manualshive.com logo in svg

H3C S3100 Series, Руководство по управлению

Поделиться
Скачать
H3C S3100 Series Скачать руководство пользователя страница 373

Command Manual (For Soliton) – 802.1x-System Guard 
H3C S3100 Series Ethernet Switches 

Chapter 1  802.1x Configuration Commands

 

1-14 

1.1.10  dot1x port-method 

Syntax 

dot1x

 

port-method

 { 

macbased

 | 

portbased

 } [ 

interface interface-list

 ]

 

undo dot1x

 

port-method

 [ 

interface interface-list

 ] 

View 

System view, Ethernet port view 

Parameter 

macbased

: Performs MAC address-based authentication. 

portbased

: Performs port-based authentication. 

interface-list

: Ethernet port list, in the form of 

interface-list= 

interface-type 

interface-number

 [ 

to

 

interface-type interface-number

 ] } &<1-10>, in which 

interface-type

 specifies the type of an Ethernet port and 

interface-number

 is the 

number of the port. The string “&<1-10>” means that up to 10 port lists

 

can be provided. 

Description 

Use the 

dot1x

 

port-method

 command to specify the access control method for 

specified Ethernet ports. 

Use the 

undo dot1x

 

port-method

 command to revert to the default access control 

method. 

By default, the access control method is 

macbased

.  

This command specifies the way in which the users are authenticated.  

z

 

If you specify to authenticate users by MAC addresses (that is, executing the 

dot1x

 

port-method

 command with the 

macbased

 keyword specified), all the 

users connected to the specified Ethernet ports are authenticated separately. And 

if an online user logs off, others are not affected. 

z

 

If you specify to authenticate supplicant systems by port numbers (that is, 

executing the 

dot1x

 

port-method

 command with the 

portbased

 keyword 

specified), all the users connected to a specified Ethernet port are able to access 

the network without being authenticated if a user among them passes the 

authentication. And when the user logs off, the network is inaccessible to all other 

supplicant systems either. 

z

 

Changing the access control method on a port by the dot1x port-method command 

will forcibly log out the online 802.1x users on the port. 

In system view: 

z

 

If you do not provide the 

interface-list

 argument, these two commands apply to all 

the ports of the switch.  

Содержание S3100 Series

Страница 1: ...H3C S3100 Series Ethernet Switches Command Manual For Soliton Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version 20080928 C 1 02...

Страница 2: ...nnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in...

Страница 3: ...stallation Organization H3C S3100 Series Ethernet Switches Command Manual For Soliton is organized as follows Part Contents 1 CLI Introduces the commands used for switching between the command levels...

Страница 4: ...configuration 18 AAA Introduces the commands used for AAA RADIUS HWTACACS and EAD configuration 19 MAC Address Authentication Introduces the commands used for MAC address authentication configuration...

Страница 5: ...this command manual in an alphabetic order The parts and pages where the commands are described are also given Conventions The manual uses the following conventions I Command conventions Convention De...

Страница 6: ...names menu items data table and field names are inside square brackets For example pop up the New User window Multi level menus are separated by forward slashes For example File Create Folder III Sym...

Страница 7: ...hes Table of Contents i Table of Contents Chapter 1 CLI Configuration Commands 1 1 1 1 CLI Configuration Commands 1 1 1 1 1 command privilege level 1 1 1 1 2 display history command 1 3 1 1 3 super 1...

Страница 8: ...view that the Ethernet switch supports The S3100 series For Soliton support only the CLI views listed in Table 1 1 Table 1 1 Available CLI views for the view argument CLI view Description acl adv Adv...

Страница 9: ...t the level of a specified command in a specified view Use the undo command privilege view command to restore the default Commands fall into four levels visit level 0 monitor level 1 system level 2 an...

Страница 10: ...ay history command View Any view Parameters None Description Use the display history command command to display the history commands of the current user so that the user can check the configurations p...

Страница 11: ...high to low user level switching is unlimited However the low to high user level switching requires the corresponding authentication The authentication mode can be set through the super authentication...

Страница 12: ...r level switching Use the undo super authentication mode command to restore the default By default super password authentication is adopted for low to high user level switching Note that the two authe...

Страница 13: ...vel level cipher simple password undo super password level level View System view Parameters level level User level in the range of 1 to 3 It is 3 by default cipher Stores the password in the configur...

Страница 14: ...figuration By default no such password is set Note that no matter whether a plain text or cipher text password is set users must enter the plain text password during authentication Examples Set the sw...

Страница 15: ...ze 1 13 1 1 11 idle timeout 1 14 1 1 12 ip http shutdown 1 15 1 1 13 lock 1 16 1 1 14 parity 1 17 1 1 15 protocol inbound 1 17 1 1 16 screen length 1 19 1 1 17 send 1 19 1 1 18 service type 1 20 1 1 1...

Страница 16: ...mber to set the local password using the set authentication password command Otherwise AUX users can log in to the switch successfully without password but VTY users will fail the login VTY users must...

Страница 17: ...eme there are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the supported protocol is specified as SSH TCP 22 will be enabled when the supported protoc...

Страница 18: ...telnet level 2 After the configuration when a user logs in to the switch through VTY0 the user must enter the configured username and password 1 1 2 auto execute command Syntax auto execute command te...

Страница 19: ...ysname user interface vty 0 Sysname ui vty0 auto execute command telnet 10 110 100 1 This action will lead to configuration failure through ui vty0 Are you sure Y N y After the above configuration whe...

Страница 20: ...Sysname system view System View return to User View with Ctrl Z Sysname undo copyright info enable After the above configuration no copyright information is displayed after a user logs in as shown bel...

Страница 21: ...bered from 0 to 12 summary Displays the summary information about a user interface Description Use the display user interface command to display the information about a specified user interface or all...

Страница 22: ...a modem is used Privi Available command level Auth Authentication mode Int Physical position of the user interface Super The authentication mode used for a user to switch from the current lower user...

Страница 23: ...user interface is idle The total number of Us and Xs is the total number of user interfaces that are available character mode users U The number of current users that is the number of Us UI never used...

Страница 24: ...es and those in the right sub column are the relative user interface indexes Delay The period in seconds the user interface idles for Type User type Ipaddress The IP address from which the user logs i...

Страница 25: ...r interface Syntax free user interface type number View User view Parameters type User interface type which can be AUX for AUX user interface and VTY for VTY user interface number User interface index...

Страница 26: ...ord is valid only when users are authenticated before they log in to the switch and appears while the switch prompts for user name and password If a user logs in to the switch through Web the banner t...

Страница 27: ...s required In the latter case the shell banner is not displayed z The banner configured with the header legal command is displayed when you enter the user interface If password authentication is enabl...

Страница 28: ...played Copyright c 2004 2008 Hangzhou H3C Tech Co Ltd All rights reserved Without the owner s prior written consent no decompiling or reverse engineering shall be allowed Welcome to legal Press Y or E...

Страница 29: ...meout Syntax idle timeout minutes seconds undo idle timeout View User interface view Parameters minutes Number of minutes This argument ranges from 0 to 35 791 seconds Number of seconds This argument...

Страница 30: ...will be enabled or disabled after corresponding configurations z TCP 80 port is enabled only after you use the undo ip http shutdown command to enable the Web server z If you use the ip http shutdown...

Страница 31: ...ck a user interface press Enter and then enter the password as prompted Note that if you set a password containing more than 16 characters the system matches only the first 16 characters of the passwo...

Страница 32: ...the check mode of the user interface Use the undo parity command to revert to the default check mode By default no check is performed Examples Set to perform even checks Sysname system view System Vi...

Страница 33: ...P 23 will be enabled and TCP 22 will be disabled z If the authentication mode is scheme there are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the sup...

Страница 34: ...length command to revert to the default number of lines By default the terminal screen can contain up to 24 lines You can use the screen length 0 command to disable the function to display information...

Страница 35: ...and to send messages to a user interface or all the user interfaces Examples Send hello to all user interfaces Sysname send all Enter message end with CTRL Z or Enter abort with CTRL C hello Z Send me...

Страница 36: ...and so on The display and debugging commands are at monitor level Commands at this level cannot be saved in configuration files z System level Commands at this level are used to configure services Com...

Страница 37: ...set The password must be in plain text if you specify the simple keyword in the set authentication password command If you specify the cipher keyword the password can be in either cipher text or plain...

Страница 38: ...tax shell undo shell View User interface view Parameters None Description Use the shell command to enable terminal services Use the undo shell command to disable terminal services By default terminal...

Страница 39: ...d 115 200 Description Use the speed command to set the transmission speed of the user interface Use the undo speed command to revert to the default transmission speed By default the transmission speed...

Страница 40: ...terminal emulation utility does not affect the communication between them Examples Set the stop bits to 2 Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 S...

Страница 41: ...en consent no decompiling or reverse engineering shall be allowed SwitchB 1 1 24 telnet ipv6 Syntax telnet ipv6 remote system i interface type interface number port number View User view Parameters re...

Страница 42: ...er interface first number User interface index identifying the first user interface to be configured A user interface index can be relative or absolute z In relative user interface index scheme the ty...

Страница 43: ...and manage which are described as follows z Visit level Commands at this level are used to diagnose network such as the ping tracert and telnet command Commands at this level cannot be saved in config...

Страница 44: ...mmands as listed in the following Sysname User view commands cluster Run cluster command debugging Enable system debugging functions display Display current system information msdp tracert MSDP trace...

Страница 45: ...0 to 3999 for advanced ACLs inbound Applies the ACL for the users Telnetting to the local switch from the current user interface outbound Applies the ACL for the users Telnetting to other devices from...

Страница 46: ...o 80 characters Description Use the free web users command to disconnect a specified Web user or all Web users by force Examples Disconnect all Web users by force Sysname free web users all 2 1 3 ip h...

Страница 47: ...e community The acl number argument ranges from 2000 to 2999 mib view view name Sets the name of the MIB view accessible to the community The view name argument is a string of 1 to 32 characters Descr...

Страница 48: ...authentication Specifies to authenticate SNMP data without encrypting the data privacy Authenticates and encrypts packets read view Name of the view to be set to read only This argument can be of 1 to...

Страница 49: ...ode aes128 des56 priv password acl acl number undo snmp agent usm user v3 user name group name engineid engineid string local View System view Parameters v1 SNMPv1 v2c SNMPv2c v3 SNMPv3 user name User...

Страница 50: ...string of even number of hexadecimal numbers and comprising of 10 to 64 hexadecimal digits Description Use the snmp agent usm user command to add a user to an SNMP group You can also optionally use t...

Страница 51: ...ration File Management Commands 1 1 1 1 File Attribute Configuration Commands 1 1 1 1 1 display current configuration 1 1 1 1 2 display current configuration vlan 1 6 1 1 3 display saved configuration...

Страница 52: ...ext txt in the current directory you can directly input the file name text txt as the file URL 1 1 File Attribute Configuration Commands 1 1 1 display current configuration Syntax display current conf...

Страница 53: ...ar expression z include Displays only the lines that match the regular expression A regular expression also supports some special characters For match rules of the special characters refer to Table 1...

Страница 54: ...rrent configuration command to display the current configuration of a switch After you finish a set of configurations you can execute the display current configuration command to display the parameter...

Страница 55: ...Ethernet1 0 9 interface Ethernet1 0 10 interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface E...

Страница 56: ...splay current configuration include 10 vlan 1 interface Vlan interface1 ip address 192 168 0 241 255 255 255 0 interface Aux1 0 0 interface Ethernet1 0 1 port link aggregation group 1 interface Ethern...

Страница 57: ...n vlan id by linenum View Any view Parameters vlan vlan id VLAN ID in the range 1 to 4094 by linenum Displays configuration information with line numbers Description Use the display current configurat...

Страница 58: ...tion with line numbers Description Use the display saved configuration command to display the initial configuration file of a switch Note that z If the switch starts up without a configuration file th...

Страница 59: ...TE interface Aux1 0 0 interface Ethernet1 0 1 interface Ethernet1 0 2 interface Ethernet1 0 3 interface Ethernet1 0 4 interface Ethernet1 0 5 interface Ethernet1 0 6 interface Ethernet1 0 7 interface...

Страница 60: ...GigabitEthernet1 1 1 interface GigabitEthernet1 1 2 shutdown interface GigabitEthernet1 2 1 interface GigabitEthernet1 2 2 shutdown TOPOLOGYCFG MUST NOT DELETE GLBCFG MUST NOT DELETE interface NULL0...

Страница 61: ...ackup cfg Bootrom access enable state enabled Table 1 2 Description on the fields of the display startup command Field Description Current Startup saved configuration file The configuration file used...

Страница 62: ...played z The configured parameter whose corresponding function does not take effect is not displayed z Execution of this command in any user interface view or VLAN view displays the valid configuratio...

Страница 63: ...configuration file with backup attribute it only erases the backup attribute of a configuration file having both main and backup attribute You may need to erase the configuration file for one of thes...

Страница 64: ...nt configuration to it The file attribute is neither main nor backup z If the cfgfile argument is specified and the file specified by it exists the system will save the current configuration to the sp...

Страница 65: ...next startup Sysname save main The configuration will be written to the device Are you sure Y N y Please input the file name cfg To leave the existing filename unchanged press the enter key 123 cfg N...

Страница 66: ...ation when it restarts Note that If you execute the startup saved configuration command with neither the backup nor the main keyword specified the configuration file identified by the cfgfile argument...

Страница 67: ...1 10 1 2 1 display port 1 10 1 2 2 port 1 10 1 2 3 port access vlan 1 11 1 2 4 port hybrid pvid vlan 1 12 1 2 5 port hybrid vlan 1 13 1 2 6 port link type 1 14 1 2 7 port trunk permit vlan 1 15 1 2 8...

Страница 68: ...rrent VLAN or VLAN interface You can use the description to provide information helping identify the devices or network segment attached to the VLAN or VLAN interface and so on Use the undo descriptio...

Страница 69: ...d VLAN interface or all VLAN interfaces already created if no VLAN interface is specified The output of this command shows the state IP address description and other information of a VLAN interface Yo...

Страница 70: ...of the following z DOWN The protocol state of this VLAN interface is down usually because no IP address is configured z UP The protocol state of this VLAN interface is up IP Sending Frames Format is...

Страница 71: ...Dynamic VLANs refer to VLANs that are generated through GVRP or those distributed by a RADIUS server static Displays the number of static VLANs and the ID of each static VLAN Static VLANs refer to VL...

Страница 72: ...the VLAN interface Description Description of the VLAN Name VLAN name Tagged Ports Ports out of which packets are sent tagged Untagged Ports Ports out of which packets are sent untagged 1 1 4 interfac...

Страница 73: ...w return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 1 1 5 name Syntax name text undo name View VLAN view Parameters text VLAN name a description of 1 to 32 cha...

Страница 74: ...LAN z When all the Ethernet ports in the VLAN are down the VLAN interface of the VLAN is down that is disabled z When one or more Ethernet ports in the VLAN are up the VLAN interface of the VLAN is up...

Страница 75: ...N you want to create or remove in the range of 1 to 4094 to vlan id2 In conjunction with vlan id1 specify a VLAN ID range you want to create or remove The vlan id2 argument takes a value in the range...

Страница 76: ...LAN on the trunk port or hybrid port does not change The port will continue to use the removed VLAN as its default VLAN Examples Create VLAN 5 and enter its VLAN view Sysname system view System View r...

Страница 77: ...mand Examples Display the existing hybrid ports Sysname display port hybrid The following hybrid ports exist Ethernet1 0 1 Ethernet1 0 2 The above information shows the current system has two hybrid p...

Страница 78: ...ation about how to assign to or remove from a VLAN trunk or hybrid ports refer to the port hybrid vlan command and the port trunk permit vlan command For port type configuration refer to the port link...

Страница 79: ...command to remove the access port from the specified VLAN After that the access port joins VLAN 1 automatically Examples Assign Ethernet 1 0 1 to VLAN 3 Sysname system view System View return to User...

Страница 80: ...w return to User View with Ctrl Z Sysname interface ethernet1 0 1 Sysname Ethernet1 0 1 port link type hybrid Sysname Ethernet1 0 1 port hybrid pvid vlan 100 1 2 5 port hybrid vlan Syntax port hybrid...

Страница 81: ...ecified each time does not overwrite those configured before if any The VLAN specified by the vlan id argument must already exist Otherwise this command is invalid Related commands port link type Exam...

Страница 82: ...ist all undo port trunk permit vlan vlan id list all View Ethernet port view Parameters vlan id list List of the VLANs that the current trunk port will be assigned to or removed from In this list you...

Страница 83: ...any Related commands port link type Examples Assign the trunk port Ethernet 1 0 1 to VLAN 2 VLAN 4 and VLAN 50 through VLAN 100 Sysname system view System View return to User View with Ctrl Z Sysname...

Страница 84: ...AN to be transmitted properly Related commands port link type port trunk permit vlan Examples Set the default VLAN ID of the trunk port Ethernet 1 0 1 to 100 Sysname system view System View return to...

Страница 85: ...cify the VLAN ID for which the MAC to VLAN mapping is to be displayed Description Use the display mac vlan command to display MAC to VLAN mappings Examples Display all the MAC to VLAN mappings Sysname...

Страница 86: ...ac vlan all mac address mac addr vlan vlan id View System view Parameters mac addr Specifies a MAC address vlan vlan id Specify a VLAN ID in the range of 1 to 4094 priority priority Specify an 802 1p...

Страница 87: ...a link aggregation member port z You cannot enable MAC based VLAN on a port configured with VLAN VPN or selective QinQ By default MAC based VLAN is disabled Examples Enable MAC based VLAN on GigabitEt...

Страница 88: ...display protocol vlan interface command to display information about protocol based VLANs and protocol templates for the specified port s Related commands port hybrid protocol vlan vlan protocol vlan...

Страница 89: ...s a value in the range of 1 to 4094 and must not be less than that of vlan id1 all Displays all protocol VLANs and their protocol template information Description Use the display protocol vlan vlan co...

Страница 90: ...emplate must have been configured for the VLAN protocol index Specifies a protocol template in the range of 0 to 15 to protocol index end In conjunction with protocol index specify a protocol index ra...

Страница 91: ...emplate the system will report operation failure if the index of the specified protocol to be removed does not exist If a part of the specified protocol indexes to be removed do not exist the switch w...

Страница 92: ...packet The etype id argument indicates the protocol type value and ranges from 0x0600 to 0xFFFF protocol index Beginning protocol index ranging from 0 to 4 If you do not specify this argument the beg...

Страница 93: ...and assign IP packets to VLAN 3 for transmission Sysname system view System View return to User View with Ctrl Z Sysname vlan 3 Sysname vlan3 protocol vlan ip Caution Because the IP protocol is closel...

Страница 94: ...face brief 1 4 1 1 5 display ip routing table 1 5 1 1 6 display ip routing table acl 1 7 1 1 7 display ip routing table ip address 1 10 1 1 8 display ip routing table ip address1 ip address2 1 11 1 1...

Страница 95: ...Use the delete static routes all command to delete all static routes The system will request your confirmation before it deletes all the configured static routes Related command ip route static and di...

Страница 96: ...tate DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 000f e256 ae10 Internet Address is 192 168 0 39 24 Primary Description Vlan interface1 Interface The Maximum Transmit Unit is 1...

Страница 97: ...lan interface1 current state UP Line protocol current state UP Internet Address is 192 168 0 39 24 Primary Broadcast address 192 168 0 255 The Maximum Transmit Unit 1500 bytes IP packets input number...

Страница 98: ...ets total bytes and multicast packets TTL invalid packet number Number of received packets with TTL errors ICMP packet input number Number of received ICMP messages Echo reply Echo replies Unreachable...

Страница 99: ...168 0 39 up up Vlan inte Table 1 3 Description on fields of the display ip interface brief command Field Description down The interface is administratively shut down with the shutdown command s Spoof...

Страница 100: ...with the items of a routing entry contained in one line The information displayed includes destination IP address mask length protocol preference cost next hop and outbound interface The display ip ro...

Страница 101: ...mand displays the routes that match a specified basic ACL you can use it to trace routing policies Example Display the summary information about the active routes that match ACL 2000 Sysname system vi...

Страница 102: ...Vlan interface1 State Int ActiveU Gateway Static Unicast Age 1 48 18 Cost 0 0 Table 1 5 Description on the fields of the display ip routing table acl command Field Description Destination Destination...

Страница 103: ...ion For details refer to corresponding routing protocols Int The route is discovered by the internal gateway protocol IGP NoAdvise The route is not advertised when the router advertises routes based o...

Страница 104: ...ip routing table ip address command to display the information about the routes leading to a specified destination The output information of this command differs with the arguments keywords specified...

Страница 105: ...ActiveU Gateway Static Unicast Age 32 31 Cost 0 0 Refer to Table 1 5 for the description on the output fields 1 1 8 display ip routing table ip address1 ip address2 Syntax display ip routing table ip...

Страница 106: ...he output fields 1 1 9 display ip routing table protocol Syntax display ip routing table protocol protocol inactive verbose View Any view Parameter protocol This argument can be one of the following z...

Страница 107: ...routing table Sysname display ip routing table protocol static STATIC Routing tables Summary count 1 STATIC Routing table status active Summary count 1 Destination Mask Protocol Pre Cost Nexthop Inte...

Страница 108: ...tistics Syntax display ip routing table statistics View Any view Parameter None Description Use the display ip routing table statistics command to display the statistics of a routing table The statist...

Страница 109: ...routes with deleted flags this type of routes will be removed after a period of time Total Total numbers of various routes 1 1 12 display ip routing table verbose Syntax display ip routing table verbo...

Страница 110: ...the statistics information about the routing table Table 1 8 Description on the fields of the display ip routing table verbose command Field Description Holddown Number of the routes that are held do...

Страница 111: ...interface view Sysname system view System View return to User View with Ctrl Z Sysname vlan 10 Sysname vlan10 quit Sysname management vlan 10 Sysname interface Vlan interface 10 Sysname Vlan interfac...

Страница 112: ...er Next hop outgoing interface Currently you can specify a NULL interface only A null interface is a virtual interface Packets destined for a null interface are discarded helping to reduce system load...

Страница 113: ...if neither of the reject and blackhole keywords is specified Note the following when configuring a static route z The next hop address of a static route cannot be the VLAN interface address of the loc...

Страница 114: ...et ip routing table statistics protocol command to clear the statistics of routes in a routing table Example Before executing the reset ip routing table statistics protocol command use the display ip...

Страница 115: ...ment VLAN H3C S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration Commands 1 21 DIRECT 4 4 0 0 STATIC 0 0 0 0 Total 4 4 0 0 The above information shows that the routing statistics i...

Страница 116: ...ommands 2 1 2 1 1 display fib 2 1 2 1 2 display fib ip address 2 2 2 1 3 display fib acl 2 3 2 1 4 display fib 2 4 2 1 5 display fib statistics 2 5 2 1 6 display icmp statistics 2 5 2 1 7 display ip s...

Страница 117: ...n about a specified or all Layer 3 interfaces If no argument is specified information about all Layer 3 interfaces is displayed Examples Display information about VLAN interface 1 Sysname display ip i...

Страница 118: ...r 9678 bytes 475001 multicasts 7 IP packets output number 8622 bytes 391084 multicasts 0 Total number of packets bytes and multicast packets forwarded and received on the interface TTL invalid packet...

Страница 119: ...e interface type and interface number specified it displays information about the specified interface Related commands display ip interface Examples Display brief information about VLAN interface 1 Sy...

Страница 120: ...View VLAN interface view loopback interface view Parameters ip address IP address in dotted decimal notation mask Subnet mask in dotted decimal notation mask length Subnet mask length the number of co...

Страница 121: ...r 1 IP Address Configuration Commands 1 5 Examples Assign the IP address 129 12 0 1 to VLAN interface 1 with subnet mask 255 255 255 0 Sysname system view System View return to User View with Ctrl Z S...

Страница 122: ...command to display all forwarding information base FIB information Examples Display all FIB information Sysname display fib Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Eq...

Страница 123: ...dress Syntax display fib ip address1 mask1 mask length1 ip address2 mask2 mask length2 longer longer View Any view Parameters ip address1 ip address2 Destination IP addresses in dotted decimal notatio...

Страница 124: ...Entry Count 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeStamp Interface 12 158 10 0 24...

Страница 125: ...ched by access list 2001 Summary Counts 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeSt...

Страница 126: ...ning the string 169 254 0 0 Sysname display fib begin 169 254 0 0 169 254 0 0 16 2 1 1 1 U t 0 Vlan interface1 2 0 0 0 16 2 1 1 1 U t 0 Vlan interface1 For details about the displayed information see...

Страница 127: ...set ip statistics Examples Display the statistics about ICMP packets Sysname display icmp statistics Input bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 ech...

Страница 128: ...er of received time stamp packets information request Number of received information request packets mask requests Number of received mask requests mask replies Number of received mask replies Input t...

Страница 129: ...6 LA 0 0 0 0 23 FA 0 0 0 0 0 sndbuf 8192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_PRIV SS_ASYNC Task VTYD 18 socketid 2 Proto...

Страница 130: ...cc Current data size in the receiving buffer socket option Option of a socket socket state State of a socket 2 1 8 display ip statistics Syntax display ip statistics View Any view Parameters None Desc...

Страница 131: ...kets with incorrect header format that contains a wrong version or has a header length less than 20 bytes bad checksum Total number of packets with incorrect checksum Input bad options Total number of...

Страница 132: ...packets Total 753 packets in sequence 412 11032 bytes window probe packets 0 window update packets 0 checksum error 0 offset error 0 short error 0 duplicate packets 4 88 bytes partially duplicate pack...

Страница 133: ...be packets Number of window probe packets received window update packets Number of window update packets received checksum error Number of checksum error packets received offset error Number of offset...

Страница 134: ...timeouts connections dropped in retransmitted timeout Number of connections broken due to retransmission timeouts Keepalive timeout Number of keepalive timer timeouts keepalive probe Number of keepali...

Страница 135: ...Connection TCPCB Local Add port Foreign Add port State 03e37dc4 0 0 0 0 4001 0 0 0 0 0 Listening 04217174 100 0 0 204 23 100 0 0 253 65508 Established Table 2 6 Description on the fields of the displ...

Страница 136: ...7187 Table 2 7 Description on the fields of the display udp statistics command Field Description Total Total number of received UDP packets checksum error Total number of packets with incorrect checks...

Страница 137: ...send command to disable the device from sending ICMP redirection packets By default the device is enabled to send ICMP redirection packets Examples Disable the device from sending ICMP redirection pac...

Страница 138: ...nreachable packets Examples Disable the device from sending ICMP destination unreachable packets Sysname system view System View return to User View with Ctrl Z Sysname undo icmp unreach send 2 1 14 r...

Страница 139: ...kets Sysname reset tcp statistics 2 1 16 reset udp statistics Syntax reset udp statistics View User view Parameters None Description Use the reset udp statistics command to clear the statistics about...

Страница 140: ...value of the TCP finwait timer to 800 seconds Sysname system view System View return to User View with Ctrl Z Sysname tcp timer fin timeout 800 2 1 18 tcp timer syn timeout Syntax tcp timer syn timeo...

Страница 141: ...ilobytes KB in the range of 1 to 32 Description Use the tcp window command to configure the size of the transmission and receiving buffers of the connection oriented socket Use the undo tcp window com...

Страница 142: ...VLAN Configuration Commands 1 1 1 1 1 display voice vlan error info 1 1 1 1 2 display voice vlan oui 1 1 1 1 3 display voice vlan status 1 2 1 1 4 display vlan 1 3 1 1 5 voice vlan 1 4 1 1 6 voice vl...

Страница 143: ...Description Use the display voice vlan error info command to display the ports on which the voice VLAN function fails to be enabled Note When ACL number applied to a port reaches to its threshold voi...

Страница 144: ...e OUI list for the voice VLAN Sysname display voice vlan oui Oui Address Mask Description 0003 6b00 0000 ffff ff00 0000 Cisco phone 000f e200 0000 ffff ff00 0000 H3C Aolynk phone 00d0 1e00 0000 ffff f...

Страница 145: ...status of global voice VLAN function enabled or disabled Voice Vlan ID The VLAN which is currently enabled with voice VLAN Voice Vlan security mode The status of voice VLAN security mode enabled or d...

Страница 146: ...suming that the current voice VLAN is VLAN 6 Sysname display vlan 6 VLAN ID 6 VLAN Type static Route Interface not configured Description VLAN 0006 Name VLAN 0006 Tagged Ports Ethernet1 0 5 Untagged P...

Страница 147: ...he voice vlan enable command Caution z If you want to delete a VLAN with voice VLAN function enabled you must disable the voice VLAN function first z The voice VLAN function can be enabled for only on...

Страница 148: ...o the voice VLAN statically When setting the voice VLAN aging timer consider the usage frequency of IP phones Note that z A large voice VLAN aging timer setting can prevent a port from being assigned...

Страница 149: ...is disabled on all ports To have the voice VLAN function take effect on a port you must enable it both globally and on the port Note that the operations are order independent Note Voice VLAN is not s...

Страница 150: ...y function is disabled Examples Enable the voice VLAN legacy function on Ethernet1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet...

Страница 151: ...fined OUI addresses in Table 1 2 You can modify them with the voice vlan mac address command The OUI list can contain up to 16 OUI address entries Table 1 2 Default OUI addresses of a switch Number OU...

Страница 152: ...AN tag If the port has not received any voice data before the voice VLAN aging timer expires the port is removed from the voice VLAN automatically By default an Ethernet port works in automatic voice...

Страница 153: ...curity mode the ports in a voice VLAN and with voice devices attached to can only forward voice data Data packets with their MAC addresses not among the OUI addresses that can be identified by the sys...

Страница 154: ...mmands 1 1 1 1 GARP Configuration Commands 1 1 1 1 1 display garp statistics 1 1 1 1 2 display garp timer 1 2 1 1 3 garp timer 1 3 1 1 4 garp timer leaveall 1 5 1 1 5 reset garp statistics 1 6 1 2 GVR...

Страница 155: ...t exceed 10 Description Use the display garp statistics command to display the GARP statistics of the specified or all ports If the interface interface list keyword argument combination is not specifi...

Страница 156: ...r interface interface list View Any view Parameters interface list Specifies a list of Ethernet ports of which the GARP timer settings are to be displayed In this list you can specify individual ports...

Страница 157: ...ds 1 1 3 garp timer Syntax garp timer hold join leave timer value undo garp timer hold join leave View Ethernet port view Parameters hold Sets the GARP Hold timer join Sets the GARP Join timer leave S...

Страница 158: ...timeout time of the Hold timer You can change the threshold by changing the timeout time of the Hold timer This upper threshold is less than one half of the timeout time of the Leave timer You can cha...

Страница 159: ...nt with the Leave timer settings of other Ethernet ports as references That is this argument needs to be larger than the Leave timer settings of any Ethernet ports Also note that this argument needs t...

Страница 160: ...number1 to interface type interface number2 with interface number2 taking a value greater than interface number1 The total number of individual ports and port ranges defined in the list must not excee...

Страница 161: ...te that this command displays GVRP statistics only on the trunk ports included in the list Statistics on non trunk ports will not be displayed Description Use the display gvrp statistics command to di...

Страница 162: ...Description Use the gvrp command to enable GVRP globally in system view or for a port in Ethernet port view Use the undo gvrp command to disable GVRP globally in system view or on a port in Ethernet p...

Страница 163: ...n GVRP registration mode A port operating in this mode cannot register or deregister VLAN information dynamically It permits only VLAN 1 that is it propagates only the information about VLAN 1 to the...

Страница 164: ...Command Manual For Soliton GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Commands 1 10 Sysname Ethernet1 0 1 gvrp registration fixed...

Страница 165: ...1 19 1 1 13 flow interval 1 20 1 1 14 flow control 1 20 1 1 15 interface 1 21 1 1 16 jumboframe enable 1 22 1 1 17 link delay 1 23 1 1 18 loopback 1 24 1 1 19 loopback detection control enable 1 24 1...

Страница 166: ...of 1 and defaults to 100 The smaller the ratio is the less broadcast traffic is allowed max bps Maximum number in Kbps of broadcast traffic that can be received per second on an Ethernet port in step...

Страница 167: ...the Traffic Policing enabled broadcast suppression function cannot be enabled either on System view or Ethernet port view Refer to the QoS part for information about Traffic Policing Example Allow inc...

Страница 168: ...uses the port with the smallest port number in the aggregation group as the source z If you specify a destination aggregation group ID the configuration of the source port will be copied to all ports...

Страница 169: ...be copied the system will print the error message Note z Any aggregation group port you input in the destination port list will be removed from the list and the copy command will not take effect on t...

Страница 170: ...is defined for a port You can use the display brief interface command to display the configured description Example Set description string lanswitch interface for the Ethernet1 0 1 port Sysname syste...

Страница 171: ...e command to display the brief configuration information about one or all interfaces including interface type link state link rate duplex attribute link type default VLAN ID and description string Not...

Страница 172: ...Description Port description string The state of an Ethernet port can be UP DOWN or ADMINISTRATIVELY DOWN The following table shows the port state transitions Table 1 2 Port state transitions Initial...

Страница 173: ...he Ethernet1 0 1 port Sysname display interface ethernet1 0 1 Ethernet1 0 1 current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 0012 a990 2240 Media type is twisted pair...

Страница 174: ...mode full duplex mode Current speed mode and duplex mode Link speed type is force link link duplex type is force link Link speed and duplex status force or auto negotiation Flow control is enabled St...

Страница 175: ...em is not supported Input total 0 packets 0 bytes 0 broadcasts 0 multicasts pauses Count in packets and in bytes of total incoming traffic on the port including incoming normal packets abnormal packet...

Страница 176: ...l packets including z Fragments CRC error frames of less than 64 bytes integer or non integer z Jabber frames CRC error frames of more than 1518 bytes if untagged or 1522 bytes if tagged integer or no...

Страница 177: ...ut queue which is a rare hardware error buffer failures The number of packets dropped due to insufficient transmit buffer on the port aborts The number of transmission failures due to various reasons...

Страница 178: ...red delay Related commands link delay Examples Display the information about the ports with the link delay command configured Sysname display link delay Interface Time Delay Ethernet1 0 5 8 1 1 7 disp...

Страница 179: ...1 system Loopback detection is running Loopback detection is enabled globally Detection interval time is 30 seconds Time interval for loopback detection is 30 seconds There is no port existing loopba...

Страница 180: ...face number begin exclude include regular expression View Any view Parameters interface type Port type interface number Port number Uses a regular expression to filter the output configuration informa...

Страница 181: ...en the broadcast multicast unicast traffic exceeds the upper threshold which can be block or shutdown Status Current status of the port which can be normal or control Trap on trap information is outpu...

Страница 182: ...k link duplex type is force link Flow control is enabled The Maximum Frame Length is 9216 Broadcast MAX pps 500 Unicast MAX ratio 100 Multicast MAX ratio 100 Allow jumbo frame to pass PVID 1 Mdi type...

Страница 183: ...1 1 11 duplex Syntax duplex auto full half undo duplex View Ethernet port view Parameter auto Sets the port to auto negotiation mode full Sets the port to full duplex mode half Sets the port to half d...

Страница 184: ...wn command or the undo shutdown command on Ethernet 1 0 1 and the system outputs Up Down log information of Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname inter...

Страница 185: ...onds When you use the display interface interface type interface number command to display the information of a port the system performs statistical analysis on the traffic flow passing through the po...

Страница 186: ...emporarily the peer switch will stop sending packets to the local switch or reduce the sending rate temporarily when it receives the message and vice versa By this way packet loss is avoided and the n...

Страница 187: ...ew Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 1 1 16 jumboframe enable Syntax jumboframe enable undo jumboframe enable View...

Страница 188: ...is argument is in the range 2 to 10 in seconds Description Use the link delay command to set the port state change delay Use the undo link delay command to restore the default By default the port stat...

Страница 189: ...hardware failures on the port internal Performs internal loop test In the internal loop test self loop is established in the switching chip to locate the chip failure which is related to the port Desc...

Страница 190: ...remove the corresponding MAC forwarding entry After the loop is removed the port will automatically resume the normal forwarding state z With the function disabled on the trunk or hybrid port the syst...

Страница 191: ...e access port the port will automatically resume the normal forwarding state after the loop is removed 2 If a loop is found on a trunk or hybrid port the system sends log messages to the terminal If y...

Страница 192: ...interface list enable undo loopback detection interface list enable View System view Parameter interface list Ethernet port list in the form of interface list interface type interface number to interf...

Страница 193: ...ime time undo loopback detection interval time View System view Parameter time Time interval for loopback detection in the range of 5 to 300 in seconds It is 30 seconds by default Description Use the...

Страница 194: ...on the default VLAN of the trunk or hybrid port Note that the command is invalid for any access port Example Configure the system to run loopback detection on all VLANs of the trunk port Ethernet1 0 1...

Страница 195: ...d the port is still in the normal forwarding state By default the loopback port auto shutdown function is enabled on ports if the device boots with the default configuration file config def if the dev...

Страница 196: ...s operating in different MDI modes use a straight through cable Description Use the mdi command to set the MDI mode for a port Use the undo mdi command to restore the default setting By default a port...

Страница 197: ...ceeds the traffic threshold you set the system drops the packets exceeding the threshold to reduce the unknown multicast and unknown unicast traffic ratio to the reasonable range so as to keep normal...

Страница 198: ...and to remove specified Ethernet interface s from a port group By default a port group is empty that is there is no Ethernet interface in it Note A port can not be added to a port group if it has been...

Страница 199: ...ls about the parameters see the parameter description of the interface command Description Use the reset counters interface command to clear the statistics of the port preparing for a new statistics c...

Страница 200: ...wo ports forming a combo port The one in active state is currently enabled and the one in inactive state is currently disabled For the two ports forming a combo port executing the shutdown command on...

Страница 201: ...et the speed of Ethernet 1 0 1 to 10 Mbps Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 speed 10 1 1 32 storm constrain Syntax...

Страница 202: ...System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 storm constrain broadcast 100 10 pps 1 1 33 storm constrain control Syntax storm constrain control b...

Страница 203: ...can execute the undo shutdown command or the undo storm constrain all broadcast multicast command Related commands display storm constrain storm constrain Examples Set the control action on Ethernet...

Страница 204: ...s below the lower threshold Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 undo storm constrain enable log 1 1 35 storm constrai...

Страница 205: ...play the results The system can test these attributes of the cable Cable status including normal abnormal abnormal open abnormal short and failure Cable length Note z If the cable is in normal state t...

Страница 206: ...ms that are currently not supported is displayed in the corresponding output fields Example Enable the system to test the cable connected to Ethernet1 0 1 Sysname system view System View return to Use...

Страница 207: ...ands 1 1 1 1 1 display link aggregation interface 1 1 1 1 2 display link aggregation summary 1 2 1 1 3 display link aggregation verbose 1 3 1 1 4 display lacp system id 1 5 1 1 5 lacp enable 1 5 1 1 6...

Страница 208: ...e interface number argument pairs around it as the two ends Description Use the display link aggregation interface command to display the link aggregation details about a specified port or port range...

Страница 209: ...ation about the remote end System ID Remote device ID Port number Port number Received LACP Packets 0 packet s Illegal 0 packet s Sent LACP Packets 0 packet s Statistics about received invalid and sen...

Страница 210: ...dynamic S for static and M for manual Loadsharing Type Load sharing type Shar for load sharing and NonS for non load sharing Actor ID Local device ID AL ID Aggregation group ID AL Type Aggregation gr...

Страница 211: ...in the information about the peer ports displayed are all 0 instead of the actual values Example Display the details about aggregation group 1 Sysname display link aggregation verbose 1 Loadsharing Ty...

Страница 212: ...AggregationType Aggregation group type System ID Device ID Port Status Port status including selected and unselected 1 1 4 display lacp system id Syntax display lacp system id View Any view Parameter...

Страница 213: ...em View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 lacp enable 1 1 6 lacp port priority Syntax lacp port priority port priority undo lacp port priority View...

Страница 214: ...acp system priority View System view Parameter system priority System priority ranging from 0 to 65 535 Description Use the lacp system priority command to set the system priority Use the undo lacp sy...

Страница 215: ...fter system reboot the configuration concerning manual and static aggregation groups and their descriptions still exists but that of the dynamic aggregation groups and their descriptions gets lost You...

Страница 216: ...roup 22 mode manual 1 1 10 port link aggregation group Syntax port link aggregation group agg id undo port link aggregation group View Ethernet port view Parameter agg id Aggregation group ID in the r...

Страница 217: ...r View User view Parameter interface type Port type interface number Port number to Specifies a port index range with the two interface type interface number argument pairs around it as the two ends D...

Страница 218: ...solation H3C S3100 Series Ethernet Switches Table of Contents i Table of Contents Chapter 1 Port Isolation Configuration Commands 1 1 1 1 Port Isolation Configuration Commands 1 1 1 1 1 display isolat...

Страница 219: ...None Description Use the display isolate port command to display the Ethernet ports assigned to the isolation group Example Display information about the Ethernet ports added to the isolation group S...

Страница 220: ...taneously removing a port from the aggregation group has no effect on the other ports That is the rest ports remain in the aggregation group and the isolation group z Ports that belong to an aggregati...

Страница 221: ...ac address security 1 6 1 1 4 port security enable 1 7 1 1 5 port security intrusion mode 1 8 1 1 6 port security authorization ignore 1 11 1 1 7 port security max mac count 1 12 1 1 8 port security n...

Страница 222: ...ber of matching security MAC addresses Description Use the display mac address security command to display security MAC address entries If no argument is specified the command displays information abo...

Страница 223: ...security MAC address entries for VLAN 1 Sysname display mac address security vlan 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 0000 0000 0001 1 Security Ethernet1 0 20 NOAGED 0000 0000 0002 1 Secu...

Страница 224: ...h interface number2 taking a value greater than interface number1 The total number of individual ports and port ranges defined in the list must not exceed 10 Description Use the display port security...

Страница 225: ...isplay the port security configurations of ports Ethernet 1 0 1 to Ethernet 1 0 3 Sysname display port security interface Ethernet 1 0 1 to Ethernet 1 0 3 Ethernet1 0 1 is link up Port mode is AutoLea...

Страница 226: ...ding of MAC based authentication success trap messages is enabled RALM logoff trap is Enabled The sending of logoff trap messages for MAC based authenticated users is enabled RALM logfailure trap is E...

Страница 227: ...ce type interface number Specify the port on which the security MAC address is to be added The interface type interface number arguments indicate the port type and port number vlan vlan id Specify the...

Страница 228: ...rt security max mac count 100 Sysname Ethernet1 0 1 port security port mode autolearn Sysname Ethernet1 0 1 mac address security 0001 0001 0001 vlan 1 Use the display mac address interface command to...

Страница 229: ...Enable port security Sysname system view System View return to User View with Ctrl Z Sysname port security enable Notice The port control of 802 1x will be restricted to auto when port security is en...

Страница 230: ...ackets with invalid MAC addresses The following cases can trigger intrusion protection on a port z A packet with unknown source MAC address is received on the port while MAC address learning is disabl...

Страница 231: ...num is 2 Stored mac address num is 2 Authorization is permit For description on the output information refer to Table 1 2 Configure the intrusion protection mode on Ethernet 1 0 1 as disableport temp...

Страница 232: ...he authorization information delivered by the RADIUS server Use the undo port security authorization ignore command to restore the default configuration By default the port uses does not ignore the au...

Страница 233: ...the port Use the undo port security max mac count command to cancel this limit By default there is no limit on the number of MAC addresses allowed on the port Note By configuring the maximum number o...

Страница 234: ...ithbroadcasts Allows the port to transmit broadcast packets and unicast packets with successfully authenticated destination MAC addresses ntk withmulticasts Allows the port to transmit multicast packe...

Страница 235: ...the system will take the first 24 bits as the OUI value and ignore the rest index value OUI index ranging from 1 to 16 Note The organizationally unique identifiers OUIs are assigned by the IEEE to di...

Страница 236: ...t mode View Ethernet port view Parameters Table 1 3 shows the description on the security mode keywords Table 1 3 Keyword description Keyword Security mode Description autolearn autolearn In this mode...

Страница 237: ...the macAddressElseUserLoginSecure mode except that in this mode there can be more than one 802 1x authenticated user on the port secure secure In this mode MAC address learning is disabled on the cur...

Страница 238: ...d user on the port userlogin s ecure or ma c ext macAddressOr UserLoginSecu reExt This mode is similar to the macAddressOrUserLoginSecure mode except that in this mode there can be more than one 802 1...

Страница 239: ...t mode command to change it back to noRestriction before you change the port security mode to other modes On a port configured with a security mode you cannot do the following z Configure the maximum...

Страница 240: ...otection mode on Ethernet 1 0 1 to disableport temporarily It is required that when intrusion protection is triggered the port be shut down temporarily and then go up 30 seconds later Sysname system v...

Страница 241: ...port security trap command to enable the sending of specified type s of trap messages Use the undo port security trap command to disable the sending of specified type s of trap messages By default th...

Страница 242: ...splay port security Equipment port security is enabled Intrusion trap is Enabled Disableport Timeout 20 s OUI value Ethernet1 0 1 is link down Port mode is AutoLearn NeedtoKnow mode is needtoknowonly...

Страница 243: ...ip addr ip address View System view Ethernet port view Parameters interface interface type interface number Specify the port to be bound The interface type interface number arguments specify the port...

Страница 244: ...ess 10 153 1 2 supposing they are MAC and IP addresses of a legal user to Ethernet 1 0 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 2 Sysname Etherne...

Страница 245: ...s Sysname display am user bind Following User address bind have been configured Mac IP Port 00e0 fc00 5101 10 153 1 1 Ethernet1 0 1 00e0 fc00 5102 10 153 1 2 Ethernet1 0 2 Unit 1 Total 2 found 2 liste...

Страница 246: ...ntents Chapter 1 DLDP Configuration Commands 1 1 1 1 DLDP Configuration Commands 1 1 1 1 1 display dldp 1 1 1 1 2 dldp 1 2 1 1 3 dldp authentication mode 1 3 1 1 4 dldp interval 1 4 1 1 5 dldp reset 1...

Страница 247: ...ion Use the display dldp command to display the DLDP configuration of a unit or a port Example Display the DLDP configuration of unit 1 Sysname display dldp 1 dldp interval 10 dldp work mode enhance d...

Страница 248: ...he port number of unit 1 with DLDP Number of the DLDP enabled ports on unit 1 interface GigabitEthernet1 1 1 Port type and port number dldp port state DLDP state of a port dldp link state DLDP link st...

Страница 249: ...tead of those added subsequently Example Enable DLDP for all the optical ports of the switch Sysname system view System View return to User View with Ctrl Z Sysname dldp enable 1 1 3 dldp authenticati...

Страница 250: ...tion mode and password are set on both the local port and the peer port Otherwise DLDP authentication fails z DLDP cannot work before DLDP authentication succeeds Related command dldp unidirectional s...

Страница 251: ...n all the DLDP enabled ports z It is recommended that you set the interval shorter than one third of the STP convergence time usually 30 seconds If too long an interval is set an STP loop may occur be...

Страница 252: ...unidirectional shutdown auto manual undo dldp unidirectional shutdown View System view Parameter auto Disables automatically the corresponding port when DLDP detects an unidirectional link or finds in...

Страница 253: ...are aging normal Configures DLDP to work in normal mode In this mode DLDP does not detect whether neighbors exist when neighbor tables are aging Description Use the dldp work mode command to set the...

Страница 254: ...own timer command to restore the default delaydown timer setting By default the DelayDown timer is set to 1 second A period of 5 seconds is recommended Note When a device in the active advertisement o...

Страница 255: ...ss Table Management Configuration Commands 1 1 1 1 MAC Address Table Management Configuration Commands 1 1 1 1 1 display mac address aging time 1 1 1 1 2 display mac address 1 2 1 1 3 display port mac...

Страница 256: ...Address Table Management Configuration Commands 1 1 1 display mac address aging time Syntax display mac address aging time View Any view Parameters None Description Use the display mac address aging...

Страница 257: ...splays information about dynamic static or blackhole MAC address entries interface interface type interface number vlan vlan id count Displays information about the MAC address entries concerning a sp...

Страница 258: ...TATE PORT INDEX AGING TIME s 000f e20f 0101 1 Learned Ethernet1 0 1 AGING Display the MAC address entries for the port Ethernet 1 0 4 Sysname display mac address interface Ethernet 1 0 4 MAC ADDR VLAN...

Страница 259: ...entry PORT INDEX Outgoing port out of which the traffic destined for the MAC address should be sent AGING TIME s Indicates whether the MAC address entry is aging AGING indicates that the entry is agi...

Страница 260: ...outgoing port by its type and number for the MAC address All traffic destined for the MAC address will be sent out the port vlan id Specifies a VLAN ID in the range of 1 to 4094 The VLAN must already...

Страница 261: ...ttributes of the corresponding MAC address entry according to your settings in the command You can remove all unicast MAC address entries on a port or remove a specific type of MAC address entries suc...

Страница 262: ...hout the number limitation By default no number limitation is set to the port for MAC address learning To prevent illegal devices from accessing the network through a port you can configure static MAC...

Страница 263: ...mmand to set the MAC address aging timer Use the undo mac address timer command to restore the default The default MAC address aging timer is 300 seconds The timer applies only to dynamic address entr...

Страница 264: ...rt mac View System view Parameters start mac address Start MAC address for the Ethernet ports on the switch in the format of H H H It must be a valid unicast address Description Use the port mac comma...

Страница 265: ...p bpdu protection 1 16 1 1 15 stp bridge diameter 1 16 1 1 16 stp compliance 1 17 1 1 17 stp config digest snooping 1 19 1 1 18 stp cost 1 20 1 1 19 stp dot1d trap 1 21 1 1 20 stp edged port 1 23 1 1...

Страница 266: ...7 1 1 42 stp portlog all 1 47 1 1 43 stp priority 1 48 1 1 44 stp region configuration 1 49 1 1 45 stp root primary 1 50 1 1 46 stp root secondary 1 51 1 1 47 stp root protection 1 52 1 1 48 stp tc pr...

Страница 267: ...itter caused by the configuration multiple spanning tree protocol MSTP does not recalculate spanning trees immediately after the configuration it does this only after you activate the new MST region r...

Страница 268: ...ives the BPDU packets it will forward them to other switches As a result STP calculation is performed repeatedly which may occupy too much CPU of the switches or cause errors in the protocol state of...

Страница 269: ...region related parameters mentioned above are not consistent with those of another switch in the region The H3C series support only the MST region name VLAN to MSTI mapping table and revision level Sw...

Страница 270: ...rface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument slot slot number Specifies a slot whose STP related...

Страница 271: ...BPDUs that the port can send the maximum transmitting speed type of the enabled guard function state of the digest snooping feature enabled or disabled VLAN mappings hello time max age forward delay M...

Страница 272: ...2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root ERPC 32768 000f cb00 6600 200 CIST RegRoot IRPC 32768 00e0 fc12 4001 0 CIST RootPortId 128 22 BPDU Protection disabled TC Protection enabled Threshold 6 Br...

Страница 273: ...can remove the MAC address table and ARP entries within each 10 seconds Bridge Config Digest Snooping Indicates whether Digest Snooping is enabled globally on the bridge TC or TCN received Number of...

Страница 274: ...indicates the configured value and Active indicates the actual value Port Config Digest Snooping Indicates whether digest snooping is enabled on the port Num of Vlans Mapped Number of VLANs mapped to...

Страница 275: ...as been blocked Block Reason The function blocking the port 1 1 6 display stp portdown Syntax display stp portdown View Any view Parameters None Description Use the display stp portdown command to dis...

Страница 276: ...pings configured for the switch Related commands stp region configuration Examples Display the configuration of the MST region Sysname display stp region configuration Oper Configuration Format select...

Страница 277: ...Bridge ID ExtPathCost IntPathCost Root Port 0 32768 00e0 fc53 d908 0 200 Ethernet1 0 18 Table 1 7 Description on the fields of the display stp root command Field Description MSTID MSTI ID in the MST r...

Страница 278: ...the undo instance command all VLANs that are mapped to the specified MSTI are remapped to the CIST By default all VLANs are mapped to the CIST VLAN to MSTI mappings are recorded in the VLAN to MSTI m...

Страница 279: ...s to Related commands instance revision level check region configuration vlan mapping modulo active region configuration Examples Set the MST region name of the switch to hello Sysname system view Sys...

Страница 280: ...cs on Ethernet 1 0 1 through Ethernet 1 0 3 Sysname reset stp interface Ethernet 1 0 1 to Ethernet 1 0 3 1 1 12 revision level Syntax revision level level undo revision level View MST region view Para...

Страница 281: ...globally or on a port By default MSTP is disabled After MSTP is enabled the actual operating mode which can be STP compatible mode RSTP compatible mode or MSTP mode is determined by the user defined p...

Страница 282: ...ts to implement rapid transition But they resume non edge ports automatically upon receiving configuration BPDUs which causes spanning trees recalculation and network topology jitter Normally no confi...

Страница 283: ...he network diameter is 7 After you configure the network diameter of a switched network MSTP adjusts its hello time forward delay and max age settings accordingly With the network diameter set to the...

Страница 284: ...automatically determines the format legacy or dot1s of received MSTP packets and then determines the format of the packets to be sent accordingly thus communicating with the peer devices z If the form...

Страница 285: ...ame MST region by checking the configuration IDs of the BPDUs between them A configuration ID contains information such as region ID and configuration digest As some other manufacturers switches adopt...

Страница 286: ...itch adopting proprietary spanning tree protocols must be configured with exactly the same MST region related configurations including region name revision level and VLAN to MSTI mapping z The digest...

Страница 287: ...the specified MSTI By default a switch automatically calculates the path costs of a port in different MSTIs based on a specified standard If you specify the instance id argument to be 0 or do not spe...

Страница 288: ...ation of spanning tree instances 0 to 16 to the network management device By default when the local switch becomes the regional root of a spanning tree instance in the range of 0 to 16 it sends newroo...

Страница 289: ...h are non edge ports An edge port is a port that is directly connected to a user terminal instead of another switch or shared network segment Rapid transition to the forwarding state is applied to edg...

Страница 290: ...Ethernet port list You can specify multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 m...

Страница 291: ...nterface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument auto Specifies the port to recognize and send MS...

Страница 292: ...rt only recognizes and sends MSTP packets in legacy format In this case the port can only communicate with the peer through packets in legacy format z If packets in dot1s format are received the port...

Страница 293: ...rmine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them A configuration ID contains information such as region ID and configuration digest As s...

Страница 294: ...exactly the same MST region related configurations including region name revision level and VLAN to MSTI mapping z The digest snooping feature must be enabled on all the switch ports that connect to a...

Страница 295: ...ault value of the path cost s of the specified port s in the specified MSTI in system view By default a switch automatically calculates the path costs of a port in different MSTIs based on a specified...

Страница 296: ...the specified Ethernet ports to the default state By default all Ethernet ports of a switch are non edge ports An edge port is a port that is directly connected to a user terminal instead of another s...

Страница 297: ...ng this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for...

Страница 298: ...rform the mCheck operation on specified port s in system view A port on an MSTP enabled switch migrates to the STP RSTP compatible mode automatically if an STP RSTP enabled switch has been connected t...

Страница 299: ...tches to avoid this case When an H3C series switch running MSTP is connected in the upstream direction to a manufacture s switch adopting proprietary spanning tree protocols you can enable the rapid t...

Страница 300: ...t ports are point to point links Description Use the stp interface point to point command to specify whether the links connected to the specified Ethernet ports are point to point links in system view...

Страница 301: ...multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10...

Страница 302: ...type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the stp interface root protection command to enable the root...

Страница 303: ...erface interface list transmit limit packetnum undo stp interface interface list transmit limit View System view Parameters interface list Ethernet port list You can specify multiple Ethernet ports by...

Страница 304: ...meters None Description Use the stp loop protection command to enable the loop guard function on the current port Use the undo stp loop protection command to restore the loop guard function to the def...

Страница 305: ...ount to the default By default the maximum hop count of an MST region is 20 The maximum hop count configured on the region roots of an MST region limits the size of the MST region A configuration BPDU...

Страница 306: ...ed downstream switch is then replaced by an MSTP enabled switch the port cannot automatically transit to the MSTP mode but still remains in the STP compatible mode In this case you can force the port...

Страница 307: ...TP compatible mode where the ports of a switch send STP BPDUs to neighboring devices If STP enabled switches exist in a switched network you can use the stp mode stp command to configure an MSTP enabl...

Страница 308: ...d port fails to change their states rapidly The rapid transition feature aims to resolve this problem When an H3C series switch running MSTP is connected in the upstream direction to another manufactu...

Страница 309: ...tandard View System view Parameters dot1d 1998 Uses the IEEE 802 1D 1998 standard to calculate the default path costs of ports dot1t Uses the IEEE 802 1t standard to calculate the default path costs o...

Страница 310: ...ed link 2 ports Aggregated link 3 ports Aggregated link 4 ports 2 1 1 1 200 000 1 000 666 500 2 1 1 1 Normally when a port operates in full duplex mode the corresponding path cost is slightly less tha...

Страница 311: ...k connected to the current Ethernet port to its default link type which is automatically determined by MSTP By default whether the link type of a port is point to point is automatically determined by...

Страница 312: ...and 32 Description Use the stp port priority command to set the port priority of the current port in the specified MSTI Use the undo stp port priority command to restore the default port priority of t...

Страница 313: ...lue of 0 indicates the CIST Description Use the stp portlog command to enable log and trap message output for the ports of a specified instance Use the undo stp portlog command to disable this functio...

Страница 314: ...ance id priority priority undo stp instance instance id priority View System view Parameters instance id MSTI ID ranging from 0 to 16 The value of 0 refers to the CIST priority Switch priority to be s...

Страница 315: ...scription Use the stp region configuration command to enter MST region view Use the undo stp region configuration command to restore the MST region related settings to the default MST region related p...

Страница 316: ...and defaults to 200 Description Use the stp root primary command to configure the current switch as the root bridge of a specified MSTI Use the undo stp root command to cancel the current configurati...

Страница 317: ...User View with Ctrl Z Sysname stp instance 1 root primary bridge diameter 4 hello time 500 1 1 46 stp root secondary Syntax stp instance instance id root secondary bridge diameter bridgenum hello tim...

Страница 318: ...CIST You can configure only one root bridge for an MSTI but you can configure one or more secondary root bridges for an MSTI Once a switch is configured as the root bridge or a secondary root bridge i...

Страница 319: ...ort and stops forwarding packets as if it is disconnected from the link Related commands stp interface root protection Examples Enable the root guard function on Ethernet 1 0 1 Sysname system view Sys...

Страница 320: ...ntax stp tc protection threshold number undo stp tc protection threshold View System view Parameters number Maximum number of times that a switch can remove the MAC address table and ARP entries withi...

Страница 321: ...able and ARP entries to 100 and the switch receives 200 TC BPDUs in the period the switch removes the MAC address table and ARP entries for only 100 times within the period Examples Set the maximum ti...

Страница 322: ...that the three proper time related parameters are automatically calculated by MSTP Related commands stp timer hello stp timer max age stp bridge diameter Examples Set the forward delay to 2 000 centis...

Страница 323: ...rameters are automatically calculated by MSTP Related commands stp timer forward delay stp timer max age stp bridge diameter Examples Set the hello time to 400 centiseconds Sysname system view System...

Страница 324: ...automatically determined by MSTP Related commands stp timer forward delay stp timer hello stp bridge diameter Examples Set the max age to 1 000 centiseconds Sysname system view System View return to...

Страница 325: ...p transmit limit packetnum undo stp transmit limit View Ethernet port view Parameters packetnum Maximum number of configuration BPDUs a port can transmit in each hello time This argument ranges from 1...

Страница 326: ...a network are mapped to the CIST MSTI 0 MSTP uses a VLAN to MSTI mapping table to describe VLAN to MSTI mappings You can use this command to establish the VLAN to MSTI mapping table and map VLANs to M...

Страница 327: ...ands 1 61 Related commands check region configuration revision level region name active region configuration Examples Map VLANs to MSTIs with the modulo being 16 Sysname system view System View return...

Страница 328: ...1 igmp snooping querier 1 13 1 1 12 igmp snooping query interval 1 14 1 1 13 igmp snooping router aging time 1 15 1 1 14 igmp snooping version 1 15 1 1 15 igmp snooping vlan mapping 1 16 1 1 16 igmp h...

Страница 329: ...tax display igmp snooping configuration View Any view Parameters None Description Use the display igmp snooping configuration command to display IGMP Snooping configuration information If IGMP Snoopin...

Страница 330: ...snooping group Syntax display igmp snooping group vlan vlan id View Any view Parameters vlan vlan id Specifies the VLAN in which the multicast group information is to be displayed where vlan id range...

Страница 331: ...mber of IP multicast groups in all VLANs Total 1 MAC Group s Total number of MAC multicast groups in all VLANs Vlan id ID of the VLAN whose multicast group information is displayed Total 1 IP Group s...

Страница 332: ...the device makes statistics of IGMPv3 messages as IGMPv2 messages Related commands igmp snooping Examples Display IGMP Snooping statistics Sysname display igmp snooping statistics Received IGMP genera...

Страница 333: ...isabled Caution z Before enabling IGMP Snooping in a VLAN be sure to enable IGMP Snooping globally in system view otherwise the IGMP Snooping setting will not take effect z If IGMP Snooping and VLAN V...

Страница 334: ...ched to the port runs IGMPv2 or IGMPv3 z The configuration performed in system view takes effect on all ports of the switch if no VLAN is specified if one or more VLANs are specified the configuration...

Страница 335: ...can be any legal IP address Description Use the igmp snooping general query source ip command to configure the source address of IGMP general queries Use the undo igmp snooping general query source i...

Страница 336: ...VLAN IDs in the form of vlan id and or one or more VLAN ID ranges in the form of vlan id1 to vlan id2 where vlan id2 must be greater than vlan id1 The effective range for a VLAN ID is 1 to 4094 and t...

Страница 337: ...icast groups Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 igmp snooping group limit 200 vlan 2 1 1 8 igmp snooping group polic...

Страница 338: ...a port blocked by this function z The configuration performed in system view takes effect on all ports of the switch if no VLAN is specified if one or more VLANs are specified the configuration takes...

Страница 339: ...re ACL 2001 on Ethernet1 0 2 to it to join any IGMP multicast groups except those defined in the deny rule of ACL 2001 Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 igmp snooping group policy...

Страница 340: ...With this function enabled unknown multicast packets are passed to the router ports of the switch rather than being flooded in the VLAN Use the undo igmp snooping nonflooding enable command to disabl...

Страница 341: ...cast drop enable multicast source deny display multicast source deny Examples Enable IGMP Snooping non flooding after you enable IGMP Snooping globally and disable both port stacking and unknown multi...

Страница 342: ...terval ranging from 1 to 300 in seconds Description Use the igmp snooping query interval command to configure the IGMP query interval namely the interval at which the switch sends IGMP general queries...

Страница 343: ...in seconds Description Use the igmp snooping router aging time command to configure the aging time of router ports Use the undo igmp snooping router aging time command to restore the default aging tim...

Страница 344: ...version to version 3 in VLAN 100 Sysname system view System View return to User View with Ctrl Z Sysname igmp snooping enable Enable IGMP Snooping ok Sysname vlan 100 Sysname vlan100 igmp snooping ena...

Страница 345: ...the multicast group to join source address Address of the multicast source to join You can specify a multicast source address only when IGMPv3 Snooping is running in a VLAN vlan vlan id ID of the VLA...

Страница 346: ...on 3 Sysname vlan1 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet 1 0 1 igmp host join 225 0 0 1 source ip 1 1 1 1 vlan 10 1 1 17 multicast static group interface Syntax multicast static group...

Страница 347: ...as static members ports for multicast group 225 0 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 multicast static group...

Страница 348: ...uter port interface type interface number View VLAN view Parameters interface type interface number Specifies a port by its type and number Description Use the multicast static router port command to...

Страница 349: ...specified VLAN as a static router port By default the static router port function is disabled Examples Configure Ethernet 1 0 1 in VLAN 10 as a static router port Sysname system view System View retur...

Страница 350: ...nly within the multicast VLAN In addition because the multicast VLAN is isolated from user VLANs this method also enhances the information security Note z One port belongs to only one multicast VLAN z...

Страница 351: ...100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Commands 1 23 Examples Configure VLAN 2 as a multicast VLAN Sysname system view System View return to User View with Ctrl Z Sysname v...

Страница 352: ...n id Displays the static multicast MAC entry information in the specified VLAN Without a VLAN specified this command displays the static multicast MAC entry information in all VLANs count Displays the...

Страница 353: ...interface interface type interface number View Any view Parameters interface type Port type interface number Port number Description Use the display multicast source deny command to display the multic...

Страница 354: ...here interface number2 must be greater than interface number1 The total number of individual ports plus port ranges cannot exceed 10 For port types and port numbers refer to the parameter description...

Страница 355: ...port Use the undo mac address multicast vlan command to remove the specified multicast MAC address entry or all multicast MAC address entries on the current port Each multicast MAC address entry conta...

Страница 356: ...icast source port suppression feature enabled on a port the port drops all multicast data packets while it permits multicast protocol packets to pass This feature is useful for rejecting multicast tra...

Страница 357: ...one Description Use the unknown multicast drop enable command to enable the function of dropping unknown multicast packets Use the undo unknown multicast drop enable command to disable the function of...

Страница 358: ...ax 1 16 1 1 14 dot1x re authenticate 1 17 1 1 15 dot1x supp proxy check 1 18 1 1 16 dot1x timer 1 20 1 1 17 dot1x timer reauth period 1 22 1 1 18 dot1x version check 1 23 1 1 19 reset dot1x statistics...

Страница 359: ...m Guard H3C S3100 Series Ethernet Switches Table of Contents ii 4 1 2 display system guard state 4 2 4 1 3 system guard detect threshold 4 3 4 1 4 system guard enable 4 3 4 1 5 system guard permit 4 4...

Страница 360: ...he type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the display dot1x command to display 802 1x re...

Страница 361: ...0 255 255 255 0 Acl timeout 30 m Total maximum 802 1x user resource number is 1024 Total current used 802 1x resource number is 1 Ethernet1 0 1 is link up 802 1X protocol is enabled Proxy trap checke...

Страница 362: ...that a supplicant system logs in through a proxy Proxy logoff checker is disabled Whether or not to disconnect a supplicant system when detecting it logs in through a proxy z Disable means the switch...

Страница 363: ...ystem logs in through a proxy z Enable means the switch sends Trap packets when it detects that a supplicant system logs in through a proxy Proxy logoff checker is disabled Whether or not to disconnec...

Страница 364: ...g 1 10 means that up to 10 port lists can be provided Description Use the dot1x command to enable 802 1x globally or for specified Ethernet ports Use the undo dot1x command to disable 802 1x globally...

Страница 365: ...a port has been added to an aggregation group it is prohibited to enable 802 1x for the port Related command display dot1x Example Enable 802 1x for Ethernet1 0 1 port Sysname system view System View...

Страница 366: ...ion a switch authenticates supplicant systems by encapsulating 802 1x authentication information in EAP packets and sending the packets to the RADIUS server instead of converting the packets into RADI...

Страница 367: ...supplicant system when it applies for a dynamic IP address through DHCP Sysname system view System View return to User View with Ctrl Z Sysname dot1x dhcp launch 1 1 5 dot1x guest vlan Syntax dot1x gu...

Страница 368: ...ese two commands apply to the specified ports In Ethernet port view the interface list argument is not available and these two commands apply to only the current Ethernet port Caution z The Guest VLAN...

Страница 369: ...king function first z Handshaking packets need the support of the H3C proprietary client They are used to test whether or not a user is online z As clients that are not of H3C do not support the onlin...

Страница 370: ...cure function to take effect the clients that enable the function need to cooperate with the authentication server If either the clients or the authentication server does not support the function disa...

Страница 371: ...de the interface list argument these two commands apply to all the ports of the switch z If you specify the interface list argument these two commands apply to the specified ports In Ethernet port vie...

Страница 372: ...type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x port control comman...

Страница 373: ...ault access control method By default the access control method is macbased This command specifies the way in which the users are authenticated z If you specify to authenticate users by MAC addresses...

Страница 374: ...11 dot1x quiet period Syntax dot1x quiet period undo dot1x quiet period View System view Parameter None Description Use the dot1x quiet period command to enable the quiet period timer Use the undo dot...

Страница 375: ...on request packets to a user for up to 2 times After a switch sends an authentication request packet to a user it sends another authentication request packet if it does not receive response from the u...

Страница 376: ...er after a specific period of time as determined by the client version request timer When the number set by this command has reached and there is still no response from the user the switch continues t...

Страница 377: ...is command will enable 802 1x re authentication on all ports z If you specify the interface list argument the command will enable 802 1x on the specified ports In Ethernet port view the interface list...

Страница 378: ...roxy check command to disable 802 1x proxy checking for specified ports By default 802 1x proxy checking is disabled on all Ethernet ports In system view z If you do not specify the interface list arg...

Страница 379: ...fter the user passes the authentication Note z The 802 1x proxy checking function needs the cooperation of H3C s 802 1x client program z The proxy checking function takes effect only after the client...

Страница 380: ...quiet period the switch does not perform any 802 1x authentication related actions for the supplicant system The quiet period value argument ranges from 10 to 120 in seconds By default the quiet perio...

Страница 381: ...sends another version request packet if it does receive version response packets from the supplicant system when the timer expires The ver period value argument ranges from 1 to 30 in seconds By defa...

Страница 382: ...econds Example Set the 802 1x re authentication interval to 150 seconds Sysname system view System View return to User View with Ctrl Z Sysname dot1x timer reauth period 150 1 1 18 dot1x version check...

Страница 383: ...ystem View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 dot1x version check 1 1 19 reset dot1x statistics Syntax reset dot1x statistics interface interface li...

Страница 384: ...r 1 802 1x Configuration Commands 1 25 If the interface list argument is specified this command clears the 802 1x statistics on the specified ports Related command display dot1x Example Clear 802 1x s...

Страница 385: ...ddress in dotted decimal notation mask length Length of the subnet mask of the free IP address in the range 0 to 32 Description Use the dot1x free ip command to configure a free IP range A free IP ran...

Страница 386: ...ot1x timer acl timeout command to configure the ACL timeout period Use the undo dot1x timer acl timeout command to restore the default By default the ACL timeout period is 30 minutes Related commands...

Страница 387: ...ion Commands 2 3 Use the undo dot1x url command to remove the configuration By default no URL is configured for HTTP redirection Related commands dot1x configuration commands Examples Configure the UR...

Страница 388: ...ABP configuration and status Sysname display habp Global HABP information HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 3 1 Description on the fields of the displa...

Страница 389: ...ained by HABP Sysname display habp table MAC Holdtime Receive Port 001f 3c00 0030 53 Ethernet1 0 1 Table 3 2 Description on the fields of the display habp table command Field Description MAC MAC addre...

Страница 390: ...the display habp traffic command Field Description Packets output Number of the HABP packets sent Input Number of the HABP packets received ID error Number of the HABP packets with ID errors Type erro...

Страница 391: ...nging from 1 to 4094 Description Use the habp server vlan command to configure a switch to operate as an HABP server This command also specifies the VLAN where HABP packets are broadcast Use the undo...

Страница 392: ...rom 5 to 600 Description Use the habp timer command to set the interval for a switch to send HABP request packets Use the undo habp timer command to revert to the default interval The default interval...

Страница 393: ...rameter None Description Use the display system guard attack record command to display the record of detected attacks Example Display the record of detected attacks Sysname display system guard attack...

Страница 394: ...er None Description Use the display system guard state command to display the state of the system guard feature Related command system guard enable system guard detect threshold and system guard timer...

Страница 395: ...ckets when an attack is detected in the range of 200 to 1 000 Description Use the system guard detect threshold command to set the threshold for the number of packets when an attack is detected When t...

Страница 396: ...d permit Syntax system guard permit interface list undo system guard permit interface list View System view Parameter permit Specifies the ports to which with the system guard function is to be applie...

Страница 397: ...1 0 1 to Ethernet 1 0 10 4 1 6 system guard timer interval Syntax system guard timer interval isolate timer undo system guard timer interval View System view Parameter isolate timer Length of the iso...

Страница 398: ...1 14 1 1 13 domain 1 15 1 1 14 domain delimiter 1 17 1 1 15 idle cut 1 18 1 1 16 level 1 18 1 1 17 local user 1 19 1 1 18 local user password display mode 1 21 1 1 19 messenger 1 21 1 1 20 name 1 22...

Страница 399: ...1 57 1 2 26 server type 1 58 1 2 27 state 1 59 1 2 28 stop accounting buffer enable 1 60 1 2 29 timer 1 61 1 2 30 timer quiet 1 62 1 2 31 timer realtime accounting 1 63 1 2 32 timer response timeout...

Страница 400: ...ches Table of Contents iii 1 3 17 timer quiet 1 79 1 3 18 timer realtime accounting 1 80 1 3 19 timer response timeout 1 81 1 3 20 user name format 1 81 Chapter 2 EAD Configuration Commands 2 1 2 1 EA...

Страница 401: ...argument ranges from 1 to 2 072 Description Use the access limit command to set the maximum number of access users that can be contained in current ISP domain Use the undo access limit command to rest...

Страница 402: ...an accounting scheme for current ISP domain Use the undo accounting command to cancel the accounting scheme configuration for current ISP domain By default no separate accounting scheme is configured...

Страница 403: ...hat z If the system does not find any available accounting server or fails to communicate with any accounting server when it performs accounting for an online user it will not disconnect the user as l...

Страница 404: ...fies to which VLAN the user belongs Here vlan id is an integer ranging from 1 to 4094 location Sets the port binding attribute of the user nas ip ip address Sets the IP address of an access server so...

Страница 405: ...undo authentication View ISP domain view Parameters radius scheme radius scheme name Specifies to use a RADIUS authentication scheme Here radius scheme name is a string of up to 32 characters hwtacac...

Страница 406: ...entication scheme z If you execute the authentication none command no authentication will be performed z The authentication command takes precedence over the scheme command If the authentication comma...

Страница 407: ...execute the authentication super command to specify a HWTACACS authentication scheme for user level switching the HWTACACS scheme must exist Note The S3100 series switches adopt hierarchical protecti...

Страница 408: ...Use the authorization command to configure an authorization scheme for current ISP domain Use the undo authorization command to restore the default authorization scheme setting of the ISP domain By de...

Страница 409: ...LAN Use the undo authorization vlan command to remove the configuration By default no authorized VLAN is specified for a local user Note For local RADIUS authentication to take effect the VLAN assignm...

Страница 410: ...ius scheme radius scheme name Cuts down all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters vlan vlan id Cuts down all user connections of a...

Страница 411: ...of H H H radius scheme radius scheme name Displays all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters hwtacacs scheme hwtacacs scheme name...

Страница 412: ...Auth CHAP Port Ether Port NO 0x10003001 Initial VLAN 1 Authorization VLAN 1 ACL Group Disable CAR Disable Priority Disable Start 2000 04 03 02 51 53 Current 2000 04 03 02 52 22 Online 00h00m29s On Un...

Страница 413: ...ption on the fields of the display domain command Field Description Domain Domain name State Status of the domain which can be active or block Scheme AAA scheme that the domain uses Access Limit Maxim...

Страница 414: ...lays the local users belonging to a specified VLAN Here vlan id ranges from 1 to 4094 service type Displays the local users of a specified type You can specify one of the following user types ftp lan...

Страница 415: ...able 1 3 Description on the fields of the display local user command Field Description State Status of the local user ServiceType Mask Service type mask T means Telnet service S means SSH service C me...

Страница 416: ...domain and enter its view or enter the view of an existing ISP domain or configure the default ISP domain Use the undo domain command to delete a specified ISP domain The ISP domain system is used as...

Страница 417: ...tween the username and the ISP domain name Use the undo domain delimiter command to restore the delimiter form to the default setting By default the character is used as the delimiter between the user...

Страница 418: ...ss than the specified amount the system will disconnect the user By default this function is disabled Note that if the authentication server assigns the idle cut settings the assigned ones take preced...

Страница 419: ...the configured authentication method is none or password authentication the command level that a user can access after login is determined by the level of the user interface z If the configured authen...

Страница 420: ...ocal users service type Specifies the local users of a specified type You can specify one of the following user types ftp lan access generally this type of users are Ethernet access users for example...

Страница 421: ...the password display mode of all local users Use the undo local user password display mode command to restore the default password display mode of all local users By default the password display mode...

Страница 422: ...command to restore the messenger function to its default state By default the messenger function is disabled on the switch The purpose of this function is to remind online users of their remaining onl...

Страница 423: ...Syntax password simple cipher password undo password View Local user view Parameters simple Specifies the password in plain text cipher Specifies the password in cipher text password Password to be se...

Страница 424: ...reats it as a password in plain text Related commands display local user Examples Set the password of user1 to 20030422 and specify to display the password in plain text Sysname system view System Vie...

Страница 425: ...of a HWTACACS scheme a string of up to 32 characters local Specifies to use local authentication none Specifies not to perform authentication Description Use the scheme command to configure an AAA sch...

Страница 426: ...be used to specify the RADIUS scheme to be quoted for the ISP domain Their functions are the same and the system takes the latest configuration Related commands radius scheme display domain Examples...

Страница 427: ...example IE or Netscape and locates the URL page used to change user password on the self service server Then the user can change the password z A user can choose the change user password option on the...

Страница 428: ...specified types of services By default a user is inhibited from accessing any type of service You may user the display local user command to view the types of services that a user is authorized to ac...

Страница 429: ...is already online Related commands domain local user You may use the display domain command or the display local user command to view the status information Examples Set the ISP domain aabbcc net to...

Страница 430: ...Then upon receiving an integer ID assigned by the RADIUS authentication server the switch adds the port to the VLAN whose VLAN ID is equal to the assigned integer ID If no such a VLAN exists the switc...

Страница 431: ...irst regards it as an integer VLAN ID the switch transforms the string to an integer value and judges if the value is in the valid VLAN ID range if it is the switch adds the authenticated port to the...

Страница 432: ...accounting is not needed z This configuration takes effect only on the ISP domains using this RADIUS scheme z If you configure the accounting optional command in ISP domain view it is effective to al...

Страница 433: ...rver to log out its users The following gives the operations after the switch restarts 1 The switch generates an Accounting On message which mainly contains the following information NAS ID NAS IP add...

Страница 434: ...Sysname radius radius1 accounting on enable 1 2 3 calling station id mode Syntax calling station id mode mode1 mode2 lowercase uppercase undo calling station id mode View RADIUS scheme view Parameter...

Страница 435: ...yte or mega byte packet Sets the packet unit of outgoing RADIUS flows which can be one packet giga packet kilo packet or mega packet Description Use the data flow format command to set the units of RA...

Страница 436: ...al server statistics command to display the RADIUS message statistics about local RADIUS server Related commands local server Examples Display the RADIUS message statistics about local RADIUS server S...

Страница 437: ...configured Acct Server Encryption Key Not configured Accounting method required Accounting On packet enable send times 15 interval 3s TimeOutValue in second 3 RetryTimes 3 RealtimeACCT in minute 12 P...

Страница 438: ...ond RADIUS server response timeout time RetryTimes Maximum number of transmission attempts of a RADIUS request RealtimeACCT in minute Real time accounting interval in minutes Permitted send realtime P...

Страница 439: ...stics state statistic total 1048 DEAD 1048 AuthProc 0 AuthSucc 0 AcctStart 0 RLTSend 0 RLTWait 0 AcctStop 0 OnLine 0 Stop 0 StateErr 0 Received and Sent packets statistic Unit 1 Sent PKT total 0 Recei...

Страница 440: ...iscarded No response acct stop packet for buffer overflow 0 1 2 8 display stop accounting buffer Syntax display stop accounting buffer radius scheme radius scheme name session id session id time range...

Страница 441: ...ge to display those generated within the specified time range The displayed information helps you diagnose and resolve RADIUS problems z If the switch gets no response in a specified time period after...

Страница 442: ...m each other by using the shared keys that have been set on them and can accept and respond to the messages only when both parties have same shared key z The authentication authorization shared key an...

Страница 443: ...te RADIUS authentication authorization and accounting services the switch can act as a local RADIUS server to provide simple RADIUS server functions locally For the switch to act as a local server you...

Страница 444: ...med locally The default share key is null Note that z The message encryption key set by the local server nas ip ip address key password command must be identical with the authentication authorization...

Страница 445: ...scheme view has the same function as the radius nas ip command in system view and the configuration in RADIUS scheme view takes precedence over that in system view You can set the source IP address o...

Страница 446: ...ing server which are 0 0 0 0 and 1813 respectively In the system default RADIUS scheme system the default IP address of the primary accounting server is 127 0 0 1 and the default UDP port number is 16...

Страница 447: ...ary authentication authorization server is 0 0 0 0 and the default UDP port number is 1812 Note that z After creating a new RADIUS scheme you should configure the IP address and UDP port number of eac...

Страница 448: ...ntication and accounting ports are enabled If you want to use the switch as a RADIUS client you need to ensure that the ports for RADIUS authentication and accounting are open Otherwise you can disabl...

Страница 449: ...in RADIUS scheme view takes precedence over that in system view Note that z You can set the source IP address of outgoing RADIUS messages to avoid messages returned from RADIUS server from being unabl...

Страница 450: ...and the parameters required for the RADIUS client to interact with the RADIUS servers You should first create a RADIUS scheme and enter its view before performing RADIUS protocol configurations z A R...

Страница 451: ...radius trap command to disable the switch from sending trap messages when a RADIUS authentication server or a RADIUS accounting server turns down By default this function is disabled This configuratio...

Страница 452: ...ers that does not contain any of the following characters session id session id Deletes the buffered stop accounting requests of a specified session Here session id is a session ID which is a string o...

Страница 453: ...to set the maximum number of transmission attempts of a RADIUS request Use the undo retry command to restore the default maximum number of transmission attempts By default the maximum number of RADIU...

Страница 454: ...o retry realtime accounting command to restore the default maximum number of continuous real time accounting failures By default the maximum number of continuous real time accounting failures is five...

Страница 455: ...s an accounting request every 12 minutes if the switch does not receive a response within 3 seconds after it sends out the accounting request it resends the request if the switch continuously sends th...

Страница 456: ...uch a request the switch should first buffer the request on itself and then retransmit the request to the RADIUS accounting server until it gets a response or the maximum number of transmission attemp...

Страница 457: ...sname radius scheme radius1 New Radius scheme Sysname radius radius1 secondary accounting 10 110 1 1 1813 1 2 25 secondary authentication Syntax secondary authentication ip address port number undo se...

Страница 458: ...that is use the procedure and message format of private RADIUS protocol to interact with an H3C s RADIUS server standard Specifies to support standard RADIUS server that is use the procedure and mess...

Страница 459: ...me are in the block state the primary RADIUS servers in the default RADIUS scheme system are in the active state and the secondary RADIUS servers in system are in the block state For the primary and s...

Страница 460: ...nd to enable the switch to buffer the stop accounting requests that get no response Use the undo stop accounting buffer enable command to disable the switch from buffering the stop accounting requests...

Страница 461: ...the default response timeout timer of RADIUS servers By default the response timeout time of RADIUS servers is 3 seconds Note that z After sending out a RADIUS request authentication authorization req...

Страница 462: ...tes Wait time before primary server state restoration ranging from 1 to 255 minutes Description Use the timer quiet command to set the time that the switch waits before it tries to re communicate with...

Страница 463: ...t which users are charged in real time you can set the real time accounting interval After the setting the switch periodically sends online users accounting information to the RADIUS server at the set...

Страница 464: ...me of RADIUS servers By default the response timeout time of RADIUS servers is 3 seconds Note that z After sending out a RADIUS request authentication authorization request or accounting request to a...

Страница 465: ...tem the usernames sent to RADIUS servers in any RADIUS scheme carry ISP domain names Note that z Generally an access user is named in the userid isp name format Here isp name behind the character repr...

Страница 466: ...flow format Syntax data flow format data byte giga byte kilo byte mega byte data flow format packet giga packet kilo packet mega packet one packet undo data flow format data packet View HWTACACS schem...

Страница 467: ...s scheme name HWTACACS scheme name a string of 1 to 32 characters This name is case insensitive If this argument is not specified the system displays information about all HWTACACS schemes statistics...

Страница 468: ...t 1 3 3 display stop accounting buffer Syntax display stop accounting buffer hwtacacs scheme hwtacacs scheme name View Any view Parameters hwtacacs scheme hwtacacs scheme name Displays the buffered st...

Страница 469: ...ress Note that z You can specify the source address of outgoing HWTACACS messages to avoid messages returned from server from being unable to reach their destination due to physical interface trouble...

Страница 470: ...ith Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 1 3 6 key Syntax key accounting authentication authorization string undo key accounting authentication authorization View HWTACACS scheme...

Страница 471: ...Description Use the nas ip command to set the source address of outgoing HWTACACS messages Use the undo nas ip command to restore the default setting Note that z You can set the source address of HWT...

Страница 472: ...rrent scheme Use the undo primary accounting command to restore the default IP address and port number of the primary HWTACACS accounting server which are 0 0 0 0 and 49 respectively Note that z You a...

Страница 473: ...ress and port number of the primary HWTACACS authentication server which are 0 0 0 0 and 49 respectively Note that z You are not allowed to set the same IP address for both primary and secondary authe...

Страница 474: ...ively Note that z You are not allowed to set the same IP address for both primary and secondary authorization servers If you do this your setting will fail z If you re execute the command the new sett...

Страница 475: ...hwtacacs scheme name View User view Parameters hwtacacs scheme hwtacacs scheme name Deletes the buffered stop accounting requests of a specified HWTACACS scheme Here hwtacacs scheme name is the name...

Страница 476: ...he maximum number of transmission attempts is 100 Related commands reset stop accounting buffer hwtacacs scheme display stop accounting buffer Examples Enable the stop accounting request retransmissio...

Страница 477: ...o the server Examples Set the IP address and UDP port number of the secondary accounting server for HWTACACS scheme hwt1 to 10 163 155 12 and 49 respectively Sysname system view System View return to...

Страница 478: ...rn to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 secondary authentication 10 163 155 13 49 1 3 16 secondary authorization Syntax secondary authorization ip address port u...

Страница 479: ...cs hwt1 secondary authorization 10 163 155 13 49 1 3 17 timer quiet Syntax timer quiet minutes undo timer quiet View HWTACACS scheme view Parameters minutes Wait time before primary server state resto...

Страница 480: ...rs are charged in real time you can set the real time accounting interval After the setting the switch periodically sends online users accounting information to TACACS accounting server at the set int...

Страница 481: ...out command to set the response timeout time of TACACS servers Use the undo timer response timeout command to restore the default response timeout time of TACACS servers By default the response timeou...

Страница 482: ...s cannot accept the usernames that carry ISP domain names In this case it is necessary to remove domain names from usernames before sending usernames to TACACS server For this reason the user name for...

Страница 483: ...cy server Use the undo security policy server command to remove one specified or all security policy server address settings You can configure up to eight security policy server addresses in each RADI...

Страница 484: ...Command Manual For Soliton AAA H3C S3100 Series Ethernet Switches Chapter 2 EAD Configuration Commands 2 2 security policy server 192 168 0 1 user name format without domain...

Страница 485: ...1 4 mac authentication authmode usernameasmacaddress 1 6 1 1 5 mac authentication authmode usernamefixed 1 7 1 1 6 mac authentication authpassword 1 7 1 1 7 mac authentication authusername 1 8 1 1 8...

Страница 486: ...ace number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the display mac authentication comman...

Страница 487: ...ication z UsernameAsMacAddress Uses the MAC address of a user as the username for authentication The default is the MAC address UsernameAsMacAddress Fixed password Meaning of this field varies by the...

Страница 488: ...he switch sets the user to be in quiet state During quiet period the switch does not process the authentication request of this user Ethernet1 0 1 is link up The link connected to Ethernet1 0 1 port i...

Страница 489: ...being executed in system view the mac authentication command enables MAC address authentication globally When being executed in Ethernet port view the mac authentication command enables MAC address au...

Страница 490: ...AC address authentication for on the specified port s Use the undo mac authentication interface command to disable the MAC address authentication for the specified port s By default MAC address authen...

Страница 491: ...02 e3 without hyphen Uses MAC addresses without hyphens as usernames and passwords for example 0005e01c02e3 lowercase Uses lowercase MAC addresses as usernames and passwords uppercase Uses uppercase M...

Страница 492: ...Use the mac authentication authmode usernamefixed command to set the user name in fixed mode for MAC address authentication Use the undo mac authentication authmode command to restore the default user...

Страница 493: ...w return to User View with Ctrl Z Sysname mac authentication authpassword newmac 1 1 7 mac authentication authusername Syntax mac authentication authusername username undo mac authentication authusern...

Страница 494: ...re an ISP domain for MAC address authentication Use the undo mac authentication domain command to restore the default ISP domain for MAC address authentication By default no domain for MAC address aut...

Страница 495: ...ntication the switch prohibits a user from accessing the network if the connection between the switch and the RADIUS server times out Description Use the mac authentication timer command to configure...

Страница 496: ...ac authentication guest vlan vlan id undo mac authentication guest vlan View Ethernet port view Parameters vlan id ID of the guest VLAN configured for the current port This argument is in the range of...

Страница 497: ...est VLAN can be configured for a port and the VLAN configured as the Guest VLAN must be an existing VLAN Otherwise the Guest VLAN configuration does not take effect If you want to change the Guest VLA...

Страница 498: ...return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 mac authenticiaon intrusion mode block mac enable 1 2 3 mac authentication max auth num Syntax mac authenticatio...

Страница 499: ...on z You cannot configure the maximum number of MAC address authentication users for a port if any user connected to this port is online Examples Set the maximum number of MAC address authentication u...

Страница 500: ...gured for it Use the undo mac authentication timer guest vlan reauth command to restore the re authentication interval to the default value The switch re authenticates the users in guest VLANs at the...

Страница 501: ...detection trust 1 3 1 1 5 arp protective down recover enable 1 3 1 1 6 arp protective down recover interval 1 4 1 1 7 arp rate limit 1 5 1 1 8 arp rate limit enable 1 6 1 1 9 arp restricted forwarding...

Страница 502: ...tem view Parameters None Description Use the arp anti attack valid check enable command to enable ARP source MAC address consistency check Use the undo arp anti attack valid check enable command to di...

Страница 503: ...e ARP entry checking function Sysname system view System View return to User View with Ctrl Z Sysname undo arp check enable 1 1 3 arp detection enable Syntax arp detection enable undo arp detection en...

Страница 504: ...he arp detection trust command to specify the current port as a trusted port that is ARP packets received on this port are regarded as legal ARP packets and will not be checked Use the undo arp detect...

Страница 505: ...ion is disabled Examples Enable the port state auto recovery function of the switch Sysname system view System View return to User View with Ctrl Z Sysname arp protective down recover enable 1 1 6 arp...

Страница 506: ...overy interval to 30 seconds Sysname system view System View return to User View with Ctrl Z Sysname arp protective down recover enable Sysname arp protective down recover interval 30 1 1 7 arp rate l...

Страница 507: ...ription Use the arp rate limit enable command to enable the ARP packet rate limit function on the port that is to limit the rate of ARP packets passing through the port If a rate the maximum ARP packe...

Страница 508: ...o the MAC addresses in the packets or through trusted ports if the MAC address table contains no such destination MAC addresses Use the undo arp restricted forwarding enable command to disable ARP res...

Страница 509: ...at z Static ARP entries are valid as long as the Ethernet switch operates normally But some operations such as removing a VLAN or removing a port from a VLAN will make the corresponding ARP entries in...

Страница 510: ...elated commands display arp timer aging Examples Configure the aging time to be 10 minutes for dynamic ARP entries Sysname system view System View return to User View with Ctrl Z Sysname arp timer agi...

Страница 511: ...17 000d 88f6 379c 1 Ethernet1 0 2 17 D 192 168 0 115 000d 88f7 9f7d 1 Ethernet1 0 2 18 D 192 168 0 43 000c 760a 172d 1 Ethernet1 0 2 18 D 192 168 0 33 000d 88f6 44ba 1 Ethernet1 0 2 20 D 192 168 0 35...

Страница 512: ...case sensitive character string Description Use the display arp command to display the ARP entries related to string in a specified way Related commands arp static reset arp Examples Display all the A...

Страница 513: ...cified string include Displays the number of ARP entries containing the specified string regular expression A case sensitive character string ip address IP address The ARP entries containing the IP ad...

Страница 514: ...ion statistics on Ethernet 1 0 10 Sysname display arp detection statistics interface ethernet1 0 10 ARP DETECTION ENABLE ARP PORT TRUST DISABLE INVALID ARP PACKETS 31 Table 1 2 Description on the fiel...

Страница 515: ...nd to enable the gratuitous ARP packet learning function Then a switch receiving a gratuitous ARP packet can add the IP and MAC addresses carried in the packet to its own dynamic ARP table if it finds...

Страница 516: ...dynamic Clears dynamic ARP entries static Clears static ARP entries interface interface type interface number Clears ARP entries of the specified port Description Use the reset arp command to clear s...

Страница 517: ...remote id 1 7 1 1 9 dhcp snooping trust 1 8 1 1 10 display dhcp snooping 1 9 1 1 11 display dhcp snooping trust 1 9 1 1 12 display ip source static binding 1 10 1 1 13 ip check source ip address 1 11...

Страница 518: ...to disable the DHCP snooping function After DHCP snooping is disabled all the ports can forward DHCP replies from the DHCP server without recording the IP to MAC bindings of the DHCP clients By defau...

Страница 519: ...nooping information enable command to disable DHCP snooping Option 82 DHCP snooping Option 82 is disabled by default Note that Enable DHCP snooping before performing this configuration Examples Enable...

Страница 520: ...n format command Examples Configure the storage format of Option 82 as ASCII Sysname system view System View return to User View with Ctrl Z Sysname dhcp snooping information format ascii 1 1 4 dhcp s...

Страница 521: ...acters Description Use the dhcp snooping information remote id command to configure the remote ID sub option in Option 82 Use the undo dhcp snooping information remote id command to restore the defaul...

Страница 522: ...tegy command in Ethernet port view to configure a handling policy for requests that contain Option 82 received on the current port Use the undo dhcp snooping information strategy command to restore th...

Страница 523: ...zed circuit ID sub option applies to all DHCP packets that pass through the current port Use the undo dhcp snooping information vlan vlan id circuit id command to restore the default circuit ID in DHC...

Страница 524: ...DHCP packets from the specified VLAN Without vlan vlan id specified the customized remote ID sub option applies to all DHCP packets that pass through the current port Use the undo dhcp snooping infor...

Страница 525: ...t Use the undo dhcp snooping trust command to restore an Ethernet port to a DHCP snooping untrusted port By default with the DHCP snooping enabled all the ports of a switch are untrusted ports Note th...

Страница 526: ...nd to display the user IP MAC address mapping entries recorded by the DHCP snooping function Related commands dhcp snooping Examples Display the user IP MAC address mapping entries recorded by the DHC...

Страница 527: ...snooping function is enabled and the Ethernet 1 0 10 port is a trusted port 1 1 12 display ip source static binding Syntax display ip source static binding vlan vlan id interface interface type inter...

Страница 528: ...ce ip address command to enable the filtering of the IP packets received through the current port based on the source IP address of the packets Use the undo ip check source ip address command to disab...

Страница 529: ...ce IP address source MAC address and the port number so as to generate static binding entries Use the undo ip source static binding ip address command to remove the static binding among source IP addr...

Страница 530: ...ch Use the undo dhcp protective down recover enable command to disable port state auto recovery With the port state auto recovery function a port that is shut down because the DHCP traffic rate limit...

Страница 531: ...witch the auto recovery interval defaults to 300 seconds Note that z Before configuring the port state auto recovery interval you must enable port state auto recovery on the switch first z The new por...

Страница 532: ...re the DHCP traffic threshold to 100 pps for port Ethernet 1 0 11 Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 11 Sysname Ethernet1 0 11 dhcp rate lim...

Страница 533: ...limit DHCP traffic is disabled on an Ethernet port That is DHCP traffic passing through an Ethernet port is not limited Examples Enable the function to limit DHCP traffic for Ethernet 1 0 11 port Sys...

Страница 534: ...cation of DHCP clients Note that S3100 series Ethernet switches that operate as DHCP clients support a maximum lease duration of 24 days currently Examples Display the information about the address al...

Страница 535: ...ng Lease from to The starting and end time of the lease period Server IP IP address of the DHCP server selected Transaction ID Transaction ID Default router Gateway address Next timeout will happen af...

Страница 536: ...dhcp alloc command UDP port 68 is disabled Examples Configure VLAN interface 1 to obtain an IP address through DHCP Sysname system view System View return to User View with Ctrl Z Sysname interface V...

Страница 537: ...ield in BOOTP packets Mac Address MAC address of the BOOTP client Default router Default router 3 2 2 ip address bootp alloc Syntax ip address bootp alloc undo ip address bootp alloc View VLAN interfa...

Страница 538: ...Command Manual For Soliton DHCP H3C S3100 Series Ethernet Switches Chapter 3 DHCP BOOTP Client Configuration 3 5 Sysname Vlan interface1 ip address bootp alloc...

Страница 539: ...1 3 display acl 1 3 1 1 4 display acl remaining entry 1 4 1 1 5 display ipv6 acl template 1 5 1 1 6 display packet filter 1 6 1 1 7 display time range 1 7 1 1 8 ipv6 acl template 1 8 1 1 9 packet filt...

Страница 540: ...the range 2000 to 2999 identifies a basic ACL z An ACL number in the range 3000 to 3999 identifies an advanced ACL Note that 3998 and 3999 cannot be configured because they are reserved for cluster ma...

Страница 541: ...to Sysname acl basic 2000 Add three rules with different numbers of zeros in the source wildcards Sysname acl basic 2000 rule 1 permit source 1 1 1 1 0 255 255 255 Sysname acl basic 2000 rule 2 permit...

Страница 542: ...stinguish ACLs by their descriptions By default no description string is assigned for an ACL Examples Assign description string This ACL is used for filtering all HTTP packets to ACL 3000 Sysname syst...

Страница 543: ...1 1 0 Table 1 1 Description on the fields of the display acl command Field Description Basic ACL 2000 The displayed information is about the basic ACL 2000 1 rule The ACL includes one rule Acl s step...

Страница 544: ...assign Total Number Total number of ACL resources Reserved Number Number of resources reserved for system ACLs Configured Number Number of resources configured for user defined ACLs Remaining Number...

Страница 545: ...g on the unit specified by unit id The unit ID can be set only to 1 vlan vlan id Displays information about packet filtering on the VLAN specified by vlan id Description Use the display packet filter...

Страница 546: ...ve time ranges this command displays Inactive Related commands time range Examples Display all time ranges Sysname display time range all Current time is 17 01 34 May 21 2007 Monday Time range tr Acti...

Страница 547: ...IPv6 packets src port Matches the TCP UDP source port field in IPv6 packets dest port Matches the TCP UDP destination port field in IPv6 packets icmpv6 type Matches the ICMPv6 type field in IPv6 pack...

Страница 548: ...Combined application of ACLs Combination mode The acl rule argument Apply all the rules of an ACL that is of IP type The ACL can be a basic ACL or an advanced ACL ip group acl number Apply a rule of...

Страница 549: ...basic ACL 2000 on Ethernet 1 0 1 to filter inbound packets Here it is assumed that the ACL and its rules are already configured Sysname system view System View return to User View with Ctrl Z Sysname...

Страница 550: ...e An ACL assigned to a VLAN takes effect only for the packets tagged with 802 1Q header For more information about 802 1Q header refer to the VLAN part Examples Apply all rules of basic ACL 2000 to VL...

Страница 551: ...ime range time name Specifies the time range in which the rule takes effect time name specifies the name of the time range in which the rule is active a string comprising 1 to 32 characters Note sour...

Страница 552: ...plus one If the current greatest rule number is 65534 however the system will display an error message and you need to specify a number for the rule z The content of a modified or created rule cannot...

Страница 553: ...ckets protocol Protocol carried by IP When the protocol is represented by numeral it ranges from 1 to 255 when the protocol is represented by name it can be gre 47 icmp 1 igmp 2 ip ipinip 4 ospf 89 tc...

Страница 554: ...preference The tos argument can be a number in the range 0 to 15 dscp dscp Packet priority Specifies a DSCP priority The dscp argument can be a number in the range 0 to 63 fragment Fragment informatio...

Страница 555: ...28 011100 af33 30 011110 af41 34 100010 af42 36 100100 af43 38 100110 be 0 000000 cs1 8 001000 cs2 16 010000 cs3 24 011000 cs4 32 100000 cs5 40 101000 cs6 48 110000 cs7 56 111000 ef 46 101110 If you s...

Страница 556: ...f you specify the tos keyword you can directly input a value ranging from 0 to 15 or input one of the keywords listed in Table 1 10 as the ToS value Table 1 10 ToS value and the corresponding keywords...

Страница 557: ...erators require only one port number as the operand port1 and port2 TCP UDP port number s expressed as port names or port numbers When expressed as numerals the value range is 0 to 65535 With the rang...

Страница 558: ...7 If the protocol type is ICMP you can also define the information listed in Table 1 13 Table 1 13 ICMP specific ACL rule information Parameters Type Function Description icmp type icmp type icmp code...

Страница 559: ...rning the source port in the ACL rule This keyword is only available to the ACL rules with their protocol types set to TCP or UDP destination Removes the settings concerning the destination address in...

Страница 560: ...xistent rule The unmodified part of the rule remains With the auto match order specified for the ACL you cannot modify any existent rule otherwise the system prompts error information z If you do not...

Страница 561: ...ation of the ACLs 1 1 13 rule for Layer 2 ACLs Syntax rule rule id deny permit rule string undo rule rule id View Layer 2 ACL view Parameters rule id ACL rule ID in the range of 0 to 65534 deny Drops...

Страница 562: ...ator the value of vlan id2 does not need to be greater than that of vlan id1 because the device can automatically judge the value range Note that if you specify a combination of lt 1 or gt 4093 the de...

Страница 563: ...eating an ACL rule the rule will be numbered automatically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule number plus one If the current grea...

Страница 564: ...cimal numbers respectively src ip ipv6 address prefix length Specifies the source IPv6 address information Arguments ipv6 address and prefix length indicate the IPv6 address and prefix length respecti...

Страница 565: ...cify the rule id argument when creating an ACL rule the rule will be numbered automatically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule nu...

Страница 566: ...undo rule comment command to remove the comment defined for the ACL rule You can give rules comments to provide relevant information such as their application purposes and the ports they are applied t...

Страница 567: ...ange in the form of hh mm end time End time of a periodic time range in the form of hh mm The end time must be greater than the start time days of the week Day of the week when the periodic time range...

Страница 568: ...when the system time is within one of the absolute time sections z If both a periodic time section and an absolute time section are defined in a time range the time range is active only when the peri...

Страница 569: ...1 1 12 display qos interface traffic shape 1 11 1 1 13 display qos interface traffic statistic 1 12 1 1 14 display qos port group 1 13 1 1 15 display qos vlan 1 14 1 1 16 display queue scheduler 1 15...

Страница 570: ...c 1 42 1 1 38 traffic statistic vlan 1 43 Chapter 2 QoS Profile Configuration Commands 2 1 2 1 QoS Profile Configuration Commands 2 1 2 1 1 apply qos profile 2 1 2 1 2 display qos profile 2 2 2 1 3 pa...

Страница 571: ...stem view Parameter None Description Use the burst mode enable command to enable the burst function Use the undo burst mode enable command to disable the burst function By default the burst function i...

Страница 572: ...cos local precedence map Syntax display qos cos local precedence map View Any view Parameter None Description Use the display qos cos local precedence map command to display the CoS precedence to loc...

Страница 573: ...the DSCP precedence to local precedence mapping table Related command qos dscp local precedence map Example Display the DSCP precedence to local precedence mapping table Sysname display qos dscp loca...

Страница 574: ...C S3100 Series Ethernet Switches Chapter 1 QoS Commands 1 4 27 1 28 1 29 1 30 1 31 1 32 2 33 2 34 2 35 2 36 2 37 2 38 2 39 2 40 2 41 2 42 2 43 2 44 2 45 2 46 2 47 2 48 3 49 3 50 3 51 3 52 3 53 3 54 3...

Страница 575: ...ccounting configuration Description Use the display qos global command to display the QoS related configuration performed for all the packets Example Display all the QoS configurations performed for a...

Страница 576: ...lay qos interface all Syntax display qos interface interface type interface number unit id all View Any view Parameter interface type interface number Specifies the type and number of a port for which...

Страница 577: ...splay qos interface interface type interface number unit id line rate View Any view Parameter interface type interface number Specifies the type and number of a port for which the line rate configurat...

Страница 578: ...d to display the traffic mirroring configuration of a port or all the ports on the device Related command mirrored to Example Display the traffic mirroring configuration of Ethernet 1 0 1 on an S3100...

Страница 579: ...lay qos interface traffic limit command to display the traffic policing configuration of a port or all the ports on the device This command also displays the traffic policing statistics Related comman...

Страница 580: ...y the priority marking configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet 1 0 1 traffic priority Ethernet1 0 1 traffic priority Inbound Matches Acl 2000 rule 0 running Priority act...

Страница 581: ...elated command traffic redirect Example Display the traffic redirecting configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet 1 0 1 traffic redirect Ethernet1 0 1 traffic redirect Inb...

Страница 582: ...on the device Related command traffic shape Example Display the traffic shaping configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet 1 0 1 traffic shape Ethernet1 0 1 QID status max...

Страница 583: ...mand also displays traffic statistics Related command traffic statistic Example Display the traffic accounting configuration information and traffic statistics on Ethernet 1 0 1 Sysname display qos in...

Страница 584: ...y qos port group command to display specific QoS related configuration of a port group Example Display all the QoS related configurations of port group 1 Sysname display qos port group 1 all Port grou...

Страница 585: ...uration performed for a VLAN Example Display all the QoS related configuration performed for VLAN 1 Sysname display qos vlan 1 all Vlan 1 traffic limit Inbound Matches Acl 3001 rule 0 running Target r...

Страница 586: ...8 z GigabitEthernet port 64 to 1 000 000 The granularity of port rate limit is 64 Kbps Assume that the value you provide for the target rate argument is in the range N 64 to N 1 64 N is a natural numb...

Страница 587: ...plicates inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 8 and Table 1 9 Note that the...

Страница 588: ...ing for packets that match Use the undo mirrored to command to remove traffic mirroring configuration globally or for a port group or a port Note that the same ACL cannot be simultaneously referenced...

Страница 589: ...Table 1 9 Note that the ACL rules referenced must be those defined with the permit keyword specified cpu Duplicates the packets to the CPU monitor interface Duplicates the packets to the destination m...

Страница 590: ...vlan 1 inbound ip group 2000 monitor interface Display the traffic mirroring configuration of VLAN 1 Sysname display qos vlan 1 mirrored to Vlan 1 mirrored to Inbound Matches Acl 2000 rule 1 running...

Страница 591: ...packet the switch replaces the 802 1p priority of the packet with the port priority searches for the local precedence corresponding to the port priority of the receiving port in the 802 1p to local p...

Страница 592: ...o is determined by its local precedence z DSCP precedence Ranges from 0 to 63 By default packets with DSCP values from 0 to 15 are put into queue 0 those from 16 to 31 in queue 1 from 32 to 47 in queu...

Страница 593: ...al prec Local precedence to which CoS 2 is to be mapped in the range 0 to 3 cos3 map local prec Local precedence to which CoS 3 is to be mapped in the range 0 to 3 cos4 map local prec Local precedence...

Страница 594: ...to 3 and 7 to 3 Sysname system view System View return to User View with Ctrl Z Sysname qos cos local precedence map 0 0 1 1 2 2 3 3 Display the configuration result Sysname display qos cos local prec...

Страница 595: ...e mapping table The default DSCP precedence to local precedence mapping tables as shown in Table 1 11 Table 1 11 The default DSCP precedence to local precedence mapping table DSCP Local precedence 0 t...

Страница 596: ...mands 1 26 Sysname display qos dscp local precedence map dscp local precedence map dscp local precedence queue 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 2 9 2 10 2 11 2 12 2 13 2 14 2 15 2 16 1 17 1 18 1 19 1...

Страница 597: ...ight queue1 weight queue2 weight wrr queue0 weight queue1 weight queue2 weight queue3 weight undo queue scheduler View System view Parameter strict priority Adopts the strict priority SP algorithm for...

Страница 598: ...e weight values for queues 0 to 3 are set as 1 2 4 and 8 corresponding to w0 w1 w2 and w3 respectively In this case when data traffic of the four output queues on the port exceeds the port processing...

Страница 599: ...hing specific ACL rules or packets that match specific ACL rules and are of a port group or pass a port Related command traffic limit Example Clear the traffic policing statistics on packets matching...

Страница 600: ...to clear the statistics on the inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 8 and T...

Страница 601: ...reset traffic statistic vlan 1 inbound ip group 2000 1 1 30 traffic limit Syntax traffic limit inbound acl rule target rate burst bucket burst bucket size conform con action exceed exceed action meter...

Страница 602: ...The con action argument can be z remark dscp dscp value Sets the DSCP precedence for the packets The dscp value argument is in the range of 0 to 63 You can also enter a keyword listed in Table 1 13 fo...

Страница 603: ...rwards the packets z remark dscp dscp value Resets the DSCP precedence of the packets and forwards them at the same time The DSCP value is in the range of 0 to 63 You can also enter a keyword listed i...

Страница 604: ...r View with Ctrl Z Sysname acl number 4000 Sysname acl ethernetframe 4000 rule permit source 200 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 traffic limi...

Страница 605: ...e 1 14 for this argument exceed exceed action Sets the actions on the part of the packets exceeding the specified traffic when the packet traffic exceeds the specified traffic The actions include z dr...

Страница 606: ...th Ctrl Z Sysname traffic limit vlan 1 inbound link group 4000 128 exceed drop 1 1 32 traffic priority Syntax traffic priority inbound acl rule dscp dscp value cos cos value local precedence pre value...

Страница 607: ...Sysname system view System View return to User View with Ctrl Z Sysname acl number 4000 Sysname acl ethernetframe 4000 rule permit cos 5 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet...

Страница 608: ...and are of a VLAN By default priority marking is disabled on a VLAN Related command display qos vlan Note The priority marking function configured on a VLAN is only applicable to packets tagged with 8...

Страница 609: ...specific ACL rules or the packets that match specific ACL rules and are of a port group or pass a port You can redirect packets to a port or the CPU Note that the same ACL cannot be simultaneously re...

Страница 610: ...le 1 8 and Table 1 9 Note that the ACL rules referenced must be those defined with the permit keyword specified cpu Redirects the packets to the CPU interface interface type interface number Redirects...

Страница 611: ...2000 rules and are of VLAN 1 to Ethernet 1 0 7 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 1 1 1 0 0 0 0 255 Sysna...

Страница 612: ...rameter inbound Generates statistics on inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1...

Страница 613: ...1 to 4094 inbound Generates statistics on inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table...

Страница 614: ...xample Generate statistics on packets that match ACL 2000 and are of VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit s...

Страница 615: ...f 1 to 32 characters and starting with English letters a z A Z interface list List of Ethernet ports You can specify multiple Ethernet ports by providing this argument in the form of interface type in...

Страница 616: ...erface type interface number Specifies the type and number of a port to display the QoS profile applied on the port user user name Specifies the name of an 802 1x authentication user The user name arg...

Страница 617: ...et filter inbound ip group 2000 rule 0 traffic limit inbound ip group 3000 rule 0 64 traffic priority inbound ip group 4000 rule 0 cos controlled load Table 2 1 Description on the fields of the displa...

Страница 618: ...nbound Filters the inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 8 and Table 1 9 Desc...

Страница 619: ...corresponding QoS profile view Use the undo qos profile command to remove a QoS profile A QoS profile currently applied to a port cannot be removed or modified To remove or modify a QoS profile alread...

Страница 620: ...cation mode to be port based Example Configure the QoS profile application mode on Ethernet 1 0 1 to be port based Sysname system view System View return to User View with Ctrl Z Sysname interface Eth...

Страница 621: ...value argument is in the range 0 to 7 You can also enter a keyword listed in Table 1 14 for this argument exceed exceed action Sets the actions on the part of the packets exceeding the specified traf...

Страница 622: ...st be those defined with the permit keyword specified dscp dscp value Sets the DSCP precedence The dscp value argument is in the range 0 to 63 You can also enter a keyword listed in Table 1 13 for thi...

Страница 623: ...al For Soliton QoS QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration Commands 2 9 Sysname qos profile a123 Sysname qos profile a123 traffic priority inbound link group...

Страница 624: ...1 1 1 1 Mirroring Commands 1 1 1 1 1 display mirroring group 1 1 1 1 2 mirroring group 1 3 1 1 3 mirroring group mirroring port 1 4 1 1 4 mirroring group monitor port 1 5 1 1 5 mirroring group reflect...

Страница 625: ...Specifies to display the parameter settings of local port mirroring groups remote destination Specifies to display the parameter settings of the destination groups for remote mirroring remote source S...

Страница 626: ...and Field Description mirroring group Port mirroring group number type Port mirroring group type which can be local remote source or remote destination status Status of the port mirroring group which...

Страница 627: ...oup for remote port mirroring remote source Specifies the mirroring group as the source mirroring group for remote port mirroring Description Use the mirroring group command to create a port mirroring...

Страница 628: ...s or port lists both Specifies to mirror the packets received on and sent from the source mirroring port inbound Specifies to mirror the packets received on the source mirroring port outbound Specifie...

Страница 629: ...roup monitor port command to configure the destination port for a local mirroring group or a remote destination mirroring group Use the undo mirroring group monitor port to remove the destination port...

Страница 630: ...ote the following when you configure the reflector port z The reflector port cannot be a member port of an aggregation group or a port enabled with LACP or STP It must be an access port and cannot be...

Страница 631: ...ng a VLAN as the remote probe VLAN for a remote source destination mirroring group you need to use the remote probe vlan enable command to configure the VLAN as a remote probe VLAN first Related comma...

Страница 632: ...ally create local mirroring group 1 and add the source port to the group if mirroring group 1 already exists but is not a local mirroring group your configuration of the source port will fail Examples...

Страница 633: ...switch creates the local mirroring group 1 and adds the port to the group if mirroring group 1 already exists but is not a local mirroring group your configuration of the destination port will fail Ex...

Страница 634: ...s the remote probe VLAN z A remote probe VLAN cannot be removed directly To do that you need to run the undo remote probe vlan enable command in VLAN view first Related commands mirroring group remote...

Страница 635: ...ndp timer hello 2 5 2 1 5 reset ndp statistics 2 6 2 2 NTDP Configuration Commands 2 6 2 2 1 display ntdp 2 6 2 2 2 display ntdp device list 2 8 2 2 3 ntdp enable 2 10 2 2 4 ntdp explore 2 11 2 2 5 nt...

Страница 636: ...2 3 22 tftp get 2 40 2 3 23 tftp put 2 41 2 3 24 tftp server 2 42 2 3 25 timer 2 43 2 3 26 tracemac 2 44 2 4 Enhanced Cluster Feature Configuration Commands 2 45 2 4 1 black list 2 45 2 4 2 display c...

Страница 637: ...epends on the members keyword as follows z If the members keyword is not specified the output information indicates that the local switch is the main switch Besides the number of the switches containe...

Страница 638: ...e Device S3100 MAC Address 000f e20f 3130 Member status Up IP 129 10 1 16 16 Member number 2 Name stack_2 Sysname Device S3100 MAC Address 000f e20f 3135 Member status Up IP 129 10 1 17 16 Table 1 1 D...

Страница 639: ...from sending forwarding stack join in requests to from its connected switch By default the stack port function on a stack port is enabled indicating that a switch can send forward the stack join in r...

Страница 640: ...t stack_0 Sysname 1 1 4 stacking enable Syntax stacking enable undo stacking enable View System view Parameter None Description Use the stacking enable command to create a stack Use the undo stacking...

Страница 641: ...ing the stack When adding a switch to a stack the main switch picks an IP address from the IP address pool and assigns the IP address to it The stacking ip pool command can only be executed on switche...

Страница 642: ...a slave switch is not of the same network segment as that of the stack address pool the main switch or the slave switch automatically removes the existing IP address and picks a new one from the stac...

Страница 643: ...ber Description Use the display ndp command to display all NDP configuration and operating information including the global NDP status the interval to send NDP packets the holdtime of NDP information...

Страница 644: ...01 Device Name H3C S3100 Port Duplex AUTO Product Ver 3100 BootROM Ver 506 Table 2 1 Description on the fields of the two commands Field Description Neighbor Discovery Protocol is enabled NDP is enabl...

Страница 645: ...ndp enable interface interface list View System view Ethernet port view Parameters interface list Ethernet port list in the format of interface type interface number to interface type interface number...

Страница 646: ...d to set the holdtime of the NDP information This command specifies how long an adjacent device should hold the NDP neighbor information received from the local switch before discarding the informatio...

Страница 647: ...se the undo ndp timer hello command to restore the default interval By default this interval is 60 seconds A switch should update the NDP information of its neighbors regularly so that the switch can...

Страница 648: ...command if you specify the interface keyword the command will clear NDP statistics on the specified ports if you do not specify the interface keyword the command will clear NDP statistics on all port...

Страница 649: ...lection total time 92ms Table 2 2 Description on the fields of the display ntdp command Field Description NTDP is running NTDP is enabled globally on this device Hops Hop count for topology collection...

Страница 650: ...t MAC HOP IP PLATFORM 000f e20f 3901 0 100 100 1 1 24 S3100 000f e20f 3190 1 16 1 1 1 24 S3100 Table 2 3 Description on the fields of the display ntdp device list command Field Description MAC MAC add...

Страница 651: ...r switch of cluster 1234 Administrator MAC 00e0 fc11 1111 Stack Candidate switch Peer MAC Peer Port ID Native Port ID Speed Duplex 000f e200 0144 Ethernet0 3 Ethernet0 24 100 FULL 00e0 fc00 3100 Ether...

Страница 652: ...lected device for the cluster Peer MAC MAC address of a neighbor device connected to the collected device Peer Port ID Index of the port on the neighbor device connected to the collected device Native...

Страница 653: ...llection process NTDP is able to periodically collect topology information In addition you can use this command to manually start a topology collection process at any moment If you do this NTDP collec...

Страница 654: ...from the collecting device to the collected devices For example if you set the maximum hops to two the switch initiating the topology collection collects topology information from the switches within...

Страница 655: ...on process manually z After a cluster is set up the management switch will collect the topology information of the network at the topology collection interval you set and automatically add the candida...

Страница 656: ...logy collection requests Examples Set the delay for collected switches to forward topology collection requests to 300 ms aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sys...

Страница 657: ...sword View Cluster view Parameters member number Member number assigned to the candidate device to be added to the cluster This argument ranges from 1 to 255 H H H MAC address of the candidate device...

Страница 658: ...ew return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster add member 6 mac address 000f e20f 35e7 password 123456 2 3 2 administrator address Syntax administrator address mac addr...

Страница 659: ...ster aaa_1 Sysname cluster undo administrator address 2 3 3 auto build Syntax auto build recover View Cluster view Parameters recover Recovers all member devices Description Use the auto build command...

Страница 660: ...ceived from the public network The two ACL rules will be automatically applied to all ports of the cluster members z After a cluster is built automatically ACL 3998 and ACL 3999 can neither be configu...

Страница 661: ...name CLST 5 LOG 1 Member 000f e200 7800 is joined in cluster aaa Apr 3 08 12 37 863 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e200 2420 is joined in cluster aaa Apr 3 08 12 37 996 2000 aaa_0 Sysname...

Страница 662: ...candidate device as well as on a management device Executing the build command on a candidate device will change the device to a management device and assign a name to the cluster created on the devic...

Страница 663: ...luster the candidate device changes to a member device and its UDP port 40000 is opened at the same time z When you execute the auto build command on the management device to have the system automatic...

Страница 664: ...DPIndex 0 00 00 00 00 00 12 a9 90 22 40 Role 1 aaa_0 Sysname cluster 2 3 5 cluster Syntax cluster View System view Parameters None Description Use the cluster command to enter cluster view Examples En...

Страница 665: ...z When you execute undo cluster enable command on a device that does not belong to any cluster the cluster function is disabled on the device and thus you cannot create a cluster on the device or add...

Страница 666: ...ange the super password of any cluster member or the management device so as to avoid switching failure resulting from authentication failure z After you switch from the management device to a member...

Страница 667: ...Pv2 protocol packets configured on the management device through the multicast MAC synchronization packets the member devices can learn the multicast MAC address of HGMPv2 protocol packets and use it...

Страница 668: ...ter so that HGMPv2 protocol packets can be forwarded normally within the cluster HGMPv2 multicast MAC synchronization packets are Layer 2 multicast packets If you set this interval to zero on a manage...

Страница 669: ...the delete member command with the to black list keyword specified to remove a device and add the device to the blacklist of the cluster z Before using the delete member command to remove a device fr...

Страница 670: ...member devices in the cluster cluster status holdtime and interval to send handshake packets Executing this command on a device that does not belong to any cluster will display an error Examples Disp...

Страница 671: ...dtime of the neighbor status information which can be configured through the holdtime command Administrator device mac address MAC address of the management device Administrator status Status of the m...

Страница 672: ...ay information about all candidate devices aaa_0 Sysname cluster display cluster candidates MAC HOP IP PLATFORM 3900 0000 3334 2 16 1 1 11 24 S3100 000f e20f 3190 1 16 1 1 1 24 S3100 Table 2 6 Descrip...

Страница 673: ...display cluster members Syntax display cluster members member number verbose View Any view Parameters member number Member number of a device ranging from 0 to 255 verbose Displays detailed informatio...

Страница 674: ...Member number 0 Name aaa_0 Sysname Device S3100 MAC Address 000f e20f 3901 Member status Admin Hops to administrator device 0 IP 100 100 1 1 24 Version H3C Comware Platform Software Comware Software...

Страница 675: ...in the cluster Name Device name Device Device type MAC Address Device MAC address Member status Device status Hops to administrator device Hops from the device to the management device IP Device IP a...

Страница 676: ...in 2 3 15 ftp server Syntax ftp server ip address undo ftp server View Cluster view Parameters ip address IP address of the FTP server to be configured for the cluster Description Use the ftp server...

Страница 677: ...r to the member device according to the NAT record Examples Configure FTP server 1 0 0 9 on the management device of a cluster aaa_0 Sysname system view System View return to User View with Ctrl Z aaa...

Страница 678: ...mask ip mask length undo ip pool View Cluster view Parameters administrator ip address IP address for the device to be set as the management device of a cluster ip mask Mask of the cluster IP address...

Страница 679: ...o configure a shared log host for a cluster on the management device Use the undo logging host command to remove the shared log host setting By default no shared log host is configured After setting t...

Страница 680: ...on a device only when no cluster is created on the device You cannot change the management VLAN on a device that already joins a cluster If you want to change the management VLAN on a device where a...

Страница 681: ...s you can use the remote control function on the management device to maintain the member device remotely For example from the management device you can delete the configuration file on a member devic...

Страница 682: ...re SNMP NMS address 1 0 0 9 on the management device for the cluster aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster snmp host 1 0 0 9...

Страница 683: ...app vs app 2 3 23 tftp put Syntax tftp cluster tftp server put source file destination file View User view Parameters cluster Uploads files through the shared TFTP server of the cluster tftp server IP...

Страница 684: ...o be configured for the cluster Description Use the tftp server command to configure a shared TFTP server for the cluster on the management device Use the undo tftp server command to remove the shared...

Страница 685: ...etween sending handshake packets Use the undo timer command to restore the default value of the interval By default the interval between sending handshake packets is 10 seconds In a cluster the manage...

Страница 686: ...luster through the specified destination MAC address or IP address and to display the path from the current device to the destination device Note z When using the destination IP address to trace a dev...

Страница 687: ...00f e232 0005 H3C05 Local 2 4 Enhanced Cluster Feature Configuration Commands 2 4 1 black list Syntax black list add mac mac address black list delete mac all mac address View Cluster view Parameters...

Страница 688: ...me system view Enter system view return to user view with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster black list add mac 0010 3500 e001 Delete all addresses in the current cluster blacklist aaa...

Страница 689: ...e layers above or below the node specified by the MAC address member member id Displays the structure of the standard topology three layers above or below the node specified by the member ID Descripti...

Страница 690: ...er device MAC address For example P_0 40 P_0 6 Sysname 000f e200 2200 means that the peer device uses its port Ethernet 1 0 40 to connect to port Ethernet 1 0 6 of the local device the peer device nam...

Страница 691: ...ers mac address mac address1 Displays the topology structure three layers above or below the node specified by the MAC address If to mac address is specified mac address1 is the start point of the rou...

Страница 692: ...d Examples Display the topology of the current cluster aaa_0 Sysname display cluster current topology PeerPort ConnectFlag NativePort SysName DeviceMac ConnectFlag normal connect odd connect in blackl...

Страница 693: ...that displayed by the display cluster members command However if you want to display information about a device that is enabled with only NTDP and is not in any cluster you have to use the display ntd...

Страница 694: ...cal device connecting to the peer device Speed Rate of the local port connecting to the peer device Duplex Duplex mode of the local port connecting to the peer device 2 4 7 topology accept Syntax topo...

Страница 695: ...vice in the IRF fabric Related commands display cluster base topology topology restore from topology save to Examples Save the current cluster topology as the base topology and save it in the local fl...

Страница 696: ...nd on the cluster administrative device Related commands topology accept topology save to Examples Restore the base cluster topology from the flash of the management device in the cluster aaa_0 Sysnam...

Страница 697: ...the management device of a cluster Related commands topology restore from Examples Enter Cluster view aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0...

Страница 698: ...snmp agent community 1 15 1 1 13 snmp agent group 1 16 1 1 14 snmp agent local engineid 1 18 1 1 15 snmp agent log 1 19 1 1 16 snmp agent mib view 1 20 1 1 17 snmp agent packet max size 1 22 1 1 18 sn...

Страница 699: ...Command Manual For Soliton SNMP RMON H3C S3100 Series Ethernet Switches Table of Contents ii 2 1 8 rmon event 2 12 2 1 9 rmon history 2 13 2 1 10 rmon prialarm 2 14 2 1 11 rmon statistics 2 16...

Страница 700: ...x display snmp agent local engineid remote engineid View Any view Parameters local engineid Displays the local SNMP entity engine ID remote engineid Displays all the remote SNMP entity engine IDs At p...

Страница 701: ...unities with read write permission Description Use the display snmp agent community command to display the information about the SNMPv1 SNMPv2c communities with the specific access permission SNMPv1 a...

Страница 702: ...ent community command to configure a community name for SNMPv1 or SNMPv2c the group name is the community name If you use the snmp agent usm user v1 v2c command to configure a username the group name...

Страница 703: ...play snmp agent group Group name v3group Security model v3 noAuthnoPriv Readview ViewDefault Writeview ViewDefault Notifyview ViewDefault Storage type nonVolatile Table 1 2 display snmp agent group co...

Страница 704: ...lay the MIB view configuration of the current Ethernet switch including view name MIB subtree subtree mask and so on For the description of the configuration items of MIB view refer to the related des...

Страница 705: ...lay snmp agent statistics command to display the statistics on SNMP packets The statistics are collected from the time when the switch is started and the statistics will not be cleared if the SNMP is...

Страница 706: ...ch used a SNMP community name not known The total number of SNMP messages delivered to the SNMP protocol entity which used an SNMP community name not known to said entity Messages which represented an...

Страница 707: ...by the SNMP protocol entity GetResponse PDU accepted and processed The total number of SNMP Get Response PDUs which have been accepted and processed by the SNMP protocol entity SetRequest PDU accepted...

Страница 708: ...cal location of the device and the employed SNMP version This command displays all the system SNMP information if you execute it with no keyword specified The display snmp agent sys info command displ...

Страница 709: ...Display the modules that can generate traps and whether the trap function is enabled on the modules Sysname display snmp agent trap list configuration trap enable flash trap enable standard trap disab...

Страница 710: ...validity of the sending end of the packets preventing access of illegal users the latter is used to encrypt packets between the NMS and agent preventing the packets from being intercepted A more secu...

Страница 711: ...down command to enable the sending of port interface linkUp linkDown traps Use the undo enable snmp trap updown command to disable the sending of linkUp linkDown traps By default the sending of port i...

Страница 712: ...e Ethernet1 0 1 enable snmp trap updown 1 1 10 snmp agent Syntax snmp agent undo snmp agent View System view Parameters None Description Use the snmp agent command to enable the SNMP agent Use the und...

Страница 713: ...ssword md5 Uses HMAC MD5 algorithm sha Uses HMAC SHA algorithm which is securer than MD5 algorithm local engineid Uses the local engine ID to calculate the key specified engineid Uses the specified en...

Страница 714: ...meters read Specifies that the community to be created has read only permission to MIB objects Communities of this type can only query MIBs for device information write Specifies that the community to...

Страница 715: ...iew return to User View with Ctrl Z Sysname snmp agent community read comaccess Create an SNMP community named mgr which has read write permission to MIB objects Sysname snmp agent community write mgr...

Страница 716: ...s with specific source addresses thus restricting access between the NMS and the agent Description Use the snmp agent group command to create an SNMP group and set the security mode and corresponding...

Страница 717: ...but their security modes are noAuthnoPriv and AuthPriv respectively Sysname display snmp agent group Group name v3group Security model v3 noAuthnoPriv Readview ViewDefault Writeview ospf Notifyview o...

Страница 718: ...to 123456789A Sysname system view System View return to User View with Ctrl Z Sysname snmp agent local engineid 123456789A 1 1 15 snmp agent log Syntax snmp agent log set operation get operation all...

Страница 719: ...al Examples Enable logging for both the get and the set operations performed on the NMS Sysname system view System View return to User View with Ctrl Z Sysname snmp agent log all 1 1 16 snmp agent mib...

Страница 720: ...y the same as the sub OID at the corresponding position of the MIB subtree OID Note the following when defining a MIB view with a mask z If the bit number of a mask value is more than the number of su...

Страница 721: ...max size byte count undo snmp agent packet max size View System view Parameters byte count Maximum SNMP packet size in bytes to be set ranging from 484 to 17 940 Description Use the snmp agent packet...

Страница 722: ...mand to set the system information including geographical location of the switch contact information for system maintenance and the SNMP version employed by the switch Use the undo snmp agent sys info...

Страница 723: ...host trap address udp domain ip address udp port port number params securityname security string v1 v2c v3 authentication privacy undo snmp agent target host ip address securityname security string V...

Страница 724: ...to specify the types of the SNMP traps a device can send by default a device can send all types of SNMP traps 2 Use the snmp agent target host command to set the address of the destination for the SN...

Страница 725: ...device to send SNMP traps that are of specified types Use the undo snmp agent trap enable command to disable a device from sending SNMP traps that are of specified types By default a device sends all...

Страница 726: ...linkDown portIndex is 4227634 ifAdminStatus is 2 ifOperStatus is 2 Apr 2 05 53 16 094 2000 H3C IFNET 5 TRAP 1 1 3 6 1 6 3 1 1 5 3 linkDown Interface 31 is Down Configure the extended linkUp linkDown t...

Страница 727: ...undo snmp agent trap life command to restore the default SNMP trap aging time By default the SNMP trap aging time is 120 seconds The system discards the traps that timed out and not sent in the SNMP t...

Страница 728: ...iest will be discarded Related commands snmp agent trap enable snmp agent target host and snmp agent trap life Examples Set the SNMP trap queue length to 200 Sysname system view System View return to...

Страница 729: ...rface is assigned an IP address Related commands snmp agent trap enable snmp agent target host Examples Configure VLAN interface 1 as the source interface for the SNMP traps sent Sysname system view S...

Страница 730: ...the NMS the NMS can establish a connection with the SNMP To make the configured user take effect you must create a group first Related commands snmp agent group snmp agent community and snmp agent loc...

Страница 731: ...5 Uses HMAC MD5 algorithm for authentication sha Uses HMAC SHA algorithm for authentication which is securer than MD5 auth password Authentication password a string of 1 to 64 characters in plain text...

Страница 732: ...i password argument can be obtained by the snmp agent calculate password command To make the calculated cipher text password applicable to the snmp agent usm user v3 cipher command ensure that the sam...

Страница 733: ...ion with the device Then the NMS can access the MIB objects in the view ViewDefault on the device Add a user named testUser to the SNMPv3 group named testGroup in cipher mode namely the authentication...

Страница 734: ...sampled node sampling interval rising and falling thresholds that trigger alarms the condition under which an alarm is triggered and the last sampled value Related commands rmon alarm Examples Display...

Страница 735: ...riggered When startup enables The condition under which an alarm is triggered which can be z risingOrFallingAlarm An alarm is triggered when the rising or falling threshold is reached z risingAlarm An...

Страница 736: ...of an entry in the RMON event table VALID The status of the entry identified by the index is valid Description RMON event description Will cause log trap when triggered The event triggers logging and...

Страница 737: ...m sample type is absolute Table 2 3 display rmon eventlog command output description Field Description Event table Index of an entry in the RMON event table VALID The status of the entry identified by...

Страница 738: ...his command displays the RMON history information about all the ports units Related commands rmon history Examples Display the RMON history information about Ethernet 1 0 1 Sysname display rmon histor...

Страница 739: ...e packets with CRC errors jabbers Number of the oversize packets with CRC errors collisions Number of the packets that cause collisions utilization Bandwidth utilization 2 1 5 display rmon prialarm Sy...

Страница 740: ...olute or delta Variable formula Variable formula of the sampled node Description Description Sampling interval Sampling interval in seconds The system collects statistics of the port at this interval...

Страница 741: ...information displayed includes the number of z Collisions z Packets with CRC errors z Undersize Oversize packets z Broadcast multicast packets z Received bytes z Received packets Related commands rmo...

Страница 742: ...ize packets received with CRC errors etherStatsJabbers Number of oversize packets received with CRC errors etherStatsCRCAlignErrors Number of packets received with CRC errors etherStatsCollisions Numb...

Страница 743: ...he owner of the entry a string of 1 to 127 characters Description Use the rmon alarm command to add an alarm entry to the alarm table If you do not specify the owner text keyword argument combination...

Страница 744: ...alarm entry z Make sure the node to be monitored exists before executing the rmon alarm command Examples Add the alarm entry numbered 1 as follows z The node to be monitored 1 3 6 1 2 1 16 1 1 1 4 1...

Страница 745: ...cter string of 1 to 127 characters none Specifies that the event triggers no action owner text Specifies the owner of the event entry a string of 1 to 127 characters Description Use the rmon event com...

Страница 746: ...owner of the entry is displayed as null Use the undo rmon history command to remove an entry from the history control table You can use the rmon history command to sample a specific port You can also...

Страница 747: ...ake sure the operation results of each step are valid long integers prialarm des Alarm description a string of 1 to 128 characters sampling timer Sampling interval in seconds in the range 10 to 65535...

Страница 748: ...d alarm expression prialarm formula z Comparing the operation result with the set thresholds and perform corresponding operations as described in Table 2 8 Table 2 8 Operation result and corresponding...

Страница 749: ...tistics entry number View Ethernet port view Parameters entry number Statistics entry Index in the range 1 to 65535 owner text Specifies the owner of the entry a string of 1 to 127 characters Descript...

Страница 750: ...created for a given port you will fail to create a statistics entry with a different index for the port You can use the display rmon statistics command to display the information about the statistics...

Страница 751: ...ss 1 5 1 1 5 ntp service authentication enable 1 7 1 1 6 ntp service authentication keyid 1 7 1 1 7 ntp service broadcast client 1 8 1 1 8 ntp service broadcast server 1 9 1 1 9 ntp service in interfa...

Страница 752: ...ervice broadcast server ntp service multicast client and ntp service multicast server commands enables the NTP feature and opens UDP port 123 at the same time z Execution of the undo form of one of th...

Страница 753: ...e the IP address of the local clock 2 If the reference clock is the clock of another switch on the network the value of this field will be the IP address of that switch stra Stratum of the clock of th...

Страница 754: ...ce status Syntax display ntp service status View Any view Parameter None Description Use the display ntp service status command to display the status of NTP services Example View the status of the NTP...

Страница 755: ...cal hardware clock in Hz Clock precision Precision of the local hardware clock Clock offset Offset of the local clock relative to the reference clock in milliseconds Root delay Roundtrip delay between...

Страница 756: ...m level of the corresponding system clock offset The clock offset relative to the upper level clock in milliseconds synch distance The synchronization distance relative to the upper level clock in sec...

Страница 757: ...e to the local NTP server Use the undo ntp service access command to remove the configured access control right to the local NTP server By default the access control right from the remote device to th...

Страница 758: ...the NTP authentication is disabled Refer to the ntp service reliable authentication keyid and ntp service authentication keyid commands for related configuration Example Enable the NTP authentication...

Страница 759: ...ey Related commands ntp service reliable authentication keyid Example Configure an MD5 authentication key with the key ID being 10 and the key being BetterKey Sysname system view System View return to...

Страница 760: ...o 4294967295 You do not need to configure authentication keyid key id if authentication is not required version number Specifies the NTP version number which ranges from 1 to 3 The default version num...

Страница 761: ...the interface can receive NTP messages Example Disable Vlan interface1 from receiving NTP messages Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sy...

Страница 762: ...VLAN interface view Parameter ip address Multicast IP address in the range of 224 0 1 0 to 239 255 255 255 The default IP address is 224 0 1 1 Description Use the ntp service multicast client command...

Страница 763: ...umber argument ranges from 1 to 255 and defaults to 16 version number Specifies the NTP version number which ranges from 1 to 3 and defaults to 3 Description Use the ntp service multicast server comma...

Страница 764: ...move the configuration By default no trusted key is configured When NTP authentication is enabled a client can be synchronized only to a server that can provide a trusted authentication key Related co...

Страница 765: ...o specify a specific interface to send all NTP packets In this way the IP address of the interface is the source IP address of all NTP messages sent by the local device Example Specify the source IP a...

Страница 766: ...de Use the undo ntp service unicast peer command to remove the configuration By default no NTP operate mode is configured Note If you use remote ip or peer name to specify a remote device as the peer...

Страница 767: ...rface vlan id Specifies an interface whose IP address serves as the source IP address of NTP packets sent by the local switch to the server version number Specifies the NTP version number The number a...

Страница 768: ...port rsa 1 14 1 1 13 public key local export dsa 1 16 1 1 14 public key peer 1 18 1 1 15 public key peer import sshkey 1 19 1 1 16 public key code begin 1 20 1 1 17 public key code end 1 20 1 1 18 rsa...

Страница 769: ...urrent switch s key pairs Related commands public key local create Examples Display the public key part of the current switch s RSA key pair s Sysname display public key local rsa public Time of Key p...

Страница 770: ...7723602787E922BA84421F22C3C89CB9B06FD60FE01941D DD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B36895038 7811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F0281810082269009E1 4E...

Страница 771: ...erated key pair may have 1024 or 1023 bits Note You can configure an SSH peer s public key on the current switch by using the public key peer command or the public key peer import sshkey command Relat...

Страница 772: ...current switch s RSA key pair s If no key pair has been generated the system prompts RSA keys not found Related commands rsa local key pair create Examples Display the public key part of the current s...

Страница 773: ...t public key and server public key when the S3100 switch is working in SSH1 compatible but only one public key the host public key when the switch is working in SSH2 mode 1 1 4 display rsa peer public...

Страница 774: ...sname display rsa peer public key brief Type Module Name DSA 1023 2 DSA 1024 a Display the information about public key abcd Sysname display rsa peer public key name abcd Key name abcd Key type RSA Ke...

Страница 775: ...FTP Server Disable SFTP idle timeout 10 minutes Caution z If you use the ssh server compatible ssh1x enable command to configure the server to be compatible with SSH1 x clients the SSH version will be...

Страница 776: ...eys saved on the client Note If an SSH client needs to authenticate the SSH server it uses the locally saved public key of the server for authentication In case the authentication fails you can use th...

Страница 777: ...rt cannot be more than 128 characters Description Use the display ssh user information command on an SSH server to display information about the current SSH users including user name authentication ty...

Страница 778: ...with peer public key end Sysname rsa public key peer public key end Sysname 1 1 9 protocol inbound Syntax protocol inbound all ssh telnet View VTY user interface view Parameters all Supports both Tel...

Страница 779: ...e protocol inbound ssh command neither of the authentication mode password and authentication mode none commands can be executed Examples Configure vty0 through vty4 to support SSH only Sysname system...

Страница 780: ...s Sysname system view System View return to User View with Ctrl Z Sysname public key local create rsa The range of public key size is 512 2048 NOTES If the key modulus is greater than 512 It will take...

Страница 781: ...c key size is 512 2048 NOTES If the key modulus is greater than 512 It will take a few minutes Input the bits in the modulus default 1024 512 Generating keys Display the public key of the DSA key pair...

Страница 782: ...command to destroy the DSA key pair or RSA key pair generated for the current switch Related commands public key local create Examples Destroy the RSA key pair of the current switch Sysname system vi...

Страница 783: ...r on the screen or export it to a specified file If you specify a filename the host public key will be exported to the file and the file will be saved If you do not specify any filename the host publi...

Страница 784: ...SSH1 and save the public key file as pub_ssh_file3 Sysname public key local export rsa ssh1 pub_ssh_file3 1 1 13 public key local export dsa Syntax public key local export dsa openssh ssh2 filename Vi...

Страница 785: ...nput the bits in the modulus default 1024 Generating keys Display the public key in the SSH2 format Sysname public key local export dsa ssh2 BEGIN SSH2 PUBLIC KEY Comment dsa key 20000406 AAAAB3NzaC1k...

Страница 786: ...e the configuration of peer public key After configuring this command you enter public key view You can use this command together with the public key code begin command to configure the peer public ke...

Страница 787: ...g Note z Only public key files in the format of SSH1 SSH2 or OpenSSH are supported z Currently only public keys whose modules are in the range 512 to 2048 bits can be imported to the switch z You may...

Страница 788: ...with Ctrl Z Sysname rsa peer public key Switch003 RSA public key view return to System View with peer public key end Sysname rsa public key public key code begin RSA key code view return to last view...

Страница 789: ...w and save the public key you input Sysname system view System View return to User View with Ctrl Z Sysname rsa peer public key Switch003 RSA public key view return to System View with peer public key...

Страница 790: ...ommand displays two public keys the host public key and server public key when the S3100 switch is working in SSH1 compatible mode but only one public key the host public key when the switch is workin...

Страница 791: ...6 74E45127 3D4CA70F 253645DA 57524DC3 513BAC53 2C1B7F8F 2481FA79 D4AA15C7 0203 010001 Time of Key pair created 02 32 06 2000 04 09 Key name Sysname_Server Key type RSA encryption Key Key code 3067 026...

Страница 792: ...peer public key Syntax rsa peer public key keyname undo rsa peer public key keyname View System view Parameters keyname Name of the public key to be configured a string of 1 to 64 characters Descripti...

Страница 793: ...characters For file naming rules refer to File System Management Command Description Use the rsa peer public key import sshkey command to import a peer public key from the public key file Use the und...

Страница 794: ...Syntax ssh authentication type default all password password publickey publickey rsa undo ssh authentication type default View System view Parameters all Specifies either the password authentication...

Страница 795: ...or the user at the same time By default no default authentication mode is specified Related commands display ssh user information Examples Specify the publickey authentication as the default authentic...

Страница 796: ...P address or host name that it used to log in to the SSH server as the public key name Note If a client does not support first time authentication it will refuse to access any unauthenticated server I...

Страница 797: ...nt that is not configured with the server s host public key can continue accessing the server when it accesses the server for the first time and it will save the host public key for use in subsequent...

Страница 798: ...the undo ssh server authentication retries command to restore the default authentication retry times By default the number of authentication retry times is 3 Caution If you have used the ssh user aut...

Страница 799: ...x clients Related commands display ssh server Examples Configure the server to be compatible with SSH1 x clients Sysname system view System View return to User View with Ctrl Z Sysname ssh server com...

Страница 800: ...User View with Ctrl Z Sysname ssh server rekey interval 3 1 1 28 ssh server timeout Syntax ssh server timeout seconds undo ssh server timeout View System view Parameters seconds Authentication timeout...

Страница 801: ...the domain name part cannot be more than 128 characters Description Use the ssh user command to create an SSH user Use the undo ssh user to delete a specified SSH user Caution An SSH user created with...

Страница 802: ...y rsa key keyname undo ssh user username assign publickey rsa key View System view Parameters username SSH user name a string of 1 to 184 characters It cannot contain any of these characters slash bac...

Страница 803: ...rvice type 1 publickey 127 0 0 1 stelnet 1 1 31 ssh user authentication type Syntax ssh user username authentication type all password password publickey publickey rsa undo ssh user username authentic...

Страница 804: ...as they pass one of the two authentications z SSH2 client users can access the switch only when they pass both the authentications Description Use the ssh user authentication type command to specify t...

Страница 805: ...haracters stelnet Specifies that the user can access the secure Telnet service sftp Specifies that the user can access the SFTP service all Specifies that the user can access both services secure Teln...

Страница 806: ...ange algorithm You can select one from the following two algorithms z dh_group1 Diffie Hellman group1 sha1 key exchange algorithm It is the default algorithm z dh_exchange_group Diffie Hellman group e...

Страница 807: ...rver using publickey authentication an SSH client needs to read its own private key for authentication As two algorithms RSA or DSA are available the identity key keyword must be used to specify one a...

Страница 808: ...1 6 1 1 6 file prompt 1 7 1 1 7 fixdisk 1 8 1 1 8 format 1 9 1 1 9 mkdir 1 10 1 1 10 more 1 11 1 1 11 move 1 12 1 1 12 pwd 1 12 1 1 13 rename 1 13 1 1 14 reset recycle bin 1 14 1 1 15 rmdir 1 16 1 1 1...

Страница 809: ...txt or flash text txt z Entering the path name or file name directly This method can be used to specify a path or a file in the current work directory For example to access file text txt in the curren...

Страница 810: ...ing the working directory using the cd command you can use the pwd command to display the current working directory 1 1 2 copy Syntax copy fileurl source fileurl dest View User view Parameter fileurl...

Страница 811: ...e character in this argument as a wildcard For example the delete txt command deletes all the files with txt as their extensions running files Specifies to delete all the files with the main attribute...

Страница 812: ...te the configuration files with the main backup attribute 3 Delete the Web files with the main backup attribute The corresponding messages are displayed as follows Delete the running image file Y N De...

Страница 813: ...rrent directory Description Use the dir command to display the information about the specified files or directories in the Flash memory on a switch z If executed with the all keyword the command will...

Страница 814: ...rw 3579326 Mar 28 2007 10 51 22 switch bin 2 rw 1235 Apr 03 2000 16 04 52 basic cfg 3 rw 140709 Apr 04 2000 21 31 08 cmdtree_b01d015 txt 4 rw 1235 Apr 04 2000 23 03 08 test txt 5 drw Apr 04 2000 23 04...

Страница 815: ...ecuted but the executed operations will not be cancelled z Not every command in a batch file is sure to be executed For example if a certain command is not correctly configured the system omits this c...

Страница 816: ...le related operations In this case the system is more likely to be damaged due to some maloperations For example z If the prompt mode is set to alert the following messages will be displayed when you...

Страница 817: ...may become unavailable for reasons such as abnormal operations you can run this command to restore the space Example Restore space on the Flash memory Sysname fixdisk unit1 flash Fixdisk flash may ta...

Страница 818: ...ified directory of a Flash memory Note that z The name of the subdirectory to be created must be unique under the specified directory Otherwise you will fail to create the subdirectory under the direc...

Страница 819: ...ents of text files Example Display the content of the file named test txt Sysname more test txt AppWizard has created this test application for you This file contains a summary of what you will find i...

Страница 820: ...e of the target file is specified the source file name is used as the target file name by default Example Move the file named 1 txt from unit1 flash to unit1 flash a with the name unchanged Sysname mo...

Страница 821: ...dest View User view Parameter fileurl source Original path name or file name of a file in the Flash memory fileurl dest Target path name or file name Description Use the rename command to rename a fil...

Страница 822: ...when you clear the files in the recycle bin on the local unit the system will ask for your confirmation for each file you want to delete However if you specify the force keyword in the command the sys...

Страница 823: ...whether all the files in the recycle bin are deleted Sysname dir all Directory of flash 0 rwh 3080 Apr 26 2000 16 41 43 private data txt 1 rw 2416 Apr 26 2000 13 45 36 config cfg 2 rw 4036197 May 14 2...

Страница 824: ...ory before deleting it Example Delete the directory named dd Sysname rmdir dd Rmdir unit1 flash dd Y N y Removed directory unit1 flash dd 1 1 16 undelete Syntax undelete file url View User view Parame...

Страница 825: ...cifies app files configuration Specifies configuration files web Specifies Web files Description Use the boot attribute switch command to switch between the main and backup attribute for all the files...

Страница 826: ...xt time on unit 1 1 2 3 boot boot loader backup attribute Syntax boot boot loader backup attribute file url View User view Parameter file url Path or the name of the app file in the Flash memory a str...

Страница 827: ...e configuration of the main or backup attribute for a Web file takes effect immediately without restarting the device z After you upgrade a Web file you need to specify the new Web file in the Boot me...

Страница 828: ...is switch bin The main boot app is switch bin The backup boot app is switchbak bin 1 2 6 display web package Syntax display web package View Any view Parameter None Description Use the display web pa...

Страница 829: ...to disable the above function By default users have to use customized passwords to enter the BOOT menu You can use the display startup command in the Configuration File Management part of the manual t...

Страница 830: ...2 1 ascii 1 6 1 2 2 binary 1 7 1 2 3 bye 1 7 1 2 4 cd 1 8 1 2 5 cdup 1 8 1 2 6 close 1 9 1 2 7 delete 1 10 1 2 8 dir 1 10 1 2 9 disconnect 1 12 1 2 10 ftp 1 12 1 2 11 get 1 13 1 2 12 lcd 1 14 1 2 13...

Страница 831: ...27 1 4 7 get 1 28 1 4 8 help 1 29 1 4 9 ls 1 29 1 4 10 mkdir 1 30 1 4 11 put 1 31 1 4 12 pwd 1 31 1 4 13 quit 1 32 1 4 14 remove 1 32 1 4 15 rename 1 33 1 4 16 rmdir 1 33 1 4 17 sftp 1 34 Chapter 2 T...

Страница 832: ...e display ftp server command to display the FTP server related settings of a switch when it operates as an FTP server including startup status number of users and so on You can use this command to ver...

Страница 833: ...up to one user User count 0 The current login user number is 0 Timeout value in minute 30 The connection idle time is 30 minutes Note The H3C S3100 series Ethernet switch supports one user access at o...

Страница 834: ...name display ftp user UserName HostIP Port Idle HomeDir administra tor 192 168 0 152 1031 0 flash Table 1 2 display ftp user command output description Field Description HostIP IP address of the FTP c...

Страница 835: ...display ftp user UserName HostIP Port Idle HomeDir admin 192 168 0 152 1029 0 flash Disconnect the user named admin from the FTP server Sysname system view System View return to User View with Ctrl Z...

Страница 836: ...rn to User View with Ctrl Z Sysname ftp server enable Start FTP server 1 1 5 ftp timeout Syntax ftp timeout minutes undo ftp timeout View System view Parameters minutes Idle timeout time in minutes in...

Страница 837: ...P client view will be omitted to avoid repetition For the configuration of the command for entering FTP client view refer to ftp z When executing the FTP client configuration commands in this section...

Страница 838: ...cription Use the binary command to specify that program files be transferred in binary mode which is used for transferring program files By default files are transferred in ASCII mode Related commands...

Страница 839: ...sing Sysname 1 2 4 cd Syntax cd path View FTP client view Parameters path Path of the target directory Description Use the cd command to change the working directory on the remote FTP server Note that...

Страница 840: ...ed commands cd pwd Examples Change the working directory to flash temp ftp cd flash temp Change the working directory to the parent directory ftp cdup Display the current directory ftp pwd 257 flash i...

Страница 841: ...command successful 1 2 8 dir Syntax dir filename localfile View FTP client view Parameters filename Name of the file to be queried localfile Name of the local file where the query result is to be sav...

Страница 842: ...12 21 default diag rwxrwxrwx 1 noone nogroup 377424 Apr 30 16 58 switch btm drwxrwxrwx 1 noone nogroup 0 Apr 28 11 41 test rwxrwxrwx 1 noone nogroup 2145 Apr 28 13 13 test txt rwxrwxrwx 1 noone nogrou...

Страница 843: ...FTP client view ftp disconnect 221 Server closing ftp 1 2 10 ftp Syntax ftp cluster remote server port number View User view Parameters cluster Connects to the configured FTP server of a cluster For t...

Страница 844: ...used when a file is downloaded and saved to the local device If this argument is not specified the source file name is used when a file is saved and downloaded to the local device Description Use the...

Страница 845: ...rameters None Description Use the lcd command to display the local working directory on the FTP client If you have logged in to the FTP server you cannot modify the local working directory of the FTP...

Страница 846: ...on The ls command only displays file names on an FTP server To query other file related information for example file size creation date and so on use the dir command Related commands pwd Examples Disp...

Страница 847: ...FTP server ftp mkdir flash lanswitch 257 flash lanswitch new directory created 1 2 15 open Syntax open ip address server name port View FTP client view Parameters ip address IP address of an FTP serv...

Страница 848: ...assive mode is adopted The differences between the passive mode and the active mode are z When working in the active mode an FTP client advertises a random port Port1 to an FTP server through TCP port...

Страница 849: ...calfile Name of a local file to be uploaded remotefile File name used after a file is uploaded and saved on an FTP server Description Use the put command to upload a local file on an FTP client to an...

Страница 850: ...ectory on the FTP server ftp pwd 257 flash temp is current directory 1 2 19 quit Syntax quit View FTP client view Parameters None Description Use the quit command to terminate FTP control connection a...

Страница 851: ...nds Caution z This command is always valid when an H3C series Ethernet switch operates as the FTP server z If you use other FTP server software refer to related instructions to know whether the FTP se...

Страница 852: ...2 rmdir Syntax rmdir pathname View FTP client view Parameters pathname Name of a directory on an FTP server Description Use the rmdir command to remove a specified directory on an FTP server Note that...

Страница 853: ...bose View FTP client view Parameters None Description Use the verbose command to enable the verbose function which displays execution information of user operations and all FTP responses Use the undo...

Страница 854: ...sers For the description of the numbers at the beginning of FTP output information refer to the corresponding section in RFC 959 1 3 SFTP Server Configuration Commands 1 3 1 sftp server enable Syntax...

Страница 855: ...value If the idle timeout time exceeds the specified threshold the system disconnects the SFTP user automatically Examples Set the idle timeout time to 500 minutes Sysname system view System View ret...

Страница 856: ...ote server Description Use the cd command to change the working path on the remote SFTP server If no remote path is specified this command displays the current working path Note z Use the cd command t...

Страница 857: ...delete remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names should be separated by spa...

Страница 858: ...e command displays details about the files and folders in the specified directory in a list If no remote path is specified this command displays the files in the current working directory This command...

Страница 859: ...ote SFTP server sftp client exit Bye Sysname 1 4 7 get Syntax get remote file local file View SFTP client view Parameters remote file Name of a file on the remote SFTP server local file Name of a loca...

Страница 860: ...d is specified this command displays all the command names Examples View the help information about the get command sftp client help get get remote path local path Download file Default local path is...

Страница 861: ...23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0...

Страница 862: ...efault the local file name is used for the remote file if no remote file name is specified Examples Upload the file named config cfg to the remote SFTP server and save it as 1 txt sftp client put conf...

Страница 863: ...and has the same effect as that of the commands bye and exit Examples Terminate a connection with the remote SFTP server sftp client quit Bye Sysname 1 4 14 remove Syntax remove remote file 1 10 View...

Страница 864: ...s operation may take a long time Please wait Received status Success File successfully Removed 1 4 15 rename Syntax rename oldname newname View SFTP client view Parameters oldname Old file name newnam...

Страница 865: ...wait Received status Success Directory successfully removed 1 4 17 sftp Syntax sftp host ip host name port num identity key dsa rsa prefer_kex dh_group1 dh_exchange_group prefer_ctos_cipher des aes128...

Страница 866: ...thm is sha1_96 z sha1 HMAC algorithm hmac sha1 z sha1_96 HMAC algorithm hmac sha1 96 z md5 HMAC algorithm hmac md5 z md5_96 HMAC algorithm hmac md5 96 Description Use the sftp command to establish a c...

Страница 867: ...mmand Manual For Soliton FTP SFTP TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Commands 1 36 Do you want to save the server s public key Y N y Enter password sftp clien...

Страница 868: ...nary Syntax tftp ascii binary View System view Parameters ascii Transfers data in ASCII mode which is used for transferring text files binary Transfers data in binary mode which is used for transferri...

Страница 869: ...before downloading a file the switch requests the size of the file to be downloaded to the TFTP server thus to ensure whether there is enough space on the Flash for file downloading If the TFTP server...

Страница 870: ...dest file View User view Parameters tftp server IP address or the host name of a TFTP server a string of 1 to 20 characters If the switch belongs to a cluster the value cluster means to connect to the...

Страница 871: ...962 bytes sent in 0 second s File uploaded successfully 2 1 4 tftp server acl Syntax tftp server acl acl number undo tftp server acl View System view Parameters acl number Basic ACL number in the ran...

Страница 872: ...er console channel 1 7 1 1 8 info center enable 1 8 1 1 9 info center logbuffer 1 9 1 1 10 info center loghost 1 10 1 1 11 info center loghost source 1 11 1 1 12 info center monitor channel 1 12 1 1 1...

Страница 873: ...name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the display channel command to...

Страница 874: ...configuration of information channels the format of time stamp of the current system Sysname display info center Information Center enabled Log host the interface name of the source address Vlan inte...

Страница 875: ...ion channel Log buffer Information about the log buffer including its state enabled or disabled its maximum size current size current messages information channel name and number number of dropped mes...

Страница 876: ...buffersize argument ranges from 1 to 1 024 and defaults to 512 Filters output log information with a regular expression begin Displays the line that matches the regular expression and all the subseque...

Страница 877: ...e channel name of the log buffer defaults to logbuffer Dropped messages The number of dropped messages Overwritten messages The number of overwritten messages when the buffer size is not big enough to...

Страница 878: ...buffer command to display the status of the trap buffer and the records in the trap buffer Absence of the size buffersize argument indicates that all trap information is displayed Example Display the...

Страница 879: ...tters only Description Use the info center channel name command to name the channel whose number is channel number as channel name Use the undo info center channel command to restore the default name...

Страница 880: ...channel command to restore the default channel through which system information is output to the console By default output of information to the console is enabled with channel 0 as the default channe...

Страница 881: ...nel name size buffersize undo info center logbuffer channel size View System view Parameter channel Sets the channel through which information outputs to the log buffer channel number Channel number r...

Страница 882: ...hannel for the log host channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name by default the name of channel 0 to channel 9 is in t...

Страница 883: ...system view System View return to User View with Ctrl Z Sysname info center loghost 202 38 160 1 1 1 11 info center loghost source Syntax info center loghost source interface type interface number und...

Страница 884: ...mpagent channel6 channel7 channel8 channel9 Description Use the info center monitor channel command to set the channel through which information is output to user terminals Use the undo info center mo...

Страница 885: ...utput to the SNMP agent By default output of system information to the SNMP NMS is enabled with a default channel name of snmpagent and a default channel number of 5 Related command snmp agent display...

Страница 886: ...than informational to the log buffer The user can also set to output trap information of the IP module to a specified output destination Note that z If you do not use the module name argument to set o...

Страница 887: ...DEBUG Output destina tion Module s allowe d Enable d disab led Severit y Enable d disab led Severit y Enable d disab led Severit y Consol e default all module s Enable d warning s Enable d debuggi ng...

Страница 888: ...system information cannot be output to this channel Sysname system view Sysname info center source default channel snmpagent debug state off log state off trap state off Sysname info center source vl...

Страница 889: ...e synchronous information output Sysname system view System View return to User View with Ctrl Z Sysname info center synchronous Current IC terminal output sync is on 1 1 16 info center timestamp Synt...

Страница 890: ...adopted for debugging information Example Set the boot time stamp for debugging information Sysname system view System View return to User View with Ctrl Z Sysname info center timestamp debugging boot...

Страница 891: ...o configure to add UTC time zone to the time stamp of the date type output in each direction of the information center Use the undo info center timestamp utc command to restore the default By default...

Страница 892: ...s It ranges from 0 to 1 024 and defaults to 256 channel Sets the channel through which information is output to the trap buffer channel number Channel number ranging from 0 to 9 corresponding to the 1...

Страница 893: ...reset logbuffer unit unit id View User view Parameter unit id Unit ID of the device the value can only be 1 Description Use the reset logbuffer command to clear information recorded in the log buffer...

Страница 894: ...ble debugging terminal display Use the undo terminal debugging command to disable debugging terminal display By default debugging terminal display is disabled You can execute the terminal debugging co...

Страница 895: ...the undo terminal monitor command to disable the function By default this function is enabled for console users and terminal users This command works only on the current terminal The debugging log tra...

Страница 896: ...inal trapping Syntax terminal trapping undo terminal trapping View User view Parameter None Description Use the terminal trapping command to enable trap terminal display Use the undo terminal trapping...

Страница 897: ...ds 1 9 1 3 1 debugging 1 9 1 3 2 display diagnostic information 1 10 1 3 3 terminal debugging 1 11 Chapter 2 Network Connectivity Test Commands 2 1 2 1 Network Connectivity Test Commands 2 1 2 1 1 pin...

Страница 898: ...ton System Maintenance and Debugging H3C S3100 Series Ethernet Switches Table of Contents ii 3 1 15 schedule reboot delay 3 16 3 1 16 schedule reboot regularity 3 17 3 1 17 system monitor enable 3 18...

Страница 899: ...where YYYY represents year ranging from 2000 to 2099 MM represents month ranging from 1 to 12 and DD represents day ranging from 1 to 31 Description Use the clock datetime command to set the current...

Страница 900: ...ime in the form of HH MM SS end date end date of the summer time in the form of YYYY MM DD or MM DD YYYY offset time Offset of the summer time relative to the standard time in the form of HH MM SS Des...

Страница 901: ...inated UTC time to generate a later time minus Specifies to subtract a time value based on the UTC time to generate an earlier time HH MM SS Time to be added or subtracted from the UTC time in the for...

Страница 902: ...he three levels of views available on a switch from lower level to higher level z User view z System view z VLAN view Ethernet port view and so on If the current view is user view this command is used...

Страница 903: ...n to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 return Sysname 1 1 6 sysname Syntax sysname sysname undo sysname View System view Parameter sysname Syst...

Страница 904: ...ysname LANSwitch LANSwitch 1 1 7 system view Syntax system view View User view Parameter None Description Use the system view command to enter system view from user view Related command quit return Ex...

Страница 905: ...and time of the system Sysname display clock 18 36 31 beijing Sat 2002 02 02 Time Zone beijing add 01 00 00 Summer Time bj one off 01 00 00 2003 01 01 01 00 00 2003 08 08 01 00 00 Table 1 1 Field des...

Страница 906: ...version Syntax display version View Any view Parameter None Description Use the display version command to display the version information about the switch system Specifically you can use this comman...

Страница 907: ...e debugging option Debugging option all Specifies to disable all debugging Description Use the debugging command to enable system debugging Use the undo debugging command to disable system debugging B...

Страница 908: ...splay diagnostic information command to display system diagnostic information or save system diagnostic information to a file with the extension diag in the Flash memory Example Save system diagnostic...

Страница 909: ...rminal display for debugging information is disabled Note that z To display the debugging information on the terminal you need to configure both the terminal debugging and terminal monitor commands z...

Страница 910: ...ssion unit MTU of the interface h ttl Specifies the time to live TTL value of the ICMP ECHO REQUEST packets in the range 1 to 255 By default the TTL value is 255 i interface type interface number Spec...

Страница 911: ...hability of a host The executing procedure of the ping command is as follows First the source host sends an ICMP ECHO REQUEST packet to the destination host If the connection to the destination networ...

Страница 912: ...of the packets to be sent so as to only display the addresses of those gateways on the path whose hop counts are not smaller than the hop count specified by the first ttl argument For example if the...

Страница 913: ...TTL is reached During the procedure the system records the source address of each ICMP TTL timeout message in order to offer the path that the packets pass through to the destination If you find that...

Страница 914: ...mmand Manual For Soliton System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 2 Network Connectivity Test Commands 2 5 14 15 16 17 18 18 26 0 115 18 26 0 115 339 ms 279 ms 279 m...

Страница 915: ...cters device name File name in the form of unit NO flash which is used to indicate that the specified file is stored in the Flash memory of a specified switch Description Use the boot boot loader comm...

Страница 916: ...xt startup Example Update the Boot ROM of the switch using the file named Switch btm Sysname boot bootrom Switch btm This will update Bootrom on unit 1 Continue Y N y Upgrading Bootrom please wait Upg...

Страница 917: ...splay cpu unit unit id View Any view Parameter unit id Unit ID of a switch the value can only be 1 Description Use the display cpu command to display the CPU usage Example Display the CPU usage of thi...

Страница 918: ...ard including slot number sub slot number the number of ports versions of PCB FPGA CPLD and Boot ROM software address learning mode interface board type and so on Example Display board information of...

Страница 919: ...ly be 1 Description Use the display memory command to display the memory usage of a specified switch Example Display the memory usage of this switch Sysname display memory Unit 1 System Available Memo...

Страница 920: ...ion Use the display power command to display the working state of the power supply of the switch Example Display the working state of the power supply Sysname display power Unit 1 power 1 State Normal...

Страница 921: ...single or all transceivers If no error occurs None is displayed Table 3 5 shows the alarm information that may occur for the four types of transceivers Table 3 5 Description on the fields of display...

Страница 922: ...rent is high TX bias low TX bias current is low TX power high TX power is high TX power low TX power is low Module not ready Module is not ready APD supply fault APD Avalanche Photo Diode supply fault...

Страница 923: ...er fault TX fault TX fault PMA PMD receiver local fault PMA PMD receiver local fault PCS receive local fault PCS receive local fault PHY XS receive local fault PHY XS receive local fault TX bias high...

Страница 924: ...terface Syntax display transceiver diagnosis interface interface type interface number View Any view Parameters interface type interface number Interface type and interface number Description Use the...

Страница 925: ...the precision to 0 01 mA RX power dBM Digital diagnosis parameter RX power in dBM with the precision to 0 01 dBM TX power dBM Digital diagnosis parameter TX power in dBM with the precision to 0 01 dB...

Страница 926: ...s every two wavelength values are separated by a comma z Electrical transceiver displayed as N A Transfer distance xx Transfer distance with xx representing km for single mode transceivers and m for o...

Страница 927: ...part of the electrical label information of the anti spoofing pluggable transceiver customized by H3C on interface GigabitEthernet 1 2 2 Sysname display transceiver manuinfo interface gigabitethernet...

Страница 928: ...down the system without saving the configurations Example Directly restart this switch without saving the current configuration Sysname reboot Start to check configuration with next startup configura...

Страница 929: ...ied future date the switch will reboot at the specified time with at most one minute delay After you execute the schedule reboot at command without specifying a date the switch will z Reboot at the sp...

Страница 930: ...The switch timer can be set to a precision of one minute that is the switch will reboot within one minute after the specified reboot date and time You can set the reboot waiting delay in two formats...

Страница 931: ...oots at a specified time every day monday tuesday wednesday thursday friday saturday sunday indicates the week day when the switch reboots Description Use the schedule reboot regularity command to ena...

Страница 932: ...enable undo system monitor enable View System view Parameter None Description Use the system monitor enable command to enable real time monitoring of the running status of the system Use the undo sys...

Страница 933: ...that the specified file is stored in the Flash of a specified switch Description Use the xmodem get command to download files from the local device connected with the Console port of a switch through...

Страница 934: ...ve QinQ Configuration Commands 2 1 2 1 Selective QinQ Configuration Commands 2 1 2 1 1 raw vlan id inbound 2 1 2 1 2 vlan vpn vid 2 2 2 1 3 vlan vpn selective enable 2 3 Chapter 3 VLAN Mapping Configu...

Страница 935: ...guration of the current system Related commands vlan vpn enable vlan vpn inner cos trust vlan vpn tpid Examples Display the VLAN VPN configuration of the current system Sysname display port vlan vpn V...

Страница 936: ...the default VLAN tag of the receiving port no matter whether or not the packet already carries a VLAN tag z If the packet already carries a VLAN tag the packet becomes a dual tagged packet z Otherwis...

Страница 937: ...f the packet to determine whether the packet carries a VLAN tag or not Use the undo vlan vpn tpid command to restore the default TPID value The default TPID value is 0x8100 For the position and functi...

Страница 938: ...VLAN VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN VPN Configuration Commands 1 4 Examples Set the global TPID value to 0x9100 Sysname system view System View return to User View with Ctrl Z...

Страница 939: ...larger than or equal to the VLAN ID before the to keyword and 1 10 means that you can specify up to 10 VLANs VLAN ranges for this argument all Removes all configurations of encapsulating an outer VLAN...

Страница 940: ...n vid vlan id View System view Parameters vlan id VLAN ID in the range 1 to 4094 Description Use the vlan vpn vid command to configure the outer VLAN tag for a selective QinQ policy that is the outer...

Страница 941: ...Parameter None Description Use the vlan vpn selective enable command to enable the selective QinQ feature on a port With the selective QinQ feature enabled packets carrying specific inner VLAN tags a...

Страница 942: ...ark new vlan id Specifies the target VLAN ID for VLAN mapping The new vlan id argument is in the range of 1 to 4094 Description Use the vlan mapping command in system view to define a global VLAN mapp...

Страница 943: ...ne z With a global VLAN mapping rule defined in system view you cannot define any VLAN mapping rules in Ethernet port view Related commands vlan mapping enable Example Define a VLAN mapping rule on Et...

Страница 944: ...red for a port the VLAN mapping function is enabled on the port at the same time In this case the vlan mapping enable command cannot be used to enable the VLAN mapping function again z The VLAN mappin...

Страница 945: ...roup management protocol HGMP related protocols including neighbor discovery protocol NDP neighbor topology discovery protocol cluster member remote control MRC and Huawei authentication bypass protoc...

Страница 946: ...can use the bpdu tunnel tunnel dmac command to change the destination MAC addresses of protocol packets to a specified multicast MAC address Caution z If this command is enabled on a port for a speci...

Страница 947: ...mitted along a BPDU tunnel is 010f e200 0003 Caution z To prevent the devices in the service provider network from processing the tunnel packets as other protocol packets the MAC address for tunnel pa...

Страница 948: ...rotocol packets transmitted along the BPDU tunnel s Related commands bpdu tunnel tunnel dmac Examples Display the private multicast MAC address configured for packets transmitted along the BPDU tunnel...

Страница 949: ...5 1 1 11 history records 1 16 1 1 12 http operation 1 17 1 1 13 http string 1 17 1 1 14 hwping 1 18 1 1 15 hwping agent enable 1 19 1 1 16 jitter interval 1 19 1 1 17 jitter packetnum 1 20 1 1 18 pass...

Страница 950: ...ndo count command to restore the default For tests except jitter test only one packet is sent in a probe In a jitter test you can use the jitter packetnum command to set the number of packets to be se...

Страница 951: ...uration applies to ICMP UDP and jitter tests only Description Use the datasize command to configure the size of a test packet in a test Use the undo datasize command to restore the default Examples Se...

Страница 952: ...must be an IP address Examples Set the destination IP address of an ICMP test to 169 254 10 3 Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname...

Страница 953: ...e Examples Set the destination port number for a tcpprivate test to 9000 Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator tcp Sysname hwping administrator t...

Страница 954: ...004 11 25 16 28 55 0 Extend result SD Maximal delay 0 DS Maximal delay 0 Packet lost in test 0 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail n...

Страница 955: ...failures to connect with the remote end Drop operation number Number of system resource allocation failures Display the history records of HWPing tests Sysname hwping administrator icmp display hwping...

Страница 956: ...d 10 unableToResolveDnsName Unable to resolve DNS domain name 11 invalidHostAddress Invalid host address LastRC Response code in the last ICMP response packet received The device does not support this...

Страница 957: ...d to establish an HTTP connection DNS Resolve Min Time Minimal time used for a DNS resolution HTTP Test Total Time Total time used for an HTTP test DNS Resolve Max Time Maximum time used for a DNS res...

Страница 958: ...rs 0 Drop operation number 0 Other operation errors 0 Jitter result RTT Number 100 Min Positive SD 1 Min Positive DS 1 Max Positive SD 6 Max Positive DS 8 Positive SD Number 38 Positive DS Number 25 P...

Страница 959: ...e to the destination Positive DS Square Sum Sum of the square of positive jitter delays from the destination to the source Min Negative SD Minimum absolute value of negative jitter delays from the sou...

Страница 960: ...dns test result Destination ip address 10 2 2 2 Send operation times 10 Receive response times 10 Min Max Average Round Trip Time 6 10 8 Square Sum of Round Trip Time 756 Last succeeded test time 2006...

Страница 961: ...erver View HWPing test group view Parameters ip address IP address to be assigned to a domain name server DNS Description Use the dns server command to configure the IP address of a DNS server Use the...

Страница 962: ...solved in the range of 1 to 60 characters Description Use the dns resolve target command to configure a domain name to be resolved Use the undo resolve target command to remove a domain name to be res...

Страница 963: ...lt no file name is configured for FTP tests Related commands username password and ftp operation Note The filename command applies to FTP tests only Examples Specify to transmit config txt between HWP...

Страница 964: ...CP tests Examples Set the automatic test interval to 10 seconds in an ICMP test Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping adminis...

Страница 965: ...rds Syntax history records number undo history records View HWPing test group view Parameters Number Maximum number of history records that can be saved in a test group in the range of 0 to 50 and 50...

Страница 966: ...d to the HTTP server Description Use the http operation command to configure the HTTP operation mode By default the HTTP operation mode is get Note The http operation command applies to HTTP tests onl...

Страница 967: ...http string command applies to HTTP tests only Related commands http operation Examples Set the webpage to be accessed by an HTTP test as index htm and the HTTP version as HTTP 1 0 Sysname system vie...

Страница 968: ...or icmp 1 1 15 hwping agent enable Syntax hwping agent enable undo hwping agent enable View System view Parameters None Description Use the hwping agent enable command to enable the HWPing client func...

Страница 969: ...ommand to restore the default By default the interval between sending jitter test packets is 20 milliseconds Related commands jitter packetnum Note The jitter interval command applies to jitter tests...

Страница 970: ...jitter interval Note This command applies to jitter tests only Examples Configure to send 30 packets in a probe for a jitter test Sysname system view System View return to User View with Ctrl Z Sysnam...

Страница 971: ...ith Ctrl Z Sysname hwping administrator ftp Sysname hwping administrator ftp test type ftp Sysname hwping administrator ftp password hwping 1 1 19 probe failtimes Syntax probe failtimes times undo pro...

Страница 972: ...ails testcomplete Sends a trap after a test is finished testfailure Sends a trap when a test fails all Sends a trap when any of the above mentioned scenarios occurs Description Use the send trap comma...

Страница 973: ...CP probes By default no source interface is specified for ICMP tests and no interface is configured for DHCP probes Note z For DHCP tests this command is required For ICMP tests this command is option...

Страница 974: ...ts serves as the source IP address Note z For FTP tests this command is required This command does not apply to DHCP tests For other tests this command is optional z The specified source IP address by...

Страница 975: ...Configure the source port number as 8000 for this HTTP test Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator http Sysname hwping administrator http test ty...

Страница 976: ...type Examples Configure the test type as an FTP test Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator ftp Sysname hwping administrator ftp test type ftp 1...

Страница 977: ...times undo test failtimes View HWPing test group view Parameters times Number of times of consecutive test failure in the range of 1 to 15 Description Use the test failtimes command to configure the...

Страница 978: ...t packet Use the undo timeout command to restore the default value By default the probe timeout time is 3 seconds Examples Set the timeout time for one probe in an ICMP test to 10 seconds Sysname syst...

Страница 979: ...View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp tos 1 1 1 29 username Syntax username name undo username View HWP...

Страница 980: ...sname hwping administrator ftp Sysname hwping administrator ftp test type ftp Sysname hwping administrator ftp username administrator 1 2 HWPing Server Commands Note z A HWPing server is required for...

Страница 981: ...address specified for a TCP listening service on the HWPing server port number Port number specified for a TCP listening service on the HWPing server The value ranges from 1 to 65535 It is not recomme...

Страница 982: ...ss port number View System view Parameters ip address IP address from which a HWPing server performs UDP listening port number Port from which a HWPing server performs UDP listening The value ranges f...

Страница 983: ...hernet Switches Chapter 1 HWPing Commands 1 34 Examples Enable UDP listening using 169 254 10 2 as the IP address and 9000 as the port number Sysname system view System View return to User View with C...

Страница 984: ...1 12 display udp ipv6 statistics 1 20 1 1 13 dns server ipv6 1 21 1 1 14 ipv6 address 1 22 1 1 15 ipv6 address auto link local 1 23 1 1 16 ipv6 address eui 64 1 24 1 1 17 ipv6 address link local 1 25...

Страница 985: ...H3C S3100 Series Ethernet Switches Table of Contents ii Chapter 2 IPv6 Application Configuration Commands 2 1 2 1 IPv6 Application Configuration Commands 2 1 2 1 1 ping ipv6 2 1 2 1 2 telnet ipv6 2 3...

Страница 986: ...the cache including the domain name IPv6 address and TTL of the DNS entries You can use the reset dns ipv6 dynamic host command to clear all IPv6 dynamic domain name information from the cache Exampl...

Страница 987: ...isplay ipv6 fib View Any view Parameters None Description Use the display ipv6 fib command to display all the IPv6 FIB entries The switch looks up a matching IPv6 FIB entry for forwarding an IPv6 pack...

Страница 988: ...cription on the fields of the display ipv6 fib command Field Description Total number of Routes Total number of routes in the FIB Destination Destination address to which a packet is forwarded PrefixL...

Страница 989: ...nfiguration Flags Flag indicating whether the entry is configured statically or acquired dynamically IPv6Address es IPv6 address corresponding to a host name 1 1 4 display ipv6 interface Syntax displa...

Страница 990: ...onds Hosts use stateless autoconfig for addresses Table 1 4 Description on the fields of the display ipv6 interface command Field Description Vlan interface1 current state VLAN interface link state z...

Страница 991: ...le time Neighbor reachable time which can be configured by using the ipv6 nd nud reachable time command ND retransmit interval Interval for retransmitting a neighbor solicitation NS message which can...

Страница 992: ...terface is up IPv6 Address IPv6 address of the interface If no address is configured for the interface Unassigned will be displayed 1 1 5 display ipv6 neighbors Syntax display ipv6 neighbors ipv6 addr...

Страница 993: ...information You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information Related commands ipv6 neighbor reset ipv6 neighbors Examples View all neighbor information Sysname...

Страница 994: ...tatic configuration and D dynamic acquisition Age z For a static entry is displayed z For a dynamic entry the time in seconds since it is reachable last time is displayed and if it is never reachable...

Страница 995: ...d information about the IPv6 routing table Description Use the display ipv6 route table command to display brief information about the routing table including the destination IP address prefix length...

Страница 996: ...wing indicates the prefix length Protocol Routing protocol discovering the route NextHop Next hop address Interface Egress interface through which a packet is sent Display detailed information about t...

Страница 997: ...3 a raw IP socket task id ID of a task in the range of 1 to 100 socket id ID of a socket in the range of 0 to 3072 Description Use the display ipv6 socket command to display information related to a s...

Страница 998: ...ask name and ID of the created socket socketid ID assigned by the kernel to the created socket Proto Protocol ID LA Local address and local port number FA Remote address and remote port number sndbuf...

Страница 999: ...0 forwarded 0 raw packets 30 discarded 0 routing failed 0 fragments 0 fragments failed 0 Received packets Total 572 local host 572 hopcount exceeded 0 format error 0 option error 0 protocol error 0 fr...

Страница 1000: ...packets sent locally z Number of forwarded packets z Number of packets sent via raw socket z Number of discarded packets z Number of packets with routing failure z Number of sent fragment packets z N...

Страница 1001: ...kets Total 126 checksum error 0 too short 0 bad code 0 unreached 10 too big 0 hopcount exceeded 0 reassembly timeout 0 parameter problem 0 unknown error type 0 echoed 17 echo replied 30 neighbor solic...

Страница 1002: ...window probe packets 0 window update packets 0 checksum error 0 offset error 0 short error 0 duplicate packets 0 0 bytes partially duplicate packets 0 0 bytes out of order packets 3 0 bytes packets w...

Страница 1003: ...t header z Number of duplicate packets z Number of partially duplicate packets z Number of out of order packets z Number of packets exceeding the receiving window size z Number of packets after the co...

Страница 1004: ...SYN from the peer 1 1 11 display tcp ipv6 status Syntax display tcp ipv6 status View Any view Parameters None Description Use the display tcp ipv6 status command to display the IPv6 TCP connection st...

Страница 1005: ...w Any view Parameters None Description Use the display udp ipv6 statistics command to display statistics of IPv6 UDP packets You can use the reset udp ipv6 statistics command to clear statistics of al...

Страница 1006: ...ket on port Total number of received broadcast multicast packets without any socket on a port not delivered input socket full Number of packets not handled because of the receiving buffer being full i...

Страница 1007: ...onfigure a site local address or global unicast address manually for an interface Use the undo ipv6 address command to remove the manually configured interface address By default no site local address...

Страница 1008: ...s for an interface By default a link local address is generated automatically after a site local IPv6 address or global unicast address is configured for an interface Note that z After an IPv6 site lo...

Страница 1009: ...r View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ipv6 address auto link local 1 1 16 ipv6 address eui 64 Syntax ipv6 address ipv6 address prefix length eui 64 undo ipv6 ad...

Страница 1010: ...Vlan interface1 display ipv6 interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 2E0 FCFF FE00 3100 Global unicast ad...

Страница 1011: ...ly generated one If you first adopt manual assignment and then automatic generation the automatically generated link local address will not take effect and the link local address of an interface is st...

Страница 1012: ...ser View with Ctrl Z Sysname ipv6 host aaa 2001 1 1 1 19 ipv6 icmp error Syntax ipv6 icmp error bucket bucket size ratelimit interval undo ipv6 icmp error View System view Parameters bucket size Numbe...

Страница 1013: ...ection in the range of 0 to 600 The default value is 1 When it is set to 0 the duplicate address detection is disabled Description Use the ipv6 nd dad attempts command to configure the attempts to sen...

Страница 1014: ...d hop limit command to restore the default By default the hop limit of ICMPv6 reply packets is 64 Examples Set the hop limit of ICMPv6 reply packets to 100 Sysname system view System View return to Us...

Страница 1015: ...retrans timer 10000 1 1 23 ipv6 nd nud reachable time Syntax ipv6 nd nud reachable time value undo ipv6 nd nud reachable time View VLAN interface view Parameters value Neighbor reachable time in mill...

Страница 1016: ...ry Description Use the ipv6 neighbor command to configure a static neighbor entry Use the undo ipv6 neighbor command to remove a static neighbor entry Note that You can configure a static neighbor ent...

Страница 1017: ...range of 1 to 2048 Description Use the ipv6 neighbors max learning num command to configure the maximum number of neighbors that can be dynamically learned on a specified interface Use the undo ipv6 n...

Страница 1018: ...ress of an IPv6 static route as 0 the route configured becomes a default IPv6 route If the destination IP address of a packet does not match any entry in the routing table the device will use a defaul...

Страница 1019: ...ameters all Clears the static and dynamic neighbor information on all interfaces dynamic Clears the dynamic neighbor information on all interfaces interface interface type interface number Clears all...

Страница 1020: ...pv6 statistics command to display the statistics of IPv6 and ICMPv6 packets Examples Clear the statistics of IPv6 packets Sysname reset ipv6 statistics 1 1 30 reset tcp ipv6 statistics Syntax reset tc...

Страница 1021: ...f IPv6 UDP packets Examples Clear the statistics of all IPv6 UDP packets Sysname reset udp ipv6 statistics 1 1 32 tcp ipv6 timer fin timeout Syntax tcp ipv6 timer fin timeout wait time undo tcp ipv6 t...

Страница 1022: ...e synwait timer of IPv6 TCP packets in seconds in the range of 2 to 600 Description Use the tcp ipv6 timer syn timeout command to set the synwait timer of IPv6 TCP packets Use the undo tcp ipv6 timer...

Страница 1023: ...escription Use the tcp ipv6 window command to set the size of IPv6 TCP receiving sending buffer Use the undo tcp ipv6 window command to restore the size of IPv6 TCP receiving sending buffer to the def...

Страница 1024: ...the destination is received within the timeout time the interval to send the next ECHO REQUEST equals to the actual response period plus the value of interval z If no response from the destination is...

Страница 1025: ...trl C to terminate the ping operation Examples Test whether destination 2001 1 is accessible Sysname ping ipv6 2001 1 PING 2001 1 56 data bytes press CTRL_C to break Reply from 2001 1 bytes 56 Sequenc...

Страница 1026: ...Number of received packets 0 00 packet loss Packet loss percentage round trip min avg max 0 4 20 ms Minimum average maximum response time in milliseconds 2 1 2 telnet ipv6 Syntax telnet ipv6 remote s...

Страница 1027: ...abort Can t connect to the remote host 2 1 3 tftp ipv6 Syntax tftp ipv6 remote system i interface type interface number get put source filename destination filename View User view Parameters remote sy...

Страница 1028: ...ttl m max ttl p port q packet num w timeout remote system View Any view Parameters f first ttl Specifies the first TTL that is the allowed number of hops for the first packet Ranges from 1 to 255 def...

Страница 1029: ...oute of the IPv6 packets from source to destination 3002 1 Sysname tracert ipv6 3002 1 traceroute to 3002 1 30 hops max 60 bytes packet 1 3003 1 30 ms 0 ms 0 ms 2 3002 1 10 ms 10 ms 0 ms 3 Table 2 2 D...

Страница 1030: ...onfiguration Commands 1 1 1 1 DNS Configuration Commands 1 1 1 1 1 display dns domain 1 1 1 1 2 display dns dynamic host 1 2 1 1 3 display dns server 1 2 1 1 4 display ip host 1 4 1 1 5 dns domain 1 4...

Страница 1031: ...on Commands 1 1 1 display dns domain Syntax display dns domain dynamic View Any view Parameters dynamic Displays DNS suffixes dynamically assigned through DHCP or other protocols Description Use the d...

Страница 1032: ...host No Domain name Ipaddress TTL Alias 1 lm test h3c 172 1 223 1 3564 No Domain name Ipaddress TTL Alias 1 aaaa 172 1 223 2 3594 Table 1 2 Description on the fields of the display dns dynamic host co...

Страница 1033: ...Servers Domain server Type IP Address 1 S 192 168 0 4 IPv6 DNS Servers Table 1 3 Description on the fields of the display dns server command Field Description Type Type of the DNS server S indicates...

Страница 1034: ...Sysname display ip host Host Age Flags Address host com 0 static 192 168 0 38 Table 1 4 Description on the fields of the display ip host command Field Description Host Host name Age Time to live 0 mea...

Страница 1035: ...ault You can configure a maximum of 10 DNS suffixes You must enter the DNS suffix before deleting it Otherwise all configured DNS suffixes are deleted Related commands display dns domain Note The DNS...

Страница 1036: ...Sysname dns resolve 1 1 7 dns server Syntax dns server ip address undo dns server ip address View System view Parameters ip address IP address of the DNS Server Description Use the dns server command...

Страница 1037: ...mapping between host name and IP address in the static DNS database Use the undo ip host command to remove the mapping No mappings are created by default Each host name can correspond to only one IP...

Страница 1038: ...isplay the corresponding domain name for 192 168 3 2 Sysname nslookup type ptr 192 168 3 2 Trying DNS server 10 72 66 36 Name www host com Address 192 168 3 2 Display the corresponding IP address for...

Страница 1039: ...1 3 flush enable control vlan 1 3 1 1 4 link aggregation group 1 4 1 1 5 port 1 5 1 1 6 port smart link group 1 6 1 1 7 reset smart link packets counter 1 7 1 1 8 smart link flush enable 1 7 1 1 9 sma...

Страница 1040: ...sname display smart link flush Flush interface Ethernet1 0 1 Count of flush packets received 1 Time of last flush packet received 22 52 23 2006 04 01 Source MAC of last flush packet received 000f e20f...

Страница 1041: ...N ID configured on the receiving port 1 1 2 display smart link group Syntax display smart link group group id all View Any view Parameter group id Smart link group ID in the range of 1 to 24 all Displ...

Страница 1042: ...If no flush message is sent NA will be displayed 1 1 3 flush enable control vlan Syntax flush enable control vlan vlan id undo flush enable View Smart Link group view Parameter vlan id Control VLAN I...

Страница 1043: ...the specified link aggregation group as the slave port of the Smart Link group Description Use the link aggregation group command to configure a link aggregation group as a member of the Smart Link gr...

Страница 1044: ...roup Use the undo port command to remove the specified port from the Smart Link group Either a single port or a link aggregation group configured manually or statically can serve as a member for a Sma...

Страница 1045: ...t smart link group command to remove the current port from the specified Smart Link group Either a single port or a link aggregation group configured manually or statically can serve as a member for a...

Страница 1046: ...ple Clear the flush message statistics of Smart Link Sysname reset smart link packets counter 1 1 8 smart link flush enable Syntax z In Ethernet port view smart link flush enable control vlan vlan id...

Страница 1047: ...fect Note The VLAN configured as a control VLAN for sending or receiving flush messages must exist You cannot directly remove the control VLAN When a dynamic VLAN is configured as a control VLAN for t...

Страница 1048: ...eads you into Smart Link group view directly Use the undo smart link group command to remove the specified Smart Link group After creating a Smart Link group you must configure member ports for this S...

Страница 1049: ...r link group command to display Monitor Link group information Example Display the information about Monitor Link group 1 Sysname display monitor link group 1 Monitor link group 1 information Member R...

Страница 1050: ...ecified link aggregation group as a Monitor Link group member Use the undo link aggregation group command to remove the specified link aggregation group from the current Monitor Link group In Monitor...

Страница 1051: ...monitor link group command to create a Monitor Link group and enter Monitor Link group view Use the undo monitor link group command to remove a Monitor Link group After the Monitor Link group is confi...

Страница 1052: ...the specified port from the current Monitor Link group In Monitor Link a Monitor Link group member can be a single port a static link aggregation group but not a dynamic link aggregation group The upl...

Страница 1053: ...d Monitor Link group Use the undo port monitor link group command to remove the current port from the specified Monitor Link group In Monitor Link a Monitor Link group member can be a single port a st...

Страница 1054: ...e specified Smart Link group as the uplink port of the Monitor Link group Description Use the smart link group command to configure the specified Smart Link group as the uplink port of the Monitor Lin...

Страница 1055: ...al 18 AAA 1 31 accounting on enable 18 AAA 1 32 acl 02 Login 2 1 acl 22 ACL 1 1 active region configuration 15 MSTP 1 1 add member 25 Stack Cluster 2 15 administrator address 25 Stack Cluster 2 16 am...

Страница 1056: ...cute command 02 Login 1 3 B binary 30 FTP SFTP TFTP 1 7 black list 25 Stack Cluster 2 45 boot attribute switch 29 File System Management 1 17 boot boot loader 29 File System Management 1 17 boot boot...

Страница 1057: ...ime 32 System Maintenance and Debugging 1 1 clock summer time 32 System Maintenance and Debugging 1 2 clock timezone 32 System Maintenance and Debugging 1 3 close 30 FTP SFTP TFTP 1 9 cluster 25 Stack...

Страница 1058: ...ort Basic Configuration 1 5 description 22 ACL 1 2 destination ip 34 HWPing 1 2 destination port 34 HWPing 1 3 dhcp protective down recover enable 21 DHCP 2 1 dhcp protective down recover interval 21...

Страница 1059: ...ile System Management 1 19 display boot loader 32 System Maintenance and Debugging 3 2 display bootp client 21 DHCP 3 3 display bpdu tunnel 33 VLAN VPN 4 3 display brief interface 09 Port Basic Config...

Страница 1060: ...ay dns domain 36 DNS 1 1 display dns dynamic host 36 DNS 1 2 display dns ipv6 dynamic host 35 IPv6 Management 1 1 display dns server 36 DNS 1 2 display domain 18 AAA 1 12 display dot1x 17 802 1x Syste...

Страница 1061: ...e 05 Management VLAN 1 1 display ip host 36 DNS 1 4 display ip interface 05 Management VLAN 1 2 display ip interface 06 IP Address IP Performance 1 1 display ip interface brief 05 Management VLAN 1 4...

Страница 1062: ...egation 1 5 display link aggregation interface 10 Link Aggregation 1 1 display link aggregation summary 10 Link Aggregation 1 2 display link aggregation verbose 10 Link Aggregation 1 3 display link de...

Страница 1063: ...P 1 4 display packet filter 22 ACL 1 6 display port 04 VLAN 1 10 display port combo 09 Port Basic Configuration 1 14 display port vlan vpn 33 VLAN VPN 1 1 display port mac 14 MAC Address Table Managem...

Страница 1064: ...r 23 QoS QoS Profile 1 15 display radius scheme 18 AAA 1 36 display radius statistics 18 AAA 1 39 display rmon alarm 26 SNMP RMON 2 1 display rmon event 26 SNMP RMON 2 2 display rmon eventlog 26 SNMP...

Страница 1065: ...ation 1 15 display stp 15 MSTP 1 4 display stp abnormalport 15 MSTP 1 8 display stp portdown 15 MSTP 1 9 display stp region configuration 15 MSTP 1 10 display stp root 15 MSTP 1 11 display system guar...

Страница 1066: ...Maintenance and Debugging 1 8 display vlan 04 VLAN 1 3 display vlan 07 Voice VLAN 1 4 display voice vlan error info 07 Voice VLAN 1 1 display voice vlan oui 07 Voice VLAN 1 2 display voice vlan status...

Страница 1067: ...rol 17 802 1x System Guard 1 12 dot1x port method 17 802 1x System Guard 1 14 dot1x quiet period 17 802 1x System Guard 1 15 dot1x re authenticate 17 802 1x System Guard 1 17 dot1x retry 17 802 1x Sys...

Страница 1068: ...37 Smart Link Monitor Link 1 3 format 29 File System Management 1 9 free user interface 02 Login 1 10 free web users 02 Login 2 2 frequency 34 HWPing 1 14 ftp 30 FTP SFTP TFTP 1 12 ftp cluster 25 Sta...

Страница 1069: ...cords 34 HWPing 1 16 holdtime 25 Stack Cluster 2 35 http operation 34 HWPing 1 17 http string 34 HWPing 1 17 hwping 34 HWPing 1 18 hwping agent enable 34 HWPing 1 19 hwping server enable 34 HWPing 1 3...

Страница 1070: ...o center channel name 31 Information Center 1 7 info center console channel 31 Information Center 1 7 info center enable 31 Information Center 1 8 info center logbuffer 31 Information Center 1 9 info...

Страница 1071: ...tatic binding 21 DHCP 1 12 ip pool 25 Stack Cluster 2 36 ipv6 address 35 IPv6 Management 1 22 ipv6 address auto link local 35 IPv6 Management 1 23 ipv6 address eui 64 35 IPv6 Management 1 24 ipv6 addr...

Страница 1072: ...level 18 AAA 1 18 line rate 23 QoS QoS Profile 1 16 link aggregation group 37 Smart Link Monitor Link 1 4 link aggregation group 37 Smart Link Monitor Link 2 2 link aggregation group description 10 Li...

Страница 1073: ...lticast 2 3 mac address multicast vlan 16 Multicast 2 4 mac address security 12 Port Security Port Binding 1 6 mac address timer 14 MAC Address Table Management 1 8 mac authentication 19 MAC Address A...

Страница 1074: ...Mirroring 1 4 mirroring group monitor port 24 Mirroring 1 5 mirroring group reflector port 24 Mirroring 1 6 mirroring group remote probe vlan 24 Mirroring 1 6 mirroring port 24 Mirroring 1 7 mkdir 29...

Страница 1075: ...mer 25 Stack Cluster 2 12 ntdp timer hop delay 25 Stack Cluster 2 13 ntdp timer port delay 25 Stack Cluster 2 14 ntp service access 27 NTP 1 5 ntp service authentication enable 27 NTP 1 7 ntp service...

Страница 1076: ...ng 1 21 peer public key end 28 SSH 1 9 ping 32 System Maintenance and Debugging 2 1 ping ipv6 35 IPv6 Management 2 1 port 04 VLAN 1 10 port 09 Port Basic Configuration 1 32 port 37 Smart Link Monitor...

Страница 1077: ...12 port security ntk mode 12 Port Security Port Binding 1 13 port security oui 12 Port Security Port Binding 1 14 port security port mode 12 Port Security Port Binding 1 15 port security timer disabl...

Страница 1078: ...TP TFTP 1 31 pwd 29 File System Management 1 12 pwd 30 FTP SFTP TFTP 1 18 pwd 30 FTP SFTP TFTP 1 31 Q qos cos local precedence map 23 QoS QoS Profile 1 23 qos dscp local precedence map 23 QoS QoS Prof...

Страница 1079: ...dynamic host 36 DNS 1 8 reset dns ipv6 dynamic host 35 IPv6 Management 1 33 reset dot1x statistics 17 802 1x System Guard 1 24 reset garp statistics 08 GVRP 1 6 reset hwtacacs statistics 18 AAA 1 74...

Страница 1080: ...S QoS Profile 1 29 reset traffic statistic 23 QoS QoS Profile 1 30 reset traffic statistic vlan 23 QoS QoS Profile 1 30 reset trapbuffer 31 Information Center 1 21 reset udp ipv6 statistics 35 IPv6 Ma...

Страница 1081: ...save 03 Configuration File Management 1 13 schedule reboot at 32 System Maintenance and Debugging 3 14 schedule reboot delay 32 System Maintenance and Debugging 3 16 schedule reboot regularity 32 Sys...

Страница 1082: ...Monitor Link 1 8 smart link group 37 Smart Link Monitor Link 2 6 snmp agent 26 SNMP RMON 1 13 snmp agent calculate password 26 SNMP RMON 1 14 snmp agent community 02 Login 2 3 snmp agent community 26...

Страница 1083: ...efault 28 SSH 1 26 ssh client assign 28 SSH 1 27 ssh client first time enable 28 SSH 1 29 ssh server authentication retries 28 SSH 1 30 ssh server compatible ssh1x enable 28 SSH 1 30 ssh server rekey...

Страница 1084: ...MSTP 1 16 stp bridge diameter 15 MSTP 1 16 stp compliance 15 MSTP 1 17 stp config digest snooping 15 MSTP 1 19 stp cost 15 MSTP 1 20 stp dot1d trap 15 MSTP 1 21 stp edged port 15 MSTP 1 23 stp interfa...

Страница 1085: ...15 MSTP 1 48 stp region configuration 15 MSTP 1 49 stp root primary 15 MSTP 1 50 stp root secondary 15 MSTP 1 51 stp root protection 15 MSTP 1 52 stp tc protection 15 MSTP 1 53 stp tc protection thres...

Страница 1086: ...dress IP Performance 2 18 tcp timer syn timeout 06 IP Address IP Performance 2 19 tcp window 06 IP Address IP Performance 2 20 telnet 02 Login 1 25 telnet ipv6 02 Login 1 26 telnet ipv6 35 IPv6 Manage...

Страница 1087: ...response timeout 18 AAA 1 81 time range 22 ACL 1 28 topology accept 25 Stack Cluster 2 52 topology restore from 25 Stack Cluster 2 53 topology save to 25 Stack Cluster 2 54 tos 34 HWPing 1 29 tracemac...

Страница 1088: ...level 02 Login 1 28 user interface 02 Login 1 27 username 34 HWPing 1 30 user name format 18 AAA 1 65 user name format 18 AAA 1 81 V verbose 30 FTP SFTP TFTP 1 22 virtual cable test 09 Port Basic Con...

Страница 1089: ...dix A Command Index A 35 voice vlan enable 07 Voice VLAN 1 7 voice vlan legacy 07 Voice VLAN 1 8 voice vlan mac address 07 Voice VLAN 1 8 voice vlan mode 07 Voice VLAN 1 9 voice vlan security enable 0...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды