H3C SOHO IE4300 Скачать руководство пользователя страница 882 | Manualshive

Страница: 882 / 3296

background image

27

Default

SYN Cookie is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A TCP connection is established through a three-way handshake:

1.

The sender sends a SYN packet to the server.

2.

The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED
state, and replies with a SYN ACK packet to the sender.

3.

The sender receives the SYN ACK packet and replies with an ACK packet. Then, a TCP
connection is established.

An attacker can exploit this mechanism to mount SYN flood attacks. The attacker sends a large
number of SYN packets, but they do not respond to the SYN ACK packets from the server. As a
result, the server establishes a large number of TCP semi-connections and cannot handle normal
services.

SYN Cookie can protect the server from SYN flood attacks. When the server receives a SYN packet,
it responds to the request with a SYN ACK packet without establishing a TCP semi-connection.

The server establishes a TCP connection and enters ESTABLISHED state only when it receives an
ACK packet from the sender.

Examples

# Enable SYN Cookie.

<Sysname> system-view

[Sysname] tcp syn-cookie enable

tcp timer fin-timeout

Use

tcp timer fin-timeout

to set the TCP FIN wait timer.

Use

undo tcp timer fin-timeout

to restore the default.

Syntax

tcp timer fin-timeout

time-value

undo tcp timer fin-timeout

Default

The TCP FIN wait timer is 675 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time-value

: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds.

«
...
880
881
882
883
884
...
»

Содержание SOHO IE4300

Страница 1: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series Fundamentals Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 2: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 3: ...Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual values Square bracket...

Страница 4: ...to hardware or software IMPORTANT An alert that calls attention to essential information NOTE An alert that contains additional or supplementary information TIP An alert that provides helpful informat...

Страница 5: ...IPS or ACG module Examples provided in this document Examples in this document might use devices that differ from your device in hardware model configuration or software version It is normal that the...

Страница 6: ...ias 1 display by linenum begin exclude include 2 display 4 display 5 display alias 6 display history command 6 display history command all 7 display hotkey 8 hotkey 9 quit 11 repeat 11 return 13 scree...

Страница 7: ...lay write save Views System view Predefined user roles network admin Parameters alias Specifies an alias a case sensitive string of 1 to 20 characters An alias cannot be alias or contain spaces comman...

Страница 8: ...and verify the configuration Sysname system view Sysname alias shiprt display ip routing table Sysname shiprt Destinations 13 Routes 13 Destination Mask Proto Pre Cost NextHop Interface 0 0 0 0 32 Dir...

Страница 9: ...ular expressions to filter the output and display a number before each output line For more information about regular expressions see Fundamentals Configuration Guide If you specify multiple filter co...

Страница 10: ...splay available keywords and arguments enter display filename Specifies the name of the file that is used to save the output a string of 1 to 63 characters Usage guidelines The display commands show t...

Страница 11: ...use display to save the output to a file If the specified file does not exist the system creates the file and saves the output to the file If the file already exists the system appends the output to...

Страница 12: ...splay alias Index Alias Command key 1 access list acl 2 end return 3 erase delete 4 exit quit 5 hostname sysname 6 logging info center 7 no undo 8 shinc display 1 include 2 9 show display 10 sirt disp...

Страница 13: ...and system view vlan 2 quit Related commands history command max size display history command all Use display history command all to display all commands that are saved in the command history buffer f...

Страница 14: ...ory command display hotkey Use display hotkey to display hotkey information Syntax display hotkey Views Any view Predefined user roles network admin network operator Examples Display hotkey informatio...

Страница 15: ...nction function none undo hotkey hotkey Default Table 3 shows the default definitions for hotkeys Table 3 Default definitions for hotkeys Hotkey Function or command Ctrl A move_the_cursor_to_the_begin...

Страница 16: ...he word Esc F move_the_cursor_forward_one_word Moves the cursor forward one word Views System view Predefined user roles network admin Parameters hotkey Specifies a hotkey To display the supported hot...

Страница 17: ...hotkey ctrl_a none Related commands display hotkey quit Use quit to return to the upper level view Syntax quit Views Any view Predefined user roles network admin network operator Usage guidelines Exe...

Страница 18: ...er the view for the first command The repeat command executes commands in the order they were executed The system waits for your interaction when it repeats an interactive command Examples Configure t...

Страница 19: ...r view from the Python shell execute the exit command in the Python shell Examples Return to user view from GigabitEthernet 1 0 1 interface view Sysname GigabitEthernet1 0 1 return Sysname screen leng...

Страница 20: ...ogged out the default is restored Examples Disable pausing between screens of output for the current CLI session Sysname screen length disable Related commands screen length system view Use system vie...

Страница 21: ...ature 13 interface policy deny 14 permit interface 15 permit vlan 16 permit vpn instance 18 role 19 role default role enable 20 role feature group 21 rule 22 super 26 super authentication mode 26 supe...

Страница 22: ...default Syntax description text undo description Default A user role does not have a description Views User role view Predefined user roles network admin Parameters text Specifies a description a case...

Страница 23: ...eny W feature ldap 3 permit command system radius sc 4 permit R xml element 5 permit RW oid 1 2 1 R Read W Write X Execute Display information about all user roles Sysname display role Role network ad...

Страница 24: ...tem view local user sys 15 permit R web menu sys 16 permit R xml element sys 17 deny command display security logfile summary sys 18 deny command system view info center security logfile directory sys...

Страница 25: ...AN policy permit default Interface policy permit default VPN instance policy permit default Role level 3 Description Predefined level 3 role VLAN policy permit default Interface policy permit default...

Страница 26: ...ure device sys 3 deny RWX feature filesystem sys 4 permit command display sys 5 deny command display history command all R Read W Write X Execute Role level 10 Description Predefined level 10 role VLA...

Страница 27: ...irectory sys 6 deny command security logfile save sys 7 permit RW oid 1 R Read W Write X Execute Role security audit Description Predefined security audit role only has access to commands for the secu...

Страница 28: ...tguestaccount sys 7 permit RWX xml element useraccounts exportguesttemplet sys 8 permit RWX xml element rpc sys 9 deny command R Read W Write X Execute Table 1 Command output Field Description Role Us...

Страница 29: ...y W Write X Execute Scope Rule control scope command Controls access to the command or commands as specified in the Entity field feature Controls access to the commands of the feature as specified in...

Страница 30: ...feature Sysname display role feature verbose Feature device Device configuration related commands display clock R debugging dev W display debugging dev R display device R display diagnostic informati...

Страница 31: ...rt with the display user group keywords in user view display debugging local server All commands that start with the display debugging local server keywords in user view debugging local server All com...

Страница 32: ...ture stp STP related commands Feature lldp LLDP related commands Feature dldp DLDP related commands Feature cfm CFM related commands Feature eoam EOAM related commands Feature smart link Smart link re...

Страница 33: ...st vlan W reset l2 multicast W debugging igmp snooping W display debugging igmp snooping R system view probe debugging system internal igmp snooping W Feature mld snooping MLD Snooping related command...

Страница 34: ...o feature to remove a feature from a feature group Syntax feature feature name undo feature feature name Default A user defined feature group does not have any features Views Feature group view Predef...

Страница 35: ...2 Use permit interface to specify accessible interfaces You can perform the following tasks on an accessible interface Create remove or configure the interface Enter interface view Specify the interf...

Страница 36: ...ce must meet the following requirements Be the same type as the start interface Have a higher interface number than the start interface Usage guidelines To permit a user role to access an interface af...

Страница 37: ...that you can enter GigabitEthernet 1 0 1 interface view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 quit Verify that you can assign GigabitEthernet 1 0 5 to VLAN 10 In this e...

Страница 38: ...after the change By default all access ports belong to VLAN 1 To assign an access port to any other VLAN by using the port access vlan command make sure you have a user role that can access both VLAN...

Страница 39: ...a VPN instance after you configure the vpn instance policy deny command you must add the VPN instance to the permitted VPN instance list of the policy With the user role you can perform the following...

Страница 40: ...nstance vpn1 Sysname radius radius1 quit Verify that you cannot create VPN instance vpn2 or enter VPN instance view Sysname ip vpn instance vpn2 Permission denied Related commands display role role vp...

Страница 41: ...o enable the default user role feature for remote AAA users Use undo role default role enable to restore the default Syntax role default role enable role name undo role default role enable Default The...

Страница 42: ...nd L3 exist Views System view Predefined user roles network admin Parameters name feature group name Specifies a feature group name The feature group name argument is a case sensitive string of 1 to 3...

Страница 43: ...function or program The ping command is an example of execute commands read Specifies the read commands Web menus XML elements or MIB nodes to display configuration or maintenance information The disp...

Страница 44: ...role rules User role rules include predefined identified by sys n and user defined user role rules You can configure a maximum of 256 user defined rules for a user role The total number of user defin...

Страница 45: ...em view before you enter interface view To specify all commands starting with the ip keyword in any interface view you must use the system interface ip command string For another example the system ra...

Страница 46: ...ample rule 1 permit command display debugging log can never find a match This is because the system has a display debugging command but not a display debugging log command Examples Permit user role ro...

Страница 47: ...ou must configure user role authentication If no local password is configured in the local password authentication local an AUX user can obtain the user role by either entering a string or not enterin...

Страница 48: ...rver does not respond or if the AAA configuration on the device is invalid local scheme Enables local then remote authentication mode The device first performs local password authentication If no pass...

Страница 49: ...do not specify a user role for the command Examples Specify network operator as the default target user role for temporary user role authorization Sysname system view Sysname super default role networ...

Страница 50: ...igure local password authentication for temporary user role authorization It is a good practice to specify different passwords for different user roles When the global password control feature is enab...

Страница 51: ...user role authorization from a remote authentication server will fail This command does not take effect on local password authentication for temporary user role authorization Examples Enable the devi...

Страница 52: ...ect only on users who log in with the user role after the change Examples Enter user role VLAN policy view of role1 and deny the access of role1 to any VLANs Sysname system view Sysname role name role...

Страница 53: ...llowing tasks on an accessible VPN instance Create remove or configure the VPN instance Enter VPN instance view Specify the VPN instance in feature commands Any change to a user role VPN instance poli...

Страница 54: ...p http enable 24 ip http port 25 ip https acl 25 ip https certificate access control policy 26 ip https enable 27 ip https port 28 ip https ssl server policy 28 line 29 line class 30 lock 31 lock reau...

Страница 55: ...ii user interface 51 user interface class 52 user role 54 web captcha 55 web https authorization mode 55 web idle timeout 56 webui log enable 57...

Страница 56: ...inal session activation key Pressing this shortcut key starts a terminal session Use undo activation key to restore the default Syntax activation key key string undo activation key Default The termina...

Страница 57: ...n key command Table 1 ASCII code values for combined keys that use the Ctrl key Combined key ASCII code value Ctrl A 1 Ctrl B 2 Ctrl C 3 Ctrl D 4 Ctrl E 5 Ctrl F 6 Ctrl G 7 Ctrl H 8 Ctrl I 9 Ctrl J 10...

Страница 58: ...ssion 4 Press s A terminal session is started Sysname authentication mode Use authentication mode to set the authentication mode for a user line Use undo authentication mode to restore the default Syn...

Страница 59: ...gs for the commands in VTY line class view take effect If the settings of the two commands in VTY line view are both non default settings the non default settings in VTY line view take effect If only...

Страница 60: ...ice will automatically execute the specified command when a user logs in through the user line and close the user connection after the command is executed This command is not supported in AUX line vie...

Страница 61: ...ctly logging in to the device at 192 168 1 41 through Telnet When you close the Telnet connection to 192 168 1 41 the Telnet connection to 192 168 1 40 is closed at the same time command accounting Us...

Страница 62: ...thorization Default Command authorization is disabled Logged in users can execute commands without authorization Views User line view User line class view Predefined user roles network admin Usage gui...

Страница 63: ...character 7 Uses seven data bits for a character 8 Uses eight data bits for a character Usage guidelines This command is not supported in VTY line class view This setting must be the same as the sett...

Страница 64: ...ay ip https Use display ip https to display HTTPS service configuration and status information Syntax display ip https Views Any view Predefined user roles network admin network operator Examples Disp...

Страница 65: ...nformation Syntax display line number1 aux usb vty number2 summary Views Any view Predefined user roles network admin network operator Parameters number1 Specifies the absolute number of a user line T...

Страница 66: ...ays a hyphen Location Physical position of the line in the form of slot number CPU number Display summary information about all user lines Sysname display line summary Line type AUX 0 XXXX XXXX XX Lin...

Страница 67: ...Views Any view Predefined user roles network admin network operator Parameters number1 Specifies the absolute number of a user line The value range is 0 to 83 aux Specifies the AUX line usb Specifies...

Страница 68: ...nt Physical port for the line If there is no physical port for the line or the port is a console port this field displays a hyphen Location Physical position of the line in the form of slot number CPU...

Страница 69: ...list network admin network operator Location 192 168 1 107 VTY 2 User role list level 0 network admin network operator Location 192 168 1 134 Current operation user F Current operation user works in...

Страница 70: ...Web interface navigation tree If you do not specify this keyword the command displays information about the English Web interface navigation tree Usage guidelines This command displays all options on...

Страница 71: ..._ipv6dns Mirroring ID m_mirror Port Mirroring ID m_portmirror Routing ID m_routing Routing Table ID m_routingtable Static Routing ID m_staticrouting RIP ID m_rip Policy Based Routing ID m_pbr Multicas...

Страница 72: ...ard Access Control ID m_access 802 1X ID m_8021x MAC Authentication ID m_maca Port Security ID m_portsec Portal ID m_portal Authentication ID m_authentication ISP Domains ID m_ispdomain RADIUS ID m_ra...

Страница 73: ...t key you must specify the ASCII code value of the character for this argument For information about ASCII code values of individual characters see the standard ASCII code chart For information about...

Страница 74: ...acter a as the escape key for VTY line 0 Sysname system view Sysname line vty 0 Sysname line vty0 escape key a To verify the configuration 1 Ping IP address 192 168 1 80 specifying the c keyword to se...

Страница 75: ...les Configure software flow control in the inbound and outbound directions for AUX line 0 Sysname system view Sysname line aux 0 Sysname line aux0 flow control software free line Use free line to rele...

Страница 76: ...his command is an older version reserved for backward compatibility purposes It has the same functionality and output as the free line command As a best practice use the free line command Examples Rel...

Страница 77: ...o store commands successfully executed by its user The buffer size determines how many history commands the buffer can store To display history commands in the buffer for your session press the up or...

Страница 78: ...e class view A non default setting in either view takes precedence over a default setting in the other view A non default setting in user line view takes precedence over a non default setting in user...

Страница 79: ...pplies only to non VPN packets Examples Use ACL 2001 to allow only users from 10 10 0 0 16 to access the device through HTTP Sysname system view Sysname acl basic 2001 Sysname acl ipv4 basic 2001 rule...

Страница 80: ...o 65535 Usage guidelines This command is not supported in FIPS mode When the HTTP service is enabled changing the HTTP service port number re enables the HTTP service and closes all HTTP connections T...

Страница 81: ...applies only to the packets of the VPN instance If no VPN instance is specified in an ACL rule the ACL rule applies only to non VPN packets If you execute this command multiple times the most recent c...

Страница 82: ...tps enable Default The HTTPS service is disabled Views System view Predefined user roles network admin Usage guidelines To allow users to access the device through HTTPS you must enable the HTTPS serv...

Страница 83: ...TPS and HTTP connections To log in again users must enter the new URL in the Web browser s address bar Examples Set the HTTPS service port number to 8080 Sysname system view Sysname ip https port 8080...

Страница 84: ...ber2 Views System view Predefined user roles network admin Parameters first number1 Specifies the absolute number of the first user line The value range is 0 to 83 last number1 Specifies the absolute...

Страница 85: ...o execute command authentication mode command accounting command authorization escape key history command max size idle timeout protocol inbound screen length set authentication password shell termina...

Страница 86: ...ne 0 restore the default terminal session activation key Sysname line aux 0 Sysname line aux0 undo activation key Alternatively you can use the following command Sysname line aux0 activation key 13 To...

Страница 87: ...hentication Use lock reauthentication to lock the current user line and enable unlocking authentication Syntax lock reauthentication Default The system does not lock any user lines or initiate reauthe...

Страница 88: ...aracters see the standard ASCII code chart For information about ASCII code values of combined keys that use the Ctrl key see Table 1 Usage guidelines As a best practice specify a combined key as the...

Страница 89: ...twork admin Parameters even Uses even parity mark Uses mark parity none Uses no parity odd Uses odd parity space Uses space parity Usage guidelines This command is not supported in VTY line view The c...

Страница 90: ...with the authentication mode command If you specify a non default value for one of the two commands the other command uses the default setting regardless of the setting in VTY line class view If the...

Страница 91: ...d in without authentication 2 Display online CLI user information Server display users Idx Line Idle Time Pid Type 50 VTY 0 00 00 00 Jan 17 15 29 27 189 TEL Following are more details VTY 0 User role...

Страница 92: ...https enable undo restful https enable Default RESTful access over HTTPS is disabled Views System view Predefined user roles network admin Usage guidelines For users to access the device through the...

Страница 93: ...eens of output is enabled This command is available in both user line view and user line class view A non default setting in either view takes precedence over a default setting in the other view A non...

Страница 94: ...t the system in 3 minutes Send message Y N y The message should appear on the user s terminal screen as follows Sysname Message from vty0 to vty1 Your attention please I will reboot the system in 3 mi...

Страница 95: ...It takes effect for subsequent login sessions Examples Set the password to hello12345 for local password authentication on VTY line 0 Sysname system view Sysname line vty 0 Sysname line vty0 authentic...

Страница 96: ...sion rate is 9600 bps on a user line Views User line view Predefined user roles network admin Parameters speed value Specifies the transmission rate in bps Supported transmission rates depend on the n...

Страница 97: ...If you specify this keyword two stop bits are used 2 Uses two stop bits Usage guidelines This command is not supported in VTY line view The configuration terminal and the device must use the same numb...

Страница 98: ...e source IPv4 address for outgoing Telnet packets ip ip address Specifies the source IPv4 address for outgoing Telnet packets dscp dscp value Specifies a DSCP value for outgoing Telnet packets The val...

Страница 99: ...Predefined user roles network admin Parameters remote host Specifies the IPv6 address or host name of a remote host A host name can be a case insensitive string of 1 to 253 characters Valid character...

Страница 100: ...elnet server acl Default No ACL is used to filter Telnet logins Views System view Predefined user roles network admin Parameters mac Specifies a Layer 2 ACL To specify an ACL of a different type do no...

Страница 101: ...d by the Telnet login control ACL Views System view Predefined user roles network admin Usage guidelines Only clients permitted by the Telnet login control ACL can Telnet to the device This logging fe...

Страница 102: ...mples Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server Sysname system view Sysname telnet server dscp 30 telnet server enable Use telnet server enable to enable...

Страница 103: ...es not have rules all users can Telnet to the device To control Telnet logins specify an ACL that exists and has rules so only users permitted by the ACL can Telnet to the device If a VPN instance is...

Страница 104: ...on a Telnet server Sysname system view Sysname telnet server ipv6 dscp 30 telnet server ipv6 port Use telnet server ipv6 port to specify the IPv6 Telnet service port number Use undo telnet server ipv...

Страница 105: ...he value can be 23 or in the range of 1025 to 65535 Usage guidelines This command terminates all existing Telnet connections to the IPv4 Telnet server To use the Telnet service users must reestablish...

Страница 106: ...ame line vty0 terminal type vt100 user interface Use user interface to enter one or multiple user line views Syntax user interface first number1 last number1 aux usb vty first number2 last number2 Vie...

Страница 107: ...x user interface class aux usb vty Views System view Predefined user roles network admin Parameters aux Specifies the AUX line class view usb Specifies the USB line vty Specifies the VTY line class vi...

Страница 108: ...Examples Set the CLI connection idle timeout timer to 15 minutes in VTY line class view Sysname system view Sysname user interface class vty Sysname line class vty idle timeout 15 In AUX line class v...

Страница 109: ...user line class view If you do not specify this argument the undo user role command restores the default user role Usage guidelines This command is not supported in FIPS mode Only users assigned the n...

Страница 110: ...xed verification code to improve test efficiency For Web access security purposes do not use this feature in production environments If you execute the web captcha command multiple times the most rece...

Страница 111: ...nvalid for example expired the device closes the HTTPS connection Examples Set the HTTPS login authentication mode to auto Sysname system view Sysname web https authorization mode auto web idle timeou...

Страница 112: ...for example system time change The device outputs log messages as indicated by information center settings Web operations that can trigger Web operation logging depend on the device model A Web opera...

Страница 113: ...ssl server policy 7 ftp timeout 7 FTP client commands 8 8 append 9 ascii 10 binary 10 bye 11 cd 11 cdup 12 close 13 debug 13 delete 14 dir 14 disconnect 15 display ftp client source 16 ftp 16 ftp clie...

Страница 114: ...ii tftp client ipv6 source 41 tftp client source 41 tftp ipv6 42 tftp server acl 44 tftp server ipv6 acl 44...

Страница 115: ...p server Views Any view Predefined user roles network admin network operator Examples Display FTP server configuration and status information Sysname display ftp server FTP server is running User coun...

Страница 116: ...cters Sysname display ftp user UserName HostIP Port HomeDir user2 2000 2000 2000 1499 flash user2 2000 2000 2000 2000 2000 administra 100 100 100 100 10001 flash 123456789 123456789 123456789 tor 1234...

Страница 117: ...addresses of FTP connections execute the display ftp user command port port Specifies the source port of an FTP connection To view the source ports of FTP connections execute the display ftp user comm...

Страница 118: ...ifies a basic IPv4 ACL number in the range of 2000 to 2999 ipv6 advanced acl number Specifies an advanced IPv6 ACL number in the range of 3000 to 3999 ipv6 basic acl number Specifies a basic IPv6 ACL...

Страница 119: ...enerates log messages for FTP login attempts that are denied by the FTP login control ACL For information about log message output see the information center in Network Management and Monitoring Confi...

Страница 120: ...er Use undo ftp server enable to disable the FTP server Syntax ftp server enable undo ftp server enable Default The FTP server is disabled Views System view Predefined user roles network admin Example...

Страница 121: ...default Syntax ftp server ssl server policy policy name undo ftp server ssl server policy Default No SSL server policy is associated with the FTP server Views System view Predefined user roles networ...

Страница 122: ...mands For FTP users to execute FTP client configuration commands you must configure authorization settings for users on the FTP server Authorized operations include viewing the files in the working di...

Страница 123: ...rectory Related commands help append Use append to add the content of a file on the FTP client to a file on the FTP server Syntax append localfile remotefile Views FTP client view Predefined user role...

Страница 124: ...is determined by the FTP client When the device acts as the FTP client you can set the transfer mode The transfer mode is binary by default Examples Set the file transfer mode to ASCII ftp ascii 200...

Страница 125: ...shed between the device and the FTP server use this command to return to user view Syntax bye Views FTP client view Predefined user roles network admin Examples Terminate the connection to the FTP ser...

Страница 126: ...older subdirectory of the FTP root directory ftp cd folder 250 OK Current directory is folder Change the working directory to the upper directory of the current directory ftp cd 250 OK Current directo...

Страница 127: ...the connection to the FTP server without exiting the FTP client view ftp close 221 Goodbye You uploaded 0 and downloaded 0 kbytes 221 Logout ftp Related commands disconnect debug Use debug to enable o...

Страница 128: ...delete a file from the FTP server make sure the file is no longer in use You can perform this operation only after you log in to the FTP server To perform this operation you must have delete permissi...

Страница 129: ...0201 rwxr xr x 1 0 0 1481 Jul 7 15 36 a txt drwxr xr x 2 0 0 8192 Jul 2 14 33 diagfile drwxr xr x 3 0 0 8192 Jul 7 15 21 ftp drwxr xr x 2 0 0 8192 Jul 5 09 15 logfile drwxr xr x 2 0 0 8192 Jul 2 14 33...

Страница 130: ...display the source address settings on the FTP client Syntax display ftp client source Views Any view Predefined user roles network admin network operator Examples Display the source address settings...

Страница 131: ...s the source address To establish the FTP connection successfully make sure the interface is up and has the primary IPv4 address configured ip source ip address Specifies an IPv4 address To establish...

Страница 132: ...Pv6 address as defined in RFC 3484 Views System view Predefined user roles network admin Parameters interface interface type interface number Specifies an interface by its type and number The device w...

Страница 133: ...s primary IPv4 address as the source address For successful FTP packet transmission make sure the interface is up and has the primary IPv4 address configured ip source ip address Specifies an IPv4 add...

Страница 134: ...option can be used only when the FTP server address is a link local address and the specified output interface has a link local address For information about link local addresses see Layer 3 IP Servic...

Страница 135: ...word required for root Password Apr 10 09 03 25 575 2017 Sysname FTPC 7 COMMAND PASS XXXX 230 User logged in 215 UNIX Type L8 Remote system type is UNIX Using binary mode to transfer files ftp Apr 10...

Страница 136: ...command ftp get a txt flash test b txt local flash test b txt remote a txt 150 Connecting to port 47457 226 File successfully transferred 1569 bytes received in 0 00527 seconds 290 6 kbyte s Download...

Страница 137: ...ined user roles network admin Parameters directory Changes the local working directory of the FTP client to the specified local directory There must be a slash sign before the name of the storage medi...

Страница 138: ...e ls command is the same as executing the dir command Examples Display detailed information about the files and subdirectories in the working directory on the FTP server ftp ls 150 Connecting to port...

Страница 139: ...rent directory of the FTP server ftp mkdir newdir 257 newdir The directory was successfully created newer Use newer to update a local file by using a file on the FTP server Syntax newer remotefile loc...

Страница 140: ...pecifies the TCP port number of the FTP server in the range of 0 to 65535 The default is 21 Usage guidelines After you issue this command the system will prompt you to enter the username and password...

Страница 141: ...de to passive ftp passive Passive mode on ftp passive Passive mode off put Use put to upload a file from the FTP client to the FTP server Syntax put localfile remotefile Views FTP client view Predefin...

Страница 142: ...evice Save the file as b txt on the FTP server ftp put slot2 flash test a txt b txt local slot2 flash test a txt remote b txt 150 Connecting to port 47461 226 File successfully transferred 1569 bytes...

Страница 143: ...operator Parameters remotefile Specifies a file on the FTP server localfile Specifies a local file Usage guidelines You can perform this operation only after you log in to the FTP server If a file do...

Страница 144: ...Method 1 ftp rename from name a txt to name b txt 350 RNFR accepted file exists ready for destination 250 File successfully renamed or moved Method 2 ftp rename a txt to name b txt 350 RNFR accepted...

Страница 145: ...t for this command depends on the FTP server Examples Set retransmission offset to 2 bytes and retransmit the h c file The file has 82 bytes in total ftp restart 2 restarting at 2 execute get put or a...

Страница 146: ...MD XRMD ABOR SIZE RNFR RNTO 214 UNIX Type L8 Table 3 Command output Field Description USER Username PASS Password NOOP Null operation SYST System parameters TYPE Request type CWD Changes the current w...

Страница 147: ...on the FTP server Usage guidelines CAUTION Permanently delete a directory from the FTP server with caution When you permanently delete a directory from the FTP server make sure the directory is no lo...

Страница 148: ...atus 211 FTP server status Connected to 192 168 20 177 Logged in as root TYPE ASCII No session bandwidth limit Session timeout in seconds is 300 Control connection is plain text Data connections will...

Страница 149: ...FTP command rw r r The first bit specifies the file type Common B Block c Character d Directory l Symbol connection file p Pipe s socket The second bit through the tenth bit are divided into three gr...

Страница 150: ...Prompting on Globbing off Displays debugging information Store unique off Receive unique off The name of the file on the FTP server is unique and the name of the local file is unique Case off CR strip...

Страница 151: ...initiate an FTP authentication to change to a new account By changing to a new account you can get a different privilege without re establishing the FTP connection Make sure the specified username an...

Страница 152: ...mation about FTP operations ftp verbose Verbose mode off Execute the get command ftp get a cfg 1 cfg Enable the device to display detailed information about FTP operations ftp verbose Verbose mode on...

Страница 153: ...to memory before writing it to the destination folder The system starts to write the file to the destination folder only after the file is downloaded and saved to memory successfully If the destinati...

Страница 154: ...s Download the new bin file from TFTP server 192 168 1 1 and save the file as new bin Sysname tftp 192 168 1 1 get new bin Press CTRL C to abort Total Received Xferd Average Speed Time Time Time Curre...

Страница 155: ...source ipv6 address Specifies an IPv6 address For successful TFTP packet transmission make sure this address is the IPv6 address of an interface in up state on the device Usage guidelines If you exec...

Страница 156: ...te on the device Usage guidelines If you execute this command multiple times the most recent configuration takes effect The source address specified with the tftp command takes precedence over the sou...

Страница 157: ...sitive string of 1 to 255 characters If this argument is not specified the file uses the source file name vpn instance vpn instance name Specifies the MPLS L3VPN instance to which the TFTP server belo...

Страница 158: ...admin Parameters acl number Specifies the number of a basic ACL in the range of 2000 to 2999 Usage guidelines You can use an ACL to deny or permit the device s access to specific TFTP servers If a VP...

Страница 159: ...or permit the device s access to specific TFTP servers If a VPN instance is specified in an ACL rule the ACL rule applies only to the packets of the VPN instance If no VPN instance is specified in an...

Страница 160: ...2 delete 5 dir 6 execute 7 fdisk 7 file prompt 9 fixdisk 10 format 10 gunzip 11 gzip 12 md5sum 13 mkdir 13 more 14 mount 14 move 15 pwd 16 rename 16 reset recycle bin 16 rmdir 17 sha256sum 18 tar crea...

Страница 161: ...file system wait for the ongoing operation to be completed and then use one of the following methods Use the absolute path to specify a file or directory For example use the dir flash command to disp...

Страница 162: ...es the destination directory in FIPS mode To copy the source file to a remote file server specify a URL The device copies the source file to the destination location and saves the file with its origin...

Страница 163: ...e the startup cfg file is saved in the authorized directory on the HTTP server at 1 1 1 1 The HTTP account username and password are a and 1 respectively To copy the file enter the URL http a 1 1 1 1...

Страница 164: ...directory on TFTP server 1 1 1 1 Save the copy to the local current directory as testbackup cfg The TFTP server belongs to VPN instance vpn1 Sysname copy tftp 1 1 1 1 test cfg testbackup cfg vpn insta...

Страница 165: ...he delete unreserved file command deletes a file permanently The file cannot be restored The delete file command without unreserved moves a file to the recycle bin A file moved to the recycle bin can...

Страница 166: ...ice Usage guidelines If no option is specified the command displays all visible files and directories in the current directory The directory name of the recycle bin is trash To display files in the re...

Страница 167: ...or directory name execute Use execute to execute a batch file Syntax execute filename Views System view Predefined user roles network admin Parameters filename Specifies the name of a batch file Usage...

Страница 168: ...a storage medium you must format the partitions to create the file systems before you can access the file systems The actual partition size and the specified partition size might have a difference of...

Страница 169: ...se all available space 127 Enter 127 to set the size of the second partition to 127 MB The remaining space is less than 32MB Please enter the size of partition 2 again Partition 2 32MB 96MB 128MB Pres...

Страница 170: ...ion mode to alert Sysname system view Sysname file prompt alert fixdisk Use fixdisk to check a file system for damage and repair any damage Syntax fixdisk filesystem Views User view Predefined user ro...

Страница 171: ...n delete security log files For more information about the security audit user role see RBAC in Fundamentals Configuration Guide Examples Format file system flash Sysname format flash All data on flas...

Страница 172: ...ile Specifies the name of the file to be compressed Usage guidelines This command saves the compressed file to the file gz file and deletes the source file Examples Compress file system bin 1 Before c...

Страница 173: ...name md5sum system bin MD5 digest 4f22b6190d151a167105df61c35f0917 mkdir Use mkdir to create a directory Syntax mkdir directory Views User view Predefined user roles network admin Parameters directory...

Страница 174: ...dmin Parameters file Specifies the name of a file Examples Display the contents of the test txt file Sysname more test txt Have a nice day Display the contents of the testcfg cfg file Sysname more tes...

Страница 175: ...es Mount a file system on the USB disk Sysname mount usba0 Related commands umount move Use move to move a file Syntax move source file dest file dest directory Views User view Predefined user roles n...

Страница 176: ...file source directory Specifies the name of the source directory dest file Specifies the name of the destination file dest directory Specifies the name of the destination directory Usage guidelines Th...

Страница 177: ...se The delete file command only moves a file to the recycle bin To permanently delete the file use the reset recycle bin command to delete the file from the recycle bin Examples Empty the recycle bin...

Страница 178: ...the files in the recycle bin under this directory will be deleted permanently Continue Y N y Removing directory flash test subtest Done sha256sum Use sha256sum to use the SHA 256 algorithm to calcula...

Страница 179: ...space separated list of up to five items Each item can be a file or directory name The specified files and directories must be in the current working directory Examples Archive the 1 cfg and 2 cfg fi...

Страница 180: ...st close the current connection and log in to the device again If you do not specify the screen keyword or the to directory option the command saves the extracted files and directories to the working...

Страница 181: ...reate tar extract umount Use umount to unmount a file system Syntax umount filesystem Views User view Predefined user roles network admin Parameters filesystem Specifies the name of a file system Usag...

Страница 182: ...the directory the system prompts whether or not you want to overwrite the existing file If you enter Y the existing file is overwritten If you enter N the command is not executed Examples Restore the...

Страница 183: ...startup configuration 8 configuration commit 9 configuration commit delay 10 configuration encrypt 11 configuration replace file 11 display archive configuration 12 display current configuration 14 d...

Страница 184: ...on archives For local archiving use the archive configuration location command to specify a local configuration archive directory and a name prefix For remote archiving use the archive configuration s...

Страница 185: ...automatic archive it resets the archiving interval timer Before enabling automatic configuration archiving you must use one of the following methods to specify a directory and a name prefix for the co...

Страница 186: ...a file name prefix for configuration archives a case insensitive string of 1 to 30 characters Valid characters are letters digits underscores _ and hyphens Usage guidelines Before archiving the runni...

Страница 187: ...tem view Sysname archive configuration location flash archive filename prefix my_archive Related commands archive configuration archive configuration interval archive configuration max display archive...

Страница 188: ...commands archive configuration archive configuration location archive configuration interval display archive configuration archive configuration server Use archive configuration server to configure t...

Страница 189: ...archive configuration interval command On the specified remote SCP server configuration archives are named in the format of filename prefix_YYYYMMDD_HHMMSS cfg for example archive_20170526_203430 cfg...

Страница 190: ...imple Specifies a password in plaintext form For security purposes the password specified in plaintext form will be stored in encrypted form string Specifies the password Its plaintext form is a case...

Страница 191: ...st filename vpn instance vpn instance name Views User view Predefined user roles network admin Parameters ipv4 server Specifies a TFTP server by its IPv4 address or host name The host name is a case i...

Страница 192: ...in startup configuration file to 2001 2 Done Related commands restore startup configuration configuration commit Use configuration commit to commit the settings configured after the configuration comm...

Страница 193: ...misconfiguration from causing the inability to access the device and is especially useful when you configure the device remotely When you use this feature follow these restrictions and guidelines In...

Страница 194: ...evice to automatically encrypt a configuration file when saving the running configuration to the file Any devices running Comware 7 software can decrypt the encrypted configuration file To prevent an...

Страница 195: ...lly compatible with the device If the replacement configuration file is encrypted make sure the device can decrypt it Examples Replace the running configuration with the configuration in the my_archiv...

Страница 196: ...ndicates the most recent archive file Table 1 Command output Field Description Username Username for accessing the SCP server that saves the configuration archives Location Absolute path of the direct...

Страница 197: ...e command displays the running configuration for all interfaces of this type all Displays all configuration information If you do not specify this keyword this command displays only non default config...

Страница 198: ...isplay current configuration diff Views Any view Predefined user roles network admin network operator Usage guidelines This command searches for the next startup configuration in the following order 1...

Страница 199: ...he linenumber2 argument represents the start line of the section The number2 argument represents the number of lines between the start line and the end line of the section cmd1 cmd2 cmd3 cmd4 Displays...

Страница 200: ...s the target configuration file for comparison current configuration Specifies the running configuration In the display diff current configuration command this keyword specifies the source configurati...

Страница 201: ...display diff current configuration startup configuration Current configuration Startup configuration 5 7 5 7 sysname Sysname alias dhc display history command alias dh display hotkey system working mo...

Страница 202: ...file is available this command displays the contents of the backup file 3 If both the main and backup startup configuration files are not available this command does not display anything Examples Dis...

Страница 203: ...able 3 Command output Field Description MainBoard Displays the startup configuration files on the master device Current startup saved configuration file Configuration file that the device has started...

Страница 204: ...defined user roles network admin Parameters backup Specifies the backup next startup configuration file main Specifies the main next startup configuration file Usage guidelines CAUTION By default this...

Страница 205: ...cters include letters digits hyphens underscores _ and dots src filename Specifies the name of the configuration file to be downloaded The file must be a cfg file The file name is a case insensitive s...

Страница 206: ...elated commands backup startup configuration save Use save file url all slot slot number to save the running configuration to a configuration file without specifying the file as a next startup configu...

Страница 207: ...s not exist the system creates the file before saving the configuration If the file already exists the system prompts you to confirm whether to overwrite the file If you choose to not overwrite the fi...

Страница 208: ...ide next startup configuration file operations Syntax standby auto update config undo standby auto update config Default Next startup configuration file operations are automatically synchronized acros...

Страница 209: ...up configuration files are specified Views User view Predefined user roles network admin Parameters cfgfile Specifies the path of a configuration file a string of up to 255 characters The file must be...

Страница 210: ...d configuration command changes the file attribute of the main and backup next startup configuration files to NULL However the command does not delete the two configuration files You can also specify...

Страница 211: ...ware upgrade commands 1 boot loader file 1 boot loader update 3 bootrom update 4 display boot loader 5 display install active 6 display install committed 8 install activate 9 install commit 10 install...

Страница 212: ...system location section if any the value string can have a maximum of 63 characters For more information about specifying a file see Fundamentals Configuration Guide ipe filename Specifies an ipe ima...

Страница 213: ...bin Done Decompressing file feature bin to flash feature bin Done Verifying the file flash boot bin on slot 1 Done Verifying the file flash system bin on slot 1 Done Verifying the file flash feature...

Страница 214: ...t 2 The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 3 Decompression completed Do you want to delete flash all ipe now Y N n Rel...

Страница 215: ...Y N y Updating Please wait Verifying the file flash boot bin on slot 1 Done Verifying the file flash system bin on slot 1 Done Copying main startup software images to slot 2 Please wait Done Setting c...

Страница 216: ...tinue Y N y Now updating the Boot ROM please wait Done Related commands boot loader file display boot loader Use display boot loader to display current software images and startup software images Synt...

Страница 217: ...ifies an IRF member device by its member ID If you do not specify an IRF member device this command displays information for all IRF member devices verbose Displays detailed information If you do not...

Страница 218: ...kage Table 2 Command output Field Description Package Detailed information about the software image Service name Image type boot Boot image boot patch Boot image patch system System image system patch...

Страница 219: ...image changes to take effect after a reboot you must execute the install commit command to update the main startup image list with the image changes You can use the display install committed command t...

Страница 220: ...l activate Use install activate to activate feature or patch images Syntax install activate feature filename 1 30 slot slot number install activate patch filename all slot slot number Views User view...

Страница 221: ...Sysname install activate system patch bin slot 1 Related commands display install active install commit install deactivate install commit Use install commit to commit software changes Syntax install...

Страница 222: ...stored in the root directory of a file system on the device Excluding the file system location section if any the value string can have a maximum of 63 characters For more information about specifying...

Страница 223: ...t status 24 display power 25 display scheduler job 26 display scheduler logfile 26 display scheduler reboot 27 display scheduler schedule 28 display system stable state 29 display transceiver alarm 30...

Страница 224: ...50 scheduler reboot delay 51 scheduler schedule 52 shutdown interval 53 sysname 53 transceiver monitor enable 54 transceiver monitor interval 55 temperature limit 55 time at 56 time once 57 time repe...

Страница 225: ...eyword loop Issues an alarm when a loop is detected on the device To monitor this type of alarm you must enable loop detection For more information about loop detection see Layer 2 LAN Switching Confi...

Страница 226: ...Sysname alarm port slot 1 to 3 event cpu usage port out 1 Related commands alarm port in alarm port out alarm port in Use alarm port in to specify the alarm signal type used by the alarm input port t...

Страница 227: ...igh level signal to indicate an alarm Views System view Predefined user roles network admin Parameters high Uses the high level signal to indicate an alarm low Uses the low level signal to indicate an...

Страница 228: ...se period to restore the default Syntax alarm port slot slot number1 to slot number2 pulse period pulse period value undo alarm port slot slot number1 to slot number2 pulse period Default The pulse pe...

Страница 229: ...or example scheduled tasks and collaborative operations of the device with other devices for example log reporting and statistics collection Before executing this command make sure you fully understan...

Страница 230: ...he locally set system time or obtain the UTC time from a time source on the network and calculate the system time If you execute the clock protocol none command the device uses the locally set system...

Страница 231: ...d If the seconds segment is 0 hh mm 00 you can omit it If both the minutes and seconds segments are 0 hh 00 00 you can omit both of the segments For example to specify 08 00 00 you can enter 8 end dat...

Страница 232: ...an offset to the UTC time in the hh mm ss format The value range for hh is 0 to 23 The value range for mm is 0 to 59 The value range for ss is 0 to 59 The leading zero in a segment can be omitted If...

Страница 233: ...pecify the ID of an existing command for another command the existing command is replaced Make sure all commands in a schedule are compliant to the command syntax The system does not examine the synta...

Страница 234: ...enable Default Copyright statement display is enabled Views System view Predefined user roles network admin Examples Enable copyright statement display Sysname system view Sysname copyright info enabl...

Страница 235: ...specified Sysname display clock 15 11 00 211 Z5 Fri 03 16 2015 Time Zone Z5 add 05 00 00 Summer Time PDT 06 00 00 08 01 06 00 00 09 01 01 00 00 Related commands clock datetime clock timezone clock sum...

Страница 236: ...Slot 1 CPU 0 CPU usage 1 in last 5 seconds 1 in last 1 minute 1 in last 5 minutes Display the current CPU usage statistics in table form Sysname display cpu usage Slot CPU Last 5 sec Last 1 min Last...

Страница 237: ...CPU usage alarm threshold Current minor alarm threshold is xxx Minor CPU usage alarm threshold Current recovery threshold is xxx CPU usage recovery threshold Related commands monitor cpu usage enable...

Страница 238: ...mples in a coordinate system as follows The vertical axis represents the CPU usage If a statistic is not a multiple of the usage step it is rounded up or down to the closest multiple of the usage step...

Страница 239: ...flash Displays flash memory information usb Displays USB interface information slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command disp...

Страница 240: ...ot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this com...

Страница 241: ...erating information for the Layer 3 features service Specifies operating information for Layer 4 and upper layer features key info Displays or saves only critical operating information The device migh...

Страница 242: ...shes colons asterisks question marks less than signs greater than signs pipeline signs and quotation marks For example device name A B will change to A_B in the file name as in flash diag_A_B_20160101...

Страница 243: ...ssage type Syslog Table 5 Command output Field Description IPv4 address IPv4 address of the poweroff alarm destination host IPv6 address IPv6 address of the poweroff alarm destination host VPN instanc...

Страница 244: ...1 hotspot 3 33 0 100 110 NA 1 hotspot 4 33 0 100 110 NA 1 hotspot 5 38 0 100 110 NA 1 hotspot 6 36 0 100 110 NA 1 hotspot 7 35 0 100 110 NA 1 hotspot 8 42 0 100 110 NA Table 6 Command output Field De...

Страница 245: ...id Specifies a fan tray by its ID If you do not specify a fan tray this command displays operating status information for all fan trays at the specified position Examples Display the operating states...

Страница 246: ...1316 76332 41 0 Table 8 Command output Field Description Mem Memory usage information Total Total size of the physical memory space that can be allocated The memory space is virtually divided into two...

Страница 247: ...guidelines For more information about memory usage notifications see log information containing MEM_EXCEED_THRESHOLD or MEM_BELOW_THRESHOLD Examples Display memory alarm thresholds and statistics Sysn...

Страница 248: ...on the E552C X PS F switch Syntax display output power port status slot slot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF mem...

Страница 249: ...rator Parameters slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays power supply information for all member devices power id S...

Страница 250: ...fined user roles network admin network operator Parameters job name Specifies a job by its name a case sensitive string of 1 to 47 characters If you do not specify a job this command displays configur...

Страница 251: ...1 0 3 Sysname if range shutdown Table 11 Command output Field Description Logfile Size Size of the log file in bytes Schedule name Schedule to which the job belongs Execution time Time when the job w...

Страница 252: ...heduler schedule Schedule name shutdown Schedule type Run once after 0 hours 2 minutes Start time Tue Dec 27 10 44 42 2015 Last execution time Tue Dec 27 10 44 42 2015 Last completion time Tue Dec 27...

Страница 253: ...m stable state Views Any view Predefined user roles network admin network operator Usage guidelines Before performing a switchover execute this command multiple times to identify whether the system is...

Страница 254: ...vice kernel is being initialized Service starting Services are starting on the member device Service stopping Services are stopping on the member device HA Batch backup An HA batch backup is going on...

Страница 255: ...e display transceiver alarm interface gigabitethernet 1 0 1 GigabitEthernet1 0 1 transceiver current alarm information RX loss of signal RX power low Table 15 Command output Field Description transcei...

Страница 256: ...01 1 01 30 00 0 00 Table 16 Command output Field Description transceiver diagnostic information Digital diagnosis information for the transceiver module in the interface Temp C Temperature in C accura...

Страница 257: ...nd number If no interface is specified this command displays electronic label information for all transceiver modules Examples Display electronic label information for the transceiver module in interf...

Страница 258: ...vice management handshake failure SlaveSwitch reboot The reboot was caused by a master subordinate switchover IRF Merge reboot The reboot was caused by an IRF merge Auto Update reboot The reboot was c...

Страница 259: ...snmp trap version v1 v2c securityname security string dying gasp host ip address ipv6 ipv6 address vpn instance vpn instance name syslog undo dying gasp host ip address ipv6 ipv6 address vpn instance...

Страница 260: ...splay dying gasp host dying gasp source dying gasp source Use dying gasp source to specify the source interface for sending the poweroff alarm Use undo dying gasp source to restore the default Syntax...

Страница 261: ...meters legal Configures the banner to be displayed before a user inputs the username and password to access the CLI login Configures the banner to be displayed before password or scheme authentication...

Страница 262: ...ssign job save job to schedule saveconfig Sysname system view Sysname scheduler schedule saveconfig Sysname schedule saveconfig job save job Related commands scheduler job scheduler schedule memory th...

Страница 263: ...ice this command sets free memory thresholds for the master device cpu cpu number Specifies a CPU by its number Usage guidelines To ensure correct operation and improve memory efficiency the system mo...

Страница 264: ...shold in percentage The value range is 0 to 100 Usage guidelines The device samples memory usage at 1 minute intervals If the sample is greater than the memory usage threshold the device sends a trap...

Страница 265: ...e monitoring Use undo monitor cpu usage interval to restore default settings Syntax monitor cpu usage interval interval slot slot number cpu cpu number undo monitor cpu usage interval slot slot number...

Страница 266: ...ifies the severe CPU usage alarm threshold in percentage The value range for this argument is 2 to 100 minor threshold minor threshold Specifies the minor CPU usage alarm threshold in percentage The v...

Страница 267: ...ange of 10 to 3600 slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command sets alarm resending intervals for the master device cpu cpu numb...

Страница 268: ...s in the range of 1 to 48 severe interval severe interval Specifies the severe alarm resending interval in hours in the range of 1 to 48 slot slot number Specifies an IRF member device by its member I...

Страница 269: ...t slot number port port number Default Power supply is enabled on a power supply port Views System view Predefined user roles network admin Parameters port port number Specifies a power supply port by...

Страница 270: ...rce Views User view Predefined user roles network admin Parameters slot slot number Specifies an IRF member device by its member ID If you do not specify an IRF member device the command reboots all I...

Страница 271: ...configuration file please wait DONE Current configuration will be lost after the reboot save current configuration Y N y Please input the file name cfg flash startup cfg To leave the existing filenam...

Страница 272: ...tore factory default Views User view Predefined user roles network admin Usage guidelines CAUTION This command restores the device to the factory default settings Use this command with caution This co...

Страница 273: ...string of 1 to 47 characters Usage guidelines A job can be referenced by multiple schedules In job view you can assign commands to the job Examples Create a job named backupconfig and enter job view S...

Страница 274: ...o scheduler reboot Default No reboot date or time is specified Views User view Predefined user roles network admin Parameters time Specifies the reboot time in the hh mm format The value range for hh...

Страница 275: ...Predefined user roles network admin Parameters time Specifies the reboot delay time in the hh mm or mm format This argument can contain up to six characters When in the hh mm format mm must be in the...

Страница 276: ...mand or a set of commands without administrative interference To configure a schedule 1 Use the scheduler job command to create a job and enter job view 2 Use the command command to assign commands to...

Страница 277: ...o the port status reflects the port s physical status If you change the timer setting during port detection the device compares the new setting T1 with the time that elapsed since the port was shut do...

Страница 278: ...transceiver monitoring Use undo transceiver monitor enable to restore the default Syntax transceiver monitor enable undo transceiver monitor enable Default Transceiver monitoring is disabled Views Sy...

Страница 279: ...tput power of transceiver modules If a sampled value reaches the alarm threshold the device generates a log entry to notify users This command takes effect only when the transceiver monitor enable com...

Страница 280: ...question mark in the place of this argument alarmlimit Specifies the high temperature alarming threshold in Celsius degrees This threshold must be greater than the warning threshold To view the value...

Страница 281: ...me at 1 1 2015 05 11 Related commands scheduler schedule time once Use time once to specify one or more execution days and the execution time for a non periodic schedule Use undo time to delete the ex...

Страница 282: ...Sysname schedule saveconfig time once at 15 00 Schedule starts at 15 00 5 11 2011 Configure the device to execute schedule saveconfig once at 15 00 on the coming 15th day in a month Sysname system vi...

Страница 283: ...ek day week day 1 7 Specifies a space separated list of up to seven week days for the schedule Valid week day values include Mon Tue Wed Thu Fri Sat and Sun Usage guidelines The time repeating at time...

Страница 284: ...les network admin Parameters role name Specifies a user role name a case sensitive string of 1 to 63 characters The user role can be user defined or predefined Predefined user roles include network ad...

Страница 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...

Страница 286: ...and that conflicts with a Tcl command in Tcl configuration view 1 Execute a Comware command in Tcl configuration view The output shows that the Comware command cannot be executed because it conflicts...

Страница 287: ...w Sysname tcl tclquit Sysname Related commands tclsh tclsh Use tclsh to enter Tcl configuration view from user view Syntax tclsh Views User view Predefined user roles network admin Usage guidelines In...

Страница 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...

Страница 289: ...les Exit the Python shell Python 2 7 3 default GCC 4 4 1 on linux2 Type help copyright credits or license for more information exit Sysname python Use python to enter the Python shell Syntax python Vi...

Страница 290: ...ion py is case insensitive param Specifies the parameters to be passed to the script To enter multiple parameters use spaces as the delimiter Usage guidelines You cannot perform any operations while y...

Страница 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...

Страница 292: ...onfiguration Syntax autodeploy udisk enable undo autodeploy udisk enable Default USB based automatic configuration is enabled Views System view Predefined user roles network admin Usage guidelines Thi...

Страница 293: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series Virtual Technologies Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 294: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 295: ...Italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax...

Страница 296: ...Network topology icons Convention Description Represents a generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents...

Страница 297: ...ardware model configuration or software version It is normal that the port numbers sample output screenshots and other information in the examples differ from what you have on your device Documentatio...

Страница 298: ...update enable 10 irf domain 10 irf link delay 11 irf mac address persistent 12 irf member description 13 irf member priority 13 irf member renumber 14 irf port 15 irf port configuration active 16 mad...

Страница 299: ...the master indicates the device through which the user logs in The Bridge MAC of the IRF is 00e0 fc00 1000 Auto upgrade yes Mac persistent always Domain ID 30 Table 1 Command output Field Description...

Страница 300: ...s no Bridge MAC address of the current master replaces the original bridge MAC address as soon as the owner of the original address leaves Domain ID Domain ID of the IRF fabric The domain ID you assig...

Страница 301: ...IRF port Related commands display irf display irf topology display irf link Use display irf link to display IRF link information Syntax display irf link Views Any view Predefined user roles network ad...

Страница 302: ...ogy to display IRF fabric topology information Syntax display irf topology Views Any view Predefined user roles network admin network operator Examples Display the IRF fabric topology Sysname display...

Страница 303: ...IRF port This field displays three hyphens if no device is connected to the port Belong To IRF fabric that has the device represented by the CPU MAC address of the master in the IRF fabric Related co...

Страница 304: ...192 168 1 2 24 1 Normal Table 5 Command output Field Description MAD ARP disabled Status of ARP MAD This field displays MAD ARP enabled if ARP MAD is enabled MAD ND disabled Status of ND MAD This fiel...

Страница 305: ...operating correctly Faulty LACP MAD is not operating correctly Verify the following items Verify that the ports on LACP MAD links are up Verify that the intermediate device supports extended LACPDUs V...

Страница 306: ...erface can be bound to only one IRF port The interface list2 argument represents a space separated list of up to eight interface items Each interface item specifies one interface in the interface type...

Страница 307: ...succeeded The device will reboot for the new member ID to take effect Continue Y N y Bulk configure basic IRF settings by using the interactive method Change the member ID from 2 to 3 set the domain I...

Страница 308: ...ommand automatically propagates the current software images of the master device in the IRF fabric to any devices you are adding to the IRF fabric To ensure a successful software update verify that th...

Страница 309: ...the two IRF fabrics different domain IDs for correct split detection False detection causes IRF split An IRF fabric has only one IRF domain ID You can change the IRF domain ID by using the following c...

Страница 310: ...the IRF fabric within the time limit the IRF bridge MAC address does not change If the owner does not rejoin the IRF fabric within the time limit the IRF fabric uses the bridge MAC address of the cur...

Страница 311: ...description to restore the default Syntax irf member member id description text undo irf member member id description Default No description is configured for an IRF member device Views System view Pr...

Страница 312: ...irf member member id renumber Default The IRF member ID is 1 Views System view Predefined user roles network admin Parameters member id Specifies the ID of an IRF member The value range for IRF member...

Страница 313: ...he irf member 1 renumber 2 command the device member ID changes to 2 at system reboot Using undo irf member 1 renumber cannot restore the member ID to 1 You must use the irf member 2 renumber 1 comman...

Страница 314: ...en gigabitethernet 1 0 51 Sysname Ten GigabitEthernet1 0 51 shutdown Sysname Ten GigabitEthernet1 0 51 quit Sysname irf port 1 2 Sysname irf port1 2 port group interface ten gigabitethernet 1 0 51 You...

Страница 315: ...for any other purposes ARP MAD and feature configuration If an intermediate device is used make sure the following requirements are met Run the spanning tree feature between the IRF fabric and the int...

Страница 316: ...ow these guidelines Category Restrictions and guidelines BFD MAD VLAN Do not enable BFD MAD on VLAN interface 1 If you are using an intermediate device perform the following tasks On the IRF fabric an...

Страница 317: ...terface3 mad bfd enable mad enable Use mad enable to enable LACP MAD Use undo mad enable to disable LACP MAD Syntax mad enable undo mad enable Default LACP MAD is disabled Views Aggregate interface vi...

Страница 318: ...collision Syntax mad exclude interface interface type interface number undo mad exclude interface interface type interface number Default Except for the network interfaces automatically excluded by th...

Страница 319: ...subnet mask in decimal dotted notation mask length Specifies a subnet mask in length in the range of 0 to 32 member member id Specifies the ID of an IRF member Usage guidelines To use BFD MAD configur...

Страница 320: ...not configure ND MAD together with LACP MAD or BFD MAD because they handle collisions differently When you configure ND MAD on a VLAN interface follow these restrictions and guidelines Category Restr...

Страница 321: ...change the IRF domain ID by using the following commands irf domain mad enable mad arp enable or mad nd enable The IRF domain IDs configured by using these commands overwrite each other Examples Enabl...

Страница 322: ...ter you remove the binding Execute this command multiple times to bind multiple physical interfaces to an IRF port You can bind a maximum of eight physical interfaces to an IRF port However you might...

Страница 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...

Страница 324: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series Layer 2 LAN Switching Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 325: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 326: ...aces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which yo...

Страница 327: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 328: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 329: ...jumboframe enable 29 link delay 30 link flap protect enable 31 loopback 32 multicast suppression 32 port auto power down 33 port ifmonitor crc error 34 port ifmonitor input error 35 port ifmonitor ou...

Страница 330: ...ge guidelines The expected bandwidth is an informational parameter used only by higher layer protocols for calculation You cannot adjust the actual bandwidth of an interface by using this command Exam...

Страница 331: ...n a port The broadcast suppression command uses the chip to physically suppress broadcast traffic It has less influence on the device performance than the storm constrain command which uses software t...

Страница 332: ...ly disabled You can select to activate the copper combo port or fiber combo port This command is available only on devices that support combo interfaces If you execute the combo enable auto command on...

Страница 333: ...nes When configuring the dampening command follow these rules to set the values mentioned above The ceiling is equal to 2 Max suppress time Decay reuse limits It is not user configurable The configure...

Страница 334: ...his command when you use it in a live network This command might fail to restore the default settings for some commands because of command dependencies or system restrictions You can use the display t...

Страница 335: ...mber Views Any view Predefined user roles network admin network operator Parameters inbound Displays inbound traffic statistics outbound Displays outbound traffic statistics interface type Specifies a...

Страница 336: ...the following conditions exist The data length of an Err field value is greater than 7 decimal digits The data length of a non Err field value is greater than 14 decimal digits Not supported The stati...

Страница 337: ...pported Table 2 Command output Field Description Interface Abbreviated interface name Usage Bandwidth usage in percentage of the interface for the last statistics polling interval Total pps Average re...

Страница 338: ...0 ErrEncap 0 ErrTagVLAN 0 IfShut 0 IfErr 0 Table 3 Output description Field Description ETH receive packet statistics Statistics about the Ethernet packets received by the Ethernet module Totalnum Tot...

Страница 339: ...ut of Layer 3 Ethernet interfaces This field is not supported in the current software version VLANOutNum Number of packets sent out of VLAN interfaces FastOutNum Number of packets fast forwarded L2Out...

Страница 340: ...n interface type this command displays information about all interfaces If you specify an interface type but do not specify an interface number this command displays information about all interfaces o...

Страница 341: ...deferred 0 collisions 0 late collisions 0 lost carrier 0 no carrier Table 4 Command output Field Description Current state Physical link state of the interface Administratively DOWN The interface has...

Страница 342: ...n the interface This field depends on your configuration Loopback is set external An external loopback test is running on the interface This field depends on your configuration Loopback is not set No...

Страница 343: ...reshold in ratio pps or kbps The unit of the threshold depends on your configuration PVID Port VLAN ID PVID of the interface MDI type MDIX mode of the interface automdix mdi mdix Port link type Link t...

Страница 344: ...erface All inbound normal packets abnormal packets and normal pause frames were counted The four fields on the second line represent Number of inbound unicast packets Number of inbound broadcasts Numb...

Страница 345: ...ntrol frames Length error frames Frames whose 802 3 length fields did not match the actual frame length 46 to 1500 bytes ignored Number of inbound frames dropped because the receiving buffer of the po...

Страница 346: ...ct the carrier when attempting to send frames This counter increases by one when a port failed to detect the carrier and applies to serial WAN interfaces Peak input rate Peak rate of inbound traffic i...

Страница 347: ...been shut down by using the shutdown command To restore the physical state of the interface use the undo shutdown command Stby The interface is a backup interface in standby state Protocol Data link...

Страница 348: ...down The loopback detection module has detected loops DOWN Monitor Link uplink down The monitor link module has detected that the uplink is down MAD ShutDown The interface is on an IRF fabric placed b...

Страница 349: ...ame Link Physical link state of the interface UP The interface is physically up DOWN The interface is physically down ADM The interface has been shut down by using the shutdown command To restore the...

Страница 350: ...Parameters interface type Specifies an interface type If you do not specify an interface type the command displays information about link flapping protection on all interfaces interface number Specif...

Страница 351: ...lt Syntax duplex auto full half undo duplex Default An Ethernet interface operates in autonegotiation mode Views Ethernet interface view Predefined user roles network admin Parameters auto Configures...

Страница 352: ...When a packet arrives later the interface restores to the normal state Examples Enable EEE on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet...

Страница 353: ...interface view Predefined user roles network admin Usage guidelines With Rx mode flow control enabled an interface can receive but cannot send flow control frames When the interface receives a flow c...

Страница 354: ...terface view takes priority As a best practice use the default setting when you set the statistics polling interval in system view A short statistics polling interval might decrease the system perform...

Страница 355: ...exceeding alarm and enters the alarm state When the number of incoming CRC error packets on an interface in the alarm state within the specified interval drops below the lower threshold the interface...

Страница 356: ...he number of input error packets on an interface in normal state within the specified interval exceeds the upper threshold the interface generates an upper threshold exceeding alarm and enters the ala...

Страница 357: ...hreshold on the interface slot slot number Specifies an IRF member device by its member ID Usage guidelines With the output error packet alarm function enabled when the number of output error packets...

Страница 358: ...pass through Use undo jumboframe enable to prevent jumbo frames from passing through Use undo jumboframe enable size to restore the default Syntax jumboframe enable size undo jumboframe enable size De...

Страница 359: ...uppressed If you do not specify the msec keyword the value range is 0 to 30 seconds If you specify the msec keyword the value range is 0 to 10000 milliseconds and the value must be a multiple of 100 U...

Страница 360: ...tect enable undo link flap protect enable Default Link flapping protection is disabled globally Views System view Predefined user roles network admin Usage guidelines Link flapping on any interface ch...

Страница 361: ...faces manually brought down displayed as in ADM or Administratively DOWN state The speed duplex and shutdown commands cannot be configured on an Ethernet interface in a loopback test The shutdown port...

Страница 362: ...uses the chip to physically suppress multicast traffic It has less influence on the device performance than the storm constrain command which uses software to suppress multicast traffic For the traff...

Страница 363: ...he power save mode The time period depends on the chip specifications and is not configurable When the interface comes up both of the following events occur The device automatically restores the power...

Страница 364: ...n normal state within the specified interval exceeds the upper threshold the interface generates an upper threshold exceeding alarm and enters the alarm state When the number of incoming CRC error pac...

Страница 365: ...ror packet alarm function enabled when the number of input error packets on an interface in normal state within the specified interval exceeds the upper threshold the interface generates an upper thre...

Страница 366: ...s generated and the interface enters the alarm state when the number of output error packets exceeds the upper threshold on the interface Usage guidelines With the output error packet alarm function e...

Страница 367: ...ct only when it is enabled in both system view and interface view If you do not specify the interval interval or threshold threshold option when you execute the port link flap protect enable command t...

Страница 368: ...the port to forward packets unidirectionally over a single link In this way transmission links are well utilized Copper ports and combo interfaces do not support this command The shutdown port up mode...

Страница 369: ...et counters interface gigabitethernet 1 0 1 Related commands display counters interface display counters rate interface display interface reset ethernet statistics Use reset ethernet statistics to cle...

Страница 370: ...nd loopback commands are mutually exclusive Examples Shut down and then bring up GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 shutdown...

Страница 371: ...face speed to 100 Mbps 1000 Sets the interface speed to 1000 Mbps 2000 Sets the interface speed to 2000 Mbps 2500 Sets the interface speed to 2500 Mbps 5000 Sets the interface speed to 5000 Mbps 10000...

Страница 372: ...mand or configure the port to autonegotiate the speed as 1000 Mbps by using the speed auto command Examples Configure GigabitEthernet 1 0 1 to autonegotiate the speed Sysname system view Sysname inter...

Страница 373: ...e limits the size of unknown unicast traffic to a threshold on an interface When the unknown unicast traffic on the interface exceeds this threshold the system discards packets until the unknown unica...

Страница 374: ...ast storm control settings and statistics multicast Displays multicast storm control settings and statistics unicast Displays unknown unicast storm control settings and statistics interface interface...

Страница 375: ...on is configured Status Packet forwarding status FW The port is forwarding traffic correctly shutdown The port has been shut down block The port drops the type of traffic Trap Status of the storm cont...

Страница 376: ...le to disable bridging on an Ethernet interface Syntax port bridge enable undo port bridge enable Default Bridging is disabled on an Ethernet interface Views Layer 2 Ethernet interface view Predefined...

Страница 377: ...o 100 Mbps If you configure speed 100 and then speed auto 100 1000 on the interface the interface negotiates with its peer for a speed The negotiated speed is either 100 Mbps or 1000 Mbps Speed autone...

Страница 378: ...t argument is 0 to 100 lowerlimit Sets the lower threshold in pps kbps or percentage If you specify the pps keyword the value range for the lowerlimit argument is 0 to 1 4881 the interface bandwidth I...

Страница 379: ...strain interval storm constrain control Use storm constrain control to set the action to take on an Ethernet interface when a type of traffic unknown unicast multicast or broadcast exceeds the upper s...

Страница 380: ...enable log undo storm constrain enable log Default An Ethernet interface outputs log messages when monitored traffic exceeds the upper threshold or drops below the lower threshold from a value above t...

Страница 381: ...default Syntax storm constrain interval interval undo storm constrain interval Default The storm control module polls traffic statistics every 10 seconds Views System view Predefined user roles networ...

Страница 382: ...ble a hyphen is displayed Examples Test the cable connection of GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 virtual cable test Cable...

Страница 383: ...ion Pair x state Cable pair state OK The cable pair is in good condition Abnormal The cable pair is abnormal Abnormal open An open circuit is detected Abnormal short A short circuit is detected Invali...

Страница 384: ...ommands 1 bandwidth 1 default 1 description 2 display interface inloopback 3 display interface loopback 5 display interface null 7 interface loopback 9 interface null 9 reset counters interface loopba...

Страница 385: ...es the expected bandwidth in the range of 1 to 400000000 kbps Usage guidelines The expected bandwidth is an informational parameter used only by higher layer protocols for calculation You cannot adjus...

Страница 386: ...me system view Sysname interface loopback 1 Sysname LoopBack1 default description Use description to configure the description of an interface Use undo description to restore the default Syntax descri...

Страница 387: ...information about interfaces in down state and the causes If you do not specify this keyword the command displays information about interfaces in all states Usage guidelines The device has only one in...

Страница 388: ...c Average number of bits sent per second packets sec Average number of packets sent per second Input 0 packets 0 bytes 0 drops Total number and size in bytes of incoming packets of the interface and t...

Страница 389: ...t the command displays information about all existing loopback interfaces on the device brief Displays brief interface information If you do not specify this keyword the command displays detailed inte...

Страница 390: ...me when statistics on the logical interface were last cleared by using the reset counters interface command If the statistics of the interface have never been cleared by using the reset counters inter...

Страница 391: ...mmand Stby The interface is a backup interface in standby state Protocol Data link layer protocol state of the interface which is always UP s UP s represents that the data link layer protocol of the i...

Страница 392: ...ays information about the interface Null 0 regardless of whether you specify the 0 keyword Examples Display detailed information about Null 0 Sysname display interface null 0 NULL0 Current state UP Li...

Страница 393: ...e and link layer protocols of a loopback interface are always up unless the loopback interface is manually shut down You can use a loopback interface to achieve the following purposes Prevent the conn...

Страница 394: ...terfaces If you specify the loopback keyword but do not specify the interface number argument the command clears the statistics on all loopback interfaces Usage guidelines To determine whether a loopb...

Страница 395: ...tatistics Examples Clear the statistics on Null 0 Sysname reset counters interface null 0 Related commands display interface null shutdown Use shutdown to shut down a loopback interface Use undo shutd...

Страница 396: ...i Contents Bulk interface configuration commands 1 display interface range 1 interface range 1 interface range name 3...

Страница 397: ...the interface range name command Sysname display interface range Interface range name t2 GigabitEthernet1 0 1 GigabitEthernet1 0 2 Interface range name test GigabitEthernet1 0 3 GigabitEthernet1 0 4...

Страница 398: ...system view It means that The command is supported in both system view and interface view The execution failed on a member interface in interface range view and succeeded in system view The command i...

Страница 399: ...e commands supported by the first interface in the specified interface list alphabetically sorted are available for configuration To view available commands enter a question mark in interface range vi...

Страница 400: ...mber interfaces to an interface range Some commands after being executed on both an aggregate interface and its member interfaces can break up the aggregation Understand that the more interfaces you s...

Страница 401: ...2 mac address mac move fast update 13 mac address mac roaming enable 14 mac address max mac count 15 mac address max mac count enable forwarding 15 mac address multicast source packet filter 16 mac ad...

Страница 402: ...umber blackhole Displays blackhole MAC address entries multiport Displays multiport unicast MAC address entries count Displays only the number of MAC address entries that match all entry attributes yo...

Страница 403: ...arned Dynamic MAC address entry Dynamic entries can be learned or manually configured Blackhole Blackhole MAC address entry Multiport Multiport unicast MAC address entry OpenFlow MAC address entry for...

Страница 404: ...ews Any view Predefined user roles network admin Usage guidelines Examples Display the hash bucket size for the MAC address table Sysname display mac address hash bucket size Hash bucket size in use 4...

Страница 405: ...C Address VLAN Port Count Timestamp 0001 0101 0101 100 GE1 0 1 1 2020 11 11 21 11 29 0000 0000 0002 100 GE1 0 3 1 2020 11 11 21 11 29 00e0 fc00 5829 100 GE1 0 4 1 2020 11 11 21 11 29 Table 3 Command o...

Страница 406: ...GE1 0 1 Enabled GE1 0 2 Enabled Table 4 Command output Field Description Global MAC address learning status Global MAC address learning status Enabled Disabled Learning Status MAC address learning st...

Страница 407: ...urce port Last time Times 0000 0001 002c 1 GE1 0 1 GE1 0 2 2013 05 20 13 40 52 20 0000 0001 002c 1 GE1 0 2 GE1 0 1 2013 05 20 13 41 32 20 0000 0094 0001 1 GE1 0 3 GE1 0 4 2013 05 20 13 42 22 13 0000 0...

Страница 408: ...gered by packets Dynamic Unicast Address Security service defined Count Number of dynamic unicast MAC address entries triggered by the security service Static Unicast Address User defined Count Number...

Страница 409: ...onfigure static MAC address entries For a MAC address a manually configured static entry takes precedence over a dynamically learned entry To improve the security for the user device connected to an i...

Страница 410: ...ress vlan vlan id undo mac address dynamic static interface interface type interface number undo mac address multiport mac address interface interface list vlan vlan id undo mac address multiport mac...

Страница 411: ...ckhole entries Multiport unicast entries To send frames with a specific destination MAC address out of multiple ports configure a multiport unicast entry When you execute this command for the first ti...

Страница 412: ...y through hashing MAC address hash conflicts occur and the device cannot learn some of these MAC addresses The device will broadcast the traffic destined for the unknown MAC addresses which consumes b...

Страница 413: ...ress learning You can use this feature to identify the MAC addresses that the device fails to learn because of hashing conflicts To display the log messages generated for MAC hashing conflicts execute...

Страница 414: ...ace For more information about broadcast storm suppression see Interface Configuration Guide With MAC address learning enabled globally you can disable MAC address learning for an interface or VLAN Af...

Страница 415: ...address mac roaming enable Default MAC address synchronization is disabled Views System view Predefined user roles network admin Usage guidelines On an IRF fabric if ports on different IRF member devi...

Страница 416: ...ace reaches the limit the interface stops learning MAC address entries Examples Configure GigabitEthernet 1 0 1 to learn a maximum of 600 MAC address entries Sysname system view Sysname interface giga...

Страница 417: ...mac address multicast source packet filter to enable filtering of frames sourced from a multicast or broadcast MAC address Use undo mac address multicast source packet filter to disable filtering of f...

Страница 418: ...er of MAC address moves within a detection interval A MAC address can have only one MAC address move record If a MAC address moves multiple times the new record overrides the old record Within a detec...

Страница 419: ...ts an interface down when a MAC address has been moved to or from the interface more than the suppression threshold within a MAC move detection interval The shutdown interface automatically goes up af...

Страница 420: ...al The value range for this argument is 0 to 1024 If you do not specify this option the default suppression threshold of 3 is used Usage guidelines For this command to take effect on an interface you...

Страница 421: ...t device performance Examples Set the aging time to 500 seconds for dynamic MAC address entries Sysname system view Sysname mac address timer aging 500 Related commands display mac address aging time...

Страница 422: ...onfiguration in the information center For information about SNMP and information center configuration see the network management and monitoring configuration guide for the device The MAC address tabl...

Страница 423: ...record MAC change information when an existing MAC address is deleted Usage guidelines Before you enable MAC Information on an interface enable MAC Information globally Examples Enable MAC Informatio...

Страница 424: ...rval Default The MAC change notification interval is 1 second Views System view Predefined user roles network admin Parameters interval Specifies the MAC change notification interval in the range of 1...

Страница 425: ...store the default Syntax mac address information queue length value undo mac address information queue length Default The MAC Information queue length is 50 Views System view Predefined user roles net...

Страница 426: ...ds syslog messages or SNMP notifications only if the MAC change notification interval expires Examples Set the MAC Information queue length to 600 Sysname system view Sysname mac address information q...

Страница 427: ...ort 16 lacp mode 17 lacp period short 17 lacp select speed 18 lacp system mac 19 lacp system number 19 lacp system priority 20 link aggregation bfd ipv4 21 link aggregation global load sharing mode 22...

Страница 428: ...ional parameter used only by higher layer protocols for calculation You cannot adjust the actual bandwidth of an interface by using this command Examples Set the expected bandwidth to 10000 kbps for L...

Страница 429: ...of an interface Use undo description to restore the default Syntax description text undo description Default The description of an interface is interface name Interface For example the default descri...

Страница 430: ...Examples Display detailed information about Layer 2 aggregate interface Bridge Aggregation 1 Sysname display interface bridge aggregation 1 Bridge Aggregation1 Current state UP Line protocol state UP...

Страница 431: ...physically up IP packet frame type IPv4 packet framing format Description Description of the interface Bandwidth Expected bandwidth of the interface This field is not displayed when the bandwidth is...

Страница 432: ...lex mode of the interface A Autonegotiation The interface is configured to autonegotiate its duplex mode but the autonegotiation has not started F Full duplex F a Autonegotiated full duplex H Half dup...

Страница 433: ...ggregation load sharing mode Use display link aggregation load sharing mode to display global or group specific link aggregation load sharing modes Syntax display link aggregation load sharing mode in...

Страница 434: ...egation load sharing mode Global link aggregation load sharing mode By default this field displays the link aggregation load sharing modes for Layer 2 and Layer 3 traffic If you have configured the gl...

Страница 435: ...in information about the peer group For such member ports the command displays the port number port priority and operational key of only the local end Examples Display detailed information about Gigab...

Страница 436: ...ey 1 Flag ACDEF Remote System ID 0x8000 a057 75a2 0100 Port Number 3 Port Priority 32768 Oper Key 1 Flag ACDEF Received LACP Packets 3 packet s Illegal 0 packet s Sent LACP Packets 6 packet s Table 4...

Страница 437: ...flag Remote Information about the peer end System ID Peer system ID containing the LACP system priority and the LACP system MAC address Received LACP Packets Total number of LACP packets received Ill...

Страница 438: ...ity and the local LACP system MAC address AGG Interface Type and number of the aggregate interface AGG Mode Aggregation group type Partner ID System ID of the peer system which contains the peer LACP...

Страница 439: ...g Port Status S Selected U Unselected I Individual Port A Auto port M Management port R Reference port Flags A LACP_Activity B LACP_Timeout C Aggregation D Synchronization E Collecting F Distributing...

Страница 440: ...not appear when its bit is 0 A Indicates whether LACP is active on the port 1 indicates active 0 indicates passive B Indicates the LACP timeout interval 1 indicates the short timeout interval 0 indic...

Страница 441: ...rt This field displays the R flag next to the port if its peer port is the reference port Priority Priority of the peer port Index Index of the peer port Oper Key Operational key of the peer port Syst...

Страница 442: ...mboframe enable size to restore the default Syntax jumboframe enable size undo jumboframe enable size Default An interface allows jumbo frames with a maximum length of 10240 bytes to pass through View...

Страница 443: ...default port selection action Sysname system view Sysname lacp default selected port disable lacp edge port Use lacp edge port to configure an aggregate interface as an edge aggregate interface Use u...

Страница 444: ...mber ports of dynamic aggregation groups When LACP is operating in passive mode on a local member port and its peer port both ports cannot send LACPDUs When LACP is operating in active mode on either...

Страница 445: ...tion When you use this command make sure you understand its impact on your network This command enables a dynamic aggregation group to select a high speed member port as the reference port You must ex...

Страница 446: ...this command takes effect only on aggregate interfaces in S MLAG groups Aggregate interfaces not in S MLAG groups do not use the configured LACP system MAC address to send LACPDUs To identify the LACP...

Страница 447: ...ber to 1 Sysname system view Sysname lacp system number 1 Related commands display link aggregation verbose lacp system priority Use lacp system priority to set the LACP system priority Use undo lacp...

Страница 448: ...ake effect on all BFD sessions established by the member ports in its aggregation group BFD on an aggregate link supports only control packet mode for session establishment and maintenance The two end...

Страница 449: ...estination MAC addresses destination port Distributes traffic based on destination ports ingress port Distributes traffic based on ingress ports source ip Distributes traffic based on source IP addres...

Страница 450: ...port is shut down by using the shutdown command The slot that hosts the port reboots and the aggregation group spans multiple slots NOTE The device does not redirect traffic to member ports that beco...

Страница 451: ...aring mode local first Default Local first load sharing is enabled for link aggregation Views System view Predefined user roles network admin Usage guidelines Use local first load sharing in a multide...

Страница 452: ...gregation port priority Use link aggregation port priority to set the port priority of an interface Use undo link aggregation port priority to restore the default Syntax link aggregation port priority...

Страница 453: ...for the local and peer ends For an aggregation group the maximum number of Selected ports must be equal to or higher than the minimum number of Selected ports The maximum number of Selected ports allo...

Страница 454: ...m percentage of Selected ports for an aggregation group aggregate interface flapping might occur when ports join or leave an aggregation group Make sure you are fully aware of the impacts of this sett...

Страница 455: ...the value range is 0 to 10000 milliseconds and the value must be a multiple of 100 Usage guidelines You can configure this feature to suppress link down events link up events or both If an event of t...

Страница 456: ...ts the attribute configurations on the aggregate interface You can modify the attribute configurations only on the aggregate interface The force keyword takes effect only when you assign the interface...

Страница 457: ...mode to an S MLAG group Each S MLAG group can contain only one aggregate interface on each device Examples Assign Bridge Aggregation 1 to S MLAG group 1 Sysname system view Sysname interface bridge a...

Страница 458: ...nterface interface list Views User view Predefined user roles network admin Parameters interface interface list Specifies a list of link aggregation member ports in the format interface type interface...

Страница 459: ...hed on an interface Make sure you are fully aware of the impacts of this command when you use it on a live network Examples Bring up Layer 2 aggregate interface Bridge Aggregation 1 Sysname system vie...

Страница 460: ...i Contents Port isolation commands 1 display port isolate group 1 port isolate enable 2 port isolate group 2...

Страница 461: ...splay port isolate group Port isolation group information Group ID 1 Group members GigabitEthernet1 0 1 Group ID 5 Group members GigabitEthernet1 0 2 GigabitEthernet1 0 4 Display information about iso...

Страница 462: ...onfiguration to the aggregate interface it does not assign any aggregation member port to the isolation group If the failure occurs on an aggregation member port the device skips the port and continue...

Страница 463: ...ps exist Views System view Predefined user roles network admin Parameters group id Specifies an isolation group by its ID The value range is 1 to 8 all Deletes all isolation groups Examples Create iso...

Страница 464: ...stp enable 29 stp global config digest snooping 30 stp global enable 30 stp global mcheck 31 stp ignore pvid inconsistency 32 stp log enable tc 33 stp loop protection 33 stp max hops 34 stp mcheck 34...

Страница 465: ...ii stp vlan enable 55 vlan mapping modulo 55...

Страница 466: ...iguration command or the stp global enable command As a best practice use the check region configuration command to determine whether the MST region configurations to be activated are correct Run this...

Страница 467: ...me MST region only when they are connected through a physical link and configured with the same details as follows Format selector 0 by default and not configurable MST region name MST region revision...

Страница 468: ...nstance id2 The value for instance id2 must be equal to or greater than the value for instance id1 The value range for the instance id argument is 0 to 4094 and the value 0 represents the CIST vlan vl...

Страница 469: ...MSTIs on all ports If you specify an MSTI list but not a port this command applies to all ports in the specified MSTIs If you specify a port list but not an MSTI this command applies to all MSTIs on...

Страница 470: ...Info Mode MSTP Bridge ID 32768 0001 0000 0000 Bridge times Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20 Root ID ERPC 32768 0001 0000 0000 0 RegRoot ID IRPC 32768 0001 0000 0000 0 RootPort ID 0 0 BPDU P...

Страница 471: ...s and statistics for all ports in all VLANs Sysname system view Sysname stp mode pvst Sysname display stp VLAN 1 Global Info Protocol status Enabled Bridge ID 32768 000f e200 2200 Bridge times Hello 2...

Страница 472: ...tree feature is disabled Sysname display stp Protocol status Disabled Protocol Std IEEE 802 1w pvst Version 2 Bridge Prio 32768 MAC address 3822 d69f 0800 Max age s 20 Forward delay s 15 Hello time s...

Страница 473: ...rt cost Legacy Path cost of the port The field in parentheses indicates the standard legacy dot1d 1998 or dot1t used for port path cost calculation Config Configured value Active Actual value Desg bri...

Страница 474: ...U received Statistics on received BPDUs RegRoot ID IRPC MSTI regional root internal path cost Root Type MSTI root type Primary root Secondary root Master bridge MSTI root bridge ID Cost to master Path...

Страница 475: ...ected 14 39 00 04 15 2016 In PVST mode display history about ports that are blocked by spanning tree protection features GigabitEthernet1 0 1 VLAN ID BlockReason Time 1 Root Protected 14 49 17 04 15 2...

Страница 476: ...the CIST Usage guidelines In MSTP mode the command output is sorted by port name and by MSTI ID on each port If you do not specify an MSTI or port this command applies to all MSTIs on all ports If yo...

Страница 477: ...interface gigabitethernet 1 0 1 Port GigabitEthernet1 0 1 Type Count Last Updated Invalid BPDUs 0 Looped back BPDUs 0 Max aged BPDUs 0 TCN sent 0 TCN received 0 TCA sent 0 TCA received 2 10 33 12 01...

Страница 478: ...Instance Statistics for a specific MSTI Timeout BPDUs Number of expired BPDUs Max hoped BPDUs Number of BPDUs whose maximum hops were exceeded TC detected Number of detected topology changes TC sent N...

Страница 479: ...arated list of up to 10 VLAN items Each item specifies a VLAN or a range of VLANs in the form of vlan id1 to vlan id2 The value for vlan id2 must be equal to or greater than the value for vlan id1 The...

Страница 480: ...ty 0 00e0 fc01 6510 0 0 00e0 fc01 6510 128 2 Table 7 Command output Field Description Port Port name Role change Role change of the port Aged means that the change was caused by expiration of the rece...

Страница 481: ...Predefined user roles network admin network operator Examples In MSTP mode display effective MST region configuration Sysname display stp region configuration Oper Configuration Format selector 0 Regi...

Страница 482: ...tPathCost Root Port 1 0 00e0 fc0e 6554 200200 0 GigabitEthernet1 0 1 Table 9 Command output Field Description ExtPathCost External path cost The path cost of a port is either automatically calculated...

Страница 483: ...In PVST mode the command output is sorted by VLAN ID and by port name in each VLAN If you do not specify a VLAN this command applies to all VLANs If you specify a VLAN list this command applies to th...

Страница 484: ...the vlan id argument is 1 to 4094 Usage guidelines CAUTION Use caution with global Digest Snooping in the following situations When you modify the VLAN to instance mappings When you restore the defau...

Страница 485: ...T region name the VLAN to instance mapping table and the MSTP revision level of a device determine the device s MST region After configuring this command execute the active region configuration comman...

Страница 486: ...abitethernet 1 0 1 to gigabitethernet 1 0 3 Related commands display stp revision level Use revision level to configure the MSTP revision level Use undo revision level to restore the default MSTP revi...

Страница 487: ...y changes In PVST mode SNMP notifications are disabled for spanning tree topology changes in all VLANs Views System view Predefined user roles network admin Parameters new root Enables the device to s...

Страница 488: ...formation about this command see device management commands in Fundamentals Command Reference The global BPDU guard setting takes effect on all edge ports configured by using the stp edged port comman...

Страница 489: ...timers are related to the network size and you can set the timers by setting the network diameter With the network diameter set to 7 the default the three timers are also set to their defaults In STP...

Страница 490: ...net interface view it takes effect only on that interface If this command is configured in Layer 2 aggregate interface view it takes effect only on the aggregate interface If this command is configure...

Страница 491: ...itEthernet1 0 1 quit Sysname stp global config digest snooping Related commands display stp stp global config digest snooping stp cost Use stp cost to set the path cost of a port Use undo stp cost to...

Страница 492: ...system calculates the role of the port and initiates a state transition If this command is configured in Layer 2 Ethernet interface view it takes effect only on that interface If this command is conf...

Страница 493: ...t Use stp edged port to configure a port as an edge port Use undo stp edged port to restore the default Syntax stp edged port undo stp edged port Default All ports are non edge ports Views Layer 2 Eth...

Страница 494: ...x stp enable undo stp enable Default The spanning tree feature is enabled on all ports Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network admin Usage...

Страница 495: ...ned user roles network admin Usage guidelines For Digest Snooping to take effect you must enable Digest Snooping both globally and on associated ports As a best practice first enable Digest Snooping o...

Страница 496: ...g tree feature is enabled the device dynamically maintains the spanning tree status of VLANs based on received configuration BPDUs When the spanning tree feature is disabled the device stops maintaini...

Страница 497: ...nore pvid inconsistency Default Inconsistent PVID protection is enabled Views System view Predefined user roles network admin Usage guidelines This command takes effect only when the device is operati...

Страница 498: ...e system view Sysname stp log enable tc stp loop protection Use stp loop protection to enable loop guard on a port Use undo stp loop protection to disable loop guard on a port Syntax stp loop protecti...

Страница 499: ...et the maximum number of hops for an MST region Use undo stp max hops to restore the default Syntax stp max hops hops undo stp max hops Default The maximum number of hops for an MST region is 20 Views...

Страница 500: ...ice C perform mCheck operations on the ports that connect Device B and Device C The device operates in STP RSTP PVST or MSTP mode depending on the spanning tree mode setting The stp mcheck command tak...

Страница 501: ...mode is compatible with other modes in any VLAN Trunk or hybrid port The PVST mode is compatible with other modes only in the default VLAN Examples Configure the spanning tree device to operate in ST...

Страница 502: ...he default path costs for ports Use undo stp pathcost standard to restore the default Syntax stp pathcost standard dot1d 1998 dot1t legacy undo stp pathcost standard Default The default standard used...

Страница 503: ...a port that operates in full duplex mode As a best practice use the default setting to let the device automatically detect the port link type In MSTP or PVST mode the stp point to point force false or...

Страница 504: ...t status detection timer expires You can set this timer by using the shutdown interval command For more information about this command see device management commands in Fundamentals Command Reference...

Страница 505: ...for vlan id2 must be equal to or greater than the value for vlan id1 The value range for the vlan id argument is 1 to 4094 priority Specifies the port priority in the range of 0 to 240 in increments...

Страница 506: ...down by BPDU guard after this command is configured The device does not bring up the shutdown ports if you execute the undo stp port shutdown permanent command To bring up these ports you must use the...

Страница 507: ...igabitEthernet1 0 1 has been set to discarding state Aug 16 00 49 41 856 2011 Sysname STP 3 STP_FORWARDING Instance 2 s port GigabitEthernet1 0 2 has been set to forwarding state The output shows that...

Страница 508: ...1 to 4094 priority Specifies the device priority in the range of 0 to 61440 in increments of 4096 as in 0 4096 8192 You can set up to 16 priority values on the device The smaller the value the higher...

Страница 509: ...default MST region configurations Syntax stp region configuration undo stp region configuration Default The default settings for an MST region are as follows The MST region name of the device is its...

Страница 510: ...bitethernet 1 0 1 Sysname GigabitEthernet1 0 1 stp role restriction stp root primary Use stp root primary to configure the device as the root bridge Use undo stp root to restore the default Syntax stp...

Страница 511: ...Syntax stp instance instance list vlan vlan id list root secondary undo stp instance instance list vlan vlan id list root Default The device is not a secondary root bridge Views System view Predefine...

Страница 512: ...oot protection Default Root guard is disabled Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network admin Usage guidelines On a port the loop guard featu...

Страница 513: ...orwarding address entry flush when the interval elapses This prevents frequent flushing of forwarding address entries Examples Disable TC BPDU attack guard for the device Sysname system view Sysname u...

Страница 514: ...er 2 aggregate interface view Predefined user roles network admin Usage guidelines When TC BPDU transmission restriction is enabled on a port the port does not send TC BPDUs to other ports It also doe...

Страница 515: ...imer Use undo stp timer forward delay to restore the default Syntax stp vlan vlan id list timer forward delay time undo stp vlan vlan id list timer forward delay Default The forward delay timer is 150...

Страница 516: ...centiseconds Sysname system view Sysname stp timer forward delay 2000 In PVST mode set the forward delay timer for VLAN 2 to 2000 centiseconds Sysname system view Sysname stp vlan 2 timer forward del...

Страница 517: ...set the hello time for VLAN 2 to 400 centiseconds Sysname system view Sysname stp vlan 2 timer hello 400 Related commands stp bridge diameter stp timer forward delay stp timer max age stp timer max a...

Страница 518: ...n PVST mode set the max age timer for VLAN 2 to 1000 centiseconds Sysname system view Sysname stp vlan 2 timer max age 1000 Related commands stp bridge diameter stp timer forward delay stp timer hello...

Страница 519: ...10 Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network admin Parameters limit Specifies the BPDU transmission rate in the range of 1 to 255 Usage guid...

Страница 520: ...nge for the vlan id argument is 1 to 4094 Usage guidelines When you enable the spanning tree feature the device operates in STP RSTP PVST or MSTP mode depending on the spanning tree mode setting When...

Страница 521: ...the old mapping is automatically deleted This command maps each VLAN to the MSTI with ID VLAN ID 1 modulo 1 VLAN ID 1 modulo is the modulo operation for VLAN ID 1 If the modulo value is 15 then VLAN 1...

Страница 522: ...op detection commands 1 display loopback detection 1 loopback detection action 2 loopback detection enable 3 loopback detection global action 3 loopback detection global enable 4 loopback detection in...

Страница 523: ...Action mode Loop protection action Block When a loop is detected on a port the device performs the following operations Generates a log Disables the port from learning MAC addresses Blocks the port N...

Страница 524: ...yer 2 aggregate interfaces do not support this keyword no learning Enables the no learning mode If a loop is detected the device generates a log and disables MAC address learning on the port Layer 2 a...

Страница 525: ...value range for VLAN IDs is 1 to 4094 The ID for vlan id2 must be no less than the ID for vlan id1 all Specifies all existing VLANs Usage guidelines You can enable loop detection globally or on a per...

Страница 526: ...on takes precedence over the global action Example Set the global loop protection action to shutdown Sysname system view System loopback detection global action shutdown Related commands display loopb...

Страница 527: ...se undo loopback detection interval time to restore the default Syntax loopback detection interval time interval undo loopback detection interval time Default The loop detection interval is 30 seconds...

Страница 528: ...mac vlan trigger enable 22 port pvid forbidden 22 vlan precedence 23 IP subnet based VLAN commands 24 display ip subnet vlan interface 24 display ip subnet vlan vlan 25 ip subnet vlan 26 port hybrid...

Страница 529: ...mands 54 display voice vlan mac address 54 display voice vlan state 54 voice vlan aging 55 voice vlan enable 56 voice vlan mac address 57 voice vlan mode auto 58 voice vlan security enable 59 voice vl...

Страница 530: ...s the expected bandwidth in the range of 1 to 400000000 kbps Usage guidelines The expected bandwidth is an informational parameter used only by higher layer protocols for calculation You cannot adjust...

Страница 531: ...tion Use description to configure the description of a VLAN or VLAN interface Use undo description to restore the default Syntax description text undo description Default For a VLAN the description is...

Страница 532: ...umber the command displays information about all existing VLAN interfaces brief Displays brief interface information If you do not specify this keyword the command displays detailed interface informat...

Страница 533: ...cription Description of the VLAN interface Bandwidth Expected bandwidth of the VLAN interface Maximum transmission unit MTU of the VLAN interface Internet protocol processing Disabled The VLAN interfa...

Страница 534: ...range of 1 to 4094 vlan id1 to vlan id2 Specifies a VLAN ID range Both the vlan id1 and the vlan id2 arguments are in the range of 1 to 4094 The value for the vlan id2 argument must be equal to or gre...

Страница 535: ...r the VLAN Not configured Configured Description Description of the VLAN Name VLAN name IP address Primary IPv4 address of the VLAN interface This field is displayed only when an IPv4 address is confi...

Страница 536: ...15 GE1 0 16 GE1 0 17 GE1 0 18 GE1 0 19 GE1 0 20 GE1 0 21 GE1 0 22 GE1 0 23 GE1 0 24 GE1 0 25 GE1 0 26 GE1 0 27 GE1 0 28 GE1 0 29 GE1 0 30 GE1 0 31 GE1 0 32 GE1 0 33 GE1 0 34 GE1 0 35 GE1 0 36 GE1 0 37...

Страница 537: ...LAN interfaces for secondary VLANs that meet the following requirements Associated with the same primary VLAN Enabled with Layer 3 communication in VLAN interface view of the primary VLAN interface Ex...

Страница 538: ...o a VLAN Use undo name to restore the default Syntax name text undo name Default The name of a VLAN is VLAN vlan id The vlan id argument specifies the VLAN ID in a four digit format If the VLAN ID has...

Страница 539: ...istics on all existing VLAN interfaces Usage guidelines Use this command to clear the history statistics before you collect statistics within a time period Examples Clear statistics on VLAN interface...

Страница 540: ...each Ethernet port is independent of the state of the VLAN interface Examples Shut down VLAN interface 2 and then bring it up Sysname system view Sysname interface vlan interface 2 Sysname Vlan interf...

Страница 541: ...ommands display port Use display port to display information about hybrid or trunk ports Syntax display port hybrid trunk Views Any view Predefined user roles network admin network operator Parameters...

Страница 542: ...cifies a space separated list of up to 10 Ethernet interface items Each item specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface type interface number1 to interf...

Страница 543: ...ess ports to VLAN 1 To move an access port to VLAN 1 execute the undo port access vlan command on the access port Before assigning an access port to a VLAN make sure the VLAN has been created Examples...

Страница 544: ...o VLAN 100 and assign it to VLAN 100 as an untagged member Sysname system view Sysname vlan 100 Sysname vlan100 quit Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 port link type...

Страница 545: ...port the hybrid port allows all the specified VLANs Examples Configure GigabitEthernet 1 0 1 as a hybrid port and assign it to VLAN 2 VLAN 4 and VLAN 50 through VLAN 100 as a tagged member Sysname sy...

Страница 546: ...a range of VLAN IDs in the form of vlan id1 to vlan id2 The value range for VLAN IDs is 1 to 4094 The value for the vlan id2 argument must be equal to or greater than the value for the vlan id1 argum...

Страница 547: ...or correct packet transmission set the same PVID for a local trunk port and its peer To enable a trunk port to transmit packets from its PVID you must assign the trunk port to the PVID by using the po...

Страница 548: ...for the vlan id argument is 1 to 4094 Examples Display all MAC to VLAN entries Sysname display mac vlan all The following MAC VLAN entries exist State S Static D Dynamic MAC address Mask VLAN ID Dot1p...

Страница 549: ...wing ports GigabitEthernet1 0 1 GigabitEthernet1 0 2 GigabitEthernet1 0 3 Related commands mac vlan enable mac vlan enable Use mac vlan enable to enable the MAC based VLAN feature on a port Use undo m...

Страница 550: ...ve Fs in hexadecimal notation The default value is ffff ffff ffff vlan vlan id Specifies a VLAN ID in the range of 1 to 4094 dot1p priority Specifies the 802 1p priority of the VLAN specific to the MA...

Страница 551: ...based VLAN assignment on a port Syntax mac vlan trigger enable undo mac vlan trigger enable Default Dynamic MAC based VLAN assignment is disabled on a port Views Layer 2 Ethernet interface view Predef...

Страница 552: ...me interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 port pvid forbidden Related commands mac vlan trigger enable vlan precedence Use vlan precedence to set the VLAN matching order Use undo...

Страница 553: ...display ip subnet vlan interface interface type interface number1 to interface type interface number2 all Views Any view Predefined user roles network admin network operator Parameters interface type...

Страница 554: ...ased VLAN is not complete The port does not allow the IP subnet based VLAN Related commands display ip subnet vlan vlan ip subnet vlan port hybrid ip subnet vlan display ip subnet vlan vlan Use displa...

Страница 555: ...index Specifies a beginning IP subnet index in the range of 0 to 65535 The value can be configured by users It can also be automatically numbered by the system based on the order in which the IP subne...

Страница 556: ...id all Default A port is not associated with an IP subnet based VLAN Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network admin Parameters vlan vlan id...

Страница 557: ...rface to display protocol based VLANs that are associated with the specified ports Syntax display protocol vlan interface interface type interface number1 to interface type interface number2 all Views...

Страница 558: ...rotocol vlan vlan to display information about protocol based VLANs Syntax display protocol vlan vlan vlan id1 to vlan id2 all Views Any view Predefined user roles network admin network operator Param...

Страница 559: ...l end all undo hybrid protocol vlan vlan vlan id protocol index to protocol end all all Default A port is not associated with a protocol based VLAN Views Layer 2 Ethernet interface view Layer 2 aggreg...

Страница 560: ...tagged Sysname GigabitEthernet1 0 1 port hybrid protocol vlan vlan 2 1 Configure Layer 2 aggregate interface Bridge Aggregation 1 as a hybrid port assign it to VLAN 2 as an untagged member and associa...

Страница 561: ...hat is associated with the VLAN The value range for this argument is 0 to 65535 The system will automatically assign an index if you do not specify this argument to protocol end Specifies an end proto...

Страница 562: ...n3 protocol vlan 1 ipv4 Sysname vlan3 protocol vlan 2 mode ethernetii etype 0806 Related commands display protocol vlan interface display protocol vlan vlan port protocol vlan VLAN group commands disp...

Страница 563: ...oups exist Views System view Predefined user roles network admin Parameters group name Specifies a VLAN group by its name a case sensitive string of 1 to 31 characters The first character must be an a...

Страница 564: ...ch item specifies a VLAN ID or a range of VLAN IDs in the form of vlan id1 to vlan id2 The value range for VLAN IDs is 1 to 4094 The value for the vlan id2 argument must be equal to or greater than th...

Страница 565: ...VLANs and their associated secondary VLANs Examples Display information about primary VLANs and their associated secondary VLANs Sysname display private vlan Primary VLAN ID 2 Secondary VLAN ID 3 4 VL...

Страница 566: ...s display interface vlan interface display this VLAN interface view IPv4 subnet mask Subnet mask for the primary IPv4 address of the VLAN interface This field is displayed only when an IPv4 address is...

Страница 567: ...imary VLAN associated with the secondary VLAN Also the following events occur For an access port the device performs the following operations Changes the port link type to hybrid Configures the second...

Страница 568: ...1 to VLAN 20 and then verify the configuration Sysname GigabitEthernet1 0 1 port access vlan 20 Sysname GigabitEthernet1 0 1 display this interface GigabitEthernet1 0 1 port link mode bridge port priv...

Страница 569: ...r untagged member of the primary VLAN and part of its associated secondary VLANs this member attribute remains in these VLANs The device assigns the hybrid port to the rest of the associated secondary...

Страница 570: ...is an untagged member of primary VLAN 2 and secondary VLAN 20 The port link type of GigabitEthernet 1 0 1 is hybrid and its PVID is VLAN 2 Execute the undo port private vlan command on GigabitEtherne...

Страница 571: ...ines If the specified VLANs are primary VLANs that have been associated with secondary VLANs the command assigns the port to the associated secondary VLANs Also the following events occur For an acces...

Страница 572: ...ethernet 1 0 1 Sysname GigabitEthernet1 0 1 display this interface GigabitEthernet1 0 1 port link mode bridge return Configure GigabitEthernet 1 0 1 as a trunk promiscuous port of VLANs 2 and 3 and th...

Страница 573: ...VLANs Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network admin Parameters vlan id list Specifies a space separated list of up to 10 secondary VLAN it...

Страница 574: ...this command This command does not take effect on the specified VLAN if any of the following conditions applies The specified VLAN does not exist The specified VLAN is not a secondary VLAN and is use...

Страница 575: ...this interface GigabitEthernet1 0 1 port link mode bridge port link type hybrid port hybrid vlan 2 3 tagged port hybrid vlan 1 untagged return The output shows that GigabitEthernet 1 0 1 is removed fr...

Страница 576: ...idge port link type hybrid port hybrid vlan 1 untagged return The output shows that GigabitEthernet 1 0 1 is removed from VLAN 10 The port link type and PVID of GigabitEthernet 1 0 1 do not change Rel...

Страница 577: ...multiple times all the specified secondary VLANs are interoperable at Layer 3 When you execute the undo private vlan command follow these guidelines If you specify the secondary vlan id list option th...

Страница 578: ...Enable local proxy ARP on VLAN interface 2 Sysname Vlan interface2 local proxy arp enable Related commands private vlan VLAN view private vlan primary private vlan VLAN view Use private vlan to associ...

Страница 579: ...dissociates the primary VLAN from all secondary VLANs Examples Associate primary VLAN 2 with secondary VLANs 3 and 4 Sysname system view Sysname vlan 3 to 4 Sysname vlan 2 Sysname vlan2 private vlan p...

Страница 580: ...GigabitEthernet1 0 1 quit Assign GigabitEthernet 1 0 2 to VLAN 4 and configure the port as a host port Sysname interface gigabitethernet 1 0 2 Sysname GigabitEthernet1 0 2 port access vlan 4 Sysname...

Страница 581: ...ame vlan 4 Sysname vlan4 quit Sysname vlan 2 Sysname vlan2 private vlan primary Sysname vlan2 private vlan secondary 4 Sysname vlan2 quit Configure GigabitEthernet 1 0 1 as a promiscuous port of VLAN...

Страница 582: ...on is triggered based on the interface configuration when the following conditions exist This command is configured for a VLAN that has been associated with secondary VLANs Ports on the device are pro...

Страница 583: ...00 ffff ff00 0000 Cisco phone 0004 0d00 0000 ffff ff00 0000 Avaya phone 000f e200 0000 ffff ff00 0000 H3C Aolynk phone 0060 b900 0000 ffff ff00 0000 Philips NEC phone 00d0 1e00 0000 ffff ff00 0000 Pin...

Страница 584: ...ecurity Normal Voice VLAN aging time Voice VLAN aging timer No aging indicates that the voice VLAN does not age out Voice VLAN enabled ports and their modes Voice VLAN enabled ports and their voice VL...

Страница 585: ...for a voice VLAN equals the sum of the voice VLAN aging timer and the aging timer for its dynamic MAC address entry For more information about the aging timer for dynamic MAC address entries see MAC a...

Страница 586: ...or voice packet identification Use undo voice vlan mac address to delete an OUI address Syntax voice vlan mac address mac address mask oui mask description text undo voice vlan mac address oui Default...

Страница 587: ...1234 1234 1234 and the mask as fff ff00 0000 Configure the OUI address description as PhoneA Sysname system view Sysname voice vlan mac address 1234 1234 1234 mask ffff ff00 0000 description PhoneA Re...

Страница 588: ...y voice packets whose source MAC addresses match the OUI addresses of the device In normal mode a voice VLAN transmits voice packets and non voice packets Examples Disable the voice VLAN security mode...

Страница 589: ...60 Examples Enable LLDP for automatic IP phone discovery Sysname system view Sysname voice vlan track lldp...

Страница 590: ...g status 1 display mvrp state 2 display mvrp statistics 3 mrp timer join 5 mrp timer leave 6 mrp timer leaveall 7 mrp timer periodic 8 mvrp enable 9 mvrp global enable 9 mvrp gvrp compliance enable 10...

Страница 591: ...erface number1 argument If the specified interfaces are not enabled with MVRP this command displays global MVRP information If you do not specify this option the command displays global MVRP informati...

Страница 592: ...ffect on the port Enabled MVRP takes effect on the port Disabled MVRP does not take effect on the port Whether MVRP takes effect on a port is determined by the following items Global and port specific...

Страница 593: ...ut Field Description MVRP state of VLAN 2 on port GE1 0 1 MVRP state of GigabitEthernet 1 0 1 in VLAN 2 App state State of the attribute that the local participant declares to its peer participant VO...

Страница 594: ...d ports Usage guidelines If MVRP is disabled on the specified ports this command does not provide any output Examples Display MVRP statistics of all ports Sysname display mvrp statistics GigabitEthern...

Страница 595: ...Received Number of JoinIn events received In Event Received Number of In events received JoinMt Event Received Number of JoinMt events received Mt Event Received Number of Mt events received Leave Ev...

Страница 596: ...by 20 centiseconds Examples Set the Join timer to 40 centiseconds In this example the Leave timer is 100 centiseconds Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEtherne...

Страница 597: ...LeaveAll timer Use undo mrp timer leaveall to restore the default Syntax mrp timer leaveall timer value undo mrp timer leaveall Default The LeaveAll timer is 1000 centiseconds Views Layer 2 Ethernet i...

Страница 598: ...rp timer periodic Use mrp timer periodic to set the Periodic timer Use undo mrp timer periodic to restore the default Syntax mrp timer periodic timer value undo mrp timer periodic Default The Periodic...

Страница 599: ...lobally and on the port The port is physically up The port link type is trunk The port is not a member of an aggregation group Examples Enable MVRP on GigabitEthernet 1 0 1 Sysname system view Sysname...

Страница 600: ...iance enable to restore the default Syntax mvrp gvrp compliance enable undo mvrp gvrp compliance enable Default MVRP is incompatible with GVRP Views System view Predefined user roles network admin Usa...

Страница 601: ...lated commands display mvrp running status reset mvrp statistics Use reset mvrp statistics to clear MVRP statistics for ports Syntax reset mvrp statistics interface interface list Views User view Pred...

Страница 602: ...12 Related commands display mvrp statistics...

Страница 603: ...i Contents QinQ commands 1 display qinq 1 qinq enable 2 qinq ethernet type interface view 2 qinq ethernet type system view 3 qinq transparent vlan 4...

Страница 604: ...isplays all QinQ enabled interfaces Usage guidelines If QinQ is not enabled on any interfaces this command does not provide any output Examples Enable QinQ on GigabitEthernet 1 0 1 Then verify that Qi...

Страница 605: ...stem view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 qinq enable Related commands display qinq qinq ethernet type interface view Use qinq ethernet type to set the TPID value...

Страница 606: ...A port without QinQ enabled uses the SVLAN TPID to match incoming tagged frames The port modifies the TPID in the SVLAN tag of outgoing frames as the configured value Examples Set the TPID value in SV...

Страница 607: ...RARP 0x8035 IP 0x0800 IPv6 0x86dd PPPoE 0x8863 0x8864 MPLS 0x8847 0x8848 IPX SPX 0x8137 IS IS 0x8000 LACP 0x8809 LLDP 0x88cc 802 1X 0x888e 802 1ag 0x8902 Cluster 0x88a7 Reserved 0xfffd 0xfffe 0xffff E...

Страница 608: ...o ensure successful transmission for a transparent VLAN follow these configuration guidelines Set the link type of the port to trunk or hybrid and assign the port to the transparent VLAN Do not config...

Страница 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...

Страница 610: ...Interface GigabitEthernet1 0 1 Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN 10 N A 120 N A Interface GigabitEthernet1 0 3 Outer VLAN Inner VLAN Translated Outer VLAN Translated I...

Страница 611: ...nges and the SVLAN for a one to two VLAN mapping The vlan range list argument specifies a space separated list of up to 10 CVLAN items Each item specifies a CVLAN ID or a range of CVLAN IDs in the for...

Страница 612: ...the packet length is added by 4 bytes As a best practice set the MTU to a minimum of 1504 bytes for ports on the forwarding path of the packet on the service provider network Examples Configure a one...

Страница 613: ...lv port id 29 lldp global tlv enable basic tlv management address tlv 30 lldp hold multiplier 32 lldp ignore pvid inconsistency 32 lldp local information all interface 33 lldp management address 34 ll...

Страница 614: ...mmand configured CDP frames sent to IP phones from the interface carry the voice VLAN ID specified in this command IP phones use the voice VLAN ID to send voice traffic Examples Set the voice VLAN ID...

Страница 615: ...ervice Bridge MED information Device class Connectivity device MED inventory information of master board HardwareRev REV A FirmwareRev 109 SoftwareRev 7 1 070 Release 6343P09 SerialNum NONE Manufactur...

Страница 616: ...PSE Power source Primary Power priority Unknown PD requested power value 0 0 w PSE allocated power value 0 0 w PD requested power value mode A 0 0 W PD requested power value mode B 0 0 W PSE allocate...

Страница 617: ...s Bridge Switching is enabled Router Routing is enabled Repeater Signal repeating is enabled Telephone The local device is acting as a telephone DocsisCableDevice The local device is acting as a DOCSI...

Страница 618: ...ther link aggregation is supported on the port Link aggregation enabled Indicates whether link aggregation is enabled on the port Aggregation port ID Member port ID which is 0 when link aggregation is...

Страница 619: ...alue alternative A This field is supported only on the UPWR switches 4 pair PSE allocated power value in mode A in watts PSE allocated power value alternative B This field is supported only on the UPW...

Страница 620: ...ss 2 Class 3 Class 4 Class 5 Single signature PD or 2 pair only PSE A single signature PD is connected or a 2 pair PSE power supply is used Power class ext This field is supported only on the UPWR swi...

Страница 621: ...eiving priority of PD ports Unknown Critical High Low Port available power value Available PoE power on PSE ports or power needed on PD ports in watts Transmit Tw Sleep time of the local client in s R...

Страница 622: ...iled LLDP information that the local device receives from the neighboring devices If you do not specify this keyword the command displays the brief LLDP information that the local device receives from...

Страница 623: ...plex Full Power port class PD PSE power supported Yes PSE power enabled Yes PSE pairs control ability Yes Power pairs Signal Port power classification Class 0 Power type Type 2 PD Power source PSE and...

Страница 624: ...n of port 3 GigabitEthernet1 0 3 LLDP agent nearest nontpmr LLDP neighbor index 6 ChassisID subtype 0011 2233 4400 MAC address PortID subtype 000c 29f5 c715 MAC address Capabilities None Display brief...

Страница 625: ...is supported Telephone The neighboring device can act as a telephone DocsisCableDevice The neighboring device can act as a DOCSIS compliant cable device StationOnly The neighboring device can act as...

Страница 626: ...er the pair selection ability is available Power pairs Power supply mode Signal Uses data pairs to supply power Spare Uses spare pairs to supply power Port power classification Power class of the PD C...

Страница 627: ...R switches PD powered status Reserved Unknown powered status Powered single signature PD Powered status of a single signature PD 2 pair Powered dual signature PD Powered status of a dual signature PD...

Страница 628: ...s field is supported only on theUPWR switches Indicates whether a dual signature PD is connected and isolation between mode A and mode B is required PSE maximum available power This field is supported...

Страница 629: ...nearest customer bridge neighbor display lldp statistics Use display lldp statistics to display the global LLDP statistics or the LLDP statistics of a port Syntax display lldp statistics global inter...

Страница 630: ...ber of CDP frames transmitted 0 The number of CDP frames received 0 The number of CDP frames discarded 0 The number of CDP error frames 0 LLDP agent nearest nontpmr The number of LLDP frames transmitt...

Страница 631: ...LLDP neighbor information last change time Time when the neighbor information was last updated The number of LLDP neighbor information inserted Number of times neighbor information was added The numbe...

Страница 632: ...max credit 5 Hold multiplier 4 Reinit delay 2s Trap interval 5s Fast start times 3 LLDP status information of port 1 GigabitEthernet1 0 1 LLDP agent nearest bridge Port status of LLDP Enable Admin st...

Страница 633: ...iggered Port 1 LLDP status of port 1 Port status of LLDP Indicates whether LLDP is enabled on the port Admin status LLDP operating mode of the port TX_RX The port can send and receive LLDP frames Rx_O...

Страница 634: ...rest nontpmr Specifies nearest non TPMR bridge agents Examples Display the types of advertisable optional LLDP TLVs of GigabitEthernet 1 0 1 Sysname display lldp tlv config interface gigabitethernet 1...

Страница 635: ...ES NO Power via MDI TLV YES NO Maximum Frame Size TLV YES NO LLDP MED extend TLV Capabilities TLV YES NO Network Policy TLV YES NO Location Identification TLV NO NO Extended Power via MDI TLV YES NO I...

Страница 636: ...pabilities TLV Management Address TLV IEEE 802 1 extended TLV IEEE 802 1 organizationally specific TLVs Port PVID TLV Port and protocol VLAN ID TLV VLAN name TLV DCBX TLV DCBX TLVs are not supported i...

Страница 637: ...LDP agent type If you do not specify an agent type in Ethernet the command sets the operating mode for nearest bridge agents nearest customer Specifies nearest customer bridge agents nearest nontpmr S...

Страница 638: ...ts the polling interval for nearest bridge agents nearest customer Specifies nearest customer bridge agents nearest nontpmr Specifies nearest non TPMR bridge agents interval Sets the LLDP polling inte...

Страница 639: ...xamples Enable CDP compatible LLDP globally and configure CDP compatible LLDP to operate in TxRx mode on GigabitEthernet 1 0 1 Sysname system view Sysname lldp compliance cdp Sysname interface gigabit...

Страница 640: ...s LLDP takes effect on a port only when LLDP is enabled both globally and on the port Examples Disable LLDP on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname...

Страница 641: ...R bridge agents Usage guidelines LLDP CDP packets use only SNAP encapsulation Examples Set the encapsulation format for LLDP frames to SNAP on GigabitEthernet 1 0 1 Sysname system view Sysname interfa...

Страница 642: ...itial configuration or factory defaults see Fundamentals Configuration Guide Views System view Predefined user roles network admin Usage guidelines LLDP takes effect on a port only when LLDP is enable...

Страница 643: ...rt ID TLV type in system view or interface view The interface specific setting takes precedence over the global setting Examples Enable the device to advertise port ID TLVs that contain interface name...

Страница 644: ...If you execute this command multiple times the most recent configuration takes effect You can configure advertisement of the management address TLV globally or on a per interface basis The device sel...

Страница 645: ...e Sets the TTL multiplier in the range of 2 to 10 Usage guidelines The TTL TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device...

Страница 646: ...ormation all interface to enable displaying LLDP local information about all interfaces Use undo lldp local information all interface to disable displaying LLDP local information about interfaces not...

Страница 647: ...an ARP entry if the received management address TLV contains an IPv4 address nd learning Generates an ND entry if the received management address TLV contains an IPv6 address vlan vlan id Specifies t...

Страница 648: ...format string undo lldp agent nearest customer nearest nontpmr management address format In Layer 2 aggregate interface view lldp agent nearest customer nearest nontpmr management address format stri...

Страница 649: ...x credit credit value undo lldp max credit Default The token bucket size for sending LLDP frames is 5 Views System view Predefined user roles network admin Parameters credit value Specifies the token...

Страница 650: ...is enabled globally If LLDP is disabled globally LLDP can only operate in customer bridge mode Examples Configure LLDP to operate in service bridge mode Sysname system view Sysname lldp mode service...

Страница 651: ...agent Specifies an LLDP agent type If you do not specify an agent type in Ethernet the command enables LLDP trapping for nearest bridge agents nearest customer Specifies nearest customer bridge agents...

Страница 652: ...situations The specified VLAN or the corresponding VLAN interface does not exist The VLAN interface to which the VLAN ID belongs is physically down Examples Set the source MAC address of LLDP frames...

Страница 653: ...n Parameters interval Sets the LLDP trap and LLDP MED trap transmission interval in the range of 5 to 3600 seconds Examples Set both the LLDP trap and LLDP MED trap transmission interval to 8 seconds...

Страница 654: ...68 seconds Examples Set the LLDP frame transmission interval to 20 seconds Sysname system view Sysname lldp timer tx interval 20 lldp tlv config basic tlv port id Use lldp tlv config basic tlv port id...

Страница 655: ...onfigure the port ID TLV type in system view or interface view The interface specific setting takes precedence over the global setting Examples Enable GigabitEthernet 1 0 1 to advertise port ID TLVs t...

Страница 656: ...ot3 tlv all link aggregation undo lldp tlv enable dot1 tlv protocol vlan id vlan name management vid For nearest customer bridge agents lldp agent nearest customer tlv enable basic tlv all port descri...

Страница 657: ...ny TLVs Nearest customer bridge agents can advertise basic TLVs and IEEE 802 1 organizationally specific TLVs Among the IEEE 802 1 organizationally specific TLVs only port and protocol VLAN ID TLVs VL...

Страница 658: ...he permitted VLANs is assigned an IPv4 or IPv6 address or all VLAN interfaces are down the MAC address of the interface will be advertised For a Layer 2 aggregate interface the IPv4 or IPv6 address of...

Страница 659: ...on firmware revision software revision serial number manufacturer name model name and asset ID location id Advertises location identification TLVs civic address Inserts the typical address information...

Страница 660: ...ble private tlv to disable advertising H3C proprietary TLVs on an interface Syntax lldp agent nearest customer nearest nontpmr tlv enable private tlv actual power undo lldp agent nearest customer near...

Страница 661: ...ameters interface interface type interface number Specifies a port by its type and number If you do not specify this option the command clears LLDP statistics on all ports agent Specifies an agent typ...

Страница 662: ...i Contents L2PT commands 1 display l2protocol statistics 1 l2protocol tunnel dot1q 2 l2protocol tunnel dmac 4 l2protocol type tunnel dmac 4 reset l2protocol statistics 6...

Страница 663: ...2PT statistics for all Layer 2 Ethernet and aggregate interfaces Examples Display L2PT statistics for all Layer 2 Ethernet and aggregate interfaces Sysname display l2protocol statistics L2PT statistic...

Страница 664: ...ncreases by 1 when the interface receives a protocol packet and forwards it The number increases by 1 for protocol Tunnel when the interface receives a tunneled packet and forwards it If no interface...

Страница 665: ...LD vtp Specifies VTP Usage guidelines Before you enable L2PT for a protocol on a port perform the following tasks Enable the protocol on the CE and disable the protocol on the port Enable L2PT only on...

Страница 666: ...roles network admin Parameters mac address Specifies a destination multicast MAC address The available addresses are 0100 0ccd cdd0 0100 0ccd cdd1 0100 0ccd cdd2 and 010f e200 0003 Usage guidelines T...

Страница 667: ...n multicast MAC address for tunneled packets of the specified protocol in the range of 0100 0000 0000 to 01ff ffff ffff Usage guidelines The l2protocol tunnel dmac command sets the destination multica...

Страница 668: ...User view Predefined user roles network admin Parameters interface interface type interface number Specifies a Layer 2 Ethernet or aggregate interface by its type and number If you do not specify thi...

Страница 669: ...relay client information 1 display pppoe relay statistics 2 pppoe relay client information format 3 pppoe relay client information strategy 5 pppoe relay enable 6 pppoe relay server information vendo...

Страница 670: ...fic tag processing for client side packets on the PPPoE relay Sysname display pppoe relay client information format The current client information format Circuit ID ASCII Remote ID ASCII Display the p...

Страница 671: ...PADR packets Keep Keeps the vendor specific tag unchanged Replace Pads the vendor specific tag in the configured padding format Related commands pppoe relay client information format pppoe relay clien...

Страница 672: ...of PADT packets Packets dropped Dropped packets statistics of the interface Server responses from untrusted ports Number of PADO and PADS packets dropped on untrusted ports Client requests towards un...

Страница 673: ...ters the first 63 characters are padded When the user defined format is used the system automatically recognizes the escape keyword input by the user and translates it to the actual information For mo...

Страница 674: ...mac for the remote ID Sysname pppoe relay client information format remote id user defined mac Examples Configure the circuit ID padding format as the ASCII string format for the client side PPPoE pa...

Страница 675: ...p member ports If a Layer 2 Ethernet interface is configured with this command before joining a Layer 2 aggregation group the command is cleared on the member port after the member ports joins the agg...

Страница 676: ...ay trusted port with this feature enabled the PPPoE relay strips the vendor specific tags of the packets before forwarding the packets This command takes effect only on packets received on PPPoE relay...

Страница 677: ...configure the PPPoE server facing interfaces on the PPPoE relay as trusted ports and configure the PPPoE client facing interfaces on the PPPoE relay as untrusted ports This command is not supported on...

Страница 678: ...9 Related commands reset pppoe relay statistics...

Страница 679: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series Layer 3 IP Services Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 680: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 681: ...enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which you sel...

Страница 682: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 683: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 684: ...p openflow count 15 display arp timer aging 16 display arp user ip conflict record 16 display arp user move record 18 display arp vpn instance 19 reset arp 20 Gratuitous ARP commands 21 arp ip conflic...

Страница 685: ...dd static ARP entries that contain multicast MAC addresses When dynamic ARP entry check is disabled ARP entries containing multicast MAC addresses are supported The device can learn dynamic ARP entrie...

Страница 686: ...ng only when you are auditing or troubleshooting ARP events Examples Enable ARP logging Sysname system view Sysname arp check log enable arp mac interface consistency check enable Use arp mac interfac...

Страница 687: ...s 0 to 1024 alarm alarm threshold Specifies an alarm threshold for dynamic ARP learning in percentage The value range for the alarm threshold argument is 1 to 100 The device generates a log message wh...

Страница 688: ...redefined user roles network admin Parameters max number Specifies the maximum number of dynamic ARP entries for a device The value range for this argument is 0 to 1024 slot slot number Specifies an I...

Страница 689: ...ticast or multiport unicast MAC address entry to specify multiple output interfaces The MAC address entry must have the same MAC address and VLAN ID as the multiport ARP entry In addition the IP addre...

Страница 690: ...rface by its type and number vpn instance vpn instance name Specifies an MPLS L3VPN instance to which the static ARP entry belongs The vpn instance name argument represents the VPN instance name a cas...

Страница 691: ...ernet 1 0 1 Related commands display arp reset arp arp timer aging Use arp timer aging to set the aging timer for dynamic ARP entries Use undo arp timer aging to restore the default Syntax arp timer a...

Страница 692: ...view Sysname interface vlan interface 2 Sysname Vlan interface2 arp timer aging second 200 Related commands arp timer aging probe count arp timer aging probe interval display arp timer aging arp timer...

Страница 693: ...ve probes for dynamic ARP entries Sysname system view Sysname arp timer aging probe count 5 Allow the device to perform a maximum of five probes for dynamic ARP entries on VLAN interface 2 Sysname sys...

Страница 694: ...the probe interval to 10 seconds for dynamic ARP entries on VLAN interface 2 Sysname system view Sysname interface vlan interface 2 Sysname Vlan interface2 arp timer aging probe interval 10 Related c...

Страница 695: ...port migrations Use undo arp user move record enable to disable recording user port migrations Syntax arp user move record enable undo arp user move record enable Default Recording user port migratio...

Страница 696: ...nt Displays the number of ARP entries verbose Displays detailed information about ARP entries Usage guidelines This command displays information about ARP entries including the IP address MAC address...

Страница 697: ...does not belong to the VLAN Interface Output interface in an ARP entry This field displays hyphens in either of the following situations The ARP entry is an unresolved short static ARP entry The ARP e...

Страница 698: ...ersion Name of the VSI to which the ARP entry belongs If the ARP entry does not belong to any VSI this field displays hyphens VSI interface This field is not supported in the current software version...

Страница 699: ...ludes the IP address MAC address VLAN ID output interface entry type and aging timer Examples Display the ARP entry for the IP address 20 1 1 1 Sysname display arp 20 1 1 1 Type S Static D Dynamic O O...

Страница 700: ...sname display arp timer aging Current ARP aging time is 1200 seconds Related commands arp timer aging display arp user ip conflict record Use display arp user ip conflict record to display user IP add...

Страница 701: ...d Description IP address IP address of a user System time Time when the user IP address conflict occurred Conflict count Number of times that conflicts for the IP address Log suppress count Number of...

Страница 702: ...0 user port migration records When the number of user port migration records reaches the upper limit new records will overwrite the earliest ones Examples Display all user port migration records Sysna...

Страница 703: ...the ARP entries for a VPN instance Syntax display arp vpn instance vpn instance name count Views Any view Predefined user roles network admin network operator Parameters vpn instance name Specifies a...

Страница 704: ...D If you do not specify a member device this command clears ARP entries for the master device interface interface type interface number Specifies an interface by its type and number If you do not spec...

Страница 705: ...rror message after the device receives an ARP reply about the conflict You can use this command to enable the device to display error messages before sending a gratuitous ARP reply or request for conf...

Страница 706: ...enabled on multiple interfaces Each interface is configured with multiple secondary IP addresses A small sending interval is configured in the preceding cases Examples Enable VLAN interface 2 to send...

Страница 707: ...ble to disable learning of gratuitous ARP packets Syntax gratuitous arp learning enable undo gratuitous arp learning enable Default Learning of gratuitous ARP packets is enabled Views System view Pred...

Страница 708: ...n it receives ARP requests whose sender IP address is on a different subnet Views System view Predefined user roles network admin Examples Disable a device from sending gratuitous ARP packets upon rec...

Страница 709: ...command to check whether local proxy ARP is enabled or disabled Examples Display the local proxy ARP status for VLAN interface 2 Sysname display local proxy arp interface vlan interface 2 Interface V...

Страница 710: ...for which local proxy ARP is enabled The start IP address must be lower than or equal to the end IP address Usage guidelines Proxy ARP enables a device on a network to answer ARP requests for an IP a...

Страница 711: ...nables a device on a network to answer ARP requests for an IP address not on that network With proxy ARP hosts in different broadcast domains can communicate with each other as they do on the same net...

Страница 712: ...g to display ARP snooping entries Syntax display arp snooping vlan vlan id slot slot number count display arp snooping vlan ip ip address slot slot number Views Any view Predefined user roles network...

Страница 713: ...AC address in an ARP snooping entry VLAN ID ID of the VLAN to which the ARP snooping entry belongs Interface Input interface in an ARP snooping entry Aging Aging time for an ARP snooping entry in minu...

Страница 714: ...ip ip address Deletes the ARP snooping entry for the specified IP address in VLANs Examples Delete ARP snooping entries for VLAN 2 Sysname reset arp snooping vlan 2 Related commands display arp snoopi...

Страница 715: ...ble ARP direct route advertisement Syntax arp route direct advertise undo arp route direct advertise Default ARP direct route advertisement is disabled Views Interface view Predefined user roles netwo...

Страница 716: ...i Contents IP addressing commands 1 display ip interface 1 display ip interface brief 3 ip address 5 ip address unnumbered 6...

Страница 717: ...ude the following information The number of unicast packets bytes and multicast packets the interface has sent and received The number of TTL invalid packets and ICMP packets the interface has receive...

Страница 718: ...e data link layer protocol is up UP spoofing The data link layer protocol is up but the link is an on demand link or does not exist Internet Address IP address of an interface followed by Primary A pr...

Страница 719: ...ackets Related commands display ip interface brief ip address display ip interface brief Use display ip interface brief to display brief IP configuration for Layer 3 interfaces Syntax display ip inter...

Страница 720: ...terface is administratively shut down by using the shutdown command down The interface is administratively up but its physical state is down possibly because of a connection or link failure up Both th...

Страница 721: ...command multiple times to specify different primary IP addresses on an interface the most recent configuration takes effect If the interface connects to multiple subnets configure primary and secondar...

Страница 722: ...ually or through DHCP If the IP addresses are not enough or the interface is used only occasionally you can configure an interface to borrow an IP address from other interfaces This is called IP unnum...

Страница 723: ...hcp server database update now 18 dhcp server database update stop 18 dhcp server forbidden ip 19 dhcp server ip pool 20 dhcp server ping packets 21 dhcp server ping timeout 21 dhcp server relay infor...

Страница 724: ...splay dhcp relay information 68 display dhcp relay server address 70 display dhcp relay statistics 70 gateway list 72 master server switch delay 73 remote server 73 remote server algorithm 74 reset dh...

Страница 725: ...ing 97 display dhcp snooping binding database 99 display dhcp snooping information 100 display dhcp snooping packet statistics 101 display dhcp snooping trust 102 reset dhcp snooping binding 103 reset...

Страница 726: ...on the DHCP server reclaims an assigned IP address and deletes the binding entry when the ARP entry ages out for the IP address This feature on the DHCP relay agent deletes the related relay entry and...

Страница 727: ...the DHCP relay agent Sysname system view Sysname dhcp dscp 30 dhcp enable Use dhcp enable to enable DHCP Use undo dhcp enable to disable DHCP Syntax dhcp enable undo dhcp enable Default DHCP is disabl...

Страница 728: ...this situation might occur when a large number of clients frequently come online or go offline Examples Enable DHCP server logging Sysname system view Sysname dhcp log enable dhcp select Use dhcp sel...

Страница 729: ...s in these responses as its own IP address Examples Enable the DHCP relay agent on VLAN interface 2 Sysname system view Sysname interface vlan interface 2 Sysname Vlan interface2 dhcp select relay Rel...

Страница 730: ...8 150 in address pool 1 Sysname system view Sysname dhcp server ip pool 1 Sysname dhcp pool 1 address range 192 168 8 1 192 168 8 150 Related commands class dhcp class display dhcp server pool network...

Страница 731: ...ame to restore the default Syntax bootfile name bootfile name url undo bootfile name Default No configuration file name or URL is specified Views DHCP address pool view Predefined user roles network a...

Страница 732: ...lass Views DHCP policy view Predefined user roles network admin Parameters class name Specifies a DHCP user class by its name a case insensitive string of 1 to 63 characters pool name Specifies a DHCP...

Страница 733: ...he DHCP options in the option group If multiple matches are found the server selects option groups by using the following methods If the option groups have options in common the server selects the opt...

Страница 734: ...range specified by the address range command If the address range has no assignable IP addresses or no address range is configured the address allocation fails After you specify an address range for...

Страница 735: ...configuration takes effect Examples Specify DHCP address pool pool1 as the default DHCP address pool in DHCP policy 1 Sysname system view Sysname dhcp policy 1 Sysname dhcp policy 1 default ip pool p...

Страница 736: ...e undo dhcp class class name Default No DHCP user classes exist Views System view Predefined user roles network admin Parameters class name Specifies the name of a DHCP user class a case insensitive s...

Страница 737: ...rs option group number Assigns a number to the DHCP option group in the range of 1 to 32768 Examples Create DHCP option group 1 and enter DHCP option group view Sysname system view Sysname dhcp option...

Страница 738: ...st to enable the DHCP server to broadcast all responses Use undo dhcp server always broadcast to restore the default Syntax dhcp server always broadcast undo dhcp server always broadcast Default The D...

Страница 739: ...from all address pools If no static binding is found the server assigns configuration parameters from the address pool applied on the interface to the client If the address pool has no assignable IP a...

Страница 740: ...1048 Default This feature is disabled The DHCP server does not process the Vend field of RFC 1048 incompliant requests but copies the Vend field into responses Views System view Predefined user roles...

Страница 741: ...bindings to a file Use undo dhcp server database filename to restore the default Syntax dhcp server database filename filename url url undo dhcp server database filename Default The DHCP server does n...

Страница 742: ...e dhcp Related commands dhcp server database update interval dhcp server database update now dhcp server database update stop dhcp server database update interval Use dhcp server database update inter...

Страница 743: ...Usage guidelines Each time this command is executed the DHCP bindings are saved to the backup file For this command to take effect you must configure the DHCP auto backup by using the dhcp server dat...

Страница 744: ...ndo dhcp server forbidden ip to remove the configuration Syntax dhcp server forbidden ip start ip address end ip address vpn instance vpn instance name undo dhcp server forbidden ip start ip address e...

Страница 745: ...r ip pool to create a DHCP address pool and enter its view or enter the view of an existing DHCP address pool Use undo dhcp server ip pool to delete the specified DHCP address pool Syntax dhcp server...

Страница 746: ...ss before assigning it to a DHCP client If a ping attempt succeeds the server determines that the IP address is in use and picks a new IP address If all the ping attempts fail the server assigns the I...

Страница 747: ...view Sysname dhcp server ping timeout 1000 Related commands dhcp server ping packets display dhcp server conflict reset dhcp server conflict dhcp server relay information enable Use dhcp server relay...

Страница 748: ...its IP address is correct If the requested IP address is different from the allocated one or has no matching lease record the DHCP server remains silent by default After the allocated IP address lease...

Страница 749: ...HCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address conflict The DHCP server discovers that the only assignable address in the address pool is its own IP address...

Страница 750: ...n information Syntax display dhcp server expired ip ip address vpn instance vpn instance name pool pool name Views Any view Predefined user roles network admin network operator Parameters ip ip addres...

Страница 751: ...d user roles network admin network operator Parameters pool pool name Displays assignable IP addresses in the specified address pool The pool name is a case insensitive string of 1 to 63 characters If...

Страница 752: ...dress Displays binding information about the specified assigned IP address If you do not specify an IP address this command displays binding information about all assigned IP addresses vpn instance vp...

Страница 753: ...atic binding has not been assigned to the specific client Unlimited Infinite lease expiration time After 2100 The lease will expire after 2100 Type Binding types Static F A free static binding whose I...

Страница 754: ...68 domain name www aabbcc com bims server ip 192 168 0 51 sharekey cipher c 3 K13OmQPi791YvQoF2Gs1E 65LOU option 2 ip address 1 1 1 1 expired day 1 hour 2 minute 3 second 0 Pool name 1 Network 20 1 2...

Страница 755: ...e DHCP user class and its address range static bindings Static IP to MAC client ID bindings option Customized DHCP option expired Lease duration bootfile name Boot file name dns list DNS server IP add...

Страница 756: ...plays information about all address pools vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters If you do not specify a VPN instance...

Страница 757: ...if you display statistics for a specific address pool Messages received DHCP packets received from clients DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM BOOTPREQUEST This field is not di...

Страница 758: ...ame dhcp pool 0 dns list 10 1 1 254 Related commands display dhcp server pool domain name Use domain name to specify a domain name in a DHCP address pool Use undo domain name to restore the default Sy...

Страница 759: ...ange of 0 to 59 The default is 0 unlimited Specifies the unlimited lease duration which is actually 136 years Usage guidelines The DHCP server assigns an IP address together with the lease duration to...

Страница 760: ...xclude a maximum of 4096 IP addresses in an address pool by executing this command multiple times If you do not specify any parameters the undo forbidden ip command removes all excluded IP addresses E...

Страница 761: ...secondary subnet view DHCP assigns those specified in address pool view If you do not specify any parameters the undo gateway list command deletes all gateway addresses Examples Specify gateway addres...

Страница 762: ...ule For example if you specify abc in the rule option content xabc xyzabca xabcyz and abcxyz all match the rule hex hex string Specifies a hexadecimal number The length of the hexadecimal number must...

Страница 763: ...offset offset partial options If you do not specify the offset or partial parameter a packet matches a rule if the option content starts with the ASCII string Examples Configure match rule 1 for DHCP...

Страница 764: ...hold for the address pool usage percentage The value range is 1 to 100 Usage guidelines If you execute this command in the same address pool view multiple times the most recent configuration takes eff...

Страница 765: ...ame dhcp pool 0 nbns list 10 1 1 1 Related commands display dhcp server pool netbios type netbios type Use netbios type to specify the NetBIOS node type in a DHCP address pool Use undo netbios type to...

Страница 766: ...ied subnet Syntax network network address mask length mask mask secondary undo network network address mask length mask mask secondary Default No subnet is specified in a DHCP address pool Views DHCP...

Страница 767: ...Sysname dhcp pool 0 network 192 168 8 0 mask 255 255 255 0 Sysname dhcp pool 0 network 192 168 10 0 mask 255 255 255 0 secondary Sysname dhcp pool 0 secondary Related commands display dhcp server poo...

Страница 768: ...decimal number must be an even number in the range of 2 to 256 ip address ip address 1 8 Specifies a space separated list of up to eight IP addresses as the option content Usage guidelines The DHCP se...

Страница 769: ...tion Syntax reset dhcp server conflict ip ip address vpn instance vpn instance name Views User view Predefined user roles network admin Parameters ip ip address Clears conflict information about the s...

Страница 770: ...ool name is a case insensitive string of 1 to 63 characters If you do not specify an address pool this command clears binding information about expired IP addresses in all address pools Examples Clear...

Страница 771: ...statistics Syntax reset dhcp server statistics vpn instance vpn instance name Views User view Predefined user roles network admin Parameters vpn instance vpn instance name Specifies an MPLS L3VPN inst...

Страница 772: ...ample aabb cccc dd is correct and aabb c dddd and aabb cc dddd are not correct ethernet Specifies the client hardware address type as Ethernet The default type is Ethernet token ring Specifies the cli...

Страница 773: ...ommands display dhcp server pool tftp server ip address tftp server ip address Use tftp server ip address to specify a TFTP server address in a DHCP address pool Use undo tftp server ip address to res...

Страница 774: ...8 Specifies a space separated list of up to eight DHCP user classes by their names a case insensitive string of 1 to 63 characters Usage guidelines For this command to take effect you must enable the...

Страница 775: ...ntax voice config as ip ip address fail over ip address dialer string ncp ip ip address voice vlan vlan id disable enable undo voice config as ip fail over ncp ip voice vlan Default No Option 184 cont...

Страница 776: ...o restore the default Syntax vpn instance vpn instance name undo vpn instance Default The DHCP address pool is not applied to any VPN instance Views DHCP address pool view Predefined user roles networ...

Страница 777: ...HCP relay agent forwards the request to the DHCP server If they are not the same the DHCP relay agent discards the request The MAC address check feature takes effect only when the dhcp select relay co...

Страница 778: ...information record Use dhcp relay client information record to enable recording client information in relay entries Use undo dhcp relay client information record to disable the feature Syntax dhcp rel...

Страница 779: ...the refresh interval The more the entries the shorter the refresh interval The shortest interval is 50 ms interval interval Specifies the refresh interval in the range of 1 to 120 seconds Usage guidel...

Страница 780: ...the IP address If the server returns a DHCP NAK message the relay agent keeps the entry With this feature disabled the DHCP relay agent does not remove relay entries automatically After a DHCP client...

Страница 781: ...undo dhcp relay gateway to restore the default Syntax dhcp relay gateway ip address undo dhcp relay gateway Default The primary IP address of the interface is inserted in DHCP requests as the DHCP rel...

Страница 782: ...ier interface information and VLAN ID The default node identifier is the MAC address of the access node The default interface information consists of the Ethernet type fixed to eth chassis number slot...

Страница 783: ...pe Hex for the chassis number slot number sub slot number interface number and VLAN ID Examples Specify the content mode as verbose node identifier as the device name and the padding format as ASCII f...

Страница 784: ...sname Vlan interface10 dhcp relay information enable Related commands dhcp relay information circuit id dhcp relay information remote id dhcp relay information strategy display dhcp relay information...

Страница 785: ...cp relay information enable Sysname Vlan interface10 dhcp relay information strategy replace Sysname Vlan interface10 dhcp relay information remote id string device001 Related commands dhcp relay info...

Страница 786: ...ormation enable display dhcp relay information dhcp relay master server switch delay Use dhcp relay master server switch delay to enable the switchback to the master DHCP server and set the switchback...

Страница 787: ...r you execute this command the relay agent sends a DHCP RELEASE packet to the DHCP server and removes the relay entry of the IP address Upon receiving the packet the server removes binding information...

Страница 788: ...e user class for different DHCP servers If you execute the command with different user classes for the same ip address the most recent configuration takes effect If you specify an MPLS L3VPN instance...

Страница 789: ...backup as the DHCP server selecting algorithm on VLAN interface 2 Sysname system view Sysname interface vlan interface 2 Sysname Vlan interface2 dhcp relay server address algorithm master backup Relat...

Страница 790: ...the output interface up in the MAC address table to forward the DHCP reply If you execute this command multiple times the most recent configuration takes effect Examples Specify 1 1 1 1 as the source...

Страница 791: ...ned user roles network admin Parameters time Specifies the DHCP server response timeout time in the range of 1 to 65535 seconds Usage guidelines If you execute this command multiple times the most rec...

Страница 792: ...stance vpn instance name Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Displays relay entries on the specified interface If y...

Страница 793: ...type Dynamic The relay agent creates a dynamic relay entry upon receiving an ACK response from the DHCP server Temporary The relay agent creates a temporary relay entry upon receiving a REQUEST packe...

Страница 794: ...defined Circuit ID vlan100 Remote ID device001 Table 11 Command output Field Description Interface Interface name Status Option 82 states Enable DHCP relay agent support for Option 82 is enabled Disa...

Страница 795: ...3 Y abc Table 12 Command output Field Description Interface name Interface name Server IP address DHCP server IP address Public VRF name Location of the DHCP server which is determined by the configu...

Страница 796: ...t statistics on the DHCP relay agent Sysname display dhcp relay statistics DHCP packets dropped 0 DHCP packets received from clients 0 DHCPDISCOVER 0 DHCPREQUEST 0 DHCPINFORM 0 DHCPRELEASE 0 DHCPDECLI...

Страница 797: ...assified into different types by their locations In this case the relay interface typically has no IP address configured You can use the gateway list command to specify gateway addresses for clients m...

Страница 798: ...e this command multiple times the most recent configuration takes effect Examples Configure the DHCP relay agent to switch back to the master DHCP server 3 minutes after it switches to a backup DHCP s...

Страница 799: ...restore the default Syntax remote server algorithm master backup polling undo remote server algorithm Default The polling algorithm is used The DHCP relay agent forwards DHCP requests to all DHCP ser...

Страница 800: ...or all IP addresses vpn instance vpn instance name Specifies the MPLS L3VPN instance to which the specified IP address belongs The vpn instance name argument is a case sensitive string of 1 to 31 char...

Страница 801: ...mal string of 4 to 64 characters as the value in Option 60 Usage guidelines Option 60 acts as a vendor class identifier VCI You can configure a DHCP client to send a request with Option 60 for the DHC...

Страница 802: ...licate address Sysname system view Sysname undo dhcp client dad enable dhcp client dscp Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client Use undo dhcp client dscp to...

Страница 803: ...ent ID mac interface type interface number Uses the MAC address of the specified interface as a DHCP client ID The interface type interface number argument specifies an interface by its type and numbe...

Страница 804: ...T2 226800 seconds DHCP server 40 1 1 2 Display detailed DHCP client information on all interfaces Sysname display dhcp client verbose Vlan interface10 DHCP client information Current state BOUND Alloc...

Страница 805: ...HCP server IP address that assigned the IP address Transaction ID Transaction ID a random number chosen by the client to identify an IP address allocation Default router Gateway address assigned to th...

Страница 806: ...oc command the interface sends a DHCP RELEASE message to release the IP address obtained through DHCP If the interface is down the message cannot be sent out This situation can occur when a subinterfa...

Страница 807: ...ping entries to a remote file If you use the local storage medium the frequent erasing and writing might damage the medium and then cause the DHCP snooping device to malfunction When the file is on a...

Страница 808: ...g entry is learned updated or removed the waiting period starts The DHCP snooping device updates the backup file when the waiting period is reached All changed entries during the period will be saved...

Страница 809: ...ing record Default DHCP snooping does not record client information Views Layer 2 Ethernet interface Layer 2 aggregate interface view VLAN view Predefined user roles network admin Usage guidelines Thi...

Страница 810: ...ing check request message to disable DHCP REQUEST check for DHCP snooping Syntax dhcp snooping check request message undo dhcp snooping check request message Default DHCP REQUEST check for DHCP snoopi...

Страница 811: ...ess acquisition failure configure a port to block DHCP packets only if no DHCP clients are attached to it To enable a port on the snooping device to drop all incoming DHCP requests configure that port...

Страница 812: ...ing disable dhcp snooping enable Use dhcp snooping enable to enable DHCP snooping globally Use undo dhcp snooping enable to disable DHCP snooping globally Syntax dhcp snooping enable undo dhcp snoopin...

Страница 813: ...CP responses This mechanism ensures that DHCP clients obtain IP addresses from authorized DHCP servers After you disable DHCP snooping for a VLAN all interfaces in the VLAN can forward DHCP responses...

Страница 814: ...e node identifier sysname Uses the device name as the node identifier You can set the device name by using the sysname command in system view The padding format for the device name is always ASCII reg...

Страница 815: ...at ascii Related commands dhcp snooping information enable dhcp snooping information strategy display dhcp snooping information dhcp snooping information enable Use dhcp snooping information enable to...

Страница 816: ...padding format is hex Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network admin Parameters vlan vlan id Pads the Remote ID sub option for packets recei...

Страница 817: ...tegy for Option 82 in request messages Use undo dhcp snooping information strategy to restore the default Syntax dhcp snooping information strategy append drop keep replace undo dhcp snooping informat...

Страница 818: ...nooping information enable Sysname GigabitEthernet1 0 1 dhcp snooping information strategy keep Related commands dhcp snooping information circuit id dhcp snooping information remote id dhcp snooping...

Страница 819: ...ving a DHCP request The device forwards the DHCP request without padding the Vendor Specific sub option if the following conditions exist The dhcp snooping information strategy append command is confi...

Страница 820: ...thernet interface Layer 2 aggregate interface view Predefined user roles network admin Parameters max number Specifies the maximum number of DHCP snooping entries for an interface to learn The value r...

Страница 821: ...mum rate to 67 the value 64 or 72 takes effect Examples Set the maximum rate to 64 Kbps at which Layer 2 Ethernet interface GigabitEthernet 1 0 1 can receive DHCP packets Sysname system view Sysname i...

Страница 822: ...nterface number Specifies an interface by its type and number Usage guidelines In a VLAN configure interfaces facing the DHCP server as trusted ports and configure other interfaces as untrusted ports...

Страница 823: ...ping entries Sysname display dhcp snooping binding 2 DHCP snooping entries found IP address MAC address Lease VLAN SVLAN Interface 1 1 1 7 0000 0101 0107 16907533 2 3 GE1 0 1 1 1 1 11 0000 0101 010b 1...

Страница 824: ...hcp snooping enable reset dhcp snooping binding display dhcp snooping binding database Use display dhcp snooping binding database to display information about DHCP snooping entry auto backup Syntax di...

Страница 825: ...device Syntax display dhcp snooping information all interface interface type interface number Views Any view Predefined user roles network admin network operator Parameters all Displays Option 82 con...

Страница 826: ...this field displays the user defined string For the Vendor Specific sub option the node identifier can be MAC Sysname or User Defined string where string in the brackets indicates the user defined no...

Страница 827: ...mation about trusted ports Syntax display dhcp snooping trust Views Any view Predefined user roles network admin network operator Examples Display information about trusted ports Sysname display dhcp...

Страница 828: ...hernet service instance view Trusted This field is not supported in the current software version Trusted AC specified in VXLAN based DHCP snooping configuration Related commands dhcp snooping trust dh...

Страница 829: ...tion about a BOOTP client Syntax display bootp client interface interface type interface number Views Any view Predefined user roles network admin network operator Parameters interface interface type...

Страница 830: ...address of a BOOTP client Related commands ip address bootp alloc ip address bootp alloc Use ip address bootp alloc to configure an interface to use BOOTP for IP address acquisition Use undo ip addres...

Страница 831: ...2 display dns server 3 display ipv6 dns server 4 dns domain 5 dns dscp 5 dns proxy enable 6 dns server 7 dns source interface 7 dns spoofing 8 dns trust interface 9 ip host 10 ipv6 dns dscp 11 ipv6 dn...

Страница 832: ...stance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters If you do not specify a VPN instance this command displays domain name suffixes for the public ne...

Страница 833: ...nce this command displays domain name to IP address mappings for the public network Usage guidelines If you do not specify the ip or ipv6 keyword this command displays domain name to IP address mappin...

Страница 834: ...oles network admin network operator Parameters dynamic Displays IPv4 DNS server information dynamically obtained through DHCP or other protocols If you do not specify this keyword the command displays...

Страница 835: ...do not specify this keyword the command displays the statically configured and dynamically obtained IPv6 DNS server information vpn instance vpn instance name Specifies an MPLS L3VPN instance by its n...

Страница 836: ...haracters and each separated string includes no more than 63 characters vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters To con...

Страница 837: ...affects the transmission priority of the packet A bigger DSCP value represents a higher priority Examples Set the DSCP value to 30 for outgoing DNS packets Sysname system view Sysname dns dscp 30 dns...

Страница 838: ...to the DNS servers in the order their IPv4 addresses are specified The system allows a maximum of six DNS server IPv4 addresses for the public network or each VPN instance You can specify DNS server...

Страница 839: ...S query The method of selecting the IPv6 address is defined in RFC 3484 The system allows only one source interface for the public network or each VPN instance If you execute this command multiple tim...

Страница 840: ...d specify IPv4 address 1 1 1 1 for spoofing DNS requests Sysname system view Sysname dns proxy enable Sysname dns spoofing 1 1 1 1 Related commands dns proxy enable dns trust interface Use dns trust i...

Страница 841: ...ers are letters digits hyphens underscores _ and dots ip address Specifies the IPv4 address of the host vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive str...

Страница 842: ...The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet A bigger DSCP value represents a higher priority Examples Set the DSCP value t...

Страница 843: ...addresses are specified The system allows a maximum of six DNS server IPv6 addresses for the public network or each VPN instance You can specify DNS server IPv6 addresses for both public network and...

Страница 844: ...enable Sysname ipv6 dns spoofing 2001 1 Related commands dns proxy enable ipv6 host Use ipv6 host to create a host name to IPv6 address mapping Use undo ipv6 host to remove a host name to IPv6 addres...

Страница 845: ...reset dns host ip ipv6 vpn instance vpn instance name Views User view Predefined user roles network admin Parameters ip Specifies type A queries A type A query resolves a domain name to the mapped IP...

Страница 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...

Страница 847: ...0 to 32 Usage guidelines If you specify an IP address without a mask or mask length this command displays the longest matching FIB entry If you specify an IP address and a mask or mask length this com...

Страница 848: ...ry count 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Relay F FRR Destination Mask Nexthop Flag OutInterface Token Label 10 2 1 1 32 127 0 0 1 UH InLoop0 Null Table 1 Command outp...

Страница 849: ...age guidelines The command automatically creates the file if you specify a nonexistent file If the file already exists this command overwrites the file content To automatically save the IP forwarding...

Страница 850: ...g commands 1 display ip fast forwarding aging time 1 display ip fast forwarding cache 1 display ip fast forwarding fragcache 2 ip fast forwarding aging time 3 ip fast forwarding load sharing 4 reset i...

Страница 851: ...g cache to display fast forwarding entries Syntax display ip fast forwarding cache ip address slot slot number Views Any view Predefined user roles network admin network operator Parameters ip address...

Страница 852: ...warding cache display ip fast forwarding fragcache Use display ip fast forwarding fragcache to display fast forwarding entries for fragmented packets Syntax display ip fast forwarding fragcache ip add...

Страница 853: ...ding cache ip fast forwarding aging time Use ip fast forwarding aging time to configure the aging time for fast forwarding entries Use undo ip fast forwarding aging time to restore the default Syntax...

Страница 854: ...ed the device identifies a data flow by the packet information and the input interface No load sharing is implemented Examples Enable fast forwarding load sharing Sysname system Views Sysname ip fast...

Страница 855: ...tics 14 display udp verbose 14 ip forward broadcast 17 ip icmp error interval 18 ip icmp source 19 ip mtu 20 ip reassemble local enable 21 ip redirects enable 21 ip ttl expires enable 22 ip unreachabl...

Страница 856: ...MP statistics Sysname display icmp statistics Input bad formats 0 bad checksum 0 echo 175 destination unreachable 0 source quench 0 redirects 0 echo replies 201 parameter problem 0 timestamp 0 informa...

Страница 857: ...ress fails 0 Fragment input 0 output 0 dropped 0 fragmented 0 couldn t fragment 0 Reassembling sum 0 timeouts 0 Table 1 Command output Field Description Input Statistics about received packets sum Tot...

Страница 858: ...RawIP connections Syntax display rawip slot slot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF member device by its member ID...

Страница 859: ...t specify a member device this command displays detailed information about RawIP connections for all member devices Usage guidelines The detailed information includes socket creator state option type...

Страница 860: ...pped packets state Buffer state CANTSENDMORE Unable to send data to the peer CANTRCVMORE Unable to receive data from the peer RCVATMARK Receiving tag N A None of the above states Sending buffer cc hiw...

Страница 861: ...wIP support this flag INP_USEICMPSRC Uses the specified IP address as the source IP address for outgoing ICMP packets INP_SYNCPCB Waits until Internet PCB is synchronized N A None of the above flags I...

Страница 862: ...te Examples Display brief information about TCP connections Sysname display tcp TCP connection with authentication Local Addr port Foreign Addr port State Slot PCB 0 0 0 0 21 0 0 0 0 0 LISTEN 1 0x0000...

Страница 863: ...plicate packets 12 36 bytes partially duplicate packets 0 0 bytes out of order packets 0 0 bytes packets with data after window 0 0 bytes packets after close 0 ACK packets 3531 795048 bytes duplicate...

Страница 864: ...tablished connections 23 closed connections 50051 dropped 0 initiated dropped 0 bad connection attempt 0 ignored RSTs in the window 0 listen queue overflows 0 RTT updates 3518 attempt segment 3537 cor...

Страница 865: ...1 Location slot 6 cpu 0 NSR standby N A Creator bgpd 199 State ISCONNECTED Options N A Error 0 Receiving buffer cc hiwat lowat state 0 65700 1 N A Sending buffer cc hiwat lowat state 0 65700 512 N A T...

Страница 866: ...t lowat state Displays send buffer information in the following order cc Used space hiwat Maximum space lowat Minimum space state Buffer state CANTSENDMORE Unable to send data to the peer CANTRCVMORE...

Страница 867: ...D Receives the VLAN ID of the packet Only UDP and RawIP support this flag INP_RCVMACADDR Receives the MAC address of the frame INP_RECVTOS Receives TOS of the packet Only UDP and RawIP support this fl...

Страница 868: ...f the connection M Main connection S Standby connection Send VRF This field is not supported in the current software version VRF from which packets are sent Receive VRF This field is not supported in...

Страница 869: ...IRF member device by its member ID If you do not specify a member device this command displays UDP traffic statistics for all member devices Usage guidelines UDP traffic statistics include information...

Страница 870: ...on IP address and port number for UDP connections Examples Display detailed UDP connection information Sysname display udp verbose Total UDP socket number 1 Connection info src 0 0 0 0 69 dst 0 0 0 0...

Страница 871: ...TMARK Receiving tag N A None of the above states Sending buffer cc hiwat lowat state Displays send buffer information in the following order cc Used space hiwat Maximum space lowat Minimum space state...

Страница 872: ...l Internet PCB is synchronized N A None of the above flags Inpcb extflag Extension flags in the Internet PCB INP_EXTRCVPVCIDX Records the PVC index of the received packet INP_RCVPWID Records the PW ID...

Страница 873: ...AN The command enables the interface to forward directed broadcast packets that are destined for the directly connected network and are received from another subnet to support Wake on LAN Wake on LAN...

Страница 874: ...mpty ICMP error messages are not sent until a new token is placed in the bucket Examples Set the interval to 200 milliseconds for tokens to arrive in the bucket and the bucket size to 40 tokens for IC...

Страница 875: ...he sending device easily Examples Specify 1 1 1 1 as the source address for outgoing ICMP packets Sysname system view Sysname ip icmp source 1 1 1 1 ip mtu Use ip mtu to set the interface MTU for IPv4...

Страница 876: ...Default IPv4 local fragment reassembly is disabled Views System view Predefined user roles network admin Usage guidelines Use this feature on a multichassis IRF fabric to improve fragment reassembly...

Страница 877: ...P time exceeded messages Use undo ip ttl expires enable to disable sending ICMP time exceeded messages Syntax ip ttl expires enable undo ip ttl expires enable Default Sending ICMP time exceeded messag...

Страница 878: ...ble The device sends the source an ICMP protocol unreachable message when the following conditions are met The received packet is destined for the device The transport layer protocol of the packet is...

Страница 879: ...raffic statistics for all member devices Usage guidelines Use this command to clear history IP traffic statistics before you collect IP traffic statistics for a time period Examples Clear IP traffic s...

Страница 880: ...ytes The value range for this argument is 128 to 1460 Usage guidelines The MSS option informs the receiver of the largest segment that the sender can accept Each end announces its MSS during TCP conne...

Страница 881: ...0 minutes no aging Does not age out the path MTU Usage guidelines After you enable TCP path MTU discovery all new TCP connections detect the path MTU The device uses the path MTU to calculate the MSS...

Страница 882: ...er establishes a large number of TCP semi connections and cannot handle normal services SYN Cookie can protect the server from SYN flood attacks When the server receives a SYN packet it responds to th...

Страница 883: ...ue undo tcp timer syn timeout Default The TCP SYN wait timer is 75 seconds Views System view Predefined user roles network admin Parameters time value Specifies the TCP SYN wait timer in the range of...

Страница 884: ...ons that are established after you execute the command Existing TCP connections are not affected Examples Enable the device to encapsulate the TCP Timestamps option in outgoing TCP packets Sysname sys...

Страница 885: ...i Contents UDP helper commands 1 display udp helper interface 1 reset udp helper statistics 1 udp helper broadcast map 2 udp helper enable 3 udp helper port 3 udp helper server 4...

Страница 886: ...isplay information about broadcast to unicast conversion by UDP helper on VLAN interface 100 Sysname display udp helper interface vlan interface 100 Interface Server VPN instance Server address Packet...

Страница 887: ...he destination broadcast address is converted acl acl number Specifies an ACL by its number The ACL filters incoming broadcast packets for UDP helper Packets permitted by the ACL can be converted If n...

Страница 888: ...ew Predefined user roles network admin Usage guidelines For UDP helper to take effect on an interface make sure the following conditions are met UDP helper is enabled A UDP port number is specified by...

Страница 889: ...eceiving a UDP broadcast or multicast packet UDP helper uses the specified UDP ports to match the UDP destination port number of the packet To specify a UDP port you can specify the port number or the...

Страница 890: ...ent the undo udp helper server command removes all destination servers on the interface A destination server with the global keyword and the same destination server with the vpn instance vpn instance...

Страница 891: ...link local 37 ipv6 address eui 64 38 ipv6 address link local 38 ipv6 address prefix number 40 ipv6 hop limit 41 ipv6 hoplimit expires enable 41 ipv6 icmpv6 error interval 42 ipv6 icmpv6 multicast echo...

Страница 892: ...nimize 67 ipv6 neighbor stale aging 68 ipv6 neighbor timer stale aging 69 ipv6 neighbors max learning num 69 ipv6 pathmtu 70 ipv6 pathmtu age 71 ipv6 prefer temporary address 72 ipv6 prefix 72 ipv6 re...

Страница 893: ...s command displays all IPv6 FIB entries prefix length Specifies a prefix length for the IPv6 address in the range of 0 to 128 If you do not specify the prefix length this command displays the IPv6 FIB...

Страница 894: ...lot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this co...

Страница 895: ...age guidelines If you do not specify an interface this command displays IPv6 information about all interfaces If you specify only the interface type argument this command displays IPv6 information abo...

Страница 896: ...ards 0 OutDiscards 0 Table 2 Command output Field Description Vlan interface2 current state Physical state of the interface Administratively DOWN The interface has been administratively shut down by u...

Страница 897: ...igured global unicast addresses using a prefix are preferred Joined group address es Addresses of the multicast groups that the interface has joined MTU MTU of the interface ND DAD is enabled number o...

Страница 898: ...tNotMembers Received IPv6 multicast packets that are discarded because the interface is not in the multicast group OutMcastPkts IPv6 multicast packets sent by the interface InAddrErrors Received IPv6...

Страница 899: ...ays the link local address If no address is configured this field displays Unassigned display ipv6 interface prefix Use display ipv6 interface prefix to display IPv6 prefix information for an interfac...

Страница 900: ...figuration N The prefix is not advertised in RA messages P The prefix has a preference Lifetime Lifetime in seconds advertised in RA messages If the prefix does not need to be advertised this field di...

Страница 901: ...ing vlan vlan id interface interface type interface number global link local ipv6 address verbose Views Any view Predefined user roles network admin network operator Parameters vlan vlan id Displays N...

Страница 902: ...r more information about the SVLAN and CVLAN see QinQ in Layer 2 LAN Switching Configuration Guide Interface Input interface in the ND snooping entry Status Status of the ND snooping entry TENTATIVE T...

Страница 903: ...ace GigabitEthernet1 0 2 Old SVLAN CVLAN 100 2 New SVLAN CVLAN 100 2 Old MAC 00e0 ca63 8141 New MAC 00e0 ca63 8142 IPv6 address 10 2 System time 2018 02 02 10 20 30 Conflict count 1 Log suppress count...

Страница 904: ...Syntax display ipv6 nd user move record slot slot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF member device by its member I...

Страница 905: ...ipv6 nd user move record enable display ipv6 neighbors Use display ipv6 neighbors to display IPv6 neighbor information Syntax display ipv6 neighbors ipv6 address all dynamic static slot slot number i...

Страница 906: ...9 0204 1 GE1 0 2 STALE D 136 Display detailed information about all neighbors Sysname display ipv6 neighbors all verbose IPv6 Address 1 2 MAC address 6864 6839 0202 Type Dynamic State STALE Aging 136...

Страница 907: ...e time of the neighbor For a static neighbor entry this field displays hyphens representing the neighbor entry never expires For a dynamic neighbor entry this field displays the elapsed time in second...

Страница 908: ...splays the total number of neighbor entries in the specified VLAN The value range for VLAN ID is 1 to 4094 Examples Display the total number of neighbor entries created dynamically Sysname display ipv...

Страница 909: ...AN Interface Interface connected to the neighbor State State of the neighbor INCMP The address is being resolved The link layer address of the neighbor is unknown REACH The neighbor is reachable STALE...

Страница 910: ...ays all Path MTU information for the public network dynamic Displays all dynamic Path MTU information static Displays all static Path MTU information count Displays the total number of Path MTU entrie...

Страница 911: ...efix command A dynamic IPv6 prefix is obtained from the DHCPv6 server and its prefix ID is configured by using the ipv6 dhcp client pd command For detailed information see Layer 3 IP Services Configur...

Страница 912: ...n network operator Parameters slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays brief information about IPv6 RawIP connection...

Страница 913: ...range for the pcb index argument is 1 to 16 Examples Display detailed information about an IPv6 RawIP connection Sysname display ipv6 rawip verbose Total RawIP socket number 1 Connection info src dst...

Страница 914: ...the out of band data in the input queue SO_REUSEPORT Allows the local port reuse SO_TIMESTAMP Records the timestamps of the incoming packets accurate to milliseconds This option is applicable to proto...

Страница 915: ...e VLAN ID of the packet Only UDP and RawIP support this flag IN6P_IPV6_V6ONLY Only supports IPv6 protocol stack IN6P_PKTINFO Receives the source IPv6 address and input interface of the packet IN6P_HOP...

Страница 916: ...t Hop limit in the Internet PCB Send VRF VRF from which packets are sent Receive VRF VRF from which packets are received display ipv6 statistics Use display ipv6 statistics to display IPv6 and ICMPv6...

Страница 917: ...cts 0 Router renumbering 0 Send failed Rate limitation 0 Other errors 0 Received packets Total 0 Checksum errors 0 Too short 0 Bad codes 0 Unreachable 0 Too big 0 Hop limit exceeded 0 Reassembly timeo...

Страница 918: ...0000000009 Table 15 Command output Field Description Indicates that the TCP connection uses authentication LAddr port Local IPv6 address and port number FAddr port Peer IPv6 address and port number St...

Страница 919: ...n TCP inpcb number Number of IPv6 TCP Internet PCBs Connection info Connection information including source IPv6 address source port number destination IPv6 address and destination port number Locatio...

Страница 920: ...uffer cc hiwat lowat state Displays receive buffer information in the following order cc Used space hiwat Maximum space lowat Minimum space state Buffer state CANTSENDMORE Unable to send data to the p...

Страница 921: ...ong a given data path TCP does not support this flag INP_RCVMACADDR Receives the MAC address of the frame INP_SYNCPCB Waits until Internet PCB is synchronized N A None of the above flags Inpcb extflag...

Страница 922: ...he Nagle algorithm that buffers the sent data inside the TCP TF_NOOPT No TCP options TF_NOPUSH Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers TF_BIN...

Страница 923: ...port Peer IPv6 address and port number PCB PCB index display ipv6 udp verbose Use display ipv6 udp verbose to display detailed information about IPv6 UDP connections Syntax display ipv6 udp verbose sl...

Страница 924: ...CONNECTING The connection is being interrupted ASYNC Asynchronous mode ISDISCONNECTED The connection has been terminated PROTOREF Indicates strong protocol reference N A None of above state Options So...

Страница 925: ...ormation in the following order cc Used space hiwat Maximum space lowat Minimum space state Buffer state CANTSENDMORE Unable to send data to the peer CANTRCVMORE Unable to receive data from the peer R...

Страница 926: ...A None of the above flags Inpcb extflag Extension flags in the Internet PCB INP_EXTRCVPVCIDX Records the PVC index of the received packet INP_RCVPWID Records the PW ID of the received packet N A None...

Страница 927: ...global unicast address of VLAN interface 100 to 2001 1 with prefix length 64 Method 1 Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface100 ipv6 address 2001 1 64 Method 2...

Страница 928: ...the interface can automatically generate a global unicast address Use undo ipv6 address auto to disable this feature Syntax ipv6 address auto undo ipv6 address auto Default The stateless address auto...

Страница 929: ...mmand deletes only the link local addresses generated through the ipv6 address auto link local command If the undo command is executed on an interface with an IPv6 global unicast address configured th...

Страница 930: ...formats ipv6 address prefix length For example 2001 1 64 ipv6 address prefix length For example 2001 1 64 Usage guidelines An EUI 64 IPv6 address is generated based on the specified prefix and the au...

Страница 931: ...automatically generated If you use manual assignment and then use automatic generation both of the following occur The automatically generated link local address does not take effect The manually assi...

Страница 932: ...host bit An interface can generate only one IPv6 global unicast address based on the prefix specified by using the ipv6 address command To configure the interface to generate a new IPv6 address execu...

Страница 933: ...vertises the hop limit in RA messages All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent To disable the device from advertising the hop limit...

Страница 934: ...rval Default The bucket allows a maximum of 10 tokens and a token is placed in the bucket every 100 milliseconds Views System view Predefined user roles network admin Parameters interval Specifies the...

Страница 935: ...gured to reply to multicast echo requests an attacker can use this mechanism to attack the host For example the attacker can send an echo request to a multicast address with Host A as the source All h...

Страница 936: ...e system view Sysname ipv6 icmpv6 source 1 1 ipv6 mtu Use ipv6 mtu to set the interface MTU for IPv6 packets Use undo ipv6 mtu to restore the default Syntax ipv6 mtu size undo ipv6 mtu Default The int...

Страница 937: ...ful autoconfiguration for example from an DHCPv6 server to obtain IPv6 addresses If the M flag is set to 0 in RA advertisements receiving hosts use stateless autoconfiguration Stateless autoconfigurat...

Страница 938: ...to set the number of attempts to send an NS message for DAD Use undo ipv6 nd dad attempts to restore the default Syntax ipv6 nd dad attempts times undo ipv6 nd dad attempts Default The number of attem...

Страница 939: ...rval value in the range of 1000 to 4294967295 milliseconds Usage guidelines If a device does not receive a response from the peer within the specified interval the device resends an NS message The dev...

Страница 940: ...ace and uses the value to fill the Reachable Time field in RA messages to be sent Examples Set the neighbor reachable time on VLAN interface 100 to 10000 milliseconds Sysname system view Sysname inter...

Страница 941: ...fies the URL address of the boot file a case sensitive string of 1 to 127 characters The URL address must be started with http https ftp or tftp Usage guidelines In some specific networks a device fol...

Страница 942: ...maller sequence number represents a higher priority Usage guidelines The DNS search list DNSSL option in RA messages provides DNS suffix information for hosts The RA messages allow hosts to obtain the...

Страница 943: ...terface view Predefined user roles network admin Usage guidelines This command suppresses advertising DNS suffixes in RA messages RA messages are suppressed by default To disable RA message suppressio...

Страница 944: ...v6 address of the DNS server which must be a global unicast address or a link local address seconds Specifies the lifetime of the DNS server in seconds The value range is 4 to 4294967295 Value 4294967...

Страница 945: ...for RA messages on VLAN interface 100 Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface100 ipv6 nd ra dns server 2001 10 100 infinite sequence 1 Related commands ipv6 nd...

Страница 946: ...the interface has no DNS server information specified or no AAA authorized DNS server address assigned no RA messages are triggered Each time the device sends an RA message from an interface it immedi...

Страница 947: ...les Specify unlimited hops in the RA messages on VLAN interface 100 Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 ipv6 nd ra hop limit unspecified Related commands i...

Страница 948: ...s ipv6 nd ra router lifetime ipv6 nd ra no advlinkmtu Use ipv6 nd ra no advlinkmtu to turn off the MTU option in RA messages Use undo ipv6 nd ra no advlinkmtu to restore the default Syntax ipv6 nd ra...

Страница 949: ...ecifies a prefix not to be used for stateless autoconfiguration If you do not specify this keyword the prefix is used for stateless autoconfiguration off link Indicates that the address with the prefi...

Страница 950: ...seconds The default value is 2592000 seconds 30 days preferred lifetime Specifies the preferred lifetime of a prefix used for stateless autoconfiguration in the range of 0 to 4294967295 seconds The p...

Страница 951: ...to 0 the router does not act as the default router Usage guidelines The router lifetime in RA messages specifies how long the router sending the RA messages acts as the default router Hosts receiving...

Страница 952: ...ples Set the router preference in RA messages to the highest on VLAN interface 100 Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface100 ipv6 nd router preference high ipv...

Страница 953: ...system view Sysname ipv6 nd snooping dad retrans timer 200 ipv6 nd snooping enable global Use ipv6 nd snooping enable global to enable ND snooping for global unicast addresses Use undo ipv6 nd snoopin...

Страница 954: ...oping is disabled for data packets from unknown sources Views VLAN view Predefined user roles network admin Usage guidelines This command enables the device to learn ND snooping entries from data pack...

Страница 955: ...LID status TENTATIVE TESTING_TPLT or TESTING_VP The value range is 250 to 1000 milliseconds valid valid lifetime Sets a timeout timer for ND snooping entries in VALID status The value range is 60 to 9...

Страница 956: ...k port The ND snooping uplink port cannot learn ND snooping entries Use undo ipv6 nd snooping uplink to restore the default Syntax ipv6 nd snooping uplink undo ipv6 nd snooping uplink Default The port...

Страница 957: ...d Monitoring Configuration Guide Each IRF member device can generate a maximum of 10 user IPv6 address conflict logs per second When this maximum number is reached the member device suppresses generat...

Страница 958: ...ion records When the number of saved user port migration records reaches the upper limit new records overwrite old ones Examples Enable recording user port migrations Sysname system view Sysname ipv6...

Страница 959: ...of the previous configuration methods to configure a static neighbor entry for a VLAN interface If Method 1 is used the neighbor entry is in INCMP state After the device obtains the corresponding Laye...

Страница 960: ...undo ipv6 neighbor stale aging Default The aging timer for ND entries in stale state is 240 minutes Views System view Predefined user roles network admin Parameters aging time Specifies the aging tim...

Страница 961: ...updated before the timer expires it changes to the delay state If it is still not updated in 5 seconds the ND entry changes to the probe state The device sends an NS message for probe and a maximum of...

Страница 962: ...stops learning neighbor information Examples Allow VLAN interface 100 to learn a maximum of 10 dynamic neighbor entries Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface...

Страница 963: ...athmtu age to set the aging time for a dynamic Path MTU Use undo ipv6 pathmtu age to restore the default Syntax ipv6 pathmtu age age time undo ipv6 pathmtu age Default The aging time for dynamic Path...

Страница 964: ...user roles network admin Usage guidelines The temporary address feature enables the system to generate and preferentially use the temporary IPv6 address of the sending interface as the source address...

Страница 965: ...Sysname system view Sysname ipv6 prefix 1 2001 0410 32 Related commands display ipv6 prefix ipv6 reassemble local enable Use ipv6 reassemble local enable to enable IPv6 local fragment reassembly Use u...

Страница 966: ...ages enables hosts that hold few routes to establish routing tables and find the best route Because this feature adds host routes into the routing tables host performance degrades when there are too m...

Страница 967: ...in the RA message and a fixed interface ID generated based on the interface s MAC address Temporary IPv6 address Includes an address prefix in the RA message and a random interface ID generated throu...

Страница 968: ...incorrectly disable sending ICMPv6 destination unreachable messages to prevent attack risks Examples Enable sending ICMPv6 destination unreachable messages Sysname system view Sysname ipv6 unreachabl...

Страница 969: ...nooping vlan Use reset ipv6 nd snooping vlan to clear ND snooping entries in VLANs Syntax reset ipv6 nd snooping vlan vlan id global link local vlan id ipv6 address Views User view Predefined user rol...

Страница 970: ...pe and number slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command clears dynamic neighbor information for all member devices static Clea...

Страница 971: ...tu reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics Syntax reset ipv6 statistics slot slot number Views User view Predefined user roles network admin Paramete...

Страница 972: ...icy 26 ipv6 dhcp class 26 ipv6 dhcp option group 27 ipv6 dhcp policy 28 ipv6 dhcp pool 28 ipv6 dhcp prefix pool 29 ipv6 dhcp server 30 ipv6 dhcp server apply pool 31 ipv6 dhcp server database filename...

Страница 973: ...ename 72 ipv6 dhcp snooping binding database update interval 73 ipv6 dhcp snooping binding database update now 74 ipv6 dhcp snooping binding record 74 ipv6 dhcp snooping check request message 75 ipv6...

Страница 974: ...er the DHCPv6 process is running on the device Examples Display the DUID of the local device Sysname display ipv6 dhcp duid The DUID of this device 0003000100e0fc005552 ipv6 dhcp advertise pd route Us...

Страница 975: ...ipv6 dhcp dscp to set the DSCP value for the DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent Use undo ipv6 dhcp dscp to restore the default Syntax ipv6 dhcp dscp dscp value undo ipv...

Страница 976: ...tion might occur when a large number of clients frequently come online or go offline Examples Enable DHCPv6 server logging Sysname system view Sysname ipv6 dhcp log enable ipv6 dhcp select Use ipv6 dh...

Страница 977: ...dhcp server DHCPv6 server commands address range Use address range to specify a non temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation Use undo address range to restore the d...

Страница 978: ...100 10 through 3ffe 501 ffff 100 31 in address pool 1 Sysname system view Sysname ipv6 dhcp pool 1 Sysname dhcp6 pool 1 network 3ffe 501 ffff 100 64 Sysname dhcp6 pool 1 address range 3ffe 501 ffff 1...

Страница 979: ...HCPv6 policy view Predefined user roles network admin Parameters class name Specifies a DHCPv6 user class by its name a case insensitive string of 1 to 63 characters pool name Specifies a DHCPv6 addre...

Страница 980: ...ecified or the default address pool does not have assignable IPv6 addresses or prefixes the assignment fails You can specify only one default address pool in a DHCPv6 policy If you execute this comman...

Страница 981: ...d or deleted Examples Display information about all DHCPv6 option groups Sysname display ipv6 dhcp option group DHCPv6 option group 1 DNS server addresses Type Static Interface N A 1 1 DNS server addr...

Страница 982: ...prefix acquisition Dynamic DHCPv6 address and prefix allocation Parameters in a dynamic DHCPv6 option group created during IPv6 address and prefix acquisition Interface Interface name DNS server addr...

Страница 983: ...1 FFFF 100 64 Preferred lifetime 604800 seconds valid lifetime 2592000 seconds Prefix pool 1 Preferred lifetime 24000 seconds valid lifetime 36000 seconds Addresses Range from 3FFE 501 FFFF 100 1 to 3...

Страница 984: ...refix pool referenced by the address pool Preferred lifetime Preferred lifetime in seconds valid lifetime Valid lifetime in seconds Addresses Non temporary IPv6 address range Range IPv6 address range...

Страница 985: ...f information about all prefix pools Sysname display ipv6 dhcp prefix pool Prefix pool Prefix Available In use Static 1 5 64 64 0 0 Display brief information about all prefix pools Sysname display ipv...

Страница 986: ...es display ipv6 dhcp server Use display ipv6 dhcp server to display DHCPv6 server configuration information Syntax display ipv6 dhcp server interface interface type interface number Views Any view Pre...

Страница 987: ...s prefix assignment is enabled Rapid commit Indicates whether rapid address prefix assignment is enabled display ipv6 dhcp server conflict Use display ipv6 dhcp server conflict to display information...

Страница 988: ...play ipv6 dhcp server database to display information about DHCPv6 binding auto backup Syntax display ipv6 dhcp server database Views Any view Predefined user roles network admin network operator Exam...

Страница 989: ...Pv6 address this command displays lease expiration information for all IPv6 addresses vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 cha...

Страница 990: ...tion for all IPv6 addresses vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters If you do not specify a VPN instance this command...

Страница 991: ...sent by the DHCPv6 server in a DHCPv6 OFFER packet to the client Static C Committed static binding whose IPv6 address has been assigned to the client Auto O Offered dynamic binding whose IPv6 address...

Страница 992: ...a DHCPv6 address pool this command displays IPv6 prefix binding information for all DHCPv6 address pools prefix prefix prefix len Displays binding information for the specified IPv6 prefix The value r...

Страница 993: ...dynamic binding whose IPv6 prefix has been dynamically selected by the DHCPv6 server and sent in a DHCPv6 OFFER packet to the DHCPv6 client Auto C Committed dynamic binding whose IPv6 prefix has been...

Страница 994: ...you do not specify an address pool this command displays DHCPv6 packet statistics for all address pools vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive st...

Страница 995: ...s pool are displayed this field is not displayed Packets dropped Number of packets discarded If statistics about an address pool are displayed this field is not displayed Packets sent Number of messag...

Страница 996: ...domain name in a DHCPv6 address pool Use undo domain name to restore the default Syntax domain name domain name undo domain name Default No domain name is specified Views DHCPv6 address pool view DHCP...

Страница 997: ...rule if the specified option in the packet contains the ASCII string or hexadecimal number specified in the rule For example if you specify abc in the rule option content xabc xyzabca xabcyz and abcx...

Страница 998: ...with the ASCII string Examples Configure match rule 1 for the DHCPv6 user class exam to match DHCPv6 requests that contain Option 16 Sysname system view Sysname ipv6 dhcp class exam Sysname dhcp6 clas...

Страница 999: ...e DHCPv6 policy to an interface If you execute this command multiple times the most recent configuration takes effect Examples Apply the DHCPv6 policy test to VLAN interface 2 Sysname system view Sysn...

Страница 1000: ...se undo ipv6 dhcp option group to delete the specified static DHCPv6 option group Syntax ipv6 dhcp option group option group number undo ipv6 dhcp option group option group number Default No static DH...

Страница 1001: ...age guidelines In DHCP policy view you can specify address pools for different user classes Clients matching a user class will obtain IPv6 addresses and other parameters from the specified address poo...

Страница 1002: ...Create a DHCPv6 address pool named pool1 and enter its view Sysname system view Sysname ipv6 dhcp pool pool1 Sysname dhcp6 pool pool1 Related commands class pool display ipv6 dhcp pool ipv6 dhcp serv...

Страница 1003: ...e restrictions and guidelines This command does not take effect if the prefix does not exist This command takes effect after the prefix is created Do not specify the same prefix for different prefix p...

Страница 1004: ...low hint keyword is not specified the server ignores the desired address or prefix and selects an address or prefix from a global address pool If you use the ipv6 dhcp server and ipv6 dhcp server appl...

Страница 1005: ...rver assigns a free address or prefix If allow hint is not specified the server ignores the desired address or prefix and assigns a free address or prefix Only one address pool can be applied to an in...

Страница 1006: ...v6 server to malfunction When the backup file is on a remote device follow these restrictions and guidelines to specify the URL If the file is on an FTP server enter URL in the format of ftp server ad...

Страница 1007: ...ct only after you configure the DHCPv6 binding auto backup by using the ipv6 dhcp server database filename command Examples Set the waiting time to 600 seconds for the DHCPv6 server to update the back...

Страница 1008: ...he timer expires the DHCPv6 server stops waiting and starts providing address allocation services You can execute this command to terminate the download immediately Manual termination allows the DHCPv...

Страница 1009: ...ork do not specify this option Usage guidelines The IPv6 addresses of some devices such as the gateway and FTP server cannot be assigned to clients Use this command to exclude such addresses from dyna...

Страница 1010: ...end prefix prefix len are all excluded vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters If the excluded IPv6 prefixes belong to...

Страница 1011: ...conds and the default is 2592000 seconds 30 days The valid lifetime must be longer than or equal to the preferred lifetime Usage guidelines You can specify only one subnet for a DHCPv6 address pool If...

Страница 1012: ...ption Use option to configure a self defined DHCPv6 option in a DHCPv6 address pool Use undo option to remove a self defined DHCPv6 option from a DHCPv6 address pool Syntax option code hex hex string...

Страница 1013: ...kes effect Examples Configure Option 23 that specifies a DNS server address 2001 f3e0 1 in DHCPv6 address pool 1 Sysname system view Sysname ipv6 dhcp pool 1 Sysname dhcp6 pool 1 option 23 hex 2001f3e...

Страница 1014: ...ifetime valid lifetime Sets the valid lifetime in the range of 60 to 4294967295 seconds The default value is 2592000 seconds 30 days The valid lifetime must be longer than or equal to the preferred li...

Страница 1015: ...pecify a VPN instance this command clears conflict information about IPv6 addresses for the public network Usage guidelines Address conflicts occur when dynamically assigned IP addresses have been sta...

Страница 1016: ...ax reset ipv6 dhcp server ip in use address ipv6 address vpn instance vpn instance name pool pool name Views User view Predefined user roles network admin Parameters address ipv6 address Clears bindin...

Страница 1017: ...128 If you do not specify an IPv6 prefix this command clears binding information for all assigned IPv6 prefixes vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sens...

Страница 1018: ...erver address ipv6 address domain name domain name undo sip server address ipv6 address domain name domain name Default No SIP server address or domain name is specified Views DHCPv6 address pool view...

Страница 1019: ...efix len Specifies the prefix and prefix length The value range for the prefix length is 1 to 128 duid duid Specifies a client DUID The value is an even hexadecimal number in the range of 2 to 256 iai...

Страница 1020: ...rred lifetime preferred lifetime valid lifetime valid lifetime undo temporary address range Default No temporary IPv6 address range is configured in a DHCPv6 address pool Views DHCPv6 address pool vie...

Страница 1021: ...network admin Parameters vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters If you do not specify a VPN instance the DHCPv6 address pool belon...

Страница 1022: ...o not specify an interface this command displays DHCPv6 server addresses on all interfaces enabled with DHCPv6 relay agent Examples Display DHCPv6 server addresses on all interfaces enabled with DHCPv...

Страница 1023: ...ecified the VPN instance name is displayed after the slash for example 1 Related commands ipv6 dhcp relay server address ipv6 dhcp select display ipv6 dhcp relay statistics Use display ipv6 dhcp relay...

Страница 1024: ...0 Relay reply 8 Packets sent 16 Advertise 0 Reconfigure 0 Reply 8 Relay forward 8 Relay reply 0 Table 12 Command output Field Description Packets dropped Number of discarded packets Packets received...

Страница 1025: ...view Predefined user roles network admin Parameters ipv6 address 1 8 Specifies a space separated list of up to eight addresses Usage guidelines DHCPv6 clients of the same access type can be classified...

Страница 1026: ...hus cannot forward the packets destined for the client To resolve this problem enable the DHCPv6 relay agent to advertise host routes for assigned IPv6 addresses in DHCP replies The advertised route i...

Страница 1027: ...passes to support Option 79 This feature allows the DHCPv6 relay agent to learn the MAC address in the client request When the relay agent generates a Relay Forward packet for the request it fills the...

Страница 1028: ...hcp relay interface id to restore the default Syntax ipv6 dhcp relay interface id bas interface undo ipv6 dhcp relay interface id Default The DHCPv6 relay agent fills the Interface ID option with the...

Страница 1029: ...is on the public network If you do not specify this keyword whether the DHCPv6 server is on the public network or in the VPN depends on the DHCPv6 client location vpn instance vpn instance name Specif...

Страница 1030: ...ource IPv6 address for relayed DHCPv6 requests Views Interface view Predefined user roles network admin Parameters ipv6 address Specifies a source IPv6 address interface interface type interface numbe...

Страница 1031: ...to forward packets to the DHCPv6 server If you do not specify an outgoing interface the DHCPv6 relay agent performs a routing table lookup Usage guidelines You can specify a maximum of eight DHCPv6 s...

Страница 1032: ...ce number Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Specifies an interface by its type and number If you do not specify a...

Страница 1033: ...s DHCPv6 State Current state of the DHCPv6 client IDLE The client is in idle state SOLICIT The client is locating a DHCPv6 server REQUEST The client is requesting an IPv6 address or prefix OPEN The cl...

Страница 1034: ...e DNS server Domain name Domain name suffix SIP server addresses IPv6 address of the SIP server SIP server domain names Domain name of the SIP server Options Self defined options Code Code of the self...

Страница 1035: ...ackets Reconfigure Number of received reconfigure packets Invalid Number of invalid packets Packets sent Number of sent packets Solicit Number of sent solicit packets Request Number of sent request pa...

Страница 1036: ...t Examples Configure VLAN interface 10 to use DHCPv6 for IPv6 address acquisition Configure the DHCPv6 client to support rapid address assignment and create dynamic DHCPv6 option group 1 for the confi...

Страница 1037: ...twork admin Parameters ascii ascii string Specifies a case sensitive ASCII string of 1 to 130 characters as the DHCPv6 client DUID hex hex string Specifies a hexadecimal number of 2 to 260 characters...

Страница 1038: ...group number Enables the DHCPv6 client to create a dynamic DHCPv6 option group for saving the configuration parameters and assigns an ID to the option group The value range for the ID is 1 to 100 If...

Страница 1039: ...groups Usage guidelines The ipv6 dhcp client stateful command takes effect if it is configured with the ipv6 address dhcp alloc and ipv6 dhcp client pd commands on an interface You must execute the un...

Страница 1040: ...hcp client statistics interface interface type interface number Views User view Predefined user roles network admin Parameters interface interface type interface number Specifies an interface by its t...

Страница 1041: ...Field Description IPv6 Address IPv6 address assigned to the DHCPv6 client MAC Address MAC address of the DHCPv6 client Lease Remaining lease duration in seconds VLAN When both DHCPv6 snooping and QinQ...

Страница 1042: ...al Waiting time in seconds after a DHCPv6 snooping entry change for the DHCPv6 snooping device to update the backup file Latest write time Time of the latest update Status Status of the update Writing...

Страница 1043: ...refix length argument is 1 to 128 vlan vlan id Specifies the ID of the VLAN where the IPv6 prefix resides The value range for the vlan id argument is 1 to 4094 Usage guidelines This command takes effe...

Страница 1044: ...d reset ipv6 dhcp snooping pd binding display ipv6 dhcp snooping trust Use display ipv6 dhcp snooping trust to display information about trusted ports Syntax display ipv6 dhcp snooping trust Views Any...

Страница 1045: ...ce view Trusted This field is not supported in the current software version Trusted AC specified in VXLAN based DHCPv6 snooping configuration Related commands ipv6 dhcp snooping trust ipv6 dhcp snoopi...

Страница 1046: ...hcp You can also specify the DNS domain name for the server address field for example ftp company database dhcp Examples Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the...

Страница 1047: ...ame ipv6 dhcp snooping binding database update now Use ipv6 dhcp snooping binding database update now to manually save DHCPv6 snooping entries to the backup file Syntax ipv6 dhcp snooping binding data...

Страница 1048: ...dhcp snooping binding record ipv6 dhcp snooping check request message Use ipv6 dhcp snooping check request message to enable the DHCPv6 REQUEST check feature Use undo ipv6 dhcp snooping check request...

Страница 1049: ...dhcp snooping deny Default A port does not block DHCPv6 requests Views Layer 2 Ethernet interface view Layer 2 aggregate interface view Predefined user roles network admin Usage guidelines CAUTION To...

Страница 1050: ...command on the target interface Examples Disable DHCPv6 snooping on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 ipv6 dhcp snooping di...

Страница 1051: ...a range of VLANs in the form of vlan id1 to vlan id2 The value range for the VLAN IDs is 1 to 4094 If you specify a VLAN range the value for the vlan id2 argument must be greater than the value for th...

Страница 1052: ...r see Network Management and Monitoring Configuration Guide As a best practice disable this feature if the log generation affects the device performance Examples Enable DHCPv6 snooping logging Sysname...

Страница 1053: ...t for Option 18 Views Layer 2 Ethernet interface Layer 2 aggregate interface view Predefined user roles network admin Parameters vlan vlan id Pads the interface ID for packets received from the specif...

Страница 1054: ...p snooping enable ipv6 dhcp snooping option remote id string ipv6 dhcp snooping option remote id string Use ipv6 dhcp snooping option remote id string to specify the content as the remote ID for Optio...

Страница 1055: ...ecording of DHCPv6 snooping prefix entries is disabled Views Layer 2 Ethernet interface Layer 2 aggregate interface view VLAN view Predefined user roles network admin Usage guidelines This command ena...

Страница 1056: ...rs of the aggregate interface If a member interface leaves the aggregation group it uses the rate configured in its Ethernet interface view The chip supported maximum rate is an integer multiple of ei...

Страница 1057: ...ing trust interface interface type interface number Default After you enable DHCPv6 snooping for a VLAN all ports in the VLAN are DHCP snooping untrusted ports Views VLAN view Predefined user roles ne...

Страница 1058: ...Examples Clear all DHCPv6 snooping address entries Sysname reset ipv6 dhcp snooping binding all Related commands display ipv6 dhcp snooping binding reset ipv6 dhcp snooping packet statistics Use reset...

Страница 1059: ...ntries for 1 2 64 Sysname reset ipv6 dhcp snooping pd binding prefix 1 2 64 Related commands display ipv6 dhcp snooping pd binding DHCPv6 guard commands The DHCPv6 guard feature operates correctly onl...

Страница 1060: ...servers are attached to the target interface or VLAN set the device role to DHCPv6 client for devices attached to the target interface or VLAN The trust port command has a higher priority than the de...

Страница 1061: ...olicy DHCPv6 guard policy name Device role Device role Client DHCPv6 client role Server DHCPv6 server role Trusted port Whether the trusted port is configured for the guard policy Server preference mi...

Страница 1062: ...me Specifies a basic or advanced ACL by its name a case insensitive string of 1 to 63 characters The ACL name must start with an English letter and to avoid confusion it cannot be all Usage guidelines...

Страница 1063: ...ue range for this argument is as follows 2000 to 2999 for a basic ACL 3000 to 3999 for an advanced ACL name acl name Specifies a basic or advanced ACL by its name a case insensitive string of 1 to 63...

Страница 1064: ...olicy policy name undo ipv6 dhcp guard apply policy Default No DHCPv6 guard policy is applied to an interface or VLAN Views Interface view VLAN view Predefined user roles network admin Parameters poli...

Страница 1065: ...Specifies a DHCPv6 guard policy name a case insensitive string of 1 to 63 characters Usage guidelines To provide finer level of filtering granularity you can specify the following parameters for a DH...

Страница 1066: ...The device uses the specified range to match the DHCPv6 server preference in the received DHCPv6 Advertise message If the DHCPv6 server preference is in the allowed range the device continues to use o...

Страница 1067: ...d all interfaces in the VLAN to which the DHCPv6 guard policy is applied are trusted ports The device forwards received DHCP replies on the trusted ports without check The trust port command has a hig...

Страница 1068: ...v6 fast forwarding commands 1 display ipv6 fast forwarding aging time 1 display ipv6 fast forwarding cache 1 ipv6 fast forwarding aging time 2 ipv6 fast forwarding load sharing 3 reset ipv6 fast forwa...

Страница 1069: ...g time of IPv6 fast forwarding entries in seconds Related commands ipv6 fast forwarding aging time display ipv6 fast forwarding cache Use display ipv6 fast forwarding cache to display IPv6 fast forwar...

Страница 1070: ...tination IPv6 address Dst Port Destination port number Protocol Protocol number VPN instance VPN instance If the entry does not belong to any VPN instance this field displays N A Input interface Input...

Страница 1071: ...rding load sharing Use undo ipv6 fast forwarding load sharing to disable IPv6 fast forwarding load sharing Syntax ipv6 fast forwarding load sharing undo ipv6 fast forwarding load sharing Default IPv6...

Страница 1072: ...User view Predefined user roles network admin Parameters slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command clears the IPv6 fast forwa...

Страница 1073: ...i Contents HTTP redirect commands 1 http redirect https port 1 http redirect ssl server policy 1...

Страница 1074: ...a TCP port number used by a well known protocol or used by any other service To display TCP port numbers that have been used by services use the display tcp command If you execute this command multipl...

Страница 1075: ...te a nonexistent SSL server policy with the HTTPS redirect service and then configure the SSL server policy If you change the SSL server policy associated with the HTTPS redirect service the new polic...

Страница 1076: ...i Contents NAT commands 1 display nat session 1 display nat static 3 nat static enable 4 nat static outbound 4 reset nat session 5...

Страница 1077: ...t slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays NAT sessions for all member devices verbose Displays detailed information...

Страница 1078: ...tunnel interface If the session does not belong to any DS Lite tunnel this field displays a hyphen VPN instance VLAN ID VLL ID The fields identify the following information VPN instance MPLS L3VPN ins...

Страница 1079: ...4 4 4 4 Global IP 5 5 5 5 Config status Active Interfaces enabled with static NAT Totally 1 interfaces enabled with static NAT Interface Vlan interface100 Service card Config status Active Table 2 Com...

Страница 1080: ...s After you enable static NAT on an interface if packet IP addresses match a NAT rule the device generates NAT sessions and performs forwarding in software The packets are sent to the CPU at a maximum...

Страница 1081: ...local ip When you specify an ACL follow these restrictions and guidelines If the ACL does not exist or does not contain a rule the ACL cannot match any packet If you specify the vpn instance keyword...

Страница 1082: ...member device by its member ID If you do not specify a member device this command clears NAT sessions for all member devices Examples Clear NAT sessions for the specified slot Sysname reset nat sessi...

Страница 1083: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series Layer 3 IP Routing Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 1084: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 1085: ...enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which you sel...

Страница 1086: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 1087: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 1088: ...lay ipv6 routing table acl 28 display ipv6 routing table ipv6 address 32 display ipv6 routing table prefix list 34 display ipv6 routing table protocol 36 display ipv6 routing table statistics 37 displ...

Страница 1089: ...work admin Examples Create the RIB IPv4 address family and enter its view Sysname system view Sysname rib Sysname rib address family ipv4 Sysname rib ipv4 address family ipv6 Use address family ipv6 t...

Страница 1090: ...nformation including information about both active and inactive routes If you do not specify this keyword the command displays only brief information about active routes Usage guidelines If you do not...

Страница 1091: ...255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 VPN instance vpn1 Destinations 10 Routes 10 Destination Mask Proto Pre Cost NextHop Interface 0 0 0 0 32 Direct 0 0 127 0 0 1 InLoop0 1 1 2 0 24 Static 60 0...

Страница 1092: ...blic network or VPN instance that the routing table belongs to For the public network this field displays public instance For a VPN instance this field displays the VPN instance name Destinations Numb...

Страница 1093: ...LastAs 0 AttrID 0xffffffff Neighbor 0 0 0 0 Flags 0x1008c OrigNextHop 192 168 47 4 Label NULL RealNextHop 192 168 47 4 BkLabel NULL BkNextHop N A SRLabel NULL BkSRLabel NULL Tunnel ID Invalid Interfa...

Страница 1094: ...el NULL RealNextHop 192 168 47 4 BkLabel NULL BkNextHop N A SRLabel NULL BkSRLabel NULL Tunnel ID Invalid Interface Vlan interface11 BkTunnel ID Invalid BkInterface N A FtnIndex 0x0 TrafficIndex N A C...

Страница 1095: ...the route RealNextHop Real next hop of the route BkLabel Backup label BkNexthop Backup next hop SRLabel Segment routing SR label BkSRLabel Backup segment routing SR label Tunnel ID This field is not...

Страница 1096: ...ot specify this keyword the command displays only brief information about active routes permitted by the basic ACL Usage guidelines If the specified ACL does not exist or has no rules configured the c...

Страница 1097: ...111 Label NULL RealNextHop 192 168 1 111 BkLabel NULL BkNextHop N A SRLabel NULL BkSRLabel NULL Tunnel ID Invalid Interface Vlan interface11 BkTunnel ID Invalid BkInterface N A FtnIndex 0x0 TrafficIn...

Страница 1098: ...SubProtID 0x0 Age 04h20m37s Cost 0 Preference 0 IpPre N A QosLocalID N A Tag 0 State Active NoAdv OrigTblID 0x0 OrigVrf default vrf TableID 0x2 OrigAs 0 NibID 0x10000003 LastAs 0 AttrID 0xffffffff Ne...

Страница 1099: ...brief information about active routes Usage guidelines Executing the command with different parameters yields different outputs display ip routing table ip address The system ANDs the entered destinat...

Страница 1100: ...60 0 0 0 0 0 NULL0 Display brief information about the routes to the destination IP address 11 0 0 1 and mask length 20 Sysname display ip routing table 11 0 0 1 20 Summary count 2 Destination Mask P...

Страница 1101: ...Specifies an IP prefix list by its name a case sensitive string of 1 to 63 characters verbose Displays detailed information about all routes permitted by the IP prefix list If you do not specify this...

Страница 1102: ...ip routing table protocol to display information about routes installed by a protocol Syntax display ip routing table vpn instance vpn instance name protocol protocol inactive verbose Views Any view P...

Страница 1103: ...Direct 0 0 127 0 0 1 InLoop0 Direct Routing table status Inactive Summary count 0 Display brief information about static routes Sysname display ip routing table protocol static Summary count 1 Static...

Страница 1104: ...to Routes Active Added Deleted DIRECT 12 12 30 18 STATIC 3 3 5 2 RIP 0 0 0 0 OSPF 0 0 0 0 Total 15 15 35 20 Display IPv4 route statistics for the public network and all VPN instances Sysname display i...

Страница 1105: ...ary Use display ip routing table summary to display brief routing table information Syntax display ip routing table vpn instance vpn instance name summary Views Any view Predefined user roles network...

Страница 1106: ...shold value percentage of max active routes This field is displayed when the alarm threshold is specified by using the routing table limit number warn threshold command in the range of 1 to 100 in per...

Страница 1107: ...to ffffffff verbose Displays detailed next hop information in the IPv6 RIB If you do not specify this keyword the command displays brief next hop information in the IPv6 RIB protocol protocol Specifi...

Страница 1108: ...serKey0 0x0 VrfNthp 0 UserKey1 0x0 Nexthop 1 IFIndex 0x112 LocalAddr 1 TopoNthp Invalid ExtType 0x0 RefCnt 4 FlushRefCnt 1 Flag 0x84 Version 1 1 nexthop s PrefixIndex 0 OrigNexthop 1 RelyDepth 0 RealN...

Страница 1109: ...yword the command displays brief next hop information for IPv6 direct routes Examples Display brief next hop information for IPv6 direct routes Sysname display ipv6 route direct nib Total number of ne...

Страница 1110: ...dex 0x112 LocalAddr 1 TopoNthp Invalid ExtType 0x0 RefCnt 1 FlushRefCnt 0 Flag 0x2 Version 1 1 nexthop s PrefixIndex 0 OrigNexthop 1 RelyDepth 0 RealNexthop 1 Interface InLoop0 LocalAddr 1 TunnelCnt 0...

Страница 1111: ...y brief information about active routes in the IPv6 routing table Sysname display ipv6 routing table Destinations 2 Routes 2 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0...

Страница 1112: ...ic network or VPN instance that the IPv6 routing table belongs to For the public network this field displays public instance For a VPN instance this field displays the VPN instance name Destinations N...

Страница 1113: ...0 Preference 0 IpPre N A QosLocalID N A Tag 0 State Active Adv OrigTblID 0x0 OrigVrf default vrf TableID 0xa OrigAs 0 NibID 0x20000003 LastAs 0 AttrID 0xffffffff Neighbor Flags 0x10080 OrigNextHop La...

Страница 1114: ...AttrID 0xffffffff Neighbor Flags 0x10004 OrigNextHop 1 Label NULL RealNextHop 1 BkLabel NULL BkNextHop N A SRLabel NULL BkSRLabel NULL Tunnel ID Invalid Interface Vlan interface11 BkTunnel ID Invalid...

Страница 1115: ...op Next hop address of the route RealNextHop Real next hop of the route BkLabel Backup label BkNexthop Backup next hop SRLabel SR label BkSRLabel Backup SR label Tunnel ID This field is not supported...

Страница 1116: ...to 2999 verbose Displays detailed information about all routes permitted by the basic IPv6 ACL If you do not specify this keyword the command displays only brief information about active routes permit...

Страница 1117: ...routing table acl 2000 verbose Summary count 6 Destination 1 128 Protocol Direct Process ID 0 SubProtID 0x0 Age 19h29m12s Cost 0 Preference 0 IpPre N A QosLocalID N A Tag 0 State Active NoAdv OrigTblI...

Страница 1118: ...lt vrf TableID 0xa OrigAs 0 NibID 0x20000000 LastAs 0 AttrID 0xffffffff Neighbor Flags 0x10004 OrigNextHop 1 Label NULL RealNextHop 1 BkLabel NULL BkNextHop N A SRLabel NULL BkSRLabel NULL Tunnel ID I...

Страница 1119: ...RLabel NULL BkSRLabel NULL Tunnel ID Invalid Interface InLoopBack0 BkTunnel ID Invalid BkInterface N A FtnIndex 0x0 TrafficIndex N A Connector N A PathID 0x0 Destination FF00 8 Protocol Direct Process...

Страница 1120: ...Specifies a destination IPv6 address range verbose Displays detailed routing table information including information about both active and inactive routes If you do not specify this keyword the comman...

Страница 1121: ...destinations in the range of ipv6 address1 128 to ipv6 address2 128 Examples Display brief information about the routes to the destination IPv6 address 10 1 127 Sysname display ipv6 routing table 10 1...

Страница 1122: ...ID 0xa OrigAs 0 NibID 0x23000002 LastAs 0 AttrID 0xffffffff Neighbor Flags 0x10041 OrigNextHop FE80 A1F 3FFF FE45 206 Label NULL RealNextHop FE80 A1F 3FFF FE45 206 BkLabel NULL BkNextHop N A SRLabel N...

Страница 1123: ...8 Sysname system view Sysname ipv6 prefix list test permit 1 128 Display brief information about the active IPv6 route permitted by the IPv6 prefix list Sysname display ipv6 routing table prefix list...

Страница 1124: ...on for the public network protocol Specifies a routing protocol inactive Displays information about inactive routes If you do not specify this keyword the command displays information about both activ...

Страница 1125: ...routing table statistics Use display ipv6 routing table statistics to display IPv6 route statistics including numbers of total routes routes installed and deleted by the protocol and active routes Sy...

Страница 1126: ...Routes Active Added Deleted DIRECT 3 3 3 0 STATIC 3 3 5 2 RIPng 0 0 0 0 OSPFv3 0 0 0 0 Total 6 6 8 2 Display IPv6 route statistics for VPN instance vpn1 Sysname display ipv6 routing table vpn instance...

Страница 1127: ...name summary Views Any view Predefined user roles network admin network operator Parameters vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to...

Страница 1128: ...No Table 8 Command output Field Description RIB GR state RIB GR status Start GR starts IGP end All IGP protocols complete GR VPN triggering end Optimal route selection triggered by VPN routes complete...

Страница 1129: ...letes flushing routes to the FIB No Protocol number Lifetime Lifetime in seconds of routes labels in the RIB during GR FD Handle between the protocol and the RIB State Protocol GR state Init Initializ...

Страница 1130: ...Type 0x1 Flushed Yes UserKey0 0x0 VrfNthp 0 UserKey1 0x0 Nexthop 127 0 0 1 IFIndex 0x112 LocalAddr 127 0 0 1 TopoNthp 0 ExtType 0x0 NibID 0x10000002 Sequence 2 Type 0x5 Flushed Yes UserKey0 0x0 VrfNth...

Страница 1131: ...Seq Sequence number of the sub next hop NthpCnt Number of sub next hops Samed Number of the same sub next hops NthpType Type of the sub next hop The value can be IP which represents IP forwarding Disp...

Страница 1132: ...unnelID 1025 Topology base Weight 0 Table 10 Command output Field Description NibID ID of the next hop Sequence Sequence number of the next hop Type Type of the next hop Flushed Indicates whether the...

Страница 1133: ...the current software version Number of tunnels after route recursion TunnelID This field is not supported in the current software version ID of the tunnel after route recursion Topology This field is...

Страница 1134: ...thp 0 UserKey1 0x0 Nexthop 0 0 0 0 IFIndex 0x111 LocalAddr 0 0 0 0 TopoNthp 0 ExtType 0x0 NibID 0x10000001 Sequence 1 Type 0x1 Flushed Yes UserKey0 0x0 VrfNthp 0 UserKey1 0x0 Nexthop 127 0 0 1 IFIndex...

Страница 1135: ...Flushed Yes UserKey0 0x0 VrfNthp 0 UserKey1 0x0 Nexthop 0 0 0 0 IFIndex 0x111 LocalAddr 0 0 0 0 TopoNthp Invalid ExtType 0x0 RefCnt 2 FlushRefCnt 0 Flag 0x2 Version 1 1 nexthop s PrefixIndex 0 OrigNe...

Страница 1136: ...t Reference count of the next hop FlushRefCnt Reference count of the next hop that is flushed to the FIB Flag Flag of the next hop Version Version of the next hop x nexthop s Number of next hops Prefi...

Страница 1137: ...switchover Usage guidelines When a protocol or RIB process switchover occurs and GR or NSR is not configured FIB entries age out after the time specified in this command Examples Set the maximum life...

Страница 1138: ...the public network Sysname system view Sysname rib Sysname rib address family ipv4 Sysname rib ipv4 inter protocol fast reroute ip route fast switchover enable Use ip route fast switchover enable to...

Страница 1139: ...k failure occurs on an interface the device typically performs the following operations before switching the traffic to a valid route 1 Deletes all ND entries for the link 2 Instructs the FIB to delet...

Страница 1140: ...mmand Examples Enable MTP Sysname system view Sysname maintenance probe enable non stop routing Use non stop routing to enable RIB NSR Use undo non stop routing to disable RIB NSR Syntax non stop rout...

Страница 1141: ...is command Examples Set the maximum lifetime for RIP routes and labels in the RIB to 60 seconds Sysname system view Sysname rib Sysname rib address family ipv4 Sysname rib ipv4 protocol rip lifetime 6...

Страница 1142: ...sive lookup route policy policy1 reset ip routing table statistics protocol Use reset ip routing table statistics protocol to clear IPv4 route statistics Syntax reset ip routing table statistics proto...

Страница 1143: ...ces all vpn instance Clears route statistics for all VPN instances protocol Clears route statistics for an IPv6 routing protocol all Clears route statistics for all IPv6 routing protocols Usage guidel...

Страница 1144: ...he device to still accept active routes but generate a log message when the number of active IPv4 IPv6 routes exceeds the maximum number Usage guidelines Configuration in RIB IPv4 address family view...

Страница 1145: ...play route static nib 1 display route static routing table 4 ip route static 6 ip route static arp request 9 ip route static default preference 10 ip route static fast reroute auto 11 ip route static...

Страница 1146: ...re executing the command make sure you fully understand the potential impact on the network When you use this command the system will prompt you to confirm the operation before deleting all the static...

Страница 1147: ...ype 0x21 Flushed Yes UserKey0 0x111 VrfNthp 0 UserKey1 0x0 Nexthop 0 0 0 0 IFIndex 0x111 LocalAddr 0 0 0 0 TopoNthp 0 ExtType 0x0 NibID 0x11000001 Sequence 1 Type 0x41 Flushed Yes UserKey0 0x0 VrfNthp...

Страница 1148: ...sion 1 1 nexthop s PrefixIndex 0 OrigNexthop 0 0 0 0 RelyDepth 0 RealNexthop 0 0 0 0 Interface NULL0 LocalAddr 0 0 0 0 TunnelCnt 0 Vrf default vrf TunnelID N A Topology base Weight 1000000 NibID 0x110...

Страница 1149: ...oute recursion Topology This field is not supported in the current software version Topology name The topology name for the public network is base Weight ECMP routes are not supported in the current s...

Страница 1150: ...able Total number of routes 24 Status valid Destination 0 0 0 0 0 NibID 0x1100000a NextHop 2 2 2 10 MainNibID N A BkNextHop N A BkNibID N A Interface Vlan interface11 TableID 0x2 BkInterface Vlan inte...

Страница 1151: ...d Ctrl Control packet mode Echo Echo packet mode TrackIndex NQA Track index vrfIndexDst Index of VPN instance that the destination belongs to For the public network this field displays 0 vrfIndexNH In...

Страница 1152: ...c vpn instance d vpn instance name next hop address preference preference Default No static route is configured Views System view Predefined user roles network admin Parameters vpn instance s vpn inst...

Страница 1153: ...ies a preference for the static route in the range of 1 to 255 The default is 60 tag tag value Sets a tag value for marking the static route in the range of 1 to 4294967295 The default is 0 Tags of ro...

Страница 1154: ...p all prefixes in the static route group will be assigned the next hop and output interface specified by using this command Examples Configure a static route whose destination address is 1 1 1 1 24 ne...

Страница 1155: ...s The static route has no output interface specified The static route fails the next hop recursion Examples Enable sending of ARP requests to the next hops of static routes and set the sending interva...

Страница 1156: ...Static route FRR is disabled from automatically selecting a backup next hop Views System view Predefined user roles network admin Examples Configure static route FRR to automatically select a backup n...

Страница 1157: ...p route static group to delete a static route group Syntax ip route static group group name undo ip route static group group name Default No static route groups exist Views System view Predefined user...

Страница 1158: ...s Execute this command repeatedly to add multiple static route prefixes to a static route group After you add static route prefixes to a static route group you can specify that group in the ip route s...

Страница 1159: ...oute 18 network 19 non stop routing 20 output delay 20 peer 21 preference 21 reset rip process 22 reset rip statistics 23 rip 23 rip authentication mode 24 rip bfd enable 25 rip bfd enable destination...

Страница 1160: ...all messages are trustworthy disable this feature to reduce the workload of the CPU Examples Disable zero field check on RIPv1 messages for RIP process 1 Sysname system view Sysname rip Sysname rip 1...

Страница 1161: ...ault No default route is sent to RIP neighbors Views RIP view Predefined user roles network admin Parameters only Advertises only a default route originate Advertises both a default route and other ro...

Страница 1162: ...formation for all RIP processes Sysname display rip Public VPN instance name RIP process 1 RIP version 1 Preference 100 Routing policy abc Fast reroute Routing policy frr Checkzero Enabled Default cos...

Страница 1163: ...imeout time in seconds Suppress time RIP suppress interval in seconds Garbage collect time RIP garbage collect interval in seconds Update output delay RIP packet sending interval in seconds Output cou...

Страница 1164: ...play rip 100 database 1 0 0 0 8 auto summary 1 1 1 0 24 cost 16 interface summary 1 1 1 0 24 cost 0 nexthop 1 1 1 1 RIP interface 1 1 2 0 24 cost 0 imported 2 0 0 0 8 auto summary 2 0 0 0 8 cost 1 nex...

Страница 1165: ...graceful restart RIP process 1 Graceful Restart capability Enabled Current GR state Normal Graceful Restart period 60 seconds Graceful Restart remaining time 0 seconds Table 3 Command output Field Des...

Страница 1166: ...P Address Mask IP address and mask of the interface Version RIP version running on the interface MetricIn Additional metric added to incoming routes MetricIn route policy Name of the routing policy us...

Страница 1167: ...cess id Specifies a RIP process by its ID in the range of 1 to 65535 interface type interface number Specifies an interface by its type and number If you do not specify this argument the command displ...

Страница 1168: ...process 1 Sysname display rip 1 non stop routing RIP process 1 Nonstop Routing capability Enabled Current NSR state Finish Table 6 Command output Field Description Nonstop Routing capability Indicates...

Страница 1169: ...s 1 Sysname display rip 1 route Route Flags R RIP T TRIP P Permanent A Aging S Suppressed G Garbage collect D Direct O Optimal F Flush to RIB Peer 1 1 1 1 on Vlan interface10 Destination Mask Nexthop...

Страница 1170: ...ining time of the timer corresponding to the route state Display routing statistics for RIP process 1 Sysname display rip 1 route statistics Peer Optimal Aging Optimal Permanent Garbage 1 1 1 1 1 1 0...

Страница 1171: ...n the command designates a backup next hop for the routes that match the routing policy Usage guidelines RIP FRR is available only when the state of primary link with Layer 3 interfaces staying up cha...

Страница 1172: ...he default process ID is 1 interface type interface number Specifies an interface by its type and number Usage guidelines You can configure only one filtering policy to filter routes redistributed fro...

Страница 1173: ...ex 10 permit 11 0 0 0 8 Sysname rip 1 Sysname rip 1 filter policy prefix list abc export Configure advanced ACL 3000 to permit only route 113 0 0 0 16 to pass Use ACL 3000 to filter redistributed rout...

Страница 1174: ...l match the ACL If a rule in the ACL has the vpn instance keyword configured the rule applies to only the RIP routes in the specified VPN instance If the rule does not have the vpn instance keyword co...

Страница 1175: ...port Related commands acl ACL and QoS Command Reference ip prefix list graceful restart Use graceful restart to enable RIP GR Use undo graceful restart to disable RIP GR Syntax graceful restart undo g...

Страница 1176: ...enable host route reception Use undo host route to disable host route reception Syntax host route undo host route Default RIP receives host routes Views RIP view Predefined user roles network admin U...

Страница 1177: ...If you do not specify the allow direct keyword the networks of the local interfaces are not redistributed If you specify both the allow direct keyword and the route policy route policy name option ma...

Страница 1178: ...address where an interface resides wildcard mask Specifies an IP address wildcard mask A wildcard mask can be thought of as a subnet mask with 1s and 0s inverted For example a wildcard mask of 255 25...

Страница 1179: ...enable RIP NSR for each process if multiple RIP processes exist The non stop routing command and the graceful restart command are mutually exclusive Examples Enable NSR for RIP process 1 Sysname syste...

Страница 1180: ...s Default RIP does not unicast updates to any neighbor Views RIP view Predefined user roles network admin Parameters ip address Specifies the IP address of a RIP neighbor in dotted decimal notation Us...

Страница 1181: ...ute policy to set a preference for matching RIP routes The preference set by the routing policy applies to all matching RIP routes The preference of other routes is set by the preference command If no...

Страница 1182: ...enter RIP view Use undo rip to disable RIP Syntax rip process id vpn instance vpn instance name undo rip process id Default RIP is disabled Views System view Predefined user roles network admin Parame...

Страница 1183: ...lain Specifies a password in plaintext form For security purposes the password specified in plaintext form will be stored in encrypted form string Specifies the password Its plaintext form is a case s...

Страница 1184: ...y Using the undo peer command does not delete the neighbor relationship immediately and cannot bring down the BFD session immediately The rip bfd enable command and the rip bfd enable destination comm...

Страница 1185: ...gure a RIP interface to advertise a default route with a specified metric Use undo rip default route to disable a RIP interface from sending a default route Syntax rip default route only originate cos...

Страница 1186: ...le Use rip enable to enable RIP on an interface Use undo rip enable to disable RIP on an interface Syntax rip process id enable exclude subip undo rip enable Default RIP is disabled on an interface Vi...

Страница 1187: ...p max packet length to restore the default Syntax rip max packet length value undo rip max packet length Default The maximum length of RIP packets is 512 bytes Views Interface view Predefined user rol...

Страница 1188: ...dditional metric for the routes that match the routing policy value Adds an additional metric to inbound routes in the range of 0 to 16 Usage guidelines When a valid RIP route is received the system a...

Страница 1189: ...an additional metric for the routes that match the routing policy value Adds an additional metric to outbound routes in the range of 1 to 16 Usage guidelines With the command configured on an interfac...

Страница 1190: ...ith the smallest process ID Views System view Predefined user roles network admin Parameters process id Specifies a RIP process by its ID in the range of 1 to 65535 Usage guidelines If the specified p...

Страница 1191: ...y Default An interface uses the RIP packet sending rate set for the RIP process that the interface runs Views Interface view Predefined user roles network admin Parameters Time Specifies the RIP packe...

Страница 1192: ...o disable BFD single hop echo detection for RIP FRR Syntax rip primary path detect bfd echo undo rip primary path detect bfd Default BFD single hop echo detection for RIP FRR is disabled Views Interfa...

Страница 1193: ...s effect Examples Enable the split horizon feature on VLAN interface 10 Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 rip split horizon rip summary address Use rip s...

Страница 1194: ...dcasts and unicasts and RIPv2 broadcasts multicasts and unicasts Views Interface view Predefined user roles network admin Parameters 1 Specifies the RIP version as RIPv1 2 Specifies the RIP version as...

Страница 1195: ...e interface number all Default All RIP interfaces can send RIP messages Views RIP view Predefined user roles network admin Parameters interface type interface number Disables a specified interface fro...

Страница 1196: ...mer triggered to set the interval for sending triggered updates Use undo timer triggered to restore the default Syntax timer triggered maximum interval minimum interval incremental interval undo timer...

Страница 1197: ...timer is 120 seconds the suppress timer is 120 seconds the timeout timer is 180 seconds and the update timer is 30 seconds Views RIP view Predefined user roles network admin Parameters garbage collect...

Страница 1198: ...15 15 and 30 seconds Sysname system view Sysname rip 100 Sysname rip 100 timers update 5 timeout 15 suppress 15 garbage collect 30 validate source address Use validate source address to enable source...

Страница 1199: ...it over the global RIP version If no RIP version is specified for the interface and the global version is RIPv1 the interface uses RIPv1 and can perform the following operations Send RIPv1 broadcasts...

Страница 1200: ...p 41 display ospf non stop routing status 42 display ospf peer 42 display ospf peer statistics 46 display ospf request queue 47 display ospf retrans queue 48 display ospf routing 49 display ospf spf t...

Страница 1201: ...98 ospf timer retransmit 98 ospf trans delay 99 ospf troubleshooting max number 99 ospf ttl security 100 peer OSPF view 101 pic OSPF view 102 preference OSPF view 103 prefix priority OSPF view 104 pr...

Страница 1202: ...oute or not By default the command advertises the summary route cost cost value Specifies the cost of the summary route in the range of 1 to 16777215 The default cost is the largest cost value among r...

Страница 1203: ...x asbr summary ip address mask length mask cost cost value not advertise nssa only tag tag undo asbr summary ip address mask length mask Default Route summarization is not configured on an ASBR Views...

Страница 1204: ...R is not a translator it cannot summarize routes in Type 5 LSAs translated from Type 7 LSAs To enable ASBR to advertise specific routes that have been summarized use the undo asbr summary command Exam...

Страница 1205: ...ue key ID and key string As a best practice to minimize the risk of key compromise use only one key for an area and delete the old key after key replacement To replace the key used for MD5 or HMAC MD5...

Страница 1206: ...535 is used If the calculated cost is less than 1 the value of 1 is used Examples Set the reference bandwidth value to 1000 Mbps Sysname system view Sysname ospf 100 Sysname ospf 100 bandwidth referen...

Страница 1207: ...specify an ACL follow these guidelines If a rule in the specified ACL is applied to a VPN instance the rule does not take effect If a rule in the specified ACL is not applied to any VPN instance the...

Страница 1208: ...pf 1 Sysname ospf 1 database filter peer 121 20 20 121 summary acl 3000 Related commands ospf database filter default OSPF view Use default to configure default parameters for redistributed routes Use...

Страница 1209: ...ABR of a stub area or the ABR or ASBR of an NSSA area Examples Configure Area 1 as a stub area and set the cost of the default route advertised to the stub area to 20 Sysname system view Sysname ospf...

Страница 1210: ...a routing policy by its name a case sensitive string of 1 to 63 characters When the routing policy is matched and one of the following conditions is met the command redistributes a default route in a...

Страница 1211: ...command is used to identify an OSPF process or area Examples Describe OSPF process 100 as abc Sysname system view Sysname ospf 100 Sysname ospf 100 description abc Describe OSPF Area 0 as bone area S...

Страница 1212: ...ence 100 and 200 respectively Sysname system view Sysname ospf 100 Sysname ospf 100 discard route external 100 internal 200 display ospf Use display ospf to display OSPF process information Syntax dis...

Страница 1213: ...Count 300 This process is currently bound to MIB Area count 1 NSSA area count 1 Normal areas with up interfaces 0 NSSA areas with up interfaces 1 Up interfaces 1 ExChange Loading neighbors 0 Full neig...

Страница 1214: ...ain ID primary ID Opaque capable Opaque LSA advertisement and reception capability is enabled Originating router LSAs with maximum metric The maximum cost value for router LSAs excluding stub links is...

Страница 1215: ...f incremental AS external prefixes is triggered N A Route calculation is not triggered Current calculation type Current route calculation type SPF calculation Intra router calculation Intra area route...

Страница 1216: ...Route calculation module R Route redistribution module Reset process message replied Modules that reply reset process messages P Neighbor maintenance module L LSDB synchronization module C Route calc...

Страница 1217: ...area NSSA NSSANoSummary totally NSSA area 7 5 translator state State of the translator that translates Type 7 LSAs to Type 5 LSAs Enabled The translator is specified through commands Elected The trans...

Страница 1218: ...s id abr asbr verbose Views Any view Predefined user roles network admin network operator Parameters process id Specifies an OSPF process by its ID in the range of 1 to 65535 If you do not specify thi...

Страница 1219: ...of an ABR or ASBR Area ID of the area of the next hop Cost Cost from the router to the ABR or ASBR Nexthop Next hop address BkNexthop Backup next hop address RtType Router type ABR or ASBR Interface...

Страница 1220: ...ief information about summary routes on the ABR Sysname display ospf abr summary OSPF Process 1 with Router ID 2 2 2 2 ABR Summary Addresses Topology base MTID 0 Area 0 0 0 1 Total summary address cou...

Страница 1221: ...o display ASBR summary route information Syntax display ospf process id asbr summary ip address mask length mask Views Any view Predefined user roles network admin network operator Parameters process...

Страница 1222: ...gy is base MTID Topology ID The value of 0 indicates the base topology Total summary address count Total number of summary routes Net Address of the summary route Mask Mask of the summary route addres...

Страница 1223: ...ting table Neighbor logs include information about the following events The OSPF neighbor state goes down The OSPF neighbor state goes backward because the local end receives BadLSReq SeqNumberMismatc...

Страница 1224: ...28 19 0 0 0 0 Intra area LSA 2012 06 27 15 28 19 0 0 0 0 external LSA 2012 06 27 15 28 19 0 3 0 0 0 Intra area LSA 2012 06 27 15 28 12 0 1 0 0 Intra area LSA 2012 06 27 15 28 11 0 0 0 0 Routing policy...

Страница 1225: ...hip Remote Address Peer address of the neighbor relationship Router ID Neighbor router ID Reason Reasons for neighbor state changes ResetConnect The connection is lost due to insufficient memory IntCh...

Страница 1226: ...or The secondary router receives an unexpected serial number from the primary router RecvOpqIntf A DD packet that contains a type 9 LSA is received when the opaque LSA reception and advertisement capa...

Страница 1227: ...nt hello packets Sysname display ospf event log hello sent OSPF Process 1 with Router ID 5 5 5 5 Hello Log Interface Vlan10 Neighbor address 10 1 1 2 NbrID 1 0 0 2 First 4 hello packets sent 2019 09 0...

Страница 1228: ...tion address 224 0 0 5 sent failed errno 132 Date 2019 09 06 Time 11 20 20 116 Interface Vlan11 Destination address 10 1 1 2 sent failed errno 132 Table 10 Command output Field Description Date Date f...

Страница 1229: ...lo packet Display log information about received hello packets Sysname display ospf event log hello received OSPF Process 1 with Router ID 5 5 5 5 Hello Log Interface Vlan10 Neighbor address 10 1 1 2...

Страница 1230: ...area 0 0 0 1 Drop reason Hello time mismatch Date 2019 09 06 Time 14 51 20 121 Interface Vlan10 Source address 10 1 1 2 NbrID 1 0 0 2 area 0 0 0 1 Drop reason NP bit mismatch Table 13 Command output F...

Страница 1231: ...face Vlan10 Source address 10 1 1 2 NbrID 1 0 0 2 area 0 0 0 1 Last one received 2019 09 06 14 51 05 113 Table 14 Command output Field Description Date Tme Date for receiving the abnormal hello packet...

Страница 1232: ...xamples Display OSPF FRR backup next hop information Sysname display ospf 1 area 0 fast reroute lfa candidate OSPF Process 1 with Router ID 2 2 2 2 LFA Candidate List Topology base MTID 0 Area 0 0 0 0...

Страница 1233: ...aceful Restart support Planned and unplanned Partial Helper capability Enable IETF Helper support Planned and unplanned IETF Strict LSA check Current GR state Normal Graceful Restart period 40 seconds...

Страница 1234: ...cess supports Enable IETF Supports IETF GR helper capability Enable Nonstandard Supports non IETF GR helper capability Enable IETF and nonstandard Supports both IETF GR helper capability and non IETF...

Страница 1235: ...on Reason that the helper exited most recently Virtual link Neighbor ID Router ID of the virtual link s neighbor Neighbor State Neighbor state Down Init 2 Way ExStart Exchange Loading and Full Interfa...

Страница 1236: ...MA State Interface state Down No protocol traffic can be sent or received on the interface Loopback The interface is in loopback state and it cannot forward traffic Waiting The interface starts sendin...

Страница 1237: ...lculation is enabled on an interface Primary path detection mode Primary link detection mode BFD ctrl BFD control packet mode BFD echo BFD echo packet mode Enabled by interface configuration including...

Страница 1238: ...ot specify this argument the command displays hello packet information for all OSPF processes interface type interface number Specifies an interface by its type and number If you do not specify this a...

Страница 1239: ...y link state id originate router advertising router id self originate Views Any view Predefined user roles network admin network operator Parameters process id Specifies an OSPF process by its ID in t...

Страница 1240: ...1 321 32 80000003 0 Sum Net 192 168 1 0 192 168 0 1 321 28 80000002 1 Sum Net 192 168 2 0 192 168 0 2 474 28 80000002 1 Area 0 0 0 1 Type LinkState ID AdvRouter Age Len Sequence Metric Router 192 168...

Страница 1241: ...en 32 Options NP Seq 80000003 Checksum 0x2a77 Net mask 255 255 255 0 Attached router 192 168 1 1 Attached router 192 168 1 2 Table 21 Command output Field Description Type LSA type LS ID DR IP address...

Страница 1242: ...in the range of 1 to 65535 If you do not specify this argument the command displays next hop information for all OSPF processes Examples Display OSPF next hop information Sysname display ospf nexthop...

Страница 1243: ...tatus OSPF Process 1 with Router ID 192 168 33 12 Non Stop Routing information Non Stop Routing capability Enabled Upgrade phase Normal Table 23 Command output Field Description Non Stop Routing capab...

Страница 1244: ...interface by its type and number If you do not specify this argument the command displays neighbor information for all interfaces neighbor id Specifies a neighbor router ID If you do not specify this...

Страница 1245: ...o keep the neighbor relationship 2 Way Communication between the two routers is bidirectional The local router appears in the neighbor s Hello packet Exstart The goal of this state is to decide which...

Страница 1246: ...ID Address Pri Dead Time State Interface 1 1 1 2 1 1 1 2 1 40 Full DR Vlan10 Table 25 Command output Field Description Area Neighbor area Router ID Neighbor router ID Address Neighbor interface addres...

Страница 1247: ...from neighbors Last 4 hello packets received Time for receiving the last four hello packets from neighbors First 4 hello packets sent Time and result succeeded or failed for sending the first four hel...

Страница 1248: ...of neighboring routers in Init state in the same area 2 Way Number of neighboring routers in 2 Way state in the same area ExStart Number of neighboring routers in ExStart state in the same area Exchan...

Страница 1249: ...rface 10 1 1 1 Area 0 0 0 0 Request list Type LinkState ID AdvRouter Sequence Age Router 2 2 2 2 1 1 1 1 80000004 1 Network 192 168 0 1 1 1 1 1 80000003 1 Sum Net 192 168 1 0 1 1 1 1 80000002 2 Table...

Страница 1250: ...Router ID 192 168 1 59 Link State Retransmission List The Router s Neighbor is Router ID 2 2 2 2 Address 10 1 1 2 Interface 10 1 1 1 Area 0 0 0 0 Retransmit list Type LinkState ID AdvRouter Sequence A...

Страница 1251: ...specify this option the command displays all OSPF routing information verbose Displays detailed OSPF routing information If you do not specify this keyword the command displays brief OSPF routing info...

Страница 1252: ...e Stub AdvRouter 192 168 1 2 Area 0 0 0 0 SubProtoID 0x1 Preference 10 NextHop 192 168 1 2 BkNextHop N A IfType Broadcast BkIfType N A Interface Vlan100 BkInterface N A NibID 0x1300000c Status Normal...

Страница 1253: ...terface Backup output interface NibID Next hop ID Status Route status Local The route is on the local end and is not sent to the route management module Invalid The next hop is invalid Stale The next...

Страница 1254: ...tination H Nexthop changed N Link is a new path V Link is involved G Link is in change list Topology base MTID 0 Area 0 0 0 0 Shortest Path Tree SpfNode Type Flag SpfLink Type Cost Flag 192 168 119 13...

Страница 1255: ...erbose OSPF Process 1 with Router ID 100 0 0 4 Flags S Node is on SPF tree R Node is directly reachable I Node or Link is init D Node or Link is to be deleted P Neighbor is parent A Node is in candida...

Страница 1256: ...he root node VlinkData Destination address of virtual link packets ParentLinkCnt Number of parent links NodeFlag Node flag I The node is in initialization state A The node is on the candidate list S T...

Страница 1257: ...process id Specifies an OSPF process by its ID in the range of 1 to 65535 If you do not specify this argument the command displays OSPF statistics for all OSPF processes error Displays error statistic...

Страница 1258: ...lo Hell packet DB Description Database Description packet Link State Req Link State Request packet Link State Update Link State Update packet Link State Ack Link State Acknowledge packet LSAs originat...

Страница 1259: ...t option mismatch 0 HELLO Mbit option mismatch 0 DD MTU option mismatch 0 DD Unknown LSA type 0 DD Ebit option mismatch 0 ACK Bad ack 0 ACK Unknown LSA type 0 REQ Empty request 0 REQ Bad request 0 UPD...

Страница 1260: ...option field ACK Bad ack Bad LSAck packets for LSU packets ACK Unknown LSA type LSAck packets with unknown LSA type REQ Empty request LSR packets with no request information REQ Bad request Bad LSR p...

Страница 1261: ...s 0 Table 37 Command output Field Description Total sent Total number of hello packets sent Total sent failed Total number of hello packets that failed to be sent Sent after one and a half intervals T...

Страница 1262: ...e OSPF neighbor was disconnected The most recent entry is displayed first Sequence Sequence number of the OSPF neighbor relationship troubleshooting entry Description OSPF neighbor relationship troubl...

Страница 1263: ...ease check the connection to the peer Interface Vlan10 peer address 10 1 1 1 ping result waitting for the ping to execute CPU usage 25 37 memory usage 36 49 memory state normal The state of OSPF 1 pee...

Страница 1264: ...n the remote end Interface Vlan10 peer address 10 1 1 1 The state of OSPF 1 peer 1 1 1 1 changed to EXSTART because a SeqNumberMismatch event was triggered by the change of the OSPF peer s capability...

Страница 1265: ...ion on both ends Interface Vlan10 peer address 10 1 1 1 The state of OSPF 1 peer 1 1 1 1 changed to EXSTART because a SeqNumberMismatch event was triggered upon the receipt of a DD packet containing i...

Страница 1266: ...link Cost Interface route cost State Interface state Type Virtual link Transit Area Transit area ID Timers Values of timers in seconds Hello Dead and Retransmit Transmit Delay LSA transmission delay o...

Страница 1267: ...ts Examples Set the DSCP value for outgoing OSPF packets to 63 in OSPF process 1 Sysname system view Sysname ospf 1 Sysname ospf 1 dscp 63 enable link local signaling Use enable link local signaling t...

Страница 1268: ...idelines Before you configure this command enable the link local signaling capability Examples Enable the out of band resynchronization capability for OSPF process 1 Sysname system view Sysname ospf 1...

Страница 1269: ...ze count Specifies the number of OSPF logs in the range of 0 to 65535 Examples Set the number of route calculation logs to 50 in OSPF process 100 Sysname system view Sysname ospf 100 Sysname ospf 100...

Страница 1270: ...tbound Type 3 LSAs prefix list name Specifies an IP prefix list by its name a case sensitive string of 1 to 63 characters to filter inbound outbound Type 3 LSAs route policy name Specifies a routing p...

Страница 1271: ...routes process id Specifies a process by its ID in the range of 1 to 65535 This argument is available only when the protocol argument is rip or ospf Usage guidelines When you specify an ACL follow th...

Страница 1272: ...ved LSAs Use undo filter policy import to restore the default Syntax filter policy ipv4 acl number gateway prefix list name gateway prefix list name prefix list prefix list name gateway prefix list na...

Страница 1273: ...he destination keyword specifies the subnet mask of the destination address For the mask configuration to take effect specify a contiguous subnet mask Examples Use basic ACL 2000 to filter received ro...

Страница 1274: ...chover occurs because of device failure Before OSPF restart or active standby switchover the GR restarter does not send Grace LSAs to GR helpers Before enabling IETF GR for OSPF enable Opaque LSA adve...

Страница 1275: ...keyword is available only for the IETF GR helper Examples Enable GR helper capability for OSPF process 1 Sysname system view Sysname ospf 1 Sysname ospf 1 graceful restart helper enable graceful rest...

Страница 1276: ...er roles network admin Parameters interval Specifies the GR interval in the range of 40 to 1800 seconds Usage guidelines For GR restart to succeed the value of the GR restart interval cannot be smalle...

Страница 1277: ...e type import route ospf rip process id all processes allow direct cost cost value nssa only route policy route policy name tag tag type type undo import route direct ospf rip process id all processes...

Страница 1278: ...ype 1 external routes Have high credibility The cost of Type 1 external routes is comparable with the cost of OSPF internal routes The cost of a Type 1 external route equals the cost from the router t...

Страница 1279: ...e logging for OSPF neighbor state changes Syntax log peer change undo log peer change Default Logging for OSPF neighbor state changes is enabled Views OSPF view Predefined user roles network admin Usa...

Страница 1280: ...system resources due to frequent network changes As a best practice set the interval with the lsa arrival interval command to be smaller than or equal to the minimum interval set with the lsa generat...

Страница 1281: ...alue n is the number of generation times The minimum interval and the incremental interval cannot be greater than the maximum interval Examples Set the maximum LSA generation interval to 2 seconds min...

Страница 1282: ...ternal LSAs in the LSDB Use undo lsdb overflow limit to restore the default Syntax lsdb overflow limit number undo lsdb overflow limit Default The number of external LSAs is not limited Views OSPF vie...

Страница 1283: ...n network 131 108 20 0 24 to run OSPF in Area 2 Sysname system view Sysname ospf 100 Sysname ospf 100 area 2 Sysname ospf 100 area 0 0 0 2 network 131 108 20 0 0 0 0 255 Related commands ospf non stop...

Страница 1284: ...t for the default route in the range of 0 to 16777214 If you do not specify this option the default cost specified by the default cost command applies nssa only Limits the default route advertisement...

Страница 1285: ...uters attached to an NSSA area must be configured with the nssa command in area view If you specify the translate ignore checking backbone keyword for an ABR you must also specify the keyword for othe...

Страница 1286: ...name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters If you do not specify this option the OSPF process runs on the public network Usage guidelines You can...

Страница 1287: ...e does not delete the OSPF process or the area Examples Enable OSPF process 1 on VLAN interface 10 that is in Area 2 and exclude secondary IP addresses Sysname system view Sysname interface vlan inter...

Страница 1288: ...interface and delete the old key after key replacement To replace the key used for MD5 or HMAC MD5 authentication on an interface you must configure the new key before removing the old key from each r...

Страница 1289: ...ospf cost interface view Use ospf cost to set an OSPF cost for an interface Use undo ospf cost to restore the default Syntax ospf cost cost value undo ospf cost Default An interface computes its OSPF...

Страница 1290: ...If a rule in the specified ACL is applied to a VPN instance the rule does not take effect If a rule in the specified ACL is not applied to any VPN instance the rule takes effect on both VPN packets a...

Страница 1291: ...on an interface Use undo ospf dr priority to restore the default value Syntax ospf dr priority priority undo ospf dr priority Default The router priority is 1 Views Interface view Predefined user role...

Страница 1292: ...Use undo ospf lsu flood control to disable OSPF to limit LSU transmit rate Syntax ospf lsu flood control interval count undo ospf lsu flood control Default OSPF does not limit the LSU transmit rate V...

Страница 1293: ...inding to restore the default Syntax ospf mib binding process id undo ospf mib binding Default The public MIB is bound to the OSPF process with the smallest process ID Views System view Predefined use...

Страница 1294: ...t Examples Enable VLAN interface 10 to add the interface MTU value into DD packets Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 ospf mtu enable ospf network type Us...

Страница 1295: ...an interface is P2MP unicast all OSPF packets are unicast by the interface Examples Specify the OSPF network type for VLAN interface 10 as NBMA Sysname system view Sysname interface vlan interface 10...

Страница 1296: ...n Parameters disable Disables prefix suppression for an interface Usage guidelines To disable prefix suppression for an interface associated with an OSPF process that has been enabled with prefix supp...

Страница 1297: ...Sysname Vlan interface10 ospf primary path detect bfd ctrl On VLAN interface 11 enable BFD echo packet mode for OSPF PIC Sysname system view Sysname ospf 1 Sysname ospf 1 pic additional path always Sy...

Страница 1298: ...f timer hello to set the hello interval on an interface Use undo ospf timer hello to restore the default Syntax ospf timer hello seconds undo ospf timer hello Default The hello interval is 10 seconds...

Страница 1299: ...s hello packets at the poll interval The poll interval must be a minimum of four times the hello interval Examples Set the poll timer interval on VLAN interface 10 to 130 seconds Sysname system view S...

Страница 1300: ...interface Use undo ospf trans delay to restore the default Syntax ospf trans delay seconds undo ospf trans delay Default The LSA transmission delay is 1 second Views Interface view Predefined user ro...

Страница 1301: ...GTSM for an interface ospf ttl security disable to disable OSPF GTSM for an interface Use undo ospf ttl security to restore the default Syntax ospf ttl security hops hop count disable undo ospf ttl se...

Страница 1302: ...ame Vlan interface10 ospf ttl security hops 254 Enable GTSM in OSPF area view and disable OSPF GTSM for VLAN interface 10 Sysname system view Sysname ospf 100 Sysname ospf 100 area 1 Sysname ospf 100...

Страница 1303: ...Sysname ospf 100 peer 1 1 1 1 Related commands ospf dr priority pic OSPF view Use pic to enable OSPF PIC Use undo pic to disable OSPF PIC Syntax pic additional path always undo pic Default OSPF PIC is...

Страница 1304: ...multiple routing protocols find routes to the same destination the router uses the route found by the protocol with the highest preference When the route policy route policy name option is specified t...

Страница 1305: ...efix priorities it uses the highest priority By default the 32 bit OSPF host routes have a medium priority and other routes have a low priority Examples Use a routing policy to assign the medium prior...

Страница 1306: ...ensure traffic forwarding On broadcast and NBMA networks the DR generates Type 2 LSAs with a mask length of 32 to suppress network routes Other routing information can still be advertised to ensure t...

Страница 1307: ...cify this argument the command clears OSPF log information for all processes received Specifies log information for received hello packets sent Specifies log information for sent hello packets abnorma...

Страница 1308: ...select whether to restart OSPF process upon execution of this command Examples Restart all OSPF processes Sysname reset ospf process Reset OSPF process Y N y reset ospf redistribution Use reset ospf r...

Страница 1309: ...p troubleshooting information Syntax reset ospf troubleshooting Views User view Predefined user roles network admin Examples Clear OSPF neighbor relationship troubleshooting information Sysname reset...

Страница 1310: ...100 undo rfc1583 compatible router id Use router id to configure a global router ID Use undo router id to restore the default Syntax router id router id undo router id Default No global router ID is...

Страница 1311: ...e interface number all Default An interface can receive and send OSPF packets Views OSPF view Predefined user roles network admin Parameters interface type interface number Specifies an interface by i...

Страница 1312: ...able SNMP notifications for OSPF Syntax snmp agent trap enable ospf authentication failure bad packet config error grhelper status change grrestarter status change if state change lsa maxage lsa origi...

Страница 1313: ...tions about packets that are received and forwarded on an interface virt authentication failure Specifies notifications about authentication failures on a virtual interface virt bad packet Specifies n...

Страница 1314: ...ion interval you can prevent overconsumption of bandwidth and router resources due to frequent topology changes For a stable network the minimum interval is used If network changes become frequent the...

Страница 1315: ...ystem view Sysname ospf 100 Sysname ospf 100 area 1 Sysname ospf 100 area 0 0 0 1 stub Related commands default cost OSPF area view stub router OSPF view Use stub router to configure a router as a stu...

Страница 1316: ...ransmit pacing Default An OSPF interface sends a maximum of three LSU packets every 20 milliseconds Views OSPF view Predefined user roles network admin Parameters interval interval Specifies an interv...

Страница 1317: ...55 the configured hop count 1 to 255 When GTSM is configured the OSPF packets sent by the device have a TTL of 255 To use GTSM you must configure GTSM on both the local and peer devices You can specif...

Страница 1318: ...ey in encrypted form plain Specifies a key in plaintext form For security purposes the key specified in plaintext form will be stored in encrypted form string Specifies the key This argument is case s...

Страница 1319: ...lover OSPF sends multiple packets that contain both the new and old MD5 HMAC MD5 authentication keys to ensure that the neighbor device can pass the authentication 2 Configure the new MD5 HMAC MD5 aut...

Страница 1320: ...lay ip policy based route 2 display ip policy based route interface 3 display ip policy based route local 5 display ip policy based route setup 6 if match acl 7 ip local policy based route 7 ip policy...

Страница 1321: ...he inbound vpn keyword the next hop belongs to the public network direct Specifies that the next hop must be directly connected to take effect track track entry number Specifies a track entry by its n...

Страница 1322: ...ed route Use display ip policy based route to display PBR policy information Syntax display ip policy based route policy policy name Views Any view Predefined user roles network admin network operator...

Страница 1323: ...ts type and number slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays information on the master device Examples Display PBR co...

Страница 1324: ...hysical interfaces on multiple slots specify a slot that contains its member interfaces For a physical interface specify its slot number node 0 deny not support node 2 permit no resource Match mode of...

Страница 1325: ...sed route local Use display ip policy based route local to display local PBR configuration and statistics Syntax display ip policy based route local slot slot number Views Any view Predefined user rol...

Страница 1326: ...nds reset ip policy based route statistics display ip policy based route setup Use display ip policy based route setup to display PBR configuration Syntax display ip policy based route setup Views Any...

Страница 1327: ...he specified ACL is a basic or advanced ACL Usage guidelines If the specified ACL does not exist or has no rules configured all packets will match the ACL If the vpn instance keyword is specified for...

Страница 1328: ...ure you fully understand its impact on local services of the device You can specify only one policy for local PBR and must make sure the specified policy already exists Before you apply a new policy y...

Страница 1329: ...w Predefined user roles network admin Parameters policy name Specifies a policy by its name a case sensitive string of 1 to 19 characters deny Specifies the match mode for the policy node as deny perm...

Страница 1330: ...r PBR statistics Syntax reset ip policy based route statistics policy policy name Views User view Predefined user roles network admin Parameters policy policy name Specifies a policy by its name a cas...

Страница 1331: ...ontents IPv6 static routing commands 1 delete ipv6 static routes all 1 display ipv6 route static nib 1 display ipv6 route static routing table 4 ipv6 route static 6 ipv6 route static default preferenc...

Страница 1332: ...work communication and cause packet forwarding failure Before executing the command make sure you fully understand the potential impact on the network When you use this command the system will prompt...

Страница 1333: ...y0 0x0 VrfNthp 0 UserKey1 0x0 Nexthop 3 4 IFIndex 0x0 LocalAddr TopoNthp Invalid ExtType 0x0 Table 1 Command output Field Description NibID ID of the NIB Sequence Sequence number of the NIB Type Type...

Страница 1334: ...rf TunnelID N A Topology Weight 0 NibID 0x21000001 Sequence 1 Type 0x41 Flushed Yes UserKey0 0x0 VrfNthp 0 UserKey1 0x0 Nexthop 3 4 IFIndex 0x0 LocalAddr TopoNthp Invalid ExtType 0x0 RefCnt 1 FlushRef...

Страница 1335: ...lushed to the FIB Flag Flag of the next hop Version Version of the next hop ExtType NIB extension type display ipv6 route static routing table Use display ipv6 route static routing table to display IP...

Страница 1336: ...0xa BkInterface N A Flag 0x80d0a BfdSrcIp N A DbIndex 0x1 BfdIfIndex 0x0 Type Normal BfdVrfIndex 0 TrackIndex 0xffffffff Label NULL Preference 60 vrfIndexDst 0 BfdMode N A vrfIndexNH 0 Permanent 0 Tag...

Страница 1337: ...e static ipv6 address prefix length interface type interface number next hop address bfd control packet echo packet bfd source ipv6 address permanent preference preference tag tag value description te...

Страница 1338: ...e range of 1 to 4294967295 The default is 0 Tags of routes are used for route control in routing policies For more information about routing policies see Layer 3 IP Routing Configuration Guide descrip...

Страница 1339: ...d together with the bfd keyword Examples Configure an IPv6 static route with the destination address 1 1 2 64 and next hop 1 1 3 1 Sysname system view Sysname ipv6 route static 1 1 2 64 1 1 3 1 Relate...

Страница 1340: ...9 Sysname ipv6 route static default preference 120 Related commands display ipv6 routing table protocol...

Страница 1341: ...ter policy export 10 filter policy import 12 graceful restart 13 graceful restart interval 13 import route 14 non stop routing 15 output delay 16 preference 16 reset ripng process 17 reset ripng stati...

Страница 1342: ...ckets If a zero field of a packet contains a non zero value RIPng discards the packet Examples Disable zero field check on RIPng packets for RIPng 100 Sysname system view Sysname ripng 100 Sysname rip...

Страница 1343: ...ork admin network operator Parameters process id Specifies a RIPng process by its ID in the range of 1 to 65535 If you do not specify this argument the command displays information about all RIPng pro...

Страница 1344: ...ge collection interval in seconds Update output delay RIPng packet sending interval in milliseconds Output count Maximum number of RIPng packets that can be sent at each interval Graceful restart inte...

Страница 1345: ...graceful restart Views Any view Predefined user roles network admin network operator Parameters process id Specifies a RIPng process by its ID in the range of 1 to 65535 Examples Display GR informatio...

Страница 1346: ...s Display interface information for RIPng process 1 Sysname display ripng 1 interface Total 1 Interface Vlan interface100 Link local address FE80 20C 29FF FEC8 B4DD Split horizon On Poison reverse Off...

Страница 1347: ...cess id neighbor interface type interface number Views Any view Predefined user roles network admin network operator Parameters process id Specifies a RIPng process by its ID in the range of 1 to 6553...

Страница 1348: ...Nonstop Routing capability Enabled Current NSR state Finish Table 6 Command output Field Description Nonstop Routing capability Indicates whether NSR is enabled Enabled or Disabled Current NSR state N...

Страница 1349: ...bage collect D Direct O Optimal F Flush to RIB Peer FE80 20C 29FF FED4 7171 on Vlan interface100 Destination 4 4 128 via FE80 20C 29FF FED4 7171 cost 1 tag 0 AOF 5 secs Local route Destination 3 3 128...

Страница 1350: ...rbage Number of routes in Garbage collection state Local Total number of locally generated direct route total Total number of routes learned from RIPng neighbors enable ipsec profile Use enable ipsec...

Страница 1351: ...th Layer 3 interfaces in up state changes from bidirectional to unidirectional or down RIPng FRR is effective only for RIPng routes that are learned from directly connected neighbors Examples Enable R...

Страница 1352: ...all routes redistributed by RIPng will match the ACL If a rule in the ACL has the vpn instance keyword configured the rule applies to only the RIPng routes in the specified VPN instance If the rule d...

Страница 1353: ...to filter received routes Usage guidelines To specify an ACL in the command follow these restrictions and guidelines If the ACL does not exist or has no rules configured all routes received by RIPng...

Страница 1354: ...y ipv6 Sysname acl ipv6 adv 3000 quit Sysname ripng 100 Sysname ripng 100 filter policy 3000 import graceful restart Use graceful restart to enable Graceful Restart GR for RIPng Use undo graceful rest...

Страница 1355: ...es from another routing protocol Use undo import route to remove routes redistributed from another routing protocol Syntax import route direct static cost cost value route policy route policy name und...

Страница 1356: ...a routing policy by its name a case sensitive string of 1 to 63 characters Usage guidelines This command redistributes only active routes To view route state information use the display ipv6 routing...

Страница 1357: ...count Specifies the maximum number of RIPng packets sent by a RIPng process at each interval in the range of 1 to 30 Usage guidelines If you configure the RIPng packet sending rate for both a RIPng pr...

Страница 1358: ...f no preference is set by the routing policy the preference of all RIPng routes is set by the preference command Examples Set the preference for RIPng routes to 120 Sysname system view Sysname ripng 1...

Страница 1359: ...ed user roles network admin Parameters process id Specifies a RIPng process by its ID in the range of 1 to 65535 The default value is 1 vpn instance vpn instance name Specifies an MPLS L3VPN instance...

Страница 1360: ...tive string of 1 to 63 characters The command advertises a default route only when a route in the routing table matches the routing policy Usage guidelines This command enables the interface to advert...

Страница 1361: ...a RIPng interface Use undo ripng ipsec profile to remove the IPsec profile from the RIPng interface Syntax ripng ipsec profile profile name undo ripng ipsec profile Default No IPsec profile is applie...

Страница 1362: ...ound RIPng routes Sysname system view Sysname interface vlan interface 100 Sysname Vlan interface100 ripng metricin 12 ripng metricout Use ripng metricout to configure an interface to add a metric to...

Страница 1363: ...the range of 10 to 100 milliseconds count Specifies the maximum number of RIPng packets sent at each interval in the range of 1 to 30 Usage guidelines If you set the RIPng packet sending rate for both...

Страница 1364: ...g primary path detect bfd Default BFD single hop echo detection is disabled for RIPng FRR Views Interface view Predefined user roles network admin Usage guidelines For quicker RIPng FRR use BFD single...

Страница 1365: ...y network to be advertised through an interface Use undo ripng summary address to remove a summary network Syntax ripng summary address ipv6 address prefix length undo ripng summary address ipv6 addre...

Страница 1366: ...in Parameters maximum interval Specifies the maximum interval for sending triggered updates in the range of 1 to 5 seconds minimum interval Specifies the minimum interval for sending triggered updates...

Страница 1367: ...for a route is received before the timer expires RIPng sets the metric of the route to 16 Suppress timer How long a RIPng route stays in suppressed state When the metric of a route becomes 16 the rou...

Страница 1368: ...tree 41 display ospfv3 statistics 44 display ospfv3 vlink 48 enable ipsec profile 49 event log 50 fast reroute OSPFv3 view 51 filter OSPFv3 area view 51 filter policy export OSPFv3 view 52 filter poli...

Страница 1369: ...log 77 reset ospfv3 process 78 reset ospfv3 redistribution 79 reset ospfv3 statistics 79 router id 79 silent interface OSPFv3 view 80 snmp context name 81 snmp trap rate limit 81 snmp agent trap enab...

Страница 1370: ...fines the network ID not advertise Specifies not to advertise the summary IPv6 route If you do not specify this keyword the command advertises the IPv6 summary route cost cost value Specifies the cost...

Страница 1371: ...x length cost cost value not advertise nssa only tag tag undo asbr summary ipv6 address prefix length Default Route summarization is not configured on an ASBR Views OSPFv3 view Predefined user roles n...

Страница 1372: ...xamples Configure a summary route 2000 16 and specify a cost of 100 and a tag value of 2 for the summary route Sysname system view Sysname ospfv3 1 Sysname ospfv3 1 asbr summary 2000 16 cost 100 tag 2...

Страница 1373: ...sname system view Sysname ospfv3 1 Sysname ospfv3 1 area 1 Sysname ospfv3 1 area 0 0 0 1 authentication mode keychain test bandwidth reference OSPFv3 view Use bandwidth reference to set a reference ba...

Страница 1374: ...roles network admin Parameters tag Specifies a tag for redistributed routes in the range of 0 to 4294967295 Usage guidelines If you do not set a tag for redistributed routes by using the default rout...

Страница 1375: ...1 area 0 0 0 1 default cost 60 Related commands nssa OSPFv3 area view stub OSPFv3 area view default route advertise OSPFv3 view Use default route advertise to redistribute a default route into the OS...

Страница 1376: ...lt route in an AS external LSA into the OSPFv3 routing domain A default route exists in the routing table The always keyword is specified The routing policy modifies values in the AS external LSA tag...

Страница 1377: ...id 0 0 0 0 DN bit check Enabled DN bit set Enabled Originating router LSAs with maximum metric Condition On startup for 600 seconds State Inactive Advertise summary LSAs with metric 16711680 Advertis...

Страница 1378: ...0 MTU 1440 Default cost 1 Created by Vlink Process reset state N A Current reset type N A Reset prepare message replied Reset process message replied Reset phase of module M N A P N A S N A C N A R N...

Страница 1379: ...the check is enabled for the route tag in OSPFv3 LSAs of the OSPFv3 process Multi VPN Instance Whether the OSPFv3 process supports PE or multiple VPN instances Multi VPN Instance Disabled The process...

Страница 1380: ...As SNMP trap rate limit interval 10 Count 7 The OSPFv3 process can output a maximum of seven notifications within 10 seconds Area count Total number of areas Stub area count Number of stub areas NSSA...

Страница 1381: ...culation inter AS Calculating AS external routes Calculation end Ending phase of calculation N A Route calculation is not triggered Redistribute timer Route redistribution timer status on or off Redis...

Страница 1382: ...lete intra AS Delete intra AS routes Delete inter AS Delete AS external routes Delete ASBR Delete ASBR routes Route redistribution R module N A Not reset Delete import Delete redistributed routes IPse...

Страница 1383: ...BkInterface Vlan101 NextHop FE80 1 1 1 BkNexthop FE80 1 2 2 Cost 1 Destination 1 1 1 3 Rtr Type ASBR Area 0 0 0 0 Path Type Intra Interface Vlan103 BkInterface Vlan104 NextHop FE80 2 1 1 BkNexthop FE...

Страница 1384: ...BR summary routes for all OSPFv3 areas ipv6 address prefix length Specifies an IPv6 address The ipv6 address argument specifies an IPv6 prefix The prefix length argument specifies a prefix length in t...

Страница 1385: ...nation Metric 1000 4 10 3 96 1 1000 4 11 3 96 1 Table 4 Command output Field Description Destination Destination address of a summarized route Metric Metric of a summarized route display ospfv3 asbr s...

Страница 1386: ...1000 4 32 Status Advertise NULL0 Active Cost 1 Configured Tag Not configured Nssa only Not configured Routes count 2 Table 5 Command output Field Description Total summary addresses Total number of s...

Страница 1387: ...stributed Type Type of the summarized route Metric Metric of the summarized route display ospfv3 event log Use display ospfv3 event log to display OSPFv3 log information Syntax display ospfv3 process...

Страница 1388: ...dvRtr 1 3 3 3 Seq 80000001 Table 7 Command output Field Description Received MaxAge LSA from X X X X The device received an LSA that has reached the maximum age from X X X X Flushed MaxAge LSA by itse...

Страница 1389: ...rea LSA changes External LSA External LSA changes Configuration Configuration changes Area 0 full neighbor Number of FULL state neighbors in Area 0 changes Area 0 up interface Number of interfaces in...

Страница 1390: ...sions BFDDown The interface is shut down by BFD SilentInt The interface is configured as a silent interface ConfStubArea The interface is configured with stub area parameters ConfNssaArea The interfac...

Страница 1391: ...utput Field Description OSPFv3 Process 1 with Router ID 3 3 3 3 The GR status of OSPFv3 process 1 with router ID 3 3 3 3 is displayed Graceful restart capability Whether OSPFv3 GR is enabled Enabled D...

Страница 1392: ...r BDR changes Helper Reason that the helper exited most recently None Completed GR is completed Received 1 way hello The device receives 1 way hello packets from the neighbor Grace Period timer is fir...

Страница 1393: ...sit Area up interface count 3 Interface 5506 Vlan interface3 Instance ID 0 Restarter state Normal State DR Type Broadcast Last exit reason Restarter None Helper None Neighbor count of this interface 0...

Страница 1394: ...f up interfaces in the area Interface Interface in the area or the output interface of the virtual link Restarter state Restarter state on the interface State Interface state Type Interface network ty...

Страница 1395: ...fy the interface type interface number argument or the verbose keyword this command displays brief information about all OSPFv3 interfaces Examples Display OSPFv3 information about VLAN interface 1 Sy...

Страница 1396: ...outer on the network DROther The router is a DR Other router on the attached network Type Network type of the interface PTP P2P PTMP P2MP Broadcast or NBMA MTU MTU value of the interface Priority DR p...

Страница 1397: ...s LSDB information for all processes external Displays AS external LSAs Type 5 LSAs grace Displays Grace LSAs Type 11 LSAs inter prefix Displays Inter area prefix LSAs Type 3 LSAs inter router Display...

Страница 1398: ...state ID Origin router Age SeqNumber Checksum 0 15 0 8 2 2 2 2 0019 0x80000007 0x599e Intra Area Prefix LSA Area 0 0 0 1 Link state ID Origin router Age SeqNumber Checksum Prefix Reference 0 0 0 2 2...

Страница 1399: ...tate ID Link state ID Originating router Originating router LS seq number LSA sequence number Checksum LSA checksum Length LSA length Priority Router priority Options Options Link Local address Link l...

Страница 1400: ...m Prefix 0 15 0 8 2 2 2 2 0691 0x80000041 0x8315 1 SendCnt 0 RxmtCnt 0 Status Stale 0 0 0 3 1 1 1 1 0623 0x80000001 0x0fee 1 SendCnt 0 RxmtCnt 0 Status Stale Router LSA Area 0 0 0 1 Link state ID Orig...

Страница 1401: ...OSPFv3 next hop information Syntax display ospfv3 process id nexthop Views Any view Predefined user roles network admin network operator Parameters process id Specifies an OSPFv3 process by its ID in...

Страница 1402: ...ocess id Specifies an OSPFv3 process by its ID in the range of 1 to 65535 If you do not specify this argument the command displays OSPFv3 NSR information for all OSPFv3 processes Examples Display OSPF...

Страница 1403: ...not specify an area this command displays neighbor information for all areas interface type interface number Specifies an interface by its type and number verbose Displays detailed neighbor informati...

Страница 1404: ...0 00 33 Neighbor is up for 00 24 19 Authentication sequence high 0 low 59755 Neighbor state change count 205 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Neighbor...

Страница 1405: ...uthentication sequence number carried in the received packets The high 32 bit value is 0 and the low 32 bit value is 59755 Neighbor state change count Count of neighbor state changes Database Summary...

Страница 1406: ...has been accomplished between neighbors Total Total number of neighbors under the same state display ospfv3 request queue Use display ospfv3 request queue to display OSPFv3 request list information S...

Страница 1407: ...uence number Nbr ID Neighbor ID Request list Request list information Type LSA type LinkState ID Link state ID AdvRouter Advertising router SeqNum LSA sequence number Age LSA age CkSum Checksum displa...

Страница 1408: ...eighbors Examples Display OSPFv3 retransmission list information Sysname display ospfv3 retrans queue OSPFv3 Process 1 with Router ID 1 1 1 1 Area 0 0 0 0 Interface Vlan interface100 Nbr ID 1 2 2 2 Re...

Страница 1409: ...external route N1 Type 1 NSSA route IA Inter area route E2 Type 2 external route N2 Type 2 NSSA route Selected route Destination 1 64 Type IA Area 0 0 0 1 AdvRouter 2 2 2 2 Preference 10 NibID 0x2300...

Страница 1410: ...e Use display ospfv3 spf tree to display OSPFv3 SPF tree information Syntax display ospfv3 process id area area id spf tree verbose Views Any view Predefined user roles network admin network operator...

Страница 1411: ...router ID Node type Network Network node Router Router node Node flag I The node is in initialization state A The node is on the candidate list S The node is on the SPF tree R The node is directly con...

Страница 1412: ...21 Interface Vlan102 NhFlag Valid BkInterface Vlan103 RefCount 4 Nexthop FE80 20C 29FF FED7 F308 BkNexthop FE80 4 SPFLink count 1 AdvID 1 1 1 1 LsID 0 0 0 0 IntID 232 NbrIntID 465 NbrID 2 2 2 2 LinkT...

Страница 1413: ...is in initialization state P The peer is the parent node C The peer is the child node D The link is to be deleted H The next hop is changed V When the peer node is deleted or added the peer node is n...

Страница 1414: ...number If you do not specify this argument the command displays statistics for all interfaces Examples Display OSPFv3 statistics Sysname display ospfv3 statistics OSPFv3 Process 1 with Router ID 1 1...

Страница 1415: ...Area Prefix LSA Number of Type 9 LSAs Grace LSA Number of Type 11 LSAs Unknown LSA Number of Unknown LSAs Total Total number Routes Statistics Number of routes Intra Area Intra area routes Inter Area...

Страница 1416: ...l links HELLO Hello time mismatch Hello packets with mismatched hello timer HELLO Dead time mismatch Hello packets with mismatched dead timer HELLO Ebit option mismatch Hello packets with mismatched E...

Страница 1417: ...0 0 1 Interface Vlan interface101 DD LSR LSU ACK Total Input 16 0 45 7 68 Output 17 1 7 44 69 Interface Vlan interface102 DD LSR LSU ACK Total Input 41 13 720 719 1493 Output 54 41 750 713 1558 Table...

Страница 1418: ...te Neighbor state Down Init 2 Way ExStart Exchange Loading or Full Interface Number and name of the local interface on the virtual link Cost Interface route cost State Interface state Type Virtual lin...

Страница 1419: ...1 area 0 0 0 0 enable ipsec profile profile001 event log Use event log to set the maximum number of OSPFv3 logs Use undo event log to remove the configuration Syntax event log lsa flush peer spf size...

Страница 1420: ...designate a backup next hop The route policy name argument is a case sensitive string of 1 to 63 characters Usage guidelines Do not use the fast reroute lfa command together with the vlink peer comma...

Страница 1421: ...applied to a VPN instance the rule does not take effect If a rule in the specified ACL is not applied to any VPN instance the rule takes effect on both VPN packets and public network packets Examples...

Страница 1422: ...permit a route with the specified destination and prefix use rule rule id deny permit ipv6 source sour sour prefix destination dest dest prefix The source keyword specifies the destination address of...

Страница 1423: ...ter routes by destination route policy route policy name Specifies a routing policy by its name a case sensitive string of 1 to 63 characters to filter received routes Usage guidelines When you specif...

Страница 1424: ...restart enable Default The GR capability for OSPFv3 is disabled Views OSPFv3 view Predefined user roles network admin Parameters global Enables global GR In global GR mode a GR process can be complet...

Страница 1425: ...r capability for OSPFv3 Use undo graceful restart helper enable to disable the GR helper capability for OSPFv3 Syntax graceful restart helper enable planned only undo graceful restart helper enable De...

Страница 1426: ...A change on the GR helper is detected the GR helper device exits the GR helper mode Examples Enable strict LSA checking for the GR helper in OSPFv3 process 1 Sysname system view Sysname ospfv3 1 Sysna...

Страница 1427: ...oute direct ospfv3 ripng process id all processes static Default OSPFv3 route redistribution is disabled Views OSPFv3 view Predefined user roles network admin Parameters direct Redistributes direct ro...

Страница 1428: ...include the following types Type 1 external routes Have high credibility The cost of Type 1 external routes is comparable with the cost of OSPFv3 internal routes The cost of a Type 1 external route eq...

Страница 1429: ...rval to restore the default Syntax lsa generation interval maximum interval minimum interval incremental interval undo lsa generation interval Default The maximum interval is 5 seconds the minimum int...

Страница 1430: ...ntax non stop routing undo non stop routing Default OSPFv3 NSR is disabled Views OSPFv3 view Predefined user roles network admin Usage guidelines This command takes effect only for the current process...

Страница 1431: ...icy is matched the command redistributes a default route in a Type 7 LSA into the OSPFv3 routing domain The routing policy modifies values in the Type 7 LSA tag tag Specifies a tag for the default rou...

Страница 1432: ...OSPFv3 process by its ID in the range of 1 to 65535 The default process ID is 1 vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 character...

Страница 1433: ...nce 1 of OSPFv3 process 1 in Area 1 Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 ospfv3 1 area 1 instance 1 ospfv3 authentication mode Use ospfv3 authentication mod...

Страница 1434: ...discards the packet OSPFv3 supports only the HMAC SHA 256 authentication algorithm The ID of keys used for authentication can only be in the range of 0 to 65535 Examples Configure GigabitEthernet 1 0...

Страница 1435: ...ser roles network admin Parameters cost value Specifies an OSPFv3 cost in the range of 0 to 65535 for a loopback interface and in the range of 1 to 65535 for other interfaces instance instance id Spec...

Страница 1436: ...v3 fast reroute lfa backup exclude instance instance id undo ospfv3 fast reroute lfa backup exclude instance instance id Default LFA is enabled on an interface Views Interface view Predefined user rol...

Страница 1437: ...ile profile001 to VLAN interface 10 Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 ospfv3 ipsec profile profile001 ospfv3 mib binding Use ospfv3 mib binding to bind a...

Страница 1438: ...the range of 0 to 255 The default is 0 Usage guidelines A neighbor relationship can be established only if the interface s MTU is the same as that of the peer Examples Configure VLAN interface 10 tha...

Страница 1439: ...t use the peer command to specify the neighbor When the network type of an interface is P2MP unicast all OSPFv3 packets are unicast by the interface Examples Specify the OSPFv3 network type for VLAN i...

Страница 1440: ...r fe80 1111 ospfv3 prefix suppression Use ospfv3 prefix suppression to disable an OSPFv3 interface from advertising all its prefixes Use undo ospfv3 prefix suppression to remove the configuration Synt...

Страница 1441: ...stance instance id Specifies an instance by its ID in the range of 0 to 255 The default is 0 Usage guidelines This command enables OSPFv3 FRR to use BFD to detect primary link failures Examples On VLA...

Страница 1442: ...network segment Examples Set the OSPFv3 neighbor dead time to 60 seconds for VLAN interface 10 Sysname system view Sysname interface vlan interface 10 Sysname Vlan interface10 ospfv3 timer dead 60 Re...

Страница 1443: ...l instance instance id Default The poll interval is 120 seconds on an interface Views Interface view Predefined user roles network admin Parameters seconds Specifies the poll interval in the range of...

Страница 1444: ...ry retransmissions set an appropriate retransmission interval For example you can set a large retransmission interval value on a low speed link Examples Set the LSA retransmission interval to 12 secon...

Страница 1445: ...Predefined user roles network admin Parameters ase Specifies a preference for OSPFv3 external routes If you do not specify this keyword the command sets a preference for OSPFv3 internal routes prefer...

Страница 1446: ...the interfaces by using the ospfv3 prefix suppression command When prefix suppression is enabled OSPFv3 does not advertise the prefixes of suppressed interfaces in Type 8 LSAs On broadcast and NBMA ne...

Страница 1447: ...ss Use reset ospfv3 process to restart OSPFv3 processes Syntax reset ospfv3 process id process graceful restart Views User view Predefined user roles network admin Parameters process id Specifies an O...

Страница 1448: ...reset ospfv3 redistribution reset ospfv3 statistics Use reset ospfv3 statistics to clear OSPFv3 statistics Syntax reset ospfv3 process id statistics Views User view Predefined user roles network admin...

Страница 1449: ...ace OSPFv3 view Use silent interface to disable the specified interface from receiving and sending OSPFv3 packets Use undo silent interface to remove the configuration Syntax silent interface interfac...

Страница 1450: ...s context name Specifies a context name a case sensitive string of 1 to 32 characters Usage guidelines The standard OSPFv3 MIB provides only single instance MIB objects For SNMP to correctly identify...

Страница 1451: ...ew Sysname ospfv3 100 Sysname ospfv3 100 snmp trap rate limit interval 5 count 10 snmp agent trap enable ospfv3 Use snmp agent trap enable ospfv3 to enable SNMP notifications for OSPFv3 Use undo snmp...

Страница 1452: ...virtif state change Specifies notifications about virtual interface state changes virtgrhelper status change Specifies notifications about neighbor GR helper state changes of a virtual interface virt...

Страница 1453: ...be greater than the maximum interval Examples Set the maximum SPF calculation interval to 10 seconds minimum interval to 500 milliseconds and incremental interval to 300 milliseconds Sysname system vi...

Страница 1454: ...max metric value Specifies a cost for external LSAs in the range of 1 to 16777215 The default is 16711680 summary lsa max metric value Specifies a cost for Type 3 and Type 4 LSAs in the range of 1 to...

Страница 1455: ...he range of 10 to 1000 milliseconds If the router has multiple OSPFv3 interfaces increase the interval to reduce the total number of LSU packets sent by the router every second count count Specifies t...

Страница 1456: ...l in the range of 1 to 3600 seconds The default is 5 trans delay seconds Specifies the transmission delay interval in the range of 1 to 3600 seconds The default is 1 Usage guidelines You can configure...

Страница 1457: ...btain a valid accept key from the keychain OSPFv3 discards the packet if it fails to obtain a valid accept key 2 Uses the authentication algorithm and key string for the valid accept key to authentica...

Страница 1458: ...d route 2 display ipv6 policy based route interface 3 display ipv6 policy based route local 5 display ipv6 policy based route setup 6 if match acl 7 ipv6 local policy based route 8 ipv6 policy based r...

Страница 1459: ...name option or the inbound vpn keyword the next hop belongs to the public network direct Specifies that the next hop must be directly connected to take effect track track entry number Specifies a tra...

Страница 1460: ...ased route Use display ipv6 policy based route to display IPv6 PBR policy information Syntax display ipv6 policy based route policy policy name Views Any view Predefined user roles network admin netwo...

Страница 1461: ...Specifies an interface by its type and number slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays IPv6 interface PBR configurat...

Страница 1462: ...mand For a global interface for example a VLAN interface which might have member physical interfaces on multiple slots specify a slot that contains its member interfaces For a physical interface speci...

Страница 1463: ...y based route statistics display ipv6 policy based route local Use display ipv6 policy based route local to display IPv6 local PBR configuration and statistics Syntax display ipv6 policy based route l...

Страница 1464: ...of successful matches on all nodes Related commands reset ipv6 policy based route statistics display ipv6 policy based route setup Use display ipv6 policy based route setup to display IPv6 PBR configu...

Страница 1465: ...IPv6 ACL by its name a case insensitive string of 1 to 63 characters starting with a letter The ACL name cannot be all For the command to take effect make sure the specified IPv6 ACL is a basic or ad...

Страница 1466: ...ply a new policy you must first remove the current policy IPv6 local PBR is used to route locally generated packets except the packets destined for the sender This feature might affect local services...

Страница 1467: ...v6 policy based route to delete an IPv6 policy or IPv6 policy node Syntax ipv6 policy based route policy name deny permit node node number undo ipv6 policy based route policy name deny node node numbe...

Страница 1468: ...splay ipv6 policy based route reset ipv6 policy based route statistics Use reset ipv6 policy based route statistics to clear IPv6 PBR statistics Syntax reset ipv6 policy based route statistics policy...

Страница 1469: ...interface 6 if match route type 7 if match tag 8 route policy 8 route policy change delay time 9 IPv4 routing policy commands 10 apply fast reroute 10 apply ip address next hop 11 display ip prefix l...

Страница 1470: ...alue Specifies a cost in the range of 0 to 4294967295 Examples Configure node 10 in permit mode for routing policy policy1 to set a cost of 120 for OSPF external routes Sysname system view Sysname rou...

Страница 1471: ...ence to set an IP precedence for matching routes Use undo apply ip precedence to restore the default Syntax apply ip precedence value clear undo apply ip precedence Default No IP precedence is set Vie...

Страница 1472: ...ocol Unmatched routing protocols still use the preferences set by using the preference command Examples Configure node 10 in permit mode for routing policy policy1 to set the preference for OSPF exter...

Страница 1473: ...tical apply tag Use apply tag to set a tag for IGP routes Use undo apply tag to restore the default Syntax apply tag tag value undo apply tag Default No routing tag is set for IGP routes Views Routing...

Страница 1474: ...y route policy Use display route policy to display routing policy information Syntax display route policy name route policy name Views Any view Predefined user roles network admin network operator Par...

Страница 1475: ...the range of 0 to 4294967295 Examples Configure node 10 in permit mode for routing policy policy1 to permit routes with a cost of 8 Sysname system view Sysname route policy policy1 permit node 10 Sys...

Страница 1476: ...sa external type1or2 nssa external type2 undo if match route type external type1 external type1or2 external type2 internal nssa external type1 nssa external type1or2 nssa external type2 Default No rou...

Страница 1477: ...IGP routes that have a tag of 8 Sysname system view Sysname route policy policy1 permit node 10 Sysname route policy policy1 10 if match tag 8 route policy Use route policy to create a routing policy...

Страница 1478: ...ses of a node is logical AND All the if match clauses must be met The relation between nodes is logical OR A packet passing a node passes the routing policy If a packet does not pass any nodes the pac...

Страница 1479: ...ommand Then execute the undo form of the command after you complete the configuration If you modify the routing policy change delay timer before it expires the timer will be reset Examples Set the rou...

Страница 1480: ...next hop is set for IPv4 routes Views Routing policy node view Predefined user roles network admin Parameters ip address Specifies the next hop IP address public Specifies the public network vpn inst...

Страница 1481: ...list abc Sysname display ip prefix list name abc Prefix list abc Permitted 0 Denied 0 index 10 Deny 6 6 6 0 24 ge 26 le 28 Table 2 Command output Field Description Prefix list Name of the IPv4 prefix...

Страница 1482: ...rs Usage guidelines When you specify an IPv4 ACL follow these guidelines If the specified ACL does not exist or has no rules all IPv4 routes can match the ACL If a rule in the specified ACL is applied...

Страница 1483: ...e greater equal keyword means greater than or equal to and the less equal keyword means less than or equal to The prefix length range relation is mask length min mask length max mask length 32 If only...

Страница 1484: ...ds apply ipv6 fast reroute Use apply ipv6 fast reroute to set a backup link for fast reroute FRR Use undo apply ipv6 fast reroute to restore the default Syntax apply ipv6 fast reroute backup interface...

Страница 1485: ...et for IPv6 routes Views Routing policy node view Predefined user roles network admin Parameters ipv6 address Specifies the next hop IPv6 address Usage guidelines If you use this command to set a next...

Страница 1486: ...ied Number of routes not matching the criterion index Index number of an item permit Match mode of the item Permit Deny 6 64 IPv6 address and prefix length for matching ge Greater equal the lower pref...

Страница 1487: ...d ACL is applied to a VPN instance the rule does not take effect If a rule in the specified ACL is not applied to any VPN instance the rule takes effect on both VPN packets and public network packets...

Страница 1488: ...f only the min prefix length argument is specified the prefix length range is min prefix length 128 If only the max prefix length argument is specified the prefix length range is prefix length max pre...

Страница 1489: ...s network admin Parameters prefix list name Specifies an IPv6 prefix list by its name a case sensitive string of 1 to 63 characters If you do not specify this argument the command clears statistics fo...

Страница 1490: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series IP Multicast Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 1491: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 1492: ...actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x...

Страница 1493: ...generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a...

Страница 1494: ...ardware model configuration or software version It is normal that the port numbers sample output screenshots and other information in the examples differ from what you have on your device Documentatio...

Страница 1495: ...riority 26 igmp snooping drop unknown 27 igmp snooping disable enable 28 igmp snooping fast leave 28 igmp snooping general query source ip 29 igmp snooping group limit 30 igmp snooping group policy 31...

Страница 1496: ...gmp snooping router port 51 reset igmp snooping statistics 52 reset l2 multicast fast forwarding cache 52 router aging time IGMP snooping view 53 source deny IGMP snooping view 54 version IGMP snoopin...

Страница 1497: ...snooping status in all VLANs Examples Display the global IGMP snooping status and the IGMP snooping status for all VLANs Sysname display igmp snooping IGMP snooping information Global Global enable E...

Страница 1498: ...1 0 0 1 Host tracking Disabled Dot1p priority Proxy Disabled Table 1 Command output Field Description Global enable Global IGMP snooping status Enabled Disabled IGMP snooping IGMP snooping status in a...

Страница 1499: ...sending IGMP general queries General query source IP Source IP address of IGMP general queries Special query source IP Source IP address of IGMP group specific queries Report source IP Source IP addre...

Страница 1500: ...tion about dynamic IGMP snooping group entries If you do not specify this keyword the command displays brief information about dynamic IGMP snooping group entries slot slot number Specifies an IRF mem...

Страница 1501: ...member device or the master device when no member device is specified Host ports 1 in total Member ports and the total number of member ports 00 03 23 Remaining aging time for the dynamic member port...

Страница 1502: ...Command output Field Description VLAN VLAN ID 0 0 0 0 224 1 1 1 S G entry where 0 0 0 0 in the S position means any multicast sources Port Member port Host IP address of the host Uptime Length of tim...

Страница 1503: ...n total Router ports 2 in total GE1 0 1 00 01 30 GE1 0 2 00 00 23 Table 4 Command output Field Description VLAN 2 VLAN ID Router slots 0 in total Member IDs and total number of the member devices that...

Страница 1504: ...ember device by its member ID If you do not specify a member device this command displays information about static IGMP snooping group entries for the master device Examples Display detailed informati...

Страница 1505: ...network admin network operator Parameters vlan vlan id Specifies a VLAN by its VLAN ID in the range of 1 to 4094 verbose Displays detailed information about static router ports If you do not specify t...

Страница 1506: ...rk admin network operator Examples Display statistics for the IGMP messages and PIMv2 hello messages learned through IGMP snooping Sysname display igmp snooping statistics Received IGMP general querie...

Страница 1507: ...by its VLAN ID in the range of 1 to 4094 source address Specifies a multicast source address If you do not specify a multicast source this command displays Layer 2 multicast fast forwarding entries fo...

Страница 1508: ...0x2 The entry is added by multicast forwarding The following flags are available for an outgoing interface 0x1 The port is added to the entry because of packets passed through between cards 0x2 The p...

Страница 1509: ...bout Layer 2 IP multicast groups for VLAN 2 Sysname display l2 multicast ip vlan 2 Total 1 entries VLAN 2 Total 1 entries 0 0 0 0 224 1 1 1 Attribute static success Host ports 1 in total GE1 0 1 S SUC...

Страница 1510: ...s VLAN ID in the range of 1 to 4094 If you do not specify a VLAN this command displays Layer 2 multicast IP forwarding entries for all VLANs slot slot number Specifies an IRF member device by its memb...

Страница 1511: ...r all VLANs slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays information about Layer 2 MAC multicast groups for the master d...

Страница 1512: ...ber Specifies an IRF member device by its member ID If you do not specify a member device this command displays Layer 2 multicast MAC group entries for the master device Examples Display Layer 2 multi...

Страница 1513: ...ameters this command displays all MAC address table entries including unicast MAC address entries and static multicast MAC address entries Examples Display static multicast MAC address entries for VLA...

Страница 1514: ...r the value the higher the priority Usage guidelines You can set the 802 1p priority globally for all VLANs in IGMP snooping view or for a VLAN in VLAN view For a VLAN the VLAN specific configuration...

Страница 1515: ...IGMP snooping view Predefined user roles network admin Parameters vlan vlan list Specifies a space separated list of up to 10 VLAN items Each item specifies a VLAN by its ID or a range of VLANs in the...

Страница 1516: ...user roles network admin Parameters limit Specifies the maximum number of IGMP snooping forwarding entries in the range of 0 to 4294967295 Examples Set the global maximum number of IGMP snooping forw...

Страница 1517: ...the global configuration Examples Globally enable fast leave processing for VLAN 2 Sysname system view Sysname igmp snooping Sysname igmp snooping fast leave vlan 2 Related commands igmp snooping fas...

Страница 1518: ...the multicast groups that hosts can join This command does not take effect on static member ports because static member ports do not send IGMP reports You can configure a multicast group policy global...

Страница 1519: ...timer for dynamic member ports is 260 seconds Views IGMP snooping view Predefined user roles network admin Parameters seconds Specifies an aging timer for dynamic member ports in the range of 1 to 80...

Страница 1520: ...lly for all VLANs in IGMP snooping view or for a VLAN in VLAN view For a VLAN the global configuration has the same priority as the VLAN specific configuration Examples Enable host tracking globally S...

Страница 1521: ...ulticast users can join or leave any multicast groups Views User profile view Predefined user roles network admin Parameters ipv4 acl number Specifies an IPv4 basic or advanced ACL by its number in th...

Страница 1522: ...llow multicast users to join or leave only multicast group 225 1 1 1 Sysname system view Sysname acl basic 2001 Sysname acl ipv4 basic 2001 rule permit source 225 1 1 1 0 Sysname acl ipv4 basic 2001 q...

Страница 1523: ...rop unknown to disable dropping unknown multicast data packets for a VLAN Syntax igmp snooping drop unknown undo igmp snooping drop unknown Default Dropping unknown multicast data packets is disabled...

Страница 1524: ...IGMP snooping for a VLAN by using this command in VLAN view or for multiple VLANs by using the enable command in IGMP snooping view The configuration in VLAN view has the same priority as the configur...

Страница 1525: ...leave processing for a port in interface view or globally for all ports in IGMP snooping view For a port the port specific configuration takes priority over the global configuration Examples Enable fa...

Страница 1526: ...ticast groups that a port can join Use undo igmp snooping group limit to remove the limit on the maximum number of multicast groups that a port can join Syntax igmp snooping group limit limit vlan vla...

Страница 1527: ...osts can join only the multicast groups that the ACL permits If the ACL does not exist or does not have valid rules hosts cannot join multicast groups vlan vlan list Specifies a space separated list o...

Страница 1528: ...ticast group policy for VLAN 2 so that hosts in VLAN 2 can join only multicast group 225 1 1 1 Sysname system view Sysname acl basic 2000 Sysname acl ipv4 basic 2000 rule permit source 225 1 1 1 0 Sys...

Страница 1529: ...tem view Sysname igmp snooping Sysname igmp snooping quit Sysname vlan 2 Sysname vlan2 igmp snooping enable Sysname vlan2 igmp snooping host aging time 300 Related commands enable IGMP snooping view h...

Страница 1530: ...m view Sysname igmp snooping Sysname igmp snooping quit Sysname vlan 2 Sysname vlan2 igmp snooping enable Sysname vlan2 igmp snooping version 3 Sysname vlan2 quit Sysname interface gigabitethernet 1 0...

Страница 1531: ...ws VLAN view Predefined user roles network admin Parameters interval Specifies an IGMP last member query interval in the range of 1 to 25 seconds Usage guidelines You must enable IGMP snooping for a V...

Страница 1532: ...source IP address for IGMP leave messages Usage guidelines You must enable IGMP snooping for a VLAN before you execute this command Examples In VLAN 2 enable IGMP snooping and specify 10 1 1 1 as the...

Страница 1533: ...n the IGMP general query interval Examples In VLAN 2 enable IGMP snooping and set the maximum response time for IGMP general queries to 5 seconds Sysname system view Sysname igmp snooping Sysname igmp...

Страница 1534: ...0 1 enable multicast group replacement for VLAN 2 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 igmp snooping overflow replace vlan 2 Related commands overfl...

Страница 1535: ...GMP snooping for a VLAN before you execute this command For a sub VLAN of a multicast VLAN this command takes effect only after you remove the sub VLAN from the multicast VLAN Examples In VLAN 2 enabl...

Страница 1536: ...Sysname igmp snooping Sysname igmp snooping quit Sysname vlan 2 Sysname vlan2 igmp snooping enable Sysname vlan2 igmp snooping querier Sysname vlan2 igmp snooping querier election Related commands ig...

Страница 1537: ...response time igmp snooping report source ip Use igmp snooping report source ip to configure the source IP address for IGMP reports Use undo igmp snooping report source ip to restore the default Synt...

Страница 1538: ...les network admin Parameters seconds Specifies an aging timer for dynamic router ports in the range of 1 to 8097894 seconds Usage guidelines You must enable IGMP snooping for a VLAN before you execute...

Страница 1539: ...e VLAN ID is in the range of 1 to 4094 If you specify VLANs this command takes effect only when the port belongs to the specified VLANs If you do not specify a VLAN this command takes effect on all VL...

Страница 1540: ...cial query source ip ip address undo igmp snooping special query source ip Default In a VLAN the source IP address of IGMP group specific queries is one of the following The source address of IGMP gro...

Страница 1541: ...rameters group address Specifies a multicast group address in the range of 224 0 1 0 to 239 255 255 255 source ip source address Specifies a multicast source by its IP address If you specify a multica...

Страница 1542: ...2 aggregate interface view Predefined user roles network admin Parameters all Specifies all VLANs vlan vlan id Specifies a VLAN by its VLAN ID in the range of 1 to 4094 Examples Configure GigabitEthe...

Страница 1543: ...le IGMP snooping view igmp snooping enable version IGMP snooping view last member query interval IGMP snooping view Use last member query interval to set the IGMP last member query interval globally U...

Страница 1544: ...ticast MAC address A multicast MAC address is a MAC address in which the least significant bit of the most significant octet is 1 interface interface list Specifies a space separated list of up to fou...

Страница 1545: ...response time to set the maximum response time for IGMP general queries globally Use undo max response time to restore the default Syntax max response time seconds undo max response time Default The...

Страница 1546: ...an id The VLAN ID is in the range of 1 to 4094 If you do not specify a VLAN this command takes effect on all VLANs Usage guidelines This command takes effect only on the multicast groups that a port j...

Страница 1547: ...24 0 1 0 to 239 255 255 255 source address Specifies a multicast source address If you do not specify a multicast source this command clears information about dynamic IGMP snooping group entries for a...

Страница 1548: ...to clear statistics for IGMP messages and PIMv2 hello messages learned through IGMP snooping Syntax reset igmp snooping statistics Views User view Predefined user roles network admin Examples Clear t...

Страница 1549: ...cast fast forwarding cache 20 0 0 2 225 0 0 2 Related commands display l2 multicast fast forwarding cache router aging time IGMP snooping view Use router aging time to set the aging timer for dynamic...

Страница 1550: ...ber to end interface type interface number Usage guidelines You can enable this feature for the specified ports in IGMP snooping view or for a port in interface view For a port the configuration in IG...

Страница 1551: ...d VLANs before you execute this command You can specify the version for the specified VLANs in IGMP snooping view or for a VLAN in VLAN view The configuration in IGMP snooping view has the same priori...

Страница 1552: ...r 1 display pim snooping router port 2 display pim snooping routing table 3 display pim snooping statistics 5 pim snooping enable 5 pim snooping graceful restart join aging time 6 pim snooping gracefu...

Страница 1553: ...Displays detailed information about PIM snooping neighbors If you do not specify this keyword the command displays brief information about PIM snooping neighbors Examples Display detailed information...

Страница 1554: ...Syntax display pim snooping router port vlan vlan id slot slot number verbose Views Any view Predefined user roles network admin network operator Parameters vlan vlan id Specifies a VLAN by its VLAN I...

Страница 1555: ...routing table to display PIM snooping routing entries Syntax display pim snooping routing table vlan vlan id slot slot number verbose Views Any view Predefined user roles network admin network operato...

Страница 1556: ...no info The entry does not exist normal The entry is a correct entry Upstream neighbor Upstream neighbor of the S G or G entry Upstream Slots 0 in total Member IDs and total number of the member devi...

Страница 1557: ...les network admin network operator Examples Display statistics for the PIM messages learned through PIM snooping Sysname display pim snooping statistics Received PIMv2 hello 100 Received PIMv2 join pr...

Страница 1558: ...ing Sysname igmp snooping quit Sysname vlan 2 Sysname vlan2 igmp snooping enable Sysname vlan2 pim snooping enable Related commands igmp snooping igmp snooping enable pim snooping graceful restart joi...

Страница 1559: ...art join aging time 600 Related commands pim snooping enable pim snooping graceful restart neighbor aging time Use pim snooping graceful restart neighbor aging time to set the aging time for global ne...

Страница 1560: ...le Sysname vlan2 pim snooping graceful restart neighbor aging time 300 Related commands pim snooping enable reset pim snooping statistics Use reset pim snooping statistics to clear statistics for the...

Страница 1561: ...multicast vlan 1 display multicast vlan forwarding table 2 display multicast vlan group 3 multicast vlan 5 multicast vlan entry limit 6 port multicast VLAN view 6 port multicast vlan 7 reset multicas...

Страница 1562: ...about all multicast VLANs Examples Display information about all multicast VLANs Sysname display multicast vlan Total 2 multicast VLANs Multicast VLAN 100 Sub VLAN list 3 in total 2 3 6 Port list 3 in...

Страница 1563: ...this command displays multicast VLAN forwarding entries for all multicast sources mask mask length mask Specifies a mask length or subnet mask for the multicast source address The value range for the...

Страница 1564: ...and the total number of the sub VLANs display multicast vlan group Use display multicast vlan group to display information about multicast groups in multicast VLANs Syntax display multicast vlan grou...

Страница 1565: ...tries 2 2 2 2 225 1 1 2 Flags 0x70000010 Sub VLANs 0 in total 111 112 113 115 225 1 1 4 Flags 0x70000010 Sub VLANs 0 in total 0 0 0 0 226 1 1 6 Flags 0x50000010 Sub VLANs 0 in total Table 3 Command ou...

Страница 1566: ...eset multicast vlan group multicast vlan Use multicast vlan to configure a multicast VLAN and enter its view or enter the view of an existing multicast VLAN Use undo multicast vlan to remove the confi...

Страница 1567: ...aximum number of multicast VLAN forwarding entries in the range of 0 to 500 Usage guidelines If the configured value is smaller than the current number of multicast VLAN forwarding entries the device...

Страница 1568: ...LAN you must enable IGMP snooping for the VLANs to which the ports belong Examples Assign GigabitEthernet 1 0 1 through GigabitEthernet 1 0 3 as user ports to multicast VLAN 100 Sysname system view Sy...

Страница 1569: ...ource address The value range for the mask length argument is 0 to 32 default and the default value for the mask argument is 255 255 255 255 group address Specifies a multicast group by its IP address...

Страница 1570: ...1 to 4094 The specified VLANs must exist and cannot be multicast VLANs or sub VLANs of other multicast VLANs all Specifies all sub VLANs of the current multicast VLAN Usage guidelines You must enable...

Страница 1571: ...ooping 24 mld snooping access policy 25 mld snooping done source ip 26 mld snooping dot1p priority 27 mld snooping drop unknown 28 mld snooping disable enable 29 mld snooping fast leave 29 mld snoopin...

Страница 1572: ...ii reset mld snooping statistics 50 router aging time MLD snooping view 51 source deny MLD snooping view 51 version MLD snooping view 52...

Страница 1573: ...6 excluding FFx1 16 and FFx2 16 where x and y represent any hexadecimal numbers in the range of 0 to F If you do not specify an IPv6 multicast group this command displays Layer 2 IPv6 multicast forwar...

Страница 1574: ...outgoing port Enabled Available Disabled Unavailable Ingress port Incoming port of the S G entry List of 1 egress ports List of outgoing ports of the S G entry Related commands reset ipv6 l2 multicas...

Страница 1575: ...of Layer 2 IPv6 multicast groups in VLAN 2 FF1E 101 S G entry where a double colon in the S position means all IPv6 multicast sources Attribute Entry attribute dynamic The entry is created by a dynami...

Страница 1576: ...If you do not specify a member device this command displays Layer 2 IPv6 multicast IP forwarding entries for the master device Examples Display Layer 2 IPv6 multicast IP forwarding entries for VLAN 2...

Страница 1577: ...splay information about Layer 2 IPv6 multicast MAC multicast groups for VLAN 2 Sysname display ipv6 l2 multicast mac vlan 2 Total 1 entries VLAN 2 Total 1 entries MAC group address 3333 0000 0101 Attr...

Страница 1578: ...rding entries for the master device Examples Display Layer 2 IPv6 multicast MAC forwarding entries for VLAN 2 Sysname display ipv6 l2 multicast mac forwarding vlan 2 Total 1 entries VLAN 2 Total 1 ent...

Страница 1579: ...rval 1s Report aggregation Enabled Host tracking Disabled Dot1p priority MLD snooping information VLAN 1 MLD snooping Enabled Drop unknown Disabled Version 1 Host aging time 260s Router aging time 260...

Страница 1580: ...ging timer for the dynamic member port Router aging time Aging timer for the dynamic router port Max response time Maximum time for responding to MLD general queries Last listener query interval Inter...

Страница 1581: ...16 excluding FFx1 16 and FFx2 16 where x and y represent any hexadecimal numbers in the range of 0 to F If you do not specify an IPv6 multicast group this command displays information about all dynam...

Страница 1582: ...Table 7 Command output Field Description Total 1 entries Total number of dynamic MLD snooping group entries VLAN 2 Total 1 entries Total number of dynamic MLD snooping group entries in VLAN 2 FF1E 10...

Страница 1583: ...in network operator Parameters vlan vlan id Specifies a VLAN by its VLAN ID in the range of 1 to 4094 group ipv6 group address Specifies an IPv6 multicast group by its IPv6 address The value range for...

Страница 1584: ...outer port information Syntax display mld snooping router port vlan vlan id verbose slot slot number Views Any view Predefined user roles network admin network operator Parameters verbose Displays det...

Страница 1585: ...port is on the master device and no member device is specified Related commands reset mld snooping router port display mld snooping static group Use display mld snooping static group to display infor...

Страница 1586: ...oup entries VLAN 2 Total 1 entries Total number of static MLD snooping group entries in VLAN 2 FF1E 101 S G entry where a double colon in the S position means all IPv6 multicast sources Attribute Entr...

Страница 1587: ...2 Sysname display mld snooping static router port vlan 2 VLAN 2 Router ports 2 in total GE1 0 1 GE1 0 2 Display detailed information about static router ports for VLAN 2 Sysname display mld snooping s...

Страница 1588: ...ved IPv6 PIM hello 0 Received error MLD messages 0 Table 12 Command output Field Description general queries Number of MLD general queries specific queries Number of MLD multicast address specific que...

Страница 1589: ...s to 3 globally Sysname system view Sysname mld snooping Sysname mld snooping dot1p priority 3 Related commands mld snooping dot1p priority dscp Use dscp to set the DSCP value for outgoing MLD protoco...

Страница 1590: ...must enable the MLD snooping feature by using the mld snooping command before you enable MLD snooping for VLANs You can enable MLD snooping for multiple VLANs by using this command in MLD snooping vie...

Страница 1591: ...an list undo fast leave vlan vlan list Default Fast leave processing is disabled Views MLD snooping view Predefined user roles network admin Parameters vlan vlan list Specifies a space separated list...

Страница 1592: ...ork admin Usage guidelines To configure other MLD snooping features for VLANs you must enable MLD snooping for the specific VLANs even though MLD snooping is enabled globally Examples Enable MLD snoop...

Страница 1593: ...er the global configuration When you configure a rule in the IPv6 ACL follow these restrictions and guidelines For the rule to take effect do not specify the vpn instance vpn instance option In a basi...

Страница 1594: ...a VLAN the VLAN specific configuration takes priority over the global configuration To avoid mistakenly deleting IPv6 multicast group members set the aging timer for dynamic member ports to be greater...

Страница 1595: ...ld snooping host tracking last listener query interval MLD snooping view Use last listener query interval to set the MLD last listener query interval globally Use undo last listener query interval to...

Страница 1596: ...mum response time for MLD general queries in the range of 1 to 3174 seconds Usage guidelines You can set the time globally for all VLANs in MLD snooping view or for a VLAN in VLAN view For a VLAN the...

Страница 1597: ...trol policy Use undo mld snooping access policy to delete an MLD snooping access control policy Syntax mld snooping access policy ipv6 acl number undo mld snooping access policy ipv6 acl number all De...

Страница 1598: ...me range name option take effect If the vpn instance vpn instance option is specified in the rule the rule does not take effect If the vpn instance vpn instance option is not specified in the rule the...

Страница 1599: ...ty to set the 802 1p priority for MLD messages in a VLAN Use undo mld snooping dot1p priority to restore the default Syntax mld snooping dot1p priority priority undo mld snooping dot1p priority Defaul...

Страница 1600: ...t data packets for a VLAN Syntax mld snooping drop unknown undo mld snooping drop unknown Default Dropping unknown IPv6 multicast data packets is disabled Unknown IPv6 multicast data packets are flood...

Страница 1601: ...for a VLAN by using this command in VLAN view or for multiple VLANs by using the enable command The configuration in VLAN view has the same priority as the configuration in MLD snooping view and the...

Страница 1602: ...r all ports in MLD snooping view For a port the port specific configuration takes priority over the global configuration Examples Enable fast leave processing for VLAN 2 on GigabitEthernet 1 0 1 Sysna...

Страница 1603: ...remove the limit on the maximum number of IPv6 multicast groups that a port can join Syntax mld snooping group limit limit vlan vlan list undo mld snooping group limit vlan vlan list Default No limit...

Страница 1604: ...mits If the ACL does not exist or does not have valid rules hosts cannot join IPv6 multicast groups vlan vlan list Specifies a space separated list of up to 10 VLAN items Each item specifies a VLAN by...

Страница 1605: ...ame system view Sysname acl ipv6 basic 2000 Sysname acl ipv6 basic 2000 rule permit source ff03 101 128 Sysname acl ipv6 basic 2000 quit Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet...

Страница 1606: ...w host aging time MLD snooping view mld snooping enable mld snooping host join Use mld snooping host join to configure a port as a simulated member host for an IPv6 multicast group or an IPv6 multicas...

Страница 1607: ...e IPv6 multicast group FF3E 101 in VLAN 2 Sysname system view Sysname mld snooping Sysname mld snooping quit Sysname vlan 2 Sysname vlan2 mld snooping enable Sysname vlan2 quit Sysname interface gigab...

Страница 1608: ...ew Predefined user roles network admin Parameters interval Specifies an MLD last listener query interval in the range of 1 to 25 seconds Usage guidelines You must enable MLD snooping for a VLAN before...

Страница 1609: ...N in VLAN view or globally for all VLANs in MLD snooping view For a VLAN the VLAN specific configuration takes priority over the global configuration To avoid mistakenly deleting IPv6 multicast group...

Страница 1610: ...s This command takes effect only on the IPv6 multicast groups that a port joins dynamically You can enable the IPv6 multicast group replacement feature for a port in interface view or globally for all...

Страница 1611: ...er Use mld snooping querier to enable the MLD snooping querier Use undo mld snooping querier to disable the MLD snooping querier Syntax mld snooping querier undo mld snooping querier Default The MLD s...

Страница 1612: ...le MLD snooping for a VLAN before you execute this command For MLD snooping querier election to take effect you must enable the MLD snooping querier Examples In VLAN 2 enable MLD snooping and enable M...

Страница 1613: ...mld snooping Sysname mld snooping quit Sysname vlan 2 Sysname vlan2 mld snooping enable Sysname vlan2 mld snooping query interval 20 Related commands enable MLD snooping view max response time mld sn...

Страница 1614: ...to set the aging timer for dynamic router ports in a VLAN Use undo mld snooping router aging time to restore the default Syntax mld snooping router aging time seconds undo mld snooping router aging ti...

Страница 1615: ...face view Predefined user roles network admin Parameters vlan vlan list Specifies a space separated list of up to 10 VLAN items Each item specifies a VLAN by its ID or a range of VLANs in the form of...

Страница 1616: ...MLD snooping view mld snooping special query source ip Use mld snooping special query source ip to configure the source IPv6 address for MLD multicast address specific queries Use undo mld snooping sp...

Страница 1617: ...static group ipv6 group address source ip ipv6 source address vlan vlan id undo mld snooping static group ipv6 group address source ip ipv6 source address vlan vlan id all Default A port is not a sta...

Страница 1618: ...remove the configuration of static router ports Syntax mld snooping static router port vlan vlan id undo mld snooping static router port all vlan vlan id Default A port is not a static router port Vie...

Страница 1619: ...t Examples In VLAN 2 enable MLD snooping and specify MLD snooping version 2 Sysname system view Sysname mld snooping Sysname mld snooping quit Sysname vlan 2 Sysname vlan2 mld snooping enable Sysname...

Страница 1620: ...cement feature for VLAN 2 Sysname system view Sysname mld snooping Sysname mld snooping overflow replace vlan 2 Related commands mld snooping overflow replace report aggregation MLD snooping view Use...

Страница 1621: ...group FF1E 2 Sysname reset ipv6 l2 multicast fast forwarding cache FF1E 2 Related commands display ipv6 l2 multicast fast forwarding cache reset mld snooping group Use reset mld snooping group to cle...

Страница 1622: ...094 If you do not specify a VLAN this command clears dynamic router port information for all VLANs Examples Clear information about all dynamic router ports Sysname reset mld snooping router port all...

Страница 1623: ...r for a VLAN in VLAN view For a VLAN the VLAN specific configuration takes priority over the global configuration Examples Set the global aging timer for dynamic router ports to 100 seconds Sysname sy...

Страница 1624: ...MLD snooping view Use version to specify an MLD snooping version for VLANs Use undo version to restore the default Syntax version version number vlan vlan list undo version vlan vlan list Default The...

Страница 1625: ...name system view Sysname mld snooping Sysname mld snooping enable vlan 2 to 10 Sysname mld snooping version 2 vlan 2 to 10 Related commands enable MLD snooping view mld snooping enable mld snooping ve...

Страница 1626: ...pv6 pim snooping router port 2 display ipv6 pim snooping routing table 3 display ipv6 pim snooping statistics 5 ipv6 pim snooping enable 6 ipv6 pim snooping graceful restart join aging time 6 ipv6 pim...

Страница 1627: ...the master device verbose Displays detailed information about IPv6 PIM snooping neighbors If you do not specify this keyword the command displays brief information about IPv6 PIM snooping neighbors E...

Страница 1628: ...port Use display ipv6 pim snooping router port to display IPv6 PIM snooping router port information Syntax display ipv6 pim snooping router port vlan vlan id slot slot number verbose Views Any view P...

Страница 1629: ...o member device is specified display ipv6 pim snooping routing table Use display ipv6 pim snooping routing table to display IPv6 PIM snooping routing entries Syntax display ipv6 pim snooping routing t...

Страница 1630: ...nformation Finite state machine information for the entry delete The entry attributes have been deleted dummy The entry is a new temporary entry no info The entry does not exist normal The entry is a...

Страница 1631: ...v6 pim snooping statistics to display statistics for the IPv6 PIM messages learned through IPv6 PIM snooping Syntax display ipv6 pim snooping statistics Views Any view Predefined user roles network ad...

Страница 1632: ...able the MLD snooping feature and then enable MLD snooping and IPv6 PIM snooping for VLAN 2 Sysname system view Sysname mld snooping Sysname mld snooping quit Sysname vlan 2 Sysname vlan2 mld snooping...

Страница 1633: ...rdinate switchover Sysname system view Sysname mld snooping Sysname mld snooping quit Sysname vlan 2 Sysname vlan2 mld snooping enable Sysname vlan2 ipv6 pim snooping enable Sysname vlan2 ipv6 pim sno...

Страница 1634: ...snooping Sysname mld snooping quit Sysname vlan 2 Sysname vlan2 mld snooping enable Sysname vlan2 ipv6 pim snooping enable Sysname vlan2 ipv6 pim snooping graceful restart neighbor aging time 300 Rela...

Страница 1635: ...1 display ipv6 multicast vlan forwarding table 2 display ipv6 multicast vlan group 3 ipv6 multicast vlan 5 ipv6 multicast vlan entry limit 6 ipv6 port multicast vlan 6 port IPv6 multicast VLAN view 7...

Страница 1636: ...out all IPv6 multicast VLANs Examples Display information about all IPv6 multicast VLANs Sysname display ipv6 multicast vlan Total 2 IPv6 multicast VLANs IPv6 multicast VLAN 100 Sub VLAN list 3 in tot...

Страница 1637: ...you do not specify an IPv6 multicast group this command displays IPv6 multicast VLAN forwarding entries for all IPv6 multicast groups prefix length Specifies a prefix length of the IPv6 multicast grou...

Страница 1638: ...vlan group Use display ipv6 multicast vlan group to display information about IPv6 multicast groups in IPv6 multicast VLANs Syntax display ipv6 multicast vlan group ipv6 source address ipv6 group addr...

Страница 1639: ...N 40 FF0E 10 Flags 0x10000030 Sub VLANs 1 in total VLAN 40 IPv6 multicast VLAN 20 Total 3 entries 2 2 FF0E 2 Flags 0x70000010 Sub VLANs 0 in total 22 22 FF0E 4 Flags 0x70000010 Sub VLANs 0 in total FF...

Страница 1640: ...multicast vlan Use ipv6 multicast vlan to configure an IPv6 multicast VLAN and enter its view or enter the view of an existing IPv6 multicast VLAN Use undo ipv6 multicast vlan to remove the configurat...

Страница 1641: ...ters limit Specifies the maximum number of IPv6 multicast VLAN forwarding entries in the range of 0 to 120 Usage guidelines If the configured value is smaller than the current number of IPv6 multicast...

Страница 1642: ...bitEthernet 1 0 1 to IPv6 multicast VLAN 100 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 ipv6 port multicast vlan 100 port IPv6 multicast VLAN view Use por...

Страница 1643: ...e value range for this argument is FFxy 16 excluding FFx1 16 and FFx2 16 where x and y represent any hexadecimal numbers in the range of 0 to F If you do not specify an IPv6 multicast group this comma...

Страница 1644: ...0 VLAN items Each item specifies a VLAN by its ID or a range of VLANs in the form of start vlan id to end vlan id The value range for the VLAN ID is 1 to 4094 The specified VLANs must exist and cannot...

Страница 1645: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series MCE Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 1646: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 1647: ...ose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which you select...

Страница 1648: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 1649: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 1650: ...rt route policy 3 import route policy 4 ip binding vpn instance 5 ip vpn instance system view 6 route distinguisher VPN instance view 7 routing table limit 7 vpn id 8 vpn instance capability simple OS...

Страница 1651: ...can configure IPv4 VPN parameters such as inbound and outbound routing policies Examples Enter VPN instance IPv4 address family view Sysname system view Sysname ip vpn instance vpn1 Sysname vpn insta...

Страница 1652: ...e vpn instance name argument is a case sensitive string of 1 to 31 characters If you do not specify a VPN instance this command displays brief information about all VPN instances Examples Display brie...

Страница 1653: ...N instance Address family IPv4 IPv4 VPN information Address family IPv6 IPv6 VPN information Export VPN Targets Export route targets Import VPN Targets Import route targets Export Route Policy Routing...

Страница 1654: ...oth VPN instance IPv4 address family view and VPN instance view IPv4 VPN uses the export routing policy specified in VPN instance IPv4 address family view If you have specified export routing policies...

Страница 1655: ...iew and VPN instance view IPv4 VPN uses the import routing policy specified in VPN instance IPv4 address family view If you have specified import routing policies in both VPN instance IPv6 address fam...

Страница 1656: ...ve the existing association Examples Associate VLAN interface 1 with VPN instance vpn1 Sysname system view Sysname interface vlan interface 1 Sysname Vlan interface1 ip binding vpn instance vpn1 Relat...

Страница 1657: ...xample 192 168 122 15 1 32 bit AS number 16 bit user defined number where the minimum value of the AS number is 65536 For example 65536 1 Usage guidelines RDs enable VPNs to use the same address space...

Страница 1658: ...s active routes but generates a log message Usage guidelines Setting the maximum number of active routes for a VPN instance can prevent a PE from learning too many routes A limit configured in VPN ins...

Страница 1659: ...s must have different VPN IDs A VPN ID cannot be 0 0 Examples Configure VPN ID 20 1 for VPN instance vpn1 Sysname system view Sysname ip vpn instance vpn1 Sysname vpn instance vpn1 vpn id 20 1 Related...

Страница 1660: ...iews VPN instance view VPN instance IPv4 address family view VPN instance IPv6 address family view Predefined user roles network admin Parameters vpn target 1 8 Specifies a space separated list of up...

Страница 1661: ...he IPv6 VPN Route targets configured in VPN instance IPv4 address family view apply only to the IPv4 VPN Route targets configured in VPN instance IPv6 address family view apply only to the IPv6 VPN IP...

Страница 1662: ...ance IPv6 address family view you can configure IPv6 VPN parameters such as inbound and outbound routing policies Examples Enter VPN instance IPv6 address family view Sysname system view Sysname ip vp...

Страница 1663: ...ou must disable routing loop detection for a VPN OSPFv3 process on the MCE This command is applicable only to VPN OSPFv3 processes Examples Disable routing loop detection for VPN OSPFv3 process 100 Sy...

Страница 1664: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series ACL and QoS Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 1665: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 1666: ...s enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which you s...

Страница 1667: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 1668: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 1669: ...tatistics 9 display packet filter statistics sum 11 display packet filter verbose 13 display qos acl resource 15 packet filter 16 packet filter default deny 18 reset packet filter statistics 18 rule I...

Страница 1670: ...view Predefined user roles network admin Parameters ipv6 Specifies the IPv6 ACL type To specify the IPv4 ACL type do not use this keyword basic Specifies the basic ACL type advanced Specifies the adva...

Страница 1671: ...enter the view of the ACL by using either of the following commands acl ipv6 name acl name for only basic ACLs and advanced ACLs acl ipv6 advanced basic mac name acl name You can change the match orde...

Страница 1672: ...2999 for basic ACLs 3000 to 3999 for advanced ACLs 4000 to 4999 for Layer 2 ACLs name source acl name Specifies an existing source ACL by its name The source acl name argument is a case insensitive st...

Страница 1673: ...r roles network admin Parameters interval Specifies the interval at which log entries are generated and output It must be a multiple of 5 in the range of 0 to 1440 minutes To disable the logging set t...

Страница 1674: ...t have the logging keyword You can configure the ACL module to generate SNMP notifications for packet filtering and output them to the SNMP module at the output interval The notification records the n...

Страница 1675: ...Sysname acl basic 2000 Sysname acl ipv4 basic 2000 description This is an IPv4 basic ACL Related commands display acl display acl Use display acl to display ACL configuration and match statistics Synt...

Страница 1676: ...Description Basic IPv4 ACL 2001 Type and number of the ACL The following field information is about IPv4 basic ACL 2001 1 rule The ACL contains one rule match order is auto The match order for the ACL...

Страница 1677: ...CL application information for inbound packet filtering on interface GigabitEthernet 1 0 1 Sysname display packet filter interface gigabitethernet 1 0 1 inbound Interface GigabitEthernet1 0 1 Inbound...

Страница 1678: ...ult action deny for packet filtering The action permit still functions Permit The default action permit has been successfully applied for packet filtering display packet filter statistics Use display...

Страница 1679: ...nd output Field Description Interface Interface to which the ACL applies Inbound policy ACL used for filtering incoming traffic Outbound policy ACL used for filtering outgoing traffic IPv4 ACL 2001 IP...

Страница 1680: ...mit The default action permit has been successfully applied for packet filtering MAC default action Packet filter default action for packets that do not match any Layer 2 ACLs Deny The default action...

Страница 1681: ...0 denied Display brief accumulated packet filtering statistics for IPv4 basic ACL 2000 on incoming packets Sysname display packet filter statistics sum inbound 2000 brief Sum Inbound policy IPv4 ACL 2...

Страница 1682: ...ACLs 3000 to 3999 for advanced ACLs 4000 to 4999 for Layer 2 ACLs name acl name Specifies an ACL by its name The acl name argument is a case insensitive string of 1 to 63 characters slot slot number S...

Страница 1683: ...t action deny has been successfully applied for packet filtering Deny Failed The device has failed to apply the default action deny for packet filtering The action permit still functions Permit The de...

Страница 1684: ...g features cannot work correctly when QoS and ACL resources are insufficient Packet filtering Device login 802 1X MAC authentication For these features to work correctly reserve enough QoS and ACL res...

Страница 1685: ...sources that you can apply Usage Configured and reserved resources as a percentage of total resources If the percentage is not an integer this field displays the integer part For example if the actual...

Страница 1686: ...is not specified in a rule the rule applies to both VPN packets and non VPN packets The hardware count keyword in this command enables match counting in hardware for all rules in an ACL and the counti...

Страница 1687: ...ACL rule Views System view Predefined user roles network admin Usage guidelines The packet filter applies the default action to all ACL applications for packet filtering The default action appears in...

Страница 1688: ...keyword Examples Clear IPv4 basic ACL 2001 statistics for inbound packet filtering on GigabitEthernet 1 0 1 Sysname reset packet filter statistics interface gigabitethernet 1 0 1 inbound 2001 Related...

Страница 1689: ...example if the rule numbering step is 5 and the current highest rule ID is 28 the rule is numbered 30 deny Denies matching packets permit Allows matching packets to pass protocol Specifies a protocol...

Страница 1690: ...dscp dscp Specifies a DSCP priority The dscp argument can be a number in the range of 0 to 63 or in words af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 3...

Страница 1691: ...bootps 67 discard 9 dns 53 dnsix 90 echo 7 mobilip ag 434 mobilip mn 435 nameserver 42 netbios dgm 138 netbios ns 137 netbios ssn 139 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpc 111 syslog 514 tacac...

Страница 1692: ...equest 13 0 ttl exceeded 11 0 Usage guidelines Within an ACL the permit or deny statement of each rule must be unique If the rule you are creating or editing has the same deny or permit statement as a...

Страница 1693: ...ftp data Create IPv4 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets Sysname system view Sysname acl advanced 3003 Sysname acl ipv4 adv 3003 rule permit udp source port eq...

Страница 1694: ...The time range name argument is a case insensitive string of 1 to 32 characters It must start with an English letter If the time range is not configured the system creates the rule However the rule us...

Страница 1695: ...ation dest address dest prefix dest address dest prefix any destination port operator port dscp dscp flow label flow label value fragment icmp6 type icmp6 type icmp6 code icmp6 message logging routing...

Страница 1696: ...v6 esp Matches IPv6 ESP packets 51 ipv6 ah Matches IPv6 AH packets 89 ospf Matches OSPF packets Table 12 describes the parameters that you can specify regardless of the value for the protocol argument...

Страница 1697: ...e applies to all types of IPv6 routing headers hop by hop type hop type Specifies an IPv6 Hop by Hop Options header type hop type Value of the IPv6 Hop by Hop Options header type in the range of 0 to...

Страница 1698: ...a UDP or TCP destination port ack ack value fin fin value psh psh value rst rst value syn syn value urg urg value Specifies one or more TCP flags including ACK FIN PSH RST SYN and URG Parameters spec...

Страница 1699: ...it statement as another rule in the ACL the rule will not be created or changed You can edit ACL rules only when the match order is config To view the existing IPv6 basic and advanced ACL rules use th...

Страница 1700: ...p destination port eq snmptrap Create IPv6 advanced ACL 3004 and configure two rules one permits packets with the Hop by Hop Options header type as 5 and the other one denies packets with other Hop by...

Страница 1701: ...ource prefix source address source prefix any Matches a source IPv6 address The source address argument specifies a source IPv6 address The source prefix argument specifies an address prefix length in...

Страница 1702: ...e acl ipv6 basic 2000 Sysname acl ipv6 basic 2000 rule permit source 1001 16 Sysname acl ipv6 basic 2000 rule permit source 3124 1123 32 Sysname acl ipv6 basic 2000 rule permit source fe80 5060 1001 4...

Страница 1703: ...ap type mask argument is 0 to ffff type protocol type protocol type mask Matches one or more protocols in the Layer 2 The protocol type argument is a hexadecimal number that represents a protocol type...

Страница 1704: ...ime range rule comment Use rule comment to configure a comment for an ACL rule Use undo rule comment to delete an ACL rule comment Syntax rule rule id comment text undo rule rule id comment Default A...

Страница 1705: ...ering step sets the increment by which the system numbers rules automatically If you do not specify a rule ID when creating an ACL rule the system automatically assigns it a rule ID This rule ID is th...

Страница 1706: ...user profile 22 display qos vlan policy 24 qos apply policy interface view 25 qos apply policy user profile view 26 qos apply policy global 27 qos policy 27 qos vlan policy 28 reset qos policy global...

Страница 1707: ...44 Queue scheduling profile commands 45 display qos qmprofile configuration 45 display qos qmprofile interface 46 qos apply qmprofile 46 qos qmprofile 47 queue 48 Queue based accounting commands 49 di...

Страница 1708: ...n a case sensitive string of 1 to 127 characters Usage guidelines If you execute this command multiple times the most recent configuration takes effect Examples Configure the description as classifier...

Страница 1709: ...nformation Classifier 1 ID 100 Operator AND Rule s If match acl 2000 Classifier 2 ID 101 Operator AND Rule s If match protocol ipv6 Classifier 3 ID 102 Operator AND Rule s none Table 1 Command output...

Страница 1710: ...argument specifies a space separated list of up to 10 VLAN items Each item specifies a VLAN or a range of VLANs in the form of vlan id1 to vlan id2 The value for vlan id2 must be greater than or equa...

Страница 1711: ...at can have multiple values in one if match command follow these restrictions and guidelines You can specify up to eight values for any of the following match criteria in one if match command 802 1p p...

Страница 1712: ...02 1p priority 5 in the outer VLAN tag Sysname system view Sysname traffic classifier class1 Sysname classifier class1 if match service dot1p 5 Define a match criterion for traffic class class1 to mat...

Страница 1713: ...o traffic classifier to delete a traffic class Syntax traffic classifier classifier name operator and or undo traffic classifier classifier name Default No traffic classes exist Views System view Pred...

Страница 1714: ...ounting action in traffic behavior database to count traffic in bytes Sysname system view Sysname traffic behavior database Sysname behavior database accounting byte car Use car to configure a CAR act...

Страница 1715: ...lt setting is pass red action Specifies the action to take on packets that conform to neither CIR nor PIR The default setting is discard yellow action Specifies the action to take on packets that conf...

Страница 1716: ...of 1 to 31 characters If you do not specify a traffic behavior this command displays all traffic behaviors slot slot number Specifies an IRF member device by its member ID If you do not specify a memb...

Страница 1717: ...c redirecting Mirroring Information about traffic mirroring none No other traffic behavior is configured filter Use filter to configure a traffic filtering action in a traffic behavior Use undo filter...

Страница 1718: ...only to the incoming traffic of an interface If you execute the nest top most command multiple times in the same traffic behavior the most recent configuration takes effect Examples Configure traffic...

Страница 1719: ...LAN list of the trunk port Otherwise the trunk port drops redirected packets If a QoS policy applied to a user profile contains the redirect interface action make sure the redirected to interface and...

Страница 1720: ...CP marking action in a traffic behavior Use undo remark dscp to restore the default Syntax remark red yellow dscp dscp value undo remark red yellow dscp Default No DSCP marking action is configured Vi...

Страница 1721: ...local precedence marking action in a traffic behavior Use undo remark local precedence to restore the default Syntax remark local precedence local precedence value undo remark local precedence Defaul...

Страница 1722: ...vlan id Specifies an SVLAN ID in the range of 1 to 4094 Usage guidelines An SVLAN marking action can be applied only to an interface Examples Configure traffic behavior b1 to mark matching packets wit...

Страница 1723: ...ic class Views QoS policy view Predefined user roles network admin Parameters classifier name Specifies a traffic class by its name a case sensitive string of 1 to 31 characters behavior name Specifie...

Страница 1724: ...ws Any view Predefined user roles network admin network operator Parameters user defined Specifies user defined QoS policies policy name Specifies a QoS policy by its name a case sensitive string of 1...

Страница 1725: ...lobal Use display qos policy global to display QoS policies applied globally Syntax display qos policy global slot slot number inbound outbound Views Any view Predefined user roles network admin netwo...

Страница 1726: ...s If match protocol ipv6 Behavior 2 Accounting enable 0 Packets Filter enable Permit Marking Remark dscp 3 Classifier 3 Operator AND Rule s none Behavior 3 none Table 6 Command output Field Descriptio...

Страница 1727: ...going traffic Examples Display the QoS policy applied to the incoming traffic of GigabitEthernet 1 0 1 Sysname display qos policy interface gigabitethernet 1 0 1 inbound Interface GigabitEthernet1 0 1...

Страница 1728: ...faces Sysname display qos policy interface Interface GigabitEthernet1 0 1 Direction Inbound Policy a Classifier a Operator AND Rule s If match any Behavior a Mirroring Mirror to the interface GigabitE...

Страница 1729: ...iption Direction Direction in which the QoS policy is applied Matched Number of matching packets Forwarded Average rate of successfully forwarded matching packets in a statistics collection period Dro...

Страница 1730: ...oS policies applied to user profiles for all member devices inbound Specifies QoS policies applied to incoming traffic outbound Specifies QoS policies applied to outgoing traffic Usage guidelines If y...

Страница 1731: ...ay qos vlan policy name policy name vlan vlan id slot slot number inbound outbound Views Any view Predefined user roles network admin network operator Parameters name policy name Specifies a QoS polic...

Страница 1732: ...tor AND Rule s If match protocol ipv6 Behavior 2 Accounting enable 0 Packets Filter enable Permit Marking Remark dscp 3 Classifier 3 Operator AND Rule s none Behavior 3 none Table 9 Command output Fie...

Страница 1733: ...Ethernet1 0 1 qos apply policy TEST1 outbound qos apply policy user profile view Use qos apply policy to apply a QoS policy to a user profile Use undo qos apply policy to remove a QoS policy applied t...

Страница 1734: ...o QoS policy is applied globally Views System view Predefined user roles network admin Parameters policy name Specifies a QoS policy by its name a case sensitive string of 1 to 31 characters inbound A...

Страница 1735: ...Use qos vlan policy to apply a QoS policy to the specified VLANs Use undo qos vlan policy to remove a QoS policy from the specified VLANs Syntax qos vlan policy policy name vlan vlan id list inbound o...

Страница 1736: ...ection globally outbound Specifies the QoS policy applied to the outbound direction globally Usage guidelines If you do not specify a direction this command clears statistics for the global QoS polici...

Страница 1737: ...If you do not specify a direction this command clears the statistics of the QoS policies in both directions of the VLAN Examples Clear the statistics of QoS policies applied to VLAN 2 Sysname reset qo...

Страница 1738: ...s the following types of priority map Table 10 Priority maps Priority mapping Description dot1p lp 802 1p local priority map dscp dot1p DSCP 802 1p priority map dscp dscp DSCP DSCP priority map Usage...

Страница 1739: ...used For more information see ACL and QoS Configuration Guide Views Priority map view Predefined user roles network admin Parameters import value list Specifies a list of input values export value Sp...

Страница 1740: ...interface type interface number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do...

Страница 1741: ...qos trust dot1p dscp undo qos trust Default An interface does not trust any packet priority and uses the port priority as the 802 1p priority for mapping Views Layer 2 Ethernet interface view Predefi...

Страница 1742: ...the dscp keyword is not specified this argument specifies the port priority in the range of 0 to 7 If the dscp keyword is specified this argument specifies the DSCP value to be set for packets in the...

Страница 1743: ...ys the GTS configuration for all interfaces Examples Display the GTS configuration for all interfaces Sysname display qos gts interface Interface GigabitEthernet1 0 1 Rule If match queue 1 CIR 512 kbp...

Страница 1744: ...a multiple of 512 it is rounded up to the nearest integral multiple of 512 that is greater than the product A default value greater than 16777216 is converted to 16777216 Examples Shape the packets o...

Страница 1745: ...Limits the rate of outgoing packets cir committed information rate Specifies the CIR in kbps The value range for committed information rate is 8 to 102400 for 100 Mbps interfaces 8 to 1048576 for GE...

Страница 1746: ...nd number If you do not specify an interface this command displays the queuing information for all interfaces Examples Display the queuing information for all interfaces Sysname display qos queue inte...

Страница 1747: ...erface type interface number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not...

Страница 1748: ...y the WRR queuing configuration of an interface Syntax display qos queue wrr interface interface type interface number Views Any view Predefined user roles network admin network operator Parameters in...

Страница 1749: ...undo qos wrr to restore the default Syntax qos wrr weight undo qos wrr weight Default An interface uses packet count WRR queuing Views Layer 2 Ethernet interface view Predefined user roles network adm...

Страница 1750: ...e 18 Table 18 The number keyword map for the queue id argument Number Keyword 0 be 1 af1 2 af2 3 af3 4 af4 5 ef 6 cs6 7 cs7 group 1 Specifies WRR group 1 Only WRR group 1 is supported in the current s...

Страница 1751: ...keywords in Table 18 Usage guidelines This command is available only on a WRR enabled interface Queues in the SP group are scheduled with SP The SP group has higher scheduling priority than the WRR gr...

Страница 1752: ...ou do not specify a member device this command displays the queue scheduling profile configuration for the master device Examples Display the configuration of queue scheduling profile myprofile Sysnam...

Страница 1753: ...face number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interf...

Страница 1754: ...igabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 qos apply qmprofile myprofile Related commands display qos qmprofile interface qos qmprofile Use qos qmprofile to create a queue scheduling profile an...

Страница 1755: ...in Parameters queue id Specifies a queue by its ID The value range for this argument is 0 to 7 or keywords in Table 18 sp Enables SP for the queue wrr Enables WRR for the queue group group id Specifie...

Страница 1756: ...e by its type and number If you do not specify an interface this command displays the queue based outgoing traffic statistics for all interfaces Examples Display queue based outgoing traffic statistic...

Страница 1757: ...eue length 0 packets Queue 7 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets Table 21 Command output Field Description Interface Interface for which qu...

Страница 1758: ...aggregate CAR action This argument must start with a letter and is a case sensitive string of 1 to 31 characters Examples Use aggregate CAR action aggcar 1 in traffic behavior be1 Sysname system view...

Страница 1759: ...Packets 0 Bytes Yellow packets 0 Packets 0 Bytes Red packets 0 Packets 0 Bytes Slot 2 Apply failed Table 22 Command output Field Description Name Name of the aggregate CAR action Mode Type of the CAR...

Страница 1760: ...it is rounded up to the nearest integral multiple of 512 that is greater than the product A default value greater than 256000000 is converted to 256000000 ebs excess burst size Specifies the EBS in by...

Страница 1761: ...sed in a QoS policy Examples Configure aggregate CAR action aggcar 1 where CIR is 25600 CBS is 512000 and red packets are dropped Sysname system view Sysname qos car aggcar 1 aggregative cir 25600 cbs...

Страница 1762: ...i Contents Data buffer commands 1 buffer apply 1 buffer queue guaranteed 1 buffer shared 2 buffer total shared 3 burst mode enable 4 display buffer 4 display buffer usage 6...

Страница 1763: ...guidelines For data buffer settings to take effect you must execute this command after configuring data buffer settings After applying manually configured data buffer settings you cannot directly modi...

Страница 1764: ...herefore it is also called the minimum guaranteed buffer for the queue The sum of fixed area space configured for all queues cannot exceed the total fixed area space Otherwise the configuration fails...

Страница 1765: ...on and the number of packets to be received and sent Examples Configure queue 0 to use up to 10 shared area space of cell resources in the egress buffer Sysname system view Sysname buffer egress cell...

Страница 1766: ...idelines The Burst feature is especially useful for reducing packet losses under the following circumstances Broadcast or multicast traffic is intensive resulting in bursts of traffic Traffic enters a...

Страница 1767: ...tal shared area ratio Examples Display buffer size settings Sysname display buffer Slot Type Eg Total shared Shared 1 packet 0 20 1 cell 0 20 Eg Size of the sending buffer Total shared Size of the sha...

Страница 1768: ...ecify an IRF member device this command displays buffer usage for all IRF member devices Examples Display buffer usage Sysname display buffer usage Egress total shared cell buffer usage on slot 1 Tota...

Страница 1769: ...er Free Size of free data buffer 5sec Percentage of the buffer that the port uses for the last 5 seconds 1min Percentage of the buffer that the port uses for the last 1 minute 5min Percentage of the b...

Страница 1770: ...i Contents Time range commands 1 display time range 1 time range 1...

Страница 1771: ...ge t4 Sysname display time range t4 Current time is 17 12 34 11 23 2010 Tuesday Time range t4 Inactive 10 00 to 12 00 Mon 14 00 to 16 00 Wed from 00 00 1 1 2011 to 00 00 1 1 2012 from 00 00 6 1 2011 t...

Страница 1772: ...ck Its value is in the range of 00 00 to 23 59 The date1 argument specifies a date in MM DD YYYY or YYYY MM DD format where MM is the month of the year in the range of 1 to 12 DD is the day of the mon...

Страница 1773: ...m view Sysname time range t1 08 00 to 18 00 working day Create an absolute time range t2 setting it to be active in the whole year of 2011 Sysname system view Sysname time range t2 from 00 00 1 1 2011...

Страница 1774: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series Security Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 1775: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 1776: ...Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual va...

Страница 1777: ...at contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Convention Description Represents a generic network device such as a router sw...

Страница 1778: ...document might use devices that differ from your device in hardware model configuration or software version It is normal that the port numbers sample output screenshots and other information in the e...

Страница 1779: ...ult enable 29 domain if unknown 30 local server log change password prompt 31 nas id bind vlan 32 session time include idle time 33 state ISP domain view 34 Local user commands 34 access limit 34 auth...

Страница 1780: ...er load statistics 95 reset radius statistics 95 reset stop accounting buffer for RADIUS 96 retry 97 retry realtime accounting 98 retry stop accounting RADIUS scheme view 99 secondary accounting RADIU...

Страница 1781: ...view 143 vpn instance HWTACACS scheme view 144 LDAP commands 144 attribute map 144 authentication server 145 authorization server 146 display ldap scheme 146 ip 148 ipv6 149 ldap attribute map 150 ld...

Страница 1782: ...Default No NAS ID profiles exist Views System view Predefined user roles network admin Parameters profile name Specifies the NAS ID profile name a case insensitive string of 1 to 31 characters Usage...

Страница 1783: ...edefined user roles network admin Parameters ftp FTP users http HTTP users https HTTPS users ssh SSH users telnet Telnet users max sessions Specifies the maximum number of concurrent login users The v...

Страница 1784: ...fully executed Command line accounting can use only a remote HWTACACS server Examples In ISP domain test perform command line accounting based on HWTACACS scheme hwtac Sysname system view Sysname doma...

Страница 1785: ...ify one primary default accounting method and multiple backup default accounting methods When the primary method is invalid the device attempts to use the backup methods in sequence For example the ac...

Страница 1786: ...ring of 1 to 32 characters Usage guidelines You can specify one primary accounting method and multiple backup accounting methods When the primary method is invalid the device attempts to use the backu...

Страница 1787: ...scheme rd2 local Related commands accounting default local user radius scheme timer realtime accounting accounting login Use accounting login to specify accounting methods for login users Use undo ac...

Страница 1788: ...ms RADIUS accounting by default and performs local accounting when the RADIUS server is invalid The device does not perform accounting when both of the previous methods are invalid Examples In ISP dom...

Страница 1789: ...scheme name local none command specifies a primary default RADIUS accounting method and two backup methods local accounting and no accounting The device performs RADIUS accounting by default and perfo...

Страница 1790: ...e undo accounting quota out Default The device logs off users that have used up their accounting quotas Views ISP domain view Predefined user roles network admin Parameters offline Logs off users that...

Страница 1791: ...accounting update fail Use accounting update fail to configure access control for users that have failed all their accounting update attempts Use undo accounting update fail to restore the default Syn...

Страница 1792: ...heme hwtacacs scheme name radius scheme radius scheme name local ldap scheme ldap scheme name local local radius scheme radius scheme name hwtacacs scheme hwtacacs scheme name local undo authenticatio...

Страница 1793: ...ysname system view Sysname domain test Sysname isp test authentication default radius scheme rd local Related commands hwtacacs scheme ldap scheme local user radius scheme authentication lan access Us...

Страница 1794: ...m view Sysname domain test Sysname isp test authentication lan access local In ISP domain test perform RADIUS authentication for LAN users based on scheme rd and use local authentication as the backup...

Страница 1795: ...the device attempts to use the backup methods in sequence For example the authentication login radius scheme radius scheme name local none command specifies the default primary RADIUS authentication...

Страница 1796: ...me Specifies a RADIUS scheme by its name a case insensitive string of 1 to 32 characters Usage guidelines You can specify one primary authentication method and multiple backup authentication methods W...

Страница 1797: ...to 32 characters radius scheme radius scheme name Specifies a RADIUS scheme by its name a case insensitive string of 1 to 32 characters Usage guidelines To enable a user to obtain another user role wi...

Страница 1798: ...uthorization restricts login users to execute only authorized commands by employing an authorization server to verify whether each entered command is permitted When local command authorization is conf...

Страница 1799: ...on Fundamentals Command Reference hwtacacs scheme local user authorization default Use authorization default to specify default authorization methods for an ISP domain Use undo authorization default t...

Страница 1800: ...he same RADIUS scheme You can specify one primary authorization method and multiple backup authorization methods When the default authorization method is invalid the device attempts to use the backup...

Страница 1801: ...device attempts to use the backup methods in sequence For example the authorization lan access radius scheme radius scheme name local none command specifies a primary RADIUS authorization method and t...

Страница 1802: ...al users Terminal users can access the device through the console port For more information about the level 0 user role see RBAC configuration in Fundamentals Configuration Guide The working directory...

Страница 1803: ...yntax In non FIPS mode authorization portal local none none radius scheme radius scheme name local none undo authorization portal In FIPS mode authorization portal local radius scheme radius scheme na...

Страница 1804: ...Sysname system view Sysname domain test Sysname isp test authorization portal radius scheme rd local Related commands authorization default local user radius scheme authorization attribute ISP domain...

Страница 1805: ...of 1 to 63 characters This option is applicable only to portal users mld max access number max access number Specifies the maximum number of MLD groups that an IPv6 user can join concurrently The valu...

Страница 1806: ...domain to display ISP domain configuration Syntax display domain isp name Views Any view Predefined user roles network admin network operator Parameters isp name Specifies an ISP domain by its name a...

Страница 1807: ...t Disabled IP pool appy User profile test Inbound CAR CIR 64000 bps PIR 640000 bps Outbound CAR CIR 64000 bps PIR 640000 bps ACL number 3000 User group ugg IPv6 pool ipv6pool URL http test IGMP access...

Страница 1808: ...control for users that have failed all their accounting update attempts Online Allows the users to stay online Offline Logs off the users Accounting quota out policy Access control for users that have...

Страница 1809: ...on outbound CAR CIR Committed information rate in bps PIR Peak information rate in bps If no outbound CAR is authorized this field displays N A ACL number Authorization ACL for users User group Author...

Страница 1810: ...SP domain Before you use the undo domain command change the domain to a non default ISP domain by using the undo domain default enable command Use short domain names to ensure that user names containi...

Страница 1811: ...ds display domain domain domain if unknown Use domain if unknown to specify an ISP domain to accommodate users that are assigned to nonexistent domains Use undo domain if unknown to restore the defaul...

Страница 1812: ...local server log change password prompt to enable password change prompt logging Use undo local server log change password prompt to disable password change prompt logging Syntax local server log cha...

Страница 1813: ...the user meets the password control requirements The password composition policy or the minimum password length has changed You can use the display password control command to display password contro...

Страница 1814: ...ation sent to the server depending on the accounting policy in your network The idle timeout period is assigned to users by the authorization server after the users pass authentication For portal user...

Страница 1815: ...ISP domain to request network services block Places the ISP domain in blocked state to prevent users in the ISP domain from requesting network services Usage guidelines By blocking an ISP domain you d...

Страница 1816: ...sname luser manage abc access limit 5 Related commands accounting start fail offline display local user authorization attribute local user view user group view Use authorization attribute to configure...

Страница 1817: ...icts the behavior of authenticated users For more information see Security Configuration Guide user role role name Specifies an authorized user role The role name argument is a case sensitive string o...

Страница 1818: ...le has access to the commands for managing security log files and security log file system To display all the accessible commands of the security audit user role use the display role name security aud...

Страница 1819: ...r belongs The vlan id argument is in the range of 1 to 4094 This option applies only to LAN and portal users Usage guidelines To perform local authentication of a user the device matches the actual us...

Страница 1820: ...ndo description Default No description is configured for a network access user Views Network access user view Predefined user roles network admin Parameters text Configures a description case sensitiv...

Страница 1821: ...ccess network services but a local user in blocked state cannot user name user name Specifies all local users using the specified username The username must be a case sensitive string of 1 to 55 chara...

Страница 1822: ...cc Validity period Start date and time 2016 01 01 00 01 01 Expiration date and time 2017 01 01 01 01 01 Password control configurations Password length 4 characters Total 2 local users matched Table...

Страница 1823: ...sition policy Minimum number of character types that a password must contain Minimum number of characters from each type in a password Password complexity Password complexity checking policy Reject a...

Страница 1824: ...User group User group name Authorization attributes Authorization attributes of the user group Idle timeout Idle timeout period in minutes Session timeout Session timeout timer in minutes Work directo...

Страница 1825: ...to assign a local user to a user group Use undo group to restore the default Syntax group group name undo group Default A local user belongs to user group system Views Local user view Predefined user...

Страница 1826: ...the command adds a device management user manage Device management user that can configure and monitor the device after login Device management users can use FTP HTTP HTTPS Telnet SSH and terminal ser...

Страница 1827: ...ws System view Predefined user roles network admin Usage guidelines This feature enables the device to examine the validity of local users at fixed time periods of 10 minutes and automatically delete...

Страница 1828: ...ser In FIPS mode a password is required for a device management user to pass authentication You must set the password in interactive mode When global password control is enabled the device handles pas...

Страница 1829: ...security purposes the password specified in plaintext form will be stored in encrypted form string Specifies the password string Its plaintext form is a case sensitive string of 1 to 63 characters It...

Страница 1830: ...e lan access Authorizes the user to use the LAN access service The users are typically Ethernet users for example 802 1X users ssh Authorizes the user to use the SSH service telnet Authorizes the user...

Страница 1831: ...up Use user group to create a user group and enter its view or enter the view of an existing user group Use undo user group to delete a user group Syntax user group group name undo user group group na...

Страница 1832: ...YYYY MM DD The value range for the MM argument is 1 to 12 The value range for the DD argument varies with the specified month The value range for the YYYY argument is 2000 to 2035 start time Specifie...

Страница 1833: ...10 02 12 00 00 Related commands display local user RADIUS commands aaa device id Use aaa device id to configure the device ID Use undo aaa device id to restore the default Syntax aaa device id device...

Страница 1834: ...nd an accounting on packet to the RADIUS server after a device reboot Upon receiving the accounting on packet the RADIUS server logs out all online users so they can log in again through the device Ex...

Страница 1835: ...h the member device If no users have come online through the member device the IRF fabric does not send an accounting on packet after the member device reboots The IRF fabric uses the packet retransmi...

Страница 1836: ...types of network access users Examples Set the NAS Port attribute format to the port format in RADIUS scheme radius1 Sysname system view Sysname radius scheme radius1 Sysname radius radius1 attribute...

Страница 1837: ...e the default Syntax attribute 25 car undo attribute 25 car Default The RADIUS class attribute is not interpreted as CAR parameters Views RADIUS scheme view Predefined user roles network admin Usage g...

Страница 1838: ...cter that separates the sections lowercase Specifies the letters in a MAC address to be in lower case uppercase Specifies the letters in a MAC address to be in upper case Usage guidelines Configure th...

Страница 1839: ...DIUS server If you specify the interface name format the attribute contains the name of the user access interface For example if a user access the network from GigabitEthernet 1 0 1 the NAS Port ID at...

Страница 1840: ...attribute translation feature is enabled When you configure RADIUS attribute conversion rules follow these restrictions and guidelines The source and destination RADIUS attributes in a rule must use t...

Страница 1841: ...uidelines The device replaces the attribute in packets that match a RADIUS attribute conversion rule with the destination RADIUS attribute in the rule The conversion rules take effect only when the RA...

Страница 1842: ...E packets Usage guidelines Configure RADIUS attribute rejection rules for the following purposes Delete attributes from the RADIUS packets to be sent if the destination RADIUS server does not identify...

Страница 1843: ...eceived RADIUS packets sent Specifies the sent RADIUS packets Usage guidelines Configure RADIUS attribute rejection rules for the following purposes Delete attributes from the RADIUS packets to be sen...

Страница 1844: ...fies the unit as kilobyte mega byte Specifies the unit as megabyte Usage guidelines Make sure the measurement unit is the same as the user data measurement unit on the RADIUS server Examples In RADIUS...

Страница 1845: ...S DAS view attribute reject RADIUS scheme view ca file Use ca file to specify a CA certificate file for EAP authentication Use undo ca file to restore the default Syntax ca file file name undo ca file...

Страница 1846: ...DAC by its IPv4 address ipv6 ipv6 address Specifies a DAC by its IPv6 address key Specifies the shared key for secure communication between the RADIUS DAC and server Make sure the shared key is the s...

Страница 1847: ...hor server port data flow format RADIUS scheme view Use data flow format to set the data flow and packet measurement units for traffic statistics Use undo data flow format to restore the default Synta...

Страница 1848: ...s scheme to display RADIUS scheme configuration Syntax display radius scheme radius scheme name Views Any view Predefined user roles network admin network operator Parameters radius scheme name Specif...

Страница 1849: ...Retransmission Times 3 Retransmission Times for Accounting Update 5 Server Quiet Period minutes 5 Realtime Accounting Interval seconds 22 Stop accounting packets buffering Enabled Retransmission time...

Страница 1850: ...server is set to blocked state manually Test profile Test profile used for RADIUS server status detection Probe username Username used for RADIUS server status detection Probe interval Server status d...

Страница 1851: ...ribute 25 RADIUS attribute 25 interpretation status Standard The attribute is not interpreted as CAR parameters CAR The attribute is interpreted as CAR parameters Attribute 87 format NAS Port ID attri...

Страница 1852: ...it sends an authentication or accounting request to the server The device does not decrease the history statistics even though users go offline or the server fails to response to a request within the...

Страница 1853: ...within the last 5 seconds History Total number of RADIUS authentication or accounting requests sent to the RADIUS server since the device starts up Related commands reset radius server load statistic...

Страница 1854: ...olicy Number of packets for updating user authorization information Packet With Response Number of packets for which responses were received Packet Without Response Number of packets for which no resp...

Страница 1855: ...RADIUS stop accounting requests buffered for user abc Sysname display stop accounting buffer user name abc Total entries 2 Scheme Session ID Username First sending time Attempts rad1 1000326232325010...

Страница 1856: ...S requests Use undo exclude to cancel the configuration of excluding an attribute from RADIUS requests Syntax exclude accounting authentication name attribute name undo exclude accounting authenticati...

Страница 1857: ...ounting authentication name attribute name vendor vendor id code attribute code type binary date integer interface id ip ipv6 ipv6 prefix octets string value attribute value undo include accounting au...

Страница 1858: ...m the RADIUS requests For an attribute that RADIUS requests carry by default you can use this command to change its value The undo form of this command restores the attribute value to the default Tabl...

Страница 1859: ...Predefined user roles network admin Parameters accounting Specifies the shared key for secure RADIUS accounting communication authentication Specifies the shared key for secure RADIUS authentication c...

Страница 1860: ...fies the MD5 challenge method peap gtc Specifies the PEAP GTC method peap mschapv2 Specifies the PEAP MSCHAPv2 method ttls gtc Specifies the TTLS GTC method ttls mschapv2 Specifies the TTLS MSCHAPv2 m...

Страница 1861: ...ddress or a loopback address ipv6 ipv6 address Specifies an IPv6 address which must be a unicast address of the device and cannot be a loopback address or a link local address Usage guidelines The sou...

Страница 1862: ...e radius1 specify IP address 10 1 1 1 as the source IP address for outgoing RADIUS packets Sysname system view Sysname radius scheme radius1 Sysname radius radius1 nas ip 10 1 1 1 Related commands dis...

Страница 1863: ...ies the key in encrypted form simple Specifies the key in plaintext form For security purposes the key specified in plaintext form will be stored in encrypted form string Specifies the key This argume...

Страница 1864: ...s enabled the device returns an accounting failure message rather than searching for another active accounting server If you remove an actively used accounting server the device no longer sends users...

Страница 1865: ...ce vpn instance name Specifies an MPLS L3VPN instance to which the primary RADIUS authentication server belongs The vpn instance name argument is a case sensitive string of 1 to 31 characters If the s...

Страница 1866: ...rver test profile secondary authentication RADIUS scheme view server load sharing enable vpn instance RADIUS scheme view radius attribute extended Use radius attribute extended to define an extended R...

Страница 1867: ...with RADIUS servers of a third party vendor map attributes that cannot be identified by the server to server supported attributes Two RADIUS attributes cannot have the same combination of attribute na...

Страница 1868: ...US attributes that will be included in or excluded from RADIUS requests The system can have multiple RADIUS attribute test groups Examples Create a RADIUS attribute test group named t1 and enter its v...

Страница 1869: ...nd enter RADIUS DAS view Use undo radius dynamic author server to disable the RADIUS DAS feature Syntax radius dynamic author server undo radius dynamic author server Default The RADIUS DAS feature is...

Страница 1870: ...at user If the device has sent RADIUS authentication requests for that user to a RADIUS server the device processes that user depending on whether it receives a response from the RADIUS server If the...

Страница 1871: ...address or the IPv6 address of the interface as the source IP address of an outgoing RADIUS packet ipv4 address Specifies an IPv4 address which must be an address of the device The IP address cannot...

Страница 1872: ...network source IPv4 address and one private network source IPv6 address in system view You can specify only one source interface to provide the source IP address for outgoing RADIUS packets Make sure...

Страница 1873: ...control client by its IPv4 address ipv6 ipv6 address Specifies a session control client by its IPv6 address key Specifies the shared key for secure communication with the session control client cipher...

Страница 1874: ...t form Sysname system view Sysname radius session control client ip 10 110 1 2 key simple 12345 Related commands radius session control enable radius session control enable Use radius session control...

Страница 1875: ...password RADIUS server might mistake detection packets that contain randomly generated passwords as attack packets cipher Specifies a password in encrypted form simple Specifies a password in plaintex...

Страница 1876: ...ame admin and plaintext password abc123 is sent every 10 minutes Sysname system view Sysname radius server test profile abc username admin password simple abc123 interval 10 Related commands eap profi...

Страница 1877: ...racters and cannot contain a letter A session ID uniquely identifies an online user for a RADIUS scheme time range start time end time Specifies a time range The start time and end time must be in the...

Страница 1878: ...the device considers the request a failure If the client times out during the authentication process the user is immediately logged off To avoid user logoffs the value multiplied by the following item...

Страница 1879: ...the user when a failure occurs The NAS disconnects from a user according to the maximum number of accounting attempts and specific parameters For example the following conditions exist The RADIUS serv...

Страница 1880: ...mission of stop accounting requests together with the following parameters RADIUS server response timeout timer set by using the timer response timeout command Maximum number of times to transmit a RA...

Страница 1881: ...of a secondary RADIUS accounting server port number Specifies the service port number of the secondary RADIUS accounting server The value range for the UDP port number is 1 to 65535 The default setti...

Страница 1882: ...d by this command takes precedence over the VPN instance specified for the RADIUS scheme If you use the secondary accounting command to modify or delete a secondary accounting server to which the devi...

Страница 1883: ...encrypted form simple Specifies the key in plaintext form For security purposes the key specified in plaintext form will be stored in encrypted form string Specifies the key This argument is case sen...

Страница 1884: ...hentication server during an authentication process communication with the secondary server times out When the RADIUS server load sharing feature is disabled the device tries to communicate with an ac...

Страница 1885: ...t accounting requests of the user to the same server If the accounting server is unreachable the device returns an accounting failure message rather than searching for another active accounting server...

Страница 1886: ...cify any keywords this command enables or disables all types of notifications for RADIUS When SNMP notifications for RADIUS are enabled the device supports the following notifications generated by RAD...

Страница 1887: ...active unless you manually set the status to active When the RADIUS server load sharing feature is enabled the device checks the weight value and number of currently served users only for servers in...

Страница 1888: ...e state Usage guidelines If you do not specify an IP address this command changes the status of all configured secondary RADIUS servers If the device finds that a secondary server in active state is u...

Страница 1889: ...have been received Views RADIUS scheme view Predefined user roles network admin Usage guidelines This command enables the device to buffer a RADIUS stop accounting request that has no response after...

Страница 1890: ...for an authenticated user it does not send a stop accounting packet when the user goes offline If the server has generated a user entry for the user without start accounting packets it does not relea...

Страница 1891: ...o 31 characters If you do not specify a RADIUS attribute test group or the specified RADIUS attribute test group does not exist the device does not change the attributes carried in authentication or a...

Страница 1892: ...t password You can retry 9 times Sent a RADIUS start accounting request Server IP 192 168 1 110 Source IP 192 168 1 166 VPN instance N A Server port 1813 Packet type Start accounting request Packet le...

Страница 1893: ...ation about the test The test uses username user1 password 123456 and the CHAP authentication method to test RADIUS server at 192 168 1 110 in RADIUS scheme test Sysname test aaa user user1 password 1...

Страница 1894: ...er for the servers specified in a RADIUS scheme Use undo timer quiet to restore the default Syntax timer quiet minutes undo timer quiet Default The server quiet timer period is 5 minutes in a RADIUS s...

Страница 1895: ...al time accounting interval in the range of 0 to 71582 second Specifies the measurement unit as second If you do not specify this keyword the real time accounting interval is measured in minutes Usage...

Страница 1896: ...accounting 51 Related commands retry realtime accounting timer response timeout RADIUS scheme view Use timer response timeout to set the RADIUS server response timeout timer Use undo timer response ti...

Страница 1897: ...user roles network admin Parameters keep original Sends the username to the RADIUS server as the username is entered with domain Includes the ISP domain name in the username sent to the RADIUS server...

Страница 1898: ...user roles network admin Parameters vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 characters Usage guidelines The VPN instance specified for a RADIU...

Страница 1899: ...packet Specifies the unit as kilo packet mega packet Specifies the unit as mega packet one packet Specifies the unit as one packet Usage guidelines The data flow and packet measurement units for traf...

Страница 1900: ...ay hwtacacs scheme Total 1 HWTACACS schemes HWTACACS Scheme Name hwtac Index 0 Primary Auth Server Host name Not configured IP 2 2 2 2 Port 49 State Active VPN Instance 2 Single connection Enabled Pri...

Страница 1901: ...he HWTACACS server or scheme belongs If no VPN instance is specified for the server or scheme this field displays Not configured Single connection Single connection status Enabled Establish only one T...

Страница 1902: ...kets 0 Get username response packets 0 Get password response packets 1 Restart response packets 0 Error response packets 0 Follow response packets 0 Malformed response packets 0 Continue packets 1 Con...

Страница 1903: ...Request packets Total number of sent request packets Login request packets Number of sent login request packets Change password request packets Number of sent request packets for changing passwords Re...

Страница 1904: ...nting start request packets Accounting stop request packets Number of accounting stop request packets Accounting update request packets Number of accounting update request packets Success response pac...

Страница 1905: ...pn instance vpn instance name Default The source IP address of an HWTACACS packet sent to the server is the primary IPv4 address or the IPv6 address of the outbound interface Views System view Predefi...

Страница 1906: ...he setting in HWTACACS scheme view takes precedence over the setting in system view You can specify a maximum of 16 source IP addresses in system view including Zero or one public network source IPv4...

Страница 1907: ...authentication authorization or accounting communication Use undo key to delete the shared key for secure HWTACACS authentication authorization or accounting communication Syntax key accounting authe...

Страница 1908: ...Sysname hwtacacs hwt1 key authentication simple 123456TESTauth Set the shared key to 123456TESTautr in plaintext form for secure HWTACACS authorization communication Sysname hwtacacs hwt1 key authori...

Страница 1909: ...rce IP address for outgoing HWTACACS packets to avoid HWTACACS packet loss caused by physical port errors If you use both the nas ip command and hwtacacs nas ip command the following guidelines apply...

Страница 1910: ...ntext form will be stored in encrypted form string Specifies the key This argument is case sensitive In non FIPS mode the encrypted form of the key is a string of 1 to 373 characters The plaintext for...

Страница 1911: ...ds display hwtacacs scheme key HWTACACS scheme view secondary accounting HWTACACS scheme view vpn instance HWTACACS scheme view primary authentication HWTACACS scheme view Use primary authentication t...

Страница 1912: ...k do not specify this option Usage guidelines Make sure the port number and shared key settings of the primary HWTACACS authentication server are the same as those configured on the server Two authent...

Страница 1913: ...key is a string of 1 to 373 characters The plaintext form of the key is a string of 1 to 255 characters In FIPS mode the encrypted form of the key is a string of 15 to 373 characters The plaintext fo...

Страница 1914: ...3 155 13 49 key simple 123456TESTautr Related commands display hwtacacs scheme key HWTACACS scheme view secondary authorization HWTACACS scheme view vpn instance HWTACACS scheme view reset hwtacacs st...

Страница 1915: ...me view Use retry stop accounting to set the maximum number of transmission attempts for individual HWTACACS stop accounting requests Use undo retry stop accounting to restore the default Syntax retry...

Страница 1916: ...ver The value range for the TCP port number is 1 to 65535 The default setting is 49 key Specifies the shared key for secure communication with the secondary HWTACACS accounting server cipher Specifies...

Страница 1917: ...name option The VPN instance specified by this command takes precedence over the VPN instance specified for the HWTACACS scheme You can remove an accounting server only when it is not used for user ac...

Страница 1918: ...n packets for all users If you do not specify this keyword the device establishes a new TCP connection each time it exchanges authentication packets with the secondary authentication server for a user...

Страница 1919: ...ver Syntax secondary authorization host name ipv4 address ipv6 ipv6 address port number key cipher simple string single connection vpn instance vpn instance name undo secondary authorization host name...

Страница 1920: ...maximum of 16 secondary HWTACACS authorization servers If the primary server fails the device tries to communicate with a secondary server in active state The device connects to the secondary servers...

Страница 1921: ...ds the buffered request until it receives a server response or when the number of transmission attempts reaches the maximum set by using the retry stop accounting command If no more attempts are avail...

Страница 1922: ...ccounting Default The real time accounting interval is 12 minutes Views HWTACACS scheme view Predefined user roles network admin Parameters minutes Specifies the real time accounting interval in minut...

Страница 1923: ...mer response timeout HWTACACS scheme view Use timer response timeout to set the HWTACACS server response timeout timer Use undo timer response timeout to restore the default Syntax timer response time...

Страница 1924: ...delines A username is generally in the userid isp name format of which the isp name argument is used by the device to determine the ISP domain to which a user belongs However some HWTACACS servers can...

Страница 1925: ...ecified for an HWTACACS scheme applies to all servers in that scheme If a VPN instance is also configured for an individual HWTACACS server the VPN instance specified for the HWTACACS scheme does not...

Страница 1926: ...your operation Examples Specify LDAP attribute map map1 in LDAP scheme test Sysname system view Sysname ldap scheme test Sysname ldap test attribute map map1 Related commands display ldap scheme ldap...

Страница 1927: ...or an LDAP scheme Views LDAP scheme view Predefined user roles network admin Parameters server name Specifies the name of an LDAP server a case insensitive string of 1 to 64 characters Usage guideline...

Страница 1928: ...1 1 1 Port 111 VPN instance Not configured LDAP protocol version LDAPv3 Server timeout interval 10 seconds Login account DN Not configured Base DN Not configured Search scope all level User searching...

Страница 1929: ...period in seconds Login account DN DN of the administrator Base DN Base DN for user search Search scope User DN search scope including all level All subdirectories single level Next lower level of su...

Страница 1930: ...e IP address and port number as 192 168 0 10 and 4300 for LDAP server ccc Sysname system view Sysname ldap server ccc Sysname ldap server ccc ip 192 168 0 10 port 4300 Related commands ldap server ipv...

Страница 1931: ...of an existing LDAP attribute map Use undo ldap attribute map to delete an LDAP attribute map Syntax ldap attribute map map name undo ldap attribute map map name Default No LDAP attribute maps exist V...

Страница 1932: ...sitive string of 1 to 32 characters Usage guidelines An LDAP scheme can be used by more than one ISP domain at the same time You can configure a maximum of 16 LDAP schemes Examples Create an LDAP sche...

Страница 1933: ...inistrator DN is specified Views LDAP server view Predefined user roles network admin Parameters dn string Specifies the administrator DN for binding with the server a case insensitive string of 1 to...

Страница 1934: ...crypted form string Specifies the password Its plaintext form is a case sensitive string of 1 to 128 characters Its encrypted form is a case sensitive string of 1 to 201 characters Usage guidelines Th...

Страница 1935: ...ring of the LDAP attribute aaa attribute Specifies an AAA attribute user group Specifies the user group attribute user profile Specifies the user profile attribute Usage guidelines Because the device...

Страница 1936: ...version the change takes effect only on the LDAP authentication that occurs after the change A Microsoft LDAP server supports only LDAPv3 Examples Specify the LDAP version as LDAPv2 for LDAP server c...

Страница 1937: ...ope Default The user search scope is all level Views LDAP server view Predefined user roles network admin Parameters all level Specifies that the search goes through all subdirectories of the base DN...

Страница 1938: ...erver ccc Sysname ldap server ccc server timeout 15 Related commands display ldap scheme user parameters Use user parameters to configure LDAP user attributes including the username attribute username...

Страница 1939: ...epresents a class value a case insensitive string of 1 to 64 characters Usage guidelines If the username on the LDAP server does not contain the domain name specify the without domain keyword If the u...

Страница 1940: ...asterisk question mark left angle bracket right angle bracket or at sign Cannot be a al or all If you do not specify a RADIUS user name this command displays information about all RADIUS users Example...

Страница 1941: ...ime Expiration date and time Related commands local user radius server activate Use radius server activate to activate the RADIUS server configuration including RADIUS clients and users Syntax radius...

Страница 1942: ...S client cipher Specifies the key in encrypted form simple Specifies the key in plaintext form string Specifies a case sensitive key string The encrypted form of the key is a string of 1 to 117 charac...

Страница 1943: ...er This feature enables the device to provide an accounting server with the connection start and termination information When the login client establishes a connection with the login server the system...

Страница 1944: ...on takes effect The device includes the username entered by a user in the accounting packets to be sent to the AAA server for connection recording The username format configured by using the user name...

Страница 1945: ...164 Connection recording policy Accounting scheme HWTACACS tac1 Related commands aaa connection recording policy accounting hwtacacs scheme...

Страница 1946: ...url 21 dot1x eap tls fragment to server 22 dot1x eapol untag 23 dot1x guest vlan 24 dot1x guest vlan delay 24 dot1x handshake 25 dot1x handshake reply enable 26 dot1x handshake secure 27 dot1x mac bin...

Страница 1947: ...ut 802 1X including session information statistics and settings If you do not specify the interface interface type interface number option this command displays all global and port specific 802 1X inf...

Страница 1948: ...onfigured Critical voice VLAN Disabled Add Guest VLAN delay Disabled Re auth server unreachable Logoff Max online users 4294967295 User IP freezing Disabled Reauth period 0 s Send Packets Without Tag...

Страница 1949: ...ging timer in seconds for users in critical VLANs User aging period for guest VLAN Aging timer in seconds for users in guest VLANs EAD assistant function Whether EAD assistant is enabled Permit authen...

Страница 1950: ...VLAN is configured on the port this field displays Not configured Critical voice VLAN Whether the 802 1X critical voice VLAN feature is enabled on the port Add Guest VLAN delay Status and mode of the...

Страница 1951: ...ets EAP Failure packets Number of sent EAP Failure packets Received EAPOL Start packets Number of received EAPOL Start packets EAPOL LogOff packets Number of received EAPOL LogOff packets EAP Response...

Страница 1952: ...r by its name The name string argument represents the username a case sensitive string of 1 to 253 characters If you do not specify an 802 1X user this command displays all online 802 1X user informat...

Страница 1953: ...802 1X authentication Authorization untagged VLAN Untagged VLAN assigned to the user The VLAN assigned by the server to a user as an authorization VLAN might have been configured on the user access p...

Страница 1954: ...ssigned session timeout timer Radius request Reauthenticates the online user when the server assigned session timeout timer expires regardless of whether the 802 1X periodic reauthentication feature i...

Страница 1955: ...N 5 Aging time 30 sec MAC addresses 2 0801 2700 9427 0801 2700 2341 Table 3 Command output Field Description Total MAC addresses Total number of MAC addresses in the specified type of VLAN on the spec...

Страница 1956: ...rify source ipv6 verify source enable Use dot1x ip verify source ipv6 verify source enable to enable generation of dynamic IPv4SG or IPv6SG binding entries for 802 1X authenticated users Use undo dot1...

Страница 1957: ...ble to enable 802 1X user logging Use undo dot1x access user log enable to disable 802 1X user logging Syntax dot1x access user log enable abnormal logoff failed login normal logoff successful login u...

Страница 1958: ...range of 1 to 50 Usage guidelines The device denies 802 1X authentication requests of a MAC authenticated user after the maximum number of 802 1X authentication attempts has been made The device will...

Страница 1959: ...uthentication initiated by an iNode client PAP transports usernames and passwords in plain text The authentication method applies to scenarios that do not require high security To use PAP the client c...

Страница 1960: ...vers Users in the Auth Fail VLAN can access a limited set of network resources To delete a VLAN that has been configured as an 802 1X Auth Fail VLAN you must first use the undo dot1x auth fail vlan co...

Страница 1961: ...0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 dot1x critical eapol Related commands dot1x critical vlan dot1x critical vlan Use dot1x critical vlan to co...

Страница 1962: ...e Before you enable the 802 1X critical voice VLAN feature on the port make sure the following requirements are met The port is configured with the voice VLAN To configure a voice VLAN on a port use t...

Страница 1963: ...ng with the backslash sign Usage guidelines Any character in the configured set can be used as the domain name delimiter for 802 1X authentication users Usernames that include domain names can use the...

Страница 1964: ...ver this mechanism might result in authentication failure if the authentication server cannot respond to duplicate EAPOL Start requests To resolve this issue use this command on the user access interf...

Страница 1965: ...C authentication again only after the user s EAD entry ages out As a best practice do not configure MAC authentication guest VLANs or critical VLANs The VLANs might fail to work correctly when both EA...

Страница 1966: ...resses Usage guidelines With EAD assistant enabled on the device unauthenticated 802 1X users can access the network resources in the free IP segments before they pass 802 1X authentication Execute th...

Страница 1967: ...direct URL for EAD assistant Use undo dot1x ead assistant url to restore the default Syntax dot1x ead assistant url url string undo dot1x ead assistant url Default No redirect URL exists for EAD assis...

Страница 1968: ...w Predefined user roles network admin Parameters eap tls max length Sets the maximum EAP TLS fragment size in bytes The value range is 100 to 1500 Usage guidelines 802 1X EAP TLS fragmentation takes e...

Страница 1969: ...This command removes the VLAN tags of all 802 1X protocol packets sent out of the port to 802 1X clients Do not use this command if VLAN aware 802 1X clients are attached to the port As a best practi...

Страница 1970: ...a limited set of network resources such as a software server to download anti virus software and system patches To delete a VLAN that has been configured as a guest VLAN you must use the undo dot1x g...

Страница 1971: ...ress that triggers the authentication 2 Retransmits the packet if no response has been received within the username request timeout interval set by using the dot1x timer tx period command 3 Assigns th...

Страница 1972: ...1 0 1 Sysname GigabitEthernet1 0 1 dot1x handshake Related commands display dot1x dot1x timer handshake period dot1x retry dot1x handshake reply enable Use dot1x handshake reply enable to enable the 8...

Страница 1973: ...ent users from using illegal client software The feature is implemented based on the online user handshake feature To bring the security function into effect make sure the online user handshake featur...

Страница 1974: ...he number of 802 1X MAC address binding entries reaches the upper limit of concurrent 802 1X users set by using the dot1x max user command the following restrictions exist Users not in the binding ent...

Страница 1975: ...ot1x max user command the following restrictions exist Users not in the binding entries will fail authentication even after users in the binding entries go offline New 802 1X MAC address binding entri...

Страница 1976: ...o dot1x max user to restore the default Syntax dot1x max user max number undo dot1x max user Default A port allows a maximum of 4294967295 concurrent 802 1X users Views Layer 2 Ethernet interface view...

Страница 1977: ...nts and trigger authentication You can use the dot1x timer tx period command to set the interval for sending multicast EAP Request Identity packets Examples Enable the multicast trigger feature on Gig...

Страница 1978: ...ed force Related commands display dot1x dot1x port method Use dot1x port method to specify an access control method for the port Use undo dot1x port method to restore the default Syntax dot1x port met...

Страница 1979: ...ork admin Usage guidelines When a client fails 802 1X authentication the device must wait a period of time before it can process authentication requests from the client You can use the dot1x timer qui...

Страница 1980: ...802 1X periodic reauthentication feature on GigabitEthernet 1 0 1 and set the periodic reauthentication interval to 1800 seconds Sysname system view Sysname dot1x timer reauth period 1800 Sysname int...

Страница 1981: ...or 802 1X reauthentication Views Layer 2 Ethernet interface view Predefined user roles network admin Usage guidelines This feature keeps authenticated 802 1X users online when no server is reachable f...

Страница 1982: ...e packet The access device stops retransmitting the request if it has made the maximum number of request transmission attempts but still received no response Examples Set the maximum number of attempt...

Страница 1983: ...IUS server status detection feature which is configurable with the radius server test profile command When you configure this feature make sure the detection interval is shorter than the RADIUS server...

Страница 1984: ...the quiet period value argument is 10 to 120 reauth period reauth period value Sets the periodic reauthentication timer in seconds The value range for this argument is 60 to 86400 server timeout serv...

Страница 1985: ...lowing values The maximum number of RADIUS packet transmission attempts set by using the retry command in RADIUS scheme view The RADIUS server response timeout timer set by using the timer response ti...

Страница 1986: ...network admin Parameters reauth period value Sets the 802 1X periodic reauthentication timer in seconds The value range for this argument is 60 to 86400 Usage guidelines The device reauthenticates on...

Страница 1987: ...for the user from the access port The 802 1X user aging mechanism on a port depends on its access control mode If the port uses port based access control a user aging timer starts when the port is ass...

Страница 1988: ...does not receive any responses within a period of time set by using the dot1x timer tx period command This process continues until the maximum number of request attempts set by using the dot1x retry c...

Страница 1989: ...mac mac address Specifies an 802 1X user by its MAC address The mac address argument is in the format of H H H username username Specifies an 802 1X user by its name The username argument is a case se...

Страница 1990: ...type and number mac address mac address Specifies the MAC address of an 802 1X user in the guest VLAN If you do not specify this option the command removes all 802 1X users from the 802 1X guest VLAN...

Страница 1991: ...45 Examples Clear 802 1X statistics on GigabitEthernet 1 0 1 Sysname reset dot1x statistics interface gigabitethernet 1 0 1 Related commands display dot1x...

Страница 1992: ...ion mac range account 17 mac authentication max user 19 mac authentication offline detect enable 19 mac authentication offline detect mac address 20 mac authentication parallel with dot1x 22 mac authe...

Страница 1993: ...tion information including the global settings port specific settings MAC authentication statistics and online user statistics Examples Display all MAC authentication settings and statistics Sysname d...

Страница 1994: ...ccessful 2 failed 3 Current online users 1 MAC address Auth state 0001 0000 0000 Authenticated 0001 0000 0001 Unauthenticated Table 1 Command output Field Description MAC authentication Whether MAC au...

Страница 1995: ...n is specified in system view this field displays Not configured use default domain Online MAC auth wired users Number of wired online MAC authentication users including users that have passed MAC aut...

Страница 1996: ...port Host mode MAC authentication VLAN mode for users moving from one VLAN to another on the port Single VLAN Single VLAN mode Multiple VLAN Multi VLAN mode Offline detection Status of MAC authenticat...

Страница 1997: ...de If you do not specify this keyword the command displays information about all online MAC authentication users interface interface type interface number Specifies a port by its type and number If yo...

Страница 1998: ...ions Total number of online MAC authentication users User MAC address MAC address of the user Access interface Interface through which the user accesses the device User access state Access state of th...

Страница 1999: ...shorter than the server assigned session timeout timer Radius request Reauthenticates the online user when the server assigned session timeout timer expires regardless of whether the periodic MAC reau...

Страница 2000: ...on mac address guest vlan Total MAC addresses 10 Interface GigabitEthernet1 0 1 Guest VLAN 3 Aging time N A MAC addresses 8 0800 2700 9427 0800 2700 2341 0800 2700 2324 0800 2700 2351 0800 2700 5627 0...

Страница 2001: ...ication globally Sysname system view Sysname mac authentication Enable MAC authentication on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1...

Страница 2002: ...ser log enable failed login Related commands info center source maca logfile deny Network Management and Monitoring Command Reference mac authentication authentication method Use mac authentication au...

Страница 2003: ...lude ip acl acl number undo mac authentication carry user ip Default A MAC authentication request does not include the user IP address Views Layer 2 Ethernet interface view Predefined user roles netwo...

Страница 2004: ...ctively Use permit rules to identify source IP addresses that are valid for MAC authentication Use deny rules to identify source IP addresses that cannot trigger MAC authentication In the rules only t...

Страница 2005: ...the critical VLAN can access network resources in the critical VLAN The critical VLAN feature takes effect when MAC authentication is performed only through RADIUS servers If a MAC authentication use...

Страница 2006: ...er 2 LAN Switching Command Reference A MAC authentication critical VLAN is configured on the port This setting ensures that a voice user is assigned to the critical VLAN if it has failed authenticatio...

Страница 2007: ...for MAC authentication users in the following order 1 Authentication domain specified on the port 2 Global authentication domain specified in system view 3 Default authentication domain Examples Speci...

Страница 2008: ...uration Examples Configure VLAN 100 as the MAC authentication guest VLAN on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 mac authentic...

Страница 2009: ...network admin Usage guidelines To accommodate IP phone services or any other applications that are sensitive to delay or service interruption in a multi VLAN environment enable MAC authentication mul...

Страница 2010: ...s the password specified in plaintext form will be stored in encrypted form string Specifies the password Its plaintext form is a case sensitive string of 1 to 63 characters Its encrypted form is a ca...

Страница 2011: ...m of 4294967295 concurrent MAC authentication users Views Layer 2 Ethernet interface view Predefined user roles network admin Parameters max number Sets the maximum number of concurrent MAC authentica...

Страница 2012: ...e device determines that the user is idle If the device has not received traffic from a user before the timer expires the device logs off that user and requests the accounting server to stop accountin...

Страница 2013: ...e resets the offline detection timer and the user stays online If the offline detection timer expires because the device has not found a matching snooping entry for the user or received traffic from t...

Страница 2014: ...02 1X authentication and MAC authentication and performs MAC based access control for 802 1X authentication The port is enabled with the 802 1X unicast trigger For the port to perform MAC authenticati...

Страница 2015: ...users on a port This feature tracks the connection status of online users and updates the authorization attributes assigned by the server such as the ACL and VLAN To set the periodic reauthentication...

Страница 2016: ...thentication Examples Enable the keep online feature for authenticated MAC authentication users on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthe...

Страница 2017: ...hronization increases as the number of online users grows This might result in an increased delay for new MAC authentication users and users in the critical VLAN to authenticate or reauthenticate to t...

Страница 2018: ...in secure ext when you want to use MAC authentication delay The delay does not take effect on a port in either of the two modes For more information about port security modes see Port security command...

Страница 2019: ...is 60 to 86400 server timeout server timeout value Sets the server timeout timer The value range is 100 to 300 seconds user aging Sets the user aging timer for a type of MAC authentication VLAN criti...

Страница 2020: ...uration Guide User aging timer user aging Sets the user aging timer for a type of MAC authentication VLAN If you enable user aging for unthenticated MAC authentication user you can set a user aging ti...

Страница 2021: ...feature as a best practice Examples Disable unauthenticated MAC authentication user aging on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1...

Страница 2022: ...e password specified in plaintext form will be stored in encrypted form string Specifies the password Its plaintext form is a case sensitive string of 1 to 63 characters Its encrypted form is a case s...

Страница 2023: ...ation to come online again With a VLAN specified this command logs off the following MAC authentication users Users that have passed MAC authentication and have been assigned the specified VLAN as the...

Страница 2024: ...entication critical voice vlan to remove MAC authentication users from the MAC authentication critical voice VLAN on a port Syntax reset mac authentication critical voice vlan interface interface type...

Страница 2025: ...the MAC authentication guest VLAN on GigabitEthernet 1 0 1 Sysname reset mac authentication guest vlan interface gigabitethernet 1 0 1 mac address 1 1 1 Related commands display mac authentication mac...

Страница 2026: ...34 Related commands display mac authentication...

Страница 2027: ...t destination 34 portal free rule 35 portal free rule destination 37 portal free rule source 38 portal ipv6 free all except destination 39 portal ipv6 layer3 source 40 portal ipv6 user detect 41 porta...

Страница 2028: ...ii...

Страница 2029: ...utomatically push the portal authentication page to iOS devices and some Android devices when they are connected to the network The device pushes the portal authentication page only when the user acce...

Страница 2030: ...our own authentication pages For more information about the restrictions and guidelines see portal authentication configuration in Security Configuration Guide Examples Specify file pagefile1 zip as t...

Страница 2031: ...on authentication subnet IP address Mask 2 2 2 2 255 255 255 0 IPv6 portal status Disabled Portal authentication method Disabled Portal web server Not configured Portal mac trigger server Not configur...

Страница 2032: ...ication Disabled Both users with IP addresses obtained through DHCP and users with static IP addresses can pass authentication to get online Pre auth ip pool Name of the IP address pool specified for...

Страница 2033: ...view Predefined user roles network admin network operator Parameters server server name Specifies a portal authentication server by its name a case sensitive string of 1 to 32 characters Usage guideli...

Страница 2034: ...acknowledgment packet the access device sent to the portal authentication server REQ_AUTH Authentication request packet the portal authentication server sent to the access device ACK_AUTH Authenticati...

Страница 2035: ...ortal authentication server sent to the access device Related commands reset portal packet statistics display portal rule Use display portal rule to display portal filtering rules Syntax display porta...

Страница 2036: ...0 0000 Interface Vlan interface100 VLAN 100 Destination IP 192 168 0 111 Mask 255 255 255 255 Port Any Rule 2 Type Dynamic Action Permit Status Active Source IP 2 2 2 2 MAC 000d 88f8 0eab Interface Vl...

Страница 2037: ...pe Static Action Permit Protocol Any Status Active Source IP Prefix length 0 Port Any MAC 0000 0000 0000 Interface Vlan interface100 VLAN 100 Destination IP 3000 1 Prefix length 64 Port Any Rule 2 Typ...

Страница 2038: ...al filtering rule Dynamic Dynamic portal filtering rule Action Action triggered by the portal filtering rule Permit The interface allows packets to pass Redirect The interface redirects packets Deny T...

Страница 2039: ...c portal filtering rule Number Number of the authorized ACL This field displays N A if the AAA server does not assign an ACL display portal server Use display portal server to display information abou...

Страница 2040: ...r User synchronization User idle timeout in seconds for portal user synchronization Status Reachability status of the portal authentication server Up This value indicates one of the following conditio...

Страница 2041: ...server pts State Online VPN instance N A MAC IP VLAN Interface 000d 88f8 0eab 2 2 2 2 100 Vlan interface100 Authorization information DHCP IP pool N A User profile N A Session group profile N A ACL nu...

Страница 2042: ...thorized user profile is applied to the user access interface successfully inactive The authorized user profile is not applied to the user access interface or the user profile does not exist on the de...

Страница 2043: ...18000002 Access interface Vlan interface20 Service VLAN Customer VLAN MAC address 0000 0000 0001 Domain hrss VPN instance N A Status Online Portal server test Portal authentication method Direct AAA R...

Страница 2044: ...PLS L3VPN instance to which the portal user belongs If the portal user is on a public network this field displays N A Status Status of the portal user Authenticating The user is being authenticated Au...

Страница 2045: ...nline Offline Log out the user DHCP IP pool Authorized DHCP IP address pool If no DHCP IP address pool is authorized for the portal user this field displays N A Inbound CAR This field is not supported...

Страница 2046: ...n ITA traffic statistics for the portal user Accounting merge This field is not supported in the current software version Status of the accounting merge feature Enabled The accounting merge feature is...

Страница 2047: ...s interface N A No inbound CAR is authorized Outbound CAR This field is not supported in the current software version Authorized outbound CAR for ITA traffic CIR Committed information rate in bps PIR...

Страница 2048: ...erver IMC IMC server Portal Web server Name of the portal Web server URL URL of the portal Web server URL parameters URL parameters for the portal Web server VPN instance Name of the MPLS L3VPN where...

Страница 2049: ...interface interface type interface number slot slot number Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Specifies an interfa...

Страница 2050: ...direct Redirects the packets Status Status of the Web redirect rule Active The Web redirect rule is effective Inactive The Web redirect rule is not effective Source Source information in the Web redir...

Страница 2051: ...ion algorithm to encrypt the parameters carried in the redirection URL If you do not specify an encryption algorithm the parameters carried in the redirection URL are not encrypted aes Specifies the A...

Страница 2052: ...tion URL Sysname system view Sysname portal web server wbs Sysname portal websvr wbs if match original url http www abc com cn redirect url http 192 168 0 1 url param encryption des key simple 1234567...

Страница 2053: ...plaintext form is a case sensitive string of 1 to 64 characters Its encrypted form is a case sensitive string of 1 to 117 characters Usage guidelines A portal authentication server has only one IPv4 a...

Страница 2054: ...key Its plaintext form is a case sensitive string of 1 to 64 characters Its encrypted form is a case sensitive string of 1 to 117 characters Usage guidelines A portal authentication server has only on...

Страница 2055: ...undo portal bas ip bas ipv6 to restore the default Syntax portal bas ip ipv4 address bas ipv6 ipv6 address undo portal bas ip bas ipv6 Default The BAS IP attribute of an IPv4 portal reply packet sent...

Страница 2056: ...following conditions are met The portal authentication server is an H3C IMC server or the portal authentication mode on the interface is re DHCP The portal device IP address specified on the portal au...

Страница 2057: ...server name fail permit undo portal ipv6 apply web server Default No portal Web server is specified Views Interface view Predefined user roles network admin Parameters ipv6 Specifies an IPv6 portal W...

Страница 2058: ...profile does not exist on the device or the user profile fails to be deployed the user will not be logged out Views Interface view Predefined user roles network admin Parameters acl Enables strict ch...

Страница 2059: ...nterface type interface number Specifies an interface by its type and number If you specify this option this command logs out all IPv4 and IPv6 online portal users on the interface ipv6 ipv6 address S...

Страница 2060: ...pv6 domain to delete the configured portal authentication domain Syntax portal ipv6 domain domain name undo portal ipv6 domain Default No portal authentication domain is configured on an interface Vie...

Страница 2061: ...lines To modify the portal authentication mode first execute the undo portal ipv6 enable command to disable portal authentication and then execute the portal ipv6 enable command Make sure the device s...

Страница 2062: ...reachable After portal authentication resumes unauthenticated portal users need to pass authentication to access network resources Portal users who has passed authentication can continue accessing net...

Страница 2063: ...subnets on the interface Re DHCP authentication does not support authentication destination subnets If you configure both an authentication source subnet and an authentication destination subnet on a...

Страница 2064: ...s any IPv6 address tcp tcp port number Specifies a TCP port number for the portal free rule in the range of 0 to 65535 udp udp port number Specifies a UDP port number for the portal free rule in the r...

Страница 2065: ...interface 1 when they access services provided on TCP port 23 of host 2001 1 Related commands display portal rule portal free rule destination Use portal free rule destination to configure a destinat...

Страница 2066: ...the same rule already exists Examples Configure a destination based portal free rule specify the rule number as 4 and host name as www h3c com This rule allows the portal user who sends the HTTP HTTP...

Страница 2067: ...IPv6 portal authentication destination subnets on the interface Syntax portal ipv6 free all except destination ipv6 network address prefix length undo portal ipv6 free all except destination ipv6 netw...

Страница 2068: ...face view Predefined user roles network admin Parameters ipv6 network address Specifies an IPv6 portal authentication source subnet address prefix length Specifies the prefix length of the IPv6 addres...

Страница 2069: ...s a detection interval in the range of 1 to 1200 seconds The default interval is 3 seconds idle time Sets the user idle timeout in the range of 60 to 3600 seconds The default idle timeout is 180 secon...

Страница 2070: ...em view Sysname interface vlan interface 100 Sysname Vlan interface100 portal ipv6 user detect type nd retry 5 interval 10 idle 300 Related commands display portal portal layer3 source Use portal laye...

Страница 2071: ...he local portal Web service Syntax portal local web server http https ssl server policy policy name tcp port port number undo portal local web server http https Default Local portal Web service is dis...

Страница 2072: ...protocol except HTTPS or other service For example do not specify port numbers 80 and 23 which are used by HTTP and Telnet respectively Do not configure the same TCP port number for HTTP and HTTPS lo...

Страница 2073: ...r logins and logouts Sysname system view Sysname portal user log enable portal max user Use portal max user to set the maximum number of total portal users allowed in the system Use undo portal max us...

Страница 2074: ...ews Interface view Predefined user roles network admin Parameters profile name Specifies the name of a NAS ID profile a case insensitive string of 1 to 31 characters Usage guidelines A NAS ID profile...

Страница 2075: ...ADIUS packets sent for portal users to the RADIUS server The device then automatically constructs a value for the NAS Port Id attribute in the specified format to meet the RADIUS server requirements F...

Страница 2076: ...identifying the further service type requirement For example use this field to identify specific services in a multi PVC scenario For ATM interfaces ANI_XPI is VPI in the range of 0 to 255 ANI_XCI is...

Страница 2077: ...ers IfNO Interface number a string of 3 characters VlanID VLAN ID a string of 9 characters DHCPoption DHCP option 82 is appended for IPv4 users and DHCP option 1 is appended for IPv6 Format 4 is slot...

Страница 2078: ...ecifies the NAS port type as ISDN Sync attribute value 2 piafs Specifies the NAS port type as PIAFS attribute value 6 sdsl Specifies the NAS port type as SDSL attribute value 11 sync Specifies the NAS...

Страница 2079: ...use this IP address to perform portal authentication The specified IP address pool takes effect when the following requirements are met The direct portal authentication mode is used on the interface T...

Страница 2080: ...D entries for portal users Examples Disable the Rule ARP entry feature for portal clients Sysname system view Sysname undo portal refresh arp enable portal roaming enable Use portal roaming enable to...

Страница 2081: ...ers Usage guidelines In portal authentication server view you can configure the following parameters and features for the portal authentication server IP address of the server Destination UDP port num...

Страница 2082: ...atus If the device receives a reply within the maximum number of detection attempts it considers that the user is online and stops sending detection packets Then the device resets the idle timer and r...

Страница 2083: ...ers with DHCP assigned IP addresses and users with static IP addresses can pass portal authentication to come online Views Interface view Predefined user roles network admin Parameters ipv6 Specifies...

Страница 2084: ...ltering rules use the display portal rule dynamic command Examples Enable the device to check the issuing of category 2 portal filtering rules Sysname system view Sysname portal rule assign check enab...

Страница 2085: ...WPAD server to pass without authentication If portal users enable Web proxy in their browsers the users must add the IP address of the portal authentication server as a proxy exception in their browse...

Страница 2086: ...et portal packet statistics server server name Views User view Predefined user roles network admin Parameters server name Specifies a portal authentication server by its name a case sensitive string o...

Страница 2087: ...l authentication server supports sending heartbeat packets The detection timeout configured on the device must be greater than the server heartbeat interval configured on the portal authentication ser...

Страница 2088: ...dependently No configuration on the portal Web server is required for the detection The portal Web server detection feature takes effect only when the URL of the portal Web server is specified and the...

Страница 2089: ...ce name and the IP address and port number after NAT The register information is used for subsequent authentication information exchanges between the server and the access device The access device upd...

Страница 2090: ...p port port number undo tcp port Default The listening TCP port number for HTTP is 80 and that for HTTPS is the TCP port number set by the portal local web server command Views Local portal Web servic...

Страница 2091: ...l Web server Use undo url to restore the default Syntax url url string undo url Default No URL is specified for a portal Web server Views Portal Web server view Predefined user roles network admin Par...

Страница 2092: ...user visits source address Specifies the user IP address source mac Specifies the user MAC address encryption Specifies the encryption algorithm to encrypt the MAC address of the user aes Specifies t...

Страница 2093: ...thm for a parameter the redirection URL carries the encrypted value for the parameter Execute the url parameter usermac source mac encryption des key simple 12345678 command Then the access device sen...

Страница 2094: ...han the synchronization detection timeout configured on the access device Deleting a portal authentication server on the device also deletes the user synchronization configuration for the server If yo...

Страница 2095: ...al websvr wbs vpn instance abc web redirect url Use web redirect url to enable the Web redirect feature Use undo web redirect url to disable the Web redirect feature Syntax web redirect ipv6 url url s...

Страница 2096: ...wser After the specified interval the user is redirected to the specified URL again Web redirect does not work when both Web redirect and portal authentication are enabled The Web redirect feature tak...

Страница 2097: ...eb auth server 2 display web auth user 3 ip 4 redirect wait time 5 url 6 url parameter 7 web auth auth fail vlan 8 web auth domain 9 web auth enable 9 web auth free ip 10 web auth max user 11 web auth...

Страница 2098: ...bitethernet 1 0 1 Global Web auth parameters Temp entry aging time 500 s HTTP proxy port numbers Not configured HTTPS proxy port numbers Not configured Total online web auth users 1 GigabitEthernet1 0...

Страница 2099: ...Max online users Maximum number of Web authentication users allowed on the interface Web auth enable State of Web authentication Enabled Disabled Total online web auth users Total number of online Web...

Страница 2100: ...IP address of the Web authentication server Port Port number of the Web authentication server URL Redirection URL of the Web authentication server Redirect wait time Time before redirecting an authent...

Страница 2101: ...ss of the online Web authentication user Access interface Access interface of the online Web authentication user Initial VLAN Initial VLAN of the user before the user passes Web authentication Authori...

Страница 2102: ...twork access requests The port number of the Web authentication server must be the same as the listening port of the local portal Web service For more information about the local portal Web service co...

Страница 2103: ...e the default Syntax url url string undo url Default No redirection URL is specified for a Web authentication server Views Web authentication server view Predefined user roles network admin Parameters...

Страница 2104: ...ress source mac Specifies the user MAC address value expression Specifies a custom case sensitive string of 1 to 256 characters The string can include question marks If you enter a question mark in th...

Страница 2105: ...After you configure this command on an interface users who failed Web authentication on the interface can access resources in the Auth Fail VLAN You must also configure the IP address of the server t...

Страница 2106: ...Specifies an ISP authentication domain name a case insensitive string of 1 to 255 characters User guidelines After you configure this command the device uses the authentication domain for authenticat...

Страница 2107: ...view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 web auth enable apply server wbs Related commands web auth server web auth free ip Use web auth free ip to specify a Web authe...

Страница 2108: ...arameters max number Specifies the maximum number of Web authentication users allowed on an interface The value range for this argument is 1 to 2048 User guidelines If the specified maximum number is...

Страница 2109: ...mistakenly logging out users set the detection interval to be the same as the aging time of MAC address entries Examples On GigabitEthernet 1 0 1 enable online detection of Web authentication users an...

Страница 2110: ...at use a Web proxy server do not use the proxy server for the listening IP address of the local portal Web service Then HTTP packets that the Web authentication user sends to the local portal Web serv...

Страница 2111: ...n it detects traffic from a user for the first time The entry records the MAC address access interface and VLAN ID of the user as well as the aging time of the entry The aging timer works as follows I...

Страница 2112: ...btain resources from the Auth Fail VLAN for example it failed to download the virus patches Examples Set the aging timer for temporary MAC address entries to 500 seconds Sysname system view Sysname we...

Страница 2113: ...curity free vlan 11 port security intrusion mode 12 port security mac address aging type inactivity 13 port security mac address dynamic 14 port security mac address security 15 port security mac limi...

Страница 2114: ...ort security information for all ports Sysname display port security Global port security parameters Port security Enabled AutoLearn aging time 0 min Disableport timeout 20 s Blockmac timeout 180 s MA...

Страница 2115: ...fline Logs off the users NAS ID profile NAS ID profile applied globally Dot1x failure trap Whether SNMP notifications for 802 1X authentication failures are enabled Dot1x logon trap Whether SNMP notif...

Страница 2116: ...ress NeedToKnowAuto Forwards only broadcast multicast and unicast frames with an authenticated destination MAC address and only when the port has online users Disabled NTK is disabled Intrusion protec...

Страница 2117: ...om other ports display port security mac address block Use display port security mac address block to display information about blocked MAC addresses Syntax display port security mac address block int...

Страница 2118: ...splay port security mac address security interface interface type interface number vlan vlan id count Views Any view Predefined user roles network admin network operator Parameters interface interface...

Страница 2119: ...lays the remaining lifetime If the remaining lifetime is less than 60 seconds the lifetime is counted in seconds If the lifetime is not less than 60 seconds the lifetime is counted in minutes By defau...

Страница 2120: ...er log enable violation Related commands info center source portsec logfile deny Network Management and Monitoring Command Reference port security authentication open Use port security authentication...

Страница 2121: ...se undo port security authentication open global to disable global open authentication mode Syntax port security authentication open global undo port security authentication open global Default Global...

Страница 2122: ...port uses the authorization information from the server Views Layer 2 Ethernet interface view Predefined user roles network admin Usage guidelines After a user passes RADIUS or local authentication th...

Страница 2123: ...em Usage guidelines The authorization fail offline feature logs off port security users that have failed ACL or user profile authorization A user fails ACL or user profile authorization in the followi...

Страница 2124: ...the following security settings to the default 802 1X access control mode is MAC based Port authorization state is auto When online users are present on a port disabling port security logs off the onl...

Страница 2125: ...MAC authentication on a port configured with any of the following features 802 1X authentication MAC authentication Any of the following port security modes userLogin userLoginSecure userLoginWithOUI...

Страница 2126: ...ever it receives an illegal frame You can use the port security timer disableport command to set the period Usage guidelines To bring up the port disabled by the intrusion protection feature use the u...

Страница 2127: ...imer is set to a value not less than 60 seconds the traffic data detection interval is fixed at 30 seconds If the aging timer is set to a value less than 60 seconds the traffic data detection interval...

Страница 2128: ...sticky MAC addresses Examples Enable the dynamic secure MAC feature on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 port security mac...

Страница 2129: ...in autoLearn mode Sticky MAC addresses do not age out by default You can use the port security timer autolearn aging command to set an aging timer for the sticky MAC addresses When the timer expires...

Страница 2130: ...N items Each VLAN item specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan id1 to vlan id2 The value range for the VLAN IDs is 1 to 4094 The value for the vlan id2 argument m...

Страница 2131: ...e VLAN to which the user belongs is permitted by the port Views Layer 2 Ethernet interface view Predefined user roles network admin Usage guidelines Enable VLAN check bypass on a port to skip checking...

Страница 2132: ...move allows an online user authenticated through 802 1X or MAC authentication on one port or VLAN to be reauthenticated and come online on another port or VLAN without going offline first After the us...

Страница 2133: ...the port This option takes effect only on a port that operates in autoLearn mode Usage guidelines For autoLearn mode this command sets the maximum number of secure MAC addresses both configured and au...

Страница 2134: ...file by its name The argument is a case insensitive string of 1 to 31 characters Usage guidelines A NAS ID profile defines NAS ID and VLAN bindings You can create a NAS ID profile by using the aaa nas...

Страница 2135: ...MAC address and only when the port has online users ntkonly Forwards only unicast frames with an authenticated destination MAC address Usage guidelines The NTK feature checks the destination MAC addr...

Страница 2136: ...oginWithOUI mode In userLoginWithOUI mode a port allows only one 802 1X user and one user whose MAC address matches one of the configured OUI values Examples Configure an OUI value of 000d2a and set t...

Страница 2137: ...ation users to log in Upon receiving a non 802 1X frame a port in this mode performs only MAC authentication Upon receiving an 802 1X frame the port performs MAC authentication and then if MAC authent...

Страница 2138: ...ddress contains a specific OUI In this mode the port performs OUI check at first If the OUI check fails the port performs 802 1X authentication The port permits frames that pass OUI check or 802 1X au...

Страница 2139: ...Usage guidelines The timer applies to all sticky secure MAC addresses and those automatically learned by a port The effective aging timer varies by the aging timer setting If the aging timer is set i...

Страница 2140: ...s time value Specifies the silence period in seconds during which the port remains disabled The value is in the range of 20 to 300 Usage guidelines If you configure the intrusion protection action as...

Страница 2141: ...MAC based access control mode this feature collects user traffic statistics on a per MAC basis on the port If a port performs 802 1X authentication in port based access control mode this feature coll...

Страница 2142: ...llegal frame detection mac auth failure Specifies notifications about MAC authentication failures mac auth logoff Specifies notifications about MAC authentication user logoffs mac auth logon Specifies...

Страница 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...

Страница 2144: ...isplays configuration and online user information for all user profiles slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays use...

Страница 2145: ...e view of an existing user profile Use undo user profile to delete a user profile Syntax user profile profile name undo user profile profile name Default No user profiles exist Views System view Prede...

Страница 2146: ...assword control change password weak password enable 8 password control complexity 9 password control composition 10 password control enable 12 password control expired user login 13 password control...

Страница 2147: ...Global password control configurations Password control Enabled device management users Enabled network access users Password aging Enabled 90 days Password length Enabled 10 characters Password comp...

Страница 2148: ...wed maximum number of consecutive failed login attempts for FTP and VTY users Action for exceeding login attempts Action to be taken after a user fails to log in after the specified number of attempts...

Страница 2149: ...nformation about blacklisted FTP Web and virtual terminal line VTY users Users accessing the system through the console interface are not blacklisted for the following reasons The system is unable to...

Страница 2150: ...ssword control feature is enabled The default minimum password length and default password composition restriction vary by device model In FIPS mode the password composition restriction or the minimum...

Страница 2151: ...password control aging aging time undo password control aging Default A password expires after 90 days The password aging time for a user group equals the global setting The password aging time for a...

Страница 2152: ...g 100 Related commands display local user display password control display user group password control aging enable password control alert before expire Use password control alert before expire to set...

Страница 2153: ...iew Predefined user roles network admin Parameters timeout Specifies the user authentication timeout time in seconds in the range of 30 to 600 Usage guidelines This command takes effect only on Telnet...

Страница 2154: ...ontrol enable password control change password weak password enable Use password control change password weak password enable to enable mandatory weak password change Use undo password control change...

Страница 2155: ...assword control length password control enable password control complexity Use password control complexity to configure the password complexity checking policy Use undo password control complexity to...

Страница 2156: ...oup the system uses the global policy In non FIPS mode username checking is enabled regardless of whether or not the global password control feature is enabled In FIPS mode the password complexity che...

Страница 2157: ...ser view applies only to the local user A password composition policy with a smaller application scope has higher priority The system prefers to use the password composition policy in local user view...

Страница 2158: ...rs Usage guidelines When you enable global password control the device automatically generates a dat file and saves the file to the storage media The file is used to record authentication and login in...

Страница 2159: ...umber of times that a user can log in after the password expires Use undo password control expired user login to restore the defaults Syntax password control expired user login delay delay times times...

Страница 2160: ...s for each user is 4 Views System view Predefined user roles network admin Parameters max record number Specifies the maximum number of history password records for each user The value range is 2 to 1...

Страница 2161: ...sword length in characters The value range for this argument is 4 to 32 in non FIPS mode and 15 to 32 in FIPS mode Usage guidelines The minimum length setting depends on the view The setting in system...

Страница 2162: ...word control login idle time idle time undo password control login idle time Default The maximum account idle time is 90 days Views System view Predefined user roles network admin Parameters idle time...

Страница 2163: ...value range is 2 to 10 exceed Specifies an action to be taken for the user who fails to log in after making the maximum number of attempts lock Disables the user account permanently lock time time Di...

Страница 2164: ...counts The password control login attempt command takes effect immediately after being executed and can affect the users already in the password control blacklist Examples Allow a maximum of four cons...

Страница 2165: ...trol super aging Default A super password expires after 90 days Views System view Predefined user roles network admin Parameters aging time Specifies the super password aging time in days in the range...

Страница 2166: ...mode and 1 to 15 in FIPS mode Usage guidelines The product of the minimum number of character types and minimum number of characters for each type cannot be greater than the maximum length of the sup...

Страница 2167: ...change their passwords Use undo password control update interval to restore the default Syntax password control update interval interval undo password control update interval Default The minimum passw...

Страница 2168: ...password control history record Use reset password control history record to delete history password records Syntax reset password control history record super role role name user name user name netw...

Страница 2169: ...nagement users Sysname reset password control history record Are you sure you want to delete all device management users history records Y N y Delete the history password records of all network access...

Страница 2170: ...local public 1 display public key peer 4 peer public key end 6 public key local create 7 public key local destroy 10 public key local export dsa 11 public key local export ecdsa 13 public key local ex...

Страница 2171: ...f you do not specify a key pair this command displays the public keys of all local key pairs of the specified type Usage guidelines You can copy and distribute the public key of a local key pair to pe...

Страница 2172: ...CE14A0D3A5222FE08CECE65BE6C265854889DC1E DBD13EC8B274DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B06FD60FE01941D DD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B36895038 7811C7DA3...

Страница 2173: ...DD6145BF9362B 1D Key name ecdsa1 Key type ECDSA Time when key pair created 15 43 33 2011 05 12 Key code 3049301306072A8648CE3D020106082A8648CE3D03010103320004A1FB84D92315B8DB72D1 AE672C7CFA5135D5F5B02...

Страница 2174: ...of the local ECDSA key pair ecdsa1 Sysname display public key local ecdsa public name ecdsa1 Key name ecdsa1 Key type ECDSA Time when key pair created 15 43 33 2011 05 12 Key code 3049301306072A8648C...

Страница 2175: ...he public key peer import sshkey command to configure a peer host public key on the local device Examples Display detailed information about the peer host public key idrsa Sysname display public key p...

Страница 2176: ...the correct format the system discards the key and displays an error message If the key is valid for example the key was displayed by the display public key local public command the system saves the...

Страница 2177: ...key pair type secp192r1 Uses the secp192r1 curve to create a 192 bit ECDSA key pair secp256r1 Uses the secp256r1 curve to create a 256 bit ECDSA key pair secp384r1 Uses the secp384r1 curve to create...

Страница 2178: ...ite the existing key pair The key pairs are automatically saved and can survive system reboots Table 5 A comparison of different types of asymmetric key algorithms Type Generated key pairs Modulus key...

Страница 2179: ...l create rsa name rsa1 The range of public key modulus is 512 4096 If the key modulus is greater than 512 it will take a few minutes Press CTRL C to abort Input the modulus length default 1024 Generat...

Страница 2180: ...key local destroy dsa ecdsa rsa name key name Views System view Predefined user roles network admin Parameters dsa Specifies the DSA key pair type ecdsa Specifies the ECDSA key pair type rsa Specifie...

Страница 2181: ...me ecdsa1 Confirm to destroy the key pair Y N y Related commands public key local create public key local export dsa Use public key local export dsa to export a local DSA host public key Syntax public...

Страница 2182: ...fault name in SSH 2 0 format Sysname system view Sysname public key local export dsa ssh2 BEGIN SSH2 PUBLIC KEY Comment dsa key 2011 05 12 AAAAB3NzaC1kc3MAAACBANdXJixFhMRMIR8YvZbl8GHE8KQj9 5ra4WzTO9yz...

Страница 2183: ...MIR8YvZbl8GHE8KQj9 5ra4WzTO9yzhSg06UiL CM7OZb5sJlhUiJ3 B7b0T7IsnTan3W6Jsy5h3I2Anh kiuoRCHyLDyJy5sG WD AZQd3Xf axKJPadu68HRKNl BnjXcitTQchQbz WCFLFqL6xLNolQOHgRx9ozAAAAFQDHcyGMc37I7pk7Ty3tMPSO2s6RXwAAA...

Страница 2184: ...amentals Configuration Guide 3 On the peer device use the public key peer import sshkey command to import the host public key from the file SSH 2 0 and OpenSSH are different public key formats Choose...

Страница 2185: ...see Fundamentals Configuration Guide If you do not specify a file name this command displays the key on the monitor screen Usage guidelines You can use this command to export a local RSA host public k...

Страница 2186: ...a1 pub Sysname system view Sysname public key local export rsa name rsa1 openssh rsa1 pub Display the host public key of the local RSA key pair rsa1 in SSH 2 0 format Sysname system view Sysname publi...

Страница 2187: ...peer public key end command to save the public key and return to system view The public key you type in the public key view must be in a correct format If the peer device is an H3C device use the disp...

Страница 2188: ...this command the system automatically transforms the host public key to the PKCS format and saves the key Before you use this command make sure you have got a copy of the public key file from the pee...

Страница 2189: ...play pki certificate request status 17 display pki crl domain 18 fqdn 20 ip 21 ldap server 21 locality 22 organization 23 organization unit 23 pki abort certificate request 24 pki certificate access c...

Страница 2190: ...iew Predefined user roles network admin Parameters id Specifies a rule ID in the range of 1 to 16 alt subject name Specifies the alternative subject name field fqdn Specifies the FQDN attribute ip Spe...

Страница 2191: ...bject name field of the certificate contains the DN attribute The DN attribute value contains the abc string A certificate matches an attribute group if it matches all attribute rules in the group Exa...

Страница 2192: ...e pki domain aaa Sysname pki domain aaa ca identifier new ca certificate request entity Use certificate request entity to specify the PKI entity for certificate request Use undo certificate request en...

Страница 2193: ...ficate request from ca ra undo certificate request from Default The type of certificate request reception authority is not specified Views PKI domain view Predefined user roles network admin Parameter...

Страница 2194: ...line or online mode In online mode a certificate request can be automatically or manually submitted Auto request mode A PKI entity automatically obtains the CA certificate and submits a certificate re...

Страница 2195: ...for the certificate request status The periodic query operation stops until the PKI entity obtains the certificate or the maximum number of query attempts is reached If the maximum number of query att...

Страница 2196: ...n Usage guidelines The certificate request URL contains the location of the certificate request reception authority server and the path of the application script on the server in the format http serve...

Страница 2197: ...to restore the default Syntax country country code string undo country Default No country code is set for a PKI entity Views PKI entity view Predefined user roles network admin Parameters country code...

Страница 2198: ...ault Syntax crl url url string vpn instance vpn instance name undo crl url Default The URL of the CRL repository is not specified Views PKI domain view Predefined user roles network admin Parameters u...

Страница 2199: ...rl url http 169 254 0 30 Set the URL of the CRL repository to ldap 169 254 0 30 in MPLS L3VPN instance vpn1 Sysname system view Sysname pki domain 1 Sysname pki domain 1 crl url ldap 169 254 0 30 vpn...

Страница 2200: ...ates that match the attribute group in the access control rule Related commands pki certificate access control policy rule display pki certificate attribute group Use display pki certificate attribute...

Страница 2201: ...ctn Not contain operation equ Equal operation nequ Not equal operation Attribute 1 subject name dn ctn abc Attribute rule contents alt subject name Alternative subject name issuer name Certificate iss...

Страница 2202: ...also displayed If you specify the local keyword this command displays information about all local certificates in the domain If you specify the peer keyword without a serial number this command displa...

Страница 2203: ...formation about local certificates in the PKI domain aaa Sysname display pki certificate domain aaa local Certificate Data Version 3 0x2 Serial Number bc 05 70 1f 0e da 0d 10 16 1e Signature Algorithm...

Страница 2204: ...hRSAEncryption 94 ef 56 70 48 66 be 8f 9d bb 77 0f c9 f4 65 77 e3 bd ea 9a b8 24 ae a1 38 2d f4 ab e8 0e 93 c2 30 33 c8 ef f5 e9 eb 9d 37 04 6f 99 bd b2 c0 e9 eb b1 19 7e e3 cb 95 cd 6c b8 47 e2 cf 18...

Страница 2205: ...78 98 68 03 5b 72 f4 57 d3 bf c5 30 32 0d 58 72 67 04 06 61 08 3b e9 ac 53 b9 e7 69 68 1a 23 f2 97 4c 26 14 c2 b5 d9 34 8b ee c1 ef af 1a f4 39 da c5 ae ab 56 95 b5 be 0e c3 46 35 c1 52 29 9c b7 46 f2...

Страница 2206: ...ificate request status domain domain name Views Any view Predefined user roles network admin network operator Parameters domain name Specifies a PKI domain by its name a case insensitive string of 1 t...

Страница 2207: ...ld Description Certificate Request Transaction number Certificate request transaction number starting from 1 Status Certificate request status including only the pending status Key usage Certificate p...

Страница 2208: ...ki crl domain aaa Certificate Revocation List CRL Version 2 0x1 Signature Algorithm sha1WithRSAEncryption Issuer C cn O docm OU sec CN therootca Last Update Apr 28 01 42 13 2011 GMT Next Update NONE C...

Страница 2209: ...pdate time X509v3 Authority Key Identifier X509v3 ID of the CA that issues the CRL keyid Key ID This field identifies the key pair used to sign the CRL Signature Algorithm Signature algorithm and sign...

Страница 2210: ...e IP address of the PKI entity Usage guidelines Use this command to assign an IP address to a PKI entity or specify an interface for the entity The interface s primary IPv4 address will be used as the...

Страница 2211: ...y uses LDAP for CRL distribution However the CRL repository URL configured for the PKI domain does not contain the IP address or host name of the LDAP server You can specify only one LDAP server for a...

Страница 2212: ...n to restore the default Syntax organization org name undo organization Default No organization name is set for a PKI entity Views PKI entity view Predefined user roles network admin Parameters org na...

Страница 2213: ...domain name Views System view Predefined user roles network admin Parameters domain name Specifies a PKI domain by its name a case insensitive string of 1 to 31 characters The domain name cannot conta...

Страница 2214: ...policies exist Views System view Predefined user roles network admin Parameters policy name Specifies a policy name a case insensitive string of 1 to 31 characters Usage guidelines A certificate based...

Страница 2215: ...nt configured by using the rule command If a certificate attribute group does not have any attribute rules the system determines that the all certificates match the associated access control rule Exam...

Страница 2216: ...following steps 1 Execute the display pki certificate command to determine the serial number of the peer certificate 2 Execute the pki delete certificate domain domain name peer serial serial num comm...

Страница 2217: ...ameters domain name Specifies a PKI domain name a case insensitive string of 1 to 31 characters The domain name cannot contain the special characters listed in Table 11 Table 11 Special characters Cha...

Страница 2218: ...ect contents in the certificate issued by the CA Examples Create a PKI entity named en and enter its view Sysname system view Sysname pki entity en Sysname pki entity en Related commands pki domain pk...

Страница 2219: ...l certificate in PEM format filename filename Specifies the name of the file for storing the certificate The file name is a case insensitive string If you do not specify a file name when you export ce...

Страница 2220: ...private keys the export operation fails When you export the local certificates if the key pair in the PKI domain is changed and no longer matches the key in the local certificates the export operatio...

Страница 2221: ...CCsGAQUFBwMEBgorBgEEAYI3FAICMC4GCWCGSAGG EIBDQQh Fh9Vc2VyIENlcnRpZmljYXRlIG9mIE9wZW5DQSBMYWJzMB0GA1UdDgQWBBTPw8FY ut7Xr2Ct 23zU ybgU9dQjAfBgNVHSMEGDAWgBQzEQ58yIC54wxodp6JzZvn gx0 CDAaBgNVHREEEzARgQ9ja...

Страница 2222: ...UxMzMxMjla ME0xCzAJBgNVBAYTAkNOMRQwEgYDVQQKDAtPcGVuQ0EgTGFiczEOMAwGA1UECwwF VXNlcnMxGDAWBgNVBAMMD2Noa3Rlc3QgY2hrdGVzdDCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEA54rUZ0Ux2kApceE4ATpQ437CU6ovuHS5eJKZyky8fhM...

Страница 2223: ...i9jcmwvY2FjcmwuY3JsMA0GCSqGSIb3DQEBCwUA A4IBAQC0q0SSmvQNfa5ELtRKYF62C Y8QTLbk6lZDTZuIzN15SGKQcbNM970ffCD Lk1zosyEVE7PLnii3bZ5khcGO3byyXfluAqRyOGVJcudaw7uIQqgv0AJQ zaQSHi d4kQf5QWgYkQ55 C5puOmcMRgCbMpR...

Страница 2224: ...xport domain domain1 pem ca BEGIN CERTIFICATE MIIB7jCCAVcCEQCdSVShJFEMifVG8zRRoSsWMA0GCSqGSIb3DQEBBQUAMDcxCzAJ BgNVBAYTAmNuMQwwCgYDVQQKEwNoM2MxDDAKBgNVBAsTA2gzYzEMMAoGA1UEAxMD YWNhMB4XDTExMDEwNjAyNTc0...

Страница 2225: ...main to a file named cert lo der in PKCS12 format The password for the private keys is 123 Sysname system view Sysname pki export domain domain1 p12 local passphrase 123 filename cert lo der Export al...

Страница 2226: ...or peer certificates If the PKI domain the local certificates or the peer certificates do not have the CA certificate chain you must import the CA certificate first To import a local or peer certific...

Страница 2227: ...he certificate file The import operation automatically updates or generates the correct key pair When you perform the import operation be sure to save the configuration file to avoid data loss Example...

Страница 2228: ...wKHL35lmBDRLEzQeBFcaGwSm1JvRfE4tkJM7 Uz2QHJOfP10 0VLqMgxMlpk3TvBWgzHGJDe7TdzFCDPMPhod8pi4P8gGXmQd01PbyQ END RSA PRIVATE KEY Bag Attributes localKeyID 01 00 00 00 subject CN sldsslserver issuer C cn O...

Страница 2229: ...he password Local certificate already exist confirm to overwrite it Y N y The PKI domain already has a CA certificate If it is overwritten local certificates peer certificates and CRL of this domain w...

Страница 2230: ...d to print the BASE64 encoded request information Use the pkcs10 filename filename option to save the request information to a local file and transfer the file to the CA by using an out of band means...

Страница 2231: ...ensitive string of 1 to 31 characters Usage guidelines In online mode You can obtain the CA certificate through the SCEP protocol If a CA certificate already exists locally do not obtain the CA certif...

Страница 2232: ...me system view Sysname pki retrieve certificate domain aaa peer en1 Related commands display pki certificate pki delete certificate pki retrieve crl Use pki retrieve crl to obtain CRLs and save them l...

Страница 2233: ...the CRL repository If a CRL repository is found the device obtains CRLs from the CRL repository If no CRL repository is found the device obtains CRLs through the SCEP protocol Examples Obtain CRLs fr...

Страница 2234: ...ify the validity of certificates Syntax pki validate certificate domain domain name ca local Views System view Predefined user roles network admin Parameters domain name Specifies a PKI domain by its...

Страница 2235: ...e current CA to the root CA Examples Verify the validity of the CA certificate in PKI domain aaa Sysname system view Sysname pki validate certificate domain aaa ca Verifying certificate Serial Number...

Страница 2236: ...e key pair name can contain only letters digits and hyphens length key length Specifies the key length in bits In non FIPS mode the value range is 512 to 2048 and the default is 1024 In FIPS mode the...

Страница 2237: ...al create public key ecdsa Use public key ecdsa to specify an ECDSA key pair for certificate request Use undo public key to restore the default Syntax In non FIPS mode public key ecdsa name key name s...

Страница 2238: ...quest The curve parameter is ignored if the specified key pair already exists or is already contained in an imported certificate If you do not specify an elliptic curve the secp192r1 curve is used by...

Страница 2239: ...a key pair A PKI domain can have key pairs using only one type of cryptographic algorithm DSA ECDSA or RSA A PKI domain can have two RSA key pairs of different purposes one is the signing key pair and...

Страница 2240: ...that does not have a CA certificate you must configure the fingerprint for root CA certificate verification When an application for example IKE triggers the device to request local certificates the de...

Страница 2241: ...view Sysname pki domain aaa Sysname pki domain aaa root certificate fingerprint md5 12EF53FA355CD23E12EF53FA355CD23E Specify an SHA1 fingerprint for verifying the root CA certificate Sysname system vi...

Страница 2242: ...n defined in the access control rule Examples Create rule 1 to permit all certificates that match certificate attribute group mygroup Sysname system view Sysname pki certificate access control policy...

Страница 2243: ...in 1 source ipv6 1 8 Use the IP address of VLAN interface 1 as the source IP address for PKI protocol packets Sysname system view Sysname pki domain aaa Sysname pki domain aaa source ip interface vlan...

Страница 2244: ...E certificate extension so IKE peers can use the certificates ssl client Specifies the SSL client certificate extension so the SSL client can use the certificates ssl server Specifies the SSL server c...

Страница 2245: ...template 29 ipsec anti replay check 30 ipsec anti replay window 31 ipsec apply 32 ipsec decrypt check enable 32 ipsec df bit 33 ipsec fragmentation 34 ipsec global df bit 35 ipsec limit max tunnel 35...

Страница 2246: ...84 match local address IKE keychain view 85 match local address IKE profile view 86 match remote 87 pre shared key 89 priority IKE keychain view 90 priority IKE profile view 91 proposal 91 reset ike s...

Страница 2247: ...ss IKEv2 policy view 123 match remote 124 match vrf IKEv2 policy view 125 match vrf IKEv2 profile view 126 nat keepalive 127 peer 128 pre shared key 129 prf 130 priority IKEv2 policy view 131 priority...

Страница 2248: ...Specifies the HMAC AES XCBC 96 algorithm which uses a 128 bit key This keyword is available only for IKEv2 md5 Specifies the HMAC MD5 96 algorithm which uses a 128 bit key sha1 Specifies the HMAC SHA...

Страница 2249: ...meters text Specifies a description a case sensitive string of 1 to 80 characters Usage guidelines If the system has multiple IPsec policies IPsec policy templates or IPsec profiles you can use this c...

Страница 2250: ...pecify an IPsec policy name without any sequence number this command displays information about all IPsec policy entries with the specified name Examples Display information about all IPv4 IPsec polic...

Страница 2251: ...y data flow Selector mode standard Local address Remote address Transform set IKE profile IKEv2 profile SA duration time based 3600 seconds SA duration traffic based 1843200 kilobytes SA idle time IPs...

Страница 2252: ...abled Security data flow 3200 Selector mode standard Local address Remote address 5 3 6 9 Transform set completetransform IKE profile IKEv2 profile SA duration time based 3600 seconds SA duration traf...

Страница 2253: ...onfiguration incomplete Possible causes include The ACL is not configured The IPsec transform set is not configured The ACL does not have any permit statements The IPsec transform set configuration is...

Страница 2254: ...configured and it is empty if the key is not configured Related commands ipsec ipv6 policy policy display ipsec ipv6 policy template policy template Use display ipsec ipv6 policy template policy temp...

Страница 2255: ...ile Remote address 162 105 10 2 Transform set testprop IPsec SA local duration time based 3600 seconds IPsec SA local duration traffic based 1843200 kilobytes SA idle time Display information about al...

Страница 2256: ...dress of the IPsec tunnel Transform set Transform set used by the IPsec policy template IPsec SA local duration time based Time based IPsec SA lifetime in seconds IPsec SA local duration traffic based...

Страница 2257: ...ion hex key ESP authentication hex key Table 3 Command output Field Description IPsec profile IPsec profile name Mode Negotiation mode used by the IPsec profile Description Description of the IPsec pr...

Страница 2258: ...Specifies an IPsec SA by its remote end IP address ipv6 Specifies an IPsec SA by its remote end IPv6 address If this keyword is not specified the specified remote end IP address is an IPv4 address Usa...

Страница 2259: ...2 168 1 0 255 255 255 0 port 0 protocol ip Inbound ESP SAs SPI 3564837569 0xd47b1ac1 Connection ID 90194313219 Transform set ESP ENCRYPT AES CBC 128 ESP AUTH SHA1 SA duration kilobytes sec 4294967295...

Страница 2260: ...mode ISAKMP IKE negotiation mode Template IPsec policy template mode Tunnel id IPsec tunnel ID Encapsulation mode Encapsulation mode transport or tunnel Perfect Forward Secrecy Perfect Forward Secrecy...

Страница 2261: ...e IPsec transform set SA duration kilobytes sec IPsec SA lifetime in kilobytes or seconds SA remaining duration kilobytes sec Remaining IPsec SA lifetime in kilobytes or seconds Max received sequence...

Страница 2262: ...0 45 Dropped packets statistics No available SA 0 Wrong SA 0 Invalid length 0 Authentication failure 0 Encapsulation failure 0 Decapsulation failure 0 Replayed packets 0 ACL check failure 45 MTU chec...

Страница 2263: ...ets ACL check failure Number of packets dropped due to ACL check failure MTU check failure Number of packets dropped due to MTU check failure Loopback limit exceeded Number of packets dropped due to l...

Страница 2264: ...sed by the IPsec policy for negotiation 768 bit Diffie Hellman group dh group1 1024 bit Diffie Hellman group dh group2 1536 bit Diffie Hellman group dh group5 2048 bit Diffie Hellman group dh group14...

Страница 2265: ...nd SPI Outbound SPI Status 0 1000 2000 Active 3000 4000 1 1 2 3 1 2 2 2 2 5000 6000 Active 7000 8000 Table 8 Command output Field Description Src Address Source IP address of the IPsec tunnel For IPse...

Страница 2266: ...vpn instance SA s SPI outbound 6000 0x00001770 AH inbound 5000 0x00001388 AH outbound 8000 0x00001f40 ESP inbound 7000 0x00001b58 ESP Tunnel local address 1 2 3 1 remote address 2 2 2 2 Flow as define...

Страница 2267: ...ss Local end IP address of the IPsec tunnel remote address Remote end IP address of the IPsec tunnel Flow Information about the data flow protected by the IPsec tunnel including source IP address dest...

Страница 2268: ...secured transmission start and end points are not the actual start and end points of the data packets for example when two gateways provide IPsec but the data start and end points are two hosts behind...

Страница 2269: ...tion algorithm In FIPS mode esp authentication algorithm sha1 sha256 sha384 sha512 undo esp authentication algorithm Default ESP does not use any authentication algorithms Views IPsec transform set vi...

Страница 2270: ...92 aes ctr 256 camellia cbc 128 camellia cbc 192 camellia cbc 256 des cbc gmac 128 gmac 192 gmac 256 gcm 128 gcm 192 gcm 256 null undo esp encryption algorithm In FIPS mode esp encryption algorithm ae...

Страница 2271: ...hich uses a 256 bit key This keyword is available only for IKEv2 null Specifies the NULL algorithm which means encryption is not performed Usage guidelines You can specify multiple ESP encryption algo...

Страница 2272: ...stem view the device uses the global IKE settings The IKE profile specified for an IPsec policy IPsec policy template or IPsec profile defines the parameters used for IKE negotiation You can specify o...

Страница 2273: ...policy1 10 isakmp Sysname ipsec policy isakmp policy1 10 ikev2 profile profile1 Related commands display ipsec ipv6 policy display ipsec policy ikev2 profile ipsec ipv6 policy policy Use ipsec ipv6 p...

Страница 2274: ...have the same name Examples Create an IKE based IPsec policy entry and enter the IPsec policy view The policy name is policy1 and the sequence number is 100 Sysname system view Sysname ipsec policy p...

Страница 2275: ...template are determined by the initiator When the remote end s information such as the IP address is unknown this method allows the remote end to initiate negotiations with the local end Examples Crea...

Страница 2276: ...c SAs have been established if you bind the IPsec policy to a source interface the existing IPsec SAs are deleted Only an IKE based IPsec policy can be bound to a source interface An IPsec policy can...

Страница 2277: ...ve the same name but different sequence numbers With the seq number argument specified the undo command deletes an IPsec policy template entry An IPv4 IPsec policy template and an IPv6 IPsec policy te...

Страница 2278: ...s Enable IPsec anti replay checking Sysname system view Sysname ipsec anti replay check Related commands ipsec anti replay window ipsec anti replay window Use ipsec anti replay window to set the anti...

Страница 2279: ...On an interface you can apply a maximum of two IPsec policies one IPv4 IPsec policy and one IPv6 IPsec policy An IKE based IPsec policy can be applied to multiple interfaces As a best practice apply a...

Страница 2280: ...s on an interface Use undo ipsec df bit to restore the default Syntax ipsec df bit clear copy set undo ipsec df bit Default The DF bit is not configured for the outer IP header of IPsec packets on an...

Страница 2281: ...gmentation Default The device fragments packets before IPsec encapsulation Views System view Predefined user roles network admin Parameters after encryption Fragments packets after IPsec encapsulation...

Страница 2282: ...unnel mode It is not effective in transport mode because the outer IP header is not added in transport mode This command does not change the DF bit for the original IP header of IPsec packets Packet f...

Страница 2283: ...c logging packet enable Use ipsec logging packet enable to enable logging for IPsec packets Use undo ipsec logging packet enable to disable logging for IPsec packets Syntax ipsec logging packet enable...

Страница 2284: ...profile you must specify the IPsec SA setup mode manual When you enter the view of an existing IPsec profile you do not need to specify the IPsec SA setup mode A manual IPsec profile is similar to a m...

Страница 2285: ...re the global IPsec SA lifetime Use undo ipsec sa global duration to restore the default Syntax ipsec sa global duration time based seconds traffic based kilobytes undo ipsec sa global duration time b...

Страница 2286: ...out feature and set the idle timeout If no traffic matches an IPsec SA within the idle timeout interval the IPsec SA is deleted Use undo ipsec sa idle time to disable the global IPsec SA idle timeout...

Страница 2287: ...ity parameters for IPsec SA negotiation including the security protocol encryption algorithms authentication algorithms and encapsulation mode Examples Create an IPsec transform set named tran1 and en...

Страница 2288: ...olicy isakmp map 1 local address 1 1 1 1 Related commands remote address pfs Use pfs to enable the Perfect Forward Secrecy PFS feature for an IPsec transform set Use undo pfs to restore the default Sy...

Страница 2289: ...the responder This restriction does not apply to IKEv2 The end without the PFS feature performs IKE negotiation according to the PFS requirements of the peer end Examples Enable PFS using 2048 bit Dif...

Страница 2290: ...Enable the QoS pre classify feature Sysname system view Sysname ipsec policy policy1 100 manual Sysname ipsec policy manual policy1 100 qos pre classify redundancy replay interval Use redundancy repla...

Страница 2291: ...short interval improves the anti replay information consistency between the active device and the standby device but it sacrifices the forwarding performance of the devices Examples Set the anti repla...

Страница 2292: ...the latest remote IP address If a static DNS entry is used for resolution you must reconfigure the remote address command whenever the remote IP address changes Without the reconfiguration the local...

Страница 2293: ...a remote IPv4 address ipv6 ipv6 address Specifies a remote IPv6 address ah Specifies the AH protocol esp Specifies the ESP protocol spi num Specifies the security parameter index in the range of 256...

Страница 2294: ...et ipsec statistics Use reset ipsec statistics to clear IPsec packet statistics Syntax reset ipsec statistics tunnel id tunnel id Views User view Predefined user roles network admin Parameters tunnel...

Страница 2295: ...d according to this IPsec policy and the associated static routes To display the static routes created by RRI use the display ip routing table command Examples Enable IPsec RRI to create a static rout...

Страница 2296: ...g to this IPsec policy and the associated static routes Examples Change the preference to 100 for static routes created by IPsec RRI Sysname system view Sysname ipsec policy 1 1 isakmp Sysname ipsec p...

Страница 2297: ...e Syntax sa duration time based seconds traffic based kilobytes undo sa duration time based traffic based Default The SA lifetime of an IPsec policy IPsec policy template or IPsec profile is the curre...

Страница 2298: ...key authentication to delete an authentication key for a manual IPsec SA Syntax sa hex key authentication inbound outbound ah esp cipher simple string undo sa hex key authentication inbound outbound a...

Страница 2299: ...bccddeeff00 and 0xaabbccddeeff001100aabbccddeeff00 for the inbound and outbound SAs that use AH Sysname system view Sysname ipsec policy policy1 100 manual Sysname ipsec policy manual policy1 100 sa h...

Страница 2300: ...rofile to be applied to an IPv6 routing protocol the local encryption keys of the inbound and outbound SAs must be identical The keys for the IPsec SAs at the two tunnel ends must be configured in the...

Страница 2301: ...command takes precedence over the global IPsec SA timeout configured by the ipsec sa idle time command If the IPsec policy IPsec policy template or IPsec profile is not configured with the SA idle tim...

Страница 2302: ...lines The local inbound and outbound SAs must use the same SPI The IPsec SAs on the devices in the same scope must have the same SPI The scope is defined by protocols For OSPFv3 the scope consists of...

Страница 2303: ...the same format either in hexadecimal or character format Otherwise they cannot establish an IPsec tunnel When you configure an IPsec profile for an IPv6 routing protocol follow these guidelines The...

Страница 2304: ...mode One IPsec tunnel protects one data flow The data flow permitted by an ACL rule is protected by one IPsec tunnel that is established solely for it The standard mode is used if you do not specify t...

Страница 2305: ...t failure encrypt failure global invalid sa failure no sa failure policy add policy attach policy delete policy detach tunnel start tunnel stop undo snmp agent trap enable ipsec auth failure decrypt f...

Страница 2306: ...sec globally Sysname system view Sysname snmp agent trap enable ipsec global Enable SNMP notifications for events of creating IPsec tunnels Sysname snmp agent trap enable ipsec tunnel start tfc enable...

Страница 2307: ...age guidelines You can specify only one IPsec transform set for a manual IPsec policy If you execute this command multiple times the most recent configuration takes effect You can specify a maximum of...

Страница 2308: ...61 ipsec transform set...

Страница 2309: ...FIPS mode authentication algorithm sha sha256 sha384 sha512 undo authentication algorithm Default In non FIPS mode The IKE proposal uses the HMAC SHA1 authentication algorithm In FIPS mode The IKE pro...

Страница 2310: ...ture authentication does and it is usually used in a simple network Signature authentication provides higher security and it is usually deployed in a large scale network such as a network with many br...

Страница 2311: ...ation On the initiator If the IKE profile has a PKI domain and the automatic certificate request mode is configured for the PKI domain the initiator automatically obtains the CA certificate If the IKE...

Страница 2312: ...itive string of 1 to 80 characters Usage guidelines When multiple IKE proposals exist you configure different descriptions for them to distinguish them Examples Configure a description of test for IKE...

Страница 2313: ...ity but needs more time for processing To achieve the best trade off between processing performance and security choose a proper Diffie Hellman group for your network Examples Specify the 2048 bit Dif...

Страница 2314: ...SHA256 algorithm SHA384 HMAC SHA384 algorithm SHA512 HMAC SHA512 algorithm Encryption algorithm Encryption algorithm used by the IKE proposal 3DES CBC 168 bit 3DES algorithm in CBC mode AES CBC 128 12...

Страница 2315: ...splays summary information about all IKE SAs Examples Display summary information about all IKE SAs Sysname display ike sa Connection ID Remote Flag DOI 1 202 38 0 2 RD IPsec Flags RD READY RL REPLACE...

Страница 2316: ...d information about the IKE SA with a remote address of 4 4 4 5 Sysname display ike sa verbose remote address 4 4 4 5 Connection ID 2 Outside VPN Inside VPN Profile prof1 Transmitting entity Initiator...

Страница 2317: ...e IKE proposal MD5 HMAC MD5 algorithm SHA1 HMAC SHA1 algorithm SHA256 HMAC SHA256 algorithm SHA384 HMAC SHA384 algorithm SHA512 HMAC SHA512 algorithm Encryption algorithm Encryption algorithm used by...

Страница 2318: ...ation failure 0 Invalid flags 0 Invalid message id 0 Invalid cookie 0 Invalid transform ID 0 Malformed payload 0 Invalid key information 0 Invalid hash information 0 Unsupported attribute 0 Unsupporte...

Страница 2319: ...h consumes more bandwidth and CPU When DPD settings are configured in both IKE profile view and system view the DPD settings in IKE profile view apply If DPD is not configured in IKE profile view the...

Страница 2320: ...key for encryption aes cbc 256 Specifies the AES algorithm in CBC mode The AES algorithm uses a 256 bit key for encryption des cbc Specifies the DES algorithm in CBC mode The DES algorithm uses a 56 b...

Страница 2321: ...e proposal ike dpd Use ike dpd to configure global IKE DPD Use undo ike dpd to disable global IKE DPD Syntax ike dpd interval interval retry seconds on demand periodic undo ike dpd interval Default Gl...

Страница 2322: ...al identity used by the local end during IKE negotiations Use undo ike identity to restore the default Syntax ike identity address ipv4 address ipv6 ipv6 address dn fqdn fqdn name user fqdn user fqdn...

Страница 2323: ...enable to enable invalid security parameter index SPI recovery Use undo ike invalid spi recovery enable to disable invalid SPI recovery Syntax ike invalid spi recovery enable undo ike invalid spi reco...

Страница 2324: ...seconds between IKE keepalives in the range of 20 to 28800 Usage guidelines To detect the status of the peer configure IKE DPD instead of the IKE keepalive feature unless IKE DPD is not supported on t...

Страница 2325: ...alive timeout time to 20 seconds Sysname system view Sysname ike keepalive timeout 20 Related commands ike keepalive interval ike keychain Use ike keychain to create an IKE keychain and enter its view...

Страница 2326: ...the maximum number of half open IKE SAs and IPsec SAs The value range for the negotiation limit argument is 1 to 99999 max sa sa limit Specifies the maximum number of established IKE SAs The value ran...

Страница 2327: ...ct only for a device that resides in the private network behind a NAT gateway The device behind the NAT gateway needs to send NAT keepalives to its peer to keep the NAT session alive so that the peer...

Страница 2328: ...de Authentication method Preshared key authentication DH group 768 bit Diffie Hellman group in non FIPS mode and 2048 bit Diffie Hellman group in FIPS mode IKE SA lifetime 86400 seconds You cannot cha...

Страница 2329: ...ntity from certificate Default The local end uses the identity information specified by the local identity or ike identity command for signature authentication Views System view Predefined user roles...

Страница 2330: ...age guidelines This command determines where the device should forward received IPsec protected data If you configure this command the device looks for a route in the specified VPN instance to forward...

Страница 2331: ...rofile uses the local ID configured in system view by using the ike identity command If the local ID is not configured in system view the IKE profile uses the IP address of the interface to which the...

Страница 2332: ...name system view Sysname ike profile prof1 Sysname ike profile prof1 local identity address 2 2 2 2 Related commands match remote ike identity match local address IKE keychain view Use match local add...

Страница 2333: ...d to restrict the application scope of IKE keychain B to address 3 3 3 3 Examples Create IKE keychain key1 Sysname system view Sysname ike keychain key1 Apply IKE keychain key1 to IP address 2 2 2 2 s...

Страница 2334: ...earlier To use IKE profile B you can use this command to restrict the application scope of IKE profile B to address 3 3 3 3 Examples Create IKE profile prof1 Sysname system view Sysname ike profile pr...

Страница 2335: ...www test com user fqdn user fqdn name Uses the peer s user FQDN as the peer ID for IKE profile matching The user fqdn name argument is a case sensitive string of 1 to 255 characters such as adc test c...

Страница 2336: ...s of the peer mask Specifies the mask in dotted decimal notation The default mask is 255 255 255 255 mask length Specifies the mask length in the range of 0 to 32 The default mask length is 32 ipv6 Sp...

Страница 2337: ...iation with peer 1 1 1 2 to 123456TESTplat Sysname ike keychain key1 pre shared key address 1 1 1 2 255 255 255 255 key simple 123456TESTplat Related commands authentication method keychain priority I...

Страница 2338: ...iority of an IKE profile the device examines the existence of the match local address command before examining the priority number An IKE profile with the match local address command configured has a...

Страница 2339: ...amples Specify IKE proposal 10 for IKE profile prof1 Sysname system view Sysname ike profile prof1 Sysname ike profile prof1 proposal 10 Related commands ike proposal reset ike sa Use reset ike sa to...

Страница 2340: ...cs Views User view Predefined user roles network admin Examples Clears IKE MIB statistics Sysname reset ike statistics Related commands snmp agent trap enable ike sa duration Use sa duration to set th...

Страница 2341: ...invalid id invalid proposal invalid protocol invalid sign no sa failure proposal add proposal delete tunnel start tunnel stop unsupport exch type undo snmp agent trap enable ike attr not support auth...

Страница 2342: ...notifications about events of deleting IKE proposals tunnel start Specifies notifications about events of creating IKE tunnels tunnel stop Specifies notifications about events of deleting IKE tunnels...

Страница 2343: ...Pv4 address in the range of 0 to 32 ipv6 ipv6 address Specifies the IPv6 address of the IKEv2 peer prefix length Specifies the prefix length of the IPv6 address in the range of 0 to 128 Usage guidelin...

Страница 2344: ...od rsa signature Specifies the RSA signatures as the identity authentication method Usage guidelines The local and remote identity authentication methods must both be specified and they can be differe...

Страница 2345: ...Specifies a PKI domain by its name a case insensitive string of 1 to 31 characters sign Uses the local certificate in the PKI domain to generate a signature verify Uses the CA certificate in the PKI d...

Страница 2346: ...cept the configuration set payload carried in Info messages send Enables the device to send Info messages carrying the configuration set payload Usage guidelines The configuration exchange feature ena...

Страница 2347: ...oup2 Uses the 1024 bit Diffie Hellman group group5 Uses the 1536 bit Diffie Hellman group group14 Uses the 2048 bit Diffie Hellman group group24 Uses the 2048 bit Diffie Hellman group with the 256 bit...

Страница 2348: ...Ev2 policy Usage guidelines If you do not specify any parameters this command displays the configuration of all IKEv2 policies Examples Display the configuration of all IKEv2 policies Sysname display...

Страница 2349: ...case insensitive string of 1 to 63 characters If you do not specify an IKEv2 profile this command displays the configuration of all IKEv2 profiles Examples Display the configuration of all IKEv2 prof...

Страница 2350: ...rifying the remote end s certificate SA duration Lifetime of the IKEv2 SA DPD DPD settings Detection interval in seconds Retry interval in seconds Detection mode on demand or periodically If DPD is di...

Страница 2351: ...ntegrity MD5 SHA256 AES XCBC MAC PRF MD5 SHA256 AES XCBC MAC DH Group MODP1024 Group2 MODP1536 Group5 IKEv2 proposal default Encryption AES CBC 128 3DES CBC Integrity SHA1 MD5 PRF SHA1 MD5 DH Group MO...

Страница 2352: ...s keyword the command displays the summary information tunnel tunnel id Displays detailed IKEv2 SA information for an IPsec tunnel The tunnel id argument specifies an IPsec tunnel by its ID in the ran...

Страница 2353: ...Remote ID type FQDN Remote ID device_b Auth sign method Pre shared key Auth verify method Pre shared key Integrity algorithm HMAC_MD5 PRF algorithm HMAC_MD5 Encryption algorithm AES CBC 192 Life durat...

Страница 2354: ...Local window 1 Remote window 1 Local request message ID 2 Remote request message ID 2 Local next message ID 0 Remote next message ID 0 Pushed IP address 192 168 1 5 Assigned IP address 192 168 2 24 Ta...

Страница 2355: ...ed in IKEv2 key negotiation NAT traversal Whether a NAT gateway is detected between the local and remote ends DPD DPD settings Detection interval in seconds Retry interval in seconds If DPD is disable...

Страница 2356: ...ayload 0 Authentication failed 0 Single pair required 0 TS unacceptable 0 Invalid selectors 0 Temporary failure 0 No child SA 0 Unknown other notify 0 No enough resource 0 Enqueue error 0 No IKEv2 SA...

Страница 2357: ...number of IKEv2 peers For an earlier detection of dead peers use the periodic triggering mode which consumes more bandwidth and CPU The triggering interval must be longer than the retry interval so t...

Страница 2358: ...a 128 bit key camellia cbc 192 Specifies the Camellia algorithm in CBC mode which uses a 192 bit key camellia cbc 256 Specifies the Camellia algorithm in CBC mode which uses a 256 bit key des cbc Spec...

Страница 2359: ...host name test of the IKEv2 peer Sysname ikev2 keychain key1 peer peer1 hostname test Related commands ikev2 keychain peer identity Use identity to specify the ID of an IKEv2 peer Use undo identity t...

Страница 2360: ...chain key1 Create an IKEv2 peer named peer1 Sysname ikev2 keychain key1 peer peer1 Specify IPv4 address 1 1 1 2 as the ID of the IKEv2 peer Sysname ikev2 keychain key1 peer peer1 identity address 1 1...

Страница 2361: ...hallenge to enable the cookie challenging feature Use undo ikev2 cookie challenge to disable the cookie challenging feature Syntax ikev2 cookie challenge number undo ikev2 cookie challenge Default The...

Страница 2362: ...egular intervals The device triggers DPD at the specified interval Usage guidelines DPD is triggered periodically or on demand As a best practice use the on demand mode when the device communicates wi...

Страница 2363: ...ring of 1 to 63 characters and cannot contain a hyphen Usage guidelines An IKEv2 keychain is required on both ends if either end uses preshared key authentication The preshared key configured on both...

Страница 2364: ...Predefined user roles network admin Parameters policy name Specifies a name for the IKEv2 policy The policy name is a case insensitive string of 1 to 63 characters Usage guidelines Each end must have...

Страница 2365: ...rofiles exist Views System view Predefined user roles network admin Parameters profile name Specifies a name for the IKEv2 profile The profile name is a case insensitive string of 1 to 63 characters U...

Страница 2366: ...uidelines An IKEv2 proposal contains security parameters used in IKE_SA_INIT exchanges including the encryption algorithms integrity protection algorithms PRF algorithms and DH groups An IKEv2 proposa...

Страница 2367: ...determines where the device should forward received IPsec packets after it de encapsulates them If you configure this command the device looks for a route in the specified VPN instance to forward the...

Страница 2368: ...n IKEv2 proposal Otherwise the proposal is incomplete and useless You can specify multiple integrity protection algorithms for an IKEv2 proposal An algorithm specified earlier has a higher priority Ex...

Страница 2369: ...profile view Use match local to specify a local interface or a local IP address to which an IKEv2 profile can be applied Use undo match local to remove a local interface or a local IP address to whic...

Страница 2370: ...IKEv2 profile B to IPv4 address 3 3 3 3 You can specify multiple applicable local interfaces or IP addresses for an IKEv2 profile Examples Create an IKEv2 profile named profile1 Sysname system view S...

Страница 2371: ...ertificate policy name identity address ipv4 address mask mask length range low ipv4 address high ipv4 address ipv6 ipv6 address prefix length range low ipv6 address high ipv6 address fqdn fqdn name e...

Страница 2372: ...c string for doing proprietary types of identification Usage guidelines The device compares the received peer ID with the peer IDs configured in local IKEv2 profiles If a match is found it uses the IK...

Страница 2373: ...the interface belongs The responder looks up an IKEv2 policy by the IP address of the interface that receives the IKEv2 packet and the VPN instance to which the interface belongs IKEv2 policies with t...

Страница 2374: ...he VPN instance that the IKEv2 profile belongs to Sysname ikev2 profile profile1 match vrf name vrf1 Related commands match remote nat keepalive Use nat keepalive to set the NAT keepalive interval Use...

Страница 2375: ...IKEv2 peer The peer name is a case insensitive string of 1 to 63 characters Usage guidelines An IKEv2 peer contains a preshared key and the criteria for looking up the peer The criteria for peer look...

Страница 2376: ...t form is a string of 15 to 128 characters and its encrypted form is a string of 15 to 201 characters Usage guidelines If you specify the local or remote keyword you configure an asymmetric key If you...

Страница 2377: ...telecom peer peer1 quit Create an IKEv2 peer named peer2 Sysname ikev2 keychain telecom peer peer2 Configure asymmetric plaintext preshared keys The key for certificate signing is 111 key b and the ke...

Страница 2378: ...5 as the PRF algorithms with HMAC SHA1 preferred Sysname ikev2 proposal prop1 prf sha1 md5 Related commands ikev2 proposal integrity priority IKEv2 policy view Use priority to set a priority for an IK...

Страница 2379: ...ity of the IKEv2 profile in the range of 1 to 65535 A smaller number represents a higher priority Usage guidelines The priority set by this command can only be used to adjust the match order of IKEv2...

Страница 2380: ...es network admin Parameters local Deletes IKEv2 SAs for a local IP address remote Deletes IKEv2 SAs for a remote IP address ipv4 address Specifies a local or remote IPv4 address ipv6 ipv6 address Spec...

Страница 2381: ...IKEv2 SA whose remote IP address is 1 1 1 2 Sysname reset ikev2 sa remote 1 1 1 2 Display information about IKEv2 SAs again Verify that the IKEv2 SA is deleted Sysname display ikev2 sa Tunnel ID Local...

Страница 2382: ...re its lifetime expires saving a lot of negotiation time However the longer the lifetime the higher the possibility that attackers collect enough information and initiate attacks Two peers can have di...

Страница 2383: ...ge enable 12 ssh server pki domain 13 ssh server port 14 ssh server rekey interval 14 ssh user 15 SSH client commands 18 bye 18 cd 18 cdup 19 delete 19 delete ssh client server public key 20 dir 20 di...

Страница 2384: ...urce 53 ssh2 54 ssh2 ipv6 57 ssh2 ipv6 suite b 60 ssh2 suite b 62 SSH2 commands 64 display ssh2 algorithm 64 ssh2 algorithm cipher 65 ssh2 algorithm key exchange 66 ssh2 algorithm mac 67 ssh2 algorith...

Страница 2385: ...Specifies the SSH server sessions status Specifies the SSH server status Examples Display the SSH server status Sysname display ssh server status Stelnet server Disable SSH version 2 0 SSH authenticat...

Страница 2386: ...name 184 0 2 0 aes128 cbc Established 1 Stelnet abc 123 Table 2 Command output Field Description UserPid User process ID SessID Session ID Ver Protocol version of the SSH server Encrypt Encryption alg...

Страница 2387: ...2 Username Authentication type User public key name Service type yemx password Stelnet SFTP test publickey pubkey SFTP Table 3 Command output Field Description Total ssh users Total number of SSH use...

Страница 2388: ...rocess ID of an SSH session use the display ssh server session command username username Specifies the username of the SSH session to be disconnected To view the username of an SSH session use the dis...

Страница 2389: ...server Syntax sftp server enable undo sftp server enable Default The SFTP server is disabled Views System view Predefined user roles network admin Examples Enable the SFTP server Sysname system view...

Страница 2390: ...cify an ACL to control IPv4 SSH connections to the server Use undo ssh server acl to restore the default Syntax ssh server acl advanced acl number basic acl number mac mac acl number undo ssh server a...

Страница 2391: ...CL Use undo ssh server acl deny log enable to disable logging for SSH login attempts that are denied by the SSH login control ACL Syntax ssh server acl deny log enable undo ssh server acl deny log ena...

Страница 2392: ...per limit specified in this command further authentication is not allowed For any authentication an authentication attempt is a publickey or password authentication process For password publickey auth...

Страница 2393: ...tions set the authentication timeout timer to a small value Examples Set the authentication timeout timer to 10 seconds for SSH users Sysname system view Sysname ssh server authentication timeout 10 R...

Страница 2394: ...rver dscp to restore the default Syntax ssh server dscp dscp value undo ssh server dscp Default The DSCP value is 48 in IPv4 SSH packets Views System view Predefined user roles network admin Parameter...

Страница 2395: ...in Parameters ipv6 Specifies the IPv6 ACL type advanced acl number Specifies an IPv6 advanced ACL number in the range of 3000 to 3999 basic acl number Specifies an IPv6 basic ACL number in the range o...

Страница 2396: ...fault Syntax ssh server ipv6 dscp dscp value undo ssh server ipv6 dscp Default The DSCP value is 48 in IPv6 SSH packets Views System view Predefined user roles network admin Parameters dscp value Spec...

Страница 2397: ...nge with SSH clients This command takes effect only on new SSH connections that are established after the command is configured and it does not affect existing SSH connections Examples Enable SSH algo...

Страница 2398: ...ort number when the SSH server is enabled the SSH service is restarted and all SSH connections are terminated after the modification SSH users must reconnect to the SSH server to access the server If...

Страница 2399: ...pair 2 Uses the updated RSA server key pair for key pair negotiation with the new user 3 Resets the interval and starts to count down the interval again This command takes effect only on SSH1 clients...

Страница 2400: ...ation process is the same as the password authentication password Specifies password authentication This authentication method provides easy and fast encryption but it is vulnerable It can work with A...

Страница 2401: ...the SSH server and perform one of the following tasks For local authentication configure a local user on the SSH server For remote authentication configure an SSH user on a remote authentication serve...

Страница 2402: ...directory flash user role network admin Related commands authorization attribute display ssh user information local user pki domain SSH client commands bye Use bye to terminate the connection with th...

Страница 2403: ...working directory new1 sftp cdup Use cdup to return to the upper level directory Syntax cdup Views SFTP client view Predefined user roles network admin Example Return to the upper level directory fro...

Страница 2404: ...ress of the server whose public key information will be deleted If you do not specify a server IP address this command deletes the public keys of all servers from the client s public key file Examples...

Страница 2405: ...the current directory including the files and subdirectories with names starting with dots sftp dir a drwxrwxrwx 2 1 1 512 Dec 18 14 12 drwxrwxrwx 2 1 1 512 Dec 18 14 12 rwxrwxrwx 1 1 1 301 Dec 18 14...

Страница 2406: ...play ssh client server public key Use display ssh client server public key to display server public key information saved in the public key file of the SSH client Syntax display ssh client server publ...

Страница 2407: ...RR 9Y8fI2b4tS7PoNf QKDVD7XnoiZ dqd0tnnRf6GV 74cp8ZEUQdAoTeDzzaAh 7t6FbxrNrQ Display the public key of server 2 2 2 1 saved in the public key file of the SSH client Sysname display ssh client server pu...

Страница 2408: ...e The source IP address of the SSH client is 192 168 0 1 The source IPv6 address of the SSH client is 2 2 2 2 Related commands ssh client ipv6 source ssh client source exit Use exit to terminate the S...

Страница 2409: ...0 00 help Use help to display help information on the SFTP client Syntax help Views SFTP client view Predefined user roles network admin network operator Usage guidelines This command has the same fun...

Страница 2410: ...t excluding the files and subdirectories with names starting with dots remote path Specifies the name of the directory to be queried If you do not specify this argument the command displays informatio...

Страница 2411: ...load a local file to the SFTP server Syntax put local file remote file Views SFTP client view Predefined user roles network admin Parameters local file Specifies the name of a local file remote file S...

Страница 2412: ...inate the SFTP connection and return to user view Syntax quit Views SFTP client view Predefined user roles network admin network operator Usage guidelines This command has the same function as the bye...

Страница 2413: ...cifies the name of an existing file or directory newname Specifies a new name for the existing file or directory Examples Change the name of a file on the SFTP server from temp1 c to temp2 c sftp dir...

Страница 2414: ...nstance name put get source file name destination file name identity key ecdsa sha2 nistp256 ecdsa sha2 nistp384 rsa x509v3 ecdsa sha2 nistp256 x509v3 ecdsa sha2 nistp384 pki domain domain name prefer...

Страница 2415: ...fy this option for the client to get the correct local certificate prefer compress Specifies the preferred compression algorithm for data compression between the server and the client By default compr...

Страница 2416: ...s dots angle brackets quotation marks and apostrophes source Specifies a source IPv4 address or source interface for SCP packets By default the device uses the primary IPv4 address of the output inter...

Страница 2417: ...v6 ipv6 address undo scp client ipv6 source Default The source IPv6 address for outgoing SCP packets is not configured The SCP client automatically selects an IPv6 address for outgoing SCP packets in...

Страница 2418: ...ber Specifies a source interface by its type and number The SCP client uses the primary IPv4 address of the interface as the source address of outgoing SCP packets ip ip address Specifies a source IPv...

Страница 2419: ...x509v3 ecdsa sha2 nistp384 pki domain domain name prefer compress zlib prefer ctos cipher aes128 cbc aes128 ctr aes128 gcm aes192 ctr aes256 cbc aes256 ctr aes256 gcm prefer ctos hmac sha1 sha1 96 sha...

Страница 2420: ...y algorithm is used you must specify this option for the client to get the correct local certificate prefer compress Specifies the preferred compression algorithm for data compression between the serv...

Страница 2421: ...ckslashes vertical bars colons dots angle brackets quotation marks and apostrophes source Specifies a source IPv6 address or source interface for IPv6 SCP packets By default the device automatically s...

Страница 2422: ...estination file name suite b 128 bit 192 bit pki domain domain name server pki domain domain name prefer compress zlib source interface interface type interface number ipv6 ipv6 address user username...

Страница 2423: ...ult compression is not supported zlib Specifies compression algorithm zlib source Specifies a source IPv6 address or source interface for IPv6 SCP packets By default the device automatically selects a...

Страница 2424: ...he server in the range of 1 to 65535 The default is 22 vpn instance vpn instance name Specifies the MPLS L3VPN instance to which the server belongs The vpn instance name argument represents the VPN in...

Страница 2425: ...address Specifies a source IPv4 address user username Specifies an SCP username a case sensitive string of 1 to 80 characters If the username contains an ISP domain name use the pureusername domain p...

Страница 2426: ...2 512 prefer kex dh group14 sha1 ecdh sha2 nistp256 ecdh sha2 nistp384 prefer stoc cipher aes128 cbc aes128 ctr aes128 gcm aes192 ctr aes256 cbc aes256 ctr aes256 gcm prefer stoc hmac sha1 sha1 96 sha...

Страница 2427: ...CTR aes256 cbc Specifies encryption algorithm AES256 CBC aes256 ctr Specifies encryption algorithm AES256 CTR aes256 gcm Specifies encryption algorithm AES256 GCM des cbc Specifies encryption algorith...

Страница 2428: ...v4 address of a loopback interface as the source address interface interface type interface number Specifies a source interface by its type and number The primary IPv4 address of this interface is the...

Страница 2429: ...sftp ipv6 command takes effect only on the current IPv6 SFTP connection If you specify the source IPv6 address both in this command and the sftp ipv6 command the source IPv6 address specified in the s...

Страница 2430: ...IPv6 SFTP server and enter SFTP client view Syntax In non FIPS mode sftp ipv6 server port number vpn instance vpn instance name i interface type interface number identity key dsa ecdsa sha2 nistp256 e...

Страница 2431: ...algorithm for publickey authentication of the client The default is DSA in non FIPS mode and is RSA in FIPS mode If the server uses publickey authentication you must specify this keyword The client g...

Страница 2432: ...ies key exchange algorithm diffie hellman group exchange sha1 dh group1 sha1 Specifies key exchange algorithm diffie hellman group1 sha1 dh group14 sha1 Specifies key exchange algorithm diffie hellman...

Страница 2433: ...PKI domain of its own certificate to verify the server s certificate Examples Connect an SFTP client to SFTP server 2000 1 and specify the public key of the server as svkey The SFTP client uses public...

Страница 2434: ...e brackets quotation marks and apostrophes If you do not specify the server s PKI domain the client uses the PKI domain of its own certificate to verify the server s certificate prefer compress Specif...

Страница 2435: ...case sensitive string of 1 to 31 characters suite b Specifies the Suite B algorithms If neither the 128 bit keyword nor the 192 bit keyword is specified all algorithms in Suite B are used For more inf...

Страница 2436: ...HMAC algorithm Public key algorithm 128 bit ecdh sha2 nistp256 AES128 GCM x509v3 ecdsa sha2 nistp256 192 bit ecdh sha2 nistp384 AES256 GCM x509v3 ecdsa sha2 nistp384 Both ecdh sha2 nistp256 ecdh sha2...

Страница 2437: ...client ipv6 source ipv6 2 2 2 2 Related commands display ssh client source ssh client source Use ssh client source to configure the source IPv4 address for SSH packets that are sent by the Stelnet cl...

Страница 2438: ...sha1 ecdh sha2 nistp256 ecdh sha2 nistp384 prefer stoc cipher 3des cbc aes128 cbc aes128 ctr aes128 gcm aes192 ctr aes256 cbc aes256 ctr aes256 gcm des cbc prefer stoc hmac md5 md5 96 sha1 sha1 96 sh...

Страница 2439: ...ame argument is a case insensitive string of 1 to 31 characters When the x509v3 public key algorithm is used you must specify this option for the client to get the correct local certificate prefer com...

Страница 2440: ...ransmission priority of the packet escape character Specifies a case sensitive escape character By default the escape character is a tilde public key keyname Specifies the host public key of the serve...

Страница 2441: ...r stoc hmac sha1 96 prefer compress zlib public key svkey escape ssh2 ipv6 Use ssh2 ipv6 to establish a connection to an IPv6 Stelnet server Syntax In non FIPS mode ssh2 ipv6 server port number vpn in...

Страница 2442: ...ord The client generates the digital signature or certificate by using the local private key that is associated with the specified algorithm dsa Specifies public key algorithm DSA ecdsa sha2 nistp256...

Страница 2443: ...nistp256 Specifies key exchange algorithm ecdh sha2 nistp256 ecdh sha2 nistp384 Specifies key exchange algorithm ecdh sha2 nistp384 prefer stoc cipher Specifies the preferred server to client encrypti...

Страница 2444: ...domain domain name option The client uses the CA certificate stored in the specified PKI domain to verify the server s certificate and does not need to save the server s public key before authenticati...

Страница 2445: ...ver pki domain domain name Specifies the PKI domain for verifying the server s certificate The domain name argument represents the PKI domain name a case insensitive string of 1 to 31 characters Inval...

Страница 2446: ...bit Suite B algorithms to establish a connection to Stelnet server 2000 1 Specify the client s PKI domain and the server s PKI domain as clientpkidomain and serverpkidomain respectively Sysname ssh2...

Страница 2447: ...the default value is 48 The DSCP value determines the transmission priority of the packet escape character Specifies a case sensitive escape character By default the escape character is a tilde sourc...

Страница 2448: ...the algorithm negotiation stage Sysname display ssh2 algorithm Key exchange algorithms ecdh sha2 nistp256 ecdh sha2 nistp384 dh group exchange sha1 dh group14 sha1 dh group1 sha1 Public key algorithms...

Страница 2449: ...GCM AES256 GCM AES128 CBC 3DES CBC AES256 CBC and DES CBC in descending order of priority for algorithm negotiation Views System view Predefined user roles network admin Parameters 3des cbc Specifies...

Страница 2450: ...orithm key exchange Default SSH2 uses key exchange algorithms ecdh sha2 nistp256 ecdh sha2 nistp384 diffie hellman group exchange sha1 diffie hellman group14 sha1 and diffie hellman group1 sha1 in des...

Страница 2451: ...sha2 512 undo ssh2 algorithm mac Default SSH2 uses HMAC algorithms SHA2 256 SHA2 512 SHA1 MD5 SHA1 96 and MD5 96 in descending order of priority for algorithm negotiation Views System view Predefined...

Страница 2452: ...public key Default SSH2 uses public key algorithms x509v3 ecdsa sha2 nistp256 x509v3 ecdsa sha2 nistp384 ecdsa sha2 nistp256 ecdsa sha2 nistp384 RSA and DSA in descending order of priority for algorit...

Страница 2453: ...algorithm dsa as the public key algorithm for SSH2 Sysname system view Sysname ssh2 algorithm public key dsa Related commands display ssh2 algorithm ssh2 algorithm cipher ssh2 algorithm key exchange...

Страница 2454: ...y 4 display ssl client policy 5 display ssl server policy 6 pki domain SSL client policy view 7 pki domain SSL server policy view 7 prefer cipher 8 server verify enable 10 session 11 ssl client policy...

Страница 2455: ...roles network admin Usage guidelines This feature causes additional overheads in the SSL negotiation process Enable it only when the SSL client does not have the complete certificate chain to verify t...

Страница 2456: ...6_cbc_sha Specifies the cipher suite that uses key exchange algorithm DHE RSA data encryption algorithm 256 bit AES_CBC and MAC algorithm SHA dhe_rsa_aes_256_cbc_sha256 Specifies the cipher suite that...

Страница 2457: ...orithm SHA256 rsa_des_cbc_sha Specifies the cipher suite that uses key exchange algorithm RSA data encryption algorithm DES_CBC and MAC algorithm SHA rsa_rc4_128_md5 Specifies the cipher suite that us...

Страница 2458: ...SSL client authentication The SSL server requires an SSL client to submit its digital certificate for identity authentication The SSL client can access the SSL server only after it passes identity aut...

Страница 2459: ...licy1 undo client verify Related commands display ssl server policy display ssl client policy Use display ssl client policy to display SSL client policy information Syntax display ssl client policy po...

Страница 2460: ...er policies Examples Display information about the SSL server policy policy1 Sysname display ssl server policy policy1 SSL server policy policy1 PKI domain server domain Ciphersuites DHE_RSA_AES_128_C...

Страница 2461: ...ient policy the SSL client that uses the SSL client policy will obtain its digital certificate through the specified PKI domain Examples Specify PKI domain client domain for SSL client policy policy1...

Страница 2462: ...e_ecdsa_aes_128_cbc_sha256 ecdhe_ecdsa_aes_128_gcm_sha256 ecdhe_ecdsa_aes_256_cbc_sha384 ecdhe_ecdsa_aes_256_gcm_sha384 ecdhe_rsa_aes_128_cbc_sha256 ecdhe_rsa_aes_128_gcm_sha256 ecdhe_rsa_aes_256_cbc_...

Страница 2463: ...CM and MAC algorithm SHA384 ecdhe_rsa_aes_128_cbc_sha256 Specifies the cipher suite that uses key exchange algorithm ECDHE RSA data encryption algorithm 128 bit AES_CBC and MAC algorithm SHA256 ecdhe_...

Страница 2464: ...rity Commonly used MAC algorithms include MD5 and SHA When using a MAC algorithm the SSL server and the SSL client must use the same key Key exchange algorithms Implement secure exchange of the keys u...

Страница 2465: ...lient policy policy1 server verify enable Related commands display ssl client policy session Use session to set the maximum number of sessions that the SSL server can cache and the timeout time for ca...

Страница 2466: ...policy policy name undo ssl client policy policy name Default No SSL client policies exist Views System view Predefined user roles network admin Parameters policy name Specifies an SSL client policy...

Страница 2467: ...n renegotiation Sysname system view Sysname ssl renegotiation disable ssl server policy Use ssl server policy to create an SSL server policy and enter its view or enter the view of an existing SSL ser...

Страница 2468: ...n tls1 0 tls1 1 disable Default In non FIPS mode The SSL server supports SSL 3 0 TLS 1 0 TLS 1 1 and TLS 1 2 In FIPS mode The SSL server supports TLS 1 0 TLS 1 1 and TLS 1 2 Views System view Predefin...

Страница 2469: ...iews SSL client policy view Predefined user roles network admin Parameters ssl3 0 Specifies SSL 3 0 tls1 0 Specifies TLS 1 0 tls1 1 Specifies TLS 1 1 tls1 2 Specifies TLS 1 2 Usage guidelines To ensur...

Страница 2470: ...i Contents Attack detection and prevention commands 1 attack defense login reauthentication delay 1 attack defense tcp fragment enable 1...

Страница 2471: ...eriod in the range of 4 to 60 seconds Usage guidelines The login delay feature delays the device to accept a login request from a user after the user fails a login attempt This feature can slow down l...

Страница 2472: ...fragments First fragments in which the TCP header is smaller than 20 bytes Non first fragments with a fragment offset of 8 bytes FO 1 TCP fragment attack prevention takes precedence over single packet...

Страница 2473: ...i Contents TCP attack prevention commands 1 tcp anti naptha enable 1 tcp check state interval 1 tcp state 2...

Страница 2474: ...tate exceeds the limit the device will accelerate the aging of the TCP connections in that state The check interval is set by the tcp check state interval command The TCP connection limits are set by...

Страница 2475: ...em view Sysname tcp check state interval 40 Related commands tcp anti naptha enable tcp state tcp state Use tcp state to set the maximum number of TCP connections in a state Use undo tcp state to rest...

Страница 2476: ...This command takes effect after you enable Naptha attack prevention If the number of TCP connections in a state exceeds the limit the device will accelerate the aging of the TCP connections in the sta...

Страница 2477: ...urce excluded 2 display ipv6 source binding 3 display ipv6 source binding pd 5 ip source binding interface view 6 ip source binding system view 7 ip verify source 8 ip verify source exclude 9 ipv6 sou...

Страница 2478: ...relay agent dhcp server Specifies IPv4SG bindings generated based on DHCP server dhcp snooping Specifies IPv4SG bindings generated based on DHCP snooping dot1x Specifies IPv4SG bindings generated base...

Страница 2479: ...filtering in IPSG or used by other modules to provide security services ARP snooping vlan Dynamically generated based on ARP snooping for the VLAN The binding is for packet filtering in IPSG 802 1X Dy...

Страница 2480: ...through VLAN 10 that have been configured to be excluded from IPSG filtering Sysname display ip verify source excluded vlan 3 Slot VLAN ID 3 Status Active Sysname display ip verify source excluded vl...

Страница 2481: ...in H H H format vlan vlan id Specifies a VLAN ID in the range of 1 to 4094 interface interface type interface number Specifies an interface by its type and number slot slot number Specifies an IRF mem...

Страница 2482: ...binding pd vpn instance vpn instance name prefix prefix prefix length mac address mac address vlan vlan id interface interface type interface number slot slot number Views Any views Predefined user r...

Страница 2483: ...ce Interface to which the IPv6SG prefix binding belongs This field displays N A for a global IPv6SG prefix binding or an IPv6SG prefix binding generated based on an ND RA prefix entry VLAN VLAN inform...

Страница 2484: ...ndings on an interface implement the following functions Filter incoming IPv4 packets on the interface Check user validity by cooperating with the ARP attack detection feature Examples Configure a sta...

Страница 2485: ...ip verify source Use ip verify source to enable IPv4SG on an interface Use undo ip verify source to disable IPv4SG on an interface Syntax ip verify source ip address ip address mac address mac addres...

Страница 2486: ...s display ip source binding ip verify source exclude Use ip verify source exclude to exclude IPv4 packets with the specified source items from IPSG filtering Use undo ip verify source exclude to remov...

Страница 2487: ...s ipv6 address mac address mac address mac address mac address vlan vlan id Default No static IPv6SG bindings exist on an interface Views Layer 2 Ethernet interface view Layer 3 aggregate subinterface...

Страница 2488: ...ings exist Views System view Predefined user roles network admin Parameters ipv6 address ipv6 address Specifies the IPv6 address for the static binding The IPv6 address cannot be an all zero address a...

Страница 2489: ...indings to match incoming packets on the interface Packets that match an IPv6SG binding are forwarded and packets that do not match any IPv6SG binding are discarded The matching criterion specified by...

Страница 2490: ...ce mac 10 ARP packet source MAC consistency check commands 11 arp valid check enable 11 ARP active acknowledgement commands 12 arp active ack enable 12 Authorized ARP commands 12 arp authorized enable...

Страница 2491: ...figure this command on the gateways Examples Enable ARP blackhole routing Sysname system view Sysname arp resolving route enable Related commands arp resolving route probe count arp resolving route pr...

Страница 2492: ...nterval to restore the default Syntax arp resolving route probe interval interval undo arp resolving route probe interval Default The device probes ARP blackhole routes every 1 second Views System vie...

Страница 2493: ...ssed per source IP address within 5 seconds Use undo arp source suppression limit to restore the default Syntax arp source suppression limit limit value undo arp source suppression limit Default The d...

Страница 2494: ...splay arp source suppression ARP source suppression is enabled Current suppression limit 100 Table 1 Command output Field Description Current suppression limit Maximum number of unresolvable packets t...

Страница 2495: ...disable logging for ARP packet rate limit Syntax arp rate limit log enable undo arp rate limit log enable Default Logging for ARP packet rate limit is disabled Views System view Predefined user roles...

Страница 2496: ...imit Examples Set the device to send notifications and log messages every 120 seconds when the rate of ARP packets received on an interface exceeds the limit Sysname system view Sysname arp rate limit...

Страница 2497: ...ndo arp source mac filter monitor Default The source MAC based ARP attack detection feature is disabled Views System view Predefined user roles network admin Parameters filter Specifies the filter han...

Страница 2498: ...Views System view Predefined user roles network admin Parameters time Sets the aging time for ARP attack entries in the range of 60 to 6000 seconds Examples Set the aging time for ARP attack entries...

Страница 2499: ...o disable logging for source MAC based ARP attack detection Syntax arp source mac log enable undo arp source mac log enable Default Logging for source MAC based ARP attack detection is disabled Views...

Страница 2500: ...erface interface type interface number slot slot number slot slot number Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Specif...

Страница 2501: ...ce Interface on which the attack was detected Aging time sec Aging time for the ARP attack entry in seconds ARP packet source MAC consistency check commands arp valid check enable Use arp valid check...

Страница 2502: ...ive acknowledgement Usage guidelines Configure this feature on gateways to prevent user spoofing In strict mode a gateway learns an entry only when ARP active acknowledgement is successful based on th...

Страница 2503: ...efault ARP attack detection is disabled Views VLAN view Predefined user roles network admin Examples Enable ARP attack detection for VLAN 2 Sysname system view Sysname vlan 2 Sysname vlan2 arp detecti...

Страница 2504: ...etwork Management and Monitoring Configuration Guide As a best practice disable this feature if the log generation affects the device performance Excessive number of logs not only affects the device p...

Страница 2505: ...ns an ID to the user validity check rule The ID value range is 0 to 511 A smaller value represents a higher priority deny Denies matching ARP packets permit Permits matching ARP packets ip ip address...

Страница 2506: ...onfigure an interface as an ARP trusted interface Use undo arp detection trust to restore the default Syntax arp detection trust undo arp detection trust Default An interface is an ARP untrusted inter...

Страница 2507: ...entical the packet is forwarded Otherwise the packet is discarded Usage guidelines You can specify more than one object to be checked in one command line If no keyword is specified the undo arp detect...

Страница 2508: ...is enabled in the following VLANs VLANs enabled with ARP attack detection If no VLANs are enabled with ARP attack detection this field displays ARP detection is not enabled in any VLANs Related comman...

Страница 2509: ...ands arp detection enable display arp detection statistics packet drop Use display arp detection statistics packet drop to display statistics for packets dropped by ARP attack detection Syntax display...

Страница 2510: ...invalid destination MAC address Inspect Number of ARP packets that failed to pass user validity check Related commands reset arp detection statistics packet drop reset arp detection statistics attack...

Страница 2511: ...isplay arp detection statistics packet drop ARP scanning and fixed ARP commands arp fixup Use arp fixup to convert existing dynamic ARP entries to static ARP entries Use undo arp fixup to convert vali...

Страница 2512: ...or the pps argument is 10 to 1000 and the value must be a multiple of 10 If you do not set the rate the device sends ARP requests to all IP addresses in the specified scanning range simultaneously Usa...

Страница 2513: ...sname interface vlan interface 2 Sysname Vlan interface2 arp scan 1 1 1 1 to 1 1 1 20 send rate 10 ARP gateway protection commands arp filter source Use arp filter source to enable ARP gateway protect...

Страница 2514: ...arameters ip address Specifies a permitted sender IP address mac address Specifies a permitted sender MAC address Usage guidelines If the sender IP and MAC addresses of an ARP packet match an ARP perm...

Страница 2515: ...ipv6 nd detection trust 4 reset ipv6 nd detection statistics 4 RA guard commands 5 display ipv6 nd raguard policy 5 display ipv6 nd raguard statistics 6 if match acl 7 if match autoconfig managed addr...

Страница 2516: ...then output log messages from different source modules to different destinations For more information about the information center see Network Management and Monitoring Configuration Guide As a best...

Страница 2517: ...v6 nd detection statistics to display statistics for ND messages dropped by ND attack detection Syntax display ipv6 nd detection statistics interface interface type interface number Views Any view Pre...

Страница 2518: ...ipv6 nd detection enable Default ND attack detection is disabled Views VLAN view Predefined user roles network admin Examples Enable ND attack detection for VLAN 10 Sysname system view Sysname vlan 10...

Страница 2519: ...nable ipv6 nd detection trust Use ipv6 nd detection trust to configure an interface as an ND trusted interface Use undo ipv6 nd detection trust to restore the default Syntax ipv6 nd detection trust un...

Страница 2520: ...icy by its name The policy name is a case sensitive string of 1 to 31 characters If you do not specify a policy this command displays the configuration of all RA guard policies Usage guidelines When y...

Страница 2521: ...ue of the advertised O flag is 0 if match hop limit maximum The maximum advertised hop limit match criterion if match hop limit minimum The minimum advertised hop limit match criterion if match prefix...

Страница 2522: ...ipv6 acl name undo if match acl Default No ACL match criterion exists Views RA guard policy view Predefined user roles network admin Parameters ipv6 acl number Specifies an IPv6 basic ACL by its numbe...

Страница 2523: ...ch criterion exists Views RA guard policy view Predefined user roles network admin Parameters off Specifies the advertised M flag as 0 on Specifies the advertised M flag as 1 Usage guidelines The M fl...

Страница 2524: ...O flag is set to 0 the host uses stateless autoconfiguration Examples Specify on as the M flag match criterion for RA guard policy policy1 Sysname system view Sysname ipv6 nd raguard policy policy1 S...

Страница 2525: ...erion exists Views RA guard policy view Predefined user roles network admin Parameters ipv6 acl number Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999 name ipv6 acl name Specifi...

Страница 2526: ...n high low Sets the maximum router preference to low An RA message passes the check if its router preference is not higher than low medium Sets the maximum router preference to medium An RA message pa...

Страница 2527: ...e VLAN tags RA guard uses the outermost VLAN tag to select the applied RA guard policy If the specified RA guard policy does not exist the command does not take effect Examples Apply RA guard policy p...

Страница 2528: ...le the RA guard logging feature Sysname system view Sysname ipv6 nd raguard log enable Related commands display ipv6 nd raguard statistics reset ipv6 nd raguard statistics ipv6 nd raguard policy Use i...

Страница 2529: ...to a router forwards all received RA messages Usage guidelines Make sure your setting is consistent with the device type If you are not aware of the attached device type do not specify a role for the...

Страница 2530: ...15 Examples Clear RA guard statistics Sysname reset ipv6 nd raguard statistics Related commands display ipv6 nd raguard statistics...

Страница 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...

Страница 2532: ...he device waits before deleting the DHCPv6 snooping entries and ND snooping entries for a down port Examples Set the entry deletion delay to 100 seconds Sysname system view Sysname ipv6 savi down dela...

Страница 2533: ...for filtering entries A log message contains the IPv6 address MAC address VLAN and interface of a filtering entry The device sends packet spoofing and filtering entry log messages to the information c...

Страница 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...

Страница 2535: ...mmands 1 display mac forced forwarding interface 1 display mac forced forwarding vlan 1 mac forced forwarding 2 mac forced forwarding gateway probe 3 mac forced forwarding network port 3 mac forced fo...

Страница 2536: ...arding interface Network Port GE1 0 1 GE1 0 2 User Port GE1 0 3 GE1 0 4 GE1 0 5 Table 1 Command output Field Description Network Port List of network ports User Port List of user ports Related command...

Страница 2537: ...e MFF and specify the default gateway Use undo mac forced forwarding to disable MFF Syntax mac forced forwarding default gateway gateway ip undo mac forced forwarding Default MFF is disabled Views VLA...

Страница 2538: ...be Default Periodic gateway probe is disabled Views VLAN view Predefined user roles network admin Usage guidelines Make sure you have enabled MFF before enabling periodic gateway probe The probe inter...

Страница 2539: ...ancel the network port configuration of a link aggregation member port in a MFF enabled VLAN remove the network port from the link aggregation group first For more information about link aggregation s...

Страница 2540: ...from the server to a host are not forwarded by the gateway However packets from a host to the server are forwarded by the gateway MFF does not check whether the IP address of a server is on the same...

Страница 2541: ...i Contents Crypto engine commands 1 display crypto engine 1 display crypto engine statistics 1 reset crypto engine statistics 3...

Страница 2542: ...256 sha2 384 sha2 512 md5 hmac sha1 hmac sha2 256 hmac sha2 384 hmac sha2 512 hmac aes xcbc aes xcbc hmac Asymmetric algorithms Random number generation function Supported Table 1 Command output Fiel...

Страница 2543: ...to engine ID 0 Submitted sessions 0 Failed sessions 0 Symmetric operations 0 Symmetric errors 0 Asymmetric operations 0 Asymmetric errors 0 Get random operations 0 Get random errors 0 Table 2 Command...

Страница 2544: ...gine id Specifies a crypto engine by its ID The switch supports only one software crypto engine and the engine ID can only be 0 slot slot number Specifies an IRF member device by its member ID Usage g...

Страница 2545: ...i Contents FIPS commands 1 display crypto version 1 display fips status 1 fips mode enable 2 fips self test 4...

Страница 2546: ...ples Display the version number of the current device algorithm base Sysname display crypto version 7 1 1 1 1 72 Table 1 Command output Field Description 7 1 1 1 1 72 Version number in the 7 1 X forma...

Страница 2547: ...security requirements and performs self tests on cryptography modules to verify that they are operating correctly After you execute the fips mode enable command the system provides the following meth...

Страница 2548: ...device by using the default non FIPS configuration file After the reboot you are directly logged into the device Manual reboot This method requires that you manually complete the configurations for en...

Страница 2549: ...iews System view Predefined user roles network admin Usage guidelines CAUTION A successful self test requires that all cryptographic algorithms pass the self test If the self test fails the device whe...

Страница 2550: ...verification passed Known answer test for ECDH passed Known answer test for random number generator x931 passed Known answer test for DRBG passed Known Answer tests in the user space passed Starting K...

Страница 2551: ...ant 1 dot1x supplicant anonymous identify 2 dot1x supplicant eap method 3 dot1x supplicant enable 4 dot1x supplicant mac address 4 dot1x supplicant password 5 dot1x supplicant ssl client policy 6 dot1...

Страница 2552: ...n about 802 1X clients on all interfaces Examples Display 802 1X authentication information about 802 1X clients on GigabitEthernet 1 0 1 Sysname display dot1x supplicant interface gigabitethernet 1 0...

Страница 2553: ...X client anonymous identifier exists Views Ethernet interface view Predefined user roles network admin Parameters identifier Specifies an 802 1X client anonymous identifier a case sensitive string of...

Страница 2554: ...on method Use undo dot1x supplicant eap method to restore the default Syntax dot1x supplicant eap method md5 peap gtc peap mschapv2 ttls gtc ttls mschapv2 undo dot1x supplicant eap method Default The...

Страница 2555: ...uthenticator before you use this command Examples Enable the 802 1X client feature on a port Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 dot1x supplicant e...

Страница 2556: ...MAC address as 0001 0001 0001 on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 dot1x supplicant mac address 1 1 1 dot1x supplicant pass...

Страница 2557: ...ts Usage guidelines If the PEAP MSCHAPv2 PEAP GTC TTLS MSCHAPv2 or TTLS GTC authentication is used the 802 1X authentication process is as follows The first phase The device acts as an SSL client to n...

Страница 2558: ...which the destination addresses are multicast MAC address 01 80 C2 00 00 03 unicast Specifies unicast mode for sending EAP Response and EAPOL Logoff packets Usage guidelines When the device acts as a...

Страница 2559: ...domain name or username domain name If you want to use backslash as the domain name delimiter you must enter the escape character along with the backslash sign If a username string includes multiple c...

Страница 2560: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series High Availability Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 2561: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 2562: ...close syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set...

Страница 2563: ...generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a...

Страница 2564: ...ardware model configuration or software version It is normal that the port numbers sample output screenshots and other information in the examples differ from what you have on your device Documentatio...

Страница 2565: ...mbol period window 16 oam global errored frame threshold 16 oam global errored frame window 17 oam global errored frame period threshold 18 oam global errored frame period window 19 oam global errored...

Страница 2566: ...plays Ethernet OAM connection information for all interfaces Examples Display Ethernet OAM connection information for all local interfaces Sysname display oam local GigabitEthernet1 0 1 Enable status...

Страница 2567: ...The way in which the local end processes Ethernet OAMPDUs RX_INFO The interface receives only Information OAMPDUs and does not send any Ethernet OAMPDUs LF_INFO The interface sends only Information O...

Страница 2568: ...DUs OAMPDU Total number of sent or received Ethernet OAMPDUs OAMInformation Number of sent or received Information OAMPDUs OAMEventNotification Number of sent or received Event notification OAMPDUs OA...

Страница 2569: ...rectional Indicates whether unidirectional transmission is supported Remote loopback Indicates whether Ethernet OAM remote loopback is supported Link events Indicates whether Ethernet OAM link error e...

Страница 2570: ...onfiguration Examples Display Ethernet OAM configuration globally and for interfaces that do not use the default configuration Sysname display oam configuration Global OAM timers Hello timer 1000 mill...

Страница 2571: ...d symbol event Errored frame Errored frame event Errored frame period Errored frame period event Errored frame seconds Errored frame seconds event Window Detection window configured for link events Th...

Страница 2572: ...ics for Ethernet OAM link error events for local or peer interfaces Syntax display oam link event local remote interface interface type interface number Views Any view Predefined user roles network ad...

Страница 2573: ...s OAM local errored frame seconds summary event Event time stamp 50022 x 100 milliseconds Errored frame seconds window 600 x 100 milliseconds Errored frame seconds threshold 1 error seconds Errored fr...

Страница 2574: ...al Total number of errored symbols Event running total Total number of errored symbol events that have occurred OAM local remote errored frame event Information about local remote end errored frame ev...

Страница 2575: ...errored frame seconds Event running total Total number of errored frame seconds events that have occurred Related commands reset oam oam enable Use oam enable to enable Ethernet OAM Use undo oam enab...

Страница 2576: ...Ethernet1 0 1 oam errored frame threshold 100 Related commands display oam configuration display oam link event oam global errored frame threshold oam errored frame window Use oam errored frame window...

Страница 2577: ...value undo oam errored frame period threshold Default An interface uses the global setting Views Layer 2 Ethernet interface view Predefined user roles network admin Parameters threshold value Specifie...

Страница 2578: ...ew takes effect only on the specified interface For an interface the configuration in interface view takes precedence Examples Set the errored frame period event detection window to 20000000 on Gigabi...

Страница 2579: ...o 100 on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 oam errored frame seconds threshold 100 Related commands display oam configurati...

Страница 2580: ...frame seconds period oam errored symbol period threshold Use oam errored symbol period threshold to set the errored symbol event triggering threshold Use undo oam errored symbol period threshold to r...

Страница 2581: ...ctual value is the value of this argument multiplied by 1000000 Usage guidelines The configuration in interface view takes effect only on the specified interface For an interface the configuration in...

Страница 2582: ...stem view Sysname oam global errored frame threshold 100 Related commands display oam configuration display oam link event oam errored frame threshold oam global errored frame window Use oam global er...

Страница 2583: ...reshold to restore the default Syntax oam global errored frame period threshold threshold value undo oam global errored frame period threshold Default The errored frame period event triggering thresho...

Страница 2584: ...guidelines The configuration in system view takes effect on all interfaces but has a lower precedence than the configuration in interface view Examples Set the errored frame period event detection win...

Страница 2585: ...event oam errored frame seconds threshold oam global errored frame seconds window oam global errored frame seconds window Use oam global errored frame seconds window to set the global errored frame s...

Страница 2586: ...bal errored symbol period threshold to restore the default Syntax oam global errored symbol period threshold threshold value undo oam global errored symbol period threshold Default The global errored...

Страница 2587: ...be a multiple of 1000000 Usage guidelines The configuration in system view takes effect on all interfaces but has a lower precedence than the configuration in interface view Examples Set the errored...

Страница 2588: ...view Sysname oam global timer hello 600 Related commands display oam configuration oam timer hello oam global timer keepalive Use oam global timer keepalive to configure the global Ethernet OAM conne...

Страница 2589: ...nabled Ethernet interface operates in active Ethernet OAM mode Views Layer 2 Ethernet interface view Predefined user roles network admin Parameters active Specifies the active Ethernet OAM mode passiv...

Страница 2590: ...nt Specifies a critical event dying gasp Specifies a fatal event link fault Specifies a link fault event error link down Terminates the OAM connection and sets the link state of the interface to down...

Страница 2591: ...net1 0 1 oam enable Sysname GigabitEthernet1 0 1 oam remote loopback start Related commands oam enable oam mode oam remote loopback interface oam remote loopback interface Use oam remote loopback star...

Страница 2592: ...st to configure an interface to reject the Ethernet OAM remote loopback request from a remote interface Use undo oam remote loopback reject request to restore the default Syntax oam remote loopback re...

Страница 2593: ...ion timeout timer to be at least five times the handshake packet transmission interval The configuration in interface view takes effect only on the specified interface For an interface the configurati...

Страница 2594: ...OAM connection timeout timer to 6000 milliseconds on GigabitEthernet 1 0 1 Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 oam timer keepalive 6000 Related co...

Страница 2595: ...auto detection 11 cfd loopback 12 cfd md 13 cfd mep 14 cfd meplist 15 cfd mip rule 16 cfd service instance 17 cfd slm 18 cfd tst 19 display cfd ais 20 display cfd ais track link status 22 display cfd...

Страница 2596: ...cfd ais level cfd ais period cfd ais level Use cfd ais level to configure the AIS frame transmission level Use undo cfd ais level to remove the AIS frame transmission level Syntax cfd ais level level...

Страница 2597: ...d to configure the AIS frame transmission period Use undo cfd ais period to remove the AIS frame transmission period Syntax cfd ais period period value service instance instance id undo cfd ais period...

Страница 2598: ...k link status global Related commands cfd ais track link status level cfd ais track link status period cfd ais track link status vlan cfd ais track link status level Use cfd ais track link status leve...

Страница 2599: ...link status period Use cfd ais track link status period to configure the EAIS frame transmission period Use undo cfd ais track link status period to restore the default Syntax cfd ais track link statu...

Страница 2600: ...terface view Layer 2 aggregate interface view Predefined user roles network admin Parameters vlan vlan list Specifies the VLANs where the EAIS frames can be transmitted The vlan list argument specifie...

Страница 2601: ...ameters service instance instance id Specifies a service instance by its ID in the range of 1 to 32767 mep mep id Specifies a MEP by its ID in the range of 1 to 8191 Usage guidelines Follow these guid...

Страница 2602: ...is 1 to 7 If you set the value to 1 or 2 the continuity check might work incorrectly due to hardware restrictions service instance instance id Specifies a service instance by its ID in the range of 1...

Страница 2603: ...range for the number argument is 2 to 10 and the default is 5 Usage guidelines The one way DM function measures the one way frame delay between the source and target MEPs by using 1DM frames To view t...

Страница 2604: ...The default value is 1 Usage guidelines The two way DM function measures the two way frame delay between the source and target MEPs by using DMM frames and DMR frames Examples Enable the two way DM f...

Страница 2605: ...twork admin Parameters service instance instance id Specifies a service instance by its ID in the range of 1 to 32767 mep mep id Specifies the source MEP by its ID in the range of 1 to 8191 target mac...

Страница 2606: ...n IEEE 802 1ag of CFD is used Hit The current device is the destination device FDB The forwarding device found the destination MAC address MPDB The destination MAC address is not found or the destinat...

Страница 2607: ...number number Views Any view Predefined user roles network admin Parameters service instance instance id Specifies a service instance by its ID in the range of 1 to 32767 mep mep id Specifies the sou...

Страница 2608: ...from the MP with the MAC address 0010 FC00 6512 sequence number Sequence number in the LBR messages Time 5ms The interval between the sending of LBMs and receiving of LBRs is 5 milliseconds Sent Numbe...

Страница 2609: ...y the MEP Usage guidelines An MD name must be in compliant with the specifications in IEEE802 1ag 2007 You can create only one MD with a specific level MD cannot be created if you enter an invalid MD...

Страница 2610: ...p take effect only on the current member port If the MEP belongs to an MA that carries the VLAN attribute configurations on a member port of an aggregation group take effect only when the member port...

Страница 2611: ...5 ma id vlan based md test_md vlan 100 Sysname cfd meplist 9 to 15 service instance 5 Related commands cfd md cfd service instance cfd mip rule Use cfd mip rule to configure the rules for generating...

Страница 2612: ...ma name argument is a string of 1 to 13 characters integer ma num Specifies that an MA is identified by an integer where the ma num argument is in the range of 0 to 65535 string ma name Specifies that...

Страница 2613: ...tribute You must create the relevant MD before creating a service instance with the MD name Deleting a service instance also deletes the configurations related to that service instance Deleting a serv...

Страница 2614: ...Reply from 0010 fc00 6512 Far end frame loss 10 Near end frame loss 20 Reply from 0010 fc00 6512 Far end frame loss 40 Near end frame loss 40 Reply from 0010 fc00 6512 Far end frame loss 0 Near end f...

Страница 2615: ...TST frame The value range for the length argument is 4 to 1400 in bytes The default value is 64 pattern of test all zero prbs with crc Specifies the pattern of the Test TLV in the TST frame all zero...

Страница 2616: ...isplay cfd ais Service instance 5 AIS level 4 AIS period 1s MEP ID 1 AIS condition yes Time to enter the condition 2013 01 22 10 43 57 AIS state machine Previous state NO_RECEIVE Current state RECEIVE...

Страница 2617: ...es are received display cfd ais track link status Use display cfd ais track link status to display the configuration and information of the AIS associated with the port status Syntax display cfd ais t...

Страница 2618: ...here the EAIS frames can be transmitted AIS condition EAIS frame sending status yes EAIS frames are being sent no No EAIS frame is being sent Time to enter the condition Time when the EAIS frame sendi...

Страница 2619: ...3ms Service instance 2 No MEP exists in the service instance Service instance 3 MEP ID 1023 Sent 1DM total number 5 Received 1DM total number 10 Frame delay 20ms 9ms 8ms 7ms 1ms 5ms 13ms 17ms 9ms 10ms...

Страница 2620: ...LTR information for all MEPs Usage guidelines This command displays only information about LTRs received by execution of the cfd linktrace command Examples Display the LTR information saved on all the...

Страница 2621: ...redefined user roles network admin network operator Parameters size size value Specifies the times of recent auto detections in the range of 1 to 100 If you do not specify this option the command disp...

Страница 2622: ...ard version IEEE 802 1ag of CFD is used Hit The current device is the destination device FDB The forwarding device found the destination MAC address MPDB The destination MAC address is not found or th...

Страница 2623: ...ttribute and operating information for a MEP Syntax display cfd mep mep id service instance instance id Views Any view Predefined user roles network admin network operator Parameters mep mep id Specif...

Страница 2624: ...n mdtest1 Maintenance association matest1 MEP ID 6 Sequence Number 0x63A MAC Address 0011 2233 4401 Received Time 2013 03 06 13 01 34 Some other MEPs are transmitting the RDI bit Table 12 Command outp...

Страница 2625: ...ceiveOutOrderLBR Number of LBRs received out of order Linktrace Information related to linktrace NextSeqNumber Sequence number of the next LTM to be sent SendLTR Number of LTRs sent If the MEP is inwa...

Страница 2626: ...id Views Any view Predefined user roles network admin network operator Parameters service instance instance id Specifies a service instance by its ID in the range of 1 to 32767 If you do not specify t...

Страница 2627: ...in index 2 Maintenance association ma_1 Maintenance association index 2 MEP ID 100 Level 0 Service instance 100 Direction Outbound Maintenance domain md_0 Maintenance domain index 1 Maintenance associ...

Страница 2628: ...the remote MEP device If this field is not supported a hyphen is displayed State Running state of the remote MEP OK FAILED Time Time when the remote MEP entered the FAILED or OK state for the last tim...

Страница 2629: ...tEthernet1 0 1 Service instance 6 Maintenance domain Without ID Maintenance domain index 6 Maintenance association ma_6 Maintenance association index 6 Level 6 VLAN 6 MIP rule NONE CCM interval 1s Dir...

Страница 2630: ...display cfd tst to display the TST result Syntax display cfd tst service instance instance id mep mep id Views Any view Predefined user roles network admin network operator Parameters service instance...

Страница 2631: ...e 3 MEP ID 1023 Sent TST total number 5 Received TST total number 0 Table 16 Command output Field Description Service instance Service instance of the MEP Sent TST total number Number of sent TST fram...

Страница 2632: ...mmands cfd dm one way display cfd dm one way history reset cfd tst Use reset cfd tst to clear the TST result Syntax reset cfd tst service instance instance id mep mep id Views User view Predefined use...

Страница 2633: ...lay dldp statistics 3 dldp authentication mode 4 dldp authentication password 5 dldp delaydown timer 6 dldp enable 6 dldp global enable 7 dldp interval 8 dldp port unidirectional shutdown 8 dldp unidi...

Страница 2634: ...interval 5s DLDP authentication mode Simple DLDP authentication password DLDP unidirectional shutdown mode Auto DLDP delaydown timer value 1s Number of enabled ports 2 Interface GigabitEthernet1 0 1...

Страница 2635: ...ectional links are detected DLDP port unidirectional shutdown mode Port shutdown mode for the interface auto manual or hybrid after unidirectional links are detected If no port shutdown mode is config...

Страница 2636: ...nterface number Specifies an interface by its type and number If you do not specify this option the command displays DLDP packet statistics for all interfaces Examples Display DLDP packet statistics f...

Страница 2637: ...tion mode is none Views System view Predefined user roles network admin Parameters md5 Specifies the MD5 authentication mode none Specifies not to perform authentication simple Specifies the plaintext...

Страница 2638: ...n encrypted form string Specifies the password Its plaintext form is a case sensitive string of 1 to 16 characters Its encrypted form is a case sensitive string of 1 to 53 characters Usage guidelines...

Страница 2639: ...e range of 1 to 5 seconds Usage guidelines The DelayDown timer configured by using this command applies to all DLDP enabled ports Examples Set the DelayDown timer to 2 seconds Sysname system view Sysn...

Страница 2640: ...e expires DLDP blocks the port Examples Enable DLDP globally and enable DLDP on GigabitEthernet 1 0 1 and set a delay time of 100 seconds for DLDP to block the port upon an Initial to Unidirectional s...

Страница 2641: ...nes This command applies to all DLDP enabled ports To enable DLDP to operate correctly make sure the intervals for sending Advertisement packets configured on the two ends of a link are the same Examp...

Страница 2642: ...tdown command to bring up the port If the link becomes bidirectional the port becomes bidirectional Usage guidelines If DLDP detects a unidirectional link you must troubleshoot the interface and cabli...

Страница 2643: ...omes bidirectional Usage guidelines If DLDP detects a unidirectional link you must troubleshoot the interface and cabling faults The global port shutdown mode setting takes effect on all interfaces an...

Страница 2644: ...isplay rrpp ring group 3 display rrpp statistics 4 display rrpp verbose 7 domain ring 9 linkup delay timer 10 protected vlan 11 reset rrpp statistics 12 ring 12 ring enable 14 rrpp domain 15 rrpp enab...

Страница 2645: ...he secondary control VLAN ID For the control VLAN configuration to succeed make sure the IDs of the two control VLANs are consecutive and have not been assigned yet Do not configure the default VLAN o...

Страница 2646: ...port status 1 1 M GE1 0 1 GE1 0 2 Yes Domain ID 2 Control VLAN Primary 10 Secondary 11 Protected VLAN Reference instance 0 to 2 4 Hello timer 1 sec Fail timer 3 sec Linkup Delay timer 1 sec Ring Ring...

Страница 2647: ...occurs The port is not configured on the ring The port is a member of a link aggregation group Secondary Edge port This field displays secondary ports when the node mode is master node or transit node...

Страница 2648: ...ing 1 in RRPP domain 1 display rrpp statistics Use display rrpp statistics to display RRPPDU statistics Syntax display rrpp statistics domain domain id ring ring id Views Any view Predefined user role...

Страница 2649: ...16879 Ring ID 2 Ring level 1 Node mode Edge Active status No Common port GE1 0 3 Direct Hello Link Common Complete Edge Major Total down flush FDB flush FDB hello fault Out 0 0 0 0 0 0 0 In 0 0 0 0 0...

Страница 2650: ...r of a link aggregation group Edge port The edge port field means the node mode is edge node or assistant edge node A hyphen appears when one of the following cases occurs The port is not configured o...

Страница 2651: ...domain Examples Display detailed information for all rings in RRPP domain 2 Sysname display rrpp verbose domain 2 Domain ID 2 Control VLAN Primary 10 Secondary 11 Protected VLAN Reference instance 3...

Страница 2652: ...nknown The RRPP domain is disabled Possible states on a transit node or edge node LinkUp All ports on the node are up LinkDown At least one port on the node is down PreForward A port on the node is bl...

Страница 2653: ...rs when one of the following cases occurs The port is not configured on the ring The port is a member of a link aggregation group Edge port The edge port field means the node mode is edge node or assi...

Страница 2654: ...de first and then on the assistant edge node When you deactivate rings in a ring group deactivate them on the assistant edge node first and then on the edge node If you do not follow these guidelines...

Страница 2655: ...tected vlan Use protected vlan to configure the protected VLANs for an RRPP domain Use undo protected vlan to remove the protected VLANs from an RRPP domain Syntax protected vlan reference instance in...

Страница 2656: ...iguration Layer 2 LAN Switching Command Reference rrpp domain reset rrpp statistics Use reset rrpp statistics to clear RRPPDU statistics Syntax reset rrpp statistics domain domain id ring ring id View...

Страница 2657: ...he edge port for the node Usage guidelines The ID of an RRPP ring in a domain must be unique When an RRPP ring is activated you cannot configure its RRPP ports When you configure the edge node and the...

Страница 2658: ...0 1 secondary port gigabitethernet 1 0 2 level 0 Sysname rrpp domain1 ring 20 node mode edge edge port gigabitethernet 1 0 3 Related commands ring enable ring enable Use ring enable to enable an RRPP...

Страница 2659: ...RRPP domains exist Views System view Predefined user roles network admin Parameters domain id Specifies an RRPP domain by its ID in the range of 1 to 128 Usage guidelines When you delete an RRPP doma...

Страница 2660: ...tax rrpp ring group ring group id undo rrpp ring group ring group id Default No RRPP ring groups exist Views System view Predefined user roles network admin Parameters ring group id Specifies an RRPP...

Страница 2661: ...ates notifications when multiple master nodes are configured for the RRPP ring ring fail Generates notifications when the state of the RRPP ring changes from Health to Disconnect ring recover Generate...

Страница 2662: ...r roles network admin Parameters hello timer hello value Specifies the Hello timer in the range of 1 to 10 seconds fail timer fail value Specifies the Fail timer in the range of 3 to 30 seconds Usage...

Страница 2663: ...nable 7 erps ring 8 erps switch 8 erps tcn propagation 9 instance 10 instance enable 10 node role 11 port erps track 12 port0 12 port1 13 protected vlan 14 r aps level 15 r aps ring mac 15 reset erps...

Страница 2664: ...ecifies the control VLAN by its ID in the range of 2 to 4094 Usage guidelines The control VLAN must be a VLAN that has not been created on the device Examples Configure VLAN 100 as the control VLAN fo...

Страница 2665: ...abled Globally enabled Disabled Globally disabled Ring ERPS ring ID Instance ERPS instance ID NodeRole Node type Owner Neighbor Interconnection Normal NodeState Node state Idle The ERPS ring enters th...

Страница 2666: ...d Views Any view Predefined user roles network admin network operator Parameters ring ring id Specifies an ERPS ring by its ID in the range of 1 to 255 instance instance id Specifies an ERPS instance...

Страница 2667: ...r Node state Idle Connect ring instance 1 2 2 3 Control VLAN 100 Protected VLAN Reference instance 0 to 2 Guard timer 500 ms Hold off timer 1 sec WTR timer 5 min Revertive operation Non revertive Enab...

Страница 2668: ...anual switching mode FS Forced switching mode Pending Transient mode between any two states ERPS is disabled for the ERPS instance or disabled globally Connect ring instance Ring or instance associate...

Страница 2669: ...Parameters ring ring id Specifies an ERPS ring by its ID in the range of 1 to 255 instance instance id Specifies an ERPS instance by its ID in the range of 1 to 64 If you do not specify this option th...

Страница 2670: ...ring id Specifies an ERPS ring by its ID in the range of 1 to 255 instance instance id Specifies an ERPS instance by its ID in the range of 1 to 64 Usage guidelines After you configure this command th...

Страница 2671: ...erps ring ring id Default No ERPS rings exist Views System view Predefined user roles network admin Parameters ring ring id Specifies an ERPS ring by its ID in the range of 1 to 255 Usage guideline T...

Страница 2672: ...ching mode for port 1 of instance 1 on ERPS ring 1 Sysname system view Sysname erps switch force ring 1 instance 1 port0 erps tcn propagation Use erps tcn propagation to enable flush packet transparen...

Страница 2673: ...You can create multiple instances for an ERPS ring Each instance has its own protected VLAN control VLAN and RPL owner Each instance maintains its own state machine and data You can locate an ERPS in...

Страница 2674: ...de role owner neighbor rpl interconnection port0 port1 undo node role Default An ERPS node is a normal node Views ERPS instance view Predefined user roles network admin Parameters owner Configures the...

Страница 2675: ...ack entry by its ID in the range of 1 to 1024 For more information about specifying the track entry ID see the track cfd command in Track commands Usage guidelines An ERPS ring member port collaborate...

Страница 2676: ...rnet interface or a Layer 2 aggregate interface by its type and number Examples Specify GigabitEthernet 1 0 1 as the first member port for ERPS ring 1 Sysname system view Sysname erps ring 1 Sysname e...

Страница 2677: ...e id list Specifies a space separated list of up to 10 MSTI items Each item specifies an MSTI or a range of MSTIs in the form of instance id1 to instance id2 The value for instance id2 must be greater...

Страница 2678: ...xamples Configure the R APS packet level as 1 for instance 1 of ERPS ring 1 Sysname system view Sysname erps ring 1 Sysname erps ring1 instance 1 Sysname erps ring1 inst1 r aps level 1 r aps ring mac...

Страница 2679: ...RPS ring Examples Clear packet statistics for instance 1 of ERPS ring 1 Sysname reset erps statistics ring 1 instance 1 Related commands display erps statistics revertive operation Use revertive opera...

Страница 2680: ...ring 1 as a subring Sysname system view Sysname erps ring 1 Sysname erps ring1 ring type sub ring sub ring connect Use sub ring connect to associate the subring with an ERPS ring Use undo sub ring co...

Страница 2681: ...efault The guard timer is 500 milliseconds for an ERPS instance Views ERPS instance view Predefined user roles network admin Parameters guard value Specifies the guard timer in the range of 0 to 2000...

Страница 2682: ...report time and might impact the link recovery performance Examples Set the hold off timer to 300 milliseconds for instance 1 of ERPS ring 1 Sysname system view Sysname erps ring 1 Sysname erps ring1...

Страница 2683: ...20 Examples Set the WTR timer to 3 minutes for instance 1 of ERPS ring 1 Sysname system view Sysname erps ring 1 Sysname erps ring1 instance 1 Sysname erps ring1 inst1 timer wtr 3...

Страница 2684: ...link flush 1 display smart link group 1 flush enable 2 port 3 port smart link group 4 port smart link group track 5 preemption delay 7 preemption mode 7 protected vlan 8 reset smart link statistics 9...

Страница 2685: ...e200 8500 Control VLAN of the last flush packet 1 Table 1 Command output Field Description Received flush packets Total number of received flush messages Receiving interface of the last flush packet P...

Страница 2686: ...Field Description Preemption mode Preemption mode None Preemption disabled Role Role preemption mode Speed Speed preemption mode Preemption delay Preemption delay time in seconds Control VLAN Control...

Страница 2687: ...nd assign the smart link group member ports to the control VLAN The control VLAN of a smart link group must also be one of its protected VLANs Do not remove the control VLAN Otherwise flush messages c...

Страница 2688: ...p member configuration takes effect after the port leaves the aggregation group You can also assign a port to a smart link group by using the port smart link group command in interface view Examples C...

Страница 2689: ...k group view Examples Configure GigabitEthernet 1 0 1 as the primary port of smart link group 1 Sysname system view Sysname smart link group 1 Sysname smlk group1 protected vlan reference instance 0 S...

Страница 2690: ...t of smart link group 1 and the CC function of CFD through track entry 1 to detect the link status Sysname system view Sysname track 1 cfd cc service instance 100 mep 2 Sysname smart link group 1 Sysn...

Страница 2691: ...th the switchover of upstream devices The preemption delay configuration takes effect only after a preemption mode is configured Examples Enable role preemption and set the preemption delay to 10 seco...

Страница 2692: ...port speed If you do not specify the threshold threshold value option the primary port transitions to forwarding state when the primary port speed exceeds the secondary port speed Examples Configure...

Страница 2693: ...rotected vlan command removes configuration of VLANs mapped to the specified MSTIs If you do not specify the reference instance instance id list option the command removes configuration of all protect...

Страница 2694: ...s network admin Parameters control vlan vlan id list Specifies a space separated list of up to 10 control VLAN items Each item specifies a control VLAN ID or a range of control VLAN IDs in the form of...

Страница 2695: ...group id undo smart link group group id Default No smart link groups exist Views System view Predefined user roles network admin Parameters group id Specifies a smart link group ID The value range for...

Страница 2696: ...i Contents Monitor Link commands 1 display monitor link group 1 downlink up delay 2 monitor link disable 3 monitor link group 3 port 4 port monitor link group 5 uplink up port threshold 6...

Страница 2697: ...ies all monitor link groups Usage guidelines This command does not display information about ports that belong to a link aggregation group Examples Display information about all monitor link groups Sy...

Страница 2698: ...r interface is shut down by Monitor Link UP downlink up delay Use downlink up delay to set the switchover delay for the downlink interfaces in a monitor link group Use undo downlink up delay to restor...

Страница 2699: ...monitor link groups can operate only after you enable Monitor Link globally When you disable Monitor Link globally all monitor link groups cannot operate and the downlink interfaces brought down by t...

Страница 2700: ...an interface by its number downlink Specifies a downlink interface uplink Specifies an uplink interface Usage guidelines You can assign an interface to only one monitor link group You can also assign...

Страница 2701: ...rface uplink Specifies an uplink interface Usage guidelines You can assign an interface to only one monitor link group You can also assign an interface to a monitor link group by using the port comman...

Страница 2702: ...itchover in the range of 1 to 1024 Usage guidelines When the number of uplink interfaces in up state in a monitor link group is less than the specified threshold the monitor link group goes down and s...

Страница 2703: ...t mode 22 vrrp vrid priority 23 vrrp vrid shutdown 24 vrrp vrid source interface 25 vrrp vrid timer advertise 26 vrrp vrid track 27 vrrp vrid vrrpv3 send packet 29 IPv6 VRRP commands 30 display vrrp i...

Страница 2704: ...ot specify the verbose keyword the command displays brief IPv4 VRRP group information Usage guidelines If no interface or VRRP group is specified this command displays the states of all IPv4 VRRP grou...

Страница 2705: ...rent priority of the router When a track entry is associated with a VRRP group on the router the router s priority changes when the track entry s status changes Adver Timer VRRP advertisement sending...

Страница 2706: ...only after you configure the vrrp send gratuitous arp command Total number of virtual routers Total number of VRRP groups Interface Interface where the VRRP group is configured VRID Virtual router ID...

Страница 2707: ...field is displayed only after you configure the vrrp vrid name command Follow Name Name of the master VRRP group that the VRRP group follows This field is displayed only after you configure the vrrp...

Страница 2708: ...track entry is associated with a VRRP group on the router the router s priority changes when the track entry s status changes For a VF this field indicates the running priority of the VF When a track...

Страница 2709: ...der Weight Track Information Track Object 1 State Positive Weight Reduced 250 Interface Vlan interface2 VRID 11 Adver Timer 100 Admin Status Up State Backup Config Pri 80 Running Pri 80 Preempt Mode Y...

Страница 2710: ...t priority of the router When a track entry is associated with a VRRP group on the router the router s priority changes when the track entry s status changes Preempt Mode Preemptive mode Yes No Delay...

Страница 2711: ...state Virtual MAC Virtual MAC address of the VF Owner ID Real MAC address of the VF owner Priority VF priority in the range of 1 to 255 Active IP address of the interface where the AVF resides If the...

Страница 2712: ...d displays all master to subordinate IPv4 VRRP group bindings If you specify an interface but do not specify the virtual router ID of a master VRRP group this command displays all master to subordinat...

Страница 2713: ...group belongs VRID Virtual router ID of the subordinate VRRP group Related commands vrrp vrid follow vrrp vrid name display vrrp statistics Use display vrrp statistics to display statistics for IPv4 V...

Страница 2714: ...0 Global statistics CheckSum Errors 0 Version Errors 0 VRID Errors 0 Display statistics for all IPv4 VRRP groups when VRRP operates in load balancing mode Sysname display vrrp statistics Interface Vla...

Страница 2715: ...Number of times that the router has been elected as the master Priority Zero Pkts Rcvd Number of received advertisements with the router priority of 0 Adver Rcvd Number of received advertisements Prio...

Страница 2716: ...cvd Number of received requests Adver Sent Number of sent advertisements Request Sent Number of sent requests Reply Rcvd Number of received replies Release Rcvd Number of received release packets Repl...

Страница 2717: ...VRRP group are specified this command clears statistics for the specified IPv4 VRRP group on the specified interface Examples Clear statistics for all IPv4 VRRP groups on all interfaces Sysname reset...

Страница 2718: ...ttl enable undo vrrp check ttl enable Default TTL check for IPv4 VRRP packets is enabled Views Interface view Predefined user roles network admin Usage guidelines The master in an IPv4 VRRP group per...

Страница 2719: ...ue to 30 for VRRP packets Sysname system view Sysname vrrp dscp 30 vrrp mode Use vrrp mode to specify the operating mode for IPv4 VRRP Use undo vrrp mode to restore the default Syntax vrrp mode load b...

Страница 2720: ...rval interval undo vrrp send gratuitous arp Default Periodic sending of gratuitous ARP packets is disabled for IPv4 VRRP Views System view Predefined user roles network admin Parameters interval Speci...

Страница 2721: ...2 indicates VRRPv2 described in RFC 3768 and 3 indicates VRRPv3 described in RFC 5798 Usage guidelines The version of VRRP on all routers in an IPv4 VRRP group must be the same Examples Specify VRRPv2...

Страница 2722: ...rovided that other settings for example priority and preemption mode are available Such a VRRP group stays in inactive state and does not function The virtual IP address of an IPv4 VRRP group and the...

Страница 2723: ...the following authentication modes simple Simple text authentication The sender fills an authentication key into the VRRP packet and the receiver compares the received authentication key with its loca...

Страница 2724: ...d Specifies an IPv4 VRRP group by its virtual router ID The value range for the virtual router id argument is 1 to 255 name Specifies a master IPv4 VRRP group by its name a case sensitive string of 1...

Страница 2725: ...d configures an IPv4 VRRP group as a master group by assigning a master group name to it A VRRP group that follows the master group is a subordinate VRRP group The master VRRP group exchanges VRRP pac...

Страница 2726: ...nd backups In preemptive mode a backup sends VRRP advertisements when it detects that it has a higher priority than the master Then the backup takes over as the master and the previous master becomes...

Страница 2727: ...priority is more likely to become the master Priorities 1 to 254 are configurable Priority 0 is reserved for special uses and priority 255 is for the IP address owner The IP address owner in a VRRP gr...

Страница 2728: ...VRRP group resides to send and receive VRRP packets Use undo vrrp source interface to cancel the specified source interface Syntax vrrp vrid virtual router id source interface interface type interfac...

Страница 2729: ...v3 the configured value for the adver interval argument takes effect Usage guidelines The master in an IPv4 VRRP group periodically sends VRRP advertisements to declare its presence You can use this c...

Страница 2730: ...Enables the LVF on the router to take over the role of the AVF at the specified IP address immediately after the specified track entry changes to the Negative state The ip address argument specifies...

Страница 2731: ...r ip ip address option The weight reduced weight reduced option The weight reduced keyword The weight of a VF is 255 and its lower limit of failure is 10 When the weight of a VF owner is higher than o...

Страница 2732: ...he packet sending mode for IPv4 VRRPv3 takes effect only on outgoing VRRP packets A router configured with VRRPv3 can process incoming VRRPv2 and VRRPv3 packets If you set the packet sending mode for...

Страница 2733: ...mation Usage guidelines If no interface or VRRP group is specified this command displays the states of all IPv6 VRRP groups If only an interface is specified this command displays the states of all IP...

Страница 2734: ...ty changes when the track entry s status changes Adver Timer VRRP advertisement sending interval in centiseconds Auth Type Authentication type Only none is available which means no authentication is r...

Страница 2735: ...Adver Timer VRRP advertisement sending interval in centiseconds Admin Status Administrative status Up or Down State State of the router in the VRRP group Master The router is the master in the VRRP g...

Страница 2736: ...you configure the vrrp ipv6 vrid track command Track Object Track entry which is associated with the VRRP group State Track entry state Negative Positive NotReady Pri Reduced Value by which the prior...

Страница 2737: ...e state of the track entry changes Address For a VRRP group this field indicates the virtual IP address of the VRRP group For a VF this field indicates the virtual MAC address of the VF Active For a V...

Страница 2738: ...IP List FE80 3 Local Backup FE80 2 Master Master IP FE80 2 Forwarder Information 2 Forwarders 1 Active Config Weight 255 Running Weight 255 Forwarder 01 State Active Virtual MAC 000f e2ff 40b1 Learnt...

Страница 2739: ...n is required Virtual IP Virtual IP address list of the VRRP group Member IP List IP addresses of the member devices in the VRRP group Local IP address of the local router Master IP address of the mas...

Страница 2740: ...ly after you configure the vrrp ipv6 vrid track command State Track entry state Negative Positive NotReady Weight Reduced Value by which the weights of the VFs decrease when the state of the associate...

Страница 2741: ...ecified master VRRP group on the specified interface Examples Display master to subordinate IPv6 VRRP group bindings Sysname display vrrp ipv6 binding IPv6 virtual router binding information Total num...

Страница 2742: ...an interface by its type and number vrid virtual router id Specifies an IPv6 VRRP group by its virtual router ID The value range for the virtual router id argument is 1 to 255 Usage guidelines If no i...

Страница 2743: ...Priority Zero Pkts Rcvd 1 Adver Sent 16373 Priority Zero Pkts Sent 49 Request Rcvd 2 Reply Rcvd 10 Request Sent 12 Reply Sent 2 Release Rcvd 0 VF Priority Zero Pkts Rcvd 1 Release Sent 0 VF Priority...

Страница 2744: ...otal number of packets with version errors VRID Errors Total number of packets with VRID errors Table 14 Command output in load balancing mode Field Description Interface Interface where the VRRP grou...

Страница 2745: ...router priority of 0 VF Priority Zero Pkts Sent Number of sent advertisements with the VF priority of 0 Packet Option Errors Number of packet option errors Global statistics Global statistics for all...

Страница 2746: ...se vrrp ipv6 dscp to set a DSCP value for IPv6 VRRP packets Use undo vrrp ipv6 dscp to restore the default Syntax vrrp ipv6 dscp dscp value undo vrrp ipv6 dscp Default The DSCP value for IPv6 VRRP pac...

Страница 2747: ...ysname system view Sysname vrrp ipv6 mode load balance Related commands display vrrp ipv6 vrrp ipv6 send nd Use vrrp ipv6 send nd to enable periodic sending of ND packets for IPv6 VRRP Use undo vrrp i...

Страница 2748: ...up or to remove a virtual IPv6 address from an IPv6 VRRP group Syntax vrrp ipv6 vrid virtual router id virtual ip virtual address link local undo vrrp ipv6 vrid virtual router id virtual ip virtual ad...

Страница 2749: ...nfigure an IPv6 VRRP group to follow a master group Use undo vrrp ipv6 vrid follow to remove the configuration Syntax vrrp ipv6 vrid virtual router id follow name undo vrrp ipv6 vrid virtual router id...

Страница 2750: ...e virtual router id argument is 1 to 255 name Specifies a master IPv6 VRRP group name a case sensitive string of 1 to 20 characters Usage guidelines This command configures an IPv6 VRRP group as a mas...

Страница 2751: ...e master as long as it operates correctly even if a backup is assigned a higher priority later The non preemptive mode helps avoid frequent switchover between the master and backups In preemptive mode...

Страница 2752: ...role master or backup of each router in a VRRP group by priority A router with a higher priority is more likely to become the master Priorities 1 to 254 are configurable Priority 0 is reserved for spe...

Страница 2753: ...s VRRP advertisements Use undo vrrp ipv6 vrid timer advertise to restore the default Syntax vrrp ipv6 vrid virtual router id timer advertise adver interval undo vrrp ipv6 vrid virtual router id timer...

Страница 2754: ...an IPv6 VRRP group or the VFs in an IPv6 VRRP group with a track entry Use undo vrrp ipv6 vrid track to remove the association between an IPv6 VRRP group or the VFs in an IPv6 VRRP group and a track...

Страница 2755: ...erface and assign a virtual IPv6 address to the IPv6 VRRP group You can create a track entry by using the track command before or after you associate it with an IPv6 VRRP group or the VFs in an IPv6 V...

Страница 2756: ...es to Negative Sysname system view Sysname interface vlan interface 2 Sysname Vlan interface2 vrrp ipv6 vrid 1 track 1 forwarder switchover member ip 1 3 Associate the VFs of IPv6 VRRP group 1 on VLAN...

Страница 2757: ...bfd echo source ip 7 bfd echo source ipv6 8 bfd min echo receive interval 9 bfd min receive interval 9 bfd min transmit interval 10 bfd multi hop authentication mode 11 bfd multi hop destination port...

Страница 2758: ...eticulous MD5 algorithm hmac msha1 Specifies the HMAC Meticulous SHA1 algorithm hmac sha1 Specifies the HMAC SHA1 algorithm m md5 Specifies the Meticulous MD5 algorithm m sha1 Specifies the Meticulous...

Страница 2759: ...r end is operating in Demand mode both ends stop sending BFD control packets When the connectivity to another system needs to be verified explicitly a system sends several BFD control packets with the...

Страница 2760: ...to DOWN BFD This behavior helps applications relying on the link layer protocol state achieve fast convergence The source IP address of control packets is specified manually and the destination IP ad...

Страница 2761: ...etect interface first fail timer seconds undo bfd detect interface first fail timer Default The first BFD session establishment failure is not reported to the data link layer Views Interface view Pred...

Страница 2762: ...his keyword the device sets the BFD session state to Down but does not notify the session down event to the data link layer authentication change Immediately sets the session to down state upon a loca...

Страница 2763: ...es the maximum number of concurrent BFD packets including control packets and echo packets that can be discarded Table 1 Actual detection interval calculation method Mode Actual detection interval of...

Страница 2764: ...e same time To enable only the echo packet receiving capability use the bfd echo receive enable command To enable only the echo packet sending capability use the bfd echo send enable command If you do...

Страница 2765: ...o source ip 8 8 8 8 bfd echo source ipv6 Use bfd echo source ipv6 to configure the source IPv6 address of BFD echo packets Use undo bfd echo source ipv6 to remove the configured source IPv6 address of...

Страница 2766: ...takes 0 or is in the range of 100 to 1000 Usage guidelines This command sets the BFD echo packet receiving interval which is the actual BFD echo packet sending interval The local end stops sending ec...

Страница 2767: ...tween the following values Minimum interval for transmitting BFD control packets on the peer end Minimum interval for receiving BFD control packets on the local end Examples Set the minimum interval f...

Страница 2768: ...ysname Vlan interface11 bfd min transmit interval 500 bfd multi hop authentication mode Use bfd multi hop authentication mode to configure the authentication mode for multihop BFD control packets Use...

Страница 2769: ...1 and key to 123456 Sysname system view Sysname bfd multi hop authentication mode simple 1 plain 123456 bfd multi hop destination port Use bfd multi hop destination port to configure the destination p...

Страница 2770: ...time multiplier of the receiver MAX minimum receiving interval supported by the sender minimum sending interval supported by the receiver Control packet mode BFD session in demand mode Detection time...

Страница 2771: ...smitting multihop BFD control packets Use undo bfd multi hop min transmit interval to restore the default Syntax bfd multi hop min transmit interval interval undo bfd multi hop min transmit interval D...

Страница 2772: ...t actively transmit a BFD control packet to the remote end it transmits a BFD control packet only after receiving a BFD control packet from the remote end Usage guidelines A minimum of one end must op...

Страница 2773: ...ormation about all BFD sessions verbose Displays detailed BFD session information If this keyword is not specified the command displays brief BFD session information Examples Display brief information...

Страница 2774: ...detailed IPv6 BFD session information Sysname display bfd session verbose Total Session Num 1 Up Session Num 1 Init Mode Active IPv6 session working in control packet mode Local Discr 513 Remote Discr...

Страница 2775: ...r of packets sent Hold Time Holdtime Length of time before the session detection timer expires in milliseconds For a BFD session in Down state this field displays 0ms Auth mode Session authentication...

Страница 2776: ...ap enable bfd to disable SNMP notifications for BFD Syntax snmp agent trap enable bfd undo snmp agent trap enable bfd Default All SNMP notifications are enabled for BFD Views System view Predefined us...

Страница 2777: ...mmands 1 delay 1 display track 2 track bfd ctrl 5 track bfd echo 6 track cfd 7 track interface 8 track interface physical 9 track interface protocol 10 track ip route reachability 11 track lldp neighb...

Страница 2778: ...state has changed to Positive The positive time argument represents the positive state notification delay in the range of 1 to 300 seconds Usage guidelines If the Track module immediately notifies the...

Страница 2779: ...tive Specifies track entries in Positive state brief Displays brief information about track entries Examples Display information about all track entries Sysname display track all Track ID 1 State Posi...

Страница 2780: ...ck ID 6 State Positive Duration 0 days 0 hours 0 minutes 32 seconds Tracked object type Failover group Notification delay Positive 20 Negative 30 in seconds Tracked object LLDP interface Vlan interfac...

Страница 2781: ...ted with the track entry BFD session mode BFD session mode Outgoing interface Outgoing interface of BFD echo packets VPN instance name Name of the VPN instance to which BFD session packets belong If t...

Страница 2782: ...and all its settings Syntax track track entry number bfd ctrl interface interface type interface number vpn instance vpn instance name remote ip remote ip address local ip local ip address undo track...

Страница 2783: ...e BFD session Examples Associate track entry 1 with a control mode BFD session The BFD control packets use destination IP address 192 168 1 1 source IP address 192 168 1 2 and outgoing interface VLAN...

Страница 2784: ...al or remote address of a BFD session Examples Associate track entry 1 with an echo mode BFD session The BFD echo packets use destination IP address 1 1 1 1 source IP address 1 1 1 2 and outgoing inte...

Страница 2785: ...with the link state of an interface and enter Track view or enter the view of an existing track entry Use undo track to remove the track entry and all its settings Syntax track track entry number inte...

Страница 2786: ...sociated with the physical state of an interface and enter Track view or enter the view of an existing track entry Use undo track to remove the track entry and all its settings Syntax track track entr...

Страница 2787: ...terface by its type and number ipv4 Monitors the IPv4 protocol state When the IPv4 protocol state of an interface is up the state of the track object is Positive When the IPv4 protocol state of an int...

Страница 2788: ...redefined user roles network admin Parameters track entry number Specifies the track entry ID in the range of 1 to 1024 vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a ca...

Страница 2789: ...ailability status of an LLDP interface and enter Track view or enter the view of an existing track entry Use undo track to remove the track entry and all its settings Syntax track track entry number l...

Страница 2790: ...associated with the track entry The admin name argument specifies the name of the NQA operation administrator who creates the NQA operation and is a case insensitive string of 1 to 32 characters The...

Страница 2791: ...14 Sysname track 1 Related commands delay display track...

Страница 2792: ...E4300 IE4300 M IE4320 Industrial Switch Series Network Management and Monitoring Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 202...

Страница 2793: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 2794: ...you enter literally as shown Italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclo...

Страница 2795: ...s Convention Description Represents a generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such...

Страница 2796: ...ardware model configuration or software version It is normal that the port numbers sample output screenshots and other information in the examples differ from what you have on your device Documentatio...

Страница 2797: ...i Contents Ping tracert and system debugging commands 1 debugging 1 display debugging 2 ping 2 ping ipv6 5 tracert 7 tracert ipv6 10...

Страница 2798: ...by module To display the debugging options supported by a module use the debugging module name command all Specifies all modules Usage guidelines CAUTION Output of excessive debugging messages increa...

Страница 2799: ...source ip c count f h ttl i interface type interface number m interval n p pad q r s packet size t timeout tos tos v vpn instance vpn instance name host Views Any view Predefined user roles network ad...

Страница 2800: ...orded s packet size Specifies the length in bytes of ICMP echo requests excluding the IP packet header and the ICMP packet header The value range is 20 to 9600 and the default is 56 t timeout Specifie...

Страница 2801: ...of 1 1 2 2 is reachable Only results are displayed Sysname ping q 1 1 2 2 Ping 1 1 2 2 1 1 2 2 56 data bytes press CTRL_C to break Ping statistics for 1 1 2 2 5 packet s transmitted 5 packet s receiv...

Страница 2802: ...CMP echo requests sent 5 packet s received Number of ICMP echo replies received 0 0 packet loss Percentage of unacknowledged packets to the total packets sent round trip min avg max std dev 4 685 4 76...

Страница 2803: ...a case sensitive string of 1 to 31 characters If the destination is on the public network do not specify this option host Specifies the IPv6 address or host name of the destination The host name is a...

Страница 2804: ...cmp_seq 1 hlim 64 dst 2001 1 idx 3 time 62 000 ms Received ICMPv6 echo replies from the device whose IPv6 address is 2001 2 The number of data bytes is 56 The packet sequence is 1 The hop limit value...

Страница 2805: ...ult global Specifies the global routing table none Disables AS resolution vpn Specifies the VPN routing table w timeout Specifies the timeout time in milliseconds of the reply packet for a probe packe...

Страница 2806: ...to 1 1 3 2 1 1 3 2 30 hops at most 40 bytes each packet press CTRL_C to break 1 1 1 1 2 1 1 1 2 673 ms 425 ms 30 ms 2 1 1 2 2 1 1 2 2 580 ms 470 ms 80 ms 3 1 1 3 2 1 1 3 2 AS 65535 530 ms 472 ms 380...

Страница 2807: ...longs The vpn instance name argument represents the VPN instance name a case sensitive string of 1 to 31 characters If the destination is on the public network do not specify this option resolve as Sp...

Страница 2808: ...essage is displayed if the probe packet has a link local source address and a non link local destination address Such a packet cannot be delivered to the destination without leaving the scope of the s...

Страница 2809: ...2 including the following information about the second hop IPv6 address of the hop Number of the AS the hop belongs to The AS number appears only when it is found for the hop in the specified routing...

Страница 2810: ...e 38 next hop ip 38 next hop ipv6 39 no fragment enable 40 nqa 40 nqa agent enable 41 nqa schedule 41 nqa template 42 operation FTP operation view 43 operation HTTP HTTPS operation view 44 out interfa...

Страница 2811: ...ICMP echo UDP tracert operation view 67 source ip 68 source ipv6 69 source port 70 ssl client policy 71 statistics hold time 71 statistics interval 72 statistics max group 73 target only 73 tos 74 tt...

Страница 2812: ...s The evaluation of voice quality depends on users tolerance for voice quality For users with higher tolerance for voice quality use the advantage factor command to set an advantage factor When the sy...

Страница 2813: ...community name undo community read Default The SNMP operation uses the community name public Views SNMP operation view Predefined user roles network admin Parameters cipher Specifies a community name...

Страница 2814: ...sensitive string of 1 to 200 characters Usage guidelines If the payload length is smaller than the string length only the first part of the string is filled For example if you configure the string as...

Страница 2815: ...sname nqatplt tcp tcptplt data fill abcd data size Use data size to set the payload size for each probe packet Use undo data size to restore the default Syntax data size size undo data size Default Th...

Страница 2816: ...a admin test type icmp echo Sysname nqa admin test icmp echo data size 80 In ICMP template view set the payload size to 80 bytes for each probe packet Sysname system view Sysname nqa template icmp icm...

Страница 2817: ...Parameters host name Specifies the destination host name a case sensitive string of 1 to 254 characters The host name can contain letters digits hyphens underscores _ and dots but consecutive dots ar...

Страница 2818: ...pecify 10 1 1 1 as the destination IPv4 address for the ICMP echo operation Sysname system view Sysname nqa template icmp icmptplt Sysname nqatplt icmp icmptplt destination ip 10 1 1 1 destination ipv...

Страница 2819: ...operations The destination port numbers for the operations that use the following NQA templates are 53 for the DNS template 1812 for the RADIUS template No destination port number is configured for o...

Страница 2820: ...or statistics of the ICMP jitter path jitter UDP jitter and voice operations use the display nqa result or display nqa statistics command Examples Display the history records of the UDP tracert opera...

Страница 2821: ...cannot be completed in milliseconds Hop IP IP address of the node that sent the reply packet Status Status of the operation result Succeeded Unknown error Internal error Timeout Time Time when the op...

Страница 2822: ...ation consecutive 160 56 4 probe fail accumulate 12 0 5 probe fail consecutive 162 2 Table 3 Command output Field Description Index ID of a reaction entry Checked Element Monitored performance metric...

Страница 2823: ...tion starts Number of sent packets Number of packets with the one way delay exceeding the threshold packet loss accumulate Packets sent after the operation starts Number of sent packets Total packet l...

Страница 2824: ...results Send operation times 10 Receive response times 10 Min Max Average round trip time 1 2 1 Square Sum of round trip time 13 Last packet received time 2015 03 09 17 40 29 8 Extended results Packet...

Страница 2825: ...ve SD 18 Max positive DS 8 Positive SD number 5 Positive DS number 2 Positive SD sum 75 Positive DS sum 32 Positive SD average 15 Positive DS average 16 Positive SD square sum 1189 Positive DS square...

Страница 2826: ...ative SD sum 0 Negative DS sum 0 Negative SD average 0 Negative DS average 0 Negative SD square sum 0 Negative DS square sum 0 SD average 0 DS average 0 One way results Max SD delay 0 Max DS delay 0 M...

Страница 2827: ...ilures due to other errors 0 Packets out of sequence 0 Packets arrived late 0 Path Jitter Results Jitter number 9 Min Max Average jitter 0 0 0 Positive jitter number 0 Min Max Average positive jitter...

Страница 2828: ...timeout occurrences in an operation Failures due to disconnect Number of disconnections by the peer Failures due to no connection Number of failures to connect with the peer Failures due to internal e...

Страница 2829: ...ive DS number Number of negative jitters from destination to source Negative SD sum Sum of absolute values of negative jitters from source to destination Negative DS sum Sum of absolute values of nega...

Страница 2830: ...in milliseconds This field is available only for the path jitter operation Positive jitter number Number of positive jitter This field is available only for the path jitter operation Min Max Average...

Страница 2831: ...f a reaction entry is configured the command displays the monitoring results of the reaction entry in the period specified by the statistics internal command The result fields display hyphens in one o...

Страница 2832: ...8 Positive DS square sum 55 Min negative SD 1 Min negative DS 1 Max negative SD 1 Max negative DS 2 Negative SD number 24 Negative DS number 57 Negative SD sum 24 Negative DS sum 58 Negative SD averag...

Страница 2833: ...negative SD 10 Max negative DS 1 Negative SD number 81 Negative DS number 94 Negative SD sum 556 Negative DS sum 191 Negative SD average 6 Negative DS average 2 Negative SD square sum 4292 Negative DS...

Страница 2834: ...SD 9 Max negative DS 1 Negative SD number 4 Negative DS number 2 Negative SD sum 25 Negative DS sum 2 Negative SD average 6 Negative DS average 1 Negative SD square sum 187 Negative DS square sum 2 SD...

Страница 2835: ...er 0 0 Negative jitter number 0 Min Max Average negative jitter 0 0 0 Sum Square Sum negative jitter 0 0 Hop IP 192 168 50 209 Basic Results Send operation times 10 Receive response times 10 Min Max A...

Страница 2836: ...be times out ICMP jitter results ICMP jitter operation results This field is available only for the ICMP jitter operation UDP jitter results UDP jitter operation results This field is available only f...

Страница 2837: ...egative SD square sum Square sum of negative jitters from source to destination Negative DS square sum Square sum of negative jitters from destination to source SD average Average value of jitters fro...

Страница 2838: ...on results This field is available only for the path jitter operation Jitter number Number of jitters This field is available only for the path jitter operation Min Max Average jitter Minimum maximum...

Страница 2839: ...for ICMP jitter UDP jitter voice operations Monitored performance metric Threshold type Collect data in Checked Num Over threshold Num RTT accumulate Packets sent in the counting interval Number of se...

Страница 2840: ...is found again the NQA destination device is verified as illegal The NQA client does not perform the second round if no offset is specified It verifies the NQA destination as illegal directly if no ma...

Страница 2841: ...dnstplt expect ip 1 1 1 1 expect ipv6 Use expect ipv6 to specify the expected IPv6 address Use undo expect ipv6 to restore the default Syntax expect ipv6 ipv6 address undo expect ipv6 Default No expec...

Страница 2842: ...o 999 The value for the status num 2 argument must be equal to or greater than the value for the status num 1 argument Usage guidelines The status code of the HTTP or HTTPS packet is a three digit fie...

Страница 2843: ...at which the NQA operation repeats Use undo frequency to restore the default Syntax frequency interval undo frequency Default In NQA operation view the interval between two consecutive voice or path j...

Страница 2844: ...able Use history record enable to enable the saving of history records for the NQA operation Use undo history record enable to disable the saving of history records Syntax history record enable undo h...

Страница 2845: ...history records can be saved The value range is 1 to 1440 minutes Usage guidelines When an NQA operation completes the timer starts All records are removed when the lifetime is reached Examples Set t...

Страница 2846: ...entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo history record number 10 init ttl Use init ttl to set the TTL value for UDP packets in the start round of the U...

Страница 2847: ...ing Its plaintext form is a case sensitive string of 1 to 64 characters Its encrypted form is a case sensitive string of 1 to 117 characters Usage guidelines Make sure the NQA client and the RADIUS se...

Страница 2848: ...se max failure to set the maximum number of consecutive probe failures in a UDP tracert operation Use undo max failure to restore the default Syntax max failure times undo max failure Default A UDP tr...

Страница 2849: ...n request Examples Set the data transmission mode to passive for the FTP operation Sysname system view Sysname nqa entry admin test Sysname nqa admin test type ftp Sysname nqa admin test ftp mode pass...

Страница 2850: ...obe packets Use undo next hop ipv6 to restore the default Syntax next hop ipv6 ipv6 address undo next hop ipv6 Default No next hop IPv6 address is specified for probe packets Views ICMP echo operation...

Страница 2851: ...link Examples Enable the no fragmentation feature for the UDP tracert operation Sysname system view Sysname nqa entry admin test Sysname nqa admin test type udp tracert Sysname nqa admin test udp trac...

Страница 2852: ...to disable the NQA client and stop all operations being performed Syntax nqa agent enable undo nqa agent enable Default The NQA client is enabled Views System view Predefined user roles network admin...

Страница 2853: ...by using the undo nqa schedule command recurring Runs the operation automatically at the start time and for the specified duration If you do not specify this keyword the NQA operation is performed onl...

Страница 2854: ...RADIUS template ssl Specifies the SSL template tcp Specifies the TCP template tcphalfopen Specifies the TCP half open template udp Specifies the UDP template name Specifies the name of the NQA templat...

Страница 2855: ...r services for occupying much network bandwidth Examples Set the operation type to put for the FTP operation Sysname system view Sysname nqa entry admin test Sysname nqa admin test type ftp Sysname nq...

Страница 2856: ...view Sysname nqa entry admin test Sysname nqa admin test type http Sysname nqa admin test http operation raw In HTTP template view set the operation type to raw for the HTTP operation Sysname system v...

Страница 2857: ...o password is specified Views FTP HTTP operation view FTP HTTP HTTPS RADIUS template view Predefined user roles network admin Parameters cipher Specifies a password in encrypted form simple Specifies...

Страница 2858: ...peration view ICMP jitter UDP jitter operation view Predefined user roles network admin Parameters times Specifies the probe times For the UDP tracert operation this argument specifies the times of pr...

Страница 2859: ...itter operations Each of these operations performs only one probe Examples Configure the ICMP echo operation to perform 10 probes Sysname system view Sysname nqa entry admin test Sysname nqa admin tes...

Страница 2860: ...ICMP jitter UDP jitter and path jitter operations 10 to 60000 for the voice operation Examples Configure the UDP jitter probe to send 100 packets Sysname system view Sysname nqa entry admin test Sysna...

Страница 2861: ...o TCP UDP echo operation view DHCP DLSw DNS FTP HTTP SNMP operation view UDP tracert operation view Any NQA template view Predefined user roles network admin Parameters timeout Specifies the probe tim...

Страница 2862: ...you must enter raw request view and configure the request content to be sent to the HTTP or HTTPS server To ensure successful operations make sure the request content does not contain command aliases...

Страница 2863: ...violations in the operation The value range is 1 to 14999 for the ICMP jitter and UDP jitter operations and 1 to 59999 for the voice operation average Checks the average one way jitter threshold value...

Страница 2864: ...y is set to below threshold Once the state of the reaction entry changes a trap message is generated and sent to the NMS Sysname system view Sysname nqa entry admin test Sysname nqa admin test type ud...

Страница 2865: ...low threshold Once the state of the reaction entry changes a trap message is generated and sent to the NMS Sysname system view Sysname nqa entry admin test Sysname nqa admin test type udp jitter Sysna...

Страница 2866: ...e Sysname nqa admin test voice reaction 1 checked element icpif threshold value 50 5 action type trap only reaction checked element mos Use reaction checked element mos to configure a reaction entry f...

Страница 2867: ...action 1 checked element mos threshold value 200 100 action type trap only reaction checked element packet loss Use reaction checked element packet loss to configure a reaction entry for monitoring pa...

Страница 2868: ...reaction checked element probe duration to configure a reaction entry for monitoring the probe duration Use undo reaction to delete a reaction entry Syntax reaction item number checked element probe d...

Страница 2869: ...Create reaction entry 2 for monitoring the probe duration of ICMP echo operation and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds Before the NQA operation starts the in...

Страница 2870: ...what action to be triggered The default action is none none Specifies the action of displaying results on the terminal display trap only Specifies the action of displaying results on the terminal disp...

Страница 2871: ...em number checked element probe fail threshold type consecutive consecutive occurrences action type trigger only undo reaction item number Default No reaction entries for monitoring probe failures exi...

Страница 2872: ...cumulate occurrences Checks the total number of threshold violations Available value ranges include 1 to 15000 for the ICMP jitter and UDP jitter operations 1 to 60000 for the voice operation average...

Страница 2873: ...eration the packet round trip time is checked If the total number of threshold violations reaches or exceeds 100 the state of the entry is set to over threshold Otherwise the state of the entry is set...

Страница 2874: ...the test complete keyword The following parameters are not available for the UDP tracert operation The probe failure consecutive probe failures option The accumulate probe failures argument Examples C...

Страница 2875: ...lient notifies the feature of the operation failure when the number of consecutive probe failures reaches 3 Views Any NQA template view Predefined user roles network admin Parameters count Specifies t...

Страница 2876: ...ched the NQA client notifies the feature that uses the template of the successful operation event If you execute this command and the reaction trigger per probe command multiple times the most configu...

Страница 2877: ...1 as the domain name to be resolved Sysname system view Sysname nqa template dns dnstplt Sysname nqatplt dns dnstplt resolve target domain1 resolve type Use resolve type to configure the domain name r...

Страница 2878: ...ched Packets are sent to the destination on a directly connected network The TTL value in the probe packet is set to 1 The TTL set in the ttl command does not take effect This command does not take ef...

Страница 2879: ...ce VLAN interface 1 as the source IP address of ICMP echo request packets Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo source...

Страница 2880: ...on the most recent configuration takes effect Examples Specify 10 1 1 1 as the source IPv4 address for ICMP echo requests Sysname system view Sysname nqa entry admin test Sysname nqa admin test type i...

Страница 2881: ...CMP echo operation Sysname system view Sysname nqa entry admin test Sysname nqa admin test type icmp echo Sysname nqa admin test icmp echo source ipv6 1 1 In ICMP template view specify 1 1 as the sour...

Страница 2882: ...ssl client policy Default No SSL client policy is specified for an HTTPS or SSL template Views HTTPS SSL template view Predefined user roles network admin Parameters policy name Specifies an SSL clien...

Страница 2883: ...echo Sysname nqa admin test icmp echo statistics hold time 3 statistics interval Use statistics interval to set the statistics collection interval for an NQA operation Use undo statistics interval to...

Страница 2884: ...jitter path jitter UDP jitter voice operation view Predefined user roles network admin Parameters number Specifies the maximum number of statistics groups in the range of 0 to 100 To disable statistic...

Страница 2885: ...store the default Syntax tos value undo tos Default The ToS value in the IP header of probe packets is 0 Views Any operation view Any NQA template view Predefined user roles network admin Parameters v...

Страница 2886: ...1 to 255 Usage guidelines The route option bypass route command sets the TTL to 1 for probe packets If you configure both the route option bypass route and ttl commands for an operation the ttl comman...

Страница 2887: ...e SNMP operation type tcp Specifies the TCP operation type udp echo Specifies the UDP echo operation type udp jitter Specifies the UDP jitter operation type udp tracert Specifies the UDP tracert opera...

Страница 2888: ...c com for example Each label consists of 1 to 63 characters Consecutive dots and question marks are not allowed For description about the filename parameter see Fundamentals Configuration Guide HTTPS...

Страница 2889: ...em view Sysname nqa entry admin test Sysname nqa admin test type ftp Sysname nqa admin test ftp username administrator Set the FTP login username to administrator in FTP template view Sysname system v...

Страница 2890: ...TP SNMP operation view UDP tracert operation view ICMP jitter path jitter UDP jitter voice operation view Any NQA template view Predefined user roles network admin Parameters vpn instance name Specifi...

Страница 2891: ...s Whether the NQA server is enabled TCP connect Information about the TCP listening service on the NQA server UDP echo Information about the UDP listening service on the NQA server IP address IP addre...

Страница 2892: ...ntax nqa server enable undo nqa server enable Default The NQA server is disabled Views System view Predefined user roles network admin Examples Enable the NQA server Sysname system view Sysname nqa se...

Страница 2893: ...port number for a TCP listening service on the NQA server follow these restrictions and guidelines The IP address port number and VPN instance must be unique on the NQA server and match the configurat...

Страница 2894: ...ue the ToS value in the request packet is used Usage guidelines Use this command on the NQA server only for the UDP jitter UDP echo and voice operations When you configure the IP address and port numb...

Страница 2895: ...client 21 ntp service ipv6 multicast server 21 ntp service ipv6 source 22 ntp service ipv6 unicast peer 23 ntp service ipv6 unicast server 25 ntp service max dynamic sessions 27 ntp service multicast...

Страница 2896: ...ons Sysname display ntp service ipv6 sessions Notes 1 source master 2 source peer 3 selected 4 candidate 5 configured Source 125 3000 32 Reference 127 127 1 0 Clock stratum 2 Reachabilities 1 Poll int...

Страница 2897: ...time Length of time from when the last NTP message was received or when the local clock was last updated to the current time Time is in seconds by default If the time length is greater than 2048 seco...

Страница 2898: ...date reference source sane The clock source has passed authentication and its clock will be used as the reference clock insane The clock source has not passed authentication or it has passed authentic...

Страница 2899: ...64 seconds Offset Offset of the system clock relative to the reference clock in milliseconds roundtrip delay Roundtrip delay from the local device to the clock source in milliseconds dispersion Maximu...

Страница 2900: ...t or multicast server mode the display ntp service sessions command does not display the IPv4 NTP association information corresponding to the broadcast or multicast server However the associations ar...

Страница 2901: ...me Time is in seconds by default If the time length is greater than 2048 seconds it is displayed in minutes m If the time length is greater than 300 minutes it is displayed in hours h If the time leng...

Страница 2902: ...server of the current system selected The clock source has survived the clock selection algorithm candidate The clock source is the candidate reference source sane The clock source has passed authent...

Страница 2903: ...ue is 6 the poll interval of the local device is 2 6 or 64 seconds Offset Offset of the system clock relative to the reference clock in milliseconds roundtrip delay Roundtrip delay from the local devi...

Страница 2904: ...k admin network operator Examples Display NTP service status after time synchronization Sysname display ntp service status Clock status synchronized Clock stratum 2 System peer LOCAL 0 Local mode clie...

Страница 2905: ...IP address of the local clock For an IPv6 NTP server The field represents the MD5 digest of the first 32 bits of the IPv6 address of the remote server when the local device is synchronized to a remote...

Страница 2906: ...erver from the source interface make sure the source interface and the NTP servers from the local device to the primary NTP server are reachable to each other Examples Display brief information about...

Страница 2907: ...query Allows only NTP control queries from a peer device to the local device server Allows time requests and NTP control queries from a peer device but does not allow the local device to synchronize...

Страница 2908: ...ervice authentication keyid ntp service reliable authentication keyid ntp service authentication enable Use ntp service authentication enable to enable NTP authentication Use undo ntp service authenti...

Страница 2909: ...will be stored in encrypted form string Specifies a case sensitive authentication key Its plaintext form is a string of 1 to 32 characters Its encrypted form is a string of 1 to 73 characters acl ipv...

Страница 2910: ...mples Set a plaintext MD5 authentication key with the key ID of 10 and key value of BetterKey Sysname system view Sysname ntp service authentication enable Sysname ntp service authentication keyid 10...

Страница 2911: ...e used for sending broadcast messages to broadcast clients The value range for the keyid argument is 1 to 4294967295 If you do not specify this option the local device cannot synchronize broadcast cli...

Страница 2912: ...DSCP value in the range of 0 to 63 for IPv4 NTP packets Usage guidelines The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority Examples Set the DSCP value for...

Страница 2913: ...ponding subnet You do not want the device to be synchronized by the peer device in the subnet corresponding to the interface Examples Disable VLAN interface 1 from receiving NTP messages Sysname syste...

Страница 2914: ...ronization and query If no right is matched the peer device does not have access to the IPv6 NTP service on the local device and the device cannot synchronize the time with the peer device If the spec...

Страница 2915: ...se undo ntp service ipv6 inbound enable to disable an interface from receiving IPv6 NTP messages Syntax ntp service ipv6 inbound enable undo ntp service ipv6 inbound enable Default An interface receiv...

Страница 2916: ...ized based on the received IPv6 NTP messages If you have configured the device to operate in IPv6 multicast client mode on an interface by using the command do not add the interface to any aggregate g...

Страница 2917: ...the device to operate in IPv6 multicast server mode on an interface with the command do not add the interface to any aggregate group To add the interface to an aggregate group remove the configuratio...

Страница 2918: ...as the source interface for IPv6 NTP messages In NTP symmetric active passive mode if you have specified the source interface for IPv6 NTP messages in the ntp service ipv6 unicast peer command the sp...

Страница 2919: ...is 2 6 64 seconds priority Specifies the peer specified by ipv6 address or peer name as the first choice under the same condition source interface type interface number Specifies the source interface...

Страница 2920: ...ntp service ipv6 unicast server to remove an IPv6 NTP server specified for the device Syntax ntp service ipv6 unicast server server name ipv6 address vpn instance vpn instance name authentication keyi...

Страница 2921: ...not specify an interface the device automatically selects the source IPv6 address of IPv6 NTP messages For more information see RFC 3484 Usage guidelines When you specify an IPv6 NTP server for the d...

Страница 2922: ...eated by using an NTP command A dynamic association is a temporary association created by the system during operation This command limits the number of dynamic NTP associations and prevents dynamic NT...

Страница 2923: ...erface vlan interface 1 Sysname Vlan interface1 ntp service multicast client 224 0 1 1 Related commands ntp service multicast server ntp service multicast server Use ntp service multicast server to co...

Страница 2924: ...on Set the NTP version to 4 Sysname system view Sysname interface vlan interface 1 Sysname Vlan interface1 ntp service multicast server 224 0 1 1 version 4 authentication keyid 4 Related commands ntp...

Страница 2925: ...ey as a trusted key Use undo ntp service reliable authentication keyid to remove the configuration Syntax ntp service reliable authentication keyid keyid undo ntp service reliable authentication keyid...

Страница 2926: ...4 address of the specified source interface as the source address to send NTP messages The receiving device uses this address as the destination address of the NTP response message ip address Specifie...

Страница 2927: ...s time to the server and outputs a log and a trap when the time offset exceeds 128 ms for multiple times After you set the thresholds the system synchronizes the client s time to the server when the t...

Страница 2928: ...base 2 is raised to get the interval in seconds The minimum polling interval is in the range of 2 4 to 2 17 16 to 131072 seconds The default value for the minpoll interval argument is 6 and the defaul...

Страница 2929: ...service unicast server to remove an NTP server specified for the device Syntax ntp service unicast server server name ip address vpn instance vpn instance name authentication keyid keyid maxpoll maxp...

Страница 2930: ...ce IP address of the NTP messages version number Specifies the NTP version The value range for the number argument is 1 to 4 The default value is 4 Usage guidelines When you specify an NTP server for...

Страница 2931: ...t Field Description SNTP server SNTP server NTP server If this field displays the IPv6 address of the NTP server has not been resolved successfully Stratum Stratum level of the NTP server which determ...

Страница 2932: ...vel 16 is not synchronized Version SNTP version Last receive time Time when the last message was received Synced means the local clock is synchronized to the NTP server sntp authentication enable Use...

Страница 2933: ...sha 384 Specifies the HMAC SHA 384 algorithm hmac sha 512 Specifies the HMAC SHA 512 algorithm md5 Specifies the MD5 algorithm cipher Specifies an authentication key in encrypted form simple Specifies...

Страница 2934: ...server and client After you configure an SNTP authentication key use the sntp reliable authentication keyid command to set it as a trusted key The key automatically changes to untrusted after you dele...

Страница 2935: ...ey ID to be used for sending NTP messages to the NTP server The value range for the keyid argument is 1 to 4294967295 If you do not specify this option the local device and NTP server do not authentic...

Страница 2936: ...ed key Use undo sntp reliable authentication keyid to remove the trusted key Syntax sntp reliable authentication keyid keyid undo sntp reliable authentication keyid keyid Default No trusted key is spe...

Страница 2937: ...threshold Specifies the SNTP time offset threshold for trap output The value range for the trap threshold argument is 128 to 60000 in milliseconds Usage guidelines By default the system synchronizes t...

Страница 2938: ...the local device and NTP server do not authenticate each other source interface type interface number Specifies the source interface for NTP messages In an NTP message the local device sends to the N...

Страница 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...

Страница 2940: ...oe profile 12 display poe profile interface 14 poe ai enable 14 poe detection mode 15 poe enable 16 poe fast on enable 16 poe force power 17 poe high inrush enable 18 poe legacy enable interface view...

Страница 2941: ...profile name Specifies a PoE profile by its name a case sensitive string of 1 to 15 characters Examples Apply the PoE profile named forIPphone to GigabitEthernet 1 0 1 Sysname system view Sysname int...

Страница 2942: ...profile is applied Examples Apply the PoE profile named forIPphone to GigabitEthernet 1 0 1 Sysname system view Sysname apply poe profile name forIPphone interface gigabitethernet 1 0 1 Apply the PoE...

Страница 2943: ...display poe interface to display power supplying information for PIs Syntax display poe interface interface type interface number Views Any view Predefined user roles network admin network operator Pa...

Страница 2944: ...equires more power than the configured power IEEE Class PD power class by which the PI supplies power to the PD If the PI does not support supplying power to the PD this field displays a hyphen Detect...

Страница 2945: ...0 0 Off 0 Disabled GE1 0 11 Disabled Low 0 0 Off 0 Disabled GE1 0 12 Disabled Low 0 0 Off 0 Disabled GE1 0 13 Disabled Low 0 0 Off 0 Disabled GE1 0 14 Disabled Low 0 0 Off 0 Disabled GE1 0 15 Disabled...

Страница 2946: ...The PI is undergoing a test Other fault A fault has caused the PSE to enter the idle status PD disconnected The PD is disconnected On State Ports Number of PIs that are supplying power Used Power con...

Страница 2947: ...0 14 0 0 0 0 30 0 GE1 0 15 0 0 0 0 30 0 GE1 0 16 0 0 0 0 30 0 GE1 0 17 0 0 0 0 30 0 GE1 0 18 0 0 0 0 30 0 GE1 0 19 0 0 0 0 30 0 GE1 0 20 0 0 0 0 30 0 GE1 0 21 0 0 0 0 30 0 GE1 0 22 0 0 0 0 30 0 GE1 0...

Страница 2948: ...displays detailed information about all PSEs Examples Display detailed PSE information Sysname display poe pse PSE ID 4 Slot No 1 PSE Model LSPPSE48A PSE Status Enabled Power Priority Low Current Powe...

Страница 2949: ...SE Maximum guaranteed power of the PSE Total maximum power of all critical PIs of the PSE PSE CPLD Version PSE CPLD version number PSE Software Version PSE software version number PSE Hardware Version...

Страница 2950: ...Disabled GE1 0 11 Disabled Low 0 0 Off 0 Disabled GE1 0 12 Disabled Low 0 0 Off 0 Disabled GE1 0 13 Disabled Low 0 0 Off 0 Disabled GE1 0 14 Disabled Low 0 0 Off 0 Disabled GE1 0 15 Disabled Low 0 0...

Страница 2951: ...PD Delivering Power The PI is supplying power to the PD Fault A fault occurred during the test Test The PI is undergoing a test Other Fault A fault has caused the PSE to enter the idle status PD Disco...

Страница 2952: ...0 0 30 0 GE1 0 23 0 0 0 0 30 0 GE1 0 24 0 0 0 0 30 0 On State Ports 0 Used 0 0 W Remaining 600 0 W Table 7 Command output Field Description Interface Interface name of a PI Current Current power of a...

Страница 2953: ...3 GE1 0 4 forAP 2 2 GE1 0 5 poe enable GE1 0 6 poe max power 14000 Total PoE profiles 2 total ports 6 Display information about the PoE profile with index number 1 Sysname display poe profile index 1...

Страница 2954: ...iguration field displays the configurations that have taken effect For the descriptions of other fields see Table 8 poe ai enable Use poe ai enable to enable AI driven PoE Use undo ai poe enable to di...

Страница 2955: ...orrectly connected to the device without causing short circuit simple Enables the device to supply power to PDs that comply with basic requirements of 802 3af or 802 3at strict Enables the device to s...

Страница 2956: ...profile has been applied to a PI remove the application before configuring the PI in PoE profile view If a PI has been configured remove the configuration before configuring the PI in PI view Examples...

Страница 2957: ...d Examples Enable fast PoE for PSE 4 Sysname system view Sysname poe fast on enable pse 4 Related commands display poe pse poe force power Use poe force power to enable forced PoE power supply Use und...

Страница 2958: ...inrush enable pse pse id undo poe high inrush enable pse pse id Default Inrush currents drawn by PDs are not allowed Views System view Predefined user roles network admin Parameters pse pse id Specifi...

Страница 2959: ...interface view the configuration in system view takes effect As a best practice for disabling nonstandard PD detection for all PIs successfully in one operation disable this feature in both system vi...

Страница 2960: ...E 4 to detect nonstandard PDs Sysname system view Sysname poe legacy enable pse 4 Related commands display poe pse poe legacy enable interface view poe max power interface view Use poe max power to se...

Страница 2961: ...nnects to a PI Views PI view Predefined user roles network admin Parameters text Configures a description for the PD connected to the PI a case sensitive string of 1 to 80 characters Examples Configur...

Страница 2962: ...fined user roles network admin Parameters critical Sets the power supply priority to critical The PI with critical power priority operates in guaranteed mode Power is first supplied to the PD connecte...

Страница 2963: ...ndo poe reset enable Default PI power cycling upon a system warm reboot is disabled Views System view Predefined user roles network admin Usage guidelines During the system warm reboot process upon ex...

Страница 2964: ...wer classes 0 to 3 and provides a maximum power of 12 95 W 802 3at Adds class 4 in addition to the four power classes defined by 802 3af and provides a maximum power of 25 5 W 802 3bt Adds classes 5 t...

Страница 2965: ...eting it You can use the refresh mode in most cases Full mode Deletes the current PSE firmware and reloads a new one Use the full mode if the PSE firmware is damaged and you cannot execute any PoE com...

Страница 2966: ...name a case sensitive string of 1 to 15 characters A PoE configuration file name begins with a letter and must not contain reserved keywords including undo all name interface user poe disable max pow...

Страница 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...

Страница 2968: ...culate password 19 snmp agent community 21 snmp agent community map 24 snmp agent configuration examine interval 24 snmp agent context 25 snmp agent group 26 snmp agent local engineid 28 snmp agent lo...

Страница 2969: ...edefined user roles network admin network operator Parameters read Specifies SNMP read only communities write Specifies SNMP read and write communities Usage guidelines This command is not available i...

Страница 2970: ...y name ACL Number of the ACL This field appears only when an ACL is specified for the SNMPv1 or SNMPv2c community ACL name Name of the ACL This field appears only when an ACL is specified for the SNMP...

Страница 2971: ...SNMP contexts Sysname display snmp agent context testcontext Related commands snmp agent context display snmp agent group Use display snmp agent group to display information about SNMP groups Syntax d...

Страница 2972: ...send notifications only for the nodes in the notify MIB view Storage type Storage type including volatile nonvolatile permanent readOnly and other For more information see Table 1 ACL Number of the I...

Страница 2973: ...ed MIB node information including node name last octet of an OID string and name of the next leaf node index node Specifies SNMP MIB tables and node names and OIDs of MIB index nodes trap node Specifi...

Страница 2974: ...1xPaeSystemAuthControl iso8802 8802 dot1xPaeSystemAuthControl ieee802dot1 1 dot1xPaeSystemAuthControl ieee802dot1mibs 1 dot1xPaeSystemAuthControl Table 4 Command output Field Description std MIB node...

Страница 2975: ...0 8802 1 1 2 1 2 4 Name lldpStatsRemTablesAgeouts OID 1 0 8802 1 1 2 1 2 5 Table 6 Command output Field Description Name MIB notification node name OID MIB notification node OID Trap Object Name and...

Страница 2976: ...2 A 32 bit integer with no mathematical sign Gauge A non negative integer that might increase or decrease Gauge32 A 32 bit non negative integer that might increase or decrease Counter A non negative i...

Страница 2977: ...rk operator Parameters exclude Displays the subtrees excluded from any MIB view include Displays the subtrees included in any MIB view viewname view name Displays information about the specified MIB v...

Страница 2978: ...by the MIB view Subtree mask MIB subtree mask Storage type Type of the medium see Table 1 where the subtree view is stored View Type Access privilege for the MIB subtree in the MIB view Included All o...

Страница 2979: ...n SNMP domain If you do not specify a remote SNMP entity this command displays the engine IDs of all remote SNMP entities Examples Display engine IDs of all remote SNMP entities Sysname display snmp a...

Страница 2980: ...rocessed 0 alternate Response Class PDUs dropped silently 0 forwarded Confirmed Class PDUs dropped silently Table 10 Command output Field Description messages delivered to the SNMP entity Number of me...

Страница 2981: ...processed Trap PDUs accepted and processed Number of notifications that have been received and processed alternate Response Class PDUs dropped silently Number of dropped response packets forwarded Co...

Страница 2982: ...e configuration and usage status Sysname display snmp agent trap queue Queue size 100 Message number 6 Related commands snmp agent trap life snmp agent trap queue size display snmp agent trap list Use...

Страница 2983: ...information Syntax display snmp agent usm user engineid engineid group group name username user name Views Any view Predefined user roles network admin network operator Parameters engineid engineid Sp...

Страница 2984: ...Role name snmprole network operator Engine ID 800063A280000002BB0001 Storage type nonVolatile UserStatus active Table 11 Command output Field Description Username SNMP username Group name SNMP group...

Страница 2985: ...n an interface Syntax enable snmp trap updown undo enable snmp trap updown Default Link state notifications are enabled Views Interface view Predefined user roles network admin Usage guidelines For an...

Страница 2986: ...the display udp verbose command If you disable the SNMP agent the SNMP settings do not take effect The display current configuration command does not display the SNMP settings The SNMP settings will n...

Страница 2987: ...not been created and will take effect only after a valid IP address is assigned to the specified interface Examples Configure the primary IP address of GigabitEthernet 1 0 1 as the source address of...

Страница 2988: ...form for the encryption key by using the AES256 encryption algorithm and the HMAC SHA1 authentication algorithm md5 Calculates the encrypted form for the authentication key or encryption key by using...

Страница 2989: ...ity name user role role name acl ipv4 acl number name ipv4 acl name acl ipv6 ipv6 acl number name ipv6 acl name undo snmp agent community cipher community name Default No SNMPv1 or SNMPv2c communities...

Страница 2990: ...mands of the SNMP feature or this command An SNMP community is identified by a community name It contains a set of NMSs and SNMP agents Devices in an SNMP community authenticate each other by using th...

Страница 2991: ...t community read simple readaccess Create the read and write community with the plaintext form name writeaccess so only the SNMPv2c NMS at 1 1 1 1 can use the community name writeaccess to read or set...

Страница 2992: ...haracters context name Specifies an SNMP context a case sensitive string of 1 to 32 characters Usage guidelines This command enables a module on an agent to obtain the context mapped to a community na...

Страница 2993: ...MP notification You can use this command to modify the examination interval Examples Set the intervals at which the SNMP module examines the system configuration for changes to 600 seconds sysname sys...

Страница 2994: ...v3 snmp agent group v3 group name authentication privacy notify view view name read view view name write view view name acl ipv4 acl number name ipv4 acl name acl ipv6 ipv6 acl number name ipv6 acl na...

Страница 2995: ...ive string of 1 to 63 characters acl ipv6 Specifies a basic or advanced IPv6 ACL for the group ipv6 acl number Specifies a basic or advanced IPv6 ACL by its number The basic IPv6 ACL number is in the...

Страница 2996: ...cified ACL does not contain any rule all NMSs can access the device If a VPN instance is specified in an ACL rule the rule applies only to the packets of the VPN instance If no VPN instance is specifi...

Страница 2997: ...or example you can set the engine ID for device 1 on the first floor of building A to 000Af0010001 and device 2 to 000Af0010002 Examples Set the local SNMP engine ID to 123456789A Sysname system view...

Страница 2998: ...cluded view name oid tree mask mask value undo snmp agent mib view view name Default The system creates the ViewDefault view when the SNMP agent is enabled In this default MIB view all MIB objects in...

Страница 2999: ...agent community read public mib view mibtest An SNMPv1 NMS in the public community can query the objects in the mib 2 subtree but not any object for example the sysDescr or sysObjectID node in the sys...

Страница 3000: ...er roles network admin Parameters dscp value Sets the DSCP value for SNMP responses in the range of 0 to 63 A greater DSCP value represents a higher priority Usage guidelines The DSCP value is encapsu...

Страница 3001: ...nt remote Use snmp agent remote to set an SNMP engine ID for a remote SNMP entity Use undo snmp agent remote to delete the SNMP engine ID of a remote SNMP entity Syntax snmp agent remote ipv4 address...

Страница 3002: ...nmp agent sys info contact to restore the default contact Syntax snmp agent sys info contact sys contact undo snmp agent sys info contact Default The system contact is New H3C Technologies Co Ltd View...

Страница 3003: ...on as Room524 row1 3 Sysname system view Sysname snmp agent sys info location Room524 row1 3 Related commands display snmp agent sys info snmp agent sys info version Use snmp agent sys info version to...

Страница 3004: ...ng v2c v3 authentication privacy snmp agent target host trap address udp domain ipv4 target host ipv6 ipv6 target host udp port port number dscp dscp value vpn instance vpn instance name params securi...

Страница 3005: ...apsulated in the ToS field of an IP packet It specifies the priority level of the packet and affects the transmission priority of the packet A greater DSCP value represents a higher priority The defau...

Страница 3006: ...linkup warmstart system undo snmp agent trap enable configuration protocol standard authentication coldstart linkdown linkup warmstart system Default SNMP configuration notifications standard notific...

Страница 3007: ...ified this command or its undo form enables or disables all SNMP notifications supported by the device Examples Enable the SNMP agent to send SNMP authentication failure notifications Sysname system v...

Страница 3008: ...stem view Predefined user roles network admin Parameters seconds Sets a lifetime in the range of 1 to 2592000 in seconds Usage guidelines When congestion occurs the SNMP agent buffers notifications in...

Страница 3009: ...eue size size undo snmp agent trap queue size Default The SNMP notification queue can store a maximum of 100 notifications Views System view Predefined user roles network admin Parameters size Specifi...

Страница 3010: ...itive string of 1 to 32 characters The group can be one that has been created or not The user takes effect only after you create the group acl Specifies a basic or advanced IPv4 ACL for the user ipv4...

Страница 3011: ...s specified in an ACL rule the rule applies only to the packets of the VPN instance If no VPN instance is specified in an ACL rule the rule applies only to the packets on the public network If you spe...

Страница 3012: ...ode snmp agent usm user v3 user name user role role name remote ipv4 address ipv6 ipv6 address vpn instance vpn instance name cipher simple authentication mode md5 sha auth password privacy mode 3des...

Страница 3013: ...e sensitive string of 1 to 31 characters If the target host belongs to the public network do not specify this option cipher Specifies an authentication key and an encryption key in encrypted form The...

Страница 3014: ...even number of hexadecimal characters All zero and all F strings are invalid The even number is in the range of 10 to 64 If you change the local engine ID the existing SNMPv3 users and keys become in...

Страница 3015: ...ACL can access the device For more information about ACL see ACL and QoS Configuration Guide Examples In VACM mode Add user testUser to SNMPv3 group testGroup and enable authentication for the group S...

Страница 3016: ...ysname system view Sysname snmp agent usm user v3 testUser user role network operator simple authentication mode sha 123456TESTplat For an NMS to have read only access to all MIB objects make sure the...

Страница 3017: ...es You can assign a maximum of 64 user roles to an SNMPv3 user An SNMPv3 user must have a minimum of one user role Examples Assign the user role network admin to the SNMPv3 user testUser Sysname syste...

Страница 3018: ...s 1 display rmon alarm 1 display rmon event 2 display rmon eventlog 3 display rmon history 5 display rmon prialarm 7 display rmon statistics 8 rmon alarm 10 rmon event 12 rmon history 13 rmon prialarm...

Страница 3019: ...4 1 etherStatsOctets 1 Sampling interval in seconds 10 Rising threshold 50 associated with event 1 Falling threshold 5 associated with event 2 Alarm sent upon entry startup risingOrFallingAlarm Lates...

Страница 3020: ...t to display information about RMON event entries Syntax display rmon event entry number Views Any view Predefined user roles network admin network operator Parameters entry number Specifies an event...

Страница 3021: ...cription Community SNMP community name for the RMON event Take the action action when triggered Actions that the system takes when the event is triggered none Takes no action log Logs the event trap S...

Страница 3022: ...28s uptime Description The alarm formula defined in prialarmEntry 777 uprise 17000000 with alarm value 17077846 Alarm sample type is absolute This example shows that the event log table has four recor...

Страница 3023: ...es of Ethernet statistics for Ethernet interfaces To collect history samples for an Ethernet interface you must first create a history control entry on the interface To configure the number of history...

Страница 3024: ...tistic is the number of times that a drop condition occurred It is not necessarily the total number of dropped packets octets Total number of octets received during the sampling interval packets Total...

Страница 3025: ...y index in the range of 1 to 65535 If you do not specify an entry the command displays all private alarm entries Examples Display information about all RMON private alarm entries Sysname display rmon...

Страница 3026: ...Description of the alarm Sampling interval Interval in seconds at which data is sampled Rising threshold Alarm rising threshold Falling threshold Alarm falling threshold associated with event Event in...

Страница 3027: ...sions 0 etherStatsDropEvents insufficient resources 0 Incoming packets by size 64 0 65 127 0 128 255 0 256 511 0 512 1023 0 1024 1518 0 Table 6 Command output Field Description EtherStatsEntry entry n...

Страница 3028: ...tistic is the number of times that a drop condition occurred It is not necessarily the total number of dropped packets Incoming packets by size Incoming packet statistics by packet length 64 Number of...

Страница 3029: ...tes a falling alarm rising falling Generates a rising or falling alarm rising threshold threshold value1 event entry1 Sets the rising threshold The threshold value1 argument represents the rising thre...

Страница 3030: ...igabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 rmon statistics 1 Sysname GigabitEthernet1 0 1 quit Sysname rmon alarm 1 1 3 6 1 2 1 16 1 1 1 4 1 10 absolute rising threshold 5000 1 falling threshol...

Страница 3031: ...bout SNMP notifications see Network Management and Monitoring Configuration Guide Usage guidelines You can create a maximum of 60 event entries You can associate an event entry with a standard or priv...

Страница 3032: ...erface has a history control entry RMON periodically samples packet statistics on the interface and stores the samples to the history table When the bucket size for the history control entry is reache...

Страница 3033: ...reshold threshold value1 event entry1 Sets the rising threshold The threshold value1 argument represents the rising threshold in the range of 2147483648 to 2147483647 The event entry1 argument represe...

Страница 3034: ...1 is the OID of the object instance etherStatsPkts 1 Sysname system view Sysname rmon event 1 log Sysname rmon event 2 none Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 rmon st...

Страница 3035: ...sts number of bytes received and number of packets received The statistics are cleared at a reboot To display the RMON statistics table use the display rmon statistics command The index of an RMON sta...

Страница 3036: ...ds 1 netconf capability specific namespace 1 netconf idle timeout 1 netconf log 2 netconf soap acl 4 netconf soap domain 5 netconf soap dscp 5 netconf soap enable 6 netconf ssh server enable 7 netconf...

Страница 3037: ...le specific namespaces The common namespace is incompatible with module specific namespaces To set up a NETCONF session the device and the client must use the same type of namespaces By default the co...

Страница 3038: ...o disable the timeout feature set this argument to 0 Usage guidelines If no NETCONF packets are exchanged on a NETCONF session within the NETCONF session idle timeout time the device tears down the se...

Страница 3039: ...error information about failed edit config operations Usage guidelines If you specify the protocol operation keyword the device logs each of the matching operation and the operation result For exampl...

Страница 3040: ...ONF over SOAP over HTTP access https Applies an IPv4 ACL to control NETCONF over SOAP over HTTPS access name ipv4 acl name Specifies an IPv4 ACL by its name The acl name argument is a case insensitive...

Страница 3041: ...n authentication domain Execute the netconf soap domain command to specify a mandatory authentication domain After this command is executed all NETCONF users are placed in the domain for authenticatio...

Страница 3042: ...ge guidelines The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet Examples Set the DSCP value to 30 for outgoing NETCONF over...

Страница 3043: ...ned user roles network admin Usage guidelines This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem Then you can directly use XML messages to perform NETCONF operations wi...

Страница 3044: ...CONF over SSH session requests Sysname system view Sysname netconf ssh server port 800 xml Use xml to enter XML view Syntax xml Views User view Predefined user roles network admin network operator Usa...

Страница 3045: ...iew the NETCONF message should not contain the shortcut key string If the NETCONF message contains the shortcut key string relevant configurations in XML view might be affected For example in user lin...

Страница 3046: ...username 5 cwmp cpe connect interface 6 cwmp cpe connect retry 6 cwmp cpe inform interval 7 cwmp cpe inform interval enable 8 cwmp cpe inform time 8 cwmp cpe password 9 cwmp cpe provision code 10 cwm...

Страница 3047: ...Syntax cwmp acs default password cipher simple string undo cwmp acs default password Default No password is configured for authentication to the default ACS URL Views CWMP view Predefined user roles...

Страница 3048: ...undo cwmp acs default url to restore the default Syntax cwmp acs default url url undo cwmp acs default url Default No default ACS URL is specified Views CWMP view Predefined user roles network admin P...

Страница 3049: ...or authentication to the default ACS URL If you execute this command multiple times the most recent configuration takes effect For a successful connection make sure the CPE has the same username and p...

Страница 3050: ...le times the most recent configuration takes effect For a successful connection make sure the CPE has the same username and password settings as the ACS Examples Configure the password used for authen...

Страница 3051: ...to configure the username for authentication to the preferred ACS URL Use undo cwmp acs username to restore the default Syntax cwmp acs username username undo cwmp acs username Default No username is...

Страница 3052: ...cts the CWMP connection interface automatically If the CWMP connection interface is not the interface that connects the CPE to the ACS the CPE fails to establish a CWMP connection with the ACS For exa...

Страница 3053: ...e upper limit Examples Set the maximum number of CWMP connection retries to 5 Sysname system view Sysname cwmp Sysname cwmp cwmp cpe connect retry 5 cwmp cpe inform interval Use cwmp cpe inform interv...

Страница 3054: ...w Predefined user roles network admin Usage guidelines If this command is configured the CPE sends Inform messages regularly to establish a CWMP session with the ACS To set the periodic Inform interva...

Страница 3055: ...work admin Parameters cipher Specifies a password in encrypted form simple Specifies a password in plaintext form For security purposes the password specified in plaintext form will be stored in encry...

Страница 3056: ...he full stop Usage guidelines The ACS can use the provision code to identify services assigned to each CPE For correct configuration deployment make sure the same provision code is configured on the C...

Страница 3057: ...an open NAT binding a public IP address and port binding through which the ACS can send unsolicited packets The CPE sends the binding to the ACS when it initiates a connection to the ACS For the conne...

Страница 3058: ...wait timer for the CPE to close an idle connection Use undo cwmp cpe wait timeout to restore the default Syntax cwmp cpe wait timeout seconds undo cwmp cpe wait timeout Default The close wait timer i...

Страница 3059: ...ork admin Usage guidelines CWMP configuration takes effect only after CWMP is enabled Examples Enable CWMP Sysname system view Sysname cwmp Sysname cwmp cwmp enable Related commands cwmp display cwmp...

Страница 3060: ...URL Periodic inform Status of the periodic Inform feature Enabled or Disabled Inform interval Periodic Inform interval The default interval is 600 seconds Inform time Date and time at which an Inform...

Страница 3061: ...tion attempt This field displays Null if no ACS URL was available ACS information source Source from which the CPE obtained the ACS URL User ACS URL assigned by using the cwmp acs url command or by AC...

Страница 3062: ...client policy to restore the default Syntax ssl client policy policy name undo ssl client policy Default No SSL client policy is specified for CWMP Views CWMP view Predefined user roles network admin...

Страница 3063: ...nvironment 4 display rtm policy 5 event cli 7 event hotplug 8 event interface 9 event process 11 event snmp oid 12 event snmp notification 13 event syslog 14 event track 17 rtm cli policy 18 rtm envir...

Страница 3064: ...to a policy you must make sure the execution order is correct If two actions have the same ID the most recent one takes effect To execute a command in a view other than user view you must define acti...

Страница 3065: ...oot actions You can configure a series of actions to be executed in response to the event specified in a monitor policy EAA executes the actions in ascending order of action IDs When you add actions t...

Страница 3066: ...t to perform an active standby switchover Sysname system view Sysname rtm cli policy test Sysname rtm test action 3 switchover action syslog Use action syslog to add a Syslog action to a monitor polic...

Страница 3067: ...Configure an action for the CLI defined policy test to send a log message hello with a severity of 7 from the facility device local3 Sysname system view Sysname rtm cli policy test Sysname rtm test a...

Страница 3068: ...a user defined EAA environment variable name of more than 30 characters use the display current configuration command Value Value of the user defined EAA environment variable This field displays a max...

Страница 3069: ...ication Syslog and track TimeActive Time when the monitor policy was triggered PolicyName Name of the monitor policy Display brief information about all created monitor policies Sysname display rtm po...

Страница 3070: ...i async skip sync mode execute help tab pattern regular exp undo event Default No CLI event is configured Views CLI defined policy view Predefined user roles network admin Parameters async skip Enable...

Страница 3071: ...m to execute the actions in the policy and display the complete parameter when Tab is pressed at a policy matching command line Sysname system view Sysname rtm cli policy test Sysname rmt test event c...

Страница 3072: ...interface to configure an interface event for a CLI defined monitor policy Use undo event to delete the event in a CLI defined monitor policy Syntax event interface interface list monitor obj monitor...

Страница 3073: ...ut drops Number of discarded outgoing packets during the sampling interval output errors Number of outgoing error packets during the sampling interval rcv bps Receive rate in bps during the sampling i...

Страница 3074: ...when the statistic exceeds 1000 for the first time Enable EAA to re execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50 Sysname system view Sysname rtm...

Страница 3075: ...event Examples Configure a CLI defined policy to monitor all instances of the process snmpd for restart events Sysname system view Sysname rtm cli policy test Sysname rtm test event process restart n...

Страница 3076: ...monitored MIB variable s value crosses the start threshold in the following situations The monitored variable s value crosses the start threshold for the first time The monitored variable s value cro...

Страница 3077: ...n If you do not specify this keyword the system sends the notification Usage guidelines Use SNMP Notification event monitor policies to monitor variables in SNMP notifications EAA executes an SNMP Not...

Страница 3078: ...nitor policies to monitor log messages EAA executes a Syslog event monitor policy when the number of matching logs over an interval reaches the limit NOTE EAA does not count log messages generated by...

Страница 3079: ...b n Matches the preceding character n times or more The number n must be a nonnegative integer o 2 matches foooood but not Bob n m Matches the preceding character n to m times or more The numbers n an...

Страница 3080: ...ser roles network admin Parameters track list Specifies a space separated list of up to 16 track items Each item specifies a track entry number or a range of track entry numbers in the form of track e...

Страница 3081: ...an existing CLI defined EAA monitor policy Use undo rtm cli policy to delete a CLI defined monitor policy Syntax rtm cli policy policy name undo rtm cli policy policy name Default No CLI defined moni...

Страница 3082: ...ent_time Time when the event occurs _event_severity Severity level of an event CLI _cmd Commands that are matched Syslog _syslog_pattern Log message content Hotplug _slot ID of the member device that...

Страница 3083: ...vent syslog buffer size Default The size of the EAA monitored log buffer is 50000 Views System view Predefined user roles network admin Parameters buffer size Specifies the size for the EAA monitored...

Страница 3084: ...ute the policies even if the trigger conditions are met This command does not suspend a running monitor policy until all its actions are executed Examples Suspend monitor policies Sysname system view...

Страница 3085: ...defined policy and a Tcl defined policy However you cannot assign the same name to policies that are the same type Examples Create a Tcl policy and bind it to a Tcl script file Sysname system view Sy...

Страница 3086: ...ource EAA does not perform the action and all the subsequent actions For example a monitor policy has four actions numbered from 1 to 4 The policy has user roles that are required for performing actio...

Страница 3087: ...ocess memory 24 display process memory heap 25 display process memory heap address 27 display process memory heap size 28 exception filepath 29 monitor kernel deadloop action 29 monitor kernel deadloo...

Страница 3088: ...e is 1 slot slot number Specifies an IRF member device by its ID If you do not specify this option the command displays context information for process exceptions on the IRF master device cpu cpu numb...

Страница 3089: ...i 0x0000000000000003 rbp 0x00007fff88a5dcf0 rsp 0x00007fff88a5dcf0 r8 0x00007fae7ea587e0 r9 0x0000000000000079 r10 0xffffffffffffffff r11 0x0000000000000246 r12 0x0000000000405b18 r13 0x00007fff88a5ff...

Страница 3090: ...t grp00 0x00000000000000ee 0x00000fffffd04840 grp02 0x00000fff80425c28 0x0000000000000004 grp04 0x00000fffffd048c0 0x000000000000000a grp06 0xffffffffffffffff 0x00000fff803c66b4 grp08 0x000000008002d0...

Страница 3091: ...2010 cause 0x00800020 pc 0x2af2faf4 Display the exception context information on the MIPS based 64 bit terminal Sysname display exception context Index 1 of 1 Crashed PID 270 routed Crash signal SIGBU...

Страница 3092: ...RAP Trap message SIGXCPU CPU usage limit exceeded SIGXFSZ File size limit exceeded SIGUNKNOW Unknown reason Crash time Time when the crash occurred Core file path Directory where the core dump file is...

Страница 3093: ...o not specify this option the command displays kernel thread deadloop information for the master device cpu cpu number Specifies a CPU by its number Examples Display brief information about the most r...

Страница 3094: ...g r29 Val 0x00000000 Reg r30 Val 0x0000002c Reg r31 Val 0x00000000 Reg cr Val 0x84000028 Reg nip Val 0x057d9550 Reg xer Val 0x00000000 Reg lr Val 0x0186eff0 Reg ctr Val 0x682f7344 Reg msr Val 0x00784b...

Страница 3095: ...00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0 0xe2be6080 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70 0xe2be6090 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44 Call trace Function Address 0x801...

Страница 3096: ...e kernel thread deadloop was detected ffffffff indicates an illegitimate instruction code No information to display No kernel thread deadloop information Related commands reset kernel deadloop display...

Страница 3097: ...lay kernel exception Use display kernel exception to display kernel thread exception information Syntax display kernel exception show number offset verbose slot slot number cpu cpu number Views Any vi...

Страница 3098: ...1 Cpu 0 VCPU ID 0 Kernel module info module name mrpnc module address 0xe332a000 module name 12500 module address 0xe00bd000 Last 5 thread switches migration 0 11 16 00 823018 swapper 11 16 00 833018...

Страница 3099: ...0 00 00 08 0xe2be5f60 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00 0xe2be5f70 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0 0xe2be5f80 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00 0xe2be5f90 0...

Страница 3100: ...display in the range of 1 to 20 offset Specifies the offset between the starting reboot and the most recent reboot in the range of 0 to 19 The default value is 0 verbose Displays detailed information...

Страница 3101: ...5 b4 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5ee0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5ef0 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be5f00 a0 e1 64 21 00 00 00 00 00 00...

Страница 3102: ...Field Description Recorded at Time when the reboot was recorded with microsecond precision Occurred at Time when the reboot occurred with microsecond precision Reason Reboot reason Thread Name and num...

Страница 3103: ...information for the master device cpu cpu number Specifies a CPU by its number Examples Display brief information about the most recent kernel thread starvation Sysname display kernel starvation 1 St...

Страница 3104: ...8 Val 0x0000002c Reg r29 Val 0x00000000 Reg r30 Val 0x0000002c Reg r31 Val 0x00000000 Reg cr Val 0x84000028 Reg nip Val 0x057d9550 Reg xer Val 0x00000000 Reg lr Val 0x0186eff0 Reg ctr Val 0x682f7344 R...

Страница 3105: ...0 00 04 02 21 00 00 00 00 00 00 01 e9 00 00 0xe2be6060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0xe2be6070 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0 0xe2be6080 02 be 61 e0 00 00 00 02 00...

Страница 3106: ...ime interval in seconds to identify a kernel thread starvation A kernel thread starvation occurs if a kernel thread does not run within n seconds Threads excluded from monitoring Kernel threads exclud...

Страница 3107: ...0K 120 S 0 0 5 220 scmd Table 6 Command output Field Description Job ID Job ID of the process The job ID never changes PID Number of the process The number identifies the process and it might change a...

Страница 3108: ...Running S Sleeping T Traced or stopped D Uninterruptible sleep Z Zombie HH MM SS MSEC Running time since the most recent start Name Process name Display state information for all processes Sysname dis...

Страница 3109: ...a process HH MM SS Running time since the most recent start If the running time reaches or exceeds 100 hours this field displays only the number of hours COMMAND Name and parameters of a process If sq...

Страница 3110: ...mation for all user processes Syntax display process log slot slot number cpu cpu number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IR...

Страница 3111: ...ory Use display process memory to display memory usage for all user processes Syntax display process memory slot slot number cpu cpu number Views Any view Predefined user roles network admin network o...

Страница 3112: ...0 Stack Stack memory used by the user process in KB The value for a kernel thread is 0 Dynamic Dynamic memory used by the user process in KB The value for a kernel thread is 0 Name Name of the user p...

Страница 3113: ...ommand Examples Display brief information about heap memory usage for the process identified by job ID 1 Sysname display process memory heap job 1 Total virtual memory heap space in bytes 2228224 Tota...

Страница 3114: ...member device this command displays information for the master device cpu cpu number Specifies a CPU by its number Usage guidelines When a user process runs abnormally the command helps locate the pr...

Страница 3115: ...evice by its member ID If you do not specify a member device this command displays information for the master device cpu cpu number Specifies a CPU by its number Usage guidelines The command displays...

Страница 3116: ...stem will save core dump files to the core folder in the specified directory on the master If the core folder does not exist in the specified directory the system creates the core folder before saving...

Страница 3117: ...ate configuration can cause system breakdown As a best practice leave the default unchanged Examples Set the kernel thread deadloop protection action to reboot for slot 1 Sysname system view Sysname m...

Страница 3118: ...dloops If a thread occupies the CPU regularly the device considers that a deadloop has occurred Examples Enable kernel thread deadloop detection Sysname system view Sysname monitor kernel deadloop ena...

Страница 3119: ...em view Sysname monitor kernel deadloop exclude thread 15 Related commands display kernel deadloop configuration display kernel deadloop monitor kernel deadloop enable monitor kernel deadloop time Use...

Страница 3120: ...vation enable slot slot number cpu cpu number undo monitor kernel starvation enable slot slot number cpu cpu number Default Kernel thread starvation detection is disabled Views System view Predefined...

Страница 3121: ...efault Kernel thread starvation detection if enabled monitors all kernel threads Views System view Predefined user roles network admin Parameters tid Specifies a kernel thread by its ID in the range o...

Страница 3122: ...ion in the range of 1 to 65535 seconds slot slot number Specifies an IRF member device by its ID If you do not specify this option the master device is specified cpu cpu number Specifies a CPU by its...

Страница 3123: ...umber of displayed processes according to the screen size and does not display exceeding processes You can also input interactive commands as shown in Table 12 to perform relevant operations Table 12...

Страница 3124: ...ksoftirqd 0 5 5 99 S 0 0K 00 00 00 0 00 watchdog 0 6 6 115 S 0 0K 00 00 01 0 00 events 0 7 7 115 S 0 0K 00 00 00 0 00 khelper 4797 4797 120 S 8 28832K 00 00 02 0 00 comsh 5117 5117 120 S 8 1496K 00 00...

Страница 3125: ...td 2 2 115 S 0 0K 00 00 00 0 00 kthreadd 3 3 99 S 0 0K 00 00 00 0 00 migration 0 4 4 115 S 0 0K 00 00 06 0 00 ksoftirqd 0 5 5 99 S 0 0K 00 00 00 0 00 watchdog 0 7 7 115 S 0 0K 00 00 00 0 00 khelper 47...

Страница 3126: ...ds Thread states 2 running 111 sleeping 0 stopped 0 zombie CPU states 86 57 idle 0 83 user 11 74 kernel 0 83 interrupt Memory 755M total 414M available page size 4K JID PID PRI State FDs MEM HH MM SS...

Страница 3127: ...I Priority level of a process State State of a process R Running S Sleeping T Traced or stopped D Uninterruptible sleep Z Zombie FDs Number of open files for a process MEM Memory usage It displays 0 f...

Страница 3128: ...he following items in turn when you press 1 again and again Values of parameters of physical CPUs Average values of parameters of all CPUs By default the command displays the average values of paramet...

Страница 3129: ...00 ksoftirqd 0 4 4 0 99 S 00 00 00 1 0 00 watchdog 0 5 5 0 115 S 00 00 00 0 0 00 events 0 6 6 0 115 S 00 00 00 0 0 00 khelper Enter h or a question mark to display help information as follows Help fo...

Страница 3130: ...page size 4K JID TID LAST_CPU PRI State HH MM SS MAX CPU Name 1176 1176 0 120 R 00 00 04 1 1 86 top 866 866 0 120 S 00 00 14 1 0 87 devd 1 1 0 120 S 00 00 07 1 0 49 scmd 730 730 0 0 S 00 00 04 1 0 12...

Страница 3131: ...s not change after the process restarts slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays information for the master device c...

Страница 3132: ...e reset exception context Related commands display exception context reset kernel deadloop Use reset kernel deadloop to clear kernel thread deadloop information Syntax reset kernel deadloop slot slot...

Страница 3133: ...eboot Use reset kernel reboot to clear kernel thread reboot information Syntax reset kernel reboot slot slot number cpu cpu number Views User view Predefined user roles network admin Parameters slot s...

Страница 3134: ...er device by its ID If you do not specify this option the command clears kernel thread starvation information for the master device cpu cpu number Specifies a CPU by its number Examples Clear kernel t...

Страница 3135: ...rface view 2 mirroring group mirroring port system view 3 mirroring group monitor egress 4 mirroring group monitor port interface view 6 mirroring group monitor port system view 7 mirroring group refl...

Страница 3136: ...rroring groups remote destination Specifies remote destination groups remote source Specifies remote source groups Usage guidelines Mirroring group information includes the type status and content of...

Страница 3137: ...No mirroring groups exist Views System view Predefined user roles network admin Parameters group id Specifies a mirroring group ID The value range for this argument is 1 to 4 local Specifies local mir...

Страница 3138: ...t as a source port for only one mirroring group A source port cannot be used as a reflector port monitor port or egress port Examples Create local mirroring group 1 to monitor the bidirectional traffi...

Страница 3139: ...groups and remote source groups A Layer 2 aggregate interface cannot be configured as a source port for a mirroring group Do not assign a source port of a mirroring group to the remote probe VLAN of t...

Страница 3140: ...or port mirroring to work correctly disable the following features on the egress port of a mirroring group Spanning tree 802 1X IGMP snooping Static ARP MAC address learning The member port of an exis...

Страница 3141: ...mirroring group do not configure its member ports as source ports of the mirroring group Use a monitor port only for port mirroring so the data monitoring device receives and analyzes only the mirror...

Страница 3142: ...tree feature on the monitor port of a mirroring group For an aggregate interface configured as the monitor port of a mirroring group do not configure its member ports as source ports of the mirroring...

Страница 3143: ...ge guidelines CAUTION The port to be configured as a reflector port must be a port not in use Do not connect a network cable to a reflector port When a port is configured as a reflector port the port...

Страница 3144: ...user roles network admin Parameters group id Specifies a mirroring group by its ID The value range for this argument is 1 to 4 vlan id Specifies a VLAN by its ID Usage guidelines You can configure re...

Страница 3145: ...te destination group 2 and configure VLAN 20 as its remote probe VLAN Sysname system view Sysname mirroring group 2 remote destination Sysname mirroring group 2 remote probe vlan 20 Related commands m...

Страница 3146: ...o the CPU for the traffic behavior Sysname system view Sysname traffic behavior 1 Sysname behavior 1 mirror to cpu mirror to interface Use mirror to interface to configure a mirroring action that mirr...

Страница 3147: ...e first four traffic behaviors take effect You can use the mirror to interface interface type interface number command to mirror traffic to only one interface in a traffic behavior If you execute the...

Страница 3148: ...commands 1 display sflow 1 sflow agent 2 sflow collector 3 sflow counter collector 4 sflow counter interval 5 sflow flow collector 5 sflow flow max header 6 sflow sampling mode 7 sflow sampling rate...

Страница 3149: ...Office Port counter sampling information Interface Instance CID Interval s GE1 0 1 2 2 100 GE1 0 1 1 1 200 Port flow sampling information Interface Instance FID MaxHLen Rate Mode Status GE1 0 1 2 2 12...

Страница 3150: ...erval in seconds FID ID of the sFlow collector for receiving flow sampled packets If no sFlow collector ID is specified this field displays 0 MaxHLen Maximum number of bytes that can be copied in a sa...

Страница 3151: ...ector collector id Default No sFlow collector information is configured Views System view Predefined user roles network admin Parameters collector id Specifies an sFlow collector by its ID The value r...

Страница 3152: ...tance instance id collector Default No sFlow instance or sFlow collector is specified for counter sampling Views Layer 2 Ethernet interface view Predefined user roles network admin Parameters instance...

Страница 3153: ...fault Counter sampling is disabled Views Layer 2 Ethernet interface view Predefined user roles network admin Parameters interval Specifies the counter sampling interval in the range of 2 to 86400 seco...

Страница 3154: ...erface counter sampling and flow sampling are separate from each other They can have the same sFlow instance but different sFlow collectors specified Settings of sFlow instances and sFlow collectors f...

Страница 3155: ...set to 4000 by using the sflow sampling rate command the device samples packets randomly as follows The device might sample one packet from the first 4000 packets The device might sample multiple pack...

Страница 3156: ...gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 sflow sampling rate 32768 Related commands sflow sampling mode sflow source Use sflow source to specify the source IP address of sent sFlow packets...

Страница 3157: ...5 info center logfile enable 16 info center logfile frequency 17 info center logfile overwrite protection 17 info center logfile size quota 18 info center logging suppress duplicates 18 info center lo...

Страница 3158: ...command The system clears the diagnostic log file buffer after saving the buffered diagnostic logs to the diagnostic log file If the diagnostic log file buffer is empty this command displays a succes...

Страница 3159: ...Directory where the diagnostic log file is saved Writing frequency Interval at which the system saves diagnostic logs from the buffer to the diagnostic log file display info center Use display info c...

Страница 3160: ...og output filters Examples Display information about log output filter loghost1 Sysname display info center filter loghost1 Log output filter loghost1 Module Rule ARP Debugging CFGLOG Deny Default Inf...

Страница 3161: ...the memory resources are used up warning 5 Notification Normal but significant condition For example a terminal logs in to the device or the device reboots notificatio n 6 Informational Informational...

Страница 3162: ...ffer last mins 5 Table 4 Command output Field Description Log buffer Status of the log buffer Enabled Logs can be output to the log buffer Disabled Logs cannot be output to the buffer Max buffer size...

Страница 3163: ...itical For more information see Table 3 ERROR Represents error For more information see Table 3 WARN Represents warning For more information see Table 3 NOTIF Represents notification For more informat...

Страница 3164: ...g file directory flash logfile Writing frequency 24 hour 0 min 10 sec Table 6 Command output Field Description Log file Log file status Enabled Logs can be output to the log file Disabled Logs cannot...

Страница 3165: ...se display security logfile summary to display the summary of the security log file Syntax display security logfile summary Views Any view Predefined user roles security audit Usage guidelines To use...

Страница 3166: ...g link up or link down logs when the interface state changes Syntax enable log updown undo enable log updown Default All interfaces are allowed to generate link up and link down logs Views Interface v...

Страница 3167: ...c logs to the diagnostic log file Syntax info center diagnostic logfile enable undo info center diagnostic logfile enable Default Saving diagnostic logs to the diagnostic log file is enabled Views Sys...

Страница 3168: ...ng interval to 600 seconds Sysname system view Sysname info center diagnostic logfile frequency 600 Related commands info center diagnostic logfile enable info center diagnostic logfile quota Use info...

Страница 3169: ...on center is enabled info center filter Use info center filter to create a log output filter Syntax info center filter filter name module name default deny level severity undo info center filter filte...

Страница 3170: ...et log output filter rules for the same module multiple times the most recent configuration takes effect To set a general log output filter rule for all modules use the default keyword The general log...

Страница 3171: ...m view Sysname info center format unicom info center logbuffer Use info center logbuffer to enable log output to the log buffer Use undo info center logbuffer to disable log output to the log buffer S...

Страница 3172: ...undo info center logbuffer size Default A maximum of 512 logs can be buffered Views System view Predefined user roles network admin Parameters buffersize Specifies the maximum log buffer size The valu...

Страница 3173: ...rectory to flash test Sysname mkdir test Creating directory flash test Done Sysname system view Sysname info center logfile directory flash test Related commands info center logfile enable info center...

Страница 3174: ...nes This command enables the system to automatically save logs in the log file buffer to the log file at the specified interval Examples Set the log file saving interval to 60000 seconds Sysname syste...

Страница 3175: ...size quota Use info center logfile size quota to set the maximum log file size Use undo info center logfile size quota to restore the default Syntax info center logfile size quota size undo info cente...

Страница 3176: ...suppress module module name mnemonic all mnemonic value undo info center logging suppress module module name mnemonic all mnemonic value Default The device does not suppress output of any logs from an...

Страница 3177: ...g hosts are specified Views System view Predefined user roles network admin Parameters vpn instance vpn instance name Specifies an MPLS L3VPN instance by its name a case sensitive string of 1 to 31 ch...

Страница 3178: ...me info center loghost 1 1 1 1 Related commands info center filter info center source info center loghost source Use info center loghost source to specify a source IP address for logs sent to log host...

Страница 3179: ...e value must be an integer in the range of 1 to 100 Usage guidelines When the security log file is full the system deletes the oldest logs and then writes new logs to the security log file This featur...

Страница 3180: ...e system view Sysname info center security logfile directory flash test info center security logfile enable Use info center security logfile enable to enable saving of security logs to the security lo...

Страница 3181: ...ge guidelines The system outputs security logs to the security log file buffer and then saves the buffered logs to the security log file at the specified interval Examples Set the security log file sa...

Страница 3182: ...odule name default console logbuffer logfile loghost monitor Default Table 8 lists the default log output rules Table 8 Default output rules Destination Log source modules Output switch Severity Conso...

Страница 3183: ...tion takes effect If you execute this command for the default modules multiple times the most recent configuration takes effect Examples Output only VLAN module s information with the emergency level...

Страница 3184: ...execute the command Enable synchronous information output and then save the current configuration enter interactive information Sysname system view Sysname info center synchronous Info center synchron...

Страница 3185: ...buffer log traps Usage guidelines Log traps are SNMP notifications stored in the log trap buffer After the snmp agent trap enable syslog command is configured the device sends log messages in SNMP no...

Страница 3186: ...a space if it is less than 10 for example 7 hh mm ss ms Local time with hh in the range of 00 to 23 mm and ss in the range of 00 to 59 and ms in the range of 0 to 999 YYYY Year none Indicates no time...

Страница 3187: ...009 09 21T15 32 55 01 00 By default the ISO format timestamp does not contain the time zone information no year date Sets the timestamp format to the current system date and time without year or milli...

Страница 3188: ...tically or manually If the log file buffer is empty this command displays a success message event though no logs are saved to the log file Examples Manually save logs from the log file buffer to the l...

Страница 3189: ...ut configuring the security audit user role see AAA commands in Security Command Reference Examples Manually save the security logs in the security log file buffer to the security log file Sysname sec...

Страница 3190: ...g to disable display of debug information on the current terminal Syntax terminal debugging undo terminal debugging Default Display of debug information is disabled on the current terminal Views User...

Страница 3191: ...gging level severity undo terminal logging level Default The lowest level of logs that can be output to the current terminal is 6 Informational Views User view Predefined user roles network admin Para...

Страница 3192: ...toring of logs is enabled on the console and disabled on the monitor terminal Views User view Predefined user roles network admin Usage guidelines This command takes effect only for the current connec...

Страница 3193: ...interval 10 ptp announce timeout 11 ptp asymmetry correction 12 ptp clock step 13 ptp delay mechanism 14 ptp destination mac 14 ptp domain 15 ptp dscp 16 ptp enable 17 ptp force state 18 ptp min delay...

Страница 3194: ...TP profile PTP standard or a PTP mode Examples Display PTP clock information Sysname display ptp clock PTP profile IEEE 1588 Version 2 PTP mode BC Slave only No Clock ID 000FE2 FFFE FF0000 Clock type...

Страница 3195: ...e in nanoseconds N A indicates that information for this field is not obtained Mean path delay Mean path delay in nanoseconds N A indicates that information for this field is not obtained Steps remove...

Страница 3196: ...isplay ptp foreign masters record to display information about foreign master nodes Syntax display ptp foreign masters record interface interface type interface number Views Any view Predefined user r...

Страница 3197: ...ed user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays PTP runni...

Страница 3198: ...te Passive Neither receives nor sends synchronization messages A PTP interface is in passive state after it receives an announce messages Master Sends synchronization messages Premaster Temporary stat...

Страница 3199: ...field displays the value for the interval exponent Announce receipt time out Number of announcement intervals before the receiving node stops receiving announce messages If a member node does not rec...

Страница 3200: ...uality Class 248 Accuracy 254 Offset log variance 65535 Priority1 128 Priority2 128 Table 5 Command output Field Description Parent port number Outgoing interface number of the parent clock Observed p...

Страница 3201: ...owUp 0 PdelayReq 0 PdelayResp 0 PdelayRespFollowUp 0 Sent packets Announce 476 Sync 2543 Signaling 0 DelayReq 0 DelayResp 0 FollowUp 2542 PdelayReq 238 PdelayResp 0 PdelayRespFollowUp 0 Discarded pack...

Страница 3202: ...or Table 7 Command output Field Description Current UTC offset valid Whether the UTC offset is valid True Yes False No Current UTC offset Cumulative offset in seconds between the Coordinated Universal...

Страница 3203: ...ned user roles network admin Usage guidelines This command is available only after you specify a PTP profile and a PTP mode Examples Activate the port role configuration Sysname system view Sysname pt...

Страница 3204: ...is available only after you specify a PTP profile and a PTP mode The master node uses the value configured on its interface as the interval for sending announce messages Examples Set the announce mes...

Страница 3205: ...ce message sending interval to 5 on GigabitEthernet 1 0 1 Sysname system view Sysname ptp profile 1588v2 Sysname ptp mode oc Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 ptp an...

Страница 3206: ...mestamps Views Layer 2 Ethernet interface view Predefined user roles network admin Parameters one step Specifies the single step mode two step Specifies the two step mode Usage guidelines You can conf...

Страница 3207: ...pecifies the peer delay mechanism used by P2PTC Usage guidelines This command is applicable only to BCs and OCs GigabitEthernet1 0 1 to GigabitEthernet1 0 16 on the IE4320 28P switch do not support th...

Страница 3208: ...elay messages is 0180 C200 000E which cannot be modified This command takes effect only if PTP messages are encapsulated in IEEE 802 3 Ethernet packets Examples Configure the destination MAC address f...

Страница 3209: ...profile 1588v2 Sysname ptp mode oc Sysname ptp domain 2 Related commands ptp mode ptp profile ptp source ptp dscp Use ptp dscp to set a DSCP value for PTP messages that are transmitted over UDP IPv4...

Страница 3210: ...ter you specify a PTP profile and a PTP mode An OC can have only one PTP port As a best practice enable PTP on an interface after you configure PTP parameters For PTP to take effect on a Layer 2 Ether...

Страница 3211: ...rnet interface view Predefined user roles network admin Parameters master Specifies the PTP port as a master port passive Specifies the PTP port as a passive port slave Specifies the PTP port as a sub...

Страница 3212: ...file is SMPTE ST 2059 2 the value range for the interval argument is 5 to 4 Usage guidelines When a member clock receives a Sync message it responds by sending a Delay_Req message and starts a timer d...

Страница 3213: ...is specified Views System view Predefined user roles network admin Parameters bc Specifies the clock node type as boundary clock BC e2etc Specifies the clock node type as end to end transparent clock...

Страница 3214: ...ifies an exponent to the power of which base 2 is raised to get the interval in seconds for sending peer delay request messages When the PTP profile is IEEE 1588 version 2 the value range for the inte...

Страница 3215: ...ble only after you specify a PTP profile and a PTP mode The SMPTE ST 2059 2 PTP profiles does not support this command Examples Specify the clock node type as P2PTC OC for the device Configure the por...

Страница 3216: ...guidelines This command is available only after you specify a PTP profile and a PTP mode Examples Configure priority 1 as 10 for the local clock Sysname system view Sysname ptp profile 1588v2 Sysname...

Страница 3217: ...the default Syntax ptp slave only undo ptp slave only Default An OC can operate either as a master clock or a member clock Views System view Predefined user roles network admin Usage guidelines This...

Страница 3218: ...tance name Specifies an MPLS L3VPN instance used for communication between the local device and the peer device The vpn instance name argument is a case sensitive string of 1 to 31 characters If the p...

Страница 3219: ...argument is 1 to 1 When the PTP profile is SMPTE ST 2059 2 the value range for the interval argument is 5 to 1 Usage guidelines This command is available only after you specify a PTP profile and a PT...

Страница 3220: ...correction date configured for the UTC Syntax ptp utc leap59 date leap61 date date undo ptp utc leap59 date leap61 date Default No correction date is configured for the UTC Views System view Predefine...

Страница 3221: ...en the UTC and TAI is 0 seconds Views System view Predefined user roles network admin Parameters utc offset Sets the cumulative offset between the UTC and TAI in seconds The utc offset argument is in...

Страница 3222: ...rnet interface view Predefined user roles network admin Parameters vlan vlan id Specifies a VLAN by its ID in the range of 1 to 4094 dot1p dot1p value Specifies an 802 1p precedence for PTP messages i...

Страница 3223: ...user roles network admin Parameters interface interface type interface number Specifies an interface by its type and number If you do not specify an interface this command clears PTP statistics on al...

Страница 3224: ...1 display network clock status 2 network clock source forcessm 3 network clock source priority 4 network clock source ssm 4 network clock ssmcontrol 5 network clock work mode 6 Synchronous Ethernet c...

Страница 3225: ...nd output Field Description Port Line clock input port State State of the clock source Normal The clock source is operating correctly Lost The clock source is not available or is in an error condition...

Страница 3226: ...ay network clock status Mode Auto Reference N A Traced reference N A Lock mode Unknown SSM output level SSUB SSM control enable On Table 2 Command output Field Description Mode Clock reference selecti...

Страница 3227: ...he quality level of a clock source Use undo network clock source forcessm to restore the default Syntax network clock source lpuport interface type interface number ptp forcessm off on undo network cl...

Страница 3228: ...type interface number ptp priority Default All clock sources have a priority of 255 Views System view Predefined user roles network admin Parameters lpuport interface type interface number Specifies...

Страница 3229: ...the SSM quality level to SDH equipment clock ssua Sets the SSM quality level to G 812 primary level SSU ssub Sets the SSM quality level to G 812 second level SSU unknown Sets the SSM quality level to...

Страница 3230: ...Related commands display network clock source network clock ssm network clock work mode Use network clock work mode to set the clock reference selection mode Use undo network clock work mode to resto...

Страница 3231: ...clock lpuport command It takes time for a clock reference selection mode change to take effect To verify the effectiveness of the change use the display network clock status command or check the log...

Страница 3232: ...the command displays ESMC information for all interfaces Usage guidelines ESMC information is not available for interfaces in asynchronous mode Examples Display ESMC information for all interfaces Sys...

Страница 3233: ...event packets sent Number of received or sent ESMC event packets ESMC information rate Transmission rate of ESMC information packets The value is fixed at 1 pps ESMC expiration ESMC expiration timer T...

Страница 3234: ...twork admin Parameters master Specifies the master clock mode slave Specifies the slave clock mode Usage guidelines To avoid a negotiation result that conflicts with your clock synchronization trail d...

Страница 3235: ...s network admin Usage guidelines You can configure an interface as a line clock input port only after you enable the synchronous mode on the interface GigabitEthernet 1 0 25 to GigabitEthernet 1 0 28...

Страница 3236: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series Telemetry Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 3237: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 3238: ...lose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which you select...

Страница 3239: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 3240: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 3241: ...timeout 6 grpc port 6 gRPC dial out mode commands 7 destination group subscription view 7 destination group telemetry view 8 domain name 8 ipv4 address 10 ipv6 address 11 ipv6 domain name 11 sensor p...

Страница 3242: ...lay detailed gRPC information If you do not specify this keyword the command displays brief gRPC information Examples Display brief gRPC information Sysname display grpc gRPC status Enabled Current ti...

Страница 3243: ...s Connection ID ID of the connection between the device and a collector IP address Port IP address and service port number of the collector Domain name Port Domain name and service port number of the...

Страница 3244: ...vent triggered statistics Effective count 0 Sent successfully 0 Failed 0 Queued packets Queue size 204 1000 Dropped 0 Last error Channel Connecting Table 2 Command output Field Description gRPC status...

Страница 3245: ...type Event triggered Event triggered sampling Periodic Periodical sampling Effective sampling interval Data sampling interval that takes effect Sensor path Sensor path Destination group Name of the de...

Страница 3246: ...se grpc enable to enable the gRPC service Use undo grpc enable to disable the gRPC service Syntax grpc enable undo grpc enable Default The gRPC service is disabled Views System view Predefined user ro...

Страница 3247: ...s in the range of 0 to 30 To disable gRPC sessions from being timed out set it to 0 Usage guidelines If no gRPC packet exchanges occur on the session between a gRPC and the server before the idle time...

Страница 3248: ...n group for a subscription Use undo destination group to remove a destination group from a subscription Syntax destination group group name undo destination group group name Default A subscription doe...

Страница 3249: ...roup name a case sensitive string of 1 to 31 characters Usage guidelines As a best practice configure a maximum of five destination groups Configuring too many destination groups might degrade the sys...

Страница 3250: ...ot specify this option Usage guidelines If you specify collectors by their domain names you must configure DNS to make sure the device can translate the domain names of the collectors to IPv4 addresse...

Страница 3251: ...elongs The vpn instance name argument represents the VPN instance name a case sensitive string of 1 to 31 characters If the collector belongs to the public network do not specify this option Usage gui...

Страница 3252: ...e sensitive string of 1 to 31 characters If the collector belongs to the public network do not specify this option Usage guidelines To add multiple collectors to a destination group execute this comma...

Страница 3253: ...d VPN instance already exists If the collector is on the public network do not specify this option Usage guidelines If you specify IPv6 collectors by their domain names you must configure DNS to make...

Страница 3254: ...d multiple times The device supports a maximum of 128 sensor paths If the device does not support the specified sensor path the command displays an error message To modify the sensor path configuratio...

Страница 3255: ...or paths do not take effect If you do not specify the option for periodic sensor paths the device does not sample or push data The specified sensor group must have been created by using the sensor gro...

Страница 3256: ...ddress for packets sent to collectors Use undo source address to restore the default Syntax source address ipv4 address interface interface type interface number ipv6 ipv6 address undo source address...

Страница 3257: ...scription to create a subscription and enter its view or enter the view of an existing subscription Use undo sensor group to delete a subscription Syntax subscription subscription name undo subscripti...

Страница 3258: ...etry view Syntax telemetry Views System view Predefined user roles network admin Usage guidelines In telemetry view you can configure telemetry parameters Examples Enter telemetry view Sysname system...

Страница 3259: ...H3C IE4300 IE4300 M IE4320 Industrial Switch Series OpenFlow Command Reference New H3C Technologies Co Ltd http www h3c com Software version Release 63xx Document version 6W101 20230116...

Страница 3260: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 3261: ...nclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertical bars from which you sele...

Страница 3262: ...s a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Represents an access controller a unified wired WLAN module or the access controller engine on a u...

Страница 3263: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 3264: ...group 15 display openflow instance 16 display openflow meter 18 display openflow summary 20 fail open mode 21 flow entry max limit 22 flow log disable 22 flow table 23 forbidden packet in arp control...

Страница 3265: ...the instance take effect After an OpenFlow instance is reactivated it disconnects from all controllers clears the deployed flow tables updates the capability set and then reconnects to controllers Ex...

Страница 3266: ...able the VLAN mode for OpenFlow instance 1 and associate OpenFlow instance 1 with VLANs determined by VLAN ID 255 and VLAN mask 7 Sysname system view Sysname openflow instance 1 Sysname of inst 1 clas...

Страница 3267: ...itive string of 1 to 31 characters If you do not specify a VRF name the controller is in the public network Usage guidelines You can specify multiple controllers for an OpenFlow switch The OpenFlow ch...

Страница 3268: ...oller port port number Sets the port number used to establish TCP connections to the controller The value range for the port number is 1 to 65535 The default value is 6633 Usage guidelines Auxiliary c...

Страница 3269: ...rval Use controller echo request interval to set the connection detection interval for an OpenFlow switch Use undo controller echo request interval to restore the default Syntax controller echo reques...

Страница 3270: ...n single mode the OpenFlow switch connects to only one controller at a time When communication with the current controller fails the OpenFlow instance connects to the controller with the lowest ID amo...

Страница 3271: ...se undo default table miss permit to restore the default Syntax default table miss permit undo default table miss permit Default The default action of a table miss flow entry is to drop packets Views...

Страница 3272: ...OpenFlow instance by its ID in the range of 1 to 4094 controller id Specifies a controller by its ID in the range of 0 to 63 If you do not specify a controller ID this command displays information ab...

Страница 3273: ...r for the OpenFlow instance If the controller is not configured with any role this field displays two hyphens Connect type Type of the connection between the OpenFlow instance and the controller TCP o...

Страница 3274: ...IP address 192 168 49 49 Controller port 6633 Connect type TCP Connect state Established Packets sent 9 Packets received 9 SSL policy Table 2 Command output Field Description Auxiliary connection numb...

Страница 3275: ...Instance 100 flow table information Table 0 information Table type MAC IP flow entry count 1 total flow entry count 2 MissRule default flow entry information cookie 0x0 priority 0 hard time 0 idle ti...

Страница 3276: ...utput interface Controller send length 128 bytes Table 3 Command output Field Description Table information Information about the flow table Table type Type of the flow table MAC IP or Extensibility f...

Страница 3277: ...iately clears all actions in the action set Apply actions Immediately applies specified actions in the action set Write actions Writes specified actions into the current action set For more informatio...

Страница 3278: ...the matched packet This action is not defined in the OpenFlow specifications Output interface Sends the packet through a specific port For more information about ports see Table 6 Group Specifies a g...

Страница 3279: ...mation about all group entries for an OpenFlow instance Examples Display group information for OpenFlow instance 100 Sysname display openflow instance 100 group Instance 100 group table information Gr...

Страница 3280: ...atistics cannot be collected this field displays two hyphens packet count Number of packets processed by a group or by a bucket If the statistics cannot be collected this field displays two hyphens wa...

Страница 3281: ...ble Table ID type 0 MAC IP count 0 Flow entry max limit 65535 Datapath ID 0x0000001234567891 Default table miss Drop Forbidden port None Qinq Network Disabled TCP connection backup Enabled Port inform...

Страница 3282: ...in the extensibility flow table Datapath ID Datapath ID of the OpenFlow instance Default table miss Default action of the table miss flow entry Permit or Drop Forbidden port Type of interfaces that a...

Страница 3283: ...e drop rate 1024 burst size 65536 Byte count 0 packet count 0 Referenced information Count 3 Flow table 0 Flow entry 1 2 3 Meter entry 200 information Meter flags KBPS Band 1 information Type drop rat...

Страница 3284: ...er entry display openflow summary Use display openflow summary to display brief OpenFlow instance information Syntax display openflow instance summary Views Any view Predefined user roles network admi...

Страница 3285: ...w instance is required to be reactivated N indicates the configuration is unchanged and the OpenFlow instance is not required to be reactivated If the OpenFlow instance is not activated this field dis...

Страница 3286: ...rs limit value Specifies the maximum number of flow entries for an extensibility flow table The value range for this argument is 1 to 65535 Usage guidelines If the number of extensibility flow table e...

Страница 3287: ...r roles network admin Parameters extensibility extensibility table id Specifies an extensibility flow table by its ID in the range of 0 to 254 mac ip mac ip table id Specifies a MAC IP flow table by i...

Страница 3288: ...list argument the undo form of this command restores all configuration of this feature to the default Examples Forbid the device not to report ARP packets to controller 0 Sysname system view Sysname...

Страница 3289: ...nagement vlan Default No inband management VLANs are configured for an OpenFlow instance Views OpenFlow instance view Predefined user roles network admin Parameters vlan id list Specifies a space sepa...

Страница 3290: ...ler acts as the SSL client and actively connects to the OpenFlow instance For more information about SSL see Security Configuration Guide To re configure the SSL server first execute the undo form of...

Страница 3291: ...mic mac aware to restore the default Syntax mac ip dynamic mac aware undo mac ip dynamic mac aware Default An OpenFlow instance ignores the dynamic MAC addresses in the query and deletion flow entry i...

Страница 3292: ...ting OpenFlow instance Use undo openflow instance to remove an OpenFlow instance Syntax openflow instance instance id undo openflow instance instance id Default No OpenFlow instances exist Views Syste...

Страница 3293: ...OpenFlow Sysname system view Sysname interface gigabitethernet 1 0 1 Sysname GigabitEthernet1 0 1 openflow shutdown permit port type member port Use permit port type member port to allow link aggrega...

Страница 3294: ...amic ARP entries to overwrite OpenFlow ARP entries Sysname system view Sysname openflow instance 1 Sysname of inst 1 precedence dynamic arp refresh ip flow Use refresh ip flow to refresh all Layer 3 f...

Страница 3295: ...nd and receive for an OpenFlow instance listened Specifies the client that connects to the server enabled for the OpenFlow instance Examples Clear statistics on packets that all controllers send and r...

Страница 3296: ...instance view Predefined user roles network admin Usage guidelines This command enables an OpenFlow instance to back up OpenFlow connections established over TCP This prevents connection interruption...

Отзывы:

Нет отзывов

Похожие инструкции для SOHO IE4300

Бренд: KELCO Страницы: 22

Бренд: Jasco Страницы: 2

ToolBox GTB-MHDMI1.3-441

Бренд: Gefen Страницы: 25

Бренд: PRO SIGNAL Страницы: 4

Бренд: Scion Страницы: 8

Бренд: IPGARD Страницы: 2

Бренд: Kathrein Страницы: 41

Бренд: Alps Electric Страницы: 4

Бренд: Linksys Страницы: 110

Ascentic MH10-ARC

Бренд: Audio Authority Страницы: 5

Бренд: Black Box Страницы: 3

Бренд: Qlogic Страницы: 412

SmartSTACK ELS100-24TXG

Бренд: Cabletron Systems Страницы: 7

TMS 5XX SE AQ-EU Series

Бренд: Triax Страницы: 6

Бренд: Rosewill Страницы: 9

AT-HDDVI1616-AM

Бренд: Atlona Страницы: 15

Бренд: AETEK Страницы: 2

Бренд: UniFi Страницы: 13

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды