manualshive.com logo in svg

H3C MS4520V2-30F, Справочник по командам, Страница: 52 / 59

Поделиться
Скачать
H3C MS4520V2-30F Скачать руководство пользователя страница 52

 

45 

Usage guidelines 

By default, the device learns ND information of remote VMs from packets received on VXLAN tunnel 
interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable 
remote ND learning when the controller and VTEPs  are synchronizing entries.  After the entry 
synchronization is completed, use the 

undo vxlan tunnel nd-learning disable

 command 

to enable remote ND learning. 

As a best practice, disable remote ND learning for VXLANs only when the controller and VTEPs are 
synchronizing entries. 

Examples 

# Disable remote ND learning for VXLANs. 

<Sysname> system 

[Sysname] vxlan tunnel nd-learning disable

 

OVSDB commands 

ovsdb server bootstrap ca-certificate 

Use 

ovsdb server bootstrap ca-certificate

  to specify a  CA certificate file for 

establishing OVSDB SSL connections. 

Use 

undo ovsdb server bootstrap ca-certificate

 to restore the default. 

Syntax 

ovsdb server bootstrap ca-certificate

 

ca-filename

 

undo ovsdb server bootstrap ca-certificate 

Default 

SSL uses the CA certificate file in the PKI domain. 

Views 

System view 

Predefined user roles 

network-admin 

Parameters 

ca-filename

: Specifies  the  CA certificate file  name, a  case-insensitive  string.  The file name 

cannot contain the 

slot

 string. 

Usage guidelines 

For the specified certificate to take effect, you must execute the 

ovsdb server enable

 command 

to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been 
enabled. 

If the specified CA certificate file does not exist, the device obtains a self-signed certificate from the 
controller. The obtained file uses the name specified for the 

ca-filename

 argument. 

Examples 

# Specify CA certificate file 

ca-new

 for establishing OVSDB SSL connections. 

<Sysname> system-view 

[Sysname] ovsdb server bootstrap ca-certificate ca-new 

Содержание MS4520V2-30F

Страница 1: ...licable to the following switches and software versions H3C S5560X EI switch series Release 6308 and later H3C S5500V2 EI switch series Release 6308 and later H3C MS4520V2 30F switch Release 6308 and...

Страница 2: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 3: ...races enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which y...

Страница 4: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 5: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 6: ...e 22 shutdown 23 statistics enable Ethernet service instance view 23 statistics enable VSI view 24 tunnel 24 tunnel global source address 25 vsi 26 vxlan 27 vxlan ip forwarding 27 vxlan local mac repo...

Страница 7: ...ii ovsdb server enable 46 ovsdb server pki domain 46 ovsdb server pssl 47 ovsdb server ptcp 48 ovsdb server ssl 49 ovsdb server tcp 49 vtep access port 50 vtep acl disable 51 vtep enable 51...

Страница 8: ...packet statistics for the Ethernet service instances automatically created for VLAN based VXLAN assignment Before you enable this feature you must use the vxlan vlan based command to enable VLAN base...

Страница 9: ...behalf of the VM If no match is found the VTEP floods the request to both local and remote sites Examples Enable ARP flood suppression for VSI vsi1 Sysname system view Sysname vsi vsi1 Sysname vsi vs...

Страница 10: ...pecify a member device this command displays entries on the master device count Displays the number of ARP flood suppression entries that match the command Examples Display ARP flood suppression entri...

Страница 11: ...the command Examples Display ND flood suppression entries Sysname display ipv6 nd suppression vsi IPv6 address MAC address VSI name Link ID Aging min 1000 2 000f e201 0101 vsi1 0x70000 5 1000 3 000f...

Страница 12: ...s entries Usage guidelines If you do not specify the count or verbose keyword this command displays brief information about MAC address entries Examples Display brief information about MAC address ent...

Страница 13: ...ddress this field displays the tunnel interface name Aging Entry aging state Aging NotAging Display detailed information about MAC address entries for all VSIs Sysname display l2vpn mac address verbos...

Страница 14: ...r service instance instance id verbose Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Specifies a Layer 2 Ethernet interface o...

Страница 15: ...ate Up Down Type L2VPN type of the Ethernet service instance VSI VPWS Display detailed information about all Ethernet service instances on GigabitEthernet 1 0 1 Sysname display l2vpn service instance...

Страница 16: ...tihomed EVPN site BDF The device is a backup designated forwarder DF The device is the designated forwarder This field is not displayed if no Ethernet segment identifier is configured on the interface...

Страница 17: ...e VSI Index MTU State vpna 0 1500 Up Table 7 Command output Field Description MTU MTU on the VSI State VSI state Up The VSI is up Down The VSI is down Admin down The VSI has been manually shut down by...

Страница 18: ...ot set Unlimited is displayed Multicast Restrain This field is not supported in the current software version Multicast restraint bandwidth in kbps If the multicast restraint bandwidth is not set Unlim...

Страница 19: ...unnel assignment method Auto The tunnel was automatically assigned to the VXLAN For an EVPN network VXLAN tunnels are automatically assigned to VXLANs For a multicast mode VXLAN the tunnel MTunnel was...

Страница 20: ...00002 Up Manual Disabled MTunnel0 0x6002710 Up Auto Disabled Table 9 Command output Field Description Link ID Tunnel s link ID in the VXLAN State Tunnel state Up The tunnel is operating correctly Bloc...

Страница 21: ...pecify the only tagged keyword untagged Matches any frames that do not have an 802 1Q VLAN tag Usage guidelines An Ethernet service instance can contain only one frame match criterion To change the fr...

Страница 22: ...default the device floods broadcast unknown unicast and unknown multicast frames received from the local site to the following interfaces in the frame s VXLAN All site facing interfaces except for th...

Страница 23: ...nd remote sites Examples Enable ND flood suppression for VSI vsi1 Sysname system view Sysname vsi vsi1 Sysname vsi vsi1 ipv6 nd suppression enable Related commands display ipv6 nd suppression vsi rese...

Страница 24: ...nterface number The specified tunnel interface must already exist This option applies to remote MAC addresses vsi vsi name Specifies a VSI name a case sensitive string of 1 to 31 characters Usage guid...

Страница 25: ...ned user roles network admin Usage guidelines The 802 1X or MAC authentication feature can use the authorization VSI the guest VSI the Auth Fail VSI and the critical VSI to control the access of users...

Страница 26: ...e string of 1 to 31 characters If you do not specify a VSI this command clears ARP flood suppression entries on all VSIs Examples Clear ARP flood suppression entries on all VSIs Sysname reset arp supp...

Страница 27: ...do not specify a VSI this command clears all dynamic MAC address entries on all VSIs Usage guidelines Use this command when the number of dynamic MAC address entries reaches the limit or the device l...

Страница 28: ...istics on VSIs Syntax reset l2vpn statistics vsi name vsi name Views User view Predefined user roles network admin Parameters name vsi name Specifies a VSI by its name a case sensitive string of 1 to...

Страница 29: ...commands flooding disable service instance Use service instance to create an Ethernet service instance and enter its view or enter the view of an existing Ethernet service instance Use undo service in...

Страница 30: ...ou bring up the VSI again the VSI provides services based on the latest settings Examples Shut down VSI vpn1 Sysname system view Sysname vsi vpn1 Sysname vsi vpn1 shutdown Related commands display l2v...

Страница 31: ...ay l2vpn service instance verbose reset l2vpn statistics ac statistics enable VSI view Use statistics enable to enable packet statistics for a VSI Use undo statistics enable to disable packet statisti...

Страница 32: ...number option When the primary VXLAN tunnel is operating correctly the backup VXLAN tunnel does not forward traffic When the primary VXLAN tunnel goes down traffic is switched to the backup VXLAN tun...

Страница 33: ...tunnel uses the global source address if you do not specify a source interface or source address for the tunnel The global source address takes effect only on VXLAN tunnels Examples Specify 1 1 1 1 as...

Страница 34: ...a VXLAN and enter its view or enter the view of an existing VXLAN Use undo vxlan to restore the default Syntax vxlan vxlan id undo vxlan Default No VXLANs exist Views VSI view Predefined user roles n...

Страница 35: ...LANs You must delete all VSIs VSI interfaces and VXLAN tunnel interfaces before you can change the forwarding mode Examples Enable Layer 3 forwarding for all VXLANs Sysname system view Sysname vxlan i...

Страница 36: ...l mac learning disable undo vxlan tunnel mac learning disable Default Remote MAC address learning is enabled Views System view Predefined user roles network admin Usage guidelines When network attacks...

Страница 37: ...ed Default VLAN based VXLAN assignment is disabled Views System view Predefined user roles network admin Usage guidelines You can assign customer traffic to a VXLAN by using one of the following metho...

Страница 38: ...XLANs enable VLAN based VXLAN assignment by using the vxlan vlan based command You cannot map VLAN 1 to any VXLAN Do not map a VLAN to the L3 VXLAN ID of EVPN If you map a VLAN to a nonexistent VXLAN...

Страница 39: ...r Ethernet frames assigned to the VSI The device supports the VLAN access mode In this mode Ethernet frames received from or sent to the local site must contain 802 1Q VLAN tags For an Ethernet frame...

Страница 40: ...not forward ARP packets destined for its local VSI interfaces to other gateways For distributed VXLAN IP gateways to have the same ARP entries you must enable dynamic ARP entry synchronization A cont...

Страница 41: ...h to set the expected bandwidth for a VSI interface Use undo bandwidth to restore the default Syntax bandwidth bandwidth value undo bandwidth Default The expected bandwidth in kbps of a VSI interface...

Страница 42: ...these commands 2 Use their undo forms or follow the command reference to restore their default settings 3 If the restoration attempt still fails follow the error message instructions to resolve the p...

Страница 43: ...ce id option this command displays information about all interfaces Make sure the specified VSI interfaces have been created on the device brief Display brief interface information If you do not speci...

Страница 44: ...isabled The interface is not assigned an IP address and cannot process IP packets Internet address IP address of the interface The primary attribute indicates that the address is the primary IP addres...

Страница 45: ...s physically up DOWN The interface is physically down ADM The interface has been shut down by using the shutdown command To restore the physical state of the interface use the undo shutdown command St...

Страница 46: ...erent VTEPs To avoid IP address conflicts you must specify the VSI interface on each VTEP as a distributed gateway Examples Specify VSI interface 100 as a distributed gateway Sysname system view Sysna...

Страница 47: ...to the VSI If you remove the gateway interface from the VSI the VSI s subnet settings are automatically deleted For VSIs that share a gateway interface the subnets must be unique Examples Assign subne...

Страница 48: ...Usage guidelines When you delete a VSI interface by using the undo interface vsi interface command the gateway interface setting of the VSI interface is also deleted Examples Create VSI interface 100...

Страница 49: ...t enable dynamic ND entry synchronization Examples Enable dynamic ND entry synchronization for distributed VXLAN IP gateways Sysname system view Sysname ipv6 nd distributed gateway dynamic entry synch...

Страница 50: ...ytes Examples Set the MTU to 1430 bytes for VSI interface 100 Sysname system view Sysname interface vsi interface 100 Sysname Vsi interface100 mtu 1430 shutdown Use shutdown to shut down a VSI interfa...

Страница 51: ...e ARP learning when the controller and VTEPs are synchronizing entries After the entry synchronization is completed use the undo vxlan tunnel arp learning disable command to enable remote ARP learning...

Страница 52: ...L connections Use undo ovsdb server bootstrap ca certificate to restore the default Syntax ovsdb server bootstrap ca certificate ca filename undo ovsdb server bootstrap ca certificate Default SSL uses...

Страница 53: ...ation data from controllers you must enable the OVSDB server Before you enable the OVSDB server you must establish an OVSDB SSL or TCP connection with a minimum of one controller Examples Enable the O...

Страница 54: ...OVSDB SSL connections Sysname system view Sysname ovsdb server pki domain ovsdb_test Related commands ovsdb server bootstrap ca certificate ovsdb server enable ovsdb server pssl ovsdb server ssl ovsdb...

Страница 55: ...r ptcp to restore the default Syntax ovsdb server ptcp port port number undo ovsdb server ptcp Default The device does not listen for OVSDB TCP connection requests Views System view Predefined user ro...

Страница 56: ...port for the SSL connection The value range for the port number argument is 1 to 65535 Usage guidelines Before you use this command you must specify a PKI domain for SSL The device can have a maximum...

Страница 57: ...t active OVSDB TCP connections To establish the connection you must execute the ovsdb server enable command You must disable and then re enable the OVSDB server if it has been enabled Examples Set up...

Страница 58: ...isable Default The ACLs issued by the OVSDB controller are enabled on the device Views System view Predefined user roles network admin Usage guidelines Before you use this command you must use the vte...

Страница 59: ...52 Default The OVSDB VTEP service is disabled Views System view Predefined user roles network admin Examples Enable the OVSDB VTEP service Sysname system view Sysname vtep enable...

Отзывы:

Нет отзывов