DL manuals
3Com
Switch
Switch 8807
Command Reference Manual

3Com Switch 8807 Command Reference Manual

Other manuals for Switch 8807: Product Manual, Datasheet, Installation Manual, Configuration Manual

Manual is about: 8800 Series

Page of 1099

Download

Print this page

Bookmark us

3Com

Switch 8800 Family

Command Reference Guide

Switch 8807

Switch 8810

Switch 8814

www.3Com.com

Part No. 10015595, Rev. AA

Published: January 2007

1 2 3 4 5 6 7 Next › »

Summary of Switch 8807

Page 1
3com ® switch 8800 family command reference guide switch 8807 switch 8810 switch 8814 www.3com.Com part no. 10015595, rev. Aa published: january 2007.
Page 2
3com corporation 350 campus drive marlborough, ma usa 01752-3064 copyright © 2007, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without writt...
Page 3: Lphabetical
A lphabetical l isting of c ommands abr-summary 413 access-limit 309 accounting optional 309 accounting optional 328 acl 215 acl 275 active region-configuration 169 aggregate 497 aggregate 655 aggregate 707 anti-attack 293 apply as-path 547 apply community 548 apply cost 548 apply cost-type 549 appl...
Page 4
Bgp 499 binary 991 boot boot-loader 981 boot bootrom 982 broadcast-restrain 773 broadcast-suppression 129 broadcast-suppression 583 bsr-policy 617 bye 962 bye 992 cache-sa-enable 637 c-bsr 618 ccc 761 cd 962 cd 971 cd 992 cdup 963 cdup 992 ce 766 check region-configuration 169 checkzero 397 clock da...
Page 5
Debugging 993 debugging arp 811 debugging arp packet 812 debugging bgp 503 debugging bgp 709 debugging bgp mp-update 656 debugging dhcp relay 850 debugging dhcp server 825 debugging dns 862 debugging ha 801 debugging hwtacacs 354 debugging igmp 603 debugging isis 463 debugging lacp packet 149 debugg...
Page 6
Default tag 419 default type 419 default-cost 420 default-route imported 505 default-route-advertise 421 default-route-advertise 464 delete 963 delete 972 delete 994 delete static-routes all 393 delete vpn-instance 393 description 1073 description 131 description 711 description 77 description 775 d...
Page 7
Display arp multi-port 814 display arp proxy 815 display arp timer aging 815 display bgp group 506 display bgp l2vpn 768 display bgp multicast group 658 display bgp multicast network 659 display bgp multicast peer 659 display bgp multicast routing-table 659 display bgp multicast routing-table as-pat...
Page 8
Display dhcp server free-ip 837 display dhcp server ip-in-use 837 display dhcp server statistics 838 display dhcp server tree 839 display dhcprelay-security 853 display diagnostic-information 1034 display dns domain 863 display dns dynamic-host 863 display dns server 864 display domain 313 display d...
Page 9
Display ip routing-table ip-prefix 387 display ip routing-table protocol 388 display ip routing-table radix 390 display ip routing-table statistics 390 display ip routing-table verbose 392 display ip routing-table vpn-instance 391 display ip routing-table vpn-instance 713 display ip socket 110 displ...
Page 10
Display mpm group 586 display msdp brief 638 display msdp peer-status 638 display msdp sa-cache 639 display msdp sa-count 640 display multicast forwarding-table 588 display multicast routing-table 589 display nqa 1074 display ntp-service sessions 930 display ntp-service status 930 display ntp-servic...
Page 11
Display port-group index 233 display power 985 display protocol-vlan interface 84 display qos conform-level 234 display qos cos-drop-precedence-map 236 display qos cos-local-precedence-map 236 display qos-interface all 237 display qos-interface drop-mode 237 display qos-interface mirrored-to 238 dis...
Page 12
Display stop-accounting-buffer hwtacacs-scheme 355 display stp 172 display stp region-configuration 174 display stp tc 175 display supervision-module information 891 display supervlan 91 display switchover state 801 display tcp statistics 112 display tcp status 114 display this 72 display time-range...
Page 13
Dot1x quiet-period 302 dot1x retry 302 dot1x supp-proxy-check 303 dot1x timer 304 drop-mode 246 dscp 247 duplex 135 enable 871 enable snmp trap 905 encapsulation 779 execute 973 exit 964 exp 248 expired 842 file prompt 974 filter-policy export 399 filter-policy export 437 filter-policy export 438 fi...
Page 14
Graceful-restart interval 472 graceful-restart suppress-sa 472 gratuitous-arp-learning enable 816 group 520 group 718 gvrp 126 gvrp registration 126 header 48 help 965 history-command max-size 51 history-records 1077 host-route 401 hwtacacs nas-ip 356 hwtacacs scheme 356 idle-cut 317 idle-timeout 52...
Page 15
Import-route 401 import-route 442 import-route 474 import-route 521 import-route 664 import-route 721 import-route isis level-2 into level-1 474 import-route-limit 442 import-source 641 info-center channel name 1008 info-center console channel 1009 info-center enable 1010 info-center logbuffer 1010 ...
Page 16
Ip vpn-instance 723 ip-protect enable 104 ipv4-family 724 ipv4-family multicast 665 isis 475 isis authentication-mode 476 isis circuit-level 477 isis cost 478 isis dis-priority 478 isis enable 479 isis mesh-group 480 isis timer csnp 481 isis timer hello 481 isis timer hello minimal 482 isis timer ho...
Page 17
Loopback-detection control 1047 loopback-detection disable 1047 loopback-detection enable 1045 loopback-detection enable vlan 1045 loopback-detection interval-time 1046 ls 965 ls 996 lsp-trigger 684 mac-address 162 mac-address 781 mac-address max-mac-count 163 mac-address max-mac-count enable 164 ma...
Page 18
Mtu 771 mtu 782 multicast 592 multicast route-limit 593 multicast routing-enable 594 multicast static-router-port 579 multicast-suppression 140 multicast-suppression 594 name 321 name 80 nas-ip 337 nas-ip 357 nbns-list 844 nesting-vpn 725 netbios-type 844 network 402 network 443 network 522 network ...
Page 19
Ospf mib-binding 448 ospf mtu-enable 448 ospf network-type 449 ospf timer dead 449 ospf timer hello 450 ospf timer retransmit 451 ospf trans-delay 452 packet-filter 223 packet-filter 282 parity 55 passive 997 password 1090 password 321 password-control 1091 password-control enable 1093 password-cont...
Page 20
Peer filter-policy export 670 peer filter-policy export 735 peer filter-policy import 529 peer filter-policy import 670 peer filter-policy import 735 peer graceful-restart 530 peer group 531 peer group 671 peer group 736 peer ip-prefix export 531 peer ip-prefix export 672 peer ip-prefix export 737 p...
Page 21
Peer vpn-instance group 745 peer vpn-instance route-policy import 746 peer-public-key end 947 pim 627 pim bsr-boundary 628 pim dm 628 pim neighbor-limit 629 pim neighbor-policy 630 pim sm 630 pim timer hello 631 ping 1035 poe enable 882 poe enable slot 882 poe legacy enable slot 883 poe max-power 88...
Page 22
Port-group 255 port-mode 144 preference 403 preference 452 preference 488 preference 539 preference 676 preference 748 primary accounting 338 primary accounting 358 primary authentication 339 primary authentication 359 primary authorization 360 priority 255 private-group-id mode standard 323 probe-f...
Page 23
Refresh bgp 541 refresh bgp multicast 677 region-name 177 register-policy 632 remotehelp 999 remote-ip 706 remove 967 rename 967 rename 977 reset 404 reset acl counter 224 reset arp 817 reset bgp 542 reset bgp flap-info 542 reset bgp group 543 reset counters interface 146 reset dampening 543 reset d...
Page 24
Reset recycle-bin 978 reset saved-configuration 73 reset stop-accounting-buffer 342 reset stop-accounting-buffer 361 reset stp 177 reset tcp statistics 116 reset traffic-statistic 262 reset trapbuffer 1021 reset udp statistics 117 reset vrrp statistics 793 retry 343 retry realtime-accounting 344 ret...
Page 25
Schedule reboot at 986 schedule reboot delay 987 scheme 322 screen-length 57 secondary accounting 345 secondary accounting 362 secondary authentication 346 secondary authentication 363 secondary authorization 364 self-service-url 324 send 58 sendpacket passroute 1080 send-trap 1081 server-type 347 s...
Page 26
Snmp-agent trap enable ospf 456 snmp-agent trap life 913 snmp-agent trap queue-size 914 snmp-agent trap source 914 snmp-agent usm-user 278 snmp-agent usm-user 915 source-interface 1082 source-ip 1082 source-policy 634 speed 147 speed 61 spf-delay-interval 491 spf-schedule-interval 457 spf-slice-size...
Page 27
Stp edged-port 183 stp instance root primary 184 stp instance root secondary 201 stp interface 185 stp interface edged-port 186 stp interface instance cost 185 stp interface instance port priority 187 stp interface loop-protection 188 stp interface mcheck 189 stp interface no-agreement-check 190 stp...
Page 28
Temperature-limit 988 terminal debugging 1021 terminal logging 1022 terminal monitor 1022 terminal trapping 1023 test-enable 1083 test-failtimes 1083 test-type 1084 tftp get 1001 tftp put 1002 timeout 1085 timer 544 timer 752 timer lsp-generation 484 timer lsp-max-age 493 timer lsp-refresh 493 timer...
Page 29
Undo mac-address vsi 787 undo snmp-agent 916 update l3plus 989 user 1000 user privilege level 64 user-interface 64 user-name-format 351 user-name-format 366 verbose 1000 vlan 82 vlan vpn-range 756 vlan-assignment-mode 326 vlan-mapping modulo 208 vlan-type ip-subnet 90 vlan-vpn enable 1067 vlan-vpn e...
Page 31: Ontents
C ontents a bout t his g uide conventions 35 related documentation 36 1 c ommand l ine i nterface c ommands command line interface commands 37 2 c ommands u sed to l og in to s witch logging in to switch commands 43 3 c onfiguration f ile m anagement c ommands configuration file management commands ...
Page 32
10 e thernet p ort c onfiguration c ommands ethernet port configuration commands 129 11 e thernet l ink a ggregation c onfiguration c ommands ethernet link aggregation configuration commands 149 12 mac a ddress t able m anagement c ommands mac address table management commands 161 13 mstp c onfigura...
Page 33
23 s tatic r oute c onfiguration c ommands display commands of the routing table 381 static route configuration commands 393 24 rip c onfiguration c ommands rip configuration commands 397 25 ospf c onfiguration c ommands ospf configuration commands 413 26 i ntegrated is-is c onfiguration c ommands i...
Page 34
36 pim c onfiguration c ommands pim configuration commands 617 37 msdp c onfiguration c ommands msdp configuration commands 637 38 mbgp m ulticast e xtension c onfiguration c ommands mbgp multicast extension configuration commands 655 39 mpls b asic c onfiguration c ommands mpls basic configuration ...
Page 35
48 dns c onfiguration c ommands static dns configuration commands 861 dynamic dns configuration commands 862 49 n etstream c onfiguration c ommands netstream configuration commands 869 50 p o e c onfiguration c ommands poe configuration commands 879 51 p o e psu s upervision c ommands poe psu superv...
Page 36
Tftp configuration commands 1001 60 i nformation c enter information center configuration commands 1003 61 s ystem m aintenance c ommands basic system configuration and management commands 1025 system status and system information query commands 1028 system debug commands 1033 network connection tes...
Page 37: Bout
Conventions 35 a bout t his g uide this guide describes the 3com ® switch 8800 and how to install hardware, configure and boot software, and maintain software and hardware. This guide also provides troubleshooting and support information for your switch. This guide is intended for qualified service ...
Page 38
36 a bout t his g uide related documentation the following manuals offer additional information necessary for managing your switch 8800: ■ switch 8800 command reference guide — provides detailed descriptions of command line interface (cli) commands, that you require to manage your switch 8800. ■ swi...
Page 39: Ommand
1 c ommand l ine i nterface c ommands command line interface commands command-privilege level syntax command-privilege level level view view command undo command-privilege view view command view system view parameter level: specifies the command level, ranging from 0 to 3. View: specifies the comman...
Page 40
38 c hapter 1: c ommand l ine i nterface c ommands example # configure the precedence of the command "interface" as 0. System-view system view: return to user view with ctrl+z. [sw8800] command-privilege level 0 view system interface display history-command syntax display history-command [command-nu...
Page 41
Command line interface commands 39 figure 1 relation between history buffer size and command-number you can either specify the number of commands to be queried (command-number) or input a string to query commands that match the string. You can the two methods separately or in combination. ■ if you o...
Page 42
40 c hapter 1: c ommand l ine i nterface c ommands # display five commands executed recently in the history command buffer. Display history-command 5 acl name lc interface vlan-interface 1 ip address 10.11.113.14 24 quit quit # display all the buffered history commands that match the specified regul...
Page 43
Command line interface commands 41 login users are classified into four levels that correspond to the four command levels respectively. After users of different levels log in, they can only use commands at the levels that are equal to or lower than its own level. Related command: super password, qui...
Page 44
42 c hapter 1: c ommand l ine i nterface c ommands system-view system view: return to user view with ctrl+z. [sw8800] super password level 3 simple zbr.
Page 46
44 c hapter 2: c ommands u sed to l og in to s witch interfaces, such as the aux port and vty interface, are configured for local password authentication, users cannot log in to the system without a password. Example # configure local password authentication. System-view system view: return to user ...
Page 48
46 c hapter 2: c ommands u sed to l og in to s witch display user-interface 0 idx type tx/rx modem privi auth int + 0 con 0 9600 - 3 n - + : current user-interface is active. F : current user-interface is active and work in async mode. Idx : absolute index of user-interface. Type : type and relative...
Page 50
48 c hapter 2: c ommands u sed to l og in to s witch [sw8800] user-interface aux 0 [3com-ui-aux0] flow-control software free user-interface syntax free user-interface [ type ] number view user view parameter type: specifies the user interface type. Number: specifies the absolute/relative number of t...
Page 51
Logging in to switch commands 49 text: specifies the title text. If you do not choose any keyword in the command, the system displays the login information by default. The system supports two types of input modes: one is to input all the text in one line, and altogether 256 characters, including com...
Page 52
50 c hapter 2: c ommands u sed to l og in to s witch when you log in to the switch again, the preset session establishment header "hello, welcome!" is displayed on the terminal screen. The initial character 0 is not header content. 2 you can also input the header content in a single line. In this ca...
Page 53
Logging in to switch commands 51 option 2: input in multiple lines [sw8800] header shell % shell: (after you press the key, the system prompts the following message.) input banner text, and quit with the character ’%’. Go on inputting the rest text and end your input with the first letter: hello! We...
Page 54
52 c hapter 2: c ommands u sed to l og in to s witch [sw8800] user-interface aux 0 [3com-ui-aux0] history-command max-size 20 idle-timeout syntax idle-timeout minutes [ seconds ] undo idle-timeout view user interface view parameter minutes: specifies the minute, ranging from 0 to 35791. Seconds: spe...
Page 55
Logging in to switch commands 53 by default, the value is english. Example # switch from english mode to chinese mode. Language-mode chinese lock syntax lock view user view parameter none description use the lock command to lock the user interface to prevent unauthorized user from operating it. Exam...
Page 56
54 c hapter 2: c ommands u sed to l og in to s witch example # configure to allow call-in and call-out of modem on the aux port. System-view system view: return to user view with ctrl+z. [sw8800] user-interface aux 0 [3com-ui-aux0] modem both modem auto-answer syntax modem auto-answer undo modem aut...
Page 57
Logging in to switch commands 55 description use the modem timer answer command to configure the timer answer from off-hook to carrier detected when establishing the call in connection. Use the undo modem timer answer command to restore the default timeout value. This command can only be performed i...
Page 59
Logging in to switch commands 57 example # return to user view from system view. [sw8800] quit return syntax return view system view or above parameter none description use the return command to return to user view from a view other than user view. Combination key performs the same function with the...
Page 60
58 c hapter 2: c ommands u sed to l og in to s witch by default, 24 lines (including the multi-screen identifier lines) are displayed in one screen when the multi-screen display function is enabled. The screen-length 0 command is used to disable this function. Example # configure the lines that can ...
Page 61
Logging in to switch commands 59 use the undo service-type telnet command to restore the default level of command a user can use after login. Commands are classified into four levels, namely visit level, monitoring level, configuration level and management level. They are introduced as follows: ■ vi...
Page 62
60 c hapter 2: c ommands u sed to l og in to s witch description use the set authentication password command to configure the password for local authentication. Use the undo set authentication password command to cancel local authentication password. The password in plain text is required when perfo...
Page 63
Logging in to switch commands 61 system-view system view: return to user view with ctrl+z. [sw8800] user-interface vty 0 4 [3com-ui-vty0-4] undo shell speed syntax speed speed-value undo speed view user interface view parameter speed-value: specifies the transmission rate on the user interface in bp...
Page 64
62 c hapter 2: c ommands u sed to l og in to s witch description use the stopbits command to configure the stop bits on the user interface. Use the undo stopbits command to restore the default stop bits. This command can only be performed in console and aux user interface view. By default, the value...
Page 65
Logging in to switch commands 63 view user view parameter none description use the system-view command to enter system view from user view. Related command: quit, return. Example # enter system view from user view. System-view system view: return to user view with ctrl+z.. [sw8800] telnet syntax tel...
Page 66
64 c hapter 2: c ommands u sed to l og in to s witch user-interface syntax user-interface [ type ] first-number [ last-number ] view system view parameter type: specifies the user interface type, which can be aux, console or vty. First-number: specifies the number of the first user interface to be c...
Page 67
Logging in to switch commands 65 example # configure to use commands level 0 after logging in from vty 0 user interface. System-view system view: return to user view with ctrl+z. [sw8800] user-interface vty 0 [3com-ui-vty0] user privilege level 0 # after you telnet from vty 0 user interface to the s...
Page 68
66 c hapter 2: c ommands u sed to l og in to s witch.
Page 70
68 c hapter 3: c onfiguration f ile m anagement c ommands description use the display current-configuration command to display the currently effective configuration parameters of the switch. If some running configuration parameters are the same with the default operational parameters, they will not ...
Page 71
Configuration file management commands 69 state active idle-cut disable domain default enable system # local-server nas-ip 127.0.0.1 key 3com # router id 2.2.2.2 # stp timer hello 500 # vlan 1 # vlan 2 # interface vlan-interface1 # interface vlan-interface2 ip address 10.1.1.2 255.255.255.0 # interf...
Page 73
Configuration file management commands 71 display saved-configuration syntax display saved-configuration view any view parameter none description use the display saved-configuration command to view the configuration files in the flash memory or cf card of switch. If the the switch works abnormally a...
Page 74
72 c hapter 3: c onfiguration f ile m anagement c ommands display this syntax display this view any view parameter none description use the display this command to display the running configuration of the current view. If you need to authenticate whether the configurations is correct after you have ...
Page 75
Configuration file management commands 73 the system software actually used for the current enabling, the filename of the system software configured for the next enabling, the configuration filename used for the current enabling, the configuration filename configured for the next enabling. Related c...
Page 76
74 c hapter 3: c onfiguration f ile m anagement c ommands save syntax save [ file-name ] view user view parameter file-name: name of the configuration file with the extension .Cfg. It is a character string of 5 to 56 characters. Description use the save command to save the current configuration file...
Page 77
Configuration file management commands 75 the extension of configuration file must be .Cfg, and the startup configuration file must be saved under the directory where the memory resides. The memory is flash. Related command: display startup. Example # configure the configuration file for the next st...
Page 78
76 c hapter 3: c onfiguration f ile m anagement c ommands.
Page 79: Vlan C
4 vlan c onfiguration c ommands vlan configuration commands description syntax description string undo description view vlan view, vlan interface view parameter string: description character string of current vlan or vlan interface. For vlan, it ranges from 1 to 32 characters. For vlan interface, it...
Page 80
78 c hapter 4: vlan c onfiguration c ommands description use the display trap-to-cpu command to view the related information about the cpu port. Example # display related information about the cpu port display trap-to-cpu trap-to-cpu disable vlan 2 10 14 to 15 display interface vlan-interface syntax...
Page 82
80 c hapter 4: vlan c onfiguration c ommands interface vlan-interface syntax interface vlan-interface vlan-id undo interface vlan-interface vlan-id view system view parameter vlan-id: id of vlan interface, ranging from 1 to 4094. Description use the interface vlan-interface command to configure vlan...
Page 83
Vlan configuration commands 81 example # name the current vlan 2 "hello". [3com-vlan2] name hello shutdown syntax shutdown undo shutdown view vlan interface view parameter none description use the shutdown command to disable the vlan interface. Use the undo shutdown command to enable the vlan interf...
Page 84
82 c hapter 4: vlan c onfiguration c ommands use the undo trap-to-cpu disable command to move the cpu port into a vlan. By default, a vlan contains a cpu port. Example # move the cpu port out of vlan 2. [3com-vlan2] trap-to-cpu disable warning : cpu port will exit the designated vlan. Broadcast & mu...
Page 85
Port-based vlan configuration commands 83 all: deletes all vlans. Description use the vlan vlan-id-list command to enter vlan view or to create a range of vlans. Use the undo vlan command to delete the specified vlan. If only one vlan is created, the system will automatically enter the view of the v...
Page 86
84 c hapter 4: vlan c onfiguration c ommands note that you can add/delete trunk port and hybrid port to/from vlan by the port and undo port commands in ethernet port view, but not in vlan view. Related command: display vlan. Example # add ethernet2/1/1 through ethernet2/1/3 to vlan 2. [3com-vlan2] p...
Page 88
86 c hapter 4: vlan c onfiguration c ommands all: adds/deletes all protocols to/from a port. Description use the port hybrid protocol-vlan vlan command to add a protocol vlan or protocol vlans to a specified port. Use the undo port hybrid protocol-vlan vlan command to delete a protocol vlan or proto...
Page 89
Ip subnet-based vlan configuration commands 87 mode: specifies the vlan based on other protocols. The following protocols can be supported: all: supports all the protocols. Description use the protocol-vlan command to specify the parameters of vlans based on appletalk, ipx, and so on. Use the undo v...
Page 90
88 c hapter 4: vlan c onfiguration c ommands description use the display vlan-ip vlan command to display the information and index of the ip subnet-based vlan configured on the specified vlan. You can refer to this command for using an ip subnet-based vlan and adding/deleting an ip subnet-based vlan...
Page 91
Ip subnet-based vlan configuration commands 89 description use the display vlan-ip interface command to display the information of the ip subnet-based vlan configured on a specified port. You can refer to this command for using an ip subnet-based vlan and adding/deleting an ip subnet-based vlan. Rel...
Page 93: Uper
5 s uper vlan c onfiguration c ommands super vlan configuration commands display supervlan syntax display supervlan [ supervlan-id ] view any view parameter supervlan-id: vlan id of a configured super vlan. This argument ranges from 1 to 4094. Description use the display supervlan command to display...
Page 94
92 c hapter 5: s uper vlan c onfiguration c ommands vlan type: static it is a sub vlan. And the super vlan is vlan 2 arp proxy enabled. Route interface: not configured description: vlan 0003 tagged ports: none untagged ports: ethernet5/1/1 [sw8800]display vlan 4 vlan id: 4 vlan type: static it is a ...
Page 95
Super vlan configuration commands 93 ■ you can still add/remove ports to/from a vlan after the mapping relationship is established. ■ the undo subvlan command cancels all mapping relationships between the specified super vlan and all sub vlans. If you do not specify the sub-vlan-list argument. Other...
Page 96
94 c hapter 5: s uper vlan c onfiguration c ommands.
Page 97: Solate
6 i solate -u ser -v lan c onfiguration c ommands isolate-user-vlan configuration commands display isolate-user-vlan syntax display isolate-user-vlan [ isolate-user-vlan-num ] view any view parameter isolate-user-vlan-num: vlan id of an isolate-user-vlan. Description use the display isolate-user-vla...
Page 98
96 c hapter 6: i solate -u ser -v lan c onfiguration c ommands description: vlan 0003 name: vlan 0003 tagged ports: none untagged ports: ethernet2/1/3 vlan id: 4 vlan type: static isolate-user-vlan type : secondary arp proxy disabled. Route interface: not configured description: vlan 0004 name: vlan...
Page 99
Isolate-user-vlan configuration commands 97 description use the isolate-user-vlan command to establish the mapping relationship between isolate-user-vlan and secondary vlan. Use the undo isolate-user-vlan command to cancel the mapping relationship. By default, there is no mapping relationship betwee...
Page 100
98 c hapter 6: i solate -u ser -v lan c onfiguration c ommands n ■ you cannot configure vlan 1 as an isolate-user-vlan or secondary vlan. ■ you cannot directly configure isolate-user-vlan as other types of vlan than common vlan, such as secondary vlan, multicast vlan, super vlan/sub vlan, guest vlan...
Page 101: Ip A
7 ip a ddress c onfiguration c ommands ip address configuration commands display ip host syntax display ip host view any view parameter none description use the display ip host command to display all the host names and the corresponding ip addresses. Example # display all host names and the correspo...
Page 102
100 c hapter 7: ip a ddress c onfiguration c ommands parameter interface-type interface-number: interface-type refers to the interface type, and interface-number refers to the interface number. Refer to the interface command in port command manual for more information. Description use the display ip...
Page 104
102 c hapter 7: ip a ddress c onfiguration c ommands by default, a vlan interface/loopback interface/console interface does not have an ip address configured. Normally, a vlan interface/loopback interface/console interface only needs to be configured with one ip address. But you can also assign up t...
Page 105
Ip address configuration commands 103 parameter hostname: name of the host. It is a character string that consists of 1 to 20 characters, including letters, numbers, "_", or ",", and it must contain at least one letter. Ip-address: host ip address (the corresponding ip address to the host name) in d...
Page 106
104 c hapter 7: ip a ddress c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] ip icmp-time-exceed enable ip-protect enable syntax ip-protect enable undo ip-protect view vlan interface view parameter none description use the ip-protect enable command to enabl...
Page 107: Ip P
8 ip p erformance c onfiguration c ommands ip performance configuration commands display fib syntax display fib view any view parameter none description use the display fib command to view the entries of the forwarding information base. Each line outputs indicates a fib entry. The information includ...
Page 109
Ip performance configuration commands 107 # display the fib entries whose destination addresses are in the range of 169.254.0.0/16 to 169.254.0.6/16. Display fib 169.254.0.0 255.255.0.0 169.254.0.6 255.255.0.0 route entry count: 1 destination/mask nexthop flag timestamp interface 169.254.0.1/16 2.1....
Page 111
Ip performance configuration commands 109 example # display the total number of fib entries. Display fib statistics route entry count : 30 display icmp statistics syntax display icmp statistics view any view parameter none description use the display icmp statistics command to view the statistics in...
Page 112
110 c hapter 8: ip p erformance c onfiguration c ommands display ip socket syntax display ip socket [ socktype sock-type ] [ task-id socket-id ] view any view parameter sock-type: the type of a socket (tcp:1, udp: 2, raw ip: 3). Task-id: the id of a task, with the value ranging from 1 to 100. Socket...
Page 113
Ip performance configuration commands 111 display ip statistics syntax display ip statistics view any view parameter none description use the display ip statistics command to view the statistics information about ip packets. Related command: display ip interface, reset ip statistics. Example # view ...
Page 114
112 c hapter 8: ip p erformance c onfiguration c ommands display tcp statistics syntax display tcp statistics view any view parameter none description use the display tcp statistics command to view the statistics information about tcp packets. For the related commands, see display tcp status, reset ...
Page 115
Ip performance configuration commands 113 example # view statistics about tcp packets. Display tcp statistics received packets: total: 753 packets in sequence: 412 (11032 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 4 ...
Page 116
114 c hapter 8: ip p erformance c onfiguration c ommands display tcp status syntax display tcp status view any view parameter none description use the display tcp status command to view all tcp connection states. This helps user monitor tcp connection at any time. Sent packets information followed i...
Page 117
Ip performance configuration commands 115 example # display the state of all tcp connections. Display tcp status tcpcb local add:port foreign add:port state 03e37dc4 0.0.0.0:4001 0.0.0.0:0 listening 04217174 100.0.0.204:23 100.0.0.253:65508 established the displayed information indicates that a tcp ...
Page 118
116 c hapter 8: ip p erformance c onfiguration c ommands reset ip statistics syntax reset ip statistics view user view parameter none description use the reset ip statistics command to clear the ip statistics information. Related command: display ip interface, display ip statistics. Example # clear ...
Page 119
Ip performance configuration commands 117 example # clear the tcp statistics information. Reset tcp statistics reset udp statistics syntax reset udp statistics view user view parameter none description use the reset udp statistics command to can clear the udp statistics information. Example # clear ...
Page 120
118 c hapter 8: ip p erformance c onfiguration c ommands tcp timer syn-timeout syntax tcp timer syn-timeout time-value undo tcp timer syn-timeout view system view parameter time-value: tcp synwait timer value measured in seconds, whose value ranges from 2 to 600. The default time-value is 75 seconds...
Page 121
Ip performance configuration commands 119 system-view system view: return to user view with ctrl+z. [sw8800] tcp window 3.
Page 122
120 c hapter 8: ip p erformance c onfiguration c ommands.
Page 123: Garp&gvrp C
9 garp&gvrp c onfiguration c ommands garp configuration commands display garp statistics syntax display garp statistics [ interface interface-list ] view any view parameter interface-list: list of ethernet ports to be displayed, expressed as interface-list = { interface-type interface-number [ to in...
Page 124
122 c hapter 9: garp&gvrp c onfiguration c ommands parameter interface-list: list of ethernet ports of which the grrp timer information is to be displayed, expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&. Interface-type is interface type, and...
Page 125
Garp configuration commands 123 ■ the value of join timer should be no less than the doubled value of hold timer. ■ the value of leave timer should be greater than the doubled value of join timer and smaller than the leaveall timer value. ■ the minimal value of join timer is 10 centiseconds. Descrip...
Page 126
124 c hapter 9: garp&gvrp c onfiguration c ommands after every garp application entity is started, the leaveall timer will be started simultaneously. The garp application entity will send leaveall message after the timer times out to make other application entities re-register all attribute informat...
Page 127
Gvrp configuration commands 125 interface-type interface-number] }&. Interface-type is interface type, and interface-number is interface number. The interface-number after the keyword to must be larger than or equal to that before to. & means that the preceding parameter can be repeated up to 10 tim...
Page 128
126 c hapter 9: garp&gvrp c onfiguration c ommands gvrp syntax gvrp undo gvrp view system view/ethernet port view parameter none description use the gvrp command to enable gvrp. Use the undo gvrp command to disable gvrp. By default, gvrp is disabled. This command can be used to enable/disable global...
Page 129
Gvrp configuration commands 127 use the undo gvrp registration command to restore the default type. By default, the registration type is normal. This command can be only used on trunk port. Related command: display gvrp statistics. Example # set the gvrp registration type of ethernet2/1/1 as fixed. ...
Page 130
128 c hapter 9: garp&gvrp c onfiguration c ommands.
Page 132
130 c hapter 10: e thernet p ort c onfiguration c ommands ■ no distinction is made between known multicast and unknown multicast for multicast suppression. Related command: multicast-suppression. Example # set the broadcast suppression ratio to 40. System-view system view: return to user view with c...
Page 133
Ethernet port configuration commands 131 description syntax description text undo description view ethernet port view parameter text: port description character string, with 64 characters at most. Description use the description command to configure the description character string for ethernet port...
Page 134
132 c hapter 10: e thernet p ort c onfiguration c ommands example # display the inbound statistics on the gigabitethernet ports. Display counters inbound interface gigabitethernet interface total(pkts) broadcast(pkts) multicast(pkts) err(pkts) ge3/2/1 12,345,678,912,345 overflow 12,345,678,912,345 1...
Page 135
Ethernet port configuration commands 133 allow jumbo frame to pass mixinsert-port vpn status:not enable mixinsert access pvid: 48 mdi type: auto port link-type: access tagged vlan id : none untagged vlan id : 48 last 300 seconds input: 0 packets/sec 61 bits/sec 1% last 300 seconds output: 0 packets/...
Page 136
134 c hapter 10: e thernet p ort c onfiguration c ommands display jumboframe configuration syntax display jumboframe configuration view any view parameter none description use the display jumboframe configuration command to view the jumbo frame configuration on all cards. The supported jumbo frame l...
Page 137
Ethernet port configuration commands 135 parameter hybrid: displays hybrid port. Trunk: displays trunk port. Description use the display port command to view the ports in the current system, whose link type is hybrid or trunk. If there is any such port, display the corresponding port name and the in...
Page 138
136 c hapter 10: e thernet p ort c onfiguration c ommands description use the duplex command to configure the duplex attribute of the ethernet port. Use the undo duplex command to restore the duplex attribute of the port to default auto-negotiation mode. By default, the duplex attribute is auto. Rel...
Page 139
Ethernet port configuration commands 137 parameter interval: interval of performing statistics on ports in seconds. It is 300 seconds by default. Description use the flow interval command to set the interval of performing statistics on ports. The switch performs the statistics about the average spee...
Page 140
138 c hapter 10: e thernet p ort c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] link-status hold 5 interface syntax interface interface-type interface-number view system view parameter interface-type: specifies the port type. It can be aux, ethernet, loop...
Page 141
Ethernet port configuration commands 139 description use the jumboframe enable command to permit jumbo frames to pass the card on the specified slot and set the maximum size of jumbo frames. Use the jumboframe disable slot command to prohibit jumbo frames from passing the card on the specified slot....
Page 143
Ethernet port configuration commands 141 use the undo multicast-suppression command to disable the broadcast suppression function. The default multicast suppression ratio is 100%. You can use the multicast-suppression command repeatedly. The effective multicast suppression ratio value is the one las...
Page 144
142 c hapter 10: e thernet p ort c onfiguration c ommands use the undo port access vlan command to cancel the access port from the vlan. The condition for using this command is that the vlan indicated in vlan-id must exist. Example # join ethernet2/1/1 port to vlan3 (vlan3 has existed). System-view ...
Page 145
Ethernet port configuration commands 143 parameter vlan-id-list: vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&: specifies which vlan the hybrid port will be added to. It can be discrete. The vlan-id ranges from 1 to 4,094. & indicates that the former parameter can be input 10 times repeatedly at most...
Page 146
144 c hapter 10: e thernet p ort c onfiguration c ommands use the undo port link-type command to restore the port as default status, i.E. Access port. You can configure three types of ports concurrently on the same switch, but you cannot switch between trunk port and hybrid port. You must turn it fi...
Page 148
146 c hapter 10: e thernet p ort c onfiguration c ommands description use the port trunk pvid vlan command to configure the default vlan id of trunk port. Use the undo port trunk pvid command to restore the default vlan id of the port. The default vlan id of local trunk port should be consistent wit...
Page 149
Ethernet port configuration commands 147 undo shutdown view ethernet port view parameter none description use the shutdown command to disable the ethernet port. Use the undo shutdown command to enable the ethernet port. By default, the ethernet port is enabled. Example # enable ethernet port etherne...
Page 150
148 c hapter 10: e thernet p ort c onfiguration c ommands by default, the speed is auto. Related command: duplex. Example # configure ethernet port ethernet2/1/1 port speed as 100 mbps. System-view system view: return to user view with ctrl+z. [sw8800] interface ethernet2/1/1 [3com-ethernet2/1/1] sp...
Page 151: Thernet
11 e thernet l ink a ggregation c onfiguration c ommands ethernet link aggregation configuration commands debugging lacp packet syntax debugging lacp packet [ interface interface-type interface-number [ to interface-type interface-number ] ] undo debugging lacp packet [ interface interface-type inte...
Page 153
Ethernet link aggregation configuration commands 151 use the undo debugging link-aggregation error command to disable link aggregation error debugging. Example # enable link aggregation error debugging. Debugging link-aggregation error debugging link-aggregation event syntax debugging link-aggregati...
Page 154
152 c hapter 11: e thernet l ink a ggregation c onfiguration c ommands display link-aggregation summary syntax display link-aggregation summary view any view parameter none description use the display link-aggregation summary command to view summary information of all aggregation groups, including l...
Page 155
Ethernet link aggregation configuration commands 153 view any view parameter agg-id: aggregation group id, which must be existing ones, in the range of 1 to 920. Ids 1 through 31 indicate manual or static aggregation groups; ids 32 through 64 are reserved; ids 65 through 192 are routed trunks; ids 1...
Page 156
154 c hapter 11: e thernet l ink a ggregation c onfiguration c ommands display link-aggregation interface syntax display link-aggregation interface interface-type interface-number [ to interface-type interface-number ] view any view parameter interface { interface-type interface-number [ to interfac...
Page 157
Ethernet link aggregation configuration commands 155 lacp enable syntax lacp enable undo lacp enable view ethernet port view parameter none description use the lacp enable command to enable lacp. Use the undo lacp enable command to disable lacp. Example # enable lacp for ethernet port ethernet1/1/1....
Page 158
156 c hapter 11: e thernet l ink a ggregation c onfiguration c ommands description use the lacp port-priority command to configure port priority. Use the undo lacp port-priority command to restore the default port priority. Related command: display link-aggregation verbose and display link-aggregati...
Page 159
Ethernet link aggregation configuration commands 157 interface-name2: last range value of ethernet port joined the ethernet link aggregation. Both: specifies the aggregation group to balance load for inbound and outbound packets. Description use the link-aggregation command to configure a series of ...
Page 161
Ethernet link aggregation configuration commands 159 view ethernet port view parameter agg-id: aggregation group id, in the range of 1 to 920. Ids 1 though 31 indicate manual or static aggregation groups; ids 32 through 64 are reserved; ids 65 though 192 indicate routed trunks; ids 193 through 920 i...
Page 162
160 c hapter 11: e thernet l ink a ggregation c onfiguration c ommands.
Page 163: Mac A
12 mac a ddress t able m anagement c ommands mac address table management commands display mac-address aging-time syntax display mac-address aging-time view any view parameter none description use the display mac-address aging-time command to view the aging time of the dynamic entry in the mac addre...
Page 164
162 c hapter 12: mac a ddress t able m anagement c ommands dynamic: dynamic table entry, which will be aged. Interface-type: specifies the interface type. Interface-number: specifies the interface number. Count: the display information will only contain the sum number of mac addresses in the mac add...
Page 165
Mac address table management commands 163 for detailed description on interface-type and interface-number see port configuration section of this manual. Vlan-id: specifies the vlan id. Description use the mac-address command to add/modify the mac address table entry. Use the undo mac-address command...
Page 166
164 c hapter 12: mac a ddress t able m anagement c ommands this port will no longer learn any more mac addresses; and you can use the undo mac-address max-mac-count command to remove the limit on the number. N ■ the maximum number of mac addresses on an i/o module ranges from 12 k to 16 k depending ...
Page 167
Mac address table management commands 165 use the undo mac-address max-mac-count enable forward command to enable the switch to drop the packets whose source mac addresses are not learned by the port when the number of mac addresses automatically learned by the port reaches the threshold value. Use ...
Page 168
166 c hapter 12: mac a ddress t able m anagement c ommands [sw8800] interface ethernet3/1/3 [3com-ethernet3/1/3] mac-address max-mac-count 600 [3com-ethernet3/1/3] undo mac-address max-mac-count enable forward # cancel the alarm function [3com-ethernet3/1/3] undo mac-address max-mac-count enable ala...
Page 169
Mac address table management commands 167 undo mac-address timer aging view system view parameter aging age: specifies the aging time (measured in seconds) of the layer-2 dynamic address table entry, ranging from 10 to 630. By default, the aging time is 300 seconds. No-aging : no aging time. Descrip...
Page 170
168 c hapter 12: mac a ddress t able m anagement c ommands vlan vlan-id: clears all of the mac address entries in the specified vlan. For the range of the vlan-id argument, see the introduction to the interface command in the port module of the command manual. Description use the reset mac-address c...
Page 171: Mstp C
13 mstp c onfiguration c ommands mstp configuration commands active region-configuration syntax active region-configuration view mst region view parameter none description use the active region-configuration command to activate the configurations of mst region. This command is used for manually acti...
Page 172
170 c hapter 13: mstp c onfiguration c ommands parameter none description use the check region-configuration command to view the configuration information (including switch region name, revision level, and vlan mapping table) to be activated. Mstp defines that the user must ensure the correct region...
Page 174
172 c hapter 13: mstp c onfiguration c ommands use the debugging stp state-machine prs command to enable debugging of the state machine for port role selection. Use the undo debugging stp state-machine prs command to disable debugging of the state machine for port role selection. Use the debugging s...
Page 176
174 c hapter 13: mstp c onfiguration c ommands message-age time, and remaining-hops; num of vlans mapped, number of sent bpdu packets, and number of received bpdu packets. 3 global mstis parameter: msti instance id, bridge priority of the instance, region root, internal path cost, msti root port, ma...
Page 177
Mstp configuration commands 175 mst region configuration information includes: region name, region revision level, and associations between vlans and mstis. All these configurations together determine to which mst region a switch belongs. Related command: stp region-configuration. Example # display ...
Page 178
176 c hapter 13: mstp c onfiguration c ommands port ethernet3/1/1 0 port ethernet3/1/9 1 ---------- stp instance 0 tc or tcn detected count ---------- port ethernet3/1/1 1 port ethernet3/1/9 0 ---------- stp instance 0 tc or tcn sent count ---------- port ethernet3/1/1 1 port ethernet3/1/9 0 n the t...
Page 179
Mstp configuration commands 177 example # map vlan 2 to msti 1. System-view system view: return to user view with ctrl+z. [sw8800]stp region-configuration [3com-mst-region] instance 1 vlan 2 # map vlan5-10 to msti 3. [3com-mst-region] instance 3 vlan 5 6 7 8 9 10 region-name syntax region-name name ...
Page 180
178 c hapter 13: mstp c onfiguration c ommands parameter interface-list: ethernet port list, containing multiple ethernet ports and expressed as interface-list = { interface-type interface-number [ to { interface-type interface-number] }&. For detail descriptions of interface-type, interface-number ...
Page 182
180 c hapter 13: mstp c onfiguration c ommands stp bpdu-protection syntax stp bpdu-protection undo stp bpdu-protection view system view parameter none description use the stp bpdu-protection command to enable the bpdu protection on the switch. Use the undo stp bpdu-protection command to restore the ...
Page 183
Mstp configuration commands 181 description use the stp bridge-diameter command to configure the switching network diameter. Use the undo stp bridge-diameter command to restore the default network diameter. The definition of network diameter: maximum count of switches between the farthest communicat...
Page 184
182 c hapter 13: mstp c onfiguration c ommands description use the stp compliance command to set the format of the packets that the current port sends and receives. You can configure the format to legacy, dot1s, or auto. By default, the port sends the packets in the legacy format. Example # set ethe...
Page 186
184 c hapter 13: mstp c onfiguration c ommands stp instance root primary syntax stp [ instance instance-id ] root primary [ bridge-diameter bridgenum [ hello-time centi-senconds ] ] undo stp [ instance instance-id ] root view system view parameter instance-id: specifies the spanning tree instance id...
Page 187
Mstp configuration commands 185 after a switch is configured as a primary root bridge or a secondary root bridge, users cannot modify the bridge priority of the switch. Example # designate the current switch as the root bridge of msti 0 and specify the diameter of the switching network as 4 and the ...
Page 188
186 c hapter 13: mstp c onfiguration c ommands undo stp interface interface-list [ instance instance-id ] cost view system view parameter interface-list: ethernet port list, containing multiple ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type int...
Page 189
Mstp configuration commands 187 parameter interface-list: ethernet port list, containing multiple ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&. For detail descriptions of interface-type and interface-number parameters, r...
Page 190
188 c hapter 13: mstp c onfiguration c ommands view system view parameter interface-list: ethernet port list, containing multiple ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&. For detail descriptions of interface-type an...
Page 191
Mstp configuration commands 189 interface-number ] }&. For detail descriptions of interface-type and interface-number parameters, refer to the corresponding descriptions in port command manual. & means that the preceding parameters can be entered up to 10 times description use the stp interface loop...
Page 192
190 c hapter 13: mstp c onfiguration c ommands parameter interface-list: ethernet port list, containing multiple ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&. For detail descriptions of interface-type and interface-numbe...
Page 193
Mstp configuration commands 191 use the undo stp interface no-agreement-check command to disable port fast transition. By default, port fast transition is disabled. Related command: stp no-agreement-check. N you can configure fast transition only on a root port or an alternate port. Example # enable...
Page 194
192 c hapter 13: mstp c onfiguration c ommands this configuration takes effect on the cist and all the mstis. The settings of a port whether to connect the point-to-point link will be applied to all the mstis where the port belongs. Note that a temporary loop may be redistributed if you configure a ...
Page 195
Mstp configuration commands 193 higher-priority bpdu for a certain period of time thereafter, it will resume its original state. Related command: stp root-protection. Example # enable root protection on the ethernet2/1/1 system-view system view: return to user view with ctrl+z. [sw8800] stp interfac...
Page 196
194 c hapter 13: mstp c onfiguration c ommands stp loop-protection syntax stp loop-protection undo stp loop-protection view ethernet port view parameter none description use the stp loop-protection command to enable loop protection function. Use the undo stp loop-protection command to restore the de...
Page 197
Mstp configuration commands 195 use the undo stp max-hops command to restore the default max hops. On cist and mstis, the max hops configured on the region root determines the max switching network diameter supported by the local mst region. As the bpdu travels from the spanning tree root, each time...
Page 199
Mstp configuration commands 197 description use the stp no-agreement-check command to enable port fast transition. Use the undo stp interface no-agreement-check command to disable port fast transition. By default, port fast transition is disabled. Related command: stp interface no-agreement-check. N...
Page 200
198 c hapter 13: mstp c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] interface gigabitethernet3/1/1 [3com-gigabitethernet3/1/1]stp disable [sw8800] stp non-flooding slot 3 # discard bpdu packets received on all ports when stp is not globally enabled. Syst...
Page 201
Mstp configuration commands 199 auto: configures to automatically check if the link to the ethernet port is a point-to-point link. Description use the stp point-to-point command to configure the current ethernet port (not) to connect with point-to-point link. Use undo stp point-to-point command to c...
Page 202
200 c hapter 13: mstp c onfiguration c ommands description use the stp port priority command to configure the priority of a port on a specified msti. Use the undo stp port priority command to restore the default priority of the port on the specified msti. You may specify the instance-id parameter as...
Page 204
202 c hapter 13: mstp c onfiguration c ommands undo stp [ instance instance-id ] root view system view parameter instance instance-id: specifies the spanning tree instance id, ranging from 0 to 48. Specify it as 0 to configure cist. Root secondary: configures the current switch as the secondary root...
Page 205
Mstp configuration commands 203 stp root-protection syntax stp root-protection undo stp root-protection view ethernet port view parameter none description use the stp root-protection command to enable on root protection the switch. Use the undo stp root-protection command to restore the default stat...
Page 206
204 c hapter 13: mstp c onfiguration c ommands description use the stp tc-protection enable command to enable the protection function so that the switch is protected against attack from tc-bpdu packets. Use the stp tc-protection disable command to disable the protection function. By default, the pro...
Page 207
Mstp configuration commands 205 the forward delay configured on the root bridge determines the state transition time. The root bridge will determine the state transition time according to the configured values, while the other switches will apply the forward delay configured on it. When configuring ...
Page 208
206 c hapter 13: mstp c onfiguration c ommands timeouts. The root bridge transmits bpdu packets at an interval as you configured, while other switches apply the hello time configured on the root bridge. When configuring hello time, forward delay and max age, remember to guarantee the following equat...
Page 209
Mstp configuration commands 207 when you configure hello time, forward delay and max age, remember to guarantee the following equations: 2 x (forward delay -1.0 second) >= max age max age >= 2 x (hello time + 1.0 second) only if the earlier-mentioned formulas are equal can the mstp normally operate ...
Page 210
208 c hapter 13: mstp c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] stp timer-factor 7 stp transmit-limit syntax stp transmit-limit packetnum undo stp transmit-limit view ethernet port view parameter packetnum: specifies the amount limit to the transmitt...
Page 211
Use the undo vlan-mappin g modulo command to disable the function. By default, all the vlans are mapped to cist, namely instance 0. Related command: region-name, revision-level, check region-configuration, active region-configuration example # map vlan to msti based on modulo 16. System-view system ...
Page 212
210 c hapter 13: mstp c onfiguration c ommands.
Page 213: Igest
14 d igest s nooping c onfiguration c ommands digest snooping configuration commands stp config-digest-snooping syntax stp config-digest-snooping undo stp config-digest-snooping view system view, ethernet port view parameter none description use the stp config-digest-snooping command to enable diges...
Page 214
212 c hapter 14: d igest s nooping c onfiguration c ommands n ■ you must enable digest snooping on a port first before enabling it globally. ■ digest snooping is unnecessary if the interconnected switches are from the same manufacturer. ■ when implementing digest snooping, make sure that the domain ...
Page 215: Bpdu T
Bpdu tunnel configuration commands 213 15 bpdu t unnel c onfiguration c ommands bpdu tunnel configuration commands vlan-vpn enable syntax vlan-vpn enable undo vlan-vpn view ethernet port view parameter none description use the command vlan-vpn enable to enable vlan vpn (qinq) on the port. Use the un...
Page 216
214 c hapter 15: bpdu t unnel c onfiguration c ommands parameter none description use the vlan-vpn tunnel command to enable bridge protocol data unit (bpdu) tunnel on the switch. Use the undo vlan-vpn tunnel command to disable bpdu tunnel on the switch. Bpdu tunnel enables geographically segmented u...
Page 218
216 c hapter 16: acl c ommands using the acl command, you can create an acl named "acl-name". And the type of this acl is decided by keywords: "advanced", "basic" or "link". After entering a corresponding acl view, no matter the acl is identified by a number or a name, you can use the rule command t...
Page 219
Acl commands 217 the matched times here refer to the software matched times, that is, the matched times of the acls that needed to be processed by cpu. You can collect hardware matched times value by using the traffic-statistic command. Example # display contents of all acls. Display acl config all ...
Page 221
Acl commands 219 slot slotid: displays the flow template applied on the specified card. User-defined: displays the user-defined flow template. Description use the display flow-template command to view the detailed configuration of flow template. The configuration includes which parameters the flow t...
Page 222
220 c hapter 16: acl c ommands time-range : hhy ( inactive ) from 08:30 2-5-2005 to 18:00 2-19-2005 time-range : hhy1 ( inactive ) from 08:30 2-5-2003 to 18:00 2-19-2003 # display time range tm1. Display time-range tm1 current time is 14:37:31 4-3-2003 thursday time-range : tm1 ( inactive ) from 08:...
Page 223
Acl commands 221 related command: display flow-template, flow-template user-defined slot slotid template-info. Example # apply the user-defined flow template to current port ethernet4/1/1. System-view system view: return to user view with ctrl+z. [sw8800] interface ethernet2/1/1 [3com-ethernet4/1/1]...
Page 224
222 c hapter 16: acl c ommands ■ mac-type: mac-type field of a specified packet, no bytes in the flow template. ■ s-tag-vlan: the vlan id in the most external 802.1qtag that the packet carries, in the length of 2 bytes together with cos in the flow template. ■ sip wildcard : source ip domain in the ...
Page 225
Acl commands 223 related command: display flow-template, flow-template user-defined. Example # define a flow template which classifies traffic by source and destination ip addresses, source and destination tcp/udp ports, dscp domain in the ip packet header. System-view system view: return to user vi...
Page 229
Acl commands 227 established: (optional) it is effective only to the first syn packet established by tcp and active when protocol is set as tcp. Precedence precedence: (optional) ip priority level, in a number (ranging from 0 to 7) or a name. Tos tos: (optional) indicating packets are classified by ...
Page 230
228 c hapter 16: acl c ommands c-tag-cos c-cos-value: specified 802.1p priority in the internal 802.1qtag carried by the packet. Specify the same value for the c-cos-value and cos-value parameters. Protocol-type: this parameter is used to specify the protocol type carried by the ethernet frame. The ...
Page 231
Acl commands 229 description use the rule command to add a rule to the acl. Use the undo rule command to delete a rule from the acl. You can define multiple rules for an acl. Only the specified rules will be deleted if you select parameters in the undo rule command. If you redefine an existing rule,...
Page 233
Acl commands 231 if a time range only defines the absolute time range, the time range is only active within the absolute time range. If a time range only defines the absolute time range and multiple ranges of this time range are available (repeating this time range name can configure multiple absolu...
Page 234
232 c hapter 16: acl c ommands.
Page 235: S C
17 q o s c ommands qos commands c caution: after qacl is configured in port view, the qacl configuration of all the member ports in the port group keeps the same all the time. After a port is added to the port group, the port configuration is overwritten by that of the port group. You cannot apply t...
Page 236
234 c hapter 17: q o s c ommands description use the display port-group index command to display the configuration information of the designated port group, including the description and member information of the port group. Related command: port example # display the configured information of port ...
Page 237
Qos commands 235 dscp-policed-service-map [ dscp-list ]: displays "dscp + conform-level -> service-parameter" mapping table. Dscp-list: dscp value, which can be a single value or values, for example, you can type single dscp value "46", or dscp values "0 8 10 16" (a space is required between two val...
Page 238
236 c hapter 17: q o s c ommands # display the "local-precedence + conform-level -> priority" mapping table. Display qos conform-level 0 local-precedence-cos-map conform-level 0 : local-precedence : 0 1 2 3 4 5 6 7 -------------------------------------------------------------------- cos : 0 1 2 3 4 ...
Page 239
Qos commands 237 display qos-interface all syntax display qos-interface [ interface- type interface-number ] all view any view parameter interface-type interface-number: port of the switch, for detailed description, please refer to command manual - port. Description use the display qos-interface all...
Page 240
238 c hapter 17: q o s c ommands parameter interface-type interface-number: port of the switch, for detailed description, please refer to command manual - port. Description use the display qos-interface drop-mode command to view drop mode configuration of outbound queues at a port. If no port is spe...
Page 241
Qos commands 239 description use the display qos-interface queue-scheduler command to view queue scheduling mode and parameters of a port. If no port is specified, queue scheduling mode and the parameters of all ports will be displayed. Related command: queue-scheduler. Example # display queue sched...
Page 242
240 c hapter 17: q o s c ommands example # display parameter configuration of traffic rate limitation,. Display qos-interface traffic-limit gigabitethernet2/1/1: traffic-limit inbound: matches: acl 2020 rule 0 running committed information rate: 1000 kbps committed burst size: 1000 byte(s) excess bu...
Page 243
Qos commands 241 example # display traffic redirection configuration. Display qos-interface traffic-redirect gigabitethernet3/1/1: traffic-redirect inbound: matches: acl 2020 rule 0 running redirected to: next-hop 1.1.1.1 display qos-interface traffic-shape syntax display qos-interface [ interface-t...
Page 244
242 c hapter 17: q o s c ommands rate: port rate. This parameter is available only when you select interface-type interface-number. Timeinterval: interval for making statistics of rates, ranging from 1 to 5 seconds. The default value is one second. Description use the display qos-interface traffic-s...
Page 245
Qos commands 243 example # display all the qos parameter configurations of all the vlans. Display qos-vlan all vlan 1 traffic-limit inbound: there is no configuration. Outbound: there is no configuration. Vlan 1 traffic-priority inbound: there is no configuration. Outbound: there is no configuration...
Page 246
244 c hapter 17: q o s c ommands description use the display qos-vlan traffic-limit command to display the parameter configuration for traffic limit in vlan, including the configuration information about related acl and policing actions. Related command: traffic-limit and traffic-params. Example # d...
Page 247
Qos commands 245 display qos-vlan traffic-redirect syntax display qos-vlan [ vlan-id ] traffic-redirect view any view parameter vlan-id: id of a vlan, in the range of 1 to 4094. Description use the display qos-vlan traffic-redirect command to display the parameter configuration for traffic redirecti...
Page 248
246 c hapter 17: q o s c ommands matches: acl 3000 rule 0 running (action-type: eacl, destination slot: 2) 0 byte display traffic-params syntax display traffic-params [ traffic-index ] view any view parameter traffic-index: traffic parameter index. The default value is 1. Description use the display...
Page 249
Qos commands 247 in the case of network congestion, the switch drops packets to release system resources. And then no packets are put into long-delay queues. The following two drop modes are available: ■ tail drop mode: different queues (red, yellow and green) are allocated with different drop thres...
Page 250
248 c hapter 17: q o s c ommands after entering conform level view, you can configure the "dscp + conform-level -> service-parameter" mapping table of the corresponding level. For example, you can enter conform level 0 view and configure the "dscp + conform-level 0 -> service-parameter" mapping tabl...
Page 251
Qos commands 249 parameter exp-list: original exp value, which can be a single value or several values, in the range of 0 to 7. For example, you can type single exp value "2", or exp values "2 3 4" (space is required between values). Exp is mpls priority of mpls packets. Dscp-value: modified dscp va...
Page 252
250 c hapter 17: q o s c ommands cos-value2: 802.1p priority value corresponding to local-precedence 2, in the range of 0 to 7. Cos-value3: 802.1p priority value corresponding to local-precedence 3, in the range of 0 to 7. Cos-value4: 802.1p priority value corresponding to local-precedence 4, in the...
Page 254
252 c hapter 17: q o s c ommands interface: mirrors traffic to the designated destination port. Description use the mirrored-to command to activate an acl and mirror data streams to the cpu or the designated destination port. Use the undo mirrored-to command to remove traffic mirroring setting. This...
Page 255
Qos commands 253 group may contain one monitoring port and several monitored ports. You can also specify the direction of the monitored packets. Switch 8800 family series support up to 24 mirroring groups at a port. Related command: display mirroring-group. N switch 8800 family series support cross-...
Page 256
254 c hapter 17: q o s c ommands if the mirroring-group has been configured, the system will prompt "the mirroring-group has been configured!" port syntax port interface-list undo port interface-list view port group view parameter interface-list: ethernet port list to be added to a port group or to ...
Page 257
Qos commands 255 port-group syntax port-group index undo port-group index view system view parameter index: port group number. Description use the port-group command to create a port group and enter port group view. Use the undo port-group index command to delete a port group. The port group number ...
Page 258
256 c hapter 17: q o s c ommands after receiving a packet, the switch allocates a set of service parameters to it according to a specific rule. The procedure to obtain local precedence: first obtain it according to the "cos ->local-precedence" mapping table. If failed, the system uses the default lo...
Page 259
Qos commands 257 parameter cos0-map-drop-prec: mapping value from cos 0 to drop precedence, in the range of 0 to 2. Cos1-map-drop-prec: mapping value from cos 1 to drop precedence, in the range of 0 to 2. Cos2-map-drop-prec: mapping value from cos 2 to drop precedence, in the range of 0 to 2. Cos3-m...
Page 260
258 c hapter 17: q o s c ommands mapping table and the "cos -> drop-precedence" mapping table. You can modify the cos -> drop-precedence mapping table using this command. Example # configure the "cos -> drop-precedence" mapping table. System-view system view: return to user view with ctrl+z. [sw8800...
Page 261
Qos commands 259 cos6-map-local-prec: mapping value from cos 6 to local precedence, in the range of 0 to 7. Cos7-map-local-prec: mapping value from cos 7 to local precedence, in the range of 0 to 7. Description use the qos cos-local-precedence-map command to configure the "cos -> local-precedence" m...
Page 262
260 c hapter 17: q o s c ommands queue syntax queue queue-id green-min-threshhold green-max-threshhold green-max-prob yellow-min-threshhold yellow-max-threshhold yellow-max-prob red-min-threshhold red-max-threshhold red-max-prob exponent undo queue queue-id view wred index view parameter queue-id: o...
Page 263
Qos commands 261 description use the queue command to configure parameters for a wred index. Use the undo queue command to restore the default parameters for the wred index. The switch provides four sets of default wred parameters, respectively numbered as 0, 1, 2 and 3. Each set includes 80 paramet...
Page 264
262 c hapter 17: q o s c ommands use the undo queue-scheduler command to restore the default setting, sp algorithm. By default, sp algorithm is selected for all outbound queues at a port. The switch supports eight outbound queues at a port, with different scheduling algorithms for them. You can conf...
Page 265
Qos commands 263 rule rule: specifies the subitem of an active acl, ranging from 0 to 127; if not specified, all subitems of acl will be activated. Description use the reset traffic-statistic command to clear statistics of all traffic or traffic of a specific acl. Example # clear traffic statistics ...
Page 267
Qos commands 265 ■ when you configure traffic policing for a port group, all the ports in the port group occupy the same bandwidth, that is, the configured traffic parameter is shared by all the ports. Cir: committed information rate in kbps. Cbs: committed burst size in bytes. Ebs: excess burst siz...
Page 268
266 c hapter 17: q o s c ommands the local-precedence + conform-level-> 802.1p priority mapping table. For details about the two mapping tables, see the qos conform-level, dscp and local-precedence commands. Example # set traffic limitation for the packets match the permitted rules in the acl 4000: ...
Page 270
268 c hapter 17: q o s c ommands the system can set service parameters for the matched traffic in one of following modes: 1 employ the service parameters automatically allocated by the switch. Upon receiving a packet, the switch allocates a set of service parameters for it according to a specific ru...
Page 272
270 c hapter 17: q o s c ommands allowed to pass, and l3-vpn means that mpls l3-vpn packets are allowed to pass. Destination-vlan must be the vlan where the destination port belongs to. Next-hop ip-addr1 [ ip-addr2 ]: redirects packets to the specified ip address. You can define two ip addresses at ...
Page 273
Qos commands 271 [3com-ethernet5/1/2] traffic-redirect inbound link-group 4000 interface ethernet5/1/1 4094 l3-vpn # configure traffic redirection on a service processor card for packets that match the permit rules in acl 3000. 1 redirect the packets of vlan4 that match the permit rules in acl 3000 ...
Page 275
Qos commands 273 tc-index index: index value of traffic conditioner, ranging from 0 to 12288. If you configured the same index value to different traffic rules during traffic statistic configuration, then the statistic of these traffics is performed. Description use the traffic-statistic command to ...
Page 276
274 c hapter 17: q o s c ommands wred syntax wred wred-index undo wred wred-index view system view parameter wred-index: wred index, in the range of 0 to 3. Description use the wred command to create a wred index view and enter it. Use the undo wred command to restore the default wred parameters. Th...
Page 278
276 c hapter 18: acl c ontrol c ommands to c ontrol l ogin u sers you use the rules of a basic or advanced acl, only the source ip address and its mask, the destination ip address and its mask, and the time-range parameter in them are valid. Similarly, when you use layer 2 acls to implement the acl ...
Page 279
The acl control commands to control login users 277 description use the snmp-agent community command to set the community access name, permit the access to the switch using snmp, and reference the acl to perform acl control to the network management users by acl-number. Use the undo snmp-agent commu...
Page 280
278 c hapter 18: acl c ontrol c ommands to c ontrol l ogin u sers write-view: name of read-write view, ranging from 1 to 32 bytes. Notify-view: sets notify view. Notify-view: name of notify view, ranging from 1 to 32 bytes. Acl acl-number: number identifier of basic number-based acls, ranging from 2...
Page 281
The acl control commands to control login users 279 auth-password: authentication password, character string, ranging from 1 to 64 bytes. Privacy: specifies the security level as encryption. Des56: specifies the des encryption protocol. Priv-password: encryption password, character string, ranging f...
Page 282
280 c hapter 18: acl c ontrol c ommands to c ontrol l ogin u sers.
Page 283: Vlan-Acl C
19 vlan-acl c onfiguration c ommands vlan-acl configuration commands the vlan-acl configuration is subject to the following limitations: 1 limitations on flow templates: ■ the system only applies vlan-acl to ports with the default flow template applied. The applied acl rule field must be specified b...
Page 286
284 c hapter 19: vlan-acl c onfiguration c ommands system-index index: specifies the system index value of the rule. Normally, an applied rule is assigned a globally unique index value automatically for being indexed. You can also specify the index value for the rule, but this value may change while...
Page 287
Vlan-acl configuration commands 285 use the command to perform flow limit on the packets matching the specified acl (only available to the rules whose action is permit in the acl). When the parameter is set, it is required that cirpir,cbsebs. It is recommended to set the values of cbs and ebs 100-15...
Page 288
286 c hapter 19: vlan-acl c onfiguration c ommands system-index index: specifies the system index value of the rule. Normally, a applied rule is assigned a globally unique index value automatically for being indexed. You can also specify the index value for the rule, but this value may change while ...
Page 289
Vlan-acl configuration commands 287 dscp priorities and exp values of mpls packets. To choose this mode, specify the remark-policed-service dscp dscp-value when executing this command. 4 specify a set of service parameters. To choose this mode, specify remark-policed-service untrusted dscp dscp-valu...
Page 290
288 c hapter 19: vlan-acl c onfiguration c ommands change while the system is running. In general, you are not recommended to specify this parameter manually. Cpu: redirects packets to the cpu. Next-hop ip-addr1 [ ip-addr2 ]: redirects packets to the specified ip address. You can define two ip addre...
Page 291
Vlan-acl configuration commands 289 3999. Acl-name: name of the acl, which must be a character string starting with an english letter (a-z or a-z), and without any space in it. Rule rule: specifies the subitem of an active acl, ranging from 0 to 127; if not specified, all subitems of acl will be act...
Page 292
290 c hapter 19: vlan-acl c onfiguration c ommands example # synchronize acl configuration of vlan 5 to ethernet3/1/1 port manually. System-view system view: return to user view with ctrl+z. [sw8800] interface ethernet3/1/1 [3com-ethernet3/1/1]port can-access vlan-acl vlan 5 display vlan-acl-member-...
Page 294
292 c hapter 19: vlan-acl c onfiguration c ommands.
Page 296
294 c hapter 20: 802.1 x c onfiguration c ommands view any view parameter enabled-interface: configures to display the ethernet port that starts 802.1x. Guest vlan: displays guest vlan ids and specifies the port that enables guest vlan. Interface: configures to display the 802.1x information on the ...
Page 297
802.1x configuration commands 295 total maximum 802.1x user resource number is 2048 total current used 802.1x resource number is 0 ethernet3/1/1 is link-down 802.1x protocol is disabled proxy trap checker is disabled proxy logoff checker is disabled the port is a(n) authenticator authenticate mode i...
Page 298
296 c hapter 20: 802.1 x c onfiguration c ommands view system view, ethernet port view parameter interface-list: ethernet interface list expressed in the format interface-list =interface-type interface-number [ to interface-type interface-number ] &. Interface-type means the interface type, interfac...
Page 299
802.1x configuration commands 297 undo dot1x authentication-method view system view parameter chap: uses chap authentication method. Pap: uses pap authentication method. Eap: uses eap authentication method. By now, only md5 encryption method is available. Md5-challenge: eap md5-challenge authenticat...
Page 300
298 c hapter 20: 802.1 x c onfiguration c ommands view system view parameter none description use the dot1x dhcp-launch command to set 802.1x to disable the switch to trigger the user id authentication over the users who configure static ip addresses in dhcp environment. Use the undo dot1x dhcp-laun...
Page 301
802.1x configuration commands 299 provide the interface-list argument, guest vlan is enabled on the ports specified by this argument. If you execute the dot1x guest-vlan command in ethernet interface view, this command does not accept the interface-list argument and guest vlan is enabled only on the...
Page 303
802.1x configuration commands 301 interface-list cannot be input when the command is executed in ethernet port view and it has effect only on the current interface. Related command: display dot1x. Example # configure the interface ethernet 3/1/1 to be in unauthorized-force state. [sw8800] dot1x port...
Page 304
302 c hapter 20: 802.1 x c onfiguration c ommands this command has effect on the interface specified by the parameter interface-list when executed in system view. It has effect on all the interfaces when no interface is specified. The parameter interface-list cannot be input when the command is exec...
Page 305
802.1x configuration commands 303 parameter max-retry-value: specifies the maximum times an ethernet switch can retransmit the authentication request frame to the supplicant, ranging from 1 to 10. By default, the value is 2, that is, the switch can retransmit the authentication request frame to the ...
Page 306
304 c hapter 20: 802.1 x c onfiguration c ommands description use the dot1x supp-proxy-check command to configure the control method for 802.1x access users via proxy logon the specified interface. Use the undo dot1x supp-proxy-check command to cancel the control method set for the 802.1x access use...
Page 307
802.1x configuration commands 305 will consider the user having logged off and set the user as logoff state if system doesn’t receive the response from user for consecutive n times. Handshake-period-value: handshake period. The value ranges from 1 to 1024 in units of second and defaults to 30. Quiet...
Page 308
306 c hapter 20: 802.1 x c onfiguration c ommands ■ when the number of users is 2048, the handshake period value should be no smaller than 2 minutes, and the handshake timeout times should be no less than 3 times; ■ when the number of users is 1024, the handshake period value should be no smaller th...
Page 309
802.1x configuration commands 307 be cleared. If the port type and port number are specified, the 802.1x statistics on the specified port will be cleared. Related command: display dot1x. Example # clear the 802.1x statistics on ethernet 3/1/2. Reset dot1x statistics interface ethernet 3/1/2.
Page 310
308 c hapter 20: 802.1 x c onfiguration c ommands.
Page 312
310 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands parameter none description use the accounting optional command to enable accounting to be optional. Use the undo accounting optional command to disable accounting to be optional. By default, accounting is not optional. By ex...
Page 313
Aaa configuration commands 311 nas-ip ip-address: ip address of the access server in the event of binding a remote port with a user. The argument ip-address is an ip address in dotted decimal format and defaults to 127.0.0.1 (which represents the local machine). Port portnum: sets the port with whic...
Page 314
312 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands domain domain-name: configures to cut the connection according to isp domain. Domain-name specifies the isp domain name with a character string not exceeding 24 characters. The specified isp domain shall have been created. M...
Page 315
Aaa configuration commands 313 dot1x: specifies 802.1x access mode. Gcm: specifies gcm access mode. Domain domain-name: configures to display all the users in an isp domain. Domain-name specifies the isp domain name with a character string not exceeding 24 characters. The specified isp domain shall ...
Page 316
314 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands view any view parameter isp-name: specifies the isp domain name, with a character string not exceeding 24 characters. The specified isp domain shall have been created. Description use the display domain command to view the c...
Page 317
Aaa configuration commands 315 means the user enables the function. This parameter only takes effect on the users configured as lan-access type. For other types of users, the display local-user idle-cut enable and display local-user idle-cut disable commands will not display any information. Service...
Page 319
Aaa configuration commands 317 the purpose of introducing isp domain settings is to support the application environment with several isp domains. In this case, an access device may have supplicants from different isp domains. Because the attributes of isp users, such as username and password structu...
Page 320
318 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands the user nor the radius server, the user will adopt the idle-cut state in the template. Because a user template only works in one isp domain, it is necessary to configure user template attributes for users from different isp...
Page 321
Aaa configuration commands 319 example # create a local ip address pool ranging from 129.102.0.1 to 129.102.0.10. [sw8800] domain 3com163.Net [3com-isp-3com163.Net] ip pool 0 129.102.0.1 129.102.0.10 level syntax level level undo level view local user view parameter level: user priority, an integer ...
Page 323
Aaa configuration commands 321 use the undo local-user password-display-mode command to cancel the password display mode that has been set for all the accessing users. If cipher-force has been adopted, the user efforts of specifying to display passwords in simple text will render useless. The defaul...
Page 324
322 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands parameter simple: specifies to display passwords in simple text. Cipher: specifies to display passwords in cipher text. Password: defines a password, which is a character string of up to 16 characters if it is in simple text...
Page 325
Aaa configuration commands 323 by default, an aaa scheme specifies to perform local authentications. The scheme command specifies a radius/hwtacacs scheme for the current isp domain. The specified scheme must be an existing scheme. You can use the radius-scheme radius-scheme-name local or hwtacacs-s...
Page 326
324 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands by default, a switch does not support a vlan id delivered by a radius server to be of string type. Dynamic vlan delivering enables an ethernet switch to monitor network resources available to users by adding the ports to whi...
Page 327
Aaa configuration commands 325 the "change user password" option is available only when the user passes the authentication; otherwise, this option is in grey and unavailable. Example # specify the url of the web page used to change password on the self-service server to be http://10.153.89.94/selfse...
Page 328
326 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands use the undo service-type command to cancel the specified service type for the user. Example # set to provide the lan-access service for the user 3com1. [3com-luser-3com1] service-type lan-access state syntax state { active ...
Page 329
Aaa configuration commands 327 view isp domain view parameter integer: specify the vlan delivery mode to be integer. String: specify the vlan delivery mode to be string. Description use the vlan-assignment-mode command to specify the vlan delivery mode (integer or string). By default, the integer mo...
Page 330
328 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands related command: name, dot1x guest-vlan. Example # specify the dynamic vlan delivery mode to be string. [3com-isp-3com163.Net] vlan-assignment-mode string radius protocol configuration commands accounting optional syntax acc...
Page 331
Radius protocol configuration commands 329 view radius scheme view parameter data: sets data unit. Byte: sets ’byte’ as the unit of data flow. Giga-byte: sets ’giga-byte’ as the unit of data flow. Kilo-byte: sets ’kilo-byte’ as the unit of data flow. Mega-byte: sets ’mega-byte’ as the unit of data f...
Page 332
330 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands description use the debugging radius command to enable radius packet debugging. Use the undo debugging radius command to disable radius packet debugging. By default, radius packet debugging is disabled. Example: # enable rad...
Page 333
Radius protocol configuration commands 331 description use the display radius command to view the configuration information of all radius scheme or a specified one. By default, this command outputs the configuration information about the specified or all the radius scheme. Related command: radius sc...
Page 334
332 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands display radius nas-ip syntax display radius nas-ip view any view parameter none description use the display radius nas-ip command to display all the global nas-ip information configured in system view, including the global n...
Page 335
Radius protocol configuration commands 333 display radius statistics state statistic(total=4120): dead=4120 authproc=0 authsucc=0 acctstart=0 rltsend=0 rltwait=0 acctstop=0 online=0 stop=0 stateerr=0 receive and send packets statistic: send pkt total :0 receive pkt total:0 radius received packets st...
Page 337
Radius protocol configuration commands 335 request packets saved during a specified time range. The displayed packet information can help with diagnosis and troubleshooting. After transmitting the stopping accounting requests, if there is no response from the radius scheme, the switch will save the ...
Page 338
336 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands example # set the authentication/authorization key of the radius scheme, 3com, to hello. [3com-radius-3com] key authentication hello # set the accounting packet key of the radius scheme, 3com, to ok. [3com-radius-3com] key a...
Page 339
Radius protocol configuration commands 337 description use the local-server command to configure the parameters of local radius server. Using undo local-server command, you can cancel a local radius server. Radius service, which adopts authentication/authorization/accounting servers to manage users,...
Page 340
338 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands by default, the source ip address of packets is the ip address of the vlan interface to which the port connecting with the server belongs. Related commands: display radius, radius nas-ip example # configure the ip address th...
Page 341
Radius protocol configuration commands 339 primary authentication syntax primary authentication ip-address [ port-number ] undo primary authentication view radius scheme view parameter ip-address: ip address, in dotted decimal format. Port-number: specifies udp port number. Ranging from 1 to 65535. ...
Page 342
340 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands parameter none description use the radius client enable command to enable the port 1812. You must use this command to enable ports before using radius authentication. Use the undo radius client to disable the port 1812. You ...
Page 343
Radius protocol configuration commands 341 example # configure the source ip address that the switch uses to send radius packets as 129.10.10.1. System-view [sw8800] radius nas-ip 129.10.10.1 radius scheme syntax radius scheme radius-server-name undo radius scheme radius-server-name view system view...
Page 344
342 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands reset radius statistics syntax reset radius statistics view user view parameter none description use the reset radius statistics command to clear the statistic information related to the radius protocol. Related command: dis...
Page 345
Radius protocol configuration commands 343 description use the reset stop-accounting-buffer command to reset the stopping accounting requests, which are saved in the buffer and have not been responded. After transmitting the stopping accounting requests, if there is no response from the radius schem...
Page 346
344 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands setting a suitable retry-time according to the network situation can speed up the system response. Related command: radius scheme. Example # set to retransmit the radius request packet no more than 5 times in the radius sche...
Page 347
Radius protocol configuration commands 345 retry stop-accounting syntax retry stop-accounting retry-times undo retry stop-accounting view radius scheme view parameter retry-times: maximal retransmission times of a buffered stop-accounting request, ranging from 10 to 65535. By default, the value is 5...
Page 348
346 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands description use the secondary accounting command to configure the ip address and port number for the secondary radius accounting server. Use the undo secondary accounting command to restore the ip address and port number to ...
Page 350
348 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands secondary: configures to set the state of the secondary radius server. Accounting: configures to set the state of radius accounting server. Authentication: configures to set the state of radius authentication/authorization. ...
Page 351
Radius protocol configuration commands 349 description use the stop-accounting-buffer enable command to configure to save the stopping accounting requests without response in the switch system buffer. Use the undo stop-accounting-buffer enable command to cancel the function of saving the stopping ac...
Page 352
350 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands example # set the quiet timer of the primary server to 10 minutes. [sw8800] radius scheme test1 [3com-radius-test1] timer quiet 10 timer realtime-accounting syntax timer realtime-accounting minute undo timer realtime-account...
Page 353
Radius protocol configuration commands 351 timer response-timeout syntax timer response-timeout seconds undo timer response-timeout view radius scheme view parameter seconds: the value range is 1 to 10 in seconds. The default response timeout value of the radius server is 3 seconds. Description use ...
Page 354
352 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands servers reject the username including isp domain name. In this case, the username will be sent to the radius server after its domain name is removed. Accordingly, the switch provides this command to decide whether the userna...
Page 357
Hwtacacs configuration commands 355 related command: hwtacacs scheme. Example # display the configuration information of the hwtacacs scheme gy. Display hwtacacs gy ------------------------------------------------------------------ hwtacacs-server template name : gy primary-authentication-server : 1...
Page 358
356 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands hwtacacs nas-ip syntax hwtacacs nas-ip ip-address undo hwtacacs nas-ip view system view parameter ip-address: ip address of a specified source, which is that of the local host and cannot be a broadcast address of class a, b ...
Page 360
358 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands view hwtacacs view parameter ip-address: source ip address, in dotted decimal format. Description use the nas-ip command to set the source ip address for hwtacacs packets sent from the nas (switch), such that all the packets...
Page 361
Hwtacacs configuration commands 359 you are not allowed to assign the same ip address to both primary and secondary accounting servers. If you repeatedly use this command, the latest configuration overwrites the previous one. You can remove a tacacs scheme accounting server only when no active tcp c...
Page 362
360 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands example # configure a primary authentication server. [sw8800] hwtacacs scheme test1 [3com-hwtacacs-test1] primary authentication 10.163.155.13 49 primary authorization syntax primary authorization ip-address [ port-number ] ...
Page 363
Hwtacacs configuration commands 361 parameter accounting: clears all the hwtacacs accounting statistics. Authentication: clears all the hwtacacs authentication statistics. Authorization: clears all the hwtacacs authorization statistics. All: clears all statistics. Description use the reset hwtacacs ...
Page 364
362 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands parameter retry-times: the maximum number of stop-accounting request attempts. It is in the range 1 to 300 and defaults to 100. Description use the retry stop-accounting command to enable stop-accounting packet retransmissio...
Page 365
Hwtacacs configuration commands 363 you can remove a tacacs scheme accounting server only when no active tcp connection used to send accounting packets is now using the server, and the removal impacts only packets forwarded afterwards. Example # configure a secondary accounting server. [sw8800] hwta...
Page 366
364 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands secondary authorization syntax secondary authorization ip-address [ port-number ] undo secondary authorization view hwtacacs view parameter ip-address: ip address of the server, a legal unicast address in dotted decimal form...
Page 367
Hwtacacs configuration commands 365 parameter minutes: ranges from 1 to 255 minutes. By default, the primary server must wait five minutes before it resumes the active state. Description use the timer quiet command to set the waiting time before the primary server resumes the active state. Use the u...
Page 368
366 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands example # set the real-time accounting interval of the hwtacacs scheme 3com to 51 minutes. [3com-hwtacacs-3com] timer realtime-accounting 51 timer response-timeout syntax timer response-timeout seconds undo timer response-ti...
Page 369
Hwtacacs configuration commands 367 parameter with-domain: specifies that the domain name is taken along with the username that will be sent to the tacacs server. Without-domain: specifies that no domain name is taken along with the username that will be sent to the tacacs server. Description use th...
Page 370
368 c hapter 21: aaa and radius/hwtacacs p rotocol c onfiguration c ommands.
Page 372
370 c hapter 22: p ortal c onfiguration c ommands view any view parameter acm statistics: displays the statistics about acm, that is to say, displays the statistics about the state machines related with authentication, connection and management. Auth-network auth-vlan-id: displays the authentication...
Page 373
Portal configuration commands 371 interval: 60s retry times: 5 vlan portal configuration: vlan 3 : portal started portal server: pt2 index state mac ip vlan p ort # display the statistics about portal acm. [sw8800] display portal acm statistics acm statistics running state statistics wait_mac_ack 0 ...
Page 374
372 c hapter 22: p ortal c onfiguration c ommands portal example portal server-name undo portal view vlan interface view. Table 47 description on the fields of the display portal acm statistics command field description acm statistics statistics about state machines wait_mac_ack time of waiting for ...
Page 375
Portal configuration commands 373 parameter server-name: name of a portal server. It is a string in the range of 1 to 32 characters. Description use the portal command to enable the portal authentication function on a vlan interface. Use the undo portal command to disable this function. If the porta...
Page 376
374 c hapter 22: p ortal c onfiguration c ommands if the user pc still does not respond after the sending times exceed the retry times, the switch will regard the handshakes as abnormal, cut the connection with this user actively and notify the portal server about this case. This command is ineffect...
Page 377
Portal configuration commands 375 view system view parameter ip-address: deletes the portal users using the specified ip address. Description use the portal delete-user command to delete the portal users using the specified ip address. Example # delete users using the ip address 10.153.94.8. System-...
Page 379
Portal configuration commands 377 ■ the redhcp authentication method requires that the ip address of an authentication-free user and the master ip address of the interface belong to the same network section. The direct authentication method requires that the ip address of an authentication-free user...
Page 381
Portal configuration commands 379 portal upload-interface example portal upload-interface undo portal upload-interface view ethernet port view parameter none description use the portal upload-interface command to enable the portal rate limit function on the upload interface. Use the undo portal uplo...
Page 382
380 c hapter 22: p ortal c onfiguration c ommands server: clears the statistics about the portal server. Tcp-cheat: clears the statistics about tcp cheats. Description use the reset portal command to clear the related statistics about portal. Example # clear the statistics about acm of the portal cl...
Page 383: Tatic
23 s tatic r oute c onfiguration c ommands n when a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an switch 8800 family series routing switch running routing protocols. To improve read...
Page 385
Display commands of the routing table 383 for detailed description of the output information, see table 48. # display the verbose information of the active and inactive routes that are filtered through basic acl 2000. Display ip routing-table acl 2000 verbose routes matched by access-list 2000: + = ...
Page 386
384 c hapter 23: s tatic r oute c onfiguration c ommands state route state description: activeu valid unicast route. U stands for unicast. Blackhole blackhole route is similar to reject route, but it will not send the icmp unreachable message to the source end delete the route is deleted gateway ind...
Page 387
Display commands of the routing table 385 display ip routing-table ip-address syntax display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose ] view any view parameter ip-address: destination ip address, in dotted decimal format. Mask: ip address mask, length in dotted decimal notatio...
Page 388
386 c hapter 23: s tatic r oute c onfiguration c ommands example # there is a corresponding route in natural mask range. Display the summary. Display ip routing-table 169.0.0.0 destination/mask protocol pre cost nexthop interface 169.0.0.0/16 static 60 0 192.168.1.2 vlan-interface10 169.0.0.0/8 stat...
Page 389
Display commands of the routing table 387 view any view parameter ip-address1, ip-address2: destination ip address in dotted decimal notation. Ip-address1, mask1, mask2 and ip-address2 determine one address range together. Anding ip-address1 with mask1 specifies the start of the range while anding i...
Page 390
388 c hapter 23: s tatic r oute c onfiguration c ommands this command is mainly used to trace the route-policy and display the corresponding route information. If there is no specified address prefix list, this command will display the verbose information of all active and inactive routes with the v...
Page 391
Display commands of the routing table 389 view any view parameter inactive: with the parameter, this command displays the inactive route information. Without the parameter, this command displays the active and inactive route information. Verbose: with the verbose keyword, this command displays the v...
Page 392
390 c hapter 23: s tatic r oute c onfiguration c ommands static routing tables status:: summary count: 1 for detailed description of the output information, see table 48. Display ip routing-table radix syntax display ip routing-table radix view any view parameter none description use the display ip ...
Page 393
Display commands of the routing table 391 the integrated routing information includes total route amount, the route amount added or deleted by protocol, amount of the routes that are labeled "deleted" but not deleted, and the active route amount. Example # display the integrated route information. D...
Page 394
392 c hapter 23: s tatic r oute c onfiguration c ommands 77.77.77.77/32 static 60 0 195.195.1.10 vlan-interface1016 195.168.130.0/24 direct 0 0 195.168.130.1 vlan-interface1013 195.168.130.1/32 direct 0 0 127.0.0.1 inloopback0 195.195.0.0/16 direct 0 0 195.195.1.1 vlan-interface1016 195.195.1.1/32 d...
Page 395
Static route configuration commands 393 static route configuration commands delete static-routes all syntax delete static-routes all view system view parameter none description use the delete static-routes all command to delete all the static routes. The system will request your confirmation before ...
Page 396
394 c hapter 23: s tatic r oute c onfiguration c ommands description use the delete vpn-instance command to remove all the static routes of the vpn. When you use this command to remove the static routes, the system will prompt your acknowledgement. The system removes all configured static routes aft...
Page 397
Static route configuration commands 395 reject: indicates an unreachable route. When a static route to a destination has the "reject" attribute, all the ip packets to this destination will be discarded, and the source host will be informed that the destination is unreachable. Blackhole: indicates a ...
Page 398
396 c hapter 23: s tatic r oute c onfiguration c ommands.
Page 399: Rip C
24 rip c onfiguration c ommands n when a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an switch 8800 family series routing switch running routing protocols. To improve readability, th...
Page 400
398 c hapter 24: rip c onfiguration c ommands default cost syntax default cost value undo default cost view rip view parameter value: the default routing cost to be set, ranging from 1 to 16. The default value is 1. Description use default cost command to set the default routing cost of an imported ...
Page 402
400 c hapter 24: rip c onfiguration c ommands related commands: acl, filter-policy import, ip ip-prefix. Example # filter the advertised route information according to acl 2000. [3com-rip] filter-policy 2000 export filter-policy import syntax filter-policy gateway ip-prefix-name import undo filter-p...
Page 403
Rip configuration commands 401 host-route syntax host-route undo host-route view rip view parameter none description use the host-route command to control the rip to accept the host route. Use the undo host-route command to reject the host route. By default, rip accepts the host route. In some speci...
Page 404
402 c hapter 24: rip c onfiguration c ommands by default, rip does not import any other route. The import-route command is used to import the route of another protocol by using a certain cost value. Rip regards the imported route as its own route and transmits it with the specified cost value. This ...
Page 405
Rip configuration commands 403 network, other interfaces will not forward the routes of the interface using this command and it seems that the interface disappeared. When the network command is used on an address, the effect is that the interface on the network segment at this address is enabled. Fo...
Page 406
404 c hapter 24: rip c onfiguration c ommands description use the preference command to configure the route preference of rip. Use the undo preference command to restore the default preference. Every routing protocol has its own preference. Its default value is determined by the specific routing pol...
Page 407
Rip configuration commands 405 to enter the rip view to configure various rip global parameters, rip should be enabled first. Whereas the configuration of parameters related to the interfaces is not restricted by enabling/disabling rip. N note that the interface parameters configured previously woul...
Page 408
406 c hapter 24: rip c onfiguration c ommands cipher text authentication mode is used, there are two types of packet formats. One of them is that described in rfc 1723, which was brought forward earlier. The other format is the one described specially in rfc 2082. The router supports both of the pac...
Page 409
Rip configuration commands 407 rip metricin syntax rip metricin value undo rip metricin view interface view parameter value: additional route metric added when an interface receives a packet, ranging from 0 to 16. By default, the value is 0. Description use the rip metricin command to configure the ...
Page 410
408 c hapter 24: rip c onfiguration c ommands [sw8800] interface vlan-interface 10 [3com-vlan-interface10] rip metricout 2 rip output syntax rip output undo rip output view interface view parameter none description use the rip output command to allow an interface to transmit rip packets to the exter...
Page 411
Rip configuration commands 409 use undo rip split-horizon command to configure an interface not to use split horizon when transmitting rip packets. By default, an interface is enabled to use split horizon when transmitting rip packets. Normally, split horizon is necessary for reducing route loop. On...
Page 412
410 c hapter 24: rip c onfiguration c ommands example # configure the interface vlan-interface 10 as rip-2 broadcast mode. [sw8800] interface vlan-interface 10 [3com-vlan-interface10] rip version 2 broadcast rip work syntax rip work undo rip work view interface view parameter none description use th...
Page 413
Rip configuration commands 411 by default, rip-2 route summarization is used. Automatic route summarization can be performed to reduce the routing traffic on the network as well as to reduce the size of the routing table. If rip-2 is used, route summarization function can be disabled with the undo s...
Page 414
412 c hapter 24: rip c onfiguration c ommands example # set the values of period update timer and timeout timer of rip to 10 seconds and 30 seconds respectively. [sw8800] rip [3com-rip] timers update 10 timeout 30
Page 415: Ospf C
25 ospf c onfiguration c ommands n when a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an switch 8800 family series routing switch running routing protocols. To improve readability, t...
Page 416
414 c hapter 25: ospf c onfiguration c ommands example # summarize two network segments, 36.42.10.0 and 36.42.110.0, in ospf area 1 into one summarized route 36.42.0.0 and transmit it to other areas. [3com-ospf-1] area 1 [3com-ospf-1-area-0.0.0.1] network 36.42.10.0 0.0.0.255 [3com-ospf-1-area-0.0.0...
Page 417
Ospf configuration commands 415 description use the asbr-summary command to configure summarization of imported routes by ospf. Use the undo asbr-summary command to cancel the summarization. By default, summarization of imported routes is disabled. After the summarization of imported routes is confi...
Page 418
416 c hapter 25: ospf c onfiguration c ommands the ospf authentication-mode md5 command to configure the md5 cipher text authentication key if the area is configured to support md5 cipher text authentication mode. Related command: ospf authentication-mode. Example # enter area 0 view. [3com-ospf-1] ...
Page 419
Ospf configuration commands 417 description use the debugging ospf command to enable ospf process debugging. Use the undo debugging ospf command to disable ospf process debugging. In ospf multiple processes, the debugging command can enable a certain debugging for all the processes, or enable the de...
Page 420
418 c hapter 25: ospf c onfiguration c ommands default interval syntax default interval seconds undo default interval view ospf view parameter seconds: default interval in seconds for importing external routes. It ranges from 1 to 2,147,483,647 and defaults to 1. Description use the default interval...
Page 421
Ospf configuration commands 419 example # specify the default value of ospf imported external routes as 200. [3com-ospf-1] default limit 200 default tag syntax default tag tag undo default tag view ospf view parameter tag: default tag, ranging from 0 to 4,294,967,295. The default value is 1. Descrip...
Page 422
420 c hapter 25: ospf c onfiguration c ommands use the undo default type command to restore the default type when ospf imports external routes. By default, the external routes of type 2 are imported. Ospf specifies the two types of external routing information. The command described in this section ...
Page 424
422 c hapter 25: ospf c onfiguration c ommands view any view description use the display debugging ospf command to view the debugging states of global ospf and all processes. Related command: debugging ospf. Example # display the debugging states of global ospf and all processes. Display debugging o...
Page 425
Ospf configuration commands 423 display ospf asbr-summary syntax display ospf [ process-id ] asbr-summary [ ip-address mask ] view any view parameter process-id: process id of ospf. The command is applied to all current ospf processes if you do not specify a process id. Ip-address: matched ip addres...
Page 426
424 c hapter 25: ospf c onfiguration c ommands display ospf brief syntax display ospf [ process-id ] brief view any view parameter process-id: process id of ospf. The command is applied to all current ospf processes if you do not specify a process id. Description use the display ospf brief command t...
Page 427
Ospf configuration commands 425 display ospf cumulative syntax display ospf [ process-id ] cumulative view any view parameter process-id: process id of ospf. The command is applied to all current ospf processes if you do not specify a process id. Description use the display ospf cumulative command t...
Page 428
426 c hapter 25: ospf c onfiguration c ommands link-state req 18 18 link-state update 48 53 link-state ack 25 21 ase: 1 checksum sum: fcaf lsas originated by this router router: 50 sumnet: 40 sumasb: 2 lsas originated: 92 lsas received: 33 area 0.0.0.0: neighbors: 1 interfaces: 1 spf: 54 checksum su...
Page 429
Ospf configuration commands 427 parameter process-id: process id of ospf. The command is applied to all current ospf processes if you do not specify a process id. Description use the display ospf error command to view the ospf error information. Example # display the ospf error information. Display ...
Page 430
428 c hapter 25: ospf c onfiguration c ommands display ospf interface syntax display ospf [ process-id ] interface [ interface-type interface-number ] view any view parameter process-id: process id of ospf. The command is applied to all current ospf processes if you do not specify a process id. Inte...
Page 432
430 c hapter 25: ospf c onfiguration c ommands originate-router ip-address: views the ip address of the lsa generator. Self-originate: views the database information of self-originated lsa. Description use the display ospf lsdb command to view the link-state database (lsdb) of ospf. Example # displa...
Page 433
Ospf configuration commands 431 tos 0 metric: 1 e type : 2 forwarding address: 0.0.0.0 tag: 1 display ospf nexthop syntax display ospf [ process-id ] nexthop view any view parameter process-id: process id of ospf. The command is applied to all current ospf processes if you do not specify a process i...
Page 434
432 c hapter 25: ospf c onfiguration c ommands display ospf peer syntax display ospf [ process-id ] peer [ brief ] view any view parameter process-id: process id of ospf. The command is applied to all current ospf processes if you do not specify a process id. Description use the display ospf peer co...
Page 435
Ospf configuration commands 433 description use the display ospf request-queue command to view the information about the ospf request-queue. Example # display the information of ospf request-queue. Display ospf request-queue the router’s neighbors is routerid: 1.1.1.1 address: 1.1.1.1 interface: 1.1...
Page 436
434 c hapter 25: ospf c onfiguration c ommands display ospf routing syntax display ospf [ process-id ] routing view any view parameter process-id: id of an ospf process. The command is applied to all current ospf processes if you do not specify a process id. Description use the display ospf routing ...
Page 437
Ospf configuration commands 435 display ospf abr-summary syntax display ospf [ process-id ] abr-summary view any view parameter process-id: ospf process number. If no process number is specified, the command functions on all the currently active ospf processes. Description use the display ospf abr-s...
Page 438
436 c hapter 25: ospf c onfiguration c ommands view any view parameter process-id: id of an ospf process. If the process id is not specified, the major information about all the ospf processes will be displayed in the order in which ids are configured. Description use the display ospf graceful-resta...
Page 439
Ospf configuration commands 437 description use the display ospf vlink command to view the information about ospf virtual links. Example # view ospf virtual links information. Display ospf vlink ospf process 1 with router id 1.1.1.1 virtual links virtual-link neighbor-id -> 2.2.2.2, state: full cost...
Page 440
438 c hapter 25: ospf c onfiguration c ommands description use the filter-policy export command to configure the rule used by ospf to filter advertised routing information. Use the undo filter-policy export command to cancel the filtering rules that have been set. By default, no filtering of the adv...
Page 441
Ospf configuration commands 439 in some situations, it may be required that only some type-3 lsas meeting a certain condition be advertised. In this case, you can define a filter-policy to set the filter condition for advertised type-3 lsas so that only the type-3 lsas having passed the filtration c...
Page 442
440 c hapter 25: ospf c onfiguration c ommands the filtering conditions for the routing information to be received. Only the routing information passing the filtration can be received. The filter-policy import command is used to filter the routes calculated by ospf. Only the routes that pass the fil...
Page 443
Ospf configuration commands 441 related command: acl, ip ip-prefix. Example # filter the received routing information as per the condition defined in acl 2000. [sw8800] acl number 2000 [3com-acl-basic-2000] rule permit source 20.0.0.0 0.255.255.255 [3com-acl-basic-2000] rule deny source any [3com-ac...
Page 445
Ospf configuration commands 443 description use the import-route-limit command to set the maximum number of exterior routes allowed to be imported. Use the undo import-route command to restore the default value of the maximum of exterior routes allowed to be imported. By default, a maximum of 20k ex...
Page 446
444 c hapter 25: ospf c onfiguration c ommands ip-mask: ip address wildcard (similar to the complement of the ip address mask), which also supports ip address mask input. Description use the network command to configure the interfaces running ospf. Use the undo network command to cancel the interfac...
Page 447
Ospf configuration commands 445 route will be generated always. Only when there is route 0.0.0.0 in routing table on asbr, will type-7 lsa default route be generated. On asbr, the no-import-route keyword enables the external route imported by ospf through import-route command not to be advertised to...
Page 449
Ospf configuration commands 447 ospf cost syntax ospf cost value undo ospf cost view interface view parameter value: cost for running ospf protocol, ranging from 1 to 65,535. Description use the ospf cost command to configure different message sending costs so as to send messages from different inte...
Page 450
448 c hapter 25: ospf c onfiguration c ommands ospf mib-binding syntax ospf mib-binding process-id undo ospf mib-binding view system view parameter process-id: id of an ospf process, in the range 1 to 65,535. If no ospf process is specified, the default process id 1 applies. Description use the ospf...
Page 451
Ospf configuration commands 449 by default, the mtu value is 0 when the interface sends dd packets, i.E. The actual mtu value of the interface is not written. Database description (dd) packets are used to describe its own lsdb when the router running ospf protocol is synchronizing the database. The ...
Page 452
450 c hapter 25: ospf c onfiguration c ommands view interface view parameter seconds: dead interval of the ospf neighbor. It is in seconds and ranges from 1 to 65,535. Minimal: specifies the port to run fast hello function. Multi-hello: sends multiple hello packets. Packets: number of hello packets ...
Page 453
Ospf configuration commands 451 parameter seconds: interval in seconds for an interface to transmit hello packet. It ranges from 1 to 255. Description use the ospf timer hello command to configure the interval for transmitting hello packets on an interface. Use the undo ospf timer hello command to r...
Page 454
452 c hapter 25: ospf c onfiguration c ommands example # specify the retransmit for lsa transmitting between the interface vlan-interface 10 and the adjacent routers to 12 seconds. [sw8800] interface vlan-interface 10 [3com-vlan-interface10] ospf timer retransmit 12 ospf trans-delay syntax ospf tran...
Page 455
Ospf configuration commands 453 description use the preference command to configure the preference of an ospf protocol route. Use the undo preference command to restore the default value of the ospf protocol route. By default, the preference of an ospf protocol internal route is 10 and the preferenc...
Page 456
454 c hapter 25: ospf c onfiguration c ommands reset ospf all # reset ospf process 200. Reset ospf 200 router id syntax router id router-id undo router id view system view parameter router-id: router id that is a 32-bit unsigned integer. Description use the router id command to configure the id of a...
Page 457
Ospf configuration commands 455 view ospf view parameter vlan-interface: specifies the vlan interface vlan-interface-number: specifies the valan interface number. Default: all interfaces. Description use the silent-interface command to disable an interface to transmit ospf packets. Use the undo sile...
Page 458
456 c hapter 25: ospf c onfiguration c ommands description use the sham-link command to run fast hello function on the sham-link link, that is, to specify multiple fast hello packets to be sent within one second. The default dead interval time is one second. Example # specify the sham-link link 1.1....
Page 459
Ospf configuration commands 457 example # enable the trap function for ospf process 100. [sw8800] snmp-agent trap enable ospf 100 spf-schedule-interval syntax spf-schedule-interval interval undo spf-schedule-interval view ospf view parameter interval: spf calculation interval of ospf, which is in th...
Page 460
458 c hapter 25: ospf c onfiguration c ommands if the router is an abr, it will send a default route to the connected stub area. Using the default-cost command, you can configure the default route cost value. In addition, on an abr, you can configure the no-summary argument in the stub command to pr...
Page 461
Ospf configuration commands 459 key: specifies the md5 authentication key. If it is input in a plain text form, md5 key is a character string in the range 1 to 16 characters. It will be displayed in a cipher text form in a length of 24 characters when the display current-configuration command is exe...
Page 462
460 c hapter 25: ospf c onfiguration c ommands.
Page 463: Ntegrated
26 i ntegrated is-is c onfiguration c ommands n when a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an switch 8800 family series routing switch running routing protocols. To improve r...
Page 464
462 c hapter 26: i ntegrated is-is c onfiguration c ommands description use the area-authentication-mode command to configure isis to authenticate the received level-1 routing information packets (lsp, csnp and psnp), according to the pre-defined mode and password. Use the undo area-authentication-m...
Page 465
Integrated is-is configuration commands 463 description use the cost-style command to set the cost type of an is-is packet received/sent by the router. Use the undo cost-style command to restore the default settings. By default, is-is only receives/sends packets whose cost type is narrow. Related co...
Page 466
464 c hapter 26: i ntegrated is-is c onfiguration c ommands interface-information: information about is-is enabled data link layer. Memory-allocating: is-is memory allocating status. Receiving-packet-content: packets received through is-is protocol. Restart-events: is-is restart events. Self-origina...
Page 467
Integrated is-is configuration commands 465 by searching the nearest l1/l2 router. The nearest l1/l2 router can be found by searching the att bit in the l1 lsp. This command can be set on l1 router or l2 router. By default, the route is generated on l2 lsp. If the apply isis level-1 command is execu...
Page 469
Integrated is-is configuration commands 467 [3com-vlan-interface10] isis mesh-group 100 [sw8800] interface vlan-interface 20 [3com-vlan-interface20] isis mesh-group 100 # display the information of is-is mesh-group. [3com-vlan-interface20] display isis mesh-group interface mesh-group/blocked vlan-in...
Page 470
468 c hapter 26: i ntegrated is-is c onfiguration c ommands view any view parameter none description use the display isis route command to view is-is routing information. . Example # view is-is routing information. Display isis route isis level - 1 forwarding table : type - d -direct, c -connected, ...
Page 471
Integrated is-is configuration commands 469 is_spftrig_lspchange 2 22 0:55:51 is_spftrig_lspchange 2 18 0:55:46 is_spftrig_adjdown 2 19 0:55:23 is_spftrig_newadj 2 18 0:54:16 is_spftrig_lspchange 2 20 0:54:12 is_spftrig_lspchange 3 19 0:54:7 is_spftrig_periodic 3 21 0:48:25 is_spftrig_lspexpired 3 1...
Page 472
470 c hapter 26: i ntegrated is-is c onfiguration c ommands use the undo domain-authentication-mode command to configure is-is not to authenticate the said packets. By default, the system will not authenticate the received level-2 routing packets, and there is no password. By using this command, all...
Page 473
Integrated is-is configuration commands 471 filter-policy import syntax filter-policy acl-number import undo filter-policy acl-number import view is-is view parameter acl-number: specifies the number of the access control list, ranging from 2000 to 3999. Description use the filter-policy import comm...
Page 474
472 c hapter 26: i ntegrated is-is c onfiguration c ommands system-view [sw8800] isis 1 [3com-isis-1] graceful-restart graceful-restart interval syntax graceful-restart interval interval-value undo graceful-restart interval view is-is view parameter interval-value: interval of restart (expected rest...
Page 475
Integrated is-is configuration commands 473 the lsp generated during the last run may still exist in the lsp database of other routers in the network. Because lsp fragment sequence numbers are initialized when a router is reset, the lsp copy stored in the other routers in the network seems newer tha...
Page 477
Integrated is-is configuration commands 475 view is-is view parameter acl-number: acl number. It is in the range of 2000 to 3999, which means basic acls and advanced acls can be used. Description use the import-route isis level-2 into level-1 command to enable routing information in a level-2 area t...
Page 478
476 c hapter 26: i ntegrated is-is c onfiguration c ommands used to enable each interface which needs to run an is-is process. The is-is protocol is actually enabled upon the completion of these configurations. N only one is-is routing process can be started on one router. Related command: isis enab...
Page 479
Integrated is-is configuration commands 477 use the undo isis authentication-mode command to cancel the authentication and delete the password at the same time. By default, the password is not set and no authentication is executed. If the password is set, but no parameter is specified, the default s...
Page 480
478 c hapter 26: i ntegrated is-is c onfiguration c ommands example # when interface vlan-interface 10 is connected with a non-backbone router in the same area, you can set this interface as level-1, prohibiting the sending and receiving of level-2 hello packets. [sw8800] interface vlan-interface 10...
Page 481
Integrated is-is configuration commands 479 parameter value: the priority when selecting dis. Its value ranges 0 to 127, and the default priority is 64. Level-1: specifies the priority when selecting level-1 dis. Level-2: specifies the priority when selecting level-2 dis. If the level is not specifi...
Page 482
480 c hapter 26: i ntegrated is-is c onfiguration c ommands used to enable each interface which needs to run the is-is process. The is-is protocol is actually enabled upon the completion of these configurations. Related command: isis, network-entity. Example # create an is-is routing process named "...
Page 484
482 c hapter 26: i ntegrated is-is c onfiguration c ommands description use the isis timer hello command to configure the interval of sending hello packet of the corresponding level. Use the undo isis timer hello command to restore the default value. On a broadcast link, level-1 and level-2 hello pa...
Page 486
484 c hapter 26: i ntegrated is-is c onfiguration c ommands [sw8800] interface vlan-interface 10 [3com-vlan-interface10] isis timer holding-multiplier 5 isis timer lsp syntax isis timer lsp time undo isis timer lsp view interface view parameter time: specifies the lsp interval, ranging from 1 to 100...
Page 487
Integrated is-is configuration commands 485 if neither level-1 nor level-2 is specified in this command, this command takes effect on both levels by default. Description use the timer lsp-generation command to set the time interval to generate lsps (link state packets). Use the undo timer lsp-genera...
Page 489
Integrated is-is configuration commands 487 description use the log-peer-change command to log the peer changes. Use the undo log-peer-change command to configure not to log the peer changes. By default, peer changes log disabled. After peer changes log is enabled, the is-is peer changes will be out...
Page 490
488 c hapter 26: i ntegrated is-is c onfiguration c ommands view is-is view parameter network-entity-title: specify the network entity title in the x...X.Xxxx....Xxxx.00 format, in which the first "x...X" is the area address, the twelve xs in the middle is the system id of the router, and the 00 in ...
Page 491
Integrated is-is configuration commands 489 several dynamic routing protocols could run simultaneously on a router. In this case, there is an issue of sharing and selecting the routing information among all the routing protocols. The system sets a preference for each routing protocol. When various r...
Page 492
490 c hapter 26: i ntegrated is-is c onfiguration c ommands this command is used when you want to reconfigure a certain neighbor. Example # clear the is-is neighbor whose system id is 0000.0c11.1111. Reset isis peer 0000.0c11.1111 set-overload syntax set-overload undo set-overload view is-is view pa...
Page 493
Integrated is-is configuration commands 491 use the undo silent-interface command to enable the interface to transmit is-is packet. By default, all the interface are allowed to transmit/receive is-is packets. The silent-interface command is only used to suppress the packets to be transmitted on the ...
Page 494
492 c hapter 26: i ntegrated is-is c onfiguration c ommands undo spf-slice-size view is-is view parameter seconds: duration of one cycle in seconds of spf calculation in the range from 0 to 120. When the calculation duration time reaches or exceeds the set value, the calculation of this time ends. I...
Page 495
Integrated is-is configuration commands 493 level-2: summarizes the routes imported into backbone area. Description use the summary command to configure to summarize is-is routes. Use the undo summary command to cancel the summarization. By default, no routes will be summarized. Similarly, the route...
Page 496
494 c hapter 26: i ntegrated is-is c onfiguration c ommands undo timer lsp-refresh view is-is view parameter seconds: specifies the lsp refreshment interval, measured in seconds. The range is 1 to 65535. The default value is 900 seconds. Description use the timer lsp-refresh command to configure the...
Page 497
Use the undo timer spf command to restore the system default value. In is-is, when the lsdb of the corresponding level is changed, spf calculation is required. However, if the spf calculation is performed too frequently, the system efficiency will be lowered. By setting a proper interval for perform...
Page 498
496 c hapter 26: i ntegrated is-is c onfiguration c ommands.
Page 499: Bgp C
Bgp configuration commands 497 27 bgp c onfiguration c ommands n when a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an switch 8800 family series routing switch running routing protoc...
Page 500
498 c hapter 27: bgp c onfiguration c ommands description use the aggregate command to establish an aggregated record in the bgp routing table. Use the undo aggregate command to disable the function. By default, there is no route aggregation. The keywords are explained as follows: example # create a...
Page 501
Bgp configuration commands 499 example # set the number of supported bgp equivalent routes to 3. [3com-bgp] balance 3 bgp syntax bgp as-number undo bgp [as-number ] view system view parameter as-number: the specified local as number, in the range of 1 to 65535. Description use the bgp command to ena...
Page 502
500 c hapter 27: bgp c onfiguration c ommands if there are several routes available to one destination address, the route with smaller med parameter can be selected as the final route item. Do not use this command unless it is determined that the same igp and routing selection mode are adopted by di...
Page 503
Bgp configuration commands 501 [3com-bgp] peer remote98 as-number 98 [3com-bgp] peer 200.1.1.1 group remote98 confederation nonstandard syntax confederation nonstandard undo confederation nonstandard view bgp view. Parameter none description use the confederation nonstandard command to configure the...
Page 504
502 c hapter 27: bgp c onfiguration c ommands by default, no autonomous system is configured as a member of the confederation. Before this command is performed, the confederation id should be configured by the confederation id command. Otherwise this configuration is invalid. The configured ass in t...
Page 505
Bgp configuration commands 503 by default, no route attenuation is configured. Related command: reset dampening, reset bgp flap-info, display bgp routing-table dampened, display bgp routing-table flap-info. Example # modify the bgp route dampening parameters. [3com-bgp] dampening 15 15 1000 2000 100...
Page 506
504 c hapter 27: bgp c onfiguration c ommands use the debugging bgp keepalive command to enable the information debugging of bgp keepalive packets. Use the debugging bgp packet command to enable the information debugging of bgp packets. Use the undo debugging bgp command to disable the debugging fun...
Page 507
Bgp configuration commands 505 description use the default med command to configure the default system metric. Use the undo default med command to restore the default metric of the system. Multi-exit discriminators (med) attribute is the external metric of a route. Different from local preference, m...
Page 508
506 c hapter 27: bgp c onfiguration c ommands [3com -bgp]display bgp routing-table routes total: 0 # import the default routes of static routing protocols. [3com-bgp] default-route imported # query the routing table. [3com-bgp] display bgp routing-table flags: # - valid ^ - active i - internal d - d...
Page 509
Bgp configuration commands 507 display bgp network syntax display bgp network view any view parameter none description use the display bgp network command to view the routing information that has been configured. Example # display the routing information that has been configured. Display bgp network...
Page 510
508 c hapter 27: bgp c onfiguration c ommands example # display the information about the as paths. Display bgp paths ^600$ flags: # - valid, ^ - best, d - damped, h - history, i - internal, s - aggregate suppressed id hash-index references aggregator origin as-path ---------------------------------...
Page 511
Bgp configuration commands 509 description use the display bgp peer command to view the information about bgp peers. Example # display the detail information of the peer 201.1.1.2. Display bgp peer 201.1.1.2 verbose peer: 201.1.1.2+179 local: 200.1.1.1+1195 type: external state: established flags: e...
Page 512
510 c hapter 27: bgp c onfiguration c ommands parameter ip-address: destination of the network. Mask: mask of the network. Description use the display bgp routing-table command to view all the bgp routing information. Example # display all the bgp routing information. Display bgp routing-table flags...
Page 513
Bgp configuration commands 511 display bgp routing-table as-path-acl syntax display bgp routing-table as-path-acl acl-number view any view parameter acl-number: specifies matched as path list number ranging from 1 to 199. Description use the display bgp routing-table as-path-acl command to view rout...
Page 514
512 c hapter 27: bgp c onfiguration c ommands display bgp routing-table cidr syntax display bgp routing-table cidr view any view parameter none description use the display bgp routing-table cidr command to view the routing information about the non-natural mask (namely classless interdomain routing,...
Page 515
Bgp configuration commands 513 no-export-subconfed: does not send matched route outside as. No-advertise: sends matched route to no peers. No-export: does not advertise the route to outside the as or the confederation, but can advertise the route to other sub-ass in the confederation. Whole-match: c...
Page 516
514 c hapter 27: bgp c onfiguration c ommands 1.1.3.0/24 256 10.10.10.1 0 igp 200 2.2.3.0/24 256 10.10.10.1 0 inc 200 4.4.4.0/24 256 10.10.10.1 0 inc 200 9.9.9.0/24 256 10.10.10.1 0 inc 200 10.10.10.0/24 0 10.10.10.2 0 igp 10.10.10.0/24 256 10.10.10.1 0 igp 200 for detailed description of the output...
Page 517
Bgp configuration commands 515 display bgp routing-table different-origin-as syntax display bgp routing-table different-origin-as view any view parameter none description use the display bgp routing-table different-origin-as command to view routes that have different source autonomous systems exampl...
Page 518
516 c hapter 27: bgp c onfiguration c ommands acl-number: number of the specified as path to be matched, ranging from 1 to 199. Network-address: displays the flap information of this ip address. Mask: network mask. Longer-match: shows the route flap-info that is more specific than address, mask. Des...
Page 520
518 c hapter 27: bgp c onfiguration c ommands description use the display bgp routing-table regular-expression command to view the routing information matching the specified as regular expression example # display the routing information matched with ^600$. Display bgp routing-table regular-expressi...
Page 522
520 c hapter 27: bgp c onfiguration c ommands view bgp view parameter acl-number: number of ip access control list, in the range of 2000 to 3999. Ip-prefix-name: name of an address prefix list. It is used for filtering routing information by destination address. Its length ranges from 1 to 19. Gatew...
Page 523
Bgp configuration commands 521 description use the group group-name command to establish a peer group. Use the undo group group-name command to cancel the configured peer group. The default type of bgp peer group is internal. Rather than existing alone, a bgp peer must belong to a peer group. Theref...
Page 524
522 c hapter 27: bgp c onfiguration c ommands network syntax network ip-address [ address-mask ] [ route-policy route-policy-name ] undo network ip-address [ address-mask ] [ route-policy route-policy-name ] view bgp view parameter ip-address: network address that bgp advertises. Address-mask: mask ...
Page 525
Bgp configuration commands 523 peer advertise-community syntax peer group-name advertise-community undo peer group-name advertise-community view bgp view parameter group-name: name of a peer group. Description use the peer advertise-community command to enable the transmission of the community attri...
Page 526
524 c hapter 27: bgp c onfiguration c ommands example # specify to configure the repeating times of local as to 2. [3com-bgp] peer 1.1.1.1 allow-as-loop 2 peer as-number syntax peer group-name as-number as-number undo peer group-name as-number view bgp view parameter group-name: name of peer group. ...
Page 527
Bgp configuration commands 525 by default, the peer group has no as path list. This command can only be configured on the peer group. The acl-number specifies the number of the as path list. It is configured by the ip as-path-acl command rather than the acl command. Related command: peer as-path-acl...
Page 529
Bgp configuration commands 527 use the undo peer default-route-advertise command to cancel the existing configuration. By default, a peer group does not import the default route. For this command, no default route needs to exist in the routing table. A default route is sent unconditionally to a peer...
Page 530
528 c hapter 27: bgp c onfiguration c ommands view bgp view parameter group-name: specifies the name of the peer group. Ttl: maximum hop value. The range is 1 to 255. By default, the value is 64. Description use the peer ebgp-max-hop command to allow the router to establish ebgp connection with the ...
Page 531
Bgp configuration commands 529 peer filter-policy export syntax peer group-name filter-policy acl-number export undo peer group-name filter-policy acl-number export view bgp view parameter group-name: specifies the name of the peer group. Acl-number: specifies an ip acl number, ranging from 2000 to ...
Page 532
530 c hapter 27: bgp c onfiguration c ommands description use the peer filter-policy import command to configure the filter-policy list of the routes received by a peer/peer group. Use the undo peer filter-policy import command to cancel the existing configuration. By default, a peer/peer group has ...
Page 533
Bgp configuration commands 531 [3com-bgp] peer 10.2.2.2 graceful-restart # enable graceful-restart on an ebgp peer group named "test", and disable graceful-restart on peer 10.1.1.1 in this group. System-view [3com-bgp] group test external [3com-bgp] peer 10.1.1.1 group test as-number 200 [3com-bgp] ...
Page 534
532 c hapter 27: bgp c onfiguration c ommands view bgp view parameter group-name: name of peer group. Prefixname: name of the specified ip-prefix. It is a character string of 1 to 19 characters. Export: applies the filtering policy on the route transmitted to the specified peer/peer group. Descripti...
Page 535
Bgp configuration commands 533 by default, the route filtering policy of the peer/peer group is not specified. The priority of the inbound filter policy configured for the peer is higher than that configured for the peer group. Related command: peer ip-prefix export. Example # configure the route fi...
Page 536
534 c hapter 27: bgp c onfiguration c ommands simple: displays the configured password in simple text mode. Password: password in character string form with 1 to 16 characters when parameter simple is configured in the command or in the event of inputting the password in simple text mode but paramet...
Page 537
Bgp configuration commands 535 by default, private as number is carried when transmitting bgp update packets. Generally, bgp transmits bgp update packets with the as number (either public as number or private as number). To enable some outbound routers to ignore the as number when transmitting updat...
Page 538
536 c hapter 27: bgp c onfiguration c ommands view bgp view parameter group-name: name of peer group. Description use the peer reflect-client command to configure a peer group as the route reflector client. Use the undo peer reflect-client command to cancel the existing configuration. By default, th...
Page 540
538 c hapter 27: bgp c onfiguration c ommands description use the peer route-update-interval command to configure the interval for the transmission route of a peer group. Use the undo peer route-update-interval command to restore the interval to the default value. Example # configure the interval of...
Page 542
540 c hapter 27: bgp c onfiguration c ommands three types of routes may be involved in bgp: routes learned from external peers, routes learned from internal peers and local-originated routes. You can set preference values for the three types of route. Example # set the preference of ebgp routes, ibg...
Page 543
Bgp configuration commands 541 address: used as the interface address of the route reflector’s cluster id. Description use the reflector cluster-id command to configure the cluster id of the route reflector. Use the undo reflector cluster-id command to delete the cluster id of the route reflector. B...
Page 544
542 c hapter 27: bgp c onfiguration c ommands after the bgp connection is established, only incremental routes are sent. However, some special cases exist. For example, when the routing policy changes, the routes advertised to the peer or the advertised routes from the peer need refreshing so that t...
Page 545
Network-addre ss: resets the flap-info of a record at this ip address. Mask: network mask. Description use the reset bgp flap-info command to reset the flap-info of a route. Related command: dampening. Example # reset the flap-info of all the routes that go through filter list 1. Reset bgp flap-info...
Page 546
544 c hapter 27: bgp c onfiguration c ommands description use the reset dampening command to reset route attenuation information and release suppressed routes. Related command: dampening, display bgp routing-table dampened. Example # reset the route attenuation information of the specified route 20....
Page 547
Bgp configuration commands 545 holdtime-interval: sets the interval time value for hold time which ranges from 3 to 65535. By default, its value is 180 seconds. Description use the timer command to configure the keep-alive and hold-time timer of bgp. Use the undo timer command to restore the default...
Page 548
546 c hapter 27: bgp c onfiguration c ommands.
Page 549: Ip R
Ip routing policy configuration commands 547 28 ip r outing p olicy c onfiguration c ommands n in this chapter, a router refers to a general router or an ethernet switch. To improve readability, such a description of a router will not be given in the other parts of the manual. Ip routing policy conf...
Page 551
Ip routing policy configuration commands 549 undo apply cost view route policy view parameter value: specifies the route cost value of route information. Description use the apply cost command to configure the route cost value of route information. Use the undo apply cost command to cancel the apply...
Page 552
550 c hapter 28: ip r outing p olicy c onfiguration c ommands [3com-route-policy] apply cost-type internal apply ip next-hop syntax apply ip next-hop ip-address undo apply ip next-hop view route policy view parameter ip-address: the next-hop address. Description use the apply ip next-hop command to ...
Page 553
Ip routing policy configuration commands 551 description use the apply isis command to configure to apply the level of a matched route to be imported to level-1, level-2 or level-1-2. Use the undo apply isis command to cancel the apply sub-statement. By default, no apply clause is defined. Related c...
Page 554
552 c hapter 28: ip r outing p olicy c onfiguration c ommands view route policy view parameter igp: sets the bgp route information source as internal route. Egp: sets the bgp route information source as external route as-number: specifies as number of external route. Incomplete: sets the bgp route i...
Page 555
Ip routing policy configuration commands 553 display ip ip-prefix syntax display ip ip-prefix [ ip-prefix-name ] view any view parameter ip-prefix-name: specifies displayed address prefix list name. Description use the display ip ip-prefix command to view the address prefix list. If no ip-prefix-nam...
Page 556
554 c hapter 28: ip r outing p olicy c onfiguration c ommands example # display the information of route-policy named as policy1. Display route-policy policy1 route-policy : policy1 permit 10 : if-match (prefixlist) p1 apply cost 100 matched : 0 denied : 0 filter-policy export syntax filter-policy {...
Page 557
Ip routing policy configuration commands 555 the filtering conditions for the routing information to be advertised. Only the routing information passing the filtration can be advertised. Related command: filter-policy import. Example # define the filtering rules for advertising the routing informati...
Page 558
556 c hapter 28: ip r outing p olicy c onfiguration c ommands related command: filter-policy export. Example # define the filtering rule for receiving routing information of rip. Only the routing information filtered through the address prefix list p1 can be received by rip. [3com-rip] filter-policy...
Page 559
Ip routing policy configuration commands 557 description use the if-match as-path command to match the as path domain of the bgp routing information. Use the undo if-match as-path command to cancel the match of as path domain. By default, as path list number is not matched. This command is an if-mat...
Page 560
558 c hapter 28: ip r outing p olicy c onfiguration c ommands related command: route-policy, ip community-list. Example # first define a community-list numbered 1, allowing it to contain the routing information of as 100 and as 200. Then, define a route-policy named "test". An if-match sub-statement...
Page 561
Ip routing policy configuration commands 559 parameter interface-type: specifies interface type. Interface-number: specifies interface number. Description use the if-match interface command to configure to match the route whose next hop is designated interface. Use the undo if-match interface comman...
Page 562
560 c hapter 28: ip r outing p olicy c onfiguration c ommands by default, no if-match sub-statement is defined. This command is an if-match sub-statement of route-policy used to filter the routing information based on next hop address by referencing an acl or an address prefix list. Related command:...
Page 563
Parameter acl-number: number of as path list, ranging from 1 to 199. As-regular-expression: as regular expression. Description use the ip as-path-acl command to configure an as path regular express. Use the undo ip as-path-acl command to disable the defined regular expression. The configured as path...
Page 564
562 c hapter 28: ip r outing p olicy c onfiguration c ommands no-export: does not advertise routes beyond the as or the confederation, but can advertise routes to other sub-ass within the confederation. Comm-regular-expression: community attribute in regular expression format. Description use the ip...
Page 565
Greater-equal, less-equal: the address prefix range [greater-equal, less-equal] to be matched after the address prefix network len has been matched. The meaning of greater-equal is "larger than or equal to", and the meaning of less-equal is "less than or equal to". The range is len greater-equal les...
Page 566
564 c hapter 28: ip r outing p olicy c onfiguration c ommands deny: specifies the match mode of the defined route-policy node as deny mode. When a route satisfy all if-match sub-statements of this node and fails to pass the filtration, it will not tested by the next node. Node: node of the route pol...
Page 568
566 c hapter 29: r oute c apacity c onfiguration c ommands view system view parameter 256: sets the maximum number of vpn routing & forwarding instances (vrfs) supported by current system to 256. 512: sets the maximum number of vrfs supported by current system to 512. 1024: sets the maximum number o...
Page 570
568 c hapter 30: r ecursive r outing c onfiguration.
Page 572
570 c hapter 31: igmp s nooping c onfiguration c ommands view any view parameter none description use the display igmp-snooping configuration command to view the igmp snooping configuration information. When igmp snooping is enabled, the information displayed includes whether igmp snooping is enable...
Page 573
Igmp snooping configuration commands 571 ip multicast group address, member ports in the ip multicast group, mac multicast group, mac multicast group address, and the member ports in the mac multicast group. Example # display the multicast group information about vlan2. Display igmp-snooping group v...
Page 574
572 c hapter 31: igmp s nooping c onfiguration c ommands received igmp specific query packet(s) number:2. Received igmp v1 report packet(s) number:2. Received igmp v2 report packet(s) number:0. Received igmp leave packet(s) number:3. Received error igmp packet(s) number:0. Sent igmp specific query p...
Page 575
Igmp snooping configuration commands 573 ■ isolate-user-vlan supports the igmp-snooping function. After igmp-snooping is enabled under isolate-user-vlan, all secondary vlans are igmp-snooping enabled. It makes no sense to enable igmp-snooping for a secondary vlan. ■ in a secondary vlan, igmp packets...
Page 576
574 c hapter 31: igmp s nooping c onfiguration c ommands n ■ fast leaves that are configured in system view and ethernet port view operate separately. ■ fast leave works on all ports of the specified vlans if you configure it in system view. However, it only works on the current port (e.G., a port o...
Page 577
Igmp snooping configuration commands 575 # enable igmp snooping fast leave on the ethernet2/1/1 port in all vlans. Then disable the feature in vlan 3. System-view system view: return to user view with ctrl+z. [sw8800] interface ethernet2/1/1 [3com-ethernet2/1/1] igmp-snooping fast-leave [3com-ethern...
Page 578
576 c hapter 31: igmp s nooping c onfiguration c ommands groups. You can configure only one acl rule for each vlan, and the new configured rule will replace the old one. Use the undo igmp-snooping group-policy command to cancel the configuration. By default, no filtering rule is set in a vlan. In th...
Page 579
Igmp snooping configuration commands 577 this command is used to set the aging time of the multicast group member so that the refresh frequency can be controlled. When the group members change frequently, the aging time should be comparatively short, and vice versa. Related command: igmp-snooping. E...
Page 580
578 c hapter 31: igmp s nooping c onfiguration c ommands parameter none description use the igmp-snooping nonflooding-enable command to enable unknown multicast data packets not to be broadcasted within a vlan. Use the undo igmp-snooping nonflooding-enable command to disable unknown multicast data p...
Page 581
Multicast static routing port configuration commands 579 example # set the aging time of the igmp snooping router port to 500 seconds. System-view system view: return to user view with ctrl+z. [sw8800] igmp-snooping router-aging-time 500 reset igmp-snooping statistics syntax reset igmp-snooping stat...
Page 582
580 c hapter 31: igmp s nooping c onfiguration c ommands parameter port-number: port number of the port to be configured as a static routing port. Provide this argument in the format of interface-type interface-number, where the interface-type argument can only be ethernet port type. Vlan-id: id of ...
Page 583: Ulticast
32 m ulticast vlan c onfiguration c ommands multicast vlan configuration commands service-type multicast syntax service-type multicast undo service-type multicast view vlan view parameter none description use the service-type multicast command to configure the current vlan as multicast vlan. Use the...
Page 584
582 c hapter 32: m ulticast vlan c onfiguration c ommands.
Page 586
584 c hapter 33: m ulticast c ommon c onfiguration c ommands no distinction is made between known multicast and unknown multicast for multicast suppression. Related command: multicast-suppression. Example # set the broadcast suppression ratio to 40%. System-view system view: return to user view with...
Page 587
Multicast common configuration commands 585 parameter none description use the debugging multicast kernel-routing command to enable multicast kernel routing debugging functions. Use the undo debugging multicast kernel-routing command to disable the debugging functions. By default, the multicast kern...
Page 588
586 c hapter 33: m ulticast c ommon c onfiguration c ommands source-address: ip address of the multicast source. Description use the display mpm forwarding-table command to view the port-carrying multicast forwarding table information. When a group address or a source address is specified, this comm...
Page 589
Multicast common configuration commands 587 parameter vlan vlan-id: specifies the vlan the desired multicast group information resides in. If this key word and argument combination is not provided the command displays the information of all the multicast groups in the vlan. Ip-address: ip address of...
Page 591
Multicast common configuration commands 589 example # view the multicast forwarding table information. Display multicast forwarding-table multicast forwarding cache table total 2 entries 00001. (4.4.4.4, 224.2.254.84), iif vlan-interface1, 0 oifs matched 240 pkts(11288 bytes), wrong if 0 pkts forwar...
Page 592
590 c hapter 33: m ulticast c ommon c onfiguration c ommands vlan-interface interface-number: vlan interface number. Register: register interface of pim-sm. Description use the display multicast routing-table command to view the information of ip multicast routing table. C caution: you must use mult...
Page 593
Multicast common configuration commands 591 ip managed-multicast syntax ip managed-multicast undo ip managed-multicast view system view parameter none description use the ip managed-multicast command to enable the managed multicast function of the system. Use the undo ip managed-multicast to disable...
Page 594
592 c hapter 33: m ulticast c ommon c onfiguration c ommands related command: display local-user, service-type lan-access, multicast. Example # grant users permission to join the multicast group with the ip address of 225.10.10.10. System-view system view: return to user view with ctrl+z. [sw8800] l...
Page 595
Multicast common configuration commands 593 example # allow users to join the multicast group with the ip address of 225.10.10.10. System-view system view: return to user view with ctrl+z. [sw8800]local-user test [3com-luser-test] multicast 225.10.10.10. Multicast route-limit syntax multicast route-...
Page 596
594 c hapter 33: m ulticast c ommon c onfiguration c ommands multicast routing-enable syntax multicast routing-enable undo multicast routing-enable view system view parameter none description use the multicast routing-enable command to enable multicast routing. Use the undo multicast routing-enable ...
Page 597
Multicast common configuration commands 595 you can use the multicast-suppression command repeatedly. The effective multicast suppression ratio value is the one last updated. C caution: ■ you cannot enable both broadcast suppression and multicast suppression simultaneously on the same card. Namely, ...
Page 598
596 c hapter 33: m ulticast c ommon c onfiguration c ommands group-mask-length: mask length of multicast group address. Source-address: source address. Source-mask: mask of source address. Source-mask-length: mask length of source address. Incoming-interface: specifies incoming interface for the mul...
Page 599
Multicast common configuration commands 597 source-address: source address. Source-mask: mask of source address. Source-mask-length: mask length of source address. Incoming-interface: specifies incoming interface for the multicast forward entry. Vlan-interface interface-number: vlan virtual interfac...
Page 600
598 c hapter 33: m ulticast c ommon c onfiguration c ommands.
Page 601: Tatic
34 s tatic m ulticast mac a ddress c onfiguration c ommand static multicast mac address configuration command mac-address multicast syntax mac-address multicast mac-addr interface { { interface-type interface-number } [ to { interface-type interface-number } ] } & vlan vlan-id undo mac-address multi...
Page 602
600 c hapter 34: s tatic m ulticast mac a ddress c onfiguration c ommand the pim protocol must not be enabled on the corresponding virtual interface of the specified vlan. Related command: display mac-address multicast static. Example # add a new multicast mac address. The mac address is 0100-1000-1...
Page 603
Static multicast mac address configuration command 601 reset mac-address multicast syntax reset mac-address multicast view user view parameter none description use the reset mac-address multicast command to delete all static multicast mac groups. Related command: mac-address multicast example # dele...
Page 604
602 c hapter 34: s tatic m ulticast mac a ddress c onfiguration c ommand.
Page 606
604 c hapter 35: igmp c onfiguration c ommands parameter group-address: address of the multicast group. Vlan-interface interface-number: vlan interface number. Description use the display igmp group command to view the member information of the igmp multicast group. You can specify to show the infor...
Page 607
Igmp configuration commands 605 display igmp interface vlan-interface1 (10.153.17.99): igmp is enabled current igmp version is 2 value of query interval for igmp(in seconds): 60 value of other querier time out for igmp(in seconds): 120 value of maximum query response time for igmp(in seconds): 10 va...
Page 608
606 c hapter 35: igmp c onfiguration c ommands by default, igmp is disabled on an interface. You must enable the multicast function before this command can work, you must use this command first before you can configure other igmp features. Related command: multicast routing-enable. C caution: ■ if t...
Page 609
Igmp configuration commands 607 n ■ fast leaves that are configured in system view and ethernet port view operate separately. ■ fast leave works on all ports of the specified vlans if you configure it in system view. However, it only works on the current port (e.G., when a trunk port belong to multi...
Page 610
608 c hapter 35: igmp c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] igmp fast-leave [sw8800] undo igmp fast-leave vlan 5 # disable igmp fast leave in all vlans. System-view system view: return to user view with ctrl+z. [sw8800] undo igmp fast-leave igmp ...
Page 611
Igmp configuration commands 609 description use the igmp group-policy command to configure the filtering rule of multicast groups on a specified vlan so as to control the access to ip multicast groups. You can configure only one acl rule for each vlan, and the new configured rule will replace the ol...
Page 612
610 c hapter 35: igmp c onfiguration c ommands use the undo igmp host-join command to disable the configuration. By default, an interface does not join any multicast group. Related command: igmp group-policy. Example # add port ethernet 2/1/1 under vlan-interface10 to the multicast group 225.0.0.1. ...
Page 613
Igmp configuration commands 611 view interface view parameter seconds: time interval before igmp query router sends the igmp group query message after it receives the igmp leave message from the host. It is in the range of 1 to 5 seconds. By default, it is 1 second. Description use the igmp lastmemb...
Page 614
612 c hapter 35: igmp c onfiguration c ommands example # set the maximum response time carried in host-query message to 8 seconds. System-view system view: return to user view with ctrl+z. [sw8800]interface vlan-interface 10 [3com-vlan-interface10] igmp max-response-time 8 igmp-report enhance enable...
Page 615
Igmp configuration commands 613 parameter robust-value: igmp robust value, number of times the igmp query router sends igmp group query message after it receives the igmp leave message from the host. The value range is 2 to 5. The default value is 2. Description use the igmp robust-count command to ...
Page 616
614 c hapter 35: igmp c onfiguration c ommands example # set querier to expire after 300 seconds. System-view system view: return to user view with ctrl+z. [sw8800]interface vlan-interface 10 [3com-vlan-interface10] igmp timer other-querier-present 300 igmp timer query syntax igmp timer query second...
Page 617
Igmp configuration commands 615 description use the igmp version command to specify the version of igmp that a router uses. Use the undo igmp version command to restore the default value. The system does not automatic switching between different igmp versions. Therefore, all routers on a subnet must...
Page 618
616 c hapter 35: igmp c onfiguration c ommands reset igmp group interface vlan-interface10 225.1.1.0 255.2 55.255.0 igmp proxy configuration commands igmp proxy syntax igmp proxy interface-type interface-number undo igmp proxy view interface view parameter interface-type: proxy interface type. Inter...
Page 619: Pim C
36 pim c onfiguration c ommands pim configuration commands bsr-policy syntax bsr-policy acl-number undo bsr-policy view pim view parameter acl-number: acl number imported in bsr filtering policy, in the range of 2000 to 2999. Description use the bsr-policy command to limit the range of legal bsrs to...
Page 620
618 c hapter 36: pim c onfiguration c ommands be bsr, thus the routers cannot receive or forward bsr messages other than these two. Even legal bsrs cannot contest with them. Problems may still exist if a legal bsr is attacked, though these two measures can effectively guarantee high bsr security. Th...
Page 621
Pim configuration commands 619 related command: pim sm. Example # configure the ethernet switch as c-bsr with priority 2 (the c-bsr address is designated as the ip address of vlan-interface10 and the pim sm protocol is enabled on vlan-interface 10). System-view system view: return to user view with ...
Page 622
620 c hapter 36: pim c onfiguration c ommands [3com-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255 [3com-acl-basic-2000]quit [sw8800] multicast routing-enable [sw8800] pim [3com-pim] c-rp vlan-interface 10 group-policy 2000 crp-policy syntax crp-policy acl-number undo crp-policy view pim...
Page 626
624 c hapter 36: pim c onfiguration c ommands display pim interface syntax display pim interface [interface-type interface-number ] view any view parameter interface-type interface-number: interface type and interface number, used to specify the interface. Description use the display pim interface c...
Page 627
Pim configuration commands 625 parameter interface interface-type interface-number: interface type and interface number, used to specify the interface. Description use the display pim neighbor command to view the pim neighbor information discovered by the switch interface. If the interface type and ...
Page 628
626 c hapter 36: pim c onfiguration c ommands null: specifies the incoming interface type as null. Dense-mode: specifies the multicast routing protocol as pim-dm. Sparse-mode: specifies the multicast routing protocol as pim-sm. Description use the display pim routing-table command to view the conten...
Page 629
Pim configuration commands 627 in addition, this command can also display the bsr and static rp information. Example # view the rp information of multicast group. Display pim rp-info pim-sm rp-set information: bsr is: 20.20.20.20 group/masklen: 224.0.0.0/4 rp 20.20.20.20 version: 2 priority: 0 uptim...
Page 630
628 c hapter 36: pim c onfiguration c ommands example # enter the pim view. System-view system view: return to user view with ctrl+z. [sw8800] multicast routing-enable [sw8800] pim [3com-pim] pim bsr-boundary syntax pim bsr-boundary undo pim bsr-boundary view interface view parameter none descriptio...
Page 631
Pim configuration commands 629 view vlan interface view parameter none description use the pim dm command to enable pim-dm. Use the undo pim dm command to disable pim-dm. By default, pim-dm is disabled. Before enabling pim-dm, you must execute the multicast routing-enable command in system view to e...
Page 632
630 c hapter 36: pim c onfiguration c ommands [sw8800]interface vlan-interface 10 [3com-vlan-interface10] pim neighbor-limit 50 pim neighbor-policy syntax pim neighbor-policy acl-number undo pim neighbor-policy view interface view parameter acl-number: basic acl number, in the range of 2000 to 2999....
Page 633
Pim configuration commands 631 use the undo pim sm command to disable the pim-sm protocol. By default, pim-sm is disabled. Users need to configure the pim-sm protocol on each interface. Generally, the pim-sm protocol needs to be enabled on each interface. Related command: multicast routing-enable. E...
Page 634
632 c hapter 36: pim c onfiguration c ommands example # set the time interval to send hello packets for vlan-interface10 to 40 seconds. System-view system view: return to user view with ctrl+z. [sw8800]interface vlan-interface 10 [3com-vlan-interface10] pim timer hello 40 register-policy syntax regi...
Page 635
Pim configuration commands 633 neighbor-address: neighbor address. Interface interface-type interface-number: specifies interface. Description use the reset pim neighbor command to clear a pim neighbor. Related command: display pim neighbor. Example # clear the pim neighbor 25.5.4.3. Reset pim neigh...
Page 636
634 c hapter 36: pim c onfiguration c ommands must be 224.0.0.0, and source address has no mask), then it means only the (*, *, rp) item will be cleared. If in this command, the group-address is any a group address, and source-address is 0 (where group address can have a mask, and source address has...
Page 637
Pim configuration commands 635 system-view system view: return to user view with ctrl+z. [sw8800] multicast routing-enable [sw8800] pim [3com-pim] source-policy 2000 [3com-pim] quit [sw8800] acl number 2000 [3com-acl-basic-2000] rule permit source 10.10.1.2 0 [3com-acl-basic-2000] rule deny source 1...
Page 638
636 c hapter 36: pim c onfiguration c ommands example # configure 10.110.0.6 as a static rp. System-view system view: return to user view with ctrl+z. [sw8800] multicast routing-enable [sw8800] pim [3com-pim] static-rp 10.110.0.6 # remove the static rp with the ip address of 10.110.0.6. System-view ...
Page 639: Msdp C
37 msdp c onfiguration c ommands n an ethernet switch functions as a router when it supports the layer 3 protocols. A router that is referred to in the following represents a generalized router or a layer 3 ethernet switch running related protocols. Msdp configuration commands cache-sa-enable syntax...
Page 640
638 c hapter 37: msdp c onfiguration c ommands view user view parameter all: all the debugging information of msdp. Connect: debugging information of msdp peer connection reset. Event: debugging information of msdp event. Packet: debugging information of msdp packet. Source-active: debugging informa...
Page 641
Msdp configuration commands 639 parameter peer-address: address of msdp peer. Description use the display msdp peer-status command to view the detailed information of msdp peer. Related command: peer. Example # display the detailed information of the msdp peer 10.110.11.11. Display msdp peer-status ...
Page 642
640 c hapter 37: msdp c onfiguration c ommands autonomous-system-number: autonomous system number. Displays (s, g) entries from specified autonomous system. Description use the display msdp sa-cache command to view (s, g) state learnt from msdp peer. Only cache-sa-enable command is configured, can c...
Page 643
Msdp configuration commands 641 import-source syntax import-source [ acl acl-number ] undo import-source view msdp view parameter acl-number: number of basic or advanced ip acl, ranging from 2000 to 3999, controlling which sources sa messages will advertise and to which groups it will be sent in the...
Page 644
642 c hapter 37: msdp c onfiguration c ommands description use the msdp command to enable msdp and enter the msdp view. Use the undo msdp command to clear all configurations of msdp, release all resources that msdp occupies, and restore the initial state. Related command: peer. Example # clear all c...
Page 645
Msdp configuration commands 643 msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20 max-hops 10 sa- info peer-info msdp tracert: press ctrl_c to break d-bit: set if have this (s,g) in cache but with a different rp rp-bit: set if this router is an rp nc-bit: set if this router is not caching sa’s c-bit: set...
Page 646
644 c hapter 37: msdp c onfiguration c ommands undo originating-rp view msdp view parameter interface-type: interface type. Interface-number: interface number. Description use the originating-rp command to allow a msdp to use the ip address of specified interface as the rp address when the sa messag...
Page 647
Msdp configuration commands 645 example # configure the router using ip address 125.10.7.6 as an msdp peer of the local router. System-view system view: return to user view with ctrl+z. [sw8800] msdp [3com-msdp] peer 125.10.7.6 connect-interface vlan-interface 10 peer description syntax peer peer-ad...
Page 648
646 c hapter 37: msdp c onfiguration c ommands parameter name: name of a mesh group, being case sensitive. The maximum length is 32 characters. Peer-address: address of an msdp peer to be a member of the mesh group. Description use the peer mesh-group command to configure an msdp peer to join an mes...
Page 649
Msdp configuration commands 647 [sw8800] msdp [3com-msdp] peer 110.10.10.1 minimum-ttl 10 peer request-sa-enable syntax peer peer-address request-sa-enable undo peer peer-address request-sa-enable view msdp view parameter peer-address: address of msdp peer. Description use the peer request-sa-enable...
Page 650
648 c hapter 37: msdp c onfiguration c ommands use the undo peer sa-cache-maximum command to restore the default configuration. By default, the maximum number of sa caches is 2048. This configuration is recommended for all msdp peers in the networks possibly attacked by dos. Related command: display...
Page 651
Msdp configuration commands 649 [3com-acl-adv-3000] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255 [3com-acl-adv-3000] quit [sw8800] msdp [3com-msdp] peer 125.10.7.6 connect-interface vlan-interface 10 [3com-msdp] peer 125.10.7.6 sa-policy export acl 3000 peer sa-requ...
Page 652
650 c hapter 37: msdp c onfiguration c ommands view user view parameter peer-address: address of msdp peer. Description use the reset msdp peer command to reset tcp connection with the specified msdp peer, and clear all the statistics of the specified msdp peer. Related command: peer. Example # clea...
Page 653
Msdp configuration commands 651 description use the reset msdp statistics command to clear statistics of one or more msdp peers without resetting the msdp peer. Example # clear the statistics of the msdp peer 25.10.7.6. Reset msdp statistics 125.10.7.6 shutdown syntax shutdown peer-address undo shut...
Page 654
652 c hapter 37: msdp c onfiguration c ommands which passes filtering. If no filter policy is configured, the router will still accept all sa messages from the static rpf peer. Description use the static-rpf-peer command to configure static rpf peer. Use the undo static-rpf-peer command to remove th...
Page 655
Related command: peer. Example # configure the connection request re-try period to 60 seconds. System-view system view: return to user view with ctrl+z. [sw8800] msdp [3com-msdp] timer retry 60
Page 656
654 c hapter 37: msdp c onfiguration c ommands.
Page 658
656 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands use the undo aggregate command to disable this function. By default, no route is aggregated. Use the aggregate command without parameters to create one local aggregated route and set atomic aggregation attributes. Example # create ...
Page 659
Mbgp multicast extension configuration commands 657 undo debugging bgp mp-update view user view parameter receive: debugs the mbgp update messages received. Send: debugs the mbgp update messages sent. Verbose: debugs detailed information. Description use the debugging bgp mp-update command to enable...
Page 660
658 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands [3com-bgp] ipv4-family multicast [3com-bgp-af-mul] default local-preference 180 default med syntax default med med-value undo default med view ipv4 multicast sub-address family view parameter med-value: med value, in the range of 0...
Page 661
Mbgp multicast extension configuration commands 659 example # view the information about the peer group named my_peer. Display bgp multicast group my_peer display bgp multicast network syntax display bgp multicast network view any view parameter none description use the display bgp multicast network...
Page 662
660 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands parameter ip-address: ip address of the network segment whose mbgp routing information with specified ip address. Description use the display bgp multicast routing-table command to view mbgp routing information. Example # display m...
Page 664
662 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands display bgp multicast routing-table different-origin-as syntax display bgp multicast routing-table different-origin-as view any view parameter none description use the display bgp multicast routing-table different-origin-as command...
Page 665
Mbgp multicast extension configuration commands 663 view any view parameter as-regular-expression: as regular expression matched. Description use the display bgp multicast routing-table regular-expression command to view the routing information matching the specified as regular expression. Example #...
Page 666
664 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands [sw8800] bgp 100 [3com-bgp] ipv4-family multicast [3com-bgp-af-mul] filter-policy 2000 export filter-policy import syntax filter-policy gateway ip-prefix-name import undo filter-policy gateway ip-prefix-name import filter-policy { ...
Page 667
Mbgp multicast extension configuration commands 665 undo import-route protocol view ipv4 multicast sub-address family view parameter protocol: source routing protocols that can be imported, which can be direct, ospf, ospf-ase, ospf-nssa, rip, isis and static. Med-value: metric value loaded by an imp...
Page 668
666 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] bgp 100 [3com-bgp] ipv4-family multicast [3com-bgp-af-mul] network syntax network ip-address [ address-mask ] [ route-policy route-policy-name ] undo network ip-add...
Page 669
Mbgp multicast extension configuration commands 667 use the undo peer advertise-community command to remove the configuration. By default, no community attribute is sent to any peer group. Example # set to send community attributes to peer group "test". System-view system view: return to user view w...
Page 670
668 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands view ipv4 multicast sub-address family view parameter group-name: name of the peer group. Peer-address: ip address of the peer; uses dotted decimal notation. Acl-number: filter list number of an as regular expression, in the range ...
Page 671
Mbgp multicast extension configuration commands 669 description use the peer as-path-acl import command to configure filtering policy of mbgp received routes based on as path list. Use the undo peer as-path-acl import command to cancel the existing configuration. By default, the peer/peer group has ...
Page 672
670 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands peer filter-policy export syntax peer group-name filter-policy acl-number export undo peer group-name filter-policy acl-number export view ipv4 multicast sub-address family view parameter group-name: name of the peer group. Acl-num...
Page 673
Mbgp multicast extension configuration commands 671 acl-number: number of ip acl, ranging from 2000 to 3999. That is, you can use basic acls or advanced acls. Description use the peer filter-policy import command to configure the peer to apply the acl-based filter policy to the received routes. Use ...
Page 674
672 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands [3com-bgp] group test external. [3com-bgp] peer test as-number 2004 [3com-bgp] peer 10.1.1.1 group test [3com-bgp] ipv4-family multicast [3com-bgp-af-mul] peer test enable [3com-bgp-af-mul] peer 10.1.1.1 group test peer ip-prefix e...
Page 675
Mbgp multicast extension configuration commands 673 peer-address: ip address of the peer, in dotted decimal format. Prefixname: name of the specified ip-prefix, a character string of 1 to 19 characters. Description use the peer ip-prefix import command to configure the route filtering policy of rout...
Page 676
674 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands [3com-bgp] ipv4-family multicast [3com-bgp-af-mul] peer test next-hop-local peer public-as-only syntax peer group-name public-as-only undo peer group-name public-as-only view ipv4 multicast sub-address family view parameter group-n...
Page 677
Mbgp multicast extension configuration commands 675 description use the peer reflect-client command to configure a peer (group) as a client of the route reflector. Use the undo peer reflect-client command to remove the configuration. By default, there is no route reflector in the autonomous system. ...
Page 679
Mbgp multicast extension configuration commands 677 use the undo preference command to restore the default priority. You can configure different priority values for different types of mbgp routes. Example # set the priority of ebgp, ibgp and local routes all to 170. System-view system view: return t...
Page 680
678 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands view user view parameter all: refreshes multicast sub-address family router of all peer . Peer-address: multicast sub-address family router of the specified address peer. Group-name: multicast sub-address family router of all membe...
Page 681
Mbgp multicast extension configuration commands 679 example # specify cluster id for local router, one of the router reflectors. System-view system view: return to user view with ctrl+z. [sw8800] bgp 100 [3com-bgp] ipv4-family multicast [3com-bgp-af-mul] reflector cluster-id 80 [3com-bgp-af-mul] pee...
Page 682
680 c hapter 38: mbgp m ulticast e xtension c onfiguration c ommands.
Page 684
682 c hapter 39: mpls b asic c onfiguration c ommands this command is used to the debug mpls lspm. As running the debugging will affect the performance of the 3com switch 8800 family series routing switches, you are recommended to use the command with caution. Example # enable all mpls vpn debugging...
Page 685
Mpls basic configuration commands 683 description use the display mpls lsp command to display lsp information. By default, the display mpls lsp command displays all lsp information. Related command: display mpls interface, display mpls statistics and display static-lsp. Example # display all the lsp...
Page 687
Mpls basic configuration commands 685 description use the lsp-trigger command to configure topology-triggered lsp creation policy. Use the undo lsp-trigger command to remove the filtering conditions specified by parameters and disable lsp trigger creation at any route. By default, all kinds of routi...
Page 688
686 c hapter 39: mpls b asic c onfiguration c ommands system-view [sw8800] mpls [3com-mpls] # execute the mpls command in interface view. [sw8800] vlan 201 [3com-vlan201] port gigabitethernet 2/1/1 [3com-vlan201] quit [sw8800] interface vlan-interface 201 [3com-vlan-interface201] mpls % info: mpls i...
Page 689
Mpls basic configuration commands 687 parameter none description use the snmp-agent trap enable ldp command to enable trap function in mpls ldp creation. Use the undo snmp-agent trap enable ldp command to disable trap function in mpls ldp creation. By default, trap function is not enabled during mpl...
Page 690
688 c hapter 39: mpls b asic c onfiguration c ommands parameter lsp-name: lsp name interface-type interface-number: interface type, interface number. In-label-value: value of inbound label, ranging 3 (implicit empty label) and from 16 to 1023. Description use the static-lsp egress command to configu...
Page 691
Mpls basic configuration commands 689 example # configure a static lsp for the ingress lsr heading for the destination address 202.25.38.1. System-view [sw8800] mpls [3com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33 out-label 237 static-lsp transit syntax static-ls...
Page 693
Ldp configuration commands 691 description use the display mpls ldp command to display ldp and lsr information. By default, it displays information of ldp and lsr. Related command: mpls ldp, mpls ldp hops-count, mpls ldp loop-detection and mpls ldp path-vectors. Example # display ldp and lsr informa...
Page 695
Ldp configuration commands 693 interface vlan-interface23(address=23.23.23.2): label distributing enabled,bound to entity:2.2.2.2:0 generic label range configured:16 - 44800 label advertisement mode: downstream-unsolicited configured keepalive hold time:60, configured hello hold time:15 negotiated h...
Page 696
694 c hapter 39: mpls b asic c onfiguration c ommands 7 prefix 16.16.16.0/24 3 ---- 0 1 16.16.16.16 vlan16 8 prefix 16.16.16.0/24 3 ---- 0 1 16.16.16.16 vlan16 9 prefix 22.22.22.0/24 3 ---- 0 1 22.22.22.2 vlan22 liberal 1.1.0.5/32 ---- 1024 --- 2 -------- ------ 10 prefix 1.1.0.5 1024 3 0 1 23.23.23...
Page 697
Ldp configuration commands 695 peer type: remote peer rowstatus: active local ldp id: 2.2.2.2:0 peer ldp id: 1.1.1.1:0 internetwork address type: ipv4 internetwork address: 1.1.1.1 maximum peer pdu length: 4096 peer keepalive hold time: 60 peer distribution method: downstream unsolicited peer type: ...
Page 698
696 c hapter 39: mpls b asic c onfiguration c ommands by default, you can view all the remote-peer configurations. Related command: mpls ldp remote-peer and remote-ip. Example # display the remote-peer configuration. Display mpls ldp remote displaying information about all ldp remote peers: remote i...
Page 699
Ldp configuration commands 697 by default, it displays the session between peer entities. Related command: mpls ldp enable. Example # display the session between peer entities. Display mpls ldp session displaying information about all sessions local ldp id: 1.1.1.9:5; peer ldp id: 4.4.4.9:0 tcp conn...
Page 700
698 c hapter 39: mpls b asic c onfiguration c ommands view vlan interface view parameter none description use the mpls ldp enable command to enable ldp on a vlan interface. Use the mpls ldp disable command to disable ldp on a vlan interface. By default, ldp is disabled on an interface. To enable an ...
Page 701
Ldp configuration commands 699 example # set the maximum hop count of loop detection to 22. System-view [sw8800] mpls ldp hops-count 22 # set the maximum hop count of loop detection to its default value 32. [sw8800] undo mpls ldp hops-count mpls ldp loop-detect syntax mpls ldp loop-detect undo mpls ...
Page 702
700 c hapter 39: mpls b asic c onfiguration c ommands ip-prefix-name: name of ip address prefix list. Description use the mpls ldp label-accept command to control the acceptance of label binding through the ip address prefix filtering policy when a label mapping event is received. Use the undo mpls ...
Page 703
Ldp configuration commands 701 example # first, configure the ip prefix corresponding to the fec address prefix. System-view [sw8800]ip ip-prefix fec1 index 1 permit 1.1.1.1 32 [sw8800]ip ip-prefix fec1 index 2 permit 1.1.1.2 32 # then, configure the ip prefix for the peer address used for advertise...
Page 704
702 c hapter 39: mpls b asic c onfiguration c ommands example # configure the ldp authentication mode as md5, plain-text password 123. System-view [sw8800] interface vlan-interface 201 [3com-vlan-interface201] mpls ldp password simple 123 mpls ldp path-vectors syntax mpls ldp path-vectors pv-number ...
Page 705
Ldp configuration commands 703 description use the mpls ldp remote-peer command to create a remote-peer entity and enter remote-peer view. Use the undo mpls ldp remote-peer command to delete a remote-peer entity. You can use this command to create a remote-peer and accordingly create a remote-sessio...
Page 707
Ldp configuration commands 705 you can usually use the default values if not in special cases, note that you must reset the session to validate new values if you do modify these timer parameters. Related command: mpls ldp and mpls ldp enable. Example # modify the hold time of the hello timer to 30 s...
Page 708
706 c hapter 39: mpls b asic c onfiguration c ommands [3com-vlan-interface201] mpls ldp transport-ip 10.1.11.2 remote-ip syntax remote-ip remoteip view remote-peer view parameter remoteip: ip address of the remote-peer. Description use the remote-ip command to configure a remote-ip address. The addr...
Page 709: Bgp/mpls Vpn C
40 bgp/mpls vpn c onfiguration c ommands n refer to the 05-routing protocol commands module of the 3com switch 8800 family command manual for the details about the if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply local-...
Page 710
708 c hapter 40: bgp/mpls vpn c onfiguration c ommands the function of the keywords involved in the above commands is shown in the following table. Example # create an aggregation entry in the bgp routing table of vpn instance. [3com-bgp-af-vpn-instance] aggregate 192.213.0.0 255.255.0.0 apply mpls-...
Page 712
710 c hapter 40: bgp/mpls vpn c onfiguration c ommands view vpnv4 sub-address family view parameter value: value of the local precedence, ranging from 0 to 4294967295. A greater value enjoys higher precedence. The default local precedence is 100. Description use the default local-preference command ...
Page 713
Ldp configuration commands 711 description syntax description vpn-instance-description undo description view vpn-instance view parameter vpn-instance-description: specifies the description of a specified vpn instance. Description use the description command to configure description for a specified v...
Page 714
712 c hapter 40: bgp/mpls vpn c onfiguration c ommands description use the display bgp vpnv4 command to view the vpn address in bgp table. Example # display all the bgp vpnv4 routing tables. Display bgp vpnv4 all routing-table flags: # - valid ^ - active i - internal d - damped h - history s - aggre...
Page 716
714 c hapter 40: bgp/mpls vpn c onfiguration c ommands description use the display ip vpn-instance command to view the information related to vpn-instance, such as rd, description, and interfaces of the vpn instance. Example # display the information about vpn-instance vpn 1. Display ip vpn-instance...
Page 717
Ldp configuration commands 715 # display mpls l3vpn ingress lsp information on pe (provider edge). Display mpls l3vpn-lsp ingress ------------------------------------------------------------------- lsp information: l3vpn ingress lsp -------------------------------------------------------------------...
Page 718
716 c hapter 40: bgp/mpls vpn c onfiguration c ommands display rip vpn-instance syntax display rip vpn-instance vpn-instance-name view any view parameter vpn-instance vpn-instance-name: specifies a vpn instance name. Description use the display rip vpn-instance command to view the configuration rela...
Page 719
Ldp configuration commands 717 from ospf internal routes, it is required to restore the attributes of bgp routes when they are imported to ospf at the remote end. To achieve this goal, we can configure a domain-id for each ospf domain. A domain-id is attached to a bgp/vpn route when an ospf route is...
Page 721
Ldp configuration commands 719 parameter group-name: name of a neighbor peer group. It can be expressed in string of letters and numbers from 1 to 47 in length. Internal: creates an internal peer group. External: creates an external peer group including other sub-as groups in federation. Description...
Page 722
720 c hapter 40: bgp/mpls vpn c onfiguration c ommands undo if-match vpn-target view route-policy view parameter vpn-target: route vpn-target attribute values used for matching, in asn:nn or ip-address:nn format. Count: number of the route vpn-target values used for matching, in the range of 2 to 65...
Page 724
722 c hapter 40: bgp/mpls vpn c onfiguration c ommands description use the ip binding vpn-instance command to bind a vlan interface to a vpn-instance. Use the undo ip binding vpn-instance command to delete the binding. By default, global routing table is used. You need to reconfigure the ip address ...
Page 725
Ldp configuration commands 723 preference-value: specifies preference value, ranging from 1 to 255, by default it is 60. Public: configures a route as public network route. Reject: configures a route as unreachable. Blackhole: configures a route as blackhole. Description use the ip route-static vpn-...
Page 727
Ldp configuration commands 725 [sw8800] bgp 100 [3com-bgp] ipv4-family vpn-instance abc [3com-bgp-af-vpn-instance] # enter vpnv4 sub-address family view. [sw8800] bgp 100 [3com-bgp] ipv4-family vpnv4 unicast [3com-bgp-af-vpn] nesting-vpn syntax nesting-vpn undo nesting-vpn view bgp-vpnv4 sub-address...
Page 728
726 c hapter 40: bgp/mpls vpn c onfiguration c ommands description use the network command to configure the network route advertised to the outside by local bgp. Use the undo network command to cancel the configuration. By default, local bgp does not advertise any route to the outside. Example # con...
Page 729
Ldp configuration commands 727 if you enable an ospf process without specifying a router id, and the process is to be bound to a vpn instance, the vpn instance should have an interface that is configured with an ip address. If you want to bind a process to a vpn instance, you must specify the vpn in...
Page 730
728 c hapter 40: bgp/mpls vpn c onfiguration c ommands [sw8800] ospf 100 router-id 2.2.2.2 vpn-instance vpn1 [3com-ospf-100] peer advertise-community syntax peer group-name advertise-community undo peer group-name advertise-community view vpnv4 sub-address family view, vpn-instance sub-address famil...
Page 731
Ldp configuration commands 729 description use the peer allow-as-loop command to allow loop in the route updates in the hub & spoke networking mode. Use the undo peer allow-as-loop command to prohibit loop in the route updates. By default, loop is prohibited in the received routing updates; by using...
Page 732
730 c hapter 40: bgp/mpls vpn c onfiguration c ommands example # set the opposite as number of a specified peer (group) to 100. [3com-bgp] ipv4-family vpn-instance test [3com-bgp-af-vpn-instance] peer test as-number 100 peer as-path-acl export syntax peer group-name as-path-acl acl-number export und...
Page 733
Ldp configuration commands 731 acl-number: as regular expression acl number, ranging 1 to 199. Import: filters the received routes with as path list. Description use the peer as-path-acl import command to configure peers from filter received routing information with routing filtering policy based on...
Page 734
732 c hapter 40: bgp/mpls vpn c onfiguration c ommands example # allow the internal bgp session to use any operable interface for a tcp connection. [3com-bgp] ipv4-family vpn-instance test [3com-bgp-af-vpn-instance] peer 1.1.1.1 connect-interface loopback 0 peer default-route-advertise syntax peer g...
Page 735
Ldp configuration commands 733 description use the peer default-route-advertise vpn-instance command to enable a peer to import a default route. Use the undo peer default-route-advertise vpn-instance to restore the configuration. By default, a peer does not import a default route. This command does ...
Page 736
734 c hapter 40: bgp/mpls vpn c onfiguration c ommands peer ebgp-max-hop syntax peer group-name ebgp-max-hop [ ttl ] undo peer group-name ebgp-max-hop view vpn-instance sub-address family view parameter group-name: name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. Peer-ad...
Page 737
Ldp configuration commands 735 example # enable the peer group 168. [3com-bgp] ipv4-family vpnv4 [3com-bgp-af-vpn] peer 168 enable peer filter-policy export syntax peer group-name filter-policy acl-number export undo peer group-name filter-policy acl-number export view vpnv4 sub-address family view,...
Page 738
736 c hapter 40: bgp/mpls vpn c onfiguration c ommands parameter group-name: name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. Peer-address: peer ip address, in dotted decimal notation. Acl-number: ip acl number from 2000 to 3999, that is, you can use basic or advanced ac...
Page 739
Ldp configuration commands 737 in bgp view and vpn-instance sub-address family view, when adding a peer to an external group out of an as, you need to specify an as number. When adding a peer to an internal group or an external group in an as, the as number is not needed. A peer must have been added...
Page 741
Ldp configuration commands 739 use the undo peer label-route-capability command to disable a peer group from handling the label-carried ipv4 routes. By default, a bgp peer group cannot handle label-carried ipv4 routes. Example # enable ibgp peer group and ebgp peer group to handle the label-carried ...
Page 742
740 c hapter 40: bgp/mpls vpn c onfiguration c ommands peer-address: peer ip address in dotted decimal notation. Cipher: displays the password in cipher text. Simple: displays the password in plain text. Password: password string. When you provide the cipher argument but input the password in plain ...
Page 743
Ldp configuration commands 741 use the undo peer public-as-only command to configure bgp to carry private as numbers when transmitting update packets. By default, private as numbers are carried when bgp transmits update packets. Generally, bgp carries as number (either public or private as number) w...
Page 744
742 c hapter 40: bgp/mpls vpn c onfiguration c ommands view vpnv4 sub-address family view, vpn-instance sub-address family view parameter group-name: name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. Policy-name: name of a routing policy. Description use the peer route-po...
Page 745
Ldp configuration commands 743 the incoming filtering policy configured for peers take precedence over the configuration for peer groups. Related command: peer route-policy export. Example # apply the routing policy test-policy to the incoming routes of the peer group test. [3com-bgp] ipv4-family vp...
Page 746
744 c hapter 40: bgp/mpls vpn c onfiguration c ommands parameter group-name: name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. Peer-address: peer ip address in dotted decimal notation. Keepalive-interval: interval, in seconds, of sending the keepalive message. It ranges f...
Page 747
Ldp configuration commands 745 undo peer group-name vpn-instance vpn-instance-name enable view bgp-vpnv4 sub-address family view parameter group-name: name of a peer group. Vpn-instance-name: name of the vpn instance the ce peer belongs to. Enable: enables vpnv4 function for the ce. Description use ...
Page 748
746 c hapter 40: bgp/mpls vpn c onfiguration c ommands example # add a ce neighbor to a peer group. [3com-bgp] ipv4-family vpn-instance vrf1 [3com-bgp-af-vpn-instance] peer 1.1.1.1 group ebgp as-number 600 [3com-bgp-af-vpn-instance] quit [3com-bgp] ipv4-family vpnv4 [3com-bgp-af-vpn] peer 1.1.1.1 vp...
Page 749
Ldp configuration commands 747 parameter none description use the policy vpn-target command to configure to filter the vpn-target extended community attributes of received routing information. Use the undo policy vpn-target command to cancel the setting. By default, the filtering of vpn-target exten...
Page 750
748 c hapter 40: bgp/mpls vpn c onfiguration c ommands view fast ethernet port view parameter none description use the port vpn-range share-mode command to set the range of mpls/vpn vlan vlan-id on the interface to 4k. Use the undo port vpn-range share-mode command to restore the default mpls/vpn vl...
Page 751
Ldp configuration commands 749 example # set the preference of the preference of the routes learned from the ebgp peer to 2, the preference of the routes learned from the ibgp peer to 3 and the preference of the local routes to 4. [3com-bgp-af-vpn-instance] preference 2 3 4 reflect between-clients s...
Page 752
750 c hapter 40: bgp/mpls vpn c onfiguration c ommands use the undo reflector cluster-id command to delete the configuration. By default, each router reflector uses his own id as a cluster id. Usually, one cluster has one router reflector. And it is the router id of the reflector to identify this cl...
Page 753
Ldp configuration commands 751 route-tag syntax route-tag tag-number undo route-tag view ospf protocol view parameter tag-number: tag value to identify vpn import route, in the range of 0 to 4294967295. By default, its first two bytes are fixed to 0xd000, while the last two bytes are the asn of loca...
Page 754
752 c hapter 40: bgp/mpls vpn c onfiguration c ommands ospf: reboot the system or use the ’reset ospf id’ command for this to take effect timer syntax timer keep-alive keepalive-interval hold holdtime-interval undo timer view vpn-instance sub-address family view parameter keepalive-interval: time in...
Page 756
754 c hapter 40: bgp/mpls vpn c onfiguration c ommands description use the routing-table limit command to limit the route maximum in a vpn-instance. Use the undo routing-table limit command to cancel the limitation. It is necessary to enter a vpn-instance sub-view before using the routing-table comm...
Page 757
Ldp configuration commands 755 key: authentication on the interface. Keyid is from 1 to 255 and key is a string up to 16 characters. It must be consistent with the authentication of a sham-link peer. When the display current-configuration command is executed, the system displays the 24-character md5...
Page 758
756 c hapter 40: bgp/mpls vpn c onfiguration c ommands ■ the source and destination addresses of a sham link cannot be the same. ■ the same sham link cannot be configured for different ospf processes. ■ 50 sham links can be configured for an ospf process at most. Example # configure a sham-link, wit...
Page 759
Ldp configuration commands 757 use the undo vlan vpn-range command to restore the default mpls label range for the card. After vpn-range is enabled on the card, the range of mpls/vpn vlan vlan-id that can be configured on the 12 interfaces on the card is 4k, but not the default value of 1k. Related ...
Page 760
758 c hapter 40: bgp/mpls vpn c onfiguration c ommands they both support multi-vpn-instance, multi-vpn-instance ce does not necessarily support bgp/ospf interoperability. When an ospf process is bound to a vpn instance, the default ospf router is pe router. This command will remove the default setti...
Page 761
Ldp configuration commands 759 description use the vpn-target command to create a vpn-target extended community for vpn-instance. Use the undo vpn-target command to remove the vpn-target extended community attributes. By default, the default value is both. Use the vpn-target command to create ingres...
Page 762
760 c hapter 40: bgp/mpls vpn c onfiguration c ommands.
Page 764
762 c hapter 41: mpls vll c onfiguration c ommands example # create a remote ccc connection, with the name of clink, the transmitting lsp of tlsp, and the receiving lsp of rlsp. [sw8800] ccc clink interface vlan-interface 201 transmit-lsp tlsp receive-lsp rlsp # create a local ccc connection, with t...
Page 765
Ccc configuration commands 763 view any view parameter ccc-name: name of the ccc connection whose information is to be displayed. Type local: displays information about the local ccc connections only. Type remote: displays information about the remote ccc connections only. Description use the displa...
Page 766
764 c hapter 41: mpls vll c onfiguration c ommands [3com-mpls] static-lsp egress bj-sh l2vpn incoming-interface vlan- interface 201 in-label 233 static-lsp ingress syntax static-lsp ingress lsp-name l2vpn nexthop next-hop-addr out-label out-label undo static-lsp ingress lsp-name view mpls view param...
Page 767
Martini mpls l2vpn configuration commands 765 out-label: value of the out-label, ranging from 16 to 1,023. Description use the static-lsp transit command to create a static l2vpn lsp for the midway transmitting lsr. Use the undo static-lsp transit command to remove the static l2vpn lsp created for t...
Page 768
766 c hapter 41: mpls vll c onfiguration c ommands interface: vlan-interface1001state: down, encapsulation: ethernet, service: vll vc-id: 10001, vc state: down, destination: 1.1.1.1 group id: local 0, remote 0, vc label: local 32771, remote 0, tunnel type: lsp, tunnel index: 23 mpls l2vc syntax mpls...
Page 769
Kompella mpls l2vpn configuration commands 767 id: ce id, which is used to uniquely identify a ce in the vpn. This argument ranges from 0 to 499. Offset: specifies the default original ce offset. Range: ce range, the maximum number of ces that can be connected to the ce. This argument ranges from 1 ...
Page 770
768 c hapter 41: mpls vll c onfiguration c ommands you need to configure the route distinguisher (rd) for the mpls l2vpn before creating a ce connection. Related command: mpls l2vpn encapsulation. Example # create a ce connection. [sw8800] mpls l2vpn vpna [3com-l2vpn-vpna] ce ce-a id 1 range 4 [3com...
Page 771
Kompella mpls l2vpn configuration commands 769 parameter vsi-name: name of the vpn instance. Local-ce: displays the state and configuration of the local ce of a specified vpn instance. Remote-ce: displays the state and configuration of the remote ce of a specified vpn instance. Down: displays the in...
Page 772
770 c hapter 41: mpls vll c onfiguration c ommands view bgp view parameter none description use the l2vpn-family command to create l2vpn address family view. Use the undo l2vpn-family command to remove l2vpn address family view. Example # create l2vpn address family view. [sw8800] bgp 100 [3com-bgp]...
Page 773
Kompella mpls l2vpn configuration commands 771 view system view parameter vpn-name: name of the vpn, which must be unique in the pe. This argument is 1 to 20 characters in length. Encapsulation: user access encapsulation type. Two types are supported currently: ethernet access and vlan access. Descr...
Page 775: Vpls C
42 vpls c onfiguration c ommands n the vpls commands require the 3c17548 vpls application module. Vpls configuration commands bandwidth syntax bandwidth bw-limit view vsi view parameter bw-limit: limit on virtual switching instance (vsi) rate, which is in kbit/s. The system automatically takes the s...
Page 776
774 c hapter 42: vpls c onfiguration c ommands description use the broadcast-restrain command to configure the percentage of vsi broadcast suppression. In the vsi, the part of broadcast traffic (including broadcast, multicast, unknown unicast) beyond the suppression percentage is discarded. Example ...
Page 777
Vpls configuration commands 775 you can also customize the mapping relationship between user priority and psn cos and directly specify the cos for user data transmitted over psn for each of the user priorities 0 to 7 by configuring p-p-p-p-p-p-p-p. Example # set the cos of vsi 3com to 8. System-view...
Page 778
776 c hapter 42: vpls c onfiguration c ommands event: enables debugging for event notification among modules. Loadshare: enables debugging for load sharing. Description use the debugging mpls l2vpn command to enable individual kinds of l2vpn debugging. Use the undo debugging mpls l2vpn command to di...
Page 779
Vpls configuration commands 777 example # display the mac forwarding entries of vsi 3com. Display mac-address vsi 3com mac addr state vpn id peer aging time 0004-0000-005b dynamic 150 vlan-interface10 aging --- 1 mac address(es) found --- display vpls connection syntax display vpls connection [ vsi ...
Page 780
778 c hapter 42: vpls c onfiguration c ommands display vsi syntax display vsi vsi-name view any view parameter vsi-name: vsi name. Description use the display vsi command to display the information of one specific or all vsis. Related command: vsi. Example # display the configuration of vsi 3com. Di...
Page 783
Vpls configuration commands 781 [3com-gigabitethernet3/1/4] interface vlan-interface 100 [3com-vlan-interface100] undo ip address [3com-vlan-interface100] l2 binding vsi 3com c caution: ■ if you have enabled gvrp, stp or 802.1x protocol for a port, you are prohibited from enabling vlan vpn feature f...
Page 784
782 c hapter 42: vpls c onfiguration c ommands description use the mac-address command to configure a static mac address for a vsi. The address you configured can be either a mac address on a local vsi or a mac address on a remote peer. Use the undo mac-address command to disable the configuration. ...
Page 785
Vpls configuration commands 783 parameter mtu: value of the access maximum transmission unit (mtu) of a vsi, in the range of 128 bytes to 8,192 bytes. By default, mtu is 1,500 bytes. Description use the mtu command to specify the mtu value for user access packets of this vsi. This mtu value is also ...
Page 786
784 c hapter 42: vpls c onfiguration c ommands description use the peer command to create a vpls peer pe contained in an instance. When you create a vpls peer pe, you must specify an ip address and peer type for the peer pe. Use the undo peer command to remove the specified vpls peer pe. Note that, ...
Page 787
Vpls configuration commands 785 description use the rule permit mpls l2label-range command to add a rule for the link acl. The mpls label range id corresponding to the rule is range-id. In this case, the corresponding label range is 128k + range-id Ðó 16k ~ 128k + (range-id + 1) Ðó 16k - 1. If no ra...
Page 788
786 c hapter 42: vpls c onfiguration c ommands description use the pwsignal command to specify a pw signaling protocol for a vsi and enter vsi-ldp view. Specifying ldp as the pw signaling protocol for the vsi takes you to the vsi-ldp view. By default, the vsi uses ldp as the pw signaling protocol. E...
Page 789
Vpls configuration commands 787 parameter none description use the shutdown command to shut down the service of the vsi. When the service of the vsi is shut down, the system does not process any traffic for this vsi. Use the undo shutdown command to restore the service for the vsi. Example # shut do...
Page 790
788 c hapter 42: vpls c onfiguration c ommands view system view parameter vsi: creates a vsi or enter the vsi view. Vsi-name: vsi name, a locally unique string of 1 to 20 alphanumeric characters. Static: indicates that the peer discovery mechanism is static manual configuration. When you create a vs...
Page 792
790 c hapter 43: vrrp c onfiguration c ommands description use the display vrrp command to view the information about the vrrp state. If the interface name and virtual router id are not specified, the state information about all the virtual routers on the switch will be displayed. If only the interf...
Page 793
Vrrp configuration commands 791 parameter none description use the display vrrp ifm command to display the configuration information of the vrrp-enabled ifm device. Example # display the configuration information of the vrrp-enabled ifm device. Display vrrp ifm interface : vlan-interface1000 vrid : ...
Page 794
792 c hapter 43: vrrp c onfiguration c ommands become master : 0 priority zero pkts rcvd : 0 advertise rcvd : 0 priority zero pkts sent : 0 advertise sent : 0 invalid type pkts rcvd : 0 display vrrp summary syntax display vrrp summary view any view parameter none description use the display vrrp sum...
Page 795
Vrrp configuration commands 793 reset vrrp statistics syntax reset vrrp statistics [ vlan-interface interface-number [ virtual-router-id ] ] view user view parameter statistics: vrrp statistics. Vlan-interface interface-number: interface name. Virtual-router-id: vrrp virtual router id, ranging from ...
Page 796
794 c hapter 43: vrrp c onfiguration c ommands if the simple or md5 authentication is configured, it is required to set the authentication key. This command is used to configure the authentication type and key for all the vrrp virtual routers on an interface. As defined in the protocol, all the virt...
Page 797
Vrrp configuration commands 795 view system view parameter real-mac: uses the real mac address of the interface to match the virtual ip address of the virtual router in vrrp backup. Virtual-mac: uses the virtual mac address of the interface to match the virtual ip address of the virtual router in vr...
Page 798
796 c hapter 43: vrrp c onfiguration c ommands use the undo vrrp ping-enable command to disable the function. By default, the ping function is enabled. You can only use the commands before configuring any virtual router. If a virtual router is already established on the switch, it is not allowed to ...
Page 799
Vrrp configuration commands 797 description use the vrrp vrid preempt-mode command to configure the preemption and delay of the virtual router. Use the undo vrrp vrid preempt-mode command to cancel the preemption. By default, virtual router is in preempt mode and delay-value is 0 second. If a higher...
Page 800
798 c hapter 43: vrrp c onfiguration c ommands vrrp vrid timer syntax vrrp vrid virtual-router-id timer advertise adver-interval undo vrrp vrid virtual-router-id timer advertise view vlan interface view parameter virtual-router-id: vrrp virtual router id, ranging from 1 to 255. Adver-interval: vrrp ...
Page 801
Vrrp configuration commands 799 description use the vrrp vrid track command to configure the switch to track the interface. Use the undo vrrp vrid track command to stop tracking the interface. Vrrp interface track expends the backup function, which thereby can be implemented not only when the switch...
Page 802
800 c hapter 43: vrrp c onfiguration c ommands # add a virtual ip address to an existing virtual router. [3com-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11 # delete a virtual ip address. [3com-vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10 # delete a virtual router. [3com-vlan-inter...
Page 804
802 c hapter 44: ha c onfiguration c ommands _ha_c onfiguration description use the display switchover state command to view the switchover state of master or slave fabric. This command is used to display the switchover state of the master or slave fabric according to the specified slot number. If s...
Page 805
Ha configuration commands 803 description use the slave auto-update config command to enable automatic synchronization between the master and slave systems. Use the undo slave auto-update config command to disable automatic synchronization between the master and slave systems. By default, automatic ...
Page 806
804 c hapter 44: ha c onfiguration c ommands _ha_c onfiguration using a command if he expects the slave fabric to operate in place of the master fabric. After the switchover, the slave fabric will control the system and the original master fabric will be forced to reset. Example # enable master-slav...
Page 807
Ha configuration commands 805 example # configure the system xbar load mode. [sw8800] xbar load-balance.
Page 808
806 c hapter 44: ha c onfiguration c ommands _ha_c onfiguration.
Page 809: Arp C
45 arp c onfiguration c ommands arp configuration commands arp non-flooding syntax arp non-flooding enable undo arp non-flooding enable view ethernet port view parameter none description use the arp non-flooding enable command to enable the feature that the arp packets of a port are not broadcast in...
Page 810
808 c hapter 45: arp c onfiguration c ommands view vlan view parameter none description use the arp proxy enable command to enable arp proxy function. Use the undo arp proxy enable command to disable arp proxy function. By default, arp proxy function is disabled. You can configure these commands for...
Page 811
Arp configuration commands 809 description use the arp static command to configure the static arp mapping entries in an arp mapping table. Use the undo arp static command to delete a static arp mapping entry from the arp table. By default, the mapping table of the system arp is empty and the switch ...
Page 812
810 c hapter 45: arp c onfiguration c ommands arp static multi-port syntax arp static ip-address mac-address vlan-id multi-port interface-type interface-number [ vpn-instance vpn-instance-name ] ] undo arp ip-address multi-port interface-type interface-number [ vpn-instance vpn-instance-name ] view ...
Page 813
Arp configuration commands 811 you can add multiple ports one by one by setting the multicast static arp entry. To view the configuration, use the display arp multi-port command. Related commands: reset arp, display arp, debugging arp, arp static. Example # in an arp entry, the ip address is 10.10.1...
Page 814
812 c hapter 45: arp c onfiguration c ommands packet: arp packet debugging. Description use the debugging arp command to enable arp debugging. Use the undo debugging arp command to disable the corresponding arp debugging. By default, no arp debugging is enabled. Related command: arp static, display ...
Page 815
Arp configuration commands 813 smac-address: source mac address of all the permitted arp packets, expressed in dotted decimal format. It can be combined with other restrictive conditions at discretion. If it is set to all zeros, arp packets of all source mac addresses are permitted by default. Dmac-...
Page 817
Arp configuration commands 815 vlan id :20 arp port-list : ethernet6/1/2 ethernet6/1/3 ethernet6/1/4 *ethernet6/1/5 ethernet6/1/6 ethernet6/1/7 ethernet6/1/8 ethernet6/1/9 ethernet6/1/1 vpn-name :public-arp when a "*" precedes a port, the port is in the up state; otherwise, the port is in the down s...
Page 818
816 c hapter 45: arp c onfiguration c ommands display arp timer aging current arp aging time is 10 minute(s) you can see that the arp aging time is 10 minutes. Display debugging arp syntax display debugging arp view any view parameter none description use the display debugging arp command to display...
Page 819
Arp configuration commands 817 by default, the gratuitous arp packet learning function is enabled. By sending gratuitous arp packets, a network device can: ■ determine whether or not ip address conflicts exist between it and other network devices. ■ trigger other network devices to update its hardwa...
Page 820
818 c hapter 45: arp c onfiguration c ommands.
Page 821: Arp T
46 arp t able s ize c onfiguration c ommands arp table size configuration commands arp max-entry syntax arp max-entry slot-num max-num undo arp max-entry slot-num view system view parameter slot-num: slot number of the card. Max-num: maximum number of arp entries that can be supported by the specifi...
Page 822
820 c hapter 46: arp t able s ize c onfiguration c ommands undo arp max-aggregation-entry view system view parameter max-aggnum: maximum number of arp entries for aggregation port (that is, aggregation arp entries) supported by each card. This argument counts in k (1k = 1024). Description use the ar...
Page 823
Arp table size configuration commands 821 use the undo arp enable size command to restore the default maximum number of arp entries supported by the whole switch. By default, the whole switch supports up to 4k arp entries, each card supports up to 4k arp entries, and each card supports up to 1k aggr...
Page 824
822 c hapter 46: arp t able s ize c onfiguration c ommands ............. Max arp entry config of slot 13: 8192.
Page 825: Dhcp C
47 dhcp c onfiguration c ommands general dhcp configuration commands dhcp enable syntax dhcp enable undo dhcp enable view system view parameter none description use the dhcp enable command to enable dhcp service. Use the undo dhcp enable command to disable the dhcp service. For both dhcp server and ...
Page 827
Dhcp server configuration commands 825 view system view parameter none description use the dhcp server detect command to enable fake dhcp server detection. Use the undo dhcp server detect command to disable fake dhcp server detection. Fake dhcp server detection is disabled by default. Example # enab...
Page 828
826 c hapter 47: dhcp c onfiguration c ommands each type of debugging concerning dhcp servers is disabled by default. Example # enable debugging for dhcp server events. Debugging dhcp server event display dhcp server forbidden-ip syntax display dhcp server forbidden-ip view any view parameter none d...
Page 829
Dhcp server configuration commands 827 interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: specifies one vlan interface, or a range of vlan interfaces. All: specifies all vlan interfaces or all configured ip addresses. Description use the dhcp server dns-list command to configure one or ...
Page 830
828 c hapter 47: dhcp c onfiguration c ommands interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: specifies one vlan interface, or a range of vlan interfaces. All: specifies all vlan interfaces. Description use the dhcp server domain-name command to configure a dhcp client domain name f...
Page 831
Dhcp server configuration commands 829 interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: specifies one vlan interface, or a range of vlan interfaces. All: specifies all vlan interfaces. Description use the dhcp server expired command to set the ip address lease time for the dhcp addres...
Page 832
830 c hapter 47: dhcp c onfiguration c ommands related command: dhcp server ip-pool, network, static-bind ip-address, and dhcp server static-bind. Example # forbid the ip addresses from 10.110.1.1 to 10.110.1.63 to be automatically assigned. System-view system view: return to user view with ctrl+z. ...
Page 836
834 c hapter 47: dhcp c onfiguration c ommands view system view parameter packets number: sets the maximum times to send ping packets. The number argument ranges from 0 to 10 and defaults to 2. Value of 0 specifies not to send any ping packet. Timeout milliseconds: sets the maximum time to wait for ...
Page 837
Dhcp server configuration commands 835 parameter ip-address: ip address to be bound statically. Note that the ip address must be a valid ip address in the address pool of the current vlan interface. Mac-address: mac address for the ip address to be bound to. Description use the dhcp server static-bi...
Page 839
Dhcp server configuration commands 837 display dhcp server free-ip syntax display dhcp server free-ip view any view parameter none description use the display dhcp server free-ip command to display the ranges of available (unassigned) ip addresses in dhcp address pools. Example # display the ranges ...
Page 840
838 c hapter 47: dhcp c onfiguration c ommands 2.2.2.2 44444-4444-4444 not used manual interface pool: ip address hardware address lease expiration type 5.5.5.1 0050-ba28-930a jun 5 2003 10:56: 7 am auto:commited display dhcp server statistics syntax display dhcp server statistics view any view para...
Page 842
840 c hapter 47: dhcp c onfiguration c ommands example # display information about dhcp address pool hierarchy. Display dhcp server tree all global pool: pool name: 5 network 10.10.1.0 mask 255.255.255.0 child node:6 sibling node:7 option 1 ip-address 255.0.0.0 expired 1 0 0 option 58 hex 00 00 a8 c...
Page 844
842 c hapter 47: dhcp c onfiguration c ommands related command: dhcp server dns-list, dhcp server ip-pool. Example # configure a dns server with an ip address of 1.1.1.254 for the global dhcp address pool 0. System-view system view: return to user view with ctrl+z. [sw8800] dhcp server ip-pool 0 [3c...
Page 845
Dhcp server configuration commands 843 hour hour: specifies the number of hours. The hour argument ranges from 0 to 23. Minute minute: specifies the number of minutes. The minute argument ranges from 0 to 59. Unlimited: specifies an unlimited lease time. Description use the expired command to set th...
Page 846
844 c hapter 47: dhcp c onfiguration c ommands example # configure an outbound gateway with an ip address of 10.110.1.99 for dhcp clients of global dhcp address pool 0. System-view system view: return to user view with ctrl+z. [sw8800] dhcp server ip-pool 0 [3com-dhcp-0] gateway-list 10.110.1.99 nbn...
Page 847
Dhcp server configuration commands 845 view dhcp address pool view parameter b-node: specifies the netbios node type of dhcp clients to be b-node (b stands for broadcast). Nodes of this type establish their host name-to-ip address mappings by broadcasting. P-node: specifies the netbios node type of ...
Page 848
846 c hapter 47: dhcp c onfiguration c ommands mask-length: length of the network mask of an ip address pool. It is an integer in the range of 0 to 32. Description use the network command to configure an address range for dynamic ip address assignment. Use the undo network command to remove the addr...
Page 849
Dhcp server configuration commands 847 use the undo option command to remove a custom dhcp option configured for the global dhcp address pool. If you execute the option command multiple times, the new configurations overwrite the corresponding old ones related command: dhcp server ip-pool, dhcp serv...
Page 850
848 c hapter 47: dhcp c onfiguration c ommands pool-name: specifies a global dhcp address pool. If you do not provide this argument, then all global dhcp address pools are included. Vlan-id: specifies a vlan interface dhcp address pool. If you do not provide this argument, then all vlan interface dh...
Page 851
Dhcp server configuration commands 849 mask netmask: specifies the subnet mask of the ip address to be bound. If you do not provide the argument, the default subnet mask is used. Description use the static-bind ip-address command to specify the ip address to be statically bound. Use the undo static-...
Page 852
850 c hapter 47: dhcp c onfiguration c ommands related command: dhcp server ip-pool and static-bind ip-address. Example # bind the pc with a mac address of 0000-e03f-0305 to 10.1.1.1, whose subnet mask is 255.255.255.0. System-view system view: return to user view with ctrl+z. [sw8800] dhcp server i...
Page 853
Dhcp relay configuration commands 851 from server to client: interface: vlan-interface 1 servergroupno: 0 type: dhcp-ack clienthardaddress: 0010-dc19-695d your ip address: 10.1.1.1 *0.7200580-dhcp-8-largehop: discard dhcp request packet because of too large hop count! *0.7200725-dhcp-8-invalidpkt: w...
Page 856
854 c hapter 47: dhcp c onfiguration c ommands example # display information about all user address entries that the dhcp server maintains. Display dhcprelay-security ip address mac address ip address type 2.2.2.2 0005-5d02-f2b2 static 3.3.3.3 0005-5d02-f2b3 dynamic --- 2 dhcp-security item(s) found...
Page 857
Dhcp option 82 configuration commands 855 [sw8800]interface vlan1 [3com-vlan-interface1] ip relay address 10.9.0.3 dhcp option 82 configuration commands dhcp relay information enable syntax to enable the option 82 function on a vlan interface in its vlan interface view: dhcp relay information enable...
Page 859
Dhcp option 82 configuration commands 857 replace: indicates that the dhcp relay replaces option 82 carried by the packets with its own option 82. Description use the dhcp relay information strategy command to configure the strategy for the dhcp relay to process the packets carrying option 82. Use t...
Page 860
858 c hapter 47: dhcp c onfiguration c ommands example # set the system name as the node identifier when the mode of the relay option 82 on vlan interface 1 is 3com fixed network mode. System-view system view: return to user view with ctrl+z [sw8800]interface vlan1 [3com-vlan-interface1] dhcp relay ...
Page 861
Dhcp option 82 configuration commands 859 system-view system view: return to user view with ctrl+z [sw8800] dhcp server relay information enable # disable the dhcp server from returning option 82 carried in the request packets to the dhcp relay. [sw8800] undo dhcp server relay information enable.
Page 862
860 c hapter 47: dhcp c onfiguration c ommands.
Page 863: Dns C
48 dns c onfiguration c ommands static dns configuration commands ip host syntax ip host hostname ip-address undo ip host hostname [ ip-address ] view system view parameter hostname: name of the host. It is a character string that consists of 1 to 20 characters, including letters, numbers, "_" or ",...
Page 864
862 c hapter 48: dns c onfiguration c ommands display ip host syntax display ip host view any view parameter none description use the display ip host command to view all the host names and the corresponding ip addresses. Example # display all host names and the corresponding ip addresses of the host...
Page 865
Dynamic dns configuration commands 863 example # enable dns debugging make dns packet for name adcd.Com succeed the information above indicates that the query packet for the domain name "abcd.Com" is generated. Send the packet to 172.16.1.1 dns server for 1 time the information above indicates that ...
Page 866
864 c hapter 48: dns c onfiguration c ommands view any view parameter none description use the display dns dynamic-host command to view the dynamic domain name buffer. Example # view the dynamic domain name buffer. No domain-name ipaddress rr-ttl(s) alias 0 www.Baidu.Com 202.108.249.134 63000 1 www....
Page 867
Dynamic dns configuration commands 865 dns domain syntax dns domain domain-name undo dns domain [ domain-name ] view system view parameter domain-name: domain name suffix. Description use the dns domain command to add the domain name suffix. Use the undo dns domain command to delete the domain name ...
Page 868
866 c hapter 48: dns c onfiguration c ommands use the undo dns resolve command to disable the dynamic domain name resolution function. By default, the dynamic domain name resolution function is disabled. Example # enable dynamic domain name resolution. System view: return to user view with ctrl+z. [...
Page 869
Dynamic dns configuration commands 867 description use the reset dns dynamic-host command to clear the dynamic domain name buffer. Related command: display dns dynamic-host. Example # clear the dynamic domain name buffer..
Page 870
868 c hapter 48: dns c onfiguration c ommands.
Page 871: Etstream
49 n etstream c onfiguration c ommands netstream configuration commands display ip netstream cache syntax display ip netstream cache slot slot-no view any view parameter slot-no: number of the slot where the nmm application module resides. Description use the display netstream cache command to query...
Page 872
870 c hapter 49: n etstream c onfiguration c ommands display ip netstream export syntax display ip netstream export slot slot-no view any view parameter slot-no: number of the slot where the nmm application module resides. Description use the display ip netstream export command to query various info...
Page 873
Netstream configuration commands 871 enable syntax enable undo enable view netstream aggregation view parameter none description use the enable command to enable the aggregation mode corresponding to the current aggregation view. Use the undo enable command to disable this aggregation mode. Aggregat...
Page 874
872 c hapter 49: n etstream c onfiguration c ommands description use the ip netstream enable command to enable the netstream statistics function. Use the undo ip netstream enable command to disable the netstream statistics function. The netstream statistics function is disabled by default example # ...
Page 875
Netstream configuration commands 873 tos-destination-prefix: tos-destination-prefix aggregation which classifies the stream according to the netstream’s destination as number, destination mask length, destination prefix and outbound interface index keywords. Tos-prefix: tos-prefix aggregation which ...
Page 876
874 c hapter 49: n etstream c onfiguration c ommands use the undo ip netstream export host command to disable the configured destination host ip address of the netstream statistics export packet. If the destination host ip address is not configured currently, the default setting is adopted. By defau...
Page 878
876 c hapter 49: n etstream c onfiguration c ommands description use the ip netstream timeout active command to configure the active aging time of the streams on all the nmm modules in the system. Use the undo ip netstream timeout active command to restore the default value of the active aging time ...
Page 879
Netstream configuration commands 877 reset ip netstream statistics syntax reset ip netstream statistics slot slot-no view user view parameter slot-no: number of the slot where the nmm application module resides. Description use the reset ip netstream statistics command to clear the netstream statist...
Page 880
878 c hapter 49: n etstream c onfiguration c ommands view system view parameter minutes: aging time of the template in minutes. Description use the ip stream template timeout command to set the aging time of the template. Use the undo ip stream template timeout command to restore the aging time of t...
Page 881: E C
50 p o e c onfiguration c ommands poe configuration commands display poe interface syntax display poe interface [ interface-type interface-num ] view any view parameter interface-type interface-num: port type and port number; refer to command manual - port for details. Description use the display po...
Page 882
880 c hapter 50: p o e c onfiguration c ommands n ■ the sampling cycle of the power, current and voltage of ports is 1 second; ■ the sampling cycle of the peak power and average power of ports is 5 minutes display poe interface power syntax display poe interface power [ interface-type interface-num ...
Page 883
Poe configuration commands 881 the display poe interface power command without any argument, the poe power information about all poe-capable ports on the switch will be displayed. Example # display the power information of the port gigabitethernet3/1/1. Display poe interface power gigabitethernet3/1...
Page 884
882 c hapter 50: p o e c onfiguration c ommands view any view parameter slotnum: slot number of a poe card description use the display poe slot slotnum command to display the information of a poe card in the switch. Example # display the information of the poe card in slot 8 of the switch. [sw8800] ...
Page 885
Poe configuration commands 883 undo poe enable slot slot-num view system view parameter slot-num: number of the slot where the module resides. Description use the poe enable slot command to enable poe on a module. Use the undo poe enable slot command to disable poe on a module. By default, poe is di...
Page 886
884 c hapter 50: p o e c onfiguration c ommands example # enable the module in slot 2 to detect the compatibility of the pd connected to it. [sw8800] poe legacy enable slot 2 # disable the detection of the compatibility of the pd connected to the module in slot 2. [sw8800] undo poe legacy enable slo...
Page 887
Poe configuration commands 885 parameter max-power: maximum power distributed to the card, ranging from 37 w to 806 w. Slot-num: slot number of a card. Description use the poe max-power command to set the maximum power on a card. Use the undo poe max-power command to restore the default maximum powe...
Page 889
Poe configuration commands 887 poe power max-value syntax poe power max-value max-value undo poe power max-value view system view parameter max-value: configures the maximum power of the switch, in watts. Description use the poe power max-value command to configure the maximum poe power of switch. B...
Page 890
888 c hapter 50: p o e c onfiguration c ommands example # set the poe priority of current port to critical. [3com-gigabitethernet3/1/1] poe priority critical # restore the default priority. [3com-gigabitethernet3/1/1] undo poe priority.
Page 891: E Psu S
51 p o e psu s upervision c ommands poe psu supervision display commands display poe-power ac-input state syntax display poe-power ac-input state view any view parameter none description use the display poe-power ac-input state command to display the ac input state of each power supply unit (psu). E...
Page 892
890 c hapter 51: p o e psu s upervision c ommands parameter none description use the display poe-power alarm command to display detailed alarm information about the poe psus. Example # display detailed alarm information about the poe psus. Display poe-power alarm psu alarm detail, psu number : 2 psu...
Page 893
Poe psu supervision display commands 891 display poe-power dc-output value syntax display poe-power dc-output value view any view parameter none description use the display poe-power dc-output value command to display the dc output voltage/current value of the poe psus. Example # display the dc outp...
Page 894
892 c hapter 51: p o e psu s upervision c ommands view any view parameter none description use the display supervision-module information command to display the name of the supervision module, power supply model, specifications and output power, and other information. Example # display current infor...
Page 895
Poe psu supervision configuration commands 893 poe psu supervision configuration commands poe-power input-thresh lower syntax poe-power input-thresh lower string view system view parameter string: undervoltage alarm threshold. It ranges from 90.00 v to 264.00 v in the format of x.X and within the ac...
Page 896
894 c hapter 51: p o e psu s upervision c ommands poe-power output-thresh lower syntax poe-power output-thresh lower string view system view parameter string: undervoltage alarm threshold. It ranges from 45.00 v to 47.00 v in the format of x.X. Description use the poe-power output-thresh lower comma...
Page 898
896 c hapter 52: udp h elper c onfiguration c ommands description use the display udp-helper server command to display the information of the destination server corresponding to the vlan interface. Use the display udp-helper port command to display the configuration of the global udp ports. Example ...
Page 900
898 c hapter 52: udp h elper c onfiguration c ommands parameter ip-address: ip address of the destination server, in dotted decimal notation. This argument can be the address of a host or the broadcast address of a subnet. Up to 20 destination servers can be configured on a vlan virtual interface. D...
Page 901: Snmp C
53 snmp c onfiguration c ommands snmp configuration commands display snmp-agent syntax display snmp-agent local-engineid view any view parameter local-engineid: local engine id. Remote-engineid: remote engine id. Description use the display snmp-agent command to view engine id of current device. Snm...
Page 902
900 c hapter 53: snmp c onfiguration c ommands description use the display snmp-agent community command to view the currently configured community names. Example # display the currently configured community names. Display snmp-agent community community name:public group name:public storage-type: non...
Page 904
902 c hapter 53: snmp c onfiguration c ommands c caution: if the snmp agent is disabled, "snmp agent disabled" will be displayed after you execute the above display commands. Display snmp-agent statistics syntax display snmp-agent statistics view any view parameter none description use the display s...
Page 906
904 c hapter 53: snmp c onfiguration c ommands description use the display snmp-agent sys-info command to view the character string syscontact (system contact), character string describing the system location and the version information about the running smnmp in the system. Example # display the ch...
Page 907
Snmp configuration commands 905 example # display the information of all the current users. Display snmp-agent usm-user user name: notifyv3 group name: notifygroup authencation mode: sha privacy mode: des engine id: 800007db00e0fc2085026877 active user name: publicv3 group name: groupv3 authencation...
Page 908
906 c hapter 53: snmp c onfiguration c ommands example # enable current port ethernet6/1/1 to transmit the link up and link down trap information with the community name public system-view system view: return to user view with ctrl+z. [3com-ethernet6/1/1] snmp trap updown enable [sw8800] snmp-agent ...
Page 910
908 c hapter 53: snmp c onfiguration c ommands example # create an snmp group named test. System-view system view: return to user view with ctrl+z. [sw8800] snmp-agent group v3 test. Snmp-agent local-engineid syntax snmp-agent local-engineid engineid undo snmp-agent local-engineid view system view p...
Page 911
Snmp configuration commands 909 view-name: specifies the view name, with a character string, ranging from 1 to 32 characters. Oid-tree: mib object subtree. It can be a character string of the variable oid, or a variable name, ranging from 1 to 255 characters. By default, oid is 1.3.6.1. Description ...
Page 913
Snmp configuration commands 911 system-view system view: return to user view with ctrl+z. [sw8800] snmp-agent sys-info contact dial system operator at beeper # 27345 snmp-agent target-host syntax snmp-agent target-host trap address udp-domain host-addr [ udp-port udp-port-number ] params securitynam...
Page 914
912 c hapter 53: snmp c onfiguration c ommands example # enable sending trap message to 10.1.1.1 with community name public. System-view system view: return to user view with ctrl+z. [sw8800] snmp-agent trap enable [sw8800] snmp-agent target-host trap address udp-domain 10.1.1.1 par ams securityname...
Page 915
Snmp configuration commands 913 description use the snmp-agent trap enable command to enable the sending of trap messages. Use the undo snmp-agent trap enable command to disable the sending of trap messages. By default, trap message sending is disabled. The snmp-agent trap enable command and snmp-ag...
Page 916
914 c hapter 53: snmp c onfiguration c ommands snmp-agent trap queue-size syntax snmp-agent trap queue-size length undo snmp-agent trap queue-size view system view parameter length: length of queue, ranging from 1 to 1,000. By default, the length is 100. Description use the snmp-agent trap queue-siz...
Page 918
916 c hapter 53: snmp c onfiguration c ommands description use the snmp-agent usm-user command to add a new user to an snmp group. Use the undo snmp-agent usm-user command to cancel a user from snmp group. Snmp engineid (for authentication) is required when configuring remote user for an agent. This...
Page 919: Rmon C
54 rmon c onfiguration c ommands rmon configuration commands display rmon alarm syntax display rmon alarm [ alarm-table-entry ] view any view parameter alarm-table-entry: alarm table entry index. Description use the display rmon alarm command to view rmon alarm information. Related command: rmon ala...
Page 920
918 c hapter 54: rmon c onfiguration c ommands display rmon event syntax display rmon event [ event-table-entry ] view any view parameter event-table-entry: entry index of event table. Description use the display rmon event command to view rmon events. The display includes event index in event table...
Page 921
Rmon configuration commands 919 description use the display rmon eventlog command to view rmon event log. The display includes event index in the event table, the status of the event, the time at which the event log is generated (this time starts from the system initialization or booting and counted...
Page 922
920 c hapter 54: rmon c onfiguration c ommands packets :0 , broadcast packets :0 multicast packets :0 , crc alignment errors :0 undersize packets :0 , oversize packets :0 fragments :0 , jabbers :0 collisions :0 , utilization :0 display rmon prialarm syntax display rmon prialarm [ prialarm-table-entr...
Page 923
Rmon configuration commands 921 .201326601)*8*100/.1.3.6.1.2.1.2.2.1.5.201326601 description : ifutilization.Ethernet5/1/1 sampling interval : 10(sec) rising threshold : 50(linked with event 1) falling threshold : 5(linked with event 1) when startup enables : risingorfallingalarm this entry will exi...
Page 924
922 c hapter 54: rmon c onfiguration c ommands display rmon statistics ethernet 2/1/1 statistics entry 1 owned by aaa is valid. Interface : ethernet2/1/1 etherstatsoctets : 756 , etherstatspkts : 9 etherstatsbroadcastpkts : 9 , etherstatsmulticastpkts : 0 etherstatsundersizepkts : 0 , etherstatsover...
Page 925
Rmon configuration commands 923 use the undo rmon alarm command to cancel an entry from this table. In this way, the alarm event can be triggered in the abnormal situations and then decides to log and send trap to the nm station. N before adding an alarm entry, you need first to define the event to ...
Page 926
924 c hapter 54: rmon c onfiguration c ommands view system view parameter event-entry: number of the entry to be added/deleted, ranging from 1 to 65535. Description string: event description. Length of the character string ranges from 1 to 127. Log-trap log-trapcommunity: defines the event as log an...
Page 927
Rmon configuration commands 925 parameter entry-number: number of the entry to be added/deleted, ranging from 1 to 65,535. Buckets number: capacity of the history table corresponding to the control line. Interval sampling-interval: sampling interval, ranging from 5 to 3600 (measured in seconds). Own...
Page 929
Rmon configuration commands 927 example # add an extended alarm entry in the fifth line of the extended alarm table. Perform operation on the corresponding variant by means of the formular ((.1.3.6.1.4.1.43.45.1.6.1.2.1.1.2.1-.1.3.6.1.4.1.43.45.1.6.1.2.1.1.3.1)*100/.1.3. 6.1.4.1.43.45.1.6.1.2.1.1.2....
Page 930
928 c hapter 54: rmon c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800]interface ethernet 2/1/1 [3com-ethernet2/1/1] rmon statistic 20
Page 932
930 c hapter 55: ntp c onfiguration c ommands use the undo debugging ntp-service command to disable corresponding debugging function. By default, no debugging function is enabled. Example # enable ntp access control debugging. Debugging ntp-service access display ntp-service sessions syntax display ...
Page 933
Ntp configuration commands 931 example # display the ntp service status. Display ntp-service status clock status: synchronized clock stratum: 8 reference clock id: 127.127.1.0 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ...
Page 934
932 c hapter 55: ntp c onfiguration c ommands with this command, the system synchronizes the ntp server link from the local device along time till the reference clock source, and displays brief information about every ntp server. Example # display brief information about every ntp server on the way ...
Page 935
Ntp configuration commands 933 # give the authority of time request and query control of the local equipment to the peer in acl 2000. [sw8800] ntp-service access synchronization 2000 ntp-service authentication enable syntax ntp-service authentication enable undo ntp-service authentication enable vie...
Page 936
934 c hapter 55: ntp c onfiguration c ommands by default, there is no authentication key. Only md5 authentication is supported for the ntp authentication key settings. Example # set md5 authentication key 10 as 3com. System-view system view: return to user view with ctrl+z. [sw8800] ntp-service auth...
Page 937
Ntp configuration commands 935 view vlan interface view parameter authentication-keyid: specifies the authentication key. Keyid: key id used in broadcast, ranging from 0 to 4294967295. Version: defines ntp version number. Number: ntp version number, ranging from 1 to 3. Description use the ntp-servi...
Page 938
936 c hapter 55: ntp c onfiguration c ommands by default, a local device allows up to 100 sessions. Example # set the local equipment to allow up to 50 sessions. System-view system view: return to user view with ctrl+z. [sw8800] ntp-service max-dynamic-sessions 50 ntp-service multicast-client syntax...
Page 939
Ntp configuration commands 937 view vlan interface view parameter ip-address: multicast ip address of class d. It defaults to 224.0.1.1. Actually, for the switch 8800 family series, you can set 224.0.1.1 as the multicast ip address only. Authentication-keyid: specifies authentication key. Keyid: key...
Page 940
938 c hapter 55: ntp c onfiguration c ommands parameter ip-address: specifies the reference clock ip address as 127.127.U, where u ranges from 0 to 3. Stratum: specifies which stratum the local clock is located at and range from 1 to 15. Description use the ntp-service refclock-master command to con...
Page 941
Ntp configuration commands 939 example # enable ntp authentication, adopt md5 encryption, and designate key 37 betterkey and configure it as reliable. System-view system view: return to user view with ctrl+z. [sw8800] ntp-service authentication enable [sw8800] ntp-service authentication-keyid 37 aut...
Page 942
940 c hapter 55: ntp c onfiguration c ommands view system view parameter ip-address: ip address of a remote server. Version: defines ntp version number. Number: ntp version number, ranging from 1 to 3. Authentication-keyid: defines authentication key. Keyid: key id used for transmitting messages to ...
Page 943
Ntp configuration commands 941 ntp-service unicast-server syntax ntp-service unicast-server ip-address [ version number ] [ authentication-keyid keyid ] [ source-interface interface-type interface-number ] [ priority ]* undo ntp-service unicast-server ip-address view system view parameter ip-address...
Page 944
942 c hapter 55: ntp c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] ntp-service unicast-server 128.108.22.44 version 3.
Page 946
944 c hapter 56: ssh t erminal s ervice c onfiguration c ommands *0.1426299 8505a ssh/8/msg_rcv_vty:ssh_version_receive message received on vty 0 *0.1426995 8505a ssh/8/ssh2 debug:debug info:now the server version is ssh2 *0.1427088 8505a ssh/8/ssh2 debug:debug info: the algorithm negotiation begins...
Page 947
Ssh server configuration commands 945 example # display the public key of the server’s host key pair and server key pair. Display rsa local-key-pair public % key pair was generated at: 12:26:33 utc 2002/4/4 key name: rtvrp_host usage: encryption key key data: 30470240 af7db1d0 da78944f 53b7b59b 40d4...
Page 948
946 c hapter 56: ssh t erminal s ervice c onfiguration c ommands ===================================== key code: 308188 028180 cfc6a68b 39f742a2 76e55b07 39d60b73 d7b4040d 515b2516 17ce9380 53829ff5 c0489bd9 559cc425 caf37e6f e6417337 693df5cd 02f12469 420bbd5c 38741295 d74b2336 a5f28fe8 00e0429f fc...
Page 949
Ssh server configuration commands 947 view any view parameter username: valid ssh username. Description use the display ssh user-information command to display information about the current ssh user, including username, peer key name, authentication mode and the types of authorized services. If you ...
Page 950
948 c hapter 56: ssh t erminal s ervice c onfiguration c ommands example # exit the public key view and save the configuration. System-view system view: return to user view with ctrl+z. [sw8800] rsa peer-public-key sw8800003 rsa public key view: return to system view with "peer-public-key end". [3co...
Page 951
Ssh server configuration commands 949 system-view system view: return to user view with ctrl+z. [sw8800] user-interface vty 0 [3com-ui-vty0] protocol inbound ssh public-key-code begin syntax public-key-code begin view public key view parameter none description use the public-key-code begin command t...
Page 952
950 c hapter 56: ssh t erminal s ervice c onfiguration c ommands description use the public-key-code end command to return from the public key edit view to the public key view and save the public key entered. After this command is performed to end the public key edit procedure, the system will check...
Page 953
Ssh server configuration commands 951 example # generate the local rsa key pair. System-view system view: return to user view with ctrl+z. [sw8800] rsa local-key-pair create the name for the keys will be: rtvrp_host % you already have rsa keys defined for rtvrp_host % do you really want to replace t...
Page 954
952 c hapter 56: ssh t erminal s ervice c onfiguration c ommands performing this command, you can enter the public key view. Then you can use the public-key-code begin command to configure the client public key on the server. The client public key is generated randomly by the ssh 2.0-enabled client ...
Page 955
Ssh server configuration commands 953 parameter none description use the ssh server compatible_ssh1x enable command to make the server compatible with the ssh 1.X client. Use the undo ssh server compatible_ssh1x command to make the server not compatible with an ssh 1.X client. By default, the server...
Page 956
954 c hapter 56: ssh t erminal s ervice c onfiguration c ommands view system view parameter seconds: login timeout (in seconds), in the range from 1 to 120. By default, the value is 60. Description use the ssh server timeout command to set the authentication timeout of ssh connections. Use the undo ...
Page 958
956 c hapter 56: ssh t erminal s ervice c onfiguration c ommands undo ssh authentication-type default view system view parameter password: configures the default user authentication mode as password authentication. Rsa: configures the default user authentication mode as rsa public key authentication...
Page 959
Ssh client configuration commands 957 example # display the corresponding relationship between the client’s servers and public keys. Display ssh server-info serverip public-key-name 192.168.0.1 3com_key01 192.168.0.2 3com_key02 quit syntax quit view user view parameter none description use the quit ...
Page 960
958 c hapter 56: ssh t erminal s ervice c onfiguration c ommands ssh client first-time enable syntax ssh client first-time enable undo client ssh first-time view system view parameter none description use the ssh client first-time enable command to set the ssh client to perform the first-time authen...
Page 961
Ssh client configuration commands 959 host-name: server name, a string with 1 to 30 characters. Port-num: server port number, ranges from 0 to 65535, and defaults to 22. Prefer_kex: preferred key exchange algorithm, which can be one of the two algorithms. Dh_group1: key exchange algorithm diffie-hel...
Page 962
960 c hapter 56: ssh t erminal s ervice c onfiguration c ommands the command is as follows: system-view system view: return to user view with ctrl+z. [sw8800] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_ctos_ cipher 3des prefer_ctos_hmac md5 sftp server configuration commands sftp server e...
Page 963
Sftp server configuration commands 961 sftp: configures the default service type as sftp. Stelnet: configures the default service type as stelnet. Sftp-directory directory: configures the default directory an sftp user logs in to. Description use the ssh service-type default command to configure the...
Page 964
962 c hapter 56: ssh t erminal s ervice c onfiguration c ommands system-view system view: return to user view with ctrl+z. [sw8800] ssh service-type default sftp sftp-directory cf: sftp client configuration commands bye syntax bye view sftp client view parameter none description use the bye command ...
Page 965
Sftp client configuration commands 963 cdup syntax cdup view sftp client view parameter none description use the cdup command to change the current path to its upper directory. Example # change the current path to its upper directory. Sftp-client> cdup delete syntax delete remote-file view sftp clie...
Page 966
964 c hapter 56: ssh t erminal s ervice c onfiguration c ommands this command has the same functionality as the ls command. Example # view directory flash:/ sftp-client> dir flash:/ -rwxrwxrwx 1 noone nogroup 1759 aug 23 06:52 vrpcfg.Cfg -rwxrwxrwx 1 noone nogroup 225 aug 24 08:01 pubkey2 -rwxrwxrwx...
Page 967
Sftp client configuration commands 965 example # download file temp1.C and save it with name temp.C. Sftp-client> get temp1.C temp.C help syntax help [ command ] view sftp client view parameter command: name of a command. Description use the help command to view the help information for sftp client ...
Page 968
966 c hapter 56: ssh t erminal s ervice c onfiguration c ommands drwxrwxrwx 1 noone nogroup 0 sep 28 08:18 new2 -rwxrwxrwx 1 noone nogroup 225 sep 28 08:30 pub2 mkdir syntax mkdir remote-path view sftp client view parameter remote-path: name of a directory on the remote sftp server. Description use ...
Page 969
Sftp client configuration commands 967 description use the pwd command to display the current directory on the sftp server. Example # display the current directory on the sftp server. Sftp-client> pwd flash: quit syntax quit view sftp client view parameter none description use the quit command to te...
Page 970
968 c hapter 56: ssh t erminal s ervice c onfiguration c ommands view sftp client view parameter oldname: original file name. Newname: new file name. Description use the rename command to change the name of the specified file on the sftp server. Example # change the name of the file temp1 on the sft...
Page 971
Sftp client configuration commands 969 dh_exchange_group: key exchange algorithm diffie-hellman-group-exchange-sha1. Prefer_ctos_cipher: preferred encryption algorithm from the client to the server. The default algorithm is aes128. Prefer_stoc_cipher: preferred encryption algorithm from the server t...
Page 972
970 c hapter 56: ssh t erminal s ervice c onfiguration c ommands.
Page 973: Ile
57 f ile s ystem m anagement c ommands file system n the limitation on the names of directories and files on switch are as follows: ■ it is recommended that the name of a directory or file should not contain more than 64 characters; otherwise you will not be able to delete such a directory or file, ...
Page 974
972 c hapter 57: f ile s ystem m anagement c ommands fileurl-dest: destination file name. Description use the copy command to copy a file. You can use this command to copy a file from current directory to another directory, or vise versa. Where, the source filename must be the name of a file that ha...
Page 975
File system 973 view user view parameter /all: display all the files (including the deleted ones). File-url: file or directory name to be displayed. The file-url parameter supports "*" matching. For example, using dir *.Txt will display all the files with the extension txt in the current directory. ...
Page 976
974 c hapter 57: f ile s ystem m anagement c ommands the batch command executes the command lines in the batch file one by one. There should be no invisible character in the batch file. If invisible characters are found, the batch command will quit the current execution without back off operation. T...
Page 977
File system 975 description use the fixdisk command to restore the space of a storage device. Some of the space of a storage device may be unavailable due to some reason (such as abnormal operations). In this case, you can use this command to restore the space. Currently, the switch does not support...
Page 978
976 c hapter 57: f ile s ystem m anagement c ommands the directory to be created cannot have the same name as that of other directory or file in the specified directory. Example # create the directory dd. Mkdir dd created dir flash:/dd more syntax more file-url view user view parameter file-url: fil...
Page 979
File system 977 when the destination filename is the same as that of an existing file, the system will ask whether to overwrite it. Example # move flash:/test/sample.Txt to flash:/sample.Txt. Move flash:/test/sample.Txt flash:/sample.Txt move flash:/test/sample.Txt to flash:/sample.Txt ?[y/n]:y %mov...
Page 980
978 c hapter 57: f ile s ystem m anagement c ommands if the destination file name is identical with that of an already existent directory or file, the rename operation fails and the system prompts that name has already been used or the file is being used. Example # rename the file sample.Txt to samp...
Page 981
File system 979 example # delete the directory 3com. Rmdir 3com rmdir 3com?[y/n]:y % removed directory 3com umount syntax umount device view user view parameter device: device name. Now, it can only be cf. Description use the umount command to unload the cf card from the file system. Example # unloa...
Page 982
980 c hapter 57: f ile s ystem m anagement c ommands.
Page 984
982 c hapter 58: d evice m anagement c ommands boot boot-loader primary slot1#flash:/s8500-vrp310-r1262.App slot 1 the specified file will be booted next time!. Boot bootrom syntax boot bootrom file-url slot slot-num-list view user view parameter file-url: path and name of bootrom file in the storag...
Page 985
983 display cpu syntax display cpu [slot slot-no ] view any view parameter slot slot-no: specifies the module number. Description use the display cpu command to display cpu occupancy. Example # display cpu occupancy on slot 0. Display cpu slot 0 slot 0 cpu busy status: 6% in last 5 seconds 7% in las...
Page 986
984 c hapter 58: d evice m anagement c ommands example # show device information. Display device slot no. Brd type brd status subslot num sft ver 0 3c17539 master 0 8500-0004 1 none absent absent none 2 none absent absent none 3 none absent absent none 4 none absent absent none 5 none absent absent ...
Page 987
985 display fan fan 1 state: normal display memory syntax display memory [ slot slot-no ] view any view parameter slot-no: specifies slot number description use the display memory command to display memory situation. Example # display memory situation. Display memory slot 0 system total memory(bytes...
Page 988
986 c hapter 58: d evice m anagement c ommands display schedule reboot syntax display schedule reboot view any view parameter none description use the display schedule reboot command to check the configuration of related parameters of the switch schedule reboot terminal service. Related command: reb...
Page 989
987 yyyy/mm/dd: reboot date of the switch, in the format of "year/month/day. The yyyy ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd is related to the specific month. Description use the schedule reboot at command to enable the timing reboot function of the switch and set ...
Page 990
988 c hapter 58: d evice m anagement c ommands parameter hhh:mm: waiting time for rebooting a switch, in the format of "hour: minute" the hhh ranges from 0 to 720, and the mm ranges from 0 to 59. Mmm: waiting delay for rebooting a switch, in the format of "absolute minutes" . Ranging from 0 to 43200...
Page 991
989 up-value: upper temperature limit, in the range 20 to 90 ° c. Description use the temperature-limit command to configure temperature limit. Use the undo temperature-limit command to restore temperature limit to default value. Example # set the lower and upper temperature limit of card 0. Tempera...
Page 992
990 c hapter 58: d evice m anagement c ommands example # update the service processing module in slot 2. The file to be downloaded is place in the host with the ip address 192.168.1.100, and its name is l3plus.App. The user name and password for ftp login are 654321 and 123456 respectively. System-v...
Page 993: Ftp&tftp C
59 ftp&tftp c onfiguration c ommands ftp client commands ascii syntax ascii view ftp client view parameter none description use the ascii command to configure data transmission mode as ascii mode. By default, the file transmission mode is ascii mode. Perform this command if the user needs to change ...
Page 994
992 c hapter 59: ftp&tftp c onfiguration c ommands ftp [ftp] binary 200 type set to i. Bye syntax bye view ftp client view parameter none description use the bye command to disconnect with the remote ftp server and return to user view. After performing this command, you can terminate the control con...
Page 995
Ftp client commands 993 view ftp client view parameter none description use the cdup command to change working path to the upper level directory. This command is used to exit the current directory and return to the upper level directory. Example # change working path to the upper level directory. Ft...
Page 996
994 c hapter 59: ftp&tftp c onfiguration c ommands use the undo debugging command to disable the debugging for ftp client commands. By default, the debugging for ftp client commands is disabled. Example # enable the debugging for ftp client commands. Ftp [ftp] debugging delete syntax delete remotefi...
Page 997
Ftp client commands 995 disconnect syntax disconnect view ftp client view parameter none description use the disconnect command to disconnect ftp client side from ftp server side without exiting ftp client side view. This command terminates the control connection and data connection with the remote ...
Page 998
996 c hapter 59: ftp&tftp c onfiguration c ommands parameter localfile: local file name. Remotefile: name of a file on the remote ftp server. Description use the get command to download a remote file and save it locally. If no local file name is specified, it will be considered the same as that on t...
Page 999
Ftp client commands 997 note that, the ls command only displays the file names, while the dir command also displays other file-related information such as the file size and creation date. Example # query file temp.C ftp [ftp] ls temp.C mkdir syntax mkdir pathname view ftp client view parameter pathn...
Page 1000
998 c hapter 59: ftp&tftp c onfiguration c ommands undo passive view ftp client view parameter none description use the passive command to configure the data transmission mode as passive mode. Use the undo passive command to configure the data transmission mode as active mode. By default, the data t...
Page 1001
Ftp client commands 999 parameter none description use the pwd command to view the current directory on the remote ftp server. Example # show the current directory on the remote ftp server. Ftp [ftp] pwd "flash:/temp" is current directory. Quit syntax quit view ftp client view parameter none descrip...
Page 1002
1000 c hapter 59: ftp&tftp c onfiguration c ommands ftp [ftp] remotehelp user 214 syntax: user rmdir syntax rmdir pathname view ftp client view parameter pathname: directory name of remote ftp server. Description use the rmdir command to remove the specified directory from ftp server. Note that, thi...
Page 1003
Tftp configuration commands 1001 view ftp client view parameter none description use the verbose command to enable the client to display the commands received from/sent to the server. Use the undo verbose command to disable the client from display the commands received from/sent to the server by def...
Page 1004
1002 c hapter 59: ftp&tftp c onfiguration c ommands tftp put syntax tftp tftp-server put source-file [ dest-file ] view user view parameter tftp-server: ip address or hostname of the tftp server. The name of the tftp server should be a string ranging from 1 to 20 characters. Source-file: filename of...
Page 1006
1004 c hapter 60: i nformation c enter description use the display info-center command to view the configuration of system log and the information recorded in the memory buffer. If the information in the current log/trap buffer is less than the size of buffer, display the actual log/trap information...
Page 1008
1006 c hapter 60: i nformation c enter begin: optioanl parameter, displays all items beginning friom the matching item. Exclude: optional parameter, only displays the matching items. Include: optional parameter, only displays the non-matching items.. Text: defines the regular expression. Description...
Page 1009
Information center configuration commands 1007 channel number : 4 , channel name : logbuffer dropped messages : 0 overwritten messages : 0 current messages : 91 display logbuffer summary syntax display logbuffer summary [ level severity ] view any view parameter level: information level. Severity: i...
Page 1010
1008 c hapter 60: i nformation c enter parameter size: configures the size of buffer. Summary: number of statistical logs. Sizenum: size of buffer (number of messages which can be kept), ranging from 1 to 1024. By default, the size of the buffer is 256. Level: level. Levelnum: information level valu...
Page 1011
Information center configuration commands 1009 channel-name: specifies the channel name with a character string not exceeding 30 characters, excluding digit, "-", "/" or "". . Description use the info-center channel name command to rename a channel specified by the channel-number as channel-name. Us...
Page 1012
1010 c hapter 60: i nformation c enter by default, ethernet switches do not output log information to the console. This command takes effect only after system logging is started. Related command: info-center enable, display info-center. Example # configure to output log information to the console th...
Page 1013
Information center configuration commands 1011 parameter channel: configures the channel to output information to buffer. Channel-number: channel number, ranging from 0 to 9, that is, system has ten channels. Channel-name: specifies the channel name. The name can be channel7, channel8, channel9, con...
Page 1014
1012 c hapter 60: i nformation c enter this command takes effect only after the system logging is enabled. Related command: info-center enable, display info-center. Example # send log information to logfile. System-view system view: return to user view with ctrl+z. [sw8800] info-center logfile info-...
Page 1015
Information center configuration commands 1013 this command takes effect only after the system logging is enabled. Related command: info-center enable, display info-center. Example # configure to send log information to the unix workstation at 202.38.160.1. System-view system view: return to user vi...
Page 1016
1014 c hapter 60: i nformation c enter channel-name: channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile. Description use the info-center monitor channel command to configure the channel to output the log information to the...
Page 1018
1016 c hapter 60: i nformation c enter ifnet interface management module igsp igmp snooping module ip ip (internet protocol) module isis is-is (intermediate system-to-intermediate system intradomain routing protocol) module l2inf l2 interface management module l2v l2 vpn module lacl lan switch acl m...
Page 1019
Information center configuration commands 1017 default: all the modules. Log: log information. Trap: trap information. All: clears all the information filtering configuration on the channelnum channel except the default one. Debugging: debugging information. Level: level. Severity: information level...
Page 1020
1018 c hapter 60: i nformation c enter by default, the information switch state of each channel is shown in table 148: n if you only specify the level for one/two of the three types of information, the level(s) of the unspecified two/one return(s) to the default. For example, if you only define the ...
Page 1021
Information center configuration commands 1019 at present, the system distributes an information channel in each output direction by default, shown as follows: in addition, each information channel has a default record with the module name "default" and module number as 0xffff0000. However, for diff...
Page 1022
1020 c hapter 60: i nformation c enter description use the info-center timestamp command to configure the timestamp output format in debugging/trap information. Use the undo info-center timestamp command to disable the output of timestamp field. By default, date stamp is used. Example # configure th...
Page 1023
Information center configuration commands 1021 related command: info-center enable, display info-center. Example # send information to the trap buffer and sets the size of the buffer to 30. System-view system view: return to user view with ctrl+z. [sw8800] info-center trapbuffer size 30 reset logbuf...
Page 1024
1022 c hapter 60: i nformation c enter parameter none description use the terminal debugging command to configure to display the debugging information on the terminal. Use the undo terminal debugging command to configure not to display the debugging information on the terminal. By default, the termi...
Page 1025
Information center configuration commands 1023 parameter none description use the terminal monitor command to enable the terminal display functions. Use the undo terminal monitor command to disable the terminal display functions. By default, the system enables the functions of debugging/log/trap inf...
Page 1026
1024 c hapter 60: i nformation c enter.
Page 1027: Ystem
61 s ystem m aintenance c ommands basic system configuration and management commands clock datetime syntax clock datetime hh:mm:ss yyyy/mm/dd view user view parameter hh:mm:ss: current time. Hh ranges from 0 to 23. Mm and ss range from 0 to 59. Yyyy/mm/dd: year, month and date. Yyyy ranges from 2000...
Page 1028
1026 c hapter 61: s ystem m aintenance c ommands parameter zone-name: name of the summer time, which is a string of 1 to 32 characters. One-off: sets the summer time of a certain year. Repeating: sets the summer time of every year starting from a certain year. Start-time: sets start time of the summ...
Page 1029
Basic system configuration and management commands 1027 view user view parameter zone-name: name of the time zone, which is a character with the length ranging from 1 to 32. Add: tme is adding compared with the utc. Minus: time is minus compared with the utc. Hh:mm:ss: time (hour/minute/second). Des...
Page 1030
1028 c hapter 61: s ystem m aintenance c ommands system-view system view: return to user view with ctrl+z. [sw8800] quick-ping enable sysname syntax sysname sys-name undo sysname view system view parameter sys-name: hostname of the switch. A string of 1 to 30 characters. The default hostname of the ...
Page 1031
System status and system information query commands 1029 the maximum time value supported by this command is 23:59:59 9999/12/31. Related command: clock datetime. Example # view the current system date and time. Display clock 18:36:31 beijing sat 2002/02/02 time zone : beijing add 01:00:00 summer-ti...
Page 1032
1030 c hapter 61: s ystem m aintenance c ommands view any view parameter interface-type: interface type supported by switch, including ethernet and gigabitethernet. Interface-number: interface number. Description use the display fiber-module command to display the information of the optical modules ...
Page 1033
System status and system information query commands 1031 pos4/1/3: card info: 2.5g-sfp fiber connect: lc vendorname: fiberxon inc partnumber: ftm-3125c-l2 mode: singlemode wavelength: 1310nm length for 9um: 2km pos4/1/4: card info: 1000base-sfp fiber connect: lc vendorname: agilent partnumber: hfbr-...
Page 1034
1032 c hapter 61: s ystem m aintenance c ommands display users syntax display users [ all ] view any view parameter all: displays all users connected to the switch. Description use the display users command to view information about users connected to the switch. Example # display the information ab...
Page 1035
System debug commands 1033 parameter none description use the display version command to view such information as software version, issue date and the basic hardware configurations. Example # display the information about the system version. Display version copyright notice: all rights reserved (sep...
Page 1036
1034 c hapter 61: s ystem m aintenance c ommands view user view parameter all: enables or disables all the debugging. Timeout interval: specifies the interval (in minutes) during which the debugging all switch is on. The value ranges from 1 to 1440. With this configuration, all debugging takes the t...
Page 1037
Network connection test commands 1035 description use the display diagnostic-information command to view the current configuration information about all running modules. You can use all the information to help diagnose and troubleshoot the switch. When the switch does not run well, you can collect a...
Page 1038
1036 c hapter 61: s ystem m aintenance c ommands -h ttl: configures the ttl value for echo requests to be sent. The ttl value ranges from 1 to 255. The default value is 255. -i: specifies an interface to send packets. Interface-type: specifies the interface type. Interface-number: specifies the inte...
Page 1039
Network connection test commands 1037 ■ the final statistics, including number of sent packets, number of response packets received, percentage of non-response packets and minimal/maximum/average value of response time. If the network transmission rate is too low, you can increase the response messa...
Page 1040
1038 c hapter 61: s ystem m aintenance c ommands string: ip address of the destination host or the hostname of the remote system. Description use the command to using tracert command, you can check the reachability of network connection and troubleshoot the network. User can test gateways passed by ...
Page 1041: Rotocol
62 p rotocol p ort s ecurity c onfiguration c ommands protocol port security configuration commands ip portsafe syntax ip portsafe enable undo ip portsafe enable view system view parameter none description use the ip portsafe enable command to enable the protocol port security function to check all ...
Page 1042
1040 c hapter 62: p rotocol p ort s ecurity c onfiguration c ommands n the protocol port security function is short for tcp, udp protocol port close checking function. If a protocol is not enabled, this function can drop the packet whose destination ip is the virtual interface ip of the switch, so t...
Page 1044
1042 c hapter 63: p ort p acket s tatistics c ommands (dp) can also be monitored. When monitoring a card, the counters can monitor all tcs and all dps. After you user the set egress counter command to set the monitoring mode of a card, the counters will be automatically reset. By default, a card doe...
Page 1045
Port packet statistics commands 1043 drop precedence: all the outgoing packets: unicast: 0 packets multicast: 0 packets broadcast: 0 packets bridege egress filtered packets: 0 packets txq filtered packets(due to txq congestion ): 0 packets.
Page 1046
1044 c hapter 63: p ort p acket s tatistics c ommands.
Page 1047: Ort
Ethernet port detection configuration commands 1045 64 p ort l oopback d etection c ommands ethernet port detection configuration commands loopback-detection enable syntax loopback-detection enable undo loopback-detection enable view system view parameter none description use the loopback-detection ...
Page 1049
Ethernet port detection configuration commands 1047 loopback-detection control syntax loopback-detection control undo loopback-detection control view ethernet port view parameter none description use the loopback-detection control command to enable the control function of port loopback detection, th...
Page 1050
1048 c hapter 64: p ort l oopback d etection c ommands system-view [sw8800] interface ethernet 2/1/1 [3com-gigabitethernet2/1/1] loopback-detection disable display loopback-detection syntax display loopback-detection view ethernet port view parameter none description use the display loopback-detecti...
Page 1051
Ethernet port detection configuration commands 1049.
Page 1052
1050 c hapter 64: p ort l oopback d etection c ommands.
Page 1053
Ethernet port detection configuration commands 1051.
Page 1054
1052 c hapter 64: p ort l oopback d etection c ommands.
Page 1056
1054 c hapter 64: p ort l oopback d etection c ommands.
Page 1058
1056 c hapter 64: p ort l oopback d etection c ommands.
Page 1059
Ethernet port detection configuration commands 1057.
Page 1060
1058 c hapter 64: p ort l oopback d etection c ommands.
Page 1062
1060 c hapter 64: p ort l oopback d etection c ommands.
Page 1063
Ethernet port detection configuration commands 1061.
Page 1064
1062 c hapter 64: p ort l oopback d etection c ommands.
Page 1066
1064 c hapter 64: p ort l oopback d etection c ommands.
Page 1067: Q C
65 q in q c onfiguration c ommands qinq configuration commands display port vlan-vpn syntax display port vlan-vpn view any view parameter none description use the display port vlan-vpn command to display vlan vpn-related information of the current system by port number, including current tpid, the i...
Page 1070
1068 c hapter 65: q in q c onfiguration c ommands c caution: ■ vlan vpn cannot be enabled if the port has any of gvrp, stp, and 802.1x protocols enabled. ■ vlan vpn cannot be enabled on a port if the vlan which the port belongs to has igmp snooping enabled or its vlan interface has igmp enabled. Sim...
Page 1071
Qinq configuration commands 1069 example # set the tpid value to 0x9100. [sw8800] vlan-vpn tpid 9100 # restore the default tpid value (0x8100). [sw8800] undo vlan-vpn tpid vlan-vpn tunnel syntax vlan-vpn tunnel undo vlan-vpn tunnel view system view parameter none description use the vlan-vpn tunnel ...
Page 1072
1070 c hapter 65: q in q c onfiguration c ommands description use the vlan-vpn uplink enable command to set a port to be a vlan-vpn uplink port. Use the undo vlan-vpn uplink command to remove the configuration. When sending a packet, a vlan-vpn uplink port replaces the tpid value in the outer vlan t...
Page 1073: Nqa C
66 nqa c onfiguration c ommands nqa configuration commands this section describes the network quality assurance(nqa) commands. Count syntax count times undo count view nqa test group view parameter times: number of probe packets to send. Description use the count command to configure the number of p...
Page 1074
1072 c hapter 66: nqa c onfiguration c ommands view nqa test group view parameter text: filler data of the test packet. It can be a string under 230 bytes in length. Description use the datafill command to configure the filler data of the test packet. Use the undo datafill command to restore the fil...
Page 1075
Nqa configuration commands 1073 n the filler data refers to the area that can be freely filled in the packet, that is, the area outside the icmp packet header. If the filler data is big in size, when sending the packet, the system fragments the packet to pieces on demand. Example # set the filler da...
Page 1076
1074 c hapter 66: nqa c onfiguration c ommands use the undo description command to delete the configured description information. By default, there is no description information of the operation. Example # describes the test group as "cary’s icmp test". System-view system view: return to user view w...
Page 1077
Nqa configuration commands 1075 administrator-name: name of the administrator who creates the operation. Test-tag: tag of the test operation. Description use the display nqa command to display the result of the test. If you do not specify the administrator-name and the test-operation-tag arguments, ...
Page 1078
1076 c hapter 66: nqa c onfiguration c ommands frequency syntax frequency interval undo frequency view nqa test group view parameter interval: automatic test interval, in seconds. Description use the frequency command to configure the automatic test interval. Use the undo frequency command to cancel...
Page 1079
Nqa configuration commands 1077 [sw8800] nqa administrator icmp [3com-administrator-icmp] frequency 10 history-records syntax history-records number undo history-records view nqa test group view parameter number: number of test results which can be stored in the history record. Description use the h...
Page 1080
1078 c hapter 66: nqa c onfiguration c ommands description use the nqa command to create a nqa test group (if there is no nqa test group before). You will enter the nqa test group view after this command is executed. Use the undo nqa command to delete an nqa test group. At the same time, the test wi...
Page 1081
Nqa configuration commands 1079 parameter max-number: maximum number of test operations enabled simultaneously. Description use the nqa-agent max-requests command to set the maximum number of test operations that can be enabled simultaneously. Use the undo nqa-agent max-requests command to restore t...
Page 1082
1080 c hapter 66: nqa c onfiguration c ommands ■ when probing, the system sends one packet every time. While the test process is not always so. ■ one test may include many probes. The test succeeds as long as there is one successful probe. ■ the current "probe failure times" will be reset to zero af...
Page 1083
Nqa configuration commands 1081 example # set that the system assumes the connection mode as direct connection when sending the icmp packet. System-view system view: return to user view with ctrl+z. [sw8800] nqa-agent enable [sw8800] nqa administrator icmp [3com-administrator-icmp] sendpacket passro...
Page 1084
1082 c hapter 66: nqa c onfiguration c ommands source-interface syntax source-interface { interface-type interface-number } undo source-interface view nqa test group view parameter interface-type: type of interface. Interface-number: number of interface. Description use the source-interface command ...
Page 1085
Nqa configuration commands 1083 by default, no source ip address is configured. The system uses the ip address of the source interface as the source ip address. Example # set the source ip address of this test to 192.168.60.60. System-view system view: return to user view with ctrl+z. [sw8800] nqa-a...
Page 1086
1084 c hapter 66: nqa c onfiguration c ommands parameter times: number of constant test failures. Description use the test-failtimes command to set the number of constant test failures after which the system will send the trap information to the network management system. Use the undo test-failtimes...
Page 1087
Nqa configuration commands 1085 example # specify the test type as icmp. System-view system view: return to user view with ctrl+z. [sw8800] nqa-agent enable [sw8800] nqa administrator icmp [3com-administrator-icmp] test-type icmp timeout syntax timeout time undo timeout view nqa test group view para...
Page 1088
1086 c hapter 66: nqa c onfiguration c ommands by default, the tos value in the nqa test packet header is 0, that is, no special service is specified this parameter equals to the "-v" parameter in the ping command of the windows operation system. N see the "rfc 1349" for detailed explanations of the...
Page 1089
Nqa configuration commands 1087 vpn-instance syntax vpn-instance name undo vpn-instance view nqa test group view parameter name: name of the specified vpn instance, a string of up to 19 characters. Description use the vpn-instance command to set the name of the vpn instance for the test. Use the und...
Page 1090
1088 c hapter 66: nqa c onfiguration c ommands.
Page 1091: Assword
67 p assword c ontrol c onfiguration c ommands password control configuration commands display password-control syntax display password-control view any view parameter none description the display password-control command is used to view the password control information for all users, including the ...
Page 1092
1090 c hapter 67: p assword c ontrol c onfiguration c ommands view any view parameter username:user name added into the blacklist. Ipaddress:user ip address added into the blacklist. Description use the display password-control blacklist command to view the user information added into the backlist b...
Page 1093
Password control configuration commands 1091 parameter simple: plain text, a string containing 1 to 63 characters. Cipher: cipher text, a string containing 1 to 88 characters. Password: login password. Description use the password command to configure the password for a local user. Use the undo pass...
Page 1094
1092 c hapter 67: p assword c ontrol c onfiguration c ommands parameter aging-time: configures the system password aging time. Value range 1 to 365 days, and the default value is 90 days. Length: configures the minimum password length. The value range is 4 to 32 characters, and the default value is ...
Page 1095
Password control configuration commands 1093 use the password-control login-attempt attempt-time exceed command to configure the processing mode used after password attempt fails. Example # configure the aging time of the system login passwords to 100 days. System-view system view: return to user vi...
Page 1096
1094 c hapter 67: p assword c ontrol c onfiguration c ommands use the password-control aging enable command to enable password aging. By default, the password aging time is 90 days. Use the password-control length enable command to enable the limitation of the minimum password length. By default, th...
Page 1097
Password control configuration commands 1095 parameter aging-time: specifies the aging time for super passwords. The value range is 1 to 365 days and the default value is 90 days. Min-length: specifies the minimum length for super passwords. It ranges from 4 to 16 characters, and the default value i...
Page 1098
1096 c hapter 67: p assword c ontrol c onfiguration c ommands reset password-control history-record user-name test are you sure to delete all the history record of user test ?[y/n] if you type "y", the system will delete all the history password records of the specified user and gives the following ...
Page 1099
Password control configuration commands 1097 use the reset password-control blacklist username username command to remove the specified user from the blacklist. Example # check the user information in the blacklist. Suppose the blacklist contains three users: test, tes, and test2. Display password-c...