HP Firewalls and UTM Devices Network Management Command Reference Part number: 5998-4174 Software version: F1000-A-EI: Feature 3722 F1000-S-EI: Feature 3722 F5000: Feature 3211 F1000-E: Feature 3174 Firewall module: Feature 3174 Enhanced firewall module: ESS 3807 U200-A: ESS 5132 U200-S: ESS 5132 Document version: 6PW100-20121228
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Ethernet interface configuration commands ··············································································································· 1 General Ethernet interface and subinterface configuration commands ······································································ 1 combo enable ··························································································································································· 1 default ····························
interface vlan-interface ·········································································································································· 51 ip address ······························································································································································ 52 mtu ········································································································································································
stp priority ···························································································································································· 104 stp region-configuration ······································································································································ 105 stp root primary ··················································································································································· 105 stp r
Layer 2 forwarding configuration commands ······································································································· 147 Normal Layer 2 forwarding configuration commands ···························································································· 147 display mac-forwarding statistics ······················································································································· 147 reset mac-forwarding statistics ··························
dhcp relay check mac-address ·························································································································· 187 dhcp relay client-detect enable ·························································································································· 188 dhcp relay information circuit-id format-type ···································································································· 188 dhcp relay information circuit-id string······
arp timer aging ···················································································································································· 231 display arp ··························································································································································· 231 display arp ip-address ········································································································································ 233 display
RIP configuration commands ·································································································································· 277 checkzero ····························································································································································· 277 default cost (RIP view) ········································································································································· 277 default-rout
display ospf lsdb ················································································································································· 327 display ospf nexthop ··········································································································································· 330 display ospf peer ················································································································································· 331 display osp
IS-IS configuration commands ································································································································ 376 Feature and hardware compatibility ·························································································································· 376 area-authentication-mode ··································································································································· 376 auto-cost enable···········
preference (IS-IS view) ········································································································································ 432 priority high·························································································································································· 433 reset isis all ··························································································································································· 433
log-peer-change ··················································································································································· 482 network (BGP/BGP-VPN instance view) ··········································································································· 483 network short-cut (BGP/BGP-VPN instance view) ···························································································· 483 peer advertise-community (BGP/BGP-VPN instance view)
display ip routing-table protocol ························································································································ 534 display ip routing-table statistics ························································································································ 536 reset ip routing-table statistics protocol ············································································································· 537 reset ipv6 routing-table statistics
igmp group-policy ··············································································································································· 586 igmp host-tracking ··············································································································································· 587 igmp last-member-query-interval ························································································································ 587 igmp max-response-time
hello-option dr-priority (PIM view) ······················································································································ 632 hello-option holdtime (PIM view) ························································································································ 633 hello-option lan-delay (PIM view) ······················································································································· 633 hello-option neighbor-tracking (PIM v
peer description ··················································································································································· 671 peer mesh-group ·················································································································································· 672 peer minimum-ttl··················································································································································· 673 peer pas
ipv6 neighbors max-learning-num ····················································································································· 720 ipv6 pathmtu ························································································································································ 721 ipv6 pathmtu age ················································································································································ 721 ipv6 prefix ··········
ipv6 dhcp relay server-address ·························································································································· 765 reset ipv6 dhcp relay statistics ··························································································································· 766 DHCPv6 client configuration commands ··················································································································· 767 display ipv6 dhcp client ···········
display ospfv3 interface ····································································································································· 807 display ospfv3 lsdb ············································································································································· 809 display ospfv3 lsdb statistics ······························································································································ 811 display ospfv3 next-h
IPv6 BGP configuration commands ······················································································································· 858 Feature and hardware compatibility ·························································································································· 858 aggregate (IPv6 address family view)··············································································································· 858 balance (IPv6 address family view/IPv6 BGP
peer group (IPv6 address family view) ············································································································· 906 peer ignore (IPv6 address family view) ············································································································ 907 peer ipv6-prefix ··················································································································································· 908 peer ipsec-policy (IPv6 address family
ipv6 policy-based-route (system view) ··············································································································· 950 reset ipv6 policy-based-route statistics ·············································································································· 951 IPv6 multicast routing and forwarding configuration commands ········································································ 952 display multicast ipv6 boundary ·······························
pim ipv6 hello-option lan-delay ························································································································· 999 pim ipv6 hello-option neighbor-tracking ··········································································································· 999 pim ipv6 hello-option override-interval··········································································································· 1000 pim ipv6 holdtime assert ·························
mld send-router-alert ········································································································································· 1040 mld ssm-mapping enable ································································································································· 1040 mld startup-query-count ···································································································································· 1041 mld startup-query-interval
if-match ip ·························································································································································· 1083 if-match ip-prefix ··············································································································································· 1083 ip ip-prefix ························································································································································· 1084
Ethernet interface configuration commands General Ethernet interface and subinterface configuration commands combo enable Use combo enable to activate the copper or fiber combo port. Syntax combo enable { copper | fiber } Default The copper combo port is activated. Views Ethernet interface view (combo interface) Default command level 2: System level Parameters copper: Activates the copper(electrical) combo port. fiber: Activates the fiber (optical) combo port.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] combo enable copper # Activate the fiber combo port of combo interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] combo enable fiber default Use default to restore the default settings for an Ethernet interface or subinterface.
Syntax description text undo description Default The default description of an interface is the interface name plus Interface. For example, GigabitEthernet0/1 Interface. Views Ethernet interface view, Ethernet subinterface view Default command level 2: System level Parameters text: Specifies the interface description, a string of 1 to 80 characters.
display interface interface-type { interface-number | interface-number.subnumber } [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type: Specifies an interface type. interface-number: Specifies an interface number. interface-number.subnumber: Specifies a subinterface number, where interface-number is an interface number, and subnumber is the number of a subinterface created under the interface.
Last clearing of counters: Never Last 300 seconds input rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec Last 300 seconds output rate 0.00 bytes/sec, 0 bits/sec, 0.
Field Description Output queue (Urgent queue: Size/Length/Discards) Output queue (current message number in the urgent queue, maximum number of messages allowed in the urgent queue, and number of discarded messages). Output queue (Protocol queue: Size/Length/Discards) Output queue (current message number in the protocol queue, maximum number of messages allowed in the protocol queue, and number of discarded messages).
Table 2 Command output Field Description State of the Ethernet subinterface: • DOWN ( Administratively )—The Ethernet subinterface was shut down with the shutdown command. The interface is administratively down. • DOWN ( Link-Aggregation interface down )—The Ethernet GigabitEthernet0/1.1 current state subinterface is physically down because the aggregate interface corresponding to the aggregation group to which the subinterface belongs was shut down with the shutdown command.
Flow-control is not enabled The Maximum Frame Length is 1536 Broadcast MAX-ratio: 100% Multicast MAX-ratio: 100% PVID: 999 Mdi type: auto Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 999 Port priority: 0 Last clearing of counters: Last 300 seconds input: Last 300 seconds output: Input (total): Never 0 packets/sec 74 bytes/sec 0% 0 packets/sec 12 bytes/sec 0% 21322 packets, 1748554 bytes - unicasts, - broadcasts, - multicasts, - pauses Input (normal): 21322 packets, - bytes 1268 un
Field Description Broadcast MAX-ratio Broadcast suppression threshold as a percentage of the maximum interface rate. When the threshold is exceeded, the interface drops broadcast packets. Unicast MAX-ratio Unknown unicast suppression threshold as a percentage of the maximum interface rate. When the threshold is exceeded, the interface drops unknown unicast packets. Multicast MAX-ratio Multicast suppression threshold as a percentage of the maximum interface rate.
Field Description Inbound frames larger than the maximum frame length supported on the interface. • For an Ethernet interface that does not permit jumbo frames, giants giants refer to frames larger than 1536 bytes (without VLAN tags) or 1540 bytes (with VLAN tags). • For an Ethernet interface that permits jumbo frames, giants refer to frames larger than the maximum size of Ethernet frames that are allowed to pass through.
Field Description - buffer failures Number of packets dropped because the transmit buffer of the interface ran low. aborts Number of packets that failed to be transmitted, for example, because of Ethernet collisions. deferred Number of frames that the interface deferred to transmit because of detected collisions. collisions Number of frames that the interface stopped transmitting because Ethernet collisions were detected during transmission.
Description: GigabitEthernet0/1.1 Interface Broadcast MAX-ratio: 100% PVID: 1 Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops Table 5 Command output Field Description State of the Ethernet subinterface: GigabitEthernet0/1.1 current state • DOWN—The Ethernet subinterface is physically down (possibly because no physical link is present or the link has failed). • UP—The Ethernet subinterface is physically up.
GE0/2 DOWN auto A A 1 # Filter the brief interface information to display the line starting with the (s) string and all subsequent lines. The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Loop1 UP UP(s) 172.17.17.1 NULL0 UP UP(s) -- Tun1 DOWN DOWN 10.1.1.
Link: ADM - administratively down; Stby - standby Speed or Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE0/2 DOWN auto A A 1 # Display information about interfaces in the down state and the relevant causes.
Field Description Interface description. Description The brief information of interface(s) under bridge mode: Information displayed in this field is restricted by space. To view the complete interface description, use the display interface command without specifying the brief keyword. Brief information about Layer 2 interfaces. If the speed of an interface is automatically negotiated, its speed attribute includes the autonegotiation flag, letter a in parentheses.
Field Description Loopback detection-protected The interface is shut down because a loop was detected on it. BPDU-protected The interface is shut down by the BPDU guard function. Monitor-Link uplink down The uplink of the monitor link group to which the interface belongs is down. Related commands interface duplex Use duplex to set the duplex mode for an Ethernet interface. Use undo duplex to restore the default duplex mode of the Ethernet interface.
Default Generic flow control on an Ethernet interface is disabled. Views Ethernet interface view Default command level 2: System level Usage guidelines TxRx mode flow control allows an Ethernet interface to receive common pause frames from its peer, and send common pause frames to notify its peer of congestion. With the flow-control command configured, an interface can both send and receive flow control frames: • When congested, the interface sends a flow control frame to its peer.
# Create Ethernet subinterface GigabitEthernet 0/1.1 and enter GigabitEthernet 0/1.1 subinterface view (assuming that GigabitEthernet 0/1 is a Layer 2 Ethernet interface and the subinterface does not exist). system-view [Sysname] interface gigabitethernet 0/1.1 [Sysname-GigabitEthernet0/1.1] # Enter GigabitEthernet 0/2 interface view (assuming that the interface is a Layer 3 Ethernet interface).
Hardware Command compatible U200-A No U200-S No Examples # Enable jumbo frames to pass through Ethernet interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] jumboframe enable loopback Use loopback to enable loopback testing on an Ethernet interface. Use undo loopback to disable loopback testing on an Ethernet interface.
port link-mode Use port link-mode to change the link mode of an Ethernet interface. Use undo port link-mode to restore the default. Syntax port link-mode { bridge | route } undo port link-mode Views Ethernet interface view Default command level 2: System level Parameters bridge: Specifies the Layer 2 mode. route: Specifies the Layer 3 mode.
NOTE: The display this command displays the configuration that takes effect in the current view. Related commands port link-mode interface-list port link-mode interface-list Use port link-mode interface-list to change the link mode of Ethernet interfaces. Syntax port link-mode { bridge | route } interface-list Views System view Default command level 2: System level Parameters bridge: Specifies the Layer 2 mode. route: Specifies the Layer 3 mode.
reset counters interface Use reset counters interface to clear the Ethernet interface or subinterface statistics. Syntax reset counters interface [ interface-type [ interface-number | interface-number.subnumber ] ] Views User view Default command level 2: System level Parameters interface-type: Specifies an interface type. interface-number: Specifies an interface number. interface-number.
Default command level 2: System level Usage guidelines You may need to shut down and then bring up an Ethernet interface to activate configuration changes such as speed or duplex mode changes. Examples # Shut down and then bring up GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] shutdown [Sysname-GigabitEthernet0/1] undo shutdown # Shut down and then bring up GigabitEthernet 0/1.1.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] speed 100 Related commands speed auto Layer 2 Ethernet interface and subinterface configuration commands broadcast-suppression Use broadcast-suppression to set the broadcast suppression threshold on an Ethernet interface or subinterface. Use undo broadcast-suppression to restore the default broadcast suppression threshold.
[Sysname] interface gigabitethernet 0/1.1 [Sysname-GigabitEthernet0/1.1] broadcast-suppression 20 mdi Use mdi to configure the MDI mode of an Ethernet copper interface. Use undo mdi to restore the default. Syntax mdi { across | auto | normal } undo mdi Default Ethernet interfaces operate in auto MDI mode. Views Layer 2 Ethernet interface view Default command level 2: System level Parameters across: Sets the MDI mode to across.
Default command level 2: System level Parameters ratio: Sets the multicast suppression threshold as a percentage of the maximum interface rate, ranging from 1 to 100. The smaller the percentage, the less multicast traffic is allowed to be received. Usage guidelines In Ethernet interface or subinterface view, the configurations take effect only on the interface or subinterface.
Usage guidelines In Ethernet interface or subinterface view, the configuration will take effect only on the interface or subinterface. When the received unknown unicast traffic exceeds the threshold, the system discards unknown unicast packets until unknown unicast traffic drops below the threshold. If you set different unknown unicast suppression thresholds in Ethernet interface view multiple times, the most recent configuration takes effect.
# Set the MTU to 1400 bytes for the Layer 3 Ethernet subinterface GigabitEthernet 0/1.1. system-view [Sysname] interface gigabitethernet 0/1.1 [Sysname-GigabitEthernet0/1.1] mtu 1400 promiscuous Use promiscuous to configure a Layer 3 Ethernet interface to operate in promiscuous mode. Use undo promiscuous to cancel the promiscuous operating mode. Syntax promiscuous undo promiscuous Default A Layer 3 Ethernet interface does not operate in promiscuous mode.
This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem. Examples # Restore the default settings of interface loopback 1.
Related commands display interface display interface loopback Use display interface loopback to display information about a loopback interface.
Last clearing of counters: Never Last 300 seconds input: Last 300 seconds output: 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops # Display brief information about interface loopback 0.
Field Description The brief information of interface(s) under route mode Brief information about Layer 3 interfaces. Link status of the interface: Link: ADM - administratively down; Stby standby • ADM—The interface has been administratively shut down. To recover its physical state, use the undo shutdown command. • Stby—The interface is operating as a backup interface. To see the primary interface, use the display standby state command in High Availability Command Reference.
Parameters 0: Specifies interface Null 0. The null interface number is fixed at 0, because the device has only one null interface. brief: Displays brief interface information. If you do not specify this keyword, this command displays detailed interface information. down: Displays information about interfaces in DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states. |: Filters command output by specifying a regular expression.
interface loopback Use interface loopback to create a loopback interface or enter loopback interface view. Use undo interface loopback to remove a loopback interface. Syntax interface loopback interface-number undo interface loopback interface-number Views System view Default command level 2: System level Parameters interface-number: Specifies a loopback interface by its number, ranging from 0 to 1023. Examples # Create interface loopback 5.
Related commands display interface null reset counters interface loopback Use reset counters interface loopback to clear statistics for a loopback interface. Syntax reset counters interface [ loopback [ interface-number ] ] Views User view Default command level 2: System level Parameters interface-number: Specifies a loopback interface by its number, which can be the number of any existing loopback interface. With this argument, the command clears statistics on a specified loopback interface.
If you specify the null keyword, this command clears the statistics on interface Null 0 with or without the 0 keyword, because the device supports only one interface Null 0. Examples # Clear statistics for interface Null 0. reset counters interface null 0 shutdown Use shutdown to shut down the current loopback interface. Use undo shutdown to bring up the current loopback interface. Syntax shutdown undo shutdown Default A loopback interface is up.
Bulk interface configuration commands interface range Use interface range to create an interface range and enter interface range view. Syntax interface range interface-list Views System view Default command level 2: System level Parameters interface-list: Specifies an interface list in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-5>. The interface-type interface-number argument specifies an interface by its type and number.
interface range name Use interface range name name interface interface-list to create an interface range, configure a name for the interface range, add interfaces to the interface range, and enter the interface range view. Use interface range name without the interface keyword to enter the view of an interface range with the specified name. Use undo interface range name to delete the interface range with the specified name.
• No limit is set on the maximum number of interfaces in an interface range. The more interfaces in an interface range, the longer the command execution time. • The maximum number of interface range names is only limited by the system resources. To guarantee bulk interface configuration performance, configure fewer than 1000 interface range names. Examples # Add GigabitEthernet 0/1 and GigabitEthernet 0/2 to interface range named myEthPort, and enter the interface range view.
IPv4 addressing configuration commands display ip interface Use display ip interface to display IP configuration information for a specific Layer 3 interface or for all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number.
Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 9 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command.
Field Description TTL invalid packet number Number of TTL-invalid packets received on the interface (statistics start at device startup).
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines When the interface type and interface number are specified, the brief IP configuration information for all Layer 3 interfaces is displayed. When only the interface type is specified, the brief IP configuration information for all Layer 3 interfaces of the specified type is displayed.
Related commands display ip interface ip address Use ip address to assign an IP address and mask to the interface. Use undo ip address to remove all IP addresses from the interface. Use undo ip address ip-address { mask | mask-length } to remove the primary IP address. Use undo ip address ip-address { mask | mask-length } sub to remove a secondary IP address.
VLAN configuration commands Basic VLAN configuration commands default Use default to restore the default settings for a VLAN-interface. Syntax default Views VLAN-interface view Default command level 2: System level Usage guidelines CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network.
Default The description for a VLAN is VLAN vlan-id, which is the ID of the VLAN. For example, the default description of VLAN 100 is VLAN 0100. The default description for a VLAN-interface is the name of the interface. For example, the default description of VLAN-interface 1 is Vlan-interface1 Interface. Views VLAN view, VLAN-interface view Default command level 2: System level Parameters text: Specifies a description for a VLAN or VLAN-interface.
display interface vlan-interface Use display interface vlan-interface to display information about a specified or all VLAN-interfaces. Syntax display interface [ vlan-interface ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface vlan-interface vlan-interface-id [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vlan-interface-id: Specifies a VLAN-interface number.
0 packets output, 0 bytes, 0 drops # Display brief information for VLAN-interface 2. display interface vlan-interface 2 brief The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Vlan2 DOWN DOWN Description -- # Display brief information for VLAN-interfaces in DOWN state.
Field Description Last 300 seconds output: 0 bytes/sec 0 packets/sec Average rate of output packets in the last 300 seconds (in bps and pps). 0 packets input, 0 bytes, 0 drops Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets. 0 packets output, 0 bytes, 0 drops Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets.
Default command level 1: Monitor level Parameters vlan-id1: Displays information about a VLAN specified by VLAN ID, ranging from 1 to 4094. vlan-id1 to vlan-id2: Displays information about VLANs specified by a VLAN ID range. vlan-id2 must be no smaller than vlan-id1. all: Displays all VLAN information but the reserved VLANs. dynamic: Displays the number of dynamic VLANs and the ID for each dynamic VLAN. The dynamic VLANs are distributed by a RADIUS server.
Table 12 Command output Field Description VLAN Type VLAN type, static or dynamic. Route interface Indicates whether the VLAN-interface is configured or not. Description Description of the VLAN. Name Name configured for the VLAN. IP Address Primary IP address of the VLAN-interface. This is available only when an IP address is configured for the VLAN-interface.
[Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] Related commands display interface vlan-interface ip address Use ip address to assign an IP address and subnet mask to a VLAN-interface. Use undo ip address to remove the IP address and subnet mask for a VLAN-interface. Syntax ip address ip-address { mask | mask-length } [ sub ] undo ip address [ ip-address { mask | mask-length } [ sub ] ] Default No IP address is assigned to any VLAN-interface.
Related commands display ip interface (Network Management Command Reference) mtu Use mtu to set the MTU for a VLAN-interface. Use undo mtu to restore the default. Syntax mtu size undo mtu Default The MTU of a VLAN-interface is 1500 bytes. Views VLAN-interface view Default command level 2: System level Parameters size: Sets the MTU (in bytes), which ranges from 46 to 1500. Examples # Set the MTU to 1492 bytes for VLAN-interface 1.
Parameters text: Specifies a VLAN name, a string of 1 to 32 characters.
shutdown Use shutdown to manually shut down a VLAN-interface. Use undo shutdown to cancel the action of shutting down a VLAN-interface. Syntax shutdown undo shutdown Default A VLAN-interface is not manually shut down. The VLAN-interface is up if one or more ports in the VLAN is up, and goes down if all ports in the VLAN go down.
Default Only the default VLAN (VLAN 1) exists in the system. Views System view Default command level 2: System level Parameters vlan-id1, vlan-id2: Specifies a VLAN ID, ranging from 1 to 4094. vlan-id1 to vlan-id2: Specifies a VLAN range. vlan-id2 must be no smaller than vlan-id1. all: Creates or removes all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094.
Parameters hybrid: Displays hybrid ports. trunk: Displays trunk ports. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Views VLAN view Default command level 2: System level Parameters interface-list: Specifies an interface list, in the format of interface-list = { interface-type interface-number1 [ to interface-type interface-number2 ] }&<1-10>, where interface-type interface-number specifies an interface by its type and number and &<1-10> indicates that you can specify up to 10 interface-type interface-number1 [ to interface-type interface-number2 ] parameters.
• If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports. • If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port. Examples # Assign GigabitEthernet 0/1 to VLAN 3.
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports. • If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports. • If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port. Examples # Configure VLAN 100 as the PVID of the hybrid port GigabitEthernet 0/1.
untagged: Configures the ports to send the untagged packets of the specified VLANs. Usage guidelines A hybrid port can carry multiple VLANs. If you execute the port hybrid vlan command multiple times, the VLANs the hybrid port carries are the set of VLANs specified by vlan-list in each execution. The configuration made in Ethernet interface view applies only to the port. The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports.
Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters access: Configures the link type of a port as access. hybrid: Configures the link type of a port as hybrid. trunk: Configures the link type of a port as trunk. Usage guidelines To change the link type of a port from trunk to hybrid or vice versa, you must first set the link type to access.
Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters vlan-list: Specifies a list of VLANs that the trunk ports will be assigned to in the format of { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id1 and vlan-id2 represent VLAN IDs and each range from 1 to 4094, vlan-id2 must be no smaller than vlan-id1, and &<1-10> indicates that you can specify up to 10 vlan-id1 [ to vlan-id2 ] parameters. Make sure the specified VLANs already exist.
Related commands port link-type port trunk pvid Use port trunk pvid to configure the PVID for the trunk port. Use undo port trunk pvid to restore the default. Syntax port trunk pvid vlan vlan-id undo port trunk pvid Default The PVID of a trunk port is VLAN 1. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters vlan-id: Specifies a VLAN ID, ranging from 1 to 4094. Usage guidelines You can use a nonexistent VLAN as the PVID for a trunk port.
# Configure VLAN 100 as the PVID of the trunk Layer 2 aggregate interface Bridge-Aggregation 1, and assign Bridge-Aggregation 1 to VLAN 100.
MAC address table configuration commands The MAC address table contains only Layer 2 Ethernet ports (excluding Layer 2 subinterfaces) and Layer 2 aggregate interfaces. This document covers only the configuration of unicast MAC address entries, including static, dynamic, and destination blackhole MAC address entries. display mac-address Use display mac-address to display MAC address entries.
Usage guidelines If you execute this command without specifying any parameters, it displays all MAC address entries on the device. Examples # Display the MAC address entry for MAC address 000f-e201-0101. display mac-address 000f-e201-0101 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s) 000f-e201-0101 1 Learned GigabitEthernet0/1 AGING --- 1 mac address(es) found --- Table 14 Command output Field Description MAC ADDR MAC address.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines The MAC address entries configuration cannot survive a reboot unless you save it. However, the dynamic MAC address entries are lost at next reboot regardless of whether you save the configuration or not. Examples # Add a static entry for MAC address 000f-e201-0101 on port GigabitEthernet 0/1 that belongs to VLAN 2.
mac-address: Specifies a MAC address in the format of H-H-H, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted. For example, entering "f-e2-1" indicates that the MAC address is "000f-00e2-0001." vlan vlan-id: Specifies an existing VLAN to which the Ethernet interface belongs, where vlan-id is the specified VLAN ID, ranging from 1 to 4094. dynamic: Specifies dynamic MAC address entries, which can be aged. static: Specifies static MAC address entries.
Default The maximum number of MAC addresses that can be learned on a port varies with device models, and frames received are forwarded when the upper limit is reached. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters count: Sets the maximum number of MAC addresses that can be learned on a port. When the argument takes 0, the port is not allowed to learn MAC addresses. The value ranges from 0 to 1024.
Use undo mac-address timer to restore the default. Syntax mac-address timer { aging seconds | no-aging } undo mac-address timer aging Views System view Default command level 2: System level Parameters aging seconds: Sets an aging timer (in seconds) for dynamic MAC address entries. The default value is 300.
Spanning tree configuration commands active region-configuration Use active region-configuration to activate your MST region configuration. Syntax active region-configuration Views MST region view Default command level 2: System level Usage guidelines When you configure MST region–related parameters, MSTP launches a new spanning tree calculation process that may cause network topology instability. This is most likely to occur when you configure the VLAN-to-instance mapping table.
Views MST region view Default command level 2: System level Usage guidelines Two or more spanning tree devices belong to the same MST region only if they are configured with the same format selector (0 Not configurable), MST region name, MST region revision level, and the same VLAN-to-instance mapping entries in the MST region, and if they are connected via a physical link. HP recommends that you use this command to determine whether the MST region configurations to be activated are correct.
Syntax display stp [ instance instance-id ] [ interface interface-list ] [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters instance instance-id: Displays the status and statistics information of a specific MSTI. For the value range for instance-id, see "instance." 0 represents the common internal spanning tree (CIST).
Examples # In MSTP mode, display the brief spanning tree status and statistics information of MSTI 0 on ports GigabitEthernet 0/1 through GigabitEthernet 0/4.
Time since last TC :0 days 0h:5m:42s ----[Port1(GigabitEthernet0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :32768.000f-e200-2200 / 128.
Table 17 Command output Field Description CIST Bridge CIST bridge ID, which comprises the device's priority in the CIST and its MAC address. For example, in output "32768.000f-e200-2200," the value preceding the dot is the device's priority in the CIST, and the value following the dot is the device's MAC address. Bridge ID Bridge ID, which comprises the device's priority in VLAN 1 and its MAC address. For example, in output "32768.
Field Description Designated bridge ID and port ID of the port. Desg. Bridge/Port The port ID displayed is insignificant for a port which does not support port priority. The port is an edge port or non-edge port. Port Edged • Config—Configured value. • Active—Actual value. The port is connected to a point-to-point link or not. Point-to-point • Config—Configured value. • Active—Actual value. Transmit Limit Maximum number of packets sent within each hello time.
Field Description Bridge-Prio. In MSTP mode, this field indicates the device's priority in the CIST. Max age(s) Aging timer (in seconds) for BPDUs. Forward delay(s) Port state transition delay (in seconds). Hello time(s) Interval (in seconds) for the root bridge to send BPDUs. Max hops Maximum hops in the MSTI. Related commands reset stp display stp abnormal-port Use display stp abnormal-port to display information about ports blocked by spanning tree protection functions.
Field Description Reason the port was blocked: Reason • ROOT-Protected—Root guard function. • LOOP-Protected—Loop guard function. • Formatcompatibility-Protected—MSTP BPDU format incompatibility protection function. • InconsistentPortType-Protected—Port type inconsistent protection function. • InconsistentPvid-Protected—PVID inconsistent protection function. display stp bpdu-statistics Use display stp bpdu-statistics to display the BPDU statistics on ports.
• If you specify a port, this command displays the BPDU statistics on the port. Examples # In MSTP mode, display the BPDU statistics of all MSTIs on GigabitEthernet 0/1.
Timeout BPDUs 0 MAX-hoped BPDUs 0 TC detected 0 TC sent 0 TC received 0 Table 19 Command output Field Description Port Port name. Instance-independent Statistics not related to any particular MSTI. Type Statistical item. Looped-back BPDUs BPDUs sent and then received by the same port. Max-Aged BPDUs BPDUs whose max age was exceeded. TCN Sent TCN BPDUs sent. TCN Received TCN BPDUs received. TCA Sent TCA BPDUs sent. TCA Received TCA BPDUs received.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines In STP or RSTP mode, the displayed information is sorted by port role calculation time. In MSTP mode: • If you do not specify any MSTI, this command displays the historical port role calculation information for all MSTIs. The displayed information is sorted by MSTI ID and by port role calculation time in each MSTI.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines In STP or RSTP mode, the displayed information is sorted by port name.
The following matrix shows the value range for the instance-id argument on different firewalls and UTM devices: Hardware Value range F1000-A-EI/F1000-S-EI 0 to 15 F1000-E 0 to 15 F5000 0 to 15 Firewall module 0 to 15 U200-A 0 to 7 U200-S 0 to 7 vlan vlan-list: Specifies a VLAN list in the format of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>, where the vlan-id argument represents the VLAN ID, which ranges from 1 to 4094, and &<1-10> indicates that you can specify up to 10 vlan-id [ to vlan-i
Views MST region view Default command level 2: System level Parameters name: Specifies the MST region name, a string of 1 to 32 characters. Usage guidelines The MST region name, the VLAN-to-instance mapping table, and the MSTP revision level of a device determine the device's MST region. After configuring this command, run the active region-configuration command to activate the configured MST region name. Examples # Set the MST region name of the device to hello.
Usage guidelines The MSTP statistics information includes the numbers of TCN BPDUs, configuration BPDUs, RST BPDUs and MST BPDUs sent/received through the specified ports. Examples # Clear the spanning tree-related statistics on ports GigabitEthernet 0/1 through GigabitEthernet 0/3. reset stp interface gigabitethernet 0/1 to gigabitethernet 0/3 Related commands display stp revision-level Use revision-level to configure the MSTP revision level.
• region-name • vlan-mapping modulo stp bpdu-protection Use stp bpdu-protection to enable the BPDU guard function. Use undo stp bpdu-protection to disable the BPDU guard function. Syntax stp bpdu-protection undo stp bpdu-protection Default The BPDU guard function is disabled. Views System view Default command level 2: System level Examples # Enable the BPDU guard function.
network diameter. With the network diameter set to 7 (the default), the three timers will also be set to their defaults. To set the network diameter of an STP/RSTP/MSTP switched network, use this command without specifying any VLAN. In STP, RSTP, or MSTP mode, each MST region is considered as a device, and the configured network diameter of the switched network is only effective for the CIST (or the common root bridge), not for MSTIs.
Examples # Configure GigabitEthernet 0/1 to receive and send only standard-format (802.1s) MSTP packets. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] stp compliance dot1s stp config-digest-snooping Use stp config-digest-snooping to enable Digest Snooping. Use undo stp config-digest-snooping to disable Digest Snooping. Syntax stp config-digest-snooping undo stp config-digest-snooping Default The feature is disabled by default.
stp cost Use stp cost to set the path cost of the port or ports. Use undo stp cost to restore the default. Syntax stp [ instance instance-id ] cost cost undo stp [ instance instance-id ] cost Default The device automatically calculates the path costs of ports in each spanning tree based on the corresponding standard. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters instance instance-id: Sets the path cost of the ports in a particular MSTI.
[Sysname] interface gigabitethernet 0/3 [Sysname-GigabitEthernet0/3] stp instance 2 cost 200 Related commands • display stp • stp pathcost-standard stp edged-port Use stp edged-port enable to configure one or more ports as edge ports. Use stp edged-port disable to configure one or more ports as non-edge ports. Use undo stp edged-port to restore the default. Syntax stp edged-port { enable | disable } undo stp edged-port Default All ports are non-edge ports.
[Sysname-GigabitEthernet0/1] stp edged-port enable Related commands stp loop-protection stp enable Use stp enable to enable the spanning tree feature. Use undo stp enable to disable the spanning tree feature. Syntax stp enable undo stp enable Default The spanning tree feature is enabled on all ports and disabled globally.
stp loop-protection Use stp loop-protection to enable the loop guard function on the ports. Use undo stp loop-protection to disable the loop guard function on the ports. Syntax stp loop-protection undo stp loop-protection Default The loop guard function is disabled. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines Configured in Ethernet interface view, the setting takes effect only on the interface.
Views System view Default command level 2: System level Parameters hops: Sets the maximum hops, ranging from 1 to 40. Usage guidelines The maximum hops limit the size of the MST region. Examples # Set the maximum hops of the MST region to 35. system-view [Sysname] stp max-hops 35 Related commands display stp stp mcheck Use stp mcheck to perform the mCheck operation globally or on a port.
Configured in Ethernet interface view, the setting takes effect only on the interface. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface. Configured on a member port in an aggregation group, the setting takes effect only after the port leaves the aggregation group. Examples # Perform mCheck on GigabitEthernet 0/1.
stp no-agreement-check Use stp no-agreement-check to enable No Agreement Check on the ports. Use undo stp no-agreement-check to disable No Agreement Check on the ports. Syntax stp no-agreement-check undo stp no-agreement-check Default No Agreement Check is disabled. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines Configured in Ethernet interface view, the setting takes effect only on the interface.
Parameters dot1d-1998: Configures the device to calculate the default path cost for ports based on IEEE 802.1d-1998. dot1t: Configures the device to calculate the default path cost for ports based on IEEE 802.1t. legacy: Configures the device to calculate the default path cost for ports based on a private standard. Usage guidelines If you change the standard that the device uses in calculating the default path costs, you restore the path costs to the default.
When connecting to a non-point-to-point link, a port is incapable of rapid state transition. You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that operates in full duplex mode. HP recommends that you use the default setting to let the device automatically detect the port link type. The stp point-to-point force-false or stp point-to-point force-true command configured on a port in MSTP mode is effective for all MSTIs.
To set the priority of an MSTP port in a specific MSTI, use this command with the MSTI specified. To set the priority of an MSTP port in the CIST or an STP or RSTP port, use this command without specifying any MSTI. Port priority affects the role of a port in a spanning tree. The smaller the value, the higher the port priority. If all ports on your device use the same priority value, the port priority depends on the port index. The smaller the index, the higher the priority.
stp region-configuration Use stp region-configuration to enter MST region view. Use undo stp region-configuration to restore the default MST region configurations. Syntax stp region-configuration undo stp region-configuration Views System view Default command level 2: System level Usage guidelines These are the default settings for the MST region: • The MST region name of the device is the MAC address of the device. • All VLANs are mapped to the CIST. • The MSTP revision level is 0.
Parameters instance instance-id: Configures the device as the root bridge in a particular MSTI. For the value range for instance-id, see "instance." 0 represents the CIST. Usage guidelines To set an MSTP device as the root bridge in a specific MSTI, use this command with the MSTI specified. To set an MSTP device in the CIST or an STP or RSTP device as the root bridge, use this command without specifying any MSTI. Once you specify the device as the root bridge, you cannot change the priority of the device.
[Sysname] stp instance 1 root secondary Related commands • stp priority • stp root primary stp root-protection Use stp root-protection to enable the root guard function on the ports. Use undo stp root-protection to disable the root guard function on the ports. Syntax stp root-protection undo stp root-protection Default The root guard function is disabled.
Default The TC-BPDU attack guard function is enabled. Views System view Default command level 2: System level Usage guidelines With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the device can perform every a certain period of time (10 seconds). For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries.
Related commands stp tc-protection stp timer forward-delay Use stp timer forward-delay to set the forward delay timer of the device. Use undo stp timer forward-delay to restore the default. Syntax stp timer forward-delay time undo stp timer forward-delay Default The forward delay timer is 15 seconds. Views System view Default command level 2: System level Parameters time: Sets the forward delay (in 0.01 seconds), ranging from 400 to 3000 in increments of 100 (as indicated by 400, 500, 600).
Syntax stp timer hello time undo stp timer hello Default The hello time is 2 seconds. Views System view Default command level 2: System level Parameters time: Sets the hello time (in 0.01 seconds), ranging from 100 to 1000 in increments of 100 (as indicated by 100, 200, 300). Usage guidelines Hello time is the time interval at which spanning tree devices send configuration BPDUs to maintain spanning tree.
Default command level 2: System level Parameters time: Sets the max age (in 0.01 seconds), ranging from 600 to 4000 in increments of 100 (as indicated by 600, 700, 800). Usage guidelines In the CIST of an MSTP network, the device determines whether a configuration BPDU received on a port has expired based on the max age timer. If yes, a new spanning tree calculation process starts. The max age timer is ineffective for MSTIs. HP does not recommend that you set the max age timer with this command.
After the network topology is stabilized, each non-root-bridge device forwards configuration BPDUs to the surrounding devices at the interval of hello time to check whether any link is faulty. If a device does not receive a BPDU from the upstream device within nine times the hello time, it will assume that the upstream device has failed and start a new spanning tree calculation process. In a stable network, this kind of spanning tree calculation may occur because the upstream device is busy.
Examples # Set the maximum transmission rate of port GigabitEthernet 0/1 to 5. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] stp transmit-limit 5 vlan-mapping modulo Use vlan-mapping modulo to map VLANs in the MST region to MSTIs according to the specified modulo value, quickly creating a VLAN-to-instance mapping table. Syntax vlan-mapping modulo modulo Default All VLANs are mapped to the CIST (MSTI 0).
[Sysname-mst-region] vlan-mapping modulo 6 Related commands • active region-configuration • check region-configuration • display stp region-configuration • region-name • revision-level 114
PPP configuration commands PPP configuration commands The following matrix shows the feature and hardware compatibility: Hardware PPP compatible F1000-A-EI/F1000-S-EI Yes only in dialer interface view and virtual template (VT) interface view F1000-E Yes only in VT interface view F5000 Yes only in VT interface view Firewall module Yes only in VT interface view U200-A Yes only in dialer interface view and VT interface view U200-S Yes only in dialer interface view and VT interface view display pp
148 Virtual-Template1:0 Virtual-Template10:0 135 Virtual-Template1:1 Virtual-Template3:0 136 Virtual-Template1:2 Virtual-Template4:0 Table 25 Command output Field Description Userindex Assigned user index during authentication. ChannelIf User binding member interface. UserbindIf User binding interface, used for protocol negotiation and packet transmission at the network layer.
Syntax ip pool pool-number low-ip-address [ high-ip-address ] undo ip pool pool-number Default No IP address pool is configured for PPP users. Views System view, ISP domain view Default command level 2: System level Parameters pool-number: Number of the address pool, in the range of 0 to 99. low-ip-address: Start address of the address pool. high-ip-address: End IP address of the address pool. An address pool can contain up to 1024 IP addresses.
Default command level 2: System level Usage guidelines Only dialer interfaces support this command. By default, dialer interfaces use PPP as the link layer protocol. The following matrix shows the link-protocol ppp command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI Yes F1000-E No F5000 No Firewall module No U200-A Yes U200-S Yes Examples # Enable PPP encapsulation on Dialer 1.
The following matrix shows the ppp accm command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI No F1000-E No F5000 No Firewall module No U200-A No U200-S Yes Examples # Set the ACCM value sent to the peer on Dialer 1 to 0x01010101. system-view [Sysname] interface Dialer 1 [Sysname-Dialer 1] ppp accm 01010101 ppp account-statistics enable Use ppp account-statistics enable to enable PPP traffic statistics collection.
[Sysname] interface Virtual-Template 1 [Sysname-Virtual-Template1] ppp account-statistics enable ppp account-statics extend remote-address Use ppp account-statistics enable extend remote-address to enable extended PPP traffic statistics collection. Use undo ppp account-statistics enable extend remote-address to restore the default. Syntax ppp account-statics extend remote-address undo ppp account-statics extend remote-address Default Extended PPP traffic statistics collection is disabled.
Default command level 2: System level Parameters request: Specifies that the local end include the ACFC option in its transmitted LCP negotiation requests. Usage guidelines The following matrix shows the ppp acfc local command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI No F1000-E No F5000 No Firewall module No U200-A No U200-S Yes Examples # Configure port Dialer 1 to send ACFC requests to its peer in PPP negotiation.
reject: Configures the local end to reject ACFC requests sent from the remote peer. Usage guidelines The following matrix shows the ppp acfc remote command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI No F1000-E No F5000 No Firewall module No U200-A No U200-S Yes Examples # Configure port Dialer 1 to accept ACFC requests received from the remote peer and to perform ACFC on frames sent to the peer.
Usage guidelines If you run the ppp authentication-mode command with the domain keyword specified, you must configure an address pool in the corresponding domain. You can use the display domain command to display the domain configuration. If you configure the ppp authentication-mode command without specifying the domain name, the system checks the username for domain information. If the username contains a domain name, the domain will be used for authentication.
Use undo ppp chap password to cancel the configuration. Syntax ppp chap password { cipher | simple } password undo ppp chap password Views Interface view Default command level 2: System level Parameters cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies the password string for CHAP authentication. This argument is case sensitive. If simple is specified, it must be a string of 1 to 48 characters.
Parameters username: Username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer device for the local device to be authenticated. Usage guidelines To pass CHAP authentication, the username/password of one side must be the local username/password of the peer. Examples # Set the username for CHAP authentication as Root on interface Virtual-Template 1.
Examples # Set the primary DNS server IP address to 100.1.1.1 and the secondary DNS server IP address to 100.1.1.2 on interface Virtual-Template 1. system-view [Sysname] interface Virtual-Template 1 [Sysname-Virtual-Template1] ppp ipcp dns 100.1.1.1 100.1.1.2 ppp ipcp dns admit-any Use ppp ipcp dns admit-any to configure the device to accept the DNS server IP addresses assigned by the peer even though it does not request the peer for the DNS server IP addresses.
Default A device does not request its peer for the DNS server IP address actively. Views Interface view Default command level 2: System level Usage guidelines You can configure a device to request its peer (especially in cases where a device is connected to the operator's access server through a dial-up link) for the DNS server address during PPP negotiation to enable domain names to be resolved for the device. You can check the DNS server IP addresses of a port by displaying information about the port.
[Sysname-Virtual-Template1] remote address 10.0.0.1 # Configure IP address 10.0.0.1 on interface Virtual-Template 1 for the peer and assign the IP address to the peer by force. system-view [Sysname] interface Virtual-Template 1 [Sysname-Virtual-Template1] remote address 10.0.0.1 [Sysname-Virtual-Template1] ppp ipcp remote-address forced Related commands remote address ppp pap local-user Use ppp pap local-user to set the local username and password for PAP authentication.
Related commands • local-user (Access Control Command Reference) • password (Access Control Command Reference) ppp pfc local Use ppp pfc local to configure the local end to send PFC requests, that is, configure the local end to include the PFC option in its outbound LCP negotiation requests. Use undo ppp pfc local to configure the local end to exclude the PFC option from its outbound LCP negotiation requests.
ppp pfc remote Use ppp pfc remote to configure how the local end handles the PFC requests received from the remote peer. Use undo ppp pfc remote to restore the default. Syntax ppp pfc remote { apply | ignore | reject } undo ppp pfc remote Default The device accepts PFC requests received from a remote peer, but does not perform PFC on frames sent to the peer.
ppp timer negotiate Use ppp timer negotiate to set the PPP negotiation timeout time. Use undo ppp timer negotiate to restore the default. Syntax ppp timer negotiate seconds undo ppp timer negotiate Default The PPP negotiation timeout time is three seconds. Views Interface view Default command level 2: System level Parameters seconds: Negotiation timeout time to be set, in the range of 1 to 10 (in seconds).
[Sysname-Virtual-Template1] ppp user bind enable Related commands ppp user bind virtual-template ppp user bind virtual-template Use ppp user bind virtual-template to configure a PPP user binding rule. Use undo ppp user bind virtual-template to remove a PPP user binding rule. Syntax ppp user bind virtual-template number domain isp-name undo ppp user bind virtual-template number Default No PPP user binding rule is configured.
Views Interface view Default command level 2: System level Parameters ip-address: IP address to be assigned to the peer device. pool [ pool-number ]: Specifies the number of the address pool used for assigning an IP address to the peer. The pool-number argument ranges from 0 to 99 and defaults to 0. Usage guidelines The remote address command can be used when the local device is configured with an IP address, but the peer has no IP address.
undo timer hold Views Interface view Default command level 2: System level Parameters seconds: Interval (in seconds) for sending keepalive packets, in the range 0 to 32767. A value of 0 disables keepalive packet sending. Usage guidelines Because a slow link takes a long period of time to transmit large packets, the sending and receiving of keepalives may be delayed so long that one end cannot receive keepalive packets from the peer for a specific number of keepalive periods and shuts down the link.
Parameters number: Maximum number of links that can be used for transmitting multicast or broadcast packets, in the range of 0 to 128. The value 0 indicates that the transmission of multicast or broadcast packets is not supported. Usage guidelines For a VT interface containing multiple links, the system performance may decrease if all the links of the VT interface are engaged in multicast or broadcast packet transmission.
description Use description to set the description for the VT or MP-group interface. Use undo description to restore the default. Syntax description text undo description Default A VT or MP-group interface is described in the form of interface name Interface (for example, Virtual-Template1 Interface). Views VT interface view Default command level 2: System level Parameters text: Interface description, a case-sensitive character string of 1 to 80 characters.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description Line protocol current state Data link layer state: UP or DOWN. Description Description string of the interface. The Maximum Transmit Unit MTU of the interface. Hold timer Interval at which the current interface sends keepalive packets. Internet protocol processing Network layer state: enabled or disabled. LCP initial LCP negotiation is complete. Physical Physical type of the interface.
Field Description Description Description of the interface. Cause Cause of a DOWN physical link. If the port has been shut down with the shutdown command, this field displays Administratively. To restore the physical state of the interface, use the undo shutdown command. Related commands interface virtual-template display virtual-access Use display virtual-access to display information about a VA interface or the VA interfaces that are formed based on a VT interface.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines VA interfaces are created automatically by the system. They use the settings of the corresponding VT interfaces. A VA interface can be removed due to failures of lower layer connections or user intervention.
Usage guidelines To remove a VT interface, make sure all the corresponding VA interfaces are removed and the VT interface is not in use. Examples # Create interface VT 10. system-view [Sysname] interface Virtual-Template 10 [Sysname-Virtual-Template10] mtu Use mtu to set the MTU size of the interface. Use undo mtu to restore the default. Syntax mtu size undo mtu Default The MTU of an interface is 1500 bytes.
Parameters interface-number: Number of a VT interface. Usage guidelines Before collecting traffic statistics within a specific period of time on a VT interface, clear the existing statistics. If you do not specify the virtual-template keyword, this command clears statistics on all interfaces. If you specify the virtual-template keyword without the interface-number argument, this command clears statistics on all VT interfaces. Examples # Clear statistics on interface VT 10.
PPPoE configuration commands The following matrix shows the feature and hardware compatibility: Hardware PPPoE compatible F1000-A-EI/F1000-S-EI Yes F1000-E No F5000 No Firewall module No U200-A Yes U200-S Yes PPPoE client configuration commands display pppoe-client session Use display pppoe-client session to display information about a PPPoE session.
Examples # Display PPPoE session summary. display pppoe-client session summary PPPoE Client Session: ID Bundle Dialer Intf 1 1 1 GE0/1 00e014004300 RemMAC 00e015004100 LocMAC PPPUP State 1 2 2 GE0/2 00e015004300 00e016004100 PPPUP Table 27 Command output Field Description ID PPPoE session ID. Bundle Dialer bundle to which a PPPoE session belongs. Dialer Dialer interface corresponding to a PPPoE session. Intf Ethernet interface where the PPPoE session is present.
pppoe-client Use pppoe-client to establish a PPPoE session and specify the dialer bundle corresponding to the session. Use undo pppoe-client to remove a PPPoE session. Syntax pppoe-client dial-bundle-number number [ no-hostuniq ] | idle-timeout seconds [ queue-length packets ] ] undo pppoe-client dial-bundle-number number Default The Host-Uniq field is carried. Default No PPPoE session is established.
a PPPoE session operating in this mode, if no data is transmitted across it within the period specified by the seconds argument, the PPPoE session is terminated automatically. The difference between the reset pppoe-client command and the undo pppoe-client command is that the former only temporarily terminates a PPPoE session, but the latter permanently removes a PPPoE session.
Layer 2 forwarding configuration commands Normal Layer 2 forwarding configuration commands display mac-forwarding statistics Use display mac-forwarding statistics to display Layer 2 forwarding statistics.
Total sent: 666 Filtered:0 STP discarded:0 # Display forwarding statistics of GigabitEthernet 0/1. display mac-forwarding statistics interface gigabitethernet 0/1 GigabitEthernet 0/1: Input frames:100 Input bytes:23 Output frames:100 Output bytes:23 Filtered:0 Invalid Tag:0 Table 29 Command output Field Description Total received Total number of received Ethernet frames. Filtered Number of frames filtered out by 802.1Q Tagged VLAN inbound filtering rules.
Views User view Default command level 1: Monitor level Examples # Clear all Layer 2 forwarding statistics. reset mac-forwarding statistics Inline forwarding configuration commands display inline-interfaces Use display inline-interfaces to display inline forwarding information. Syntax display inline-interfaces [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Field Description Interface Interface pair or interface in an inline forwarding entry. inline-interfaces Use inline-interfaces to create an inline forwarding entry. Use undo inline-interfaces to remove an inline forwarding entry. Syntax inline-interfaces id [ blackhole | reflect ] undo inline-interfaces id Views System view Default command level 2: System level Parameters id: Specifies the ID for an inline forwarding entry, in the range of 1 to 100.
Default command level 2: System level Parameters id: Specifies the ID of an existing inline forwarding entry. Usage guidelines A forward-type inline forwarding entry must contain two interfaces. Otherwise, it does not take effect. If only one interface is assigned, the interface performs normal Layer 2 forwarding. A reflect-type or blackhole-type inline forwarding entry can contain only one interface.
DHCP server configuration commands bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey [ cipher | simple ] key undo bims-server Default No BIMS server information is specified.
bootfile-name Use bootfile-name to specify a bootfile name in a DHCP address pool. Use undo bootfile-name to remove the specified bootfile name. Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Default command level 2: System level Parameters bootfile-name: Boot file name, a string of 1 to 63 characters. Usage guidelines If you execute the bootfile-name command multiple times, the most recent configuration takes effect.
Usage guidelines Enable DHCP before performing DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration.
Use undo dhcp select server global-pool to remove the configuration. Upon receiving a DHCP request from a client, the interface neither assigns an IP address to the client, nor serves as a DHCP relay agent to forward the request. Syntax dhcp select server global-pool [ subaddress ] undo dhcp select server global-pool [ subaddress ] Default The DHCP server is enabled on an interface when DHCP is enabled.
Default The function is disabled. Views Interface view Default command level 2: System level Usage guidelines With this feature enabled, the DHCP server considers that a DHCP client goes offline when the ARP entry for the client ages out. In addition, it removes the client entry and releases the IP address of the client. Examples # Enable client offline detection on the DHCP server.
Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] Default All IP addresses in a DHCP address pool are assignable except IP addresses of the DHCP server interfaces. Views System view Default command level 2: System level Parameters low-ip-address: Specifies the start IP address.
undo dhcp server ip-pool pool-name Default No DHCP address pool is created. Views System view Default command level 2: System level Parameters pool-name: Specifies the name for the global address pool, a string of 1 to 35 characters used to uniquely identify this pool. extended: Specifies the address pool as an extended address pool. If you do not specify this keyword, the address pool is a common address pool. Examples # Create the common address pool identified by 0.
The DHCP server pings the IP address. If the server gets a response within the specified period, the server believes that the IP address is in use, selects and pings another IP address. If not, the server pings the IP address again until the maximum number of ping packets are sent. If still no response is received, the server assigns the IP address to the requesting client. Examples # Specify the maximum number of ping packets as 10.
Syntax dhcp server relay information enable undo dhcp server relay information enable Default The DHCP server handles Option 82. Views System view Default command level 2: System level Examples # Configure the DHCP server to ignore Option 82. system-view [Sysname] undo dhcp server relay information enable dhcp server threshold Use dhcp server threshold to enable the DHCP server to send trap messages to the network management server when the specified threshold is reached.
threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. Examples # Enable the DHCP server to send trap messages to the network management server when the ratio of successfully allocated IP addresses to received DHCP requests within five minutes exceeds 50%.
Table 31 Command output Field Description Address Conflicted IP address. Discover Time Time when the conflict was discovered. Related commands reset dhcp server conflict display dhcp server expired Use display dhcp server expired to display the lease expiration information.
2f31 --- total 1 entry --- Table 32 Command output Field Description IP address Expired IP address. Client-identifier/Hardware address Client ID or MAC address. Lease expiration Time when the lease expired. Type Types of lease expirations. This field is set to Release. display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
pool [ pool-name ]: Displays the binding information for the specified IP address pool. The pool name is a string of 1 to 35 characters. If you do not specify any pool name, this command displays the binding information about all address pools. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Lease expiration time: • Specific time (May 1 2009 14:02:49 in this example)—Time Lease expiration when the lease expires. • NOT Used—The IP address of the static binding has not been assigned to the specific client. • Unlimited—Infinite lease expiration time. Binding types: • Manual—Static binding. • Auto:OFFERED—The binding sent in the DHCP-OFFER message Type from the server to the client. • Auto:COMMITTED—The binding sent in the DHCP-ACK message from the server to the client.
DHCPDISCOVER: 5 DHCPREQUEST: 3 DHCPDECLINE: 0 DHCPRELEASE: 2 DHCPINFORM: 0 BOOTPREQUEST: 0 BOOTP Reply: 6 DHCPOFFER: 3 DHCPACK: 3 DHCPNAK: 0 BOOTPREPLY: 0 Bad Messages: 0 Table 35 Command output Field Description Global Pool Statistics of a DHCP address pool. Pool Number Number of address pools. Auto Number of dynamic bindings. Manual Number of static bindings. Expire Number of expired bindings. DHCP packets received from clients: BOOTP Request • • • • • • DHCPDISCOVER.
Default command level 1: Monitor level Parameters all: Displays information about all DHCP address pools. pool [ pool-name ]: Displays information about a specific address pool. The pool name argument is a string of 1 to 35 characters. If you do not specify any pool name, this command displays information about all address pools. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description static-bind ip-address 10.10.1.2 mask 255.0.0.0 IP address and MAC address of the static binding. static-bind mac-address 00e0-00fc-0001 Sibling node of the current node. Nodes of this kind in the output information can be: • Child node—The child node (subnet segment) address pool of the current node. • Parent node—The parent node (nature network segment) Sibling node address pool of the current node.
Examples # Specify the DNS server address 10.1.1.254 for the DHCP client in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.254 Related commands • dhcp server ip-pool • display dhcp server tree domain-name Use domain-name to specify a domain name in a DHCP address pool. Use undo domain-name to remove the specified domain name. Syntax domain-name domain-name undo domain-name Default No domain name suffix is specified.
Default The lease duration of a static address pool is unlimited, and the lease duration of a dynamic address pool is one day. Views DHCP address pool view Default command level 2: System level Parameters day day: Specifies the number of days in the range of 0 to 365. hour hour: Specifies the number of hours in the range of 0 to 23. minute minute: Specifies the number of minutes in the range of 0 to 59. second second: Specifies the number of seconds in the range of 0 to 59.
Default command level 2: System level Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. all: Excludes all IP addresses from dynamic allocation. Usage guidelines Only the extended address pools support this command. IP addresses specified with the forbidden-ip command in DHCP address pool view are excluded from dynamic address allocation in the current extended address pool only.
Usage guidelines If you use the gateway-list command multiple times, the most recent configuration takes effect. Examples # Specify the gateway address 10.110.1.99 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] gateway-list 10.110.1.99 Related commands • dhcp server ip-pool • display dhcp server tree nbns-list Use nbns-list to specify WINS server addresses in a DHCP address pool. Use undo nbns-list to remove the specified WINS server addresses.
netbios-type Use netbios-type to specify the NetBIOS node type in a DHCP address pool. Use undo netbios-type to remove the specified NetBIOS node type. Syntax netbios-type { b-node | h-node | m-node | p-node } undo netbios-type Default No NetBIOS node type is specified. Views DHCP address pool view Default command level 2: System level Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server.
Default No subnet is specified. Views DHCP address pool view Default command level 2: System level Parameters network-address: Subnet for dynamic allocation. If no mask length and mask is specified, the natural mask is used. mask-length: Mask length in the range of 1 to 30. mask mask: Specifies the IP address network mask in dotted decimal format. Usage guidelines You can specify only one subnet for each common address pool.
Usage guidelines In a common address pool, you can use the network ip range command to further specify an IP address range on the subnet for address allocation. The specified IP address range must belong to the subnet; otherwise the common address pool cannot assign IP addresses. You can specify only one IP address range for each address pool. If you use the network ip range command repeatedly, the latest configuration takes effect. Examples # Specify addresses 10.1.1.1 through 10.1.1.150 on subnet 10.1.1.
If you specify an IP address range for an extended address pool without an IP address mask, the extended address pool is not valid, and therefore the system cannot assign IP addresses from the extended address pool. Examples # Specify 255.255.255.0 as the IP address mask for dynamic allocation in extended address pool 0. system-view [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] network mask 255.255.255.
option Use option to configure a self-defined DHCP option in a DHCP address pool. Use undo option to remove a self-defined DHCP option from a DHCP address pool. Syntax option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } undo option code Default The option command is not configured.
Default command level 2: System level Parameters all: Clears the conflict statistics of all IP addresses. ip ip-address: Clears the conflict statistics of a specific IP address. Examples # Clears the statistics of all IP address conflicts. reset dhcp server conflict all Related commands display dhcp server conflict reset dhcp server ip-in-use Use reset dhcp server ip-in-use to clear dynamic IP address binding information.
Default command level 1: Monitor level Examples # Clear the statistics of the DHCP server. reset dhcp server statistics Related commands display dhcp server statistics static-bind client-identifier Use static-bind client-identifier to specify the client ID of a static binding in a DHCP address pool. Use undo static-bind client-identifier to remove the client ID of a static binding from a DHCP address pool.
Related commands • dhcp server ip-pool • static-bind ip-address • static-bind mac-address • display dhcp server tree • display dhcp client verbose static-bind ip-address Use static-bind ip-address to specify an IP address in a DHCP address pool for a static binding. Use undo static-bind ip-address to remove the statically bound IP address.
• static-bind client-identifier • static-bind mac-address • display dhcp server tree static-bind mac-address Use static-bind mac-address to statically bind a MAC address to an IP address in a DHCP address pool. Use undo static-bind mac-address to remove the statically bound MAC address. Syntax static-bind mac-address mac-address undo static-bind mac-address Default No MAC address is statically bound.
Syntax tftp-server domain-name domain-name undo tftp-server domain-name Default No TFTP server name is specified. Views DHCP address pool view Default command level 2: System level Parameters domain-name: TFTP server name, a string of 1 to 63 characters. Usage guidelines If you execute the tftp-server domain-name command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server name as aaa in DHCP address pool 0.
Usage guidelines If you execute the tftp-server ip-address command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server address 10.1.1.1 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.1 Related commands • dhcp server ip-pool • display dhcp server tree vendor-class-identifier Use vendor-class-identifier to specify an IP address range for the DHCP clients of a specific vendor.
Examples # Specify IP address rang 10.1.1.1 to 10.1.1.5 for the DHCP clients of vender a0 b0 0c. system-view [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] vendor-class-identifier a0 b0 0c ip range 10.1.1.1 10.1.1.
DHCP relay agent configuration commands The DHCP relay agent configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, and Layer 3 aggregate interfaces. dhcp enable (for DHCP relay agent) Use dhcp enable to enable DHCP. Use undo dhcp enable to disable DHCP. Syntax dhcp enable undo dhcp enable Default DHCP is disabled.
Default command level 2: System level Usage guidelines With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings after clients get IP addresses through DHCP. It also supports static bindings. You can manually configure IP-to-MAC bindings on the DHCP relay agent, so that users can access external networks using fixed IP addresses.
[Sysname-GigabitEthernet0/1] dhcp relay check mac-address dhcp relay client-detect enable Use dhcp relay client-detect enable to enable offline detection on the DHCP relay agent. Use undo dhcp relay client-detect enable to disable offline detection on the DHCP relay agent. Syntax dhcp relay client-detect enable undo dhcp relay client-detect enable Default This function is disabled.
Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex. Usage guidelines This command applies to configuring the non-user-defined circuit ID sub-option only. After you configure the padding content for the circuit ID sub-option by using the dhcp relay information circuit-id string command, ASCII is adopted as the code type. Examples # Configure the code type for the non-user-defined circuit ID sub-option as hex.
Related commands • dhcp relay information format • display dhcp relay information dhcp relay information enable Use dhcp relay information enable to enable the relay agent to support Option 82. Use undo dhcp relay information enable to disable Option 82 support. Syntax dhcp relay information enable undo dhcp relay information enable Default Option 82 support is disabled on DHCP relay agent.
Parameters normal: Specifies the normal padding format. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies access node identifier. By default, the node MAC address is used as the node identifier. • mac indicates using MAC address as the node identifier. • sysname indicates using the device name of a node as the node identifier.
hex: Specifies the code type for the remote ID sub-option as hex. Usage guidelines This command applies to configuring the non-user-defined remote ID sub-option only. After you configure the padding content for the remote ID sub-option by using the dhcp relay information remote-id string command, ASCII is adopted as the code type. Examples # Configure the code type for the non-user-defined remote ID sub-option as hex.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] dhcp relay information remote-id string device001 Related commands • dhcp relay information format • display dhcp relay information dhcp relay information strategy Use dhcp relay information strategy to configure DHCP relay agent handling strategy for messages containing Option 82. Use undo dhcp relay information strategy to restore the default handling strategy.
Views System view Default command level 2: System level Parameters client-ip: DHCP client IP address. Examples # Request the DHCP server to release the IP address 1.1.1.1. system-view [Sysname] dhcp relay release ip 1.1.1.1 dhcp relay security static Use dhcp relay security static to configure a static client entry, which is the binding between IP address, MAC address, and Layer 3 interface on the relay agent.
Examples # Bind DHCP relay interface GigabitEthernet 0/1 to IP address 10.10.1.1 and MAC address 0005-5d02-f2b3 of the client. system-view [Sysname] dhcp relay security static 10.10.1.1 0005-5d02-f2b3 interface gigabitethernet 0/1 Related commands display dhcp relay security dhcp relay security refresh enable Use dhcp relay security refresh enable to enable the DHCP relay agent to periodically refresh dynamic client entries.
Syntax dhcp relay security tracker { interval | auto } undo dhcp relay security tracker [ interval ] Default The refreshing interval is auto, the value of 60 seconds divided by the number of binding entries. Views System view Default command level 2: System level Parameters interval: Refreshing interval in seconds in the range of 1 to 120. auto: Specifies the auto refreshing interval, which is the value of 60 seconds divided by the number of binding entries.
After information about recorded DHCP servers is cleared, the relay agent re-records server information following this mechanism. Examples # Enable unauthorized DHCP server detection. system-view [Sysname] dhcp relay server-detect dhcp relay server-group Use dhcp relay server-group to specify a DHCP server for a DHCP server group.
Syntax dhcp relay server-select group-id undo dhcp relay server-select Default No DHCP server group is correlated with an interface on the relay agent. Views Interface view Default command level 2: System level Parameters group-id: DHCP server group number to be correlated, in the range of 0 to 19. Usage guidelines A DHCP server group can correlate with one or multiple DHCP relay agent interfaces.
Usage guidelines After DHCP is enabled, the DHCP server is enabled on an interface by default. Upon receiving a client's request from the interface, the DHCP server allocates an IP address from the DHCP address pool to the client. When the working mode of the interface is changed from DHCP server to DHCP relay agent, neither the IP address leases nor the authorized ARP entries are deleted. However, these ARP entries may conflict with new ARP entries generated on the DHCP relay agent.
Table 37 Command output Field Description Server-group DHCP server group number correlated to the interface. display dhcp relay information Use display dhcp relay information to display Option 82 configuration information on the DHCP relay agent.
Remote ID format-type: ASCII User defined: Remote ID: device001 Table 38 Command output Field Description Interface Interface name. Status Option 82 state: Enable or Disable. Strategy Handling strategy for requesting messages containing Option 82, Drop, Keep, or Replace. Format Padding format of Option 82, Normal or Verbose. Circuit ID format-type Non-user-defined code type of the circuit ID sub-option, ASCII or HEX.
Usage guidelines Enable address check or authorized ARP support on the DHCP relay agent before it can generate dynamic client entries. Examples # Display information about all bindings. display dhcp relay security IP Address MAC Address Type Interface 10.1.1.1 00e0-0000-0001 Static GE0/1 10.1.1.5 00e0-0000-0000 Static GE0/2 --- 2 dhcp-security item(s) found --- Table 39 Command output Field Description IP Address Client IP address. MAC Address Client MAC address.
display dhcp relay security statistics Static Items :1 Dynamic Items :0 Temporary Items :0 All Items :1 Table 40 Command output Field Description Static Items Static binding items. Dynamic Items Dynamic binding items. Temporary Items Temporary binding items. All Items All binding items. display dhcp relay security tracker Use display dhcp relay security tracker to display the interval for refreshing dynamic bindings on the relay agent.
Syntax display dhcp relay server-group { group-id | all } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters group-id: Displays information about the specified DHCP server group numbered from 0 to 19. all: Displays information about all DHCP server groups. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Parameters group-id: Specifies a server group number (in the range of 0 to 19) about which to display DHCP packet statistics. all: Specifies all server groups about which to display DHCP packet statistics. Information for each group is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
DHCPINFORM packets sent: 0 DHCPRELEASE packets sent: 0 DHCPDECLINE packets sent: 0 BOOTPREQUEST packets sent: 0 DHCP packets sent to clients: 0 DHCPOFFER packets sent: 0 DHCPACK packets sent: 0 DHCPNAK packets sent: 0 BOOTPREPLY packets sent: 0 # Display DHCP packet statistics related to every server group on the relay agent.
reset dhcp relay statistics Related commands display dhcp relay statistics 207
DHCP client configuration commands The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, and Layer 3 aggregate interfaces. When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be the Windows 2000 Server or Windows 2003 Server. You cannot configure an interface of an aggregation group as a DHCP client.
Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59 to 2005.08.16 15:37:59 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2 Classless static route: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16 DNS server: 44.1.1.11 DNS server: 44.1.1.12 Domain name: ddd.com Boot server: 200.
Field Description Static route Classful static routes assigned to the client. DNS server DNS server address assigned to the client. Domain name Domain name suffix assigned to the client. Boot server PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43. Client ID DHCP client ID. T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. How long the T1 (1/2 lease time) timer will timeout.
BOOTP client configuration commands BOOTP client configuration can only be used on Layer 3 Ethernet interfaces (including subinterfaces), Layer 3 aggregate interfaces, and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server. You cannot configure an interface of an aggregation group as a BOOTP client.
Table 43 Command output Field Description GigabitEthernet0/1 BOOTP client information or Vlan-interface1 BOOTP client information Information about the interface that serves as a BOOTP client. Allocated IP BOOTP client's IP address allocated by the BOOTP server. Transaction ID Value of the XID field in a BOOTP message, a random number chosen when the BOOTP client sends a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server.
IPv4 DNS configuration commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display dns host Use display dns host to display the dynamic DNS cache information. Syntax display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip: Displays the dynamic cache information about type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Displays the dynamic cache information about type AAAA queries.
display dns host No. Host TTL Type Reply Data 1 sample.com 3132 IP 192.168.10.1 2 sample.net 2925 IPv6 FE80::4904:4448 3 sip.sample.com 3122 NAPTR 100 10 u sip+E2U !^.*$!sip:info.se!i 4 website.tcp.sample.com 3029 SRV 10 10 8080 iis.sample.com Table 45 Command output Field Description No Sequence number. Host Domain name for query. TTL Time that a mapping can be stored in the cache (in seconds). Type Query type, IP, IPv6, NAPTR, and SRV.
Examples # Display the IPv4 DNS server information. display dns server Type: D:Dynamic DNS Server 1 S:Static Type IP Address S 169.254.65.125 Table 46 Command output Field Description DNS Server Sequence number of the DNS server, configured automatically by the device, starting from 1. Type of domain name server: Type • S—A manually configured DNS server. • D—A DNS server obtained dynamically through DHCP. IP Address IPv4 address of the DNS server.
My 0 static 1.1.1.1 Aa 0 static 2.2.2.4 Table 47 Command output Field Description Host Host name. Time to live. The value of 0 means that the static mapping never ages out. Age Flags Address You can only manually remove the static mappings between host names and IPv4 addresses. Indicates the mapping type. Static represents static IPv4 domain name resolution. Host IPv4 address. dns domain Use dns domain to configure a domain name suffix.
Related commands display dns domain dns proxy enable Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to disable DNS proxy. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Default command level 2: System level Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns resolve Use dns resolve to enable dynamic domain name resolution. Use undo dns resolve to disable dynamic domain name resolution.
dns server Use dns server to specify a DNS server. Use undo dns server to remove DNS servers. Syntax In system view: dns server ip-address undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address Default No DNS server is specified. Views System view, interface view Default command level 2: System level Parameters ip-address: IPv4 address of the DNS server.
Syntax dns source-interface interface-type interface-number undo dns source-interface Default No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address of a DNS request. Views System view Default command level 2. System level Parameters interface-type interface-number: Specifies the interface type and number.
If you execute the dns spoofing command with different IP addresses specified multiple times, the latest configuration overwrites the previous one. Examples # Enable DNS spoofing and specify the IP address as 1.1.1.1. system-view [Sysname] dns spoofing 1.1.1.1 ip host Use ip host to create a host name to IPv4 address mapping in the static resolution table. Use undo ip host to remove a mapping.
Views User view Default command level 2: System level Parameters ip: Clears the dynamic cache information about type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears the dynamic cache information about type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. For more information, see Network Management Configuration Guide.
DDNS configuration commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update.
Syntax ddns policy policy-name undo ddns policy policy-name Default No DDNS policy is created. Views System view Default command level 2: System level Parameters policy-name: DDNS policy name, a case-insensitive string of 1 to 32 characters. Examples # Create a DDNS policy named steven_policy and enter its view.
Examples # Display information about the DDNS policy named steven_policy. display ddns policy steven_policy DDNS policy: steven_policy URL : http://steven:nevets@members.3322.org/dyndns/update? system=dyndns&hostname=&myip= SSL client policy: Interval : 1 days 0 hours 1 minutes Table 48 Command output Field Description DDNS policy DDNS policy name. URL URL address for the DDNS service. This field is blank if no URL address is configured.
If you repeatedly execute the interval command with different time intervals specified, only the latest configuration takes effect. Examples # Set the interval for sending DDNS update requests to one day and one minute for the DDNS policy named steven_policy. system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] interval 1 0 1 Related commands display ddns policy ssl client policy Use ssl client policy to associate a specific SSL client policy with a DDNS policy.
url Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address. Syntax url request-url undo url Default No URL address is specified for DDNS update requests. Views DDNS policy view Default command level 2: System level Parameters request-url: URL address for DDNS update requests, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information.
• To avoid ambiguity, it is better that your login ID and password not include colons (:), at signs (@), or question marks (?). • If you repeatedly execute the url command with different URL addresses specified, the latest configuration overwrites the previous one. Examples # Specify the URL address for DDNS policy steven_policy with login ID steven and password nevets. The device contacts www.3322.org for DDNS update.
ARP configuration commands arp max-learning-num Use arp max-learning-num to configure the maximum number of dynamic ARP entries that an interface can learn. Use undo arp max-learning-num to restore the default. Syntax arp max-learning-num number undo arp max-learning-num Default A Layer 2 interface does not limit the number of dynamic ARP entries. For information about maximum number of dynamic ARP entries that a Layer 3 interface can learn, see the following table.
[Sysname-Vlan-interface40] arp max-learning-num 500 # Specify GigabitEthernet 0/1 to learn a maximum of 1000 dynamic ARP entries. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] arp max-learning-num 1000 # Specify Layer 2 aggregate interface bridge-aggregation 1 to learn a maximum of 1000 dynamic ARP entries.
The vlan-id argument specifies the VLAN corresponding to an ARP entry and must be the ID of an existing VLAN. In addition, the Ethernet interface following the argument must belong to that VLAN. The VLAN interface of the VLAN must have been created. If both the vlan-id and ip-address arguments are specified, the IP address of the VLAN interface corresponding to the vlan-id argument must be in the same network segment as the IP address specified by the ip-address argument.
Syntax display arp [ [ all | dynamic | static ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. vlan vlan-id: Displays the ARP entries of the specified VLAN. The VLAN ID ranges from 1 to 4094.
Table 49 Command output Field Description IP Address IP address in an ARP entry. MAC Address MAC address in an ARP entry. VLAN ID ID of the VLAN to which the ARP entry belongs. Interface Outbound interface in an ARP entry. Aging time for a dynamic ARP entry in minutes. Aging If the aging time is unknown, or the entry has no aging time, N/A is displayed. ARP entry type: • • • • Type D—Dynamic. S—Static. A—Authorized. M—Multiport. Name of VPN instance.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the corresponding ARP entry for the IP address 20.1.1.1. display arp 20.1.1.1 Type: S-Static D-Dynamic IP Address MAC Address VLAN ID Interface Aging Type 20.1.1.1 00e0-fc00-0001 N/A N/A N/A S Related commands • arp static • reset arp display arp timer aging Use display arp timer aging to display the aging timer for dynamic ARP entries.
Views Any view Default command level 1: Monitor level Parameters vpn-instance-name: Specifies the name of a VPN, a case-sensitive string of 1 to 31 characters. count: Displays the number of ARP entries. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
[Sysname] naturemask-arp enable reset arp Use reset arp to clear ARP entries except authorized ARP entries from the ARP table. Syntax reset arp { all | dynamic | static | interface interface-type interface-number } Views User view Default command level 2: System level Parameters all: Clears all ARP entries except authorized ARP entries. dynamic: Clears all dynamic ARP entries. static: Clears all static ARP entries.
Gratuitous ARP configuration commands arp send-gratuitous-arp Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the sending interval on an interface. Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets. Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Default An interface is disabled from sending gratuitous ARP packets periodically.
gratuitous-arp-learning enable Use gratuitous-arp-learning enable to enable the gratuitous ARP packet learning function. Use undo gratuitous-arp-learning enable to disable the function. Syntax gratuitous-arp-learning enable undo gratuitous-arp-learning enable Default The function is enabled.
system-view [Sysname] undo gratuitous-arp-sending enable 239
Proxy ARP configuration commands display local-proxy-arp Use display local-proxy-arp to display the status of the local proxy ARP. Syntax display local-proxy-arp [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number.
Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays the proxy ARP status of the interface specified by the argument interface-type interface-number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters ip-range startIP to endIP: Specifies the IP address range for which local proxy ARP is enabled. The start IP address must be lower than or equal to the end IP address. Usage guidelines Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on GigabitEthernet 0/1.
Flow classification configuration commands display forwarding policy Use display forwarding policy to display the current flow classification policy. Syntax display forwarding policy [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Usage guidelines Flow classification consumes many system resources. You can enable or disable this function to improve device performance. Examples # Disable flow classification.
QoS policy commands Class commands display traffic classifier Use display traffic classifier to display class information. Syntax display traffic classifier { system-defined | user-defined } [ classifier-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters system-defined: Specifies system-defined classes.
Examples # Display information about all user-defined classes. display traffic classifier user-defined User Defined Classifier Information: Classifier: USER1 Operator: AND Rule(s) : If-match ip-precedence 5 Classifier: database Operator: AND Rule(s) : If-match acl 3131 If-match inbound-interface GigabitEthernet0/1 Table 50 Command output Field Description Classifier Class name and its match criteria. Operator Match operator you set for the class.
update acl [ ipv6 ] { acl-number | name acl-name }: Specifies a new ACL by its number or name to replace the ACL already referenced by the class. Table 51 The value range for the match-criteria argument Keyword and argument combination Description Matches an ACL. acl [ ipv6 ] { acl-number | name acl-name } The acl-number argument is in the range of 2000 to 4999 for an IPv4 ACL, and 2000 to 3999 or 10000 to 42767 for an IPv6 ACL.
For a class, you can reference an ACL twice by its name and number with the if-match command, respectively. 2. Defining a criterion to match a destination MAC address You can configure multiple destination MAC address match criteria for a class. A destination MAC address match criterion is significant only to Ethernet interfaces. 3. Defining a criterion to match a source MAC address You can configure multiple source MAC address match criteria for a class.
system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3 # Define a match criterion for class class2 to match the packets with their source MAC addresses being 0050-ba27-bed2. system-view [Sysname] traffic classifier class2 [Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2 # Define a match criterion for class class1 to match the packets with their customer network 802.1p priority values being 3.
[Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match ip-precedence 1 6 # Define a match criterion for class class1 to match the packets with their local precedence values being 1 or 6. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match local-precedence 1 6 # Define a match criterion for class class1 to match packets with their local QoS IDs being 3.
Hardware System-defined classes compatible F1000-E Yes F5000 Yes Firewall module Yes U200-A No U200-S No Examples # Create a class class1. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] Related commands • classifier behavior • qos apply policy • qos policy Traffic behavior commands car Use car to configure a CAR action in a traffic behavior. Use undo car to delete the CAR action in a traffic behavior.
red action: Sets the action to take on the packet that conforms to neither CIR nor PIR. The default is discard. action: Sets the action to take on the packet: • discard: Drops the packet. • pass: Permits the packet to pass through. • remark-dscp-pass new-dscp: Sets the DSCP value of the packet to new-dscp and permits the packet to pass through. The new-dscp argument ranges from 0 to 63.
The following matrix shows the keyword system-defined and firewalls and UTM compatibility: Hardware Keyword compatible F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 Yes Firewall module Yes U200-A No U200-S No user-defined: Displays user-defined traffic behaviors. behavior-name: Specifies a behavior by its name, a string of 1 to 31 characters. If no traffic behavior is specified, this command displays information about all the user-defined behaviors.
Field Description Green Action Action to be taken on green packets. For more information, see "car." Red Action Action to be taken on red packets. For more information, see "car." traffic behavior Use traffic behavior to create a traffic behavior and enter traffic behavior view. Use undo traffic behavior to delete a traffic behavior.
QoS policy configuration and application commands classifier behavior Use classifier behavior to associate a behavior with a class in a QoS policy. Use undo classifier to remove a class from the policy. Syntax classifier classifier-name behavior behavior-name undo classifier classifier-name Views Policy view Default command level 2: System level Parameters classifier-name: Specifies a class by its name, a string of 1 to 31 characters.
Syntax display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters system-defined: Specifies the system-defined policy.
Table 53 Command output Field Description Policy Policy name. Class name. Classifier Behavior A policy can contain multiple classes, and each class is associated with a traffic behavior. A class can be configured with multiple match criteria. For more information, see the traffic classifier command in "Class commands." Behavior associated with the class. A behavior is associated with a class. It can be configured with multiple actions.
Policy: user1 Classifier: default-class Matched : 0(Packets) 0(Bytes) Rule(s) : If-match any Behavior: be -noneClassifier: traffic1 Matched : 0(Packets) 0(Bytes) Operator: AND Rule(s) : If-match customer-dot1p 3 If-match ip-precedence 5 If-match dscp 1 6 9 Behavior: behavior1 Committed Access Rate: CIR 200 (kbps), CBS 50000 (byte), EBS 0 (byte) Green Action: pass Red Action: remark ip-precedence 0 and pass Green : 0(Packets) 0(Bytes) Red : 0(Packets) 0(Bytes) Table 54 Command output Field Description In
Syntax qos policy policy-name undo qos policy policy-name Views System view Default command level 2: System level Parameters policy-name: Specifies a QoS policy by its name, a string of 1 to 31 characters. Usage guidelines To use the undo qos policy command to delete a policy that has been applied to a certain object, you must first remove it from the object. Examples # Define QoS policy user1.
Traffic policing commands display qos car interface Use display qos car interface to display the CAR settings and operational statistics on a specified interface. Syntax display qos car interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression.
Green : 0(Packets) 0(Bytes) Red : 0(Packets) 0(Bytes) Table 55 Command output Field Description Interface Interface name, including interface type and interface number. Direction Direction in which traffic policing is applied. Rule(s) Match criteria. CIR CIR in kbps. CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. EBS EBS in bytes, which specifies the traffic exceeding CBS when two token buckets are used.
Current CARL Configuration: List Params -----------------------------------------------------1 MAC Address 0001-0001-0001 Table 56 Command output Field Description List CAR list number. Params Match object. qos car Use qos car to configure a CAR policy on an interface or port group. Use undo qos car to delete a CAR policy on an interface or port group.
carl carl-index: Limits the rate of packets matching a CAR list. The carl-index argument is the index of a CAR list and ranges from 1 to 199. cir committed-information-rate: Sets the CIR in kbps. cbs committed-burst-size: Sets the CBS in bytes, which specifies the size of bursty traffic when the actual average rate is not greater than the CIR. ebs excess-burst-size: Sets the EBS in bytes. The default is 0. green: Sets the action conducted to packets when the traffic rate conforms to CIR.
Use undo qos carl to delete a CAR list. Syntax qos carl carl-index { destination-ip-address | source-ip-address } { subnet ip-address mask-length | range start-ip-address to end-ip-address } [ per-address [ shared-bandwidth ] ] } undo qos carl carl-index Views System view Default command level 2: System level Parameters carl-index: CAR list number, which ranges from 1 to 199. destination-ip-address: Configures a destination IP address-based CAR list.
[Sysname] qos carl 1 source-ip-address subnet 1.1.1.0 24 per-address [Sysname] interface gigabitethernet0/1 [Sysname-GigabitEthernet0/1] qos car outbound carl 1 cir 100 cbs 6250 ebs 0 green pass red discard # Apply CAR list 1 to the outbound direction of GigabitEthernet 0/1. CAR list 2 limits the rate of each PC on the network segment 1.1.2.100 through 1.1.2.199 to 5 Mbps, and traffic of IP addresses in the subnet share the remaining bandwidth.
IP forwarding basics commands display fib Use display fib to display FIB entries. If you do not specify any parameters, this command displays all FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ acl acl-number | ip-prefix ip-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the FIB entries of the specified VPN.
127.0.0.0/8 127.0.0.1 U InLoop0 Null Invalid 127.0.0.1/32 127.0.0.1 UH InLoop0 Null Invalid # Display FIB entries matching ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.255 [Sysname-acl-basic-2000] display fib acl 2000 Destination count: 2 FIB entry count: 2 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token 10.2.0.0/16 10.2.1.
Field Description Flags of routes: Flag • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Blackhole route. D—Dynamic route. S—Static route. R—Recursive route. OutInterface Outbound interface. InnerLabel Inner label. Token Label switched path index number. display fib ip-address Use display fib ip-address to display FIB entries that match the specified destination IP address.
Examples # Display the FIB entry that matches the destination IP address of 10.2.1.1 and has the longest mask. display fib 10.2.1.1 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token 10.2.1.1/32 127.0.0.1 UH InLoop0 Null For the output description, see Table 57.
IP forwarding mode configuration commands The following matrix shows the feature and hardware compatibility: Hardware IP forwarding mode compatible F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 No Firewall module Yes U200-A Yes U200-S Yes ip forwarding Use ip forwarding to specify an IP forwarding mode. Syntax ip forwarding { per-flow | per-packet } Default The mode is per-packet. Views System view Default command level 2: System level Parameters per-flow: Flow-based mode.
display ip forwarding mode Use display ip forwarding mode to display forwarding modes being used and to be used after reboot. Syntax display ip forwarding mode [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Static routing configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. delete static-routes all Use delete static-routes all to delete all static routes. Syntax delete [ vpn-instance vpn-instance-name ] static-routes all Views System view Default command level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters.
Syntax ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ] undo ip route-static dest-address { mask | mask-length }
permanent: Specifies the route as a permanent static route. If the output interface is down, the permanent static route is still active. description description-text: Configures a description for the static route, which comprises 1 to 60 characters, including special characters like space, but excluding question marks (?). bfd: Enables BFD to detect reachability of the static route's next hop. Once the next hop is unreachable, the system immediately switches to a backup route.
• Enabling BFD for a flapping route could worsen the situation. Therefore, use it with caution. For more information about BFD, see High Availability Configuration Guide. • If the track module uses NQA to detect the reachability of the private network static route's next hop, the VPN instance number of the static route's next hop must be identical to that configured in the NQA test group.
When the default preference is re-configured, it applies to only newly added static routes. Examples # Set a default preference of 120 for static routes.
RIP configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. checkzero Use checkzero to enable zero field check on RIPv1 messages. Use undo checkzero to disable zero field check. Syntax checkzero undo checkzero Default The zero field check function is enabled.
Default command level 2: System level Parameters value: Specifies a default metric for redistributed routes, in the range of 0 to 16. Usage guidelines When you use the import-route command to redistribute routes from another routing protocol without specifying a metric, the metric specified by the default cost command applies. Examples # Configure a default metric of 3 for redistributed routes.
[Sysname-rip-100] default-route only cost 2 Related commands rip default-route display rip Use display rip to display state and configuration information for a RIP process. Syntax display rip [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies a RIP process by its ID in the range of 1 to 65535.
Silent interfaces : None Default routes : Only Default route cost : 3 Verify-source : Enabled Networks : 192.168.1.0 Configured peers : None Triggered updates sent : 0 Number of routes changes : 0 Number of replies to queries : 0 Table 58 Command output Field Description Public VPN-instance name (or Private VPN-instance name) Public network or VPN where the RIP process runs. RIP process RIP process ID. RIP version RIP version 1 or 2. Preference RIP route priority.
Field Description Verify-source Indicates whether the source IP address is checked on the received RIP routing updates. Networks Networks enabled with RIP. Configured peers Configured neighbors. Triggered updates sent Number of sent triggered updates. Number of routes changes Number of changed routes in the database. Number of replies to queries Number of RIP responses.
Field Description classful-summ Indicates that the route is a RIP summary route. Nexthop Address of the next hop. Rip-interface Routes learned from a RIP-enabled interface. imported Routes redistributed from other routing protocols. display rip interface Use display rip interface to display the RIP interface information for a RIP process.
Table 60 Command output Field Description Interface-name Name of an interface running RIP. Address/Mask IP address and mask of the interface. Version RIP version running on the interface. MetricIn Additional routing metric added to the incoming routes. MetricIn route policy Name of the routing policy used to add the additional routing metric for the incoming routes. If no routing policy is referenced, the field displays Not designated.
peer ip-address: Displays all routing information learned from a specified neighbor. statistics: Displays the route statistics, including total number of routes and number of routes of each neighbor. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Table 62 Command output Field Description Peer IP address of a neighbor. Aging Total number of aging routes learned from the specified neighbor. Permanent Total number of permanent routes learned from the specified neighbor. Garbage Total number of routes in the Garbage-collection state learned from the specified neighbor. Total Total number of routes learned from all RIP neighbors. filter-policy export (RIP view) Use filter-policy export to configure RIP to filter outbound routes.
process-id: Specifies the process ID of the specified routing protocol, in the range of 1 to 65535. You need to specify a process ID when the routing protocol is rip, isis, or ospf. interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If a protocol is specified, RIP filters only the routes redistributed from the specified routing protocol. Otherwise, RIP filters all outbound routes.
Use undo filter-policy import to restore the default. Syntax filter-policy { acl-number | gateway ip-prefix-name | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] } import [ interface-type interface-number ] undo filter-policy import [ interface-type interface-number ] Default RIP does not filter inbound routes. Views RIP view Default command level 2: System level Parameters acl-number: Specifies an ACL by its number in the range of 2000 to 3999 to filter inbound routes.
[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0 [Sysname-acl-adv-3000] rule 100 deny ip [Sysname-acl-adv-3000] quit [Sysname] rip 1 [Sysname-rip-1] filter-policy 3000 import Related commands • acl (ACL and QoS Command Reference) • ip ip-prefix host-route Use host-route to enable host route reception. Use undo host-route to disable host route reception. Syntax host-route undo host-route Default RIP receives host routes.
Default RIP does not redistribute routes from any other routing protocol. Views RIP view Default command level 2: System level Parameters protocol: Specifies a routing protocol from which to redistribute routes. It can be bgp, direct, isis, ospf, rip, or static.
system-view [Sysname] rip 1 [Sysname-rip-1] import-route static cost 4 # Configure a default cost of 3 for redistributed routes. [Sysname-rip-1] default cost 3 # Redistribute OSPF routes with the cost being the default cost. [Sysname-rip-1] import-route ospf Related commands default cost maximum load-balancing (RIP view) Use maximum load-balancing to specify the maximum number of equal-cost multi-path (ECMP) routes for load balancing. Use undo maximum load-balancing to restore the default.
[Sysname-rip-1] maximum load-balancing 2 network Use network to enable RIP on an interface attached to a specified network. Use undo network to disable RIP on an interface attached to a specified network. Syntax network network-address undo network network-address Default RIP is disabled on an interface. Views RIP view Default command level 2: System level Parameters network-address: Specifies a subnet address where an interface resides.
Views RIP view Default command level 2: System level Parameters time: Specifies the sending interval, in the range of 10 to 100 milliseconds. count: Specifies the maximum number of RIP packets sent at each interval, in the range of 1 to 20. Examples # Configure all interfaces running RIP process 1 to send up to 10 RIP packets every 30 milliseconds.
Use undo preference to restore the default. Syntax preference [ route-policy route-policy-name ] value undo preference [ route-policy ] Default The preference of RIP routes is 100. Views RIP view Default command level 2: System level Parameters route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters. value: Specifies a preference for RIP routes, in the range of 1 to 255. The smaller the value, the higher the preference.
Examples # Reset RIP process 100. reset rip 100 process Warning : Reset RIP process? [Y/N]:y reset rip statistics Use reset rip statistics to clear statistics for a RIP process. Syntax reset rip process-id statistics Views User view Default command level 2: System level Parameters process-id: Specifies a RIP process by its ID in the range of 1 to 65535. Examples # Clear statistics for RIP process 100. reset rip 100 statistics rip Use rip to create a RIP process and enter RIP view.
You must create a RIP process before configuring global parameters for it. This restriction does not apply to configuring interface parameters. If you disable the RIP process, the configured interface parameters become invalid. Examples # Create a RIP process and enter RIP process view. system-view [Sysname] rip [Sysname-rip-1] rip authentication-mode Use rip authentication-mode to configure RIPv2 authentication. Use undo rip authentication-mode to cancel RIPv2 authentication.
Examples # Configure MD5 authentication on GigabitEthernet 0/1, and specify a plaintext key rose in the format defined in RFC 2453. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip version 2 [Sysname-GigabitEthernet0/1] rip authentication-mode md5 rfc2453 rose Related commands rip version rip bfd enable Use rip bfd enable to enable BFD for RIP on an interface. Use undo rip bfd enable to restore the default.
Examples # Enable BFD for RIP on GigabitEthernet 1/1. system-view [Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] rip bfd enable rip bfd enable destination Use rip bfd enable destination to enable BFD single-hop echo detection for a specific destination. Use undo rip bfd enable to restore the default and delete the relevant BFD session.
system-view [Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] rip bfd enable destination 202.38.165.1 rip default-route Use rip default-route to configure a RIP interface to advertise a default route with a specified metric. Use undo rip default-route to disable the RIP interface from sending a default route.
Default An interface is enabled to receive RIP messages. Views Interface view Default command level 2: System level Examples # Enable GigabitEthernet 0/1 to receive RIP messages. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip input rip metricin Use rip metricin to configure an interface to add a metric to inbound routes. Use undo rip metricin to restore the default.
Examples # Configure GigabitEthernet 0/1 to add a metric of 6 to the inbound route 1.0.0.0/8 and to add a metric of 2 to other inbound routes. system-view [Sysname] ip ip-prefix 123 permit 1.0.0.
[Sysname-route-policy] apply cost 6 [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip metricout route-policy abc 2 rip mib-binding Use rip mib-binding to bind MIB operations with a specified RIP process, so that the RIP process can receive SNMP requests. Use undo rip mib-binding to restore the default. Syntax rip mib-binding process-id undo rip mib-binding Default MIB operations are bound to RIP process 1. RIP process 1 is enabled to receive SNMP requests.
Examples # Enable GigabitEthernet 0/1 to receive RIP messages. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip output rip poison-reverse Use rip poison-reverse to enable the poison reverse function. Use undo rip poison-reverse to disable the poison reverse function. Syntax rip poison-reverse undo rip poison-reverse Default The poison reverse function is disabled.
Usage guidelines The split horizon function prevents routing loops. If you want to disable the function, make sure the operation is dispensable. If both split horizon and poison reverse are enabled, only the poison reverse function takes effect. Examples # Enable the split horizon function on GigabitEthernet 0/1.
Syntax rip version { 1 | 2 [ broadcast | multicast ] } undo rip version Default No RIP version is configured for an interface, which uses the global RIP version. If the global RIP version is not configured, the interface can only send RIPv1 broadcasts and can receive RIPv1 broadcasts and unicasts, and RIPv2 broadcasts, multicasts, and unicasts. Views Interface view Default command level 2: System level Parameters 1: Specifies RIP version 1. 2: Specifies RIP version 2.
Syntax silent-interface { interface-type interface-number | all } undo silent-interface { interface-type interface-number | all } Default All interfaces are allowed to send routing updates. Views RIP view Default command level 2: System level Parameters interface-type interface-number: Disables an specified interface from sending routing updates. all: Disables all interfaces from sending routing updates. Examples # Configure all interfaces to operate in silent mode except GigabitEthernet 0/1.
[Sysname] rip [Sysname-rip-1] undo summary Related commands rip version timers Use timers to configure RIP timers. Use undo timers to restore the default. Syntax timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value }* undo timers { garbage-collect | suppress | timeout | update } * Default The garbage-collect timer is 120 seconds, the suppress timer is 120 seconds, the timeout timer is 180 seconds, and the update timer is 30 seconds.
Examples # Specifies the update, timeout, suppress, and garbage-collect timers as 5, 15, 15 and 30 seconds. system-view [Sysname] rip 100 [Sysname-rip-100] timers update 5 timeout 15 suppress 15 garbage-collect 30 validate-source-address Use validate-source-address to enable the source IP address check on inbound RIP routing updates. Use undo validate-source-address to disable the source IP address check.
Default command level 2: System level Parameters 1: Specifies the RIP version as RIPv1. 2: Specifies the RIP version as RIPv2. RIPv2 messages are multicast. Usage guidelines An interface prefers the RIP version configured on it over the global RIP version. If no RIP version is specified for the interface and the global version is RIPv1, the interface uses RIPv1, and it can send RIPv1 broadcasts, and receive RIPv1 broadcasts and unicasts.
OSPF configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. abr-summary (OSPF area view) Use abr-summary to configure a summary route on an area border router (ABR). Use undo abr-summary to remove a summary route. Syntax abr-summary ip-address { mask | mask-length } [ advertise | not-advertise ] [ cost cost ] undo abr-summary ip-address { mask | mask-length } Default No route summarization is configured on an ABR.
area (OSPF view) Use area to create an area and enter area view. Use undo area to remove an area. Syntax area area-id undo area area-id Default No OSPF area is created. Views OSPF view Default command level 2: System level Parameters area-id: Specifies an area by its ID, an IP address or a decimal integer in the range of 0 to 4294967295 that is translated into the IP address format by the system.
mask-length: Specifies the mask length in the range of 0 to 32 bits. cost cost: Specifies the cost of the summary route, in the range of 1 to 16777214. For Type-1 external routes, the cost defaults to the largest cost among routes that are summarized. For Type-2 external routes, the cost defaults to the largest cost among routes that are summarized plus 1. not-advertise: Disables advertising the summary route. If the keyword is not specified, the command advertises the route.
Parameters md5: Specifies the MD5 authentication mode. simple: Specifies the simple authentication mode. Usage guidelines Routers that reside in the same area must have the same authentication mode: non-authentication, simple, or MD5. Examples # Configure OSPF area 0 to use the MD5 authentication mode. system-view [Sysname] ospf 100 [Sysname-ospf-100] area 0 [Sysname-ospf-100-area-0.0.0.
default Use default to configure default parameters for redistributed routes. Use undo default to restore default values. Syntax default { cost cost | limit limit | tag tag | type type } * undo default { cost | limit | tag | type } * Default The cost, route type, tag, and the upper limit are 1, 2, 1, and 1000. Views OSPF view Default command level 2: System level Parameters cost: Specifies the default cost for redistributed routes, in the range of 0 to 16777214.
Default command level 2: System level Parameters cost: Specifies a cost for the default route advertised to the Stub or NSSA area, in the range of 0 to 16777214. Usage guidelines This command takes effect only on the ABR of a stub area or the ABR/ASBR of an NSSA area. Examples # Configure Area 1 as a stub area, and specify the cost of the default route advertised to the stub area as 20. system-view [Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.
a Type-5 LSA into the OSPF routing domain, the router calculates default routes from other routers regardless of whether this keyword is specified. cost cost: Specifies a cost for the default route, in the range of 0 to 16777214. If no cost is specified, the default cost specified by the default cost command applies. route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
Parameters description: Configures a description for the OSPF process in OSPF view, or for the OSPF area in OSPF area view. The description argument is a string of up to 80 characters. Usage guidelines The description specified by this command is used to identify an OSPF process or area. Examples # Describe OSPF process 100 as abc. system-view [Sysname] ospf 100 [Sysname-ospf-100] description abc # Describe OSPF area 0 as bone area.
Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Inter 3.3.3.3 0.0.0.0 3124 10.1.1.2 ASBR Intra 2.2.2.2 0.0.0.0 1562 10.1.1.2 ABR Table 63 Command output Field Description Type of the route to the ABR or ASBR: Type • Intra—Intra-area route. • Inter—Inter-area route. Destination Router ID of an ABR/ASBR. Area ID of the area of the next hop. Cost Cost from the router to the ABR/ASBR. Nexthop Next hop address. RtType Router type: ABR, or ASBR.
Usage guidelines If no OSPF process is specified, this command displays the summarized redistributed routes for all OSPF processes. If no IP address is specified, the command displays all summarized redistributed routes. Examples # Display information about all summarized redistributed routes. display ospf asbr-summary OSPF Process 1 with Router ID 2.2.2.2 Summary Addresses Total Summary Address Count: 1 Summary Address Net : 30.1.0.0 Mask : 255.255.0.
Related commands asbr-summary display ospf brief Use display ospf brief to display OSPF brief information. Syntax display ospf [ process-id ] brief [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
7/5 translator state: Disabled 7/5 translate stability timer interval: 0 ExChange/Loading Neighbors: 0 Area: 0.0.0.1 (MPLS TE not enabled) Authtype: None Area flag: NSSA SPF Scheduled Count: 5 ExChange/Loading Neighbors: 0 Interface: 192.168.1.2 (GigabitEthernet0/1) Cost: 1 State: DR Type: Broadcast MTU: 1500 Priority: 1 Designated Router: 192.168.1.2 Backup Designated Router: 192.168.1.
Field Description Nssa Area Count NSSA area number of the current process. State of the translator that translates Type-7 LSAs to Type-5 LSAs. The value can be one of the following: • Enabled—Indicates that the translator is specified through 7/5 translator state commands. • Elected—Indicates that the translator is designated through election. • Disabled—Indicates that the device is not a translator that translates Type-7 LSAs to Type-5 LSAs.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no process is specified, this command displays statistics for all OSPF processes. Examples # Display OSPF statistics.
Field Description Link-State Req Link-State Request packet. Link-State Update Link-State Update packet. Link-State Ack Link-State Acknowledge packet. LSAs originated by this router LSAs originated by this router. Router Number of Type-1 LSAs originated. Network Number of Type-2 LSAs originated. Sum-Net Number of Type-3 LSAs originated. Sum-Asbr Number of Type-4 LSAs originated. External Number of Type-5 LSAs originated. NSSA Number of Type-7 LSAs originated.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no process is specified, the command displays OSPF error information for all OSPF processes. Examples # Display OSPF error information. display ospf error OSPF Process 1 with Router ID 192.168.80.
Field Description HELLO: Netmask mismatch Hello packets with mismatched mask. HELLO: Hello timer mismatch Hello packets with mismatched hello timer. HELLO: Dead timer mismatch Hello packets with mismatched dead timer. HELLO: Extern option mismatch Hello packets with mismatched option field. HELLO: Neighbor unknown Hello packets received from unknown neighbors. DD: MTU option mismatch DD packets with mismatched MTU. DD: Unknown LSA type DD packets with unknown LSA type.
Usage guidelines If no OSPF process is specified, the command displays the OSPF interface information for all OSPF processes. Examples # Display information about all OSPF interfaces. display ospf interface OSPF Process 1 with Router ID 192.168.1.1 Interfaces Area: 0.0.0.0 IP Address Type State Cost Pri DR BDR 192.168.1.1 PTP P-2-P 1562 1 0.0.0.0 0.0.0.0 IP Address Type State Cost Pri DR BDR 172.16.0.1 Broadcast DR 1 1 172.16.0.1 0.0.0.0 Area: 0.0.0.
Field Description Interface state defined by interface state machine: • Down—No protocol traffic is sent or received on the interface. • Loopback—The interface is in loopback state. A loopback interface can only collect interface information. • Waiting—The interface starts sending and receiving Hello packets and the State router is trying to determine the identity of the (Backup) designated router for the network.
Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. brief: Displays brief LSDB information. asbr: Displays Type-4 LSA (ASBR Summary LSA) information in the LSDB. ase: Displays Type-5 LSA (AS External LSA) information in the LSDB. network: Displays Type-2 LSA (Network LSA) information in the LSDB. nssa: Displays Type-7 LSA (NSSA External LSA) information in the LSDB. opaque-area: Displays Type-10 LSA (Opaque-area LSA) information in the LSDB.
Sum-Net 192.168.0.0 192.168.0.1 321 28 80000002 Table 69 Command output Field Description Area LSDB information of the area. Type LSA type. LinkState ID Link state ID. AdvRouter Advertising router. Age Age of the LSA. Len Length of the LSA. Sequence Sequence number of the LSA. Metric Cost of the LSA. # Display Type-2 LSA (Network LSA) information in the LSDB. display ospf 1 lsdb network OSPF Process 1 with Router ID 192.168.1.1 Area: 0.0.0.
Table 70 Command output Field Description Type LSA type. LS ID DR IP address. Adv Rtr Router that advertised the LSA. LS Age LSA age time. Len LSA length. LSA options: Options • • • • • • O—Opaque LSA advertisement capability. E—AS External LSA reception capability. EA—External extended LSA reception capability. DC—On-demand link support. N—NSSA external LSA support. P—Capability of an NSSA ABR to translate Type-7 LSAs into Type-5 LSAs. Seq# LSA sequence number. Checksum LSA checksum.
Examples # Display OSPF next hop information. display ospf nexthop OSPF Process 1 with Router ID 192.168.0.1 Routing Nexthop Information Next Hops: Address Refcount IntfAddr Intf Name ---------------------------------------------------------------192.168.0.1 1 192.168.0.1 GigabitEthernet0/1 192.168.0.2 1 192.168.0.1 GigabitEthernet0/1 192.168.1.1 1 192.168.1.1 GigabitEthernet0/2 Table 71 Command output Field Description Next Hops Information about next hops.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no OSPF process is specified, this command displays OSPF neighbor information for all OSPF processes. If an interface is specified, this command displays the neighbor on the interface. If a neighbor ID is specified, this command displays detailed information about the neighbor.
Field Description Neighbor state: • Down—Initial state of a neighbor conversation. • Init—The router has seen a Hello packet from the neighbor. However, the router has not established. bidirectional communication with the neighbor (the router itself did not appear in the neighbor's hello packet).
Table 73 Command output Field Description Area Neighbor area. Router ID Neighbor router ID. Address Neighbor interface address. Pri Neighboring router priority. Dead-Time Dead interval remained. Interface Interface connected to the neighbor. State Neighbor state: Down, Init, Attempt, 2-Way, Exstart, Exchange, Loading, Full. display ospf peer statistics Use display ospf peer statistics to display OSPF neighbor statistics.
Table 74 Command output Field Description Area ID The state statistics of all the routers in the area to which the router belongs is displayed. Down Number of neighboring routers in Down state in the same area. Attempt Number of neighboring routers in Attempt state in the same area. Init Number of neighboring routers in Init state in the same area. 2-Way Number of neighboring routers in 2-Way state in the same area. ExStart Number of neighboring routers in ExStart state in the same area.
Examples # Display OSPF request queue information. display ospf request-queue The Router's Neighbor is Router ID 2.2.2.2 Interface 10.1.1.1 Address 10.1.1.2 Area 0.0.0.0 Request list: Type LinkState ID AdvRouter Sequence Age Router 2.2.2.2 1.1.1.1 80000004 1 Network 192.168.0.1 1.1.1.1 80000003 1 Sum-Net 192.168.1.0 1.1.1.1 80000002 2 Table 75 Command output Field Description The Router's Neighbor is Router ID Neighbor router ID. Address Neighbor interface IP address.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no OSPF process is specified, this command displays the retransmission queue information for all OSPF processes.
Default command level 1: Monitor level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. interface interface-type interface-number: Displays routes passing the specified output interface. nexthop nexthop-address: Displays routes passing the specified next hop. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description ASE Total ASE routes. NSSA Total NSSA routes. display ospf vlink Use display ospf vlink to display OSPF virtual link information. Syntax display ospf [ process-id ] vlink [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. |: Filters command output by specifying a regular expression.
Field Description Interface IP address and name of the local interface on the virtual link. Cost Interface route cost. State Interface state. Type Type: virtual link. Transit Area Transit area ID. Timers Timers: Hello, dead, retransmit, and interface transmission delay. display router id Use display router id to display the global router ID.
Views OSPF view Default command level 2: System level Examples # Enable link-local signaling for OSPF process 1. system-view [Sysname] ospf 1 [Sysname-ospf-1] enable link-local-signaling enable log Use enable log to enable specified OSPF logging. Use undo enable log to disable specified OSPF logging. Syntax enable log [ config | error | state ] undo enable log [ config | error | state ] Default OSPF logging is disabled.
Syntax enable out-of-band-resynchronization undo enable out-of-band-resynchronization Default The capability is disabled. Views OSPF view Default command level 2: System level Usage guidelines Before you configure this command, enable the link-local signaling capability. Examples # Enable the out-of-band resynchronization capability for OSPF process 1.
ip-prefix-name: Specifies an IP prefix list by its name, a string of 1 to 19 characters, to filter inbound/outbound Type-3 LSAs. For more information about IP prefix lists, see Network Management Configuration Guide. export: Filters Type-3 LSAs advertised to other areas. import: Filters Type-3 LSAs advertised into the local area. Examples # Use IP prefix list my-prefix-list to filter inbound Type-3 LSAs, and use ACL 2000 to filter outbound Type-3 LSAs in OSPF Area 1.
Hardware Protocols U200-S direct, ospf, rip, and static process-id: Specifies a process by its ID in the range of 1 to 65535. This argument is available only when the protocol is isis, rip, or ospf. Usage guidelines To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL in one of the following ways: • To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard command.
Default Routes calculated using received LSAs are not filtered. Views OSPF view Default command level 2: System level Parameters acl-number: Specifies an ACL by its number in the range of 2000 to 3999 to filter inbound routes by destination. gateway ip-prefix-name: Specifies an IP address prefix list by its name, a string of up to 19 characters, to filter inbound routes by next hop. For more information about IP prefix lists, see Network Management Configuration Guide.
[Sysname-ospf-100] filter-policy 3000 import host-advertise Use host-advertise to advertise a host route. Use undo host-advertise to remove a host route. Syntax host-advertise ip-address cost undo host-advertise ip-address Default No host route is advertised. Views OSPF area view Default command level 2: System level Parameters ip-address: Specifies the IP address of a host cost: Specifies a cost for the route, in the range of 1 to 65535. Examples # Advertise host route 1.1.1.1 with a cost of 100.
Parameters protocol: Redistributes routes from the specified protocol, which can be bgp, direct, isis, ospf, rip, or static.
Use the import-route bgp allow-ibgp command with care, because it redistributes both EBGP and IBGP routes that may cause routing loops. Only active routes can be redistributed. To view information about active routes, use the display ip routing-table protocol command. The undo import-route protocol all-processes command removes only the configuration made by the import-route protocol all-processes command, instead of the configuration made by the import-route protocol process-id command.
Syntax log-peer-change undo log-peer-change Default The logging is enabled. Views OSPF view Default command level 2: System level Usage guidelines The feature enables outputting information about neighbor state changes on the terminal. Examples # Disable the logging of neighbor state changes for OSPF process 100. system-view [Sysname] ospf 100 [Sysname-ospf-100] undo log-peer-change lsa-arrival-interval Use lsa-arrival-interval to specify the LSA arrival interval.
Examples # Set the LSA arrival interval to 200 milliseconds. system-view [Sysname] ospf 100 [Sysname-ospf-100] lsa-arrival-interval 200 Related commands lsa-generation-interval lsa-generation-interval Use lsa-generation-interval to configure the OSPF LSA generation interval. Use undo lsa-generation-interval to restore the default.
Related commands lsa-arrival-interval lsdb-overflow-limit Use lsdb-overflow-limit to specify the upper limit of external LSAs in the LSDB. Use undo lsdb-overflow-limit to restore the default. Syntax lsdb-overflow-limit number undo lsdb-overflow-limit Default External LSAs in the LSDB are not limited. Views OSPF view Default command level 2: System level Parameters number: Specifies the upper limit of external LSAs in the LSDB, in the range of 1 to 1000000.
The following matrix shows the value range and default values for the maximum argument on different firewalls and UTM devices: Hardware Value range Default value F1000-A-EI/F1000-S-EI 1 to 8 8 F1000-E 1 to 8 8 F5000 1 to 16 16 Firewall module 1 to 8 8 U200-A 1 to 8 8 U200-S 1 to 8 8 Examples # Specify the maximum number of ECMP routes as 2.
[Sysname] ospf 100 [Sysname-ospf-100] area 2 [Sysname-ospf-100-area-0.0.0.2] network 131.108.20.0 0.0.0.255 Related commands ospf nssa Use nssa to configure the current area as an NSSA area. Use undo nssa to restore the default. Syntax nssa [ default-route-advertise | translator-stability-interval value ] * no-import-route | no-summary | translate-always | undo nssa Default No area is configured as an NSSA area.
[Sysname-ospf-100-area-0.0.0.1] nssa Related commands default-cost opaque-capability enable Use opaque-capability enable to enable opaque LSA advertisement and reception. Use undo opaque-capability to restore the default. Syntax opaque-capability enable undo opaque-capability Default The feature is disabled.
Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. router-id router-id: Specifies an OSPF router ID in dotted decimal format. vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. If no VPN is specified, the OSPF process runs on the public network. Usage guidelines You can enable multiple OSPF processes on a router and specify different Router IDs for them. Enable an OSPF process before you perform other tasks.
password: Specifies a password. In simple authentication mode, a plaintext password is a case-sensitive string of 1 to 8 characters, and a ciphertext password is a case-sensitive string of 1 to 41 characters. In MD5/HMAC-MD5 authentication mode, a plaintext password is a case-sensitive string of 1 to 16 characters, and a ciphertext password is a case-sensitive string of 1 to 53 characters. Usage guidelines Interfaces attached to the same network segment must have the same authentication password and mode.
Default BFD is not enabled on an OSPF interface. Views Interface view Default command level 2: System level Parameters echo: Configures BFD single-hop echo detection. Without this keyword, this command enables BFD bidirectional control detection.
Views Interface view Default command level 2: System level Parameters value: Specifies an OSPF cost in the range of 0 to 65535 for a loopback interface and in the range of 1 to 65535 for other interfaces. Usage guidelines If the calculated cost is greater than 65535, the value of 65535 is used. If the calculated cost is smaller than 1, the value of 1 is used. Examples # Set the OSPF cost on GigabitEthernet 0/1 to 65.
ospf mib-binding Use ospf mib-binding to bind an OSPF process to MIB operation for responding to SNMP requests. Use undo ospf mib-binding to restore the default. Syntax ospf mib-binding process-id undo ospf mib-binding Default MIB operation is bound to the OSPF process with the smallest process ID. Views System view Default command level 2: System level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. Examples # Bind OSPF process 100 to MIB operation.
Usage guidelines After a virtual link is established via a Virtual-Template or Tunnel, two devices on the link from different vendors may have different MTU values. To make them consistent, set the attached interfaces' MTU to the default value 0. After you configure this command, the interface checks whether the MTU in a received DD packet is greater than its own MTU. If yes, the interface discards the packet. Examples # Enable GigabitEthernet 0/1 to add the interface MTU value into DD packets.
directly connected, you must configure the P2MP network type so that the two routers can exchange routing information via another router. When the network type of an interface is NBMA or P2MP unicast, you must use the peer command to specify the neighbor. If only two routers run OSPF on a network, you can configure the network type for the connected interfaces as P2P. When the network type of an interface is P2MP unicast, all OSPF packets are unicast by the interface.
Default The dead interval is 40 seconds for broadcast and P2P interfaces and is 120 seconds for P2MP and NBMA interfaces. Views Interface view Default command level 2: System level Parameters seconds: Specifies the dead interval in seconds, in the range of 1 to 2147483647. Usage guidelines If an interface receives no hello packet from a neighbor within the dead interval, the interface considers the neighbor down. The dead interval on an interface is at least four times the hello interval.
Examples # Configure the hello interval on GigabitEthernet 0/1 as 20 seconds. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospf timer hello 20 Related commands ospf timer dead ospf timer poll Use ospf timer poll to set the poll interval on an NBMA interface. Use undo ospf timer poll to restore the default value. Syntax ospf timer poll seconds undo ospf timer poll Default The poll interval is 120s.
undo ospf timer retransmit Default The LSA retransmission interval is 5 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies the LSA retransmission interval in seconds, in the range of 1 to 3600. Usage guidelines After an interface sends an LSA, it waits for an acknowledgement packet. If the interface receives no acknowledgement within the retransmission interval, it will retransmit the LSA.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospf trans-delay 3 peer Use peer to specify a neighbor and the DR priority for the neighbor. Use undo peer to remove the configuration. Syntax peer ip-address [ cost value | dr-priority dr-priority ] undo peer ip-address Views OSPF view Default command level 2: System level Parameters ip-address: Specifies a neighbor IP address. cost value: Specifies the cost to reach the neighbor, in the range of 1 to 65535.
Syntax preference [ ase ] [ route-policy route-policy-name ] value undo preference [ ase ] Default The preference is 10 for OSPF internal routes and 150 for OSPF external routes (or ASE routes). Views OSPF view Default command level 2: System level Parameters ase: Sets a preference for OSPF external routes. Without this keyword, the command sets a preference for OSPF internal routes.
interface-type interface-number: Clears the statistics for the neighbor connected to the specified interface. router-id: Clears the statistics for the specified neighbor. Examples # Clear OSPF statistics. reset ospf counters reset ospf process Use reset ospf process to restart all OSPF processes or a specified process. Syntax reset ospf [ process-id ] process Views User view Default command level 2: System level Parameters process-id: Specifies an OSPF process ID in the range of 1 to 65535.
Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. Usage guidelines If no process ID is specified, the command restarts route redistribution for all OSPF processes. Examples # Restart OSPF route redistribution. reset ospf redistribution rfc1583 compatible Use rfc1583 compatible to enable compatibility with RFC 1583. Use undo rfc1583 compatible to disable the function.
Default No global router ID is configured. Views System view Default command level 2: System level Parameters router-id: Specifies the router ID, in the form of a dotted decimal IPv4 address. Usage guidelines Some routing protocols use a router ID to identify a device. You can configure a global router ID, which is used by routing protocols that have no router ID configured. If no global router ID is configured, the highest loopback interface IP address is used as the router ID.
Parameters interface-type interface-number: Specifies an interface by its type and number. all: Specifies all interfaces. Usage guidelines A disabled interface is a passive interface that cannot send any hello packets. To disable a network from receiving OSPF routes, issue the command on the interface connected to the network. Examples # Disable interface GigabitEthernet 0/1 from sending OSPF packets.
maxagelsa: Specifies LSA max age information. nbrstatechange: Specifies information about neighbor state changes. originatelsa: Specifies information about LSAs originated locally. vifauthfail: Specifies information about virtual interface authentication failures. vifcfgerror: Specifies information about virtual interface configuration errors. virifauthfail: Specifies information about virtual interface authentication failures.
Usage guidelines Based on the LSDB, an OSPF router uses SPF to calculate a shortest path tree with itself being the root. OSPF uses the shortest path tree to determine the next hop to a destination. By adjusting the SPF calculation interval, you can prevent bandwidth and router resources from being over-consumed due to frequent topology changes. When network changes are not frequent, OSPF performs SPF calculations at the minimum-interval.
[Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.1] stub Related commands default-cost stub-router Use stub-router to configure a router as a stub router. Use undo stub-router to restore the default. Syntax stub-router undo stub-router Default No router is configured as a stub router. Views OSPF view Default command level 2: System level Usage guidelines The router LSAs sent by the stub router over different links contain different link type values.
Views OSPF view Default command level 2: System level Parameters interval interval: Specifies an interval at which an interface sends LSU packets, in the range of 10 to 1000 milliseconds. If the router has multiple OSPF interfaces, increase this interval to reduce the total number of LSU packets sent by the router every second. count count: Specifies the maximum number of LSU packets sent by an interface at each interval, in the range of 1 to 200.
md5: Enables MD5 authentication. hmac-md5: Enables HMAC-MD5 authentication. simple: Enables simple authentication. key-id: Specifies the key ID for MD5 or HMAC-MD5 authentication, in the range of 1 to 255. cipher: Sets a ciphertext password. plain: Sets a plaintext password. password: Specifies a password. In simple authentication mode, a plaintext password is a case-sensitive string of 1 to 8 characters, and a ciphertext password is a case-sensitive string of 1 to 41 characters.
IS-IS configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. Feature and hardware compatibility Hardware IS-IS compatible F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes Firewall module No U200-A No U200-S No area-authentication-mode Use area-authentication-mode to specify the area authentication mode and a password. Use undo area-authentication-mode to restore the default.
Usage guidelines The password in the specified mode is inserted into all outgoing Level-1 packets (LSP, CSNP, and PSNP) and is used for authenticating the incoming Level-1 packets. With area authentication configured, IS-IS discards incoming routes from untrusted routers. Routers in a common area must have the same authentication mode and password. If neither ip nor osi is specified, OSI related fields are checked. Whether a password should use ip or osi is not affected by the actual network environment.
Interface bandwidth Cost ≤100 Mbps 50 ≤155 Mbps 40 ≤622 Mbps 30 ≤2500 Mbps 20 >2500 Mbps 10 Examples # Enable automatic link cost calculation. system-view [Sysname] isis 1 [Sysname-isis-1] auto-cost enable Related commands • bandwidth-reference • cost-style bandwidth-reference (IS-IS view) Use bandwidth-reference to set the bandwidth reference value for automatic link cost calculation. Use undo bandwidth-reference to restore the default.
circuit-cost Use circuit-cost to set a global IS-IS link cost. Use undo circuit-cost to restore the default. Syntax circuit-cost value [ level-1 | level-2 ] undo circuit-cost [ level-1 | level-2 ] Default No global link cost is configured. Views IS-IS view Default command level 2: System level Parameters value: Link cost value. The value range varies with cost styles. • For styles narrow, narrow-compatible, and compatible, the cost value ranges from 0 to 63.
Default Only narrow cost style packets can be received and sent. Views IS-IS view Default command level 2: System level Parameters narrow: Receives and sends only narrow cost style packets. The narrow cost ranges from 0 to 63. wide: Receives and sends only wide cost style packets. The wide cost ranges from 0 to 16777215. compatible: Receives and sends both wide and narrow cost style packets. narrow-compatible: Receives both narrow and wide cost style packets, but sends only narrow cost style packets.
Default command level 2: System level Parameters ipv4-unicast: Specifies an IPv4 unicast topology. topology-name: Topology name, a case-sensitive character string of 1 to 31 characters. route-policy-name: Specifies the name of a routing policy, a case-sensitive string of 1 to 63 characters. level-1: Advertises a Level-1 default route. level-1-2: Advertises both Level-1 and Level-2 default routes. level-2: Advertises a Level-2 default route.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description IPv4-Unicast voice(4000): Enable video(500): Disable IPv6-Unicast Voice and video refer to the topology names. 4000 and 500 refer to the topology numbers. IPv6 unicast topology. display isis debug-switches Use display isis debug-switches to display IS-IS debugging switch state.
Views Any view Default command level 1: Monitor level Parameters level-1: Displays the IS-IS Level-1 Graceful Restart state. level-2: Displays the IS-IS Level-2 Graceful Restart state. process-id: IS-IS Process ID, in the range of 1 to 65535. vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the IS-IS Graceful Restart status for the public network is displayed.
Table 81 Command output Field Description Restart Interval Graceful Restart interval. SA Bit Supported SA bit is set. Total Number of Interfaces = 1 Current IS-IS interface number. Restart Status Graceful Restart status. Number of LSPs Awaited Number of LSPs not obtained by the GR restarter from GR helpers during LSDB synchronization. T3 Timer Status Remaining time of T3 timer. T2 Timer Status Remaining time of T2 Timer.
Interface information for ISIS(1) --------------------------------Interface: GigabitEthernet1/1 Id IPV4.State 001 Up IPV6.State MTU Type DIS Down 1497 L1/L2 No/No # Display detailed IS-IS interface information. display isis interface verbose Interface information for ISIS(1) --------------------------------- Interface: Id Vlan-interface999 IPV4.State 001 IPV6.State Up MTU Down Type DIS 1497 L1/L2 No/No SNPA Address : 000f-e237-c6e0 IP Address : 192.168.1.
Field Description Hello Multiplier Value Number of invalid Hello packets. Lsp Timer Value Minimum interval for sending LSP packets. Lsp Transmit-Throttle Count Number of LSP packets sent each time. Cost Cost of the interface. Priority DIS priority. # Display IS-IS interface statistics.
lspid: LSP ID, in the form of sysID.Pseudo ID-fragment num, where sysID represents the originating node or pseudo node, and Pseudo ID is separated by a dot from sysID and by a hyphen from fragment num. lspname: LSP name, in the form of Symbolic name.Pseudo ID-fragment num, where Pseudo ID is separated by a dot from Symbolic name and by a hyphen from fragment num. If the Pseudo ID is 0, specify the LSP name in the form Symbolic name-fragment num. local: Displays LSP information generated locally.
SOURCE 1000.0000.0001.00 NLPID IPV4 NLPID IPV6 AREA ADDR 10 INTF ADDR 3.1.1.20 INTF ADDR V6 3::20 MTR ID 00 0/0/0 MTR ID 02 0/0/0 MTR ID 10 0/0/0 MTR ID 4000 0/0/0 +NBR ID 1000.0000.0002.01 COST: 63 IPV4 UNICAST NBR ID 1000.0000.0002.01 COST: 63 MTR ID: 10 COST: 63 MTR ID: 2 IPV6 UNICAST NBR ID 1000.0000.0002.01 1000.0000.0001.00-01* 0x0000000b 0xbd7 0 (1188) 27 0/0/0 1000.0000.0001.00-02* 0x0000000f 0x68aa 1129 67 0/0/0 110 0/0/0 67 0/0/0 SOURCE 1000.0000.0001.
3::/64 COST: 10 1000.0000.0002.01-00 0x00000003 SOURCE 1000.0000.0002.01 NLPID IPV4 NLPID +NBR MTR ID: 2 878 55 0/0/0 IPV6 ID 1000.0000.0002.00 +NBR 0x1d9b COST: 0 ID 1000.0000.0001.00 COST: 0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload Table 84 Command output Field Description LSPID Link state packet ID. Seq Num LSP sequence number. Checksum LSP checksum. Holdtime LSP lifetime which decreases as time elapses. Length LSP length.
Field Description Topology number supported by the originating router: MTR ID 00 0/0/0 MTR ID 10 0/0/0 MTR ID 02 0/0/0 • • • • 00—Means base topology. 02—Means IPv6 unicast topology. 10—Means IPv4 unicast topology. 0/0/0—Indicates ATT/P/OL. IPV4 UNICAST NBR ID IPv4 unicast neighbor information of the originating router. IPV6 UNICAST NBR ID IPv6 unicast neighbor information of the originating router.
[Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] isis enable [Sysname-GigabitEthernet1/1] isis mesh-group 100 [Sysname-GigabitEthernet1/1] quit [Sysname] interface gigabitethernet 1/2 [Sysname-GigabitEthernet1/1] isis enable [Sysname-GigabitEthernet1/2] isis mesh-group 100 # Display the configuration information of IS-IS mesh-group.
Examples # Configure a name for the local IS system. system-view [Sysname] isis 1 [Sysname-isis-1] is-name RUTA # Configure a static mapping for the remote IS system (system ID 0000.0000.0041, host name RUTB). [Sysname-isis-1] is-name map 0000.0000.0041 RUTB # Display the IS-IS host name-to-system ID mapping table. [Sysname-isis-1] display isis name-table Name table information for ISIS(1) --------------------------------------------------------------System ID Hostname Type 6789.0000.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Local Topology 2 4000 Peer Topology 2 4000 Table 87 Command output Field Description System Id System ID of the neighbor. Interface Interface connecting to the neighbor. Circuit Id Circuit ID. State Circuit state. Holdtime. HoldTime Within the holdtime if no hellos are received from the neighbor, the neighbor is considered down. If a hello is received, the holdtime is reset to the initial value. Circuit type: • • • • Type L1—The circuit type is Level-1 and the neighbor is a Level-1 router.
Table 88 Command output Field Description Neighbor type: Type • LAN Level-1—Number of Level-1 neighbors whose network type is broadcast. • LAN Level-2—Number of Level-2 neighbors whose network type is broadcast. • P2P—Number of neighbors whose network type is P2P. IPv4 Up Number of IPv4 neighbors in up state. IPv4 Init Number of IPv4 neighbors in init state. IPv6 Up Number of IPv6 neighbors in up state. IPv6 Init Number of IPv6 neighbors in init state.
Usage guidelines If no level is specified, both Level-1 and Level-2 routing information is displayed. If no topology is specified, the routing information of the base topology is displayed. Examples # Display IS-IS IPv4 routing information of the base topology.
---------------------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------------3.1.1.0/24 63 NULL GE1/1 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set Table 89 Command output Field Description Route information for ISIS(1) Route information for IS-IS process 1.
NextHop : Interface : Direct GE1/1 ExitIndex : 0x00000000 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------IPV4 Dest : 1.1.0.0/16 Int. Cost : 20 Ext. Cost : NULL Admin Tag : - Src Count : 2 Flag IPV4 Dest : 1.2.0.0/16 Int. Cost : 10 Ext.
Field Description ISIS(1) IPv4 Level-1 Forwarding Table IS-IS IPv4 routing information for Level-1. ISIS(1) IPv4 Level-2 Forwarding Table IS-IS IPv4 routing information for Level-2. ISIS(1) IPv4 MT(voice-4000) Level-1 Forwarding Table IS-IS IPv4 routing information for Level-1 of topology voice. ISIS(1) IPv4 MT(voice-4000) Level-2 Forwarding Table IS-IS IPv4 routing information for Level-2 of topology voice. IPV4 Dest IPv4 destination. Int. Cost Internal route cost. Ext.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display IS-IS SPF log information. display isis spf-log SPF Log information for ISIS(1) ------------------------------Level Trig.Event No.
Syntax display isis statistics [ level-1 | level-1-2 | level-2 ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters level-1: Displays IS-IS Level-1 statistics. level-1-2: Displays IS-IS Level-1-2 statistics. level-2: Displays IS-IS Level-2 statistics. process-id: Displays IS-IS statistics for the IS-IS process. The ID is in the range of 1 to 65535.
-----------------Learnt routes information: Total IPv6 Learnt Routes in IPv6 Routing Table: 0 IPv6 Imported Routes: Static: 0 Direct: 0 ISISv6: 0 BGP4+: RIPng: OSPFv3: 0 0 Total Number: 0 0 MTR(voice): -------------------Learnt routes information: Total IPv4 Learnt Routes in IPv4 Routing Table: 0 Imported routes information: IPv4 Imported Routes: Static: 0 Direct: 0 ISIS: 0 BGP: 0 RIP: 0 OSPF: 0 Total Number: 0 Lsp information: LSP Source ID: No.
ISISv6: 0 BGP4+: RIPng: OSPFv3: 0 0 Total Number: 0 0 MTR(voice): -------------------Learnt routes information: Total IPv4 Learnt Routes in IPv4 Routing Table: 0 Imported routes information: IPv4 Imported Routes: Static: 0 Direct: 0 ISIS: 0 BGP: 0 RIP: 0 OSPF: 0 Total Number: 0 Lsp information: LSP Source ID: No. of used LSPs Table 92 Command output Field Description Statistics information for ISIS(processid) Statistics for the IS-IS process. Level-1 Statistics Level-1 statistics.
undo domain-authentication-mode Default No routing domain authentication is configured. Views IS-IS view Default command level 2: System level Parameters md5: Specifies the MD5 authentication mode. simple: Specifies the simple authentication mode. cipher: Sets a ciphertext password. If this keyword is not specified, you set a plaintext password. password: Set the password. This argument is case sensitive. It must be a plaintext string of 1 to 16 characters, or a ciphertext string of 33 to 53 characters.
Default IS-IS does not filter redistributed routes. Views IS-IS view Default command level 2: System level Parameters acl-number: Specifies the number of an ACL that is used to filter redistributed routes, ranging from 2000 to 3999. For ACL configuration information, see Access Control Command Reference. ip-prefix ip-prefix-name: Specifies the name of an IP prefix list that is used to filter redistributed routes, a case-sensitive string of 1 to 19 characters.
[Sysname-isis 1] filter-policy 3000 export Related commands filter-policy import filter-policy import (IS-IS view) Use filter-policy import to configure IS-IS to filter routes calculated from received LSPs. Use undo filter-policy import to disable IS-IS from filtering routes calculated from received LSPs.
[Sysname] acl number 2000 [Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] isis 1 [Sysname-isis-1] filter-policy 2000 import # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter routes calculated from received LSPs. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
Examples # Enable fast flooding and specify the maximum LSPs to be sent as 10 and the delay time as 100 milliseconds. system-view [Sysname] isis 1 [Sysname-isis-1] flash-flood flood-count 10 max-timer-interval 100 import-route (IS-IS view) Use import-route to redistribute routes from another routing protocol or another IS-IS process. Use undo import-route to disable route redistribution from another routing protocol or another IS-IS process.
level-2: Redistributes routes into the Level-2 routing table. If no level is specified, the routes are redistributed into the Level-2 routing table by default. route-policy route-policy-name: Redistributes only routes satisfying the matching criteria of a routing policy. The routing policy name is a case-sensitive string of 1 to 63 characters. tag tag: Specifies a tag value for redistributed routes from 1 to 4294967295.
ip-prefix ip-prefix-name: Specifies the name of an IP prefix list that is used to filter routes from Level-2 to Level-1, a case-sensitive string of 1 to 19 characters. route-policy route-policy-name: Specifies the name of a routing policy that is used to filter routes from Level-2 to Level-1, a case-sensitive string of 1 to 63 characters. tag tag: Specifies a tag value from 1 to 4294967295 for redistributed routes.
isis Use isis to enable an IS-IS process and specify an associated VPN instance, enter IS-IS view, or both. Use undo isis to disable an IS-IS process. Syntax isis [ process-id ] [ vpn-instance vpn-instance-name ] undo isis [ process-id ] Views System view Default command level 2: System level Parameters process-id: Process ID, ranging from 1 to 65535. The default is 1. vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
Default command level 2: System level Parameters md5: Specifies the MD5 authentication mode. simple: Specifies the simple authentication mode. cipher: Sets a ciphertext password. If this keyword is not specified, you set a plaintext password. password: Set the password. This argument is case sensitive. It must be a plaintext string of 1 to 16 characters, or a ciphertext string of 33 to 53 characters. level-1: Configures the password for Level-1. level-2: Configures the password for Level-2.
undo isis circuit-level Default An interface can establish either the Level-1 or Level-2 adjacency. Views Interface view Default command level 2: System level Parameters level-1: Sets the circuit level to Level-1. level-1-2: Sets the circuit level to Level-1-2. level-2: Sets the circuit level to Level-2. Usage guidelines For a Level-1 (Level-2) router, the circuit level can only be Level-1 (Level-2).
Default command level 2: System level Usage guidelines Interfaces with different network types operate differently. For example, broadcast interfaces on a network need to elect a DIS and flood CSNP packets to synchronize the LSDBs, and P2P interfaces on a network need not elect a DIS and have a different LSDB synchronization mechanism.
Configure a proper IS-IS cost for each interface to ensure correct route calculation. Examples # Configure the Level-2 IS-IS cost as 5 for GigabitEthernet 1/1. system-view [Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] isis cost 5 level-2 Relate commands circuit-cost isis dis-name NOTE: • This command is not supported on a point-to-point interface. • This command is not available in loopback interface view.
NOTE: This command is not available in loopback interface view. Use isis dis-priority to specify a DIS priority at a specified level for an interface. Use undo isis dis-priority to restore the default priority of 64 for Level-1 and Level-2. Syntax isis dis-priority value [ level-1 | level-2 ] undo isis dis-priority [ value ] [ level-1 | level-2 ] Views Interface view Default command level 2: System level Parameters value: Specifies a DIS priority for the interface, ranging from 0 to 127.
Views Interface view Default command level 2: System level Parameters process-id: Specifies a IS-IS process ID, ranging from 1 to 65535. The default is 1. Examples # Create IS-IS routing process 1, and enable it on the GigabitEthernet 1/1 interface. system-view [Sysname] isis 1 [Sysname-isis-1] network-entity 10.0001.1010.1020.1030.
Usage guidelines For an interface not in a mesh group, it follows the normal process to flood the received LSPs to other interfaces. For the NBMA network with high connectivity and multiple point-to-point links, this will cause repeated LSP flooding and bandwidth waste. After an interface is added to a mesh group, it only floods a received LSP or a generated LSP to interfaces not belonging to the same mesh group. If you block an interface, the interface can send LSPs only after receiving LSP requests.
undo isis peer-ip-ignore Default The PPP interface checks the peer's IP address upon receiving a hello packet. Views Interface view Default command level 2: System level Usage guidelines An IS-IS PPP interface requires the sender of a hello packet must be on the same network segment as it. Otherwise, it discards the hello packet. You can use the isis peer-ip-ignore command to disable this restriction.
isis small-hello NOTE: This command is not available in loopback interface view. Use isis small-hello to configure the interface to send small hello packets without CLVs. Use undo isis small-hello to restore the default. Syntax isis small-hello undo isis small-hello Default An interface sends standard hello packets. Views Interface view Default command level 2: System level Examples # Configure the GigabitEthernet 1/1 interface to send small Hello packets.
Parameters seconds: Specifies on the DIS of a broadcast network the interval in seconds for sending CSNP packets, ranging from 1 to 600. level-1: Applies the interval to Level-1. level-2: Applies the interval to Level-2. Usage guidelines This command only applies to the DIS of a broadcast network, which sends CSNP packets periodically for LSDB synchronization. If no level is specified, the CSNP interval applies to both Level-1 and Level-2.
You can configure keywords level-1 and level-2 only on broadcast interfaces. Before you do that, enable IS-IS on the interface. As the shorter the interval is, the more system resources are occupied, you should configure a proper interval as needed. If no level is specified, the hello interval applies to both Level-1 and Level-2. Examples # Configure Level-2 hello packets to be sent every 20 seconds over GigabitEthernet 1/1.
Level-1 and Level-2 hello packets are sent independently on a broadcast network, so you need to specify a hello multiplier for the two levels. On a P2P link, Level-1 and Level-2 packets are both sent in P2P hello packets, and you need not specify Level-1 or Level-2. You can configure keywords level-1 and level-2 only on broadcast interfaces. Before doing that, you need to enable IS-IS on the interface. If no level is specified, the hello multiplier applies to the current level.
Related commands isis timer retransmit isis timer retransmit NOTE: This command is not available in loopback interface view. Use isis timer retransmit to configure the interval for retransmitting LSP packets over a point-to-point link. Use undo isis timer retransmit to restore the default. Syntax isis timer retransmit seconds undo isis timer retransmit Default The retransmission interval is 5 seconds.
Syntax is-level { level-1 | level-1-2 | level-2 } undo is-level Default The default IS level is level-1-2. Views IS-IS view Default command level 2: System level Parameters level-1: Configures the router to work on Level-1, which means it only calculates routes within the area, and maintains the L1 LSDB. level-1-2: Configures the router to work on Level-1-2, which means it calculates routes and maintains the LSDBs for both L1 and L2.
Default command level 2: System level Parameters symbolic-name: Specifies a host name for the local IS, a string of 1 to 64 characters. Examples # Configure a host name for the local IS. system-view [Sysname] isis 1 [Sysname-isis-1] is-name RUTA is-name map Use is-name map to configure a system ID to host name mapping for a remote IS. Use undo is-name map to remove the mapping.
Default SNMP Trap is enabled. Views IS-IS view Default command level 2: System level Examples # Enable SNMP Trap. system-view [Sysname] isis 1 [Sysname-isis-1] is-snmp-traps enable log-peer-change (IS-IS view) Use log-peer-change to enable the logging of IS-IS neighbor state changes. Use undo log-peer-change to disable the logging. Syntax log-peer-change undo log-peer-change Default The logging is enabled.
undo lsp-fragments-extend Default LSP fragment extension is disabled. Views IS-IS view Default command level 2: System level Parameters level-1: Applies the fragment extension mode to Level-1 LSPs. level-1-2: Applies the fragment extension mode to both Level-1 and Level-2 LSPs. level-2: Applies the fragment extension mode to Level-2 LSPs. mode-1: Specifies the fragment extension mode 1, used on a network where some routers do not support LSP fragment extension.
level-1: Applies the size to Level-1 LSP packets. level-2: Applies the size to Level-2 LSP packets. Usage guidelines If neither Level-1 nor Level-2 is specified in the command, the configured maximum size applies to the current IS-IS level. Examples # Configure the maximum size of the generated Level-2 LSPs as 1024 bytes. system-view [Sysname] isis 1 [Sysname-isis-1] lsp-length originate 1024 level-2 lsp-length receive Use lsp-length receive to configure the maximum size of received LSPs.
Default The maximum number of ECMP routes is 8. Views IS-IS view Default command level 2: System level Parameters ipv4-unicast topology-name: Specifies an IPv4 unicast topology. topology-name is a case-sensitive string of 1 to 31 characters. number: Maximum number of ECMP routes. The value range is 1 to 8. Usage guidelines If no topology is specified, the command configures the maximum number of ECMP routes for the base topology. Examples # Configure the maximum number of ECMP routes as 2.
• Area ID—Its length is in the range of 1 to 13 bytes. • System ID—A system ID uniquely identifies a host or router in the area and has a fixed 6-byte length. • SEL—It has a value of 0 and a fixed 1-byte length. For example, a NET is ab.cdef.1234.5678.9abc.00, where area ID is ab.cdef, system ID is 1234.5678.9abc, and SEL is 00. Examples # Specify the NET as 10.0001.1010.1020.1030.00, of which 10.0001 is the area ID and 1010.1020.1030 is the system ID.
Examples # Configure the preference of IS-IS protocol as 25. system-view [Sysname] isis 1 [Sysname-isis-1] preference 25 priority high Use priority high to assign a high priority to specific routes for faster network convergence. Use undo priority high to restore the default. Syntax priority high { ip-prefix prefix-name | tag tag-value } undo priority high [ ip-prefix | tag ] Default No IS-IS route is assigned a high priority.
Default command level 2: System level Parameters process-id: Clears the data structure information of an IS-IS process numbered from 1 to 65535. vpn-instance vpn-instance-name: Clears the data structure information of the VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the data structure information of the public network is cleared. Usage guidelines Use this command when the LSP needs to be updated immediately.
set-overload Use set-overload to set the overload bit. Use undo set-overload to clear the overload bit. Syntax set-overload [ on-startup [ [ start-from-nbr system-id [ timeout1 [ nbr-timeout ] ] ] | timeout2 ] [ allow { external | interlevel } * ] undo set-overload Default The overload bit is not set. Views IS-IS view Default command level 2: System level Parameters on-startup: Sets the overload bit upon system startup.
[Sysname-isis-1] set-overload summary (IS-IS view) Use summary to configure a summary route. Use undo summary to remove a summary route. Syntax summary ip-address { mask | mask-length } [ avoid-feedback | generate_null0_route | [ level-1 | level-1-2 | level-2 ] | tag tag ] * undo summary ip-address { mask | mask-length } [ level-1 | level-1-2 | level-2 ] Default No summarization is configured.
[Sysname-isis-1] summary 202.0.0.0 255.0.0.0 timer lsp-generation Use timer lsp-generation to specify the wait interval before generating IS-IS LSPs. Use undo timer lsp-generation to restore the default. Syntax timer lsp-generation maximum-interval [ initial-interval [ second-wait-interval ] ] [ level-1 | level-2 ] undo timer lsp-generation [ level-1 | level-2 ] Default The wait interval before LSP generation is 2 seconds.
Examples # Set the maximum, initial, and second wait intervals to 10 seconds, 100 milliseconds and 200 milliseconds, respectively. system-view [Sysname] isis 1 [Sysname-isis-1]timer lsp-generation 10 100 200 timer lsp-max-age Use timer lsp-max-age to set the LSP maximum age in the LSDB. Use undo timer lsp-max-age to restore the default. Syntax timer lsp-max-age seconds undo timer lsp-max-age Default The LSP maximum age is 1200 seconds.
Views IS-IS view Default command level 2: System level Parameters seconds: LSP refresh interval in seconds, ranging from 1 to 65534. Usage guidelines To refresh LSPs before they are aged out, the interval configured by the timer lsp-refresh command must be smaller than that configured by the timer lsp-max-age command. Examples # Configure the LSP refresh interval as 1500 seconds.
{ { • IS-IS waits the initial interval before performing the first SPF calculation. When SPF calculation triggers occur at intervals shorter than the maximum interval, the topology is considered unstable and IS-IS waits the maximum interval before performing the SPF calculation until the topology is stable. If maximum-interval, initial-interval, and second-wait-interval are specified: { { { IS-IS waits the initial interval before performing the first SPF calculation.
[Sysname] isis 1 [Sysname-isis-1] virtual-system 2222.2222.
BGP configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. Feature and hardware compatibility Hardware BGP compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No aggregate Use aggregate to create a summary route in the BGP routing table. Use undo aggregate to remove a summary route.
suppress-policy route-policy-name: Suppresses specific routes defined in the routing policy. The routing policy name is a case-sensitive string of 1 to 63 characters. origin-policy route-policy-name: References the routing policy to specify routes for summarization. The routing policy name is a case-sensitive string of 1 to 63 characters. Table 93 Functions of the keywords Keywords Function as-set Used to create a summary route, whose AS path contains the AS path information of summarized routes.
undo balance [ ebgp | ibgp ] Default No load balancing is configured. Views BGP view, VPN instance view Default command level 2: System level Parameters ebgp: Configures load balancing for EBGP routes. ibgp: Configures load balancing for IBGP routes. number: Specifies the number of BGP ECMP routes, in the range of 1 to 8. When it is set to 1, load balancing is disabled.
system-view [Sysname] bgp 100 [Sysname-bgp] balance ebgp 2 # In BGP-VPN instance view, set the number of routes participating in BGP load balancing to 2. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] balance 2 # In BGP-VPN instance view, set the number of IBGP ECMP routes to 2. (The VPN has been created.
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] bestroute as-path-neglect bestroute compare-med (BGP/BGP-VPN instance view) Use bestroute compare-med to enable the comparison of MEDs for routes on a per-AS basis. Use undo bestroute compare-med to disable this comparison. Syntax bestroute compare-med undo bestroute compare-med Default This comparison is not enabled.
Default command level 2: System level Usage guidelines The system only compares MED values for paths from peers within the confederation. Paths from external ASs are advertised throughout the confederation without MED comparison. Examples # In BGP view, enable the comparison of the MED for paths from peers within the confederation.
Use undo compare-different-as-med to disable the comparison. Syntax compare-different-as-med undo compare-different-as-med Default The comparison is disabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Usage guidelines If several paths to one destination are available, the path with the smallest MED is selected. Do not use this command unless associated ASs adopt the same IGP protocol and routing selection method.
Parameters as-number: Specifies the number of the AS that contains multiple sub-ASs, in the range of 1 to 4294967295. Usage guidelines Configuring a confederation can reduce IBGP connections in a large AS. You can split the AS into several sub-ASs, and each sub-AS remains fully meshed. These sub-ASs form a confederation. Key IGP attributes of a route, such as the next hop, MED, or local preference, are not discarded when crossing each sub-AS.
Usage guidelines All devices should be configured with this command to interact with those nonstandard devices in the confederation. Examples # AS 100 contains routers not compliant with RFC 3065 and comprises two sub-ASs, 64000 and 65000.
[Sysname-bgp] confederation id 10 [Sysname-bgp] confederation peer-as 2000 2001 Related commands • confederation id • confederation nonstandard dampening (BGP/BGP-VPN instance view) Use dampening to enable BGP route dampening, configure dampening parameters, or both. Use undo dampening to disable route dampening. Syntax dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] * undo dampening Default No route dampening is configured.
# In BGP-VPN instance view, configure BGP route dampening. (The VPN has been created.
default local-preference (BGP/BGP-VPN instance view) Use default local-preference to configure the default local preference. Use undo default local-preference to restore the default value. Syntax default local-preference value undo default local-preference Default The default local preference is 100. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters value: Specifies the default local preference, in the range of 0 to 4294967295.
Default command level 2: System level Parameters med-value: Specifies the default MED value, in the range of 0 to 4294967295. Usage guidelines Multi-exit discriminator (MED) is an external metric for routes. Different from local preference, MED is exchanged between ASs and stays in the AS once it enters the AS. The route with a lower MED is preferred.
[Sysname-bgp] default-route imported [Sysname-bgp] import-route ospf 1 # In BGP-VPN instance view, enable redistributing default route from OSPF into BGP. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] default-route imported [Sysname-bgp-ipv4-vpn1] import-route ospf 1 Related commands import-route display bgp group Use display bgp group to display peer group information.
Members: Peer AS 2.2.2.1 200 MsgRcvd MsgSent 0 OutQ PrefRcv Up/Down 0 0 State 0 00:00:35 Active Table 94 Command output Field Description BGP peer-group Name of the BGP peer group. Remote AS AS number of peer group. Type of the BGP peer group: type • IBGP. • EBGP. Maximum allowed prefix number Maximum prefixes allowed to receive from the peer group.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Parameters as-regular-expression: Specifies an AS path regular expression, a string of 1 to 80 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
group-name: Specifies the name of a peer group to be displayed, a string of 1 to 47 characters. log-info: Displays the log information of the specified peer. verbose: Displays the detailed information of the peer/peer group. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Table 97 Command output Field Description Peer IP address of the peer. Local Local router ID. Type Peer type. BGP version BGP version. remote router ID Router ID of the peer. BGP current state Current state of the peer. BGP current event Current event of the peer. BGP last state Previous state of the peer. Port TCP port numbers of the local router and its peer. Configured: Active Hold Time Local holdtime interval. Keepalive Time Local keepalive interval.
Field Description BFD status: BFD • Enabled. • Disabled. Routing policy configured Local routing policy. # Display the log information of the peer 10.110.25.20. display bgp peer 10.110.25.20 log-info Peer : 10.110.25.
Default command level 1: Monitor level Parameters ip-address: Specifies a BGP peer by its IP address. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Parameters ip-address: Specifies a destination IP address. mask: Specifies a network mask, in dotted decimal notation. mask-length: Specifies a mask length, in the range of 0 to 32. longer-prefixes: Displays the routing entries selected through the following steps: 1. AND the specified destination IP address with the specified mask. 2. AND the destination IP address of each route with the specified mask. 3.
Field Description Status codes: Status codes • • • • • • • • * – valid—Valid route. ^ - VPNv4 best—Best VPNv4 route. > – best—Best route. d – damped—Dampened route. h – history—History route. i – internal—Internal route. s – suppressed—Suppressed route. S – Stale—Stale route. Origin attributes: Origin • i – IGP—Originated in the AS. • e – EGP—Learned through EGP. • ? – incomplete—Learned by some other means. Network Destination network address. Next Hop Next hop IP address.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Total Number of Routes: 1 BGP Local router ID is 20.20.20.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? – incomplete *> Network NextHop MED 40.40.40.0/24 30.30.30.1 0 LocPrf PrefVal Path/Ogn 0 300i For description of the fields, see Table 100.
display bgp routing-table community 11:22 BGP Local router ID is 10.10.10.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? – incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.10.10.0/24 0.0.0.0 0 0 i *> 40.40.40.0/24 20.20.20.1 0 0 200 300i For description of the fields, see Table 100.
Origin codes: i - IGP, e - EGP, ? – incomplete Network NextHop Metric LocPrf PrefVal Path *> 3.3.3.0/30 1.2.3.4 0 ? *> 4.4.0.0/20 1.2.3.4 0 ? *> 4.5.6.0/26 1.2.3.4 0 ? For description of the fields, see Table 100. display bgp routing-table dampened Use display bgp routing-table dampened to display dampened BGP routes.
display bgp routing-table dampening parameter Use display bgp routing-table dampening parameter to display BGP route dampening parameters. Syntax display bgp routing-table dampening parameter [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display bgp routing-table different-origin-as Use display bgp routing-table different-origin-as to display BGP routes originating from different autonomous systems. Syntax display bgp routing-table different-origin-as [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Default command level 1: Monitor level Parameters as-regular-expression: Displays route flap information that matches the AS path regular expression, which is a string of 1 to 80 characters. as-path-acl-number: Displays route flap information matching the AS path list. The number is in the range of 1 to 256. ip-address: Specifies a destination IP address. mask: Specifies a mask, in dotted decimal notation. mask-length: Mask length, in the range of 0 to 32. longer-match: Matches the longest prefix.
display bgp routing-table label Use display bgp routing-table label to display labeled BGP routing information. Syntax display bgp routing-table label [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Views Any view Default command level 1: Monitor level Parameters ip-address: Specifies an IP address of a peer. advertised-routes: Displays routing information advertised to the specified peer. received-routes: Displays routing information received from the specified peer. network-address: Specifies the IP address of the destination network. mask: Specifies the mask of the destination network, in dotted decimal notation. mask-length: Specifies a mask length, in the range of 0 to 32.
Syntax display bgp routing-table regular-expression as-regular-expression Views Any view Default command level 1: Monitor level Parameters as-regular-expression: AS path regular expression, a string of 1 to 80 characters. Examples # Display BGP routing information with AS number ended with 300. display bgp routing-table regular-expression 300$ BGP Local router ID is 20.20.20.
display bgp routing-table statistic Total Number of Routes: 4 display router id Use display router id to display the global router ID. Syntax display router id [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Usage guidelines When the link to a directly connected EBGP peer is down, the router, with quick EBGP session reestablishment enabled, tears down the session to the peer, and then immediately reestablishes a session. If the function is not enabled, the router does not tear down the session until the holdtime times out. A route flap does not affect the EBGP session state when the quick EBGP session reestablishment is disabled. Examples # In BGP view, enable quick reestablishment of direct EBGP session.
static: Filters static routes. The following matrix shows the values for the isis process-id option on different firewalls and UTM devices: Hardware Option compatible F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes Firewall module No U200-A No U200-S No Usage guidelines If no routing protocol is specified, all outgoing routes are filtered.
filter-policy import (BGP/BGP-VPN instance view) Use filter-policy import to configure the filtering of incoming routing information. Use undo filter-policy import to disable the filtering. Syntax filter-policy { acl-number | ip-prefix ip-prefix-name } import undo filter-policy import Default Incoming routing information is not filtered.
[Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0 [Sysname-acl-adv-3000] rule 100 deny ip [Sysname-acl-adv-3000] quit [Sysname] bgp 100 [Sysname-bgp] filter-policy 3000 import group (BGP/BGP-VPN instance view) Use group to create a peer group. Use undo group to delete a peer group.
ignore-first-as Use ignore-first-as to configure BGP to ignore the first AS number of EBGP route updates. Use undo ignore-first-as to configure BGP to check the first AS number of EBGP route updates. Syntax ignore-first-as undo ignore-first-as Default BGP checks the first AS number of a received EBGP route update. If the first AS number is not that of the BGP peer, the BGP router discards the route update. Views BGP view Examples # Configure BGP to ignore the first AS number of EBGP route updates.
Hardware Protocols F5000 direct, isis, ospf, rip, and static Firewall module direct, ospf, rip, and static U200-A direct, ospf, rip, and static U200-S Incompatible process-id: Process ID, in the range of 1 to 65535. The default is 1. It is available only when the protocol is isis, ospf, or rip. all-processes: Redistributes routes from all the processes of the specified protocol. This keyword takes effect only when the protocol is isis, rip, or ospf.
Syntax ipv4-family vpn-instance vpn-instance-name undo ipv4-family vpn-instance vpn-instance-name Views BGP view Default command level 2: System level Parameters vpn-instance-name: VPN instance name, a case-sensitive string of 1 to 31 characters. Usage guidelines Before you enter BGP-VPN instance view, the VPN instance must have been created. Examples # Associate the specified VPN instance with the IPv4 address family, and enter BGP-VPN instance view.
network (BGP/BGP-VPN instance view) Use network to inject a network to the local BGP routing table. Use undo network to remove the configuration. Syntax network ip-address [ mask | mask-length ] [ route-policy route-policy-name ] undo network ip-address [ mask | mask-length ] Default No network route is injected. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters ip-address: Specifies a destination IP address.
undo network ip-address [ mask | mask-length ] short-cut Default A received EBGP route has a preference of 255. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters ip-address: Specifies a destination IP address. mask: Specifies a mask of the network address, in dotted decimal notation. mask-length: Specifies a mask length, in the range of 0 to 32. Usage guidelines The preference of an EBGP route is lower than a local route.
Default command level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Examples # In BGP view, advertise the community attribute to peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] peer test advertise-community # In BGP-VPN instance view, advertise the community attribute to peer group test. (The VPN has been created.
system-view [Sysname] bgp 100 [Sysname-bgp] peer test advertise-ext-community # In BGP-VPN view, advertise the extended community attribute to the peer group test. (The VPN has been created.
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 1.1.1.1 allow-as-loop 2 Related commands display bgp routing-table peer peer as-number (BGP/BGP-VPN instance view) Use peer { group-name | ip-address } as-number as-number to specify a peer/peer group with an AS number. Use undo peer group-name as-number to delete a peer group. Use undo peer ip-address to delete a peer.
# In BGP-VPN instance view, specify peer group test2 in AS 200. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer test2 as-number 200 peer as-path-acl (BGP/BGP-VPN instance view) Use peer as-path-acl to configure the filtering of routes incoming from or outgoing to a peer/peer group based on a specified AS path list. Use undo peer as-path-acl to remove the configuration.
peer bfd Use peer bfd to enable BFD for a BGP peer. Use undo peer bfd to disable BFD for a BGP peer. Syntax peer ip-address bfd undo peer ip-address bfd Default BFD is disabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters ip-address: IP address of a peer. Usage guidelines After the link to the BGP peer fails, BFD may detect the failure before the system performs GR, causing GR to fail. If GR capability is enabled for BGP, use BFD with caution.
Syntax peer { group-name | ip-address } capability-advertise conventional undo peer { group-name | ip-address } capability-advertise conventional Default BGP multi-protocol extension and route refresh are enabled. Views BGP view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. Examples # In BGP view, disable multi-protocol extension and route refresh for peer 160.89.2.33.
Usage guidelines • After you enable the ORF capability, the local BGP router negotiates the ORF capability with the BGP peer through Open messages. After that, the BGP router can exchange ORF information in route-refresh messages with the peer. For non-standard ORF capability negotiation, you need also to configure the peer capability-advertise orf non-standard command.
Default The non-standard ORF capability is not enabled for a BGP peer or peer group. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. Parameters This command must be configured when the peer supports only non-standard ORF. Examples # Enable the non-standard ORF capability for the BGP peer 18.10.0.9 (suppose the BGP peer 18.10.0.
Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. Examples # In BGP view, enable BGP route refresh for peer 160.89.2.33. system-view [Sysname] bgp 100 [Sysname-bgp] peer 160.89.2.33 as-number 100 [Sysname-bgp] peer 160.89.2.33 capability-advertise route-refresh # In BGP-VPN instance view, enable BGP route refresh for peer 160.89.2.
Examples # In BGP view, enable 4-byte AS number suppression for peer 160.89.2.33. system-view [Sysname] bgp 100 [Sysname-bgp] peer 160.89.2.33 as-number 100 [Sysname-bgp] peer 160.89.2.33 capability-advertise suppress-4-byte-as # In BGP-VPN instance view, enable 4-byte AS number suppression for peer 160.89.2.33. (The VPN must have been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 160.89.2.
Examples # In BGP view, specify loopback 0 as the source interface for routing updates to the peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] peer test connect-interface loopback 0 # In BGP-VPN instance view, specify loopback 0 as the source interface for routing updates to the peer group test. (The VPN has been created.
[Sysname-bgp-ipv4-vpn1] peer test default-route-advertise peer description (BGP/BGP-VPN instance view) Use peer description to configure the description information for a peer/peer group. Use undo peer description to remove the description information of a peer/peer group. Syntax peer { group-name | ip-address } description description-text undo peer { group-name | ip-address } description Default No description information is configured for a peer/peer group.
Syntax peer { group-name | ip-address } ebgp-max-hop [ hop-count ] undo peer { group-name | ip-address } ebgp-max-hop Default This feature is disabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. hop-count: Specifies the maximum hop count, in the range of 1 to 255. The default is 64.
Default command level 2: System level Parameters ip-address: Specifies the IP address of a peer. Usage guidelines If a peer is disabled, the router does not exchange routing information with the peer. Examples # Disable peer 18.10.0.9. system-view [Sysname] bgp 100 [Sysname-bgp] peer 18.10.0.9 group group1 [Sysname-bgp] undo peer 18.10.0.9 enable peer fake-as (BGP/BGP-VPN instance view) NOTE: The peer fake-as command is only applicable to an EBGP peer or peer group.
system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer test fake-as 200 peer filter-policy (BGP/BGP-VPN instance view) Use peer filter-policy to configure an ACL-based filter policy for a peer or peer group. Use undo peer filter-policy to remove the configuration.
Use undo peer group to delete a specified peer from a peer group. Syntax peer ip-address group group-name [ as-number as-number ] undo peer ip-address group group-name Default No peer exists in a peer group. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. as-number: Specifies the AS number of the peer, in the range of 1 to 4294967295.
Default Session establishment with a peer or peer group is allowed. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. Usage guidelines After the peer ignore command is executed, the system disables the session with the specified peer or peer group and clears all the related routing information.
Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. ip-prefix-name: Specifies the IP prefix list name, a string of 1 to 19 characters. export: Applies the filter to routes advertised to the specified peer/peer group. import: Applies the filter to routes received from the specified peer/peer group. Examples # In BGP view, use the IP prefix list list 1 to filter routes advertised to the peer group test.
# In BGP-VPN instance view, save all route updates from peer 131.100.1.1. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 131.100.1.1 as-number 200 [Sysname-bgp-ipv4-vpn1] peer 131.100.1.1 keep-all-routes peer log-change (BGP/BGP-VPN instance view) Use peer log-change to enable the logging of session state and event information for a specified peer or peer group.
undo peer { group-name | ip-address } next-hop-local Default Routes advertised to an EBGP peer/peer group take the local router as the next hop, and routes sent to an IBGP peer/peer group do not take the local router as the next hop. Views BGP view /BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer.
simple: Specifies a plaintext password. password: Password, a case-sensitive string of 1 to 137 characters in cipher text, or 1 to 80 characters in plain text. Usage guidelines You can enable MD5 authentication to enhance security in the following ways: • Perform MD5 authentication when establishing TCP connections. Only the two parties that have the same password configured can establish TCP connections. • Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.
Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. value: Preferred value, in the range of 0 to 65535. Usage guidelines Routes learned from a peer have an initial preferred value. Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the route to the destination.
Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. Usage guidelines The command does not take effect if the BGP update has both public and private AS numbers. The range of private AS number is from 64512 to 65535. Examples # In BGP view, carry no private AS number in BGP updates sent to the peer group test.
# In BGP-VPN instance view, configure the local device as a route reflector and specify the IBGP peer group test as a client. (vpn1 must have been created.) system-view [Sysname] bgp 109 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer test reflect-client Related commands • reflect between-clients • reflect cluster-id peer route-limit (BGP/BGP-VPN instance view) Use peer route-limit to specify the maximum number of routes that can be received from a peer or peer group.
[Sysname] bgp 109 [Sysname-bgp] peer 129.140.6.6 as-number 110 [Sysname-bgp] peer 129.140.6.6 route-limit 10000 # In BGP-VPN instance view, specify the maximum number of routes that can be received from peer 129.140.6.6 to 10000, and configure the router to tear down the connection to the peer if the number is exceeded. (The VPN has been created.) system-view [Sysname] bgp 109 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 129.140.6.
# In BGP-VPN instance view, apply the routing policy test-policy to routes outgoing to the peer group test. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer test route-policy test-policy export peer route-update-interval (BGP/BGP-VPN instance view) Use peer route-update-interval to specify the interval for sending the same update to a peer or peer group.
peer substitute-as (BGP/BGP-VPN instance view) Use peer substitute-as to replace the AS number of a peer/peer group in the AS_PATH attribute with the local AS number. Use undo peer substitute-as to remove the configuration. Syntax peer { group-name | ip-address } substitute-as undo peer { group-name | ip-address } substitute-as Default No AS number is replaced.
Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a sting of 1 to 47 characters. ip-address: Specifies the IP address of a peer. keepalive: Specifies the keepalive interval in seconds, ranging from 0 to 21845. holdtime: Specifies the holdtime interval in seconds, whose value is 0 or in the range of 3 to 65535. Usage guidelines The timers configured with this command are preferred to the timers configured with the timer command.
preference (BGP/BGP-VPN instance view) Use preference to configure preferences for external, internal, and local routes. Use undo preference to restore the default. Syntax preference { external-preference internal-preference local-preference | route-policy route-policy-name } undo preference Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters external-preference: Preference of EBGP routes, in the range of 1 to 255.
Default Route reflection between clients is enabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Usage guidelines After a route reflector is configured, it reflects the routes of a client to other clients. If the clients of a route reflector are fully meshed, disable route reflection between clients to reduce routing costs. Examples # Disable route reflection between clients.
Usage guidelines Typically, a cluster has only one route reflector. The router ID of the route reflector is the ID of the cluster. You can configure multiple route reflectors to improve network stability. Using this command can configure the identical cluster ID for all the route reflectors to avoid routing loops. Examples # Set the cluster ID to 80. system-view [Sysname] bgp 100 [Sysname-bgp] reflector cluster-id 80 # In BGP-VPN instance view, set the cluster ID to 80.
This command requires that both the local router and the peer support route refresh. If the peer keep-all-routes command is configured, the refresh bgp import command does not take effect. Examples # Perform inbound BGP soft reset. refresh bgp all import reset bgp Use reset bgp to reset specified BGP sessions.
mask-length: Specifies the ask length, in the range of 0 to 32. Examples # Clear damping information of route 20.1.0.0/16 and release the suppressed route. reset bgp dampening 20.1.0.0 255.255.0.0 Related commands • dampening • display bgp routing-table dampened reset bgp flap-info Use reset bgp flap-info to clear the flap statistics of routes matching the specified filter.
Default command level 2: System level Examples # Reset all the BGP sessions of IPv4 unicast address family. reset bgp ipv4 all router id Use router id to configure a global router ID. Use undo router id to remove the global router ID. Syntax router id router-id undo router id Default No global router ID is configured. Views System view Default command level 2: System level Parameters router-id: Router ID, in the form of a dotted decimal IPv4 address.
Use undo router-id to remove the router ID. Syntax router-id router-id undo router-id Default A BGP router uses the global router ID. You can execute the router id command in system view to configure the global router ID. Views BGP view Default command level 2: System level Parameters router-id: Router ID in IP address format. Usage guidelines To run BGP protocol, a router must have a router ID, which is an unsigned 32-bit integer, the unique ID of the router in the AS.
Usage guidelines Neither the default route nor the routes imported using the network command can be summarized automatically. The summary automatic command helps BGP limit the number of routes redistributed from IGP to reduce the size of the routing table. Examples # In BGP view, enable automatic route summarization. system-view [Sysname] bgp 100 [Sysname-bgp] summary automatic # In BGP-VPN instance view, enable automatic summarization (the VPN has been created).
timer (BGP/BGP-VPN instance view) Use timer to configure the global keepalive interval and holdtime. Use undo timer to restore the default. Syntax timer keepalive keepalive hold holdtime undo timer Default The BGP keepalive interval and the holdtime are 60 seconds and 180 seconds, respectively. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters keepalive: Keepalive interval in seconds, ranging from 0 to 21845.
system-view [Sysname] bgp 100 [Sysname-bgp] timer keepalive 0 hold 0 # In BGP-VPN instance view, configure both the keepalive interval and holdtime for all BGP sessions in vpn1 as 0 seconds, indicating no peer connection will time out. (vpn1 must have been created.
Basic IP routing configuration commands display ip routing-table Use display ip routing-table to display brief information about active routes in the routing table. Use display ip routing-table verbose to display detailed information about all routes in the routing table.
1.1.2.1/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.0/24 OSPF 2 1.1.2.2 GE0/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 Direct 0 0 192.168.0.1 VT1 192.168.0.1/32 Direct 0 0 127.0.0.1 InLoop0 10 Table 105 Command output Field Description Destinations Number of destination addresses. Routes Number of routes. Destination/Mask Destination address/mask length. Proto Protocol that installed the route.
Tag: 0 Destination: 2.2.2.0/24 Protocol: OSPF Preference: 10 IpPrecedence: NextHop: 1.1.2.2 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 1 Cost: 2 QosLcId: Interface: GigabitEthernet0/2 BkInterface: Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h00m53s Tag: 0 Destination: 127.0.0.0/8 Protocol: Direct Preference: 0 IpPrecedence: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.
Tag: 0 Destination: 192.168.0.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 IpPrecedence: QosLcId: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 Interface: InLoopBack0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active NoAdv Age: 06h46m35s Tag: 0 Displayed first are statistics for the whole routing table, followed by detailed description of each route (in sequence).
Field Description Route status: • • • • • Active—This is an active unicast route. Adv—This route can be advertised. Delete—This route is deleted. Gateway—This is an indirect route. Holddown—Number of holddown routes. Holddown is a route advertisement policy used in some routing protocols, such as RIP, to avoid the propagation of some incorrect routes. It distributes a Holddown route during a period regardless of whether a new route to the same destination is found.
acl-number: Specifies a basic ACL by its number in the range of 2000 to 2999. verbose: Displays detailed information about all routes permitted by the basic ACL. Without this argument, the command displays only brief information about active routes permitted by the basic ACL. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
RelyNextHop: 0.0.0.0 Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h25m32s Tag: 0 Destination: 10.1.1.2/32 Protocol: Direct Preference: 0 IpPrecedence: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 0 Cost: 0 QosLcId: Interface: InLoopBack0 BkInterface: Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active NoAdv Age: 1d00h41m34s Tag: 0 Destination: 10.1.2.
RelyNextHop: 0.0.0.0 Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h05m31s Tag: 0 Destination: 10.1.3.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 IpPrecedence: QosLcId: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 Interface: InLoopBack0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor: 0.0.0.
verbose: Displays detailed information about all routes. Without this argument, the command displays only brief information about active routes. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Routing Table : Public Summary Count : 3 Destination/Mask Proto 11.0.0.0/8 11.1.0.0/16 Pre Cost NextHop Interface Static 60 0 0.0.0.0 NULL0 Static 60 0 0.0.0.0 NULL0 # Display brief information about the routes with destination IP address 11.0.0.1 and the longest mask length. display ip routing-table 11.0.0.1 longer-match Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre 11.0.0.0/24 Static 60 Cost NextHop Interface 0 0.0.0.
Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command displays routing information for the public network. ip-prefix-name: Specifies an IP prefix list by its name, a string of 1 to 19 characters. verbose: Displays detailed information about all routes permitted by the IP prefix list.
NextHop: 2.2.2.1 BkNextHop: 0.0.0.0 Interface: Vlan-interface2 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h20m52s Tag: 0 Destination: 2.2.2.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 IpPrecedence: QosLcId: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 Interface: InLoopBack0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.
Hardware Protocols U200-S direct, ospf, rip, static, and guard inactive: Displays information about only inactive routes. Without this argument, the command displays information about all routes. verbose: Displays detailed routing table information. Without this argument, the command displays brief routing table information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
1.2.3.0/24 Static 60 0 1.2.4.5 Vlan10 3.0.0.0/8 Static 60 0 2.2.2.2 GE0/1 For command output, see Table 105. display ip routing-table statistics Use display ip routing-table statistics to display IPv4 route statistics.
Field Description deleted Number of routes marked as deleted, which will be cleared after a period. freed Number of routes that got freed (removed permanently) Total Total number of routes. reset ip routing-table statistics protocol Use reset ip routing-table statistics protocol to clear IPv4 route statistics.
Views User view Default command level 2: System level Parameters vpn-instance vpn-instance-name: Clears route statistics for a VPN specified by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command clears routing statistics for the public network. protocol: Clears route statistics for an IPv6 routing protocol. It can be bgp4+, direct, isisv6, ospfv3, ripng, or static. all: Clears route statistics for all IPv6 routing protocols.
Policy-based routing configuration commands apply default output-interface Use apply default output-interface to set a default output interface. Use undo apply default output-interface to remove the configuration.
Syntax apply ip-address default next-hop ip-address [ track track-entry-number ] [ ip-address [ track track-entry-number ] ] undo apply ip-address default next-hop [ ip-address [ ip-address ] ] Views Policy node view Default command level 2: System level Parameters ip-address: Specifies the default next hop IP address. track track-entry-number: Specifies a track entry by its number, in the range of 1 to 1024.
Usage guidelines You can specify up to two next hops by performing this command once or twice. With a next hop specified, the undo apply ip-address next-hop command removes the specified next hop. Without any next hop specified, the undo apply ip-address next-hop command removes all next hops. Examples # Set a directly-connected next hop of 1.1.1.1. system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] apply ip-address next-hop 1.1.1.
[Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] apply ip-precedence critical apply output-interface Use apply output-interface to set output interfaces for packets. Use undo apply output-interface to remove the configuration.
undo apply output-interface Views Policy node view Default command level 2: System level Parameters interface-type interface-number: Specifies an output interface by its type and number. ip-address next-hop dhcpc: Specifies the gateway address learned through DHCP as the next hop.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display PBR configuration for policy pr01. display ip policy-based-route setup pr01 policy Name interface pr01 GigabitEthernet 0/1 # Display PBR configuration on GigabitEthernet 0/1.
Views Any view Default command level 1: Monitor level Parameters interface interface-type interface-number: Displays the statistics of PBR on the specified interface. local: Displays the statistics of local PBR. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Syntax display policy-based-route [ policy-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters policy-name: Displays information about the specified policy. A policy name is a string of 1 to 19 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Views Policy node view Default command level 2: System level Parameters acl-number: Specifies the ACL number, in the range of 2000 to 3999. The number of a basic ACL ranges from 2000 to 2999 and that of an advanced ACL ranges from 3000 to 3999. Examples # Permit the packets matching ACL 2010. system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] if-match acl 2010 if-match packet-length Use if-match packet-length to define a packet length match criterion.
Default No policy is referenced for local PBR. Views System view Default command level 2: System level Parameters policy-name: Policy name, a string of 1 to 19 characters. Usage guidelines You can configure only one policy for local PBR. If you perform this command multiple times, only the last specified policy takes effect. Local PBR is used to route locally generated packets. Do not configure local PBR unless required. Examples # Configure local PBR based on policy aaa.
[Sysname-GigabitEthernet0/1] ip policy-based-route aaa policy-based-route Use policy-based-route to create a policy node, and enter policy node view. If the specified policy node already exists, the command directly places you into policy node view. Use undo policy-based-route to remove a created policy or policy node.
Examples # Clear all PBR statistics.
Multicast routing and forwarding configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. delete ip rpf-route-static Use delete ip rpf-route-static to delete all static multicast routes. Syntax delete ip rpf-route-static Views System view Default command level 2: System level Examples # Delete all static multicast routes on the public network.
mask-length: Specifies the mask length of the multicast group address, in the range of 4 to 32. The default is 32. interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
mask: Specifies the mask of the multicast group address or multicast source address, 255.255.255.255 by default. mask-length: Specifies the mask length of the multicast group address or multicast source address. For a multicast group address, this argument has an effective value range of 4 to 32. For a multicast source address, this argument has an effective value range of 0 to 32. The system default is 32 in both cases.
Forwarded 19648 packets(20512512 bytes) Table 114 Command output Field Description Multicast Forwarding Table of VPN-Instance: public net Multicast forwarding table for the public network. Total 1 entry Total number of (S, G) entries in the multicast forwarding table. Total 1 entry matched Total number of matched (S, G) entries in the multicast forwarding table. 00001 Sequence number of the (S, G) entry. (172.168.0.2,227.0.0.1) An (S, G) entry of the multicast forwarding table.
Table 116 Major values of the flags field (after the colon) Value Meaning 0 Indicates that the entry does not belong to the main board, or the main board has synchronized the entry to other cards. 1 Indicates that the main board will synchronize the incoming interface information of the entry to other cards. 2 Indicates that the main board will synchronize the outgoing interface information of the entry to other cards.
interface-type interface-number: Specifies an interface by its type and number. register: Displays the multicast routing entries, where the incoming interface is the specified register interface of PIM-SM. outgoing-interface: Displays the multicast routing entries, where the outgoing interface is the specified one. exclude: Displays the multicast routing entries, where the outgoing interface list excludes the specified interface.
Field Description Upstream interface Upstream interface the (S, G) entry: multicast packets should arrive at this interface. List of 2 downstream interfaces Downstream interface list: these interfaces need to forward multicast packets. Related commands display multicast forwarding-table display multicast routing-table static Use display multicast routing-table static to display information about static multicast routes.
Table 118 Command output Field Description Multicast Routing Table of VPN-Instance: public net Multicast routing table for the public network. Mroute Multicast route source address and its mask length. Interface Outgoing interface to the multicast source. RPF Neighbor IP address of the RPF neighbor through which the multicast source is reachable. Route-policy Routing policy. The multicast source address of the route should match the routing policy. Preference Route preference.
Referenced route type: igp Route selection rule: preference-preferred Load splitting rule: disable Table 119 Command output Field Description RPF information about source 192.168.1.55 Information of the RPF path to multicast source 192.168.1.55. RPF interface RPF interface. If the RPF interface is an interface in another VPN, the VPN name is displayed. RPF neighbor IP address of the RPF neighbor. Referenced route/mask Referenced route and its mask length.
Parameters source-address: Specifies a multicast source address. mask: Specifies the mask of the multicast source address. mask-length: Specifies the mask length of the multicast source address, in the range of 0 to 32. protocol: Routing protocol, which can have any of the following values: • bgp: Specifies the BGP protocol. • isis: Specifies the IS-IS protocol. • ospf: Specifies the OSPF protocol. • rip: Specifies the RIP protocol. • static: Specifies a static route.
Because outgoing interface iteration might fail or the specified interface might be in down state, the static multicast route configured with this command might fail to take effect. Therefore, after you configure a static multicast route, use the display multicast routing-table static command to verify that the route has been successfully configured or whether the route has taken effect. Examples # Configure a static multicast route to the multicast source 10.1.1.1/24.
Output packet count on outgoing interface: 0 Total number of packets for this source-group pair: 8000 Protocol: PIM Forwarding TTL: 0 Forwarding code: No error -2 4.4.4.7 Incoming interface address: 6.6.6.7 Previous-hop router address: 0.0.0.0 Input packet count on incoming interface: 2 Output packet count on outgoing interface: 259 Total number of packets for this source-group pair: 8100 Protocol: PIM Forwarding TTL: 0 Forwarding code: No error Table 120 Command output Field Description (6.6.6.6, 225.2.
Views Interface view Default command level 2: System level Parameters group-address: Specifies a multicast group address, in the range of 224.0.0.0 to 239.255.255.255. mask: Specifies the mask of the multicast group address. mask-length: Specifies the mask length of the multicast group address, in the range of 4 to 32. all: Specifies all forwarding boundaries configured on the interface.
Parameters limit: Specifies the maximum number of downstream nodes (namely, the maximum number of outgoing interfaces) for a single multicast forwarding entry. The value ranges from 0 to 128. Examples # Set the maximum number of downstream nodes for a single multicast forwarding entry on the public network to 120.
Syntax multicast load-splitting { source | source-group } undo multicast load-splitting Default Load splitting of multicast traffic is disabled. Views System view Default command level 2: System level Parameters source: Specifies load splitting on a per-source basis. source-group: Specifies load splitting both on a per-source basis and a per-group basis. Usage guidelines This command does not take effect in BIDIR-PIM.
multicast routing-enable Use multicast routing-enable to enable IP multicast routing. Use undo multicast routing-enable to disable IP multicast routing. Syntax multicast routing-enable undo multicast routing-enable Default IP multicast routing is disabled. Views System view Default command level 2: System level Usage guidelines You must enable IP multicast routing before you can execute other Layer 3 multicast commands.
incoming-interface: Specifies the multicast forwarding entries, where the incoming interface is the specified one. interface-type interface-number: Specifies an interface by its type and number. register: Specifies the multicast forwarding entries, where the incoming interface is the specified register interface of PIM-SM. all: Specifies all forwarding entries in the multicast forwarding table.
all: Specifies all routing entries from the multicast routing table. Usage guidelines When a routing entry is deleted from the multicast routing table, the corresponding forwarding entry is also deleted from the multicast forwarding table. Examples # Clear the route entries related to multicast group 225.5.4.3 from the multicast routing table on the public network. reset multicast routing-table 225.5.4.
IGMP configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. display igmp group Use display igmp group to display IGMP group information.
225.1.1.2 10.10.1.10 00:02:04 00:01:17 # Display detailed information about the IGMP group 225.1.1.1 that the interfaces statically joined on the public network. display igmp group 225.1.1.1 verbose Interface group report information of VPN-Instance: public net GigabitEthernet0/1(10.10.1.20): Total 3 IGMP Groups reported Group: 225.1.1.1 Uptime: 00:00:34 Expires: 00:00:40 Last reporter: 10.10.1.
Syntax display igmp host interface interface-type interface-number group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. group group-address: Specifies an IGMP group. The group-address argument is in the range of 224.0.1.0 to 239.255.255.255.
display igmp interface Use display igmp interface to display IGMP configuration and operation information of the specified interface or all IGMP-enabled interfaces. Syntax display igmp interface [ interface-type interface-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number.
Other-querier-present-timer-expiry: off Proxying interface: GigabitEthernet0/2(20.10.1.20) Total 1 IGMP Group reported # Display detailed IGMP configuration and operation information on GigabitEthernet 0/2 (upstream interface) on the public network. display igmp interface gigabitethernet 0/2 verbose GigabitEthernet0/2(20.10.1.
Field Description Proxying interface IGMP proxy interface, where "none" means that no proxy interface exists. Total 1 IGMP Group reported Total number of IGMP groups that the interface has dynamically joined. IGMP proxy is enabled IGMP proxying is enabled. Version1-querier-present-timer-expiry Remaining time of the IGMPv1 querier present timer, where "off" means that the timer never expires.
Proxying group record(s) information of VPN-Instance: public net Total 1 IGMP-Proxying group record(s) Group: 225.1.1.1 Group mode: include Member state: Delay Expires: 00:00:02 Source list (total 1 source(s)) Source: 1.1.1.1 Table 124 Command output Field Description Proxying group record(s) information of VPN-Instance: public net IGMP proxying group information on the public network. Total 1 IGMP-Proxying group record(s) One IGMP proxying group is recorded.
mask-length: Specifies the mask length of the multicast group address or multicast source address. For a multicast source address, this argument has an effective value range of 0 to 32. For a multicast group address, this argument has an effective value range of 4 to 32. The system default is 32 in both cases. flags: Specifies the route flag. act: Displays the IGMP routes with the ACT flag. suc: Displays the IGMP routes with the SUC flag. |: Filters command output by specifying a regular expression.
Field Description IGMP route flags: • ACT—Indicates IGMP routing entries that have been used for forwarding data packets but have the multicast group address out of the SSM group range. Flag • SUC—Indicates IGMP routing entries that have been added to the forwarding table and have the multicast group address within the SSM group range. List of 1 downstream interface Downstream interface list—list of interfaces to which multicast data for this group is forwarded.
5.5.5.5 10.1.1.1 100.1.1.10 Table 126 Command output Field Description VPN-Instance: public net Public network. Group Multicast group address. Source list List of multicast source addresses. Related commands ssm-mapping display igmp ssm-mapping group Use display igmp ssm-mapping group to display the multicast group information created based on the configured IGMP SSM mappings.
display igmp ssm-mapping group 232.1.1.1 verbose Interface group report information of VPN-Instance: public net GigabitEthernet0/1(10.10.10.10): Total 1 IGMP SSM-mapping Group reported Group: 232.1.1.1 Uptime: 00:00:31 Expires: off Last reporter: 1.1.1.1 Version1-host-present-timer-expiry: off Source list(Total 1 source): Source: 1.1.1.
Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. group group-address: Specifies a multicast group. The value of group-address ranges from 224.0.1.0 to 239.255.255.255. source source-address: Specifies a multicast source. The source-address argument is a valid unicast address or 0.0.0.0. A source IP address of 0.0.0.0 specifies all multicast sources. |: Filters command output by specifying a regular expression.
Syntax fast-leave [ group-policy acl-number ] undo fast-leave Default Fast-leave processing is disabled, and the IGMP querier sends IGMP group-specific queries or IGMP group-and-source-specific queries after receiving an IGMP leave message from a host, instead of sending a leave notification directly to the upstream. Views Public network IGMP view Default command level 2: System level Parameters acl-number: Specifies a basic ACL number, in the range of 2000 to 2999.
Examples # Enable the IGMP host tracking function globally on the public network. system-view [Sysname] igmp [Sysname-igmp] host-tracking igmp Use igmp to enter public network IGMP view. Use undo igmp to remove configurations in public network IGMP view. Syntax igmp undo igmp Views System view Default command level 2: System level Usage guidelines IP multicast routing must be enabled before this command can take effect.
Default command level 2: System level Usage guidelines IP multicast routing must be enabled before this command can take effect. IGMP must be enabled on an interface before any other IGMP feature configured on the interface can take effect. Examples # Enable IP multicast routing on the public network, and enable IGMP on GigabitEthernet 0/1.
Examples # Enable fast-leave processing on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp fast-leave igmp group-limit Use igmp group-limit to configure the maximum number of multicast groups that an interface can join. Use undo igmp group-limit to restore the default. Syntax igmp group-limit limit undo igmp group-limit Default The maximum number depends on the device model. For more information, see Table 129.
Examples # Allow GigabitEthernet 0/1 to join up to 128 multicast groups. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp group-limit 128 Related commands • igmp static-group • igmp-snooping group-limit • reset igmp group igmp group-policy Use igmp group-policy to configure a multicast group filter on the current interface to control the multicast groups that the hosts on the current interface can join.
Related commands group-policy (IGMP-snooping view) igmp host-tracking Use igmp host-tracking to enable the IGMP host tracking function on an interface. Use undo igmp host-tracking to disable the IGMP host tracking function on an interface Syntax igmp host-tracking undo igmp host-tracking Default This function is disabled. Views Interface view Default command level 2: System level Examples # Enable the IGMP host tracking function on GigabitEthernet 0/1.
Examples # Set the IGMP last-member query interval to 3 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp last-member-query-interval 3 Related commands • display igmp interface • igmp robust-count • last-member-query-interval igmp max-response-time Use igmp max-response-time to configure the maximum response time for IGMP general queries on the current interface. Use undo igmp max-response-time to restore the default.
Syntax igmp proxying enable undo igmp proxying enable Default IGMP proxying is disabled. Views Interface view Default command level 2: System level Usage guidelines This command takes effect only after IP multicast routing is enabled. If IGMP proxying is enabled on a loopback interface, the proxy device maintains only the IGMP routing table without adding the IGMP routes to the multicast routing table and forwarding table.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp proxying forwarding igmp require-router-alert Use igmp require-router-alert to configure the interface to discard IGMP messages that do not carry the Router-Alert option. Use undo igmp require-router-alert to restore the default.
Parameters robust-value: IGMP querier's robustness variable, in the range of 2 to 5. Usage guidelines The IGMP querier's robustness variable defines the maximum number of attempts for transmitting IGMP general queries, group-specific queries or group-and-source-specific queries in case of packet loss due to network problems. A higher robustness variable makes the IGMP querier more robust, but results in longer multicast group timeout time.
Default command level 2: System level Examples # Disable insertion of the Router-Alert option into IGMP messages that leave GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] undo igmp send-router-alert Related commands • igmp require-router-alert • send-router-alert igmp ssm-mapping enable Use igmp ssm-mapping enable to enable the IGMP SSM mapping feature on the current interface.
Views Interface view Default command level 2: System level Parameters value: Startup query count, namely, the number of queries the IGMP querier sends on startup, in the range of 2 to 5. Examples # Set the startup query count to 3 on GigabitEthernet 0/1.
igmp static-group Use igmp static-group to configure the current interface as a static member of the specified multicast group or the specified multicast source and group. Use undo igmp static-group to restore the default. Syntax igmp static-group group-address [ source source-address ] undo igmp static-group { all | group-address [ source source-address ] } Default An interface is not a static member of any multicast group or multicast source and group.
Syntax igmp timer other-querier-present interval undo igmp timer other-querier-present Default The IGMP other querier present interval is [ IGMP general query interval ] × [ IGMP querier's robustness variable ] + [ maximum response time for IGMP general queries ] /2. Views Interface view Default command level 2: System level Parameters interval: Specifies an IGMP other querier present interval in seconds, in the range of 60 to 300.
Parameters interval: Specifies an IGMP general query interval in seconds, namely, the interval between IGMP general queries. The value ranges from 1 to 18000. Examples # Set the IGMP general query interval to 125 seconds on GigabitEthernet 0/1.
Syntax last-member-query-interval interval undo last-member-query-interval Default The IGMP last-member query interval is 1 second. Views Public network IGMP view Default command level 2: System level Parameters interval: Last-member query interval in seconds, in the range of 1 to 5. Examples # Set the global IGMP last-member interval to 3 seconds on the public network.
system-view [Sysname] igmp [Sysname-igmp] max-response-time 8 Related commands • display igmp interface • igmp max-response-time • timer other-querier-present require-router-alert (IGMP view) Use require-router-alert to configure the router globally to discard IGMP messages that do not carry the Router-Alert option. Use undo require-router-alert to restore the default.
Default command level 2: System level Parameters all: Specifies all interfaces (the first all) or all IGMP groups (the second all). interface interface-type interface-number: Specifies an interface by its type and number. group-address: Specifies a multicast group address, in the range of 224.0.0.0 to 239.255.255.255. source-address: Specifies a multicast source address. mask: Specifies the mask of the multicast group address or multicast source address, 255.255.255.255 by default.
source-address: Specifies a multicast source by its IP address. mask: Specifies the mask of the multicast group address or multicast source address, 255.255.255.255 by default. mask-length: Specifies the mask length of the multicast group address or multicast source address. For a multicast group address, this argument has an effective value range of 4 to 32. For a multicast source address, this argument has an effective value range of 0 to 32. For both cases, the default value is 32.
Examples # Set the IGMP querier's robustness variable to 3 globally on the public network. system-view [Sysname] igmp [Sysname-igmp] robust-count 3 Related commands • display igmp interface • igmp robust-count • last-member-query-interval • startup-query-count • timer other-querier-present • timer query send-router-alert (IGMP view) Use send-router-alert to globally enable insertion of the Router-Alert option into IGMP messages to be sent.
Use undo ssm-mapping to remove one or all IGMP SSM mappings. Syntax ssm-mapping group-address { mask | mask-length } source-address undo ssm-mapping { group-address { mask | mask-length } source-address | all } Default No IGMP SSM mappings are configured. Views Public network IGMP view Default command level 2: System level Parameters group-address: Specifies a multicast group by its IP address, in the range of 224.0.0.0 to 239.255.255.255. mask: Specifies the mask of the multicast group address.
Default command level 2: System level Parameters value: Specifies a startup query count, namely, the number of queries that the IGMP querier sends on startup. The value ranges from 2 to 5. Examples # Set the startup query count to 3 globally on the public network.
timer other-querier-present (IGMP view) Use timer other-querier-present to configure the IGMP other querier present interval globally. Use undo timer other-querier-present to restore the default. Syntax timer other-querier-present interval undo timer other-querier-present Default The IGMP other querier present interval is [ IGMP general query interval ] × [ IGMP querier's robustness variable ] + [ maximum response time for IGMP general queries ] /2.
Default command level 2: System level Parameters interval: Specifies an IGMP general query interval in seconds, namely, interval between IGMP general queries. The value ranges from 1 to 18000. Examples # Set the IGMP general query interval to 125 seconds on the public network globally.
PIM configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. auto-rp enable Use auto-rp enable to enable auto-RP. Use undo auto-rp enable to disable auto-RP. Syntax auto-rp enable undo auto-rp enable Default Auto-RP is disabled. Views Public network PIM view Default command level 2: System level Examples # Enable auto-RP on the public network.
Default command level 2: System level Usage guidelines Disable the BSM semantic fragmentation function if a device that does not support this function exists in the PIM-SM domain. Examples # Disable BSM semantic fragmentation on the public network. system-view [Sysname] pim [Sysname-pim] undo bsm-fragment enable Related commands c-bsr admin-scope bsr-policy (PIM view) Use bsr-policy to configure a legal BSR address range to guard against BSR spoofing.
c-bsr (PIM view) Use c-bsr to configure the specified interface as a C-BSR. Use undo c-bsr to remove the related C-BSR configuration. Syntax c-bsr interface-type interface-number [ hash-length [ priority ] ] undo c-bsr Default No C-BSR is configured. Views Public network PIM view Default command level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. hash-length: Specifies a hash mask length, in the range of 0 to 32.
Default BSR administrative scoping is disabled. Namely, only one BSR exists in a PIM-SM domain. Views Public network PIM view Default command level 2: System level Examples # Enable administrative scoping on the public network. system-view [Sysname] pim [Sysname-pim] c-bsr admin-scope Related commands • c-bsr • c-bsr global • c-bsr group c-bsr global Use c-bsr global to configure a C-BSR for the global scope zone.
[Sysname-pim] c-bsr global priority 1 Related commands • c-bsr group • c-bsr hash-length • c-bsr priority c-bsr group Use c-bsr group to configure a C-BSR for the admin-scope zone associated with the specified group. Use undo c-bsr group to remove the C-BSR configuration for the admin-scope zone associated with the specified group.
• c-bsr priority c-bsr hash-length (PIM view) Use c-bsr hash-length to configure the global hash mask length. Use undo c-bsr hash-length to restore the default. Syntax c-bsr hash-length hash-length undo c-bsr hash-length Default The hash mask length is 30. Views Public network PIM view Default command level 2: System level Parameters hash-length: Hash mask length, in the range of 0 to 32. Examples # Set the global hash mask length to 16 on the public network.
Default command level 2: System level Parameters interval: Specifies a BS timeout timer in seconds. The value ranges from 1 to 2147483647. Examples # Set the BS timeout timer to 150 seconds on the public network. system-view [Sysname] pim [Sysname-pim] c-bsr holdtime 150 Related commands • c-bsr • c-bsr interval c-bsr interval (PIM view) Use c-bsr interval to configure the BS period, namely, the interval at which the BSR sends bootstrap messages.
c-bsr priority (PIM view) Use c-bsr priority to configure the global C-BSR priority. Use undo c-bsr priority to restore the default. Syntax c-bsr priority priority undo c-bsr priority Default The C-BSR priority is 64. Views Public network PIM view Default command level 2: System level Parameters priority: Specifies the priority of the C-BSR, in the range of 0 to 255. A larger value indicates a higher priority. Examples # Set the global C-BSR priority to 5 on the public network.
Default command level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. acl-number: Specifies a basic ACL, in the range of 2000 to 2999. This ACL defines a range of multicast groups the C-RP is going to serve, rather than defining a filtering rule. Any group range that matches the permit statement in the ACL is advertised as an RP served group, but the configuration that matches other statements, like deny, does not take effect.
Default The C-RP-Adv interval is 60 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a C-RP-Adv interval in seconds. The value ranges from 1 to 65535. Examples # Set the global C-RP-Adv interval to 30 seconds on the public network.
[Sysname] pim [Sysname-pim] c-rp holdtime 200 Related commands • c-bsr interval • c-rp crp-policy (PIM view) Use crp-policy to configure a legal C-RP address range and the range of served multicast groups, in order to guard against C-RP spoofing. Use undo crp-policy to remove the restrictions in C-RP address ranges and the ranges of served multicast groups. Syntax crp-policy acl-number undo crp-policy Default No restrictions are defined for C-RP address ranges and the address ranges of served groups.
Related commands c-rp display pim bsr-info Use display pim bsr-info to display BSR information in the PIM domain and the local effective C-RP information. Syntax display pim bsr-info [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Priority: 200 HoldTime: 90 Advertisement Interval: 50 Next advertisement scheduled at: 00:00:28 Candidate RP: 5.5.5.5(GigabitEthernet0/2) Priority: 192 HoldTime: 80 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 Table 130 Command output Field Description VPN-Instance: public net Public network. Elected BSR Address Address of the elected BSR. Candidate BSR Address Address of the candidate BSR. Priority BSR priority. Hash mask length Hash mask length. State BSR state.
Parameters source-address: Specifies a multicast source. If you do not provide this argument, this command displays information about all unicast routes that PIM uses. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
display pim control-message counters Use display pim control-message counters to display the statistics for PIM control messages.
Probe 10 5 0 PIM control-message counters for interface: GigabitEthernet0/1 Received Sent Invalid Assert 10 5 0 Graft 20 37 2 Graft-Ack 25 20 1 Hello 1232 453 0 Join/Prune 15 30 21 State-Refresh 8 7 1 BSR 3243 589 1 C-RP 53 32 0 Table 132 Command output Field Description VPN-Instance: public net Public network. PIM global control-message counters Statistics of PIM global control messages.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the PIM information on all interfaces on the public network. display pim interface VPN-Instance: public net Interface NbrCnt HelloInt DR-Pri DR-Address GE0/1 1 30 1 10.1.1.2 GE0/2 0 30 1 172.168.0.
Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 2 Table 135 Command output Field Description VPN-Instance: public net Public network. Interface Interface name and its IP address. PIM version Running PIM version. PIM mode PIM mode, dense or sparse. PIM DR DR IP address. PIM DR Priority (configured) Configured priority for DR election.
Syntax display pim join-prune mode { sm [ flags flag-value ] | ssm } [ interface interface-type interface-number | neighbor neighbor-address ] * [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters mode: Specifies a PIM mode. PIM modes include sm and ssm, which represent PIM-SM and PIM-SSM, respectively. flags flag-value: Specifies a flag.
Field Description (S, G) join(s) Number of (S, G) joins to send. (S, G, rpt) prune(s) Number of (S, G, rpt) prunes. display pim neighbor Use display pim neighbor to display PIM neighbor information.
DR Priority: 1 Generation ID: 0x2ACEFE15 Holdtime: 105 s LAN delay: 500 ms Override interval: 2500 ms State refresh interval: 60 s Neighbor tracking: Disabled Table 137 Command output Field Description VPN-Instance: public net Public network. Total Number of Neighbors Total number of PIM neighbors. Neighbor IP address of the PIM neighbor. Interface Interface connecting the PIM neighbor. Uptime Length of time for which the PIM neighbor has been up, in hh:mm:ss.
Parameters group-address: Specifies a multicast group address, in the range of 224.0.0.0 to 239.255.255.255. source-address: Specifies a multicast source address. mask: Specifies the mask of the multicast group/source address, 255.255.255.255 by default. mask-length: Specifies the mask length of the multicast group/source address, in the range of 0 to 32. The system default is 32. incoming-interface: Specifies an incoming interface.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display PIM routing table information on the public network.
Assert FSM: [NI] FSM information for non-downstream interfaces: None Table 138 Command output Field Description VPN-Instance: public net Public network. Total 0 (*, G) entry; 1 (S, G) entry Number of (S,G) and (*, G) entries in the PIM routing table. (172.168.0.2, 227.0.0.1) An (S, G) entry in the PIM routing table. RP IP address of the RP. Protocol PIM mode.
Field Description Information of the downstream interfaces, including the following: Downstream interface(s) information • • • • • Number of downstream interfaces. Downstream interface name. Protocol type on the downstream interfaces. Uptime of the downstream interfaces. Expiry time of the downstream interfaces. Related commands display multicast routing-table display pim rp-info Use display pim rp-info to display RP information.
Uptime: 03:01:10 Expires: 00:02:30 RP mapping for this group is: 2.2.2.2 # Display information about the RP that corresponds to all multicast groups on the public network. display pim rp-info VPN-Instance: public net PIM-SM BSR RP information: Group/MaskLen: 224.0.0.0/4 [B] RP: 2.2.2.2 Priority: 192 HoldTime: 150 Uptime: 03:01:36 Expires: 00:02:29 Table 139 Command output Field Description VPN-Instance: public net Public network. BSR RP Address is IP address of the RP.
Parameters priority: Specifies a router priority for DR election, in the range of 0 to 4294967295. A larger value indicates a higher priority. Examples # Set the router priority for DR election to 3 on the public network. system-view [Sysname] pim [Sysname-pim] hello-option dr-priority 3 Related commands pim hello-option dr-priority hello-option holdtime (PIM view) Use hello-option holdtime to configure the PIM neighbor timeout timer. Use undo hello-option holdtime to restore the default.
Syntax hello-option lan-delay interval undo hello-option lan-delay Default The LAN-delay time is 500 milliseconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a LAN-delay time in milliseconds. The value ranges from 1 to 32767. Usage guidelines This command is effective for both PIM-DM and PIM-SM. Examples # Set the LAN-delay time to 200 milliseconds globally on the public network.
Examples # Disable join suppression globally on the public network. system-view [Sysname] pim [Sysname-pim] hello-option neighbor-tracking Related commands pim hello-option neighbor-tracking hello-option override-interval (PIM view) Use hello-option override-interval to configure the global value of the prune override interval. Use undo hello-option override-interval to restore the default.
Syntax holdtime assert interval undo holdtime assert Default The assert timeout timer is 180 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies an assert timeout timer in seconds. The value ranges from 7 to 2147483647. Usage guidelines This command is effective for both PIM-DM and PIM-SM. Examples # Set the global value of the assert timeout timer to 100 seconds on the public network.
Examples # Set the global value of the join/prune timeout timer to 280 seconds on the public network. system-view [Sysname] pim [Sysname-pim] holdtime join-prune 280 Related commands • holdtime assert • pim holdtime assert • pim holdtime join-prune jp-pkt-size (PIM view) Use jp-pkt-size to configure the maximum size of each join/prune message. Use undo jp-pkt-size to restore the default.
undo jp-queue-size Default A join/prune messages contains a maximum of 1020 (S, G) entries. Views Public network PIM view Default command level 2: System level Parameters queue-size: Specifies the maximum number of (S, G) entries in each join/prune message, in the range of 1 to 4096. Usage guidelines When you use this command, take the following into account: • The size of the forwarding table.
Usage guidelines IP multicast routing must be enabled before this command can take effect. Examples # Enable IP multicast routing on the public network and enter public network PIM view. system-view [Sysname] multicast routing-enable [Sysname] pim [Sysname-pim] Related commands multicast routing-enable pim bsr-boundary Use pim bsr-boundary to configure a PIM domain border, namely, a bootstrap message boundary. Use undo pim bsr-boundary to remove the configured PIM domain border.
Default PIM-DM is disabled. Views Interface view Default command level 2: System level Usage guidelines This command can take effect only after IP multicast routing is enabled. PIM-DM cannot be used for multicast groups in the SSM group range. Examples # Enable IP multicast routing on the public network, and enable PIM-DM on GigabitEthernet 0/1.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim hello-option dr-priority 3 Related commands hello-option dr-priority pim hello-option holdtime Use pim hello-option holdtime to configure the PIM neighbor timeout timer on the current interface. Use undo pim hello-option holdtime to restore the default. Syntax pim hello-option holdtime interval undo pim hello-option holdtime Default The PIM neighbor timeout timer is 105 seconds.
Views Interface view Default command level 2: System level Parameters interval: Specifies a LAN-delay time in milliseconds. The value ranges from 1 to 32767. Examples # Set the LAN-delay time to 200 milliseconds on GigabitEthernet 0/1.
Use undo pim hello-option override-interval to restore the default. Syntax pim hello-option override-interval interval undo pim hello-option override-interval Default The prune override interval is 2500 milliseconds. Views Interface view Default command level 2: System level Parameters interval: Specifies a prune override interval in milliseconds. The value ranges from 1 to 65535. Examples # Set the prune override interval to 2000 milliseconds on GigabitEthernet 0/1.
Examples # Set the assert timeout timer to 100 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim holdtime assert 100 Related commands • holdtime assert • holdtime join-prune • pim holdtime join-prune pim holdtime join-prune Use pim holdtime join-prune to configure the join/prune timeout timer on the interface. Use undo pim holdtime join-prune to restore the default.
Syntax pim neighbor-policy acl-number undo pim neighbor-policy Default No source address range for hello messages is configured. That is, all the received hello messages are considered legal. Views Interface view Default command level 2: System level Parameters acl-number: Specifies a basic ACL, in the range of 2000 to 2999. When the ACL is defined, the source keyword in the rule command specifies a legal source address range for hello messages.
pim sm Use pim sm to enable PIM-SM. Use undo pim sm to disable PIM-SM. Syntax pim sm undo pim sm Default PIM-SM is disabled. Views Interface view Default command level 2: System level Usage guidelines This command can take effect only after IP multicast routing is enabled. Examples # Enable IP multicast routing on the public network, and enable PIM-SM on GigabitEthernet 0/1.
Examples # Disable state refresh on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] undo pim state-refresh-capable Related commands • state-refresh-interval • state-refresh-rate-limit • state-refresh-ttl pim timer graft-retry Use pim timer graft-retry to configure the graft retry period. Use undo pim timer graft-retry to restore the default.
Views Interface view Default command level 2: System level Parameters interval: Specifies a hello interval in seconds. The value ranges from 1 to 2147483647. Examples # Set the hello interval to 40 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim timer hello 40 Related commands timer hello pim timer join-prune Use pim timer join-prune to configure the interval at which join/prune messages are sent on the current interface.
pim triggered-hello-delay Use pim triggered-hello-delay to configure the maximum delay between hello messages. Use undo pim triggered-hello-delay to restore the default. Syntax pim triggered-hello-delay interval undo pim triggered-hello-delay Default The maximum delay between hello messages is 5 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies the maximum delay in seconds between hello messages. The value ranges from 1 to 60.
system-view [Sysname] pim [Sysname-pim] probe-interval 6 Related commands register-suppression-timeout prune delay (PIM view) Use prune delay to configure the prune delay time, namely, the length of time that the device waits between receiving a prune message and taking a prune action. Use undo prune delay to restore the default. Syntax prune delay interval undo prune delay Default The prune delay time is not configured.
Default command level 2: System level Parameters acl-number: Specifies an advanced ACL, in the range of 3000 to 3999. The RP can accept only register messages that match the permit statement of the ACL. Examples # On the public network, configure the RP to accept only those register messages from multicast sources on the subnet of 10.10.0.0/16 for multicast groups on the subnet of 225.1.0.0/16. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule permit ip source 10.10.0.0 0.0.255.
register-whole-checksum (PIM view) Use register-whole-checksum to configure the router to calculate the checksum based on the entire register message. Use undo register-whole-checksum to restore the default. Syntax register-whole-checksum undo register-whole-checksum Default The checksum is calculated based on the header in the register message.
source-lifetime (PIM view) Use source-lifetime to configure the multicast source lifetime. Use undo source-lifetime to restore the default. Syntax source-lifetime interval undo source-lifetime Default The lifetime of a multicast source is 210 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a multicast source lifetime in seconds. The value ranges from 1 to 31536000.
device filters all the received multicast packets based on the source and group addresses, and discards packets that fail the match. If this command is executed repeatedly, the last configuration takes effect. Examples # On the public network, configure the router to accept multicast packets that originate from 10.10.1.2 and discard multicast packets that originate from 10.10.1.1. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.10.1.
To use an ACL that does not exist in the group-policy list, you can use the acl-number argument to specify an ACL and set its order-value. This inserts the ACL to the position of order-value in the group-policy list. If you do not include the order order-value option in your command, the ACL is appended to the end of the group-policy list. If you use this command multiple times on the same multicast group, the first traffic rate configuration matched in sequence takes effect.
Use undo state-refresh-interval to restore the default. Syntax state-refresh-interval interval undo state-refresh-interval Default The state refresh interval is 60 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a state refresh interval in seconds. The value ranges from 1 to 255. Examples # Set the state refresh interval to 70 seconds on the public network.
Examples # On the public network, configure the device to wait 45 seconds before it receives a new state refresh message. system-view [Sysname] pim [Sysname-pim] state-refresh-rate-limit 45 Related commands • pim state-refresh-capable • state-refresh-interval • state-refresh-ttl state-refresh-ttl Use state-refresh-ttl to configure the TTL value for state refresh messages. Use undo state-refresh-ttl to restore the default.
Syntax static-rp rp-address [ acl-number ] [ preferred ] undo static-rp rp-address Default No static RP is configured. Views Public network PIM view Default command level 2: System level Parameters rp-address: Specifies the IP address of the static RP to be configured. This address must be a real, valid unicast IP address, rather than an address on the 127.0.0.0/8 segment. acl-number: Specifies a basic ACL, in the range of 2000 to 2999.
timer hello (PIM view) Use timer hello to configure the hello interval globally. Use undo timer hello to restore the default. Syntax timer hello interval undo timer hello Default Hello messages are sent at the interval of 30 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a hello interval in seconds. The value ranges from 1 to 2147483647. Examples # Set the global hello interval to 40 seconds on the public network.
Examples # Set the global join/prune interval to 80 seconds on the public network.
MSDP configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. cache-sa-enable Use cache-sa-enable to enable the SA cache mechanism to cache the (S, G) entries contained in SA messages. Use undo cache-sa-enable to disable the SA cache mechanism. Syntax cache-sa-enable undo cache-sa-enable Default The SA cache mechanism is enabled. That is, the device caches the (S, G) entries that the received SA messages contain.
down: Specifies the down state. listen: Specifies the listening state. shutdown: Specifies the terminated state. up: Specifies the in-session state. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description AS Number of the AS where the MSDP peer is located. A question mark indicates that the system could not obtain the AS number. SA Count Number of (S, G) entries. Reset Count MSDP peer connection reset times. display msdp peer-status Use display msdp peer-status to display detailed MSDP peer status information.
Information about SA-Requests: Policy to accept SA-Request messages: none Sending SA-Requests status: disable Minimum TTL to forward SA with encapsulated data: 0 SAs learned from this peer: 0, SA-cache maximum for the peer: none Input queue size: 0, Output queue size: 0 Counters for MSDP message: Count of RPF check failure: 0 Incoming/outgoing SA messages: 0/0 Incoming/outgoing SA requests: 0/0 Incoming/outgoing SA responses: 0/0 Incoming/outgoing data packets: 0/0 Table 141 Command output Field Descripti
Field Description SA request information: • Policy to accept SA request messages: Filtering rule for receiving or Information about SA-Requests forwarding SA messages from the specified MSDP peer. • Sending SA requests status: Whether enabled to send an SA request message to the designated MSDP peer after receiving a new join message. Minimum TTL to forward SA with encapsulated data Minimum TTL of multicast packet encapsulated in SA messages.
Default command level 1: Monitor level Parameters group-address: Specifies a multicast group, in the range of 224.0.1.0 to 239.255.255.255. If you do not provide any group address, this command displays the (S, G) entry information for all multicast groups. source-address: Specifies a multicast source address. If you do not provide any source address, this command displays the (S, G) entry information for all sources. as-number: Specifies an AS number, in the range of 1 to 4294967295.
Field Description Pro Type of protocol from which the AS number originates. A question mark indicates that the system could not obtain the protocol type. AS AS number of the origin RP. A question mark indicates that the system could not obtain the AS number. Uptime Length of time for which the cached (S, G) entry has existed, in hours:minutes:seconds. Expires Length of time in which the cached (S, G) entry will expire, in hours:minutes:seconds.
10.10.10.10 5 Number of source and group, counted by AS AS Number of source Number of group ? 3 3 Total 5 Source-Active entries Table 143 Command output Field Description MSDP Source-Active Count Information of VPN-Instance: public net Number of SA messages for the public network cache. Number of cached Source-Active entries, counted by Peer Number of (S, G) entries that the peer counted. Peer's Address Address of the MSDP peer that sent SA messages.
import-source Use import-source to configure a rule of creating (S, G) entries. Use undo import-source to remove any rule of creating (S, G) entries. Syntax import-source [ acl acl-number ] undo import-source Default When an SA message is created, no restrictions are defined for the (S, G) entries to be advertised in it. Namely, all the (S, G) entries within the domain are advertised in the SA message.
Use undo msdp to disable MSDP on the public network and remove the configurations in public network MSDP view to free the resources that MSDP occupies. Syntax msdp undo msdp Default MSDP is disabled. Views System view Default command level 2: System level Usage guidelines You must enable IP multicast before you use this command. Examples # Enable IP multicast routing on the public network, and enable MSDP on the public network to enter public network MSDP view.
Examples # Specify the IP address of GigabitEthernet 0/1 as the RP address of SA messages on the public network. system-view [Sysname] msdp [Sysname-msdp] originating-rp gigabitethernet 0/1 peer connect-interface Use peer connect-interface to create an MSDP peer connection. Use undo peer connect-interface to remove an MSDP peer connection. Syntax peer peer-address connect-interface interface-type interface-number undo peer peer-address Default No MSDP peer connection is created.
Syntax peer peer-address description text undo peer peer-address description Default An MSDP peer has no description information. Views Public network MSDP view Default command level 2: System level Parameters peer-address: Specifies an MSDP peer. text: Specifies a description, a case-sensitive string of 1 to 80 characters, including spaces. Examples # On the public network, add the descriptive text "CustomerA" for the router with the IP address of 125.10.7.6 to indicate that this router is Customer A.
Examples # On the public network, configure the MSDP peer with the IP address of 125.10.7.6 as a member of the mesh group "Group1". system-view [Sysname] msdp [Sysname-msdp] peer 125.10.7.6 mesh-group Group1 peer minimum-ttl Use peer minimum-ttl to configure the TTL threshold for multicast data packet encapsulation in SA messages. Use undo peer minimum-ttl to restore the default.
undo peer peer-address password Default No MD5 authentication is performed for MSDP peers to establish TCP connections. Views Public network MSDP view Default command level 2: System level Parameters peer-address: Specifies an MSDP peer. cipher cipher-password: Sets a ciphertext MD5 authentication password, a case-sensitive string of 1 to 137 characters. simple simple-password: Sets a plaintext MD5 authentication password, a case-sensitive string of 1 to 80 characters.
Default command level 2: System level Parameters peer-address: Specifies an MSDP peer. Usage guidelines Before you can enable the device to send SA requests, you must disable the SA message cache mechanism. Examples # Disable the SA message cache mechanism on the public network, and enable the router to send an SA request message to the MSDP peer 125.10.7.6 after receiving a new join message. system-view [Sysname] msdp [Sysname-msdp] undo cache-sa-enable [Sysname-msdp] peer 125.10.7.
Hardware Value range Default value F5000 1 to 8192 8192 12500/10500: 1 to 2048 12500/10500: 2048 Other devices: 1 to 8192 Other devices: 8192 U200-A 1 to 8192 8192 U200-S 1 to 8192 8192 Firewall module Examples # On the public network, enable the device to cache a maximum of 100 (S, G) entries learned from its MSDP peer 125.10.7.6. system-view [Sysname] msdp [Sysname-msdp] peer 125.10.7.
Usage guidelines In addition to controlling SA message receiving and forwarding by using this command, you can also configure a filtering rule for creating SA messages using the import-source command. Examples # Configure a filtering rule on the public network so that SA messages are forwarded to MSDP peer 125.10.7.6 only if they match advanced ACL 3100. system-view [Sysname] acl number 3100 [Sysname-acl-adv-3100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.
[Sysname-acl-basic-2001] rule permit source 225.1.1.0 0.0.0.255 [Sysname-acl-basic-2001] quit [Sysname] msdp [Sysname-msdp] peer 175.58.6.5 sa-request-policy acl 2001 Related commands display msdp peer-status reset msdp peer Use reset msdp peer to reset the TCP connection with the specified MSDP peer and clear statistics for the MSDP peer. Syntax reset msdp peer [ peer-address ] Views User view Default command level 2: System level Parameters peer-address: Specifies an MSDP peer.
Examples # Clear the (S, G) entries for multicast group 225.5.4.3 from the SA cache on the public network. reset msdp sa-cache 225.5.4.3 Related commands • cache-sa-enable • display msdp sa-cache reset msdp statistics Use reset msdp statistics to clear statistics for the specified MSDP peer without resetting the connections with the MSDP peer.
Examples # Terminate the connection with the MSDP peer 125.10.7.6 on the public network. system-view [Sysname] msdp [Sysname-msdp] shutdown 125.10.7.6 Related commands display msdp peer-status static-rpf-peer Use static-rpf-peer to configure a static RPF peer. Use undo static-rpf-peer to remove a static RPF peer. Syntax static-rpf-peer peer-address [ rp-policy ip-prefix-name ] undo static-rpf-peer peer-address Default No static RPF peer is configured.
[Sysname] msdp [Sysname-msdp] peer 130.10.7.6 connect-interface gigabitethernet 0/1 [Sysname-msdp] static-rpf-peer 130.10.7.6 rp-policy list1 Related commands • display msdp peer-status • ip prefix-list timer retry Use timer retry to configure the interval between MSDP peer connection retries. Use undo timer retry to restore the default. Syntax timer retry interval undo timer retry Default The interval between MSDP peer connection retries is 30 seconds.
IPv6 basics configuration commands The following matrix shows the feature and hardware compatibility: Hardware IPv6 basics compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. If no parameter is specified, all IPv6 FIB entries are displayed.
Usage guidelines The device looks up a matching IPv6 FIB entry for forwarding an IPv6 packet. Examples # Display all IPv6 FIB entries. display ipv6 fib FIB Table: Total number of Routes : 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static Destination: ::1 NextHop : ::1 PrefixLength : 128 Flag : UH Label : NULL Token : 0 Interface : InLoopBack0 Table 145 Command output Field Description Total number of Routes Total number of routes in the FIB.
Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the IPv6 FIB entries for a specific VPN. The vpn-instance-name argument is case-sensitive string of 1 to 31 characters. Without this option specified, the display ipv6 fib ipv6-address command displays IPv6 FIB entries for the public network and all private networks. ipv6-address: Destination IPv6 address. prefix-length: Prefix length of the destination IPv6 address, in the range of 0 to 128.
Field Description Route flag: Flag • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route. D—Dynamic route. S—Static route. Label Label. Token Label switched path index number. Interface Outgoing interface. display ipv6 interface Use display ipv6 interface to display IPv6 information about an interface.
Examples # Display IPv6 information about GigabitEthernet 0/1 for which an IPv6 address can be configured.
Table 147 Command output Field Description Physical state of the interface: • Administratively DOWN—The interface is administratively shut down by the shutdown command. GigabitEthernet0/1 current state • DOWN—The interface is administratively up but its physical state is down, which may be caused by a connection or link failure. • UP—The administrative and physical states of the interface are both up.
Field Description (s): spoofing Spoofing attribute of the interface. The link protocol state of the interface is up, but the link does not exist, or the link is established on demand, instead of being permanent. Interface Name of the interface. Physical state of the interface: • *down—The interface is administratively shut down by the shutdown Physical command. • down—The interface is administratively up but its physical state is down, which may be caused by a connection or link failure.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Examples # Display all neighbor information.
display ipv6 neighbors count Use display ipv6 neighbors count to display the total number of neighbor entries satisfying the specified condition.
Default command level 1: Monitor level Parameters vpn-instance-name: Specifies the VPN for which neighbor entries are to be displayed. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. count: Displays the total number of neighbor entries in the specified VPN. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Syntax display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | all | dynamic | static } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the IPv6 path MTU information for the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Syntax display ipv6 prefix [ prefix-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. If this argument is not specified, the command displays information about all IPv6 prefixes. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description valid lifetime Valid lifetime in seconds. For a static IPv6 prefix, this field is not displayed. display ipv6 socket Use display ipv6 socket to display socket information. Syntax display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters socktype socket-type: Displays the socket information about this type. The socket type is in the range of 1 to 3.
LA = ::->23, FA = ::->0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID, socket state = SS_PRIV SS_ASYNC SOCK_DGRAM: Task = AGNT(51), socketid = 2, Proto = 17, LA = ::->161, FA = ::->0, sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0, socket option = SO_REUSEPORT, socket state = SS_PRIV SS_NBIO SS_ASYNC Task = TRAP(52), socketid = 2, Proto = 17, LA = ::->1024, FA = ::->0, sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0, socket option =, s
Field Description socket state State of the socket. display ipv6 statistics Use display ipv6 statistics to display statistics of IPv6 packets and ICMPv6 packets. Syntax display ipv6 statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Sent packets: Total: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 router renumbering: 0 Send failed: ratelimited: 0 other errors: 0 Received packets: Total: 0 checksum error: 0 too short: 0 bad code: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 unknown
Field Description Statistics of received IPv6 packets: Received packets ICMPv6 protocol • • • • • • • • • • Total—Total number of received packets. local host—Number of packets received locally. hopcount exceeded—Number of packets exceeding the hop limit. format error—Number of packets in an incorrect format. option error—Number of packets with incorrect options. protocol error—Number of packets with incorrect protocol. fragments—Number of received fragment packets.
Field Description Statistics of received ICMPv6 packets: Received packets • • • • • • • • Total—Total number of received packets. • • • • • • • • • • • • • • parameter problem—Number of Parameter Problem packets. checksum error—Number of packets with checksum errors. too short—Number of too small packets. bad code—Number of packets with error codes. unreached—Number of Destination Unreachable packets. too big—Number of Packet Too Big packets. hopcount exceeded—Number of Hop Limit Exceeded packets.
Usage guidelines You can use the reset tcp ipv6 statistics command to clear statistics of all IPv6 TCP packets. Examples # Display the statistics of IPv6 TCP connections.
Table 155 Command output Field Description Statistics of received packets: Received packets • • • • • • • Total—Total number of received packets. • • • • duplicate packets—Number of duplicate packets. packets in sequence—Number of packets received in sequence. window probe packets—Number of window probe packets. window update packets—Number of window size update packets. checksum error—Number of packets with checksum errors. offset error—Number of packets with offset errors.
Field Description Packets dropped with MD5 authentication Number of packets that fail the MD5 authentication and are dropped. Packets permitted with MD5 authentication Number of packets that pass the MD5 authentication. display tcp ipv6 status Use display tcp ipv6 status to display the IPv6 TCP connection status, including the IPv6 TCP control block address, local and peer IPv6 addresses, and status of the IPv6 TCP connection.
Field Description IPv6 TCP connection status: State • • • • • • • • • • • Closed. Listening. Syn_Sent. Syn_Rcvd. Established. Close_Wait. Fin_Wait1. Closing. Last_Ack. Fin_Wait2. Time_Wait. display udp ipv6 statistics Use display udp ipv6 statistics to display the statistics of IPv6 UDP packets.
input packets missing pcb cache: 0 Sent packets: Total: 0 Table 157 Command output Field Description Total Total number of received/sent packets. checksum error Total number of packets with a checksum error. shorter than header Total number of IPv6 UDP packets whose total length is less than that specified by the packet header. data length larger than packet Total number of packets whose data length exceeds that specified by the packet header.
Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No global unicast address is configured for an interface. Views Interface view Default command level 2: System level Parameters ipv6-address: IPv6 address. prefix-length: Prefix length of the IPv6 address, in the range of 1 to 128.
Default command level 2: System level Parameters prefix-number: Specifies an IPv6 prefix by its ID, in the range of 1 to 1024. sub-prefix/prefix-length: Specifies the sub-prefix bit and host bit for an IPv6 address, and specifies the prefix length. The prefix length ranges from 1 to 128. Usage guidelines A maximum of one IPv6 address can be generated with the applied IPv6 prefix for an interface. You cannot repeatedly execute the ipv6 address prefix-number command on the interface to modify the prefix.
ipv6 address auto Use ipv6 address auto to enable the stateless address autoconfiguration function on the interface. With this function enabled, the interface can automatically generate a global unicast address. Use undo ipv6 address auto to disable this function. Syntax ipv6 address auto undo ipv6 address auto Default The stateless address autoconfiguration function is disabled.
Usage guidelines After an IPv6 global unicast address is configured for an interface, a link-local address is generated automatically. The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command. The undo ipv6 address auto link-local command can only remove the link-local addresses generated through the ipv6 address auto link-local command.
Examples # Configure an EUI-64 IPv6 address for GigabitEthernet 0/1. The prefix length of the address is the same as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 address 2001::1/64 eui-64 ipv6 address link-local Use ipv6 address link-local to configure a link-local address for the interface.
Default Load sharing based on polling is adopted. ECMP routes are used in turn to forward packets. Views System view Default command level 2: System level Examples # Enable load sharing based on the HASH algorithm for packet forwarding. system-view [Sysname] ipv6 fib-loadbalance-type hash-based ipv6 hoplimit-expires enable Use ipv6 hoplimit-expires enable to enable sending ICMPv6 Time Exceeded packets.
Default The size is 10 and the update period is 100 milliseconds. A maximum of 10 ICMPv6 error packets can be sent within 100 milliseconds. Views System view Default command level 2: System level Parameters bucket bucket-size: Number of tokens in the token bucket, in the range of 1 to 200. ratelimit interval: Update period of the token bucket in milliseconds, in the range of 0 to 2,147,483,647. The update period "0" indicates that the number of ICMPv6 error packets sent is not restricted.
undo ipv6 mtu Default The default MTU is 1500. Views Interface view Default command level 2: System level Parameters mtu-size: Size of the maximum transmission units (MTUs) of an interface in bytes. The value ranges from 1208 to 1500. Examples # Set the MTU of IPv6 packets over GigabitEthernet 0/1 to 1280 bytes.
Use undo ipv6 nd autoconfig other-flag to restore the default. Syntax ipv6 nd autoconfig other-flag undo ipv6 nd autoconfig other-flag Default The O flag is set to 0 so that the host can acquire other information through stateless autoconfiguration. Views Interface view Default command level 2: System level Examples # Configure the host to acquire information other than IPv6 address through stateless autoconfiguration.
ipv6 nd hop-limit Use ipv6 nd hop-limit to configure the hop limit advertised by the device. Use undo ipv6 nd hop-limit to restore the default hop limit. Syntax ipv6 nd hop-limit value undo ipv6 nd hop-limit Default The hop limit advertised by the device is 64. Views System view Default command level 2: System level Parameters value: Number of hops, in the range of 0 to 255. When it is set to 0, the Hop Limit field in RA messages sent by the device is 0.
Examples # Specify GigabitEthernet 0/1 to retransmit NS messages at intervals of 10000 milliseconds. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 nd ns retrans-timer 10000 Related commands display ipv6 interface ipv6 nd nud reachable-time Use ipv6 nd nud reachable-time to configure the neighbor reachable time on an interface.
undo ipv6 nd ra halt Default RA messages are suppressed. Views Interface view Default command level 2: System level Examples # Suppress RA messages on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 nd ra halt ipv6 nd ra interval Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 nd ra interval 1000 700 ipv6 nd ra no-advlinkmtu Use ipv6 nd ra no-advlinkmtu to turn off the MTU option in RA messages. Use undo ipv6 nd ra no-advlinkmtu to restore the default. Syntax ipv6 nd ra no-advlinkmtu undo ipv6 nd ra no-advlinkmtu Default RA messages contain the MTU option. Views Interface view Default command level 2: System level Examples # Turn off the MTU option in RA messages on GigabitEthernet 0/1.
prefix-length: Prefix length of the IPv6 address. valid-lifetime: Valid lifetime of a prefix in seconds, in the range of 0 to 4294967295. preferred-lifetime: Preferred lifetime of a prefix used for stateless autoconfiguration in seconds, in the range of 0 to 4294967295. no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If this keyword is not provided, the prefix is used for stateless autoconfiguration.
Use undo ipv6 neighbor to remove a static neighbor entry.
Use undo ipv6 neighbor stale-aging to restore the default. Syntax ipv6 neighbor stale-aging aging-time undo ipv6 neighbor stale-aging Default The age timer for ND entries in stale state is four hours. Views System view Default command level 2: System level Parameters aging-time: Age timer for ND entries in stale state, ranging from 1 to 24 hours. Examples # Set the age timer for ND entries in stale state to two hours.
ipv6 pathmtu Use ipv6 pathmtu to configure a static path MTU for a specific IPv6 address. Use undo ipv6 pathmtu to remove the path MTU configuration for the specified IPv6 address. Syntax ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address [ value ] undo ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address Default No static path MTU is configured.
Parameters age-time: Aging time for path MTU in minutes, in the range of 10 to 100. Usage guidelines The aging time is invalid for a static path MTU. Examples # Set the aging time for a dynamic path MTU to 40 minutes. system-view [Sysname] ipv6 pathmtu age 40 Related commands display ipv6 pathmtu ipv6 prefix Use ipv6 prefix to create a static IPv6 prefix. Use undo ipv6 prefix to remove the specified static IPv6 prefix.
ipv6 redirects enable Use ipv6 redirects enable to enable sending ICMPv6 redirect packets. Use undo ipv6 redirects to disable sending ICMPv6 redirect packets. Syntax ipv6 redirects enable undo ipv6 redirects Default Sending ICMPv6 redirect packets is disabled. Views System view Default command level System level Examples # Enable sending ICMPv6 redirect packets.
Syntax local-proxy-nd enable undo local-proxy-nd enable Default Local ND proxy is disabled. Views VLAN interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Default command level 2: System level Examples # Enable local ND proxy on interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] local-proxy-nd enable proxy-nd enable Use proxy-nd enable to enable ND proxy.
Views User view Default command level 2: System level Parameters all: Clears static and dynamic neighbor information on all interfaces. dynamic: Clears dynamic neighbor information on all interfaces. interface interface-type interface-number: Clears dynamic neighbor information on a specific interface. static: Clears static neighbor information on all interfaces. Usage guidelines You can use the display ipv6 neighbors command to display the current IPv6 neighbor information.
Syntax reset ipv6 statistics Views User view Default command level 1: Monitor level Parameters None Usage guidelines You can use the display ipv6 statistics command to display the statistics of IPv6 and ICMPv6 packets. Examples # Clear the statistics of IPv6 packets and ICMPv6 packets. reset ipv6 statistics reset tcp ipv6 statistics Use reset tcp ipv6 statistics to clear the statistics of all IPv6 TCP connections.
Usage guidelines You can use the display udp ipv6 statistics command to display the statistics of IPv6 UDP packets. Examples # Clear the statistics of all IPv6 UDP packets. reset udp ipv6 statistics tcp ipv6 timer fin-timeout Use tcp ipv6 timer fin-timeout to set the finwait timer for IPv6 TCP connections. Use undo tcp ipv6 timer fin-timeout to restore the default. Syntax tcp ipv6 timer fin-timeout wait-time undo tcp ipv6 timer fin-timeout Default The finwait timer is 675 seconds.
Parameters wait-time: Sets the synwait timer for IPv6 TCP connections in seconds, in the range of 2 to 600. Examples # Set the synwait timer of IPv6 TCP connections to 100 seconds. system-view [Sysname] tcp ipv6 timer syn-timeout 100 tcp ipv6 window Use tcp ipv6 window to set the size of the IPv6 TCP send/receive buffer. Use undo tcp ipv6 window to restore the default. Syntax tcp ipv6 window size undo tcp ipv6 window Default The size of the IPv6 TCP send/receive buffer is 8 KB.
DHCPv6 configuration commands The following matrix shows the feature and hardware compatibility: Hardware DHCPv6 compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No DHCPv6 common configuration commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DHCP unique identifier (DUID) of the local device.
display ipv6 dhcp option-group Use display ipv6 dhcp option-group to display information about DHCPv6 option groups, including static and dynamic option groups. Syntax display ipv6 dhcp option-group [ option-group-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters option-group-number: Specifies a DHCPv6 option group by its ID, in the range of 1 to 100.
Code: 23 Length: 2 bytes Hex: ABCD Code: 33 Length: 2 bytes Hex: DEFA Table 158 Command output Field Description DHCPv6 option group DHCPv6 option group number. Type DHCPv6 option group type: Static or Dynamic. DNS server addresses IP address of the DNS server. Domain names Domain name suffix. SIP server addresses IP address of the SIP server. SIP server domain names Domain name of the SIP server. DS-Lite addresses IP address of AFTR. Options User-defined options.
Default command level 2: System level Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime for the non-temporary IPv6 addresses. The value ranges from 60 to 4294967295 seconds and defaults to 604800 seconds (seven days). valid-lifetime valid-lifetime: Specifies the valid lifetime for the non-temporary IPv6 addresses.
Parameters pool-number: Displays information about the DHCPv6 address pool specified by the pool number. The value ranges from 1 to 128. If no pool number is specified, all DHCPv6 address pool information is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
SIP server addresses: 5::1 SIP server domain names: bbb.com DS-Lite addresses: 6::6 Options: Code: 88 Length: 4 bytes Hex: AABBCCDD Option group: 1 Table 159 Command output Field Description Pool DHCPv6 address pool number. Network IPv6 subnet for dynamic IPv6 address assignment. If the subnet is not valid, Not-available is displayed. Preferred lifetime Preferred lifetime in seconds. valid lifetime Valid lifetime in seconds.
Field Description SIP server domain names Domain name of the SIP server. If no domain name of the SIP server is configured, this field is not displayed. DS-Lite address AFTR address. If no AFTR address is configured, this field is not displayed. Options Self-defined option. If no self-defined option is configured, this field is not displayed. Code Self-defined option code. Length Self-defined option length in bytes. Hex Self-defined option content, represented by a hexadecimal string.
Examples # Display brief information about all prefix pools. display ipv6 dhcp prefix-pool VPN instance: Public network Prefix-pool Prefix Available In-use Static 1 64 5::/64 0 0 # Display details about prefix pool 1. display ipv6 dhcp prefix-pool 1 Prefix: 5::/64 Assigned length: 70 Total prefix number: 64 Available: 64 In-use: 0 Static: 0 Table 160 Command output Field Description VPN instance Name of the VPN instance.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Any view Default command level 1: Monitor level Parameters all: Display IPv6 address conflict information for the public network and all VPNs. vpn-instance vpn-instance-name: Displays IPv6 address conflict information for the VPN. The vpn-instance-name argument represents a VPN by its name, a case-sensitive string of 1 to 31 characters. To display IPv6 address conflict information for the public network, do not specify this parameter.
display ipv6 dhcp server expired Use display ipv6 dhcp server expired to display information about expired IPv6 addresses. Syntax display ipv6 dhcp server expired [ all | [ vpn-instance vpn-instance-name ] [ address ipv6-address | pool pool-number ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Display information about expired IPv6 addresses for the public network and all VPNs.
Table 163 Command output Field Description Total number Total number of expired addresses. VPN instance Name of the VPN instance. Public network is displayed if the expired IPv6 address is on the public network. Address Expired IPv6 address. DUID Client DUID bound to the expired IPv6 address. Expiration time Time when the lease expired.
VPN instance: Public network Address Type Pool Expiration time 2:1::1 Auto(O) 1 3:1::2 Static(C) 1 Jan 1:1::2 Static(F) 2 Not-available 1:2::1f1 Static(O) 3 Oct Jul 10 2011 19:45:01 1 2011 11:11:11 9 2011 09:23:31 # Display IPv6 address binding information about address pool 1.
Field Description DUID Client DUID. IAID Client IAID. For a free static binding without IAID specified, this field displays null. Will expire at Time when the lease of an IPv6 address will expire. If the lease expires after the year 2100, this field displays Will expire after 2100. Related commands reset ipv6 dhcp server ip-in-use display ipv6 dhcp server pd-in-use Use display ipv6 dhcp server pd-in-use to display IPv6 prefix binding information.
Examples # Display all IPv6 prefix binding information. display ipv6 dhcp server pd-in-use all Total number: 3 VPN instance: Public network Prefix Type Pool Expiration time 2:1::/24 Auto(O) 1 1:1::/64 Static(F) 2 Not-available 1:2::/64 Static(O) 3 Oct Jul 10 2011 19:45:01 9 2011 09:23:31 # Display the prefix binding information about the specified DHCPv6 address pool.
Field Description Type of a prefix binding: • Static(F)—Free static binding, indicating the static prefix has not been assigned to the client. • Static(O)—Offered static binding. If the server replies with an Advertise message to the client during the four-step message exchange, the server sets the type of the static binding configured for the client to Static(O). Type • Static(C)—Committed static binding, indicating the static IPv6 prefix has been assigned to the client in a Reply message.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display packet statistics on the DHCPv6 server.
Syntax dns-server ipv6-address undo dns-server ipv6-address Default No DNS server address is specified. Views DHCPv6 address pool view, DHCPv6 option group view Default command level 2: System level Parameters ipv6-address: IPv6 address of a DNS server. Usage guidelines You can configure multiple DNS server addresses by using the dns-server command repeatedly. You can configure up to eight DNS servers in an address pool. The precedence of the specified DNS servers depends on the configuration sequence.
If you use the domain-name command multiple times, the most recent configuration takes effect. Examples # Configure the domain name suffix to be assigned to the client as aaa.com. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] domain-name aaa.com ds-lite address Use ds-lite address to specify the address of the AFTR. Use undo ds-lite address to delete the address of the AFTR.
Default No IPv6 subnet is configured for dynamic address assignment. Views DHCPv6 address pool view Default command level 2: System level Parameters network-address/prefix-length: IPv6 subnet for dynamic assignment. The network-address argument is the IPv6 address and the prefix-length argument is the prefix length. The prefix length ranges from 1 to 128. prefix: Specifies a prefix for dynamic prefix assignment. prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024.
[Sysname] ipv6 prefix 3 88:99::/32 [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network prefix 3 # Create an IPv6 prefix 88:99::/32 with the ID 3. Specify the IPv6 prefix in address pool 1 and specify the sub-prefix and sub-prefix length as 3ffe:501:ffff:100::/64. The DHCPv6 server assigns addresses in the subnet 88:99:ffff:100::/64 with the prefix length 64. The first 32-bit prefix is determined by the prefix 3 and the last 2-bit prefix is determined by the sub-prefix.
• ipv6 dhcp client pd ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter DHCPv6 address pool view, or enter DHCPv6 address pool view if the specified address pool already exists. Use undo ipv6 dhcp pool to remove the address pool. Syntax ipv6 dhcp pool pool-number [ vpn-instance vpn-instance-name ] undo ipv6 dhcp pool pool-number Default No DHCPv6 address pool is configured. Views System view Default command level 2: System level Parameters pool-number: Address pool number.
Default command level 2: System level Parameters prefix-pool-number: Prefix pool number. The value ranges from 1 to 128. prefix: Specifies a prefix by specifying its ID or the prefix. prefix-number: Specifies the ID of the IPv6 prefix, in the range of 1 to 1024. prefix/prefix-len: Specifies the IPv6 prefix and prefix length. The value for the prefix-len argument is in the range of 1 to 128. assign-len assign-len: Specifies the length of the prefix assigned. The value ranges from 1 to 128.
Default The DHCPv6 server is not enabled on an interface. Views Interface view Default command level 2: System level Parameters allow-hint: Enables desired address and prefix assignment. apply pool pool-number: Applies an address pool to the interface. The range of pool number ranges from 1 to 128. If this option is specified, the DHCPv6 server assigns an IPv6 address or prefix from the address pool applied on the interface to the client.
Syntax ipv6 dhcp server enable undo ipv6 dhcp server enable Default The DHCPv6 server is disabled. Views System view Default command level 2: System level Usage guidelines Other DHCPv6 server related configuration is effective only when the DHCPv6 server is enabled. Examples # Enable the DHCPv6 server. system-view [Sysname] ipv6 dhcp server enable option Use option to configure a self-defined DHCPv6 option. Use to undo option delete a self-defined DHCPv6 option.
Some DHCPv6 options can be specified by the option command or other dedicated commands. For example, to specify the DNS server address, you can use the dns-server command or the option 23 command. If both commands are configured, the dns-server command takes precedence. Examples # Configure the hexadecimal string 020202 for the self-defined DHCP Option 23 in DHCPv6 address pool 1. The DHCPv6 server assigns the DNS server address 2.2.2.2 to clients.
Syntax prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo prefix-pool Default No prefix pool is referenced by an address pool. Views DHCPv6 address pool view Default command level 2: System level Parameters prefix-pool-number: Prefix pool number. The value ranges from 1 to 128. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime of prefixes to be assigned. The value ranges from 60 to 4294967295, in seconds.
Views User view Default command level 2: System level Parameters all: Clears all IPv6 address conflict information for the public network and all VPNs. vpn-instance vpn-instance-name: Clears IPv6 address conflict information for the VPN. The vpn-instance-name argument represents a VPN by its name, a case-sensitive string of 1 to 31 characters. If no VPN is specified, the command clears IPv6 address conflict information for the public network.
Related commands display ipv6 dhcp server expired reset ipv6 dhcp server ip-in-use Use reset ipv6 dhcp server ip-in-use to clear IPv6 address binding information. Syntax reset ipv6 dhcp server ip-in-use [ all | [ vpn-instance vpn-instance-name ] [ address ipv6-address | pool pool-number ] ] Views User view Default command level 2: System level Parameters all: Clears IPv6 address binding information for the public network and all VPNs.
Views User view Default command level 2: System level Parameters all: Clears IPv6 prefix binding information for public network and all VPNs. vpn-instance vpn-instance-name: Clears IPv6 prefix binding information for the VPN. The vpn-instance-name argument represents a VPN by its name, a case-sensitive string of 1 to 31 characters. To display prefix information for the public network, do not specify this parameter.
sip-server Use sip-server to configure the IPv6 address or domain name of a SIP server for the client. Use undo sip-server to remove the configuration. Syntax sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } Default No SIP server address or domain name is specified.
Default No static IPv6 address binding is configured in an address pool. Views DHCPv6 address pool view Default command level 2: System level Parameters ipv6-address/addr-prefix-length: Static IPv6 address and prefix length. The prefix length ranges from 1 to 128. duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256. iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF.
Default No static prefix is configured. Views DHCPv6 address pool view Default command level 2: System level Parameters prefix/prefix-len: Static prefix and prefix length. The prefix length ranges from 1 to 128. duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256. iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF.
Default No temporary IPv6 address range is configured in an address pool. Views DHCPv6 address pool view Default command level 2: System level Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime. The value ranges from 60 to 4294967295 seconds and defaults to 604800 seconds (seven days). valid-lifetime valid-lifetime: Specifies the valid lifetime.
Syntax display ipv6 dhcp relay server-address { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays all DHCPv6 server address information. interface interface-type interface-number: Displays DHCPv6 server address information about the specified interface. |: Filters command output by specifying a regular expression.
display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display packet statistics on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Error Number of discarded error packets. Excess of rate limit Number of packets discarded due to excess of rate limit. Packets received Number of received packets. SOLICIT Number of received solicit packets. REQUEST Number of received request packets. CONFIRM Number of received confirm packets. RENEW Number of received renew packets. REBIND Number of received rebind packets. RELEASE Number of received release packets. DECLINE Number of received decline packets.
Parameters ipv6-address: IPv6 address of the DHCPv6 server. interface interface-type interface-number: Specifies an outgoing interface for DHCPv6 packets. Usage guidelines Upon receiving a request from a DHCPv6 client, the interface that operates as a DHCPv6 relay agent encapsulates the request into a Relay-forward message and forwards the message to the specified DHCPv6 server, which then assigns an IPv6 address and other configuration parameters to the DHCPv6 client.
Related commands display ipv6 dhcp relay statistics DHCPv6 client configuration commands display ipv6 dhcp client Use display ipv6 dhcp client to display DHCPv6 client information. Syntax display ipv6 dhcp client [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface interface-type interface-number: Displays the DHCPv6 client information about a specific interface.
2:2::3 Domain names: aaa.com SIP server addresses: 2:2::4 SIP server domain names: bbbu.icom DS-Lite addresses: 2::3 Options: Code: 88 Length: 3 bytes Hex: AABBCC Table 169 Command output Field Description DHCPv6 client type: • Stateful client requested for address—The DHCPv6 client that has requested an Type IPv6 address. • Stateful client requested for prefix—The DHCPv6 client that has requested an IPv6 prefix. • Stateless client—The stateless DHCPv6 client.
Field Description Prefix The requested IPv6 prefix. This field is displayed when the client is of the Stateful client requested for prefix type. Preferred lifetime Preferred lifetime in seconds. valid lifetime Valid lifetime in seconds. T1 1/2 lease time (in seconds) of the DHCP client IP address. T2 7/8 lease time (in seconds) of the DHCP client IP address. Will expire at Time when the lease of an IPv6 address will expire.
Usage guidelines If you do not specify any parameters, the command displays DHCPv6 client statistics of all interfaces. Examples # Display DHCPv6 client statistics of GigabitEthernet 0/1.
ipv6 address dhcp-alloc Use the ipv6 address dhcp-alloc command to configure an interface to use DHCPv6 for IP address acquisition. Use the undo ipv6 address dhcp-alloc command to cancel an interface from using DHCPv6. Syntax ipv6 address dhcp-alloc [ option-group group-number | rapid-commit ] * undo ipv6 address dhcp-alloc Default An interface does not use DHCPv6 for IP address acquisition.
Default command level 2: System level Parameters prefix-number: Specifies an IPv6 prefix ID, in the range of 1 to 1024. The client, after obtaining an IPv6 prefix, automatically assigns it the specified ID. option-group option-group-number: Enables the DHCPv6 client to create a dynamic DHCPv6 option group for saving the network parameters, and assigns an ID to the dynamic DHCPv6 option group, in the range of 1 to 100.
IPv6 DNS configuration commands The following matrix shows the feature and hardware compatibility: Hardware IPv6 DNS compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No display dns ipv6 server Use display dns ipv6 server to display IPv6 DNS server information.
Table 171 Command output Field Description DNS Server Sequence number. Type of the DNS server: • S—A manually configured DNS server. Type • D—A DNS server obtained dynamically through DHCP or other protocols. IPv6 Address IPv6 address of the DNS server. Interface Name Interface name, available only for a DNS server with an IPv6 link-local address configured.
Field Description IPv6Address IPv6 address of a host. Related commands ipv6 host dns server ipv6 Use dns server ipv6 to specify a DNS server. Use undo dns server ipv6 to remove the specified DNS server. Syntax dns server ipv6 ipv6-address [ interface-type interface-number ] undo dns server ipv6 ipv6-address [ interface-type interface-number ] Default No DNS server is configured. Views System view Default command level 2: System level Parameters ipv6-address: IPv6 address of a DNS server.
Views System view Default command level 2: System level Parameters hostname: Host name, a string of up to 255 characters. The character string can contain letters, numbers, underscores (_), hyphens (-), or dots (.), and must contain at least one letter. ipv6-address: IPv6 address. Usage guidelines Each host name can correspond to only one IPv6 address. The IPv6 address you last assign to the host name overwrites the previous one if there is any.
IPv6 static routing configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. Feature and hardware compatibility Hardware IPv6 static routing compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No delete ipv6 static-routes all Use delete ipv6 static-routes all to delete all IPv6 static routes.
Related commands • display ipv6 routing-table • ipv6 route-static ipv6 route-static Use ipv6 route-static to configure an IPv6 static route. Use undo ipv6 route-static to remove an IPv6 static route.
Usage guidelines An IPv6 static route that has the destination address configured as ::/0 (a prefix length of 0) is the IPv6 default route. If the destination address of an IPv6 packet does not match any entry in the routing table, the packet is forwarded through the default route.
RIPng configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. Feature and hardware compatibility Hardware RIPng compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No checkzero Use checkzero to enable the zero field check on RIPng packets. Use undo checkzero to disable the zero field check. Syntax checkzero undo checkzero Default The zero field check is enabled.
default cost (RIPng view) Use default cost to specify the default metric of redistributed routes. Use undo default cost to restore the default. Syntax default cost cost undo default cost Default The default metric of redistributed routes is 0. Views RIPng view Default command level 2: System level Parameters cost: Default metric of redistributed routes, in the range of 0 to 16.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
display ripng database Use display ripng database to display all active routes in the advertising database of the specified RIPng process, which are sent in normal RIPng update messages. Syntax display ripng process-id database [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. |: Filters command output by specifying a regular expression.
1111::/64, cost 0, RIPng-interface Table 174 Command output Field Description 2001:7B::2:2A1:5DE/64 IPv6 destination address/prefix length. via Next hop IPv6 address. cost Route metric value. Imported Route redistributed from another routing protocol. RIPng-interface Route learned from the interface. display ripng interface Use display ripng interface to display the interface information of the RIPng process.
Summary address: 3:: 64 3:: 16 IPsec policy name: policy001, SPI: 300 Table 175 Command output Field Description Interface-name Name of an interface running RIPng. Link Local Address Link-local address of an interface running RIPng. Indicates whether the split horizon function is enabled: Split-horizon • on—Enabled. • off—Disabled. Indicates whether the poison reverse function is enabled: Poison-reverse • on—Enabled. • off—Disabled.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the routing information of RIPng process 100.
Field Description "G" The route is in Garbage-collect state. enable ipsec-policy (RIPng view) Use enable ipsec-policy to apply an IPsec policy in a RIPng process. Use undo enable ipsec-policy to remove the IPsec policy from the RIPng process. Syntax enable ipsec-policy policy-name undo enable ipsec-policy Default No IPsec policy is configured for the RIPng process. Views RIPng view Default command level 2: System level Parameters policy-name: IPsec policy name, a string of 1 to 15 characters.
Default command level 2: System level Parameters acl6-number: Specifies the number of an ACL to filter advertised routing information, in the range of 2000 to 3999. ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list used to filter routing information, a string of 1 to 19 characters. protocol: Filters routes redistributed from a routing protocol, including bgp4+, direct, isisv6, ospfv3, ripng, and static.
[Sysname-acl6-adv-3000] rule 10 permit ipv6 source 2001::1 128 destination ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 128 [Sysname-acl6-adv-3000] rule 100 deny ipv6 [Sysname-acl6-adv-3000] quit [Sysname] ripng 100 [Sysname-ripng-100] filter-policy 3000 export filter-policy import (RIPng view) Use filter-policy import to define an inbound route filtering policy. Only routes that match the filtering policy can be received. Use undo filter-policy import to disable inbound route filtering.
system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] rule 10 permit ipv6 source 2001::1 128 destination ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 128 [Sysname-acl6-adv-3000] rule 100 deny ipv6 [Sysname-acl6-adv-3000] quit [Sysname] ripng 100 [Sysname-ripng-100] filter-policy 3000 import import-route Use import-route to redistribute routes from another routing protocol. Use undo import-route to disable redistributing routes from another routing protocol.
Usage guidelines The import-route bgp4+ command redistributes only EBGP routes. The import-route bgp4+ allow-ibgp command redistributes additional IBGP routes. Examples # Redistribute all OSPFv3 routes. system-view [Sysname] ripng 100 [Sysname-ripng-100] import-route ospfv3 Related commands default cost maximum load-balancing (RIPng view) Use maximum load-balancing to specify the maximum number of equal-cost multi-path (ECMP) routes for load balancing.
undo preference [ route-policy ] Default The preference of RIPng routes is 100. Views RIPng view Default command level 2: System level Parameters route-policy-name: Routing policy name with 1 to 63 case-sensitive characters. value: Preference for RIPng routes, in the range of 1 to 255. Usage guidelines You can specify a routing policy by using the keyword route-policy to set a preference for the matching RIPng routes. • The preference set by the routing policy applies to all matching RIPng routes.
reset ripng 100 process Warning : Reset RIPng process? [Y/N]:Y reset ripng statistics Use reset ripng statistics to clear the statistics of the specified RIPng process. Syntax reset ripng process-id statistics Views User view Default command level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. Examples # Clear the statistics of RIPng process 100. reset ripng 100 statistics ripng Use ripng to create a RIPng process and enter RIPng view.
After you disable a RIPng process, the RIPng parameters on interface running the process also become ineffective. Examples # Create RIPng process 100 and enter its view. system-view [Sysname] ripng 100 [Sysname-ripng-100] # Disable RIPng process 100. [Sysname] undo ripng 100 # Create RIPng process 101 and bind it to VPN instance vpn101.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng default-route originate ripng enable Use ripng enable to enable RIPng on the specified interface. Use undo ripng enable to disable RIPng on the specified interface. Syntax ripng process-id enable undo ripng [ process-id ] enable Default RIPng is disabled on an interface. Views Interface view Default command level 2: System level Parameters process-id: RIPng process ID, in the range of 1 to 65535.
Usage guidelines The IPsec policy to be applied must have been configured. Examples # Apply IPsec policy policy001 to interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng ipsec-policy policy001 ripng metricin Use ripng metricin to specify an additional metric for received RIPng routes. Use undo ripng metricin to restore the default.
Views Interface view Default command level 2: System level Parameters value: Additional metric to advertised routes, in the range of 1 to 16. Examples # Set the additional metric to 12 for routes advertised by GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng metricout 12 Related commands ripng metricin ripng poison-reverse Use ripng poison-reverse to enable the poison reverse function.
Default The split horizon function is enabled. Views Interface view Default command level 2: System level Usage guidelines The split horizon function is necessary for preventing routing loops. Do not disable it unless you make sure that it is necessary. If both the poison reverse and split horizon functions are enabled, only the poison reverse function takes effect. Examples # Enable the split horizon function on GigabitEthernet 0/1.
[Sysname-GigabitEthernet0/1] ipv6 address 2001:200::3EFF:FE11:6770/64 [Sysname-GigabitEthernet0/1] ripng summary-address 2001:200:: 35 timers Use timers to configure RIPng timers. Use undo timers to restore the default.
[Sysname] ripng 100 [Sysname-ripng-100] timers update 5 [Sysname-ripng-100] timers timeout 15 [Sysname-ripng-100] timers suppress 15 [Sysname-ripng-100] timers garbage-collect 30 800
OSPFv3 configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. Feature and hardware compatibility Hardware OSPFv3 compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No abr-summary (OSPFv3 area view) Use abr-summary to configure an IPv6 summary route on an area border router. Use undo abr-summary to remove an IPv6 summary route. Then the summarized routes are advertised.
Examples # Summarize networks 2000:1:1:1::/64 and 2000:1:1:2::/64 in Area 1 with 2000:1:1::/48. system-view [Sysname] ospfv3 1 [Sysname-ospfv3-1] area 1 [Sysname-ospfv3-1-area-0.0.0.1] abr-summary 2000:1:1:: 48 area (OSPFv3 view) Use area to enter OSPFv3 area view. Syntax area area-id Views OSPFv3 view Default command level 2: System level Parameters area-id: ID of an area, a decimal integer (in the range of 0 to 4294967295 and changed to IPv4 address format by the system) or an IPv4 address.
Default command level 2: System level Parameters value: Bandwidth reference value for link cost calculation, in the range of 1 to 2147483648 Mbps. Usage guidelines You can configure an OSPFv3 cost for an interface with one of the following methods: • Configure the cost value in interface view. • Configure a bandwidth reference value, and OSPFv3 computes the cost automatically based on the bandwidth reference value: Interface OSPFv3 cost = Bandwidth reference value/Interface bandwidth.
[Sysname-ospfv3-1] default cost 10 default-cost (OSPFv3 area view) Use default-cost to specify the cost of the default route to be advertised to the stub area. Use undo default-cost to restore the default value. Syntax default-cost value undo default-cost Views OSPFv3 area view Default command level 2: System level Parameters value: Specifies a cost for the default route advertised to the stub area, in the range of 0 to 65535. The default is 1.
Views OSPFv3 view Default command level 2: System level Parameters always: Generates a default route in an ASE LSA into the OSPF routing domain regardless of whether the default route exists in the routing table. Without this keyword, the command can distribute a default route in a Type-5 LSA into the OSPF routing domain only when the default route exists in the routing table. cost value: Specifies a cost for the default route, in the range of 1 to 16777214. The default is 1.
Default command level 1: Monitor level Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description Number of LSA received Number of LSAs received. Number of areas in this router Number of areas this router is attached to. Area Area ID. Number of interfaces in this area Number of interfaces attached to this area. SPF algorithm executed 1 times SPF algorithm is executed 1 time. Number of LSA Number of LSAs. These LSAs’ checksum Sum Sum of all LSAs' checksum. Number of Unknown LSA Number of unknown LSAs. IPsec policy name IPsec policy used.
OSPFv3 Process (1), Area 0.0.0.1, Instance ID 0 Router ID 2.2.2.2, Network Type POINTOPOINT, Cost: 1562 Transmit Delay is 1 sec, State Point-To-Point, Priority 1 No designated router on this link No backup designated router on this link Timer interval configured, Hello: 10, Dead: 40, Wait: 40, Retransmit: 5 Hello due in 00:00:02 Neighbor Count is 1, Adjacent neighbor count is 1 IPsec policy name: policy001, SPI: 300 BFD: Enabled Table 178 Command output Field Description Interface ID Interface ID.
display ospfv3 lsdb Use display ospfv3 lsdb to display OSPFv3 LSDB information. Syntax display ospfv3 [ process-id ] lsdb [ { external | inter-prefix | inter-router | intra-prefix | link | network | router } [ link-state-id ] [ originate-router router-id ] | total ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies ID of an OSPFv3 process, ranging from 1 to 65535.
Router-LSA (Area 0.0.0.1) Link State ID Origin Router Age Seq# 0.0.0.0 1.1.1.1 0050 0x80000002 0x12d1 CkSum Link 1 0.0.0.0 2.2.2.2 0048 0x80000002 0xa142 1 Table 179 Command output Field Description Link-LSA Type 8 LSA. Link State ID Link State ID. Origin Router Originating Router. Age Age of LSAs. Seq# LSA sequence number. CkSum LSA Checksum. Prefix Number of Prefixes. Router-LSA Router-LSA. Link Number of links. Network-LSA Network-LSA.
Field Description LS Type Type of LSA. LS Seq Number LSA sequence number. Checksum LSA checksum. Length LSA length. Priority Router priority. Prefix Address prefix. # Display LSA statistics in the LSDB.
Syntax display ospfv3 lsdb statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Syntax display ospfv3 [ process-id ] next-hop [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies ID of an OSPFv3 process, ranging from 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Default command level 1: Monitor level Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. area: Specifies to display neighbor information of the specified area. area-id: The ID of an area, a decimal integer that is translated into IPv4 address format by the system (in the range of 0 to 4294967295) or an IPv4 address. interface-type interface-number: Specifies an interface by its type and number. verbose: Display detailed neighbor information.
OSPFv3 Process (1) Neighbor 1.1.1.1 is Full, interface address FE80::20F:E2FF:FE49:8050 In the area 0.0.0.1 via interface GigabitEthernet0/1 DR is 1.1.1.1 BDR is 2.2.2.2 Options is 0x000013 (-|R|-|-|E|V6) Dead timer due in 00:00:39 Neighbor is up for 00:25:31 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Table 185 Command output Field Description Neighbor Neighbor ID. interface address Interface address. In the area 0.0.0.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display information about all OSPFv3 neighbors. display ospfv3 peer statistic OSPFv3 Router with ID (1.1.1.1) (Process 1) Neighbor Statistics ---------------------------------------------------------------------Area ID Down Init 2-way ExStar Exchange Loading Full 0.0.0.
inter-prefix: Displays the Inter-area-prefix LSA information of the OSPFv3 link state request list. inter-router: Displays the Inter-area-router LSA information of the OSPFv3 link state request list. intra-prefix: Displays the Intra-area-prefix LSA information of the OSPFv3 link state request list. link: Displays the Link LSA information of the OSPFv3 link state request list. network: Displays the Network-LSA information of the OSPFv3 link state request list.
# Display the statistics of OSPFv3 link state request list. display ospfv3 request-list statistics OSPFv3 Router with ID (11.1.1.1) (Process 1) Interface GE0/1 Neighbor 10.1.1.1 LSA-Count 0 Table 188 Command output Field Description Interface Interface name. Neighbor Neighbor router ID. LSA-Count Number of LSAs in the request list. display ospfv3 retrans-list Use display ospfv3 retrans-list to display the OSPFv3 link state retransmission list.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no process is specified, the link state retransmission list information of all OSPFv3 processes is displayed. Examples # Display the information of the OSPFv3 link state retransmission list. display ospfv3 retrans-list OSPFv3 Router with ID (11.1.1.1) (Process 1) Interface GE0/1 Area-ID 0.0.0.
display ospfv3 routing Use display ospfv3 routing to display OSPFv3 routing table information. Syntax display ospfv3 [ process-id ] routing [ ipv6-address prefix-length | ipv6-address/prefix-length | abr-routes | asbr-routes | all | statistics ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. ipv6-address: IPv6 address prefix.
Table 191 Command output Field Description Destination Destination network segment. Type Route type. Cost Route cost value. Next-hop Next hop address. Interface Outbound interface. # Display the statistics of OSPFv3 routing table. display ospfv3 routing statistics OSPFv3 Router with ID (1.1.1.
Examples # Display outbound/inbound OSPFv3 packet statistics on associated interfaces. display ospfv3 statistics OSPFv3 Statistics Interface GigabitEthernet0/1 Instance 0 Type Input Output Hello 189 63 DB Description 10 8 Ls Req 2 1 Ls Upd 16 6 Ls Ack 10 6 Discarded 0 0 Table 193 Command output Field Description Interface Interface name. Instance Instance number. Type Type of packet. Input Number of packets received by the interface.
area: Displays the topology information of the specified area. area-id: ID of an area, a decimal integer (in the range of 0 to 4294967295) that is translated into IPv4 address format by the system or an IPv4 address. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Default command level 1: Monitor level Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description IPsec policy name IPsec policy used on the virtual link. SPI SPI defined in the IPsec policy. enable ipsec-policy (OSPFv3 area view) Use enable ipsec-policy to apply an IPsec policy in the OSPFv3 area. Use undo enable ipsec-policy to remove the IPsec policy from the OSPFv3 area. Syntax enable ipsec-policy policy-name undo enable ipsec-policy Default No IPsec policy is applied in an area.
Views OSPFv3 view Default command level 2: System level Parameters acl6-number: Specifies the ACL6 number, ranging from 2000 to 3999. ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list, a string of up to 19 characters. bgp4+: Filters IPv6 BGP routes. direct: Filters direct routes. isisv6 process-id: Filters routes of an IPv6 IS-IS process. The process-id argument is in the range of 1 to 65535. ospfv3 process-id: Filters routes of an OSPFv3 process.
system-view [Sysname] acl ipv6 number 2001 [Sysname-acl6-basic-2001] rule permit source 2002:1:: 64 [Sysname-acl6-basic-2001] quit [Sysname] ospfv3 [Sysname-ospfv3-1] filter-policy 2001 export # Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter redistributed routes.
Using the filter-policy import command only filters routes computed by OSPFv3. The routes that fail to pass are not added to the routing table. Examples # Filter received routes using the IPv6 prefix list abc. system-view [Sysname] ip ipv6-prefix abc permit 2002:1:: 64 [Sysname] ospfv3 1 [Sysname-ospfv3-1] filter-policy ipv6-prefix abc import # Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter received routes.
Hardware Protocols Firewall module bgp4+, direct, ospfv3, ripng, and static U200-A bgp4+, direct, ospfv3, ripng, and static U200-S Incompatible process-id: Process ID of the routing protocol, in the range of 1 to 65536. It defaults to 1. This argument takes effect only when the protocol is isisv6, ospfv3, or ripng. allow-ibgp: Allows redistributing IBGP routes. This keyword takes effect only the protocol is bgp4+. cost value: Specifies a cost for redistributed routes, ranging from 1 to 16777214.
Examples # Disable the logging on neighbor state changes of OSPFv3 process 100. system-view [Sysname] ospfv3 100 [Sysname-ospfv3-100] undo log-peer-change maximum load-balancing (OSPFv3 view) Use maximum load-balancing to configure the maximum number of equal-cost multi-path (ECMP) routes for load balancing. Use undo maximum load-balancing to restore the default. Syntax maximum load-balancing maximum undo maximum load-balancing Default The maximum number of ECMP routes is 8.
Default command level 2: System level Parameters process-id: OSPFv3 process ID, ranging from 1 to 65535. The process ID defaults to 1. vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the OSPFv3 process belongs to the public network. Usage guidelines An OSPFv3 process can run properly only when router ID is configured in OSPFv3 view. Otherwise, you can find the process, but which cannot generate any LSA.
[Sysname-GigabitEthernet0/1] ospfv3 1 area 1 instance 1 ospfv3 bfd enable Use ospfv3 bfd enable to enable BFD for link failure detection on an OSPFv3 interface. Use undo ospfv3 bfd enable to disable BFD on the OSPFv3 interface. Syntax ospfv3 bfd enable [ instance instance-id ] undo ospfv3 bfd enable [ instance instance-id ] Default The OSPFv3 interface is not enabled with BFD.
undo ospfv3 cost [ value ] [ instance instance-id ] Default The default cost depends on the interface type: 1 for a VLAN interface; 0 for a loopback interface; computed according to the bandwidth for other interfaces with the formula: Interface OSPF cost = Bandwidth reference value (100 Mbps) ÷ Interface bandwidth (Mbps). Views Interface view Default command level 2: System level Parameters value: OSPFv3 cost, in the range of 0 to 65535 for a loopback interface and 1 to 65535 for other interfaces.
Usage guidelines An interface’s DR priority determines its privilege in DR/BDR selection, and the interface with the highest priority is preferred. Examples # Set the DR priority for GigabitEthernet 0/1 in instance 1 to 8. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospfv3 dr-priority 8 instance 1 ospfv3 ipsec-policy Use ospfv3 ipsec-policy to apply an IPsec policy on an OSPFv3 interface.
Default An interface performs MTU check during DD packet exchange. A neighbor relationship can be established only if the interface’s MTU is the same as that of the peer. Views Interface view Default command level 2: System level Parameters instance-id: Instance ID, in the range of 0 to 255, which defaults to 0. Examples # Configure GigabitEthernet 0/1 that belongs to instance 1 to ignore MTU check during DD packet exchange.
Examples # Configure the NBMA network type for GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospfv3 network-type nbma ospfv3 peer Use ospfv3 peer to specify a neighbor and the DR priority of the neighbor. Use undo ospfv3 peer to remove the configuration.
Views Interface view Default command level 2: System level Parameters seconds: Dead time in seconds, in the range of 1 to 65535. instance-id: Instance ID of an interface, in the range of 0 to 255, which defaults to 0. Usage guidelines OSPFv3 neighbor dead time: if an interface receives no hello packet from a neighbor after dead time elapses, the interface considers the neighbor dead.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospfv3 timer hello 20 instance 1 Related commands ospfv3 timer dead ospfv3 timer retransmit Use ospfv3 timer retransmit to configure the LSA retransmission interval for an interface in an instance. Use undo ospfv3 timer retransmit to restore the default.
Default The poll interval is 120 seconds. Views Interface view Default command level 2: System level Parameters seconds: Poll interval in seconds, in the range of 1 to 65535. instance-id: Interface instance ID, in the range of 0 to 255. The default is 0. Examples # Set the poll timer interval on GigabitEthernet 0/1 to 130 seconds.
preference Use preference to specify a preference for OSPFv3 routes. Use undo preference to restore the default. Syntax preference [ ase ] [ route-policy route-policy-name ] preference undo preference [ ase ] Default The preference for OSPFv3 internal routes is 10 and that for OSPFv3 external routes is 150. Views OSPFv3 view Default command level 2: System level Parameters ase: Applies the preference to OSPFv3 external routes.
Default command level 2: System level Parameters router-id: 32-bit router ID, in IPv4 address format. Usage guidelines Router ID is the unique identifier of a device running an OSPFv3 process in the AS. The OSPFv3 process cannot run without a Router ID. Make sure that different processes have different Router IDs. By configuring different router IDs for different processes, you can run multiple OSPFv3 processes on a router. Examples # Configure the Router ID as 10.1.1.3 for OSPFv3 process 1.
Examples # Disable GigabitEthernet 0/1 from receiving and sending OSPFv3 packets in OSPFv3 processes 100 and 200. system-view [Sysname] ospfv3 100 [Sysname-ospfv3-100] router-id 10.110.1.9 [Sysname-ospfv3-100] silent-interface gigabitethernet 0/1 [Sysname-ospfv3-100] quit [Sysname] ospfv3 200 [Sysname-ospfv3-200] router-id 20.18.0.7 [Sysname-ospfv3-200] silent-interface gigabitethernet 0/1 spf timers Use spf timers to configure the delay interval and hold interval for OSPFv3 SPF calculation.
stub (OSPFv3 area view) Use stub to configure an area as a stub area. Use undo stub to remove the configuration. Syntax stub [ no-summary ] undo stub Default An area is not configured as a stub area. Views OSPFv3 area view Default command level 2: System level Parameters no-summary: This argument is only applicable to the ABR of a stub area. With this keyword configured, the ABR advertises only a default route in an Inter-Area-Prefix-LSA into the stub area.
Default command level 2: System level Parameters router-id: Router ID for a virtual link neighbor. hello seconds: Specifies the interval in seconds for sending Hello packets, ranging from 1 to 8192, with the default as 10. This value must be equal to the hello seconds configured on the virtual link peer. retransmit seconds: Specifies the interval in seconds for retransmitting LSA packets, ranging from 1 to 3600, with the default as 5.
IPv6 IS-IS configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information. This document describes only IPv6 IS-IS exclusive commands.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no level is specified, this command displays both Level-1 and Level-2 routing information. Examples # Display IPv6 IS-IS routing information.
Field Description Cost Route cost. Next Hop Next hop. Interface Outbound interface. # Display detailed IPv6 IS-IS routing information of VPN instance 1.
Field Description Routing information status flags: Flag/Flags • • • • D—This is a direct route. R—The route has been added into the routing table. L—The route has been advertised in an LSP. U—Route leaking flag, indicating the Level-1 route is from Level-2. U means the route will not be returned to Level-2. Admin Tag Administrative tag. Src Count Number of advertisement sources. Next Hop Next hop. Interface Outbound interface. ExitIndex Outbound interface index.
Examples # Configure the router to generate a default route in a Level-2 LSP. system-view [Sysname] isis 1 [Sysname-isis-1] ipv6 default-route-advertise Related commands apply isis ipv6 enable Use ipv6 enable to enable IPv6 for an IS-IS process. Use undo ipv6 enable to disable IPv6. Syntax ipv6 enable undo ipv6 enable Default IPv6 is disabled for an IS-IS process. Views IS-IS view Default command level 2: System level Examples # Create IS-IS process 1, and enable IPv6 for the process.
Default command level 2: System level Parameters acl6-number: Number of a basic or advanced IPv6 ACL used to filter redistributed routes before advertisement, in the range of 2000 to 3999. For ACL information, see Access Control Configuration Guide. ipv6-prefix-name: Name of an IPv6 prefix list used to filter the redistributed routes before advertisement, a case-sensitive string of 1 to 19 characters.
[Sysname-acl6-adv-3000] quit [Sysname] isis 1 [Sysname-isis-1] ipv6 filter-policy 3000 export Related commands ipv6 filter-policy import ipv6 filter-policy import Use ipv6 filter-policy import to configure IPv6 IS-IS to filter the received routes. Use undo ipv6 filter-policy import to disable the filtering. Syntax ipv6 filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } import undo ipv6 filter-policy import Default The filtering is disabled.
[Sysname-isis-1] ipv6 filter-policy 2003 import # Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter the received routes.
allow-ibgp: Allows redistributing IBGP routes. This keyword is available only when the protocol is bgp4+. Usage guidelines IPv6 IS-IS considers redistributed routes as external-AS routes. You can specify a cost and a level for redistributed routes. Use the import-route bgp4+ allow-ibgp command with caution because it redistributes both EBGP and IBGP routes, and the redistributed IBGP routes can may cause routing loops.
system-view [Sysname] isis 1 [Sysname-isis-1] ipv6 import-route isisv6 level-2 into level-1 ipv6 import-route limit Use ipv6 import-route limit to configure the maximum number of redistributed Level 1/Level 2 IPv6 routes. Use undo ipv6 import-route limit to restore the default. Syntax ipv6 import-route limit number undo ipv6 import-route limit Default The maximum number of redistributed Level 1/Level 2 IPv6 routes is 130000.
Parameters number: Maximum number of ECMP routes, in the range of 1 to 8. Usage guidelines Configure the maximum number of ECMP routes according to the memory capacity. Examples # Configure the maximum number of ECMP routes as 2. system-view [Sysname] isis 100 [Sysname-isis-100] ipv6 maximum load-balancing 2 ipv6 preference Use ipv6 preference to configure the preference for IPv6 IS-IS. Use undo ipv6 preference to restore the default.
Syntax ipv6 summary ipv6-prefix prefix-length [ avoid-feedback | generate_null0_route | [ level-1 | level-1-2 | level-2 ] | tag tag ] * undo ipv6 summary ipv6-prefix prefix-length [ level-1 | level-1-2 | level-2 ] Default Route summarization is disabled. Views IS-IS view Default command level 2: System level Parameters ipv6-prefix: IPv6 prefix of the summary route. prefix-length: Length of the IPv6 prefix, in the range of 0 to 128.
Views Interface view Default command level 2: System level Parameters process-id: Specifies an IS-IS process by its ID, in the range of 1 to 65535. The default is 1. Examples # Enable global IPv6, create IS-IS routing process 1, enable IPv6 for the process, and enable IPv6 for the process on GigabitEthernet 1/1. system-view [Sysname] ipv6 [Sysname] isis 1 [Sysname-isis-1] network-entity 10.0001.1010.1020.1030.
IPv6 BGP configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. Feature and hardware compatibility Hardware IPv6 BGP compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No aggregate (IPv6 address family view) Use aggregate to create an IPv6 summary route in the IPv6 BGP routing table. Use undo aggregate to remove an IPv6 summary route.
suppress-policy route-policy-name: Suppresses specific routes defined in the routing policy. The routing policy name is a string of 1 to 63 characters. origin-policy route-policy-name: References the routing policy to specify routes for summarization. The routing policy name is a string of 1 to 63 characters. Table 198 Functions of the keywords Keywords Function as-set Used to create a summary route, whose AS path contains the AS path information of summarized routes.
Parameters ebgp: Configures load balancing for IPv6 EBGP routes. ibgp: Configures load balancing for IPv6 IBGP routes. number: Specifies the number of BGP ECMP routes, in the range of 1 to 8. When it is set to 1, load balancing is disabled.
bestroute as-path-neglect (IPv6 address family view) Use bestroute as-path-neglect to configure the IPv6 BGP router to not evaluate the AS_PATH during best route selection. Use undo bestroute as-path-neglect to configure the IPv6 BGP router to use the AS_PATH during best route selection. Syntax bestroute as-path-neglect undo bestroute as-path-neglect Default The router takes AS_PATH as a factor when selecting the best route.
[Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] bestroute compare-med bestroute med-confederation (IPv6 address family view) Use bestroute med-confederation to enable the comparison of the MED for paths from confederation peers for best route selection. Use undo bestroute med-confederation to disable the configuration. Syntax bestroute med-confederation undo bestroute med-confederation Default This comparison is not enabled.
Default command level 2: System level Usage guidelines If several paths are available for one destination, the path with the smallest MED value is selected. Do not use this command unless associated ASs adopt the same IGP protocol and routing selection method. Examples # Enable to compare the MED for paths from peers in different ASs.
Examples # Enable IPv6 BGP route dampening and configure route dampening parameters.
default med (IPv6 address family view/IPv6 BGP-VPN instance view) Use default med to specify the default MED value. Use undo default med to restore the default. Syntax default med med-value undo default med Default The default med-value is 0. Views IPv6 address family view, IPv6 BGP-VPN instance view Default command level 2: System level Parameters med-value: MED value, in the range of 0 to 4294967295. Usage guidelines The multi-exit discriminator (MED) is an external metric of a route.
Default The redistribution is not enabled. Views IPv6 address family view, IPv6 BGP-VPN instance view Default command level 2: System level Examples # Enable the redistribution of default route from OSPFv3 into IPv6 BGP. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] default-route imported [Sysname-bgp-af-ipv6] import-route ospfv3 1 display bgp ipv6 group Use display bgp ipv6 group to display IPv6 peer group information.
Maximum allowed prefix number: 4294967295 Threshold: 75% Configured hold timer value: 180 Keepalive timer value: 60 Minimum time between advertisement runs is 15 seconds Peer Preferred Value: 0 No routing policy is configured BFD: Enabled Members: Peer 2001::1 AS MsgRcvd 100 0 MsgSent OutQ PrefRcv Up/Down 0 0 State 0 00:00:07 Idle Table 199 Command output Field Description BGP peer-group Name of the peer group. AS number of the peer group.
Field Description Routing policy configured A routing policy is configured. No routing policy is configured No routing policy is configured. Members Group members. Peer IPv6 address of the peer. AS AS number. MsgRcvd Number of messages received. MsgSent Number of messages sent. OutQ Number of messages to be sent. PrefRcv Number of prefixes received. Up/Down Lasting time of a session/lasting time of present state (when no session is established). State State machine state of peer.
2001:: 64 Short-cut Table 200 Command output Field Description Network Network address. Prefix Prefix length. Route-policy Routing policy. (A null value indicates that no routing policy is configured.) Short-cut Shortcut route. (A null value indicates that the route is not a shortcut route.) display bgp ipv6 paths Use display bgp ipv6 paths to display IPv6 BGP path information.
Field Description Refcount Count of routes that used the path. MED MED of the path. Path AS_PATH attribute of the path, recording the ASs it has passed, for avoiding routing loops. Origin attribute of the route, which can take on one of the following values: • i—Indicates that the route is interior to the AS. Summary routes and routes defined using the network command are considered IGP routes. Origin • e—Indicates that a route is learned from the exterior gateway protocol (EGP).
BGP local router ID : 192.168.1.40 Local AS number : 100 Total number of peers : 1 Peer 2001::1 Peers in established state : 0 AS MsgRcvd 100 0 MsgSent OutQ PrefRcv Up/Down 0 0 State 0 00:02:02 Active Table 202 Command output Field Description BGP local router ID Local router ID. Local AS number Local AS number. Total number of peers Total number of BGP peers. Peers in established state Number of established BGP peers. Peer IPv6 address of the peer. AS AS number.
Received: Total 4 messages, Update messages 1 Sent: Total 6 messages, Update messages 3 Maximum allowed prefix number: 4294967295 Threshold: 75% Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled Peer Preferred Value: 0 Routing policy configured: No routing policy is configured # Display the detailed information of IPv6 BGP peers.
Field Description Peer optional capabilities: Peer support bgp multi-protocol extended Peer support bgp route refresh capability Optional capabilities supported by the BGP peer: • Multi-protocol extension for BGP. • Route-refresh feature. • 4-byte AS number.
Error/SubError 10-Jul-2008 15:46:17 Down Send Notification with Error 1/1 Message Header Error/Connection Not Synchronized 10-Jul-2008 09:23:00 Up 10-Jul-2008 07:46:17 Down Receive Notification with Error 3/2 UPDATE Message Error/Unsupported optional Parameter 10-Jul-2008 06:23:00 Up 10-Jul-2008 05:46:17 Down Send Notification with Error 6/4 Administrative Reset Table 204 Command output Field Description Peer IPv6 address of the peer. Date Date on which the Notification was sent or received.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the prefix information in the ORF packet from the BGP peer 4::4.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the IPv6 BGP routing table. display bgp ipv6 routing-table Total Number of Routes: 2 BGP Local router ID is 30.30.30.
Field Description Path AS_PATH attribute, recording the ASs the packet has passed to avoid routing loops. PrefVal Preferred value. Origin attribute of the route: • i—Indicates that a route is interior to the AS. Summary routes and the routes configured using the network command are considered IGP routes. Ogn • e—Indicates that a route is learned from the exterior gateway protocol (EGP). • ?—Short for INCOMPLETE.
MED : 0 Path/Ogn: i For command output, see Table 206. display bgp ipv6 routing-table community Use display bgp ipv6 routing-table community to display the routing information with the specified community attribute.
MED : 0 Path/Ogn: i For command output, see Table 206. display bgp ipv6 routing-table community-list Use display bgp ipv6 routing-table community-list to view the routing information matching the specified IPv6 BGP community list.
display bgp ipv6 routing-table dampened Use display bgp ipv6 routing-table dampened to display the IPv6 BGP dampened routes. Syntax display bgp ipv6 routing-table dampened [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Syntax display bgp ipv6 routing-table dampening parameter [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Syntax display bgp ipv6 routing-table different-origin-as [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters as-regular-expression: AS path regular expression to be matched, a string of 1 to 80 characters. as-path-acl-number: Number of the specified AS path list to be matched, ranging from 1 to 256. ipv6-address: IPv6 address of a route to be displayed. prefix-length: Prefix length of the IPv6 address, in the range of 0 to 128. longer-match: Matches the longest prefix. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
advertised-routes: Routing information advertised to the specified peer. received-routes: Routing information received from the specified peer. network-address prefix-length: IPv6 address and prefix length. The prefix length ranges from 0 to 128. statistic: Displays route statistics. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Parameters as-regular-expression: AS regular expression, a string of 1 to 80 characters. Examples # Display routing information matching the specified AS regular expression. display bgp ipv6 routing-table regular-expression ^100 BGP Local router ID is 20.20.20.
filter-policy export (IPv6 address family view/IPv6 BGP-VPN instance view) Use filter-policy export to filter outbound routes using a specified filter. Use undo filter-policy export to cancel filtering outbound routes. Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol process-id ] undo filter-policy export [ protocol process-id ] Default No outbound routing information is filtered.
• To deny/permit a route with the specified destination and prefix, use rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix destination dest dest-prefix. The source keyword specifies the destination address of a route, and the destination keyword specifies the prefix of the route. (The prefix must be valid; otherwise, the configuration is ineffective.) Examples # Reference ACL6 2001 to filter all outbound IPv6 BGP routes.
Usage guidelines To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL in one of the following ways: • To deny/permit a route with the specified destination, use rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix. • To deny/permit a route with the specified destination and prefix, use rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix destination dest dest-prefix.
Usage guidelines An IBGP peer group will be created if neither internal nor external is selected. Examples # Create an IBGP peer group named test. system-view [Sysname] bgp 100 [Sysname] ipv6-family [Sysname-bgp-af-ipv6] group test import-route (IPv6 address family view/IPv6 BGP-VPN instance view) Use import-route to redistribute routes from another routing protocol. Use undo import-route to remove the configuration.
ipv6-family Use ipv6-family to enter IPv6 address family view. Use undo ipv6-family to remove all configurations from the IPv6 address family view. Use ipv6-family vpn-instance vpn-instance-name to enter IPv6 BGP-VPN instance view. Use undo ipv6-family vpn-instance vpn-instance-name to remove all configurations from the IPv6 BGP-VPN instance view.
Default No route is advertised. Views IPv6 address family view, IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address. prefix-length: Prefix length of the address, in the range of 0 to 128. route-policy-name: Name of a routing policy, a string of 1 to 63 characters. short-cut: If the keyword is specified for an EBGP route, the route will use the local routing management value rather than that of EBGP routes, so the preference of the route is reduced.
ipv6-address: IPv6 address of a peer. Examples # Advertise the community attribute to the peer 1:2::3:4. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 advertise-community peer advertise-ext-community (IPv6 address family view) Use peer advertise-ext-community to advertise the extended community attribute to a peer/peer group. Use undo peer advertise-ext-community to remove the configuration.
Default The local AS number is not allowed to exist in the AS PATH attribute of routes. Views IPv6 address family view Default command level 2: System level Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer. number: Specifies the number of times for which the local AS number can appear in routes from the peer/peer group, in the range of 1 to 10. The default number is 1.
system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] group test external [Sysname-bgp-af-ipv6] peer test as-number 200 peer as-number (IPv6 BGP-VPN instance view) Use peer as-number to configure an IPv6 peer/peer group. Use undo peer ipv6-address to delete a peer. Syntax peer ipv6-address as-number as-number undo peer ipv6-address Views IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address of a peer.
Default command level 2: System level Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer. as-path-acl-number: Number of an AS path list, in the range of 1 to 256. import: Filters incoming routes. export: Filters outgoing routes. Examples # Specify the AS path list 3 to filter routes outgoing to the peer 1:2::3:4.
Hardware Command compatible F5000 Yes Firewall module No U200-A No U200-S No Examples # Enable BFD over the link to BGP peer 100::1. system-view [Sysname] bgp 100 [Sysname] ipv6-family [Sysname-bgp-af-ipv6] peer 100::1 bfd peer capability-advertise orf Use peer capability-advertise orf to enable the ORF capability for a BGP peer or peer group. Use undo peer capability-advertise orf to disable the ORF capability for the BGP peer or peer group.
information to the peer. For non-standard ORF capability negotiation, you need also to configure the peer capability-advertise orf non-standard command. After you disable the ORF capability, the local BGP router does not negotiate the ORF capability with the specified peer or peer group.
Parameters This command needs to be configured when the peer supports only non-standard ORF. Examples # Enable the non-standard ORF capability for the BGP peer 1:2::3:4 (suppose the BGP peer 1:2::3:4 can only send non-standard ORF packets).
peer capability-advertise suppress-4-byte-as (IPv6 address family view) Use peer capability-advertise suppress-4-byte-as to enable 4-byte AS number suppression. Use undo peer capability-advertise suppress-4-byte-as to disable the function. Syntax peer { group-name | ipv6-address } capability-advertise suppress-4-byte-as undo peer { group-name | ipv6-address } capability-advertise suppress-4-byte-as Default The 4-byte AS number suppression function is disabled.
Views IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address of a peer. Usage guidelines The device supports 4-byte AS numbers and uses 4-byte AS numbers by default. If the peer devices support only 2-byte AS numbers, you must enable the 4-byte AS number suppression function on the device. If the peer device supports 4-byte AS numbers, do not enable the suppression function. Otherwise, the BGP peer relationship cannot be established.
Usage guidelines To enhance stability of IPv6 BGP connections, HP recommends using a loopback interface as the source interface for establishing a TCP connection. To establish multiple BGP connections to a BGP router, specify on the local router the respective source interfaces for establishing TCP connections to the peers on the peering BGP router.
[Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 default-route-advertise peer description (IPv6 address family view) Use peer description to configure the description information for a peer/peer group. Use undo peer description to remove the description information of a peer/peer group. Syntax peer { ipv6-group-name | ipv6-address } description description-text undo peer { ipv6-group-name | ipv6-address } description Default No description information is configured for a peer (group).
Default This feature is disabled. Views IPv6 address family view Default command level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. hop-count: Maximum hop count, in the range of 1 to 255. Usage guidelines You can use the argument hop-count to specify the maximum router hops of the EBGP connection. Examples # Allow establishing the EBGP connection with the peer group test on an indirectly connected network.
Usage guidelines If an IPv4 peer or peer group is disabled, the router does not exchange routing information with it. Examples # Enable peer 1.1.1.1. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1.1.1.1 enable # Enable peer 1::1.
peer filter-policy (IPv6 address family view) Use peer filter-policy to configure an ACL-based filter policy for a peer or peer group. Use undo peer filter-policy to remove the configuration. Syntax peer { group-name | ipv4-address | ipv6-address } filter-policy acl6-number { import | export } undo peer { group-name | ipv4-address | ipv6-address } filter-policy [ acl6-number ] { import | export } Default No ACL-based filter policy is configured for a peer or peer group.
Views IPv6 address family view Default command level 2: System level Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer. as-number: Specifies the AS number of the peer/peer group, in the range of 1 to 4294967295. Examples # Create a peer group named test and add the peer 1:2::3:4 to the peer group.
system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 ignore peer ipv6-prefix Use peer ipv6-prefix to specify an IPv6 prefix list to filter routes incoming from or outgoing to a peer or peer group. Use undo peer ipv6-prefix to remove the configuration.
Default No IPsec policy is applied to any peer or peer group. Views IPv6 address family view Default command level 2: System level Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. policy-name: IPsec policy name, a string of 1 to 15 characters. Usage guidelines The IPsec policy to be applied must have been configured. Otherwise, the configuration fails. You also need to make IPsec policy configuration on the peer or peer group.
Examples # Save routing information from peer 1:2::3:4. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 keep-all-routes peer label-route-capability (IPv6 address family view) Use peer label-route-capability to enable exchange of labeled IPv6 routes with the peer/peer group. Use undo peer label-route-capability to disable exchange of labeled IPv6 routes with the peer/peer group.
Default The logging is enabled. Views IPv6 address family view Default command level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. Examples # Enable the logging of session state and event information of peer 1:2::3:4.
[Sysname-bgp-af-ipv6] peer test next-hop-local peer password Use peer password to configure BGP to perform MD5 authentication when a TCP connection is being established with a peer/peer group. Use undo peer password to restore the default. Syntax peer { group-name | ipv6-address } password { cipher | simple } password undo peer { group-name | ipv6-address } password Default No MD5 authentication is performed for TCP connection establishment.
peer preferred-value (IPv6 address family view) Use peer preferred-value to assign a preferred value to routes received from a peer or peer group. Use undo peer preferred-value to restore the default. Syntax peer { ipv6-group-name | ipv6-address } preferred-value value undo peer { ipv6-group-name | ipv6-address } preferred-value Default Routes received from a peer or peer group have a preferred value of 0.
Default Routes received from a peer or peer group have a preferred value of 0. Views IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address of a peer. value: Preferred value, in the range of 0 to 65535. Usage guidelines Routes learned from peers each have an initial preferred value. Among multiple routes to the same destination, the route with the biggest value is selected.
Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. Usage guidelines The command does not take effect if the BGP update has both the public AS number and private AS number. The range of private AS number is from 64512 to 65535. Examples # Configure BGP updates sent to the peer 1:2::3:4 to not carry private AS numbers.
• reflector cluster-id peer route-limit (IPv6 address family view) Use peer route-limit to set the maximum number of prefixes that can be received from a peer/peer group. Use undo peer route-limit to restore the default. Syntax peer { group-name | ipv4-address | ipv6-address } route-limit prefix-number [ { alert-only | reconnect reconnect-time } | percentage ] * undo peer { group-name | ipv4-address | ipv6-address } route-limit Default The router has no limit on prefixes from a peer/peer group.
peer route-policy (IPv6 address family view) Use peer route-policy to apply a routing policy to routes incoming from or outgoing to a peer or peer group. Use undo peer route-policy to remove the configuration. Syntax peer { group-name | ipv4-address | ipv6-address } route-policy route-policy-name { import | export } undo peer { group-name | ipv4-address | ipv6-address } route-policy route-policy-name { import | export } Default No routing policy is specified for the peer (group).
Syntax peer ipv6-address route-policy route-policy-name { export | import } undo peer ipv6-address [ route-policy route-policy-name { export | import } ] Default No routing policy is specified for the peer (group). Views IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address of a peer. route-policy-name: Name of a routing policy, a string of 1 to 63 characters. import: Applies the routing policy to routes from the peer (group).
Default command level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. interval: Specifies the minimum interval for sending the same update to a peer (group) from 0 to 600 seconds. Examples # Specify the interval for sending the same update to the peer 1:2::3:4 as 10 seconds.
peer timer (IPv6 address family view) Use peer timer to configure the keepalive interval and the holdtime interval for a peer or peer group. Use undo peer timer to restore the default. Syntax peer { ipv6-group-name | ipv6-address } timer keepalive keepalive hold holdtime undo peer { ipv6-group-name | ipv6-address } timer Default keepalive interval defaults to 60 seconds, and holdtime interval defaults to 180 seconds.
[Sysname-bgp-af-ipv6] peer test timer keepalive 0 hold 0 Related commands timer preference (IPv6 address family view/IPv6 BGP-VPN instance view) Use preference to configure preferences for EBGP, IBGP, and local routes. Use undo preference to restore the default.
undo reflect between-clients Default Route reflection between clients is enabled. Views IPv6 address family view Default command level 2: System level Usage guidelines After a route reflector is configured, it reflects routes between clients. If the clients are fully meshed, HP recommends that you disable route reflection on the route reflector to reduce costs. Examples # Enable route reflection between clients.
Examples # Set 50 as the cluster ID for the route reflector, which is one of multiple route reflectors in the cluster. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] reflector cluster-id 50 Related commands • peer reflect-client • reflect between-clients refresh bgp ipv6 Use refresh bgp ipv6 to soft reset specified IPv4/IPv6 BGP connections.
reset bgp ipv6 Use reset bgp ipv6 to reset specified IPv4/IPv6 BGP connections. Syntax reset bgp ipv6 { as-number | ipv4-address | ipv6-address | all | external | group group-name | internal } Views User view Default command level 2: System level Parameters as-number: Resets the IPv6 BGP connections to peers in the specified AS. The AS number is in the range of 1 to 4294967295. ipv4-address: Resets the connection to the specified IPv4 BGP peer.
Examples # Clear the dampened information of routes to 2345::/64 and release suppressed routes. reset bgp ipv6 dampening 2345:: 64 reset bgp ipv6 flap-info Use reset bgp ipv6 flap-info to clear IPv6 routing flap statistics.
Default command level 2: System level Parameters router-id: Router ID in IP address format. Usage guidelines To run IPv6 BGP protocol, a router must have a router ID, an unsigned 32-bit integer and the unique ID of the router in the AS. Specify a router ID manually, or the system selects the highest IPv4 address among loopback interface addresses as the router ID.
Examples # Enable the route synchronization between IPv6 BGP and IGP. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] synchronization timer (IPv6 address family view) Use timer to specify the IPv6 BGP keepalive interval and holdtime interval. Use undo timer to restore the default. Syntax timer keepalive keepalive hold holdtime undo timer Default The keepalive and holdtime intervals are 60 seconds and 180 seconds, respectively.
Related commands peer timer 928
IPv6 routing table displaying commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines The display ipv6 routing-table command displays only active routes (the brief information about the current optimal routes). The display ipv6 routing-table verbose command output shows the statistics of the entire routing table, and the detailed information of each route.
Field Description Preference Preference of the route. IpPrecedence IP precedence. QosLcId QoS-local ID. RelayNextHop Recursive next hop. Tag Tag of the route. Neighbor Address of the neighbor determined by the routing protocol. Interface Output interface. Protocol Routing protocol. State of the route: State • • • • Active. Inactive. Adv (advertised) NoAdv (not advertised) Cost Cost of the route. Age Time that has elapsed since the route was generated.
Usage guidelines If the specified IPv6 ACL is not available, the command displays all routing information. Examples # Display brief information about routes permitted by IPv6 ACL 2000.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Interface : NULL0 Cost : 0 Destination: 10::/120 Protocol NextHop : :: Preference: 60 : Static Interface : NULL0 Cost : 0 # Display brief information about the routes with destination IPv6 address 10::1 and prefix length 100.
Destination: 300::/64 Protocol NextHop : :: Preference: 60 Interface : NULL0 Cost Cost : Static : 0 : 0 For command output, see Table 212. display ipv6 routing-table ipv6-prefix Use display ipv6 routing-table ipv6-prefix to display routes permitted by an IPv6 prefix list.
display ipv6 routing-table protocol Use display ipv6 routing-table protocol to display IPv6 routes installed by a routing protocol. Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] protocol protocol [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies an VPN by its name, a case-sensitive string of 1 to 31 characters.
Direct Routing Table Status : Summary Count : 1 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Direct Routing Table Status : Summary Count : 0 For command output, see Table 212. display ipv6 routing-table statistics Use display ipv6 routing-table statistics to display IPv6 route statistics.
Table 214 Command output Field Description Protocol Routing protocol hat installed the route. route Number of routes installed by the protocol. active Number of active routes. added Number of routes added to the routing table after the router started up or the routing table was last cleared. deleted Number of routes marked as deleted, which will be cleared after a period. freed Number of routes that got freed (removed permanently) Total Total number of routes.
reset ipv6 routing-t 939
IPv6 policy-based routing configuration commands Feature and hardware compatibility Hardware Feature compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No apply default output-interface Use apply default output-interface to set a default output interface. Use undo apply default output-interface to remove the configuration.
system-view [Sysname] ipv6 policy-based-route aa permit node 11 [Sysname-pbr6-aa-11] apply default output-interface gigabitethernet 0/1 apply ipv6-address default next-hop Use apply ipv6-address default next-hop to set a default next hop. Use undo apply ipv6-address default next-hop to remove the default next hop.
Default command level 2: System level Parameters ipv6-address: Specifies the next-hop IPv6 address. Usage guidelines The next hop must be adjacent to the device. You can specify up to five next hops for per-flow load balancing. With a next hop specified, the undo apply ipv6-address next-hop command removes the specified next hop. With no next hop specified, the undo apply ipv6-address next-hop command removes all next hops. Examples # Set a next hop of 1::1 for IPv6 packets.
Preference value Preference type 5 critical 6 internet 7 network Examples # Set a preference of 5 (critical). system-view [Sysname] ipv6 policy-based-route aa permit node 11 [Sysname-pbr6-aa-11] apply ipv6-precedence critical apply output-interface Use apply output-interface to set output interfaces for IPv6 packets. Use undo apply output-interface to remove the configuration.
display ipv6 config policy-based-route Use display ipv6 config policy-based-route to display the IPv6 PBR policy information. Syntax display ipv6 config policy-based-route [ policy-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters policy-name: Specifies a policy name, a string of 1 to 19 characters. |: Filters command output by specifying a regular expression.
Syntax display ipv6 policy-based-route [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
local: Displays the IPv6 local PBR information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
display ipv6 policy-based-route statistics Use display ipv6 policy-based-route statistics to display IPv6 PBR statistics. Syntax display ipv6 policy-based-route statistics { interface interface-type interface-number | local } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface interface-type interface-number: Displays IPv6 PBR statistics on the specified interface. local: Displays IPv6 local PBR statistics.
Field Description apply output-interface Output interface specified for matching packets. matched Matching packets on the node. Total matched Total matching packets on all nodes. if-match acl6 Use if-match acl6 to configure an ACL match criterion. Use undo if-match acl6 to remove the ACL match criterion.
max-len: Specifies the maximum IPv6 packet length in bytes, in the range of 1 to 65535. The value of max-len cannot be smaller than that of min-len. Examples # Match the IPv6 packets with a length from 100 to 200 bytes. system-view [Sysname] ipv6 policy-based-route aa permit node 11 [Sysname-pbr6-aa-11] if-match packet-length 100 200 ipv6 local policy-based-route Use ipv6 local policy-based-route to configure IPv6 local PBR based on a policy.
Default No IPv6 policy is applied on an interface. Views Interface view Default command level 2: System level Parameters policy-name: Specifies the policy name, a string of 1 to 19 characters. Usage guidelines You can apply only one policy on an interface. If you perform this command multiple times, only the last specified policy takes effect. Examples # Apply IPv6 policy AAA on GigabitEthernet 0/1.
reset ipv6 policy-based-route statistics Use reset ipv6 policy-based-route statistics to clear IPv6 PBR statistics. Syntax reset ipv6 policy-based-route statistics [ policy-name ] Views User view Default command level 1: Monitor level Parameters policy-name: Specifies a policy name, a string of 1 to 19 characters. Usage guidelines If no policy is specified, this command clears all IPv6 PBR statistics. Examples # Clear all IPv6 PBR statistics.
IPv6 multicast routing and forwarding configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display IPv6 multicast boundary information on all interfaces.
interface-type interface-number: Specifies an interface by its type and number. register: Represents a registered interface. outgoing-interface: Displays the forwarding entries whose outgoing interface is the specified one. exclude: Displays the forwarding entries whose outgoing interface list excludes the specified interface. include: Displays the forwarding entries whose outgoing interface list includes the specified interface.
Field Description (2000:5::1:1000, FF1E::1234) An (S, G) entry in the IPv6 multicast forwarding table. MID MID of the (S, G). Each (S, G) entry has a unique MID. Flags Current state of the (S, G) entry. Different bits indicate different states of the (S, G) entry. For major values of this field, see Table 222 and Table 223. Uptime Length of time for which the (S, G) entry has been up. Timeout in Length of time in which the (S, G) entry will time out.
Value Meaning 4 Indicates that the main board will synchronize the RP information of the entry to other cards. 80 Indicates that the main board will synchronize the encapsulation group information of the entry to other cards. 80000000 Indicates that the main board will notify other cards to add the entry. 40000000 Indicates that the main board will notify other cards to remove the entry.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Any view Default command level 1: Monitor level Parameters ipv6-source-address: Specifies an IPv6 multicast source address. ipv6-group-address: Specifies an IPv6 multicast group address, in the range of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, and FF0y::), where x and y represent any hexadecimal number from 0 to F. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Load splitting rule Load sharing rule. Related commands • display multicast ipv6 forwarding-table • display multicast ipv6 routing-table multicast ipv6 boundary Use multicast ipv6 boundary to configure an IPv6 multicast forwarding boundary. Use undo multicast ipv6 boundary to delete the specified IPv6 multicast forwarding boundary or all IPv6 multicast forwarding boundaries.
These multicast groups must be in the same scope. The latest configuration of a scope overwrites the previous one. Assume that Set A and Set B are both multicast forwarding boundary sets with different address ranges, and that B is a subset of A. If B is configured after A, A still takes effect. If A is configured after B, B will be removed. Examples # Configure GigabitEthernet 0/1 to be the forwarding boundary of the IPv6 multicast groups in the range of FF03::/16.
Related commands display multicast ipv6 forwarding-table multicast ipv6 forwarding-table route-limit Use multicast ipv6 forwarding-table route-limit to configure the maximum number of entries in the IPv6 multicast forwarding table. Use undo multicast ipv6 forwarding-table route-limit to restore the default. Syntax multicast ipv6 forwarding-table route-limit limit undo multicast ipv6 forwarding-table route-limit Default The maximum number of entries in the IPv6 multicast forwarding table is 4096.
Parameters source: Specifies IPv6 multicast load splitting on a per-source basis. source-group: Specifies IPv6 multicast load splitting on a per-source and per-group basis. Examples # Enable load splitting of IPv6 multicast traffic on a per-source basis.
Usage guidelines You must enable IPv6 multicast routing before you can execute other Layer 3 IPv6 multicast commands. The device does not forward any IPv6 multicast packets before IPv6 multicast routing is enabled. Examples # Enable IPv6 multicast routing. system-view [Sysname] multicast ipv6 routing-enable reset multicast ipv6 forwarding-table Use reset multicast ipv6 forwarding-table to clear forwarding entries from the IPv6 multicast forwarding table.
• display multicast ipv6 routing-table • reset multicast IPv6 routing-table reset multicast ipv6 routing-table Use reset multicast ipv6 routing-table to clear IPv6 routing entries from the IPv6 multicast routing table.
IPv6 PIM configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. The following matrix shows the feature and hardware compatibility: Hardware IPv6 PIM compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No bsm-fragment enable (IPv6 PIM view) Use bsm-fragment enable to enable bootstrap message (BSM) semantic fragmentation.
bsr-policy (IPv6 PIM view) Use bsr-policy to configure a legal BSR address range to guard against BSR spoofing. Use undo bsr-policy to remove the restriction of the BSR address range. Syntax bsr-policy acl6-number undo bsr-policy Default No restrictions exist for the BSR address range, and the BSR messages from any source are considered eligible. Views IPv6 PIM view Default command level 2: System level Parameters acl6-number: Specifies a basic IPv6 ACL number, in the range of 2000 to 2999.
Parameters ipv6-address: Specifies the IPv6 address of the interface that will act as a C-BSR. hash-length: Specifies a hash mask length, in the range of 0 to 128. If you do not specify this argument, the corresponding global setting is used. priority: Specifies the priority of the C-BSR, in the range of 0 to 255. A larger value indicates a higher priority. If you do not specify this argument, the corresponding global setting is used.
c-bsr hash-length (IPv6 PIM view) Use c-bsr hash-length to configure the global Hash mask length. Use undo c-bsr hash-length to restore the default. Syntax c-bsr hash-length hash-length undo c-bsr hash-length Default The Hash mask length is 126. Views IPv6 PIM view Default command level 2: System level Parameters hash-length: Specifies a hash mask length, in the range of 0 to 128. Examples # Set the global Hash mask length to 16.
Parameters interval: Specifies a BS timeout timer in seconds, in the range of 1 to 2147483647. Examples # Set the BS timeout timer to 150 seconds. system-view [Sysname] pim ipv6 [Sysname-pim6] c-bsr holdtime 150 Related commands • c-bsr • c-bsr interval c-bsr interval (IPv6 PIM view) Use c-bsr interval to configure the BS period, namely, the interval at which the BSR sends bootstrap messages. Use undo c-bsr interval to restore the default.
Syntax c-bsr priority priority undo c-bsr priority Default The C-BSR priority is 64. Views IPv6 PIM view Default command level 2: System level Parameters priority: Specifies the priority of the C-BSR, in the range of 0 to 255. A larger value indicates a higher priority. Examples # Set the global C-BSR priority to 5. system-view [Sysname] pim ipv6 [Sysname-pim6] c-bsr priority 5 Related commands c-bsr c-bsr scope Use c-bsr scope to configure the C-BSR in the IPv6 admin-scope zone.
hash-length: Specifies the hash mask length of the IPv6 admin-scope zone indicated by the Scope value, in the range of 0 to 128. If you do not specify this argument, the corresponding global setting is used. priority: Priority of the C-BSR in the IPv6 admin-scope zone indicated by the Scope value, in the range of 0 to 255. A larger value indicates a higher priority. If you do not specify this argument, the corresponding global setting is used.
adv-interval: Specifies a C-RP-Adv interval in seconds. The value ranges from 1 to 65535. If you do not specify this argument, the corresponding global setting is used. Usage guidelines You must enable IPv6 PIM-SM on the interface that you want to configure as a C-RP.
[Sysname-pim6] c-rp advertisement-interval 30 Related commands c-rp c-rp holdtime (IPv6 PIM view) Use c-rp holdtime to configure the global C-RP timeout timer, namely, the time that the BSR waits for a C-RP-Adv message from C-RPs. Use undo c-rp holdtime to restore the default. Syntax c-rp holdtime interval undo c-rp holdtime Default The C-RP timeout timer is 150 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a C-RP timeout timer in seconds.
Syntax crp-policy acl6-number undo crp-policy Default No restrictions are defined for C-RP address ranges and the address ranges of served groups. Namely, all received C-RP messages are regarded legal. Views IPv6 PIM view Default command level 2: System level Parameters acl6-number: Advanced IPv6 ACL number, in the range of 3000 to 3999.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Candidate BSR Address Address of the candidate BSR. Priority BSR priority. Hash mask length Hash mask length. State BSR state. Scope Scope of the BSR. Uptime Length of time since this BSR was elected. Next BSR message scheduled at Remaining time of this BSR. Candidate RP Address of the C-RP. Priority Priority of the C-RP. HoldTime Timeout time of the C-RP. Advertisement Interval Interval between C-RP-Adv messages.
Usage guidelines If an (S, G) is marked SPT, this (S, G) entry uses an IPv6 unicast route. Examples # Display information about all IPv6 unicast routes that IPv6 PIM uses.
Parameters probe: Displays the number of null register messages. register: Specifies register messages. register-stop: Specifies register-stop messages. interface-type interface-number: Specifies an interface by its type and number. assert: Specifies assert messages. bsr: Specifies bootstrap messages. crp: Specifies C-RP-Adv messages. graft: Specifies graft messages. graft-ack: Specifies graft-ack messages. hello: Specifies hello messages. join-prune: Specifies join/prune messages.
Table 228 Command output Field Description PIM global control-message counters Statistics of IPv6 PIM global control messages. PIM control-message counters for interface Interface for which IPv6 PIM control messages were counted. Received Number of messages received. Sent Number of messages sent. Invalid Number of invalid messages. Register Register messages. Register-Stop Register-stop messages. Probe Null register messages. Assert Assert messages. Graft Graft messages.
display pim ipv6 grafts Source Group Age RetransmitIn 1004::2 ff03::101 00:00:24 00:00:02 Table 229 Command output Field Description Source IPv6 multicast source address in the graft message. Group IPv6 multicast group address in the graft message. Age Time in which the graft message will get aged out, in hours:minutes:seconds. RetransmitIn Time in which the graft message will be retransmitted, in hours:minutes:seconds.
PIM LAN delay (configured): 500 ms PIM override interval (negotiated): 2500 ms PIM override interval (configured): 2500 ms PIM neighbor tracking (negotiated): disabled PIM neighbor tracking (configured): disabled PIM generation ID: 0xF5712241 PIM require generation ID: disabled PIM hello hold interval: 105 s PIM assert hold interval: 180 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 N
Field Description Number of routers on network not using DR priority Number of routers not using the DR priority field on the subnet where the interface resides. Number of routers on network not using LAN delay Number of routers not using the LAN delay field on the subnet where the interface resides. Number of routers on network not using neighbor tracking Number of routers not using neighbor tracking on the subnet where the interface resides.
display pim ipv6 join-prune mode sm Expiry Time: 50 sec Upstream nbr: FE80::2E0:FCFF:FE03:1004 (GigabitEthernet0/1) 1 (*, G) join(s), 0 (S, G) join(s), 1 (S, G, rpt) prune(s) ------------------------------------------------------------------------Total (*, G) join(s): 1, (S, G) join(s): 0, (S, G, rpt) prune(s): 1 Table 231 Command output Field Description Expiry Time: Expiry time of sending join/prune messages.
Total Number of Neighbors = 2 Neighbor Interface Uptime Expires Dr-Priority Mode FE80::A01:101:1 GE0/1 02:50:49 00:01:31 1 B FE80::A01:102:1 GE0/2 02:49:39 00:01:42 1 B # Display the detailed information of the IPv6 PIM neighbor whose IPv6 address is FE80::A01:101:1.
display pim ipv6 routing-table Use display pim ipv6 routing-table to display IPv6 PIM routing table information.
• nonbr: Specifies routing entries with IPv6 PIM neighbor searching failure. • rpt: Specifies routing entries on RPT branches where (S, G) prunes have been sent to the RP. • spt: Specifies routing entries on the SPT. • swt: Specifies routing entries in the process of RPT-to-SPT switchover. • wc: Specifies wildcard routing entries. fsm: Displays the information of the state machine. |: Filters command output by specifying a regular expression.
RPF prime neighbor: NULL Join/Prune FSM: [SPT: J] [RPT: NP] Downstream interface(s) information: Total number of downstreams: 1 1: GigabitEthernet0/2 Protocol: pim-sm, UpTime: 02:54:43, Expires: 00:02:47 DR state: [DR] Join/Prune FSM: [NI] Assert FSM: [NI] FSM information for non-downstream interfaces: None Table 233 Command output Field Description Total 0 (*, G) entry; 1 (S, G) entry Number of (S, G) and (*, G) entries in the IPv6 PIM routing table.
Field Description Information of the downstream interfaces, including: Downstream interface(s) information • • • • • Number of downstream interfaces. Downstream interface name. Protocol type configured on the downstream interface. Uptime of the downstream interfaces. Expiry time of the downstream interfaces. Related commands display ipv6 multicast routing-table display pim ipv6 rp-info Use display pim ipv6 rp-info to display RP information.
Uptime: 00:05:19 Expires: 00:02:11 Table 234 Command output Field Description prefix/prefix length IPv6 multicast group served by the RP. RP IPv6 address of the RP. Priority RP priority. HoldTime Timeout time of the RP. Uptime Length of time since the RP was elected. Expires Remaining time of the RP. embedded-rp Use embedded-rp to enable embedded RP. Use undo embedded-rp to disable embedded RP or restore the default.
system-view [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule permit source ff7e:140:20::101 64 [Sysname-acl6-basic-2000] quit [Sysname] pim ipv6 [Sysname-pim6] embedded-rp 2000 hello-option dr-priority (IPv6 PIM view) Use hello-option dr-priority to configure the global value of the router priority for DR election. Use undo hello-option dr-priority to restore the default.
Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies an IPv6 PIM neighbor timeout timer in seconds. The value ranges from 1 to 65535. A value of 65535 makes the IPv6 PIM neighbor always reachable. Examples # Set the IPv6 PIM neighbor timeout timer to 120 seconds globally.
hello-option neighbor-tracking (IPv6 PIM view) Use hello-option neighbor-tracking to globally disable join suppression (namely, enable neighbor tracking). Use undo hello-option neighbor-tracking to enable join suppression. Syntax hello-option neighbor-tracking undo hello-option neighbor-tracking Default Join suppression is enabled, and neighbor tracking is disabled. Views IPv6 PIM view Default command level 2: System level Examples # Disable join suppression globally.
system-view [Sysname] pim ipv6 [Sysname-pim6] hello-option override-interval 2000 Related commands • hello-option lan-delay • pim ipv6 hello-option lan-delay • pim ipv6 hello-option override-interval holdtime assert (IPv6 PIM view) Use holdtime assert to configure the global value of the assert timeout timer. Use undo holdtime assert to restore the default. Syntax holdtime assert interval undo holdtime assert Default The assert timeout timer is 180 seconds.
Default The join/prune timeout timer is 210 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a join/prune timeout timer in seconds. The value ranges from 1 to 65535. Examples # Set the global value of the join/prune timeout timer to 280 seconds.
Related commands jp-queue-size jp-queue-size (IPv6 PIM view) Use jp-queue-size to configure the maximum number of (S, G) entries in each join/prune message. Use undo jp-queue-size to restore the default. Syntax jp-queue-size queue-size undo jp-queue-size Default Each join/prune messages contains a maximum of 1020 (S, G) entries.
Use undo pim ipv6 to remove all configurations in IPv6 PIM view. Syntax pim ipv6 undo pim ipv6 Views System view Default command level 2: System level Usage guidelines IPv6 multicast routing must be enabled on the device before this command can take effect. Examples # Enable IPv6 multicast routing and enter IPv6 PIM view.
• multicast ipv6 boundary pim ipv6 dm Use pim ipv6 dm to enable IPv6 PIM-DM. Use undo pim ipv6 dm to disable IPv6 PIM-DM. Syntax pim ipv6 dm undo pim ipv6 dm Default IPv6 PIM-DM is disabled. Views Interface view Default command level 2: System level Usage guidelines This command can take effect only after IPv6 multicast routing is enabled on the device. IPv6 PIM-DM cannot be used for IPv6 multicast groups in the IPv6 SSM group range.
Views Interface view Default command level 2: System level Parameters priority: Specifies a router priority for DR election, in the range of 0 to 4294967295. A larger value indicates a higher priority. Examples # Set the router priority for DR election to 3 on GigabitEthernet 0/1.
pim ipv6 hello-option lan-delay Use pim ipv6 hello-option lan-delay to configure the LAN-delay time( namely, the time that the device waits before forwarding a received prune message, on the current interface). Use undo pim ipv6 hello-option lan-delay to restore the default. Syntax pim ipv6 hello-option lan-delay interval undo pim ipv6 hello-option lan-delay Default The LAN-delay time is 500 milliseconds.
Default command level 2: System level Examples # Disable join suppression on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 hello-option neighbor-tracking Related commands hello-option neighbor-tracking pim ipv6 hello-option override-interval Use pim ipv6 hello-option override-interval to configure the prune override interval on the current interface. Use undo pim ipv6 hello-option override-interval to restore the default.
Syntax pim ipv6 holdtime assert interval undo pim ipv6 holdtime assert Default The assert timeout timer is 180 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies an assert timeout timer in seconds. The value ranges from 7 to 2147483647. Examples # Set the assert timeout timer to 100 seconds on GigabitEthernet 0/1.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 holdtime join-prune 280 Related commands • holdtime assert • holdtime join-prune • pim ipv6 holdtime assert pim ipv6 neighbor-policy Use pim ipv6 neighbor-policy to configure a legal source address range for hello messages to guard against hello message spoofing. Use undo pim ipv6 neighbor-policy to restore the default.
undo pim ipv6 require-genid Default Hello messages without Generation_ID are accepted. Views Interface view Default command level 2: System level Examples # Configure GigabitEthernet 0/1 to reject hello messages without Generation_ID. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 require-genid pim ipv6 sm Use pim ipv6 sm to enable IPv6 PIM-SM. Use undo pim ipv6 sm to disable IPv6 PIM-SM.
pim ipv6 state-refresh-capable Use pim ipv6 state-refresh-capable to enable the state refresh feature on the interface. Use undo pim ipv6 state-refresh-capable to disable the state refresh feature. Syntax pim ipv6 state-refresh-capable undo pim ipv6 state-refresh-capable Default The state refresh feature is enabled. Views Interface view Default command level 2: System level Examples # Disable state refresh on GigabitEthernet 0/1.
Examples # Set the graft retry period to 80 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 timer graft-retry 80 pim ipv6 timer hello Use pim ipv6 timer hello to configure the interval at which hello messages are sent on the current interface. Use undo pim ipv6 timer hello to restore the default. Syntax pim ipv6 timer hello interval undo pim ipv6 timer hello Default Hello messages are sent at the interval of 30 seconds.
Views Interface view Default command level 2: System level Parameters interval: Specifies a join/prune interval in seconds. The value ranges from 1 to 2147483647. Examples # Set the join/prune interval to 80 seconds on GigabitEthernet 0/1.
Syntax probe-interval interval undo probe-interval Default The register probe time is 5 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a register probe time in seconds. The value ranges from 1 to 1799. Examples # Set the register probe time to 6 seconds.
[Sysname-pim6] prune delay 75 register-policy (IPv6 PIM view) Use register-policy to configure an IPv6 ACL rule to filter register messages. Use undo register-policy to remove the configured register filtering rule. Syntax register-policy acl6-number undo register-policy Default No register filtering rule is configured. Views IPv6 PIM view Default command level 2: System level Parameters acl6-number: Specifies an advanced IPv6 ACL, in the range of 3000 to 3999.
Default command level 2: System level Parameters interval: Specifies a register suppression time in seconds, in the range of 1 to 65535. Examples # Set the register suppression time to 70 seconds. system-view [Sysname] pim ipv6 [Sysname-pim6] register-suppression-timeout 70 Related commands • probe-interval • register-policy register-whole-checksum (IPv6 PIM view) Use register-whole-checksum to configure the router to calculate the checksum based on the entire register message.
Views User view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears the statistics for the IPv6 PIM control messages on all interfaces. Examples # Reset IPv6 PIM control message counters on all interfaces. reset pim ipv6 control-message counters source-lifetime (IPv6 PIM view) Use source-lifetime to configure the IPv6 multicast source lifetime.
Default No IPv6 multicast data filter is configured. Views IPv6 PIM view Default command level 2: System level Parameters acl6-number: Specifies a basic or advanced IPv6 ACL, in the range of 2000 to 3999. Usage guidelines If you specify a basic ACL, the device filters all received IPv6 multicast packets based on the source address, and discards packets that fail the source address match.
Parameters infinity: Disables switchover to SPT. group-policy acl6-number: Specifies a basic IPv6 ACL, in the range of 2000 to 2999. If you do not include this option in your command, the configuration applies to all IPv6 multicast groups.
Usage guidelines You can use this command to define an address range of permitted or denied IPv6 multicast groups. If the match succeeds, the multicast mode is IPv6 PIM-SSM. Otherwise, the multicast mode is IPv6 PIM-SM. Examples # Configure the IPv6 SSM group range to be FF3E:0:8192::/96.
Syntax state-refresh-interval interval undo state-refresh-interval Default The state refresh interval is 60 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: State refresh interval in seconds. The value ranges from 1 to 255. Examples # Set the state refresh interval to 70 seconds.
Examples # Configure the device to wait 45 seconds before it receives a new state refresh message. system-view [Sysname] pim ipv6 [Sysname-pim6] state-refresh-rate-limit 45 Related commands • pim ipv6 state-refresh-capable • state-refresh-hoplimit • state-refresh-interval static-rp (IPv6 PIM view) Use static-rp to configure a static RP. Use undo static-rp to configure a static RP.
Examples # Configure the interface with an IPv6 address of 2001::2 as a static RP to serve the IPv6 multicast groups in the address range of FF03::101/64 defined in basic IPv6 ACL 2001, and give priority to this static RP in the case of static/dynamic RP conflict.
Syntax timer join-prune interval undo timer join-prune Default The join/prune interval is 60 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a join/prune interval in seconds. The value ranges from 1 to 2147483647. Examples # Set the global join/prune interval to 80 seconds.
MLD configuration commands The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. The following matrix shows the feature and hardware compatibility: Hardware MLD compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No display mld group Use display mld group to display MLD group information.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display detailed information about MLD groups that all interfaces dynamically joined.
Syntax display mld host interface interface-type interface-number group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. group ipv6-group-address: Specifies an IPv6 multicast group.
Syntax display mld interface [ interface-type interface-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify any interface, this command displays information about all interfaces that runs MLD. verbose: Displays detailed MLD configuration and operation information.
# Display the detailed MLD configuration and operation information on GigabitEthernet 0/2 (upstream interface).
display mld proxying group Use display mld proxying group to display MLD proxying group information. Syntax display mld proxying group [ ipv6-group-address ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ipv6-group-address: Specifies an MLD proxying group.
Field Description Expires Remaining time of the IPv6 multicast group, where "off" means that the group never times out. IPv6 multicast source filtering modes: Group mode • Include. • Exclude. A list of IPv6 multicast sources that the hosts want to receive information from. Source list display mld routing-table Use display mld routing-table to display information about the MLD routing table.
Total 2 entries 00001. (*, FF1E::101) List of 1 downstream interface GigabitEthernet0/1 (FE80::200:5EFF:FE71:3800), Protocol: MLD 00002. (100::1, FF1E::101), Flag: ACT List of 1 downstream interface in include mode GigabitEthernet0/2 (FE80::100:5E16:FEC0:1010), Protocol: MLD Table 239 Command output Field Description Routing table MLD routing table. 00001 Sequence number of this (*, G) entry. (*, FF1E::101) An (*, G) entry in the MLD routing table.
Parameters ipv6-group-address: Specifies an IPv6 multicast group by its address, in the range of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, and FF0y::), where x and y represent any hexadecimal number in the range of 0 to F. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
range of 0 to F. If you do not specify any IPv6 multicast group, this command displays information about all IPv6 multicast groups created based on the configured MLD SSM mappings. interface-type interface-number: Specifies an interface by its type and number. If you do not specify any interface, this command displays the multicast group information created based on the configured MLD SSM mappings on all interfaces.
Field Description Group mode IPv6 multicast sources filter mode. Source list(Total 1 source) IPv6 multicast source list (one IPv6 multicast source). Source IPv6 multicast source address. Last-listener-query-counter Number of MLD last listener queries sent. Last-listener-query-timer-expiry Remaining time of the MLD last listener query timer, where "off" means that the timer never expires.
Table 242 Command output Field Description GigabitEthernet0/1(1::1) Interface and IPv6 address. (10::1, FF1E::101) (S, G) entry. Host Host IPv6 address. Uptime Host running duration. Expires Host expiration time, where timeout means that the host has expired. fast-leave (MLD view) Use fast-leave to configure MLD fast-leave processing globally. Use undo fast-leave to disable MLD fast-leave processing globally.
Syntax host-tracking undo host-tracking Default This function is disabled. Views MLD view Default command level 2: System level Examples # Enable the MLD host tracking function globally. system-view [Sysname] mld [Sysname-mld] host-tracking Related commands mld host-tracking. last-listener-query-interval (MLD view) Use last-listener-query-interval to configure the MLD last listener query interval globally. Use undo last-listener-query-interval to restore the default.
Related commands • display mld interface • mld last-listener-query-interval • robust-count max-response-time (MLD view) Use max-response-time to configure the maximum response time for MLD general queries globally. Use undo max-response-time to restore the default. Syntax max-response-time interval undo max-response-time Default The maximum response delay for MLD general queries is 10 seconds.
Default command level 2: System level Usage guidelines This command can take effect only after IPv6 multicast routing is enabled on the device. Examples # Enable IPv6 multicast routing and enter MLD view. system-view [Sysname] multicast ipv6 routing-enable [Sysname] mld [Sysname-mld] Related commands • mld enable • multicast ipv6 routing-enable mld enable Use mld enable to enable MLD on the current interface. Use undo mld enable to disable MLD on the current interface.
mld fast-leave Use mld fast-leave to configure MLD fast-leave processing on the current interface. Use undo mld fast-leave to disable MLD fast-leave processing on the current interface. Syntax mld fast-leave [ group-policy acl6-number ] undo mld fast-leave Default MLD fast-leave processing is disabled.
Views Interface view Default command level 2: System level Parameters limit: Specifies the maximum number of IPv6 multicast groups that an interface can join. The value ranges from 1 to 4096. Usage guidelines This command is effective only for dynamically joined IPv6 multicast groups but not statically joined IPv6 multicast groups.
Parameters acl6-number: Specifies a basic or advanced IPv6 ACL, in the range of 2000 to 3999. A host can join only the IPv6 multicast groups that match the permit statement in the ACL. The source address or address range specified in the advanced IPv6 ACL rule is the IPv6 multicast source address or addresses specified in MLDv2 reports, rather than the source address in the IPv6 packets.
mld last-listener-query-interval Use mld last-listener-query-interval to configure the MLD last listener query interval on the current interface. Use undo mld last-listener-query-interval to restore the default. Syntax mld last-listener-query-interval interval undo mld last-listener-query-interval Default The MLD last listener query interval is 1 second.
Default command level 2: System level Parameters interval: Specifies the maximum response time for MLD general query messages in seconds, in the range of 1 to 25. Usage guidelines The maximum response time determines the time which the device takes to detect directly attached group members in the LAN. Examples # Set the maximum response delay for MLD general query messages to 8 seconds on GigabitEthernet 0/1.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld proxying enable Related commands multicast ipv6 routing-enable mld proxying forwarding Use mld proxying forwarding to enable a non-querier downstream interface to forward multicast traffic. Use undo mld proxying forwarding to disable the forwarding capability of a non-querier downstream interface.
Default command level 2: System level Examples # Configure GigabitEthernet 0/1 to discard MLD messages without the Router-Alert option. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld require-router-alert Related commands • mld send-router-alert • require-router-alert mld robust-count Use mld robust-count to configure the MLD querier's robustness variable on the current interface. Use undo mld robust-count to restore the default.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld robust-count 3 Related commands • display mld interface • mld last-listener-query-interval • mld startup-query-count • mld timer other-querier-present • mld timer query • robust-count mld send-router-alert Use mld send-router-alert to enable insertion of the Router-Alert option into MLD messages to be sent from the current interface.
Default The MLD SSM mapping feature is disabled on all interfaces. Views Interface view Default command level 2: System level Examples # Enable the MLD SSM mapping feature on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld ssm-mapping enable mld startup-query-count Use mld startup-query-count to configure the startup query count on the current interface. Use undo mld startup-query-count to restore the default.
Use undo mld startup-query-interval to restore the default. Syntax mld startup-query-interval interval undo mld startup-query-interval Default The startup query interval is 1/4 of the MLD query interval. Views Interface view Default command level 2: System level Parameters interval: Specifies a startup query interval in seconds, namely, the interval between general queries that the MLD querier sends on startup, in the range of 1 to 18000.
ipv6-source-address: Specifies an IPv6 multicast source. all: Specifies all static IPv6 multicast groups that the current interface has joined. Usage guidelines If the IPv6 multicast address is in the SSM multicast address range, you must specify an IPv6 multicast source address at the same time. Otherwise MLD routing table entries cannot be established. No such a restriction exists if the specified IPv6 multicast group address is not in the SSM multicast address range.
Related commands • display mld interface • mld max-response-time • mld robust-count • mld timer query • timer other-querier-present mld timer query Use mld timer query to configure the MLD query interval on the current interface. Use undo mld timer query to restore the default. Syntax mld timer query interval undo mld timer query Default The MLD query interval is 125 seconds.
Default The MLD version is MLDv1. Views Interface view Default command level 2: System level Parameters version-number: Specifies an MLD version, 1 or 2. Examples # Set the MLD version to MLDv2 on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld version 2 Related commands version require-router-alert (MLD view) Use require-router-alert to globally configure the device to discard MLD messages without the Router-Alert option.
reset mld group Use reset mld group to remove the dynamic group entries of a specified MLD group or all MLD groups. Syntax reset mld group { all | interface interface-type interface-number { all | ipv6-group-address [ prefix-length ] [ ipv6-source-address [ prefix-length ] ] } } Views User view Default command level 2: System level Parameters all: The first all specifies all interfaces, and the second all specifies all MLD groups.
Default command level 2: System level Parameters all: The first all specifies the IPv6 multicast groups created based on the configured MLD SSM mappings on all interfaces, and the second all specifies all IPv6 multicast groups created based on the configured MLD SSM mappings. interface-type interface-number: Specifies an interface by its type and number.
The MLD querier's robustness variable determines the following values: • The default number of MLD general queries that the MLDv1/v2 querier sends on startup. • The number of multicast-address-specific queries that the MLDv1 querier sends after receiving an MLD done message. • The number of multicast-address-and-source-specific queries that the MLDv2 querier sends after receiving an MLD report that indicates relation changes between IPv6 multicast groups and IPv6 multicast sources.
Related commands • mld send-router-alert • require-router-alert ssm-mapping (MLD view) Use ssm-mapping to configure an MLD SSM mapping. Use undo ssm-mapping to remove one or all MLD SSM mappings. Syntax ssm-mapping ipv6-group-address prefix-length ipv6-source-address undo ssm-mapping { ipv6-group-address prefix-length ipv6-source-address | all } Default No MLD SSM mappings are configured.
Default The startup query count is set to the MLD querier's robustness variable. Views MLD view Default command level 2: System level Parameters value: Specifies a startup query count, namely, the number of queries that the MLD querier sends on startup, in the range of 2 to 5. Examples # Set the startup query count to 3 globally.
Related commands • mld startup-query-interval • timer query timer other-querier-present (MLD view) Use timer other-querier-present to configure the MLD other querier present interval globally. Use undo timer other-querier-present to restore the default. Syntax timer other-querier-present interval undo timer other-querier-present Default MLD other querier present interval = [ MLD query interval ] × [ MLD querier's robustness variable ] + [ maximum response delay for MLD general queries ] /2.
Default The MLD query interval is 125 seconds. Views MLD view Default command level 2: System level Parameters interval: Specifies an MLD query interval in seconds, namely, time between MLD general queries, in the range of 1 to 18000. Examples # Set the MLD query interval to 200 seconds globally.
Related commands mld version 1053
Routing policy configuration commands The common routing policy configuration commands are applicable to both IPv4 and IPv6. The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices. Common routing policy configuration commands apply as-path Use apply as-path to apply the specified AS numbers to BGP routes. Use undo apply as-path to remove the clause configuration.
Hardware Command compatible U200-S No Examples # Configure node 10 in permit mode of routing policy policy1. Add AS number 200 before the original AS_PATH attribute of BGP routing information matching AS path list 1. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match as-path 1 [Sysname-route-policy] apply as-path 200 apply comm-list delete Use apply comm-list delete to delete the COMMUNITY attributes specified by a community list from BGP routes.
Hardware Command compatible U200-S No Examples # Configure node 10 in permit mode of routing policy policy1. Remove the COMMUNITY attributes specified in community list 1 from BGP routes matching AS path list 1. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match as-path 1 [Sysname-route-policy] apply comm-list 1 delete apply community Use apply community to set the specified COMMUNITY attribute for BGP routes.
Usage guidelines The following matrix shows the apply community command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No Examples # Configure node 16 in permit mode of routing policy setcommunity. Set the NO_EXPORT community attribute for BGP routes matching AS path list 8.
Examples # Configure node 10 in permit mode of routing policy policy1. Set a cost of 120 for routing information whose outbound interface is GigabitEthernet 0/1. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match interface gigabitethernet 0/1 [Sysname-route-policy] apply cost 120 apply cost-type Use apply cost-type to set a cost type for routing information. Use undo apply cost-type to remove the clause configuration.
When used for BGP, the apply cost-type internal command sets the MED of a matching BGP route learned from an IBGP peer to the IGP metric of the route's next hop before BGP advertises the route to an EBGP peer. Examples # Create node 10 in permit mode of routing policy policy1. If a route has a tag of 8, set the cost type for the route to IS-IS internal route.
Hardware Command compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No Examples # Configure node 10 in permit mode of routing policy policy1. If a BGP route matches AS path list 1, add the RT extended community attribute 100:2 to the route.
Usage guidelines The following matrix shows the apply isis command and firewalls and UTM devices compatibility: Hardware Command compatible F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes Firewall module No U200-A No U200-S No Examples # Configure node 10 in permit mode of routing policy policy1. If a route has a tag of 8, redistribute the route to IS-IS level-2.
[Sysname-route-policy] apply ip-precedence 5 apply local-preference Use apply local-preference to configure the specified local preference for BGP routes. Use undo apply local-preference to remove the clause configuration. Syntax apply local-preference preference undo apply local-preference Default No local preference is configured for BGP routing information.
Syntax apply origin { egp as-number | igp | incomplete } undo apply origin Default No ORIGIN attribute is set for BGP routing information. Views Routing policy view Default command level 2: System level Parameters egp: Sets the ORIGIN attribute of BGP routing information to EGP. as-number: Specifies an AS number for EGP routes, in the range of 1 to 4294967295. igp: Sets the ORIGIN attribute of BGP routing information to IGP. incomplete: Sets the ORIGIN attribute of BGP routing information to unknown.
Usage guidelines If you have set preferences for routing protocols with the preference command, using the apply preference command sets a new preference for the matching routing protocol. Non-matching routing protocols still use the preferences set by the preference command. Examples # Configure node 10 in permit mode of routing policy policy1. Set the preference for OSPF external routes to 90.
Examples # Configure node 10 in permit mode of routing policy policy1. Set a preferred value of 66 for BGP routing information matching AS path list 1. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match as-path 1 [Sysname-route-policy] apply preferred-value 66 apply tag Use apply tag to set a specified tag for RIP, OSPF, or IS-IS routing information. Use undo apply tag to remove the clause configuration.
Views Routing policy view Default command level 2: System level Parameters node-number: Routing policy node number, in the range of 0 to 65535. Usage guidelines The specified next node must have a larger number than the current node number. Example # Specify the next node 20 for node 10 of routing policy policy1. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] continue 20 display ip as-path Use display ip as-path to display BGP AS path list information.
Hardware Command compatible F5000 Yes Firewall module Yes U200-A Yes U200-S No Examples # Display the information of BGP AS path list 1. display ip as-path 1 ListID Mode Expression 1 permit 2 Table 243 Command output Field Description ListID AS path list ID. Mode Match mode: permit or deny. Expression Regular expression for matching.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no community list is specified, this command displays information about all BGP community lists.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Parameters route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Default command level 2: System level Parameters as-path-number: Specifies an AS path list by its number, in the range of 1 to 256. &<1-16>: Indicates that the argument before it can be entered up to 16 times.
Default command level 2: System level Parameters basic-community-list-number: Specifies a basic community list by its number, in the range of 1 to 99. adv-community-list-number: Specifies an advanced community list by its number, in the range of 100 to 199. comm-list-name: Specifies a community list by its name, a string of 1 to 31 characters, which can contain letters, numbers, and signs. whole-match: Exactly matches the specified community lists.
Views Routing policy view Default command level 2: System level Parameters value: Specifies a cost in the range of 0 to 4294967295. Examples # Configure node 10 in permit mode of routing policy policy1 to permit routing information with a cost of 8.
Hardware Command compatible U200-S No Examples # Configure node 10 in permit mode of routing policy policy1 to match BGP routing information to extended community lists 100 and 150. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match extcommunity 100 150 if-match interface Use if-match interface to specify interfaces for matching against the outbound interface of routing information. Use undo if-match interface to remove the match criterion.
Syntax if-match route-type { external-type1 | external-type1or2 | external-type2 | internal | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 } * undo if-match route-type [ external-type1 | external-type1or2 | external-type2 | internal | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 ] * Default The match criterion is not configured.
if-match tag Use if-match tag to match routing information having the specified tag. Use undo if-match tag to remove the match criterion. Syntax if-match tag value undo if-match tag Default No tag match criterion is not configured. Views Routing policy view Default command level 2: System level Parameters value: Specifies a tag in the range of 0 to 4294967295. Usage guidelines Only F5000 firewalls support this command.
deny: Specifies the match mode for the AS path list as deny. permit: Specifies the match mode for the AS path list as permit. regular-expression: Specifies the AS_PATH regular expression, a string of 1 to 50 characters. BGP routing updates contain the AS_PATH attribute field that identifies the autonomous systems through which the routing information has passed. An AS_PATH regular expression, for example, ^200. *100$, matches the AS_PATH attribute that starts with AS200 and ends with AS100.
Parameters basic-comm-list-num: Specifies a number for the basic community list, in the range of 1 to 99. basic: Specifies a name for the basic communist list. advanced: Specifies name for the advanced communist list. comm-list-name: Community list name, a string of 1 to 31 characters, which can contain letters, numbers, and signs. adv-comm-list-num: Advanced community list number, in the range of 100 to 199.
system-view [Sysname] ip community-list 100 permit ^10 ip extcommunity-list Use ip extcommunity-list to define an extended community list entry. Use undo ip extcommunity-list to remove an extended community list. Syntax ip extcommunity-list ext-comm-list-number { deny | permit } { rt route-target | soo site-of-origin }&<1-16> undo ip extcommunity-list ext-comm-list-number Default No extended community list is defined.
Examples # Define extended community list 1 to permit routing information with RT 200:200. system-view [Sysname] ip extcommunity-list 1 permit rt 200:200 # Define extended community list 2 to permit routing information with SoO 100:100. system-view [Sysname] ip extcommunity-list 2 permit soo 100:100 route-policy Use route-policy to create a routing policy and a node for it, and enter routing policy view. Use undo route-policy to remove a routing policy or a node for it.
IPv4 routing policy configuration commands apply ip-address next-hop Use apply ip-address next-hop to set a next hop for IPv4 routing information. Use undo apply ip-address next-hop to remove the clause configuration. Syntax apply ip-address next-hop ip-address undo apply ip-address next-hop Default No next hop is set for IPv4 routing information. Views Routing policy view Default command level 2: System level Parameters ip-address: IP address of the next hop.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Routing policy view Default command level 2: System level Parameters acl-number: ACL number from 2000 to 3999. Examples # Configure node 10 of routing policy policy1 to permit routes matching ACL 2000. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match acl 2000 if-match ip Use if-match ip to configure a next hop or source address match criterion for IPv4 routes. Use undo if-match ip to remove the match criterion.
Use undo if-match ip-prefix to remove the match criterion. Syntax if-match ip-prefix ip-prefix-name undo if-match ip-prefix Default No IP prefix list based match criterion is configured. Views Routing policy view Default command level 2: System level Parameters ip-prefix-name: Matches an IP prefix list with a name being a string of 1 to 19 characters. Examples # Configure node 10 of routing policy policy2 to permit routes whose destination address matches IP prefix list p1.
permit: Specifies the permit mode. If a route matches the item, it passes the IPv4 prefix list. If not, it matches against the next item (suppose the IPv4 prefix list has multiple items). ip-address mask-length: Specifies an IPv4 prefix and mask length. The mask-length is in the range of 0 to 32. min-mask-length, max-mask-length: Specifies the prefix range. greater-equal means "greater than or equal to" and less-equal means "less than or equal to.
IPv6 routing policy configuration commands The following matrix shows the IPv6 routing policy commands and firewalls and UTM devices compatibility: Hardware Commands compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 Yes Firewall module Yes U200-A Yes U200-S No apply ipv6 next-hop Use apply ipv6 next-hop to configure a next hop for IPv6 routes. Use undo apply ipv6 next-hop to remove the clause configuration.
display ip ipv6-prefix Use display ip ipv6-prefix to display IPv6 prefix list statistics. Syntax display ip ipv6-prefix [ ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ipv6-prefix-name: Specifies an IPv6 prefix list by its name, a string of 1 to 19 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
if-match ipv6 Use if-match ipv6 to match IPv6 routes whose destination, next hop, or source address matches the specified IPv6 prefix list. Use undo if-match ipv6 to remove the match criterion. Syntax if-match ipv6 { address | next-hop | route-source } { acl acl6-number | prefix-list ipv6-prefix-name } undo if-match ipv6 { address | next-hop | route-source } [ acl | prefix-list ] Default No IPv6 prefix list match criterion is not configured.
Views System view Default command level 2: System level Parameters ipv6-prefix-name: Specifies a name for IPv6 prefix list, a string of 1 to 19 characters. index-number: Specifies an index number for the item, in the range of 1 to 65535. An item with a smaller index-number will be matched first. deny: Specifies the deny mode. If a route matches the item, the route is denied without matching against the next item.
Syntax reset ip ipv6-prefix [ ipv6-prefix-name ] Views User view Default command level 2: System level Parameters ipv6-prefix-name: Specifies an IPv6 prefix list by its name, a string of 1 to 19 characters. Usage guidelines If no name is specified, this command clears the statistics for all IPv6 prefix lists. Examples # Clear the statistics for IPv6 prefix list abc.
SSL configuration commands ciphersuite Use ciphersuite to specify the cipher suites for an SSL server policy to support.
Hardware Keywords compatible F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 No Firewall module Yes U200-A Yes U200-S No Usage guidelines With no keyword specified, the command configures an SSL server policy to support all cipher suites. If you execute this command multiple times, the most recent configuration takes effect. Examples # Configure SSL server policy policy1 to support cipher suites rsa_rc4_128_md5 and rsa_rc4_128_sha.
Examples # Configure the SSL server to require certificate-based SSL client authentication. system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] client-verify enable Related commands • client-verify weaken • display ssl server-policy client-verify weaken Use client-verify weaken to enable SSL client weak authentication. Use undo client-verify weaken to restore the default.
close-mode wait Use close-mode wait to set the SSL connection close mode to wait mode. In this mode, after sending a close-notify alert message to a client, the server does not close the connection until it receives a close-notify alert message from the client. Use undo close-mode wait to restore the default.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display information about SSL client policy policy1. display ssl client-policy policy1 SSL Client Policy: policy1 SSL Version: SSL 3.0 PKI Domain: 1 Prefer Ciphersuite: RSA_RC4_128_SHA Server-verify: enabled Table 247 Command output Field Description SSL Client Policy SSL client policy name.
display ssl server-policy policy1 SSL Server Policy: policy1 PKI Domain: domain1 Ciphersuite: RSA_RC4_128_MD5 RSA_RC4_128_SHA RSA_DES_CBC_SHA RSA_3DES_EDE_CBC_SHA RSA_AES_128_CBC_SHA RSA_AES_256_CBC_SHA Handshake Timeout: 3600 Close-mode: wait disabled Session Timeout: 3600 Session Cachesize: 500 Client-verify: disabled Client-verify weaken: disabled Table 248 Command output Field Description SSL Server Policy SSL server policy name. PKI domain used by the SSL server policy.
Default The handshake timeout time is 3600 seconds. Views SSL server policy view Default command level 2: System level Parameters time: Handshake timeout time in seconds. The range is 180 to 7200. Usage guidelines If the SSL server receives no packet from the SSL client before the handshake timeout time expires, the SSL server terminates the handshake process. Examples # Set the handshake timeout time of SSL server policy policy1 to 3000 seconds.
system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] pki-domain server-domain # Configure SSL client policy policy1 to use PKI domain client-domain. system-view [Sysname] ssl client-policy policy1 [Sysname-ssl-client-policy-policy1] pki-domain client-domain Related commands • display ssl server-policy • display ssl client-policy prefer-cipher Use prefer-cipher to specify the preferred cipher suite for an SSL client policy.
rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 256-bit AES_CBC, and the MAC algorithm of SHA. rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of DES_CBC, and the MAC algorithm of SHA. rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit RC4, and the MAC algorithm of MD5.
Default command level 2: System level Examples # Enable certificate-based SSL server authentication. system-view [Sysname] ssl client-policy policy1 [Sysname-ssl-client-policy-policy1] server-verify enable Related commands display ssl client-policy session Use session to set the maximum number of cached sessions and the caching timeout time. Use undo session to restore the default.
Related commands display ssl server-policy ssl client-policy Use ssl client-policy to create an SSL policy and enter its view. Use undo ssl client-policy to delete a specified SSL client policy or all SSL client policies. Syntax ssl client-policy policy-name undo ssl client-policy { policy-name | all } Views System view Default command level 2: System level Parameters policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters. It cannot be "a", "al", or "all".
all: Specifies all SSL server policies. Usage guidelines You cannot delete an SSL server policy that has been associated with one or more application layer protocols. Examples # Create SSL server policy policy1 and enter its view. system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] Related commands display ssl server-policy version Use version to specify the SSL protocol version for an SSL client policy. Use undo version to restore the default.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall product or a UTM device. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ABCDEFGHIJLMNOPQRSTUVW A abr-summary (OSPF area view),309 abr-summary (OSPFv3 area view),801 active region-configuration,73 address range,731 aggregate,442 arp static,230 arp timer aging,231 asbr-summary,310 authentication-mode,311 auto-cost enable,377 auto-rp enable,606 aggregate (IPv6 address family view),858 B apply as-path,1054 balance (BGP/BGP-VPN instance view),443 apply comm-list delete,1055 balance (IPv6 address family view/IPv6 BGP-VPN instance view),859 apply community,1056 apply cos
c-bsr (PIM view),608 ddns apply policy,223 c-bsr admin-scope (IPv6 PIM view),967 ddns policy,223 c-bsr admin-scope (PIM view),608 default,2 c-bsr global,609 default,313 c-bsr group,610 default,135 c-bsr hash-length (IPv6 PIM view),968 default,45 c-bsr hash-length (PIM view),611 default,28 c-bsr holdtime (IPv6 PIM view),968 default cost,803 c-bsr holdtime (PIM view),611 default cost (RIP view),277 c-bsr interval (IPv6 PIM view),969 default cost (RIPng view),781 c-bsr interval (PIM view),6
dhcp relay information remote-id format-type,191 display bgp paths,457 dhcp relay information remote-id string,192 display bgp peer,458 dhcp relay information strategy,193 display bgp peer received ip-prefix,461 dhcp relay release ip,193 display bgp routing-table,462 dhcp relay security refresh enable,195 display bgp routing-table as-path-acl,464 dhcp relay security static,194 display bgp routing-table cidr,465 dhcp relay security tracker,195 display bgp routing-table community,466 dhcp relay
display inline-interfaces,149 display ipv6 pathmtu,691 display interface,3 display ipv6 policy-based-route,944 display interface loopback,30 display ipv6 policy-based-route setup,945 display interface null,32 display ipv6 policy-based-route statistics,947 display interface virtual-template,136 display ipv6 prefix,692 display interface vlan-interface,47 display ipv6 routing-table,929 display ip as-path,1066 display ipv6 routing-table acl,931 display ip community-list,1067 display ipv6 routing-
display multicast ipv6 routing-table,956 display pim ipv6 rp-info,988 display multicast ipv6 rpf-info,957 display pim join-prune,624 display multicast routing-table,556 display pim neighbor,626 display multicast routing-table static,558 display pim routing-table,627 display multicast rpf-info,559 display pim rp-info,631 display ospf abr-asbr,316 display policy-based-route,546 display ospf asbr-summary,317 display port,56 display ospf brief,319 display ppp user bind,115 display ospf cumulativ
dns server,219 flow-control,16 dns server ipv6,775 forbidden-ip,171 dns source-interface,219 G dns spoofing,220 gateway-list,172 dns-list,169 gratuitous-arp-learning enable,238 dns-server,745 gratuitous-arp-sending enable,238 Documents,1103 group (BGP/BGP-VPN instance view),479 domain-authentication-mode,404 group (IPv6 address family view),889 domain-name,746 domain-name,170 H ds-lite address,747 handshake timeout,1096 duplex,16 hello-option dr-priority (IPv6 PIM view),990 E hello-op
if-match route-type,1074 ip address,44 if-match tag,1076 ip address bootp-alloc,212 igmp,583 ip address dhcp-alloc,210 igmp enable,583 ip address ppp-negotiate,116 igmp fast-leave,584 ip as-path,1076 igmp group-limit,585 ip community-list,1077 igmp group-policy,586 ip extcommunity-list,1079 igmp host-tracking,587 ip host,221 igmp last-member-query-interval,587 ip ip-prefix,1084 igmp max-response-time,588 ip ipv6-prefix,1088 igmp proxying enable,588 ip local policy-based-route,548 igmp
ipv6 local policy-based-route,949 isis timer lsp,424 ipv6 maximum load-balancing,854 isis timer retransmit,425 ipv6 mtu,711 is-level,425 ipv6 nd autoconfig managed-address-flag,712 is-name,426 ipv6 nd autoconfig other-flag,712 is-name map,427 ipv6 nd dad attempts,713 ispf enable,348 ipv6 nd hop-limit,714 is-snmp-traps enable,427 ipv6 nd ns retrans-timer,714 J ipv6 nd nud reachable-time,715 ipv6 nd ra halt,715 ipv6 nd ra interval,716 ipv6 nd ra no-advlinkmtu,717 ipv6 nd ra prefix,717 ipv6 nd
mld,1031 network,291 mld enable,1032 network,747 mld fast-leave,1033 network (BGP/BGP-VPN instance view),483 mld group-limit,1033 mld group-policy,1034 network (IPv6 address family view/IPv6 BGP-VPN instance view),891 mld host-tracking,1035 network (OSPF area view),352 mld last-listener-query-interval,1036 mld max-response-time,1036 mld proxying enable,1037 network ip range,175 network mask,176 network short-cut (BGP/BGP-VPN instance view),483 mld proxying forwarding,1038 network-entity,431 ml
peer description (BGP/BGP-VPN instance view),496 ospfv3 timer retransmit,838 ospfv3 trans-delay,839 peer description (IPv6 address family view),903 output-delay,291 peer ebgp-max-hop (BGP/BGP-VPN instance view),496 P peer ebgp-max-hop (IPv6 address family view),903 peer,365 peer enable (BGP/BGP-VPN instance view),497 peer,292 peer enable (IPv6 address family view),904 peer advertise-community (BGP/BGP-VPN instance view),484 peer fake-as (BGP/BGP-VPN instance view),498 peer fake-as (IPv6 address
peer route-policy (BGP/BGP-VPN instance view),509 pim state-refresh-capable,646 peer route-policy (IPv6 address family view),917 pim timer graft-retry,647 peer route-policy (IPv6 BGP-VPN instance view),917 pim timer hello,647 peer route-update-interval (BGP/BGP-VPN instance view),510 pim timer join-prune,648 peer route-update-interval (IPv6 address family view),918 pki-domain,1097 peer sa-cache-maximum,675 port,57 peer sa-policy,676 peer sa-request-policy,677 peer substitute-as (BGP/BGP-VPN inst
prefix-pool,754 reset counters interface vlan-interface,54 priority high,433 reset dhcp relay statistics,206 probe-interval (IPv6 PIM view),1006 reset dhcp server conflict,178 probe-interval (PIM view),649 reset dhcp server ip-in-use,179 promiscuous,28 reset dhcp server statistics,179 proxy-arp enable,242 reset dns host,221 proxy-nd enable,724 reset igmp group,598 prune delay (IPv6 PIM view),1007 reset igmp ssm-mapping group,599 prune delay (PIM view),650 reset ip ip-prefix,1085 Q reset i
reset ripng process,792 shutdown,22 reset ripng statistics,793 shutdown,36 reset stp,90 shutdown,55 reset tcp ipv6 statistics,726 shutdown (MSDP view),679 reset udp ipv6 statistics,726 silent-interface (OSPF view),369 revision-level,91 silent-interface (RIP view),304 rfc1583 compatible,368 silent-interface(OSPFv3 view),841 rip,294 sip-server,759 rip authentication-mode,295 snmp-agent trap enable ospf,370 rip bfd enable,296 source-lifetime (IPv6 PIM view),1010 rip bfd enable destination,2
stp compliance,93 tftp-server ip-address,183 stp config-digest-snooping,94 timer (BGP/BGP-VPN instance view),521 stp cost,95 timer (IPv6 address family view),927 stp edged-port,96 timer hello (IPv6 PIM view),1016 stp enable,97 timer hello (PIM view),659 stp loop-protection,98 timer hold,133 stp max-hops,98 timer join-prune (IPv6 PIM view),1016 stp mcheck,99 timer join-prune (PIM view),659 stp mode,100 timer lsp-generation,437 stp no-agreement-check,101 timer lsp-max-age,438 stp pathcost-
