages when the device is rebooted linkdown Configures to send SNMP linkDown Trap messages when the port is down linkup Configures to send SNMP linkUp Trap messages when the port is up warmstart Configures to send SNMP warm start Trap messages when SNMP is rebooted system Configures to send H3C SYS MAN MIB private MIB Trap packets vrrp authfailure newmaster Configures to send VRRP T...

Page 892: ...e in seconds ranging from 1 to 2 592 000 Description Use the snmp agent trap life command to set aging time for Trap packets The Trap packets exceeding the aging time are discarded Use the undo snmp agent trap life command to restore the default aging time for Trap packets By default the aging time of SNMP Trap packets is 120 seconds Related command snmp agent trap enable snmp agent target host Ex...

Page 893: ...h is 100 Example Configure the queue length to 200 Quidway system view System View return to User View with Ctrl Z Quidway snmp agent trap queue size 200 1 1 22 snmp agent trap source Syntax snmp agent trap source interface type interface number undo snmp agent trap source View System view Parameter nterface type Interface type interface number Interface number Description Use the snmp agent trap ...

Page 894: ...address for transmitting the Trap packets Quidway system view System View return to User View with Ctrl Z Quidway snmp agent trap source Vlan interface 1 1 1 23 snmp agent usm user Syntax 1 Versions V1 and V2C snmp agent usm user v1 v2c user name group name acl acl number undo snmp agent usm user v1 v2c user name group name 2 Version V3 snmp agent usm user v3 user name group name authentication mo...

Page 895: ... 999 local Represents a local entity user engineid string Engine ID related to the user ranging from 10 to 64 hexadecimal numerals Description Use the snmp agent usm user command to add a new user to an SNMP group Use the undo snmp agent usm user command to cancel a user from the SNMP group While using SNMPv3 SNMP engineID for authentication is required when you configure a remote user for an agen...

Page 896: ... rmon alarm command to display the configuration of a specified alarm entry or all the alarm entries Related command rmon alarm Example Display the configuration of all the alarm entries Quidway display rmon alarm Alarm table 1 owned by user1 is Valid Samples type absolute Variable formula 1 3 6 1 2 1 2 2 1 10 4228009 ifInOctets 4228009 Sampling interval 6 sec Rising threshold 10000 linked with ev...

Page 897: ...ed when the falling threshold is reached Latest value Latest sampled value 2 1 2 display rmon event Syntax display rmon event event entry View Any view Parameter event entry Event entry index in the range of 1 to 65535 If you do not specify this argument the configuration of all the event entries is displayed Description Use the display rmon event command to display the configuration of a specifie...

Page 898: ...mon eventlog event entry View Any view Parameter event entry Event entry index in the range of 1 to 65535 If you do not specify this argument the log of all the event entries is displayed Description Use the display rmon eventlog command to display the log of a specified event entry or all the event entries The displayed information includes the indexes and status of the event entries in the event...

Page 899: ... event 1 is first triggered Description Description of an event log 2 1 4 display rmon history Syntax display rmon history interface type interface number unit unit number View Any view Parameter interface type Interface type interface number Interface number unit unit number Specifies a unit number Description Use the display rmon history command to display the RMON history information about a sp...

Page 900: ...ng interval Sampling interval buckets Number of records in the history control table Latest sampled values Latest sampled information dropevents Event about dropping packets octets Number of received or transmitted bytes during sampling duration packets Number of received or transmitted packets during sampling duration broadcastpackets Number of broadcast packets multicastpackets Number of multica...

Page 901: ...ntries Quidway display rmon prialarm Prialarm table 1 owned by user1 is VALID Samples type absolute Variable formula 1 3 6 1 2 1 16 1 1 1 4 1 Description Sampling interval 10 sec Rising threshold 10000 linked with event 1 Falling threshold 2000 linked with event 1 When startup enables risingOrFallingAlarm This entry will exist forever Latest value 0 Table 2 5 Description on the fields of the displ...

Page 902: ...hed This entry will exist forever Existing period This entry can exist forever or exist in the specified cycle Latest value Latest sampled value 2 1 6 display rmon statistics Syntax display rmon statistics interface type interface number unit unit number View Any view Parameter interface type Interface type interface number Interface number unit unit number Specifies a unit number Description Use ...

Page 903: ...e fields of the display rmon statistics command Field Description Statistics entry Index number of the statistics information table VALID Valid Interface Interface for which information statistics is to be made etherStatsOctets Number of bytes etherStatsPkts Number of packets etherStatsBroadcastPkts Number of broadcast packets etherStatsMulticastPkts Number of multicast packets etherStatsUndersize...

Page 904: ... with regard to the latest sample absolute Specifies to sample absolute values rising threshold threshold value1 Specifies the upper threshold The threshold value1 argument ranges from 0 to 2 147 483 647 event entry1 Index of the event entry corresponding to the upper threshold in the range of 0 to 65535 falling threshold threshold value2 Specifies the lower threshold The threshold value2 argument...

Page 905: ...he sample value is smaller than the set lower threshold threshold value2 Triggering the event identified by the event entry2 argument Note z Before adding an alarm entry you need to use the rmon event command to define the events to be referenced by the alarm entry z Make sure the node to be monitored exists before executing the rmon alarm command Example Add the alarm entry numbered 1 as follows ...

Page 906: ... trapcommunity Community name of the NMS that receives the log messages a character string of 1 to 127 characters none Specifies that the event triggers no action owner text Specifies the owner of the event entry The text argument is a string comprising 1 to 127 characters Description Use the rmon event command to add an entry to the event table Use the undo rmon event command to delete an entry f...

Page 907: ...tory control table Use the undo rmon history command to delete an entry from a history control table You can use the rmon history command to sample a specific port You can also set the sampling interval and the number of the samples that can be saved After you execute this command the RMON system samples the port periodically and stores the samples for later retrieval The sampled information inclu...

Page 908: ...ues that are of long integer type To prevent invalid operation results make sure the operation results of each step are valid long integers prialarm des Alarm description a string comprising 1 to 128 characters sampling timer Sampling interval in seconds in the range of 10 to 65 535 delta absolute changeratio Specifies sample type which can be deltas absolute values or change ratios threshold valu...

Page 909: ...according to the defined extended alarm expressions prialarm formula z Comparing the operation result with the set thresholds and perform corresponding operations as described in Table 2 8 Table 2 8 Operation result and corresponding operation Comparison Operation The operation result is larger than or equal to the set upper threshold threshold value1 Triggering the event identified by the event e...

Page 910: ...ex in the range of 1 to 65535 owner text Specifies the owner of the entry a string comprising 1 to 127 characters Description Use the rmon statistics command to add an entry to the statistics table Use the undo rmon statistics command to remove an entry from the statistics table The RMON statistics management function is used to take statistics of the usage of the monitored ports and errors occurr...

Page 911: ...2 RMON Configuration Commands Huawei Technologies Proprietary 2 16 Example Add the statistics entry numbered 20 to take statistics of Ethernet1 0 1 port Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 1 Quidway Ethernet1 0 1 rmon statistics 20 ...

Page 912: ... 1 4 ntp service access 1 4 1 1 5 ntp service authentication enable 1 5 1 1 6 ntp service authentication keyid 1 6 1 1 7 ntp service broadcast client 1 7 1 1 8 ntp service broadcast server 1 7 1 1 9 ntp service in interface disable 1 8 1 1 10 ntp service max dynamic sessions 1 9 1 1 11 ntp service multicast client 1 9 1 1 12 ntp service multicast server 1 10 1 1 13 ntp service reliable authenticat...

Page 913: ...the ntp service unicast server ntp service unicast peer ntp service broadcast client ntp service broadcast server ntp service multicast client or ntp service multicast server command UDP port 123 is opened at the same time z When you disable NTP from operating in any modes by using the undo forms of the preceding six commands UDP port 123 is closed at the same time 1 1 NTP Configuration Commands 1...

Page 914: ...candidate 5 configured Table 1 1 Description on the fields of the display ntp service sessions command Field Description source IP address of the synchronization source device to be synchronized reference Reference clock ID of the synchronization source stra Stratum of the clock of the synchronization source reach Indicates whether or not the synchronization source is reachable poll Polling interv...

Page 915: ...000000 00000000 Table 1 2 Description on the fields of the display ntp service status command Field Description Clock status Local clock status Clock stratum Stratum of the local clock Reference clock ID Address of the remote server or the ID of the reference clock after the local system is synchronized to a remote NTP server or a reference clock Nominal frequency Nominal frequency of the local sy...

Page 916: ...h NTP time server along the time synchronization chain from the local device to the reference clock source Quidway display ntp service trace server4 stratum 4 offset 0 0019529 synch distance 0 144135 server3 stratum 3 offset 0 0124263 synch distance 0 115784 server2 stratum 2 offset 0 0019298 synch distance 0 011993 server1 stratum 1 offset 0 0019298 synch distance 0 011993 refid GPS Receiver The ...

Page 917: ...al NTP server Use the undo ntp service access command to cancel the configured access control permission By default the access permission to the local NTP server is peer Configuring access control permission to the NTP server only provides a least security measure Performing authentication is a more reliable way to improve security A received access is matched in this order peer server synchroniza...

Page 918: ...l Z Quidway ntp service authentication enable 1 1 6 ntp service authentication keyid Syntax ntp service authentication keyid key id authentication mode md5 value undo ntp service authentication keyid key id View System view Parameter key id Authentication key ID in the range of 1 to 4294967295 value Authentication key a string comprising 1 to 32 characters Up to 1024 keys can be configured Descrip...

Page 919: ... the ntp service broadcast client command to configure an Ethernet switch to operate in the NTP broadcast client mode and receive NTP broadcast packets through the current interface Use the undo ntp service broadcast client command to cancel the configuration By default no switch operates in the broadcast client mode Example Configure the switch to operate in the broadcast client mode and receive ...

Page 920: ... server mode and send NTP broadcast packets through the current interface Use the undo ntp service broadcast server command to cancel the configuration By default no Ethernet switch operates in the NTP broadcast server mode Example Configure to send NTP broadcast packets through VLAN interface 1 using the key numbered 4 for encryption and setting the NTP version number to 3 Quidway system view Sys...

Page 921: ...max dynamic sessions number undo ntp service max dynamic sessions View System view Parameter number Maximum number of the NTP sessions that can to be established locally This argument ranges from 0 to 100 Description Use the ntp service max dynamic sessions command to set the maximum number of NTP sessions that can be established locally Use the undo ntp service max dynamic sessions command to res...

Page 922: ...ast client mode Example Configure to receive NTP multicast packets through VLAN interface 1 with the corresponding multicast group address being 224 0 1 1 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 1 Quidway Vlan interface1 ntp service multicast client 224 0 1 1 1 1 12 ntp service multicast server Syntax ntp service multicast server ip address ...

Page 923: ... 0 1 1 the key numbered 4 used for encryption and the NTP version number set to 3 Quidway system view System View return to User View with Ctrl Z Quidway interface Vlan interface 1 Quidway Vlan interface1 ntp service multicast server 224 0 1 1 authentication keyid 4 version 3 1 1 13 ntp service reliable authentication keyid Syntax ntp service reliable authentication keyid key id undo ntp service r...

Page 924: ...e interface serves as the source IP address contained in the NTP packet to be sent vlan id indicates the ID of the specified VLAN interface ranging from 1 to 4094 Description Use the ntp service source interface command to specify the VLAN interface through which NTP packets are to be sent Use the undo ntp service source interface command to cancel the configuration If you do not want the IP addre...

Page 925: ...the authentication is not enabled Priority Specifies the peer identified by the remote ip argument to be the preferred peer for synchronization source interface Vlan interface vlan id Specifies an interface whose IP address is to be used as the IP addresses of the NTP packets sent to the peer vlan id VLAN interface number version number Specifies the NTP version number The number ranges from 1 to ...

Page 926: ...P server This argument cannot be a broadcast address multicast group address or the IP address of a reference clock server name NTP server name a string comprising 1 to 20 characters authentication keyid key id Specifies the key ID used when sending messages to the NTP server The key id argument ranges from 1 to 4294967295 By default the authentication is enabled priority Specifies the server iden...

Page 927: ...nized to the remote NTP server identified by the remote ip argument Note that an NTP server will not be synchronized to the local switch Example Configure the local device to be synchronized to the NTP server using the IP address of 128 108 22 44 with the version number set to 3 Quidway system view System View return to User View with Ctrl Z Quidway ntp service unicast server 128 108 22 44 version...

Page 928: ...ic key 1 11 1 1 13 rsa peer public key import sshkey 1 12 1 1 14 ssh authentication type default 1 13 1 1 15 ssh server authentication retries 1 13 1 1 16 ssh server compatible ssh1x enable 1 14 1 1 17 ssh server rekey interval 1 15 1 1 18 ssh server timeout 1 16 1 1 19 ssh user assign rsa key 1 17 1 1 20 ssh user authentication type 1 17 1 1 21 ssh server source interface 1 19 1 1 22 ssh server s...

Page 929: ...Client Configuration Commands 1 30 1 4 1 bye 1 30 1 4 2 cd 1 31 1 4 3 cdup 1 31 1 4 4 delete 1 32 1 4 5 dir 1 32 1 4 6 display sftp source ip 1 33 1 4 7 exit 1 34 1 4 8 get 1 34 1 4 9 help 1 35 1 4 10 ls 1 35 1 4 11 mkdir 1 36 1 4 12 put 1 36 1 4 13 pwd 1 37 1 4 14 quit 1 37 1 4 15 remove 1 38 1 4 16 rename 1 39 1 4 17 rmdir 1 39 1 4 18 sftp 1 40 1 4 19 sftp source interface 1 41 1 4 20 sftp sourc...

Page 930: ...Description Use the display rsa local key pair public command to display the public key of the server host key pair If no key pair is generated the system prompts RSA keys not found Related command rsa local key pair create Example Display the public key of the server host key pair Quidway display rsa local key pair public Time of Key pair created 20 08 35 2000 04 02 Key name Quidway_Host Key type...

Page 931: ...eYwgIiU T1 rsa key Time of Key pair created 20 08 46 2000 04 02 Key name Quidway_Server Key type RSA encryption Key Key code 3067 0260 D6D70AE4 D2A900BE AC21B4E7 617CBEFA 2BAED61F B637070C 093F43AF 9DB9D644 BCD921EF D056EF36 26825C2A 1FC0EFC3 E27B5110 3F20F790 6C83274B D0FC303F 51072D6C B5D0054D 3673EBA0 A4748984 5EBF6EBE CF6A13B1 C7858241 A2A9AA79 0203 010001 Note With the rsa local key pair crea...

Page 932: ... client public key of the specified RSA key pair If no key name is specified the command displays all public keys of the client Example Display all public keys on the client Quidway display rsa peer public key brief Address Bits Name 1023 abcd 1024 hq Display the public key named abcd of the client key pair Quidway display rsa peer public key name abcd Key name abcd Key address Key Code 308186 028...

Page 933: ...us information about the SSH server Quidway display ssh server status SSH version 1 99 SSH connection timeout 60 seconds SSH server key generating interval 0 hours SSH Authentication retries 3 times SFTP Server Enable Caution z If you use the ssh server compatible ssh1x enable command to configure the server to be compatible with the client of SSHv1 x version the SSH version will be displayed as 1...

Page 934: ...name 1 1 4 display ssh user information Syntax display ssh user information username View Any view Parameter username SSH user name a string of 1 to 80 characters Description Use the display ssh user information command to display information about the current SSH users including user name authentication mode corresponding public key name and authorized service types If the username is specified t...

Page 935: ... interface If not the command displays 0 0 0 0 Example Display the current source IP address specified for the SSH Server Quidway display ssh server source ip The source IP you specified is 192 168 1 1 1 1 6 peer public key end Syntax peer public key end View Public key view Parameter None Description Use the peer public key end command to return to system view from public key view Related command...

Page 936: ...ith SSH enabled your configuration cannot take effect until next login if no RSA key pair is configured Caution z When SSH protocol is specified to ensure a successful login you must configure the AAA authentication using the authentication mode scheme command z The protocol inbound ssh configuration fails if you configured authentication mode password or authentication mode none When you configur...

Page 937: ...ient software should be composed of hexadecimal characters Related command rsa peer public key public key code end Example Enter public key edit view and input client public keys Quidway system view System View return to User View with Ctrl Z Quidway rsa peer public key quidway003 Quidway rsa public key public key code begin Quidway key code 308186028180739A291ABDA704F5D93DC8FDF84C427463 Quidway k...

Page 938: ...and the keys will be discarded Your configuration this time fails z If the keys are valid they will be saved in the local public key list Related command rsa peer public key public key code begin Example Exit from public key edit view and save the public keys Quidway system view System View return to User View with Ctrl Z Quidway rsa peer public key kk Quidway rsa public key public key code begin ...

Page 939: ...d z When the switch works in the SSHv1 x compatible mode if you execute the display rsa local key pair public command two public keys are displayed They are Quidway_Host and Quidway_Server z When the switch works in the SSHv2 0 mode if you execute the display rsa local key pair public command only one public key is displayed It is Quidway_Host For a successful SSH login you must generate the local...

Page 940: ...Destroy all existing RSA key pairs at the server end Quidway system view System View return to User View with Ctrl Z Quidway rsa local key pair destroy The local key pair will be destroyed Confirm to destroy these keys Y N y Done 1 1 12 rsa peer public key Syntax rsa peer public key key name View System view Parameter key name Client public key name a string of 1 to 64 characters Description Use t...

Page 941: ...ers file name Name of the public key file which has been loaded to the Flash in advance a string in the range of 1 character to 142 characters Description Use the rsa peer public key import sshkey command to transform the format of the public key files of the client into the public key cryptography standard PKCS codes and configure them automatically In this way you need not configure public keys ...

Page 942: ...ication that is one of the two authentication types must be satisfied Description Use the ssh authentication type default command to specify a default authentication type for SSH users After this command is configured if a new SSH user added through the ssh command has not passed the authentication specified by the ssh user authentication type command for this user this user will adopt the default...

Page 943: ...d to restore the default authentication retry times which will take effect at next login Related command display ssh server Note If you have used the ssh user authentication type command to configure the authentication type to password publickey you must set the authentication retry times to a number greater than or equal to 2 for one is counted when a client sends a public key to the server Examp...

Page 944: ...execute the display rsa local key pair public command two public keys are displayed They are Quidway_Host and Quidway_Server z When the switch works in the SSHv2 0 mode if you execute the display rsa local key pair public command only one public key is displayed It is Quidway_Host Example Specify the server compatible with the SSHv1 x version supporting client Quidway system view System View retur...

Page 945: ...h server rekey interval 3 1 1 18 ssh server timeout Syntax ssh server timeout seconds undo ssh server timeout View System view Parameter seconds Authentication timeout time It is in the range of 1 to 120 seconds and defaults to 60 seconds Description Use the ssh server timeout command to set authentication timeout time for SSH connections Use the undo ssh server timeout command to restore the defa...

Page 946: ...o ssh user assign rsa key command to remove the association between the public keys and SSH users The configuration takes effect at the next login If the user already has a public key the new public key overrides the old one Related command display ssh user information Example Set the client public key for the kk user to key1 Quidway system view System View return to User View with Ctrl Z Quidway ...

Page 947: ...the authentication if either the password or RSA public key is correct Description Use the ssh user authentication type command to define on the server the available authentication type for an SSH user Use the undo ssh user authentication type command to restore the default setting Note This command defines available authentication type on the server The actual authentication type however is deter...

Page 948: ...erver source interface command to specify source interface for SSH Server When the specified interface does not exist the command prompts the configuration fails Use the undo ssh server source interface command to cancel the specified source interface Then the address of the device determined by the system is for the user to access to the switch Example Specify source interface Vlan interface 2 fo...

Page 949: ...ple Specify source IP address 192 168 0 1 for SSH Server Quidway system view System View return to User View with Ctrl Z Quidway ssh server source ip 192 168 0 1 1 2 SSH Client Configuration Commands 1 2 1 display ssh2 source ip Syntax display ssh2 source ip View Any view Parameter None Description Use the display ssh2 source ip command to display the current source IP address set for the SSH2 Cli...

Page 950: ..._______________________________ 192 168 0 1 abc_key01 192 168 0 2 abc_key02 1 2 3 public key code begin Syntax public key code begin View Public key view Parameter None Description Use the public key code begin command to enter public key edit view and set server public keys You can key in a blank space between characters since the system can remove the blank space automatically or press Enter to ...

Page 951: ...code end Quidway rsa public key 1 2 4 public key code end Syntax public key code end View Public key edit view Parameter None Description Use the public key code end command to return from public key edit view to public key view and save the public keys you set After you use this command to terminate the public key editing public key validity will be checked before the keys are saved z If there ar...

Page 952: ...er public key Syntax rsa peer public key key name View System view Parameter key name Server public key name a string of 1 to 64 characters Description Use the rsa peer public key command to enter public key view You can use this command along with the public key code begin command to configure on the client the server public keys which are generated randomly after you use the rsa local key pair c...

Page 953: ...name Server public key name a string of 1 to 64 characters Description Use the ssh client assign rsa key command to specify on the client the public key for the server to be connected to guarantee the client can be connected to a reliable server Use the undo ssh client assign rsa key command to remove the association between the public keys and servers Example Specify on the client the public key ...

Page 954: ...hen the initial authentication function is not available the client does not access the server if it does not have the public key of the server locally In this case you need first to save the public key of the target server to the client in other ways By default the client runs the initial authentication Example Configure the client to run the initial authentication Quidway system view System View...

Page 955: ...nt to server It defaults to SHA1_96 prefer_stoc_hmac HMAC algorithm preference from the server to client It defaults to SHA1_96 sha1 HMAC SHA1 algorithm sha1_96 HMAC SHA1_96 algorithm md5 HMAC MD5 algorithm md5_96 HMAC MD5 96 algorithm Note z DES Data Encryption Standard is the standard algorithm for data encryption z AES Advanced Encryption Standard is the advanced encryption standard algorithm D...

Page 956: ... source interface which can be LoopBack or Vlan interface interface number Number of source interface Description Use the ssh2 source interface command to specify source interface for SSH2 Client When the specified interface does not exist the command prompts the configuration fails Use the undo ssh2 source interface command to remove the specified source interface Then the address of the device d...

Page 957: ...Server When the specified ip address is not the IP address of the device the command prompts configuration fails Example Specify source IP address 192 168 0 1 for SSH2 Client Quidway system view System View return to User View with Ctrl Z Quidway ssh2 source ip 192 168 1 1 1 3 SFTP Server Configuration Commands 1 3 1 sftp server enable Syntax sftp server enable undo sftp server View System view Pa...

Page 958: ...cters stelnet Sets the service type to Telnet sftp Sets the service type to SFTP all Includes Telnet and SFTP two services types Description Use the ssh user service type command to specify service type for a user Use the undo ssh user service type command to restore the default service type for the SSH user in the system The default service type for the SSH user is stelnet Related command display...

Page 959: ... time for the SFTP user connection the system will automatically release the connection when the time is up Example Set the timeout time for the SFTP user connection to 500 minutes Quidway system view System View return to User View with Ctrl Z Quidway sftp timeout 500 1 4 SFTP Client Configuration Commands 1 4 1 bye Syntax bye View SFTP Client view Parameter None Description Use the bye command t...

Page 960: ...e server Description Use the cd command to change the current path on the remote SFTP server If you did not specify the remote path argument the current path is displayed Note You can use the cd command to return to the upper level directory You can use the cd command to return to the root directory of the system that is flash Example Change current path to new1 sftp client cd new1 Current Directo...

Page 961: ...rrent Directory is flash 1 4 4 delete Syntax delete remote file View SFTP Client view Parameter remote file Name of a file on the server Description Use the delete command to delete the specified file from the remote SFTP server This command has the same function as the remove command Example Delete file test txt from the server sftp client delete test txt The followed File will be deleted Flash t...

Page 962: ...ory flash sftp client dir flash rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 vrpcfg cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 24 new1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 18 new2 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 30 pub2 1 4 6 display sftp so...

Page 963: ... view Parameter None Description Use the exit command to terminate the connection to the remote SFTP server and return to system view This command has the same function as the bye and quit commands Example Terminate the connection to the remote SFTP server sftp client exit Bye Quidway 1 4 8 get Syntax get remote file local file View SFTP Client view Parameter remote file Name of the source file on...

Page 964: ...oading file successfully ended 1 4 9 help Syntax help command View SFTP Client view Parameter command Name of a command Description Use the help command to get the help information about the specified or all SFTP client commands If the command argument is not specified the help information about all commands is displayed Example Display the help information about the get command sftp client help g...

Page 965: ...xrwxrwx 1 noone nogroup 1759 Aug 23 06 52 vrpcfg cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 24 new1 drwxrwxrwx 1 noone nogroup 0 Sep 28 08 18 new2 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 30 pub2 1 4 11 mkdir Syntax mkdir remote path View SFTP Client ...

Page 966: ...o the remote SFTP server If no name is specified for the file to be saved on the remote SFTP server the name of the source file is used Example Upload local file vrpcfg cfg to the remote SFTP server and save it with the name 1 txt sftp client put temp c vrpcfg cfg 1 txt Local file vrpcfg cfg Remote file flash 1 txt Uploading file successfully ended 1 4 13 pwd Syntax pwd View SFTP Client view Param...

Page 967: ...commands Example Terminate the connection to the remote SFTP server sftp client quit Bye Quidway 1 4 15 remove Syntax remove remote file View SFTP Client view Parameter remote file Name of a file on the server Description Use the remove command to delete the specified file from the remote SFTP server This command has the same function as the delete command Example Delete file temp c from the serve...

Page 968: ...f the specified file on the SFTP server Example Change the name of file temp bat on the SFTP server to temp txt sftp client rename temp bat temp txt File successfully renamed 1 4 17 rmdir Syntax rmdir remote path View SFTP Client view Parameter remote path Name of a directory on the remote SFTP server Description Use the rmdir command to delete the specified directory from the remote SFTP server E...

Page 969: ...t number is 22 prefer_kex Key exchange algorithm preference Choose one of the two algorithms available dh_group1 Diffie Hellman group1 sha1 key exchange algorithm It is the default key exchange algorithm dh_exchange_group Diffie Hellman group exchange sha1 key exchange algorithm prefer_ctos_cipher Encryption algorithm preference from the client to server It defaults to AES128 prefer_stoc_cipher En...

Page 970: ...d Do you continue access it Y N y Do you want to save the server s public key Y N y Enter password sftp client 1 4 19 sftp source interface Syntax sftp source interface interface type interface number undo sftp source interface View System view Parameter interface type Type of source interface which can be LoopBack or Vlan interface interface number Number of source interface Description Use the s...

Page 971: ...tp source ip View System view Parameter ip address Source IP address needed to set Description Use the sftp source ip command to specify the source IP address for SFTP Client When the specified ip address is not the IP address of the device the command prompts configuration fails Use the undo sftp source ip command to remove the specified source IP address Then the address of the device determined...

Page 972: ...ation Commands 1 6 1 2 1 cd 1 6 1 2 2 copy 1 7 1 2 3 delete 1 8 1 2 4 dir 1 9 1 2 5 execute 1 11 1 2 6 file prompt 1 12 1 2 7 fixdisk 1 13 1 2 8 format 1 13 1 2 9 mkdir 1 14 1 2 10 more 1 15 1 2 11 move 1 15 1 2 12 pwd 1 16 1 2 13 rename 1 16 1 2 14 reset recycle bin 1 17 1 2 15 rmdir 1 18 1 2 16 undelete 1 18 1 2 17 update fabric 1 19 1 3 Configuration Backup and Restore Commands 1 21 1 3 1 backu...

Page 973: ...Command Manual File System Management Quidway S3900 Series Ethernet Switches Release 1510 Table of Contents Huawei Technologies Proprietary ii 2 2 TFTP Command 2 5 2 2 1 tftp get 2 5 ...

Page 974: ...e if the unit ID of the switch is 1 the URL of a file named text txt and residing in the root directory must be unit1 flash text txt z In URL format and starting with flash This method can be used to specify a file in the Flash memory of the current unit z Inputting the path name or file name directly This method can be used to specify a path or a file in the current work directory 1 1 File Attrib...

Page 975: ...e Y N y The boot web and configuration file s backup attribute and main attribute successfully exchanged on unit 1 The boot web and configuration file s backup attribute and main attribute successfully exchanged on unit 2 1 1 2 boot boot loader Syntax boot boot loader file url fabric View User view Parameter file url Path or the name of the app file in the Flash a string comprising 1 to 64 charact...

Page 976: ... next time on unit 1 The specified file will be booted next time on unit 2 1 1 3 boot boot loader backup attribute Syntax boot boot loader backup attribute file url fabric View User view Parameter file url Path or the name of the app file in the Flash a string comprising 1 to 64 characters fabric Applies the configuration to the whole fabric Description Use the boot boot loader backup attribute co...

Page 977: ...ile of the local unit Example Configure the file named backup bin to be the backup startup file of the fabric Quidway boot boot loader backup attribute backup bin fabric Set boot file backup attribute successfully on unit 1 Set boot file backup attribute successfully on unit 2 1 1 4 boot web package Syntax boot web package webfile backup main View User view Parameter webfile Name of a Web file a s...

Page 978: ...oot web to be of the main attribute Quidway boot web package boot web main 1 1 5 display boot loader Syntax display boot loader unit unit id View Any view Parameter unit unit id Specifies the unit ID of a switch Description Use the display boot loader command to display the information about the app startup files of the fabric or of a device in the fabric Displayed information includes the current...

Page 979: ...mmand to disable the above function By default the above function is enabled You can use the display startup command to verify these two commands Example Specify to prompt for the customized password before entering the BOOT menu Quidway startup bootrom access enable 1 2 File System Configuration Commands Note Note to limit the lengths of file path and file name within the following ranges regulat...

Page 980: ...flash test 1 2 2 copy Syntax copy fileurl source fileurl dest View User view Parameter fileurl source Path name or file name of the source file in the Flash fileurl dest Path name or file name of the destination file in the Flash Description Use the copy command to copy a file If the fileurl dest argument identifies an existing file the system prompts you for the confirmation to overwrite the exis...

Page 981: ...e unreserved keyword specified the specified file is completely deleted That is the file cannot be restored For a file that has both the main and backup attributes the delete running files deletes its main attribute only and the delete standby files command deletes its backup attribute only Deleted files are stored in the recycle bin Following are the notes on deleted files z The dir command canno...

Page 982: ... yes Caution For deleted files whose names are the same only the latest deleted file is stored in the recycle bin and can be restored Example Delete the file test test txt on the local unit Quidway delete test test txt Delete unit1 flash test test txt Y N y Delete file unit1 flash test test txt Done Delete the files that are of the main attribute in the fabric Quidway delete running files fabric D...

Page 983: ...he output information files with the main backup or main backup attribute a tagged Note In the output information of the dir all command deleted files that is those in the recycle bin are embraced in brackets Example Display the information about all the normal files in the root directory of the file system on the local unit Quidway dir Directory of unit1 flash 1 rw 5792495 Apr 02 2000 00 06 50 s3...

Page 984: ...g 4 rw 279296 Apr 02 2000 00 21 55 love rar 5 rw 428 Apr 02 2000 13 07 11 hostkey 6 rwh 151 Apr 01 2000 23 58 39 private data txt 7 rw 572 Apr 02 2000 13 07 20 serverkey 8 rw 1589 Apr 02 2000 00 58 20 1 cfg 15367 KB total 10475 KB free with main attribute b with backup attribute b with both main and backup attribute Display the information about all the files whose names begin with the character t...

Page 985: ...em view System View return to User View with Ctrl Z Quidway execute test bat Quidway Created dir unit1 flash test3 1 2 6 file prompt Syntax file prompt alert quiet View System view Parameter alert Prompts for confirmation before performing file related operations that have potential risks quiet Disables prompts for file related operations Description Use the file prompt command to configure the pr...

Page 986: ...e Set the prompt mode to quiet for file related operations Quidway system view System View return to User View with Ctrl Z Quidway file prompt quiet 1 2 7 fixdisk Syntax fixdisk device View User view Parameter device Device name Description Use the fixdisk command to restore space on the Flash memory In case that space on the Flash memory may become unavailable for reasons such as abnormal operati...

Page 987: ...oss of all the files on the Flash memory and the operation is irretrievable Example Format Flash Quidway format unit1 flash All data on unit1 flash will be lost proceed with format Y N y Now begin to format flash please wait for a while Format winc completed 1 2 9 mkdir Syntax mkdir directory View User view Parameter directory Name of the directory Description Use the mkdir command to create a dir...

Page 988: ...cified file Currently the content of a file can only be displayed in text Example Display the content of the file named test txt Quidway more test txt AppWizard has created this test application for you This file contains a summary of what you will find in each of the files that make up your test application Test dsp This file the project file contains information at the project level and is used ...

Page 989: ...he target file name is the name of an existing file the system prompts you for the confirmation to overwrite the existing file Example Move the file named sample txt from flash test to flash with the name not changed Quidway move flash test sample txt flash sample txt Move flash test sample txt to flash sample txt Y N y Moved file flash test sample txt to flash sample txt 1 2 12 pwd Syntax pwd Vie...

Page 990: ...Rename flash sample txt to flash sample bak Y N y Renamed file flash sample txt to flash sample bak 1 2 14 reset recycle bin Syntax reset recycle bin file url force reset recycle bin fabric View User view Parameter file url Path name or file name of a file in the Flash This argument supports the wildcard force Does not prompt for confirmation before deleting files fabric Clear the recycle bins of ...

Page 991: ...me Please wait Cleared file unit1 flash te txt Clear unit1 flash tex txt Y N y Clearing files from flash may take a long time Please wait Cleared file unit1 flash tex txt 1 2 15 rmdir Syntax rmdir directory View User view Parameter directory Name of a directory Description Use the rmdir command to delete a directory As only empty directories can be deleted you need to clear a directory before dele...

Page 992: ...firmation to overwrite the latter Example Restore the deleted file named sample bak Quidway undelete sample bak Undelete flash sample bak Y N y Undeleted file flash sample bak 1 2 17 update fabric Syntax update fabric file name View User view Parameter file name Name of the file to be upgraded Description Use the update fabric command to use an app Boot ROM or Web file on a device in the fabric to...

Page 993: ...will prompt the user to make room on the Flash memory of this unit to complete the upgrade z Before the file is copied to all units the system collects version information of files with the corresponding type compares the version compatibility and outputs the result If the file used for upgrading cannot replace the corresponding file on any unit the command fails and a message is given describing ...

Page 994: ...ame of a TFTP server filename cfg Name of the configuration file to which the current configuration will be backed up a string of 5 to 56 characters including the extension cfg Description Use the backup unit current configuration to command to back up the current configuration of a specified switch to a file on a TFTP server Use the backup fabric current configuration to command to back up the cu...

Page 995: ...abric startup configuration from source addr source hostname filename cfg View User view Parameter unit id Unit ID of a switch fabric Specifies the whole fabric system source addr Host name or IP address of a TFTP server source hostname Host name of a TFTP server filename cfg Name of the configuration file to be downloaded a string of 5 to 56 characters including the extension cfg Description Use ...

Page 996: ...e startup current configuration finished Restore the startup configuration of the whole fabric from the file bbb cfg on the TFTP server with the IP address 1 1 1 253 Quidway restore fabric startup configuration from 1 1 1 253 bbb cfg Restore startup configuration from 1 1 1 253 Please wait File will be transferred in binary mode Downloading file from remote tftp server please wait TFTP 2029 bytes ...

Page 997: ...meter None Description Use the ftp server enable command to enable FTP server and allow FTP users to log in Use the undo ftp server command to disable FTP server and inhibit FTP users from logging in By default FTP server is disabled You can use the commands here to enable or disable FTP server Disabling FTP server can ensure secure operating of the device Example Disable FTP server Quidway system...

Page 998: ...user service type Specifies a user type You can specify one of the following user types telent ftp lan access this type of users are mainly Ethernet access users for example 802 1x users ssh and terminal this type of users can use terminal service that is the users can log into the switch through Console port AUX port or Asynchronous serial port all Specifies all users Description Use the local us...

Page 999: ...word display mode If the cipher force mode is adopted the passwords will be displayed in cipher text even though the password command is used to specify the password display mode to simple By default the password display mode of local users is auto Example Set the password display mode to be used when the switch displays local users to cipher force Quidway system view System View return to User Vi...

Page 1000: ...22 in plain text Quidway system view System View return to User View with Ctrl Z Quidway local user hello1 Quidway luser hello1 password simple 20030422 2 1 5 ftp Syntax ftp ipaddress port View User view Parameter ipaddress IP address of a remote FTP server port Port number of the remote FTP server If the port argument is not specified the default port number will be used Description Use the ftp c...

Page 1001: ... no local file name is specified the switch will save the remote file locally with the same file name as that on the remote FTP server Example Download the file temp1 c and save it to the local file temp c Quidway ftp 1 1 1 1 Trying Press CTRL K to abort Connected 220 FTP service ready User none hello 331 Password required for hello Password 230 User logged in ftp get temp1 c temp c 200 Port comma...

Page 1002: ...TFTP server source file Name of the file which will be downloaded from the TFTP server dest file Name of the file to which the downloaded file will be saved on the switch Description Use the tftp get command to download a file from a TFTP server to this switch Example Download the file LANSwitch bin from the TFTP server with the IP address of 1 1 3 214 to this switch and save it to the file vs bin...

Page 1003: ... server source ip 1 6 1 2 FTP Client Configuration Commands 1 6 1 2 1 ascii 1 6 1 2 2 binary 1 7 1 2 3 bye 1 8 1 2 4 cd 1 9 1 2 5 cdup 1 9 1 2 6 close 1 10 1 2 7 debugging 1 11 1 2 8 delete 1 12 1 2 9 dir 1 13 1 2 10 disconnect 1 14 1 2 11 display ftp source ip 1 15 1 2 12 ftp 1 15 1 2 13 ftp cluster remote server source interface 1 16 1 2 14 ftp cluster remote server source ip 1 17 1 2 15 ftp sou...

Page 1004: ...mdir 1 29 1 2 29 user 1 29 1 2 30 verbose 1 30 1 3 TFTP Configuration Commands 1 31 1 3 1 display tftp source ip 1 31 1 3 2 tftp 1 32 1 3 3 tftp get 1 32 1 3 4 tftp put 1 33 1 3 5 tftp tftp server source interface 1 34 1 3 6 tftp tftp server source ip 1 34 1 3 7 tftp source interface 1 35 1 3 8 tftp source ip 1 36 1 3 9 tftp server acl 1 37 ...

Page 1005: ...erver You can use this command to verify FTP server related configurations Example Display the FTP server related settings of the switch assuming that the switch is operating as an FTP server Quidway display ftp server FTP server is running Max user number 1 User count 0 Timeout value in minute 30 Table 1 1 Description on the fields of the display ftp server command Field Description FTP server is...

Page 1006: ... IP address of the source interface will be displayed If neither source interface nor source IP address is specified 0 0 0 0 will be displayed Example Display the source IP address set for the FTP server Quidway display ftp server source ip The source IP you specified is 192 168 0 1 1 1 3 display ftp user Syntax display ftp user View Any view Parameter None Description Use the display ftp user com...

Page 1007: ... disconnect Syntax ftp disconnect user name View System view Parameter user name Name of the user to be disconnected from the FTP server Description Use the ftp disconnect command to terminate the connection between a specified user and the FTP server Note If you attempt to disconnect a user that is uploading downloading data to from the FTP server that is acted by an S3900 the S3900 will disconne...

Page 1008: ...n Use the ftp server enable command to enable the FTP server for users to log in Use the undo ftp server command to disable the FTP server By default the FTP server is disabled to avoid potential security risks Example Enable the FTP server Quidway system view System View return to User View with Ctrl Z Quidway ftp server enable Start FTP server 1 1 6 ftp timeout Syntax ftp timeout minutes undo ft...

Page 1009: ...36 minutes Quidway system view System View return to User View with Ctrl Z Quidway ftp timeout 36 1 1 7 ftp server source interface Syntax ftp server source interface interface type interface number undo ftp server source interface View System view Parameter interface type Type of the source interface interface number Number of the source interface Description Use the ftp server source interface c...

Page 1010: ...an FTP server The value of argument ip address must be an IP address on the device where the configuration is performed and otherwise a prompt appears to show the configuration fails Use the undo ftp server source ip command to cancel the source IP address setting After you execute this command the FTP server system decides which IP address on it will be used for being accessed by FTP clients Exam...

Page 1011: ...t view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Specify to transfer text files in ASCII mode ftp ascii 200 Type set to A 1 2 2 binary Syntax binary View FTP Client view Parameter None Description Use the binary command to sp...

Page 1012: ...bye View FTP client view Parameter None Description Use the bye command to terminate the control connection and data connection with the remote FTP server and quit to user view This command has the same effect as that of the quit command Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User ...

Page 1013: ...emote FTP server Note that you can use this command to enter only authorized directories Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Change the work directory to flash temp ftp cd flash temp Displa...

Page 1014: ...Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Change the work directory to flash temp ftp cd flash temp Change the work directory to the parent directory ftp cdup Display the current directory ftp pwd 257 fl...

Page 1015: ...y ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Terminate the FTP connection without quitting FTP client view ftp close 221 Server closing ftp 1 2 7 debugging Syntax debugging undo debugging View FTP client view Parameter None Descriptio...

Page 1016: ...sword 230 Logged in successfully ftp Enable system debugging ftp debugging Debug is on 1 2 8 delete Syntax delete remotefile View FTP client view Parameter remotefile File name Description Use the delete command to delete a specified remote file Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new us...

Page 1017: ...rmation which includes the name size and creation time of files will be saved in a local file If you do not specify the filename argument the information about all the files in the current directory is displayed Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me yo...

Page 1018: ...amed 4 app and save the output information in the file named temp1 ftp dir 4 app temp1 200 PORT command okay 150 File Listing Follows in ASCII mode rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4 bin 226 Transfer finished successfully FTP 70 byte s received in 0 122 second s 573 00 byte s sec 1 2 10 disconnect Syntax disconnect View FTP client view Parameter None Description Use the disconnect comm...

Page 1019: ...play ftp source ip command to display the source IP address that the FTP client uses every time it connects with an FTP server If a source interface is specified for the FTP client the IP address of the source interface will be displayed If neither a source IP address nor source interface is specified for the FTP client 0 0 0 0 will be displayed Example Display the source IP address that the FTP c...

Page 1020: ...ess CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp 1 2 13 ftp cluster remote server source interface Syntax ftp cluster remote server source interface interface type interface number View User view Parameter cluster Specifies to connect to a cluster FTP server re...

Page 1021: ...ote server IP address or host name of the FTP server ip address Source IP address Description Use the ftp cluster remote server source ip command to connect to an FTP server through the specified source IP address This command will fail to be executed if the specified source IP address does not exist Example Connect to the FTP server whose IP address is 192 168 8 8 through the source IP address 19...

Page 1022: ... User View with Ctrl Z Quidway ftp source interface Vlan interface 1 1 2 16 ftp source ip Syntax ftp source ip ip address undo ftp source ip View System view Parameter ip address IP address that is to be specified as the source IP address Description Use the ftp source ip command to specify the source IP address of an FTP client so that the FTP client always uses it to connect with an FTP server T...

Page 1023: ...d using its original name Caution When using the get command to download files from a remote FTP server note to limit the lengths of file path and file name within the following ranges regulated for the S3900 z A directory name should be no more than 91 characters z A file name plus its local path name should be no more than 127 characters z A device name should be no more than 14 characters z A f...

Page 1024: ...P 749881 byte s received in 17 186 second s 43 00K byte s sec 1 2 18 lcd Syntax lcd View FTP client view Parameter None Description Use the lcd command to display the local work directory on the FTP client Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your pas...

Page 1025: ...rver If you do not specify the remotefile argument names of all the files in the current remote directory are displayed Caution The ls command only displays file names while the dir command displays file information in more detail including file size creation date and so on Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imper...

Page 1026: ...P client view Parameter Pathname Path name Description Use the mkdir command to create a directory on an FTP server This command is available only to the FTP clients that are assigned the permission to create directories on FTP servers Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User no...

Page 1027: ...characters port Port number on the remote FTP server ranging from 0 to 65535 The default value is 21 Description Use the open command to establish a control connection with an FTP server Related command close Example Enter FTP client view Quidway ftp ftp Establish a control connection with the FTP server whose IP address is 1 1 1 1 ftp open 1 1 1 1 Trying Press CTRL K to abort Connected 220 220 WF...

Page 1028: ...the active mode By default the passive mode is adopted Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Set the data transfer mode to the passive mode ftp passive Passive is on 1 2 23 put Syntax put loc...

Page 1029: ...TRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Upload the local file named temp c to the FTP server ftp put temp c 200 Port command okay 150 Opening ASCII mode data connection for temp c 226 Transfer complete FTP 749881 byte s sent in 17 691 second s 42 00Kbyte s ...

Page 1030: ... directory on the FTP server ftp pwd 257 flash temp is current directory 1 2 25 quit Syntax quit View FTP client view Parameter None Description Use the quit command to terminate FTP control connection and FTP data connection and quit to user view This command has the same effect as that of the bye command Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220...

Page 1031: ...lay the help information about an FTP protocol command This command works only when the FTP server provides the help information about FTP protocol commands Caution z This command is always valid when a Quidway series switch operates as the FTP server z If you use other FTP server software refer to related instructions to know whether it provides help information about FTP protocol commands Exampl...

Page 1032: ...st Destination file name Description Use the rename command to rename a file on a remote FTP server If the destination file name conflicts with the name of an existing file or directory you will fail to rename the file Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Giv...

Page 1033: ... server Note that you can only use this command to remove directories that are empty Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Remove the directory flash temp1 on the FTP server Assume that the d...

Page 1034: ...user name and password Example Enter FTP client view Quidway ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Log into the FTP server using the user account with the user name being tom and the password being 111 ftp user tom 111 331 Give m...

Page 1035: ...d 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User none switch 331 Give me your password please Password 230 Logged in successfully ftp Enable the verbose function ftp verbose 1 3 TFTP Configuration Commands 1 3 1 display tftp source ip Syntax display tftp source ip View Any view Parameter None Description Use the display tftp source ip display the source IP address that th...

Page 1036: ...ter ascii Transfers data in the ASCII mode binary Transfers data in the binary mode Description Use the tftp ascii binary command to set the TFTP data transfer mode By default the binary mode is adopted Example Specify to adopt the ASCII mode Quidway system view System View return to User View with Ctrl Z Quidway tftp ascii TFTP transfer mode changed to ASCII 1 3 3 tftp get Syntax tftp tftp server...

Page 1037: ...ait TFTP 35 bytes received in 0 second s File downloaded successfully 1 3 4 tftp put Syntax tftp tftp server put source file dest file View User view Parameter tftp server IP address or the host name of a TFTP server source file Name of the file to be uploaded to the TFTP server dest file File name which the uploaded file is to be saved as Description Use the tftp put command to upload a file to a...

Page 1038: ...ed locally put Specifies to upload a file to the TFTP server source file url Path and name of the file to be uploaded dest file Name of the new file to be saved on the TFTP server Description Use the tftp tftp server source interface command to connect to a TFTP server through the specified source interface and perform download or upload operations If the specified source interface does not exist ...

Page 1039: ...ugh the specified source IP address and perform download or upload operations If the specified source IP address does not exist a prompt appears to show the command fails to be executed Example Connect to the remote TFTP server whose IP address is 192 168 8 8 through the source IP address 192 168 0 1 and download the file named 3900 bin from it Quidway tftp 192 168 8 8 source ip 192 168 0 1 get 39...

Page 1040: ...er ip address IP address that is to be specified as the source IP address Description Use the tftp source ip command to specify the source IP address of a TFTP client so that the TFTP client always uses it to connect with a TFTP server The value of argument ip address must be an IP address on the device where the configuration is performed and otherwise a prompt appears to show the configuration f...

Page 1041: ...iew System view Parameter acl number Basic ACL number ranging from 2000 to 2999 Description Use the tftp server acl command to specify the ACL adopted for the connection between a TFTP client and a TFTP server Use the undo tftp server acl command to cancel all ACLs adopted Example Specify to adopt ACL 2000 on the TFTP client Quidway system view System View return to User View with Ctrl Z Quidway t...

Page 1042: ...me 1 6 1 1 7 info center console channel 1 7 1 1 8 info center enable 1 8 1 1 9 info center logbuffer 1 8 1 1 10 info center loghost 1 9 1 1 11 info center loghost source 1 10 1 1 12 info center monitor channel 1 11 1 1 13 info center snmp channel 1 12 1 1 14 info center source 1 13 1 1 15 info center synchronous 1 17 1 1 16 info center switch on 1 18 1 1 17 info center timestamp 1 19 1 1 18 info ...

Page 1043: ...system channel name Channel name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the display channel command to display the settings of an information channel If no argument is specified the settings of all channels are displayed Example Display the settings of information channel 0 ...

Page 1044: ...hannels the format of time stamp of the current system and the information output status in the IRF system Quidway display info center Information Center enabled Log host the interface name of the source address Vlan interface1 192 168 0 2 channel number 2 channel name loghost language english host facility local 7 Console channel number 0 channel name console Monitor channel number 1 channel name...

Page 1045: ...buffer including its state enabled or disabled its maximum size current size current messages information channel name and number dropped messages and overwritten messages Trap buffer Information about the trap buffer including its state enabled or disabled maximum size current size current messages channel number and name dropped messages and overwritten messages Information timestamp setting Inf...

Page 1046: ...r number of messages the log buffer holds you want to display The buffersize argument ranges from 1 to 1024 and defaults to 256 Filters output log information with a regular expression begin Displays the log information beginning with the specified characters exclude Displays the log information excluding the specified characters include Displays the log information including the specified charact...

Page 1047: ...mary of the log buffer Quidway display logbuffer summary EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG 0 0 0 0 94 0 1 0 1 1 5 display trapbuffer Syntax display trapbuffer unit unit id size buffersize View Any view Parameter unit id Unit ID size buffersize Specifies the size of the trap buffer number of messages the buffer holds you want to display The buffersize argument ranges from 1 to 1024 and d...

Page 1048: ...otIndex 0 4 Dec 31 14 01 33 2004 Quidway DEV 2 BOARD STATE CHANGE TO NORMAL Trap 1 3 6 1 4 1 2011 2 23 1 12 1 11 frameIndex is 0 slotIndex 0 2 Dec 31 14 01 40 2004 Quidway DEV 2 BOARD STATE CHANGE TO NORMAL Trap 1 3 6 1 4 1 2011 2 23 1 12 1 11 frameIndex is 0 slotIndex 0 1 1 6 info center channel name Syntax info center channel channel number name channel name undo info center channel channel numb...

Page 1049: ...hannel Syntax info center console channel channel number channel name undo info center console channel View System view Parameter channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9...

Page 1050: ...he console and other destinations only when the information center is enabled By default the information center is enabled Related command display info center info center loghost info center logbuffer info center console channel info center monitor channel info center trapbuffer info center snmp channel Example Enable the information center Quidway system view System View return to User View with ...

Page 1051: ...uffer Use the undo info center logbuffer command to disable the information output By default the switch outputs information to the log buffer which can hold 512 records by default This command works only when the information center is enabled for the system Related command info center enable and display info center Example Configure the switch to output information to the log buffer with the size...

Page 1052: ...ation output to a log host through setting the IP address of the log host Use the undo info center loghost command to disable the information output By default the switch does not output information to the log host This command works only when the information center is enabled for the system Note Be sure to set the correct IP address in the info center loghost command A loopback IP address will ca...

Page 1053: ...t to the log host Quidway system view System View return to User View with Ctrl Z Quidway info center loghost source Vlan interface 1 1 1 12 info center monitor channel Syntax info center monitor channel channel number channel name undo info center monitor channel View System view Parameter channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel nam...

Page 1054: ...el View System view Parameter channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the info center snmp channel command to set the channel through which information i...

Page 1055: ...1 3 Modules generating the information Module name Description 8021X 802 1x module ACL Access control list module ADBM Address base module AM Access management module ARP Address resolution protocol module CFAX Configuration agent module CFG Configuration management plane module CFM Configuration file management module CLST Cluster management module CMD Command line module COMMONSY Common system M...

Page 1056: ...nagement private MIB module HWP HWPing module IFNET Interface management module IGSP IGMP snooping module IP Internet protocol module IPC Inter processes communication module IPMC IP multicast module L2INF Layer 2 interface management module L4RDT Layer 4 redirect module LACL Lanswitch access control list module LAGG link aggregation module LINE Terminal line module LQOS Lanswitch quality of servi...

Page 1057: ...s control list module QOSF Traffic management module RDS Radius module RESIL Resilient ARP module RM Routing management module RMON Remote monitor module RSA Revest Shamir and Adleman encryption module RTPRO Routing protocol module SC Server control module SHELL User interface module SNMP Simple network management protocol module SOCKET Socket module SSH Secure shell module SYSMIB System MIB modul...

Page 1058: ...nter source command to specify the information source in the information center and the output direction Use the undo info center source command to cancel the configuration of information source and output direction This command can be used for filtering of log trap or debugging information For example it can control information output from the IP module to any direction You can configure to outpu...

Page 1059: ...ve the emergencies severity Quidway system view System View return to User View with Ctrl Z Quidway info center source vlan channel snmpagent log level emergencies 1 1 15 info center synchronous Syntax info center synchronous undo info center synchronous View System view Parameter None Description Use the info center synchronous command to enable synchronous terminal output so that if system infor...

Page 1060: ...chronous terminal output Quidway system view System View return to User View with Ctrl Z Quidway info center synchronous Current IC terminal output sync is on 1 1 16 info center switch on Syntax info center switch on unit unit id master all debugging logging trapping undo info center switch on unit unit id master all debugging logging trapping View System view Parameter unit unit id Specifies a sw...

Page 1061: ...f log debugging and trap information in the whole fabric The switch provides command lines to enable or disable information output for each switch If you disable information output for a switch the switch will no longer send information to other switches but still receive information sent by other switches You can enable or disable a specified type of information output for a specified switch on d...

Page 1062: ...stamp is adopted for all types of information Example Set the boot time stamp for debugging information Quidway system view System View return to User View with Ctrl Z Quidway info center timestamp debugging boot 1 1 18 info center timestamp loghost Syntax info center timestamp loghost date no year date none undo info center timestamp loghost View System view Parameter date Specifies to adopt the ...

Page 1063: ... System view Parameter size Sets the size of the trap buffer buffersize Size of the trap buffer represented by the number of messages it holds ranging from 0 to 1024 and defaulting to 256 channel Sets the channel through which information is sent to the trap buffer channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name By default ...

Page 1064: ...info center trapbuffer size 30 1 1 20 reset logbuffer Syntax reset logbuffer unit unit id View User view Parameter unit id Unit ID Description Use the reset logbuffer command to clear information in the log buffer Example Clear information in the log buffer Quidway reset logbuffer 1 1 21 reset trapbuffer Syntax reset trapbuffer unit unit id View User view Parameter unit id Unit ID Description Use ...

Page 1065: ...command to disable debugging terminal display By default debugging terminal display is disabled You can run the terminal debugging command to display debugging information on a user terminal Related command debugging commands in the System Maintaining and Debugging part of the manual Example Enable debugging terminal display Quidway terminal debugging 1 1 23 terminal logging Syntax terminal loggin...

Page 1066: ... enabled for console users and terminal users This command works only on the current terminal Only after the command has been executed in user view can the debugging log trap information be output on the current terminal Disabling the function has the same effect as executing the following three commands undo terminal debugging undo terminal logging and undo terminal trapping That is no debugging ...

Page 1067: ...wei Technologies Proprietary 1 25 undo terminal trapping View User view Parameter None Description Use the terminal trapping command to enable trap terminal display Use the undo terminal trapping command to disable trap terminal display By default trap terminal display is enabled Example Enable trap terminal display Quidway terminal trapping ...

Page 1068: ... 1 6 1 2 2 display debugging 1 7 1 2 3 display users 1 8 1 2 4 display version 1 9 1 3 System Debugging Commands 1 10 1 3 1 debugging 1 10 1 3 2 display diagnostic information 1 10 1 3 3 terminal debugging 1 12 Chapter 2 Network Connectivity Test Commands 2 1 2 1 1 ping 2 1 2 1 2 tracert 2 3 Chapter 3 Device Management Commands 3 1 3 1 Device Management Commands 3 1 3 1 1 boot boot loader 3 1 3 1 ...

Page 1069: ...Command Manual System Maintenance and Debugging Quidway S3900 Series Ethernet Switches Release 1510 Table of Contents Huawei Technologies Proprietary ii 3 1 14 update fabric 3 11 ...

Page 1070: ...e YYYY is the year ranging from 2000 to 2099 MM is the month ranging from 1 to 12 and DD is the day ranging from 1 to 31 Description Use the clock datetime command to set the current date and time of the Ethernet switch By default it is 23 55 00 04 01 2000 when the system starts up In an environment that needs to obtain exact absolute time it is required to use this command to set the current date...

Page 1071: ... in the form of YYYY MM DD or MM DD YYYY offset time Offset of the summer time relative to the standard time in the form of HH MM SS Description Use the clock summer time command to set the name time range and time offset of the summer time After the setting you can use the display clock command to check the results Example Set the summer time named abc1 which starts from 06 00 00 2005 08 01 ends ...

Page 1072: ...iversal time coordinated time zone After the setting you can use the display clock command to check the results The log information time and the debug information time adopts the local time that has been adjusted by the time zone and the summer time Related command clock summer time and display clock Example Set the local time zone named z5 which is five hours ahead of the UTC time Quidway clock t...

Page 1073: ...r None Description Use the quit command to return from current view to lower level view or exit the system if current view is user view The following lists the three levels of views available from lower level to higher level z User view z System view z VLAN view Ethernet port view and so on Related command return and system view Example Return from system view to user view Quidway system view Syst...

Page 1074: ...e Ethernet 1 0 1 Quidway Ethernet1 0 1 return Quidway 1 1 7 sysname Syntax sysname sysname undo sysname View System view Parameter sysname System name of the Ethernet switch It is a character string in length of 1 to 30 characters By default it is Quidway Description Use the sysname command to set the system name of the Ethernet switch Changing the system name will affect the CLI prompt For exampl...

Page 1075: ... view command to enter system view from user view Related command quit and return Example Enter system view from user view Quidway system view System View return to User View with Ctrl Z Quidway 1 2 System Status Information Display Commands 1 2 1 display clock Syntax display clock View Any view Parameter None Description Use the display clock command to display the current date and time of the sy...

Page 1076: ...jing Sat 2002 02 02 Current date and time of the system Time Zone Configured time zone information Summer Time Configured summer time information 1 2 2 display debugging Syntax display debugging fabric unit unit id interface interface type interface number module name View Any view Parameter fabric Displays the enabled debugging of the switches in the Fabric unit id Unit ID of a switch interface t...

Page 1077: ...isplay users command to display the status and configuration information about user terminal interfaces Example Display the status and configuration information about user terminal interfaces Quidway display users UI Delay Type Ipaddress Username Userlevel 0 AUX 0 00 00 17 3 8 VTY 0 01 37 55 TEL 192 168 0 200 3 9 VTY 1 00 00 00 TEL 192 168 0 3 3 12 VTY 4 00 00 00 TEL 192 168 0 115 3 Current operat...

Page 1078: ...this command to check the software version and issue time the basic hardware configuration and some other information about the switch Example Display the version of the system Quidway display version Huawei Versatile Routing Platform Software VRP software Version 3 10 ESS 1508 Copyright c 1998 2006 Huawei Technologies Co Ltd All rights reserved Quidway S3928P EI uptime is 0 week 0 day 22 hours 55...

Page 1079: ... command to disable system debugging By default all debugging is disabled for the system Enabling debugging will generate a great deal of debugging information and thus will affect the efficiency of the system Therefore it is recommended not to enable debugging for multiple functional modules at the same time The undo debugging all command brings great convenience for you to disable all debugging ...

Page 1080: ...The file is already existing overwrite it Y N y Output information to file flash default diag Please wait Display the current diagnostic information of the system Quidway display diagnostic information This operation may take a few minutes continue Y N y Diagnostic information is saved to Flash or displayed Y save N display Y N n display version Huawei Versatile Routing Platform Software VRP Lansw...

Page 1081: ... BootRomVer AddrLM Type State 0 0 24 REV C NULL 001 225 IVL MAIN Normal 0 1 4 REV C NULL 001 NULL IVL 4 GE Normal display current configuration 1 3 3 terminal debugging Syntax terminal debugging undo terminal debugging View User view Parameter None Description Use the terminal debugging command to enable terminal display for debugging information Use the undo terminal debugging command to disable ...

Page 1082: ...is greater than the MTU maximum transmission unit of the interface h ttl Sets the TTL time to live value of the ICMP ECHO REQUEST packets in the range of 1 to 255 By default the TTL value is 255 i Selects the port to send the packets null interface number Null port number vlan id VLAN interface number ip Selects the IP ICMP packet n Specifies to regard the host argument as an IP address without pe...

Page 1083: ...irst the source host sends an ICMP ECHO REQUEST packet to the destination host If the connection to the destination network is normal the destination host receives this packet and responds with an ICMP ECHO REPLY packet You can use the ping command to check the network connectivity and the quality of a network line This command can output the following information z Response status of the destinat...

Page 1084: ...ommand displays the addresses of the gateways from the third hop The first ttl argument ranges from 1 to 255 and defaults to 1 m max ttl Sets the maximum TTL value of the packets to be sent After the command sends a packet with the maximum TTL it will not send any more packets With this argument this command displays the addresses of only those gateways from the source destination to the hop count...

Page 1085: ...ts pass through to the destination If you find that the network is in trouble by using the ping command you can use the tracert command to find where the trouble is in the network The tracert command can output the IP addresses of all the gateways the packets pass through to the destination It output the string if a gateway times out Example Trace the gateways the packets pass through during its j...

Page 1086: ...memory fabric File path in fabric mode device name File name in the form of unit NO flash which is used to save the specified file to the Flash memory of a specified switch Description Use the boot boot loader command to specify the host software that will be adopted when the switch reboots next time You can use this command to specify a bin file in the Flash memory as the host software to be adop...

Page 1087: ... of the switch using the file named S3900 btm Quidway boot bootrom S3900 btm 3 1 3 display boot loader Syntax display boot loader View Any view Parameter None Description Use the display boot loader command to display the host software bin file that will be adopted when the switch reboots Example Display the host software that will be adopted when the switch reboots Quidway display boot loader Uni...

Page 1088: ...d switch Example Display the CPU usage of this switch Quidway display cpu Unit 1 Board 0 CPU busy status 12 in last 5 seconds 12 in last 1 minute 12 in last 5 minutes Table 3 2 Description on the fields of the display cpu command Field Description CPU busy status Indicates that the following lines describe the CPU occupancies in different time periods 12 in last 5 seconds 12 in last 1 minute 12 in...

Page 1089: ...o display the following information about each board slot number sub slot number number of ports versions of PCB FPGA CPLD and BootROM software address learning mode interface board type and so on Example Display board information of this switch Quidway display device Unit 1 SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type State 0 0 24 REV C NULL 001 312 IVL MAIN Normal 0 1 4 RE...

Page 1090: ...d to display the memory usage of a specified switch Example Display the memory usage of this switch Quidway display memory Unit 1 System Available Memory bytes 37238784 System Used Memory bytes 8201352 Used Rate 22 Table 3 3 Description on the fields of the display memory command Field Description System Available Memory bytes Available memory size of the system in unit of bytes System Used Memory...

Page 1091: ...rent state Normal 3 1 8 display power Syntax display power unit unit id power id View Any view Parameter unit id Unit ID of a switch power id Power ID Description Use the display power command to view the working state of the power supply of the switch Example Display the working state of the power supply Quidway display power Unit 1 power 1 State Normal Type AC The above information indicates tha...

Page 1092: ... Quidway display schedule reboot System will reboot at 16 00 00 2002 11 1 in 2 hours and 5 minutes 3 1 10 reboot Syntax reboot unit unit id View User view Parameter unit id Unit ID of a switch Description Use the reboot command to restart a specified Ethernet switch Note When rebooting the system checks whether there is any configuration change If there is it prompts you to indicate whether or not...

Page 1093: ...d undo schedule reboot View User view Parameter hh mm Reboot time where hh hour ranges from 0 to 23 and mm minute ranges from 0 to 59 mm dd yyyy or yyyy mm dd Reboot date where yyyy year ranges from 2 000 to 2 099 mm month ranges from 1 to 12 and the range of dd day depends on the specific month You cannot set the date later than 30 days than the system current date Description Use the schedule re...

Page 1094: ...etting to take effect and your setting will overwrite the old one if available If you adjust the system time by the clock command after executing the schedule reboot at command the schedule reboot at command will be invalid and the scheduled reboot will not happen Related command reboot display schedule reboot Example Suppose the current time is 05 06 schedule a reboot so that the switch reboots a...

Page 1095: ...u to confirm Enter Y or y for your setting to take effect Your setting will overwrite the old one if available If you adjust the system time by the clock command after executing the schedule reboot delay command the schedule reboot delay command will be invalid and the scheduled reboot will not happen Related command reboot schedule reboot at undo schedule reboot and display schedule reboot Exampl...

Page 1096: ...od of the switch is not configured Note There is at most one minute defer for scheduled reboot that is the switch will reboot within one minute after reaching the specified reboot date and time After you execute the command the system will prompt you to confirm Enter Y or y for your setting to take effect Your setting will overwrite the old one if available If you adjust the system time by the clo...

Page 1097: ...devices in a Fabric Example Use the file named 3900 bin in the Flash memory of Unit2 to upgrade the host software of the devices in a Fabric Quidway update fabric unit2 flash s3900 bin This will update the Fabric Continue Y N y The software is verifying The result of verification is Unit ID Free space bytes Enough Version comparison 1 15281873 Y Y 2 15409873 Y Y warning the verification is complet...

Page 1098: ...le of Contents Chapter 1 VLAN VPN Commands 1 1 1 1 VLAN VPN Commands 1 1 1 1 1 display port vlan vpn 1 1 1 1 2 vlan vpn enable 1 2 1 1 3 vlan vpn inner cos trust 1 3 1 1 4 vlan vpn tpid 1 3 Chapter 2 BPDU Tunnel Configuration Commands 2 1 2 1 BPDU Tunnel Configuration Commands 2 1 2 1 1 bpdu tunnel 2 1 2 1 2 bpdu tunnel uplink 2 2 ...

Page 1099: ...he display port vlan vpn command to display the information about VLAN VPN configuration of the current system including current TPID value VLAN VPN ports and VLAN VPN uplink ports Example Display the VLAN VPN configuration of the current system Quidway display port vlan vpn Ethernet1 0 1 VLAN VPN TPID 8100 Ethernet1 0 2 VLAN VPN status enabled VLAN VPN VLAN 1 VLAN VPN inner cos trust status disab...

Page 1100: ... VLAN tag If the packet already carries a VLAN tag the packet becomes a dual tagged packet Otherwise the packet becomes a packet carrying the default VLAN tag of the port Caution z The VLAN VPN function is unavailable if the port has any of the protocols among GVRP GMRP STP IRF NTDP and 802 1x enabled z After you enable the VLAN VPN function for a port you cannot change the attribute of the port t...

Page 1101: ...n of replicating inner tag priority By default the function of replicating inner tag priority is disabled Example Enable the inner tag priority replication function for the Ethernet 1 0 2 port Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 2 Quidway Ethernet1 0 2 vlan vpn inner cos trust enable 1 1 4 vlan vpn tpid Syntax vlan vpn tpid value undo vlan...

Page 1102: ...oid confusion happening when the switch forwards or receives a packet you must not configure the following protocol type values listed in Table 1 1 as the TPID value Table 1 1 Common Ethernet frame protocol type values Protocol type Value ARP 0x0806 IP 0x0800 MPLS 0x8847 0x8848 IPX 0x8137 IS IS 0x8000 LACP 0x8809 802 1x 0x888E Example Set the TPID value to 0x12 for Ethernet1 0 2 port Quidway syste...

Page 1103: ...tunnel function for LACP packets ndp Enables Disables the BPDU tunnel function for NDP packets cdp Enables Disables the BPDU tunnel function for CDP packets vtp Enables Disables the BPDU tunnel function for VTP packets all Disables the BPDU tunnel function for the packets of all the protocols Description Use the bpdu tunnel command to enable the BPDU Tunnel function for the packets of a specific p...

Page 1104: ...l function for LACP packets Quidway system view System View return to User View with Ctrl Z Quidway interface Ethernet 1 0 1 Quidway Ethernet1 0 1 bpdu tunnel lacp 2 1 2 bpdu tunnel uplink Syntax bpdu tunnel uplink interface interface list View System view Ethernet port view Parameter interface interface list Specifies a list of Ethernet ports To specify multiple Ethernet ports you need to provide...

Page 1105: ... 2 BPDU Tunnel Configuration Commands Huawei Technologies Proprietary 2 3 Example Configure Ethernet1 0 1 through Ethernet1 0 5 ports as uplink BPDU Tunnel ports Quidway system view System View return to User View with Ctrl Z Quidway bpdu tunnel uplink Ethernet 1 0 1 to Ethernet 1 0 5 ...

Page 1106: ...awei Technologies Proprietary i Table of Contents Chapter 1 HWPing Commands 1 1 1 1 HWPing Commands 1 1 1 1 1 count 1 1 1 1 2 destination ip 1 1 1 1 3 display hwping 1 2 1 1 4 frequency 1 5 1 1 5 hwping 1 6 1 1 6 hwping agent enable 1 7 1 1 7 test enable 1 7 1 1 8 test type 1 8 1 1 9 timeout 1 9 ...

Page 1107: ...d to restore the default A test timer is started when the system sends the first test packet In the event that the times argument is set greater than one the system continues to send the second one upon receipt of the reply to the first one If receiving no reply upon expiry of the timer the system sends the second and all the remaining packets likewise Related command frequency Example Set that th...

Page 1108: ...p to 1 1 1 99 Quidway system view System View return to User View with Ctrl Z Quidway hwping administrator icmp Quidway hwping administrator icmp destination ip 1 1 1 99 1 1 3 display hwping Syntax display hwping results history administrator name operation tag View Any view Parameter results Displays the test result history Displays the test history administrator name Name of the administrator cr...

Page 1109: ...er 0 Operation timeout number 0 System busy operation number 0 Connection fail number 0 Operation sequence errors 0 Drop operation number 0 Other operation errors 0 Table 1 1 Description on the fields of the display hwping results command Field Description Destination ip address Destination IP address Send operation times Number of times the operation is sent Receive response times Number of times...

Page 1110: ...ther errors Use the display hwping history command to display test results Quidway display hwping history administrator icmp HWPing entry admin administrator tag icmp history record Index Response Status LastRC Time 1 1 1 0 2004 11 25 16 28 55 0 2 1 1 0 2004 11 25 16 28 55 0 3 1 1 0 2004 11 25 16 28 55 0 4 1 1 0 2004 11 25 16 28 55 0 5 1 1 0 2004 11 25 16 28 55 0 6 2 1 0 2004 11 25 16 28 55 0 7 1 ...

Page 1111: ...ute to the destination address 7 interfaceInactiveToTarget It means the interface of destination address is not activated 8 arpFailure It means ARP operation fails 9 maxConcurrentLimitReached It means the maximum limit of concurrent accesses is reached 10 unableToResolveDnsName It means it is unable to resolve the DNS name 11 invalidHostAddress It means the invalid host address LastRC Receive the ...

Page 1112: ...the administrator icmp test group to 10 seconds Quidway system view System View return to User View with Ctrl Z Quidway hwping administrator icmp Quidway hwping administrator icmp frequency 10 1 1 5 hwping Syntax hwping administrator name operation tag undo hwping administrator name operation tag View System view Parameter administrator name Name of the administrator creating an HWPing test group ...

Page 1113: ...nable undo hwping agent enable View System view Parameter None Description Use the hwping agent enable command to enable the HWPing client function Use the undo hwping agent enable command to disable the HWPing client function Before you can perform a test you must enable the HWPing client function Example Enable HWPing client Quidway system view System View return to User View with Ctrl Z Quidway...

Page 1114: ...nd Related command display hwping Example Execute the HWPing test defined by the test group administrator icmp Quidway system view System View return to User View with Ctrl Z Quidway hwping administrator icmp Quidway hwping administrator icmp test enable 1 1 8 test type Syntax test type type View HWPing test group view Parameter type Test type Description Use the test type command to configure the...

Page 1115: ...st group view Parameter time Timeout time It ranges from 1 to 60 seconds and defaults to 3 seconds Description Use the timeout command to configure a timeout time for a test Use the undo timeout command to restore the default Example Set the timeout time of the administrator icmp test group to 10 seconds Quidway system view System View return to User View with Ctrl Z Quidway hwping administrator i...

Page 1116: ...S Configuration Commands 1 1 1 1 DNS Configuration Commands 1 1 1 1 1 display dns domain 1 1 1 1 2 display dns dynamic host 1 1 1 1 3 display dns server 1 2 1 1 4 display ip host 1 3 1 1 5 dns domain 1 4 1 1 6 dns resolve 1 5 1 1 7 dns server 1 6 1 1 8 ip host 1 6 1 1 9 nslookup type 1 7 1 1 10 reset dns dynamic host 1 8 ...

Page 1117: ...iew Any view Parameter dynamic Display the DNS suffixes dynamically configured by DHCP or other protocols Description Use the display dns domain command to display the DNS suffixes Related command dns domain Example Display DNS suffixes Quidway display dns domain No Domain name 0 aaa com Table 1 1 Description on the fields of the display dns domain command Field Description No Domain name Domain n...

Page 1118: ...S Server if it is stored in the cache Example Display the information in the dynamic domain name resolution cache Quidway display dns dynamic host No Domain name IpAddress TTL Alias 0 www baidu com 202 108 249 134 63000 1 www yahoo akadns net 66 94 230 39 24 2 www hotmail com 207 68 172 239 3585 3 www eyou com 61 136 62 70 3591 Table 1 2 Description on the field of the display dns dynamic host com...

Page 1119: ... 125 1 169 254 66 15 Table 1 3 Description on fields of the display dns server command Field Description Domain server Number of the DNS Server Configured automatically by the device starts from 0 Servers with IPv4 or IPv6 addresses are numbered respectively IpAddress IPv4 address of the DNS Server Ipv6Address IPv6 address of the DNS Server Interface Name Only available when the DNS Server is conf...

Page 1120: ...ngs between host names and IP addresses Flags Mapping types between host names and IP addresses Static is the type for static domain name resolution Address Host IP addresses 1 1 5 dns domain Syntax dns domain domain name undo dns domain domain name View System view Parameter domain name DNS suffixes comprises 1 to 60 characters including letters numbers hyphens underscores _ and dots Description ...

Page 1121: ... a Windows 2000 Server may not able to resolve the _ Example Configure com as a DNS suffix Quidway system view System View return to User View with Ctrl Z Quidway dns domain com 1 1 6 dns resolve Syntax dns resolve undo dns resolve View System view Parameter None Description Use the dns resolve command to enable dynamic domain name resolution Use the undo dns resolve command to disable dynamic dom...

Page 1122: ... addresses No IP address is configured to the DNS Server by default You can configure maximum 6 DNS Servers Related command display dns server Example Configure a DNS Server address to 172 16 1 1 Quidway system view System View return to User View with Ctrl Z Quidway dns server 172 16 1 1 1 1 8 ip host Syntax ip host hostname ip address undo ip host hostname ip address View System view Parameter H...

Page 1123: ... System View return to User View with Ctrl Z Quidway ip host aaa 10 110 0 1 1 1 9 nslookup type Syntax nslookup type ptr ip address a domain name View Any view Parameter ptr ip address Resolves the corresponding DNS domain name for an IP address a domain name Resolves the corresponding IP address for a DNS domain name The domain name which is a string up to 30 characters supports automatic domain ...

Page 1124: ...for www huawei com Quidway nslookup type a www huawei com Trying DNS server 10 72 66 36 Name www huawei com Address 192 168 3 2 1 1 10 reset dns dynamic host Syntax reset dns dynamic host View User view Parameter None Description Use the reset dns dynamic host command to clear the cache Related command display dns dynamic host Example Clear the cache Quidway reset dns dynamic host ...

Page 1125: ...ng domain DHCP 4 1 accounting optional AAA RADIUS HWTA CACS EAD 1 4 accounting optional AAA RADIUS HWTA CACS EAD 1 27 accounting on enable AAA RADIUS HWTA CACS EAD 1 28 acl Login 2 1 acl ACL 1 1 active region configuration MSTP 1 1 add member Cluster 1 15 address check DHCP 2 1 administrator address Cluster 1 16 am user bind Port Security Port Binding 2 2 am user bind interface Port Security Port ...

Page 1126: ...auto execute command Login 1 2 B backup current configuration to File System Management 1 21 bims server DHCP 1 1 binary FTP and TFTP 1 7 boot attribute switch File System Management 1 1 boot boot loader File System Management 1 2 boot boot loader System Maintenance and Debugging 3 1 boot boot loader backup attribute File System Management 1 3 boot bootrom System Maintenance and Debugging 3 1 boot...

Page 1127: ...ration MSTP 1 2 checkzero Routing Protocol 2 1 clock datetime System Maintenance and Debugging 1 1 clock summer time System Maintenance and Debugging 1 1 clock timezone System Maintenance and Debugging 1 2 close FTP and TFTP 1 10 cluster Cluster 1 20 cluster enable Cluster 1 21 cluster switch to Cluster 1 22 cluster mac Cluster 1 23 cluster mac syn interval Cluster 1 23 command privilege level CLI...

Page 1128: ... 3 6 default tag Routing Protocol 3 7 default type Routing Protocol 3 8 default cost Routing Protocol 3 8 default route advertise Routing Protocol 3 9 delete SSH Terminal Service 1 32 delete File System Management 1 8 delete FTP and TFTP 1 12 delete static routes all Routing Protocol 1 14 delete member Cluster 1 24 description VLAN 1 1 description Management VLAN 1 1 description Port Basic Configu...

Page 1129: ...erver voice config DHCP 1 20 dhcp server voice config interface DHCP 1 21 dhcp relay hand DHCP 2 2 dhcp security static DHCP 2 4 dhcp security tracker DHCP 2 5 dhcp server DHCP 2 6 dhcp server detect DHCP 2 7 dhcp server ip DHCP 2 8 dhcp snooping DHCP 3 1 dhcp snooping trust DHCP 3 1 dir SSH Terminal Service 1 32 dir File System Management 1 9 dir FTP and TFTP 1 13 disconnect FTP and TFTP 1 14 dis...

Page 1130: ...ng 1 7 display debugging ospf Routing Protocol 3 11 display detect group Auto Detect 1 2 display device System Maintenance and Debugging 3 3 display dhcp client Management VLAN 2 2 display dhcp server conflict DHCP 1 23 display dhcp server expired DHCP 1 23 display dhcp server free ip DHCP 1 25 display dhcp server ip in use DHCP 1 25 display dhcp server statistics DHCP 1 27 display dhcp server tre...

Page 1131: ...tatistics IP Address and Performance Confiugration 2 6 display ftm IRF Fabric 1 3 display ftp source ip FTP and TFTP 1 15 display ftp server FTP and TFTP 1 1 display ftp server source ip FTP and TFTP 1 2 display ftp user FTP and TFTP 1 2 display garp statistics GVRP 1 1 display garp timer GVRP 1 2 display gvrp statistics GVRP 1 6 display gvrp status GVRP 1 7 display habp 802 1x 2 1 display habp ta...

Page 1132: ...table acl Routing Protocol 1 2 display ip routing table ip address Management VLAN 1 10 display ip routing table ip address Routing Protocol 1 5 display ip routing table ip address1 ip address2 Management VLAN 1 12 display ip routing table ip address1 ip address2 Routing Protocol 1 7 display ip routing table ip prefix Management VLAN 1 13 display ip routing table ip prefix Routing Protocol 1 8 dis...

Page 1133: ...able 1 2 display mac address aging time MAC Address Table 1 1 display mac address multicast static Multicast 3 2 display mac address security Port Security Port Binding 1 1 display mac authentication Centralized MAC Address Authentication 1 1 display memory Routing Protocol 5 1 display memory System Maintenance and Debugging 3 5 display memory limit Routing Protocol 5 2 display mirror Mirroring 1 ...

Page 1134: ...col 3 30 display ospf vlink Routing Protocol 3 31 display packet filter ACL 1 4 display pim bsr info Multicast 6 5 display pim interface Multicast 6 6 display pim neighbor Multicast 6 7 display pim routing table Multicast 6 8 display pim rp info Multicast 6 9 display poe interface PoE Poe Profile 1 1 display poe interface power PoE Poe Profile 1 4 display poe powersupply PoE Poe Profile 1 5 displa...

Page 1135: ... 2 1 display rip Routing Protocol 2 2 display rip interface Routing Protocol 2 3 display rip routing Routing Protocol 2 4 display rmon alarm SNMP RMON 2 1 display rmon event SNMP RMON 2 2 display rmon eventlog SNMP RMON 2 3 display rmon history SNMP RMON 2 4 display rmon history unit IRF Fabric 1 5 display rmon prialarm SNMP RMON 2 5 display rmon statistics SNMP RMON 2 7 display rmon statistics un...

Page 1136: ...1 35 display stop accounting buffer AAA RADIUS HWTA CACS EAD 1 63 display stp MSTP 1 4 display stp region configuration MSTP 1 5 display tcp statistics IP Address and Performance Confiugration 2 11 display tcp status IP Address and Performance Confiugration 2 14 display telnet source ip Login 1 4 display telnet server source ip Login 1 4 display tftp source ip FTP and TFTP 1 31 display this Config...

Page 1137: ...DP 1 3 dldp delaydown timer DLDP 1 7 dldp interval DLDP 1 4 dldp reset DLDP 1 5 dldp unidirectional shutdown DLDP 1 5 dldp work mode DLDP 1 6 dns domain DNS 1 4 dns resolve DNS 1 5 dns server DNS 1 6 dns list DHCP 1 31 domain AAA RADIUS HWTA CACS EAD 1 13 domain name DHCP 1 32 dot1x 802 1x 1 5 dot1x authentication method 802 1x 1 6 dot1x dhcp launch 802 1x 1 7 dot1x guest vlan 802 1x 1 8 dot1x max...

Page 1138: ...rotocol 3 32 filter policy import Routing Protocol 2 6 filter policy import Routing Protocol 3 33 fixdisk File System Management 1 13 flow interval Port Basic Configuration 1 14 flow control Port Basic Configuration 1 14 format File System Management 1 13 free user interface Login 1 8 free web users Login 2 1 frequency HWPing 1 5 ftm fabric vlan IRF Fabric 1 9 ftp File System Management 2 4 ftp FT...

Page 1139: ... gateway list DHCP 1 33 get SSH Terminal Service 1 34 get File System Management 2 5 get FTP and TFTP 1 19 giant frame statistics enable Port Basic Configuration 1 15 gratuitous arp learning enable ARP 1 7 gvrp GVRP 1 7 gvrp registration GVRP 1 8 H habp enable 802 1x 2 3 habp server vlan 802 1x 2 4 habp timer 802 1x 2 5 header Login 1 8 help SSH Terminal Service 1 35 history command max size Login...

Page 1140: ...t 5 9 igmp max response time Multicast 5 10 igmp proxy Multicast 5 11 igmp robust count Multicast 5 12 igmp timer other querier present Multicast 5 13 igmp timer query Multicast 5 14 igmp version Multicast 5 15 igmp snooping Multicast 1 4 igmp snooping fast leave Multicast 1 4 igmp snooping general query source ip Multicast 1 5 igmp snooping group limit Multicast 1 6 igmp snooping group policy Mul...

Page 1141: ... Center 1 19 info center timestamp loghost Information Center 1 20 info center trapbuffer Information Center 1 21 instance MSTP 1 6 interface Port Basic Configuration 1 16 interface Vlan interface VLAN 1 5 interface Vlan interface Management VLAN 1 19 ip address IP Address and Performance Confiugration 1 3 ip address Management VLAN 1 19 ip address bootp alloc Management VLAN 2 5 ip address dhcp a...

Page 1142: ...15 line rate QoS QoS Profile 1 7 link aggregation group agg id description Link Aggregation 1 8 link aggregation group agg id mode Link Aggregation 1 9 local server AAA RADIUS HWTA CACS EAD 1 38 local server nas ip AAA RADIUS HWTA CACS EAD 1 38 local user AAA RADIUS HWTA CACS EAD 1 16 local user File System Management 2 1 local user password display mode AAA RADIUS HWTA CACS EAD 1 17 local user pa...

Page 1143: ...ication authmode usernameasmacaddress Centralized MAC Address Authentication 1 5 mac authentication authmode usernamefixed Centralized MAC Address Authentication 1 6 mac authentication authpassword Centralized MAC Address Authentication 1 7 mac authentication authusername Centralized MAC Address Authentication 1 7 mac authentication domain Centralized MAC Address Authentication 1 8 mac authenticat...

Page 1144: ...tem Management 1 14 mkdir FTP and TFTP 1 22 monitor port Mirroring 1 9 monitor port Mirroring 1 14 more File System Management 1 15 move File System Management 1 15 msdp Multicast 7 6 msdp tracert Multicast 7 7 multicast route limit Multicast 2 5 multicast routing enable Multicast 2 5 multicast source deny Multicast 2 6 multicast suppression Port Basic Configuration 1 23 multi path number Routing ...

Page 1145: ...ion enable NTP 1 5 ntp service authentication keyid NTP 1 6 ntp service broadcast client NTP 1 7 ntp service broadcast server NTP 1 7 ntp service in interface disable NTP 1 8 ntp service max dynamic sessions NTP 1 9 ntp service multicast client NTP 1 9 ntp service multicast server NTP 1 10 ntp service reliable authentication keyid NTP 1 11 ntp service source interface NTP 1 12 ntp service unicast ...

Page 1146: ...FTP and TFTP 1 23 password AAA RADIUS HWTA CACS EAD 1 19 password File System Management 2 3 peer Routing Protocol 2 10 peer Routing Protocol 3 48 peer connect interface Multicast 7 14 peer description Multicast 7 10 peer mesh group Multicast 7 11 peer minimum ttl Multicast 7 11 peer request sa enable Multicast 7 12 peer sa cache maximum Multicast 7 13 peer sa policy Multicast 7 14 peer sa request...

Page 1147: ...col vlan vlan VLAN 1 12 port hybrid pvid vlan Port Basic Configuration 1 25 port hybrid vlan Port Basic Configuration 1 25 port isolate Port Isolation 1 1 port link aggregation group Link Aggregation 1 9 port link type Port Basic Configuration 1 26 port trunk permit vlan Port Basic Configuration 1 27 port trunk pvid vlan Port Basic Configuration 1 28 port security authorization ignore Port Securit...

Page 1148: ... Profile 1 8 priority trust QoS QoS Profile 1 9 protocol inbound Login 1 15 protocol inbound SSH Terminal Service 1 7 protocol priority protocol type QoS QoS Profile 1 10 protocol vlan VLAN 1 13 public key code begin SSH Terminal Service 1 8 public key code begin SSH Terminal Service 1 21 public key code end SSH Terminal Service 1 8 public key code end SSH Terminal Service 1 22 put SSH Terminal Se...

Page 1149: ...ember Cluster 1 36 region name MSTP 1 8 register policy Multicast 6 16 remotehelp FTP and TFTP 1 27 remote probe vlan Mirroring 1 9 remove SSH Terminal Service 1 38 rename SSH Terminal Service 1 39 rename File System Management 1 16 rename FTP and TFTP 1 28 reset Routing Protocol 2 12 reset arp ARP 1 8 reset counters interface Port Basic Configuration 1 29 reset dhcp server conflict DHCP 1 38 rese...

Page 1150: ...reset multicast routing table Multicast 2 8 reset ndp statistics Cluster 1 6 reset ospf Routing Protocol 3 49 reset pim neighbor Multicast 6 16 reset pim routing table Multicast 6 17 reset radius statistics AAA RADIUS HWTA CACS EAD 1 47 reset recycle bin File System Management 1 17 reset saved configuration Configuration File Management 1 11 reset stop accounting buffer AAA RADIUS HWTA CACS EAD 1 ...

Page 1151: ...thentication mode Routing Protocol 2 13 rip input Routing Protocol 2 15 rip metricin Routing Protocol 2 15 rip metricout Routing Protocol 2 16 rip output Routing Protocol 2 17 rip split horizon Routing Protocol 2 18 rip version Routing Protocol 2 19 rip work Routing Protocol 2 20 rmdir SSH Terminal Service 1 39 rmdir File System Management 1 18 rmdir FTP and TFTP 1 29 rmon alarm SNMP RMON 2 9 rmon...

Page 1152: ...egularity System Maintenance and Debugging 3 10 scheme AAA RADIUS HWTA CACS EAD 1 21 screen length Login 1 16 secondary accounting AAA RADIUS HWTA CACS EAD 1 51 secondary accounting AAA RADIUS HWTA CACS EAD 1 72 secondary authentication AAA RADIUS HWTA CACS EAD 1 52 secondary authentication AAA RADIUS HWTA CACS EAD 1 73 secondary authorization AAA RADIUS HWTA CACS EAD 1 74 security policy server A...

Page 1153: ...mmunity SNMP RMON 1 10 snmp agent group Login 2 3 snmp agent group SNMP RMON 1 11 snmp agent local engineid SNMP RMON 1 12 snmp agent log SNMP RMON 1 13 snmp agent mib view SNMP RMON 1 14 snmp agent packet max size SNMP RMON 1 14 snmp agent sys info SNMP RMON 1 15 snmp agent target host SNMP RMON 1 16 snmp agent trap enable SNMP RMON 1 17 snmp agent trap enable ospf Routing Protocol 3 52 snmp agen...

Page 1154: ... 1 25 ssh2 source interface SSH Terminal Service 1 27 ssh2 source ip SSH Terminal Service 1 27 ssh server source interface SSH Terminal Service 1 19 ssh server source ip SSH Terminal Service 1 19 standby detect group Auto Detect 2 2 startup bootrom access enable File System Management 1 6 startup saved configuration Configuration File Management 1 15 state AAA RADIUS HWTA CACS EAD 1 25 state AAA R...

Page 1155: ...8 stp interface transmit limit MSTP 1 29 stp loop protection MSTP 1 30 stp max hops MSTP 1 31 stp mcheck MSTP 1 32 stp mode MSTP 1 32 stp no agreement check MSTP 1 33 stp pathcost standard MSTP 1 34 stp point to point MSTP 1 36 stp port priority MSTP 1 37 stp priority MSTP 1 38 stp region configuration MSTP 1 39 stp root primary MSTP 1 40 stp root secondary MSTP 1 41 stp root protection MSTP 1 42 ...

Page 1156: ... telnet server source interface Login 1 23 telnet server source ip Login 1 24 terminal debugging Information Center 1 23 terminal debugging System Maintenance and Debugging 1 12 terminal logging Information Center 1 23 terminal monitor Information Center 1 24 terminal trapping Information Center 1 24 test enable HWPing 1 7 test type HWPing 1 8 tftp FTP and TFTP 1 32 tftp cluster get Cluster 1 38 t...

Page 1157: ...out AAA RADIUS HWTA CACS EAD 1 59 timer response timeout AAA RADIUS HWTA CACS EAD 1 77 timer retry Multicast 7 20 timer wait Auto Detect 1 6 time range ACL 1 19 timers Routing Protocol 2 21 tracert System Maintenance and Debugging 2 3 traffic limit QoS QoS Profile 1 17 traffic limit QoS QoS Profile 2 6 traffic priority QoS QoS Profile 1 18 traffic priority QoS QoS Profile 2 7 traffic redirect QoS ...

Page 1158: ... TFTP 1 30 virtual cable test Port Basic Configuration 1 32 vlan VLAN 1 7 vlan to VLAN 1 8 vlan assignment mode AAA RADIUS HWTA CACS EAD 1 26 vlan mapping modulo MSTP 1 49 vlan vpn enable VLAN VPN 1 2 vlan vpn inner cos trust VLAN VPN 1 3 vlan vpn tpid VLAN VPN 1 3 vlan vpn tunnel MSTP 2 1 vlink peer Routing Protocol 3 54 voice vlan Volice VLAN 1 4 voice vlan aging Volice VLAN 1 5 voice vlan enabl...

Page 1159: ...d preempt mode VRRP 1 7 vrrp vrid priority VRRP 1 8 vrrp vrid timer advertise VRRP 1 9 vrrp vrid track VRRP 1 10 vrrp vrid track detect group Auto Detect 2 3 vrrp vrid track detect group VRRP 1 11 vrrp vrid virtual ip VRRP 1 12 W webcache address Web Cache Redirection 1 2 webcache redirect vlan Web Cache Redirection 1 3 wred QoS QoS Profile 1 22 X Y Z ...

Reviews:

No comments