- DL manuals
- 3Com
- Switch
- 5500-EI PWR
- Reference Manual
3Com 5500-EI PWR Reference Manual
i
Table of Contents
1 CLI Configuration Commands··················································································································1-1
CLI Configuration Commands·················································································································1-1
command-privilege level··················································································································1-1
display history-command·················································································································1-4
super················································································································································1-4
super authentication-mode ··············································································································1-5
super password ·······························································································································1-6
Summary of 5500-EI PWR
Page 1
I table of contents 1 cli configuration commands··················································································································1-1 cli configuration commands············································································································...
Page 2: Cli Configuration Commands
1-1 1 cli configuration commands cli configuration commands command-privilege level syntax command-privilege level level view view command undo command-privilege view view command view system view parameters level level: command level to be set, in the range of 0 to 3. View view: cli view. It can be...
Page 3
1-2 cli view description mst-region mst region view mtlk-group monitor link group view null null interface view ospf ospf view ospf-area ospf area view peer-key-code public key editing view peer-public-key public key view pim pim view poe-profile poe profile view qinq qinq view qos-profile qos profi...
Page 4
1-3 level name command 1 monitor level commands used to maintain the system and diagnose service fault, such as debugging, terminal and reset commands. 2 system level all configuration commands except for those at the manage level. 3 manage level commands associated with the basic operation modules ...
Page 5
1-4 [sysname] command-privilege level 0 view shell tftp 192.168.0.1 get bootrom.Btm # restore the default level of the tftp get command. To restore the default levels of the commands starting with the tftp keyword, you only need to specify the tftp keyword. [sysname] undo command-privilege view shel...
Page 6
1-5 executing this command without the level argument will switch the current user level to level 3 by default. Note that: z users logged into the switch fall into four user levels, which correspond to the four command levels respectively. Users at a specific level can only use the commands at the s...
Page 7
1-6 description use the super authentication-mode command to specify the authentication mode used for low-to-high user level switching. Use the undo super authentication-mode command to restore the default. By default, super password authentication is adopted for low-to-high user level switching. No...
Page 8
1-7 password: password to be set. If the simple keyword is used, you must provide a plain-text password, that is, a string of 1 to 16 characters. If the cipher keyword is used, you can provide a password in either of the two ways: z input a plain-text password, that is, a string of 1 to 16 character...
Page 9: Table of Contents
I table of contents 1 login commands ······································································································································1-1 login commands ··············································································································...
Page 11
1-2 to improve security and prevent attacks to the unused sockets, tcp 23 and tcp 22, ports for telnet and ssh services respectively, will be enabled or disabled after corresponding configurations. Z if the authentication mode is none, tcp 23 will be enabled, and tcp 22 will be disabled. Z if the au...
Page 12
1-3 auto-execute command syntax auto-execute command text undo auto-execute command view vty user interface view parameters text: command to be executed automatically. Description use the auto-execute command command to set the command that is executed automatically after a user logs in. Use the und...
Page 13
1-4 copyright-info enable syntax copyright-info enable undo copyright-info enable view system view parameters none description use the copyright-info enable command to enable copyright information displaying. Use the undo copyright-info enable command to disable copyright information displaying. By ...
Page 14
1-5 parameters 7: sets the databits to 7. 8: sets the databits to 8. Description use the databits command to set the databits for the user interface. Use the undo databits command to revert to the default databits. The default databits is 8. Examples # set the databits to 7. System-view system view:...
Page 15
1-6 examples # display the source ip address configured for the switch operating as the telnet server. Display telnet-server source-ip the source ip you specified is 192.168.1.1 display telnet source-ip syntax display telnet source-ip view any view parameters none description use the display telnet ...
Page 16
1-7 z in absolute user interface number scheme, the type argument is not required. In this case, user interfaces are numbered from 0 to 12. Summary: displays the summary information about a user interface. Description use the display user-interface command to display the information about a specifie...
Page 17
1-8 super the authentication mode used for a user to switch from the current lower user level to a higher level, including s, a, sa and as. S: super password authentication a: hwtacacs authentication sa: super password authentication is preferred, with hwtacacs authentication being a backup as: hwta...
Page 18
1-9 display users syntax display users [ all ] view any view parameters all: displays the user information about all user interfaces. Description use the display users command to display the user information about user interfaces. If you do not specify the all keyword, only the user information abou...
Page 19
1-10 view any view parameters none description use the display web users command to display the information about the current on-line web users. Examples # display the information about the current on-line web users. Display web users id name language level login time last req. Time 00800003 admin e...
Page 20
1-11 description use the free user-interface command to free a user interface. That is, this command tears down the connection between a user and a user interface. Note that the current user interface cannot be freed. Examples # release user interface vty 1. Free user-interface vty 1 are you sure yo...
Page 21
1-12 by default, no banner is configured. Note the following: z if you specify any one of the four keywords without providing the text argument, the specified keyword will be regarded as the login information. Z the banner configured with the header incoming command is displayed after a modem user l...
Page 22
1-13 welcome to legal! Press y or enter to continue, n to exit. Welcome to login! Login authentication password: welcome to shell! History-command max-size syntax history-command max-size value undo history-command max-size view user interface view parameters value: size of the history command buffe...
Page 23
1-14 parameters minutes: number of minutes. This argument ranges from 0 to 35,791. Seconds: number of seconds. This argument ranges from 0 to 59. Description use the idle-timeout command to set the timeout time. The connection to a user interface is terminated if no operation is performed in the use...
Page 24
1-15 after the web file is upgraded, you need to use the boot web-package command to specify a new web file or specify a new web file from the boot menu after reboot for the web server to operate properly. Refer to the file system management part in this manual for information about the boot web-pac...
Page 26
1-17 telnet: supports telnet protocol. Description use the protocol inbound command to specify the protocols supported by the user interface. Both telnet protocol and ssh protocol are supported by default. Related commands: user-interface vty. To improve security and prevent attacks to the unused so...
Page 27
1-18 screen-length syntax screen-length screen-length undo screen-length view user interface view parameters screen-length: number of lines the screen can contain. This argument ranges from 0 to 512. Description use the screen-length command to set the number of lines the terminal screen can contain...
Page 28
1-19 examples # send “hello” to all user interfaces. Send all enter message, end with ctrl+z or enter; abort with ctrl+c: hello^z send message? [y/n]y the current user interface will receive the following information: *** *** ***message from vty1 to vty1 *** hello service-type syntax service-type { ...
Page 29
1-20 z monitor level: commands at this level are used to maintain the system, to debug service problems, and so on. The display and debugging commands are at monitor level. Commands at this level cannot be saved in configuration files. Z system level: commands at this level are used to configure ser...
Page 30
1-21 password: password to be set. The password must be in plain text if you specify the simple keyword in the set authentication password command. If you specify the cipher keyword, the password can be in either cipher text or plain text, as described in the following. Z when you enter the password...
Page 31
1-22 note the following when using the undo shell command: z terminal services cannot be disabled in aux user interfaces. Z this command is unavailable in the current user interface. Z the execution of this command requires user confirmation. Examples # disable terminal services in vty 0 through vty...
Page 32
1-23 view aux user interface view parameters 1: sets the stopbits to 1. 1.5: sets the stopbits to 1.5. 2: sets the stopbits to 2. Description use the stopbits command to set the stopbits of the user interface. Use the undo stopbits command to revert to the default stopbits. Execute these two command...
Page 33
1-24 source-interface interface-type interface-number: specifies the type and number of the source interface. Source-ip ip-address: specifies the source ip address. Description use the telnet command to telnet to another device from the current switch to manage the former remotely. You can terminate...
Page 34
1-25 system view: return to user view with ctrl+z. [sysname] telnet source-interface vlan-interface 2 telnet source-ip syntax telnet source-ip ip-address undo telnet source-ip view system view parameters ip-address: ip address to be set. Description use the telnet source-ip command to specify the so...
Page 35
1-26 the source interface can be a loopback interface or a vlan interface. If the specified interface does not exist, the system prompts that this configuration fails, and the login succeeds only when there is a route between the telnet client and the specified source interface. With the telnet-serv...
Page 36
1-27 user-interface syntax user-interface [ type ] first-number [ last-number ] view system view parameters type: user interface type, which can be aux (for aux user interface) and vty (for vty user interface). First-number: user interface index identifying the first user interface to be configured....
Page 37
1-28 use the undo user privilege level command to revert to the default command level. By default, the commands at level 3 are available to the users logging in to the aux user interface. The commands at level 0 are available to the users logging in to vty user interfaces. Commands fall into four co...
Page 42
2-5 view system view parameters v1: snmpv1. V2c: snmpv2c. V3: snmpv3. User-name: user name, a string of 1 to 32 characters. Group-name: name of the group to which the user corresponds. This argument is a string of 1 to 32 characters. Cipher:specifies the authentication or encryption password to be i...
Page 43
2-6.
Page 44: Table of Contents
I table of contents 1 configuration file management commands ··························································································1-1 file attribute configuration commands ··································································································1-1 displ...
Page 45
1-1 1 configuration file management commands the 3com 5500-ei series ethernet switches support expandable resilient networking (xrn), and allow you to access a file on the switch in one of the following ways: z to access a file on the specified unit, you need to enter the file universal resource loc...
Page 46
1-2 z system: indicates the system configuration. Z user-interface: indicates the user interface configuration. Interface: displays port/interface configuration. Interface-type: port/interface type, which can be one of the following: aux, ethernet, gigabitethernet, loopback, null and vlan-interface....
Page 47
1-3 after you finish a set of configurations, you can execute the display current-configuration command to display the parameters that take effect currently. Note that: z parameters that are the same as the default are not displayed. Z the configured parameter whose corresponding function does not t...
Page 48
1-4 # interface ethernet1/0/17 # interface ethernet1/0/18 # interface ethernet1/0/19 # interface ethernet1/0/20 # interface ethernet1/0/21 # interface ethernet1/0/22 # interface ethernet1/0/23 # interface ethernet1/0/24 # interface null0 # return # display the lines that include the strings matching...
Page 50
1-6 return display saved-configuration syntax display saved-configuration [ unit unit-id ] [ by-linenum ] view any view parameters unit unit-id: specifies the unit id of a switch. With this keyword-argument combination specified, this command can display the initial configuration file of the specifi...
Page 51
1-7 interface ethernet1/0/1 # interface ethernet1/0/2 # interface ethernet1/0/3 # interface ethernet1/0/4 # interface ethernet1/0/5 # interface ethernet1/0/6 # interface ethernet1/0/7 # interface ethernet1/0/8 # interface ethernet1/0/9 # interface ethernet1/0/10 # interface ethernet1/0/11 # interfac...
Page 52
1-8 # undo xrn-fabric authentication-mode #glbcfg. Must not delete # interface null0 # user-interface aux 0 7 user-interface vty 0 4 authentication-mode none user privilege level 3 # return the configuration information output above in turn is the system configuration, logical interface configuratio...
Page 53
1-9 table 1-2 description on the fields of the display startup command field description current startup saved-configuration file the configuration file used for the current startup next main startup saved-configuration file the main configuration file used for the next startup next backup startup s...
Page 54
1-10 [sysname-ui-aux0] display this # user-interface aux 0 4 idle-timeout 0 0 user-interface aux 5 7 user-interface vty 0 authentication-mode none user privilege level 3 set authentication password simple 123 idle-timeout 0 0 user-interface vty 1 4 authentication-mode none user privilege level 3 set...
Page 55
1-11 z this command will permanently delete the configuration file from the switch. Z an error occurs when you execute this command if the configuration file to be deleted does not exist. Related commands: save. Examples # erase the main configuration file to be used in the next startup. Reset saved...
Page 56
1-12 the system will save the current configuration with the default name (config.Cfg) in the root directory. The system supports two modes for saving the current configuration file. Z fast saving mode. This is the mode when you use the save command without the safely keyword. The mode saves the fil...
Page 57
1-13 save unit1>flash:/234.Cfg the current configuration will be saved to unit1>flash:/234.Cfg [y/n]:y now saving current configuration to the device. Saving configuration. Please wait... ........... Unit1 save configuration unit1>flash:/234.Cfg successfully startup saved-configuration syntax startu...
Page 58
1-14 the configuration file must use .Cfg as its extension name and the startup configuration file must be saved at the root directory in the flash of the switch. Related commands: display startup. Examples # configure the configuration file named config.Cfg as the main configuration file to be used...
Page 59: Table of Contents
I table of contents 1 vlan configuration commands··············································································································1-1 vlan configuration commands·············································································································1...
Page 60: Vlan Configuration Commands
1-1 1 vlan configuration commands vlan configuration commands description syntax description text undo description view vlan view, vlan interface view parameter text: case sensitive character string to describe the current vlan or vlan interface. Special characters and spaces are allowed. It has: z ...
Page 61
1-2 parameter vlan-id: id of the specific vlan interface. Description use the display interface vlan-interface command to display the information about the vlan interface. Vlan interface is a virtual interface in layer 3 mode, used to realize the layer 3 communication between different vlans. Each v...
Page 62
1-3 to: specifies multiple contiguous vlan ids. The vlan id after to cannot be less than that before to. All: displays the information about all the vlans. Dynamic: displays information about the dynamic vlans (which are registered through gvrp protocol). Static: displays information about the stati...
Page 63
1-4 field description name vlan name tagged ports ports through which packets are sent with vlan tag kept. Untagged ports port through which packets are sent with vlan tag stripped. Interface vlan-interface syntax interface vlan-interface vlan-id undo interface vlan-interface vlan-id view system vie...
Page 64
1-5 undo name view vlan view parameter text: vlan name, in the range of 1 character to 32 characters. It can contain special characters and spaces. Parameter use the name command to assign a name to the current vlan. Use the undo name command to restore to the default vlan name. By default, the name...
Page 65
1-6 you can use the undo shutdown command to enable a vlan interface when its related parameters and protocols are configured. When a vlan interface fails, you can use the shutdown command to disable the interface, and then use the undo shutdown command to enable this interface again, which may rest...
Page 66
1-7 example # enter vlan 1 view. System-view system view: return to user view with ctrl+z. [sysname] vlan 1 [sysname-vlan1] # remove vlan 5. System-view system view: return to user view with ctrl+z. [sysname] undo vlan 5 port-based vlan configuration commands display port syntax display port { hybri...
Page 67
1-8 parameters interface-list: list of ethernet ports to be added to or removed from a vlan. Provide this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &, where: z interface-type is port type and interface-number is port number. Z...
Page 68
1-9 examples # assign gigabitethernet 1/0/1 to vlan 3. System-view system view: return to user view with ctrl+z. [sysname] vlan 3 [sysname-vlan3] quit [sysname] interface gigabitethernet 1/0/1 [sysname-gigabitethernet1/0/1] port access vlan 3 [sysname-gigabitethernet1/0/1] port hybrid pvid vlan synt...
Page 69
1-10 undo port hybrid vlan vlan-id-list view ethernet port view parameters vlan-id-list: vlan range to which the hybrid port will be added. Vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&, where, vlan-id is in the range of 1 to 4094 and can be discrete, and & means you can input up to ten vlan ids/id r...
Page 70
1-11 description use the port link-type command to set the link type of the current ethernet port. Use the undo port link-type command to restore the default link type. By default, the link type of an ethernet port is access. The three types of ports can coexist on an ethernet switch. You can change...
Page 71
1-12 please wait... Done. Port trunk pvid vlan syntax port trunk pvid vlan vlan-id undo port trunk pvid view ethernet port view parameters vlan-id: vlan id defined in ieee802.1q, in the range of 1 to 4094. It is 1 by default. Description use the port trunk pvid vlan command to set the default vlan i...
Page 72
1-13 all: displays the protocol-related information about all ports. Description use the display protocol-vlan interface command to display the protocol information and protocol indexes configured for specified ports. Example # display protocol information and protocol index configured for gigabitet...
Page 73
1-14 vlan type: protocol-based vlan protocol-index protocol-type 0 ip 1 ip 2 ipx ethernetii 3 at vlan id: 15 vlan type: protocol-based vlan protocol-index protocol-type 0 ip 1 snap etype 0x0abcd port hybrid protocol-vlan vlan syntax port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protoc...
Page 74
1-15 z the port hybrid protocol-vlan vlan command can be executed on hybrid ports only. Z before you associate a port with the protocol-based vlan, make sure the port belongs to the protocol-based vlan. Z when the undo port hybrid protocol-vlan vlan command is being executed, the switch will prompt ...
Page 75
1-16 protocol-index: beginning protocol index ranging from 0 to 4. Note that this argument must be less than or equal to the protocol-end argument. If you do not specify this argument, the beginning protocol index will be determined by the system. Protocol-index-end: end protocol index ranging from ...
Page 76
1-17.
Page 77: Table of Contents
I table of contents 1 ip address configuration commands·····································································································1-1 ip address configuration commands·····································································································1-1 di...
Page 78
1-1 1 ip address configuration commands ip address configuration commands display ip interface syntax display ip interface [ interface-type interface-number] view any view parameters interface-type interface-number: specifies an interface by its type and number. Description use the display ip interf...
Page 79
1-2 timestamp reply: 0 information request: 0 information reply: 0 netmask request: 0 netmask reply: 0 unknown type: 0 table 1-1 description on the fields of the display ip interface command field description vlan-interface1 current state current physical state of vlan-interface 1 line protocol curr...
Page 80
1-3 view any view parameters interface-type:interface type. Interface-number: interface number. Description use the display ip interface brief command to display brief information about a specified or all layer 3 interfaces. With no argument included, the command displays information about all layer...
Page 82
1-5 examples # assign the primary ip address 129.12.0.1 and secondary ip address 129.12.1.1 to vlan-interface 1 with subnet mask 255.255.255.0. System-view system view: return to user view with ctrl+z. [sysname] interface vlan-interface 1 [sysname-vlan-interface1] ip address 129.12.0.1 255.255.255.0...
Page 83: Commands
2-1 2 ip performance optimization configuration commands ip performance configuration commands display fib syntax display fib view any view parameters none description use the display fib command to display all forwarding information base (fib) information. Examples # display all fib information. Di...
Page 84
2-2 table 2-1 description on the fields of the display fib command field description flag flags: u: a route is up and available. G: gateway route h: local host route b: blackhole route d: dynamic route s: static route r: rejected route e: multi-path equal-cost route l: route generated by arp or esis...
Page 85
2-3 description use the display fib ip-address command to view the fib entries matching the specified destination ip address. If no mask or mask length is specified, the fib entry that matches the destination ip address and has the longest mask will be displayed; if the mask is specified, the fib en...
Page 86
2-4 system-view system view: return to user view with ctrl+z. [sysname] acl number 2001 [sysname-acl-basic-2001] rule permit source 211.71.75.0 0.0.0.255 [sysname-acl-basic-2001] display acl 2001 basic acl 2001, 1 rule acl's step is 1 rule 0 permit source 211.71.75.0 0.0.0.255 # display the fib entr...
Page 87
2-5 display fib ip-prefix syntax display fib ip-prefix ip-prefix-name view any view parameters ip-prefix-name: ip prefix list name, in the range of 1 to 19 characters. Description use the display fib ip-prefix command to display the fib entries matching a specific ip prefix list. For details about i...
Page 88
2-6 description use the display fib statistics command to display the total number of fib entries. Examples # display the total number of fib entries. Display fib statistics route entry count : 8 display icmp statistics syntax display icmp statistics view any view parameters none description use the...
Page 89
2-7 field description destination unreachable number of received destination unreachable packets source quench number of received source quench packets redirects number of received redirection packets echo reply number of received replies parameter problem number of received parameter problem packet...
Page 90
2-8 examples # display the information about the socket of the tcp type. Display ip socket socktype 1 sock_stream: task = vtyd(18), socketid = 1, proto = 6, la = 0.0.0.0:23, fa = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = so_acceptconn so_keepalive so_sendvpnid so...
Page 91
2-9 view any view parameters none description use the display ip statistics command to display the statistics about ip packets. Related commands: display ip interface, reset ip statistics. Examples # display the statistics about ip packets. Display ip statistics input: sum 7120 local 112 bad protoco...
Page 92
2-10 field description output total number of fragments sent dropped total number of fragments discarded fragmented total number of ip packets successfully fragmented couldn't fragment total number of ip packets that cannot be fragmented sum total number of ip packets reassembled reassembling: timeo...
Page 93
2-11 control packets: 5 (including 1 rst) window probe packets: 0, window update packets: 2 data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes) ack-only packets: 40 (28 delayed) retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 keepalive timeout: 0, keepali...
Page 94
2-12 field description ack-only packets: 40 number of ack packets sent; in brackets are delayed ack packets retransmitted timeout number of retransmission timer timeouts connections dropped in retransmitted timeout number of connections broken due to retransmission timeouts keepalive timeout number ...
Page 95
2-13 table 2-6 description on the fields of the display tcp status command field description * if there is an asterisk before a connection, it means that the tcp connection is authenticated through the md5 algorithm. Tcpcb tcp control block local add:port local ip address and port number foreign add...
Page 96
2-14 field description checksum error total number of packets with incorrect checksum shorter than header number of packets with data shorter than header data length larger than packet number of packets with data longer than packet no socket on port number of unicast packets with no socket on port t...
Page 97
2-15 icmp unreach send syntax icmp unreach send undo icmp unreach send view system view parameters none description use the icmp unreach send command to enable the device to send icmp destination unreachable packets. After enabled with this feature, the switch, upon receiving a packet with an unreac...
Page 98
2-16 examples # enable the device to receive directed broadcasts to a directly connected network. System-view system view: return to user view with ctrl+z. [sysname] ip forward-broadcast reset ip statistics syntax reset ip statistics view user view parameters none description use the reset ip statis...
Page 99
2-17 reset udp statistics syntax reset udp statistics view user view parameters none description use the reset udp statistics command to clear the statistics about udp packets. You can use the display udp statistics command to view the current udp packet statistics. Examples # clear the statistics a...
Page 100
2-18 tcp timer syn-timeout syntax tcp timer syn-timeout time-value undo tcp timer syn-timeout view system view parameters time-value: tcp synwait timer, in seconds, with the value ranging from 2 to 600. Description use the tcp timer syn-timeout command to configure the tcp synwait timer. Use the und...
Page 101
2-19 related commands: tcp timer fin-timeout, tcp timer syn-timeout. Examples # configure the size of the transmission and receiving buffers of the connection-oriented socket to 3 kb. System-view system view: return to user view with ctrl+z. [sysname] tcp window 3.
Page 102: Table of Contents
I table of contents 1 voice vlan configuration commands ···································································································1-1 voice vlan configuration commands···································································································1-1 displ...
Page 103
1-1 1 voice vlan configuration commands voice vlan configuration commands display voice vlan error-info syntax display voice vlan error-info view any view parameters none description use the display voice vlan error-info command to display the ports on which the voice vlan function fails to be enabl...
Page 104
1-2 parameters none description use the display voice vlan oui command to display the organizationally unique identifier (oui) list used for identifying voice traffic. The output of the command displays the oui addresses, their masks, and descriptions. By default, there are five pre-defined oui addr...
Page 105
1-3 port mode cos dscp --------------------------------------------- ethernet1/0/1 auto 5 40 ethernet1/0/2 manual 4 40 table 1-1 description on the fields of the display voice vlan status command field description voice vlan status the status of global voice vlan function: enabled or disabled. Voice...
Page 106
1-4 parameters vlan-id: specifies the id of the current voice vlan in the range of 1 to 4094. Description use the display vlan command to display information about the specified vlan. For the voice vlan, this command displays all the ports in the vlan. Related commands: voice vlan, voice vlan enable...
Page 107
1-5 preferentially. If you do not want to use the default precedence marking settings of the switch for voice vlan traffic, you can use the voice vlan qos command to change the settings. Z if you want to delete a vlan with voice vlan function enabled, you must disable the voice vlan function first. ...
Page 108
1-6 aging timer starts. If no recognizable voice traffic has been received before the timer expires, the port is removed from the voice vlan. The voice vlan aging timer does not take effect on ports working in manual voice vlan assignment mode, because these ports are assigned to the voice vlan stat...
Page 109
1-7 system-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/2 [sysname-ethernet1/0/2] voice vlan enable voice vlan legacy syntax voice vlan legacy undo voice vlan legacy view ethernet port view parameters none description use the voice vlan legacy command to realiz...
Page 110
1-8 text: description of the mac address, containing 1 to 30 characters. Description use the voice vlan mac-address command to add an oui entry to the oui list for the specified mac address. The oui list contains the mac addresses of recognizable voice devices. A packet is considered as a voice pack...
Page 111
1-9 you cannot and need not to assign a port working in automatic voice vlan assignment mode to the voice vlan manually. When the port receives a packet whose source mac address matches the oui list, the port is assigned to the voice vlan automatically, and the packet is tagged with the voice vlan t...
Page 112
1-10 examples # modify the cos precedence and the dscp precedence marked for voice vlan traffic passing through ethernet 1/0/1 to 5 and 40 respectively. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] voice vlan qos 5 40 voice vlan...
Page 113: Table of Contents
I table of contents 1 gvrp configuration commands ·············································································································1-1 garp configuration commands ············································································································1...
Page 114: Gvrp Configuration Commands
1-1 1 gvrp configuration commands garp configuration commands display garp statistics syntax display garp statistics [ interface interface-list ] view any view parameters interface-list: specifies a list of ethernet ports for which the statistics about garp are to be displayed.In this list, you can ...
Page 115
1-2 garp statistics on port ethernet1/0/1 number of gvrp frames received : 0 number of gvrp frames transmitted : 0 number of frames discarded : 0 garp statistics on port ethernet1/0/2 number of gvrp frames received : 0 number of gvrp frames transmitted : 0 number of frames discarded : 0 table 1-1 de...
Page 116
1-3 z leave timer z leaveall timer z hold timer related commands: garp timer, garp timer leaveall. Examples # display the settings of the garp timers on port ethernet1/0/1. Display garp timer interface ethernet 1/0/1 garp timers on port ethernet1/0/1 garp join time : 20 centiseconds garp leave time ...
Page 117
1-4 table 1-2 relations between the timers timer lower threshold upper threshold hold 10 centiseconds this upper threshold is less than or equal to one-half of the timeout time of the join timer. You can change the threshold by changing the timeout time of the join timer. Join this lower threshold i...
Page 118
1-5 view system view parameters timer-value: setting (in centiseconds) of the garp leaveall timer. You need to set this argument with the leave timer settings of other ethernet ports as references. That is, this argument needs to be larger than the leave timer settings of any ethernet ports. Also no...
Page 119
1-6 description use the reset garp statistics command to clear the garp statistics (including statistics about packets received/sent/discarded by gvrp) on the specified or all ports. You can use the display garp statistics command to view the ndp statistics before and after the execution of the rese...
Page 120
1-7 gvrp status : enabled gvrp failed registrations : 0 gvrp last pdu origin : 0000-0000-0000 gvrp registration type : normal display gvrp status syntax display gvrp status view any view parameters none description use the display gvrp status command to display the global gvrp status (enabled or dis...
Page 121
1-8 z to enable gvrp for a port, you need to enable gvrp globally first. Gvrp does not take effect automatically on ports upon being enabled globally. Z you can enable/disable gvrp only on trunk ports. Z after you enable gvrp on a trunk port, you cannot change the port to other types. Related comman...
Page 122
1-9 examples # configure ethernet1/0/1 to operate in fixed gvrp registration mode. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] gvrp registration fixed.
Page 123: Table of Contents
I table of contents 1 port basic configuration commands······································································································1-1 port basic configuration commands······································································································1-1 ...
Page 125
1-2 the global broadcast suppression setting configured by the broadcast-suppression command in system view takes effect on all ethernet ports in the system except for the reflection ports, stack ports and ports having their own broadcast suppression settings. If you configure broadcast-suppression ...
Page 126
1-3 z if you specify a source aggregation group id, the system uses the port with the smallest port number in the aggregation group as the source. Z if you specify a destination aggregation group id, the configuration of the source port will be copied to all ports in the aggregation group and all po...
Page 127
1-4 copying speed/duplex configuration... Z any aggregation group port you input in the destination port list will be removed from the list and the copy command will not take effect on the port. If you want an aggregation group port to have the same configuration with the source port, you can specif...
Page 128
1-5 z a port description can be the mixture of english characters and other unicode characters. The mixed description cannot exceed the specified length. Z to use a type of unicode characters or symbols in a port description, you need to install the corresponding input method editor (ime) and log in...
Page 129
1-6 for details about regular expression, refer to the configuration file management module in this manual. Description use the display brief interface command to display the brief configuration information about one or all interfaces, including: interface type, link state, link rate, duplex attribu...
Page 130
1-7 the state of an ethernet port can be up, down, or administratively down. The following table shows the port state transitions. Table 1-3 port state transitions initial port state state after executing the shutdown command state after executing the undo shutdown command down down not connected to...
Page 131
1-8 flow-control is enabled the maximum frame length is 9216 broadcast max-pps: 500 unicast max-ratio: 100% multicast max-ratio: 100% allow jumbo frame to pass pvid: 1 mdi type: auto port link-type: access tagged vlan id : none untagged vlan id : 1 last 300 seconds input: 0 packets/sec 0 bytes/sec l...
Page 132
1-9 field description pvid default vlan id of the port mdi type network cable type port link-type port link type tagged vlan id identify the vlans whose packets will be forwarded with tags on the port. Untagged vlan id identify the vlans whose packets will be forwarded without tags on the port. Last...
Page 133
1-10 field description aborts the total number of incoming illegal packets, including: z fragments: crc error frames of less than 64 bytes (integer or non-integer). Z jabber frames: crc error frames of more than 1518 bytes if untagged or 1522 bytes if tagged (integer or non-integer). Z symbol error ...
Page 134
1-11 field description lost carrier the lost carrier counter applicable to serial wan interfaces the counter increases by 1 upon each carrier loss detected during frame transmission. - no carrier the no carrier counter applicable to serial wan interfaces the counter increases by 1 upon each carrier ...
Page 135
1-12 description use the display loopback-detection command to display the loopback detection status on the port. If loopback detection is enabled, this information will also be displayed: time interval for loopback detection and the loopback ports. Examples # display the loopback detection status o...
Page 136
1-13 examples # display the statistics on the packets dropped on ethernet 1/0/1. Display packet-drop interface ethernet 1/0/1 ethernet1/0/1: packets dropped by gbp full or insufficient bandwidth: 0 packets dropped by others: 0 # display the summary statistics on the packets dropped on all the ports....
Page 137
1-14 portname stormtype lowerlimit upperlimit ctr-mode status trap log swi-num -------------------------------------------------------------------------- eth1/0/1 broadcast 9 99 shutdown normal on off 3 eth1/0/1 multicast 9 99 shutdown control on off 1 eth1/0/2 unicast 9 99 shutdown normal off on 0 ...
Page 138
1-15 description : aux interface ethernet1/0/1 current state : down ip sending frames' format is pktfmt_ethnt_2, hardware address is 000f-e290-2240 media type is twisted pair, loopback not set port hardware type is 100_base_tx 100mbps-speed mode, full-duplex mode link speed type is force link, link ...
Page 140
1-17 examples # by default, a port is allowed to output the up/down log information. Execute the shutdown command or the undo shutdown command on ethernet 1/0/1, and the system outputs up/down log information of ethernet 1/0/1. System-view system view: return to user view with ctrl+z. [sysname] inte...
Page 141
1-18 [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] flow-control flow-control no-pauseframe-sending syntax flow-control no-pauseframe-sending undo flow-control view ethernet port view parameters none description use the flow-control no-pauseframe-sending command to configure flow control...
Page 142
1-19 parameters interval: interval (in seconds) to perform statistics on port information. This argument ranges from 5 to 300 (in step of 5) and is 300 by default. Description use the flow-interval command to set the interval to perform statistics on port information. Use the undo flow-interval comm...
Page 143
1-20 giant frames refer to vlan untagged frames of more than 1518 bytes and vlan tagged frames of more than 1522 bytes. Examples # enable the giant-frame statistics function. System-view system view: return to user view with ctrl+z. [sysname] giant-frame statistics enable interface syntax interface ...
Page 144
1-21 undo jumboframe enable view ethernet port view parameters none description use the jumboframe enable command to set the maximum frame size allowed on a port to 9,216 bytes. Use the undo jumboframe enable command to set the maximum frame size allowed on a port to 1,536 bytes. By default, the max...
Page 145
1-22 z the port state change delay takes effect when the port goes down but not when the port goes up. Z the delay configured in this way does not take effect for ports in dldp down state. For information about the dldp down state, refer to dldp. Examples # set the port state change delay of etherne...
Page 146
1-23 system-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] loopback internal loopback internal succeeded. Loopback-detection control enable syntax loopback-detection control enable undo loopback-detection control enable view ethernet por...
Page 147
1-24 loopback-detection enable syntax loopback-detection enable undo loopback-detection enable view system view or ethernet port view parameters none description use the loopback-detection enable command to enable the loopback detection feature on ports to detect whether external loopback occurs on ...
Page 148
1-25 by default, the global loopback detection function is enabled if the device boots with the default configuration file (config.Def); by default, this function is disabled. If the device boots with null configuration, related command: loopback-detection control enable, loopback-detection shutdown...
Page 149
1-26 loopback-detection interval-time syntax loopback-detection interval-time time undo loopback-detection interval-time view system view parameters time: time interval for loopback detection, in the range of 5 to 300 (in seconds). It is 30 seconds by default. Description use the loopback-detection ...
Page 150
1-27 examples # configure the system to run loopback detection on all vlans of the trunk port ethernet 1/0/1. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] port link-type trunk [sysname-ethernet1/0/1] loopback-detection per-vlan ...
Page 153
1-30 parameters interface-type: port type. Interface-number: port number. For details about the parameters, see the parameter description of the interface command. Description use the reset counters interface command to clear the statistics of the port, preparing for a new statistics collection. If ...
Page 154
1-31 shutdown syntax shutdown undo shutdown view ethernet port view parameters none description use the shutdown command to shut down an ethernet port. Use the undo shutdown command to bring up an ethernet port. By default, an ethernet port is in up state. Examples # shut down ethernet 1/0/1 and the...
Page 157
1-34 description use the storm-constrain command to set the upper and lower thresholds of the broadcast/multicast/unicast traffic received on the port. Use the undo storm-constrain command to cancel the threshold configuration. Z with traffic upper and lower thresholds specified on a port, the syste...
Page 158
1-35 z if the fabric function is enabled on a port of a device, you cannot configure the storm control function on all ports of the device. Z if the broadcast-suppression command, multicast-suppression command or unicast suppression command is configured on a port, you cannot configure the storm con...
Page 159
1-36 use the undo storm-constrain enable command to disable log/trap information from being output when traffic received on the port exceeds the upper threshold or falls below the lower threshold. By default, log/trap information is output when traffic received on the port exceeds the upper threshol...
Page 160
1-37 view ethernet port view parameters ratio: maximum ratio of the unknown unicast traffic allowed on the port to the total transmission capacity of the port. This argument ranges from 1 to 100 (in step of 1) and defaults to 100. The smaller the ratio, the lesser unknown unicast traffic is allowed ...
Page 161
1-38 description use the virtual-cable-test command to enable the system to test the cable connected to a specific port and to display the results. The system can test these attributes of the cable: z cable status, including normal, abnormal, abnormal-open, abnormal-short and failure z cable length ...
Page 162: Table of Contents
I table of contents 1 link aggregation configuration commands··························································································1-1 link aggregation configuration commands ···························································································1-1 display li...
Page 163
1-1 1 link aggregation configuration commands link aggregation configuration commands display link-aggregation interface syntax display link-aggregation interface interface-type interface-number [ to interface-type interface-number ] view any view parameters interface-type: port type. Interface-numb...
Page 164
1-2 table 1-1 description on the fields of the display link-aggregation interface command field description selected aggid id of the aggregation group to which the specified port belongs local information about the local end port-priority port priority oper key operation key flag protocol status fla...
Page 165
1-3 -------------------------------------------------------------------------- 1 s 0x8000,0000-0000-0000 0 1 nons ethernet1/0/2 2 m none 0 1 nons ethernet1/0/3 table 1-2 description on the fields of the display link-aggregation summary command field description aggregation group type aggregation gro...
Page 166
1-4 examples # display the details about aggregation group 1. Display link-aggregation verbose 1 loadsharing type: shar -- loadsharing, nons -- non-loadsharing flags: a -- lacp_activity, b -- lacp_timeout, c -- aggregation, d -- synchronization, e -- collecting, f -- distributing, g -- defaulted, h ...
Page 167
1-5 parameters none description use the display lacp system-id command to display the device id of the local system, including the system priority and the mac address. Examples # display the device id of the local system. Display lacp system-id actor system id: 0x8000, 000f-e20f-0100 the value of th...
Page 168
1-6 parameters port-priority: port priority, ranging from 0 to 65,535. Description use the lacp port-priority command to set the priority of the current port. Use the undo lacp port-priority command to restore the default port priority. By default, the port priority is 32,768. You can use the displa...
Page 169
1-7 undo link-aggregation group agg-id description view system view parameters agg-id: aggregation group id, in the range of 1 to 416. Agg-name: aggregation group name, a string of 1 to 32 characters. Description use the link-aggregation groupdescription command to set a description for an aggregati...
Page 170
1-8 description use the link-aggregation group mode command to create a manual or static aggregation group. Use the undo link-aggregation group command to remove the specified aggregation group. Related commands: display link-aggregation summary. Examples # create manual aggregation group 22 system-...
Page 171
1-9 reset lacp statistics syntax reset lacp statistics [ interface interface-type interface-number [ to interface-type interface-number ] ] view user view parameters interface-type: port type interface-number: port number to: specifies a port index range, with the two interface-type interface-number...
Page 172: Table of Contents
I table of contents 1 port isolation configuration commands ································································································1-1 port isolation configuration commands ·································································································1-1 d...
Page 173
1-1 1 port isolation configuration commands port isolation configuration commands display isolate port syntax display isolate port view any view parameters none description use the display isolate port command to display the ethernet ports assigned to the isolation group. Examples # display the ethe...
Page 174
1-2 z assigning or removing an aggregation member port to or from the isolation group can cause the other ports in the aggregation group join or leave the isolation group. Z for ports that belong to an aggregation group and an isolation group simultaneously, removing a port from the aggregation grou...
Page 175: Table of Contents
I table of contents 1 port security commands··························································································································1-1 port security commands ···········································································································...
Page 176: Port Security Commands
1-1 1 port security commands port security commands display mac-address security syntax display mac-address security [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] view any view parameters interface interface-type interface-number: specify a port by its type and number, of ...
Page 177
1-2 mac addr vlan id state port index aging time(s) 0000-0000-0001 1 security ethernet1/0/20 noaged 0000-0000-0002 1 security ethernet1/0/20 noaged 0000-0000-0003 1 security ethernet1/0/20 noaged 0000-0000-0004 1 security ethernet1/0/20 noaged --- 4 mac address(es) found on port ethernet1/0/20 --- #...
Page 178
1-3 individual port takes the form of interface-type interface-number and a port range takes the form of interface-type interface-number1 to interface-type interface-number2, with interface-number2 taking a value greater than interface-number1. The total number of individual ports and port ranges de...
Page 179
1-4 port mode is autolearn needtoknow mode is disabled intrusion mode is no action max mac-address num is not configured stored mac-address num is 0 authorization is ignore ethernet1/0/3 is link-down port mode is autolearn needtoknow mode is disabled intrusion mode is blockmacaddress max mac-address...
Page 180
1-5 field description authorization is ignore authorization information delivered by the remote authentication dial-in user service (radius) server will not be applied to the port. Mac-address security syntax in system view: mac-address security mac-address interface interface-type interface-number ...
Page 181
1-6 examples # enable port security; configure the port security mode of ethernet 1/0/1 as autolearn and create a security mac address entry for 0001-0001-0001, setting the associated port to ethernet 1/0/1 and assigning the mac address to vlan 1. System-view system view: return to user view with ct...
Page 182
1-7 after a radius user passes authentication, the radius server authorizes the attributes configured for the user account such as the dynamic vlan configuration. For more information, refer to aaa command. Examples # configure ethernet 1/0/2 to ignore the authorization information delivered by the ...
Page 183
1-8 examples # enable port security. System-view system view: return to user view with ctrl+z. [sysname] port-security enable notice: the port-control of 802.1x will be restricted to auto when port-security is enabled. Please wait... Done. Port-security guest-vlan syntax port-security guest-vlan vla...
Page 184
1-9 authentication of a user fails, the blocking mac address feature will be triggered and packets of the user will be dropped, making the user unable to access the guest vlan. Examples # set the security mode of port ethernet 1/0/1 to macaddressoruserloginsecure, and specify vlan 100 as the guest v...
Page 185
1-10 by checking the source mac addresses in inbound data frames or the username and password in 802.1x authentication requests on a port, intrusion protection detects illegal packets (packets with illegal mac address) or events and takes a pre-set action accordingly. The actions you can set include...
Page 186
1-11 needtoknow mode is disabled intrusion mode is blockmacaddress max mac-address num is 2 stored mac-address num is 2 authorization is permit for description on the output information, refer to table 1-2 . # configure the intrusion protection mode on ethernet 1/0/1 as disableport-temporarily. As a...
Page 187
1-12 by default, there is no limit on the number of mac addresses allowed on the port. By configuring the maximum number of mac addresses allowed on a port, you can: z limit the number of users accessing the network through the port. Z limit the number of security mac addresses that can be added on ...
Page 188
1-13 description use the port-security ntk-mode command to configure the ntk feature on the port. Use the undo port-security ntk-mode command to restore the default setting. Be default, ntk is disabled on a port, namely all frames are allowed to be sent. By checking the destination mac addresses of ...
Page 189
1-14 description use the port-security oui command to set an oui value for authentication. Use the undo port-security oui command to cancel the oui value setting. By default, no oui value is set for authentication. Z the oui value set by this command takes effect only when the security mode of the p...
Page 190
1-15 table 1-3 keyword description keyword security mode description autolearn autolearn in this mode, a port can learn a specified number of mac addresses and save those addresses as security mac addresses. It permits only packets whose source mac addresses are the security mac addresses that were ...
Page 191
1-16 keyword security mode description userlogin-secure userloginsecure in this mode, mac-based 802.1x authentication is applied on users trying to access the network through the port. The port will be enabled when the authentication succeeds and allow packets from authenticated users to pass throug...
Page 192
1-17 z before setting the security mode to autolearn, you need to use the port-security max-mac-count command to configure the maximum number of mac addresses allowed on the port. Z when a port operates in the autolearn mode, you cannot change the maximum number of mac addresses allowed on the port....
Page 193
1-18 after you execute the port-security timer autolearn command, you can display security mac address entries by the display mac-address security command. Though the aging time field displayed has a value of "noaged", the aging of security mac address entries is enabled already. Examples # set the ...
Page 194
1-19 related commands: port-security intrusion-mode. Examples # set the intrusion protection mode on ethernet 1/0/1 to disableport-temporarily. It is required that when intrusion protection is triggered, the port be shut down temporarily and then go up 30 seconds later. System-view system view: retu...
Page 195
1-20 view system view parameters addresslearned: enables/disables sending traps for mac addresses learning events. Dot1xlogfailure: enables/disables sending traps for 802.1x authentication failures. Dot1xlogoff: enables/disables sending traps for 802.1x-authenticated user logoff events. Dot1xlogon: ...
Page 196
1-21 # use the display port-security command to display the related configuration information. Display port-security equipment port-security is enabled intrusion trap is enabled disableport timeout: 20 s oui value: ethernet1/0/1 is link-down port mode is autolearn needtoknow mode is needtoknowonly i...
Page 197: Table of Contents
I table of contents 1 port-mac-ip binding commands ············································································································1-1 port-mac-ip binding commands ···········································································································1...
Page 198: Port-Mac-Ip Binding Commands
1-1 1 port-mac-ip binding commands port-mac-ip binding commands am user-bind syntax in system view: am user-bind mac-addr mac-address ip-addr ip-address[ interface interface-type interface-number ] undo am user-bind mac-addr mac-address ip-addr ip-address[ interface interface-type interface-number ]...
Page 199
1-2 system view: return to user view with ctrl+z. [sysname] am user-bind mac-addr 000f-e200-5101 ip-addr 10.153.1.1 interface ethernet1/0/1 # in ethernet port view, bind the mac address 000f-e200-5102 and ip address 10.153.1.2 (supposing they are mac and ip addresses of a legal user) to ethernet 1/0...
Page 200: Table of Contents
I table of contents 1 dldp configuration commands··············································································································1-1 dldp configuration commands·············································································································1...
Page 202
1-2 table 1-1 description on the fields of the display dldp command field description dldp interval interval for sending dldp advertisement packets (in seconds) dldp work-mode dldp work mode (enhance or normal) dldp authentication-mode dldp authentication mode (none, simple, or md5) password passwor...
Page 203
1-3 when you use the dldp enable/dldp disable command in system view to enable/disable dldp on all optical ports of the switch, the configuration takes effect on the existing optical ports, instead of those added subsequently. Examples # enable dldp on all optical ports of the switch. System-view sy...
Page 204
1-4 when you configure a dldp authentication mode and authentication password on a port, make sure that the same dldp authentication mode and password are set on the ports connected with a fiber cable or copper twisted pair. Otherwise, dldp authentication fails. Dldp cannot work before dldp authenti...
Page 205
1-5 unidirectional links. On the contrary, if too short an interval is set, network traffic increases, unnecessarily consuming port bandwidth. Examples # set the interval between sending advertisement packets to 6 seconds for all dldp-enabled ports in the advertisement state. System-view system view...
Page 206
1-6 parameters auto: disables automatically the corresponding port when dldp detects an unidirectional link or finds in the enhanced mode that the peer port is down. Manual: generates log and traps and prompts the user to disable manually the corresponding port when dldp detects an unidirectional li...
Page 207
1-7 z when dldp works in normal mode, the system can identify only the unidirectional link caused by fiber cross-connection. Z when the dldp protocol works in enhanced mode, the system can identify two types of unidirectional links: one is caused by fiber cross-connection and the other is caused by ...
Page 208
1-8 examples # set the delaydown timer to 5 seconds. System-view system view: return to user view with ctrl+z. [sysname] dldp delaydown-timer 5.
Page 209: Table of Contents
I table of contents 1 mac address table management configuration commands ······························································1-1 mac address table management configuration commands································································1-1 display mac-address aging-time···········...
Page 210: Commands
1-1 1 mac address table management configuration commands this chapter describes the management of static, dynamic, and blackhole mac address entries. For information about the management of multicast mac address entries, refer to the “multicast protocol” part of the manual. Mac address table manage...
Page 212
1-3 000d-88f6-44ba 1 learned gigabitethernet1/0/4 aging 000d-88f7-9f7d 1 learned gigabitethernet1/0/4 aging 000d-88f7-b094 1 learned gigabitethernet1/0/4 aging 000f-e200-00cc 1 learned gigabitethernet1/0/4 aging 000f-e200-2201 1 learned gigabitethernet1/0/4 aging 000f-e207-f2e0 1 learned gigabitethe...
Page 213
1-4 dynamic: specifies a dynamic mac address entry. Blackhole: specifies a blackhole mac address entry. Mac-address: specifies a mac address, in the form of h-h-h. When entering the mac address, you can omit the leading 0s in each segment. For example, you can input f-e2-1 for 000f-00e2-0001. Interf...
Page 214
1-5 system view: return to user view with ctrl+z. [sysname] mac-address static 000f-e20f-0101 interface gigabitethernet 1/0/1 vlan 2 mac-address aging destination-hit enable syntax mac-address aging destination-hit enable undo mac-address aging destination-hit enable view system view parameters none...
Page 215
1-6 use the undo mac-address max-mac-count command to cancel the limitation on the number of mac addresses an ethernet port can learn. By default, the number of mac addresses an ethernet port can learn is unlimited. When you use the mac-address max-mac-count command, the port stops learning mac addr...
Page 216
1-7 z if the aging timer is set too long, mac address entries may still exist even if they turn invalid. This causes the switch to be unable to update its mac address table in time. In this case, the mac address table cannot reflect the position changes of network devices in time. Examples # set the...
Page 217: Table of Contents
I table of contents 1 auto detect configuration commands ···································································································1-1 auto detect configuration commands ···································································································1-1 de...
Page 218
1-1 1 auto detect configuration commands auto detect configuration commands z refer to the routing protocol part of the manual for information about static routing. Z refer to the vrrp part of the manual for information about vrrp. Detect-group syntax detect-group group-number undo detect-group grou...
Page 219
1-2 [sysname-detect-group-10] detect-list syntax detect-list list-number ip address ip-address [nexthop ip-address ] undo detect-list list-number view detected group view parameters list-number: sequence number of the ip address to be detected. This argument ranges from 1 to 10. Ip address ip-addres...
Page 220
1-3 display detect-group syntax display detect-group [ group-number ] view any view parameters group-number: detected group number ranging from 1 to 25. Description use the display detect-group command to display the configuration of the specified detected group or all detected groups. Examples # di...
Page 222
1-5 system-view system view: return to user view with ctrl+z. [sysname] ip route-static 192.168.1.5 24 192.168.0.2 detect-group 10 after the configuration, if detected group 10 is reachable, the static route is valid; if detected group 10 is unreachable, the static route is invalid. Option syntax op...
Page 223
1-6 retry syntax retry retry-times undo retry view detected group view parameters retry-times: maximum retry times during a detect operation. This argument ranges from 0 to 10 and defaults to 2. Description use the retry command to set the maximum retry times during a detect operation. Use the undo ...
Page 224
1-7 use the undo standby detect-group command to disable the interface backup function. Examples # specify to enable vlan-interface 2 (the backup interface) when the detected group 10 is unreachable. System-view system view: return to user view with ctrl+z. [sysname] interface vlan-interface 2 [sysn...
Page 225
1-8 undo timer wait view detected group view parameters seconds: timeout waiting for an icmp reply. This argument ranges from 1 to 30 (in seconds) and defaults to 2. Description use the timer wait command to set a timeout waiting for an icmp reply. Use the undo timer wait command to restore the defa...
Page 226
1-9 currently, auto detect in vrrp is only supported in s3600-ei series ethernet switches. Examples # specify to decrease the priority of the master switch in vrrp group 1 by 20 when the detected group 10 is unreachable. System-view system view: return to user view with ctrl+z. [sysname] interface v...
Page 227: Table of Contents
I table of contents 1 mstp configuration commands ·············································································································1-1 mstp configuration commands ············································································································1...
Page 228
Ii stp transmit-limit ····························································································································1-44 vlan-mapping modulo ····················································································································1-45 vlan-vpn...
Page 229: Mstp Configuration Commands
1-1 1 mstp configuration commands the stp pathcost-standard legacy command was added. Refer to stp pathcost-standard . Mstp configuration commands active region-configuration syntax active region-configuration view mst region view parameters none description use the active region-configuration comma...
Page 230
1-2 bpdu-drop any syntax bpdu-drop any undo bpdu-drop any view ethernet port view parameters none description use the bpdu-drop any command to enable bpdu dropping on the ethernet port. Use the undo bpdu-drop any command to disable bpdu dropping on the ethernet port. By default, bpdu dropping is dis...
Page 231
1-3 as specified in the mstp protocol, the configurations of mst regions must be right, especially the vlan-to-instance mapping table. Mstp-enabled switches are in the same region only when they have the same format selector (a 802.1s-defined protocol selector, which is 0 by default and cannot be co...
Page 232
1-4 parameters instance-id: id of the msti ranging from 0 to 16. The value of 0 refers to the common and internal spanning tree (cist). Interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-nu...
Page 233
1-5 display stp instance 0 interface ethernet 1/0/1 to ethernet 1/0/4 brief mstid port role stp state protection 0 ethernet1/0/1 alte discarding loop 0 ethernet1/0/2 desi forwarding none 0 ethernet1/0/3 desi forwarding none 0 ethernet1/0/4 desi forwarding none table 1-2 description on the fields of ...
Page 234
1-6 port role :cist disabled port port priority :128 port cost(legacy) :config=auto / active=200000 desg. Bridge/port :32768.00e0-fc12-4001 / 128.2 port edged :config=disabled / active=disabled point-to-point :config=auto / active=false transmit limit :10 packets/hello-time protection type :none mst...
Page 235
1-7 field description desg. Bridge/port designated bridge id and port id of the port the port id displayed is insignificant for a port which does not support port priority. Port edged indicates whether the port is an edge port. Config indicates the configured value, and active indicates the actual v...
Page 236
1-8 display stp abnormalport mstid port block reason --------- -------------------- ------------- 0 ethernet1/0/20 root-protection 1 ethernet1/0/21 loop-protection table 1-4 description on the fields of the display stp abnormalport command field description mstid msti id in the mst region port port ...
Page 237
1-9 table 1-5 description on the fields of the display stp portdown command field description port port that has been shut down down reason reason that caused the port to be blocked. Z bpdu-protected: bpdu attack guard function z formatfrequency-protected: mstp bpdu format frequent change protection...
Page 238
1-10 field description instance vlans mapped vlan-to-instance mappings in the mst region display stp root syntax display stp root view any view parameters none description use the display stp root command to display information about the root ports in the mstp region where the switch resides. Exampl...
Page 239
1-11 instance syntax instance instance-id vlan vlan-list undo instance instance-id[ vlan vlan-list ] view mst region view parameters instance-id: id of an msti ranging from 0 to 16. The value of 0 refers to the cist. Vlan-list: list of vlans. You need to provide this argument in the form of vlan-lis...
Page 240
1-12 parameters name: mst region name to be set for the switch, a string of 1 to 32 characters. Description use the region-name command to set an mst region name for a switch. Use the undo region-name command to restore the mst region name to the default value. The default mst region name of a switc...
Page 241
1-13 examples # clear the spanning tree statistics on ethernet 1/0/1 through ethernet 1/0/3. Reset stp interface ethernet 1/0/1 to ethernet 1/0/3 revision-level syntax revision-level level undo revision-level view mst region view parameters level: mstp revision level to be set for the switch. This a...
Page 242
1-14 parameters enable: enables mstp. Disable: disables mstp. Interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &, where & means that you ca...
Page 243
1-15 # disable mstp on ethernet 1/0/1 to ethernet 1/0/4 in system view. System-view system view: return to user view with ctrl+z. [sysname] stp interface ethernet 1/0/1 to ethernet 1/0/4 disable stp bpdu-protection syntax stp bpdu-protection undo stp bpdu-protection view system view parameters none ...
Page 244
1-16 examples # enable the bpdu guard function. System-view system view: return to user view with ctrl+z. [sysname] stp bpdu-protection stp bridge-diameter syntax stp bridge-diameter bridgenum undo stp bridge-diameter view system view parameters bridgenum: network diameter to be set for a switched n...
Page 246
1-18 # configure ethernet 1/0/2 to ethernet 1/0/4 to recognize and send mstp bpdus in dot1s format. System-view [sysname] stp interface ethernet 1/0/2 to ethernet1/0/4 compliance dot1s stp config-digest-snooping syntax z system view, ethernet port view: stp config-digest-snooping undo stp config-dig...
Page 247
1-19 as some other manufacturers' switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an mst region even if they are configured with the same mst region-related settings as other switches in the mst region. This kind of problem can be overcome by implemen...
Page 248
1-20 # enable the digest snooping feature on ethernet 1/0/2 to ethernet 1/0/4. System-view [sysname] stp interface ethernet 1/0/2 to ethernet1/0/4 config-digest-snooping [sysname] stp config-digest-snooping stp cost syntax z ethernet port view: stp [ instance instance-id ] cost cost undo stp [ insta...
Page 249
1-21 note that: z if you specify the instance-id argument to be 0 or do not specify this argument, the stp cost command sets the path cost of the port in cist. Z changing the path cost of a port in an msti may change the role of the port in the instance and put it in state transition. Z ports with d...
Page 250
1-22 a switch sends trap messages conforming to 802.1d standard to the network management device when: z the switch becomes the root bridge of an msti. Z network topology changes are detected. Examples # enable a switch to send trap messages conforming to 802.1d standard to the network management de...
Page 251
1-23 you can enable a port to turn to the forwarding state rapidly by setting it to an edge port. And you are recommended to configure the ethernet ports directly connected to user terminals as edge ports to enable them to turn to the forwarding state rapidly. Normally, configuration bpdus cannot re...
Page 252
1-24 parameters interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &, where & means that you can provide up to 10 port indexes/port index ran...
Page 253
1-25 # enable the loop guard function on ethernet 1/0/2 to ethernet 1/0/4 in system view. System-view system view: return to user view with ctrl+z. [sysname] stp interface ethernet 1/0/2 to ethernet 1/0/4 loop-protection stp max-hops syntax stp max-hops hops undo stp max-hops view system view parame...
Page 254
1-26 stp mcheck z system view: stp [ interface interface-list] mcheck view system view, ethernet port view parameters interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interfac...
Page 256
1-28 undo stp interface interface-type interface-number no-agreement-check view system view, ethernet port view parameters interface-type: port type. Interface-number: port number. Description z use the stp no-agreement-check command to enable the rapid transition feature on the current port in ethe...
Page 258
1-30 link speed duplex state path cost in 802.1d-1998 standard path cost in ieee 802.1t standard path cost in private standard 10 gbps full-duplex aggregated link 2 ports aggregated link 3 ports aggregated link 4 ports 2 1 1 1 200,000 1,000 666 500 2 1 1 1 normally, when a port operates in full-dupl...
Page 259
1-31 force-false: specifies that the link connected to the current ethernet port is not a point-to-point link. Auto: specifies to automatically determine whether or not the link connected to the current ethernet port is a point-to-point link. Interface-list: ethernet port list. You can specify multi...
Page 260
1-32 [sysname] stp interface ethernet 1/0/2 to ethernet 1/0/4 point-to-point force-true stp port priority syntax z ethernet port view: stp [ instance instance-id ] port priority priority undo stp[ instance instance-id ] port priority z system view: stp interface interface-list instance instance-id p...
Page 261
1-33 z set the port priority of ethernet 1/0/1 in msti 2 to 16 in system view. System-view system view: return to user view with ctrl+z. [sysname] stp interface ethernet 1/0/1 instance 2 port priority 16 # set the port priority of ethernet 1/0/2 to ethernet 1/0/4 in msti 2 to 16 in system view. Syst...
Page 262
1-34 parameters none description use the stp portlog all command to enable log and trap message output for the ports of all instances. Use the undo stp portlog all command to disable this function. By default, log and trap message output is disabled on the ports of all instances. Examples # enable l...
Page 263
1-35 stp region-configuration syntax stp region-configuration undo stp region-configuration view system view parameters none description use the stp region-configuration command to enter mst region view. Use the undo stp region-configuration command to restore the mst region-related settings to the ...
Page 264
1-36 view system view parameters instance-id: msti id ranging from 0 to 16. The value of 0 refers to the cist. Bridgenum: network diameter of the specified spanning tree. This argument ranges from 2 to 7 and defaults to 7. Centi-seconds: hello time in centiseconds of the specified spanning tree. Thi...
Page 265
1-37 stp root secondary syntax stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum [ hello-time centi-seconds ] ] undo stp [ instance instance-id ] root view system view parameters instance-id: msti id ranging from 0 to 16. The value of 0 refers to the cist. Bridgenum: network di...
Page 266
1-38 stp root-protection syntax z ethernet port view: stp root-protection undo stp root-protection z system view: stp interface interface-list root-protection undo stp interface interface-list root-protection view system view, ethernet port view parameters interface-list: ethernet port list. You can...
Page 267
1-39 examples # enable the root guard function on ethernet 1/0/1. Z enable the root guard function on ethernet 1/0/1 in ethernet port view. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] stp root-protection z enable the root guard...
Page 268
1-40 system-view system view: return to user view with ctrl+z. [sysname] stp tc-protection enable stp tc-protection threshold syntax stp tc-protection threshold number undo stp tc-protection threshold view system view parameters number: maximum number of times that a switch can remove the mac addres...
Page 269
1-41 stp timer forward-delay syntax stp timer forward-delay centi-seconds undo stp timer forward-delay view system view parameters centi-seconds: forward delay in centiseconds to be set. This argument ranges from 400 to 3,000. Description use the stp timer forward-delay command to set the forward de...
Page 270
1-42 parameters centi-seconds: hello time to be set, in the range of 100 to 1,000 (in centiseconds). Description use the stp timer hello command to set the hello time of the switch. Use the undo stp timer hello command to restore the hello time of the switch to the default value. By default, the hel...
Page 271
1-43 mstp is capable of detecting link failures and automatically restoring redundant links to the forwarding state. In cist, switches use the max age parameter to judge whether or not a received configuration bpdu times out. Spanning trees will be recalculated if a configuration bpdu received by a ...
Page 272
1-44 can be four (or more) times of the hello time. For a steady network, the timeout time can be five to seven times of the hello time. Examples # set the hello time factor to 7. System-view system view: return to user view with ctrl+z. [sysname] stp timer-factor 7 stp transmit-limit syntax z ether...
Page 273
1-45 examples # set the maximum number of configuration bpdus that can be transmitted through ethernet 1/0/1 in each hello time to 15. Z in ethernet port view: system-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] stp transmit-limit 15 z...
Page 274
1-46 you can map vlans to the specific mstis rapidly by using the vlan-mapping modulo modulo command. The id of the msti to which a vlan is mapped can be figured out by using the following formula: (vlan id-1) % modulo + 1. In this formula, (vlan id-1) % modulo yields the module of (vlan id-1) with ...
Page 275
1-47 z the vlan-vpn tunnel function can only be enabled on stp-enabled devices. Z to enable the vlan-vpn tunnel function, make sure the links between operator’s networks are trunk links. Z if a fabric port exists on a switch, you cannot enable the vlan-vpn function for any port of the switch. Exampl...
Page 276: Table of Contents
I table of contents 1 ip routing table commands····················································································································1-1 ip routing table commands············································································································...
Page 277
Ii traffic-share-across-interface·········································································································3-20 4 ospf configuration commands··············································································································4-1 ospf configura...
Page 278
Iii router id ·········································································································································4-47 silent-interface ·······························································································································...
Page 280
1-2 2.2.2.0/24 direct 0 0 2.2.2.1 vlan-interface2 2.2.2.1/32 direct 0 0 127.0.0.1 inloopback0 3.3.3.0/24 direct 0 0 3.3.3.1 vlan-interface3 3.3.3.1/32 direct 0 0 127.0.0.1 inloopback0 4.4.4.0/24 direct 0 0 4.4.4.1 vlan-interface4 4.4.4.1/32 direct 0 0 127.0.0.1 inloopback0 127.0.0.0/8 direct 0 0 127...
Page 281
1-3 display ip routing-table acl syntax display ip routing-table acl acl-number [ verbose ] view any view parameters acl-number : basic access control list number, in the range of 2000 to 2999. Verbose : with this keyword specified, detailed information of routes in the active or inactive state that...
Page 282
1-4 state: age: 21:34:13 cost: 0/0 **destination: 192.168.1.2 mask: 255.255.255.255 protocol: #direct preference: 0 *nexthop: 127.0.0.1 interface: 127.0.0.1(inloopback0) state: age: 21:34:13 cost: 0/0 table 1-2 description on the fields of the display ip routing-table command field description desti...
Page 283
1-5 field description description of route state: activeu an active unicast route, where “u” represents unicast. Blackhole a blackhole route is similar to a reject route, but no icmp unreachable message is sent to the source. Delete a route is to be deleted. Gateway an indirect route. Hidden an exis...
Page 284
1-6 parameters ip-address :destination ip address, in dotted decimal notation. Mask: subnet mask, in dotted decimal notation. Mask-length : length of a subnet mask, in the range of 0 to 32. Longer-match : specifies all the routes that lead to the destination address and match the specified mask. If ...
Page 286
1-8 verbose : with this keyword specified, detailed information of routes in the active or inactive state that match the ip prefix list is displayed. With this keyword not specified, brief information of only the routes in the active state that match the prefix list is displayed. Description use the...
Page 287
1-9 parameters protocol : you can provide one of the following values for this argument. Z direct :displays direct-connect route information z ospf : displays ospf route information. Z ospf-ase : displays ospf ase route information. Z ospf-nssa : displays ospf not-so-stubby area (nssa) route informa...
Page 289
1-11 ospf 0 0 0 0 o_ase 0 0 0 0 o_nssa 0 0 0 0 total 28 5 29 1 table 1-4 description on the fields of the display ip routing-table statistics command field description proto routing protocol type z o_ase: ospf_ase z o_nssa: ospf nssa z aggre: aggregation protocol route total number of routes active ...
Page 290
1-12 age: 20:17:41 cost: 0/0 **destination: 1.1.1.1 mask: 255.255.255.255 protocol: #direct preference: 0 *nexthop: 127.0.0.1 interface: 127.0.0.1(inloopback0) state: age: 20:17:42 cost: 0/0 **destination: 2.2.2.0 mask: 255.255.255.0 protocol: #direct preference: 0 *nexthop: 2.2.2.1 interface: 2.2.2...
Page 291
1-13 rip 0 0 0 0 ospf 0 0 0 0 o_ase 0 0 0 0 o_nssa 0 0 0 0 total 4 4 12 8 # clear the routing statistics of all protocols from the ip routing table. Reset ip routing-table statistics protocol all # display the routing statistics in the ip routing table. Display ip routing-table statistics routing ta...
Page 292
2-1 2 static route configuration commands the term router in this chapter refers to a router in a generic sense or an ethernet switch running a routing protocol. Static route configuration commands delete static-routes all syntax delete static-routes all view system view parameters none description ...
Page 294
2-3 by default, the system can obtain the subnet route directly connected to the router. When you configure a static route, if no preference is specified for the route, the preference defaults to 60, and if the route is not specified as reject or blackhole, the route will be reachable by default. Wh...
Page 295: Rip Configuration Commands
3-1 3 rip configuration commands the term router in this chapter refers to a router in a generic sense or an ethernet switch running a routing protocol. Rip configuration commands checkzero syntax checkzero undo checkzero view rip view parameters none description use the checkzero command to enable ...
Page 296
3-2 default cost syntax default cost value undo default cost view rip view parameters value : default cost, in the range of 1 to 16. Description use the default cost command to set the default cost for redistributed routes. Use the undo default cost command to restore the default. By default, the de...
Page 297
3-3 display rip rip is running checkzero is on default cost : 1 summary is on preference : 100 traffic-share-across-interface is off period update timer : 30 timeout timer : 180 garbage-collection timer : 120 no peer router network : 202.38.168.0 table 3-1 description on the fields of the display ri...
Page 298
3-4 display rip interface syntax display rip interface view any view parameters none description use the display rip interface command to display rip interface information. Examples # display rip interface information. Display rip interface rip interface: public net address interface ver metrin/out ...
Page 299
3-5 view any view parameters none description use the display rip routing command to display rip routing information. Examples # display the information of the rip routing table. Display rip routing rip routing table: public net a = active i = inactive g = garbage collection c = change t = trigger r...
Page 300
3-6 view rip view parameters acl-number : number of the basic or advanced acl used to filter routing information by destination address, in the range of 2000 to 3999. Ip-prefix-name : name of the address ip-prefix list used to filter routing information by destination address, a string of 1 to 19 ch...
Page 301
3-7 parameters acl-number: number of the acl used to filter routing information by destination address, in the range of 2000 to 3999. Ip-prefix-name : name of the address prefix list used to filter routing information by destination address, a string of 1 to 19 characters. Gateway ip-prefix-name: na...
Page 302
3-8 by default, rip is enabled to receive host routes. In some special cases, rip receives a great number of host routes from the same network segment. These routes are of little help to addressing but occupy a lot of resources. In this case, the undo host-route command can be used to disable rip fr...
Page 303
3-9 [sysname-rip] import-route static cost 4 # set the default cost and redistribute ospf routes with the default cost. System-view system view: return to user view with ctrl+z. [sysname] rip [sysname-rip] default cost 3 [sysname-rip] import-route ospf network syntax network network-address undo net...
Page 304
3-10 view rip view parameters ip-address : ip address of the interface receiving rip packets in the unicast mode on the neighbor router, in dotted decimal notation. Description use the peer command to specify the ip address of a neighbor, where routing updates destined for the peer are unicast, rath...
Page 305
3-11 system-view system view: return to user view with ctrl+z. [sysname] rip [sysname-rip] preference 20 reset syntax reset view rip view parameters none description use the reset command to reset the system configuration parameters of rip. When you need to re-configure the parameters of rip, you ca...
Page 306
3-12 note that the interface-related parameters configured previously would be invalid after rip is disabled. Examples # enable rip and enter rip view. System-view system view: return to user view with ctrl+z. [sysname] rip [sysname-rip] rip authentication-mode syntax rip authentication-mode { simpl...
Page 307
3-13 related commands: rip version. You can configure ripv1 authentication mode in interface view, but the configuration will not take effect because ripv1 does not support authentication. Examples # specify the interface vlan-interface 10 to use the simple authentication with the authentication key...
Page 308
3-14 system view: return to user view with ctrl+z. [sysname]interface vlan-interface 10 [sysname-vlan-interface10] undo rip input rip metricin syntax rip metricin value undo rip metricin view interface view parameters value : additional metric of rip routes received on an interface, in the range of ...
Page 309
3-15 description use the rip metricout command to configure an additional metric for rip routes sent out of an interface. Use the undo rip metricout command to restore the default. By default, the additional metric of rip routes sent out of an interface is 1. With the command configured on an interf...
Page 310
3-16 rip split-horizon syntax rip split-horizon undo rip split-horizon view interface view parameters none description use the rip split-horizon command to enable the split horizon function. Use the undo rip split-horizon command to disable the split horizon function. By default, the split horizon f...
Page 311
3-17 use the undo rip version command to restore the default. By default, the version of rip running on an interface is rip-1 and rip-1 packets are sent in the broadcast mode. If rip-2 runs on an interface, rip packets are sent in the multicast mode by default, which reduces resource consumption. Ta...
Page 312
3-18 use the undo rip work command to disable the interface from neither receiving nor sending rip packets. By default, all interfaces except loopback interfaces are enabled to receive and send rip packets. The differences between the rip work, rip input, and rip output commands are as follows: z th...
Page 314
3-20 traffic-share-across-interface syntax traffic-share-across-interface undo traffic-share-across-interface view rip view parameters none description use the traffic-share-across-interface command to enable traffic to be forwarded along multiple equivalent rip routes. Use the undo traffic-share-ac...
Page 316
4-2 examples # summarize subnets 36.42.10.0/24 and 36.42.110.0/24, in ospf area 1 with summary route 36.42.0.0/16 and advertise it to other areas. System-view system view: return to user view with ctrl+z. [sysname] ospf 1 [sysname-ospf-1] area 1 [sysname-ospf-1-area-0.0.0.1] network 36.42.10.0 0.0.0...
Page 317
4-3 parameters ip-address : ip address of the summary route, in dotted decimal notation. Mask : ip address mask, in dotted decimal notation. Not-advertise : specifies not to advertise the summary route. If this argument is not provided, the summary route will be advertised. Tag value : tag value, wh...
Page 318
4-4 use the undo authentication-mode command to cancel the authentication attribute of this area. By default, an area does not support authentication attribute. All the routers in one area must use the same authentication mode (no authentication, simple text authentication, or md5 cipher text authen...
Page 319
4-5 type : default type of external routes redistributed by ospf. The value of this argument is 1 or 2. Description use the default command to configure the default parameters for redistributed routes, including cost, interval, limit, tag, and type. Use the undo default cost command to restore the d...
Page 320
4-6 you must use the stub command on all the routers connected to a stub area to configure the area with the stub attribute. Use the default-cost command to configure the cost of the default route advertised by an abr to a stub area or nssa. Ospf advertises a default route in the following cases: z ...
Page 321
4-7 cost value: specifies the cost value of the default route. The default route with the lowest cost value is preferred. The value of value ranges from 0 to 16777214. If no cost is specified, the default cost specified by the default cost command applies. Type type-value: specifies the type of the ...
Page 322
4-8 related commands: router id. Examples # display the router id. Display router id configured router id is 1.1.1.1 display ospf abr-asbr syntax display ospf [ process-id ] abr-asbr view any view parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process id...
Page 323
4-9 field description nexthop ip address of the next hop interface local output interface display ospf asbr-summary syntax display ospf [ process-id ] asbr-summary [ ip-address mask ] view any view parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process i...
Page 324
4-10 the count of route is 0 table 4-2 description on the fields of the display ospf asbr-summary command. Field description net network address of the summary route mask subnet mask of the summary route tag tag of the summary route status advertisement state of the summary route, including z donota...
Page 325
4-11 cost: 10 state: drother type: broadcast priority: 1 designated router: 192.168.0.153 backup designated router: 192.168.0.154 timers: hello 10, dead 40, poll 40, retransmit 5, transmit delay 1 area 0.0.0.2: authtype: none flags: spf scheduled: 7/5 translator state: enabled interface: 30.1.1.1 (v...
Page 326
4-12 field description flags area type flag: z nssa: nssa area z nssadefault: a default route is generated into the nssa. Z nssanosummary: abr is disabled from advertising type-3 lsas into nssa. Z nssanoredistribution: prohibits advertisement of redistributed routes into nssa. Z stub: stub area z st...
Page 327
4-13 display ospf cumulative syntax display ospf [ process-id ] cumulative view any view parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process id, this command applies to all current ospf processes. Description use the display ospf cumulative command to...
Page 328
4-14 routing table: intra area: 1 inter area: 0 ase: 0 table 4-4 description on the fields of the display ospf cumulative command field description type type of input/output ospf packet: z hello: hello packet z db description: database description packet z link-state req: link-state request packet z...
Page 329
4-15 description use the display ospf error command to display ospf error information. Examples # display the ospf error information. Display ospf error ospf process 1 with router id 1.1.1.1 ospf packet error statistics: 0: ip: received my own packet 0: ospf: wrong packet type 0: ospf: wrong version...
Page 330
4-16 field description ospf: packet size > ip length ospf packet size exceeds ip packet length ospf: transmit error ospf transmission error ospf: interface down ospf interface is down, unavailable ospf: unknown neighbor ospf neighbors are unknown hello: netmask mismatch network mask mismatch hello: ...
Page 331
4-17 display ospf interface syntax display ospf [ process-id ] interface [interface-type interface-number ] view any view parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process id, this command applies to all current ospf processes. Interface-type interf...
Page 332
4-18 field description priority priority of dr for interface election designated router dr on the network in which the interface resides backup designated router bdr on the network in which the interface resides ospf timers, defined as follows: hello interval of hello packet dead interval of dead ne...
Page 333
4-19 description use the display ospf lsdb command to display the database information about ospf connecting state. If no ospf process is specified, lsdb information of all ospf processes is displayed. Examples # display the database information about ospf connection state. Display ospf lsdb ospf pr...
Page 334
4-20 field description where location of the lsa, used to indicate in which stage of the route calculation the lsa is: z uninitialized: the lsa is not initialized or is originated by another router. Z clist: the lsa is on the candidate list. Z spftree: the lsa is in the spf tree. Z sumasb list: the ...
Page 335
4-21 table 4-8 description on the fields of the display ospf lsdb ase command field description type type of the lsa ls id link state id of the lsa adv rtr router id of the router that advertises the lsa ls age age of the lsa len length of the lsa seq# sequence number of the lsa chksum checksum of t...
Page 336
4-22 ospf process 1 with router id 1.1.1.1 next hops: address type refcount intf addr intf name --------------------------------------------------------------- 202.38.160.1 direct 3 202.38.160.1 vlan-interface2 202.38.160.2 neighbor 1 202.38.160.1 vlan-interface2 table 4-9 description on the fields ...
Page 337
4-23 dead timer expires in 31s neighbor has been up for 01:14:14 table 4-10 description on the fields of the display ospf peer command field description routerid id of a neighbor router address ip address of the interface on a neighbor router state state of a neighbor: z down: this is the initial st...
Page 338
4-24 field description pri priority of a neighbor router deadtime(s) dead time, in seconds, of neighbor router interface type and number of the local router interface connected to the neighbor router state state of a neighbor router, including z down z init z attempt z 2-way z exstart z exchange z l...
Page 339
4-25 field description loading in this state, ospf router requests neighbor routers based on the updated link state information from neighbor routers and its expired information, and waits for response from neighbor routers full it indicates that database synchronization between the routers that hav...
Page 340
4-26 display ospf retrans-queue syntax display ospf [ process-id ] retrans-queue view any view parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process id, this command applies to all current ospf processes. Description use the display ospf retrans-queue c...
Page 341
4-27 display ospf routing syntax display ospf [ process-id ] routing view any view parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process id, this command applies to all current ospf processes. Description use the display ospf routing command to display ...
Page 342
4-28 display ospf vlink syntax display ospf [ process-id ] vlink view any view parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process id, this command applies to all current ospf processes. Description use the display ospf vlink command to display the in...
Page 346
4-32 [sysname-ospf-1] import-route rip type 2 tag 33 cost 50 log-peer-change syntax log-peer-change undo log-peer-change view ospf view parameters none description use the log-peer-change command to enable logging of ospf neighbor state changes. Use the undo log-peer-change command to disable loggin...
Page 347
4-33 by default, the number of ospf ecmp routes is 3. Examples # set the number of ospf ecmp routes to 2. System-view system view: return to user view with ctrl+z. [sysname] ospf 1 [sysname-ospf-1] multi-path-number 2 network syntax network ip-address wildcard-mask undo network ip-address wildcard-m...
Page 349
4-35 if the abr that has the translate-always keyword configured and has a neighbor in the full state in the backbone area, its type-7 lsas translator state becomes enabled and it will translate type-7 lsas into type-5 lsas. After an ospf area is configured as a stub area, the abr in the area automa...
Page 350
4-36 z to run ospf, a router must have a router id specified. If no router id is specified, the system will automatically select one of the router interface ip addresses as the router id. Z if a router runs multiple ospf processes, you are recommended to specify a router id for each process by using...
Page 351
4-37 description use the ospf authentication-mode command to configure the authentication mode and key between adjacent routers. Use the undo ospf authentication-mode command to cancel the authentication key that has been set. By default, the interface does not authenticate the ospf packets. The pas...
Page 352
4-38 examples # specify the ospf cost on the interface as 33. System-view system view: return to user view with ctrl+z. [sysname] interface vlan-interface 10 [sysname-vlan-interface10] ospf cost 33 ospf dr-priority syntax ospf dr-priority priority undo ospf dr-priority view interface view parameters...
Page 353
4-39 parameters process-id : ospf process id, in the range of 1 to 65535. Description use the ospf mib-binding command to bind mib operations to the specified ospf process. Use the undo ospf mib-binding command to restore the default. By default, mib operations are bound to the first enabled ospf pr...
Page 355
4-41 for a p2mp interface, z if the unicast keyword is not specified, the interface sends packets to multicast addresses. Z if the unicast keyword is specified, the interface sends packets to unicast addresses. In this case, you must use the peer command to specify the neighbor. Note that you must u...
Page 356
4-42 ospf timer hello syntax ospf timer hello seconds undo ospf timer hello view interface view parameters seconds : interval, in seconds, at which an interface transmits hello packet. It ranges from 1 to 255. Description use the ospf timer hello command to configure the interval for transmitting he...
Page 357
4-43 description use the ospf timer poll command to configure the poll interval at which the interface sends hello packets to the neighbor in the down state. Use the undo ospf timer poll command to restore the default. By default, the poll interval is 40 seconds. On an nbma network, if a neighbor be...
Page 358
4-44 system view: return to user view with ctrl+z. [sysname] interface vlan-interface 10 [sysname-vlan-interface10] ospf timer retransmit 12 ospf trans-delay syntax ospf trans-delay seconds undo ospf trans-delay view interface view parameters seconds : lsa transmission delay in seconds on an interfa...
Page 359
4-45 description use the peer command to specify a neighbor and its dr priority on an nbma network. Use the undo peer command to remove this configuration. On an nbma network, you can configure mappings to make the network fully meshed (any two routers have a direct link in between), so ospf can han...
Page 361
4-47 router id syntax router id router-id undo router id view system view parameters router-id : router id, in dotted decimal notation. Description use the router id command to configure the id of a router running the ospf protocol. Use the undo router id command to cancel the router id that has bee...
Page 362
4-48 view ospf view parameters silent-interface-type: interface type silent-interface-number : interface number. Description use the silent-interface command to disable an interface from transmitting ospf packet. Use the undo silent-interface command to restore the default. By default, the interface...
Page 363
4-49 parameters process-id : ospf process id, in the range of 1 to 65535. If you do not specify a process id, this command applies to all current ospf processes. Ifstatechange , virifstatechange, nbrstatechange, virnbrstatechange, ifcfgerror, virifcfgerror, ifauthfail , virifauthfail, ifrxbadpkt, vi...
Page 364
4-50 system-view system view: return to user view with ctrl+z. [sysname] ospf 1 [sysname-ospf-1] spf-schedule-interval 6 stub syntax stub [ no-summary ] undo stub view ospf area view parameters no-summary : disables an abr from transmitting type-3 lsas to a stub area. Description use the stub comman...
Page 366
4-52 note that, virtual link authentication adopts the md5 cipher text or simple text authentication mode set with the authentication-mode command for area 0. Therefore, you need to specify the authentication mode for area 0 on both abrs interconnected by the virtual link. Related commands: authenti...
Page 367
5-1 5 ip routing policy configuration commands the term router in this chapter refers to a router in a generic sense or an ethernet switch running a routing protocol. Ip routing policy configuration commands apply cost syntax apply cost value undo apply cost view route policy view parameters value :...
Page 368
5-2 apply tag syntax apply tag value undo apply tag view route policy view parameters value : tag value of a route, in the range of 0 to 4294967295. Description use the apply tag command to configure a tag for a route. Use the undo apply tag command to remove the configuration. By default, no tag is...
Page 369
5-3 examples # display the information about the address prefix list named p1. Display ip ip-prefix p1 name index conditions ip-prefix / mask ge le p1 10 permit 10.1.0.0/16 17 18 table 5-1 description on the fields of the display ip ip-prefix command field description name name of an ip-prefix index...
Page 370
5-4 table 5-2 description on the fields of the display route-policy command field description route-policy name of a routing policy information about the routing policy with the matching mode configured as permit and the node as 10. If-match (ip-prefix) p1 matching conditions permit 10 apply cost 10...
Page 371
5-5 view route policy view parameters value : route cost, in the range of 0 to 4294967295. Description use the if-match cost command to configure a cost matching rule for routing information. Use the undo if-match cost command to remove the configuration. By default, no cost matching rule is defined...
Page 373
5-7 parameters value : tag value, in the range of 0 to 4294967295. Description use the if-match tag command to configure the tag matching rule for routing information. Use the undo if-match tag command to remove the matching rule. By default, no the tag matching rule for routing information is defin...
Page 374
5-8 to", and the meaning of less-equal is "less than or equal to". The range is len greater-equal less-equal greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only less-equal is used, it denotes the prefix range [len, less-equal]. When both greater-equal and less-equal are...
Page 375
5-9 node : specifies a node index in a routing policy. Node-number : index of the node in a routing policy, in the range 0 to 2047. When this routing policy is used, the node with smaller node-number will be matched first. Description use the route-policy command to create a routing policy or enter ...
Page 376
6-1 6 route capacity configuration commands the term router in this chapter refers to a router in a generic sense or an ethernet switch running a routing protocol. Route capacity configuration commands display memory syntax display memory [ unit unit-id ] mode any view parameters unit-id : unit id. ...
Page 377
6-2 table 6-1 description on the fields of the display memory command field description unit specifies a unit id system available memory(bytes) free memory size, in bytes, of the switch system used memory(bytes) occupied memory size, in bytes, of the switch used rate memory occupation rate display m...
Page 378
6-3 field description system memory limit lower limit of the switch memory. Auto-establish enabled automatic connection is enabled (if automatic connection is disabled, auto-establish disabled is displayed). Free memory size of the current free memory in bytes the times of disconnect: number of disc...
Page 379
6-4 when you configure the memory command, the safety-value argument in the command must be greater than the limit-value argument; otherwise, the configuration will fail. Examples # set the lower limit of the switch free memory to 1 mb and the safety value to 3 mb. System-view system view: return to...
Page 380
6-5 memory auto-establish enable syntax memory auto-establish enable view system view parameters none description use the memory auto-establish enable command to enable automatic connections of routing protocols when the free memory of the switch recovers to the specified value. Use the memory auto-...
Page 381: Table of Contents
I table of contents 1 common multicast configuration commands ·······················································································1-1 common multicast configuration commands ························································································1-1 display mac-add...
Page 382
Ii crp-policy ·········································································································································3-3 display pim bsr-info··························································································································3-4...
Page 383
Iii 5 igmp snooping configuration commands ····························································································5-1 igmp snooping configuration commands·····························································································5-1 display igmp-snooping config...
Page 384
1-1 1 common multicast configuration commands common multicast configuration commands display mac-address multicast static syntax display mac-address multicast static [ [ mac-address ] vlan vlan-id ] [ count ] view any view parameters mac-address:displays the static multicast mac entry information f...
Page 385
1-2 field description state state of the mac address, which includes only config static, indicating that the table entry is manually added. Port index ports out which the multicast packets destined for the multicast mac address are forwarded aging time(s) state of the aging timer. The aging timer fo...
Page 386
1-3 table 1-2 display mpm forwarding-table command output description field description total 1 entry(entries) total number of the entries 00001 entry number (120.0.0.2, 225.0.0.2) source address-group address pair iif vlan-interface1200 the incoming vlan interface is vlan-interface 1200. 1 oif(s): ...
Page 387
1-4 ethernet1/0/24 ip group(s):the following ip group(s) match to one mac group. Ip group address:224.1.1.1 static host port(s): dynamic host port(s): ethernet1/0/22 mac group(s): mac group address:0100-5e01-0101 host port(s):ethernet1/0/22 table 1-3 display mpm group command output description fiel...
Page 388
1-5 mask: mask of the specified multicast group address or multicast source address, 255.255.255.255 by default. Mask-length: mask length of the specified multicast group address or multicast source address. For a multicast group address, this argument is in the range of 4 to 32; for a multicast sou...
Page 389
1-6 table 1-4 display multicast forwarding-table command output description field description multicast forwarding cache table multicast forwarding table total 1 entries total number of matched forwarding entries 00001 serial number of the entry (10.0.0.4, 225.1.1.1) multicast source and group addre...
Page 390
1-7 the multicast routing table is the basis of multicast data delivery. You can view the multicast routing table entries to determine whether (s, g) entries have been created with correct outgoing and incoming interfaces. Related commands: reset multicast routing-table, display multicast forwarding...
Page 391
1-8 display multicast-source-deny syntax display multicast-source-deny [ interface interface-type [ interface-number ] ] view any view parameters interface-type: port type. Interface-number: port number. Description use the display multicast-source-deny command to display the multicast source port s...
Page 392
1-9 interface-type interface-number2, where interface-number2 must be greater than interface-number1). The total number of individual ports plus port ranges cannot exceed 10. For port types and port numbers, refer to the parameter description in the “port basic configuration” part in this manual. Vl...
Page 394
1-11 -3 192.168.3.1 incoming interface address: 192.168.4.2 previous-hop router address: 0.0.0.0 input packet count on incoming interface: 0 output packet count on outgoing interface: 0 total number of packets for this source-group pair: 0 protocol: pim forwarding ttl: 0 forwarding code: no error ta...
Page 395
1-12 description use the multicast route-limit command to configure the maximum number of entries the multicast routing table can hold. The switch will drop the protocol and data packets for new (s, g) entries after the limit is reached. Use the undo multicast route-limit command to restore the defa...
Page 396
1-13 multicast storing-enable syntax multicast storing-enable undo multicast storing-enable view system view parameters none description use the multicast storing-enable command to enable the multicast packet buffering feature. Use the undo multicast storing-enable command to disable the multicast p...
Page 397
1-14 system-view system view: return to user view with ctrl+z. [sysname] multicast storing-packet 50 multicast-source-deny syntax multicast-source-deny [ interface interface-list ] undo multicast-source-deny [ interface interface-list ] view system view, ethernet port view parameters interface inter...
Page 400
1-17 description use the unknown-multicast drop enable command to enable the function of dropping unknown multicast packets. Use the undo unknown-multicast drop enable command to disable the function of dropping unknown multicast packets. By default, the function of dropping unknown multicast packet...
Page 402
2-2 table 2-1 display igmp group command output description field description group address multicast group address last reporter the last host that reported a membership for this group uptime time elapsed since multicast group was first reported (hh: mm: ss). Expires remaining lifetime of the multi...
Page 403
2-3 table 2-2 display igmp interface command output description field description vlan-interface1 (10.153.17.99): interface name (ip address) igmp is enabled igmp is currently enabled on the interface. If igmp is not enabled, no output information is displayed. Current igmp version is 2 igmp version...
Page 404
2-4 description use the igmp enable command to enable igmp on an interface. Use the undo igmp enable command to disable igmp on an interface. By default, igmp is disabled on an interface. . These commands do not take effect until the multicast routing feature is enabled. You need to use this command...
Page 405
2-5 z after the maximum number of multicast groups is reached, the interface will not join any new multicast group. Z if you configure the maximum number of multicast groups allowed on the interface to 1, a new group registered on the interface supersedes the existing one automatically. Z if the num...
Page 406
2-6 description use the igmp group-policy command to configure a multicast group filter on the current interface to control the access to the multicast groups in the defined group range. Use undo igmp group-policy command to remove the multicast group filter configured. By default, no filter is conf...
Page 407
2-7 description use the igmp group-policy vlan command to configure a multicast group filter on the current port to control the access to the multicast groups in the defined group range. Use the undo igmp group-policy vlan command to remove the configured multicast group filter. By default, no filte...
Page 408
2-8 in loopback interface view, this command does not support the port interface-list option. Description use the igmp host-join port command to configure one or more ports under the current vlan interface as specified multicast group member(s), namely configure the port(s) as simulated member host(...
Page 409
2-9 system-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] port access vlan 10 [sysname-ethernet1/0/1] igmp host-join 225.0.0.1 vlan 10 igmp lastmember-queryinterval syntax igmp lastmember-queryinterval seconds undo igmp lastmember-queryi...
Page 410
2-10 view interface view parameters seconds: maximum response time in seconds in the igmp general query messages, ranging from 1 to 25. Description use the igmp max-response-time command to configure the maximum response time carried in the igmp general query messages. Use the undo igmp max-response...
Page 411
2-11 related commands: pim neighbor-policy. Examples # configure vlan-interface 1 as the igmp proxy interface for vlan-interface 2 on the layer 3 switch. System-view system view: return to user view with ctrl+z. [sysname] multicast routing-enable [sysname] interface vlan-interface 1 [sysname-vlan-in...
Page 412
2-12 view interface view parameters seconds: other querier present interval in seconds, in the range of 1 to 131,070. Description use the igmp timer other-querier-present command to configure the other querier present interval, namely the length of time a non-querier waits before it assumes that the...
Page 413
2-13 a multicast router periodically sends igmp general query messages onto the attached subnets to determine whether multicast group members are present on the subnets. The igmp query interval can be tuned according to the practical conditions of the network. Related commands: igmp timer other-quer...
Page 414
2-14 view user view parameters all: the first all refers to all interfaces, while the second all refers to all igmp multicast groups. Interface interface-type interface-number: specifies an interface by its type and number. With an interface specified, the command clears the igmp multicast group inf...
Page 415: Pim Configuration Commands
3-1 3 pim configuration commands pim configuration commands bsr-policy syntax bsr-policy acl-number undo bsr-policy view pim view parameters acl-number: acl number to be used in the bsr filtering policy, in the range of 2000 to 2999. Description use the bsr-policy command to limit the range of legal...
Page 416
3-2 c-bsr syntax c-bsr interface-type interface-number hash-mask-len[priority] undo c-bsr view pim view parameters interface-type interface-number: specifies an interface that will be configured as a c-bsr. This configuration takes effect only after pim-sm is enabled on the interface. Hash-mask-len:...
Page 417
3-3 group-policy: defines a group range to be served by the specified interface after it becomes the rp. Acl-number: basic acl number, in the range of 2,000 to 2,999. Used together with the group-policy keyword, this argument defines the group range mentioned above. Priority priority-value: c-rp pri...
Page 418
3-4 by default, there is no limit on the c-rp address range or the multicast address range that a c-rp serves, that is, all the c-rp-adv messages are considered to valid. Examples # configure a c-rp policy on the bsr so that only multicast devices on subnet 1.1.1.1/32 to become c-rps to serve only t...
Page 419
3-5 field description local host is bsr the local device serves as the bsr. Display pim interface syntax display pim interface [ interface-type interface-number ] view any view parameters interface-type interface-number: specifies an interface by its type and number. Description use the display pim ...
Page 420
3-6 field description pim neighbor policy filtering policy of the pim neighbors on the current interface total 1 pim neighbor on interface totally, one pim neighbor is present on this vlan interface. Pim dr designated router display pim neighbor syntax display pim neighbor [ interface interface-type...
Page 422
3-8 (196.0.0.3, 228.0.0.0) protocol 0x20: pimsm, flag 0x4: spt uptime: 00:10:49, timeout in 196 sec upstream interface: vlan-interface196, rpf neighbor: null downstream interface list: vlan-interface401, protocol 0x100: spt, timeout in 197 sec matched 1 (s,g) entry, 1 (*,g) entry, 0 (*,*,rp) entry t...
Page 423
3-9 view any view parameters group-address: multicast group address. With this argument provided, the command displays the rp information about the specified multicast group; otherwise, the command displays the rp information about all multicast groups. Description use the display pim rp-info comman...
Page 424
3-10 view system view parameters none description use the pim command to enter pim view so that you can configure pim parameters globally. Note that this command is not used to enable pim. Use the undo pim command to clear pim configurations made in pim view. Examples # enter pim view. System-view s...
Page 425
3-11 system view: return to user view with ctrl+z. [sysname] multicast routing-enable [sysname] pim [sysname] interface vlan-interface 10 [sysname-vlan-interface10] pim bsr-boundary pim dm syntax pim dm undo pim dm view interface view parameters none description use the pim dm command to enable pim-...
Page 426
3-12 description use the pim neighbor-limit command to configure the upper threshold of the number of pim neighbors on the current interface. The switch will add no more neighbors for the interface when the limit is reached. Use the undo pim neighbor-limit command to restore the default. By default,...
Page 427
3-13 [sysname-acl-basic-2000] rule deny source any [sysname-acl-basic-2000] quit [sysname] interface vlan-interface 10 [sysname-vlan-interface10] pim neighbor-policy 2000 pim sm syntax pim sm undo pim sm view interface view parameters none description use the pim sm command to enable pim-sm on the c...
Page 428
3-14 description use the pim timer hello command to configure the pim hello interval on the current interface. Use the undo pim timer hello command to restore the default. By default, an interface sends hello messages at the interval of 30 seconds. After pim-sm is enabled on an interface, the switch...
Page 429
3-15 examples # set the pim prune delay interval to 75 seconds. System-view system view: return to user view with ctrl+z. [sysname] pim [sysname-pim] prune delay 75 register-policy syntax register-policy acl-number undo register-policy view pim view parameters acl-number: number of ip advanced acl t...
Page 430
3-16 parameters all: clears all pim neighbors. Neighbor-address: neighbor address. Interface interface-type interface-number: specifies an interface by its type and number. With an interface specified, the command clears pim neighbors of the specified interface only. Description use the reset pim ne...
Page 431
3-17 in this command, if the group-address is a group address, and source-address is 0 (where group address can have a mask and source address has no mask), then only the (*, g) entry will be cleared. This command shall clear not only multicast route entries from pim routing table, but also the corr...
Page 432
3-18 if you do not include the order order-value option in your command, the acl will be appended to the end of the group-policy list. Z if you use this command multiple times on the same multicast group, the first matched traffic rate configuration in sequence will take effect. Z once a multicast f...
Page 433
3-19 the configured multicast source lifetime applies to all (s, g) entries in the pim routing table and the multicast routing table rather than on a specific (s, g) entry, and the configuration changes the aging time of all the existing (s, g) entries. Examples # set the multicast source lifetime t...
Page 434
3-20 [sysname] pim [sysname-pim] source-policy 2000 [sysname-pim] quit [sysname] acl number 2000 [sysname-acl-basic-2000] rule deny source 10.10.1.1 0 [sysname-acl-basic-2000] rule permit source any static-rp syntax static-rp rp-address [ acl-number ] undo static-rp view pim view parameters rp-addre...
Page 435: Msdp Configuration Commands
4-1 4 msdp configuration commands msdp configuration commands cache-sa-enable syntax cache-sa-enable undo cache-sa-enable view msdp view parameters none description use the cache-sa-enable command to enable the sa message caching mechanism. Use the undo cache-sa-enable command to disable the sa mess...
Page 436
4-2 description use the display msdp brief command to display the brief information of the msdp peer state. Examples # display the brief information of the msdp peer state. Display msdp brief msdp peer brief information peer's address state up/down time as sa count reset count 20.20.20.20 up 00:00:1...
Page 437
4-3 examples # display the detailed information of msdp peer 10.110.11.11. Display msdp peer-status 10.110.11.11 msdp peer 20.20.20.20, as 100 description: information about connection status: state: up up/down time: 14:41:08 resets: 0 connection interface: loopback0 (20.20.20.30) number of sent/rec...
Page 438
4-4 field description connection interface interface and its ip address used for setting up a tcp connection with the remote msdp peer number of sent/received messages number of sa messages sent and received through this connection number of discarded output messages number of discarded outgoing mes...
Page 439
4-5 parameters group-address: multicast group address. With this argument provided, the command displays the (s, g) entries for the specified multicast group. Source-address: multicast source address. With this argument provided, the command displays the (s, g) entries for the specified multicast so...
Page 440
4-6 field description uptime length of time for which the cached (s, g) entry has been existing expires length of time in which the cached (s, g) entry will expire display msdp sa-count syntax display msdp sa-count [ as-number ] view any view parameters as-number: as number, in the range of 1 to 655...
Page 441
4-7 field description as as number. “?” indicates that the system was unable to obtain the as number. Number of source number of multicast sources from this as number of group number of multicast groups from this as import-source syntax import-source [ acl acl-number ] undo import-source view msdp v...
Page 442
4-8 undo msdp view system view parameters none description use the msdp command to enable msdp and enter msdp view. Use the undo msdp command to clear all configurations in msdp view, release resources occupied by msdp, and restore the initial state. Related commands: peer. Examples # enable msdp an...
Page 443
4-9 description use the msdp-tracert command to trace the path along which an sa message travels, so as to locate message loss and minimize configuration errors. After determining the path of the sa message, you can prevent sa flooding through correct configuration. Examples # specify the maximum nu...
Page 444
4-10 field description return code: reached-max-hops maximum number of hops is reached. Another possible value is: hit-src-rp: the switch of this hop is the source rp in the (s, g, rp) entry. Next-hop router address: 0.0.0.0 if you use the next-hop-info keyword, the address of peer-rpf neighbor is d...
Page 445
4-11 peer connect-interface syntax peer peer-address connect-interface interface-type interface-number undo peer peer-address view msdp view parameters peer-address: specifies an msdp peer by its ip address. Interface-type interface-number: specifies an interface by its type and number. The switch w...
Page 446
4-12 description use the peer description command to configure the descriptive text for an msdp peer so that the administrator can easily distinguish msdp peers. Use the undo peer description command to remove the configured descriptive text. By default, no descriptive text is configured for any msd...
Page 447
4-13 undo peer peer-address minimum-ttl view msdp view parameters peer-address: ip address of the msdp peer to which the minimum ttl setting will apply. Ttl-value: minimum required ttl value, ranging from 0 to 255. Description use the peer minimum-ttl command to configure the minimum required ttl va...
Page 448
4-14 examples # configure to send an sa request message to the msdp peer 125.10.7.6. System-view system view: return to user view with ctrl+z. [sysname] msdp [sysname-msdp] peer 125.10.7.6 request-sa-enable peer sa-cache-maximum syntax peer peer-address sa-cache-maximum sa-limit undo peer peer-addre...
Page 449
4-15 view msdp view parameters peer-address: specifies an msdp peer by its ip address. Import: filters the sa messages from the specified msdp peer. Export: filters the sa messages to be forwarded to the specified msdp peer. Acl acl-number: specifies an advanced acl number, ranging from 3000 to 3999...
Page 450
4-16 description use the peer sa-request-policy command to filter the sa request messages from the specified msdp peer. Use the undo peer sa-request-policy command to restore the default. By default, the switch accepts all sa request messages from any msdp peer. If no acl is specified, all sa reques...
Page 451
4-17 reset msdp sa-cache syntax reset msdp sa-cache [ group-address ] view user view parameters group-address: multicast group address; the cached (s, g) entries matching this address are to be deleted from the sa cache. If no multicast group address is specified, all cached sa entries will be clear...
Page 452
4-18 undo shutdown peer-address view msdp view parameters peer-address: specifies an msdp peer by its ip address. Description use the shutdown command to shut down the connection with the specified msdp peer. Use the undo shutdown command to reactivate an msdp peering connection. By default, the con...
Page 453
4-19 using the same rp-policy keyword are configured, when any of the peers receives an sa message, it will forward the sa message to the other peers. Z use the rp-policy keyword for none of the msdp peers. In this case, based on the configuration sequence, only the first static rpf peer whose conne...
Page 454
5-1 5 igmp snooping configuration commands igmp snooping configuration commands display igmp-snooping configuration syntax display igmp-snooping configuration view any view parameters none description use the display igmp-snooping configuration command to display igmp snooping configuration informat...
Page 455
5-2 display igmp-snooping group syntax display igmp-snooping group [ vlan vlan-id ] view any view parameters vlan vlan-id: specifies the vlan in which the multicast group information is to be displayed, where vlan-id ranges from 1 to 4094.. If you do not specify a vlan, this command displays the mul...
Page 456
5-3 field description total 1 mac group(s). Total number of mac multicast groups in all vlans vlan(id): id of the vlan whose multicast group information is displayed total 1 ip group(s). Total number of ip multicast groups in vlan 100 total 1 mac group(s). Total number of mac multicast groups in vla...
Page 457
5-4 examples # display igmp snooping statistics. Display igmp-snooping statistics received igmp general query packet(s) number:1. Received igmp specific query packet(s) number:0. Received igmp v1 report packet(s) number:0. Received igmp v2 report packet(s) number:3. Received igmp leave packet(s) num...
Page 458
5-5 z although both layer 2 and layer 3 multicast protocols can run on the same switch simultaneously, they cannot run simultaneously in the same vlan and on the corresponding vlan interface. Z before enabling igmp snooping in a vlan, be sure to enable igmp snooping globally in system view; otherwis...
Page 459
5-6 z the fast leave processing function works for a port only if the host attached to the port runs igmpv2 or igmpv3. Z the configuration performed in system view takes effect on all ports of the switch if no vlan is specified; if one or more vlans are specified, the configuration takes effect on a...
Page 460
5-7 by default, the layer 2 multicast switch sends general query messages with the source ip address of 0.0.0.0. Related commands: igmp-snooping querier, igmp-snooping query-interval. Examples # configure the switch to send general query messages with the source ip address 2.2.2.2 in vlan 3. System-...
Page 461
5-8 z to prevent bursting traffic in the network or performance deterioration of the device caused by excessive multicast groups, you can set the maximum number of multicast groups that the switch should process. Z when the number of multicast groups exceeds the configured limit, the switch removes ...
Page 462
5-9 by default, no multicast group filter is configured. The acl rule defines a multicast address or a multicast address range (for example 224.0.0.1 to 239.255.255.255) and is used to: z allow the port(s) to join only the multicast group(s) defined in the rule by a permit statement. Z inhibit the p...
Page 463
5-10 [sysname-acl-basic-2001] rule permit source any [sysname-acl-basic-2001] quit z create vlan 2 and add ethernet1/0/2 to vlan 2. [sysname] vlan 2 [sysname-vlan2] port ethernet 1/0/2 [sysname-vlan2] quit z configure acl 2001 on ethernet1/0/2 to it to join any igmp multicast groups except those def...
Page 464
5-11 view system view parameters seconds: maximum response time in igmp general queries, in the range of 1 to 25. Description use the igmp-snooping max-response-time command to configure the maximum response time in igmp general queries. Use the undo igmp-snooping max-response-time command to restor...
Page 465
5-12 you can configure this command only after igmp snooping is enabled globally. When igmp snooping is disabled globally, the configuration of the igmp-snooping nonflooding-enable command is also removed. Z if the function of dropping unknown multicast packets or the xrn fabric function is enabled,...
Page 466
5-13 related commands: igmp-snooping enable, igmp-snooping query-interval, igmp-snooping general-query source-ip examples # enable the igmp snooping querier in vlan 3. System-view system view, return to user view with ctrl+z. [sysname] igmp-snooping enable [sysname] vlan 3 [sysname-vlan3] igmp-snoop...
Page 467
5-14 igmp-snooping router-aging-time syntax igmp-snooping router-aging-time seconds undo igmp-snooping router-aging-time view system view parameters seconds: aging time of router ports, in the range of 1 to 1,000, in seconds. Description use the igmp-snooping router-aging-time command to configure t...
Page 468
5-15 examples # disable ethernet 1/0/1 from becoming a router port. System-view system view, return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] igmp-snooping query-pkt-deny igmp-snooping version syntax igmp-snooping version version-number undo igmp-snooping v...
Page 469
5-16 parameters vlan vlan-id: vlan id, in the range of 1 to 4094. Description use the igmp-snooping vlan-mapping vlan command to configure to transmit igmp general and group-specific query messages in a specific vlan. Use the undo igmp-snooping vlan-mapping command to restore the default. By default...
Page 470
5-17 unlike a static member port, a port configured as a simulated member host will age out like a dynamic member port. Related commands: igmp-snooping enable, multicast static-group interface, multicast static-group vlan before configuring simulated joining, enable igmp snooping in the vlan corresp...
Page 471
5-18 use the undo igmp host-join command to remove the current port as a simulated member host for the specified multicast group or source-group. Unlike a static member port, a port configured as a simulated member host will age out like a dynamic member port. Related commands: igmp-snooping enable,...
Page 472
5-19 description use the igmp-snooping special-query source-ip command to configure the source address to be carried in igmp group-specific queries. Use the undo igmp-snooping special-query source-ip command to restore the default. By default, the layer 2 multicast switch sends group-specific query ...
Page 473
5-20 the ports configured with this command handle layer 2 multicast traffic only, rather than layer 3 multicast traffic. Examples # configure ports ethernet 1/0/1 to ethernet 1/0/3 under vlan-interface 1 as static members ports for multicast group 225.0.0.1. System-view system view: return to user ...
Page 474
5-21 the port configured with this command handles layer 2 multicast traffic only, rather than layer 3 multicast traffic. Examples # configure port ethernet1/0/1 in vlan 2 as a static member port for multicast group 225.0.0.1. System-view system view: return to user view with ctrl+z. [sysname]interf...
Page 475
5-22 undo multicast static-router-port vlan vlan-id view ethernet port view parameters vlan-id: vlan id the port belongs to, in the range of 1 to 4094. Description use the multicast static-router-port vlan command to configure the current port in the specified vlan as a static router port and specif...
Page 476
5-23 examples # clear igmp snooping statistics. Reset igmp-snooping statistics service-type multicast syntax service-type multicast undo service-type multicast view vlan view parameters none description use the service-type multicast command to configure the current vlan as a multicast vlan. Use the...
Page 477
5-24 [sysname] vlan 2 [sysname-vlan2] service-type multicast.
Page 478: Table of Contents
I table of contents 1 802.1x configuration commands ············································································································1-1 802.1x configuration commands ··········································································································...
Page 479
Ii system-guard ip enable ···················································································································4-5 system-guard l3err enable···············································································································4-6 system-guard tc...
Page 481
1-2 configuration: transmit period 30 s, handshake period 15 s reauth period 3600 s, reauth maxtimes 2 quiet period 60 s, quiet period timer is disabled supp timeout 30 s, server timeout 100 s interval between version requests is 30s maximal request times for version information is 3 the maximal ret...
Page 482
1-3 dhcp-launch is disabled dhcp-triggered. 802.1x authentication is disabled. Handshake is enabled the online user handshaking function is enabled. Proxy trap checker is disabled whether or not to send trap packets when detecting a supplicant system logs in through a proxy. Z disable means the swit...
Page 483
1-4 proxy trap checker is disabled whether or not to send trap packets when detecting a supplicant system in logging in through a proxy. Z disable means the switch does not send trap packets when it detects that a supplicant system logs in through a proxy. Z enable means the switch sends trap packet...
Page 484
1-5 description use the dot1x command to enable 802.1x globally or for specified ethernet ports. Use the undo dot1x command to disable 802.1x globally or for specified ethernet ports. By default, 802.1x is disabled globally and also on all ports. In system view: z if you do not provide the interface...
Page 485
1-6 parameters chap: authenticates using challenge handshake authentication protocol (chap). Pap: authenticates using password authentication protocol (pap). Eap: authenticates using extensible authentication protocol (eap). Description use the dot1x authentication-method command to set the 802.1x a...
Page 486
1-7 description use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to authenticate a supplicant system when the supplicant system applies for a dynamic ip address through dhcp. Use the undo dot1x dhcp-launch command to disable an 802.1x-enabled switch from au...
Page 487
1-8 z if you specify the interface-list argument, these two commands apply to the specified ports. In ethernet port view, the interface-list argument is not available and these two commands apply to only the current ethernet port. Z the guest vlan function is available only when the switch operates ...
Page 488
1-9 z to enable the proxy detecting function, you need to enable the online user handshaking function first. Z with the support of h3c proprietary clients, handshaking packets can be used to test whether or not a user is online. Z as clients that are not of h3c do not support the online user handsha...
Page 489
1-10 examples # enable the handshaking packet protection function. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] dot1x handshake secure dot1x max-user syntax dot1x max-user user-number[ interface interface-list ] undo dot1x max-u...
Page 492
1-13 dot1x quiet-period syntax dot1x quiet-period undo dot1x quiet-period view system view parameters none description use the dot1x quiet-period command to enable the quiet-period timer. Use the undo dot1x quiet-period command to disable the quiet-period timer. When a user fails to pass the authent...
Page 493
1-14 after a switch sends an authentication request packet to a user, it sends another authentication request packet if it does not receive response from the user after a specific period of time. If the switch still receives no response when the configured maximum number of authentication request tr...
Page 494
1-15 examples # configure the maximum number of times that the switch sends version request packets to 6. System-view system view: return to user view with ctrl+z. [sysname] dot1x retry-version-max 6 dot1x re-authenticate syntax dot1x re-authenticate [ interface interface-list] undo dot1x re-authent...
Page 495
1-16 system view: return to user view with ctrl+z. [sysname] dot1x 802.1x is enabled globally. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] dot1x 802.1x is enabled on port ethernet1/0/1 already. [sysname-ethernet1/0/1] dot1x re-authenticate re-authentication is enabled on port ethernet...
Page 496
1-17 z whether or not a user logs in through multiple network adapters (that is, when the user attempts to log in, it contains more than one active network adapters.) a switch can optionally take the following actions in response to any of the above three cases: z only disconnects the user but sends...
Page 498
1-19 ver-period ver-period-value: sets the client version request timer. This timer sets the version period and is triggered after a switch sends a version request packet. The switch sends another version request packet if it does receive version response packets from the supplicant system when the ...
Page 499
1-20 examples # set the 802.1x re-authentication interval to 150 seconds. System-view system view: return to user view with ctrl+z. [sysname] dot1x timer reauth-period 150 dot1x version-check syntax dot1x version-check [ interface interface-list] undo dot1x version-check [ interface interface-list] ...
Page 500
1-21 reset dot1x statistics syntax reset dot1xstatistics[ interface interface-list ] view user view parameters interface-list: ethernet port list, in the form of interface-list= { interface-type interface-number [ to interface-type interface-number ] } &, in which interface-type specifies the type o...
Page 502
2-2 dot1x timer acl-timeout syntax dot1x timer acl-timeout acl-timeout-value undo dot1x timer acl-timeout view system view parameters acl-timeout-value: acl timeout period (in minutes), in the range of 1 to 1440. Description use the dot1x timer acl-timeout command to configure the acl timeout period...
Page 503
2-3 system view: return to user view with ctrl+z. [sysname] dot1x url http://192.168.19.23.
Page 504: Habp Configuration Commands
3-1 3 habp configuration commands habp configuration commands display habp syntax display habp view any view parameters none description use the display habp command to display habp configuration and status. Examples # display habp configuration and status. Display habp global habp information: habp...
Page 505
3-2 display habp table syntax display habp table view any view parameters none description use the display habp table command to display the mac address table maintained by habp. Examples # display the mac address table maintained by habp. Display habp table mac holdtime receive port 001f-3c00-0030 ...
Page 506
3-3 habp counters : packets output: 0, input: 0 id error: 0, type error: 0, version error: 0 sent failed: 0 table 3-3 description on the fields of the display habp traffic command field description packets output number of the habp packets sent input number of the habp packets received id error numb...
Page 507
3-4 habp server vlan syntax habp server vlan vlan-id undo habp server view system view parameters vlan-id: vlan id, ranging from 1 to 4094. Description use the habp server vlan command to configure a switch to operate as an habp server. This command also specifies the vlan where habp packets are bro...
Page 508
3-5 examples # configure the switch to send habp request packets once in every 50 seconds system-view system view: return to user view with ctrl+z. [sysname] habp timer 50
Page 509
4-1 4 system guard configuration commands system guard configuration commands display system-guard ip state syntax display system-guard ip state view any view parameters none description use the display system-guard ip state command to view the monitoring result and parameter settings of system guar...
Page 510
4-2 display system-guard ip-record syntax display system-guard ip-record view any view parameters none description use the display system-guard ip-record command to view the information about ip packets received by the cpu in the current monitoring cycle. Examples # view the information about ip pac...
Page 511
4-3 parameters none description use the display system-guard l3err state command to view the status of layer 3 error control. Examples # view the status of layer 3 error control. Display system-guard l3err state system-guard l3err status: enabled display system-guard tcn state syntax display system-...
Page 512
4-4 use the undo system-guard ip detect-maxnum command to restore the maximum number of infected hosts that can be monitored to the default setting. By default, system guard can monitor a maximum of 30 infected hosts. Examples # set the maximum number of infected hosts that can be concurrently monit...
Page 513
4-5 the correlations among the arguments of the system-guard ip detect-threshold command can be clearly described with this example: if you set ip-record-threshold, record-times-threshold and isolate-time to 30, 1 and 3 respectively, when the system detects successively three times that over 50 ip p...
Page 514
4-6 system view: return to user view with ctrl+z. [sysname] system-guard ip enable system-guard l3err enable syntax system-guard l3err enable undo system-guard l3err enable view system view parameters none description use the system-guard l3err enable command to enable layer 3 error control. Use the...
Page 515
4-7 system-guard tcn enable syntax system-guard tcn enable undo system-guard tcn enable view system view parameters none description use the system-guard tcn enable command to enable system guard against tcn attacks. Use the undo system-guard tcn enable command to disable system guard against tcn at...
Page 516
4-8 use the undo system-guard tcn rate-threshold command to restore the default threshold of tcn/tc packet receiving rate. By default, the default threshold of tcn/tc packet receiving rate is 1 pps. As the system monitoring cycle is 10 seconds, the system sends trap or log information, by default, i...
Page 517: Table of Contents
I table of contents 1 aaa configuration commands················································································································1-1 aaa configuration commands ·············································································································...
Page 518
Ii nas-ip·············································································································································1-41 primary accounting ························································································································1-42 p...
Page 519
Iii.
Page 522
1-3 [sysname-isp-aabbcc.Net] accounting radius-scheme radius accounting optional syntax accounting optional undo accounting optional view isp domain view parameters none description use the accounting optional command to open the accounting-optional switch. Use the undo accounting optional command t...
Page 525
1-6 examples # reference the radius scheme "radius1" as the authentication scheme of the isp domain aabbcc.Net. System-view system view: return to user view with ctrl+z. [sysname] domain aabbcc.Net new domain added. [sysname-isp-aabbcc.Net] authentication radius-scheme radius1 # reference the radius...
Page 526
1-7 the switch 5500-ei adopts hierarchical protection for command lines so as to inhibit users at lower levels from using higher level commands to configure the switches. For details about configuring a hwtacacs authentication scheme for low-to-high user level switching, refer to switching user leve...
Page 527
1-8 system view: return to user view with ctrl+z. [sysname] domain aabbcc.Net new domain added. [sysname-isp-aabbcc.Net] authorization none authorization vlan syntax authorization vlan string undo authorization vlan view local user view parameters string : number or descriptor of the authorized vlan...
Page 530
1-11 display connection ------------------unit 1------------------------ index=40 , username=user1@domain1 mac=000f-3d80-4ce5 , ip=0.0.0.0 on unit 1: total 1 connections matched, 1 listed. # display information about the user connection with index 0. [sysname] display connection ucibindex 0 index=0 ...
Page 531
1-12 examples # display configuration information about all isp domains. Display domain 0 domain = system state = active scheme = local access-limit = 512 vlan-assignment-mode = integer domain user template: idle-cut = = enable time = 60(min) flow = 200(byte) self-service url = http://aabbcc.Net mes...
Page 533
1-14 ip address: 192.168.0.108 mac address: 000d-88f6-44c1 total 1 local user(s) matched, 1 listed. Servicetype mask meaning: c--terminal f--ftp l--lanaccess s--ssh t--telnet table 1-3 describes the fields in the above display output. Table 1-3 description on the fields of the display local-user com...
Page 534
1-15 default : manually changes the default isp domain, which is "system" by default. There is one and only one default isp domain. Disable : disables the configured default isp domain. Enable : enables the configured default isp domain. Description use the domain command to create an isp domain and...
Page 535
1-16 parameters at : specifies “@” as the delimiter between the username and the isp domain name. Dot : specifies “.” as the delimiter between the username and the isp domain name. Description use the domain delimiter command to specify the delimiter form between the username and the isp domain name...
Page 536
1-17 description use the idle-cut command to set the user idle-cut function in current isp domain. If a user’s traffic in the specified period of time is less than the specified amount, the system will disconnect the user. By default, this function is disabled. Note that if the authentication server...
Page 537
1-18 using rsa shared key for authentication, the commands they can access are determined by the levels sets on their user interfaces. Related commands: local-user. Examples # set the level of user1 to 3. System-view system view: return to user view with ctrl+z. [sysname] local-user user1 new local ...
Page 538
1-19 examples # add a local user named user1. System-view system view: return to user view with ctrl+z. [sysname] local-user user1 new local user added. [sysname-luser-user1] # add a local user named 01234567891234567 (note that it will appear as 012345678912345~0000 in the view prompt). System-view...
Page 540
1-21 undo name view vlan view parameters string : assigned vlan name, a string of up to 32 characters. Description use the name command to set a vlan name, which will be used for vlan assignment. Use the undo name command to cancel the vlan name. By default, a vlan uses its vlan id (like vlan 0001) ...
Page 541
1-22 description use the password command to set a password for the local user. Use the undo password command to cancel the password of the local user. Note that: z with the local-user password-display-mode cipher-force command configured, the password is always displayed in cipher text, regardless ...
Page 543
1-24 z both the radius-scheme command and the scheme command can be used to specify the radius scheme to be quoted for the isp domain. Their functions are the same and the system takes the latest configuration. Related commands: radius scheme, display domain. Examples # configure the isp domain aabb...
Page 544
1-25 z a user can choose the [change user password] option on the client only after passing the authentication. If the user fails the authentication, this option is in grey and is unavailable. Examples # under the default isp domain "system", set the url of the web page used to modify user password ...
Page 547
1-28 table 1-4 commonly used servers and their dynamic vlan assignment modes server dynamic vlan assignment mode cams integer for the latest cams version, you can determine the assignment mode by attribute value. Acs string freeradius you can determine the assignment mode by attribute value (for exa...
Page 548
1-29 radius configuration commands accounting optional syntax accounting optional undo accounting optional view radius scheme view parameters none description use the accounting optional command to open the accounting-optional switch. Use the undo accounting optional command to close the accounting-...
Page 550
1-31 nas-ip-address and session id) contained in the message, and ends the accounting of the users based on the last accounting update message. 4) once the switch receives the response from the cams, it stops sending accounting-on messages. 5) if the switch does not receive any response from the cam...
Page 551
1-32 parameters mode1 : sets the mac address format to xxxx-xxxx-xxxx, where each x represents a hexadecimal number. Mode2 : sets the mac address format to xx-xx-xx-xx-xx-xx. Lowercase : uses lowercase letters in the mac address. Uppercase : uses uppercase letters in the mac address. Description use...
Page 552
1-33 note that the specified unit of data flows sent to the radius server must be consistent with the traffic statistics unit of the radius server. Otherwise, accounting cannot be performed correctly. Related commands: display radius scheme. Examples # specify to measure data and packets in data flo...
Page 553
1-34 view any view parameters radius-scheme-name : name of a radius scheme, a string of up to 32 characters. Description use the display radius scheme command to display configuration information about one specific or all radius schemes related commands: radius scheme. Examples # display configurati...
Page 554
1-35 index index number of the radius scheme type type of the radius servers primary auth ip/port ip address/port number of the primary authentication server primary acct ip/port ip address/port number of the primary accounting server second auth ip/port ip address/port number of the secondary authe...
Page 555
1-36 display radius statistics syntax display radius statistics view any view parameters none description use the display radius statistics command to display the radius message statistics. Related commands: radius scheme. Examples # display radius message statistics. Display radius statistics state...
Page 556
1-37 portal access , num=0 , err=0 , succ=0 update ack , num=0 , err=0 , succ=0 portal access ack , num=0 , err=0 , succ=0 session ctrl pkt , num=0 , err=0 , succ=0 set policy result , num=0 , err=0 , succ=0 radius sent messages statistic: auth accept , num=0 auth reject , num=0 eap auth replying , ...
Page 557
1-38 description use the display stop-accounting-buffer command to display the non-response stop-accounting requests buffered in the device. Z you can choose to display the buffered stop-accounting requests of a specified radius scheme, session (by session id), or user (by username). You can also sp...
Page 558
1-39 description use the key command to set a shared key for radius authentication/authorization messages or accounting messages. Use the undo key command to restore the corresponding default shared key setting. By default, no shared key exists. Note that: z both radius client and server adopt md5 a...
Page 559
1-40 description use the local-server enable command to enable the udp ports for local radius services. Use the undo local-server command to disable the udp ports for local radius services. By default, the udp ports for local radius services are enabled. In addition to functioning as a radius client...
Page 560
1-41 z the message encryption key set by the local-server nas-ip ip-address key password command must be identical with the authentication/authorization message encryption key set by the key authentication command in the radius scheme view of the radius scheme on the specified nas that uses this swi...
Page 561
1-42 the nas-ip command in radius scheme view has the same function as the radius nas-ip command in system view; and the configuration in radius scheme view takes precedence over that in system view. You can set the source ip address of outgoing radius messages to avoid messages returned from radius...
Page 562
1-43 examples # set the ip address and udp port number of the primary accounting server for radius scheme radius1 to 10.110.1.2 and 1813 respectively. System-view system view: return to user view with ctrl+z. [sysname] radius scheme radius1 new radius scheme [sysname-radius-radius1] primary accounti...
Page 563
1-44 related commands: key, radius scheme, state. Examples # set the ip address and udp port number of the primary authentication/authorization server for radius scheme radius1 to 10.110.1.1 and 1812 respectively. System-view system view: return to user view with ctrl+z. [sysname] radius scheme radi...
Page 564
1-45 undo radius nas-ip view system view parameters ip-address : source ip address to be set, an ip address of this device. This address can neither be the all 0's address nor be a class-d address. Description use the radius nas-ip command to set the source ip address of outgoing radius messages. Us...
Page 565
1-46 view system view parameters radius-scheme-name : name of the radius scheme to be created, a string of up to 32 characters. Description use the radius scheme command to create a radius scheme and enter its view. Use the undo radius scheme command to delete a specified radius scheme. By default, ...
Page 566
1-47 parameters authentication-server-down : enables/disables the switch to send trap messages when a radius authentication server turns down. Accounting-server-down : enables/disables the switch to send trap messages when a radius accounting server turns down. Description use the radius trap comman...
Page 568
1-49 undo retry view radius scheme view parameters retry-times : maximum number of transmission attempts of a radius request, ranging from 1 to 20. Description use the retry command to set the maximum number of transmission attempts of a radius request. Use the undo retry command to restore the defa...
Page 569
1-50 parameters retry-times : maximum allowed number of continuous real-time accounting failures, ranging from 1 to 255. Description use the retry realtime-accounting command to set the maximum allowed number of continuous real-time accounting failures. Use the undo retry realtime-accounting command...
Page 570
1-51 [sysname-radius-radius1] retry realtime-accounting 10 retry stop-accounting syntax retry stop-accounting retry-times undo retry stop-accounting view radius scheme view parameters retry-times : maximum number of transmission attempts of a buffered stop-accounting request, ranging from 10 to 65,5...
Page 571
1-52 undo secondary accounting view radius scheme view parameters ip-address : ip address of the secondary accounting server to be used, in dotted decimal notation. Port-number : udp port number of the secondary accounting server, ranging from 1 to 65535. Description use the secondary accounting com...
Page 572
1-53 use the undo secondary authentication command to restore the default ip address and port number of the secondary radius authentication/authorization server, which is 0.0.0.0 and 1812 respectively. Related commands: key, radius scheme, state. Examples # set the ip address and udp port number of ...
Page 574
1-55 [sysname] radius scheme radius1 new radius scheme [sysname-radius-radius1] state secondary authentication active stop-accounting-buffer enable syntax stop-accounting-buffer enable undo stop-accounting-buffer enable view radius scheme view parameters none description use the stop-accounting-buff...
Page 575
1-56 undo timer view radius scheme view parameters seconds : response timeout time of radius servers, ranging from 1 to 10 seconds. Description use the timer command to set the response timeout time of radius servers (that is, the timeout time of the response timeout timer of radius servers). Use th...
Page 576
1-57 parameters minutes : wait time before primary server state restoration, ranging from 1 to 255 minutes. Description use the timer quiet command to set the time that the switch waits before it tries to re-communicate with the primary server and restore the status of the primary server to active. ...
Page 577
1-58 z the setting of the real-time accounting interval depends, to some degree, on the performance of the switch and the radius server. The higher the performance of the switch and the radius server is, the shorter the interval can be. It is recommended to set the interval as long as possible when ...
Page 578
1-59 z after sending out a radius request (authentication/authorization request or accounting request) to a radius server, the switch waits for a response from the server. The maximum time that the switch can wait for the response is called the response timeout time of radius servers, and the corres...
Page 579
1-60 designed for you to specify whether or not isp domain names are carried in the usernames to be sent to the radius server. Z for a radius scheme, if you have specified to exclude isp domain names from usernames, you should not use this radius scheme in more than one isp domain. Otherwise, such e...
Page 580
1-61 note that the specified unit of data flows sent to the tacacs server must be consistent with the traffic statistics unit of the tacacs server. Otherwise, accounting cannot be performed correctly. Related commands: display hwtacacs. Examples # specify to measure data and packets in data flows to...
Page 581
1-62 current-authentication-server : 172.31.1.11:49 current-authorization-server : 172.31.1.11:49 current-accounting-server : 172.31.1.11:49 source-ip-address : 0.0.0.0 key authentication : 790131 key authorization : 790131 key accounting : 790131 quiet-interval(min) : 5 response-timeout-interval(se...
Page 582
1-63 view system view parameters ip-address : source ip address to be set, an ip address of this device. This address can neither be the all 0's address nor be a class d address. Description use the hwtacacs nas-ip command to set the source address of outgoing hwtacacs messages. Use the undo hwtacac...
Page 584
1-65 nas-ip syntax nas-ip ip-address undo nas-ip view hwtacacs scheme view parameters ip-address : source ip address to be set, an ip address of this device. This address can neither be the all 0's address nor be a class d address. Description use the nas-ip command to set the source address of outg...
Page 585
1-66 view hwtacacs scheme view parameters ip-address : ip address of the primary accounting server to be used, a valid unicast address in dotted decimal notation. Port : port number of the primary accounting server, ranging from 1 to 65535. Description use the primary accounting command to set the i...
Page 586
1-67 parameters ip-address : ip address of the primary authentication server to be used, a valid unicast address in dotted decimal notation. Port : port number of the primary authentication server, ranging from 1 to 65535. Description use the primary authentication command to set the ip address and ...
Page 587
1-68 description use the primary authorization command to set the ip address and port number of the primary hwtacacs authorization server to be used by the current scheme. Use the undo primary authorization command to restore the default ip address and port number of the primary authorization server...
Page 588
1-69 examples # clear all hwtacacs protocol statistics. Reset hwtacacs statistics all reset stop-accounting-buffer syntax reset stop-accounting-buffer hwtacacs-scheme hwtacacs-scheme-name view user view parameters hwtacacs-scheme hwtacacs-scheme-name: deletes the buffered stop-accounting requests of...
Page 589
1-70 description use the retry stop-accounting command to enable the stop-accounting request retransmission function and set the maximum number of attempts to transmit a stop-accounting request. Use the undo retry stop-accounting command to restore the default setting. By default, this function is e...
Page 590
1-71 examples # set the ip address and udp port number of the secondary accounting server for hwtacacs scheme hwt1 to 10.163.155.12 and 49 respectively. System-view system view: return to user view with ctrl+z. [sysname] hwtacacs scheme hwt1 [sysname-hwtacacs-hwt1] secondary accounting 10.163.155.12...
Page 591
1-72 [sysname-hwtacacs-hwt1] secondary authentication 10.163.155.13 49 secondary authorization syntax secondary authorization ip-address [ port ] undo secondary authorization view hwtacacs scheme view parameters ip-address : ip address of the secondary authorization server, a valid unicast address i...
Page 592
1-73 undo timer quiet view hwtacacs scheme view parameters minutes : wait time before primary server state restoration, ranging from 1 to 255 minutes. Description use the timer quiet command to set the time that the switch waits before it tries to re-communicate with the primary server and restore t...
Page 593
1-74 z to control the interval at which users are charged in real time, you can set the real-time accounting interval. After the setting, the switch periodically sends online users' accounting information to tacacs accounting server at the set interval. Z the setting of the real-time accounting inte...
Page 594
1-75 description use the timer response-timeout command to set the response timeout time of tacacs servers. Use the undo timer response-timeout command to restore the default response timeout time of tacacs servers. By default, the response timeout time of tacacs servers is five seconds. As hwtacacs...
Page 595
1-76 sending usernames to tacacs server. For this reason, the user-name-format command is designed for you to specify whether or not isp domain names are carried in the usernames to be sent to tacacs server. Z for a hwtacacs scheme, if you have specified to exclude isp domain names from usernames, y...
Page 597
2-2 security-policy-server 192.168.0.1 user-name-format without-domain ….
Page 598: Table of Contents
I table of contents 1 mac address authentication configuration commands ·····································································1-1 mac address authentication basic function configuration commands ···············································1-1 display mac-authentication ············...
Page 599: Commands
1-1 1 mac address authentication configuration commands the configuration of fixed password when setting the user name in mac address mode for mac address authentication is added. See mac-authentication authmode usernameasmacaddress . Mac address authentication basic function configuration commands ...
Page 600
1-2 server response timeout value is 100s guest vlan re-authenticate period is 30s max allowed user number is 1024 current user number amounts to 1 current domain: not configured, use default domain silent mac user info: mac addr from port port index --- on unit 1, 1 silent mac address(es) found. --...
Page 601
1-3 quiet period quiet timer sets the quiet period. A switch goes through a quiet period if a user fails to pass the mac address authentication. The default value is 60 seconds. Server response timeout value server timeout timer, which sets the timeout time for the connection between a switch and th...
Page 602
1-4 mac-authentication syntax mac-authentication undo mac-authentication view system view, ethernet port view parameters none description use the mac-authentication command to enable mac address authentication globally or on the current port. Use the undo mac-authentication command to disable mac ad...
Page 603
1-5 mac-authentication interface syntax mac-authenticationinterface interface-list undo mac-authenticationinterface interface-list view system view parameters interface-list: list of ethernet ports. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { ...
Page 605
1-7 view system view parameters none description use the mac-authentication authmode usernamefixed command to set the user name in fixed mode for mac address authentication. Use the undo mac-authentication authmode command to restore the default user name mode for mac address authentication. By defa...
Page 606
1-8 mac-authentication authusername syntax mac-authentication authusername username undo mac-authentication authusername view system view parameters username: user name used in authentication, a string of 1 to 55 characters. Description use the mac-authentication authusername command to set a user n...
Page 608
1-10 view user view parameters interface-list: list of ethernet ports. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &, where & means that you can provide up to 10 port ind...
Page 609
1-11 z if more than one client are connected to a port, you cannot configure a guest vlan for this port. Z when a guest vlan is configured for a port, only one mac address authentication user can access the port. Even if you set the limit on the number of mac address authentication users to more tha...
Page 610
1-12 use the undo mac-authentication max-auth-num command to restore the maximum number of mac address authentication users allowed to access the port to the default value. By default, the maximum number of mac address authentication users allowed to access a port is 256. Z if both the limit on the ...
Page 611
1-13 examples # configure the switch to re-authenticate users in guest vlans at the interval of 60 seconds. System-view system view: return to user view with ctrl+z. [sysname] mac-authentication timer guest-vlan-reauth 60
Page 612: Table of Contents
I table of contents 1 web authentication configuration commands ·····················································································1-1 web authentication configuration commands ·······················································································1-1 display web-au...
Page 613
1-1 1 web authentication configuration commands web authentication configuration commands display web-authentication configuration syntax display web-authentication configuration view any view parameters none description use the display web-authentication configuration command to display all web aut...
Page 614
1-2 table 1-1 description on the fields of display web-authentication configuration field description status global status of web authentication web server ip address and port number of the web authentication server idle-cut time idle user checking interval max-online time maximum online time specif...
Page 615
1-3 display web-authentication connection all username: 1 mac: 000d-88f6-44c1 interface: ethernet1/0/1 vlan: 2 method: shared state: online online-time(s): 8 total 1 connection(s) matched table 1-2 description on the fields of display web-authentication connection field description username name of ...
Page 616
1-4 all: restores all customized items to the defaults. Description use the web-authentication customize command to customize the company name, subject, contact phone number, and e-mail address to be displayed on authentication pages or to specify the custom web file. After the configuration, the cu...
Page 618
1-6 web-authentication enable syntax web-authentication enable undo web-authentication enable view system view parameters none description use the web-authentication enable command to enable web authentication globally. Use the undo web-authentication enable command to disable web authentication glo...
Page 619
1-7 description use the web-authentication free-ip command to set a free ip address range, which can be accessed by users before they pass web authentication. Use the undo web-authentication free-ip command to remove the setting or all such settings. By default, no free ip address range is set. Note...
Page 620
1-8 note: z you can set up to eight authentication-free users. Z after a user gets online in shared access method, if you configure an authentication-free user whose ip address and mac address are the same as those of the online user, the online user will be forced to get offline. Examples # set the...
Page 622
1-10 view system view parameters timer: interval for checking whether an online user is idle. It ranges from 10 to 86400 seconds. Value 0 means the idle user checking function is disabled. Description use the web-authentication timer idle-cut command to set the idle user checking interval for web au...
Page 623
1-11 use the undo web-authentication timer max-online command to restore the default. By default, the maximum online time for users is 1800 seconds. Examples # set the maximum online time of users to 36000 seconds. System-view system view: return to user view with ctrl+z. [sysname] web-authenticatio...
Page 624: Table of Contents
I table of contents 1 vrrp configuration commands ·············································································································1-1 vrrp configuration commands ············································································································1...
Page 625: Vrrp Configuration Commands
1-1 1 vrrp configuration commands vrrp configuration commands display vrrp syntax display vrrp [ verbose ] [ interface vlan-interface vlan-id [ vrid virtual-router-id ] ] view any view parameters verbose:displays detailed state information of vrrp. Vlan-interface vlan-id: displays vrrp state informa...
Page 626
1-2 table 1-1 description on the fields of the display vrrp command field description run method current vrrp running method, including real-mac and virtual-mac virtual ip ping whether you can ping the virtual ip address of the vrrp group interface interface where the vrrp group resides vrid id of t...
Page 627
1-3 field description delay time preemption delay auth type authentication type, including none, simple, and md5 virtual ip virtual ip address of the vrrp group virtual mac virtual mac address corresponding to the virtual ip address of the vrrp group. It is displayed only when the switch is in the s...
Page 628
1-4 invalid auth type : 0 auth type mismatch : 0 packet length errors : 0 address list errors : 0 become master : 1 priority zero pkts rcvd : 0 advertise rcvd : 0 priority zero pkts sent : 0 invalid type pkts rcvd : 0 table 1-3 description on the fields of the display vrrp statistics command field d...
Page 629
1-5 description use the reset vrrpstatistics command to clear the vrrp statistics information. When you execute this command, z if neither a vlan interface nor a vrrp group is specified, the statistics information about all the vrrp groups on the switch is cleared. Z if only a vlan interface is spec...
Page 630
1-6 system-view system view: return to user view with ctrl+z. [sysname] vrrp method real-mac vrrp ping-enable syntax vrrp ping-enable undo vrrp ping-enable view system view parameters none description use the vrrp ping-enable command to enable a vrrp group to respond to ping packets destined for its...
Page 631
1-7 description use the vrrp vlan-interface vrid track command to enable the port tracking function of a vrrp group on a physical port. Use the undo vrrp vlan-interface vrid track command to disable the port tracking function. After the port tracking function of a vrrp group is enabled on a port, th...
Page 632
1-8 z when the authentication type is simple, the authentication key is in plain text and can contain one to eight characters. Z when the authentication type is md5, the authentication key can be a string of one to eight characters in plain text, such as 1234567, or a 24-character md5 encrypted stri...
Page 633
1-9 use the undo vrrp vrid preempt-mode command to cancel the configuration, that is, configure the switch to work in the non-preemptive mode. By default, switches in a vrrp group operate in the preemptive mode, with the preemption delay period set to 0 seconds. If you want a switch with high priori...
Page 634
1-10 parameters virtual-router-id: vrrp group id, ranging from 1 to 255. Priority: switch priority to be set. This argument ranges from 1 to 254. Description use the vrrp vrid priority command to set the priority of a switch in a vrrp group. Use the undo vrrp vrid priority command to restore the def...
Page 635
1-11 for a period three times of the advertisement interval, they send vrrp advertisements to other members of the vrrp group to elect a new master. Note that configuration error occurs if switches of the same vrrp group are configured with different adver-interval values. Examples # set the interva...
Page 636
1-12 examples # on vlan-interface 2, configure to track vlan-interface 1 and configure the priority of the master of vrrp group 1 (on vlan-interface 2) to decrease by 50 when vlan-interface 1 goes down. System-view system view: return to user view with ctrl+z. [sysname] interface vlan-interface 2 [s...
Page 637
1-13 examples # create detected group 10 and specify to detect the ip address of 202.12.1.55. System-view system view: return to user view with ctrl+z. [sysname] detect-group 10 [sysname-detect-group-10] detect-list 1 ip address 202.12.1.55 # specify to decrease the priority of the master of vrrp gr...
Page 638
1-14 it is not recommended to perform vrrp group-related configurations on the vlan interface of a remote-probe vlan. Otherwise, packet mirroring may be affected. Examples # create a vrrp group. System-view system view: return to user view with ctrl+z. [sysname] interface vlan-interface 2 [sysname-v...
Page 639: Table of Contents
I table of contents 1 arp configuration commands················································································································1-1 arp configuration commands··············································································································...
Page 640: Arp Configuration Commands
1-1 1 arp configuration commands z support for arp attack defense is added. For specific commands, refer to arp attack defense configuration commands . Z support for local arp proxy is added. For specific commands, refer to local-proxy-arp enable . Arp configuration commands arp check enable syntax ...
Page 641
1-2 arp send-gratuitous enable vrrp syntax arp send-gratuitous enable vrrp undo arp send-gratuitous enable vrrp view system view parameters none description use the arp send-gratuitous enable vrrp command to enable the master switch of a vrrp backup group to send gratuitous arp packets periodically....
Page 642
1-3 interface-number: number of the port to which the static arp entry belongs. Description use the arp static command to create a static arp entry. Use the undo arp command to remove an arp entry. By default, the system arp mapping table is empty and the address mapping entries are obtained by arp ...
Page 644
1-5 table 1-1 description on the fields of the display arp command field description ip address ip address contained in an arp entry mac address mac address contained in an arp entry vlan id id of the vlan which an arp entry corresponds to port name / al id port which an arp entry corresponds to agi...
Page 646
1-7 parameters none description use the display arp timer aging command to display the setting of the arp aging time. Related commands: arp timer aging. Examples # display the setting of the arp aging time. Display arp timer aging current arp aging time is 20 minute(s)(default) the displayed informa...
Page 647
1-8 gratuitous-arp-learning enable syntax gratuitous-arp-learning enable undo gratuitous-arp-learning enable view system view parameters none description use the gratuitous-arp-learning enable command to enable the gratuitous arp packet learning function. Then, a switch receiving a gratuitous arp pa...
Page 648
1-9 examples # clear static arp entries. Reset arp static.
Page 649
2-1 2 arp attack defense configuration commands arp attack defense configuration commands arp anti-attack valid-check enable syntax arp anti-attack valid-check enable undo arp anti-attack valid-check enable view system view parameters none description use the arp anti-attack valid-check enable comma...
Page 650
2-2 description use the arp detection enable command to enable the arp attack detection function on all ports in the specified vlan. When receiving an arp packet from a port in this vlan, the switch will check the source ip address, source mac address, number of the receiving port, and the vlan of t...
Page 651
2-3 arp filter source syntax arp filtersource ip-address undo arp filtersource view ethernet port view parameters ip-address: ip address of the gateway. Description use the arp filter source command to configure arp packet filtering based on the gateway’s ip address on the current port working as th...
Page 652
2-4 description use the arp filter binding command to configure arp packet filtering based on the gateway’s ip and mac addresses on the current port. After that, the port will discard arp packets with the gateway’s ip address as the sender ip address but with the sender mac address different from th...
Page 653
2-5 arp protective-down recover enable syntax arp protective-down recover enable undo arp protective-down recover enable view system view parameters none description use the arp protective-down recover enable command to enable the port state auto-recovery function on the switch. Use the undo arp pro...
Page 654
2-6 by default, when the port state auto-recovery function is enabled, the recovery interval is 300 seconds. Note that: z you need to enable the port state auto-recovery feature before you can configure the auto-recovery interval. Z if you use the arp protective-down recoverinterval command to modif...
Page 655
2-7 arp rate-limit enable syntax arp rate-limit enable undo arp rate-limit enable view ethernet port view parameters none description use the arp rate-limit enable command to enable the arp packet rate limit function on the port, that is, to limit the rate of arp packets passing through the port. If...
Page 656
2-8 related commands: arp detection enable, arp detection trust syntax # enable arp restricted forwarding in vlan 1. System-view system view: return to user view with ctrl+z. [sysname] vlan 1 [sysname-vlan1] arp restricted-forwarding enable display arp detection statistics interface syntax display a...
Page 657
2-9 ip source static import dot1x syntax ip source static import dot1x undo ip source static import dot1x view system view parameters none description use the ip source static import dot1x command to enable arp attack detection based on ip-to-mac mappings of authenticated 802.1x clients. Enabled wit...
Page 658
3-1 3 proxy arp configuration commands proxy arp configuration commands arp proxy enable syntax arp proxy enable undo arp proxy enable view vlan interface view parameters none description use the arp proxy enable command to enable common proxy arp on the vlan interface. Use the undo arp proxy enable...
Page 659
3-2 parameters interface vlan-interface vlan-id: displays the common and local proxy arp state on a vlan interface. Description use the display arp proxy command to display common and local proxy arp state: enabled/disabled. If interface vlan-interface vlan-id is specified, common and local proxy ar...
Page 660
3-3 view vlan interface view parameters none description use the local-proxy-arp enable command to enable local proxy arp on the vlan interface. Use the undo local-proxy-arp enable command to disable local proxy arp on the vlan interface. By default, local proxy arp is disabled on the vlan interface...
Page 661
4-1 4 resilient arp configuration commands resilient arp configuration commands display resilient-arp syntax display resilient-arp [ unit unit-id ] view any view parameters unit unit-id: unit id ranging from 1 to 8. If a switch belongs to a fabric, resilient arp information on specific devices in th...
Page 662
4-2 parameters none description use the resilient-arp enable command to enable the resilient arp function. The switch will adopt different methods based on the actual status. If the main link in the fabric breaks, the switch sends resilient arp packets through the vlan interface on the backup link t...
Page 663
4-3 [sysname] resilient-arp interface vlan-interface 2.
Page 664: Table of Contents
I table of contents 1 dhcp server configuration commands ·································································································1-1 dhcp server configuration commands ································································································1-1 account...
Page 665
Ii static-bind ip-address ····················································································································1-38 static-bind mac-address ················································································································1-39 tftp-server ...
Page 666
Iii ip address dhcp-alloc·······················································································································5-2 bootp client configuration commands ·······························································································5-3 display bootp cli...
Page 667
1-1 1 dhcp server configuration commands z ip filtering based on authenticated 802.1x clients are added. For specific commands, refer to ip check dot1x enable . Z support for removing dhcp snooping entries is added. For specific commands, refer to reset dhcp-snooping . Dhcp server configuration comm...
Page 668
1-2 bims-server syntax bims-server ip ip-address[ port port-number ] sharekey key undo bims-server view dhcp address pool view parameters ip ip-address: specifies the ip address of the remote bims server. Port port-number: specifies the port number of the remote bims. The port-number argument ranges...
Page 669
1-3 description use the bootfile-name command to specify a bootfile name in the dhcp global address pool for the client. Use the undo bootfile-name command to remove the specified bootfile name from the dhcp global address pool. By default, no bootfile name is specified. If you execute the bootfile-...
Page 670
1-4 to improve security and avoid malicious attacks to the unused sockets, s5500-ei ethernet switches provide the following functions: udp ports 67 and 68 used by dhcp are enabled/disabled only when dhcp is enabled/disabled. The implementation is as follows: z after dhcp is enabled by executing the ...
Page 671
1-5 description use the dhcp select global command to configure the specified interface(s) or all interfaces to operate in global dhcp address pool mode. Upon receiving a dhcp packet from a dhcp client through an interface operating in global dhcp address pool mode, the dhcp server chooses an ip add...
Page 672
1-6 description use the dhcp select interface command to configure the specified interface(s) to operate in dhcp interface address pool mode. Upon receiving a dhcp packet from a dhcp client through an interface operating in interface address pool mode, the dhcp server chooses an ip address from the ...
Page 675
1-9 description use the dhcp server detect command to enable the unauthorized dhcp server detection function. With this feature enabled, upon receiving a dhcp request, the dhcp server will record the ip addresses of any dhcp servers which ever assigned an ip address to the dhcp client and the receiv...
Page 676
1-10 interface number; the interface interface-type interface-number [ to interface-type interface-number ] keyword and argument combination specifies an interface range. All: (in comparison with the ip-address argument) specifies all dns server ip addresses. All: (in comparison with the interface k...
Page 677
1-11 parameters domain-name: domain name suffix of the dhcp clients whose ip addresses are from the specified interface address pool(s). This argument is a string of 3 to 50 characters. Interface interface-type interface-number [ to interface-type interface-number ]: specifies the interface(s), thro...
Page 679
1-13 undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] view system view parameters low-ip-address: ip address that is not available for being assigned to dhcp clients automatically (an ip address of this kind is known as a forbidden ip address). This argument also marks the lower end ...
Page 680
1-14 undo dhcp server ip-pool pool-name view system view parameters pool-name: name of a dhcp address pool, which uniquely identifies the address pool. This argument is a string of 1 to 35 characters. Description use the dhcp server ip-pool command to create a global dhcp address pool and enter dhcp...
Page 683
1-17 # specify p-node as the netbios node type of the dhcp clients whose ip addresses are from the dhcp interface address pool of vlan-interface 1. [sysname] interface vlan-interface 1 [sysname-vlan-interface1] dhcp server netbios-type p-node dhcp server option syntax in vlan interface view, use the...
Page 684
1-18 if you execute the dhcp server option command repeatedly, the new configuration overwrites the previous one. For commands related to option 184, refer to dhcp server voice-config . Related commands: option. Examples # enter system view. System-view system view: return to user view with ctrl+z. ...
Page 685
1-19 undo dhcp server relay information enable view system view parameters none description use the dhcp server relay information enable command to enable the dhcp server to handle option 82. Use the undo dhcp server relay information enable command to configure the dhcp server to ignore option 82. ...
Page 686
1-20 by default, no ip address in an address pool is statically bound. It should be noted that: z an ip address can be statically bound to only one mac address or one client id. A mac address or client id can be bound with only one ip address statically. Z the ip address to be statically bound canno...
Page 687
1-21 description use the dhcp server tftp-server domain-name command to specify the tftp server name in dhcp interface address pool for the client. When the client’s request contains option 66 (tftp server name), the dhcp server will return an ip address together with the name of the specified tftp ...
Page 688
1-22 address), the dhcp server will return an ip address together with the ip address of the specified tftp server from the interface address pool to the client. Use the undo dhcp server tftp-server ip-address command to remove the tftp server address from dhcp interface address pool for the client....
Page 689
1-23 fail-over ip-address dialer-string: specifies the failover ip address and dialer string. The dialer-string is a string of 0 to 39 characters, which can be 0 to 9, and “*”. Interface interface-type interface-number [ to interface-type interface-number ]: specifies the dhcp interface address pool...
Page 690
1-24 ip ip-address: specifies one ip address. Description use the display dhcp server conflict command to display the statistics of ip address conflicts on the dhcp server. Related commands: reset dhcp server conflict. Examples # display the statistics of ip address conflicts. Display dhcp server co...
Page 691
1-25 examples # display the lease expiration information about the ip addresses in all dhcp address pools. Display dhcp server expired all global pool: ip address client-identifier/ lease expiration type hardware address interface pool: ip address client-identifier/ lease expiration type hardware ad...
Page 693
1-27 table 1-3 description on the fields of the display dhcp server ip-in-use command field description global pool address binding information of global dhcp address pools interface pool address binding information of interface dhcp address pools ip address bound ip address client-identifier/hardwa...
Page 694
1-28 dhcp decline: 0 dhcp release: 1 dhcp inform: 0 boot reply: 4 dhcp offer: 1 dhcp ack: 3 dhcp nak: 0 bad messages: 0 table 1-4 description on the fields of the display dhcp server statistics command field description global pool statistics about global address pools interface pool statistics abou...
Page 695
1-29 all: specifies all address pools. Description use the display dhcp server tree command to display information about address pool tree. Examples # display the information about address pool tree. Display dhcp server tree all global pool: pool name: test123 network 10.0.0.0 mask 255.0.0.0 child n...
Page 697
1-31 view dhcp address pool view parameters domain-name: domain name suffix for the dhcp client of a dhcp global address pool, a string of 3 to 50 characters. Description use the domain-name command to configure a domain name suffix in a dhcp global address pool for the dhcp client. Use the undo dom...
Page 698
1-32 related commands: dhcp server ip-pool, dhcp server expired. Examples # enter system view. System-view system view: return to user view with ctrl+z. # set the lease time of the ip addresses to be dynamically assigned in the dhcp global address pool 0 to 1 day, 2 hours and 3 minutes. [sysname] dh...
Page 700
1-34 p-node: specifies the p-typed node. Nodes of this type acquire host name-to-ip address mapping by communicating with the wins server. M-node: specifies the m-typed node. Nodes of this type are p-nodes with some broadcasting features. H-node: specifies the h-typed node. Nodes of this type are b-...
Page 701
1-35 related commands: dhcp server ip-pool, dhcp server forbidden-ip. Examples # enter system view. System-view system view: return to user view with ctrl+z. # configure the dynamically assigned ip address range 192.168.8.0/24 for the dhcp global address pool 0. [sysname] dhcp server ip-pool 0 [sysn...
Page 703
1-37 description use the reset dhcp server ip-in-use command to clear the specified or all dynamic address binding information. Related commands: display dhcp server ip-in-use. Examples # clear the dynamic address binding information about the ip address 10.110.1.1. Reset dhcp server ip-in-use ip 10...
Page 704
1-38 use the undo static-bind client-identifier command to delete a client id that is statically bound in a dhcp global address pool. By default, no client id is statically bound. Note that: z the static-bind client-identifier command must be used together with the static-bind ip-address command, to...
Page 705
1-39 z if you execute the static-bind ip-address command repeatedly, the new configuration overwrites the previous one. Related commands: dhcp server ip-pool, static-bind mac-address. Examples # enter system view. System-view system view: return to user view with ctrl+z. # bind the ip address 10.1.1...
Page 706
1-40 # bind the ip address 10.1.1.1 (with the subnet mask 255.255.255.0) to the mac address 0000-e03f-0305. [sysname] dhcp server ip-pool 0 [sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0 [sysname-dhcp-pool-0] static-bind mac-address 0000-e03f-0305 tftp-server domain-name sy...
Page 707
1-41 description use the tftp-server ip-address command to specify the tftp server ip address in a global address pool. Use the undo tftp-server ip-address command to remove the tftp server ip address from a global address pool. By default, no tftp server address is specified. Using the tftp-server ...
Page 708
1-42 by default, a dhcp server global address pool does not assign option 184 and the corresponding sub-options to the client. Related commands: dhcp server voice-config. Examples # enter system view system-view system view: return to user view with ctrl+z. # enable the dhcp server to support option...
Page 709
2-1 2 dhcp relay agent configuration commands dhcp relay agent configuration commands address-check syntax address-check enable address-check disable view vlan interface view parameters none description use the address-check enable command to enable ip address match checking on the dhcp relay agent....
Page 710
2-2 view system view parameters none description use the dhcp relay hand enable command to enable the dhcp relay handshake function. With this feature enabled, the dhcp relay agent uses the ip address of a client and the mac address of the dhcp relay interface to periodically send a handshake messag...
Page 711
2-3 by default, with the option 82 support function enabled on the dhcp relay agent, the dhcp relay agent will adopt the replace strategy to process the request packets containing option 82. However, if other strategies are configured before, then enabling the 82 supporting on the dhcp relay will no...
Page 713
2-5 auto: specifies the auto refreshing interval, which is automatically calculated according to the number of binding entries. Description the default handshake interval is auto, the value of 60 seconds divided by the number of binding entries. Use the dhcp-security tracker command to set the inter...
Page 714
2-6 to improve security and avoid malicious attack to the unused sockets, s5500-ei ethernet switches provide the following functions: z udp 67 and udp 68 ports used by dhcp are enabled only when dhcp is enabled. Z udp 67 and udp 68 ports are disabled when dhcp is disabled. The corresponding implemen...
Page 715
2-7 examples # enter system view system-view system view: return to user view with ctrl+z. # enable the unauthorized-dhcp server detection function on the dhcp relay agent. [sysname] dhcp-server detect dhcp-server ip syntax dhcp-server groupno ip ip-address& undo dhcp-server groupno view system view...
Page 716
2-8 parameters ip-address: ip address. This argument is used to display the user address entry with the specified ip address. Dynamic: displays the dynamic user address entries. Static: displays the static user address entries. Tracker: displays the interval to update the user address entries. Descr...
Page 717
2-9 ip address of dhcp server group 0: 1.1.1.1 ip address of dhcp server group 0: 2.2.2.2 ip address of dhcp server group 0: 3.3.3.3 ip address of dhcp server group 0: 4.4.4.4 ip address of dhcp server group 0: 5.5.5.5 ip address of dhcp server group 0: 6.6.6.6 ip address of dhcp server group 0: 7.7...
Page 718
2-10 field description dhcp_inform messages number of the dhcp-inform packets received by the dhcp relay dhcp_release messages number of the dhcp-release packets received by the dhcp relay bootp_request messages number of the bootp request packets bootp_reply messages number of the bootp response pa...
Page 719
2-11 related commands: dhcp server, display dhcp-server. Examples # clear the statistics information of dhcp server group 2. Reset dhcp-server 2.
Page 720
3-1 3 dhcp snooping configuration commands dhcp snooping configuration commands dhcp-snooping syntax dhcp-snooping undo dhcp-snooping view system view parameters none description use the dhcp-snooping command to enable the dhcp snooping function. Use the undo dhcp-snooping command to disable the dhc...
Page 721
3-2 view system view parameters none description use the dhcp-snooping information enable command to enable dhcp snooping option 82. Use the undo dhcp-snooping information enable command to disable dhcp snooping option 82. Dhcp snooping option 82 is disabled by default. Enable dhcp snooping before p...
Page 723
3-4 use the undo dhcp-snooping information remote-id command to restore the default value of the remote id sub-option in option 82. By default, the remote id sub-option in option 82 is the mac address of the dhcp snooping device that received the dhcp client’s request. Examples # configure the remot...
Page 724
3-5 z enable dhcp-snooping and dhcp-snooping option 82 before performing this configuration. Z if a handling policy is configured on a port, this configuration overrides the globally configured handling policy for requests received on this port, while the globally configured handling policy applies ...
Page 725
3-6 if you have configured a circuit id with the vlan vlan-id argument specified, and the other one without the argument in ethernet port view, the former circuit id applies to the dhcp messages from the specified vlan, while the latter one applies to dhcp messages from other vlans. Examples # set t...
Page 726
3-7 examples # configure the remote id of option 82 in dhcp packets to abc on the port ethernet 1/0/1. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] dhcp-snooping information remote-id string abc dhcp-snooping trust syntax dhcp-sn...
Page 727
3-8 parameters unit unit-id: displays the dhcp-snooping information on the specified device in the fabric. Unit-id indicates the number of the device whose dhcp-snooping information needs to be viewed. If unit unit-id is not specified, dhcp snooping information of all units in the fabric is displaye...
Page 729
3-10 description use the ip check dot1x enable command to enable ip filtering based on ip-to-mac mappings of authenticated 802.1x clients. Use the undo ip check dot1x enable command to disable the function. By default, ip filtering based on ip-to-mac mappings of authenticated 802.1x clients is disab...
Page 730
3-11 ip source static binding syntax ip source static binding ip-address ip-address [ mac-address mac-address] undo ip source static binding ip-address ip-address view ethernet port view parameters ip-address ip-address: specifies the ip address to be statically bound. Mac-address mac-address: speci...
Page 731
3-12 description use the reset dhcp-snooping command to remove dhcp snooping entries from a switch. If no ip-address is specified, all dhcp snooping entries are removed. Examples # remove all dhcp snooping entries from the switch. Reset dhcp-snooping.
Page 732
4-1 4 rate limit configuration commands rate limit configuration commands dhcp protective-down recover enable syntax dhcp protective-down recover enable undo dhcp protective-down recover enable view system view parameters none description use the dhcp protective-down recover enable command to enable...
Page 733
4-2 view system view parameters interval: interval (in seconds) for a port disabled due to the dhcp traffic exceeding the set threshold to be brought up again. This argument ranges from 10 to 86,400. Description use the dhcp protective-down recover interval command to set an auto recovery interval. ...
Page 734
4-3 you need to enable the function to limit dhcp traffic (refer to the dhcp rate-limit enable command) for a port before executing either of these two commands for the port. Examples # configure the dhcp traffic threshold to 100 pps for port ethernet 1/0/11. System-view system view: return to user ...
Page 735
5-1 5 dhcp/bootp client configuration dhcp client configuration commands display dhcp client syntax display dhcp client [ verbose ] view any view parameters verbose: displays the detailed address allocation information. Description use the display dhcp client command to display the information about...
Page 736
5-2 table 5-1 description on the fields of the display dhcp client command field description vlan-interface1 vlan interface operating as a dhcp client to obtain an ip address dynamically current machine state the state of the client state machine allocated ip ip address allocated to the dhcp client ...
Page 737
5-3 to improve security and avoid malicious attacks to the unused sockets, s5500-ei ethernet switches provide the following functions: z udp ports 67 and 68 used by dhcp are enabled/disabled only when dhcp is enabled/disabled. The implementation is as follows: z after the dhcp client is enabled by e...
Page 738
5-4 table 5-2 description on the fields of the display bootp client command field description vlan-interface1 vlan-interface 1 is configured to obtain an ip address through bootp. Allocated ip ip address allocated to the vlan interface transaction id value of the xid field in bootp packets mac addre...
Page 739: Table of Contents
I table of contents 1 acl configuration commands ················································································································1-1 acl configuration commands ············································································································...
Page 741
1-2 examples # define acl 2000 and specify “depth-first” as the match order. System-view system view: return to user view with ctrl+z. [sysname] acl number 2000 match-order auto [sysname-acl-basic-2000] # add three rules with different numbers of zeros in the source wildcards. [sysname-acl-basic-200...
Page 742
1-3 examples # assign description string “this acl is used for filtering all http packets” to acl 3000. System-view [sysname] acl number 3000 [sysname-acl-adv-3000] description this acl is used for filtering all http packets # use the display acl command to view the configuration information of acl ...
Page 743
1-4 table 1-1 description on the fields of the display acl command field description basic acl 2000 the displayed information is about the basic acl 2000. 3 rules the acl includes three rules. Match-order is auto the match order of the acl is depth-first. If this field is not displayed, the match or...
Page 744
1-5 table 1-2 description on the fields of the display drv qacl_resource command field description block on the front panel, z from left to right, every four columns of fe ports (total of eight fe ports) represents a block numbered starting from 0. That is, 0 indicates ethernet 1/0/1 to ethernet 1/0...
Page 745
1-6 former case, the unit-id argument is in the range 1 to 8; in the latter case, the unit-id argument can only be 1. Description use the display packet-filter command to display information about packet filtering. Examples # display information about packet filtering on all ports of a switch that i...
Page 746
1-7 description use the display time-range command to display the configuration and status of a time range or all the time ranges. For active time ranges, this command displays “active”; for inactive time ranges, this command displays “inactive”. Related commands: time-range. Examples # display all ...
Page 747
1-8 table 1-5 combined application of acls combination mode the acl-rule argument apply all the rules of an acl that is of ip type (the acl can be a basic acl or an advanced acl.) ip-group acl-number apply a rule of an acl that is of ip type ip-group acl-number rule rule-id apply all the rules of a ...
Page 748
1-9 # apply rule 2 of user-defined acl 5000 on ethernet 1/0/3 to filter inbound packets. Here, it is assumed that the acl and its rule numbered 2 are already configured. [sysname] interface ethernet 1/0/3 [sysname-ethernet1/0/3] packet-filter inbound user-group 5000 rule 2 [sysname-ethernet1/0/3] qu...
Page 749
1-10 # apply rule 1 of layer 2 acl 4000 on all ports in vlan 20 to filter outbound packets. Here, it is assumed that the acl and its rule numbered 1 and the vlan are already configured. [sysname] packet-filter vlan 20 outbound link-group 4000 rule 1 # apply rule 2 of user-defined acl 5000 on all por...
Page 751
1-12 be the greatest rule number plus one. If the current greatest rule number is 65534, however, the system will display an error message and you need to specify a number for the rule. Z the content of a modified or created rule cannot be identical with the content of any existing rule; otherwise t...
Page 752
1-13 protocol: protocol carried by ip. When the protocol is represented by numeral, it ranges from 1 to 255; when the protocol is represented by name, it can be gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), and udp (17). Rule-string: acl rule information, which can be a combinati...
Page 753
1-14 arguments/keyword s type function description time-range time-name time range information specifies the time range in which the rule takes effect. Time-name: specifies the name of the time range in which the rule is active; a string comprising 1 to 32 characters. The sour-wildcard/dest-wildcard...
Page 754
1-15 keyword dscp value in decimal dscp value in binary cs6 48 110000 cs7 56 111000 ef 46 101110 if you specify the precedence keyword, you can directly input a value ranging from 0 to 7 or input one of the keywords listed in table 1-9 as ip precedence. Table 1-9 ip precedence values and the corresp...
Page 755
1-16 table 1-11 tcp/udp-specific acl rule information parameters type function description source-port operator port1 [ port2 ] source port defines the source port information of udp/tcp packets destination-port operator port1 [ port2 ] destination port defines the destination port information of ud...
Page 756
1-17 table 1-12 tcp or udp port values type value tcp chargen (19), bgp (179), cmd (514), daytime (13), discard (9), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (...
Page 757
1-18 name icmp type icmp code port-unreachable type=3 code=3 protocol-unreachable type=3 code=2 reassembly-timeout type=11 code=1 source-quench type=4 code=0 source-route-failed type=3 code=5 timestamp-reply type=14 code=0 timestamp-request type=13 code=0 ttl-exceeded type=11 code=0 parameters of th...
Page 758
1-19 z if you do not specify the rule-id argument when creating an acl rule, the rule will be numbered automatically. If the acl has no rules, the rule is numbered 0; otherwise, the number of the rule will be the greatest rule number plus one. If the current greatest rule number is 65534, however, t...
Page 759
1-20 table 1-15 layer 2 acl rule information parameters type function description format-type link layer encapsulation type specifies the link layer encapsulation type in the rule this argument can be 802.3/802.2, 802.3, ether_ii, or snap. Lsap lsap-code lsap-wildcard lsap field specifies the lsap f...
Page 760
1-21 parameters type function description type protocol-type protocol-mask protocol type of ethernet frames specifies the protocol type of ethernet frames for the acl rule protocol-type: protocol type. Protocol-mask: protocol type mask. When layer 2 acls are applied to ports or vlans of the switch 5...
Page 762
1-23 offset unit 2 to 5 6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33 6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33 34 to 37 12 to 15 16 to 19 20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43 20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43 44 to 47 48 to 51 3...
Page 763
1-24 protocol protocol number in hexadecimal offset when vlan-vpn is not enabled on any port offset when vlan-vpn is enabled on a port rarp 0x8035 16 20 ip 0x0800 16 20 ipx 0x8137 16 20 appletalk 0x809b 16 20 icmp 0x01 27 31 igmp 0x02 27 31 tcp 0x06 27 31 udp 0x11 27 31 examples # create user-define...
Page 764
1-25 in this example, the 32-byte rule string occupies eight offset units: 4 to 7 (offset2), 8 to 11 (offset3), 12 to 15 (offset4), 16 to 19 (offset5), 20 to 23 (offset1), 24 to 27 (offset7), 28 to 31 (offset8), and 32 to 35 (offset6), as shown in table 1-16 . The rule can be assigned successfully. ...
Page 765
1-26 examples # define the comment “this rule is to be applied to ethernet 1/0/1” for rule 0 of advanced acl 3001. System-view system view: return to user view with ctrl+z. [sysname] acl number 3001 [sysname-acl-adv-3001] rule 0 comment this rule is to be applied to ethernet 1/0/1 # use the display ...
Page 766
1-27 jointly define a period in which the absolute time range takes effect. If the start date is not specified, the time range starts from 1970/01/01 00:00. To end-time end-date: specifies the end date of an absolute time range, in the form of hh:mm mm/dd/yyyy or hh:mm yyyy/mm/dd. The start-time sta...
Page 767
1-28 from 12:00 jan/1/2008 to 12:00 jun/1/2008.
Page 768: Table of Contents
I table of contents 1 qos commands·········································································································································1-1 qos commands·················································································································...
Page 769: Qos Commands
1-1 1 qos commands qos commands burst-mode enable syntax burst-mode enable undo burst-mode enable view system view parameters none description use the burst-mode enable command to enable the burst function. Use the undo burst-mode enable command to disable the burst function. By default, the burst f...
Page 770
1-2 examples # enable the burst function. System-view system view: return to user view with ctrl+z. [sysname] burst-mode enable display protocol-priority syntax display protocol-priority view any view parameters none description use the display protocol-priority command to display the list of protoc...
Page 771
1-3 field description ip-precedence: routine(0) an ip precedence has been assigned to ospf packets. The assigned ip precedence is 0, that is, routine in words. For information about the ip precedence range, refer to table 1-6 . Protocol: telnet indicate that a priority has been set for telnet packet...
Page 773
1-5 priority action: dscp cs6 ethernet1/0/1: traffic-redirect inbound: matches: acl 2000 rule 0 running redirected to: interface ethernet1/0/2 ethernet1/0/1: traffic-statistic inbound: matches: acl 2000 rule 0 running 6 packets inprofile 0 packet outprofile ethernet1/0/1: mirrored-to inbound: matche...
Page 774
1-6 field description inbound packet direction matches acl rules for traffic classifying effect mode union effect, indicating that the acl referenced in the traffic-limit command takes effect together with the other acls applied to the port. Egress port the specified egress port target rate traffic ...
Page 775
1-7 parameters interface-type interface-number: specifies the type and number of the port, of which the line rate configuration is to be displayed. Unit-id: unit id of the switch for which line rate configuration is to be displayed. For the value range for the unit-id argument, refer to table 1-2 . ...
Page 777
1-9 view any view parameters interface-type interface-number: specifies the type and number of a port for which priority marking configuration is to be displayed. Unit-id: unit id of the switch whose priority marking configuration is to be displayed. For the value range for the unit-id argument, ref...
Page 778
1-10 examples # display the traffic redirecting configuration of ethernet 1/0/1. Display qos-interface ethernet1/0/1 traffic-redirect ethernet1/0/1: traffic-redirect inbound: matches: acl 3000 rule 0 running redirected to: interface ethernet1/0/2 refer to table 1-3 for the description on the output ...
Page 779
1-11 view any view parameters interface-type interface-number: specifies the type and number of a port for which traffic accounting configuration is to be displayed. Unit-id: unit id of the switch for which traffic accounting configuration and traffic statistics are to be displayed. For the value ra...
Page 780
1-12 examples # display the global queue scheduling configuration. Display queue-scheduler queue scheduling mode: weighted round robin weight of queue 0: 1 weight of queue 1: 2 weight of queue 2: 3 weight of queue 3: 4 weight of queue 4: 5 weight of queue 5: 9 weight of queue 6: 13 weight of queue 7...
Page 781
1-13 compared to traffic policing, line rate applies to all the inbound or outbound packets passing through a port and thus a simpler solution when you only want to limit the rate of all the inbound or outbound packets passing through a port as a whole. Related commands: display qos-interface line-r...
Page 782
1-14 acl combination form of the acl-rule argument apply a rule in a user-defined acl user-group acl-number rule rule-id apply a rule in an layer 3 acl and a rule in a layer 2 acl ip-group acl-number rule rule-id link-group acl-number rule rule-id table 1-5 description on the parameters used in tabl...
Page 783
1-15 [sysname-acl-basic-2000] rule permit source 1.1.1.1 0 [sysname-acl-basic-2000] quit [sysname] interface ethernet 1/0/4 [sysname-ethernet1/0/4] monitor-port [sysname-ethernet1/0/4] quit [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] mirrored-to inbound ip-group 2000 monitor-interface...
Page 784
1-16 after you execute the priority command on a port, the port priority rather than the 802.1p priority of each inbound 802.1q-tagged packet is used to identify the matching local precedence for the packet (in the 802.1p-precedence-to-local precedence mapping table). Then, the packet is assigned to...
Page 785
1-17 examples # configure the switch to trust the 802.1p priority of 802.1q-tagged packets on ethernet 1/0/1. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] priority trust protocol-priority protocol-type syntax protocol-priority pr...
Page 786
1-18 table 1-7 dscp precedence values in words and in digits dscp precedence (in words) dscp precedence (in digits) af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 38 be (the default) 0 cs1 8 cs2 16 cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 ef 46 description use...
Page 787
1-19 on a switch 5500-ei, you can set priority for protocol packets of telnet, ospf, snmp, and icmp. Examples # set the ip precedence to 3 for snmp protocol packets. System-view system view: return to user view with ctrl+z. [sysname] protocol-priority protocol-type snmp ip-precedence 3 # set the dsc...
Page 788
1-20 cos6-map-local-prec: local precedence to which 802.1p 6 is to be mapped, in the range 0 to 7. Cos7-map-local-prec: local precedence to which 802.1p 7 is to be mapped, in the range 0 to 7. Description use the qos cos-local-precedence-map command to configure the 802.1p priority-to-local preceden...
Page 790
1-22 use the undo queue-scheduler command to restore the default. By default, the wrr algorithm is used for all the output queues of a port. The default weights of queues 0 through 7 are 1, 2, 3, 4, 5, 9, 13, and 15, as shown in table 1-9 . Table 1-9 the default weights for queues queue id weight 0 ...
Page 791
1-23 scheduling configuration only when the configuration of a port is different from the global configuration. Related commands: display queue-scheduler. Examples # configure wrr as the queuing algorithm and set the weights of queues 0 through 7 to 2, 2, 4, 4, 6, 6, 8, and 8 globally in system view...
Page 792
1-24 parameters inbound: specifies to clear the statistics of the inbound packets on the port. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-4 and table 1-5 . Description use the reset traffic-stat...
Page 793
1-25 traffic-limit syntax traffic-limit inbound acl-rule [ union-effect ] [ egress-port interface-type interface-number ] target-rate [ burst-bucket burst-bucket-size ][ exceed action ] undo traffic-limit inbound acl-rule view ethernet port view parameters inbound: imposes traffic limit on the packe...
Page 794
1-26 on ethernet 1/0/1, assume that the filter command is configured to filter packets destined to ip address 2.2.2.2 and the traffic-limit command is configured to limit the rate of packets sourced from ip address 1.1.1.1 within 128 kbps. Whether packets conforming to the rate limit of 128 kbps, so...
Page 795
1-27 the granularity of rate limit is 64 kbps. If the number you input is in the range n*64 to (n+1)*64 (n is a natural number), it will be rounded off to (n+1)*64. Burst-bucket burst-bucket-size: specifies the maximum burst traffic size (in kb) allowed. The burst-bucket-size argument ranges from 4 ...
Page 796
1-28 outbound: performs priority marking on the outbound packets. Acl-rule: acl rules to be applied for traffic classification. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-4 and table 1-5 . Note that the acl rules referenced must ...
Page 797
1-29 z if ip precedence or dscp marking is configured, the traffic will be marked with new ip precedence or dscp precedence. Do not configure 802.1p priority marking and local precedence marking for the same traffic. With 802.1p priority marking, the new 802.1p priority will be mapped to a local pre...
Page 799
1-31 do not configure 802.1p priority marking and local precedence marking for the same traffic. With 802.1p priority marking, the new 802.1p priority will be mapped to a local precedence automatically. If local precedence marking is also configured, there will be two local precedence values for the...
Page 800
1-32 link-aggregation-group agg-id: specifies the aggregation group the traffic is to be redirected to. The agg-id argument is the id of an aggregation group, in the range 1 to 416. Untagged: specifies to remove the outer vlan tag of a packet after the packet is redirected to a port or an aggregatio...
Page 801
1-33 traffic-remark-vlanid syntax traffic-remark-vlanid inbound acl-rule remark-vlan remark-vlanid undo traffic-remark-vlanid inbound acl-rule view ethernet port view parameters inbound: maps the vlan ids carried in the inbound packets to a specified vlan id. Acl-rule: acl rules to be applied for tr...
Page 802
1-34 view ethernet port view parameters inbound: enables traffic accounting for the inbound packets. Acl-rule: acl rules to be applied for traffic classification. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-4 and table 1-5 . Note ...
Page 803
1-35 parameters queue-index: queue number in the range of 0 to 7. Qstart: number of the packets contained in the queue, in the range 1 to 128. Probability: dropping probability in the range of 0 to 92 (in percentage). Description use the wred command to enable the wred function. Use the undo wred co...
Page 804
2-1 2 qos profile configuration commands qos profile configuration commands apply qos-profile syntax in system view apply qos-profile profile-name interface interface-list undo apply qos-profile profile-name interface interface-list in ethernet port view apply qos-profile profile-name undo apply qos...
Page 806
2-3 display qos-profile interface ethernet 1/0/1 user's qos-profile applied mode: user-based default applied qos-profile: test, 3 actions packet-filter inbound ip-group 2000 rule 0 traffic-limit inbound ip-group 3000 rule 0 64 traffic-priority inbound ip-group 4000 rule 0 cos controlled-load # displ...
Page 808
2-5 parameters profile-name: qos profile name, a case-insensitive string of 1 to 32 characters, starting with an english letter in the range a to z and a to z. Note that a qos profile name cannot be all, interface, user, undo, or name. Description use the qos-profile command to create a qos profile ...
Page 809
2-6 z if the 802.1x authentication is mac-based, you need to configure the qos profile application mode to be user-based. Z if the 802.1x authentication is port-based, you need to configure the qos profile application mode to be port-based. Examples # configure the qos profile application mode on et...
Page 810
2-7 on ethernet 1/0/1, assume that the filter command is configured to filter packets destined to ip address 2.2.2.2 and the traffic-limit command is configured to limit the rate of packets sourced from ip address 1.1.1.1 within 128 kbps. Whether packets conforming to the rate limit of 128 kbps, sou...
Page 811
2-8 z drop: drops the packets. Z remark-dscp value: sets a new dscp value for the packets and then forwards the packets. Description use the traffic-limit command to add the traffic policing action to a qos profile. Use the undo traffic-limit command to remove the traffic policing action from a qos ...
Page 812
2-9 local-precedence pre-value: sets the local precedence value, in the range of 0 to 7. Description use the traffic-priority command to add a priority marking action to a qos profile. Use the undo traffic-priority command to remove a priority marking action from a qos profile. Do not configure 802....
Page 813: Table of Contents
I table of contents 1 mirroring commands ···································································································· 1-1 mirroring commands ··································································································· 1-1 display mirroring-group ·······...
Page 815
1-2 type: remote-source status: active mirroring port: ethernet1/0/1 inbound reflector port: ethernet1/0/2 remote-probe vlan: 10 # display the configurations of a remote destination mirroring group on your switch 5500-ei. Display mirroring-group 3 mirroring-group 3: type: remote-destination status: ...
Page 817
1-4 view system view, ethernet port view parameters group-id: number of a port mirroring group, in the range 1 to 20. Mirroring-port mirroring-port-list: specifies a list of source ports. Mirroring-port-list is available in system view only, and there is no such argument in ethernet port view. Mirro...
Page 818
1-5 undo mirroring-group group-id monitor-port monitor-port view system view, ethernet port view parameters group-id: number of a port mirroring group, in the range 1 to 20. Monitor-port monitor-port: specifies the destination port for port mirroring. Monitor-port is available in system view only, a...
Page 819
1-6 parameters group-id: number of a port mirroring group, in the range 1 to 20. Reflector-port reflector-port: specifies the reflector port. Reflector-port is available in system view only, and there is no such argument in ethernet port view. Description use the mirroring-groupreflector-port comman...
Page 820
1-7 description use the mirroring-group remote-probe vlan command to specify the remote-probe vlan for a remote source/destination mirroring group. Use the undo mirroring-group remote-probe vlan command to remove the configuration of remote-probe vlan for a remote source/destination mirroring group....
Page 821
1-8 z a copy of each packet passing through a source port will be sent to the corresponding destination port. Related commands: display mirroring-group. When you configure mirroring source port on an ethernet port of a switch 5500-ei, if mirroring group 1 does not exist, the switch will automaticall...
Page 822
1-9 z it is recommended that you use a destination port for port mirroring purpose only. Do not use a destination port to transmit other service packets. Related commands: display mirroring-group. When you configure mirroring destination port on an ethernet port of a switch 5500-ei, if mirroring gro...
Page 823
1-10 related commands: mirroring-group remote-probe vlan. Examples # configure vlan 5 as the remote-probe vlan. System-view system view: return to user view with ctrl+z. [sysname] vlan 5 [sysname-vlan5] remote-probe vlan enable.
Page 824: Table of Contents
I table of contents 1 web cache redirection configuration commands ······················································ 1-1 web cache redirection configuration commands ······················································· 1-1 display webcache ····················································...
Page 825: Commands
1-1 1 web cache redirection configuration commands web cache redirection configuration commands display webcache syntax display webcache view any view parameters none description use the display webcache command to view web cache redirection configuration and the status of web cache. Examples # disp...
Page 826
1-2 filed description webcache port port that connects to the web cache server webcache vlan vlan that the web cache server belongs to webcache tcp port number of the tcp port used by http packets webcache redirect vlan redirected vlans, referring to the vlans whose http packets are to be redirected...
Page 827
1-3 mac-address: mac address of the web cache server. Vlan-id: id of the vlan where web cache server is to be located. Port interface-type interface-number: specifies the port through which the switch is connected to the web cache server. Interface-type interface-number is the port type and port num...
Page 828
1-4 [sysname] interface ethernet 1/0/4 [sysname-ethernet1/0/4] webcache address 1.1.1.1 mac 0012-0990-2250 vlan 40 webcache redirect-vlan syntax webcache redirect-vlan vlan-id undo webcache redirect-vlan [ vlan-id ] view system view parameters vlan-id: id of the vlan whose http traffic is to be redi...
Page 829: Table of Contents
I table of contents 1 poe configuration commands ················································································································1-1 poe configuration commands ············································································································...
Page 830: Poe Configuration Commands
1-1 1 poe configuration commands poe configuration commands display poe disconnect syntax display poe disconnect view any view parameters none description use the display poe disconnect command to view the current pd disconnection detection mode of the switch. Examples # display the pd disconnection...
Page 831
1-2 examples # display the poe status of ethernet 1/0/10. Display poe interface ethernet1/0/10 port power enabled :enable port power on/off :on port power status :standard pd was detected port power mode :signal port pd class :0 port power priority :low port max power :15400 mw port current power :4...
Page 832
1-3 ethernet1/0/1 on enable signal low standard pd was detected ethernet1/0/2 on enable signal low standard pd was detected ethernet1/0/3 off enable signal low detection is in process ethernet1/0/4 off enable signal low detection is in process ethernet1/0/5 off enable signal low detection is in proc...
Page 833
1-4 description use the display poe interface power command to view the power information of a specific port of the switch. If the interface-type interface-number argument is not specified, the command displays the power information of all ports of the switch. Examples # display the power informatio...
Page 834
1-5 pse software version :290 pse hardware version :000 pse cpld version :078 pse power-management mode :auto table 1-3 display poe powersupply command output description field description pse id identification of the pse pse legacy detection the enabled/disabled status of the nonstandard pd detecti...
Page 836
1-7 if you delete the default configuration file without specifying another one, the poe function on a port will be disabled after you restart the device. You can use the display poe interface command to display whether poe is enabled on a port. Examples # enable the poe feature on ethernet 1/0/3. S...
Page 837
1-8 parameters max-power: maximum power distributed to the port, ranging from 1,000 to 15,400, in mw. Description use the poe max-power command to configure the maximum power that can be supplied by the current port. Use the undo poe max-power command to restore the maximum power supplied by the cur...
Page 839
1-10 description use the poe priority command to configure the poe priority of a port. Use the undo poe priority command to restore the default poe priority. By default, the poe priority of a port is low. When the available power of the pse is too small, the poe priority and the poe management mode ...
Page 840
1-11 you can use the display poe temperature-protection command to display whether poe over-temperature protection is enabled on the switch. Examples # disable poe over-temperature protection on the switch. System-view system view: return to user view with ctrl+z. [sysname] undo poe temperature-prot...
Page 842
2-1 2 poe profile configuration commands poe profile configuration commands apply poe-profile syntax in system view use the following commands: apply poe-profile profile-name interface interface-type interface-number [ to interface-type interface-number ] undo apply poe-profile profile-name interfac...
Page 843
2-2 poe profile is a set of poe configurations. One poe profile can contain multiple poe features. When the apply poe-profile command is used to apply a poe profile to a port, some poe features can be applied successfully while some cannot. Poe profiles are applied to switch 5500-ei according to the...
Page 844
2-3 system-view system view: return to user view with ctrl+z. [sysname] display poe-profile name profile-test poe-profile: profile-test, 3 action poe enable poe max-power 5000 poe priority critical poe-profile syntax poe-profile profile-name undo poe-profile profile-name view system view parameters ...
Page 845: Table of Contents
I table of contents 1 xrn fabric commands·····························································································································1-1 xrn fabric commands ··············································································································...
Page 847
1-2 z if you do not bring up the fabric port, you cannot change the unit id of a switch. Z after the unit id of a device is changed, the unit id-related information of this device in the configuration file of the fabric will be upgraded automatically. If the unit id of a device changes from 2 to 4, ...
Page 848
1-3 z unit ids in an xrn fabric are not always arranged in order of 1 to 8. Z unit ids in an xrn fabric can be inconsecutive. Z after the unit id of a device is changed, the unit id-related information of this device in the configuration file of the fabric will be upgraded automatically. If the unit...
Page 850
1-5 table 1-1 display ftm information command output description field description ftm state ftm state: z disc state: in the topology discovery state. Z listen state: in the topology discovery state, and the ftm slave device is listening. Z hb state: the fabric operates normally. Unit id unit id: z ...
Page 851
1-6 field description left port : index = 255, isedge = 0 right port : index = 25, isedge = 0 indexes of the left and right ports: z isedge: whether the device is at either end of a bus topology xrn fabric in which the number of member devices has reached the upper limit. Z 0: no z 1: yes units num ...
Page 852
1-7 display xrn-fabric syntax display xrn-fabric [ port ] view any view parameters port: displays the fabric port information. Description use the display xrn-fabric command to view the information of the entire fabric, including unit id, unit name, and operation mode of the system. If the fabric in...
Page 853
1-8 view system view parameters none description use the fabric member-auto-update software enable command to enable the xrn automatic fabric function for a switch. Use the undo fabric member-auto-update software enable command to disable the xrn automatic fabric function for a switch. By default, t...
Page 854
1-9 undo fabric save-unit-id view user view parameters none description use the fabric save-unit-id command to save the unit ids of all the units in an xrn fabric into the unit flash and set the unit priority to 5, that is, manual numbering. Use the undo fabric save-unit-id command to remove the sav...
Page 855
1-10 2 000f-e20f-5132 5 left/ 1 m 3 000f-e20f-5252 5 /right 1 m 4 000f-e20f-8922 5 left/ 1 m 5 000f-cbb7-2142 5 /right 1 m 6 000f-cbb7-3264 5 left/ 1 m 7 000f-cbb7-2260 5 /right 1 m 8 000f-cbb7-2734 5 left/ 1 m from the above example, you can see the priority of each unit changes from 10 to 5, and t...
Page 856
1-11 parameters interface-type interface-number: type and port number of a fabric port. Z on a switch 5500-ei 28 port switch, only four gigabitethernet ports can be configured as fabric ports: gigabitethernet 1/0/25, gigabitethernet 1/0/26, gigabitethernet 1/0/27, and gigabitethernet 1/0/28. Z on a ...
Page 857
1-12 ftm fabric-vlan syntax ftm fabric-vlan vlan-id undo ftm fabric-vlan view system view parameters vlan-id: id of the xrn fabric vlan, in the range of 2 to 4094. The vlan you specified must be the one that has not been created manually. Description use the ftm fabric-vlan command to specify the vl...
Page 858
1-13 description use the xrn-fabric authentication-mode command to configure the authentication mode and password for an xrn fabric. Use the undo xrn-fabric authentication-mode command to remove the xrn fabric authentication configuration. By default, no authentication mode is configured on a switch...
Page 859
1-14 reset ftm statistics syntax reset ftm statistics view user view parameters none description use the reset ftm statistics command to clear ftm statistics. You can use this command together with the display ftm command to view the packet statistics processed by ftm in a period of time, thus analy...
Page 860
1-15 system view: return to user view with ctrl+z. [sysname] set unit 1 name hello [sysname] display xrn-fabric fabric name is sysname, system mode is l3. Unit name unit id hello 1 second 2(*) sysname syntax sysname sysname undo sysname view system view parameters sysname: name of the specified fabr...
Page 861: Table of Contents
I table of contents 1 cluster configuration commands ···········································································································1-1 ndp configuration commands··············································································································...
Page 862
Ii tracemac ········································································································································1-37 enhanced cluster feature configuration commands ··········································································1-39 black-list··········...
Page 863
1-1 1 cluster configuration commands ndp configuration commands display ndp syntax display ndp [ interface interface-list ] view any view parameters interface interface-list: specifies a port list. You need to provide the interface-list argument in the form of { interface-type interface-number [ to ...
Page 864
1-2 status: enabled, pkts snd: 0, pkts rvd: 0, pkts err: 0 interface: ethernet1/0/3 status: enabled, pkts snd: 0, pkts rvd: 0, pkts err: 0 ……(omitted) # display ndp information about ethernet 1/0/1. Display ndp interface ethernet 1/0/1 interface: ethernet1/0/1 status: enabled, pkts snd: 15835, pkts ...
Page 865
1-3 ndp enable syntax ndp enable [ interface interface-list ] undo ndp enable [ interface interface-list ] view system view, ethernet port view parameters interface-list: ethernet port list, in the format of { interface-type interface-number [ to interface-type interface-number ] } &, where to is us...
Page 866
1-4 description use the ndp timer aging command to set the holdtime of the ndp information. This command specifies how long an adjacent device should hold the ndp neighbor information received from the local switch before discarding the information. Use the undo timer aging command to restore the de...
Page 867
1-5 examples # set the interval between sending ndp packets to 80 seconds. System-view system view: return to user view with ctrl+z. [sysname] ndp timer hello 80 reset ndp statistics syntax reset ndp statistics [ interface interface-list ] view user view parameters interface-list: ethernet port list...
Page 868
1-6 ntdp configuration commands display ntdp syntax display ntdp view any view parameters none description use the display ntdp command to display the global ntdp information. The displayed information includes topology collection range (hop count), topology collection interval (ntdp timer), device/...
Page 869
1-7 display ntdp device-list syntax display ntdp device-list [ verbose ] view any view parameters verbose: displays the detailed information of devices in a cluster. Description use the display ntdp device-list command to display the cluster device information collected by ntdp. Examples # display t...
Page 870
1-8 000f-e20f-3190 ethernet1/0/22 ethernet3/0/21 100 full ----------------------------------------------------------------------------- hostname : 5500-ei mac : 000f-e20f-3190 hop : 1 platform : 5500-ei ip : 16.1.1.1/24 version: switch 5500-ei software version 3com os v3.03.02s56e copyright (c) 2004...
Page 871
1-9 view system view, ethernet port view parameters none description use the ntdp enable command to enable ntdp globally or on a port. Use the undo ntdp enable command to disable ntdp globally or on a port. By default, ntdp is enabled both globally and on ports. Note that ntdp can take effect on a p...
Page 872
1-10 ntdp hop syntax ntdp hop hop-value undo ntdp hop view system view parameters hop-value: maximum hops to collect topology information, namely, the topology collection range, in the range of 1 to 16. Description use the ntdp hop command to set the topology collection range. Use the undo ntdp hop ...
Page 873
1-11 parameters interval-in-minutes: interval (in minutes) to collect topology information, ranging from 0 to 65,535. A value of 0 disables topology information collection. Description use the ntdp timer command to configure the interval to collect topology information periodically. Use the undo ntd...
Page 874
1-12 network congestion may occur if large amount of topology response packets reach the collecting device in a short period. To avoid this case, each collected switch in the network delays for a period before it forwards a received topology collection request through each ntdp-enabled port. You can...
Page 875
1-13 cluster configuration commands add-member syntax add-member [ member-number ] mac-address h-h-h [ password password ] view cluster view parameters member-number: member number assigned to the candidate device to be added to the cluster. This argument ranges from 1 to 255. H-h-h: mac address of ...
Page 876
1-14 view cluster view parameters mac-address: mac address of the management device to be specified. Name: name of an existing cluster, a string of up to 8 characters. Note that the name of a cluster can only contain alphanumeric characters, minus signs (-), and underscores (_). Description use the ...
Page 877
1-15 when you execute this command on a candidate device, you are prompted to enter a cluster name to build a cluster. The candidate device will automatically become the management device of the cluster. Then, the management device will collect candidate devices and add them to the cluster automatic...
Page 878
1-16 switcha 2 0016-e0be-e200 switch 5500-ei 28-port 3com 3 000f-e200-1774 switch 4500 50-port 3com 2 000f-e200-5600 switch 5500-ei 52-port 3com 3 000f-e200-5104 switch 5500-ei 28-port 3com 2 000f-e200-2420 switch 5500-ei 28-port processing...Please wait %apr 3 08:12:37:813 2000 aaa_0.Sysname clst/5...
Page 879
1-17 description use the build command to build a cluster with a cluster name or change the cluster name. Use the undo build command to remove the cluster. You can use this command on a candidate device as well as on a management device. Executing the build command on a candidate device will change ...
Page 880
1-18 system-view system view: return to user view with ctrl+z [sysname] cluster [sysname-cluster] build aaa there is no base topology, if set up from local flash file?(y/n) n #apr 3 08:15:03:166 2000 aaa_0. 3com clst/5/cluster_trap:- 1 - oid:1.3.6.1.4.1.2011.6.7.1.0.3(hgmpmemberstatuschange):member ...
Page 881
1-19 use the undo cluster enable command to disable the cluster function. By default, the cluster function is enabled. Note that: z to create a cluster on a management device through the build command or the auto-build command, you must first enable the cluster function by executing the cluster enab...
Page 882
1-20 on the management device (this is not true when you add the candidate device to the cluster using the administrator-address command). It is recommended not to change the super password of any cluster member or the management device, so as to avoid switching failure resulting from authentication...
Page 883
1-21 since some devices cannot forward the multicast packets with the destination mac address of 0180-c200-000a, hgmpv2 packets cannot traverse these devices. For a cluster to work normally in this case, you can modify the multicast destination mac address of hgmpv2 protocol packets without changing...
Page 884
1-22 delete-member syntax delete-member member-id [ to-black-list ] view cluster view parameters member-id: member number of a member device, ranging from 1 to 255. To-black-list: adds the device removed from a cluster to the blacklist to prevent it from being added to the cluster. Description use t...
Page 885
1-23 view any view parameters none description use the display cluster command to display the status and statistics information of the cluster to which the current switch belongs. Executing this command on a member device will display the following information: cluster name, member number of the cur...
Page 886
1-24 handshake timer:10 sec handshake hold-time:60 sec administrator device mac address:000f-e20f-3901 administrator status:up table 1-5 description on the fields of the display cluster command field description cluster name name of the cluster, which can be configured through the build command role...
Page 887
1-25 candidate switches to be automatically added into the cluster, you can set the topology collection interval to zero (by using the ntdp timer command), which specifies not to perform topology collection periodically. Examples # display information about all candidate devices. Display cluster can...
Page 888
1-26 table 1-7 description on the fields of display cluster candidates verbose field description hostname name of the candidate device mac mac address of the candidate device hop hops from the management device to the candidate device ip ip address of the candidate device platform platform of the ca...
Page 889
1-27 # display detailed information about all devices in a cluster. Display cluster members verbose member number:0 name:aaa_0.Sysname device:5500-ei mac address:000f-e20f-3901 member status:admin hops to administrator device:0 ip: 100.100.1.1/24 version: 3com corporation switch 5500-ei software ver...
Page 890
1-28 field description hops to administrator device hops from the device to the management device ip device ip address version software version of the device ftp cluster syntax ftp cluster view user view parameters none description use the ftp cluster command to connect to the shared ftp server of t...
Page 891
1-29 ftp-server syntax ftp-server ip-address undo ftp-server view cluster view parameters ip-address: ip address of the ftp server to be configured for the cluster. Description use the ftp-server command to configure a shared ftp server for the cluster on the management device. Use the undo ftp-serv...
Page 892
1-30 parameters seconds: neighbor information holdtime in seconds, ranging from 1 to 255. Description use the holdtime command to configure the neighbor information holdtime of the member switches. Use the undo holdtime command to restore the default holdtime value. By default, the neighbor informat...
Page 893
1-31 description use the ip-pool command to configure a private ip address pool on the management device. Use the undo ip-pool command to cancel the ip address pool configuration. Before creating a cluster, you must first configure a private ip address pool. When a candidate device joins a cluster, ...
Page 894
1-32 [aaa_0.Sysname-cluster] logging-host 10.10.10.9 management-vlan syntax management-vlan vlan-id undo management-vlan view system view parameters vlan-id: id of the vlan to be specified as the management vlan. Description use the management-vlan command to specify the management vlan on the switc...
Page 895
1-33 description use the nm-interface vlan-interface command to configure a network management (nm) interface on a management device. After an nm interface is specified on the management device of a cluster, the network administrator can log onto the management device through the nm interface to man...
Page 896
1-34 examples # reboot number-2 member device. System-view system view: return to user view with ctrl+z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] reboot member 2 snmp-host syntax snmp-host ip-address undo snmp-host view cluster view parameters ip-address: ip address of a snmp network manageme...
Page 897
1-35 parameters cluster: downloads files through the shared tftp server of the cluster. Tftp-server: ip address or host name of the tftp server. Source-file: name of the file to be downloaded from the shared tftp server of the cluster. Destination-file: name of the file to which the downloaded file ...
Page 898
1-36 description use the tftp put command to upload a file from the switch to a specified directory on the tftp server. You can use the tftp-server command on the management device to configure the shared tftp server of the cluster, which is used for software version update and configuration file ba...
Page 899
1-37 examples # configure shared tftp server 1.0.0.9 on the management device for the cluster. System-view system view: return to user view with ctrl+z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] tftp-server 1.0.0.9 timer syntax timer interval undo timer view cluster view parameters interval: i...
Page 900
1-38 view any view parameters by-mac: specifies to trace a device through the specified destination mac address. Mac-address: mac address of the device to be traced. Vlan vlan-id: specifies to trace a device in the specified vlan. Vlan-id ranges from 1 to 4094. By-ip: specifies to trace a device thr...
Page 902
1-40 display cluster base-members syntax display cluster base-members view any view parameters none description use the display cluster base-members command to display the information about all the devices in the base cluster topology, such as member number, name, mac address, and the current status...
Page 903
1-41 member member-id: displays the structure of the standard topology three layers above or below the node specified by the member id. Description use the display cluster base-topology command to display the standard topology of the cluster. The standard topology of a cluster refers to the topology...
Page 904
1-42 description use the display cluster black-list command to display the information of devices in the current cluster blacklist. Related commands: black-list. Examples # display the contents of the current cluster blacklist. Display cluster black-list device id access device id access port 000f-e...
Page 905
1-43 if to-mac-address or to-member-id is not specified, the system displays the topology structure three layers below the node specified by the mac address or member id. If to-mac-address or to-member-id is specified, the system displays the topology structure of the route between the two specified...
Page 906
1-44 view any view parameters mac-address: mac address of the device whose detailed information is to be displayed. Description use the display ntdp single-device mac-address command to display the detailed information, which is collected through ntdp protocol packets, about a single device. The inf...
Page 907
1-45 field description peer port id name of the port on the peer device connecting to the local device native port id name of the port on the local device connecting to the peer device speed rate of the local port connecting to the peer device duplex duplex mode of the local port connecting to the p...
Page 908
1-46 examples # save the current cluster topology as the base topology and save it in the local flash. System-view enter system view, return to user view with ctrl+z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] topology accept all save-to local-flash # accept the device with the mac address 0010...
Page 909
1-47 topology save-to syntax topology save-to local-flash view cluster view parameters none description use the topology save-to command to save the standard topology of the cluster to the local flash memory. The file name used to save the standard topology is topology.Top. Do not modify the file na...
Page 910: Table of Contents
I table of contents 1 snmp configuration commands ·············································································································1-1 snmp configuration commands············································································································1-...
Page 912
1-2 parameters read: displays the information about the snmp communities with read-only permission. Write: displays the information about the snmp communities with read-write permission. Description use the display snmp-agent community command to display the information about the snmpv1/snmpv2c comm...
Page 913
1-3 field description storage-type storage type, which can be: z volatile: information will be lost if the system is rebooted z nonvolatile: information will not be lost if the system is rebooted z permanent: modification is permitted, but deletion is forbidden z readonly: read only, that is, no mod...
Page 914
1-4 table 1-2 display snmp-agent group command output description field description group name snmp group name of the user security model snmp group security mode, which can be authpriv (authentication with privacy), authnopriv (authentication without privacy), and noauthnopriv (no authentication no...
Page 915
1-5 view name:viewdefault mib subtree:iso subtree mask: storage-type: nonvolatile view type:included view status:active view name:viewdefault mib subtree:snmpusmmib subtree mask: storage-type: nonvolatile view type:excluded view status:active view name:viewdefault mib subtree:snmpvacmmib subtree mas...
Page 916
1-6 examples # display the statistics on snmp packets. Display snmp-agent statistics 1276 messages delivered to the snmp entity 0 messages which were for an unsupported version 0 messages which used a snmp community name not known 0 messages which represented an illegal operation for the community s...
Page 917
1-7 field description snmp pdus which had generr error-status the total number of snmp pdus which were delivered to the snmp protocol entity and for which the value of the error-status field is `generr'. Snmp pdus which had nosuchname error-status the total number of snmp pdus which were delivered t...
Page 918
1-8 field description forwarded confirmed class pdus dropped silently the total number of confirmed class pdus (such as getrequest-pdus, getnextrequest-pdus, getbulkrequest-pdus, setrequest-pdus, and informrequest-pdus) delivered to the snmp entity which were silently dropped because the transmissio...
Page 919
1-9 snmpv3 display snmp-agent trap-list syntax display snmp-agent trap-list view any view parameters none description use the display snmp-agent trap-list command to display the modules that can generate traps and whether the sending of traps is enabled on the modules. If a module contains multiple ...
Page 920
1-10 parameters engineid: engine id, a string of 10 to 64 hexadecimal digits. User-name: snmpv3 username, a string of 1 to 32 characters. Group-name: name of an snmp group, a string of 1 to 32 characters. Description use the display snmp-agent usm-user command to display the information about a spec...
Page 921
1-11 enable snmp trap updown syntax enable snmp trap updown undo enable snmp trap updown view ethernet port view, interface view parameters none description use the enable snmp trap updown command to enable the sending of port/interface linkup/linkdown traps. Use the undo enable snmp trap updown com...
Page 922
1-12 description use the snmp-agent command to enable the snmp agent. Use the undo snmp-agent command to disable the snmp agent. Execution of the snmp-agent command or any of the commands used to configure the snmp agent, you can start the snmp agent. By default, the snmp agent is disabled. Examples...
Page 923
1-13 description use the snmp-agent calculate-password command to encrypt a plain-text password to generate a cipher-text one by using the specified encryption algorithm. When creating an snmpv3 user, if you specify an authentication or privacy password as in cipher text, you need to use this comman...
Page 924
1-14 description use the snmp-agent community command to create an snmp community. Snmpv1 and snmpv2c use community name to restrict access rights. You can use this command to configure a community name and configure read or write access right and acl. Use the undo snmp-agent community command to re...
Page 925
1-15 write-view: read-write view name, a string of 1 to 32 characters. By default, no write view is configured, namely, the nms cannot perform the write operation on the mib objects of the device. Notify-view: notification view name in which traps can be sent, a string of 1 to 32 characters. By defa...
Page 926
1-16 group name: v3group security model: v3 authpriv readview: viewdefault writeview: notifyview : storage-type: nonvolatile acl:2001 snmp-agent local-engineid syntax snmp-agent local-engineid engineid undo snmp-agent local-engineid view system view parameters engineid: engine id, an even number of ...
Page 927
1-17 parameters set-operation: logs the set operations. Get-operation: logs the get operations. All: logs both the set operations and get operations. Description use the snmp-agent log command to enable network management operation logging. Use the undo snmp-agent log command to disable network mana...
Page 928
1-18 view-name: view name. Oid-tree: oid mib subtree of a mib subtree. It can be the id of a node in oid mib subtree (such as 1.4.5.3.1) or an oid (such as “system”). Mask mask-value: mask of a mib subtree, an even number of hexadecimal characters, in the range 2 to 32. An odd number of characters a...
Page 929
1-19 system-view system view: return to user view with ctrl+z. [sysname]snmp-agent community read rip2read mib-view rip2 [sysname]snmp-agent community write rip2write mib-view rip2 # create an snmp mib view with the name of view-a, mib subtree of 1.3.6.1.5.4.3.4 and subtree mask of fe. Mib nodes wit...
Page 930
1-20 view system view parameters sys-contact: contact information for system maintenance, a string of up to 200 characters. Sys-location: geographical location of the device, a string of up to 200 characters. Version: specifies the snmp version to be employed. V1: specifies snmpv1. V2c: specifies sn...
Page 933
1-23 system view: return to user view with ctrl+z. [sysname] snmp-agent trap enable standard authentication [sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public snmp-agent trap ifmib syntax snmp-agent trap ifmib link extended undo snmp-agent trap ifmib link ex...
Page 934
1-24 snmp-agent trap life syntax snmp-agent trap life seconds undo snmp-agent trap life view system view parameters seconds: snmp trap aging time (in seconds) to be set, ranging from 1 to 2,592,000. Description use the snmp-agent trap life command to set the snmp trap aging time. Snmp traps exceedin...
Page 935
1-25 after a trap is generated, it will enter the trap queue to be sent. The length of a trap queue decides the maximum number of traps in the queue. When a trap queue reaches the configured length, the newly generated traps will enter the queue, and the traps generated the earliest will be discarde...
Page 937
1-27 [sysname] snmp-agent usm-user v2c userv2c readcom specify the snmp version of the nms as snmpv2c, fill the write community name field with userv2c. Then the nms can access the agent. # create an snmpv2c user userv2c in group readcom, permitting only the nms with an ip address 1.1.1.1 to access ...
Page 938
1-28 priv-password: encryption password, a string of 1 to 64 characters in plain text, a 32-bit hexadecimal number in cipher text if md5 algorithm is used, and a 40-bit hexadecimal number in cipher text if sha algorithm is used. Acl-number: binds a user with an acl, where acl-number represents acl n...
Page 939
1-29 # add a user named testuser to the snmpv3 group named testgroup. Set the security mode to authentication with privacy, the authentication algorithm to md5, the privacy algorithm to des56, the plain text authentication password to authkey, the plain text privacy password to prikey. System-view [...
Page 940: Rmon Configuration Commands
2-1 2 rmon configuration commands rmon configuration commands display rmon alarm syntax display rmon alarm [ entry-number ] view any view parameters entry-number: alarm entry index, in the range 1 to 65535. Description use the display rmon alarm command to display the configuration of a specified al...
Page 941
2-2 field description sampling interval sampling interval, in seconds. The system performs absolute or delta sampling on the sampled node at this interval. Rising threshold rising threshold. When the sampled value equals or exceeds the rising threshold, an alarm is triggered. Falling threshold falli...
Page 942
2-3 event table 1 owned by user1 is valid. Description: null. Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s. Table 2-2 display rmon event command output description field description event table index of an entry in the rmon event table valid the status of the entry identif...
Page 943
2-4 less than(or =) 100 with alarm value 0. Alarm sample type is absolute. Table 2-3 display rmon eventlog command output description field description event table index of an entry in the rmon event table valid the status of the entry identified by the index is valid. Generates eventlog 1.1 at 0day...
Page 944
2-5 history control entry 1 owned by user1 is valid samples interface : ethernet1/0/1 sampling interval : 5(sec) with 10 buckets max latest sampled values : dropevents : 0 , octets : 10035 packets : 64 , broadcast packets : 35 multicast packets : 8 , crc alignment errors : 0 undersize packets : 0 , ...
Page 945
2-6 view any view parameters prialarm-entry-number: extended alarm entry index, in the range 1 to 65,535. Description use the display rmon prialarm command to display the configuration of an rmon extended alarm entry. If you do not specify the prialarm-entry-number argument, the configuration of all...
Page 946
2-7 field description linked with event event index corresponding to an alarm when startup enables: risingorfallingalarm the condition under which an alarm is triggered, which can be: z risingorfallingalarm: an alarm is triggered when the rising or falling threshold is reached. Z risingalarm: an ala...
Page 947
2-8 interface : ethernet1/0/1 etherstatsoctets : 30561 , etherstatspkts : 217 etherstatsbroadcastpkts : 102 , etherstatsmulticastpkts : 25 etherstatsundersizepkts : 0 , etherstatsoversizepkts : 0 etherstatsfragments : 0 , etherstatsjabbers : 0 etherstatscrcalignerrors : 0 , etherstatscollisions : 0 ...
Page 948
2-9 parameters entry-number: index of the alarm entry to be added/removed, in the range 1 to 65535. Alarm-variable: alarm variable, a string comprising 1 to 256 characters in dotted node oid format (such as 1.3.6.1.2.1.2.1.10.1). Only the variables that can be resolved to asn.1 integer data type (th...
Page 949
2-10 comparison operation the sample value is smaller than the set lower threshold (threshold-value2) triggering the event identified by the event-entry2 argument z before adding an alarm entry, you need to use the rmon event command to define the events to be referenced by the alarm entry. Z make s...
Page 950
2-11 description string: specifies the event description, a string of 1 to 127 characters. Log: logs events. Trap: sends traps to the nms. Trap-community: community name of the nms that receives the traps, a string of 1 to 127 characters. Log-trap: logs the event and sends traps to the nms. Log-trap...
Page 951
2-12 description use the rmon history command to add an entry to the history control table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”. Use the undo rmon history command to remove an entry from the history control table. You can u...
Page 952
2-13 threshold-value2: lower threshold, in the range 0 to 2147483647. Event-entry2: index of the event entry that corresponds to the falling threshold, in the range 0 to 65535. Forever: specifies the corresponding rmon alarm instance is valid permanently. Cycle: specifies the corresponding rmon alar...
Page 953
2-14 z falling threshold: 5 z event 1 is triggered when the change ratio is larger than the rising threshold. Z event 2 is triggered when the change ratio is less than the falling threshold. Z the alarm entry is valid forever. Z entry owner: user1 system-view system view: return to user view with ct...
Page 954
2-15 for each port, only one rmon statistics entry can be created. That is, if an rmon statistics entry was already created for a given port, you will fail to create a statistics entry with a different index for the port. You can use the display rmon statistics command to display the information abo...
Page 955: Table of Contents
I table of contents 1 udp helper configuration commands····································································································1-1 udp helper configuration commands ···································································································1-1 disp...
Page 956
1-1 1 udp helper configuration commands udp helper configuration commands display udp-helper server syntax display udp-helper server [ interface vlan-interface vlan-id ] view any view parameters vlan-id: vlan interface number. Description use the display udp-helper server command to display the udp ...
Page 957
1-2 view user view parameters none description use the reset udp-helper packet command to clear udp helper statistics. Examples # clear udp helper statistics. Reset udp-helper packet udp-helper enable syntax udp-helper enable undo udp-helper enable view system view parameters none description use th...
Page 959
1-4 [sysname] undo udp-helper port 53 udp-helper server syntax udp-helper server ip-address undo udp-helper server [ ip-address ] view vlan interface view parameters ip-address: ip address of the destination server, in dotted decimal notation. Description use the udp-helper server command to specify...
Page 960
1-5 description use the udp-helper ttl-keep enable command to enable the udp helper ttl-keep function. With this function enabled, the udp helper can forward broadcasts with the ttl field being 1 without decrementing the ttl value by one. Use the undo udp-helper ttl-keep enable command to restore th...
Page 961: Table of Contents
I table of contents 1 ntp configuration commands ················································································································1-1 ntp configuration commands ············································································································...
Page 962: Ntp Configuration Commands
1-1 1 ntp configuration commands to protect unused sockets against attacks by malicious users and improve security, 3com s5500-ei series ethernet switches provide the following functions: z udp port 123 is opened only when the ntp feature is enabled. Z udp port 123 is closed as the ntp feature is di...
Page 963
1-2 examples # view the brief information of all sessions maintained by ntp services. Display ntp-service sessions source reference stra reach poll now offset delay disper ************************************************************************* [12345]3.0.1.32 locl 1 95 64 42 -14.3 12.9 2.7 [25]3.0...
Page 964
1-3 field description total associations total number of associations an s5500-ei series switch does not establish a session with its client when it works in the ntp server mode, but does so when it works in other ntp implementation modes. Display ntp-service status syntax display ntp-service status...
Page 965
1-4 field description reference clock id address of the remote server or id of the reference clock after the local clock is synchronized to a remote ntp server or a reference clock nominal frequency nominal frequency of the local hardware clock, in hz. Actual frequency actual frequency of the local ...
Page 966
1-5 table 1-3 display ntp-service trace command output description field description server ip address of the ntp server stratum the stratum level of the corresponding system clock offset the clock offset relative to the upper-level clock, in milliseconds. Synch distance the synchronization distance...
Page 967
1-6 ntp service access-control rights from the highest to the lowest are peer, server, synchronization, and query. When a local ntp server receives an ntp request, it will perform an access-control right match and will use the first matched right. The ntp-service access command only provides a minim...
Page 968
1-7 ntp-service authentication-keyid syntax ntp-service authentication-keyid key-id authentication-mode md5 value undo ntp-service authentication-keyid key-id view system view parameters key-id: authentication key id, in the range of 1 to 4294967295. You can configure up to 1024 keys. Value: authent...
Page 969
1-8 use the undo ntp-service broadcast-client command to remove the configuration. By default, no ntp operate mode is configured. Examples # configure the switch to operate in the broadcast client mode and receive ntp broadcast packets through vlan-interface 1. System-view system view: return to use...
Page 970
1-9 view vlan interface view parameters none description use the ntp-service in-interface disable command to disable the interface from receiving ntp packets. Use the undo ntp-service in-interface disable command to restore the default. By default, the interface can receive ntp packets. Examples # d...
Page 971
1-10 ntp-service multicast-client syntax ntp-service multicast-client [ ip-address ] undo ntp-service multicast-client [ ip-address ] view vlan interface view parameters ip-address: multicast ip address, in the range of 224.0.1.0 to 224.0.1.255. The default ip address is 224.0.1.1. Description use t...
Page 972
1-11 description use the ntp-service multicast-server command to configure an ethernet switch to operate in the ntp multicast server mode and send ntp multicast packets through the current interface. Use the undo ntp-service multicast-server command to remove the configuration. By default, no ntp op...
Page 973
1-12 [sysname] ntp-service reliable authentication-keyid 37 ntp-service source-interface syntax ntp-service source-interface vlan-interface vlan-id undo ntp-service source-interface view system view parameters vlan-interface vlan-id: specifies an interface. The ip address of the interface serves as ...
Page 974
1-13 priority: specifies the peer identified by the remote-ip argument as the preferred peer for synchronization. Source-interfacevlan-interface vlan-id: specifies an interface whose ip address serves as the source ip address of ntp packet sent to the peer. Vlan-id is the vlan interface number. Vers...
Page 975
1-14 authentication-keyid key-id: specifies the key id used for sending packets to the ntp server. The key-id argument ranges from 1 to 4294967295. Priority: specifies the server identified by the remote-ip or the server-name argument as the preferred server. Source-interface vlan-interface vlan-id:...
Page 976: Table of Contents
I table of contents 1 ssh commands·········································································································································1-1 ssh commands ················································································································...
Page 978
1-2 30819f300d06092a864886f70d010101050003818d0030818902818100c7c4d2e1c59a75908417c660ad1d5e b172ab6ee9aaf994db7a1c31eb87f750ee12a57832c6070fc008a5ee2b6675fd6a430575d97350e300a20feb 773d93d7c3565467b0ca6b95c07d3338c523743b49d82c5ec2c9458d248955846f9c32f4d25cc92d0e831e56 4bba6fae794eec6fcdedb822909cc...
Page 979
1-3 description use the display public-key peer command to display information about locally saved public keys of the ssh peers. If no key name is specified, the command displays detailed information about the locally saved public keys of all ssh peers. The display public-key peer command on the ssh...
Page 980
1-4 display rsa local-key-pair public syntax display rsa local-key-pair public view any view parameters none description use the display rsa local-key-pair public command to display the public keys of the current switch’s rsa key pairs. If no key pair has been generated, the system displays a messag...
Page 981
1-5 d0fc303f 51072d6c b5d0054d 3673eba0 a4748984 5ebf6ebe cf6a13b1 c7858241 a2a9aa79 0203 010001 after you complete the rsa key pair generation task: z if the switch is working in ssh1-compatible mode, there should be two public keys generated (that is, the host public key and the server public key)...
Page 982
1-6 examples # display brief information about all peer public keys. Display rsa peer-public-key brief type module name --------------------------- dsa 1023 2 dsa 1024 a # display the information about public key “abcd”. Display rsa peer-public-key name abcd ===================================== key...
Page 983
1-7 ssh authentication retries : 3 times sftp server: disable sftp idle timeout : 10 minutes z if you use the ssh server compatible-ssh1x enable command to configure the server to be compatible with ssh1.X clients, the ssh version will be displayed as 1.99. Z if you use the undo ssh server compatibl...
Page 984
1-8 if an ssh client needs to authenticate the ssh server, it uses the locally saved public key of the server for authentication. In case the authentication fails, you can use the display ssh server-info command to view whether the locally saved public key of the server is correct. Related commands:...
Page 985
1-9 [sysname] ssh user client authentication-type publickey # configure sftp as the service type for the ssh user. [sysname] ssh user client service-type sftp # assign the public key test for the ssh user. [sysname] ssh user client assign publickey test # display information about the ssh user confi...
Page 986
1-10 description use the display ssh-server source-ip command to display the current source ip address or the ip address of the source interface specified for the ssh server. If neither source ip address nor source interface is specified, the command displays 0.0.0.0. Related commands: ssh-server so...
Page 987
1-11 ssh: supports only ssh. Description use the protocol inbound command to configure specific user interface(s) to support specified protocol(s). The configuration will take effect at next user login. By default, both ssh and telnet are supported. As ssh clients access the ssh server through vty u...
Page 988
1-12 description use the public-key local create command to create a local dsa key pair or rsa key pairs. Note that: z generating the rsa and dsa key pairs on the server is prerequisite to ssh login. Z after entering this command, you will be prompted to provide the length of the key modulus. The le...
Page 989
1-13 307c300d06092a864886f70d0101010500036b003068026100a3b63f5b0e5470d9fe2005450342011fede2a9 24c71eb19e28d257e43ef7e531d7c37fbb157712a2f2af0f5baf3e60595496c5b3eaff25bfb56f1e1cc7a700 4d0ff048654bfeadb21c5af3e24fb0516393bfeef65a83b7416f170886904c8be30203010001 # create a dsa key pair. System-view sys...
Page 990
1-14 rsa: specifies the rsa key pair. Description use the public-key local destroy command to destroy the key pairs generated for the current switch. If the key pair does not exist, the system displays a message, telling you no such key pair exists. Related commands: public-key local create. Example...
Page 991
1-15 z ssh1, ssh2, and openssh are three public key formats. You can choose one as required. For example, if you want to export the rsa host public key to a file in the ssh1 format, use the public-key local export rsa ssh1 filename command. Z the host public key displayed on the screen is in a forma...
Page 992
1-16 openssh: uses the format of openssh. Ssh2: uses the format of ssh2. Filename: name of the file for saving the public key, a string of 1 to 142 characters. For file naming rules, refer to file system management command. Description use the public-key local export dsa command to export the curren...
Page 993
1-17 res2iva4ebhh2jmaaaaux3mhjhn+yo6zo08t7td0jtrokv8aaacagiaqcefoxhs68pmuadox8yuxrzwugezn/orp bstv75mtpos0cjpfkydnndakkrovnszjliw8t6uililfs3thbdabms5xscahcjgscxthi5hhbb+y6imxwb2bcdqe y4piema8ybmugqvhwhyhxz1tqsao9lfyxaf0jrlxjmmwnu8aaaca04cd4ccxnjcmwzpazzhj65gjyxexys72xkwt 0s0aus51ttrcqohv/g8lucdq4pkp...
Page 994
1-18 public-key peer import sshkey syntax public-key peer keyname import sshkey filename undo public-key peer keyname view system view parameters keyname: name of the public key , a string of 1 to 64 characters. Filename: name of a public key file, a string of 1 to 142 characters. For file naming ru...
Page 995
1-19 input the bits in the modulus[default = 1024]: generating keys... ...............................................++++++ ......++++++ .................++++++++ .....++++++++ ....... [sysname] public-key local export rsa ssh2 pub # send the public key file of the ssh client to the ssh using ftp o...
Page 996
1-20 [sysname-rsa-key-code] 0861b74a0e135523ccd74cac61f8e58c452b2f3f2da0dc [sysname-rsa-key-code] c48e3306367fe187bdd944018b3b69f3cbb0a573202c16 [sysname-rsa-key-code] bb2fc1acf3ec8f828d55a36f1cddc4bb45504f020125 [sysname-rsa-key-code] public-key-code end [sysname-rsa-public-key] public-key-code end...
Page 997
1-21 rsa local-key-pair create syntax rsa local-key-pair create view system view parameters none description use the rsa local-key-pair create command to generate an rsa key pair for the current switch. Note that: z after entering this command, you will be prompted to provide the length of the key m...
Page 998
1-22 key type: rsa encryption key ===================================================== key code: 308188 028180 f0c0eda9 fa2e2fac 4b16ca34 677f1861 a13e89be 6aaac326 4e17268d efaded1a fca39047 52f18422 b8c875df 3626150d 4057ee12 371d5e62 57d34a16 5045a403 fa805f72 b2780c9a 041ed99e 2841f600 ab30db10...
Page 999
1-23 examples # destroy the current switch’s rsa key pairs. System-view system view: return to user view with ctrl+z. [sysname] rsa local-key-pair destroy % the local-key-pair will be destroyed. % confirm to destroy these keys? [y/n]:y .............Done! Rsa peer-public-key syntax rsa peer-public-ke...
Page 1000
1-24 rsa peer-public-key import sshkey syntax rsa peer-public-key keyname import sshkey filename undo rsa peer-public-key keyname view system view parameters keyname: name of the public key to be configured, a string of 1 to 64 characters. Filename: name of a public key file, a string of 1 to 142 ch...
Page 1002
1-26 examples # specify the publickey authentication as the default authentication mode. System-view system view: return to user view with ctrl+z. [sysname]ssh authentication-type default publickey # create an ssh user [sysname] ssh user user1 # display information about configured ssh users. [sysna...
Page 1003
1-27 if a client does not support first-time authentication, it will refuse to access any unauthenticated server. In this case, you need to configure the public key of the server on the client and associate the public key and the server so that the client can authenticate the server during login. If...
Page 1004
1-28 in subsequent authentications. In this mode, the client cannot ensure the correctness of the ssh server's host public key. Z with first-time authentication disabled, you must configure the server’s host public key and specify the public key name for authentication on the client in advance. For ...
Page 1005
1-29 ssh server compatible-ssh1x enable syntax ssh server compatible-ssh1x enable undo ssh server compatible-ssh1x view system view parameters none description use the ssh server compatible-ssh1x enable command to make the server compatible with ssh1.X clients. Use the undo ssh server compatible-ssh...
Page 1006
1-30 this command only takes effect on users whose client version is ssh1.X. Related commands: display ssh server. Examples # configure to update the server's keys every 3 hours. System-view system view: return to user view with ctrl+z. [sysname]ssh server rekey-interval 3 ssh server timeout syntax ...
Page 1010
1-34 after the configuration, the subsequent authentications are implemented automatically without asking you to enter the password. Z password-publickey authentication takes the advantages of both the password authentication and publickey authentication. An ssh user must pass both types of authenti...
Page 1011
1-35 description use the ssh user service-type command to configure service type for a user so that the user can access specified service(s). Use the undo ssh user service-type command to remove the service type specified for an ssh user. The default service type for an ssh user is stelnet. Related ...
Page 1012
1-36 z 3des: 3des_cbc encryption algorithm. Support for this keyword depends on the number of encryption bits of the software version. The 168-bit version supports this keyword, while the 56-bit version does not. Z des: des_cbc encryption algorithm. Z aes128: aes_128 encryption algorithm. Prefer_cto...
Page 1013
1-37 view system view parameters interface-type: source interface type. Interface-number: source interface number. Description use the ssh2 source-interface command to specify a source interface for the ssh client. If the specified interface does not exist, the command fails. Use the undo ssh2 sourc...
Page 1014
1-38 ssh-server source-interface syntax ssh-server source-interface interface-type interface-number undo ssh-server source-interface view system view parameters interface-type: source interface type. Interface-number: source interface number. Description use the ssh-server source-interface command t...
Page 1015
1-39 you can configure a source ip address for the ssh server to provide ssh access service for the ssh clients. In this way, the ssh clients can only access the ssh server using the specified ip address as the destination. This improves the service manageability when the ssh server has multiple ip ...
Page 1016: Table of Contents
I table of contents 1 file system management configuration commands ············································································1-1 file system configuration commands ···································································································1-1 cd ···········...
Page 1017: Commands
1-1 1 file system management configuration commands the 3com 5500-ei series ethernet switches support expandable resilient networking (xrn), and allow you to access a file on a switch in one of the following ways: z to access a file on the specified unit, you need to specify the file in universal re...
Page 1018
1-2 parameters directory: target directory. Description use the cd command to enter a specified directory on the ethernet switch. The default directory when a user logs onto the switch is the root directory of flash memory. Examples # enter the directory test from the root directory. Cd test # retur...
Page 1020
1-4 delete the running config file? [y/n]: delete the running web file? [y/n]: delete the backup image file? [y/n]: delete the backup config file? [y/n]: delete the backup web file? [y/n]: the corresponding files will be deleted after you choose yes. For deleted files whose names are the same, only ...
Page 1021
1-5 view user view parameters /all: specifies to display the information about all the files, including those stored in the recycle bin. /fabric: specifies to display the information about all the specified files in the fabric. File-url: path name or the name of a file in the flash memory. You can u...
Page 1022
1-6 7239 kb total (1720 kb free) (*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute # display information about all the files (including the files in the recycle bin) in the root directory of the file system of the fabric. Dir /all /fabric directory of unit...
Page 1023
1-7 parameters filename: batch file, with the extension .Bat. Description use the execute commandto execute the specified batch file. Executing a batch file is to execute a set of commands in the batch file one by one. Note that: z a batch file cannot contain any invisible character. If any invisibl...
Page 1024
1-8 z if the prompt mode is set to alert, the following messages will be displayed when you delete a file: delete unit1>flash:/te.Txt delete unit1>flash:/te.Txt?[y/n]:y ...... %delete file unit1>flash:/te.Txt...Done. The system waits for you to confirm for 30 seconds. If you do not input any confirm...
Page 1025
1-9 format syntax format device view user view parameters device: name of a device. Description use the format command to format the flash memory. The format operation clears all the files on the flash memory, and the operation is irretrievable. Examples # format the flash memory. Format unit1>flash...
Page 1026
1-10 z to use this command to create a subdirectory, the specified directory must exist. For instance, to create subdirectory flash:/test/mytest, the test directory must exist. Otherwise, you will fail to create the subdirectory. Examples # create a directory in the current directory, with the name ...
Page 1027
1-11 # vlan 2 # return move syntax move fileurl-source fileurl-dest view user view parameters fileurl-source: name of the source file. Fileurl-dest: name of the target file. Description use the move command to move a file to a specified directory. If the target file name is the same as an existing f...
Page 1028
1-12 view user view parameters none description use the pwd command to display the current working path of the login user. Examples # display the current working path. Pwd unit1>flash: rename syntax rename fileurl-source fileurl-dest view user view parameters fileurl-source: original path name or fi...
Page 1029
1-13 parameters file-url: path name or file name of a file in the flash memory. This argument supports the wildcard “*”. For example, *.Txt means all the files with an extension of txt. /force: specifies not to prompt for confirmation before deleting files. /fabric: specifies to clear the recycle bi...
Page 1030
1-14 7239 kb total (2730 kb free) //the above information indicates that in directory flash:, there are two files a.Cfg and b.Cfg in the recycle bin. Z delete the files in directory flash: that are already in the recycle bin. Reset recycle-bin clear flash:/~/a.Cfg ?[y/n]:y clearing files from flash ...
Page 1031
1-15 rmdir syntax rmdir directory view user view parameters directory: name of a directory. Description use the rmdir command to delete a directory. As only empty directories can be deleted, you need to clear a directory before deleting it. Examples # delete the directory named dd. Rmdir dd rmdir un...
Page 1032
1-16 update fabric syntax update fabric file-name view user view parameters file-name: name of the file to be upgraded, a string comprising 1 to 64 characters. Description use the update fabric command to use an app file, boot rom or web file on a device in the fabric to upgrade all the units in the...
Page 1033
1-17 fabric name is fab, system mode is l3. Fabric authentication : no authentication, number of units in stack: 1. Unit name unit id first 1(*) first 2 first 8 update fabric test.Bin this will update the fabric. Continue? [y/n] y the software is verifying ... The result of verification is : unit id...
Page 1034
1-18 the boot, web and configuration file's backup-attribute and main-attribute will exchange. Are you sure? [y/n] y the boot, web and configuration file's backup-attribute and main-attribute successfully exchanged on unit 1! The boot, web and configuration file's backup-attribute and main-attribute...
Page 1035
1-19 view user view parameters file-url: path or the name of the app file in the flash memory, a string comprising 1 to 64 characters. Fabric: specifies to apply the configuration to the whole fabric. Description use the boot boot-loader backup-attribute command to configure an app file of the fabri...
Page 1036
1-20 description use the boot web-package command to configure a web file in the fabric to be with the main or backup attribute. Z before configuring the main or backup attribute for a web file in the fabric, make sure the file exists on all devices in the fabric. Z the configuration of the main or ...
Page 1037
1-21 the main boot app is: test.Bin the backup boot app is: testbak.Bin display web package syntax display web package view any view parameters none description use the display web package command to display information about the web file used by the device, including the name of the currently used ...
Page 1038
1-22 examples # specify to prompt users to use customized passwords to enter the boot menu. Startup bootrom-access enable display startup unit 1 mainboard: current startup saved-configuration file: flash:/config.Cfg next main startup saved-configuration file: flash:/config.Cfg next backup startup sa...
Page 1039
1-23 # back up the current configuration of the whole fabric to the file aaa.Cfg on the tftp server whose ip address is 1.1.1.253. Backup fabric current-configuration to 1.1.1.253 aaa.Cfg backup current configuration to 1.1.1.253. Please wait... File will be transferred in binary mode. Copying file ...
Page 1040
1-24 unit 7: restore startup current configuration finished! # restore the startup configuration of the whole fabric from the file bbb.Cfg on the tftp server with the ip address 1.1.1.253. Restore fabric startup-configuration from 1.1.1.253 bbb.Cfg restore startup configuration from 1.1.1.253. Pleas...
Page 1041: Table of Contents
I table of contents 1 ftp and sftp configuration commands ·······························································································1-1 ftp server configuration commands····································································································1-1 displa...
Page 1042
Ii sftp client configuration commands·································································································1-26 bye ·················································································································································1-26 cd ····...
Page 1043
1-1 1 ftp and sftp configuration commands ftp server configuration commands display ftp-server syntax display ftp-server view any view parameters none description use the display ftp-server command to display the ftp server-related settings of a switch when it operates as an ftp server, including st...
Page 1044
1-2 the 3com switch 5500-ei supports one user access at one time when it serves as the ftp server. Display ftp-server source-ip syntax display ftp-server source-ip view any view parameters none description use the display ftp-server source-ip command to display the source ip address set for an ftp s...
Page 1045
1-3 description use the display ftp-user command to display the information of the ftp users that have logged in to the switch, including the user name, host ip address, port number, idle timeout time, and authorized directory. For how to create an ftp user on an ftp server, refer to the aaa part of...
Page 1046
1-4 description use the ftp disconnect command to terminate the connection between a specified user and the ftp server. With a 3com switch 5500-ei acting as the ftp server, if you attempt to disconnect a user that is uploading/downloading data to/from the ftp server, the switch 5500-ei will disconne...
Page 1047
1-5 to protect unused sockets from being attacked by malicious users, the 3com switch 5500-ei provides the following functions: z tcp 21 is enabled only when you start the ftp server. Z tcp 21 is disabled after you shut down the ftp server. Related commands: display ftp-server. Examples # enable the...
Page 1048
1-6 ftp-server source-interface syntax ftp-server source-interface interface-type interface-number undo ftp-server source-interface view system view parameters interface-type: type of the interface serving as the source interface of an ftp server. The interface type can be a loopback interface or a ...
Page 1049
1-7 use the undo ftp-server source-ip command to cancel the source ip address setting. By default, no source ip address is specified for an ftp server, and an ftp client can use any reachable address on the ftp server as the destination address to connect to an ftp server. Examples # specify 192.168...
Page 1050
1-8 200 type set to a. Binary syntax binary view ftp client view parameters none description use the binary command to specify that program files be transferred in binary mode, which is used for transferring program files. By default, files are transferred in ascii mode. Related commands: ascii. Exa...
Page 1051
1-9 cd syntax cd path view ftp client view parameters path: path of the target directory. Description use the cd command to change the working directory on the remote ftp server. Note that you can use this command to enter only authorized directories. Related commands: pwd. Examples # change the wor...
Page 1052
1-10 # display the current directory. [ftp] pwd 257 "flash:" is current directory. Close syntax close view ftp client view parameters none description use the close command to terminate an ftp connection without quitting ftp client view. This command has the same effect as that of the disconnect com...
Page 1053
1-11 dir syntax dir [ filename [ localfile ] ] view ftp client view parameters filename: name of the file to be queried. Localfile: name of the local file where the query result is to be saved. Description use the dir command to query specified files on a remote ftp server, or to display file inform...
Page 1054
1-12 -rwxrwxrwx 1 noone nogroup 5286666 oct 18 2006 switch5.Bin -rwxrwxrwx 1 noone nogroup 306 may 13 11:17 swithc001 226 transfer complete. Ftp: 1025 byte(s) received in 0.019 second(s) 53.00k byte(s)/sec. # display information about file config.Cfg and save the information to file temp1. [ftp] dir...
Page 1055
1-13 specified for the ftp client, the configured source ip address will be displayed. If neither a source ip address nor source interface is specified for the ftp client, 0.0.0.0 will be displayed. If no source ip address is specified for the ftp client, the switch searches the entry with the desti...
Page 1056
1-14 view user view parameters cluster: connects to the configured ftp server of a cluster. For the configuration of the ftp server of a cluster, refer to the cluster part of this manual. Remote-server: host name or ip address of an ftp server, a string of 1 to 20 characters. Interface-type: type of...
Page 1057
1-15 ftp source-interface syntax ftp source-interface interface-type interface-number undo ftp source-interface view system view parameters interface-type: type of the source interface, which can be vlan interface or loopback interface. Interface-number: number of the source interface. Description u...
Page 1058
1-16 description use the ftp source-ip command to specify the source ip address of that the switch uses every time it connects to an ftp server, and the configuration will be saved to the configuration file of the system. The value of argument ip-address must be an ip address on the device where the...
Page 1059
1-17 examples # download file temp.C. [ftp] get temp.C 227 entering passive mode (2,2,2,2,4,12). 125 ascii mode data connection already open, transfer starting for temp.C. ..226 transfer complete. Ftp: 15 byte(s) received in 2.568 second(s) 0.00 byte(s)/sec. Lcd syntax lcd view ftp client view param...
Page 1060
1-18 the ls command only displays file names on an ftp server. To query other file-related information, for example, file size, creation date and so on, use the dir command. Related commands: pwd. Examples # display the names of all the files in the current directory on the remote ftp server. [ftp] ...
Page 1062
1-20 description use the passive command to set the data transfer mode to the passive mode. Use the undo passive command to set the data transfer mode to the active mode. By default, the passive mode is adopted. The differences between the passive mode and the active mode are: z when working in the ...
Page 1063
1-21 pwd syntax pwd view ftp client view parameters none description use the pwd command to display the working directory on an ftp server. Related commands: cd, cdup, dir, ls. Examples # display the working directory on the ftp server. [ftp] pwd 257 "flash:/temp" is current directory. Quit syntax q...
Page 1064
1-22 view ftp client view parameters protocol-command: ftp protocol command. Description use the remotehelp command to display the help information about an ftp protocol command. This command works only when the ftp server provides the help information about ftp protocol commands. Z this command is ...
Page 1065
1-23 250 file renamed successfully rmdir syntax rmdir pathname view ftp client view parameters pathname: name of a directory on an ftp server. Description use the rmdir command to remove a specified directory on an ftp server. Note that you can only use this command to remove directories that are em...
Page 1066
1-24 verbose syntax verbose undo verbose view ftp client view parameters none description use the verbose command to enable the verbose function, which displays execution information of user operations and all ftp responses. Use the undo verbose command to disable the verbose function. The verbose f...
Page 1067
1-25 view system view parameters none description use the sftp server enable command to enable the sftp server. Use the undo sftp server command to disable the sftp server. By default, the sftp server is disabled. Examples # enable the sftp server. System-view system view: return to user view with c...
Page 1068
1-26 sftp client configuration commands bye syntax bye view sftp client view parameters none description use the bye command to terminate a connection with the remote sftp server and return to system view. This command has the same effect as that of the commands exit and quit. Examples # terminate t...
Page 1069
1-27 examples # change the working path to new1. Sftp-client>cd new1 received status: success current directory is: /new1 sftp-client> cdup syntax cdup view sftp client view parameters none description use the cdup command to change the working path on the remote sftp server and return to the parent...
Page 1071
1-29 display sftp source-ip syntax display sftp source-ip view any view parameters none description use the display sftp source-ip command to display the source ip address specified for the current sftp client. If you have specified a source interface for the sftp client, this command displays the i...
Page 1072
1-30 get syntax get remote-file [ local-file ] view sftp client view parameters remote-file: name of a file on the remote sftp server. Local-file: name of a local file. Description use the get command to download a file from the remote server. By default, the remote file name is used for the file sa...
Page 1074
1-32 examples # create a directory named hj on the remote sftp server. Sftp-client>mkdir hj received status: success new directory created put syntax put local-file [ remote-file ] view sftp client view parameters local-file: name of a local file. Remote-file: name of a file on the remote sftp serve...
Page 1075
1-33 sftp-client> pwd / quit syntax quit view sftp client view parameters none description use the quit command to terminate a connection with the remote sftp server and return to system view. This command has the same effect as that of the commands bye and exit. Examples # terminate a connection wi...
Page 1076
1-34 this operation may take a long time.Please wait... Received status: success file successfully removed rename syntax rename oldname newname view sftp client view parameters oldname: old file name. Newname: new file name. Description use the rename command to rename a specified file on the remote...
Page 1078
1-36 if you specify to authenticate a client through public key on the server, the client needs to read the local private key when logging in to the sftp server. Since both rsa and dsa are available for public key authentication, you need to use the identity-key key word to specify the algorithms to...
Page 1079
1-37 sftp source-ip syntax sftp source-ip ip-address undo sftp source-ip view system view parameters ip-address: source ip address to be set. Description use the sftp source-ip command to specify a source ip address for the sftp client. If the specified ip address is not the ip address of the local ...
Page 1080: Tftp Configuration Commands
2-1 2 tftp configuration commands tftp configuration commands display tftp source-ip syntax display tftp source-ip view any view parameters none description use the display tftp source-ip command to display the source ip address that a tftp client uses every time it connects to a tftp server (use th...
Page 1081
2-2 by default, the binary mode is adopted. Examples # specify to adopt the ascii mode. System-view system view: return to user view with ctrl+z. [sysname] tftp ascii tftp transfer mode changed to ascii. Tftp get syntax tftp tftp-server get source-file [ dest-file ] view user view parameters tftp-se...
Page 1082
2-3 file downloaded successfully. # download file temp.Txt from the tftp server (1.1.1.1) and save it as test1.Txt (suppose that free space of the flash is insufficient and the tftp server does not support file size negotiation). Tftp 1.1.1.1 get temp.Txt test1.Txt file will be transferred in binary...
Page 1084
2-5 parameters tftp-server: ip address or host name of the tftp server to be connected to, a string of 1 to 20 characters. If the switch belongs to a cluster, the value cluster means to connect to the tftp server of the cluster. For the configuration of the tftp server of a cluster, refer to the clu...
Page 1085
2-6 examples # specify vlan-interface 1 as the source interface that the tftp client uses every time it connects to a tftp server. System-view system view: return to user view with ctrl+z. [sysname] tftp source-interface vlan-interface 1 tftp source-ip syntax tftp source-ip ip-address undo tftp sour...
Page 1086
2-7 description use the tftp-server acl command to specify the acl adopted for the connection between a tftp client and a tftp server. Use the undo tftp-server acl command to cancel all acls adopted. Examples # specify to adopt acl 2000 on the tftp client. System-view system view: return to user vie...
Page 1087: Table of Contents
I table of contents 1 information center configuration commands ·······················································································1-1 information center configuration commands ························································································1-1 display cha...
Page 1089
1-2 description use the display info-center command to display the operation status of information center, the configuration of information channels, the format of time stamp and the information output in case of fabric. Related commands: info-center enable, info-center loghost, info-center logbuffe...
Page 1090
1-3 field description snmp agent information about snmp agent, including name and number of its information channel log buffer information about the log buffer, including its state (enabled or disabled), its maximum size, current size, current messages, information channel name and number, number of...
Page 1092
1-5 field description overwritten messages the number of overwritten messages (when the buffer size is not big enough to hold all messages, the latest messages overwrite the old ones). Current messages the number of the current messages display logbuffer summary syntax display logbuffer summary [ le...
Page 1093
1-6 absence of the size buffersize argument indicates that all trap information is displayed. Examples # display the status of the trap buffer and the records in the trap buffer. Display trapbuffer trapping buffer configuration and contents:enabled allowed max buffer size : 1024 actual buffer size :...
Page 1095
1-8 parameters none description use the info-center enable command to enable the information center. Use the undo info-center enable command to disable the information center. The switch can output system information to the log host, the console, and other destinations only when the information cent...
Page 1096
1-9 related commands: info-center enable, display info-center. Examples # configure the system to output information to the log buffer with the size of 50. System-view system view: return to user view with ctrl+z. [sysname] info-center logbuffer size 50 info-center loghost syntax info-center loghost...
Page 1097
1-10 examples # configure the system to output system information to the unix log host whose ip address is 202.38.160.1. System-view system view: return to user view with ctrl+z. [sysname] info-center loghost 202.38.160.1 info-center loghost source syntax info-center loghost source interface-type in...
Page 1098
1-11 channel-name: channel name, by default, the name of channel 0 to channel 9 is (in turn) console, monitor, loghost, trapbuffer, logbuffer, snmpagent, channel6, channel7, channel8, channel9. Description use the info-center monitor channel command to set the channel through which information is ou...
Page 1100
1-13 z after you separately set the output rules for a module, you must use the module-name argument to modify or remove the rules. The new configuration by using the default keyword is invalid on the module. Z you can configure to output the log, trap and debugging information to the trap buffer, b...
Page 1101
1-14 # set the output channel for the log information of vlan module to snmpagent and to output information with severity being emergencies. Log information of other modules and all the other system information cannot be output to this channel. System-view [sysname] info-center source default channe...
Page 1104
1-17 parameters date: specifies to adopt the current system date and time, in the format of mmm dd hh:mm:ss:ms yyyy. No-year-date: specifies to adopt the current system date and time excluding the year, in the format of mmm dd hh:mm:ss:ms. None: specifies not to include time stamp in the output info...
Page 1105
1-18 # display the time stamp configuration of the information center. [sysname] display info-center information center: enabled log host: 192.168.0.10, channel number : 2, channel name : loghost language : english, host facility local : 7 console: channel number : 0, channel name : console monitor:...
Page 1106
1-19 channel-name: channel name. By default, the name of channel 0 to channel 9 is (in turn) console, monitor, loghost, trapbuffer, logbuffer, snmpagent, channel6, channel7, channel8, channel9. Description use the info-center trapbuffer command to enable information output to the trap buffer. Use th...
Page 1107
1-20 description use the reset trapbuffer command to clear information recorded in the trap buffer. Examples # clear information recorded in the trap buffer. Reset trapbuffer terminal debugging syntax terminal debugging undo terminal debugging view user view parameters none description use the termi...
Page 1108
1-21 description use the terminal logging command to enable log terminal display. Use the undo terminal logging command to disable log terminal display. By default, log terminal display is enabled for console users and terminal users. Examples # disable log terminal display. Undo terminal logging te...
Page 1109
1-22 view user view parameters none description use the terminal trapping command to enable trap terminal display. Use the undo terminal trapping command to disable trap terminal display. By default, trap terminal display is enabled. Examples # enable trap terminal display. Terminal trapping.
Page 1110: Table of Contents
I table of contents 1 basic system configuration and debugging commands·····································································1-1 basic system configuration commands ································································································1-1 clock datetime······...
Page 1111
Ii xmodem get···································································································································3-18.
Page 1115
1-4 the following lists the three levels of views available on a switch (from lower level to higher level): z user view z system view z vlan view, ethernet port view, and so on if the current view is user view, this command is used to quit the system. Related commands: return, system-view. Examples ...
Page 1116
1-5 sysname syntax sysname sysname undo sysname view system view parameters sysname: system name of the ethernet switch. It is a string of 1 to 30 characters. By default, it is 3com. Description use the sysname command to set the system name of an ethernet switch. Use the undo sysname command to res...
Page 1117
1-6 system status and information display commands display clock syntax display clock view any view parameters none description use the display clock command to display the current date, time, timezone and summertime of the system, so that you can adjust them if they are wrong. The maximum date and ...
Page 1118
1-7 interface-type: interface type. Interface-number: interface number. Module-name: functional module name. Fabric: specifies to display the enabled debugging of the switches in the fabric. By-module: specifies to display fabric debugging by module. Description use the display debugging command to ...
Page 1120
1-9 view any view parameters none description use the display diagnostic-information command to display or save the running statistics of the system function modules. If you choose to save the statistics, the system will save the statistics to a file with the extension .Diag in the flash memory. Exa...
Page 1121
1-10 use the undo terminal debugging command to disable terminal display for debugging information. By default, terminal display for debugging information is disabled. Note that: z to display the debugging information on the terminal, you need to configure both the terminal debugging and terminal mo...
Page 1122
2-1 2 network connectivity test commands network connectivity test commands ping syntax ping [ -a ip-address ] [-c count ] [ -d ] [ -f ] [ -h ttl ] [ -i interface-type interface-number ] [ ip ] [ -n ] [ - p pattern ] [ -q ] [ -s packetsize ] [ -t timeout ] [ -tos tos ] [ -v ] string view any view pa...
Page 1123
2-2 -t timeout: specifies the timeout time (in milliseconds) before an icmp echo-reply packet is received after an icmp echo-request packet is sent. The timeout argument ranges from 0 to 65535 ms and defaults to 2,000 ms. -tos tos: specifies the tos value of the icmp echo-request packets in the rang...
Page 1124
2-3 tracert syntax tracert [ -a source-ip ] [ -f first-ttl ] [ -m max-ttl ] [ -p port ] [ -q num-packet ] [ -w timeout ] string view any view parameters -a source-ip: specifies the source interface ip address used by this command. -f first-ttl: specifies the initial ttl value of the packets to be se...
Page 1125
2-4 examples # trace the gateways that the packets pass through to the destination with ip address 18.26.0.115. Tracert 18.26.0.115 tracert to 18.26.0.115 (18.26.0.115), 30 hops max,40 bytes packet 1 128.3.112.1 (128.3.112.1) 0 ms 0 ms 0 ms 2 128.32.216.1 (128.32.216.1) 19 ms 19 ms 19 ms 3 128.32.20...
Page 1127
3-2 parameters file-ulr: path plus name of a boot rom file (that is, a .Btm file) in the flash, a string of 1 to 64 characters. Device-name: file name, beginning with a device name in the form of unit[no.]>flash, used to indicates that the specified file is stored in the flash memory of a specified ...
Page 1128
3-3 display cpu syntax display cpu [ unit unit-id ] view any view parameters unit-id: unit id of a switch. Description use the display cpu command to display the cpu usage. Examples # display the cpu usage of this switch. Display cpu unit 1 board 0 cpu busy status: 12% in last 5 seconds 12% in last ...
Page 1129
3-4 description use the display device command to display the information, such as the module type and operating status, about each board (main board and sub-board) of a specified switch. You can use this command to display the following information about each board, including slot number, sub-slot ...
Page 1130
3-5 examples # display the working states of the fans. Display fan unit 1 fan 1 state: normal the above information indicates that the fan works normally. Display memory syntax display memory [ unit unit-id ] view any view parameters unit-id: unit id of a switch. Description use the display memory c...
Page 1131
3-6 parameters unit-id: unit id of a switch. Power-id: power id. Description use the display power command to display the working state of the power supply of the switch. Examples # display the working state of the power supply. Display power unit 1 power 1 state : normal type : ac the above informa...
Page 1132
3-7 description use the display transceiver alarm interface command to display the current alarm information of a single or all transceivers. If no error occurs, none is displayed. Table 3-5 shows the alarm information that may occur for the four types of transceivers. Table 3-5 description on the f...
Page 1133
3-8 field remarks tx power low tx power is low. Module not ready module is not ready. Apd supply fault apd (avalanche photo diode) supply fault tec fault tec (thermoelectric cooler) fault wavelength unlocked wavelength of optical signal exceeds the manufacturer’s tolerance. Temp high temperature is ...
Page 1134
3-9 field remarks transceiver info i/o error transceiver information read and write error transceiver info checksum error transceiver information checksum error transceiver type and port configuration mismatch transceiver type does not match port configuration. Transceiver type not supported by port...
Page 1135
3-10 table 3-7 description on the fields of display transceiver diagnosis interface field description transceiver diagnostic information digital diagnosis information of the transceiver carried by an interface current diagnostic parameters current diagnostic parameters temp.(°c) digital diagnosis pa...
Page 1136
3-11 table 3-8 description on the fields of the display transceiver interface command field description transceiver information transceiver information of the interface transceiver type transceiver type connector type type of the connectors of the transceiver: z optical connectors, including sc (sc ...
Page 1137
3-12 description use the display transceiver manuinfo interface command to display part of the electrical label information of a single or all anti-spoofing pluggable transceivers customized by h3c. Examples # display part of the electrical label information of the anti-spoofing pluggable transceive...
Page 1138
3-13 system view: return to user view with ctrl+z. [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] port auto-power-down reboot syntax reboot [ unit unit-id ] view user view parameters unit-id: unit id of a switch. Description use the reboot command to restart a specified ethernet switch. B...
Page 1141
3-16 schedule reboot regularity syntax schedule reboot regularity at hh:mmperiod undo schedule reboot regularity view system view parameters hh:mm: reboot time of the switch, in the hour:minute format, where hh ranges from 0 to 24, and mm ranges from 0 to 59. Period: reboot period of the switch, in ...
Page 1142
3-17 system-monitor enable syntax system-monitor enable undo system-monitor enable view system view parameters none description use the system-monitor enable command to enable real-time monitoring of the running status of the system. Use the undo system-monitor enable command to disable real-time mo...
Page 1143
3-18 device-name: file name, in the form of unit[no.]>flash:, which is used to indicate that the specified file is stored in the flash of a specified switch. Description use the update fabric command to upgrade the host software of all devices in a fabric. Examples # use the file named s5500.App in ...
Page 1144
3-19 **** warning **** xmodem is a slow transfer protocol limited to the current speed settings of the auxiliary ports. During the course of the download no exec input/output will be available! ---- ******* ----.
Page 1145: Table of Contents
I table of contents 1 vlan-vpn configuration commands ·····································································································1-1 vlan-vpn configuration commands ····································································································1-1 displ...
Page 1146
1-1 1 vlan-vpn configuration commands vlan-vpn configuration commands display port vlan-vpn syntax display port vlan-vpn view any view parameters none description use the display port vlan-vpn command to display the information about vlan-vpn configuration of the current system. Related commands: vl...
Page 1147
1-2 field description vlan-vpn inner-cos-trust the status of the inner-to-outer tag priority replicating feature, enable (enabled) or disable (disabled). You can use the vlan-vpn inner-cos-trust command to configure the feature. Vlan-vpn tpid tpid value of the port, which can be configured through t...
Page 1148
1-3 system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] igmp transparent enable vlan-vpn enable syntax vlan-vpn enable undo vlan-vpn view ethernet port view parameters none description use the vlan-vpn enable command to enable the vlan-vpn feature...
Page 1149
1-4 vlan-vpn inner-cos-trust syntax vlan-vpn inner-cos-trust enable undo vlan-vpn inner-cos-trust view ethernet port view parameters none description use the vlan-vpn inner-cos-trust enable command to enable the inner-to-outer tag priority replicating feature. With the feature enabled, a port replic...
Page 1150
1-5 outer-priority: priority for the outer vlan tag in a packet. This argument can be in the range 0 to 7 or a keyword listed table 1-2 . Table 1-2 description on 802.1p priority ip precedence (decimal) keyword 0 best-effort 1 background 2 spare 3 excellent-effort 4 controlled-load 5 video 6 voice 7...
Page 1151
1-6 vlan-vpn tpid syntax vlan-vpn tpid value undo vlan-vpn tpid view ethernet port view parameters value: user-defined tpid value (in hexadecimal format), in the range 0x0001 to 0xffff. Description use the vlan-vpn tpid command to set the tpid value for a port. With the tpid value set on a port, the...
Page 1152
1-7 system-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/2 [sysname-ethernet1/0/2] vlan-vpn tpid 9100
Page 1154
2-2 vlan 4093 is a special vlan reserved for the xrn fabric feature. It can not serve as the destination vlan of the inter-vlan mac address replicating feature to receive mac address entries from the other vlans. Examples # enable the inter-vlan mac address replicating feature for ethernet1/0/1 to r...
Page 1155
2-3 a packet cannot be tagged with different outer vlan tags. To change the outer vlan tag of a packet, you need to remove the existing outer vlan tag configuration and configure a new outer vlan tag. Before configuring this command in qinq view, you need to use the vlan-vpn vid command to configure...
Page 1156
2-4 if xrn fabric is enabled on a device, the selective qinq policy cannot be configured on any port of the device. By default, no selective qinq policy is configured on a port. After specifying an outer vlan tag and enter qinq view, you need to use the raw-vlan-id inbound command to specify which v...
Page 1158
3-2 original destination mac address of the packet before sending it. As a result, the packet will not be recognized as a protocol packet by other devices in the operator network during transmission. In this way, transparent transmission is implemented. You can use the bpdu-tunnel tunnel-dmac comman...
Page 1159
3-3 z to prevent the devices in the service provider network from processing the tunnel packets as other protocol packets, the mac address for tunnel packets must be a multicast address specially for bpdu tunnels in the service provider network. Z the destination mac addresses configured at the two ...
Page 1160: Table of Contents
I table of contents 1 remote-ping commands ···························································································································1-1 remote-ping client commands ······································································································...
Page 1161
Ii ttl ····················································································································································1-37 username····································································································································...
Page 1162: Remote-Ping Commands
1-1 1 remote-ping commands remote-ping client commands adv-factor syntax adv-factor adv-number undo adv-factor view remote-ping test group view parameters adv-number: advantage factor, used to count mos and icpif value in a jitter voice test. It is in the range 0 to 20 and defaults to 0. Description...
Page 1163
1-2 view remote-ping test group view parameters times: number of probes in each remote-ping test. The times argument ranges from 1 to 15. Description use the count command to set the number of probes in each remote-ping test. Use the undo count command to restore the default. For tests except jitter...
Page 1164
1-3 note that: z the configuration of a padding character string is only supported by icmp, udp and jitter tests. Z a portion of a test packet is reserved and the padding character string is padded to the rest part. The length of the reserved part varies depending on the test type. Table 1-1 describ...
Page 1165
1-4 test type code range default value udp none 4-8100 100 other none 4-8100 0 description use the datasize command to configure the size of a test packet in a test. Use the undo datasize command to restore the default. The configuration of packet size is only supported by icmp, udp and jitter tests...
Page 1166
1-5 undo destination-ip view remote-ping test group view parameters ip-address: destination ip address of a remote-ping test. Description use the destination-ip command to configure a destination ip address of an remote-ping test. Use the undo destination-ip command to remove the configured destinat...
Page 1167
1-6 by default, no destination port number is configured for a test. Related commands: destination-ip. Z the destination-port command has effect on jitter, tcp-private, and udp-private tests only. Z it is not recommended to perform a tcp, udp, or jitter test on a well-known port (ports with a number...
Page 1168
1-7 examples # display the test results of the test group with administrator name administrator, and operation tag icmp. Display remote-ping results administrator icmp remote-ping entry(admin administrator, tag icmp) test result: destination ip address:10.2.2.2 send operation times: 10 receive respo...
Page 1169
1-8 # display the history records of remote-ping tests. Display remote-ping history administrator icmp remote-ping entry(admin administrator, tag icmp) history record: index response status lastrc time 1 1 1 0 2004-11-25 16:28:55.0 2 1 1 0 2004-11-25 16:28:55.0 3 1 1 0 2004-11-25 16:28:55.0 4 1 1 0 ...
Page 1170
1-9 square-sum of round trip time: 729 last succeeded test time: 2000-4-2 3:45:36.8 extend result: sd maximal delay: 0 ds maximal delay: 0 packet lost in test: 0% disconnect operation number: 0 operation timeout number: 0 system busy operation number: 0 connection fail number: 0 operation sequence e...
Page 1171
1-10 # display the test results of the test group with administrator name administrator, and operation tag jitter. Display remote-ping results administrator jitter remote-ping entry(admin administrator, tag jitter) test result: destination ip address:10.2.2.2 send operation times: 100 receive respon...
Page 1172
1-11 field description positive ds number number of positive jitter delays from the destination to the source positive sd sum sum of positive jitter delays from the source to the destination positive ds sum sum of positive jitter delays from the destination to the source positive sd average average ...
Page 1173
1-12 # display the test results of the test group with administrator name administrator, and operation tag dns. Display remote-ping results administrator dns remote-ping entry(admin administrator, tag dns) test result: destination ip address:10.2.2.2 send operation times: 10 receive response times: ...
Page 1174
1-13 parameters administrator-name: name of the administrator creating the test. Operation-tag: test operation tag. Description use the display remote-ping statistics command to display test statistics. After a test begins, if all the probes in the first test have not been finished, when you use the...
Page 1175
1-14 field description lifetime the time that a test lasts send operation times the number of the sent test packets. Receive response times the number of successful test attempts min/max/average round trip time roundtrip time in its minimum, maximum, and average square-sum of round trip time the squ...
Page 1176
1-15 field description unknown result lost packet number the number of the lost packets for unknown reason dns-server syntax dns-server ip-address undo dns-server view remote-ping test group view parameters ip-address: ip address to be assigned to a domain name server (dns). Description use the dns-...
Page 1177
1-16 view remote-ping test group view parameters domain-name: domain name to be resolved, in the range of 1 to 60 characters. Description use the dns resolve-target command to configure a domain name to be resolved. Use the undo resolve-target command to remove a domain name to be resolved. By defau...
Page 1178
1-17 the filename command applies to ftp tests only. Examples # specify to transmit config.Txt between remote-ping client and ftp server in an ftp test. System-view system view: return to user view with ctrl+z [sysname] remote-ping administrator ftp [sysname-remote-ping-administrator-ftp] test-type ...
Page 1179
1-18 [sysname-remote-ping-administrator-ftp] ftp-operation put [sysname-remote-ping-administrator-ftp] filesize 2000 frequency syntax frequency interval undo frequency view remote-ping test group view parameters interval: automatic test interval in seconds. It ranges from 0 to 65,535. Description us...
Page 1180
1-19 view remote-ping test group view parameters get: specifies the test operation as download from the ftp server. Put: specifies the test operation as upload to the ftp server. Description use the ftp-operation command to configure the ftp operation mode, which can be get and put. By default, the ...
Page 1181
1-20 examples # configure the retaining time of the history record for a test group to 240 minutes. System-view system view: return to user view with ctrl+z [sysname] remote-ping administrator icmp [sysname-remote-ping-administrator-icmp] history keep-time 240 history-record enable syntax history-re...
Page 1182
1-21 parameters number: maximum number of history records that can be saved in a test group, in the range of 0 to 50, and 50 by default. Description use the history-records command to set the maximum number of history records that can be saved in a test group. Use the undo history-records to restore...
Page 1183
1-22 [sysname] remote-ping administrator http [sysname-remote-ping-administrator-http] test-type http [sysname-remote-ping-administrator-http] http-operation post http-string syntax http-string string version undo http-string view remote-ping test group view parameters string: http operation string ...
Page 1184
1-23 parameters administrator-name: name of the administrator to create a remote-ping test group, a string of 1 to 32 characters. Operation-tag: operation tag, a string of 1 to 32 characters. Description use the remote-ping command to create an remote-ping test group and enter remote-ping test group...
Page 1185
1-24 view system view parameters none description use the remote-ping-agent enable command to enable the remote-ping client function. Use the undo remote-ping-agent enable command to disable the remote-ping client function. By default, the remote-ping client function is disabled. You can perform tes...
Page 1186
1-25 examples # set the maximum number of concurrent tests to 4. System-view system view: return to user view with ctrl+z [sysname] remote-ping-agent max-requests 4 jitter-interval syntax jitter-interval interval undo jitter-interval view remote-ping test group view parameters interval: interval in ...
Page 1187
1-26 view remote-ping test group view parameters number: number of packets to be transmitted in one probe for a jitter test, in the range of 10 to 1000. Description use the jitter-packetnum command to configure the number of packets to be sent in one probe for a jitter test. Use the undo jitter-pack...
Page 1188
1-27 z to perform an ftp test successfully, the configured password must be consistent with the ftp user password configured on the server. Z this command applies to ftp tests only. Examples # set the password for logging into the ftp server as remote-ping in an ftp test. System-view system view: re...
Page 1190
1-29 with routing table bypass, a remote host can bypass the normal routing tables and send icmp packets directly to a host on an attached network. If the host is not on a directly connected network, an error is returned. You can use this function when pinging a local host on an interface that has n...
Page 1191
1-30 z for dhcp tests, this command is required. For icmp tests, this command is optional. This command does not apply to other tests. Z for icmp tests, if a source ip address has been configured with the source-ip command, the source-interface command cannot change the configured ip address. Z for ...
Page 1192
1-31 z for ftp tests, this command is required. This command does not apply to dhcp tests. For other tests, this command is optional. Z the specified source ip address by this command cannot be of an interface on a remote device, and the interface must be up; otherwise the test will fail. Examples #...
Page 1194
1-33 description use the statistics keep-time command to configure the retaining time of the test statistics. Use the undo statistics keep-time command to remove your configuration and restore the default. Examples # configure the retaining time of the test statistics to 180 minutes. System-view sys...
Page 1195
1-34 examples # set the test to start from 14:03 and last 3600 seconds. System-view system view: return to user view with ctrl+z [sysname] remote-ping administrator icmp [sysname-remote-ping-administrator-icmp] test-time begin 14:03:00 lifetime 3600 test-type syntax test-type type [ codec codec-valu...
Page 1196
1-35 examples # configure the test type as an ftp test. System-view system view: return to user view with ctrl+z [sysname] remote-ping administrator ftp [sysname-remote-ping-administrator-ftp] test-type ftp test-enable syntax test-enable undo test-enable view remote-ping test group view parameters n...
Page 1197
1-36 test-failtimes syntax test-failtimes times undo test-failtimes view remote-ping test group view parameters times: number of times of consecutive test failure, in the range of 1 to 15. Description use the test-failtimes command to configure the number of consecutive times a remote-ping test fail...
Page 1198
1-37 examples # set the timeout time for one probe in an icmp test to 10 seconds. System-view system view: return to user view with ctrl+z [sysname] remote-ping administrator icmp [sysname-remote-ping-administrator-icmp] test-type icmp [sysname-remote-ping-administrator-icmp] timeout 10 tos syntax t...
Page 1199
1-38 view remote-ping test group view parameters number: time to live (ttl) value or lifetime of remote-ping test packets. It is in the range 1 to 255 and defaults to 20. Description use the ttl command to configure ttl of remote-ping test packets. Use the undo ttl command to restore the default ttl...
Page 1200
1-39 z to perform an ftp test successfully, the configured username must be consistent with the username configured on the ftp server. Z this command applies to ftp tests only. Examples # configure the username for logging into the ftp server in an ftp test as administrator. System-view system view:...
Page 1201
1-40 related commands: remote-ping-agent enable, remote-ping-server tcpconnect, remote-ping-server udpecho. Examples # enable a remote-ping server. System-view system view: return to user view with ctrl+z [sysname] remote-ping-server enable remote-ping-server tcpconnect syntax remote-ping-server tcp...
Page 1202
1-41 view system view parameters ip-address: ip address from which a remote-ping server performs udp listening. Port-number: port from which a remote-ping server performs udp listening. The value ranges from 1 to 49999. In is not recommended to use some special ports (that is, those used for fixed f...
Page 1203: Table of Contents
I table of contents 1 dns configuration commands················································································································1-1 dns configuration commands··············································································································...
Page 1204: Dns Configuration Commands
1-1 1 dns configuration commands dns configuration commands display dns domain syntax display dns domain [ dynamic ] view any view parameters dynamic: displays dns suffixes dynamically assigned through dhcp or other protocols. Description use the display dns domain command to display the dns suffixe...
Page 1205
1-2 description use the display dns dynamic-host command to display the information in the dynamic domain name cache. Examples # display the information in the dynamic domain name cache. Display dns dynamic-host no domain-name ---> ipaddress ttl alias 1 lm.Test.Abc 172.1.223.1 3564 no domain-name 1 ...
Page 1206
1-3 d:dynamic s:static ipv4 dns servers : domain-server type ip address 1 s 192.168.0.4 ipv6 dns servers : table 1-3 description on the fields of the display dns server command field description type type of the dns server. S indicates the dns server is specified manually, while d indicates the dns ...
Page 1207
1-4 field description flags indicates the type of mappings between host names and ip addresses, static or dynamic static indicates static mapping between host names and ip addresses address ip address of a host dns domain syntax dns domain domain-name undo dns domain [ domain-name ] view system view...
Page 1208
1-5 dns resolve syntax dns resolve undo dns resolve view system view parameters none description use the dns resolve command to enable dynamic domain name resolution. Use the undo dns resolve command to disable dynamic domain name resolution. Dynamic domain name resolution is disabled by default. Ex...
Page 1209
1-6 system view: return to user view with ctrl+z. [sysname] dns server 172.16.1.1 ip host syntax ip host hostname ip-address undo ip host hostname [ ip-address ] view system view parameters hostname: host name, a string of 1 to 20 characters which can be letters, numbers, hyphens (-), or dots (.). T...
Page 1210
1-7 description use the nslookup type command to display dns resolution result, namely, the domain name for a specified ip address or ip address for a specified domain name. Examples # display the corresponding domain name for 192.168.3.2. Nslookup type ptr 192.168.3.2 trying dns server (10.72.66.36...
Page 1211: Table of Contents
I table of contents 1 smart link configuration commands·····································································································1-1 smart link configuration commands ·····································································································1-1 d...
Page 1212
1-1 1 smart link configuration commands smart link configuration commands display smart-link flush syntax display smart-link flush view any view parameters none description use the display smart-link flush command to view the information about how the smart link device processes flush messages. Exam...
Page 1214
1-3 flush enable control-vlan syntax flush enable control-vlan vlan-id undo flush enable view smart link group view parameters vlan-id: control vlan id, in the range of 1 to 4,094. Description use the flush enable control-vlan command to enable the function of sending flush messages in the specified...
Page 1215
1-4 because smart link and stp cannot be enabled on an ethernet port at the same time, you must make sure that stp is disabled on the port before assigning the port to a smart link group. Examples # configure link aggregation group 8 as the slave port of smart link group 1. System-view system view: ...
Page 1217
1-6 reset smart-link packets counter syntax reset smart-link packets counter view user view parameters none description use the reset smart-link packets counter command to clear the flush message statistics of smart link. Examples # clear the flush message statistics of smart link. Reset smart-link ...
Page 1218
1-7 the vlan configured as a control vlan for sending or receiving flush messages must exist. You cannot directly remove the control vlan. When a dynamic vlan is configured as a control vlan for the smart link group, this vlan will become a static vlan, and related prompt information is displayed. E...
Page 1219
1-8 make sure that the smart link group has no members before executing the undo smart-link group command. Examples # create a smart link group. System-view system view: return to user view with ctrl+z. [sysname] smart-link group 1 new smart link group has been created. [sysname-smlk-group1].
Page 1221
2-2 undo link-aggregation group group-id view monitor link group view parameters group-id: link aggregation group id, ranging from 1 to 416 (a link aggregation group can be a manual or static link aggregation group only). Uplink:specifies the specified link aggregation group as the uplink port of th...
Page 1222
2-3 parameters group-id: monitor link group id, ranging from 1 to 24. Description use the monitor-link group command to create a monitor link group and enter monitor link group view. If the monitor link group has been created, you enter the monitor link group view directly. Use the undo monitor-link...
Page 1223
2-4 in monitor link, a monitor link group member can be a single port, a static link aggregation group, but not a dynamic link aggregation group. The uplink port of a monitor link group can also be a smart link group. Do not use this command on member ports of a link aggregation group or a smart lin...
Page 1224
2-5 a port or a link aggregation group cannot serve as a member port for two smart link groups. On the other hand, a port or a link aggregation group cannot serve as a member for a smart link group and a monitor link group at the same time. However, a smart link group can serve as the uplink member ...
Page 1225: Table of Contents
I table of contents 1 access management configuration commands ··························································· 1-1 access management configuration commands ···························································· 1-1 am enable ·························································...
Page 1226
1-1 1 access management configuration commands access management configuration commands am enable syntax am enable undo am enable view system view parameters none description use the am enable command to enable the access management function. Use the undo am enable command to disable the function. B...
Page 1227
1-2 view ethernet port view parameters all: specifies all the ip addresses (or ip address pools). Address-list: ip address list. You need to provide this argument in the format of start-ip-address [ ip-address-number ] & , where start-ip-address is the start ip address of an ip address range in the ...
Page 1228
1-3 undo am trap enable view system view parameters none description use the am trap enable command to enable the access management trap function. Use the undo am trap enable command to disable the access management trap function. By default, the access management trap function is disabled. Examples...
Page 1229
1-4 ethernet1/0/2 status : enabled ip pools : (null) table 1-1 description on the fields of the display am command field description status access management state of a port: enabled or disabled ip pools access management ip pools. Null means the access management ip pool is not configured. Each ip ...
Page 1230: Table of Contents
I table of contents 1 lldp configuration commands ··············································································································1-1 lldp configuration commands ············································································································...
Page 1232
1-2 lldp local-information of port 1[ethernet1/0/1]: port id subtype : interface name port id : ethernet1/0/1 port description : ethernet1/0/1 interface management address type : ipv4 management address : 192.168.102.11 management address interface type : ifindex management address interface id : 54...
Page 1233
1-3 field description system capabilities supported supported capabilities, which can be: z bridge, indicating switching z router, indicating routing z repeater, indicating forwarding system capabilities enabled currently enabled capabilities, which can be: z bridge, indicating switching is currentl...
Page 1234
1-4 field description opermau current speed and duplex state of the port power port class poe device type, which can be : z pse, indicating a power supply device z pd, indicating a powered device pse power supported indicates whether or not the device can operate as a pse. Pse power enabled indicate...
Page 1235
1-5 field description port pse priority port pse priority, which can be : z unknown z critical z high z low port available power value poe power display lldp neighbor-information syntax display lldp neighbor-information [ interface interface-type interface-number ] [ brief ] view any view parameters...
Page 1236
1-6 management address interface id : unknown management address oid : 0 port vlan id(pvid): 1 port and protocol vlan id(ppvid) : 1 port and protocol vlan supported : yes port and protocol vlan enabled : no vlan name of vlan 1: vlan 0001 auto-negotiation supported : yes auto-negotiation enabled : ye...
Page 1237
1-7 port and protocol vlan id(ppvid) : 1 port and protocol vlan supported : yes port and protocol vlan enabled : no vlan name of vlan 1: vlan 0001 auto-negotiation supported : yes auto-negotiation enabled : yes opermau : speed(1000)/duplex(full) power port class : pd pse power supported : no pse pow...
Page 1238
1-8 field description port id type port information, which can be: z interface alias z port component z mac address z network address z interface name z agent circuit id z locally assigned (indicating the local configuration) port id value of port id type port description port description system nam...
Page 1239
1-9 field description pse pairs control ability indicates whether or not the pse-pd pair control is available. Power pairs poe mode, which can be signal or spare. Port power classification port power classification of the pd, which can be the following: z class0 z class1 z class2 z class3 z class4 l...
Page 1240
1-10 field description firmwarerev firmware version softwarerev software version serialnumber serial number manufacturer name manufacturer name model name module name asset tracking identifier asset tracking id location format location information format, which can be: z invalid, indicating the form...
Page 1241
1-11 parameters global: displays the global lldp statistics. Interface interface-type interface-number: specifies a port by its type and number. Description use the display lldp statistics command to display the global lldp statistics or the lldp statistics of a port. If no keyword/argument is speci...
Page 1242
1-12 field description the number of lldp frames transmitted total number of the lldp frames transmitted through the port the number of lldp frames received total number of the lldp frames received through the port the number of lldp frames discarded total number of the lldp frames dropped on the po...
Page 1243
1-13 transmit delay : 2s trap interval : 5s fast start times : 3 port 1 [ethernet1/0/1] : port status of lldp : enable admin status : tx_rx trap flag : no roll time : 0s number of neighbors : 5 number of med neighbors : 2 number of cdp neighbors : 0 number of sent optional tlv : 12 number of receive...
Page 1244
1-14 field description number of sent optional tlv number of the optional tlvs contained in an lldpdu sent through the port number of received unknown tlv number of the unknown tlvs contained in a received lldpdu display lldp tlv-config syntax display lldp tlv-config [ interface interface-type inter...
Page 1245
1-15 capabilities tlv yes yes network policy tlv yes yes location identification tlv no no extended power via mdi tlv yes yes inventory tlv yes yes table 1-5 display lldp tlv-config command output description field description lldp tlv-config of port number interface-type interface-number tlvs that ...
Page 1246
1-16 parameters disable: specifies the disable mode. A port in this mode does not send or receive lldpdus. Rx: specifies the rx mode. A port in this mode receives lldpdus only. Tx: specifies the tx mode. A port in this mode sends lldpdus only. Txrx: specifies the txrx mode. A port in this mode sends...
Page 1248
1-18 related commands: lldp hold-multiplier, lldp timer tx-interval. Examples # enable lldp to be compatible with cdp globally. System-view [sysname] lldp compliance cdp lldp enable syntax lldp enable undo lldp enable view system view, ethernet interface view parameters none description use the lldp...
Page 1249
1-19 description use the lldp encapsulation snap command to configure the encapsulation format for lldpdus as snap on a port or a group of ports. Use the undo lldp encapsulation [ snap ] command to restore the default encapsulation format for lldpdus. By default, ethernet ii encapsulation applies. T...
Page 1250
1-20 lldp hold-multiplier syntax lldp hold-multiplier value undo lldp hold-multiplier view system view parameters value: ttl multiplier, in the range 2 to 10. Description use the lldp hold-multiplier command to set the ttl multiplier. Use the undo lldp hold-multiplier command to restore the default....
Page 1251
1-21 use the undo lldp management-address-tlv command to disable management address sending. By default, the management address is sent through lldpdus, and the management address is the primary ip address of the vlan with the least vlan id among the vlans whose packets are permitted on the port. If...
Page 1252
1-22 parameters value: interval to send trap messages, in the range 5 to 3600 (in seconds). Description use the lldp timer notification-interval command to set the interval to send trap messages. Use the undo lldp timer notification-interval command to restore the default. By default, the interval t...
Page 1253
1-23 parameters value: delay period to send lldpdus, in the range 1 to 8192 (in seconds). Description use the lldp timer tx-delay command to set the delay period to send lldpdus. Use the undo lldp timer tx-delay command to restore the default. By default, the delay period to send lldpdus is 2 second...
Page 1255
1-25 tel-number: telephone number for urgencies, a string of 10 to 25 characters. Network-policy: sends network policy tlvs. Power-over-ethernet: sends extended power-via-mdi tlvs. Description use the lldp tlv-enable command to enable the sending of specific tlvs for a port or all the ports in a por...
Page 1256: Table of Contents
I table of contents 1 password control configuration commands ························································································1-1 password control configuration commands··························································································1-1 display passw...
Page 1257
1-1 1 password control configuration commands password control configuration commands display password-control syntax display password-control view any view parameter none description use the display password-control command to display the information about the global password control for all users....
Page 1259
1-3 example # display the information about the password control for super passwords. Display password-control super super's password settings: password aging: enabled(90 days) password length: enabled(10 characters) password composition: enabled(1 type(s), 1 character(s) per type) password syntax p...
Page 1260
1-4 password-control aging syntax password-control aging aging-time undo password-control aging view system view/local user view parameter aging-time: password aging time in days. The effective range is 1 to 365. Description use the password-control aging command to configure the password aging time...
Page 1261
1-5 by default, the minimum password length is 10 characters. Note that: z the settings in system view have global significance, while those in local user view only have local significance. Z if both global and local settings are available, the local settings take effect. Example # set, in global se...
Page 1262
1-6 by default, the maximum number of password attempts is 3. After the password authentication failure, the system adopts the lock-time mode, that is, prevent this user to log in to the device within a period which defaults to 120 minutes. Example # set the number of login attempts allowed for each...
Page 1263
1-7 parameter alert-time: alert time in days. When the remaining valid time of a password is no more than this time, the user is alerted to the forthcoming password expiration. The effective range is 1 to 30. Description use the password-control alert-before-expire alert-time command to configure th...
Page 1265
1-9 # enable the limitation of the minimum password length. [sysname] password-control length enable password minimum length enabled for all users. # display the configuration of a user. [sysname] display local-user user-name test the contents of local user test: state: active servicetype mask: f id...
Page 1266
1-10 the product of policy-type and type-length must be equal to or less than 63. Description use the password-control composition command to configure a user password composition policy. Use the undo password-control composition command to restore the default user password composition policy. By de...
Page 1267
1-11 description use the password-control super command to configure the parameters related with the supper passwords, including the password aging time and the minimum password length. Use the undo password-control super command to restore the default settings for the super passwords. By default, t...
Page 1268
1-12 z if you set the password control parameters for a super user, these settings will override the global configuration. Otherwise, the global configuration will apply. Z if you do not specify the type-length type-length keyword-argument combination, the global setting is adopted. Example # config...
Page 1269
1-13 reset password-control history-record super syntax reset password-control history-record super [ level level-value ] view user view parameter level-value: privilege level, the history records of the super password for the users at this level will be deleted. This value ranges from 1 to 3. Descr...
Page 1270
1-14 username ip test 192.168.30.25 tes 192.168.30.24 test2 192.168.30.23 total 3 blacklist item(s). 3 listed. # delete the user test from the blacklist. Reset password-control blacklist user-name test are you sure to delete the specified user in blacklist?[y/n]y # check the current user information...
Page 1271: Appendix A Command Index
A-1 appendix a command index the command index includes all the commands in the command manual, which are arranged alphabetically. A b c d e f g h i j k l m n o p q r s t u v w x y z a abr-summary 17-routing protocol command 4-1 access-limit 20-aaa command 1-1 accounting 20-aaa command 1-2 accountin...
Page 1272
A-2 arp check enable 24-arp commands 1-1 arp detection enable 24-arp commands 2-1 arp detection trust 24-arp commands 2-2 arp filter binding 24-arp commands 2-3 arp filter source 24-arp commands 2-3 arp max-learning-num 24-arp commands 2-4 arp protective-down recover enable 24-arp commands 2-5 arp p...
Page 1273
A-3 boot attribute-switch 37-file system management command 1-17 boot boot-loader 37-file system management command 1-18 boot boot-loader 40-system maintenance and debugging command 3-1 boot boot-loader backup-attribute 37-file system management command 1-18 boot bootrom 40-system maintenance and de...
Page 1274
A-4 clock datetime 40-system maintenance and debugging command 1-1 clock summer-time 40-system maintenance and debugging command 1-2 clock timezone 40-system maintenance and debugging command 1-3 close 38-ftp-sftp-tftp command 1-10 cluster 32-cluster command 1-18 cluster enable 32-cluster command 1-...
Page 1275
A-5 delete 37-file system management command 1-3 delete 38-ftp-sftp-tftp command 1-10 delete 38-ftp-sftp-tftp command 1-27 delete static-routes all 17-routing protocol command 2-1 delete-member 32-cluster command 1-22 description 04-vlan command 1-1 description 08-port basic configuration command 1-...
Page 1276
A-6 dhcp server netbios-type 25-dhcp commands 1-16 dhcp server option 25-dhcp commands 1-17 dhcp server ping 25-dhcp commands 1-18 dhcp server relay information enable 25-dhcp commands 1-18 dhcp server static-bind 25-dhcp commands 1-19 dhcp server tftp-server domain-name 25-dhcp commands 1-20 dhcp s...
Page 1278
A-8 display dhcp server conflict 25-dhcp commands 1-23 display dhcp server expired 25-dhcp commands 1-24 display dhcp server free-ip 25-dhcp commands 1-25 display dhcp server ip-in-use 25-dhcp commands 1-26 display dhcp server statistics 25-dhcp commands 1-27 display dhcp server tree 25-dhcp command...
Page 1279
A-9 display ftm 31-xrn fabric command 1-4 display ftp source-ip 38-ftp-sftp-tftp command 1-12 display ftp-server 38-ftp-sftp-tftp command 1-1 display ftp-server source-ip 38-ftp-sftp-tftp command 1-2 display ftp-user 38-ftp-sftp-tftp command 1-2 display garp statistics 07-gvrp command 1-1 display ga...
Page 1280
A-10 display ip routing-table ip-address 17-routing protocol command 1-5 display ip routing-table ip-address1 ip-address2 17-routing protocol command 1-7 display ip routing-table ip-prefix 17-routing protocol command 1-7 display ip routing-table protocol 17-routing protocol command 1-8 display ip ro...
Page 1281
A-11 display mac-address security 11-port security command 1-1 display mac-authentication 21-mac address authentication command 1-1 display memory 17-routing protocol command 6-1 display memory 40-system maintenance and debugging command 3-5 display memory limit 17-routing protocol command 6-2 displ...
Page 1282
A-12 display ospf peer 17-routing protocol command 4-22 display ospf request-queue 17-routing protocol command 4-25 display ospf retrans-queue 17-routing protocol command 4-26 display ospf routing 17-routing protocol command 4-27 display ospf vlink 17-routing protocol command 4-28 display packet-dro...
Page 1283
A-13 display qos-interface all 27-qos-qos profile command 1-4 display qos-interface line-rate 27-qos-qos profile command 1-6 display qos-interface mirrored-to 27-qos-qos profile command 1-7 display qos-interface traffic-limit 27-qos-qos profile command 1-8 display qos-interface traffic-priority 27-q...
Page 1284
A-14 display sftp source-ip 38-ftp-sftp-tftp command 1-29 display smart-link flush 44-smart link-monitor link command 1-1 display smart-link group 44-smart link-monitor link command 1-2 display snmp-agent 33-snmp-rmon command 1-1 display snmp-agent community 33-snmp-rmon command 1-1 display snmp-age...
Page 1285
A-15 display tcp status 05-ip address and performance optimization command 2-12 display telnet source-ip 02-login command 1-6 display telnet-server source-ip 02-login command 1-5 display tftp source-ip 38-ftp-sftp-tftp command 2-1 display this 03-configuration file management command 1-9 display tim...
Page 1286
A-16 display web-authentication configuration 22-web authentication command 1-1 display web-authentication connection 22-web authentication command 1-2 display webcache 29-web cache redirection command 1-1 display xrn-fabric 31-xrn fabric command 1-7 dldp 13-dldp command 1-2 dldp authentication-mode...
Page 1287
A-17 dot1x re-authenticate 19-802.1x and system guard command 1-15 dot1x retry 19-802.1x and system guard command 1-13 dot1x retry-version-max 19-802.1x and system guard command 1-14 dot1x supp-proxy-check 19-802.1x and system guard command 1-16 dot1x timer 19-802.1x and system guard command 1-17 do...
Page 1288
A-18 flow-control no-pauseframe-sending 08-port basic configuration command 1-18 flush enable control-vlan 44-smart link-monitor link command 1-3 format 37-file system management command 1-9 free user-interface 02-login command 1-10 free web-users 02-login command 2-2 frequency 42-remote-ping comman...
Page 1289
A-19 h habp enable 19-802.1x and system guard command 3-3 habp server vlan 19-802.1x and system guard command 3-4 habp timer 19-802.1x and system guard command 3-4 header 02-login command 1-11 help 38-ftp-sftp-tftp command 1-30 history keep-time 42-remote-ping command 1-19 history-command max-size 0...
Page 1290
A-20 igmp group-policy vlan 18-multicast command 2-6 igmp host-join 18-multicast command 5-17 igmp host-join port 18-multicast command 2-7 igmp host-join port 18-multicast command 5-16 igmp host-join vlan 18-multicast command 2-8 igmp lastmember-queryinterval 18-multicast command 2-9 igmp max-respon...
Page 1291
A-21 info-center channel name 39-information center command 1-6 info-center console channel 39-information center command 1-7 info-center enable 39-information center command 1-7 info-center logbuffer 39-information center command 1-8 info-center loghost 39-information center command 1-9 info-center...
Page 1292
A-22 ip source static binding 25-dhcp commands 3-11 ip source static import dot1x 24-arp commands 2-9 ip-pool 32-cluster command 1-30 j jitter-interval 42-remote-ping command 1-25 jitter-packetnum 42-remote-ping command 1-25 jumboframe enable 08-port basic configuration command 1-20 k key 20-aaa com...
Page 1293
A-23 lldp hold-multiplier 46-lldp commands 1-20 lldp management-address-tlv 46-lldp commands 1-20 lldp notification remote-change enable 46-lldp commands 1-21 lldp timer notification-interval 46-lldp commands 1-21 lldp timer reinit-delay 46-lldp commands 1-22 lldp timer tx-delay 46-lldp commands 1-2...
Page 1294
A-24 mac-address multicast interface 18-multicast command 1-8 mac-address multicast vlan 18-multicast command 1-9 mac-address security 11-port security command 1-5 mac-address timer 14-mac address table management command 1-6 mac-address-mapping 41-vlan-vpn command 2-1 mac-authentication 21-mac addr...
Page 1295
A-25 mkdir 38-ftp-sftp-tftp command 1-18 mkdir 38-ftp-sftp-tftp command 1-31 monitor-link group 44-smart link-monitor link command 2-2 monitor-port 28-mirroring command 1-8 more 37-file system management command 1-10 move 37-file system management command 1-11 msdp 18-multicast command 4-7 msdp-trac...
Page 1296
A-26 network 17-routing protocol command 4-33 network 25-dhcp commands 1-34 nm-interface vlan-interface 32-cluster command 1-32 nslookup type 43-dns command 1-6 nssa 17-routing protocol command 4-34 ntdp enable 32-cluster command 1-8 ntdp explore 32-cluster command 1-9 ntdp hop 32-cluster command 1-...
Page 1297
A-27 ospf cost 17-routing protocol command 4-37 ospf dr-priority 17-routing protocol command 4-38 ospf mib-binding 17-routing protocol command 4-38 ospf mtu-enable 17-routing protocol command 4-39 ospf network-type 17-routing protocol command 4-40 ospf timer dead 17-routing protocol command 4-41 osp...
Page 1298
A-28 peer connect-interface 18-multicast command 4-11 peer description 18-multicast command 4-11 peer mesh-group 18-multicast command 4-12 peer minimum-ttl 18-multicast command 4-12 peer request-sa-enable 18-multicast command 4-13 peer sa-cache-maximum 18-multicast command 4-14 peer sa-policy 18-mul...
Page 1299
A-29 port auto-power-down 40-system maintenance and debugging command 3-12 port hybrid protocol-vlan vlan 04-vlan command 1-14 port hybrid pvid vlan 04-vlan command 1-9 port hybrid vlan 04-vlan command 1-9 port isolate 10-port isolation command 1-1 port link-aggregation group 09-link aggregation com...
Page 1300
A-30 priority 27-qos-qos profile command 1-15 priority trust 27-qos-qos profile command 1-16 probe-failtimes 42-remote-ping command 1-27 protocol inbound 02-login command 1-16 protocol inbound 36-ssh command 1-10 protocol-priority protocol-type 27-qos-qos profile command 1-17 protocol-vlan 04-vlan c...
Page 1301
A-31 r radius client 20-aaa command 1-44 radius nas-ip 20-aaa command 1-44 radius scheme 20-aaa command 1-45 radius trap 20-aaa command 1-46 radius-scheme 20-aaa command 1-22 raw-vlan-id inbound 41-vlan-vpn command 2-2 reboot 40-system maintenance and debugging command 3-13 reboot member 32-cluster ...
Page 1302
A-32 reset dhcp-server 25-dhcp commands 2-10 reset dhcp-snooping 25-dhcp commands 3-11 reset dns dynamic-host 43-dns command 1-7 reset dot1x statistics 19-802.1x and system guard command 1-21 reset ftm statistics 31-xrn fabric command 1-14 reset garp statistics 07-gvrp command 1-5 reset hwtacacs sta...
Page 1303
A-33 reset saved-configuration 03-configuration file management command 1-10 reset smart-link packets counter 44-smart link-monitor link command 1-6 reset stop-accounting-buffer 20-aaa command 1-48 reset stop-accounting-buffer 20-aaa command 1-69 reset stp 16-mstp command 1-12 reset tcp statistics 0...
Page 1304
A-34 rip work 17-routing protocol command 3-17 rmdir 37-file system management command 1-15 rmdir 38-ftp-sftp-tftp command 1-23 rmdir 38-ftp-sftp-tftp command 1-34 rmon alarm 33-snmp-rmon command 2-8 rmon event 33-snmp-rmon command 2-10 rmon history 33-snmp-rmon command 2-11 rmon prialarm 33-snmp-rm...
Page 1305
A-35 secondary accounting 20-aaa command 1-70 secondary authentication 20-aaa command 1-52 secondary authentication 20-aaa command 1-71 secondary authorization 20-aaa command 1-72 security-policy-server 20-aaa command 2-1 self-service-url 20-aaa command 1-24 send 02-login command 1-18 sendpacket pas...
Page 1306
A-36 snmp-agent community 33-snmp-rmon command 1-13 snmp-agent group 02-login command 2-3 snmp-agent group 33-snmp-rmon command 1-14 snmp-agent local-engineid 33-snmp-rmon command 1-16 snmp-agent log 33-snmp-rmon command 1-16 snmp-agent mib-view 33-snmp-rmon command 1-17 snmp-agent packet max-size 3...
Page 1307
A-37 ssh client first-time enable 36-ssh command 1-27 ssh server authentication-retries 36-ssh command 1-28 ssh server compatible-ssh1x enable 36-ssh command 1-29 ssh server rekey-interval 36-ssh command 1-29 ssh server timeout 36-ssh command 1-30 ssh user 36-ssh command 1-30 ssh user assign 36-ssh ...
Page 1308
A-38 storm-constrain interval 08-port basic configuration command 1-36 stp 16-mstp command 1-13 stp bpdu-protection 16-mstp command 1-15 stp bridge-diameter 16-mstp command 1-16 stp compliance 16-mstp command 1-16 stp config-digest-snooping 16-mstp command 1-18 stp cost 16-mstp command 1-20 stp dot1...
Page 1309
A-39 stub 17-routing protocol command 4-50 summary 17-routing protocol command 3-18 super 01-cli command 1-4 super authentication-mode 01-cli command 1-5 super password 01-cli command 1-6 sysname 31-xrn fabric command 1-15 sysname 40-system maintenance and debugging command 1-5 system-guard ip detec...
Page 1310
A-40 terminal logging 39-information center command 1-20 terminal monitor 39-information center command 1-21 terminal trapping 39-information center command 1-21 test-enable 42-remote-ping command 1-35 test-failtimes 42-remote-ping command 1-36 test-time begin 42-remote-ping command 1-33 test-type 4...
Page 1311
A-41 timer wait 15-auto detect command 1-7 time-range 26-acl command 1-26 timers 17-routing protocol command 3-19 topology accept 32-cluster command 1-45 topology restore-from 32-cluster command 1-46 topology save-to 32-cluster command 1-47 tos 42-remote-ping command 1-37 tracemac 32-cluster command...
Page 1312
A-42 update fabric 40-system maintenance and debugging command 3-17 user 38-ftp-sftp-tftp command 1-23 user privilege level 02-login command 1-27 user-interface 02-login command 1-27 username 42-remote-ping command 1-38 user-name-format 20-aaa command 1-59 user-name-format 20-aaa command 1-75 v verb...
Page 1313
A-43 vrrp ping-enable 23-vrrp command 1-6 vrrp vlan-interface vrid track 23-vrrp command 1-6 vrrp vrid authentication-mode 23-vrrp command 1-7 vrrp vrid preempt-mode 23-vrrp command 1-8 vrrp vrid priority 23-vrrp command 1-9 vrrp vrid timer advertise 23-vrrp command 1-10 vrrp vrid track detect-group...
Page 1314
A-44 z.