DL manuals
H3C
Switch
S3100 Series
Command Manual

H3C S3100 Series Command Manual

Other manuals for S3100 Series: Configuration, Command Manual, Operation Manual, Installation Manual, Command Manual, Operation Manual Product Overview, Installation Manual

Page of 1186

Download

Print this page

Bookmark us

H3C S3100 Series Ethernet Switches

Command Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version:

20091230-C-1.01

Product Version: Release 2209

1 2 3 4 5 6 7 Next › »

Summary of S3100 Series

Page 1
H3c s3100 series ethernet switches command manual hangzhou h3c technologies co., ltd. Http://www.H3c.Com manual version: 20091230-c-1.01 product version: release 2209.
Page 2
Copyright © 2009, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , aolynk, , h 3 care, , top g, , irf, n...
Page 3
About this manual organization h3c s3100 series ethernet switches command manual is organized as follows: part contents 1 cli introduces the commands used for switching between the command levels and command level setting. 2 login introduces the commands used for logging into the ethernet switch. 3 ...
Page 4
Part contents 26 poe-poe profile introduces the commands used for poe and poe profile configuration. 27 snmp-rmon introduces the commands used for snmp and rmon configuration. 28 ntp introduces the ntp-related commands. 29 ssh introduces the commands used for ssh configuration. 30 file system manage...
Page 6
Obtaining documentation you can access the most up-to-date h3c product documentation on the world wide web at this url: http://www.H3c.Com. The following are the columns from which you can obtain different categories of product documentation: [products & solutions]: provides information about produc...
Page 7: Table of Contents
I table of contents 1 cli configuration commands··················································································································1-1 cli configuration commands············································································································...
Page 8: Cli Configuration Commands
1-1 1 cli configuration commands cli configuration commands command-privilege level syntax command-privilege level level view view command undo command-privilege view view command view system view parameters level level: command level to be set, in the range of 0 to 3. View view: cli view. It can be...
Page 9
1-2 cli view description mst-region mst region view mtlk-group monitor link group view, which is supported by only the s3100-ei series null null interface view peer-key-code public key editing view peer-public-key public key view pki-domain pki domain view pki-entity pki entity view poe-profile poe ...
Page 10
1-3 level name command 2 system level all configuration commands except for those at the manage level. 3 manage level commands associated with the basic operation modules and support modules of the system, such as file system, ftp/tftp/xmodem downloading, user management, and level setting commands....
Page 11
1-4 display history-command syntax display history-command view any view parameters none description use the display history-command command to display the history commands of the current user, so that the user can check the configurations performed formerly. History commands are those commands that...
Page 12
1-5 z you can switch between user levels after logging into a switch successfully. The high-to-low user level switching is unlimited. However, the low-to-high user level switching requires the corresponding authentication. The authentication mode can be set through the super authentication-mode comm...
Page 13
1-6 authentication modes are specified, the order to perform the two types of authentication is determined by the order in which they are specified, as described below. Z if the super authentication-mode super-password scheme command is executed to specify the authentication mode for user level swit...
Page 14
1-7 description use the super password command to set a switching password for a specified user level, which will be used when users switch from a lower user level to the specified user level. Use the undo super password command to restore the default configuration. By default, no such password is s...
Page 15: Table of Contents
I table of contents 1 login commands ······································································································································1-1 login commands ··············································································································...
Page 17
1-2 to improve security and prevent attacks to the unused sockets, tcp 23 and tcp 22, ports for telnet and ssh services respectively, will be enabled or disabled after corresponding configurations. Z if the authentication mode is none, tcp 23 will be enabled, and tcp 22 will be disabled. Z if the au...
Page 18
1-3 auto-execute command syntax auto-execute command text undo auto-execute command view vty user interface view parameters text: command to be executed automatically. Description use the auto-execute command command to set the command that is executed automatically after a user logs in. Use the und...
Page 19
1-4 copyright-info enable syntax copyright-info enable undo copyright-info enable view system view parameters none description use the copyright-info enable command to enable copyright information displaying. Use the undo copyright-info enable command to disable copyright information displaying. By ...
Page 20
1-5 parameters 7: sets the databits to 7. 8: sets the databits to 8. Description use the databits command to set the databits for the user interface. Use the undo databits command to revert to the default databits. The default databits is 8. Examples # set the databits to 7. System-view system view:...
Page 21
1-6 f 0 aux 0 9600 - 3 n - s + : current user-interface is active. F : current user-interface is active and work in async mode. Idx : absolute index of user-interface. Type : type and relative index of user-interface. Privi: the privilege of user-interface. Auth : the authentication mode of user-int...
Page 22
1-7 # display the summary information about the user interface. Display user-interface summary user interface type : [aux] 0:uxxx xxxx user interface type : [vty] 8:uuuu x 5 character mode users. (u) 8 ui never used. (x) 5 total ui in use table 1-2 description on the fields of the display user-inter...
Page 23
1-8 display users ui delay type ipaddress username userlevel + 8 vty 0 00:00:00 tel 192.168.0.208 3 + : current operation user. F : current operation user work in async mode. Table 1-3 descriptions on the fields of the display users command field description ui the numbers in the left sub-column are...
Page 24
1-9 table 1-4 description on the fields of the display web users command field description id id of a web user name name of a web user language language a web user uses level level of a web user login time time when a web user logs in last req. Time time when the latest request is made free user-int...
Page 26
1-11 examples # configure banners. System-view system view: return to user view with ctrl+z. [sysname] header login %welcome to login!% [sysname] header shell % input banner text, and quit with the character '%'. Welcome to shell!% [sysname] header incoming % input banner text, and quit with the cha...
Page 27
1-12 undo history-command max-size view user interface view parameters value: size of the history command buffer, ranging from 0 to 256 (in terms of commands). Description use the history-command max-size command to set the size of the history command buffer. Use the undo history-command max-size co...
Page 28
1-13 system view: return to user view with ctrl+z. [sysname] user-interface aux 0 [sysname-ui-aux0] idle-timeout 1 ip http shutdown syntax ip http shutdown undo ip http shutdown view system view parameters none description use the ip http shutdown command to shut down the web server. Use the undo ip...
Page 29
1-14 # launch the web server. [sysname] undo ip http shutdown lock syntax lock view user view parameters none description use the lock command to lock the current user interface to prevent unauthorized operations in the user interface. After you execute this command, the system prompts you for the p...
Page 30
1-15 view aux user interface view parameters even: performs even checks. None: does not check. Odd: performs odd checks. Description use the parity command to set the check mode of the user interface. Use the undo parity command to revert to the default check mode. By default, no check is performed....
Page 31
1-16 to improve security and prevent attacks to the unused sockets, tcp 23 and tcp 22 (ports for telnet and ssh services respectively) will be enabled or disabled after corresponding configurations. Z if the authentication mode is none, tcp 23 will be enabled, and tcp 22 will be disabled. Z if the a...
Page 32
1-17 you can use the screen-length 0 command to disable the function to display information in pages. Examples # set the number of lines the terminal screen can contain to 20. System-view system view: return to user view with ctrl+z. [sysname] user-interface aux 0 [sysname-ui-aux0] screen-length 20 ...
Page 34
1-19 [sysname] local-user zbr [sysname-luser-zbr] service-type telnet level 0 # to verify the above configuration, you can quit the system, log in again using the user name of zbr, and then list the available commands, as listed in the following. ? User view commands: cluster run cluster command dis...
Page 35
1-20 by default, password authentication is performed when a user logs in through a modem or telnet. If no password is set, the user cannot establish a connection with the switch. Examples # set the local password of vty 0 to “123”. System-view system view: return to user view with ctrl+z. [sysname]...
Page 36
1-21 speed syntax speed speed-value undo speed view aux user interface view parameters speed-value: transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, and 115,200. Description use the speed command to set the transmission speed of the user int...
Page 37
1-22 z the s3100 series do not support communication with a terminal emulation program with stopbits set to 1.5. Z changing the stop bits value of the switch to a value different from that of the terminal emulation utility does not affect the communication between them. Examples # set the stop bits ...
Page 38
1-23 ************************************************************************** * copyright(c) 2004-2008 hangzhou h3c tech. Co., ltd. All rights reserved. * * without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ************************************...
Page 39
1-24 view system view parameters type: user interface type, which can be aux (for aux user interface) and vty (for vty user interface). First-number: user interface index identifying the first user interface to be configured. A user interface index can be relative or absolute. Z in relative user int...
Page 40
1-25 z visit level: commands at this level are used to diagnose network, such as the ping, tracert, and telnet command. Commands at this level cannot be saved in configuration files. Z monitor level: commands at this level are used to maintain the system, to debug service problems, and so on. The di...
Page 42
2-2 parameters all: specifies all web users. User-id: web user id, an eight-digit hexadecimal number. User-name: user name of the web user. This argument can contain 1 to 80 characters. Description use the free web-users command to disconnect a specified web user or all web users by force. Examples ...
Page 43
2-3 parameters read: specifies that the community has read-only permission in the specified view. Write: specifies that the community has read/write permission in the specified view. Community-name: community name, a string of 1 to 32 characters. Acl acl-number: specifies an acl number for the commu...
Page 44
2-4 v3: snmpv3. Group-name: group name. This argument can be of 1 to 32 characters. Authentication: specifies to authenticate snmp data without encrypting the data. Privacy: authenticates and encrypts packets. Read-view: name of the view to be set to read-only. This argument can be of 1 to 32 charac...
Page 45
2-5 group-name: name of the group to which the user corresponds. This argument is a string of 1 to 32 characters. Cipher:specifies the authentication or encryption password to be in ciphertext. Authentication-mode: requires authentication. If this keyword is not provided, neither authentication nor ...
Page 46: Table of Contents
I table of contents 1 configuration file management commands ··························································································1-1 file attribute configuration commands ··································································································1-1 displ...
Page 47
1-1 1 configuration file management commands s3100 series ethernet switches allow you to input a file path and file name in one of the following ways: z in universal resource locator (url) format and starting with “unit1>flash:/”. Or “flash:/” this method is used to specify a file in the current fla...
Page 49
1-3 related commands: save, reset saved-configuration, display saved-configuration. Examples # display configuration information about all the interfaces on the current switch. Display current-configuration interface # interface vlan-interface1 ip address 192.168.0.241 255.255.255.0 # interface aux1...
Page 50
1-4 # interface ethernet1/0/19 # interface ethernet1/0/20 # interface ethernet1/0/21 # interface ethernet1/0/22 # interface ethernet1/0/23 # interface ethernet1/0/24 # interface gigabitethernet1/1/1 # interface gigabitethernet1/1/2 shutdown # interface gigabitethernet1/2/1 # interface gigabitetherne...
Page 51
1-5 interface ethernet1/0/12 interface ethernet1/0/13 interface ethernet1/0/14 interface ethernet1/0/15 interface ethernet1/0/16 interface ethernet1/0/17 interface ethernet1/0/18 interface ethernet1/0/19 interface ethernet1/0/20 interface ethernet1/0/21 interface ethernet1/0/22 interface ethernet1/0...
Page 52
1-6 # vlan 1 # vlan 5 to 69 # vlan 70 description vlan 70 # vlan 71 to 100 # return display saved-configuration syntax display saved-configuration [ unit unit-id ] [ by-linenum ] view any view parameters unit unit-id: specifies the unit id of a switch. It only can be 1. By-linenum: displays configur...
Page 53
1-7 ip address 192.168.0.241 255.255.255.0 #loccfg. Must not delete # interface aux1/0/0 # interface ethernet1/0/1 # interface ethernet1/0/2 # interface ethernet1/0/3 # interface ethernet1/0/4 # interface ethernet1/0/5 # interface ethernet1/0/6 # interface ethernet1/0/7 # interface ethernet1/0/8 # i...
Page 54
1-8 interface ethernet1/0/22 # interface ethernet1/0/23 # interface ethernet1/0/24 # interface gigabitethernet1/1/1 # interface gigabitethernet1/1/2 shutdown # interface gigabitethernet1/2/1 # interface gigabitethernet1/2/2 shutdown #topologycfg. Must not delete #glbcfg. Must not delete # interface ...
Page 55
1-9 unit1: current startup saved-configuration file: flash:/config.Cfg next main startup saved-configuration file: flash:/config.Cfg next backup startup saved-configuration file: flash:/backup.Cfg bootrom-access enable state: enabled table 1-2 description on the fields of the display startup command...
Page 56
1-10 examples # display the configuration parameters that take effect in all user interface views. System-view system view: return to user view with ctrl+z. [sysname] user-interface aux 0 [sysname-ui-aux0] display this # user-interface aux 0 user-interface vty 0 4 authentication-mode none user privi...
Page 57
1-11 z this command will permanently delete the configuration file from the switch. Z an error occurs when you execute this command if the configuration file to be deleted does not exist. Related commands: save. Examples # erase the main configuration file to be used in the next startup. Reset saved...
Page 58
1-12 the system will save the current configuration with the default name (config.Cfg) in the root directory. The system supports two modes for saving the current configuration file. Z fast saving mode. This is the mode when you use the save command without the safely keyword. The mode saves the fil...
Page 59
1-13 parameters cfgfile: path name or file name of a configuration file in the flash, a string of 5 to 56 characters. Backup: specifies the configuration file to be the backup configuration file. Main: specifies the configuration file to be the main configuration file. Unit unit-id: specifies a swit...
Page 60: Table of Contents
I table of contents 1 vlan configuration commands··············································································································1-1 vlan configuration commands·············································································································1...
Page 61: Vlan Configuration Commands
1-1 1 vlan configuration commands vlan configuration commands description syntax description text undo description view vlan view, vlan interface view parameters text: case sensitive character string to describe the current vlan or vlan interface. Special characters and spaces are allowed. It has: z...
Page 62
1-2 display interface vlan-interface syntax display interface vlan-interface [ vlan-id ] view any view parameters vlan-id: specifies a vlan interface number. Description use the display interface vlan-interface command to display information about the specified vlan interface or all vlan interfaces ...
Page 63
1-3 field description ip sending frames' format is pktfmt_ethnt_2 format of the frames sent from the vlan interface. Pktfmt_ethnt 2 indicates that this vlan interface sends ethernet ii frames. Refer to the vlan configuration part in the accompanied operation manual for information about frame format...
Page 64
1-4 examples # display information about vlan 1. Display vlan 1 vlan id: 1 vlan type: static route interface: configured ip address: 192.168.0.39 subnet mask: 255.255.255.0 description: vlan 0001 name: vlan 0001 tagged ports: ethernet1/0/1 untagged ports: ethernet1/0/2 table 1-2 description on the f...
Page 65
1-5 description use the interface vlan-interface command to create the vlan interface for a vlan and enter vlan interface view. Use the undo interface vlan-interface command to delete a vlan interface. You can create a vlan interface only for an existing vlan and must ensure that the id of the vlan ...
Page 66
1-6 named vlan is deployed, you must use the name command to associate the vlan name with the intended vlan id. The name of a vlan must be unique among all vlans. By default, the name of a vlan is its vlan id, vlan 0001 for example. Examples # specify the name of vlan 2 as test vlan. System-view sys...
Page 68
1-8 # remove vlan 5. [sysname-vlan5] quit [sysname] undo vlan 5 # create vlan 4 through vlan 100. [sysname] vlan 4 to 100 please wait............. Done. # remove vlan 2 through vlan 9 in bulk. Vlan 7 is the voice vlan. [sysname] undo vlan 2 to 9 note:the vlan kept by protocol, the voice vlan, the de...
Page 69
1-9 port syntax port interface-list undo port interface-list view vlan view parameters interface-list: list of the ethernet ports to be added to or removed from the current vlan.In this list, you can specify individual ports and port ranges. An individual port takes the form of interface-type interf...
Page 70
1-10 by default, all access ports belong to vlan 1. You cannot assign an access port to or remove an access port from vlan 1 with the port access vlan command or its undo form. To assign an access port that has been assigned to a vlan other than vlan 1, you can use the undo port access vlan command....
Page 71
1-11 the local and remote hybrid ports must use the same default vlan id for the traffic of the default vlan to be transmitted properly. Examples # set the default vlan id of the hybrid port ethernet 1/0/1 to 100. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet...
Page 72
1-12 examples # assign hybrid port ethernet 1/0/1 to vlan 2, vlan 4, and vlan 50 through vlan 100; configure the port to keep vlan tags when sending the packets of these vlans. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] port l...
Page 74
1-14 view ethernet port view parameters vlan-id: specifies the default vlan id of the current port, in the range of 1 to 4094. Description use the port trunk pvid vlan command to set the default vlan id for the trunk port. A trunk port sends packets of the default vlan untagged. Use the undo port tr...
Page 75
1-15 parameters all: displays all the mac address-to-vlan entries. Dynamic: displays dynamically configured mac address-to-vlan entries. Static: displays the statically configured mac address-to-vlan entries. Vlan vlan-id: displays the mac address-to-vlan entries associated with the specified vlan. ...
Page 76
1-16 view any view default level 1: monitor level parameters none description use the display mac-vlan interface command to display all the ports with mac address-based vlan enabled. Related commands: mac-vlan enable. Examples # display all the interfaces with mac address-based vlan enabled. Display...
Page 78
1-18 view any view parameters interface-type interface-number: specify a port by its type and number to display the protocol vlan(s) bound with the port. You can use the interface-type interface-number to interface-type interface-number keyword and argument combination to specify a port range to dis...
Page 79
1-19 parameters vlan-id1: specifies a vlan id in the range of 1 to 4094, of which the protocol vlan configuration information is to be displayed. To vlan-id2: in conjunction with vlan-id1, define a vlan range to display the protocol template configurations of all protocol vlans in the range. The vla...
Page 80
1-20 parameters vlan-id: specifies the id of the protocol vlan bound with the port. The value range is 1 to 4094. At least one protocol template must have been configured for the vlan. Protocol-index: specifies a protocol template, in the range of 0 to 15. To protocol-index-end: in conjunction with ...
Page 82
1-22 z at present, the s3100 series support only the standard templates of appletalk and ip, the standard template of ipx encapsulated in ethernet ii format, and the user-defined templates matching the ethernet ii encapsulation format. Protocol templates matching 802.2/802.3 encapsulation formats an...
Page 83: Table of Contents
I table of contents 1 management vlan configuration commands ······················································································1-1 management vlan configuration commands·······················································································1-1 delete static-routes...
Page 84
1-1 1 management vlan configuration commands management vlan configuration commands delete static-routes all syntax delete static-routes all view system view parameter none description use the delete static-routes all command to delete all static routes. The system will request your confirmation bef...
Page 85
1-2 example # display the information about the management vlan interface. (assume that vlan 1 is the management vlan.) display interface vlan-interface 1 vlan-interface1 current state : down line protocol current state : down ip sending frames' format is pktfmt_ethnt_2, hardware address is 000f-e25...
Page 86
1-3 the maximum transmit unit : 1500 bytes ip packets input number: 7420, bytes: 557679, multicasts: 1 ip packets output number: 7509, bytes: 385809, multicasts: 0 ttl invalid packet number: 0 icmp packet input number: 0 echo reply: 0 unreachable: 0 source quench: 0 routing redirect: 0 echo request:...
Page 87
1-4 field description ip header bad ip header bad messages timestamp request timestamp requests timestamp reply timestamp replies information request information requests information reply information replies netmask request netmask requests netmask reply netmask replies unknown type messages with u...
Page 89
1-6 field description nexthop next hop ip address of the route interface outbound interface, through which packets destined for the destination network segment are to be transmitted display ip routing-table acl syntax display ip routing-table acl acl-number [ verbose ] view any view parameter acl-nu...
Page 90
1-7 **destination: 10.1.1.0 mask: 255.255.255.0 protocol: #static preference: 60 *nexthop: 192.168.0.31 interface: 192.168.0.51(vlan-interface1) state: age: 1:48:18 cost: 0/0 table 1-5 description on the fields of the display ip routing-table acl command field description destination destination add...
Page 91
1-8 field description age time period during which the route is allowed to be in the routing table, in the form of hh:mm:ss. Cost cost of the route display ip routing-table ip-address syntax display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose ] view any view parameter ip-address:...
Page 92
1-9 refer to table 1-4 for the description on the output fields. # display the detailed information of the routes with their destination addresses matched within the natural mask range. Display ip routing-table 10.1.1.0 verbose routing tables: + = active route, - = last active, # = both * = next hop...
Page 94
1-11 summary count: 0 refer to table 1-4 for the description on the output fields. Display ip routing-table radix syntax display ip routing-table radix view any view parameter none description use the display ip routing-table radix command to display the information about the routes in a routing tab...
Page 95
1-12 the statistics information displayed by this command includes: z the total number of the routes z the number of the active routes z the number of the added routes z the number of the routes with deleted flags example # display the statistics information about the routing table. Display ip routi...
Page 96
1-13 display ip routing-table verbose routing tables: + = active route, - = last active, # = both * = next hop in use destinations: 2 routes: 2 holddown: 0 delete: 0 hidden: 0 **destination: 127.0.0.0 mask: 255.0.0.0 protocol: #direct preference: 0 *nexthop: 127.0.0.1 interface: 127.0.0.1(inloopback...
Page 97
1-14 before creating a management vlan interface, make sure the vlan identified by the vlan-id argument is created and is configured as the management vlan. Note that: to create the vlan interface for the management vlan on a switch operating as the management device in a cluster, make sure the id o...
Page 99
1-16 z a static route with both its destination ip address and mask both being 0.0.0.0 is the default route. When no matched entry is found in the routing table, a received packet is forwarded according to the default route. Related command: display ip routing-table. Example # configure the next hop...
Page 100
1-17 description use the reset ip routing-table statistics protocol command to clear the statistics of routes in a routing table. Example # before executing the reset ip routing-table statistics protocol command, use the display ip routing-table statistics command to display the routing statistics: ...
Page 101: Table of Contents
I table of contents 1 ip address configuration commands·····································································································1-1 ip address configuration commands·····································································································1-1 di...
Page 102
1-1 1 ip address configuration commands ip address configuration commands display ip interface syntax display ip interface [ interface-type interface-number] view any view parameters interface-type interface-number: specifies an interface by its type and number. Description use the display ip interf...
Page 103
1-2 timestamp reply: 0 information request: 0 information reply: 0 netmask request: 0 netmask reply: 0 unknown type: 0 table 1-1 description on the fields of the display ip interface command field description vlan-interface1 current state current physical state of vlan-interface 1 line protocol curr...
Page 104
1-3 parameters interface-type:interface type. Interface-number: interface number. Description use the display ip interface brief command to display brief information about a specified or all layer 3 interfaces. With no argument included, the command displays information about all layer 3 interfaces;...
Page 105
1-4 view vlan interface view, loopback interface view parameters ip-address: ip address, in dotted decimal notation. Mask: subnet mask, in dotted decimal notation. Mask-length: subnet mask length, the number of consecutive ones in the mask. It is in the range of 0 to 32. Description use the ip addre...
Page 106
2-1 2 ip performance configuration commands ip performance configuration commands display fib syntax display fib view any view parameters none description use the display fib command to display all forwarding information base (fib) information. Examples # display all fib information. Display fib fla...
Page 107
2-2 table 2-1 description on the fields of the display fib command field description flag flags: u: a route is up and available. G: gateway route h: local host route b: blackhole route d: dynamic route s: static route r: rejected route e: multi-path equal-cost route l: route generated by arp or esis...
Page 108
2-3 examples # display fib entry information which matches destination 12.158.10.0 and has a mask length no less than eight. Display fib 12.158.10.0 longer route entry count: 1 flag: u:usable g:gateway h:host b:blackhole d:dynamic s:static r:reject e:equal cost multi-path l:generated by arp or esis ...
Page 109
2-4 # display the fib entries filtered by acl 2001. Display fib acl 2001 route entry matched by access-list 2001 summary counts :1 flag: u:usable g:gateway h:host b:blackhole d:dynamic s:static r:reject e:equal cost multi-path l:generated by arp or esis destination/mask nexthop flag timestamp interf...
Page 110
2-5 parameters none description use the display fib statistics command to display the total number of fib entries. Examples # display the total number of fib entries. Display fib statistics route entry count : 8 display icmp statistics syntax display icmp statistics view any view parameters none des...
Page 111
2-6 table 2-2 description on the fields of the display icmp statistics command field description bad formats number of received wrong format packets bad checksum number of received wrong checksum packets echo number of received echo packets destination unreachable number of received destination unre...
Page 112
2-7 task-id: id of a task, with the value ranging from 1 to 100. Socket-id: id of a socket, with the value ranging from 0 to 3072. Description use the display ip socket command to display socket information. Examples # display the information about the socket of the tcp type. Display ip socket sockt...
Page 113
2-8 display ip statistics syntax display ip statistics view any view parameters none description use the display ip statistics command to display the statistics about ip packets. Related commands: display ip interface, reset ip statistics. Examples # display the statistics about ip packets. Display ...
Page 114
2-9 field description forwarding total number of ip packets forwarded by the local device local total number of ip packets initiated from the local device dropped total number of ip packets discarded no route total number of ip packets for which no route is available output: compress fails total num...
Page 115
2-10 packets received after close: 0 ack packets: 481 (8776 bytes) duplicate ack packets: 7, too much ack packets: 0 sent packets: total: 665 urgent packets: 0 control packets: 5 (including 1 rst) window probe packets: 0, window update packets: 2 data packets: 618 (8770 bytes) data packets retransmi...
Page 116
2-11 field description total total number of packets sent urgent packets number of urgent packets sent control packets number of control packets sent; in brackets are retransmitted packets window probe packets number of window probe packets sent; in the brackets are resent packets window update pack...
Page 117
2-12 description use the display tcp status command to display the state of all the tcp connections so that you can monitor tcp connections in real time. Examples # display the state of all the tcp connections. Display tcp status *: tcp md5 connection tcpcb local add:port foreign add:port state 03e3...
Page 118
2-13 total broadcast or multicast packets : 25006 no socket broadcast or multicast packets: 24989 not delivered, input socket full: 0 input packets missing pcb cache: 1314 sent packets: total: 7187 table 2-7 description on the fields of the display udp statistics command field description total tota...
Page 119
2-14 examples # disable the device from sending icmp redirection packets. System-view system view: return to user view with ctrl+z. [sysname] undo icmp redirect send icmp unreach send syntax icmp unreach send undo icmp unreach send view system view parameters none description use the icmp unreach se...
Page 120
2-15 description use the reset ip statistics command to clear the statistics about ip packets. You can use the display ip statistics command to view the current ip packet statistics. Related commands: display ip interface. Examples # clear the statistics about ip packets. Reset ip statistics reset t...
Page 121
2-16 tcp timer fin-timeout syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout view system view parameters time-value: tcp finwait timer, in seconds, with the value ranging from 76 to 3600. Description use the tcp timer fin-timeout command to configure the tcp finwait timer. Use the u...
Page 122
2-17 when sending the syn packet, tcp starts the synwait timer. If the response packet is not received before synwait times out, the tcp connection will be terminated. Related commands: tcp timer fin-timeout, tcp window. Examples # configure the value of the tcp synwait timer to 80 seconds. System-v...
Page 123: Table of Contents
I table of contents 1 voice vlan configuration commands ···································································································1-1 voice vlan configuration commands···································································································1-1 displ...
Page 124
1-1 1 voice vlan configuration commands the contents of this chapter are only applicable to the s3100-ei series among s3100 series switches. Voice vlan configuration commands display voice vlan error-info syntax display voice vlan error-info view any view parameters none description use the display ...
Page 125
1-2 display voice vlan oui syntax display voice vlan oui view any view parameters none description use the display voice vlan oui command to display the organizationally unique identifier (oui) list used for identifying voice traffic. The output of the command displays the oui addresses, their masks...
Page 126
1-3 examples # display the information about the voice vlan. Display voice vlan status voice vlan status: enable voice vlan id: 2 voice vlan security mode: security voice vlan aging time: 100 minutes current voice vlan enabled port mode: port mode -------------------------------- ethernet1/0/2 auto ...
Page 127
1-4 description use the display vlan command to display information about the specified vlan. For the voice vlan, this command displays all the ports in the vlan. Related commands: voice vlan, voice vlan enable. Examples # display all the ports in the current voice vlan, assuming that the current vo...
Page 128
1-5 z if you want to delete a vlan with voice vlan function enabled, you must disable the voice vlan function first. Z the voice vlan function can be enabled for only one vlan at one time. Z when an s3100-c-epon-ei switch works as an onu device in the epon system, the voice vlan function may not run...
Page 129
1-6 the voice vlan aging timer does not take effect on ports working in manual voice vlan assignment mode, because these ports are assigned to the voice vlan statically. When setting the voice vlan aging timer, consider the usage frequency of ip phones. Note that: z a large voice vlan aging timer se...
Page 130
1-7 voice vlan is not supported on combo ports. For information about combo port, refer to port basic configuration of this manual. Related commands: display voice vlan error-info, display voice vlan status. Examples # enable the voice vlan function on ethernet1/0/2. System-view system view: return ...
Page 131
1-8 undo voice vlan mac-address oui view system view parameters oui: specify a mac address, in the format of h-h-h. Oui-mask: specify a mac address mask, made up of consecutive fs and consecutive 0s. It specifies the matching length of the oui address. When the switch receives a packet, it matches t...
Page 132
1-9 view ethernet port view parameters none description use the voice vlan mode auto command to configure the voice vlan assignment mode of the ethernet port to automatic. Use the undo voice vlan mode auto command to configure the voice vlan assignment mode of the ethernet port to manual. You cannot...
Page 133
1-10 description use the voice vlan qos command to configure the interface to modify the cos and dscp values marked for incoming traffic of the voice vlan into specified values. Use the undo voice vlan qos command to restore the default. By default, an interface modifies the cos value and the dscp v...
Page 134
1-11 use the undo voice vlan qos command to restore the default. By default, an interface modifies the cos value and the dscp value marked for voice vlan traffic into 6 and 46 respectively. Related commands: voice vlan qos. Z configure the qos priority trust mode for voice vlan traffic on an interfa...
Page 135
1-12 system-view system view: return to user view with ctrl+z. [sysname] undo voice vlan security enable.
Page 136: Table of Contents
I table of contents 1 gvrp configuration commands ·············································································································1-1 garp configuration commands ············································································································1...
Page 137: Gvrp Configuration Commands
1-1 1 gvrp configuration commands garp configuration commands display garp statistics syntax display garp statistics [ interface interface-list ] view any view parameters interface-list: specifies a list of ethernet ports for which the statistics about garp are to be displayed.In this list, you can ...
Page 138
1-2 number of frames discarded : 0 table 1-1 description on the fields of the display garp statistics command field description number of gvrp frames received number of the gvrp frames received on the port number of gvrp frames transmitted number of the gvrp frames transmitted through the port numbe...
Page 140
1-4 timer lower threshold upper threshold leave this lower threshold is greater than twice the timeout time of the join timer. You can change the threshold by changing the timeout time of the join timer. This upper threshold is less than the timeout time of the leaveall timer. You can change the thr...
Page 141
1-5 by default, the leaveall timer is set to 1,000 centiseconds, that is, 10 seconds. In networking, you are recommended to set the garp leaveall timer to 12000 centiseconds (2 minutes). Related commands: display garp timer. Examples # set the garp leaveall timer to 100 centiseconds. System-view sys...
Page 142
1-6 gvrp configuration commands display gvrp statistics syntax display gvrp statistics [ interface interface-list ] view any view parameters interface interface-list: specifies an ethernet port list. By providing a value for this argument, you can display the gvrp statistics on the specified ports. ...
Page 143
1-7 parameters none description use the display gvrp status command to display the global gvrp status (enabled or disabled). Examples # display the global gvrp status. Display gvrp status gvrp is enabled the above information indicates that gvrp is enabled globally. Gvrp syntax gvrp undo gvrp view s...
Page 145: Table of Contents
I table of contents 1 port basic configuration commands······································································································1-1 port basic configuration commands······································································································1-1 ...
Page 147
1-2 if you configure broadcast-suppression command in both system view and ethernet port view, the configuration in ethernet port view will take effect. With the traffic policing enabled, broadcast-suppression function cannot be enabled either on system view or ethernet port view. Refer to the qos p...
Page 148
1-3 z if you specify a source aggregation group id, the system uses the port with the smallest port number in the aggregation group as the source. Z if you specify a destination aggregation group id, the configuration of the source port will be copied to all ports in the aggregation group and all po...
Page 149
1-4 z any aggregation group port you input in the destination port list will be removed from the list and the copy command will not take effect on the port. If you want an aggregation group port to have the same configuration with the source port, you can specify the aggregation group of the port as...
Page 150
1-5 example # set description string "lanswitch-interface" for the ethernet1/0/1 port. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] description lanswitch-interface display brief interface syntax display brief interface [ interfac...
Page 151
1-6 related command: display interface. Example # display the brief configuration information about the ethernet1/0/1 port. Display brief interface ethernet1/0/1 interface: eth - ethernet ge - gigabitethernet tenge - tengigabitethernet loop - loopback vlan - vlan-interface cas - cascade speed/duplex...
Page 153
1-8 - broadcasts, - multicasts, - pauses input: 0 input errors, 0 runts, 0 giants, - throttles, 0 crc 0 frame, - overruns, 0 aborts, 0 ignored, - parity errors output(total): 0 packets, 0 bytes 0 broadcasts, 0 multicasts, 0 pauses output(normal): - packets, - bytes - broadcasts, - multicasts, - paus...
Page 154
1-9 field description input(normal): - packets, - bytes - broadcasts, - multicasts, - pauses count in packets and in bytes of incoming normal packets on the port, including incoming normal packets and normal pause frames the number of normal incoming broadcast packets, the number of normal incoming ...
Page 155
1-10 field description output(normal): - packets, - bytes - broadcasts, - multicasts, - pauses count in packets and in bytes of outgoing normal packets on the port, including outgoing normal packets and normal pause frames. The number of normal outgoing broadcast packets, the number of normal outgoi...
Page 156
1-11 display link-delay syntax display link-delay view any view parameters none description use the display link-delay command to display the information about the ports with the link-delay command configured, including the port name and the configured delay. Related commands: link-delay. Examples #...
Page 157
1-12 table 1-4 description on the fields of the display loopback-detection command field description port ethernet1/0/1 loopback-detection is running loopback detection is enabled on the ethernet1/0/1. System loopback-detection is running loopback detection is enabled globally. Detection interval ti...
Page 158
1-13 view any view parameter unit-id: unit id, only can be 1. Description use the display unit command to display information about the ports on a specified unit. Example # display information about the ports on unit 1. Display unit 1 interface aux1/0/0 description : aux interface ethernet1/0/1 curr...
Page 159
1-14 (the following displayed information is omitted) table 1-5 description on the fields of the display unit command field description aux1/0/0 description : aux interface the description string of the aux port is "aux interface". For the description of other fields, refer to table 1-3 . Duplex syn...
Page 160
1-15 parameter none description use the enable log updown command to enable up/down log information output. Use the undo log enable updown command to disable up/down log information output. By default, a port is allowed to output up/down log information. Example # by default, a port is allowed to ou...
Page 161
1-16 when you use the display interface interface-type interface-number command to display the information of a port, the system performs statistical analysis on the traffic flow passing through the port during the specified interval and displays the average rates in the interval. For example, if yo...
Page 162
1-17 interface syntax interface interface-type interface-number view system view parameter interface-type: port type, which can be aux, ethernet, gigabitethernet, loopback, null or vlan-interface. Interface-number: port number, in the format of unit id/slot number/port number, where: z unit id is fi...
Page 163
1-18 z only s3100-ei series switches support this feature. Z the configuration of jumboframe enable command takes effect on all the ports while the configuration of undo jumboframe enable takes effect on current port. Example # set the maximum frame size allowed on ethernet 1/0/1 to 2048 bytes. Syst...
Page 165
1-20 parameter none description use the loopback-detection control enable command to enable the loopback port control function on the current trunk or hybrid port. Use the undo loopback-detection control enable command to disable the loopback port control function on the trunk or hybrid port. The lo...
Page 166
1-21 use the undo loopback-detection enable command to disable the loopback detection function on the port. 1) if a loop is found on an access port, the system will set the port to the block state (ports in this state cannot forward data packets), send log and trap messages to the terminal, and remo...
Page 167
1-22 loopback-detection interface-list enable syntax loopback-detection interface-list enable undo loopback-detection interface-list enable view system view parameter interface-list: ethernet port list, in the form of interface-list = { interface-type interface-number [ to interface-type interface-n...
Page 168
1-23 description use the loopback-detection interval-time command to set time interval for loopback detection. Use the undo loopback-detection interval-time command to restore the default time interval. Example # set time interval for loopback detection to 10 seconds. System-view system view: return...
Page 169
1-24 parameter none description use the loopback-detection shutdown enable command to enable the loopback port auto-shutdown function. Use the undo loopback-detection shutdown enable command to disable the function. The loopback port auto-shutdown function works in conjunction with the loopback dete...
Page 170
1-25 parameter across: sets the mdi mode to medium dependent interface (mdi). Normal: sets the mdi mode to media dependent interface-x mode (mdi-x). Auto: sets the mdi mode to auto-sensing. Port operating in this mode adjust its mdi mode between mdi and mdi-x automatically. Z an rj-45 interface can ...
Page 171
1-26 use the undo multicast-suppression command to restore the default unknown multicast and unknown unicast traffic suppression setting on the current port. After the configuration, the switch will suppress the unknown multicast and unknown unicast traffic simultaneously. When the sum of incoming u...
Page 172
1-27 a port can not be added to a port group if it has been added to an aggregation group, and vice versa. Example # add the interface ethernet 1/0/2~ethernet1/0/5 to the port group1. System-view [sysname] port-group 1 [sysname-port-group-1] port ethernet 1/0/2 to ethernet 1/0/5 port-group syntax po...
Page 173
1-28 view user view parameter interface-type: port type. Interface-number: port number. For details about the parameters, see the parameter description of the interface command. Description use the reset counters interface command to clear the statistics of the port, preparing for a new statistics c...
Page 174
1-29 you can use the display port combo command to check the states of the two ports forming a combo port. The one in active state is currently enabled and the one in inactive state is currently disabled. For the two ports forming a combo port, executing the shutdown command on the active port chang...
Page 176
1-31 max-packets: upper threshold of the traffic on the port, in pps, or kbps. It ranges from 1 to 4,294,967,295 and must be greater than or equal to the lower threshold. Min-packets: lower threshold of the traffic on the port, in pps, or kbps. It ranges from 1 to 4,294,967,295, and must be less tha...
Page 177
1-32 z if the broadcast-suppression command, or multicast-suppression command is configured on a port, you cannot configure the storm control function on the port, and vice versa. Z you are not recommended to set the upper and lower traffic thresholds to the same value. Z the system can take one of ...
Page 178
1-33 by default, log/trap information is output when traffic received on the port exceeds the upper threshold or falls below the lower threshold. Related commands: display storm-constrain, storm-constrain. Examples # disable log information from being output when traffic received on ethernet 1/0/1 e...
Page 179
1-34 parameter none description use the virtual-cable-test command to enable the system to test the cable connected to a specific port and to display the results. The system can test these attributes of the cable: cable status, including normal, abnormal, abnormal-open, abnormal-short and failure ca...
Page 180
1-35 pair polarity: - insertion loss: - db return loss: - db near-end crosstalk: - db.
Page 181: Table of Contents
I table of contents 1 link aggregation configuration commands··························································································1-1 link aggregation configuration commands ···························································································1-1 display li...
Page 182
1-1 1 link aggregation configuration commands link aggregation configuration commands display link-aggregation interface syntax display link-aggregation interface interface-type interface-number [ to interface-type interface-number ] view any view parameter interface-type: port type. Interface-numbe...
Page 183
1-2 table 1-1 description on the fields of the display link-aggregation interface command field description selected aggid id of the aggregation group to which the specified port belongs local information about the local end port-priority port priority oper key operation key flag protocol status fla...
Page 184
1-3 -------------------------------------------------------------------------- 1 s 0x8000,0000-0000-0000 0 1 nons ethernet1/0/2 2 m none 0 1 nons ethernet1/0/3 table 1-2 description on the fields of the display link-aggregation summary command field description aggregation group type aggregation gro...
Page 185
1-4 loadsharing type: shar -- loadsharing, nons -- non-loadsharing flags: a -- lacp_activity, b -- lacp_timeout, c -- aggregation, d -- synchronization, e -- collecting, f -- distributing, g -- defaulted, h -- expired aggregation id: 1, aggregationtype: static, loadsharing type: nons aggregation des...
Page 186
1-5 description use the display lacp system-id command to display the device id of the local system, including the system priority and the mac address. Example # display the device id of the local system. Display lacp system-id actor system id: 0x8000, 000f-e20f-0100 the actor system id field is the...
Page 187
1-6 parameter port-priority: port priority, ranging from 0 to 65,535. Description use the lacp port-priority command to set the priority of the current port. Use the undo lacp port-priority command to restore the default port priority. By default, the port priority is 32,768. You can use the display...
Page 188
1-7 undo link-aggregation group agg-id description view system view parameter agg-id: aggregation group id, in the range of 1 to 28. Agg-name: aggregation group name, a string of 1 to 32 characters. Description use the link-aggregation groupdescription command to set a description for an aggregation...
Page 189
1-8 description use the link-aggregation group mode command to create a manual or static aggregation group. Use the undo link-aggregation group command to remove the specified aggregation group. Related command: display link-aggregation summary. Example # create manual aggregation group 22 system-vi...
Page 190
1-9 parameter interface-type: port type interface-number: port number to: specifies a port index range, with the two interface-type interface-number argument pairs around it as the two ends. Description use the reset lacp statistics command to clear lacp statistics on specified port(s), or on all po...
Page 191: Table of Contents
I table of contents 1 port isolation configuration commands ································································································1-1 port isolation configuration commands ·································································································1-1 d...
Page 192
1-1 1 port isolation configuration commands port isolation configuration commands display isolate port syntax display isolate port view any view parameter none description use the display isolate port command to display the ethernet ports assigned to the isolation group. Example # display informatio...
Page 193
1-2 z when a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group on the local device will join/leave the isolation group at the same time. Z for ports that belong to an aggregation group and an isolation group simultaneously, removing a ...
Page 194: Table of Contents
I table of contents 1 port security commands··························································································································1-1 port security commands ···········································································································...
Page 195: Port Security Commands
1-1 1 port security commands port security commands display mac-address security syntax display mac-address security [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] view any view parameters interface interface-type interface-number: specify a port by its type and number, of ...
Page 196
1-2 mac addr vlan id state port index aging time(s) 0000-0000-0001 1 security ethernet1/0/20 noaged 0000-0000-0002 1 security ethernet1/0/20 noaged 0000-0000-0003 1 security ethernet1/0/20 noaged 0000-0000-0004 1 security ethernet1/0/20 noaged --- 4 mac address(es) found on port ethernet1/0/20 --- #...
Page 197
1-3 parameters interface interface-list: specify a list of ethernet ports of which the port security configurations are to be displayed. For the interface-list argument, you can specify individual ports and port ranges. An individual port takes the form of interface-type interface-number and a port ...
Page 198
1-4 max mac-address num is 4 stored mac-address num is 0 authorization is ignore ethernet1/0/2 is link-down port mode is autolearn needtoknow mode is disabled intrusion mode is no action max mac-address num is not configured stored mac-address num is 0 authorization is ignore ethernet1/0/3 is link-d...
Page 199
1-5 field description max mac-address num is 4 the maximum number of mac addresses allowed on the port is 4. Stored mac-address num is 0 no mac address is stored. Authorization is ignore authorization information delivered by the remote authentication dial-in user service (radius) server will not be...
Page 200
1-6 examples # enable port security; configure the port security mode of ethernet 1/0/1 as autolearn and create a security mac address entry for 0001-0001-0001, setting the associated port to ethernet 1/0/1 and assigning the mac address to vlan 1. System-view system view: return to user view with ct...
Page 201
1-7 after a radius user passes authentication, the radius server authorizes the attributes configured for the user account such as the dynamic vlan configuration. For more information, refer to aaa command. Examples # configure ethernet 1/0/2 to ignore the authorization information delivered by the ...
Page 202
1-8 examples # enable port security. System-view system view: return to user view with ctrl+z. [sysname] port-security enable notice: the port-control of 802.1x will be restricted to auto when port-security is enabled. Please wait... Done. Port-security guest-vlan syntax port-security guest-vlan vla...
Page 203
1-9 authentication of a user fails, the blocking mac address feature will be triggered and packets of the user will be dropped, making the user unable to access the guest vlan. Examples # set the security mode of port ethernet 1/0/1 to macaddressoruserloginsecure, and specify vlan 100 as the guest v...
Page 204
1-10 by checking the source mac addresses in inbound data frames or the username and password in 802.1x authentication requests on a port, intrusion protection detects illegal packets (packets with illegal mac address) or events and takes a pre-set action accordingly. The actions you can set include...
Page 205
1-11 needtoknow mode is disabled intrusion mode is blockmacaddress max mac-address num is 2 stored mac-address num is 2 authorization is permit for description on the output information, refer to table 1-2 . # configure the intrusion protection mode on ethernet 1/0/1 as disableport-temporarily. As a...
Page 206
1-12 by default, there is no limit on the number of mac addresses allowed on the port. By configuring the maximum number of mac addresses allowed on a port, you can: z limit the number of users accessing the network through the port. Z limit the number of security mac addresses that can be added on ...
Page 207
1-13 description use the port-security ntk-mode command to configure the ntk feature on the port. Use the undo port-security ntk-mode command to restore the default setting. Be default, ntk is disabled on a port, namely all frames are allowed to be sent. By checking the destination mac addresses of ...
Page 208
1-14 description use the port-security oui command to set an oui value for authentication. Use the undo port-security oui command to cancel the oui value setting. By default, no oui value is set for authentication. Z the oui value set by this command takes effect only when the security mode of the p...
Page 209
1-15 table 1-3 keyword description keyword security mode description autolearn autolearn in this mode, mac addresses learned on the port become security mac addresses. When the number of security mac addresses exceeds the maximum number of mac addresses configured by the port-security max-mac-count ...
Page 210
1-16 keyword security mode description userlogin-secure userloginsecure in this mode, mac-based 802.1x authentication is applied on users trying to access the network through the port. The port will be enabled when the authentication succeeds and allow packets from authenticated users to pass throug...
Page 211
1-17 description use the port-security port-mode command to set the security mode of the port. Use the undo port-security port-mode command to restore the default mode. By default, the port is in the norestriction mode, namely access to the port is not restricted. Z before setting the security mode ...
Page 212
1-18 description use the port-security timer autolearn command to configure the aging time for the security mac address entries that are learned by the port automatically. Use the undo port-security timer autolearn command to restore the default. By default, the aging time is 0, that is, the securit...
Page 213
1-19 the port-security timer disableport command is used in conjunction with the port-security intrusion-mode disableport-temporarily command to set the length of time during which the port remains disabled. Related commands: port-security intrusion-mode. Examples # set the intrusion protection mode...
Page 215
1-21 when you use the display port-security command to display global information, the system will display which types of trap messages are allowed to send. Related commands: display port-security. Examples # allow the sending of intrusion packet-detected trap messages. System-view system view: retu...
Page 217
2-2 by default, no user mac address or ip address is bound to a port. Z an ip address can be bound with only one port at a time. Z a mac address can be bound with only one port at a time. Examples # in system view, bind the mac address 000f-e200-5101 and ip address 10.153.1.1 (supposing they are mac...
Page 218
2-3 parameters interface interface-type interface-number: specify the port to be bound. The interface-type interface-number arguments indicate the port type and port number. Ip-addr ip-address: specify the ip address to be bound. Mac-addr mac-address: specify the mac address to be bound. The mac-add...
Page 219
2-4 description use the display am user-bind ipv6 command to display ipv6 bindings. Related commands: am user-bind. Examples # display bindings of all ports. Display am user-bind ipv6 following user address bind have been configured: mac ipv6 port 000f-e200-5101 1::ef:1 ethernet1/0/1 000f-e200-5102 ...
Page 220: Table of Contents
I table of contents 1 dldp configuration commands··············································································································1-1 dldp configuration commands·············································································································1...
Page 222
1-2 neighbor mac address : 000f-e20f-7201 neighbor port index : 98 neighbor state : two way neighbor aged time : 24 table 1-1 description on the fields of the display dldp command field description dldp interval interval for sending dldp advertisement packets (in seconds) dldp work-mode dldp work mo...
Page 223
1-3 use the dldp enable command to enable dldp on the current port. Use the dldp disable command to disable dldp on the current port. The dldp command can apply to a non-optical port as well as an optical port. By default, dldp is disabled. When you use the dldp enable/dldp disable command in system...
Page 224
1-4 use the undo dldp authentication-mode to remove the dldp authentication mode and password on the current port. By default, the authentication mode on the current port is none. Note that: when you configure a dldp authentication mode and authentication password on a port, make sure that the same ...
Page 225
1-5 note that: z the interval takes effect on all dldp-enabled ports. Z it is recommended that you set the interval shorter than one-third of the stp convergence time (usually 30 seconds). If too long an interval is set, an stp loop may occur before dldp shuts down unidirectional links. On the contr...
Page 226
1-6 view system view parameters auto: disables automatically the corresponding port when dldp detects an unidirectional link or finds in the enhanced mode that the peer port is down. Manual: generates log and traps and prompts the user to disable manually the corresponding port when dldp detects an ...
Page 227
1-7 z when dldp works in normal mode, the system can identify only the unidirectional link caused by fiber cross-connection. Z when the dldp protocol works in enhanced mode, the system can identify two types of unidirectional links: one is caused by fiber cross-connection and the other is caused by ...
Page 228
1-8 examples # set the delaydown timer to 5 seconds. System-view system view: return to user view with ctrl+z. [sysname] dldp delaydown-timer 5.
Page 229: Table of Contents
I table of contents 1 mac address table management configuration commands ······························································1-1 mac address table management configuration commands································································1-1 display mac-address aging-time···········...
Page 230: Commands
1-1 1 mac address table management configuration commands this chapter describes the management of static, dynamic, and blackhole mac address entries. For information about the management of multicast mac address entries, refer to the “multicast protocol” part of the manual. Mac address table manage...
Page 231
1-2 display mac-address syntax display mac-address [ display-option ] view any view parameters display-option: option used to display specific mac address table information, as described in table 1-1 . Table 1-1 description on the display-option argument value description mac-address [ vlan vlan-id ...
Page 232
1-3 examples # display information about mac address 000f-e20f-0101. Display mac-address 000f-e20f-0101 mac addr vlan id state port index aging time(s) 000f-e20f-0101 1 learned ethernet1/0/1 aging # display the mac address entries for the port ethernet 1/0/4. Display mac-address interface ethernet 1...
Page 233
1-4 parameters none description use the display port-mac command to display the configured start port mac address for the ethernet ports on the switch, that is, the mac address of ethernet 1/0/1. Related commands: port-mac. Examples # display the start port mac address. Display port-mac port mac sta...
Page 235
1-6 parameters count: maximum number of mac addresses a port can learn. This argument ranges from 0 to 8192. A value of 0 disables the port from learning mac addresses. Description use the mac-address max-mac-count command to set the maximum number of mac addresses an ethernet port can learn. Use th...
Page 236
1-7 description use the mac-address max-mac-count 0 command to disable a switch from learning mac address in a vlan. Use the undo mac-address max-mac-count command to enable a switch to learn mac address in a vlan. By default, a switch learns mac addresses in any vlan. Example # disable the switch f...
Page 237
1-8 system-view system view: return to user view with ctrl+z. [sysname] mac-address timer aging 500 port-mac syntax port-mac start-mac-address undo port-mac view system view parameters start-mac-address: start mac address for the ethernet ports on the switch, in the format of h-h-h. It must be a val...
Page 238: Table of Contents
I table of contents 1 mstp configuration commands ·············································································································1-1 mstp configuration commands ············································································································1...
Page 239
Ii stp transmit-limit ····························································································································1-44 vlan-mapping modulo ····················································································································1-45 vlan-vpn...
Page 240: Mstp Configuration Commands
1-1 1 mstp configuration commands mstp configuration commands active region-configuration syntax active region-configuration view mst region view parameters none description use the active region-configuration command to activate the settings of a multiple spanning tree (mst) region. Configuring mst...
Page 241
1-2 view ethernet port view parameters none description use the bpdu-drop any command to enable bpdu dropping on the ethernet port. Use the undo bpdu-drop any command to disable bpdu dropping on the ethernet port. By default, bpdu dropping is disabled. In a stp-enabled network, some malicious users ...
Page 242
1-3 description use the check region-configuration command to display the mst region-related configuration which is being modified currently, including region name, revision level, and vlan-to-instance mapping table. As specified in the mstp protocol, the configurations of mst regions must be right,...
Page 243
1-4 view any view parameters instance-id: id of the msti ranging from 0 to 16. The value of 0 refers to the common and internal spanning tree (cist). Interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-typ...
Page 244
1-5 examples # display the brief state information of msti 0 on ethernet 1/0/1 through ethernet 1/0/4. Display stp instance 0 interface ethernet 1/0/1 to ethernet 1/0/4 brief mstid port role stp state protection 0 ethernet1/0/1 alte discarding loop 0 ethernet1/0/2 desi forwarding none 0 ethernet1/0/...
Page 245
1-6 ----[port2(ethernet1/0/2)][down]---- port protocol :enabled port role :cist disabled port port priority :128 port cost(legacy) :config=auto / active=200000 desg. Bridge/port :32768.00e0-fc12-4001 / 128.2 port edged :config=disabled / active=disabled point-to-point :config=auto / active=false tra...
Page 246
1-7 field description port cost(legacy) path cost of the port. The field in the bracket indicates the standard used for port path cost calculation, which can be legacy, dot1d-1998, or dot1t. Config indicates the configured value, and active indicates the actual value. Desg. Bridge/port designated br...
Page 247
1-8 examples # display the ports that are blocked by stp guard functions. Display stp abnormalport mstid port block reason --------- -------------------- ------------- 0 ethernet1/0/20 root-protection 1 ethernet1/0/21 loop-protection table 1-4 description on the fields of the display stp abnormalpor...
Page 248
1-9 field description down reason reason that caused the port to be blocked. Z bpdu-protected: bpdu attack guard function z formatfrequency-protected: mstp bpdu format frequent change protection function display stp region-configuration syntax display stp region-configuration view any view parameter...
Page 249
1-10 display stp root syntax display stp root view any view parameters none description use the display stp root command to display information about the root ports in the mstp region where the switch resides. Examples # display information about the root ports in the mstp region where the switch re...
Page 250
1-11 parameters instance-id: id of an msti ranging from 0 to 16. The value of 0 refers to the cist. Vlan-list: list of vlans. You need to provide this argument in the form of vlan-list = { vlan-id [ to vlan-id ] }&, where & means that you can provide up to 10 vlan ids/vlan id ranges for this argumen...
Page 251
1-12 mst region name, along with vlan-to-instance mapping table and mstp revision level, determines the mst region which a switch belongs to. Related commands: instance, revision-level, check region-configuration, vlan-mapping modulo, active region-configuration. Examples # set the mst region name o...
Page 252
1-13 undo revision-level view mst region view parameters level: mstp revision level to be set for the switch. This argument ranges from 0 to 65,535. Description use the revision-level command to set the mstp revision level for a switch. Use the undo revision-level command to restore the revision lev...
Page 253
1-14 description z use the stp command in system view to enable/disable mstp globally. Use the undo stp command in system view to restore the mstp state to the default globally. Z use the stp command in ethernet port view to enable/disable mstp on a port. Use the undo stp command in ethernet port vi...
Page 254
1-15 stp bpdu-protection syntax stp bpdu-protection undo stp bpdu-protection view system view parameters none description use the stp bpdu-protection command to enable the bpdu guard function on the switch. Use the undo stp bpdu-protection command to restore to the default state of the bpdu guard fu...
Page 255
1-16 view system view parameters bridgenum: network diameter to be set for a switched network. This argument ranges from 2 to 7. Description use the stp bridge-diameter command to set the network diameter of a switched network. The network diameter of a switched network is represented by the maximum...
Page 256
1-17 interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the format of interface-list ={ interface-type interface-number [ to interface-type interface-number ] } &, where & means that you can provide up to 10 port indexes/port index ranges for th...
Page 257
1-18 undo stp interface interface-list config-digest-snooping view system view, ethernet port view parameters interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type i...
Page 258
1-19 z when the digest snooping feature is enabled on a port, the port turns to the discarding state. That is, the port stops sending bpdu packets. The port is not involved in the stp calculation until it receives bpdu packets from the peer port. Z the digest snooping feature is needed only when you...
Page 259
1-20 z system view: stp interface interface-list[ instance instance-id] cost cost undo stp interface interface-list[ instance instance-id] cost view system view, ethernet port view parameters instance-id: id of an msti ranging from 0 to 16. The value of 0 refers to the cist. Cost: path cost to be se...
Page 260
1-21 [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] stp instance 2 cost 200 z set the path cost of ethernet 1/0/1 in msti 2 to 200 in system view. System-view system view: return to user view with ctrl+z. [sysname] stp interface ethernet 1/0/1 instance 2 cost 200 # set the path cost of e...
Page 261
1-22 examples # enable a switch to send trap messages conforming to 802.1d standard to the network management device when the switch becomes the root bridge of msti 1. System-view system view: return to user view with ctrl+z. [sysname] stp instance 1 dot1d-trap newroot enable stp edged-port syntax z...
Page 262
1-23 normally, configuration bpdus cannot reach an edge port because the port is not connected to another switch. But when the bpdu guard function is disabled on an edge port, configuration bpdus sent deliberately by a malicious user may reach the port. If an edge port receives a bpdu, it turns to a...
Page 263
1-24 parameters interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &, where & means that you can provide up to 10 port indexes/port index ran...
Page 264
1-25 system-view system view: return to user view with ctrl+z. [sysname] stp interface ethernet 1/0/2 to ethernet 1/0/4 loop-protection stp max-hops syntax stp max-hops hops undo stp max-hops view system view parameters hops: maximum hop count to be set. This argument ranges from 1 to 40. Descriptio...
Page 265
1-26 z system view: stp [ interface interface-list] mcheck view system view, ethernet port view parameters interface-list: ethernet port list. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type inte...
Page 267
1-28 undo stp interface interface-type interface-number no-agreement-check view system view, ethernet port view parameters interface-type: port type. Interface-number: port number. Description z use the stp no-agreement-check command to enable the rapid transition feature on the current port in ethe...
Page 269
1-30 link speed duplex state path cost in 802.1d-1998 standard path cost in ieee 802.1t standard path cost in private standard 10 gbps full-duplex aggregated link 2 ports aggregated link 3 ports aggregated link 4 ports 2 1 1 1 2,000 1,000 666 500 2 1 1 1 normally, the path cost of a port operating i...
Page 270
1-31 force-false: specifies that the link connected to the current ethernet port is not a point-to-point link. Auto: specifies to automatically determine whether or not the link connected to the current ethernet port is a point-to-point link. Interface-list: ethernet port list. You can specify multi...
Page 271
1-32 # configure the links connected to ethernet 1/0/2 to ethernet 1/0/4 as point-to-point links in system view. System-view system view: return to user view with ctrl+z. [sysname] stp interface ethernet 1/0/2 to ethernet 1/0/4 point-to-point force-true stp port priority syntax z ethernet port view:...
Page 272
1-33 system-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] stp instance 2 port priority 16 z set the port priority of ethernet 1/0/1 in msti 2 to 16 in system view. System-view system view: return to user view with ctrl+z. [sysname] stp ...
Page 273
1-34 view system view parameters none description use the stp portlog all command to enable log and trap message output for the ports of all instances. Use the undo stp portlog all command to disable this function. By default, log and trap message output is disabled on the ports of all instances. Ex...
Page 274
1-35 [sysname] stp instance 1 priority 4096 stp region-configuration syntax stp region-configuration undo stp region-configuration view system view parameters none description use the stp region-configuration command to enter mst region view. Use the undo stp region-configuration command to restore ...
Page 275
1-36 undo stp [ instance instance-id ] root view system view parameters instance-id: msti id ranging from 0 to 16. The value of 0 refers to the cist. Bridgenum: network diameter of the specified spanning tree. This argument ranges from 2 to 7 and defaults to 7. Centi-seconds: hello time in centiseco...
Page 276
1-37 stp root secondary syntax stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum [ hello-time centi-seconds ] ] undo stp [ instance instance-id ] root view system view parameters instance-id: msti id ranging from 0 to 16. The value of 0 refers to the cist. Bridgenum: network di...
Page 277
1-38 stp root-protection syntax z ethernet port view: stp root-protection undo stp root-protection z system view: stp interface interface-list root-protection undo stp interface interface-list root-protection view system view, ethernet port view parameters interface-list: ethernet port list. You can...
Page 278
1-39 examples # enable the root guard function on ethernet 1/0/1. Z enable the root guard function on ethernet 1/0/1 in ethernet port view. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] stp root-protection z enable the root guard...
Page 279
1-40 system-view system view: return to user view with ctrl+z. [sysname] stp tc-protection enable stp tc-protection threshold syntax stp tc-protection threshold number undo stp tc-protection threshold view system view parameters number: maximum number of times that a switch can remove the mac addres...
Page 280
1-41 stp timer forward-delay syntax stp timer forward-delay centi-seconds undo stp timer forward-delay view system view parameters centi-seconds: forward delay in centiseconds to be set. This argument ranges from 400 to 3,000. Description use the stp timer forward-delay command to set the forward de...
Page 281
1-42 parameters centi-seconds: hello time to be set, in the range of 100 to 1,000 (in centiseconds). Description use the stp timer hello command to set the hello time of the switch. Use the undo stp timer hello command to restore the hello time of the switch to the default value. By default, the hel...
Page 282
1-43 mstp is capable of detecting link failures and automatically restoring redundant links to the forwarding state. In cist, switches use the max age parameter to judge whether or not a received configuration bpdu times out. Spanning trees will be recalculated if a configuration bpdu received by a ...
Page 283
1-44 can be four (or more) times of the hello time. For a steady network, the timeout time can be five to seven times of the hello time. Examples # set the hello time factor to 7. System-view system view: return to user view with ctrl+z. [sysname] stp timer-factor 7 stp transmit-limit syntax z ether...
Page 284
1-45 examples # set the maximum number of configuration bpdus that can be transmitted through ethernet 1/0/1 in each hello time to 15. Z in ethernet port view: system-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] stp transmit-limit 15 z...
Page 285
1-46 you can map vlans to the specific mstis rapidly by using the vlan-mapping modulo modulo command. The id of the msti to which a vlan is mapped can be figured out by using the following formula: (vlan id-1) % modulo + 1. In this formula, (vlan id-1) % modulo yields the module of (vlan id-1) with ...
Page 286
1-47 z the vlan-vpn tunnel function can only be enabled on stp-enabled devices. Z to enable the vlan-vpn tunnel function, make sure the links between operator’s networks are trunk links. Z currently, only s3100-si series ethernet switches support the vlan-vpn tunnel feature. Examples # enable the vl...
Page 287: Table of Contents
I table of contents 1 igmp snooping configuration commands ····························································································1-1 igmp snooping configuration commands·····························································································1-1 display igmp...
Page 288
Ii mld-snooping group-limit ···············································································································2-13 mld-snooping host-aging-time ·······································································································2-13 mld-snooping host-j...
Page 289
1-1 1 igmp snooping configuration commands only the s3100-ei series support the igmp snooping querier feature. The related commands are as follows: z igmp-snooping querier z igmp-snooping query-interval z igmp-snooping general-query source-ip igmp snooping configuration commands display igmp-snoopin...
Page 290
1-2 examples # display igmp snooping configuration information on the switch. Display igmp-snooping configuration enable igmp snooping. The router port timeout is 105 second(s). The max response timeout is 10 second(s). The host port timeout is 260 second(s). The above-mentioned information shows: i...
Page 291
1-3 ethernet1/0/23 dynamic host port(s): ethernet1/0/10 mac group(s): mac group address:0100-5e00-0001 host port(s):ethernet1/0/10 ethernet1/0/23 table 1-1 display igmp-snooping group command output description field description total 1 ip group(s). Total number of ipv6 multicast groups total 1 ip s...
Page 292
1-4 when igmpv3 snooping is enabled, the device makes statistics of igmpv3 messages as igmpv2 messages. Related commands: igmp-snooping. Examples # display igmp snooping statistics. Display igmp-snooping statistics received igmp general query packet(s) number:1. Received igmp specific query packet(s...
Page 293
1-5 z before enabling igmp snooping in a vlan, be sure to enable igmp snooping globally in system view; otherwise the igmp snooping setting will not take effect. Z if igmp snooping and vlan vpn are enabled on a vlan at the same time, igmp queries are likely to fail to pass the vlan. You can solve th...
Page 294
1-6 z the fast leave processing function works for a port only if the host attached to the port runs igmpv2 or igmpv3. Z the configuration performed in system view takes effect on all ports of the switch if no vlan is specified; if one or more vlans are specified, the configuration takes effect on a...
Page 295
1-7 by default, the layer 2 multicast switch sends general query messages with the source ip address of 0.0.0.0. Related commands: igmp-snooping querier, igmp-snooping query-interval. Examples # configure the switch to send general query messages with the source ip address 2.2.2.2 in vlan 3. System-...
Page 296
1-8 z to prevent bursting traffic in the network or performance deterioration of the device caused by excessive multicast groups, you can set the maximum number of multicast groups that the switch should process. Z when the number of multicast groups exceeds the configured limit, the switch removes ...
Page 297
1-9 z a port can belong to multiple vlans, you can configure only one acl rule per vlan on a port. Z if no acl rule is configured, all the multicast groups will be filtered. Z since most devices broadcast unknown multicast packets by default, this function is often used together with the function of...
Page 298
1-10 z configure acl 2001 on ethernet1/0/2 to it to join any igmp multicast groups except those defined in the deny rule of acl 2001. [sysname] interface ethernet 1/0/2 [sysname-ethernet1/0/2] igmp-snooping group-policy 2001 vlan 2 igmp-snooping host-aging-time syntax igmp-snooping host-aging-time s...
Page 299
1-11 description use the igmp-snooping nonflooding-enable command to enable the igmp snooping non-flooding function. With this function enabled, unknown multicast packets are passed to the router ports of the switch rather than being flooded in the vlan. Use the undo igmp-snooping nonflooding-enable...
Page 300
1-12 view vlan view parameters none description use the igmp-snooping querier command to enable the igmp snooping querier feature on the current vlan. Use the undo igmp-snooping querier command to restore the default. By default, the igmp snooping querier feature is disabled. This command takes effe...
Page 301
1-13 related commands: igmp-snooping, igmp-snooping querier, igmp-snooping general-query source-ip examples # configure the igmp query interval to 100 seconds in vlan 3. System-view system view, return to user view with ctrl+z. [sysname] igmp-snooping enable [sysname] vlan 3 [sysname-vlan3] igmp-sno...
Page 302
1-14 view vlan view parameters current-interface: specifies the ip address of the current vlan interface as the source address to be carried in igmp group-specific queries. If the current vlan interface does not have an ip address, the default ip address 0.0.0.0 will be used as the source ip address...
Page 303
1-15 this command can take effect only if igmp snooping is enabled in the vlan. Related commands: igmp-snooping enable. Examples # set igmp snooping version to version 3 in vlan 100. System-view system view: return to user view with ctrl+z. [sysname] igmp-snooping enable enable igmp-snooping ok. [sy...
Page 304
1-16 view ethernet port view parameters group-address: address of the multicast group to join. Source-address: address of the multicast source to join. You can specify a multicast source address only when igmpv3 snooping is running in a vlan. Vlan vlan-id: id of the vlan to which the port belongs, i...
Page 305
1-17 multicast static-group interface syntax multicast static-group group-address interface interface-list undo multicast static-group group-address interface interface-list view vlan interface view parameters group-address: ip address of the multicast group to join, in the range of 224.0.0.0 to 239...
Page 306
1-18 vlan vlan-id: specifies the vlan the ethernet port belongs to, where vlan-id ranges from 1 to 4094. Description use the multicast static-group vlan command to configure the current port as a static member port for the specified multicast group and specify the vlan the port belongs to. Use the u...
Page 307
1-19 examples # configure ethernet 1/0/1 in vlan 10 as a static router port. System-view system view: return to user view with ctrl+z. [sysname] vlan 10 [sysname-vlan10] multicast static-router-port ethernet1/0/1 multicast static-router-port vlan syntax multicast static-router-port vlan vlan-id undo...
Page 308
1-20 view user view parameters none description use the reset igmp-snooping statistics command to clear igmp snooping statistics. Related commands: display igmp-snooping statistics. Examples # clear igmp snooping statistics. Reset igmp-snooping statistics service-type multicast syntax service-type m...
Page 309
1-21 z one port belongs to only one multicast vlan. Z the port connected to a user terminal must be a hybrid port. Z the multicast member port must be in the same multicast vlan with the router port. Otherwise, the port cannot receive multicast packets. Z if a router port is in a multicast vlan, the...
Page 310
2-1 2 mld snooping configuration commands mld snooping configuration commands only the s3100-ei series support mld snooping configuration commands. Display mld-snooping group syntax display mld-snooping group [ vlan vlan-id ] [ verbose ] view any view default level 1: monitor level parameters vlan v...
Page 311
2-2 total 1 ip source(s). Total 1 mac group(s). Router port(s):total 1 port. Eth1/0/1 (d) ( 00:01:30 ) ip group(s):the following ip group(s) match to one mac group. Ip group address:ff1e::101 (::, ff1e::101): attribute: host port host port(s):total 1 port. Eth1/0/2 (d) ( 00:03:23 ) mac group(s): mac...
Page 312
2-3 description use the display mld-snooping statistics command to view the statistics information of mld messages learned by mld snooping. Examples # view the statistics information of all kinds of mld messages learned by mld snooping. Display mld-snooping statistics received mld general queries:0....
Page 313
2-4 parameters priority-number: specifies 802.1p precedence for mld messages, in the range of 0 to 7. The higher the number, the higher the precedence. Description use the dot1p-priority command to configure 802.1p precedence for mld messages globally. Use the undo dot1p-priority command to restore ...
Page 314
2-5 entry-limit (mld-snooping view) syntax entry-limit limit undo entry-limit view mld-snooping view default level 2: system level parameters limit: maximum number of entries in the mld snooping forwarding table, in the range of 0 to 512. Description use the entry-limit command to configure the maxi...
Page 315
2-6 description use the fast-leave command to enable fast leave processing globally. With this function enabled, when the switch receives an mld leave message on a port, it directly removes that port from the forwarding table entry for the specific group. Use the undo fast-leave command to disable f...
Page 316
2-7 last-listener-query-interval (mld-snooping view) syntax last-listener-query-interval interval undo last-listener-query-interval view mld-snooping view default level 2: system level parameters interval: mld last listener query interval in units of seconds, namely the length of time the device wai...
Page 317
2-8 description use the max-response-time command to configure the maximum response time for mld general queries globally. Use the undo max-response-time command to restore the system default. By default, the maximum response time for mld general queries is 10 seconds. This command works only on mld...
Page 319
2-10 mld-snooping dot1p-priority syntax mld-snooping dot1p-priority priority-number undo mld-snooping dot1p-priority view vlan view default level 2: system level parameters priority-number: specifies 802.1p precedence for mld messages, in the range of 0 to 7. The higher the number, the higher the pr...
Page 320
2-11 parameters none description use the mld-snooping enable command to enable mld snooping in the current vlan. Use the undo mld-snooping enable command to disable mld snooping in the current vlan. By default, mld snooping is disabled in a vlan. Mld snooping must be enabled globally before it can b...
Page 321
2-12 z this command works on mld snooping–enabled vlans. Z if you do not specify any vlan when using this command in ethernet interface view, the command will take effect for all vlans the interface belongs to; if you specify a vlan or multiple vlans, the command will take effect only if the interfa...
Page 322
2-13 [sysname-mld-snooping] quit [sysname] vlan 2 [sysname-vlan2] mld-snooping enable [sysname-vlan2] mld-snooping general-query source-ip fe80:0:0:1::1 mld-snooping group-limit syntax mld-snooping group-limit limit [ vlan vlan-list ] undo mld-snooping group-limit [ vlan vlan-list ] view ethernet in...
Page 323
2-14 view vlan view default level 2: system level parameters interval: dynamic member port aging time, in seconds. The effective range is 200 to 1,000. Description use the mld-snooping host-aging-time command to configure the aging time of dynamic member ports in the current vlan. Use the undo mld-s...
Page 324
2-15 description use the mld-snooping host-join command to enable simulated joining on a port, namely configure the current port as member host for the specified ipv6 multicast group or source and group. Use the undo mld-snooping host-join command to remove the current port(s) as simulated member ho...
Page 325
2-16 description use the mld-snooping last-listener-query-interval command to configure the mld last-listener query interval in the vlan. Use the undo mld-snooping last-listener-query-interval command to restore the system default. By default, the mld last listener query interval is 1 second. This c...
Page 326
2-17 system-view [sysname] mld-snooping [sysname-mld-snooping] quit [sysname] vlan 2 [sysname-vlan2] mld-snooping enable [sysname-vlan2] mld-snooping max-response-time 5 mld-snooping overflow-replace syntax mld-snooping overflow-replace [ vlan vlan-list] undo mld-snooping overflow-replace [ vlan vla...
Page 327
2-18 mld-snooping proxying enable syntax mld-snooping proxying enable undo mld-snooping proxying enable view vlan view default level 2: system level parameters none description use the mld-snooping proxying enable command to enable the mld snooping proxying function in a vlan. Use the undo mld-snoop...
Page 328
2-19 default level 2: system level parameters none description use the mld-snooping querier command to enable the mld snooping querier function. Use the undo mld-snooping querier command to disable the mld snooping querier function. By default, the mld snooping querier function is disabled. Note tha...
Page 329
2-20 related commands: mld-snooping enable, mld-snooping querier, mld-snooping max-response-time, max-response-time. Examples # enable mld snooping and set the mld query interval to 20 seconds in vlan 2. System-view [sysname] mld-snooping [sysname-mld-snooping] quit [sysname] vlan 2 [sysname-vlan2] ...
Page 330
2-21 examples # enable mld snooping in vlan 2 and configure the source ipv6 address of mld reports sent by the mld snooping proxy in vlan 2 to fe80:0:0:1::1. System-view [sysname] mld-snooping [sysname-mld-snooping] quit [sysname] vlan 2 [sysname-vlan2] mld-snooping enable [sysname-vlan2] mld-snoopi...
Page 332
2-23 view ethernet interface view default level 2: system level parameters ipv6-group-address: address of a ipv6 multicast group the port(s) will be configured to join as static member port(s). The effective range is ffxy::/16 (excluding ffx0::/16, ffx1::/16, ffx2::/16 and ff0y::), where x and y rep...
Page 333
2-24 view ethernet interface view default level 2: system level parameters vlan vlan-id: specifies a vlan in which one or more static router ports are to be configured, where vlan-id is in the range of 1 to 4094. Description use the mld-snooping static-router-port command to configure the current po...
Page 334
2-25 note that: this command can take effect only if mld snooping is enabled in the vlan. Related commands: mld-snooping enable. Examples # enable mld snooping in vlan 2, and set the mld snooping version to version 2. System-view [sysname] mld-snooping [sysname-mld-snooping] quit [sysname] vlan 2 [s...
Page 335
2-26 [sysname-mld-snooping] overflow-replace vlan 2 report-aggregation (mld-snooping view) syntax report-aggregation undo report-aggregation view mld-snooping view default level 2: system level parameters none description use the mld-snooping report-aggregation command to enable mld report suppressi...
Page 336
2-27 vlan vlan-id: clears the mld snooping multicast group information in the specified vlan. The effective range of vlan-id is 1 to 4094. Description use the reset mld-snooping group command to clear mld snooping multicast group information. Note that: z this command works on mld snooping–enabled v...
Page 337
2-28 parameters interval: dynamic router port aging time, in seconds. The effective range is 1 to 1,000. Description use the router-aging-time command to configure the aging time of dynamic router ports globally. Use the undo router-aging-time command to restore the default setting. By default, the ...
Page 338
3-1 3 ipv6 multicast vlan configuration commands ipv6 multicast vlan configuration commands only the s3100-ei series support ipv6 multicast vlan configuration commands. Display multicast-vlan ipv6 syntax display multicast-vlan ipv6 [ vlan-id ] view any view default level 1: monitor level parameters ...
Page 341
3-4 parameters vlan-id: vlan id of the ipv6 multicast vlan you want to assign the current port(s) to, in the range of 1 to 4094. Description use the port multicast-vlan ipv6 command to assign the current port(s) to the specified ipv6 multicast vlan. Use the undo port multicast-vlan ipv6 command to r...
Page 342
4-1 4 common multicast configuration commands only the s3100-ei series support multicast source port suppression. The related commands are multicast-source-deny and display multicast-source-deny . Common multicast configuration commands display mac-address multicast static syntax display mac-address...
Page 343
4-2 --- 1 static mac address(es) found --- table 4-1 display mac-address multicast static command output description field description mac addr mac address vlan id the vlan in which the mac address is manually added state state of the mac address, which includes only config static, indicating that t...
Page 344
4-3 mac-address multicast interface syntax mac-address multicast mac-address interface interface-list vlan vlan-id undo mac-address multicast [ mac-address[ interface interface-list ]vlan vlan-id ] view system view parameters mac-address: multicast mac address, in the form of h-h-h. Interface interf...
Page 345
4-4 vlan vlan-id: specifies the vlan the current port belongs to. The effective range for vlan-id is 1 to 4094. Description use the mac-address multicast vlan command to create a multicast mac address entry on the current port. Use the undo mac-address multicast vlan command to remove the specified ...
Page 346
4-5 z in system view, if no port or port list is specified, the multicast source port suppression feature is enabled on all the ports of the switch; if one or more ports or port lists are specified, the multicast source port suppression feature is enabled on the specified ports. Z in ethernet port v...
Page 347: Table of Contents
I table of contents 1 802.1x configuration commands ············································································································1-1 802.1x configuration commands ··········································································································...
Page 348
Ii system-guard timer-interval ·············································································································4-5 5 system-guard configuration commands (for s3100-si) ·····································································5-1 system-guard configuration com...
Page 350
1-2 reauth period 3600 s, reauth maxtimes 2 quiet period 60 s, quiet period timer is disabled supp timeout 30 s, server timeout 100 s interval between version requests is 30s maximal request times for version information is 3 the maximal retransmitting times 2 ead quick deploy configuration: url: ht...
Page 351
1-3 field description handshake is enabled the online user handshaking function is enabled. Proxy trap checker is disabled whether or not to send trap packets when detecting a supplicant system logs in through a proxy. Z disable means the switch does not send trap packets when it detects that a supp...
Page 352
1-4 field description proxy logoff checker is disabled whether or not to disconnect a supplicant system when detecting it in logging in through a proxy. Z disable means the switch does not disconnect a supplicant system when it detects that the latter logs in through a proxy. Z enable means the swit...
Page 353
1-5 in ethernet port view, the interface-list argument is not available and the command enables 802.1x for only the current ethernet port. 802.1x-related configurations take effect on a port only after 802.1x is enabled both globally and on the port. Z configurations of 8021.X and the maximum number...
Page 354
1-6 use the undo dot1x authentication-method command to revert to the default 802.1x authentication method. The default 802.1x authentication method is chap. Pap applies a two-way handshaking procedure. In this method, passwords are transmitted in plain text. Chap applies a three-way handshaking pro...
Page 355
1-7 related command: display dot1x. Example # configure to authenticate a supplicant system when it applies for a dynamic ip address through dhcp. System-view system view: return to user view with ctrl+z. [sysname] dot1x dhcp-launch dot1x guest-vlan syntax dot1x guest-vlan vlan-id [ interface interf...
Page 356
1-8 z the guest vlan function is available only when the switch operates in the port-based authentication mode. Z only one guest vlan can be configured on a switch. Z the guest vlan function is unavailable when the dot1x dhcp-launch command is executed on the switch, because the switch does not send...
Page 357
1-9 z to enable the proxy detecting function, you need to enable the online user handshaking function first. Z handshaking packets need the support of the h3c-proprietary client. They are used to test whether or not a user is online. Z as clients that are not of h3c do not support the online user ha...
Page 358
1-10 example # enable the handshaking packet secure function. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] dot1x handshake secure dot1x mandatory-domain syntax dot1x mandatory-domain domain-name undo dot1x mandatory-domain view ...
Page 359
1-11 parameter user-number: maximum number of users a port can accommodate, in the range 1 to 256. Interface-list: ethernet port list, in the form of interface-list= { interface-type interface-number [ to interface-type interface-number ] } &, in which interface-type specifies the type of an etherne...
Page 360
1-12 unauthorized-force: specifies to operate in unauthorized-force access control mode. When a port operates in this mode, the hosts connected to it cannot access the network resources. Interface-list: ethernet port list, in the form of interface-list= { interface-type interface-number [ to interfa...
Page 361
1-13 description use the dot1x port-method command to specify the access control method for specified ethernet ports. Use the undo dot1x port-method command to revert to the default access control method. By default, the access control method is macbased. This command specifies the way in which the ...
Page 362
1-14 use the undo dot1x quiet-period command to disable the quiet-period timer. When a user fails to pass the authentication, the authenticator system (such as a h3c series ethernet switch) will stay quiet for a period (determined by the quiet-period timer) before it performs another authentication....
Page 363
1-15 dot1x retry-version-max syntax dot1x retry-version-max max-retry-version-value undo dot1x retry-version-max view system view parameter max-retry-version-value: maximum number of times that a switch sends version request packets to a user. This argument ranges from 1 to 10. Description use the d...
Page 364
1-16 description use the dot1x re-authenticate command to enable 802.1x re-authentication on specific ports or on all ports of the switch. Use the undo dot1x re-authenticate command to disable 802.1x re-authentication on specific ports or on all ports of the switch. By default, 802.1x re-authenticat...
Page 365
1-17 trap: sends trap packets upon detecting a user logging in through a proxy or through multiple network adapters. Interface-list: ethernet port list, in the form of interface-list= { interface-type interface-number [ to interface-type interface-number ] } &, in which interface-type specifies the ...
Page 366
1-18 z the 802.1x proxy checking function needs the cooperation of h3c's 802.1x client program. Z the proxy checking function takes effect only after the client version checking function is enabled on the switch (using the dot1x version-check command). Related command: display dot1x. Example # confi...
Page 367
1-19 system. During this quiet period, the switch does not perform any 802.1x authentication-related actions for the supplicant system. The quiet-period-value argument ranges from 10 to 120 (in seconds). By default, the quiet-period timer is set to 60 seconds. Server-timeout server-timeout-value: se...
Page 368
1-20 example # set the radius server timer to 150 seconds. System-view system view: return to user view with ctrl+z. [sysname] dot1x timer server-timeout 150 dot1x timer reauth-period syntax dot1x timer reauth-period reauth-period-value undo dot1x timer reauth-period view system view parameter reaut...
Page 369
1-21 description use the dot1x version-check command to enable 802.1x client version checking for specified ethernet ports. Use the undo dot1x version-check command to disable 802.1x client version checking for specified ethernet ports. By default, 802.1x client version checking is disabled on all t...
Page 370
1-22 related command: display dot1x. Example # clear 802.1x statistics on ethernet 1/0/1 port. Reset dot1x statistics interface ethernet 1/0/1.
Page 372
2-2 system-view system view: return to user view with ctrl+z. [sysname] dot1x free-ip 192.168.19.23 24 dot1x timer acl-timeout syntax dot1x timer acl-timeout acl-timeout-value undo dot1x timer acl-timeout view system view parameters acl-timeout-value: acl timeout period (in minutes), in the range of...
Page 373
2-3 examples # configure the url for http redirection. System-view system view: return to user view with ctrl+z. [sysname] dot1x url http://192.168.19.23.
Page 374: Habp Configuration Commands
3-1 3 habp configuration commands habp configuration commands display habp syntax display habp view any view parameter none description use the display habp command to display habp configuration and status. Example # display habp configuration and status. Display habp global habp information: habp m...
Page 375
3-2 view any view parameter none description use the display habp table command to display the mac address table maintained by habp. Example # display the mac address table maintained by habp. Display habp table mac holdtime receive port 001f-3c00-0030 53 ethernet1/0/1 table 3-2 description on the f...
Page 376
3-3 table 3-3 description on the fields of the display habp traffic command field description packets output number of the habp packets sent input number of the habp packets received id error number of the habp packets with id errors type error number of the habp packets with type errors version err...
Page 377
3-4 parameter vlan-id: vlan id, ranging from 1 to 4094. Description use the habp server vlan command to configure a switch to operate as an habp server. This command also specifies the vlan where habp packets are broadcast. Use the undo habp server vlan command to revert to the default habp mode. By...
Page 378: S3100-Ei)
4-1 4 system-guard configuration commands (for s3100-ei) the command introduced in this chapter is only supported by the s3100-ei series switches. System-guard configuration commands display system-guard attack-record syntax display system-guard attack-record view any view parameter none description...
Page 379
4-2 table 4-1 description on the fields of display system-guard attack-record field description target no number of the attack record range control range of the attack packet type type of the attack packet port number of the port being attacked mac address source mac address of the attack packet ip ...
Page 380
4-3 table 4-2 description on the fields of the display system-guard state command field description system-guard status the enable/disable status of the system-guard function permitted interfaces interfaces enabled with the system-guard function detect threshold the threshold for the number of packe...
Page 381
4-4 view system view parameter none description use the system-guard enable command to enable the system-guard feature. Use the undo system-guard enable command to disable the system-guard feature. By default, the system-guard feature is disabled. Related command: display system-guard state. Example...
Page 382
4-5 example # apply the system-guard function to ethernet1/0/1 through ethernet1/0/10 ports. System-view system view: return to user view with ctrl+z. [sysname] system-guard permit ethernet 1/0/1 to ethernet 1/0/10 system-guard timer-interval syntax system-guard timer-interval isolate-timer undo sys...
Page 383: S3100-Si)
5-1 5 system-guard configuration commands (for s3100-si) the command introduced in this chapter is only supported by the s3100-si series switches. System-guard configuration commands display system-guard config syntax display system-guard config view any view parameter none description use the displ...
Page 384
5-2 system-guard enable syntax system-guard enable undo system-guard enable view system view parameter none description use the system-guard enable command to enable the system-guard function. Use the undo system-guard enable command to disable the system-guard function. By default, the system-guard...
Page 385
5-3 use the undo system-guard mode command to revert to the default system-guard configuration. Related command: display system-guard config. Example # implement the system-guard function by means of port rate limit, with the checking interval being 5 seconds, the threshold being 100, and the timeou...
Page 386
5-4 z after system-guard is enabled on a port, if the number of packets the port received and sent to the cpu in a specified interval exceeds the specified threshold, the system considers that the port is under attack and begins to limit the packet receiving rate on the port (this function is also c...
Page 387: Table of Contents
I table of contents 1 aaa configuration commands················································································································1-1 aaa configuration commands ·············································································································...
Page 388
Ii display local-server statistics·········································································································1-38 display radius scheme···················································································································1-39 display radius ...
Page 389
Iii timer quiet······································································································································1-77 timer realtime-accounting ··············································································································1-78 timer...
Page 391
1-2 view isp domain view parameters local : performs local accounting. It is not used for charging purposes, but for collecting statistics and limiting the number of local user connections. None : specifies not to perform user accounting. Radius-scheme radius-scheme-name: specifies to use a radius a...
Page 392
1-3 view isp domain view parameters local : performs local accounting. It is not used for charging purposes, but for collecting statistics and limiting the number of local user connections. None : does not perform any accounting. Radius-scheme radius-scheme-name : specifies a radius scheme by its na...
Page 393
1-4 none : does not perform any accounting. Radius-scheme radius-scheme-name : specifies a radius scheme by its name, which is a string of 1 to 32 characters. Description use the accounting login command to configure the accounting method for login users. Use the undo accounting login command to res...
Page 394
1-5 z the accounting optional command is commonly used in the cases where only authentication is needed and accounting is not needed. Z if you configure the accounting optional command in isp domain view, it is effective to all users in the domain; if you configure it in radius scheme view, it is ef...
Page 395
1-6 use the undo attribute command to cancel attribute settings of the user. You may use display local-user command to view the settings of the attributes. Examples # create local user user1 and set the ip address attribute of user1 to 10.110.50.1, allowing only the user using the ip address of 10.1...
Page 396
1-7 z if you execute the authentication hwtacacs-scheme hwtacacs-scheme-name local command, the local scheme is used as the secondary authentication scheme in case no tacacs server is available. That is, if the communication between the switch and a tacacs server is normal, no local authentication w...
Page 397
1-8 description use the authentication lan-access command to configure the authentication method for lan access users. Use the undo authentication lan-access command to restore the default. By default, the default authentication method is used for lan access users. Note that the radius scheme specif...
Page 398
1-9 related commands: authentication, hwtacacs scheme, radius scheme. Examples # configure the default isp domain system to use local authentication for login users. System-view [sysname] domain system [sysname-isp-system] authentication login local # configure isp domain test to use radius authenti...
Page 399
1-10 examples # set the hwtacacs scheme to ht for user level switching in the current isp domain aabbcc.Net. System-view system view: return to user view with ctrl+z. [sysname] domain aabbcc.Net new domain added. [sysname-isp-aabbcc.Net] authentication super hwtacacs-scheme ht authorization syntax a...
Page 401
1-12 parameters string : number or descriptor of the authorized vlan for the current user, a string of 1 to 32 characters. If it is a numeral string and there is a vlan with the number configured, it specifies the vlan. If it is a numeral string but no vlan is present with the number, it specifies t...
Page 402
1-13 interface interface-type interface-number: cuts down all user connections under a specified port. Here, interface-type is a port type and interface-number is a port number. Ip ip-address: cuts down all user connections with a specified ip address. Ipv6 ipv6-address: cuts down all user connectio...
Page 403
1-14 ip ip-address: displays all user connections with a specified ip address. Ipv6 ipv6-address: displays all user connections with a specified ipv6 address. Mac mac-address: displays the user connection with a specified mac address. Here, mac-address is in hexadecimal format (in the form of h-h-h)...
Page 404
1-15 table 1-1 description of the port no field 31 to 28 bit 27 to 24 bit 23 to 20 bit 19 to 12 bit 11 to 0 bit unit id slot number sub-slot number port number vlan id display domain syntax display domain [ isp-name ] view any view parameters isp-name : name of an isp domain, a string of up to 128 c...
Page 405
1-16 field description vlan-assignment-mode vlan assignment mode, which can be integer or string. Domain user template domain user template settings, that is, attribute settings for all users in the domain. Idle-cut status of the idle-cut function self-service url self-service url for password chang...
Page 406
1-17 examples # display information about all local users. Display local-user 0 the contents of local user test: state: active servicetype mask: l idle-cut: enable idle timeout: 3600 seconds access-limit: enable current accessnum: 1 max accessnum: 1024 bind location: 127.0.0.1/1/0/2 (nas/unitid/subs...
Page 409
1-20 parameters disable : disables the idle-cut function for the domain. Enable : enables the idle-cut function for the domain. Minute : maximum idle time in minutes, ranging from 1 to 120. Flow : minimum traffic in bytes, ranging from 1 to 10,240,000. Description use the idle-cut command to set the...
Page 410
1-21 z if the configured authentication method is none or password authentication, the command level that a user can access after login is determined by the level of the user interface. Z if the configured authentication method requires a username and a password, the command level that a user can ac...
Page 411
1-22 examples # add a local user named user1. System-view system view: return to user view with ctrl+z. [sysname] local-user user1 new local user added. [sysname-luser-user1] # add a local user named 01234567891234567 (note that it will appear as 012345678912345~0000 in the view prompt). System-view...
Page 413
1-24 parameters string : assigned vlan name, a string of up to 32 characters. Description use the name command to set a vlan name, which will be used for vlan assignment. Use the undo name command to cancel the vlan name. By default, a vlan uses its vlan id (like vlan 0001) as its assigned vlan name...
Page 414
1-25 z with the cipher keyword specified, a password of up to 16 characters in plain text will be encrypted into a password of 24 characters in cipher text, and a password of 16 to 63 characters in plain text will be encrypted into a password of 88 characters in cipher text. For a password of 24 cha...
Page 419
1-30 view local user view parameters ftp : specifies that this is an ftp user. Lan-access : specifies that this is a lan access user (who is generally an ethernet access user, for example, 802.1x user). Telnet : authorizes the user to access the telnet service. Ssh : authorizes the user to access th...
Page 420
1-31 description use the state command to set the status of current isp domain (in isp domain view) or current local user (in local user view). By default, an isp domain/local user is in the active state once it is created. After an isp domain is set to the block state, except for online users, user...
Page 421
1-32 the dynamic vlan assignment feature enables a switch to dynamically add the ports of successfully authenticated users to different vlans according to the attributes assigned by the radius server, so as to control the network resources that different users can access. In actual applications, to ...
Page 422
1-33 examples # set the vlan assignment mode of the domain h3c163.Net to string. System-view system view: return to user view with ctrl+z. [sysname] domain aabbcc.Net new domain added. [sysname-isp-aabbcc.Net] vlan-assignment-mode string radius configuration commands accounting optional syntax accou...
Page 424
1-35 interval : interval to send accounting-on messages (in seconds), ranging from 1 to 30 and defaulting to 3. Description use the accounting-on enable command to enable the user re-authentication at restart function. Use the undo accounting-on enable command to disable the user re-authentication a...
Page 426
1-37 [sysname-radius-radius1] undo attribute-ignore standard # disable the radius scheme from ignoring h3c’s attributes, making the scheme to accept all h3c’s radius attributes assigned to it. [sysname-radius-radius1] undo attribute-ignore vendor 25506 # disable the radius scheme from ignoring any a...
Page 427
1-38 view radius scheme view parameters data : sets the data unit of outgoing radius flows, which can be byte, giga-byte, kilo-byte, or mega-byte. Packet : sets the packet unit of outgoing radius flows, which can be one-packet, giga-packet, kilo-packet, or mega-packet. Description use the data-flow-...
Page 428
1-39 display local-server statistics on unit 1: the localserver packet statistics: receive: 30 send: 30 discard: 0 receive packet error: 0 auth receive: 10 auth send: 10 acct receive: 20 acct send: 20 display radius scheme syntax display radius scheme [ radius-scheme-name ] view any view parameters ...
Page 429
1-40 primary acc state=active, second acc state=block ------------------------------------------------------------------ total 1 radius scheme(s). 1 listed table 1-5 description on the fields of the display radius scheme command field description schemename name of the radius scheme index index numb...
Page 430
1-41 display radius statistics syntax display radius statistics view any view parameters none description use the display radius statistics command to display the radius message statistics. Related commands: radius scheme. Examples # display radius message statistics. Display radius statistics state...
Page 431
1-42 session ctrl pkt , num=0 , err=0 , succ=0 set policy result , num=0 , err=0 , succ=0 radius sent messages statistic: auth accept , num=0 auth reject , num=0 eap auth replying , num=0 account success , num=0 account failure , num=0 cut req , num=0 set policy result , num=0 recerror_msg_sum:0 snd...
Page 432
1-43 z you can choose to display the buffered stop-accounting requests of a specified radius scheme, session (by session id), or user (by username). You can also specify a time range to display those generated within the specified time range. The displayed information helps you diagnose and resolve ...
Page 433
1-44 z the two parties verify the validity of the radius messages received from each other by using the shared keys that have been set on them, and can accept and respond to the messages only when both parties have same shared key. Z the authentication/authorization shared key and the accounting sha...
Page 434
1-45 examples # enable udp ports for local radius services. System-view system view: return to user view with ctrl+z. [sysname] local-server enable local-server nas-ip syntax local-server nas-ip ip-address key password undo local-server nas-ip ip-address view system view parameters nas-ip ip-address...
Page 437
1-48 # specify the ip address of the primary accounting server for radius scheme radius1 as 10.110.1.2, the udp port of the server as 1813, and the shared key of accounting packets as key1. System-view [sysname] radius scheme radius1 [sysname-radius-radius1] primary accounting 10.110.1.2 1813 key ke...
Page 438
1-49 key string is not configured here, the shared key configured in the key command in radius scheme view will be used. Z the ip addresses of the primary and secondary authentication/authorization servers cannot be the same. Otherwise, the configuration fails. Related commands: key, radius scheme, ...
Page 440
1-51 z you can set only one source ip address by using this command. When you re-execute this command again, the newly set source ip address will overwrite the old one. Related commands: nas-ip. Examples # set source address 129.10.10.1 for outgoing radius messages. System-view system view: return t...
Page 442
1-53 reset radius statistics syntax reset radius statistics view user view parameters none description use the reset radius statistics command to clear radius message statistics. Related commands: display radius scheme. Examples # clear radius message statistics. Reset radius statistics reset stop-a...
Page 443
1-54 examples # delete the stop-accounting requests buffered for user user0001@aabbcc.Net. Reset stop-accounting-buffer user-name user0001@aabbcc.Net # delete the stop-accounting requests buffered from 0:0:0 08/31/2002 to 23:59:59 08/31/2002. Reset stop-accounting-buffer time-range 00:00:00-08/31/20...
Page 444
1-55 retry realtime-accounting syntax retry realtime-accounting retry-times undo retry realtime-accounting view radius scheme view parameters retry-times : maximum allowed number of continuous real-time accounting failures, ranging from 1 to 255. Description use the retry realtime-accounting command...
Page 445
1-56 examples # set the maximum allowed number of continuous real-time accounting failures for radius scheme radius1 to 10. System-view system view: return to user view with ctrl+z. [sysname] radius scheme radius1 new radius scheme [sysname-radius-radius1] retry realtime-accounting 10 retry stop-acc...
Page 447
1-58 view radius scheme view parameters ip-address : ip address of the secondary authentication/authorization server to be used, in dotted decimal notation. Ipv6 ipv6-address: ipv6 address of the secondary authentication/authorization server. Port-number : udp port number of the secondary authentica...
Page 448
1-59 parameters extended : specifies to support h3c's radius server (which is generally a cams), that is, use the procedure and message format of private radius protocol to interact with an h3c's radius server. Standard : specifies to support standard radius server, that is, use the procedure and me...
Page 449
1-60 z when the switch fails to communicate with the primary server due to some server trouble, the switch will turn to the secondary server and exchange messages with the secondary server. Z after the primary server remains in the block state for a set time (set by the timer quiet command), the swi...
Page 450
1-61 examples # set the status of the secondary accounting server with ipv6 address 1:1::2:5 to block. System-view system view: return to user view with ctrl+z. [sysname] radius scheme radius1 new radius scheme [sysname-radius-radius1]state secondary accounting ipv6 1:1::2:5 block stop-accounting-bu...
Page 451
1-62 timer syntax timer seconds undo timer view radius scheme view parameters seconds : response timeout time of radius servers, ranging from 1 to 10 seconds. Description use the timer command to set the response timeout time of radius servers (that is, the timeout time of the response timeout timer...
Page 452
1-63 view radius scheme view parameters minutes : wait time before primary server state restoration, ranging from 1 to 255 minutes. Description use the timer quiet command to set the time that the switch waits before it tries to re-communicate with the primary server and restore the status of the pr...
Page 453
1-64 server is, the shorter the interval can be. It is recommended to set the interval as long as possible when the number of users is relatively great (≥1000). Table 1-6 lists the recommended intervals for different numbers of users. Table 1-6 numbers of users and recommended intervals number of us...
Page 454
1-65 switch gets no answer before the response timeout timer expires, it needs to retransmit the request to ensure that the user can obtain radius service. Z appropriately setting the timeout time of this timer according to your network situation can improve the performance of your system. Z this co...
Page 455
1-66 z for an 802.1x user, if you have specified to use eap authentication, the switch will encapsulate and send the contents from the client directly to the server. In this case, the configuration of the user-name-format command is not effective. Related commands: radius scheme. Examples # specify ...
Page 456
1-67 system view: return to user view with ctrl+z. [sysname] hwtacacs scheme hwt1 [sysname- hwtacacs-hwt1] data-flow-format data kilo-byte [sysname- hwtacacs-hwt1] data-flow-format packet kilo-packet display hwtacacs syntax display hwtacacs [ hwtacacs-scheme-name [ statistics ] ] view any view param...
Page 457
1-68 traffic-unit : b packet traffic-unit : one-packet display stop-accounting-buffer syntax display stop-accounting-buffer hwtacacs-scheme hwtacacs-scheme-name view any view parameters hwtacacs-scheme hwtacacs-scheme-name: displays the buffered stop-accounting requests of a specified hwtacacs schem...
Page 458
1-69 z you can specify the source address of outgoing hwtacacs messages to avoid messages returned from server from being unable to reach their destination due to physical interface trouble. It is recommended to use a loopback interface address as the source ip address. Z you can specify only one so...
Page 459
1-70 view hwtacacs scheme view parameters accounting : sets a shared key for hwtacacs accounting messages. Authentication : sets a shared key for hwtacacs authentication messages. Authorization : sets a shared key for hwtacacs authorization messages. String : shared key to be set, a string of up to ...
Page 460
1-71 z you can set only one source ip address by using this command. When you re-execute this command again, the newly set source ip address will overwrite the old one. Related commands: display hwtacacs. Examples # set source ip address 10.1.1.1 for outgoing hwtacacs messages in hwtacacs scheme hwt...
Page 461
1-72 primary authentication syntax primary authentication ip-address [ port ] undo primary authentication view hwtacacs scheme view parameters ip-address : ip address of the primary authentication server to be used, a valid unicast address in dotted decimal notation. Port : port number of the primar...
Page 462
1-73 parameters ip-address : ip address of the primary authorization server to be used, a valid unicast address in dotted decimal notation. Port : port number of the primary authorization server, ranging from 1 to 65535. Description use the primary authorization command to set the ip address and por...
Page 463
1-74 examples # clear all hwtacacs protocol statistics. Reset hwtacacs statistics all reset stop-accounting-buffer syntax reset stop-accounting-buffer hwtacacs-scheme hwtacacs-scheme-name view user view parameters hwtacacs-scheme hwtacacs-scheme-name: deletes the buffered stop-accounting requests of...
Page 464
1-75 related commands: reset stop-accounting-buffer, hwtacacs scheme , display stop-accounting-buffer . Examples # enable the stop-accounting request retransmission function and set the maximum number of transmission attempts of a request to 50. System-view system view: return to user view with ctrl...
Page 465
1-76 secondary authentication syntax secondary authentication ip-address [ port ] undo secondary authentication view hwtacacs scheme view parameters ip-address : ip address of the secondary authentication server to be used, a valid unicast address in dotted decimal notation. Port : port number of th...
Page 466
1-77 parameters ip-address : ip address of the secondary authorization server, a valid unicast address in dotted decimal notation. Port : port number of the secondary authorization server, ranging from 1 to 65535. Description use the secondary authorization command to set the ip address and port num...
Page 467
1-78 examples # configure the switch to wait 10 minutes before it tries to restore the status of the primary server to active. System-view system view: return to user view with ctrl+z. [sysname] hwtacacs scheme hwt1 [sysname-hwtacacs-hwt1] timer quiet 10 timer realtime-accounting syntax timer realti...
Page 468
1-79 examples # set the real-time accounting interval in hwtacacs scheme hwt1 to 51 minutes. System-view system view: return to user view with ctrl+z. [sysname] hwtacacs scheme hwt1 [sysname-hwtacacs-hwt1] timer realtime-accounting 51 timer response-timeout syntax timer response-timeout seconds undo...
Page 469
1-80 without-domain : specifies to exclude isp domain names from the usernames to be sent to tacacs server. Description use the user-name-format command to set the format of the usernames to be sent to tacacs server. By default, the usernames sent to tacacs server in a hwtacacs scheme carry isp doma...
Page 471
2-2 primary authentication 1.1.11.29 1812 secondary authentication 127.0.0.1 1645 security-policy-server 192.168.0.1 user-name-format without-domain ….
Page 472: Table of Contents
I table of contents 1 mac address authentication configuration commands ·····································································1-1 mac address authentication basic function configuration commands ···············································1-1 display mac-authentication ············...
Page 473: Commands
1-1 1 mac address authentication configuration commands mac address authentication basic function configuration commands display mac-authentication syntax display mac-authentication[ interface interface-list ] view any view parameters interface interface-list: list of ethernet ports. You can specify...
Page 474
1-2 --- 1 silent mac address(es) found. --- ethernet1/0/1 is link-up mac address authentication is enabled max-auth-num is 256 guest vlan is 2 authenticate success: 1, failed: 0 current online user number is 1 mac addr authenticate state authindex 000d-88f8-4e71 mac_authenticator_success 0 ……(the fo...
Page 475
1-3 field description max allowed user number the maximum number of users supported by the switch. It is 1,024 by default. Current user number amounts to the current number of users current domain the current domain. It is not configured by default. Silent mac user info the information about the sil...
Page 476
1-4 parameters none description use the mac-authentication command to enable mac address authentication globally or on the current port. Use the undo mac-authentication command to disable mac address authentication globally or on the current port. By default, mac address authentication is disabled b...
Page 477
1-5 parameters interface-list: list of ethernet ports. You can specify multiple ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &, where & means that you can provide up to 10 port indexes/port index ...
Page 478
1-6 parameters usernameformat: specifies the input format of the username and password. With-hyphen: uses hyphened mac addresses as usernames and passwords, for example, 00-05-e0-1c-02-e3. Without-hyphen: uses mac addresses without hyphens as usernames and passwords, for example, 0005e01c02e3. Lower...
Page 479
1-7 examples # use the user name in fixed mode for mac address authentication. System-view system view: return to user view with ctrl+z. [sysname] mac-authentication authmode usernamefixed mac-authentication authpassword syntax mac-authentication authpassword password undo mac-authentication authpas...
Page 480
1-8 by default, the user name in fixed mode is “mac”. Examples # set the user name to vipuser in fixed mode. System-view system view: return to user view with ctrl+z. [sysname] mac-authentication authusername vipuser mac-authentication domain syntax mac-authenticationdomain isp-name undo mac-authent...
Page 481
1-9 parameters offline-detect-value: offline detect timer (in seconds) setting. This argument ranges from 1 to 65,535 and defaults to 300. The offline detect timer sets the time interval for a switch to test whether a user goes offline. Quiet-value: quiet timer (in seconds) setting. This argument ra...
Page 482
1-10 reset mac-authentication statistics interface ethernet 1/0/1 mac address authentication enhanced function configuration commands mac-authentication guest-vlan syntax mac-authentication guest-vlan vlan-id undo mac-authentication guest-vlan view ethernet port view parameters vlan-id: id of the gu...
Page 483
1-11 z if more than one client are connected to a port, you cannot configure a guest vlan for this port. Z when a guest vlan is configured for a port, only one mac address authentication user can access the port. Even if you set the limit on the number of mac address authentication users to more tha...
Page 484
1-12 by default, quiet mac function is enabled on a port. Example # enable the quiet mac function on port ethernet 1/0/1. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] mac-authenticiaon intrusion-mode block-mac enable mac-authent...
Page 485
1-13 examples # set the maximum number of mac address authentication users allowed to access ethernet 1/0/2 to 100. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/2 [sysname-ethernet1/0/2] mac-authentication max-auth-num 100 mac-authentication timer guest-...
Page 486: Table of Contents
I table of contents 1 arp configuration commands················································································································1-1 arp configuration commands··············································································································...
Page 487: Arp Configuration Commands
1-1 1 arp configuration commands arp configuration commands arp check enable syntax arp check enable undo arp check enable view system view parameters none description use the arp check enable command to enable the arp entry checking function on a switch. Use the undo arp check enable command to dis...
Page 488
1-2 parameters none description use the arp detection enable command to enable the arp attack detection function on all ports in the specified vlan. When receiving an arp packet from a port in this vlan, the switch will check the source ip address, source mac address, number of the receiving port, a...
Page 489
1-3 system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/11 [sysname-ethernet1/0/11] arp detection trust arp protective-down recover enable syntax arp protective-down recover enable undo arp protective-down recover enable view system view parameters none description use the...
Page 490
1-4 description use the arp protective-down recover interval command to specify a recovery interval. After the interval, a port that has been shut down due to an excessive arp packet receiving rate will be brought up. Use the undo arp protective-down recover interval command to restore the default. ...
Page 491
1-5 examples # set the maximum arp packet receiving rate on ethernet 1/0/11 to 100 pps. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet 1/0/11 [sysname-ethernet1/0/11] arp rate-limit enable [sysname-ethernet1/0/11] arp rate-limit 100 arp rate-limit enable synta...
Page 492
1-6 parameters none description use the arp restricted-forwarding enable command to enable arp restricted forwarding so that the legal arp requests received from the specified vlan are forwarded through configured trusted ports only, and the legal arp responses are forwarded according to the mac add...
Page 493
1-7 z static arp entries are valid as long as the ethernet switch operates normally. But some operations, such as removing a vlan, or removing a port from a vlan, will make the corresponding arp entries invalid and therefore removed automatically. Z as for the arp static command, the value of the vl...
Page 494
1-8 view any view parameters dynamic: displays dynamic arp entries. Static: displays static arp entries. Ip-address: ip address. Arp entries containing the ip address are to be displayed. Description use the display arp command to display specific arp entries. If you execute this command with no key...
Page 497
1-11 if arp attack detection is disabled, the statistics of arp trusted port state and discarded invalid arp packets will not be displayed. Note that among s3100 series switches, only s3100-ei series switches support the command. Examples # display arp detection statistics on ethernet 1/0/10. Displa...
Page 498
1-12 view system view parameters none description use the gratuitous-arp-learning enable command to enable the gratuitous arp packet learning function. Then, a switch receiving a gratuitous arp packet can add the ip and mac addresses carried in the packet to its own dynamic arp table if it finds no ...
Page 499: Table of Contents
I table of contents 1 dhcp server configuration commands ·································································································1-1 dhcp server configuration commands ································································································1-1 account...
Page 500
Ii 2 dhcp snooping configuration commands ···························································································2-1 dhcp snooping configuration commands····························································································2-1 dhcp-snooping ·················...
Page 501
1-1 1 dhcp server configuration commands dhcp server configuration commands the contents of this chapter are only applicable to the s3100-ei series among s3100 series ethernet switches. Accounting domain syntax accounting domain domain-name undo accounting domain view dhcp address pool view paramete...
Page 502
1-2 bims-server syntax bims-server ip ip-address[ port port-number ] sharekey key undo bims-server view dhcp address pool view parameters ip ip-address: specifies the ip address of the remote bims server. Port port-number: specifies the port number of the remote bims. The port-number argument ranges...
Page 503
1-3 description use the dhcp enable command to enable dhcp. Use the undo dhcp enable command to disable dhcp. By default, dhcp is enabled. You need to enable dhcp before performing other dhcp-related configurations. To improve security and avoid malicious attacks to the unused sockets, s3100 etherne...
Page 504
1-4 parameters interface interface-type interface-number [ to interface-type interface-number ]: specifies the interface(s) to operate in global address pool mode. The interface-type argument specifies an interface type; the interface-number argument specifies an interface number; the interface inte...
Page 505
1-5 parameters interface interface-type interface-number [ to interface-type interface-number ]: specifies the interface(s) to operate in interface address pool mode. The argument interface-type indicates interface type, interface-number indicates interface number. Interface-type interface-number [ ...
Page 507
1-7 undo dhcp server detect view system view parameters none description use the dhcp server detect command to enable the unauthorized dhcp server detection function. With this feature enabled, upon receiving a dhcp request, the dhcp server will record the ip addresses of any dhcp servers which ever...
Page 508
1-8 parameters ip-address&: ip address of a dns server. & means you can provide up to eight dns server ip addresses. When inputting more than one dns server ip address, separate two neighboring ip addresses with a space. Interface interface-type interface-number [ to interface-type interface-number ...
Page 511
1-11 dhcp server forbidden-ip syntax dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] view system view parameters low-ip-address: ip address that is not available for being assigned to dhcp clients automatically (an ip addre...
Page 512
1-12 dhcp server ip-pool syntax dhcp server ip-pool pool-name undo dhcp server ip-pool pool-name view system view parameters pool-name: name of a dhcp address pool, which uniquely identifies the address pool. This argument is a string of 1 to 35 characters. Description use the dhcp server ip-pool co...
Page 514
1-14 # configure the wins server ip address 10.12.1.99 in all the dhcp interface address pools for the dhcp client. [sysname] dhcp server nbns-list 10.12.1.99 all dhcp server netbios-type syntax in vlan interface view, use the following commands to configure the netbios node type of the dhcp clients...
Page 515
1-15 use the undo dhcp server netbios-type command to restore the default netbios node type. By default, no netbios node type is specified. After the wins server ip address is configured for the client in the dhcp interface address pool, the client uses the hybrid node (h-node). Related commands: ne...
Page 516
1-16 interface-type argument specifies an interface type; the interface-number argument specifies an interface number; the interface interface-type interface-number [ to interface-type interface-number ] keyword and argument combination specifies an interface range. All: specifies all interface addr...
Page 517
1-17 system view: return to user view with ctrl+z. # set the maximum number of the echo request packets to 10, and the response timeout time to 300 milliseconds. [sysname] dhcp server ping packets 10 [sysname] dhcp server ping timeout 300 dhcp server relay information enable syntax dhcp server relay...
Page 518
1-18 client-identifier: client id of a static binding, a string of 4 to 160 characters in the format h-h-h…, each h indicates 4 hex digits except the last h that indicates 2 or 4 hex digits. For example, aabb-cccc-dd is a valid id, while aabb-c-dddd and aabb-cc-dddd are both invalid. Mac-address: ma...
Page 520
1-20 # enable the dhcp server to support all the sub-options of option 184 in vlan-interface 1. The ncp ip address is 1.1.1.1 and the ip address of the alternate server is 2.2.2.2. The voice vlan is enabled, with the id being 3. The fail-over ip address is 3.3.3.3 and the dial number string is 99*. ...
Page 521
1-21 view any view parameters ip ip-address: specifies an ip address. Pool [ pool-name ]: specifies a global address pool. The pool-name argument, a string of 1 to 35 characters, is the name of an address pool. If you do not provide this argument, this command applies to all global address pools. In...
Page 522
1-22 table 1-2 description on the fields of the display dhcp server expired command field description global pool the information about the expired ip addresses of global address pools interface pool the information about the expired ip addresses of interface address pools ip address bound ip addres...
Page 523
1-23 pool [ pool-name ]: specifies a global address pool. The pool-name argument, a string of 1 to 35 characters, is the name of an address pool. If you do not provide this argument, this command applies to all global address pools. Interface [ interface-type interface-number ]: specifies a vlan int...
Page 524
1-24 display dhcp server statistics syntax display dhcp server statistics view any view parameters none description use the display dhcp server statistics command to display the statistics on a dhcp server. Related commands: reset dhcp server statistics. Examples # display the statistics on a dhcp s...
Page 525
1-25 pool number number of address pools auto number of the automatically bound ip addresses manual number of the manually bound ip addresses expire number of the expired ip addresses boot request: 6 dhcp discover: 1 dhcp request: 4 dhcp decline: 0 dhcp release: 1 dhcp inform: 0 statistics about the...
Page 526
1-26 expired 1 0 0 pool name: test1234 network 10.1.1.0 mask 255.255.255.0 parent node:test123 option 30 hex aa bb expired 1 0 0 interface pool: pool name: vlan-interface2 network 192.168.2.0 mask 255.255.255.0 gateway-list 192.168.2.1 expired 1 0 0 table 1-5 description on the fields of the display...
Page 527
1-27 parameters ip-address&: ip address of a dns server. & string means you can provide up to eight dns server ip addresses. When inputting more than one ip address, separate two neighboring ip addresses with a space. All: specifies all configured dns server ip addresses. Description use the dns-lis...
Page 528
1-28 examples # enter system view. System-view system view: return to user view with ctrl+z. # configure the domain name suffix mydomain.Com in the dhcp global address pool 0 for the dhcp client. [sysname] dhcp server ip-pool 0 [sysname-dhcp-pool-0] domain-name mydomain.Com expired syntax expired { ...
Page 530
1-30 all: specifies all configured wins server ip addresses. Description use the nbns-list command to configure one or multiple wins server ip addresses in the dhcp global address pool for the dhcp client. Use the undo nbns-list command to remove one or all wins server ip addresses configured for th...
Page 531
1-31 by default, no netbios node type is specified in a dhcp global address pool for the dhcp client. After the wins server ip address is configured for the client in the dhcp global address pool, the client uses the hybrid node (h-node). Related commands: dhcp server ip-pool, dhcp server netbios-ty...
Page 533
1-33 parameters ip ip-address: specifies an ip address, whose conflict statistics will be cleared. All: clears all address conflict statistics. Description use the reset dhcp server conflict command to clear address conflict statistics. Related commands: display dhcp server conflict. Examples # clea...
Page 534
1-34 view user view parameters none description use the reset dhcp server statistics command to clear the statistics on a dhcp server, such as the number of dhcp unrecognized packets/request packets/response packets. Related commands: display dhcp server statistics. Examples # clear the statistics o...
Page 535
1-35 system-view system view: return to user view with ctrl+z. # bind the host aaaa-bbbb with the ip address 10.1.1.1. The mask is 255.255.255.0. [sysname] dhcp server ip-pool 0 [sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0 [sysname-dhcp-pool-0] static-bind client-identifi...
Page 536
1-36 static-bind mac-address syntax static-bind mac-address mac-address undo static-bind mac-address view dhcp address pool view parameters mac-address: mac address of the host to which the ip address is to be bound. You need to provide this argument in the form of h-h-h. Description use the static-...
Page 537
1-37 view dhcp address pool view parameters ncp-ip ip-address: specifies the ip address of the primary network calling processor. As-ip ip-address: specifies the ip address of the backup network calling processor. Voice-vlan vlan-id: specifies the voice vlan id, in the range of 2 to 4094. Z disable:...
Page 538
2-1 2 dhcp snooping configuration commands dhcp snooping configuration commands dhcp-snooping syntax dhcp-snooping undo dhcp-snooping view system view parameters none description use the dhcp-snooping command to enable the dhcp snooping function. Use the undo dhcp-snooping command to disable the dhc...
Page 539
2-2 view system view parameters none description use the dhcp-snooping information enable command to enable dhcp snooping option 82. Use the undo dhcp-snooping information enable command to disable dhcp snooping option 82. Dhcp snooping option 82 is disabled by default. Note that: z among s3100 seri...
Page 541
2-4 description use the dhcp-snooping information remote-id command to configure the remote id sub-option in option 82. Use the undo dhcp-snooping information remote-id command to restore the default value of the remote id sub-option in option 82. By default, the remote id sub-option in option 82 is...
Page 542
2-5 z enable dhcp-snooping and dhcp-snooping option 82 before performing this configuration. Z if a handling policy is configured on a port, this configuration overrides the globally configured handling policy for requests received on this port, while the globally configured handling policy applies ...
Page 543
2-6 if you have configured a circuit id with the vlan vlan-id argument specified, and the other one without the argument in ethernet port view, the former circuit id applies to the dhcp messages from the specified vlan, while the latter one applies to dhcp messages from other vlans. Note that among ...
Page 544
2-7 note that among s3100 series switches, only s3100-ei series switches support the two commands. Examples # configure the remote id of option 82 in dhcp packets to abc on the port ethernet 1/0/1. System-view system view: return to user view with ctrl+z. [sysname] interface ethernet1/0/1 [sysname-e...
Page 545
2-8 view ethernet port view parameters trap: sends a trap to notify the administrator when an unauthorized dhcp server is detected. Shutdown: shuts down the port administratively when an unauthorized dhcp server is detected, and sends a trap to notify the administrator. Description use the dhcp-snoo...
Page 546
2-9 use the undo dhcp-snooping server-guard source-mac command to restore the default mac address. By default, the source mac address of dhcp-discover messages is the bridge mac address of the switch. Note that among s3100 series switches, only s3100-si series switches support the two commands. Exam...
Page 547
2-10 display dhcp-snooping syntax display dhcp-snooping [ unit unit-id ] view any view parameters unit unit-id: indicates the number of the device whose dhcp-snooping information needs to be viewed, the value is 1. Description use the display dhcp-snooping command to display the user ip-mac address ...
Page 548
2-11 view any view parameters none description use the display dhcp-snooping server-guard command to display information about unauthorized dhcp server detection. Note that among s3100 series switches, only s3100-si series switches support this command. Examples # display information about unauthori...
Page 549
2-12 view any view parameters none description use the display dhcp-snooping trust command to display the (enabled/disabled) state of the dhcp snooping function and the trusted ports. Note that among s3100 series switches, only s3100-ei series switches support the command. Related commands: dhcp-sno...
Page 550
2-13 type ip address mac address remaining vlan interface lease ==== =============== =============== ========= ==== ================= s 192.168.0.25 0015-e20f-0101 infinite 1 ethernet1/0/2 s 192.168.0.58 0001-e201-4f01 infinite 1 ethernet1/0/3 s 192.168.0.101 000f-0101-0204 infinite 1 ethernet1/0/2 ...
Page 551
2-14 ip source static binding syntax ip source static binding ip-address ip-address [ mac-address mac-address] undo ip source static binding ip-address ip-address view ethernet port view parameters ip-address ip-address: specifies the ip address to be statically bound. Mac-address mac-address: speci...
Page 552
2-15 description use the reset dhcp-snooping command to remove dhcp snooping entries from a switch. If no ip-address is specified, all dhcp snooping entries are removed. Examples # remove all dhcp snooping entries from the switch. Reset dhcp-snooping.
Page 553
3-1 3 rate limit configuration commands among s3100 series ethernet switches, only s3100-ei series switches support the dhcp rate limit function. Rate limit configuration commands dhcp protective-down recover enable syntax dhcp protective-down recover enable undo dhcp protective-down recover enable ...
Page 554
3-2 dhcp protective-down recover interval syntax dhcp protective-down recoverinterval interval undo dhcp protective-down recover interval view system view parameters interval: interval (in seconds) for a port disabled due to the dhcp traffic exceeding the set threshold to be brought up again. This a...
Page 555
3-3 description use the dhcp rate-limit command to configure the maximum rate of dhcp traffic for the port. When the number of dhcp packets received on the port per second exceeds the specified threshold, the switch will discard the exceeding dhcp packets. Use the undo dhcp rate-limit command to res...
Page 556
3-4 [sysname-ethernet1/0/11] dhcp rate-limit enable.
Page 557
4-1 4 dhcp/bootp client configuration dhcp client configuration commands display dhcp client syntax display dhcp client [ verbose ] view any view parameters verbose: displays the detailed address allocation information. Description use the display dhcp client command to display the information about...
Page 558
4-2 table 4-1 description on the fields of the display dhcp client command field description vlan-interface1 vlan interface operating as a dhcp client to obtain an ip address dynamically current machine state the state of the client state machine allocated ip ip address allocated to the dhcp client ...
Page 559
4-3 to improve security and avoid malicious attacks to the unused sockets, s3100 ethernet switches provide the following functions: z udp ports 67 and 68 used by dhcp are enabled/disabled only when dhcp is enabled/disabled. The implementation is as follows: z after the dhcp client is enabled by exec...
Page 560
4-4 table 4-2 description on the fields of the display bootp client command field description vlan-interface1 vlan-interface 1 is configured to obtain an ip address through bootp. Allocated ip ip address allocated to the vlan interface transaction id value of the xid field in bootp packets mac addre...
Page 561: Table of Contents
I table of contents 1 acl configuration commands ················································································································1-1 acl configuration commands ············································································································...
Page 563
1-2 by default, acl rules are matched in the order they are defined. Only after the rules in an existing acl are fully removed can you modify the match order of the acl. In acl view, you can use the rule command to add rules to the acl. Related commands: rule. Examples # define acl 2000 and specify ...
Page 564
1-3 examples # assign description string “this acl is used for filtering all http packets” to acl 3000. System-view [sysname] acl number 3000 [sysname-acl-adv-3000] description this acl is used for filtering all http packets # use the display acl command to view the configuration information of acl ...
Page 565
1-4 field description 3 times matched number of times that the rule has been matched. Only matches where the acl is referenced by upper layer software are counted. Note that this field is displayed on only s3100-si series ethernet switches. Display acl remaining entry syntax display acl remaining en...
Page 566
1-5 field description remaining number number of remaining resources start port name end port name start port number and end port number corresponding to the entry display ipv6-acl-template syntax display ipv6-acl-template view any view parameter none description use the display ipv6-acl-template co...
Page 567
1-6 port-group group-id: displays information about packet filtering on the port group specified by group-id. Unitid unit-id: displays information about packet filtering on the unit specified by unit-id. The unit id can be set only to 1. Vlan vlan-id: displays information about packet filtering on t...
Page 568
1-7 description use the display time-range command to display the configuration and status of a time range or all the time ranges. For active time ranges, this command displays “active”; for inactive time ranges, this command displays “inactive”. Related commands: time-range. Examples # display all ...
Page 569
1-8 dest-port: matches the tcp/udp destination port field in ipv6 packets. Icmpv6-type: matches the icmpv6 message type field in ipv6 packets. Icmpv6-code: matches the icmpv6 message code field in ipv6 packets. Description use the ipv6-acl-template command to configure an ipv6 acl template. Use the ...
Page 570
1-9 table 1-5 combined application of acls combination mode the acl-rule argument apply all the rules of an acl that is of ip type (the acl can be a basic acl or an advanced acl.) ip-group acl-number apply a rule of an acl that is of ip type (the acl can be a basic acl or an advanced acl.) ip-group ...
Page 571
1-10 # apply rule 1 of advanced acl 3000 and rule 2 of layer 2 acl 4000 on ethernet 1/0/4 to filter inbound packets. Here, it is assumed that the acls and their rules are already configured. [sysname] interface ethernet 1/0/4 [sysname-ethernet1/0/4] packet-filter inbound ip-group 3000 rule 1 link-gr...
Page 573
1-12 when you assign basic acls to the hardware for packet filtering, the fragment keyword is not supported on a h3c s3100-ei series ethernet switch. Description use the rule command to define an acl rule. Use the undo rule command to remove an acl rule or specified settings of an acl rule. To remov...
Page 575
1-14 arguments/keywords type function description fragment fragment information indicates that the rule applies only to non-tail fragments. — ttl ttl information specifies the ttl for the acl rule. The ttl argument can be a number in the range 0 to 255. Time-range time-name time range information sp...
Page 576
1-15 keyword dscp value in decimal dscp value in binary cs6 48 110000 cs7 56 111000 ef 46 101110 if you specify the precedence keyword, you can directly input a value ranging from 0 to 7 or input one of the keywords listed in table 1-9 as ip precedence. Table 1-9 ip precedence values and the corresp...
Page 577
1-16 table 1-11 tcp/udp-specific acl rule information parameters type function description source-port operator port1 [ port2 ] source port defines the source port information of udp/tcp packets destination-po rt operator port1 [ port2 ] destination port defines the destination port information of u...
Page 578
1-17 table 1-13 icmp-specific acl rule information parameters type function description icmp-type icmp-type icmp-code type and message code information of icmp packets specifies the type and message code information of icmp packets in the acl rule icmp-type: icmp message type, ranging from 0 to 255 ...
Page 579
1-18 destination: removes the settings concerning the destination address in the acl rule. Destination-port: removes the settings concerning the destination port in the acl rule. This keyword is only available to the acl rules with their protocol types set to tcp or udp. Icmp-type: removes the setti...
Page 580
1-19 examples # create advanced acl 3000 and define rule 1 to deny packets with the source ip address of 192.168.0.1 and dscp priority of 46. System-view system view: return to user view with ctrl+z. [sysname] acl number 3000 [sysname-acl-adv-3000] rule 1 deny ip source 192.168.0.1 0 dscp 46 [sysnam...
Page 582
1-21 note the following when assigning an layer 2 acl to the hardware: z the 802.3/802.2 and 802.3 keywords are not supported. Z when you defining the source vlan information, the operator argument cannot be neq. Z when defining the source vlan information, you can specify up to four port ranges wit...
Page 583
1-22 view ipv6 acl view parameter rule-id: acl rule id, in the range of 0 to 65534. Deny: drops the matched packets. Permit: permits the matched packets. Dscp rule-stringrule-mask: specifies the traffic class information. Arguments rule-string and rule-mask indicate the content string and mask and c...
Page 584
1-23 z if you do not specify the rule-id argument when creating an acl rule, the rule will be numbered automatically. If the acl has no rules, the rule is numbered 0; otherwise, the number of the rule will be the greatest rule number plus one. If the current greatest rule number is 65534, however, t...
Page 585
1-24 by default, an acl rule has no comment. Before defining a comment for an acl rule, make sure that the acl rule exists. Examples # define the comment “this rule is to be applied to ethernet 1/0/1” for rule 0 of advanced acl 3001. System-view system view: return to user view with ctrl+z. [sysname...
Page 586
1-25 jointly define a period in which the absolute time range takes effect. If the start date is not specified, the time range starts from 1970/01/01 00:00. To end-time end-date: specifies the end date of an absolute time range, in the form of hh:mm mm/dd/yyyy or hh:mm yyyy/mm/dd. The start-time sta...
Page 587: Table of Contents
I table of contents 1 qos commands·········································································································································1-1 qos commands·················································································································...
Page 588
Ii traffic-statistic vlan ·························································································································1-43 2 qos profile configuration commands····································································································2-1 qos prof...
Page 589: Qos Commands
1-1 1 qos commands qos commands burst-mode enable syntax burst-mode enable undo burst-mode enable view system view parameter none description use the burst-mode enable command to enable the burst function. Use the undo burst-mode enable command to disable the burst function. By default, the burst fu...
Page 590
1-2 examples # display the priority trust mode on the current switch. Display priority-trust priority trust mode: dscp display qos cos-local-precedence-map syntax display qos cos-local-precedence-map view any view parameter none description use the display qos cos-local-precedence-map command to dis...
Page 591
1-3 example # display the dscp-precedence-to-local-precedence mapping table. Display qos dscp-local-precedence-map dscp-local-precedence-map: dscp : local-precedence(queue) ---------------------------------------------- 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 : 0 6 : 0 7 : 0 8 : 0 9 : 0 10 : 0 11 : 0 12 : 0...
Page 592
1-4 41 : 2 42 : 2 43 : 2 44 : 2 45 : 2 46 : 2 47 : 2 48 : 3 49 : 3 50 : 3 51 : 3 52 : 3 53 : 3 54 : 3 55 : 3 56 : 3 57 : 3 58 : 3 59 : 3 60 : 3 61 : 3 62 : 3 63 : 3 display qos ip-precedence-local-precedence-map syntax display qos ip-precedence-local-precedence-map view any view parameter none descr...
Page 593
1-5 example # display the ip-precedence-to-local-precedence mapping table on an s3100-si series switch. Display qos ip-precedence-local-precedence-map ip-precedence-local-precedence-map: ip-precedence : 0 1 2 3 4 5 6 7 -------------------------------------------------------------------------- local-...
Page 594
1-6 table 1-1 description on the fields of the display qos-global command field description inbound packet direction matches acl rules for traffic classifying target rate traffic policing target rate conform action action conducted to packet conforming to the traffic specification exceed action acti...
Page 595
1-7 weight of queue 3: 1 table 1-2 description on the fields of the display qos-interface all command field description line-rate z port with rate limiting configured inbound inbound direction. That is, rate limiting is performed to the inbound packets 1024 kbps the target rate queue scheduling mode...
Page 596
1-8 view any view parameter interface-type interface-number: specifies the type and number of a port, for which the traffic mirroring configuration information is to be displayed. Unit-id: unit id, which is fixed to 1. With this argument specified, the traffic mirroring configuration of all the port...
Page 597
1-9 parameter interface-type interface-number: specifies the type and number of a port, for which the traffic policing configuration information is to be displayed. Unit-id: unit id, which is fixed to 1. With this argument specified, the traffic policing configuration of all the ports on the device ...
Page 598
1-10 unit-id: unit id, which is fixed to 1. With this argument specified, the priority marking configuration of all the ports on the device is displayed. Description use the display qos-interface traffic-priority command to display the priority marking configuration of a port or all the ports on the...
Page 599
1-11 unit-id: unit id, which is fixed to 1. With this argument specified, the traffic redirecting configuration of all the ports on the device is displayed. Description use the display qos-interface traffic-redirect command to display the traffic redirecting configuration of a port or all the ports ...
Page 600
1-12 description use the display qos-interface traffic-remark-vlanid command to display the vlan marking configuration of a port or a unit. Related commands: traffic-remark-vlanid. Examples # display the vlan marking configuration of port ethernet 1/0/1. Display qos-interface ethernet 1/0/1 traffic-...
Page 601
1-13 example # display the traffic shaping configuration of ethernet 1/0/1. Display qos-interface ethernet 1/0/1 traffic-shape ethernet1/0/1 qid: status max-rate(kbps) burst-size(byte) ---------------------------------------------------- 0 : enable 64 8 1 : enable 64 8 2 : enable 640 16 3 : disable ...
Page 602
1-14 only h3c s3100-ei series switches support this command. Example # display the traffic accounting configuration information and traffic statistics on ethernet 1/0/1 (assuming that the current device is an s3100-ei series switch). Display qos-interface ethernet 1/0/1 traffic-statistic ethernet1/0...
Page 603
1-15 only h3c s3100-ei series switches support this command. Example # display all the qos-related configurations of port group 1 (assuming that the current device is an s3100-ei series switch). Display qos-port-group 1 all port-group 1 traffic-limit inbound: matches: acl 3001 rule 0 running target ...
Page 604
1-16 example # display all the qos-related configuration performed for vlan 1 (assuming that the current device is an s3100-ei series switch). Display qos-vlan 1 all vlan 1 traffic-limit inbound: matches: acl 3001 rule 0 running target rate: 128 kbps exceed action: drop meter-statistic not running r...
Page 605
1-17 view ethernet port view parameter inbound: limits the inbound packet rate. Outbound: limits the outbound packet rate. Target-rate: total target rate (in kbps). The range of this argument varies with port type as follows: z fast ethernet port: 64 to 99,968; z gigabitethernet port: 64 to 1,000,00...
Page 606
1-18 view system view, port group, ethernet port view parameter inbound: duplicates inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-9 and table 1-10 . Note that the acl rules referen...
Page 607
1-19 only h3c s3100-ei series switches support this command. Example # mirror packets that match acl 2000 on port ethernet 1/0/1 to ethernet 1/0/4 through traffic mirroring (assuming that the current device is an s3100-ei series switch). System-view system view: return to user view with ctrl+z. [sys...
Page 608
1-20 description use the mirrored-to vlan command to reference acls to a vlan for identifying traffics and perform traffic mirroring for packets that match. Use the undo mirrored-to vlan command to remove traffic mirroring configuration for a vlan. Note that, the same acl cannot be simultaneously re...
Page 609
1-21 parameter priority-level: port priority, ranging from 0 to 7. Description use the priority command to configure the priority of an ethernet port. Use the undo priority command to restore the default port priority. By default, the priority of an ethernet port is 0. Example # set the priority of ...
Page 611
1-23 related command: display priority-trust. Example # configure the switch to trust the dscp precedence of the received packets. System-view system view: return to user view with ctrl+z. [sysname] priority-trust dscp # display the configuration result. [sysname] display priority-trust priority tru...
Page 612
1-24 cos value local precedence 2 0 3 1 4 2 5 2 6 3 7 3 related command: display qos cos-local-precedence-map. Example # configure the cos-precedence-to-local-precedence mapping relationship as follows: 0 to 0, 1 to 0, 2 to 1, 3 to 1, 4 to 2, 5 to 2, 6 to 3, and 7 to 3. System-view system view: retu...
Page 613
1-25 the default dscp-precedence-to-local-precedence mapping tables as shown in table 1-12 . Table 1-12 the default dscp-precedence-to-local-precedence mapping table dscp local precedence 0 to 15 0 16 to 31 1 32 to 47 2 48 to 63 3 related command: display qos dscp-local-precedence-map. Example # mod...
Page 614
1-26 14 : 2 15 : 2 16 : 1 17 : 1 18 : 1 19 : 1 20 : 1 21 : 1 22 : 1 23 : 1 24 : 1 25 : 1 26 : 1 27 : 1 28 : 1 29 : 1 30 : 1 31 : 1 32 : 2 33 : 2 34 : 2 35 : 2 36 : 2 37 : 2 38 : 2 39 : 2 40 : 2 41 : 2 42 : 2 43 : 2 44 : 2 45 : 2 46 : 2 47 : 2 48 : 3 49 : 3 50 : 3 51 : 3 52 : 3 53 : 3 54 : 3 55 : 3 5...
Page 615
1-27 62 : 3 63 : 3 qos ip-precedence-local-precedence-map syntax qos ip-precedence-local-precedence-map ip0-map-local-prec ip1-map-local-prec ip2-map-local-prec ip3-map-local-prec ip4-map-local-prec ip5-map-local-prec ip6-map-local-prec ip7-map-local-prec undo qos cos-local-precedence-map view syste...
Page 616
1-28 related command: display qos ip-precedence-local-precedence-map. Only h3c s3100-si series switches support this command. Example # configure the ip-precedence-to-local-precedence mapping relationship as follows: 0 to 1, 1 to 1, 2 to 0, 3 to 0, 4 to 2, 5 to 2, 6 to 3, and 7 to 3 (assuming that t...
Page 617
1-29 by default, the wrr queue scheduling algorithm is adopted, and the weight assigned to queue 0, queue 1, queue 2, and queue 3 is 1, 2, 3, and 4. The port of an s3100 series switch can accommodate four output queues. You can configure the queue scheduling algorithm as needed: z with the wrr algor...
Page 618
1-30 parameter inbound: specifies to clear the statistics on the inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-9 and table 1-10 . Description use the reset traffic-limit command to...
Page 619
1-31 only h3c s3100-ei series switches support this command. Example # clear the statistics on packets that match acl 2000 and are of vlan 1 (assuming that the current device is an s3100-ei series switch). System-view system view: return to user view with ctrl+z. [sysname] reset traffic-limit vlan 1...
Page 620
1-32 reset traffic-statistic vlan syntax reset traffic-statistic vlan vlan-id inbound acl-rule view system view parameter vlan-id: vlan id, in the range 1 to 4094. Inbound: specifies to clear the statistics on the inbound packets. Acl-rule: acl rules to be applied. This argument can be the combinati...
Page 621
1-33 acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-9 and table 1-10 . Note that the acl rules referenced must be those defined with the permit keyword specified. Target-rate: target traffic rate of...
Page 622
1-34 keyword dscp value (decimal) dscp value (binary) cs7 56 111000 ef 46 101110 table 1-16 802.1p precedence keywords and the corresponding decimal/binary values keyword 802.1p precedence (decimal) 802.1p precedence (binary) best-effort 0 000 background 1 001 spare 2 010 excellent-effort 3 011 cont...
Page 623
1-35 related command: display qos-interface traffic-limit, reset traffic-limit. Example # perform traffic policing for packets matching acl 4000 on ethernet 1/0/1. Limit the rate within 128 kbps and drop the packets exceeding the traffic limit (assuming that the current device is an s3100-ei series ...
Page 624
1-36 z drop: drops the packets. Z forward: forwards the packets. Z remark-dscp dscp-value: resets the dscp precedence of the packets and forwards them at the same time. The dscp-value argument is in the range of 0 to 63. You can also enter a keyword listed in table 1-15 for this argument. Meter-stat...
Page 625
1-37 parameter inbound: marks the priority for inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-9 and table 1-10 . Note that the acl rules referenced must be those defined with the pe...
Page 626
1-38 view system view parameter vlan-id: vlan id, in the range 1 to 4094. Inbound: performs priority marking for the inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-9 and table 1-10 ...
Page 627
1-39 undo traffic-redirect inbound acl-rule view system view, ethernet port view, port group view parameter inbound: redirects inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer to table 1-9 and t...
Page 629
1-41 example # redirect the packets that match acl 2000 rules and are of vlan 1 to ethernet 1/0/7 (assuming that the current device is an s3100-ei series switch). System-view system view: return to user view with ctrl+z. [sysname] acl number 2000 [sysname-acl-basic-2000] rule permit source 1.1.1.0 0...
Page 630
1-42 system-view system view: return to user view with ctrl+z. [sysname] acl number 4000 [sysname-acl-ethernetframe-4000] rule permit source 5 [sysname-acl-ethernetframe-4000] quit [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] traffic-remark-vlanid inbound link-group 4000 remark-vlan 10...
Page 631
1-43 traffic-statistic syntax traffic-statistic inbound acl-rule undo traffic-statistic inbound acl-rule view system view, ethernet port view, port group view parameter inbound: generates statistics on inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multip...
Page 632
1-44 undo traffic-statistic vlan vlan-id inbound acl-rule view system view parameter vlan-id: vlan id, in the range 1 to 4094. Inbound: generates statistics on inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this a...
Page 633
2-1 2 qos profile configuration commands only h3c s3100-ei series switches support this configuration. Qos profile configuration commands apply qos-profile syntax in system view apply qos-profile profile-name interface interface-list undo apply qos-profile profile-name interface interface-list in et...
Page 634
2-2 system view: return to user view with ctrl+z. [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] apply qos-profile a123 # apply the qos profile named a123 to ethernet 1/0/1 through ethernet 1/0/4. System-view system view: return to user view with ctrl+z. [sysname] apply qos-profile a123 i...
Page 635
2-3 # display the configuration of the qos profile applied to ethernet 1/0/1, assuming that the qos profile has been applied to ethernet 1/0/1 manually. Display qos-profile interface ethernet 1/0/1 user's qos-profile applied mode: user-based default applied qos-profile: test, 3 actions packet-filter...
Page 636
2-4 packet-filter syntax packet-filter inbound acl-rule undo packet-filter inbound acl-rule view qos profile view parameter inbound: filters the inbound packets. Acl-rule: acl rules to be applied. This argument can be the combination of multiple acls. For more information about this argument, refer ...
Page 637
2-5 description use the qos-profile command to create a qos profile and enter qos profile view. If the qos profile already exists, this command leads you to the corresponding qos profile view. Use the undo qos-profile command to remove a qos profile. A qos profile currently applied to a port cannot ...
Page 638
2-6 [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] qos-profile port-based traffic-limit syntax traffic-limit inbound acl-rule target-rate [ burst-bucket burst-bucket-size ] [ conform con-action ] [ exceed exceed-action ] [ meter-statistic ] undo traffic-limit inbound acl-rule [ meter-sta...
Page 639
2-7 example # add a traffic policing action to the qos profile named a123 to limit the rate of the inbound packets matching acl 2000 to 128 kbps and drop the packets exceeding 128 kbps. System-view system view: return to user view with ctrl+z. [sysname] qos-profile a123 [sysname-qos-profile-a123] tr...
Page 640: Table of Contents
I table of contents 1 mirroring commands ································································································································1-1 mirroring commands·············································································································...
Page 642
1-2 ethernet1/0/1 inbound reflector port: ethernet1/0/2 remote-probe vlan: 10 # display the configurations of a remote destination mirroring group on your s3100-ei series ethernet switch. Display mirroring-group 1 mirroring-group 1: type: remote-destination status: active monitor port: ethernet1/0/3...
Page 643
1-3 parameters group-id: number of a port mirroring group, the value of which can only be 1. All: specifies to remove all mirroring groups. Local: specifies the mirroring group as a local port mirroring group. Remote-destination: specifies the mirroring group as the destination mirroring group for r...
Page 644
1-4 description use the mirroring-groupmirroring-port command to configure the source ports for a local mirroring group or a remote source mirroring group. Use the undo mirroring-group mirroring-port command to remove the source ports of a local mirroring group or a remote source mirroring group. No...
Page 645
1-5 z you cannot configure a member port of an aggregation group, or a port enabled with lacp or stp as the destination port. Z before configuring a destination port for a local mirroring group, make sure that the corresponding mirroring group has already been created. Z it is recommended that you u...
Page 646
1-6 [sysname] mirroring-group 1 remote-source [sysname] mirroring-group 1 reflector-port ethernet 1/0/2 mirroring-group remote-probe vlan syntax mirroring-group group-id remote-probe vlan remote-probe-vlan-id undo mirroring-group group-id remote-probe vlan remote-probe-vlan-id view system view param...
Page 647
1-7 parameters both: specifies to mirror all packets received on and sent from the port. Inbound: specifies to mirror the packets received on the port. Outbound: specifies to mirror the packets sent from the port. Description use the mirroring-port command to configure the source port in ethernet po...
Page 648
1-8 note that: z you cannot configure a member port of an aggregation group, or a port enabled with lacp and stp as the mirroring destination port. Z it is recommended that you use a destination port for port mirroring purpose only. Do not use a destination port to transmit other service packets. Re...
Page 649
1-9 examples # configure vlan 5 as the remote-probe vlan. System-view system view: return to user view with ctrl+z. [sysname] vlan 5 [sysname-vlan5] remote-probe vlan enable.
Page 650: Table of Contents
I table of contents 1 stack function configuration commands······························································································1-1 stack function configuration commands ······························································································1-1 display...
Page 651
Ii management-vlan··························································································································2-33 reboot member ······························································································································2-33 snmp-host·...
Page 652
1-1 1 stack function configuration commands stack function configuration commands display stacking syntax display stacking [ members ] view any view parameter members: displays the information about the members of a stack. Do not specify this keyword when you execute this command on a slave switch. ...
Page 653
1-2 mac address:000f-e20f-3124 member status:admin ip: 129.10.1.15 /16 member number: 1 name:stack_1.Sysname device: s3100 mac address: 000f-e20f-3130 member status:up ip: 129.10.1.16/16 member number: 2 name:stack_2.Sysname device: s3100 mac address: 000f-e20f-3135 member status:up ip: 129.10.1.17/...
Page 654
1-3 stack-port enable syntax stack-port enable undo stack-port enable view ethernet port view parameters none description use the stack-port enable command to allow the stack port to send/forward stack join-in requests to/from its connected switch. Use the undo stack-port enable command to prohibit ...
Page 655
1-4 stacking 1 quit stacking enable syntax stacking enable undo stacking enable view system view parameter none description use the stacking enable command to create a stack. Use the undo stacking enable command to remove a stack. The stacking enable command triggers a main switch to add the switche...
Page 656
1-5 undo stacking ip-pool view system view parameter from-ip-address: start address of the stack ip address pool. Ip-address-number: number of the ip addresses in the stack ip address pool. A stack ip address pool contains 16 addresses by default. Ip-mask: mask of the stack ip address. Description u...
Page 657
2-1 2 hgmp v2 configuration commands ndp configuration commands display ndp syntax display ndp [ interface interface-list ] view any view parameters interface interface-list: specifies a port list. You need to provide the interface-list argument in the form of { interface-type interface-number [ to ...
Page 658
2-2 status: enabled, pkts snd: 0, pkts rvd: 0, pkts err: 0 interface: ethernet1/0/3 status: enabled, pkts snd: 0, pkts rvd: 0, pkts err: 0 ……(omitted) # display ndp information about ethernet 1/0/1. Display ndp interface ethernet 1/0/1 interface: ethernet1/0/1 status: enabled, pkts snd: 15835, pkts ...
Page 659
2-3 field description product ver product version of the neighbor device bootrom ver bootrom version of the neighbor device ndp enable syntax ndp enable [ interface interface-list ] undo ndp enable [ interface interface-list ] view system view, ethernet port view parameters interface-list: ethernet ...
Page 660
2-4 view system view parameters aging-in-seconds: holdtime of the ndp information, ranging from 5 to 255 seconds. Description use the ndp timer aging command to set the holdtime of the ndp information. This command specifies how long an adjacent device should hold the ndp neighbor information receiv...
Page 661
2-5 note that ndp information holdtime should be longer than the interval between sending ndp packets. Otherwise, a neighbor entry will be generated and age out frequently, resulting in instability of the ndp port neighbor table. Examples # set the interval between sending ndp packets to 80 seconds....
Page 662
2-6 ntdp configuration commands display ntdp syntax display ntdp view any view parameters none description use the display ntdp command to display the global ntdp information. The displayed information includes topology collection range (hop count), topology collection interval (ntdp timer), device/...
Page 663
2-7 display ntdp device-list syntax display ntdp device-list [ verbose ] view any view parameters verbose: displays the detailed information of devices in a cluster. Description use the display ntdp device-list command to display the cluster device information collected by ntdp. Examples # display t...
Page 664
2-8 00e0-fc12-3450 ethernet1/0/14 ethernet1/0/4 100 full -------------------------------------------------------------------------- hostname : 1234_5.Sysname mac : 00e0-fc3d-9da8 hop : 2 platform : h3c s3026 ip : version : h3c comware platform software comware software, version 3.10 copyright(c) 200...
Page 665
2-9 field description cluster the role of the collected device for the cluster peer mac mac address of a neighbor device connected to the collected device peer port id index of the port on the neighbor device connected to the collected device native port id index of the port on the collected device ...
Page 666
2-10 parameters none description use the ntdp explore command to manually start a topology collection process. Ntdp is able to periodically collect topology information. In addition, you can use this command to manually start a topology collection process at any moment. If you do this, ntdp collects...
Page 667
2-11 examples # set the topology collection range to 5 hops. System-view system view: return to user view with ctrl+z. [aaa_0.Sysname] ntdp hop 5 ntdp timer syntax ntdp timer interval-in-minutes undo ntdp timer view system view parameters interval-in-minutes: interval (in minutes) to collect topolog...
Page 668
2-12 ntdp timer hop-delay syntax ntdp timer hop-delay time undo ntdp timer hop-delay view system view parameters time: device forwarding delay in milliseconds. This argument ranges from 1 to 1,000. Description use the ntdp timer hop-delay command to set the delay for devices to forward topology coll...
Page 669
2-13 description use the ntdp timer port-delay command to configure the topology request forwarding delay between two ports, that is, the interval at which the device forwards the topology requests through the ntdp-enabled ports one after another. Use the undo ntdp timer port-delay command to restor...
Page 670
2-14 if you do not specify the member number when adding a new cluster member, the management device assigns the next available member number to the new member. If you want to specify the member manually, you need to specify a number that is never used by a member device of the cluster. After you ad...
Page 671
2-15 examples # remove the current member device from the cluster. System-view system view: return to user view with ctrl+z [aaa_1.Sysname] cluster [aaa_1.Sysname-cluster] undo administrator-address auto-build syntax auto-build [ recover ] view cluster view parameters recover: recovers all member de...
Page 672
2-16 z after a cluster is built automatically, acl 3998 and acl 3999 will automatically generate a rule respectively to prohibit packets whose source and destination addresses are private ip addresses of the cluster from being sent to or received from the public network. The two acl rules will be au...
Page 673
2-17 member 000f-e200-2420 is joined in cluster aaa. %apr 3 08:12:37:996 2000 aaa_0.Sysname clst/5/log:- 1 - member 000f-e202-2180 is joined in cluster aaa. %apr 3 08:12:38:113 2000 aaa_0.Sysname clst/5/log:- 1 - member 0016-e0c0-c201 is joined in cluster aaa. %apr 3 08:12:38:139 2000 aaa_0.Sysname ...
Page 674
2-18 to reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the s3100 series ethernet switches provide the following functions, so that a cluster socket is opened only when it is needed: z opening udp port 40000 (used for cluster) only when the clu...
Page 675
2-19 cluster syntax cluster view system view parameters none description use the cluster command to enter clusterview. Examples # enter cluster view. System-view system view: return to user view with ctrl+z [sysname] cluster [sysname-cluster] cluster enable syntax cluster enable undo cluster enable ...
Page 676
2-20 z when you execute undo cluster enable command on a device that does not belong to any cluster, the cluster function is disabled on the device, and thus you cannot create a cluster on the device or add the device to an existing cluster. Examples # enable the cluster function on the switch. Syst...
Page 677
2-21 when you execute this command on the management device with an inexistent member number or a mac address that is not in the member list, an error will occur. In this case, you can enter quit to end the switching. Examples # switch from the management device to number-6 member device and then sw...
Page 678
2-22 system view: return to user view with ctrl+z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] cluster-mac 0180-c200-0028 cluster-mac syn-interval syntax cluster-mac syn-interval time-interval view cluster view parameters time-interval: interval to send multicast mac synchronization packets, ran...
Page 679
2-23 to-black-list: adds the device removed from a cluster to the blacklist to prevent it from being added to the cluster. Description use the delete-member command to remove a member device from the cluster. Note that a cluster will collect the topology information at the topology collection interv...
Page 680
2-24 description use the display cluster command to display the status and statistics information of the cluster to which the current switch belongs. Executing this command on a member device will display the following information: cluster name, member number of the current switch, mac address and s...
Page 681
2-25 table 2-5 description on the fields of the display cluster command field description cluster name name of the cluster, which can be configured through the build command role role of this switch management-vlan number of the management vlan, which can be configured through the management-vlan co...
Page 682
2-26 examples # display information about all candidate devices. Display cluster candidates mac hop ip platform 3900-0000-3334 2 16.1.1.11/24 s3100 000f-e20f-3190 1 16.1.1.1/24 s3100 table 2-6 description on the fields of the display cluster candidates command field description mac mac address of th...
Page 684
2-28 hops to administrator device:0 ip: 100.100.1.1/24 version: h3c comware platform software. Comware software, version 3.10 copyright(c) 2004-2007 hangzhou h3c tech. Co., ltd. All rights reserved. S3100 3100-0002 member number:1 name:aaa_1.Sysname device:s3100 mac address:3900-0000-3334 member sta...
Page 685
2-29 ftp cluster syntax ftp cluster view user view parameters none description use the ftp cluster command to connect to the shared ftp server of the cluster and enter ftp client view through the management device. You can use the ftp-server command on the management device to configure the shared f...
Page 686
2-30 view cluster view parameters ip-address: ip address of the ftp server to be configured for the cluster. Description use the ftp-server command to configure a shared ftp server for the cluster on the management device. Use the undo ftp-server command to remove the shared ftp server setting. By d...
Page 687
2-31 by default, the neighbor information holdtime is 60 seconds. Note that: z if the management switch does not receive ndp information from a member device within the holdtime, it sets the state of the member device to “down”. When the management device receives the ndp information from the device...
Page 688
2-32 examples # configure a private ip address pool for a cluster. System-view system view: return to user view with ctrl+z. [sysname] cluster [sysname-cluster] ip-pool 10.200.0.1 20 logging-host syntax logging-host ip-address undo logging-host view cluster view parameters ip-address: ip address of ...
Page 689
2-33 management-vlan syntax management-vlan vlan-id undo management-vlan view system view parameters vlan-id: id of the vlan to be specified as the management vlan. Description use the management-vlan command to specify the management vlan on the switch. Use the undo management-vlan command to resto...
Page 690
2-34 description use the reboot member command to reboot a specified member device on the management device. When a member device is in trouble due to some configuration errors, you can use the remote control function on the management device to maintain the member device remotely. For example, from...
Page 692
2-36 parameters cluster: uploads files through the shared tftp server of the cluster. Tftp-server: ip address or host name of the tftp server. Source-file: file name to be uploaded to the shared tftp server. Destination-file: name of the file to which the uploaded file will be saved in the storage d...
Page 693
2-37 by default, no shared tftp server is configured. After the ip address of the shared tftp server is configured, nat is enabled on the management device immediately. When a member device uses the tftp cluster get or tftp cluster put command to download or upload a file from the shared tftp server...
Page 695
2-39 tracing mac address 000f-e232-0005 in vlan 1 1 000f-e232-0001 h3c01 ethernet1/0/2 2 000f-e232-0002 h3c02 ethernet1/0/7 3 000f-e232-0003 h3c03 ethernet1/0/4 4 000f-e232-0005 h3c05 local enhanced cluster feature configuration commands black-list syntax black-list add-mac mac-address black-list de...
Page 696
2-40 [aaa_0.Sysname-cluster] black-list add-mac 0010-3500-e001 # delete all addresses in the current cluster blacklist. [aaa_0.Sysname-cluster] black-list delete-mac all display cluster base-members syntax display cluster base-members view any view parameters none description use the display cluster...
Page 697
2-41 parameters mac-address mac-address: displays the structure of the standard topology three layers above or below the node specified by the mac address. Member member-id: displays the structure of the standard topology three layers above or below the node specified by the member id. Description u...
Page 698
2-42 parameters none description use the display cluster black-list command to display the information of devices in the current cluster blacklist. Related commands: black-list. Examples # display the contents of the current cluster blacklist. Display cluster black-list device id access device id ac...
Page 699
2-43 description use the display cluster current-topology command to display the topology of the current cluster. If to-mac-address or to-member-id is not specified, the system displays the topology structure three layers below the node specified by the mac address or member id. If to-mac-address or...
Page 700
2-44 display ntdp single-device mac-address syntax display ntdp single-device mac-address mac-address view any view parameters mac-address: mac address of the device whose detailed information is to be displayed. Description use the display ntdp single-device mac-address command to display the detai...
Page 701
2-45 field description cluster role the device plays in the cluster peer mac mac address of the peer device peer port id name of the port on the peer device connecting to the local device native port id name of the port on the local device connecting to the peer device speed rate of the local port c...
Page 702
2-46 system-view enter system view, return to user view with ctrl+z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] topology accept all save-to local-flash # accept the device with the mac address 0010-0f66-3022 as a member of the base cluster topology. System-view enter system view, return to user...
Page 703
2-47 view cluster view parameters none description use the topology save-to command to save the standard topology of the cluster to the local flash memory. The file name used to save the standard topology is topology.Top. Do not modify the file name. This command is applicable to only the management...
Page 704: Table of Contents
I table of contents 1 poe configuration commands ················································································································1-1 poe configuration commands ············································································································...
Page 705: Poe Configuration Commands
1-1 1 poe configuration commands poe configuration commands display poe interface syntax display poe interface [ interface-type interface-number ] view any view parameter interface-type interface-number: port type and port number. Description use the display poe interface command to view the poe sta...
Page 706
1-2 table 1-1 description on the fields of the display poe interface command field description port power enabled poe is enabled on the port port power on/off the power on the port is on/off port power status poe status on the port: z user command set port to off: poe to the port is turned off by th...
Page 707
1-3 field description mode poe mode on the port: z signal: poe through the signal cable z spare: poe through the spare cable priority poe priority of the port: z critical: highest z high: high z low: low status poe status on the port: z user command set port to off: poe to the port is turned off by ...
Page 708
1-4 display poe powersupply syntax display poe powersupply view any view parameter none description use the display poe powersupply command to view the parameters of the power sourcing equipment (pse). Example # display the pse parameters. Display poe powersupply unit 1 pse id :0 pse legacy detectio...
Page 709
1-5 field description pse power-management mode poe management mode on the port when the pse is overloaded: the auto keyword indicates that the auto mode is adopted, that is, the poe management mode based on the poe priority of the port is adopted the manual keyword indicates that the manual mode is...
Page 710
1-6 by default, the poe feature on a port is enabled by the default configuration file when the device is delivered. If you delete the default configuration file without specifying another one, the poe function on a port will be disabled after you restart the device. You can use the display poe inte...
Page 711
1-7 view ethernet port view parameter max-power: maximum power distributed to the port, ranging from 100 to 15,400, in mw. Description use the poe max-power command to configure the maximum power that can be supplied by the current port. Use the undo poe max-power command to restore the maximum powe...
Page 713
1-9 high: sets the port priority to high. Low:sets the port priority to low. Description use the poe priority command to configure the poe priority of a port. Use the undo poe priority command to restore the default poe priority. By default, the poe priority of a port is low. When the available powe...
Page 714
1-10 the switch disables the poe feature on all ports when its internal temperature exceeds 65°c (149°f) for self-protect, and restores the poe feature settings on all its ports when the temperature drops below 60°c (140°f). By default, poe over-temperature protection is enabled on the switch. You c...
Page 715
1-11 example # update the pse processing software online. System-view system view: return to user view with ctrl+z. [sysname] poe update refresh 0400_001.S19 update poe board successfully.
Page 716
2-1 2 poe profile configuration commands poe profile configuration commands apply poe-profile syntax in system view use the following commands: apply poe-profile profile-name interface interface-type interface-number [ to interface-type interface-number ] undo apply poe-profile profile-name interfac...
Page 717
2-2 poe profile is a set of poe configurations. One poe profile can contain multiple poe features. When the apply poe-profile command is used to apply a poe profile to a port, some poe features can be applied successfully while some cannot. Poe profiles are applied to s3100 series ethernet switches ...
Page 718
2-3 system view: return to user view with ctrl+z. [sysname] display poe-profile name profile-test poe-profile: profile-test, 3 action poe enable poe max-power 5000 poe priority critical poe-profile syntax poe-profile profile-name undo poe-profile profile-name view system view parameter profile-name:...
Page 719: Table of Contents
I table of contents 1 snmp configuration commands ·············································································································1-1 snmp configuration commands············································································································1-...
Page 721
1-2 parameters read: displays the information about the snmp communities with read-only permission. Write: displays the information about the snmp communities with read-write permission. Description use the display snmp-agent community command to display the information about the snmpv1/snmpv2c comm...
Page 722
1-3 field description storage-type storage type, which can be: z volatile: information will be lost if the system is rebooted z nonvolatile: information will not be lost if the system is rebooted z permanent: modification is permitted, but deletion is forbidden z readonly: read only, that is, no mod...
Page 723
1-4 table 1-2 display snmp-agent group command output description field description group name snmp group name of the user security model snmp group security mode, which can be authpriv (authentication with privacy), authnopriv (authentication without privacy), and noauthnopriv (no authentication no...
Page 724
1-5 view name:viewdefault mib subtree:iso subtree mask: storage-type: nonvolatile view type:included view status:active view name:viewdefault mib subtree:snmpusmmib subtree mask: storage-type: nonvolatile view type:excluded view status:active view name:viewdefault mib subtree:snmpvacmmib subtree mas...
Page 725
1-6 examples # display the statistics on snmp packets. Display snmp-agent statistics 1276 messages delivered to the snmp entity 0 messages which were for an unsupported version 0 messages which used a snmp community name not known 0 messages which represented an illegal operation for the community s...
Page 726
1-7 field description snmp pdus which had generr error-status the total number of snmp pdus which were delivered to the snmp protocol entity and for which the value of the error-status field is `generr'. Snmp pdus which had nosuchname error-status the total number of snmp pdus which were delivered t...
Page 727
1-8 field description forwarded confirmed class pdus dropped silently the total number of confirmed class pdus (such as getrequest-pdus, getnextrequest-pdus, getbulkrequest-pdus, setrequest-pdus, and informrequest-pdus) delivered to the snmp entity which were silently dropped because the transmissio...
Page 728
1-9 snmpv3 display snmp-agent trap-list syntax display snmp-agent trap-list view any view parameters none description use the display snmp-agent trap-list command to display the modules that can generate traps and whether the sending of traps is enabled on the modules. If a module contains multiple ...
Page 729
1-10 group-name: name of an snmp group, a string of 1 to 32 characters. Description use the display snmp-agent usm-user command to display the information about a specific type of snmpv3 users. If you execute this command with no keyword specified, the information about all the snmpv3 users is displ...
Page 730
1-11 view ethernet port view, interface view parameters none description use the enable snmp trap updown command to enable the sending of port/interface linkup/linkdown traps. Use the undo enable snmp trap updown command to disable the sending of linkup/linkdown traps. By default, the sending of por...
Page 731
1-12 by default, the snmp agent is disabled. Examples # start the snmp agent. System-view system view: return to user view with ctrl+z. [sysname] snmp-agent an s3100 ethernet switch provides the following functions to prevent attacks through unused udp ports. Z starting the snmp agent opens udp port...
Page 732
1-13 the generated password is related to engine id: password generated under an engine id can only take effect on this engine id. Related commands: snmp-agent usm-user v3. Snmp agent must be enabled for you to encrypt a plain-text password. Examples # use the local engine id and the md5 algorithm t...
Page 733
1-14 typically, “public” is used as a read community name, and “private” is used as a write community name. For the security purposes, you are recommended to configure another community name except these two. Examples # create an snmp community named comaccess, which has read-only permission to mib ...
Page 734
1-15 acl-number: id of a basic acl, in the range 2000 to 2999. Using basic acl can restrict the source addresses of snmp messages, namely, permitting or refusing the snmp messages with specific source addresses, thus restricting access between the nms and the agent. Description use the snmp-agent gr...
Page 735
1-16 storage-type: nonvolatile acl:2001 snmp-agent local-engineid syntax snmp-agent local-engineid engineid undo snmp-agent local-engineid view system view parameters engineid: engine id, an even number of hexadecimal characters, in the range 10 to 64. Description use the snmp-agent local-engineid c...
Page 736
1-17 description use the snmp-agent log command to enable network management operation logging. Use the undo snmp-agent log command to disable network management operation logging. By default, network management operation logging is disabled. After snmp logging is enabled, when nms performs specifie...
Page 737
1-18 mask mask-value: mask of a mib subtree, an even number of hexadecimal characters, in the range 2 to 32. An odd number of characters are invalid. Description use snmp-agent mib-view command to create or update the information about a mib view to limit the mib objects the nms can access. Use the ...
Page 738
1-19 # create an snmp mib view with the name of view-a, mib subtree of 1.3.6.1.5.4.3.4 and subtree mask of fe. Mib nodes with the oid of 1.3.6.1.5.4.3.X are included in this view, with x indicating any integer number. System-view system view: return to user view with ctrl+z. [sysname] snmp-agent mib...
Page 739
1-20 parameters sys-contact: contact information for system maintenance, a string of up to 200 characters. Sys-location: geographical location of the device, a string of up to 200 characters. Version: specifies the snmp version to be employed. V1: specifies snmpv1. V2c: specifies snmpv2c. V3: specif...
Page 740
1-21 view system view parameters trap: enables the host to receive snmp traps. Address: specifies the destination for the snmp traps. Udp-domain: specifies to use udp to communicate with the target host. Ip-address: the ipv4 address of the host that is to receive the traps. Port-number: number of th...
Page 742
1-23 undo snmp-agent trap ifmib link extended view system view parameters none description use the snmp-agent trap ifmib link extended command to configure the extended trap. “interface description” and “interface type” are added into the extended linkup/linkdown trap. Use the undo snmp-agent trap i...
Page 743
1-24 view system view parameters seconds: snmp trap aging time (in seconds) to be set, ranging from 1 to 2,592,000. Description use the snmp-agent trap life command to set the snmp trap aging time. Snmp traps exceeding the aging time will be discarded. Use the undo snmp-agent trap life command to re...
Page 744
1-25 system-view system view: return to user view with ctrl+z. [sysname] snmp-agent trap queue-size 200 snmp-agent trap source syntax snmp-agent trap source interface-type interface-number undo snmp-agent trap source view system view parameters interface-type interface-number: interface type and int...
Page 746
1-27 system-view [sysname] acl number 2001 [sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0 [sysname-acl-basic-2001] rule deny source any [sysname-acl-basic-2001] quit [sysname] snmp-agent sys-info version v2c [sysname] snmp-agent group v2c readcom [sysname] snmp-agent usm-user v2c userv2...
Page 747
1-28 the snmp messages with specific source addresses, thus restricting access between the nms and the agent. Local: specifies a local entity user. Engineid-string: engine id associated with the user, an even number of hexadecimal characters, in the range 10 to 64. Description use the snmp-agent usm...
Page 748
1-29 [sysname] snmp-agent usm-user v3 testuser testgroup authentication-mode md5 authkey privacy-mode des56 prikey on the nms, set the version to snmpv3, the username to testuser, the authentication algorithm to md5, the authentication password to authkey, the privacy algorithm to des, and the priva...
Page 749: Rmon Configuration Commands
2-1 2 rmon configuration commands rmon configuration commands display rmon alarm syntax display rmon alarm [ entry-number ] view any view parameters entry-number: alarm entry index, in the range 1 to 65535. Description use the display rmon alarm command to display the configuration of a specified al...
Page 750
2-2 field description sampling interval sampling interval, in seconds. The system performs absolute or delta sampling on the sampled node at this interval. Rising threshold rising threshold. When the sampled value equals or exceeds the rising threshold, an alarm is triggered. Falling threshold falli...
Page 751
2-3 event table 1 owned by user1 is valid. Description: null. Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s. Table 2-2 display rmon event command output description field description event table index of an entry in the rmon event table valid the status of the entry identif...
Page 752
2-4 less than(or =) 100 with alarm value 0. Alarm sample type is absolute. Table 2-3 display rmon eventlog command output description field description event table index of an entry in the rmon event table valid the status of the entry identified by the index is valid. Generates eventlog 1.1 at 0day...
Page 753
2-5 history control entry 1 owned by user1 is valid samples interface : ethernet1/0/1 sampling interval : 5(sec) with 10 buckets max latest sampled values : dropevents : 0 , octets : 10035 packets : 64 , broadcast packets : 35 multicast packets : 8 , crc alignment errors : 0 undersize packets : 0 , ...
Page 754
2-6 view any view parameters prialarm-entry-number: extended alarm entry index, in the range 1 to 65,535. Description use the display rmon prialarm command to display the configuration of an rmon extended alarm entry. If you do not specify the prialarm-entry-number argument, the configuration of all...
Page 755
2-7 field description linked with event event index corresponding to an alarm when startup enables: risingorfallingalarm the condition under which an alarm is triggered, which can be: z risingorfallingalarm: an alarm is triggered when the rising or falling threshold is reached. Z risingalarm: an ala...
Page 756
2-8 interface : ethernet1/0/1 etherstatsoctets : 30561 , etherstatspkts : 217 etherstatsbroadcastpkts : 102 , etherstatsmulticastpkts : 25 etherstatsundersizepkts : 0 , etherstatsoversizepkts : 0 etherstatsfragments : 0 , etherstatsjabbers : 0 etherstatscrcalignerrors : 0 , etherstatscollisions : 0 ...
Page 757
2-9 parameters entry-number: index of the alarm entry to be added/removed, in the range 1 to 65535. Alarm-variable: alarm variable, a string comprising 1 to 256 characters in dotted node oid format (such as 1.3.6.1.2.1.2.1.10.1). Only the variables that can be resolved to asn.1 integer data type (th...
Page 758
2-10 comparison operation the sample value is smaller than the set lower threshold (threshold-value2) triggering the event identified by the event-entry2 argument z before adding an alarm entry, you need to use the rmon event command to define the events to be referenced by the alarm entry. Z make s...
Page 759
2-11 description string: specifies the event description, a string of 1 to 127 characters. Log: logs events. Trap: sends traps to the nms. Trap-community: community name of the nms that receives the traps, a string of 1 to 127 characters. Log-trap: logs the event and sends traps to the nms. Log-trap...
Page 760
2-12 description use the rmon history command to add an entry to the history control table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”. Use the undo rmon history command to remove an entry from the history control table. You can u...
Page 761
2-13 threshold-value2: lower threshold, in the range 0 to 2147483647. Event-entry2: index of the event entry that corresponds to the falling threshold, in the range 0 to 65535. Forever: specifies the corresponding rmon alarm instance is valid permanently. Cycle: specifies the corresponding rmon alar...
Page 762
2-14 z falling threshold: 5 z event 1 is triggered when the change ratio is larger than the rising threshold. Z event 2 is triggered when the change ratio is less than the falling threshold. Z the alarm entry is valid forever. Z entry owner: user1 system-view system view: return to user view with ct...
Page 763
2-15 for each port, only one rmon statistics entry can be created. That is, if an rmon statistics entry was already created for a given port, you will fail to create a statistics entry with a different index for the port. You can use the display rmon statistics command to display the information abo...
Page 764: Table of Contents
I table of contents 1 ntp configuration commands ················································································································1-1 ntp configuration commands ············································································································...
Page 765: Ntp Configuration Commands
1-1 1 ntp configuration commands to protect unused sockets against attacks by malicious users and improve security, h3c s3100 series ethernet switches provide the following functions: z udp port 123 is opened only when the ntp feature is enabled. Z udp port 123 is closed as the ntp feature is disabl...
Page 766
1-2 [12345]3.0.1.32 locl 1 95 64 42 -14.3 12.9 2.7 [25]3.0.1.31 127.127.1.0 2 1 64 1 4408.6 38.7 0.0 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured total associations : 2 table 1-1 description on the fields of the display ntp-service sessions command field description sour...
Page 767
1-3 view any view parameter none description use the display ntp-service status command to display the status of ntp services. Example # view the status of the ntp service of the local switch. Display ntp-service status clock status: synchronized clock stratum: 4 reference clock id: 1.1.1.11 nominal...
Page 768
1-4 display ntp-service trace syntax display ntp-service trace view any view parameter none description use the display ntp-service trace command to display the brief information of each ntp time server along the time synchronization chain from the local switch to the reference clock source. Example...
Page 769
1-5 view system view parameter query: control query right. This level of right permits the peer device to perform control query to the ntp service on the local device but does not permit the peer device to synchronize its clock to the local device. The so-called “control query” refers to query of st...
Page 770
1-6 view system view parameter none description use the ntp-service authentication enable command to enable the ntp authentication. Use the undo ntp-service authentication enable command to disable the ntp authentication. By default, the ntp authentication is disabled. Refer to the ntp-service relia...
Page 771
1-7 system view: return to user view with ctrl+z. [sysname] ntp-service authentication-keyid 10 authentication-mode md5 betterkey ntp-service broadcast-client syntax ntp-service broadcast-client undo ntp-service broadcast-client view vlan interface view parameter none description use the ntp-service...
Page 772
1-8 description use the ntp-service broadcast-server command to configure an ethernet switch to operate in the ntp broadcast server mode and send ntp broadcast messages through the current interface. Use the undo ntp-service broadcast-server command to remove the configuration. By default, no ntp op...
Page 773
1-9 view system view parameter number: maximum number of the dynamic ntp sessions that can be established locally. This argument ranges from 0 to 100. Description use the ntp-service max-dynamic-sessions command to set the maximum number of dynamic ntp sessions that can be established locally. Use t...
Page 775
1-11 description use the ntp-service reliable authentication-keyid command to specify an authentication key as a trusted key. Use the undo ntp-service reliable authentication-keyid command to remove the configuration. By default, no trusted key is configured. When ntp authentication is enabled, a cl...
Page 777
1-13 example # configure the local switch to obtain time information from the peer with the ip address 128.108.22.44 and also to provide time information to the peer. Set the ntp version number to 3. The source ip address of ntp messages is the ip address of vlan- interface1. System-view system view...
Page 778
1-14 the remote server specified by remote-ip or server-name serves as the ntp server, and the local switch serves as the ntp client. The clock of the ntp client will be synchronized by but will not synchronize that of the ntp server. Example # configure the local switch to be synchronized to the nt...
Page 779: Table of Contents
I table of contents 1 ssh commands·········································································································································1-1 ssh commands ················································································································...
Page 781
1-2 75fd6a430575d97350e300a20feb773d93d7c3565467b0ca6b95c07d3338c523743b49d82c 5ec2c9458d248955846f9c32f4d25cc92d0e831e564bba6fae794eec6fcdedb822909cc687 bebf51f3dfc5c30d590203010001 ===================================================== time of key pair created: 23:48:36 2000/04/03 key name: sysname...
Page 782
1-3 description use the display public-key peer command to display information about locally saved public keys of ssh peers. If no key name is specified, the command displays detailed information about the locally saved public keys of all ssh peers. Sometimes the public key modulo displayed with the...
Page 783
1-4 display rsa local-key-pair public syntax display rsa local-key-pair public view any view parameters none description use the display rsa local-key-pair public command to display the public key part of the current switch’s rsa key pair(s). If no key pair has been generated, the system prompts “% ...
Page 784
1-5 d0fc303f 51072d6c b5d0054d 3673eba0 a4748984 5ebf6ebe cf6a13b1 c7858241 a2a9aa79 0203 010001 after the rsa key pair is generated, the display rsa local-key-pair public command displays two public keys (the host public key and server public key) when the s3100-ei switch is working in ssh1-compati...
Page 785
1-6 dsa 1023 2 dsa 1024 a # display the information about public key “abcd”. Display rsa peer-public-key name abcd ===================================== key name : abcd key type : rsa key module: 1024 ===================================== key code: 30819f300d06092a864886f70d010101050003818d003081890...
Page 786
1-7 ssh connection timeout : 60 seconds ssh authentication retries : 3 times sftp server: disable sftp idle timeout : 10 minutes z if you use the ssh server compatible-ssh1x enable command to configure the server to be compatible with ssh1.X clients, the ssh version will be displayed as 1.99. Z if y...
Page 787
1-8 if an ssh client needs to authenticate the ssh server, it uses the locally saved public key of the server for authentication. In case the authentication fails, you can use the display ssh server-info command to view whether the locally saved public key of the server is correct. Related commands:...
Page 788
1-9 peer-public-key end syntax peer-public-key end view public key view parameters none description use the peer-public-key end command to return from public key view to system view. Related commands: rsa peer-public-key, public-key-code begin, public-key peer. Examples # exit public key view. Syste...
Page 789
1-10 as ssh clients access the ssh server through vty user interfaces, you need configure the vty user interfaces of the ssh server to support remote ssh login. Z if you have configured a user interface to support ssh protocol, to ensure a successful login to the user interface, you must configure a...
Page 790
1-11 z the configuration of this command can survive a reboot. You only need to configure it once. Related commands: public-key local destroy, display public-key local. Examples # create an rsa key pair of 512 bits. System-view system view: return to user view with ctrl+z. [sysname] public-key local...
Page 791
1-12 notes: if the key modulus is greater than 512, it will take a few minutes. Input the bits in the modulus[default = 1024]:512 generating keys... .++++++++++++++++++++++++++++++++++++++++++++++++++* ........+......+.....+......................................+..+................ .......+............
Page 792
1-13 examples # destroy the rsa key pair of the current switch. System-view system view: return to user view with ctrl+z. [sysname]public-key local destroy dsa % confirm to destroy these keys? [y/n]:y ...... # destroy the dsa key pair of the current switch. System-view system view: return to user vi...
Page 793
1-14 related commands: public-key local create, rsa local-key-pair create. Examples # generate an rsa key pair. System-view [sysname] public-key local create rsa the range of public key size is (512 ~ 2048). Notes: if the key modulus is greater than 512, it will take a few minutes. Input the bits in...
Page 794
1-15 description use the public-key local export dsa command to display the public key of the current switch’s dsa key pair on the screen or export it to a specified file. If you specify a filename, the public key will be exported to the file and the file will be saved. If you do not specify any fil...
Page 795
1-16 ---- end ssh2 public key ---- # export the public key in openssh format. System-view [sysname] public-key local export dsa openssh key.Pub public-key peer syntax public-key peer keyname undo public-key peer keyname view system view parameters keyname: name of the public key, a string of 1 to 64...
Page 796
1-17 view system view parameters keyname: name of the public key , a string of 1 to 64 characters. Filename: name of a public key file, a string of 1 to 142 characters. For file naming rules, refer to file system management command. Description use the public-key peer import sshkey command to import...
Page 797
1-18 related commands: rsa peer-public-key, public-key peer, public-key-code end. Examples # enter public key edit view and input a public key. System-view system view: return to user view with ctrl+z. [sysname] rsa peer-public-key switch003 rsa public key view: return to system view with "peer-publ...
Page 798
1-19 [sysname-rsa-public-key] public-key-code begin rsa key code view: return to last view with "public-key-code end". [sysname-rsa-key-code] 308186028180739a291abda704f5d93dc8fdf84c427463 [sysname-rsa-key-code] 1991c164b0df178c55fa833591c7d47d5381d09ce82913 [sysname-rsa-key-code] d7edf9c08511d83ca4...
Page 799
1-20 ........................++++++ .......++++++ .................................++++++++ ...++++++++ ........Done! # display the public key part of the current switch’s rsa key pair(s). [sysname] display rsa local-key-pair public ===================================================== time of key p...
Page 800
1-21 view system view parameters none description use the rsa local-key-pair destroy command to destroy the current switch’s rsa key pair. Related commands: rsa local-key-pair create. Examples # destroy the current switch’s rsa key pair. System-view system view: return to user view with ctrl+z. [sys...
Page 801
1-22 examples # enter switch002 public key view. System-view system view: return to user view with ctrl+z. [sysname] rsa peer-public-key switch002 rsa public key view: return to system view with "peer-public-key end". [sysname-rsa-public-key] rsa peer-public-key import sshkey syntax rsa peer-public-...
Page 804
1-25 if a pair of ssh peers are both switches that support both dsa and rsa, you must configure the dsa public key of the server on the client. Related command: ssh client first-time enable. Examples # specify the name of the dsa public key of the server (whose ip address is 192.168.0.1) as pub.Ppk ...
Page 805
1-26 by default, the client is enabled to run first-time authentication. Examples # disable the client to run first-time authentication. System-view system view: return to user view with ctrl+z. [sysname] undo ssh client first-time ssh server authentication-retries syntax ssh server authentication-r...
Page 806
1-27 ssh server compatible-ssh1x enable syntax ssh server compatible-ssh1x enable undo ssh server compatible-ssh1x view system view parameters none description use the ssh server compatible-ssh1x enable command to make the server compatible with ssh1.X clients. Use the undo ssh server compatible-ssh...
Page 807
1-28 description use the ssh server rekey-interval command to set the interval to update the rsa server keys regularly. Use the undo ssh server rekey-interval command to cancel the current configuration. By default, the update interval is zero, which indicates the system does not update the server k...
Page 808
1-29 ssh user syntax ssh user username undo ssh user username view system view parameters username: ssh user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (), and the vertical bar...
Page 811
1-32 you need to specify the authentication mode for an ssh user. Otherwise, the user will not be able to log in to the ssh server. Related commands: display ssh user-information. Examples # specify the publickey authentication for ssh users. System-view system view: return to user view with ctrl+z....
Page 812
1-33 examples # specify that user kk can access sftp service. System-view system view: return to user view with ctrl+z. [sysname] ssh user kk service-type sftp # display ssh user information. [sysname] display ssh user-information username authentication-type user-public-key-name service-type kk pub...
Page 813
1-34 z md5_96: hmac-md5-96 algorithm. Z des (data encryption standard) is a standard data encryption algorithm. Z aes (advanced encryption standard) is an advanced encryption standard algorithm. Description use the ssh2 command to start the ssh client to establish a connection with an ssh server, an...
Page 814: Table of Contents
I table of contents 1 file system management configuration commands ············································································1-1 file system configuration commands ···································································································1-1 cd ···········...
Page 815: Commands
1-1 1 file system management configuration commands s3100 series ethernet switches allow you to input a file path and file name in one of the following ways: z in universal resource locator (url) format and starting with “unit1>flash:/”. Or “flash:/” this method is used to specify a file in the curr...
Page 816
1-2 description use the cd command to enter a specified directory on the ethernet switch. The default directory when a user logs onto the switch is the root directory of flash memory. Example # enter the directory named test from the root directory. Cd test # return to the upper directory. Note that...
Page 818
1-4 delete the backup config file? [y/n]: delete the backup web file? [y/n]: the corresponding files will be deleted after you choose yes. For deleted files whose names are the same, only the latest deleted file is stored in the recycle bin and can be restored. Example # delete the file test/test.Tx...
Page 819
1-5 z if executed with the /all keyword, the command will display information about all files, including the files in the recycle bin. If executed without the /all keyword, the command will not display the files in the recycle bin. Z if executed with the file-url argument, the command will display i...
Page 820
1-6 (*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute execute syntax execute filename view system view parameter filename: batch file, with the extension .Bat. Description use the execute commandto execute the specified batch file. Executing a batch file i...
Page 821
1-7 parameter alert: specifies to prompt for confirmation before performing file-related operations that have potential risks. Quiet: specifies to disable prompts for file-related operations. Description use the file prompt command to configure the prompt mode for file-related operations. By default...
Page 822
1-8 description use the fixdisk command to restore space on the flash memory. In case that space on the flash memory may become unavailable for reasons such as abnormal operations, you can run this command to restore the space. Example # restore space on the flash memory. Fixdisk unit1>flash: fixdis...
Page 823
1-9 parameter directory: name of a directory. Description use the mkdir command to create a subdirectory in the specified directory of a flash memory. Note that: z the name of the subdirectory to be created must be unique under the specified directory. Otherwise, you will fail to create the subdirec...
Page 824
1-10 this file (the project file) contains information at the project level and is used to build a single project or subproject. Other users can share the project (.Dsp) file, but they should export the makefiles locally. # display the content of the file testcfg.Cfg. More testcfg.Cfg # sysname sysn...
Page 825
1-11 the file unit1>flash:/test/22.Txt exists. Overwrite it?[y/n]:y the file will be permanently deleted from flash, please wait. .... %moved file unit1>flash:/22.Txt to unit1>flash:/test/22.Txt. Pwd syntax pwd view user view parameter none description use the pwd command to display the current work...
Page 826
1-12 %renamed file unit1>flash:/config.Txt to unit1>flash:/config.Bak. Reset recycle-bin syntax reset recycle-bin [ file-url ] [ /force] view user view parameter file-url: path name or file name of a file in the flash memory. This argument supports the wildcard “*”. For example, *.Txt means all the ...
Page 827
1-13 //the above information indicates that in directory flash:, there are two files a.Cfg and b.Cfg in the recycle bin. Z delete the files in directory flash: that are already in the recycle bin. Reset recycle-bin clear flash:/~/a.Cfg ?[y/n]:y clearing files from flash may take a long time. Please ...
Page 828
1-14 parameter directory: name of a directory. Description use the rmdir command to delete a directory. As only empty directories can be deleted, you need to clear a directory before deleting it. Example # delete the directory named dd. Rmdir dd rmdir unit1>flash:/dd?[y/n]:y .... %removed directory ...
Page 829
1-15 parameter all: specifies all the files, including app files, configuration files and web files. App: specifies app files. Configuration: specifies configuration files. Web: specifies web files. Description use the boot attribute-switch command to switch between the main and backup attribute for...
Page 830
1-16 view user view parameter file-url: path or the name of the app file in the flash memory, a string comprising 1 to 64 characters. Description use the boot boot-loader backup-attribute command to configure an app file of the device to be with the backup attribute. The app file specified by this c...
Page 831
1-17 example # configure the web file named boot.Web to be with the main attribute. Boot web-package boot.Web main display boot-loader syntax display boot-loader [ unit unit-id ] view any view parameter unit unit-id: specifies the unit id of a switch. You cannot choose any other number except 1 for ...
Page 832
1-18 example # display information about the web file used by the device. Display web package the current using web package is: flash:/h3c-http3.1.5-0040.Web the main web package is: unit1>flash:/h3c-http3.1.5-0040.Web the backup web package is: unit1>flash:/ startup bootrom-access enable syntax sta...
Page 833: Table of Contents
I table of contents 1 ftp and sftp configuration commands ·······························································································1-1 ftp server configuration commands····································································································1-1 displa...
Page 834
Ii help ················································································································································1-25 ls ············································································································································...
Page 835
1-1 1 ftp and sftp configuration commands ftp server configuration commands display ftp-server syntax display ftp-server view any view parameters none description use the display ftp-server command to display the ftp server-related settings of a switch when it operates as an ftp server, including st...
Page 836
1-2 the h3c s3100 series ethernet switch supports one user access at one time when it serves as the ftp server. Display ftp-user syntax display ftp-user view any view parameters none description use the display ftp-user command to display the information of the ftp users that have logged in to the s...
Page 837
1-3 field description port port used when the ftp client logs in idle idle time of the ftp client homedir the initial work path configured for the ftp user, namely, the path where the user locates after he logs in. Ftp disconnect syntax ftp disconnect user-name view system view parameters user-name:...
Page 838
1-4 ftp server enable syntax ftp server enable undo ftp server view system view parameters none description use the ftp server enable command to enable the ftp server function of the switch. Use the undo ftp server command to disable the ftp server function of the switch. By default, the ftp server ...
Page 839
1-5 parameters minutes: idle timeout time (in minutes), in the range 1 to 35791. Description use the ftp timeout command to set the idle timeout time of an ftp client. When the idle time of the ftp client exceeds this timeout time, the ftp server terminates the connection with the ftp client. Use th...
Page 840
1-6 description use the ascii command to specify that files be transferred in ascii mode, which is used for transferring text files. By default, files are transferred in ascii mode. Related commands: binary. Examples # specify to transfer text files in ascii mode. [ftp] ascii 200 type set to a. Bina...
Page 841
1-7 description use the bye command to terminate the control connection and data connection with the ftp server and return to user view. This command has the same effect as that of the quit command. Examples # terminate the connections with the remote ftp server and return to user view. [ftp] bye 22...
Page 842
1-8 description use the cdup command to exit the current working directory and enter the parent directory. The parent directory must be a directory that a user is authorized to access; otherwise, the command cannot be executed. Related commands: cd, pwd. Examples # change the working directory to fl...
Page 843
1-9 parameters remotefile: name of the file to be deleted. Description use the delete command to delete a specified remote file. Examples # delete the file temp.C. [ftp] delete temp.C 250 dele command successful. Dir syntax dir [ filename [ localfile ] ] view ftp client view parameters filename: nam...
Page 844
1-10 -rwxrwxrwx 1 noone nogroup 2833 may 11 17:58 config.Cfg -rwxrwxrwx 1 noone nogroup 225295 apr 26 12:21 default.Diag -rwxrwxrwx 1 noone nogroup 377424 apr 30 16:58 switch.Btm drwxrwxrwx 1 noone nogroup 0 apr 28 11:41 test -rwxrwxrwx 1 noone nogroup 2145 apr 28 13:13 test.Txt -rwxrwxrwx 1 noone n...
Page 845
1-11 view user view parameters cluster: connects to the configured ftp server of a cluster. For the configuration of the ftp server of a cluster, refer to the cluster part of this manual. Remote-server: host name or ip address of an ftp server, a string of 1 to 20 characters. Port-number: port numbe...
Page 846
1-12 when using the get command to download files from a remote ftp server, note to limit the length of file path and file name within the following ranges: z a directory name should be no more than 91 characters. Z a file name plus its local path name should be no more than 127 characters. Z a devi...
Page 847
1-13 view ftp client view parameters remotefile: name of the file to be queried. Localfile: name of the local file where the querying result is to be saved. Description use the ls command to display the information about a specified file on an ftp server. If you do not specify the remotefile argumen...
Page 848
1-14 view ftp client view parameters pathname: name of the directory to be created. Description use the mkdir command to create a directory on an ftp server. This command is available only to the ftp clients that are assigned the permission to create directories on ftp servers. Related commands: dir...
Page 849
1-15 password: 230 user logged in. Passive syntax passive undo passive view ftp client view parameters none description use the passive command to set the data transfer mode to the passive mode. Use the undo passive command to set the data transfer mode to the active mode. By default, the passive mo...
Page 850
1-16 remotefile: file name used after a file is uploaded and saved on an ftp server. Description use the put command to upload a local file on an ftp client to an ftp server. If you do not specify the remotefile argument, the local file is saved on the ftp server with its original name. Examples # u...
Page 851
1-17 description use the quit command to terminate ftp control connection and ftp data connection and return to user view. This command has the same effect as that of the bye command. Examples # terminate the ftp control connection and ftp data connection and return to user view. [ftp] quit 221 serv...
Page 852
1-18 view ftp client view parameters remote-source: name of a file on a remote host. Remote-dest: destination file name. Description use the rename command to rename a file on a remote ftp server. If the destination file name conflicts with the name of an existing file or directory, you will fail to...
Page 853
1-19 parameters username: username used to log in to an ftp server. Password: password used to log in to an ftp server. Description use the user command to log in to an ftp server with the specified username and password. Examples # log in to the ftp server using the user account with the username t...
Page 854
1-20 the above output indicates that if the verbose function is disabled, only execution information of users’ operations is obtained from the system of the switch, while the output information beginning with three-digit numbers cannot be returned to the users. For the description of the numbers at ...
Page 855
1-21 use the undo sftp timeout command to restore the idle timeout time to the default value. If the idle timeout time exceeds the specified threshold, the system disconnects the sftp user automatically. Examples # set the idle timeout time to 500 minutes. System-view system view: return to user vie...
Page 856
1-22 description use the cd command to change the working path on the remote sftp server. If no remote path is specified, this command displays the current working path. Z use the cd .. Command to return to the parent directory. Z use the cd / command to return to the root directory. Examples # chan...
Page 857
1-23 view sftp client view parameters remote-file&: name of a file on the server. & indicates that up to ten file names can be input. These file names should be separated by spaces. Description use the delete command to delete a specified file from the remote sftp server. This command has the same e...
Page 858
1-24 -rwxrwxrwx 1 noone nogroup 1759 aug 23 06:52 config.Cfg -rwxrwxrwx 1 noone nogroup 225 aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 aug 24 07:39 pubkey1 -rwxrwxrwx 1 noone nogroup 225 sep 28 08:28 pub1 drwxrwxrwx 1 noone nogroup 0 sep 28 08:24 new1 drwxrwxrwx 1 noone nogroup 0 sep 28 08:...
Page 859
1-25 examples # download the file tt.Bak and save it with the name tt.Txt. Sftp-client>get tt.Bak tt.Txt.... This operation may take a long time, please wait... Remote file:tt.Bak ---> local file: tt.Txt.. Received status: end of file received status: success downloading file successfully ended help...
Page 860
1-26 if -a or -l is not specified, the command displays details about the files and folders in the specified directory in a list. If no remote path is specified, this command displays the files in the current working directory. This command has the same effect as that of the dir command. Examples # ...
Page 861
1-27 parameters local-file: name of a local file. Remote-file: name of a file on the remote sftp server. Description use the put command to upload a local file to the remote sftp server. By default, the local file name is used for the remote file if no remote file name is specified. Examples # uploa...
Page 862
1-28 description use the quit command to terminate a connection with the remote sftp server and return to system view. This command has the same effect as that of the commands bye and exit. Examples # terminate a connection with the remote sftp server. Sftp-client> quit bye [sysname] remove syntax r...
Page 863
1-29 parameters oldname: old file name. Newname: new file name. Description use the rename command to rename a specified file on the remote sftp server. Examples # change the file name temp.Bat to temp.Txt. Sftp-client> rename temp.Bat temp.Txt file successfully renamed rmdir syntax rmdir remote-pat...
Page 864
1-30 view system view parameters host-ip: ip address of the server. Host-name: host name of the server, a string of 1 to 20 characters. Port-num: port number of the server, in the range of 0 to 65535. The default value is 22. Identity-key: the public key algorithm used by the publickey authenticatio...
Page 865
1-31 do you want to save the server's public key?(y/n):y enter password: sftp-client>.
Page 867
2-2 parameters tftp-server: ip address or the host name of a tftp server, a string of 1 to 20 characters. If the switch belongs to a cluster, the value cluster means to connect to the tftp server of the cluster. For the configuration of the tftp server of a cluster, refer to the cluster part in this...
Page 868
2-3 tftp put syntax tftp tftp-server put source-file [ dest-file ] view user view parameters tftp-server: ip address or the host name of a tftp server, a string of 1 to 20 characters. If the switch belongs to a cluster, the value cluster means to connect to the tftp server of the cluster. For the co...
Page 869
2-4 use the undo tftp-server acl command to cancel all acls adopted. Examples # specify to adopt acl 2000 on the tftp client. System-view system view: return to user view with ctrl+z. [sysname] tftp-server acl 2000
Page 870: Table of Contents
I table of contents 1 information center configuration commands ·······················································································1-1 information center configuration commands ························································································1-1 display cha...
Page 872
1-2 related command: info-center enable, info-center loghost, info-center logbuffer, info-center console channel, info-center monitor channel, info-center trapbuffer, info-center snmp channel, info-center timestamp example # display the operation status of information center, the configuration of in...
Page 873
1-3 field description trap buffer information about the trap buffer, including its state (enabled or disabled), maximum size, current size, current messages, channel number and name, number of dropped messages, and number of overwritten messages information timestamp setting: information about the t...
Page 874
1-4 description use the display logbuffer command to display the status of the log buffer and the records in the log buffer. Example # display the status of the log buffer and the records in the log buffer. Display logbuffer logging buffer configuration and contents:enabled allowed max buffer size :...
Page 875
1-5 parameter level severity: specifies an information severity level. The severity argument ranges from 1 to 8. Description use the display logbuffer summary command to display the statistics of the log buffer. Example # display the summary of the log buffer. Display logbuffer summary emerg alert c...
Page 876
1-6 #apr 2 00:17:47:875 2006 sysname l2inf/2/port link status change:- 1 - trap 1.3.6.1.6.3.1.1.5.3(linkdown): portindex is 4227833, ifadminstatus is 2, ifoperstatus is 2 …… info-center channel name syntax info-center channel channel-number name channel-name undo info-center channel channel-number v...
Page 877
1-7 parameter channel-number: channel number, ranging from 0 to 9, corresponding to the 10 channels of the system. Channel-name: channel name, by default, the name of channel 0 to channel 9 is (in turn) console, monitor, loghost, trapbuffer, logbuffer, snmpagent, channel6, channel7, channel8, channe...
Page 879
1-9 parameter host-ip-addr: ip address of a log host. Channel: sets the information channel for the log host. Channel-number: channel number, ranging from 0 to 9, corresponding to the 10 channels of the system. Channel-name: channel name, by default, the name of channel 0 to channel 9 is (in turn) c...
Page 880
1-10 parameter interface-type: specifies an interface type. Interface-number: specifies an interface number. Description use the info-center loghost source command to configure the source interface through which information is sent to the log host. Use the undo info-center loghost source command to ...
Page 882
1-12 log: specifies to output log information. Trap: specifies to output trap information. Debug: specifies to output debugging information. Level severity: specifies an information severity level. For the value of severity, refer to table 1-2 . State state: configures whether to output the system i...
Page 883
1-13 table 1-4 default output rules for different output destinations log trap debug output destinati on modules allowed enabled/ disabled severity enabled/ disabled severity enabled/ disabled severity console default (all modules) enabled warnings enabled debugging enabled debugging monitor termina...
Page 884
1-14 parameter none description use the info-center synchronous command to enable synchronous information output, so that if system information (such as log information) is output when the user is inputting information, the command prompt and the input information are echoed after the output (note t...
Page 885
1-15 date: the current system date and time, in the format of “mmm dd hh:mm:ss:sss yyyy”. Z mmm: the abbreviations of the months in english, which could be jan, feb, mar, apr, may, jun, jul, aug, sep, oct, nov, or dec. Z dd: the date, starting with a space if less than 10, for example “ 7”. Z hh:mm:...
Page 886
1-16 example # set the no-year-date time stamp for the output information sent to the log host. System-view system view: return to user view with ctrl+z. [sysname] info-center timestamp loghost no-year-date info-center timestamp utc syntax info-center timestamp utc undo info-center timestamp utc vie...
Page 888
1-18 description use the reset logbuffer command to clear information recorded in the log buffer. Example # clear information recorded in the log buffer. Reset logbuffer reset trapbuffer syntax reset trapbuffer [ unit unit-id ] view user view parameter unit-id: unit id of the device, the value can o...
Page 889
1-19 example # enable debugging terminal display. Terminal debugging terminal logging syntax terminal logging undo terminal logging view user view parameter none description use the terminal logging command to enable log terminal display. Use the undo terminal logging command to disable log terminal...
Page 890
1-20 z disabling the function has the same effect as executing the following three commands: undo terminal debugging, undo terminal logging and undo terminal trapping. That is, no debugging/log/trap information will be displayed on the current terminal. Z if the function is enabled, you can run the ...
Page 891: Table of Contents
I table of contents 1 basic system configuration and debugging commands·····································································1-1 basic system configuration commands ································································································1-1 clock datetime······...
Page 892
Ii reboot·············································································································································3-13 schedule reboot at ·························································································································3-14 ...
Page 894
1-2 view user view parameter zone-name: name of the summer time, a string of 1 to 32 characters. One-off: sets the summer time for only one year (the specified year). Repeating: sets the summer time for every year starting from the specified year. Start-time: start time of the summer time, in the fo...
Page 895
1-3 add: specifies to add a time value based on the universal time coordinated (utc) time to generate a later time. Minus: specifies to subtract a time value based on the utc time to generate an earlier time. Hh:mm:ss: time to be added or subtracted from the utc time, in the form of hh:mm:ss. Descri...
Page 896
1-4 [sysname] quit return syntax return view views other than user view parameter none description use the return command to return from current view to user view. The composite key has the same effect with the return command. Related command: quit. Example # return from interface view to user view....
Page 897
1-5 example # set the system name of the ethernet switch to lanswitch. System-view system view: return to user view with ctrl+z. [sysname] sysname lanswitch [lanswitch] system-view syntax system-view view user view parameter none description use the system-view command to enter system view from user...
Page 898
1-6 example # display the current date and time of the system. Display clock 18:36:31 beijing sat 2002/02/02 time zone : beijing add 01:00:00 summer-time : bj one-off 01:00:00 2003/01/01 01:00:00 2003/08/08 01:00:00 table 1-1 field description of the display clock command field description 18:36:31 ...
Page 899
1-7 view any view parameter none description use the display version command to display the version information about the switch system. Specifically, you can use this command to check the software version and release time, the basic hardware configuration, and some other information about the switc...
Page 900
1-8 description use the debugging command to enable system debugging. Use the undo debugging command to disable system debugging. By default, all debugging is disabled for the system. Note that: z enabled debugging will generate a great deal of debugging information and thus will affect the efficien...
Page 901
1-9 # display the diagnostic information of the system. Display diagnostic-information this operation may take a few minutes, continue?[y/n]y diagnostic-information is saved to flash or displayed(y=save n=display)?[y/n]n -------------------- display version -------------------- …… terminal debugging...
Page 902
1-10 command alias configuration commands command-alias enable syntax command-alias enable undo command-alias enable view system view default level 2: system level parameters none description use the command-alias enable command to enable the command alias function. Use the undo command-alias enable...
Page 903
1-11 description use the command-alias mapping command to configure command aliases. Use the undo command-alias mapping command to delete command aliases. By default, a command has no alias. Z when configuring a command alias, the cmdkey argument must be a complete keyword; otherwise, the system pro...
Page 904
2-1 2 network connectivity test commands network connectivity test commands ping syntax ping [ -a ip-address ] [ -c count ] [ -d ] [ -f ] [ -h ttl ] [ -i interface-type interface-number ] [ ip ] [ -n ] [ - p pattern ] [ -q ] [ -s packetsize ] [ -t timeout ] [ -tos tos ] [ -v ] host view any view par...
Page 905
2-2 -t timeout: specifies the timeout time (in milliseconds) before an icmp echo-reply packet is received after an icmp echo-request packet is sent. The timeout argument ranges from 0 to 65535 ms and defaults to 2,000 ms. -tos tos: specifies the tos value of the icmp echo-request packets in the rang...
Page 906
2-3 tracert syntax tracert [ -a source-ip ] [ -f first-ttl ] [ -m max-ttl ] [ -p port ] [ -q num-packet ] [ -w timeout ] string view any view parameter -a source-ip: specifies the source interface ip address used by this command. -f first-ttl: specifies the initial ttl value of the packets to be sen...
Page 907
2-4 example # trace the gateways that the packets pass through to the destination with ip address 18.26.0.115. Tracert 18.26.0.115 tracert to 18.26.0.115 (18.26.0.115), 30 hops max,40 bytes packet 1 128.3.112.1 (128.3.112.1) 0 ms 0 ms 0 ms 2 128.32.216.1 (128.32.216.1) 19 ms 19 ms 19 ms 3 128.32.206...
Page 909
3-2 description use the boot bootrom command to update the boot rom. The updated boot rom is used at next startup. Example # update the boot rom of the switch using the file named switch.Btm. Boot bootrom switch.Btm this will update bootrom on unit 1. Continue? [y/n] y upgrading bootrom, please wait...
Page 910
3-3 view any view parameter unit-id: unit id of a switch, the value can only be 1. Description use the display cpu command to display the cpu usage. Example # display the cpu usage of this switch. Display cpu unit 1 board 0 cpu busy status: 16% in last 5 seconds 16% in last 1 minute 16% in last 5 mi...
Page 911
3-4 example # display board information of this switch. Display device unit 1 slotno subsno portnum pcbver fpgaver cpldver bootromver addrlm type state 0 0 24 rev.A null 001 506 ivl main normal 0 1 1 rev.A null null null ivl combo tbd normal 0 2 1 rev.A null null null ivl combo tbd normal table 3-3 ...
Page 912
3-5 subslot 1: normal temperature subslot 2: normal temperature power 1: normal temperature power 2: normal temperature display fan syntax display fan [ unit unit-id [ fan-id ]] view any view parameter unit-id: unit id of a switch. Fan-id: id number of a fan. Description use the display fan command ...
Page 913
3-6 example # display the memory usage of this switch. Display memory unit 1 system available memory(bytes): 28486656 system used memory(bytes): 13180084 used rate: 46% table 3-4 description for the fields of the display memory command field description system available memory(bytes) available memor...
Page 914
3-7 parameter none description use the display schedule reboot command to display information about scheduled reboot. Related command: schedule reboot at, schedule reboot delay. Example # display the information about scheduled reboot. Display schedule reboot system will reboot at 16:00:00 2002/11/1...
Page 915
3-8 field remarks voltage high voltage is high. Voltage low voltage is low. Transceiver info i/o error transceiver information read and write error transceiver info checksum error transceiver information checksum error transceiver type and port configuration mismatch transceiver type does not match ...
Page 916
3-9 field remarks receive optical power fault receive optical power fault pma/pmd receiver local fault pma/pmd (physical medium attachment/physical medium dependent) receiver local fault pcs receive local fault pcs (physical coding sublayer) receiver local fault phy xs receive local fault phy xs (ph...
Page 917
3-10 table 3-6 description on the fields of display transceiver alarm interface field description transceiver current alarm information current alarm information of the transceiver tx fault tx fault display transceiver diagnosis interface syntax display transceiver diagnosis interface [ interface-ty...
Page 918
3-11 display transceiver interface syntax display transceiver interface [ interface-type interface-number ] view any view parameters interface-type interface-number: interface type and interface number. Description use the display transceiver interface command to display main parameters of a single ...
Page 919
3-12 field description transfer distance(xx) transfer distance, with xx representing km for single-mode transceivers and m for other transceivers. If the transceiver supports multiple transfer medium, every two values of the transfer distance are separated by a comma. The corresponding transfer medi...
Page 920
3-13 table 3-9 description on the fields of display transceiver manuinfo interface field description manu. Serial number serial number generated during debugging and testing manufacturing date debugging and testing date.. The date takes the value of the system clock of the computer that performs deb...
Page 921
3-14 description use the reboot command to restart a specified ethernet switch. Before rebooting, the system checks whether there is any configuration change. If yes, it prompts whether or not to proceed. This prevents the system from losing the configurations in case of shutting down the system wit...
Page 922
3-15 by default, no scheduled reboot is set on the switch. The switch timer can be set to a precision of one minute, that is, the switch will reboot within one minute after the specified reboot date and time. After you execute the schedule reboot at command with a specified future date, the switch w...
Page 923
3-16 use the undo schedule reboot command to cancel the scheduled reboot. By default, no scheduled reboot is set on the switch. The switch timer can be set to a precision of one minute, that is, the switch will reboot within one minute after the specified reboot date and time. You can set the reboot...
Page 924
3-17 use the schedule reboot regularity command to enable the periodical reboot of the switch and set the reboot time. Use the undo schedule reboot regularity command to cancel the configured reboot period. By default, the reboot period of the switch is not configured. The switch timer can be set to...
Page 925
3-18 by default, real-time monitoring of the running status of the system is enabled. Enabling of this function consumes some amounts of cpu resources. Therefore, if your network has a high cpu usage requirement, you can disable this function to release your cpu resources. Example # disable real-tim...
Page 926
4-1 4 scheduled task configuration commands scheduled task configuration commands display job syntax display job[ job-name ] view any view default level 1: monitor level parameters job-name: name of a scheduled task, a string of 1 to 32 characters. When executed without the job-name argument, the co...
Page 927
4-2 job syntax job job-name undo job job-name view system view default level 3: manage level parameters job-name: name of a scheduled task, a string of 1 to 32 characters. You can configure multiple scheduled tasks, with each task uniquely identified by the string. You can create up to 100 scheduled...
Page 928
4-3 view scheduled task view default level 3: manage level parameters time time-id: time record, where time-id is an integer ranging from 1 to 10, indicating that you can configure up to ten time records for one scheduled task. One-off: specifies that the specified command(s) are executed for once, ...
Page 929
4-4 examples # configure a scheduled task so that poe can be enabled on the device at eight am from monday to friday. [sysname-job-phone] time 1 repeating at 8:00 week-day mon tue wed thu fri command poe enable # configure a scheduled task so that poe can be disabled on the device on sixth april 200...
Page 930
4-5 return [sysname-job-saveconfig] view system [sysname-job-saveconfig] display this # job saveconfig view system # return.
Page 931: Table of Contents
I table of contents 1 vlan-vpn configuration commands ·····································································································1-1 vlan-vpn configuration commands ····································································································1-1 displ...
Page 932
1-1 1 vlan-vpn configuration commands vlan-vpn configuration commands display port vlan-vpn syntax display port vlan-vpn view any view parameters none description use the display port vlan-vpn command to display the information about vlan-vpn configuration of the current system. Related commands: vl...
Page 933
1-2 vlan-vpn enable syntax vlan-vpn enable undo vlan-vpn view ethernet port view parameters none description use the vlan-vpn enable command to enable the vlan-vpn feature for a port. Use the undo vlan-vpn command to disable the vlan-vpn feature for a port. By default, the vlan-vpn feature is disabl...
Page 934
1-3 syntax vlan-vpn tpid value undo vlan-vpn tpid view system view parameters value: user-defined tpid value (in hexadecimal format), in the range 0x0001 to 0xffff. Description use the vlan-vpn tpid command to set the global tpid value. With the tpid value set , the port fills the value to the tpid ...
Page 936
2-2 a packet cannot be tagged with different outer vlan tags. To change the outer vlan tag of a packet, you need to remove the existing outer vlan tag configuration and configure a new outer vlan tag. Before configuring this command in qinq view, you need to use the vlan-vpn vid command to configure...
Page 937
2-3 system-view system view: return to user view with ctrl+z. [sysname] vlan-vpn vid 20 [sysname-vid-20] raw-vlan-id inbound 2 to 14 vlan-vpn selective enable syntax vlan-vpn selective enable undo vlan-vpn selective enable view ethernet port view parameter none description use the vlan-vpn selective...
Page 938
3-1 3 vlan mapping configuration commands this chapter is only applicable to s3100-ei series switches. Vlan mapping configuration commands vlan-mapping syntax vlan-mapping vlan old-vlan-id remark new-vlan-id undo vlan-mapping vlan old-vlan-id view system view, ethernet port view parameter vlan old-v...
Page 939
3-2 by default, no global vlan mapping rule or port-level vlan mapping rule is defined. Z a port that is in a link aggregation port group cannot have the vlan mapping feature enabled. Z the vlan mapping function and the protocol-based vlan function are mutually exclusive on the same port. Z to modif...
Page 940
3-3 by default, the vlan mapping function is disabled. Z a port that is in a link aggregation port group cannot have the vlan mapping feature enabled. Z with port-based vlan mapping rules configured for a port, the vlan mapping function is enabled on the port at the same time. In this case, the vlan...
Page 942
4-2 value description vtp enable/disable bpdu tunnel for vlan trunk protocol (vtp). Udld enable/disable bpdu tunnel for uni-directional link direction (udld). All: disables bpdu tunnel for all protocol packets. Description use the bpdu-tunnel command to enable bpdu tunnel on a port, so that packets ...
Page 943
4-3 view system view parameters mac-address: destination mac address to be assigned to the protocol packets transmitted along a bpdu tunnel. This argument must be a multicast mac address. Description use the bpdu-tunnel tunnel-dmac command to configure the destination mac address for protocol packet...
Page 944
4-4 description use the display bpdu-tunnel command to display the private multicast mac address configured for protocol packets transmitted along the bpdu tunnel(s). Related commands: bpdu-tunnel tunnel-dmac. Examples # display the private multicast mac address configured for packets transmitted al...
Page 945: Table of Contents
I table of contents 1 hwping commands ··································································································································1-1 hwping client commands ·········································································································...
Page 946
Ii ttl ····················································································································································1-37 username····································································································································...
Page 947: Hwping Commands
1-1 1 hwping commands hwping client commands adv-factor syntax adv-factor adv-number undo adv-factor view hwping test group view parameters adv-number: advantage factor, used to count mos and icpif value in a jitter voice test. It is in the range 0 to 20 and defaults to 0. Description use the adv-fa...
Page 948
1-2 view hwping test group view parameters times: number of probes in each hwping test. The times argument ranges from 1 to 15. Description use the count command to set the number of probes in each hwping test. Use the undo count command to restore the default. For tests except jitter test, only one...
Page 949
1-3 note that: z the configuration of a padding character string is only supported by icmp, udp and jitter tests. Z a portion of a test packet is reserved and the padding character string is padded to the rest part. The length of the reserved part varies depending on the test type. Table 1-1 describ...
Page 950
1-4 test type code range default value udp none 4-8100 100 other none 4-8100 0 description use the datasize command to configure the size of a test packet in a test. Use the undo datasize command to restore the default. The configuration of packet size is only supported by icmp, udp and jitter tests...
Page 951
1-5 undo destination-ip view hwping test group view parameters ip-address: destination ip address of an hwping (pronounced hua’wei ping) test. Description use the destination-ip command to configure a destination ip address of an hwping test. Use the undo destination-ip command to remove the configu...
Page 952
1-6 by default, no destination port number is configured for a test. Related commands: destination-ip. Z the destination-port command has effect on jitter, tcp-private, and udp-private tests only. Z it is not recommended to perform a tcp, udp, or jitter test on a well-known port (ports with a number...
Page 953
1-7 examples # display the test results of the test group with administrator name administrator, and operation tag icmp. Display hwping results administrator icmp hwping entry(admin administrator, tag icmp) test result: destination ip address:10.2.2.2 send operation times: 10 receive response times:...
Page 954
1-8 # display the history records of hwping tests. Display hwping history administrator icmp hwping entry(admin administrator, tag icmp) history record: index response status lastrc time 1 1 1 0 2004-11-25 16:28:55.0 2 1 1 0 2004-11-25 16:28:55.0 3 1 1 0 2004-11-25 16:28:55.0 4 1 1 0 2004-11-25 16:2...
Page 955
1-9 square-sum of round trip time: 729 last succeeded test time: 2000-4-2 3:45:36.8 extend result: sd maximal delay: 0 ds maximal delay: 0 packet lost in test: 0% disconnect operation number: 0 operation timeout number: 0 system busy operation number: 0 connection fail number: 0 operation sequence e...
Page 956
1-10 # display the test results of the test group with administrator name administrator, and operation tag jitter. Display hwping results administrator jitter hwping entry(admin administrator, tag jitter) test result: destination ip address:10.2.2.2 send operation times: 100 receive response times: ...
Page 957
1-11 field description positive ds number number of positive jitter delays from the destination to the source positive sd sum sum of positive jitter delays from the source to the destination positive ds sum sum of positive jitter delays from the destination to the source positive sd average average ...
Page 958
1-12 # display the test results of the test group with administrator name administrator, and operation tag dns. Display hwping results administrator dns hwping entry(admin administrator, tag dns) test result: destination ip address:10.2.2.2 send operation times: 10 receive response times: 10 min/max...
Page 959
1-13 parameters administrator-name: name of the administrator creating the test. Operation-tag: test operation tag. Description use the display hwping statistics command to display test statistics. After a test begins, if all the probes in the first test have not been finished, when you use the comm...
Page 960
1-14 field description lifetime the time that a test lasts send operation times the number of the sent test packets. Receive response times the number of successful test attempts min/max/average round trip time roundtrip time in its minimum, maximum, and average square-sum of round trip time the squ...
Page 961
1-15 field description unknown result lost packet number the number of the lost packets for unknown reason dns-server syntax dns-server ip-address undo dns-server view hwping test group view parameters ip-address: ip address to be assigned to a domain name server (dns). Description use the dns-serve...
Page 962
1-16 view hwping test group view parameters domain-name: domain name to be resolved, in the range of 1 to 60 characters. Description use the dns resolve-target command to configure a domain name to be resolved. Use the undo resolve-target command to remove a domain name to be resolved. By default, n...
Page 963
1-17 the filename command applies to ftp tests only. Examples # specify to transmit config.Txt between hwping client and ftp server in an ftp test. System-view system view: return to user view with ctrl+z [sysname] hwping administrator ftp [sysname-hwping-administrator-ftp] test-type ftp [sysname-hw...
Page 964
1-18 [sysname-hwping-administrator-ftp] ftp-operation put [sysname-hwping-administrator-ftp] filesize 2000 frequency syntax frequency interval undo frequency view hwping test group view parameters interval: automatic test interval in seconds. It ranges from 0 to 65,535. Description use the frequency...
Page 965
1-19 parameters get: specifies the test operation as download from the ftp server. Put: specifies the test operation as upload to the ftp server. Description use the ftp-operation command to configure the ftp operation mode, which can be get and put. By default, the ftp operation mode is get. Relate...
Page 966
1-20 system view: return to user view with ctrl+z [sysname] hwping administrator icmp [sysname-hwping-administrator-icmp] history keep-time 240 history-record enable syntax history-record enable undo history-record enable view hwping test group view parameters none description use the history-record...
Page 967
1-21 parameters number: maximum number of history records that can be saved in a test group, in the range of 0 to 50, and 50 by default. Description use the history-records command to set the maximum number of history records that can be saved in a test group. Use the undo history-records to restore...
Page 968
1-22 [sysname] hwping administrator http [sysname-hwping-administrator-http] test-type http [sysname-hwping-administrator-http] http-operation post http-string syntax http-string string version undo http-string view hwping test group view parameters string: http operation string used to specify the ...
Page 969
1-23 parameters administrator-name: name of the administrator to create an hwping test group, a string of 1 to 32 characters. Operation-tag: operation tag, a string of 1 to 32 characters. Description use the hwping command to create an hwping test group and enter hwping test group view. If the speci...
Page 970
1-24 view system view parameters none description use the hwping-agent enable command to enable the hwping client function. Use the undo hwping-agent enable command to disable the hwping client function. By default, the hwping client function is disabled. You can perform tests only after you enable ...
Page 971
1-25 examples # set the maximum number of concurrent tests to 4. System-view system view: return to user view with ctrl+z [sysname] hwping-agent max-requests 4 jitter-interval syntax jitter-interval interval undo jitter-interval view hwping test group view parameters interval: interval in millisecon...
Page 972
1-26 view hwping test group view parameters number: number of packets to be transmitted in one probe for a jitter test, in the range of 10 to 1000. Description use the jitter-packetnum command to configure the number of packets to be sent in one probe for a jitter test. Use the undo jitter-packetnum...
Page 973
1-27 z to perform an ftp test successfully, the configured password must be consistent with the ftp user password configured on the server. Z this command applies to ftp tests only. Examples # set the password for logging into the ftp server as hwping in an ftp test. System-view system view: return ...
Page 975
1-29 with routing table bypass, a remote host can bypass the normal routing tables and send icmp packets directly to a host on an attached network. If the host is not on a directly connected network, an error is returned. You can use this function when pinging a local host on an interface that has n...
Page 976
1-30 z for dhcp tests, this command is required. For icmp tests, this command is optional. This command does not apply to other tests. Z for icmp tests, if a source ip address has been configured with the source-ip command, the source-interface command cannot change the configured ip address. Z for ...
Page 977
1-31 z for ftp tests, this command is required. This command does not apply to dhcp tests. For other tests, this command is optional. Z the specified source ip address by this command cannot be of an interface on a remote device, and the interface must be up; otherwise the test will fail. Examples #...
Page 979
1-33 description use the statistics keep-time command to configure the retaining time of the test statistics. Use the undo statistics keep-time command to remove your configuration and restore the default. Examples # configure the retaining time of the test statistics to 180 minutes. System-view sys...
Page 980
1-34 examples # set the test to start from 14:03 and last 3600 seconds. System-view system view: return to user view with ctrl+z [sysname] hwping administrator icmp [sysname-hwping-administrator-icmp] test-time begin 14:03:00 lifetime 3600 test-type syntax test-type type [ codec codec-value ] view h...
Page 981
1-35 examples # configure the test type as an ftp test. System-view system view: return to user view with ctrl+z [sysname] hwping administrator ftp [sysname-hwping-administrator-ftp] test-type ftp test-enable syntax test-enable undo test-enable view hwping test group view parameters none description...
Page 982
1-36 test-failtimes syntax test-failtimes times undo test-failtimes view hwping test group view parameters times: number of times of consecutive test failure, in the range of 1 to 15. Description use the test-failtimes command to configure the number of consecutive times an hwping test fails before ...
Page 983
1-37 examples # set the timeout time for one probe in an icmp test to 10 seconds. System-view system view: return to user view with ctrl+z [sysname] hwping administrator icmp [sysname-hwping-administrator-icmp] test-type icmp [sysname-hwping-administrator-icmp] timeout 10 tos syntax tos value undo t...
Page 984
1-38 view hwping test group view parameters number: time to live (ttl) value or lifetime of hwping test packets. It is in the range 1 to 255 and defaults to 20. Description use the ttl command to configure ttl of hwping test packets. Use the undo ttl command to restore the default ttl of hwping test...
Page 985
1-39 z to perform an ftp test successfully, the configured username must be consistent with the username configured on the ftp server. Z this command applies to ftp tests only. Examples # configure the username for logging into the ftp server in an ftp test as administrator. System-view system view:...
Page 986
1-40 related commands: hwping-agent enable, hwping-server tcpconnect, hwping-server udpecho. Examples # enable an hwping server. System-view system view: return to user view with ctrl+z [sysname] hwping-server enable hwping-server tcpconnect syntax hwping-server tcpconnect ip-address port-number und...
Page 987
1-41 parameters ip-address: ip address from which an hwping server performs udp listening. Port-number: port from which an hwping server performs udp listening. The value ranges from 1 to 49999. In is not recommended to use some special ports (that is, those used for fixed functions, such as port 17...
Page 988: Table of Contents
I table of contents 1 ipv6 configuration commands ················································································································1-1 basic ipv6 configuration commands ····································································································...
Page 989
Ii reset dhcp-snooping ipv6 all··········································································································1-41 reset dns ipv6 dynamic-host··········································································································1-41 reset ipv6 nd detect...
Page 990: Ipv6 Configuration Commands
1-1 1 ipv6 configuration commands basic ipv6 configuration commands dhcp-snooping ipv6 enable syntax dhcp-snooping ipv6 enable undo dhcp-snooping ipv6 enable view system view parameters none description use the dhcp-snooping ipv6 enable command to enable dhcpv6 snooping. Use the undo dhcp-snooping i...
Page 991
1-2 parameters number: maximum number of dhcpv6 snooping entries that can be learned by the interface,in the range of 0 to 1023. Description use the dhcp-snooping ipv6 max-learning-num command to configure the maximum number of dhcpv6 snooping entries that can be learned on the interface. Use the un...
Page 992
1-3 among s3100 series switches, only s3100-ei series switches support the two commands. Examples # specify ethernet1/0/1 as a trusted port . System-view [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] dhcp-snooping ipv6 trust display dhcp-snooping ipv6 syntax display dhcp-snooping ipv6 {...
Page 993
1-4 --- 0 dhcp-snooping ipv6 item(s) of unit 1 found --- display dns ipv6 dynamic-host syntax display dns ipv6 dynamic-host view any view parameters none description use the display dns ipv6 dynamic-host command to display ipv6 dynamic domain name information in the cache, including the domain name,...
Page 994
1-5 view any view parameters none description use the display ipv6 fib command to display all the ipv6 fib entries. The switch looks up a matching ipv6 fib entry for forwarding an ipv6 packet. Examples # display all the ipv6 fib entries. Display ipv6 fib fib table: total number of routes : 5 flag: u...
Page 995
1-6 field description flag route flag: “u” — usable route “g” — gateway route “h” — host route “b” — blackhole route “d” — dynamic route “s” — static route timestamp generation time of an fib entry interface interface from which a packet is forwarded display ipv6 host syntax display ipv6 host view a...
Page 997
1-8 table 1-4 description on the fields of the display ipv6 interface command field description vlan-interface1 current state vlan interface link state: z administratively down: indicates the vlan interface is administratively down; that is, the interface is shut down using the shutdown command. Z d...
Page 998
1-9 table 1-5 description on the fields of the display ipv6 interface brief command field description *down: administratively down the interface is down, that is, the interface is disabled by using the shutdown command. (s) : spoofing spoofing attribute of the interface, that is, the link protocol s...
Page 999
1-10 examples # display nd detection configuration. Display ipv6 nd detection nd detection is enabled in the following vlans: 2, 10 nd detection trust is configured on the following interfaces: interface trusted eth1/0/1 yes eth1/0/3 yes table 1-6 display ipv6 nd detection command output description...
Page 1000
1-11 state: u-untrusted t-trusted nd packets dropped by nd detection: interface packets dropped eth1/0/1(t) 0 eth1/0/2(u) 0 eth1/0/3(t) 0 eth1/0/4(u) 0 eth1/0/5(u) 0 eth1/0/6(u) 0 eth1/0/7(u) 0 eth1/0/8(u) 0 eth1/0/9(u) 0 eth1/0/10(u) 0 table 1-7 display ipv6 nd detection statistics command output d...
Page 1001
1-12 display ipv6 nd snooping ipv6 address mac address vid interface age status apply 4001::1 0015-e944-a947 1 ethernet1/0/2 25 bound ---- total entries on vlan 1: 1 ---- table 1-8 display ipv6 nd snooping command output description field description interface receiving port of an nd snooping entry ...
Page 1002
1-13 you can use the reset ipv6 neighbors command to clear specific ipv6 neighbor information. Related commands: ipv6 neighbor, reset ipv6 neighbors. Examples # view all neighbor information. Display ipv6 neighbors all type: s-static d-dynamic ipv6 address link-layer vid interface state t age 2008::...
Page 1003
1-14 parameters all: displays the total number of all neighbor entries, including neighbor entries acquired dynamically and configured statically. Dynamic: displays the total number of all neighbor entries acquired dynamically. Static: displays the total number of all neighbor entries configured sta...
Page 1004
1-15 destination: ::1/128 protocol: direct nexthop : ::1 interface : inloopback0 destination: 2008::/64 protocol: direct nexthop : 2008::32 interface : vlan-interface1 destination: 2008::32/128 protocol: direct nexthop : ::1 interface : inloopback0 destination: fe80::/10 protocol: direct nexthop : :...
Page 1005
1-16 field description destination destination network/host ipv6 address. Prefixlength prefix length of the destination ipv6 address nexthop next hop address protocol routing protocol discovering the route interface egress interface state routing entry state: active (valid route) or inactive (invali...
Page 1006
1-17 table 1-12 description on the fields of the display ipv6 socket command field description sock_stream socket type, which can be: z sock_stream: refers to tcp. Z sock_dgram: refers to udp. Z sock_raw: refers to raw ip. Task task name and id of the created socket socketid id assigned by the kerne...
Page 1007
1-18 among s3100 series switches, only s3100-ei series switches support the two commands. Examples # display all ipv6 static binding entries configured. Display ipv6 source static binding type ip address mac address vlan state interface ==== ========================= =============== ==== ===== =====...
Page 1008
1-19 reassembled: 0 reassembly failed: 0 reassembly timeout: 0 icmpv6 protocol: sent packets: total: 132 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 30 echo replied: 17 neighbor solicit: 43 neighbor advert: 42 router solicit: 0 router advert:...
Page 1009
1-20 field description received packets: total: 572 local host: 572 hopcount exceeded: 0 format error: 0 option error: 0 protocol error: 0 fragments: 0 reassembled: 0 reassembly failed: 0 reassembly timeout: 0 statistics of received ipv6 packets, including: z total number of received packets z numbe...
Page 1010
1-21 field description received packets: total: 126 checksum error: 0 too short: 0 bad code: 0 unreached: 10 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 unknown error type: 0 echoed: 17 echo replied: 30 neighbor solicit: 34 neighbor advert: 35 router solicit: 0 router ...
Page 1011
1-22 packets in sequence: 182 (327 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 3 (0 bytes) packets with data after window: 0 (0 bytes) packet...
Page 1012
1-23 field description sent packets: total: 331 urgent packets: 0 control packets: 5 (including 0 rst) window probe packets: 0, window update packets: 0 data packets: 306 (6135 bytes) data packets retransmitted: 0 (0 bytes) ack only packets: 20 (14 delayed) statistics of sent packets, including: z t...
Page 1013
1-24 examples # view the ipv6 tcp connection status. Display tcp ipv6 status tcp6cb local address foreign address state 83a9fba4 ::->23 ::->0 listening table 1-15 description on the fields of the display tcp ipv6 status command field description tcp6cb ipv6 address of the tcp control block (hexadeci...
Page 1014
1-25 table 1-16 description on the fields of the display udp ipv6 statistics command field description total total number of received/sent packets checksum error total number of packets with an invalid checksum shorter than header total number of ipv6 udp packets whose total length is less than that...
Page 1016
1-27 view vlan interface view parameters none description use the ipv6 address auto link-local command to automatically generate a link-local address for an interface. Use the undo ipv6 address auto link-local command to remove the automatically generated link-local address for an interface. By defa...
Page 1017
1-28 parameters ipv6-address/prefix-length: ipv6 address and ipv6 prefix. The ipv6-address and prefix-length arguments jointly specify the prefix of an ipv6 address in the eui-64 format. The prefix length of an eui-64 address cannot be greater than 64. Description use the ipv6 address eui-64 command...
Page 1018
1-29 [sysname] interface vlan-interface 1 [sysname-vlan-interface1] ipv6 address 3001::/64 eui-64 ipv6 address link-local syntax ipv6 address ipv6-address link-local undo ipv6 address ipv6-address link-local view vlan interface view parameters ipv6-address: ipv6 link-local address. The first ten bit...
Page 1019
1-30 parameters mac-address: enables ipv6 filtering based on source mac addresses of the packets. Description use the ipv6 check source ip-address command to enable ipv6 filtering function. Use the undo ipv6 check source ip-address command to disable the function. By default, ipv6 filtering is disab...
Page 1021
1-32 parameters value: number of attempts to send a neighbor solicitation message for duplicate address detection, in the range of 0 to 600. The default value is “1”. When it is set to 0, the duplicate address detection is disabled. Description use the ipv6 nd dad attempts command to configure the a...
Page 1022
1-33 ipv6 nd ns retrans-timer syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer view vlan interface view parameters value: interval for retransmitting an ns message in milliseconds, in the range of 1,000 to 3,600,000. Description use the ipv6 nd ns retrans-timer command to set the ...
Page 1023
1-34 examples # set the neighbor reachable time on the vlan-interface 1 to 10,000 milliseconds. System-view system view: return to user view with ctrl+z. [sysname] interface vlan-interface 1 [sysname-vlan-interface1] ipv6 nd nud reachable-time 10000 ipv6 nd detection enable syntax ipv6 nd detection ...
Page 1024
1-35 view layer-2 ethernet interface view parameters none description use the ipv6 nd detection trust command to configure a port as the nd trusty port. Use the undo ipv6 nd detection trust command to configure a port as the nd untrusty port. By default, a port is nd untrusty. Among s3100 series swi...
Page 1025
1-36 among s3100 series switches, only s3100-ei series switches support the two commands. Examples # enable nd snooping for vlan 1. System-view [sysname] vlan 1 [sysname-vlan1] ipv6 nd snooping enable ipv6 nd snooping uplink syntax ipv6 nd snooping uplink [ learn [ probe ] ] undo ipv6 nd snooping up...
Page 1026
1-37 among s3100 series switches, only s3100-ei series switches support the two commands. Examples # configure a layer 2 ethernet port ethernet 1/0/1 as an nd snooping uplink port. System-view [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] ipv6 nd snooping uplink ipv6 nd snooping max-lea...
Page 1028
1-39 ipv6 neighbors max-learning-num syntax ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num view vlan interface view parameters number: maximum number of neighbors that can be dynamically learned by an interface, in the range of 1 to 2048. Description use the ipv6 neighbo...
Page 1029
1-40 if you specify the destination ip address of an ipv6 static route as ::/0, the route configured becomes a default ipv6 route. If the destination ip address of a packet does not match any entry in the routing table, the device will use a default ipv6 route to forward the ipv6 packet. Related com...
Page 1030
1-41 among s3100 series switches, only s3100-ei series switches support the two commands. Examples # configure an ipv6 static binding entry containing the source ip address 1::1 and source mac address 0015-e20f-0101 on ethernet 1/0/3. System-view [sysname] interface ethernet 1/0/3 [sysname-ethernet1...
Page 1031
1-42 parameters none description use the reset dns ipv6 dynamic-host command to clear ipv6 dynamic domain name cache information. You can use the display dns ipv6 dynamic-host command to display the current ipv6 dynamic domain name cache information. Examples # clear ipv6 dynamic domain name cache i...
Page 1032
1-43 view user view parameters ipv6-address: clears the nd snooping entries of the specified ipv6 address. Vlan vlan-id: clears the nd snooping entries of the specified vlan. The vlan id ranges 1 to 4094. Description use the reset ipv6 nd snooping command to clear nd snooping entries. If no paramete...
Page 1033
1-44 reset ipv6 neighbors dynamic # clear all neighbor information on vlan-interface 1. Reset ipv6 neighbors interface vlan-interface 1 reset ipv6 statistics syntax reset ipv6 statistics view user view parameters none description use the reset ipv6 statistics command to clear the statistics of ipv6 ...
Page 1034
1-45 view user view parameters none description use the reset udp ipv6 statistics command to clear the statistics of all ipv6 udp packets. You can use the display udp ipv6 statistics command to display the statistics of ipv6 udp packets. Examples # clear the statistics of all ipv6 udp packets. Reset...
Page 1035
1-46 parameters wait-time: length of the synwait timer of ipv6 tcp packets in seconds, in the range of 2 to 600. Description use the tcp ipv6 timer syn-timeout command to set the synwait timer of ipv6 tcp packets use the undo tcp ipv6 timer syn-timeout command to restore the synwait timer length to ...
Page 1037
2-2 after you execute the ping ipv6 command, you can press ctrl+c to terminate the ping operation. Examples # test whether destination 2001::1 is accessible. Ping ipv6 2001::1 ping 2001::1 : 56 data bytes, press ctrl_c to break reply from 2001::1 bytes=56 sequence=1 hop limit=64 time = 20 ms reply f...
Page 1038
2-3 telnet ipv6 syntax telnet ipv6 remote-system [ -i interface-type interface-number ] [ port-number ] view user view parameters remote-system: ipv6 address or host name (a string a 1 to 46 characters) of the destination device. -i interface-type interface-number: specifies the type and number of a...
Page 1039
2-4 view user view parameters remote-system: ipv6 address or host name (a string a 1 to 46 characters) of the destination device. -i interface-type interface-number: specifies the type and number of an interface. This argument takes effect only when the address of the tftp server is a link-local add...
Page 1040
2-5 -w timeout: specifies the timeout in milliseconds of waiting icmpv6 echoes, ranging from 1 to 65,535, with the default of 5,000 milliseconds. Remote-system: ipv6 address or host name (a string a 1 to 46 characters) of the destination device. Description use the tracert ipv6 command to trace the ...
Page 1041: Table of Contents
I table of contents 1 dns configuration commands················································································································1-1 dns configuration commands··············································································································...
Page 1042: Dns Configuration Commands
1-1 1 dns configuration commands currently, when acting as a dns client, an s3100-ei series ethernet switch supports both static and dynamic domain name resolution, while an s3100-si ethernet switch supports only static domain name resolution. Dns configuration commands display dns domain syntax dis...
Page 1043
1-2 display dns dynamic-host syntax display dns dynamic-host view any view parameters none description use the display dns dynamic-host command to display the information in the dynamic domain name cache. Examples # display the information in the dynamic domain name cache. Display dns dynamic-host n...
Page 1044
1-3 parameters dynamic: displays the dns server information dynamically obtained through dhcp or other protocols. Description use the display dns server command to display the dns server information. Related commands: dns server. Examples # display the dns server information. Display dns server type...
Page 1045
1-4 parameters none description use the display ip host command to display mappings between host names and ip addresses in the static dns database. Examples # display mappings between host names and ip addresses in the static dns database. Display ip host host age flags address host.Com 0 static 192...
Page 1046
1-5 related commands: display dns domain. The dns feature supported by s3100-ei series ethernet switches should be used together with a dns server. Dns implementations vary with dns servers. For example, s3100-ei serial ethernet switches support a domain name containing “_”, while a windows 2000 ser...
Page 1047
1-6 view system view parameters ip-address: ip address of the dns server. Description use the dns server command to configure an ip address for the dns server. Use the undo dns server to remove the ip address of the dns server. No ip address is configured for the dns server by default. You can confi...
Page 1049
1-8 related commands: display dns dynamic-host. Examples # clear the information in the dynamic domain name cache. Reset dns dynamic-host.
Page 1050: Table of Contents
I table of contents 1 smart link configuration commands·····································································································1-1 smart link configuration commands ·····································································································1-1 d...
Page 1051
1-1 1 smart link configuration commands currently, only s3100-ei series ethernet switches support the smart link feature. Smart link configuration commands display smart-link flush syntax display smart-link flush view any view parameter none description use the display smart-link flush command to vi...
Page 1052
1-2 field description time of last flush packet received time when the last legal flush message is received source mac of last flush packet received source mac address in the last legal flush message received device id of last flush packet received bridge mac address of the device from which the las...
Page 1053
1-3 field description role port role of a smart link group member: master or slave. Status port status of a smart link group member when the link of this member port is up: active or standby. Flush-count number of sent flush messages last-flush-time time when the last flush message is sent. If no fl...
Page 1054
1-4 parameter group-id: link aggregation group id, in the range of 1 to 28 (only link aggregation groups configured manually or statically are available). Master: configures the specified link aggregation group as the master port of the smart link group. Slave: configures the specified link aggregat...
Page 1055
1-5 use the undo port command to remove the specified port from the smart link group. Either a single port or a link aggregation group configured manually or statically can serve as a member for a smart link group. However, a link aggregation group configured dynamically cannot serve as a member for...
Page 1056
1-6 because smart link and stp cannot be enabled on an ethernet port at the same time, you must make sure that stp is disabled on the port before assigning the port to a smart link group. Example # configure ethernet1/0/3 as the master port of smart link group 1. System-view system view: return to u...
Page 1057
1-7 view ethernet port view/system view parameter vlan-id: control vlan id, in the range of 1 to 4,094. Description use the smart-link flush enable control-vlan command to enable the current/specified port to process flush messages received on the specified control vlan. Use the undo smart-link flus...
Page 1058
1-8 parameter group-id: smart link group id, in the range of 1 to 24. Description use the smart-link group command to create a smart link group and enter smart link group view. If the specified smart link group exists, this command leads you into smart link group view directly. Use the undo smart-li...
Page 1061
2-3 [sysname] monitor-link group 1 [sysname-mtlk-group1] link-aggregation group 8 downlink monitor-link group syntax monitor-link group group-id undo monitor-link group group-id view system view parameter group-id: monitor link group id, ranging from 1 to 24. Description use the monitor-link group c...
Page 1062
2-4 view monitor link group view parameter interface-type: port type. Interface-number: port number. Uplink:configures the specified port as the uplink port of the monitor link group downlink:configures the specified port as the downlink port of the monitor link group description use the port comman...
Page 1063
2-5 uplink:configures the port as the uplink port of the specified monitor link group downlink:configures the port as the downlink port of the specified monitor link group description use the port monitor-link group command to configure the current port as a member of the specified monitor link grou...
Page 1064
2-6 use the undo smart-link group command to remove the configuration. A smart link group can belong to only one monitor link group and can be configured only as an uplink port of the monitor link group. Example # configure smart link group 1 as the uplink port of monitor link group 1. System-view s...
Page 1065: Table of Contents
I table of contents 1 arp and ip attack defense configuration commands············································································ 1 arp and ip attack defense configuration commands············································································· 1 arp anti-attack valid-c...
Page 1066: Commands
1 1 arp and ip attack defense configuration commands arp and ip attack defense configuration commands arp anti-attack valid-check enable syntax arp anti-attack valid-check enable undo arp anti-attack valid-check enable view system view parameters none description use the arp anti-attack valid-check ...
Page 1067
2 description use the arp filter source command to configure arp packet filtering based on the gateway’s ip address on the current port. After that, arp packets with the gateway’s ip address as the sender ip address are considered invalid and discarded. Use the undo arp filter source command to remo...
Page 1068
3 [sysname] interface ethernet1/0/2 [sysname-ethernet1/0/2] arp filter binding 192.168.100.1 000d-88f8-528c arp max-learning-num syntax arp max-learning-num number undo arp max-learning-num view vlan interface view parameters number: maximum number of dynamic arp entries that can be learned by the i...
Page 1069
4 description use the ip source static import dot1x command to enable using ip-mac bindings of authenticated 802.1x clients for arp attack detection. The ip-mac bindings of authenticated 802.1x clients are used for arp attack detection after ip-mac static bindings and dhcp snooping entries are check...
Page 1070: Table of Contents
I table of contents 1 lldp configuration commands ··············································································································1-1 lldp configuration commands ············································································································...
Page 1072
1-2 model name : model asset tracking identifier : unknown lldp local-information of port 1[ethernet1/0/1]: port id subtype : interface name port id : ethernet1/0/1 port description : ethernet1/0/1 interface management address type : ipv4 management address : 192.168.1.11 management address interfac...
Page 1073
1-3 field description system name system name system description system description system capabilities supported supported capabilities, which can be: z bridge, indicating switching system capabilities enabled currently enabled capabilities, which can be: z bridge, indicating switching is currently...
Page 1074
1-4 field description vlan name of vlan 1 name of vlan 1 auto-negotiation supported indicates whether auto-negotiation is supported on the port. Auto-negotiation enabled state of auto-negotiation opermau current speed and duplex state of the port poe supported indicates whether poe is supported on t...
Page 1075
1-5 field description location format location information format, which can be: z invalid, indicating the format of the location information is invalid. Z coordinate-based lci, indicating the location information is coordinate-based. Z civic address lci, indicating normal address information. Z ecs...
Page 1076
1-6 update time : 0 days,0 hours,1 minutes,1 seconds chassis type : mac address chassis id : 000f-0055-0002 port id type : interface name port id : ethernet1/0/1 port description : ethernet1/0/1 interface system name : system system description : system system capabilities supported : bridge,router ...
Page 1077
1-7 field description update time time when the lldp information about a neighboring device is latest updated. Chassis type chassis information, which can be: z chassis component z interface alias z port component z mac address z network address z interface name z locally assigned (indicating the lo...
Page 1078
1-8 field description vlan name of vlan 1 name of vlan 1 auto-negotiation supported indicates whether auto-negotiation is supported. Auto-negotiation enabled state of auto-negotiation opermau current speed and duplex state power port class poe device type, which can be: z pse: power sourcing equipme...
Page 1079
1-9 field description tlv information information contained in the unknown basic tlv type unknown organizationally-defined tlv unknown organizationally specific tlv tlv oui oui of the unknown organizationally specific tlv tlv subtype unknown organizationally specific tlv subtype index unknown organi...
Page 1080
1-10 the number of cdp frames transmitted : 0 the number of cdp frames received : 0 the number of cdp frames discarded : 0 the number of cdp error frames : 0 table 1-3 display lldp statistics command output description field description lldp statistics global information global lldp statistics lldp ...
Page 1081
1-11 description use the display lldp status command to display the lldp status of a port. If no port is specified, this command displays the lldp status of all the ports. Examples # display the lldp status of all the ports. Display lldp status global status of lldp: enable the current number of lld...
Page 1082
1-12 field description fast start times number of the lldpdus to be sent successively when a new neighboring device is detected port 1 lldp status of port 1 port status of lldp indicates whether or not lldp is enabled on the port. Admin status lldp mode of the port, which can be: z txrx. A port in t...
Page 1083
1-13 system name tlv yes yes system description tlv yes yes system capabilities tlv yes yes management address tlv yes yes ieee 802.1 extend tlv: port vlan id tlv yes yes port and protocol vlan id tlv yes yes vlan name tlv yes yes ieee 802.3 extend tlv: mac-physic tlv yes yes power via mdi tlv yes y...
Page 1084
1-14 field description lldp-med extend tlv med related lldp tlvs, including: z capabilities tlv z network policy tlv z extended power-via-mdi tlv z location identification tlv z inventory tlv, which can be hardware revision tlv, firmware revision tlv, software revision tlv, serial number tlv, manufa...
Page 1085
1-15 parameters interval: lldp polling interval to be set, in the range 1 to 30 (in seconds). Description use the lldp check-change-interval command to enable lldp polling and set the polling interval. Use the undo lldp check-change-interval command to restore the default. By default, lldp polling i...
Page 1086
1-16 lldp compliance cdp syntax lldp compliance cdp undo lldp compliance cdp view system view parameters none description use the lldp compliance cdp command to enable cdp compatibility globally. Use the undo lldp compliance cdp command to restore the default. By default, cdp compatibility is disabl...
Page 1087
1-17 by default, lldp is disabled globally and enabled on a port. Note that lldp takes effect on a port only when it is enabled both globally and on the port. Examples # disable lldp on ethernet1/0/1. System-view [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] undo lldp enable lldp encaps...
Page 1088
1-18 view system view parameters count: number of the lldpdus to be sent successively when a new neighboring device is detected. This argument ranges from 1 to 10. Description use the lldp fast-count command to set the number of the lldpdus to be sent successively when a new neighboring device is de...
Page 1089
1-19 [sysname] lldp hold-multiplier 6 lldp management-address-tlv syntax lldp management-address-tlv [ ip-address ] undo lldp management-address-tlv view ethernet interface view parameters ip-address: management address to be set. Description use the lldp management-address-tlv command to enable the...
Page 1090
1-20 description use the lldp notification remote-change enable command to enable trap for a port or all the ports in a port group. Use the undo lldp notification remote-change enable command to restore the default. By default, trap is disabled on a port. Examples # enable lldp trap for ethernet1/0/...
Page 1091
1-21 description use the lldp timer reinit-delay command to set the initialization delay period. Use the undo lldp timer reinit-delay command to restore the default. By default, the initialization delay period is 2 seconds. Examples # set the initialization delay period to 4 seconds. System-view [sy...
Page 1092
1-22 description use the lldp timer tx-interval command to set the interval to send lldpdus. Use the undo lldp timer tx-interval command to restore the default. By default, the interval to send lldpdus is 30 seconds. To enable local device information to be updated on neighboring devices before bein...
Page 1093
1-23 vlan-id: id of the vlan in the tlvs (port and protocol vlan id tlvs or vlan name tlvs) to be sent. This argument ranges from 1 to 4094 and defaults to the least protocol vlan id. Dot3-tlv: sends ieee 802.3 organizationally specific lldp tlvs. Link-aggregation: sends link aggregation group tlvs....
Page 1094
1-24 examples # enable the sending of link aggregation group tlvs of the ieee 802.3 organizationally specific tlvs on ethernet1/0/1. System-view [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] lldp tlv-enable dot3-tlv link-aggregation.
Page 1095: Table of Contents
I table of contents 1 pki configuration commands ·················································································································1-1 pki configuration commands ···········································································································...
Page 1097
1-2 examples # create a certificate attribute rule, specifying that the dn in the subject name includes the string of abc. System-view [sysname] pki certificate attribute-group mygroup [sysname-cert-attribute-group-mygroup] attribute1 subject-name dn ctnabc # create a certificate attribute rule, spe...
Page 1098
1-3 parameters entity-name: name of the entity for certificate request, a case-insensitive string of 1 to 15 characters. Description use the certificate request entity command to specify the entity for certificate request. Use the undo certificate request entity command to remove the configuration. ...
Page 1099
1-4 undo certificate request mode view pki domain view parameters auto: specifies to request a certificate in auto mode. Key-length: length of the rsa keys, in the range 512 to 2,048 bits. It is 1,024 bits by default. Password: password for certificate revocation, a case-sensitive string of 1 to 31 ...
Page 1100
1-5 use the undo certificate request polling command to restore the defaults. By default, the polling is executed every 20 minutes for up to 5 times. After an applicant makes a certificate request, the ca may need a long period of time if it verifies the certificate request manually. During this per...
Page 1101
1-6 common-name syntax common-name name undo common-name view pki entity view parameters name: common name of an entity, a case-insensitive string of 1 to 31 characters. No comma can be included. Description use the common-name command to configure the common name of an entity, which can be, for exa...
Page 1102
1-7 system-view [sysname] pki entity 1 [sysname-pki-entity-1] country cn crl check syntax crl check disable undo crl check disable view pki domain view parameters disable: disables crl checking. Description use the crl check command to disable crl checking. Use the undo crl check command to restore ...
Page 1103
1-8 examples # set the crl update period to 20 hours. System-view [sysname] pki domain 1 [sysname-pki-domain-1] crl update-period 20 crl url syntax crl url url-string undo crl url view pki domain view parameters url-string: url of the crl distribution point, a case-insensitive string of 1 to 255 cha...
Page 1104
1-9 request-status: displays the status of a certificate request. Description use the display pki certificate command to display the contents or request status of a certificate. Related commands: pki retrieval-certificate, pki domain and certificate request polling. Examples # display the local cert...
Page 1105
1-10 table 1-1 display pki certificate command output description field description version version of the certificate serial number serial number of the certificate signature algorithm signature algorithm issuer issuer of the certificate validity validity period of the certificate subject entity ho...
Page 1107
1-12 parameters domain-name: name of the pki domain, a string of 1 to 15 characters. Description use the display pki crl domain command to display the locally saved crls. Related commands: pki retrieval-crl, pki domain. Examples # display the locally saved crls. Display pki crl domain 1 certificate ...
Page 1108
1-13 field description revoked certificates revoked certificates serial number serial number of the revoked certificate revocation date revocation date of the certificate fqdn syntax fqdn name-str undo fqdn view pki entity view parameters name-str: fully qualified domain name (fqdn) of an entity, a ...
Page 1109
1-14 description use the ip command to configure the ip address of an entity. Use the undo ip command to remove the configuration. By default, no ip address is specified for an entity. Examples # configure the ip address of an entity as 11.0.0.1. System-view [sysname] pki entity 1 [sysname-pki-entit...
Page 1110
1-15 parameters locality-name: name for the geographical locality, a case-insensitive string of 1 to 31 characters. No comma can be included. Description use the locality command to configure the geographical locality of an entity, which can be, for example, a city name. Use the undo locality comman...
Page 1111
1-16 view pki entity view parameters org-unit-name: organization unit name for distinguishing different units in an organization, a case-insensitive string of 1 to 31 characters. No comma can be included. Description use the organization-unit command to specify the name of the organization unit to w...
Page 1113
1-18 [sysname] pki delete-certificate local domain cer pki domain syntax pki domain domain-name undo pki domain domain-name view system view parameters domain-name: pki domain name, a case-insensitive string of 1 to 15 characters. Description use the pki domain command to create a pki domain and ent...
Page 1115
1-20 parameters domain-name: name of the pki domain name, a string of 1 to 15 characters. Password: password for certificate revocation, a case-sensitive string of 1 to 31 characters. Pkcs10: displays the base64-encoded pkcs#10 certificate request. Filename: name of the file for saving the pkcs#10 c...
Page 1116
1-21 pki retrieval-crl domain syntax pki retrieval-crl domain domain-name view system view parameters domain-name: name of the pki domain, a string of 1 to 15 characters. Description use the pki retrieval-crl command to retrieve the latest crls from the server for crl distribution. Crls are used to ...
Page 1118
1-23 permit: indicates that a certificate whose attributes match an attribute rule in the specified attribute group is considered valid and permitted. Group-name: name of the certificate attribute group to be associated with the rule. All: specifies all access control rules. Description use the rule...
Page 1119: Table of Contents
I table of contents 1 ssl configuration commands ················································································································1-1 ssl configuration commands ············································································································...
Page 1121
1-2 client-verify enable syntax client-verify enable undo client-verify enable view ssl server policy view parameters none description use the client-verify enable command to enable certificate-based ssl client authentication, that is, to enable the ssl server to perform certificate-based authentica...
Page 1123
1-4 view any view parameters policy-name: ssl server policy name, a case-insensitive string of 1 to 16 characters. All: displays information about all ssl server policies. Description use the display ssl server-policy command to view information about a specified or all ssl server policies. Examples...
Page 1124
1-5 field description close-mode close mode of the ssl server policy, which can be: z wait disabled: in this mode, the server sends a close-notify message to the client and then closes the connection immediately without waiting for the close-notify message of the client. Z wait enabled: in this mode...
Page 1125
1-6 pki-domain syntax pki-domain domain-name undo pki-domain view ssl server policy view, ssl client policy view parameters domain-name: name of a pki domain, a case-insensitive string of 1 to 15 characters. Description use the pki-domain command to specify a pki domain for an ssl server policy or s...
Page 1126
1-7 rsa_des_cbc_sha: specifies the key exchange algorithm of rsa, the data encryption algorithm of des_cbc, and the mac algorithm of sha. Rsa_rc4_128_md5: specifies the key exchange algorithm of rsa, the data encryption algorithm of 128-bit rc4, and the mac algorithm of md5. Rsa_rc4_128_sha: specifi...
Page 1127
1-8 z if a session exists in the cache for a period equal to the caching timeout time, ssl will remove the information of the session. Related commands: display ssl server-policy. Examples # set the caching timeout time to 4,000 seconds and the maximum number of cached sessions to 600. System-view [...
Page 1128
1-9 parameters policy-name: ssl server policy name, a case-insensitive string of 1 to 16 characters, which cannot be “a”, “al” and “all”. All: specifies all ssl server policies. Description use the ssl server-policy command to create an ssl server policy and enter its view. Use the undo ssl server-p...
Page 1129: Table of Contents
I table of contents 1 https configuration commands············································································································1-1 https configuration commands ··········································································································1-1...
Page 1130: Https Configuration Commands
1-1 1 https configuration commands https configuration commands display ip https syntax display ip https view any view parameters none description use the display ip https command to display information about https. Examples # display information about https. Display ip https https port: 443 ssl ser...
Page 1131
1-2 ip https acl syntax ip https acl acl-number undo ip https acl view system view parameters acl-number: acl number, in the range 2000 to 2999. Description use the ip https acl command to associate the https service with an acl. Use the undo ip https acl command to remove the association. By defaul...
Page 1132
1-3 by default, the https service is not associated with any certificate attribute access control policy. Association of the https service with a certificate attribute access control policy can control the access rights of clients. Examples # associate the https server to certificate attribute acces...
Page 1133
1-4 view system view parameters policy-name: name of an ssl server policy, a string of 1 to 16 characters. Description use the ip https ssl-server-policy command to associate the https service with an ssl server-end policy. Use the undo ip https ssl-server-policy to remove the association between th...
Page 1134: Table of Contents
1-1 table of contents 1 web authentication configuration commands ·····················································································1-1 web authentication configuration commands ·······················································································1-1 display web-...
Page 1135
1-1 1 web authentication configuration commands web authentication configuration commands display web-authentication configuration syntax display web-authentication configuration view any view parameters none description use the display web-authentication configuration command to display all web aut...
Page 1136
1-2 table 1-1 description on the fields of display web-authentication configuration field description status global status of web authentication web server ip address and port number of the web authentication server idle-cut time idle user checking interval max-online time maximum online time specif...
Page 1137
1-3 display web-authentication connection all username: 1 mac: 000d-88f6-44c1 interface: ethernet1/0/1 vlan: 2 method: shared state: online online-time(s): 8 total 1 connection(s) matched table 1-2 description on the fields of display web-authentication connection field description username name of ...
Page 1138
1-4 all: restores all customized items to the defaults. Description use the web-authentication customize command to customize the company name, subject, contact phone number, and e-mail address to be displayed on authentication pages or to specify the custom web file. After the configuration, the cu...
Page 1140
1-6 web-authentication enable syntax web-authentication enable undo web-authentication enable view system view parameters none description use the web-authentication enable command to enable web authentication globally. Use the undo web-authentication enable command to disable web authentication glo...
Page 1141
1-7 description use the web-authentication free-ip command to set a free ip address range, which can be accessed by users before they pass web authentication. Use the undo web-authentication free-ip command to remove the setting or all such settings. By default, no free ip address range is set. Note...
Page 1142
1-8 note: z you can set up to eight authentication-free users. Z after a user gets online in shared access method, if you configure an authentication-free user whose ip address and mac address are the same as those of the online user, the online user will be forced to get offline. Examples # set the...
Page 1144
1-10 view port view parameters shared: sets the web authentication access method on the port to shared. Designated: sets the web authentication access method on the port to designated. Description use the web-authentication select command to enable web authentication on the current port and set the ...
Page 1145
1-11 parameters timer: interval for checking whether an online user is idle. It ranges from 10 to 86400 seconds. Value 0 means the idle user checking function is disabled. Description use the web-authentication timer idle-cut command to set the idle user checking interval for web authentication. Use...
Page 1146
1-12 examples # set the maximum online time of users to 36000 seconds. System-view system view: return to user view with ctrl+z. [sysname] web-authentication timer max-online 36000 web-authentication web-server syntax web-authentication web-server ip ip-address [ port port-number ] undo web-authenti...
Page 1147: Appendix A Command Index
A-1 appendix a command index the command index includes all the commands in the command manual, which are arranged alphabetically. A b c d e f g h i j k l m n o p q r s t u v w x y z a access-limit 18-aaa commands 1-1 accounting 18-aaa commands 1-1 accounting domain 21-dhcp commands 1-1 accounting l...
Page 1148
A-2 arp max-learning-num 39-arp and ip attack defense commands 3 arp protective-down recover enable 20-arp commands 1-3 arp protective-down recover interval 20-arp commands 1-3 arp rate-limit 20-arp commands 1-4 arp rate-limit enable 20-arp commands 1-5 arp restricted-forwarding enable 20-arp comman...
Page 1149
A-3 boot bootrom 33-system maintenance and debugging commands 3-1 boot web-package 30-file system management commands 1-16 bpdu-drop any 15-mstp commands 1-1 bpdu-tunnel 34-vlan-vpn commands 4-1 bpdu-tunnel tunnel-dmac 34-vlan-vpn commands 4-2 broadcast-suppression 09-port basic configuration comman...
Page 1150
A-4 clock timezone 33-system maintenance and debugging commands 1-2 close 31-ftp-sftp-tftp commands 1-8 close-mode wait 42-ssl commands 1-2 cluster 25-stack-cluster commands 2-19 cluster enable 25-stack-cluster commands 2-19 cluster switch-to 25-stack-cluster commands 2-20 cluster-mac 25-stack-clust...
Page 1151
A-5 delete 30-file system management commands 1-3 delete 31-ftp-sftp-tftp commands 1-8 delete 31-ftp-sftp-tftp commands 1-22 delete static-routes all 05-management vlan commands 1-1 delete-member 25-stack-cluster commands 2-22 description 04-vlan commands 1-1 description 09-port basic configuration ...
Page 1152
A-6 dhcp server voice-config 21-dhcp commands 1-18 dhcp-snooping 21-dhcp commands 2-1 dhcp-snooping information enable 21-dhcp commands 2-1 dhcp-snooping information format 21-dhcp commands 2-2 dhcp-snooping information packet-format 21-dhcp commands 2-3 dhcp-snooping information remote-id 21-dhcp c...
Page 1153
A-7 display bootp client 21-dhcp commands 4-3 display bpdu-tunnel 34-vlan-vpn commands 4-3 display brief interface 09-port basic configuration commands 1-5 display channel 32-information center commands 1-1 display clock 33-system maintenance and debugging commands 1-5 display cluster 25-stack-clust...
Page 1154
A-8 display dhcp-snooping ipv6 36-ipv6 management commands 1-3 display dhcp-snooping server-guard 21-dhcp commands 2-10 display dhcp-snooping trust 21-dhcp commands 2-11 display diagnostic-information 33-system maintenance and debugging commands 1-8 display dldp 13-dldp commands 1-1 display dns doma...
Page 1155
A-9 display hwping statistics 35-hwping commands 1-12 display hwtacacs 18-aaa commands 1-67 display icmp statistics 06-ip address-ip performance commands 2-5 display igmp-snooping configuration 16-multicast commands 1-1 display igmp-snooping group 16-multicast commands 1-2 display igmp-snooping stat...
Page 1156
A-10 display ipv6 nd detection statistics 36-ipv6 management commands 1-10 display ipv6 nd snooping 36-ipv6 management commands 1-11 display ipv6 neighbors 36-ipv6 management commands 1-12 display ipv6 neighbors count 36-ipv6 management commands 1-13 display ipv6 route-table 36-ipv6 management comma...
Page 1157
A-11 display mac-address security 12-port security-port binding commands 1-1 display mac-authentication 19-mac address authentication commands 1-1 display mac-vlan 04-vlan commands 1-14 display mac-vlan interface 04-vlan commands 1-15 display memory 33-system maintenance and debugging commands 3-5 d...
Page 1158
A-12 display port-mac 14-mac address table management commands 1-3 display port-security 12-port security-port binding commands 1-2 display power 33-system maintenance and debugging commands 3-6 display priority-trust 23-qos-qos profile commands 1-1 display protocol-vlan interface 04-vlan commands 1...
Page 1159
A-13 display rmon eventlog 27-snmp-rmon commands 2-3 display rmon history 27-snmp-rmon commands 2-4 display rmon prialarm 27-snmp-rmon commands 2-5 display rmon statistics 27-snmp-rmon commands 2-7 display rsa local-key-pair public 29-ssh commands 1-4 display rsa peer-public-key 29-ssh commands 1-5 ...
Page 1160
A-14 display stp portdown 15-mstp commands 1-8 display stp region-configuration 15-mstp commands 1-9 display stp root 15-mstp commands 1-10 display system-guard attack-record 17-802.1x-system guard commands 4-1 display system-guard config 17-802.1x-system guard commands 5-1 display system-guard stat...
Page 1161
A-15 display voice vlan status 07-voice vlan commands 1-2 display web package 30-file system management commands 1-17 display web users 02-login commands 1-8 display web-authentication configuration 44-web authentication commands 1-1 display web-authentication connection 44-web authentication comman...
Page 1162
A-16 dot1x max-user 17-802.1x-system guard commands 1-10 dot1x port-control 17-802.1x-system guard commands 1-11 dot1x port-method 17-802.1x-system guard commands 1-12 dot1x quiet-period 17-802.1x-system guard commands 1-13 dot1x re-authenticate 17-802.1x-system guard commands 1-15 dot1x retry 17-80...
Page 1163
A-17 flush enable control-vlan 38-smart link-monitor link commands 1-3 format 30-file system management commands 1-8 fqdn 41-pki commands 1-13 free user-interface 02-login commands 1-9 free web-users 02-login commands 2-1 frequency 35-hwping commands 1-18 ftp 31-ftp-sftp-tftp commands 1-10 ftp clust...
Page 1164
A-18 history-command max-size 02-login commands 1-11 history-record enable 35-hwping commands 1-20 history-records 35-hwping commands 1-20 holdtime 25-stack-cluster commands 2-30 host-aging-time (mld-snooping view) 16-multicast commands 2-6 http-operation 35-hwping commands 1-21 http-string 35-hwpin...
Page 1165
A-19 igmp-snooping router-aging-time 16-multicast commands 1-13 igmp-snooping special-query source-ip 16-multicast commands 1-13 igmp-snooping version 16-multicast commands 1-14 igmp-snooping vlan-mapping 16-multicast commands 1-15 info-center channel name 32-information center commands 1-6 info-cen...
Page 1166
A-20 ip http shutdown 02-login commands 1-13 ip https acl 43-https commands 1-2 ip https certificate access-control-policy 43-https commands 1-2 ip https enable 43-https commands 1-3 ip https ssl-server-policy 43-https commands 1-3 ip route-static 05-management vlan commands 1-15 ip source static bi...
Page 1167
A-21 jitter-interval 35-hwping commands 1-25 jitter-packetnum 35-hwping commands 1-25 job 33-system maintenance and debugging commands 4-2 jumboframe enable 09-port basic configuration commands 1-17 k key 18-aaa commands 1-43 key 18-aaa commands 1-69 l lacp enable 10-link aggregation commands 1-5 la...
Page 1168
A-22 lldp management-address-tlv 40-lldp commands 1-19 lldp notification remote-change enable 40-lldp commands 1-19 lldp timer notification-interval 40-lldp commands 1-20 lldp timer reinit-delay 40-lldp commands 1-20 lldp timer tx-delay 40-lldp commands 1-21 lldp timer tx-interval 40-lldp commands 1...
Page 1169
A-23 mac-address security 12-port security-port binding commands 1-5 mac-address timer 14-mac address table management commands 1-7 mac-authentication 19-mac address authentication commands 1-3 mac-authentication authmode usernameasmacaddress 19-mac address authentication commands 1-5 mac-authentica...
Page 1170
A-24 mkdir 31-ftp-sftp-tftp commands 1-13 mkdir 31-ftp-sftp-tftp commands 1-26 mld-snooping 16-multicast commands 2-8 mld-snooping done source-ip 16-multicast commands 2-9 mld-snooping dot1p-priority 16-multicast commands 2-10 mld-snooping enable 16-multicast commands 2-10 mld-snooping fast-leave 16...
Page 1171
A-25 multicast-source-deny 16-multicast commands 4-4 multicast-suppression 09-port basic configuration commands 1-25 multicast-vlan ipv6 16-multicast commands 3-2 n name 04-vlan commands 1-5 name 18-aaa commands 1-23 nas-ip 18-aaa commands 1-46 nas-ip 18-aaa commands 1-70 nbns-list 21-dhcp commands ...
Page 1172
A-26 ntp-service source-interface 28-ntp commands 1-11 ntp-service unicast-peer 28-ntp commands 1-12 ntp-service unicast-server 28-ntp commands 1-13 o open 31-ftp-sftp-tftp commands 1-14 option 21-dhcp commands 1-32 organization 41-pki commands 1-15 organization-unit 41-pki commands 1-15 overflow-re...
Page 1173
A-27 pki validate-certificate 41-pki commands 1-21 pki-domain 42-ssl commands 1-6 poe enable 26-poe-poe profile commands 1-5 poe legacy enable 26-poe-poe profile commands 1-6 poe max-power 26-poe-poe profile commands 1-6 poe mode 26-poe-poe profile commands 1-7 poe power-management 26-poe-poe profil...
Page 1174
A-28 port-mac 14-mac address table management commands 1-8 port-security authorization ignore 12-port security-port binding commands 1-6 port-security enable 12-port security-port binding commands 1-7 port-security guest-vlan 12-port security-port binding commands 1-8 port-security intrusion-mode 12...
Page 1175
A-29 public-key peer import sshkey 29-ssh commands 1-16 public-key-code begin 29-ssh commands 1-17 public-key-code end 29-ssh commands 1-18 put 31-ftp-sftp-tftp commands 1-15 put 31-ftp-sftp-tftp commands 1-26 pwd 30-file system management commands 1-11 pwd 31-ftp-sftp-tftp commands 1-16 pwd 31-ftp-...
Page 1176
A-30 remote-probe vlan enable 24-mirroring commands 1-8 remove 31-ftp-sftp-tftp commands 1-28 rename 30-file system management commands 1-11 rename 31-ftp-sftp-tftp commands 1-17 rename 31-ftp-sftp-tftp commands 1-28 report-aggregation (mld-snooping view) 16-multicast commands 2-26 reset arp 20-arp ...
Page 1177
A-31 reset radius statistics 18-aaa commands 1-53 reset recycle-bin 30-file system management commands 1-12 reset saved-configuration 03-configuration file management commands 1-10 reset smart-link packets counter 38-smart link-monitor link commands 1-6 reset stop-accounting-buffer 18-aaa commands 1...
Page 1178
A-32 root-certificate fingerprint 41-pki commands 1-22 router-aging-time (mld-snooping view) 16-multicast commands 2-27 rsa local-key-pair create 29-ssh commands 1-19 rsa local-key-pair destroy 29-ssh commands 1-20 rsa peer-public-key 29-ssh commands 1-21 rsa peer-public-key import sshkey 29-ssh com...
Page 1179
A-33 send 02-login commands 1-17 sendpacket passroute 35-hwping commands 1-28 send-trap 35-hwping commands 1-28 server-type 18-aaa commands 1-58 service-type 02-login commands 1-18 service-type 18-aaa commands 1-29 service-type multicast 16-multicast commands 1-20 session 42-ssl commands 1-7 set aut...
Page 1181
A-35 stack-port enable 25-stack-cluster commands 1-3 startup bootrom-access enable 30-file system management commands 1-18 startup saved-configuration 03-configuration file management commands 1-12 state 18-aaa commands 1-30 state 41-pki commands 1-23 state primary 18-aaa commands 1-59 state seconda...
Page 1182
A-36 stp pathcost-standard 15-mstp commands 1-29 stp point-to-point 15-mstp commands 1-30 stp port priority 15-mstp commands 1-32 stp portlog 15-mstp commands 1-33 stp portlog all 15-mstp commands 1-33 stp priority 15-mstp commands 1-34 stp region-configuration 15-mstp commands 1-35 stp root primary...
Page 1183
A-37 system-view 33-system maintenance and debugging commands 1-5 t tcp ipv6 timer fin-timeout 36-ipv6 management commands 1-45 tcp ipv6 timer syn-timeout 36-ipv6 management commands 1-45 tcp ipv6 window 36-ipv6 management commands 1-46 tcp timer fin-timeout 06-ip address-ip performance commands 2-1...
Page 1184
A-38 timeout 35-hwping commands 1-36 timer 18-aaa commands 1-62 timer 25-stack-cluster commands 2-37 timer quiet 18-aaa commands 1-62 timer quiet 18-aaa commands 1-77 timer realtime-accounting 18-aaa commands 1-63 timer realtime-accounting 18-aaa commands 1-78 timer response-timeout 18-aaa commands ...
Page 1185
A-39 u undelete 30-file system management commands 1-14 unknown-multicast drop enable 16-multicast commands 4-5 user 31-ftp-sftp-tftp commands 1-18 user privilege level 02-login commands 1-24 user-interface 02-login commands 1-23 username 35-hwping commands 1-38 user-name-format 18-aaa commands 1-65...
Page 1186
A-40 voice vlan mode 07-voice vlan commands 1-8 voice vlan qos 07-voice vlan commands 1-9 voice vlan qos trust 07-voice vlan commands 1-10 voice vlan security enable 07-voice vlan commands 1-11 voice-config 21-dhcp commands 1-36 w web-authentication customize 44-web authentication commands 1-3 web-a...