H3C SecPath F5000-AK Series Скачать руководство пользователя | Manualshive

Страница: 26 / 39

background image

20

Predefined user roles

network-admin

context-admin

Parameters

vsi-name

: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.

track track-entry-number

&<1-3>

: Specifies a space-separated list of up to three track

entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry
is in positive state.

Usage guidelines

For traffic that matches a Layer 3 interface, the system uses the VSI's MAC address table to make a
forwarding decision.

Examples

# Map GigabitEthernet 1/2/5/1 to VSI

vpn1

.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] quit

[Sysname] interface gigabitethernet 1/2/5/1

[Sysname-GigabitEthernet1/2/5/1] xconnect vsi vpn1

Related commands

display l2vpn interface

vsi

VXLAN IP gateway commands

arp distributed-gateway dynamic-entry synchronize

Use

arp distributed-gateway dynamic-entry synchronize

to enable dynamic ARP

entry synchronization for distributed VXLAN IP gateways.

Use

undo arp distributed-gateway dynamic-entry synchronize

to disable dynamic

ARP entry synchronization for distributed VXLAN IP gateways.

Syntax

arp distributed-gateway dynamic-entry synchronize

undo arp distributed-gateway dynamic-entry synchronize

Default

Dynamic ARP entry synchronization is disabled for distributed VXLAN IP gateways.

Views

System view

Predefined user roles

network-admin

context-admin

«
...
24
25
26
27
28
...
»

Содержание SecPath F5000-AK Series

Страница 1: ...H3C SecPath F50X0 D F5000 AK Firewall Series Comware 7 VXLAN Command Reference New H3C Technologies Co Ltd http www h3c com Software version F9620 Document version 6W401 20200901 ...

Страница 2: ...w H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice All contents in this document including statements information and recommendations are believed to be accurate but they are presented without warranty of any kind express or implied H3C shall not be l...

Страница 3: ...and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from ...

Страница 4: ...hat contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Convention Description Represents a generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding an...

Страница 5: ...s document might use devices that differ from your device in hardware model configuration or software version It is normal that the port numbers sample output screenshots and other information in the examples differ from what you have on your device Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments ...

Страница 6: ... fast forwarding enable 16 vxlan invalid udp checksum discard 17 vxlan local mac report 17 vxlan tunnel mac learning disable 18 vxlan udp port 19 xconnect vsi 19 VXLAN IP gateway commands 20 arp distributed gateway dynamic entry synchronize 20 bandwidth 21 default 21 description 22 display interface vsi interface 23 distributed gateway local 26 gateway subnet 27 gateway vsi interface 28 interface ...

Страница 7: ...ters text Specifies a description a case sensitive string of 1 to 80 characters Examples Configure a description for VSI vpn1 Sysname system view Sysname vsi vpn1 Sysname vsi vpn1 description vsi for vpn1 Related commands display l2vpn vsi display l2vpn interface Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs Syntax display l2vpn interface v...

Страница 8: ...r all Layer 3 interfaces that are mapped to VSIs Sysname display l2vpn interface Total number of interfaces 2 1 up 1 down Interface Owner Link ID State Type GE1 2 5 1 vxlan3 1 Up VSI GE1 2 5 2 vxlan4 2 Down VSI Table 1 Command output Field Description Interface Layer 3 interface name Owner VSI name Link ID The interface s link ID on the VSI State Physical state of the interface Up The interface is...

Страница 9: ...s If you do not specify a VSI this command displays MAC address entries for all VSIs dynamic Specifies dynamic MAC address entries learned in the data plane If you do not specify this keyword the command displays all MAC address entries including Dynamic remote and local MAC entries Manually added static remote MAC entries VXLAN does not support static local MAC entries count Displays the number o...

Страница 10: ...i Use display l2vpn vsi to display information about VSIs Syntax display l2vpn vsi name vsi name verbose Views Any view Predefined user roles network admin network operator context admin context operator Parameters name vsi name Specifies a VSI by its name a case sensitive string of 1 to 31 characters If you do not specify a VSI this command displays information about all VSIs verbose Displays det...

Страница 11: ...Gateway Interface VSI interface 100 VXLAN ID 10 Tunnels Tunnel Name Link ID State Type Flood Proxy Split horizon Tunnel1 0x5000001 Up Manual Disabled Enabled Tunnel2 0x5000002 Up Manual Disabled Enabled ACs AC Link ID State GE1 2 5 1 0 Up Table 5 Command output Field Description VSI Description Description of the VSI If the VSI does not have a description the command does not display this field VS...

Страница 12: ... The VTEP floods unknown unicast frames only to local sites Gateway Interface VSI interface name State Tunnel state Up The tunnel is operating correctly Blocked The tunnel is a backup tunnel Its tunnel interface is up but the tunnel is blocked because the primary tunnel is operating correctly Defect The tunnel interface is up but BFD cannot detect the remote VTEP This state is not supported in the...

Страница 13: ...tunnels associated with the specified VXLAN Examples Display VXLAN tunnel information for all VXLANs Sysname display vxlan tunnel Total number of VXLANs 1 VXLAN ID 10 VSI name vpna Total tunnels 3 3 up 0 down 0 defect 0 blocked Tunnel name Link ID State Type Flood proxy Split horizon Tunnel1 0x5000001 Up Manual Disabled Enabled Tunnel2 0x5000002 Up Manual Disabled Enabled Display VXLAN tunnel info...

Страница 14: ...server replicates and forwards flood traffic to remote VTEPs Disabled Flood proxy is disabled Split horizon State of split horizon Enabled Split horizon is enabled on the VXLAN tunnel The VXLAN tunnel does not forward the traffic that is received on other VXLAN tunnels Disabled Split horizon is disabled on the VXLAN tunnel The VXLAN tunnel forwards the traffic that is received on other VXLAN tunne...

Страница 15: ...able Default L2VPN is disabled Views System view Predefined user roles network admin context admin Usage guidelines You must enable L2VPN before you can configure L2VPN settings Examples Enable L2VPN Sysname system view Sysname l2vpn enable mac address static vsi Use mac address static vsi to add a static remote MAC address entry for a VXLAN VSI Use undo mac address static vsi to remove static rem...

Страница 16: ...address is the MAC address of a VM in a remote site Remote MAC entries can be manually added or dynamically learned When you add a remote MAC address entry make sure the specified VSI s VXLAN has been assigned the specified VXLAN tunnel The undo mac address static vsi vsi name command removes all static MAC address entries for a VSI Examples Add MAC address 000f e201 0101 to VSI vsi1 Specify Tunne...

Страница 17: ...400 bytes for VSI vxlan1 Sysname system view Sysname vsi vxlan1 Sysname vsi vxlan1 mtu 1400 Related commands display l2vpn vsi reserved vxlan Use reserved vxlan to specify a reserved VXLAN Use undo reserved vxlan to restore the default Syntax reserved vxlan vxlan id undo reserved vxlan Default No VXLAN has been reserved Views System view Predefined user roles network admin context admin Parameters...

Страница 18: ... limit or the device learns incorrect MAC addresses Examples Clear the dynamic MAC address entries on VSI vpn1 Sysname reset l2vpn mac address vsi vpn1 Related commands display l2vpn mac address vsi selective flooding mac address Use selective flooding mac address to enable selective flood for a MAC address Use undo selective flooding mac address to disable selective flood for a MAC address Syntax...

Страница 19: ...hut down a VSI Use undo shutdown to bring up a VSI Syntax shutdown undo shutdown Default VSIs are not manually shut down Views VSI view Predefined user roles network admin context admin Usage guidelines Use this command to temporarily disable a VSI to provide Layer 2 switching services The shutdown action does not change settings on the VSI You can continue to configure the VSI After you bring up ...

Страница 20: ...st traffic to each tunnel in the VXLAN You can assign multiple VXLAN tunnels to a VXLAN and configure a VXLAN tunnel to trunk multiple VXLANs Examples Assign VXLAN tunnels 1 and 2 to VXLAN 10000 Sysname system view Sysname vsi vpna Sysname vsi vpna vxlan 10000 Sysname vsi vpna vxlan 10000 tunnel 1 Sysname vsi vpna vxlan 10000 tunnel 2 Related commands display vxlan tunnel tunnel global source addr...

Страница 21: ...e undo vsi to delete a VSI Syntax vsi vsi name undo vsi vsi name Default No VSIs exist Views System view Predefined user roles network admin context admin Parameters vsi name Specifies a VSI name a case sensitive string of 1 to 31 characters Usage guidelines A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP A VSI has all functions of a physical Ethernet swi...

Страница 22: ...e VXLAN for a VSI The VXLAN ID for each VSI must be unique Examples Create VXLAN 10000 for VSI vpna and enter VXLAN view Sysname system view Sysname vsi vpna Sysname vsi vpna vxlan 10000 Sysname vsi vpna vxlan 10000 Related commands vsi vxlan fast forwarding enable Use vxlan fast forwarding enable to enable VXLAN fast forwarding Use undo vxlan fast forwarding enable to disable VXLAN fast forwardin...

Страница 23: ...ard to enable the device to drop the VXLAN packets that fail UDP checksum check Use undo vxlan invalid udp checksum discard to restore the default Syntax vxlan invalid udp checksum discard undo vxlan invalid udp checksum discard Default The device does not check the UDP checksum of VXLAN packets Views System view Predefined user roles network admin context admin Usage guidelines This command enabl...

Страница 24: ...g and output rules including output destinations For more information about configuring the information center see Network Management and Monitoring Configuration Guide Examples Enable local MAC logging Sysname system view Sysname vxlan local mac report vxlan tunnel mac learning disable Use vxlan tunnel mac learning disable to disable remote MAC address learning Use undo vxlan tunnel mac learning ...

Страница 25: ...Parameters port number Specifies a UDP port number in the range of 1 to 65535 As a best practice specify a port number in the range of 1024 to 65535 to avoid conflict with well known ports Usage guidelines You must configure the same destination UDP port number on all VTEPs in a VXLAN Examples Set the destination UDP port number to 6666 for VXLAN packets Sysname system view Sysname vxlan udp port ...

Страница 26: ...Sysname vsi vpn1 quit Sysname interface gigabitethernet 1 2 5 1 Sysname GigabitEthernet1 2 5 1 xconnect vsi vpn1 Related commands display l2vpn interface vsi VXLAN IP gateway commands arp distributed gateway dynamic entry synchronize Use arp distributed gateway dynamic entry synchronize to enable dynamic ARP entry synchronization for distributed VXLAN IP gateways Use undo arp distributed gateway d...

Страница 27: ...roxy arp enable Layer 3 IP Services Command Reference bandwidth Use bandwidth to set the expected bandwidth for a VSI interface Use undo bandwidth to restore the default Syntax bandwidth bandwidth value undo bandwidth Default The expected bandwidth in kbps equals the interface baudrate divided by 1000 Views VSI interface view Predefined user roles network admin context admin Parameters bandwidth v...

Страница 28: ...re their default settings 3 If the restoration attempt still fails follow the error message instructions to resolve the problem Examples Restore the default settings for VSI interface 100 Sysname system view Sysname interface vsi interface 100 Sysname Vsi interface100 default This command will restore the default settings Continue Y N y description Use description to configure the description of a...

Страница 29: ...faces If you specify a VSI interface this command displays information about the specified interface For more information about VA interfaces see PPP configuration in PPP and PPPoE Configuration Guide brief Display brief interface information If you do not specify this keyword the command displays detailed interface information description Displays complete interface descriptions If you do not spe...

Страница 30: ...nternet address ip address mask length Type IP address of the interface and type of the address in parentheses Possible IP address types include Primary Manually configured primary IP address Sub Manually configured secondary IP address If the interface has both primary and secondary IP addresses the primary IP address is displayed If the interface has only secondary IP addresses the lowest second...

Страница 31: ...rief information about all VSI interfaces Sysname display interface vsi interface brief Brief information on interfaces in route mode Link ADM administratively down Stby standby Protocol s spoofing Interface Link Protocol Primary IP Description Vsi100 DOWN DOWN Display brief information and complete description for VSI interface 100 Sysname display interface vsi interface 100 brief description Bri...

Страница 32: ...en manually shut down by using the shutdown command To restore the physical state of the interface use the undo shutdown command Not connected The interface is not mapped to any VSI or the mapped VSI does not have any AC or VXLAN tunnel Related commands reset counters interface vsi interface distributed gateway local Use distributed gateway local to specify a VSI interface as a distributed gateway...

Страница 33: ...t s IP address are identical to the do care bits in the specified subnet address the packet is assigned to the VSI All don t care bits are ignored The 0s and 1s in a wildcard mask can be noncontiguous For example 0 255 0 255 is a valid wildcard mask ipv6 address prefix length Specifies an IPv6 subnet address and the address prefix length in the range of 1 to 128 Usage guidelines You must configure...

Страница 34: ...8191 Usage guidelines A VSI can have only one gateway interface Multiple VSIs can share a gateway interface Examples Specify VSI interface 100 as the gateway interface for VSI vpna Sysname system view Sysname vsi vpna Sysname vsi vpna gateway vsi interface 100 Related commands interface vsi interface interface vsi interface Use interface vsi interface to create a VSI interface and enter its view o...

Страница 35: ...gn a MAC address to a VSI interface Use undo mac address to restore the default Syntax mac address mac address undo mac address Default The MAC address of a VSI interface is the bridge MAC address Views VSI interface view Predefined user roles network admin context admin Parameters mac address Specifies a MAC address in H H H format Examples Assign MAC address 0001 0001 0001 to VSI interface 100 S...

Страница 36: ...fined user roles network admin context admin Parameters vsi interface vsi interface id Specifies a VSI interface by its number Make sure the specified VSI interface has been created on the device If you do not specify the vsi interface vsi interface id option this command clears packet statistics on all interfaces except for VA interfaces If you specify only the vsi interface keyword this command ...

Страница 37: ...Sysname interface vsi interface 100 Sysname Vsi interface100 shutdown vtep group member local Use vtep group member local to assign the local VTEP to a VTEP group Use undo vtep group member local to remove the local VTEP from a VTEP group Syntax vtep group group ip member local member ip undo vtep group group ip member local Default A VTEP is not assigned to any VTEP group Views System view Predef...

Страница 38: ... a VTEP group and its member VTEPs Syntax vtep group group ip member remote member ip 1 8 undo vtep group group ip member remote Default No VTEP group is specified Views System view Predefined user roles network admin context admin Parameters group ip Specifies a VTEP group by its group IP address member ip 1 8 Specifies a space separated list of up to eight member VTEP IP addresses Examples Speci...

Страница 39: ...erfaces To save resources on VTEPs in an SDN transport network you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries After the entry synchronization is completed use the undo vxlan tunnel arp learning disable command to enable remote ARP learning As a best practice disable remote ARP learning for VXLANs only when the controller and VTEPs are synchr...

Отзывы:

Нет отзывов

Похожие инструкции для SecPath F5000-AK Series

Бренд: Watchguard Страницы: 18

Бренд: Watchguard Страницы: 181

Бренд: Watchguard Страницы: 38

Бренд: Draytek Страницы: 1

Бренд: IBASE Technology Страницы: 64

Photosmart 7500

Бренд: HP Страницы: 84

Бренд: ZyXEL Communications Страницы: 4

Бренд: PaloAlto Networks Страницы: 34

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды