HP High-End Firewalls Network Management Command Reference Part number: 5998-2637 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Interface management configuration commands ······································································································· 1 General Ethernet interface and subinterface configuration commands ······································································ 1 combo enable ··························································································································································· 1 description ······························
port ·········································································································································································· 41 port access vlan ····················································································································································· 42 port hybrid pvid ··················································································································································
stp transmit-limit ····················································································································································· 88 vlan-mapping modulo ··········································································································································· 89 Layer 2 forwarding configuration commands ·········································································································· 91 General Layer 2 forwardi
dhcp relay information format ··························································································································· 127 dhcp relay information remote-id format-type ·································································································· 128 dhcp relay information remote-id string ············································································································ 128 dhcp relay information strategy ·····················
reset arp ······························································································································································· 165 Gratuitous ARP configuration commands ·············································································································· 167 gratuitous-arp-sending enable ···························································································································· 167 gratuitous-arp-learning e
reset rip process ·················································································································································· 208 reset rip statistics·················································································································································· 208 rip ········································································································································································
maximum load-balancing (OSPF view) ············································································································· 258 maximum-routes ··················································································································································· 258 network (OSPF area view)·································································································································· 259 nssa ································
display bgp routing-table community ················································································································ 303 display bgp routing-table community-list ··········································································································· 304 display bgp routing-table dampened ················································································································ 304 display bgp routing-table dampening parameter ········
reset bgp ······························································································································································ 346 reset bgp dampening ·········································································································································· 347 reset bgp flap-info ··············································································································································· 347 reset bg
IGMP configuration commands ····························································································································· 397 display igmp group ············································································································································· 397 display igmp interface ········································································································································ 398 display igmp proxying gro
display pim bsr-info ············································································································································· 436 display pim claimed-route ·································································································································· 438 display pim control-message counters ··············································································································· 439 display pim grafts ············
display msdp brief ··············································································································································· 477 display msdp peer-status····································································································································· 479 display msdp sa-cache········································································································································ 481 display msdp sa-count
Interface management configuration commands General Ethernet interface and subinterface configuration commands combo enable Syntax combo enable { copper | fiber } View Ethernet interface view (combo interface) Default level 2: System level Parameters copper: Activates the copper combo port. fiber: Activates the fiber combo port. Description Use the combo enable command to activate the copper or fiber combo port. When one port is enabled, the other will be automatically disabled.
View Ethernet interface view, Ethernet subinterface view Default level 2: System level Parameters text: Specifies the interface description, a string of 1 to 80 characters. The string can include case-sensitive letters, digits, special characters (including ~ ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; “ ' < > , . /), spaces, and other Unicode characters and symbols. NOTE: • Each Unicode character takes the space of two regular characters.
Parameters interface-type interface-number: Specifies an interface by its type and number. interface-number.subnumber: Specifies a subinterface number, where interface-number is an interface number; subnumber is the number of a subinterface created under the interface. The value range for subnumber is 1 to 4094. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Interface Link Protocol-link Protocol type Main IP Aux0 UP DOWN -- -- GE0/1 UP UP ETHERNET 192.168.1.1 NULL0 UP UP(spoofing) NULL -- Table 1 Output description Field Description Interface Abbreviated interface name. Link Interface physical link state, which can be up or down. Protocol-link Interface protocol link state, which can be up or down. Protocol type Interface protocol type. Speed Interface rate, in bps.
GigabitEthernet0/2 current state: DOWN Line protocol current state: DOWN Description: GigabitEthernet0/2 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet protocol processing : disabled IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e200-0004 IPv6 Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e200-0004 Media type is twisted pair, loopback not set, promiscuous mode not set Speed Negotiation, Full-duplex, link type is autonegotiation Output flow-control
Link speed type is autonegotiation, link duplex type is autonegotiation Flow-control is not enabled The Maximum Frame Length is 1500 Broadcast MAX-ratio: 100% Unicast MAX-ratio: 100% Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 1 Mdi type: unknown Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Peak value of input: 0 bytes/sec, at 2009-07-02 14:01:31 Peak value of output: 0 bytes/sec, at 2009-07-02 14:01:31 Last 300 seconds input: 0 packets/sec 0 bytes/sec Last 300 seconds
Field Description Multicast MAX-ratio Multicast storm suppression ratio (the maximum ratio of allowed number of multicast packets to overall traffic through an interface). PVID Default VLAN ID. Mdi type Cable type. Port link-type Interface link type, which could be access, trunk, and hybrid. Tagged VLAN ID VLANs whose packets are sent through the port with VLAN tag kept. Untagged VLAN ID VLANs whose packets are sent through the port with VLAN tag stripped off.
Field Description Total number of illegal packets received: • Fragment frames: Frames that were shorter than 64 bytes (with an integral or non-integral length) and contained checksum errors. • Jabber frames: Frames that were longer than 1518 or 1522 bytes aborts and contained checksum errors (the frame lengths in bytes may or may not be integers). • Symbol error frames: Frames that contained at least one undefined symbol.
# Display detailed information about Layer 2 Ethernet subinterface GigabitEthernet 0/3.1. display interface gigabitethernet 0/3.1 GigabitEthernet0/3.1 current state: DOWN IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e200-0005 Description: GigabitEthernet0/3.
half: Sets the interface to operate in half-duplex mode. This keyword is not available for the fiber combo ports. Description Use the duplex command to set the duplex mode for an Ethernet interface. Use the undo duplex command to restore the default duplex mode of the Ethernet interface. By default, an Ethernet interface operates in auto-negotiation mode. Related commands: speed. Examples # Configure interface GigabitEthernet 0/0 to operate in full-duplex mode.
# Enter GigabitEthernet 0/0 interface view (assuming that the interface is a Layer 3 Ethernet interface). system-view [Sysname] interface gigabitethernet 0/0 [Sysname-GigabitEthernet0/0] # Create Ethernet subinterface GigabitEthernet 0/0.1 and enter GigabitEthernet 0/0.1 subinterface view (assuming that GigabitEthernet 0/0 is a Layer 3 Ethernet interface and the subinterface does not exist). system-view [Sysname] interface gigabitethernet 0/0.1 [Sysname-GigabitEthernet0/0.
[Sysname-GigabitEthernet0/0] display this # interface GigabitEthernet0/0 port link-mode bridge # return NOTE: The display this command displays the configuration that takes effect in the current view. reset counters interface Syntax reset counters interface [ interface-type [ interface-number | interface-number.subnumber ] ] View User view Default level 2: System level Parameters interface-type: Specifies an interface type. interface-number: Specifies an interface number. interface-number.
View Ethernet interface view, Ethernet subinterface view Default level 2: System level Parameters None Description Use the shutdown command to shut down an Ethernet interface or subinterface. Use the undo shutdown command to bring up an Ethernet interface or subinterface. By default, Ethernet interfaces and subinterfaces are in the up state. You may need to shut down and then bring up an Ethernet interface to activate configuration changes such as the speed or duplex mode changes.
Description Use the speed command to set the speed of an Ethernet interface. Use the undo speed command to restore the default. By default, an Ethernet interface negotiates a speed with its peer. • For an Ethernet copper port, use the speed command to set its speed to match the speed of the peer interface. • For an Ethernet fiber port, use the speed command to set its speed to match the rate of a pluggable transceiver. Related commands: duplex.
Layer 2 Ethernet interface and subinterface configuration commands broadcast-suppression Syntax broadcast-suppression ratio undo broadcast-suppression View Layer 2 Ethernet interface view, Layer 2 Ethernet subinterface view Default level 2: System level Parameters ratio: Sets the broadcast suppression threshold as a percentage of the transmission capability of an Ethernet interface. The smaller the percentage, the less broadcast traffic is allowed to pass through.
undo jumboframe enable View Layer 2 Ethernet interface view Default level 2: System level Parameters value: Sets the maximum length of Ethernet frames that are allowed to pass through, in the range of 64 to 1518 bytes. Description Use the jumboframe enable command to allow jumbo frames within the specified length to pass through an Ethernet interface. Use the undo jumboframe enable command to prevent jumbo frames from passing through an Ethernet interface.
NOTE: The command is not applicable to fiber ports. Examples # Set GigabitEthernet 0/3 to operate in across MDI mode.
unicast-suppression Syntax unicast-suppression ratio undo unicast-suppression View Layer 2 Ethernet interface view, Layer 2 Ethernet subinterface view Default level 2: System level Parameters ratio: Sets the unknown unicast suppression threshold as a percentage of the transmission capability of the Ethernet interface, ranging from 1 to 100. The smaller the percentage, the less unknown unicast traffic is allowed to pass through.
Default level 2: System level Parameters external: Enables external loopback testing on an Ethernet interface. internal: Enables internal loopback testing on an Ethernet interface. Description Use the loopback command to enable loopback testing on an Ethernet interface . Use the undo loopback command to disable loopback testing on an Ethernet interface. By default, loopback testing is disabled on Ethernet interfaces.
NOTE: As the size of MTU decreases, the number of fragments grows. When setting MTU for an interface, you should consider QoS queue lengths (for example, the default FIFO queue length is 75) to avoid a too small MTU causing packet drop in QoS queuing. To achieve the best result, you can tune MTU with the mtu command or QoS queue lengths with the qos fifo queue-length command. For more information about QoS, see Network Management Configuration Guide.
system-view [Sysname] interface gigabitethernet 0/0 [Sysname-GigabitEthernet0/0] timer hold 20 Loopback and null interface configuration commands description Syntax description text undo description View Loopback interface view, Null 0 interface view Default level 2: System level Parameters text: Specifies the interface description, a string of 1 to 80 characters.
display interface loopback Syntax display interface loopback [ interface-number ] View Any view Default level 1: Monitor level Parameters interface-number: Loopback interface number, which can be the number of any existing Loopback interface. Description Use the display interface loopback command to display information about a Loopback interface. If you do not specify the interface-number argument, this command displays information about all existing loopback interfaces.
Field Description Average input rate over the last 300 seconds: • Packets/sec—The average number of packets received per Last 300 seconds input: 0 bytes/sec, 0 bits/sec, 0 packets/sec second. • Bytes/sec—The average number of bytes received per second. • Bits/sec —The average number of bits received per second. Average output rate over the last 300 seconds: Last 300 seconds output: 0 bytes/sec, 0 bits/sec, 0 packets/sec • Packets/sec—The average number of packets sent per second.
Last 300 seconds output: 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops For the command output description, see Table 5. interface loopback Syntax interface loopback interface-number undo interface loopback interface-number View System view Default level 2: System level Parameters interface-number: Loopback interface number, ranging from 0 to 1023.
Related commands: display interface null. Examples # Enter Null 0 interface view. system-view [Sysname] interface null 0 [Sysname-NULL0] reset counters interface Syntax reset counters interface [ interface-type [ interface-number | interface-number.subnumber ] ] View User view Default level 2: System level Parameters interface-type: Logical interface type. interface-number: Logical interface number. interface-number.
Default level 2: System level Parameters None Description Use the shutdown command to shut down the loopback interface. Use the undo shutdown command to bring up the loopback interface. By default, a loopback interface is up. Examples # Shut down loopback interface Loopback 1.
IP addressing configuration commands display ip interface Syntax display ip interface [ interface-type interface-number ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display ip interface command to display IP configuration information for a specified Layer 3 interface or all Layer 3 interfaces. Examples # Display IP configuration information for interface GigabitEthernet 1/1.
Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 6 Output description Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown command. current state • DOWN—The interface is administratively up but its physical state is down, which may be caused by a connection or link failure. • UP—Both the administrative and physical states of the interface are up.
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Description Total number of ICMP packets received on the interface (the statistics start at the device startup), including the following packets: • • • • • • • • • • • • • • • • Echo reply packets Unreachable packets Source
Examples # Display brief IP configuration information for GigabitEthernet interfaces. display ip interface gigabitethernet brief *down: administratively down (s): spoofing Interface Physical Protocol IP Address Description GE1/1 up up 192.168.20.144 GigabitEthernet 1... GE1/2 down down unassigned Client1 Table 7 Output description Field Description *down: administratively down The interface is administratively shut down with the shutdown command.
mask-length: Subnet mask length, the number of consecutive 1s in the mask. mask: Subnet mask in dotted decimal notation. sub: Secondary IP address for the interface. Description Use the ip address command to assign an IP address and mask to the interface. Use the undo ip address command to remove all IP addresses from the interface. Use the undo ip address ip-address { mask | mask-length } command to remove the primary IP address.
VLAN configuration commands Basic VLAN configuration commands description Syntax description text undo description View VLAN view, VLAN interface view Default level 2: System level Parameters text: Specifies a description for a VLAN or VLAN interface. The string can include case-sensitive letters, digits, special characters (including ~ ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; " ' < > , . /), spaces, and other Unicode characters and symbols. • For a VLAN, this is a string of 1 to 32 characters.
[Sysname] vlan 2 [Sysname-vlan2] description sales-private # Change the description of VLAN-interface 2 to linktoPC56. system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] description linktoPC56 display interface vlan-interface Syntax display interface vlan-interface vlan-interface-id View Any view Default level 1: Monitor level Parameters vlan-interface-id: Specifies a VLAN interface number.
Table 8 Output description Field Description The physical state of a VLAN interface: • DOWN ( Administratively )—The administrative state of the VLAN interface is down, because it has been shut down with the shutdown command. Vlan-interface2 current state • DOWN—The administrative sate of the VLAN interface is up, but its physical sate is down.
display vlan Syntax display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] View Any view Default level 1: Monitor level Parameters vlan-id1: Displays information about a VLAN specified by VLAN ID, ranging from 1 to 4094. vlan-id1 to vlan-id2: Displays information about VLANs specified by a VLAN ID range. all: Displays all VLAN information except for the reserved VLANs. dynamic: Displays the number of dynamic VLANs and the ID for each dynamic VLAN.
Tagged Ports: none Untagged Ports: none Table 9 Output description Field Description VLAN Type VLAN type, static or dynamic. Route interface Indicates whether the VLAN interface is configured or not. Description Description of the VLAN. Name Name configured for the VLAN. IP Address Primary IP address of the VLAN interface (available only when an IP address is configured for the VLAN interface).
[Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ip address Syntax ip address ip-address { mask | mask-length } [ sub ] undo ip address [ ip-address { mask | mask-length } [ sub ] ] View VLAN interface view Default level 2: System level Parameters ip-address: Specifies an IP address in dotted decimal notation. mask: Specifies a subnet mask in dotted decimal notation.
name Syntax name text undo name View VLAN view Default level 2: System level Parameters text: Specifies a VLAN name, a string of 1 to 32 characters. The string can include case-sensitive letters, digits, special characters (including ~ ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; " ' < > , . /), and spaces. Description Use the name command to configure a name for the VLAN. Use the undo name command to restore the default name of the VLAN. By default, the name of a VLAN is its VLAN ID.
Related commands: display interface vlan-interface. Examples # Clear the statistics on VLAN-interface 2. reset counters interface vlan-interface 2 shutdown Syntax shutdown undo shutdown View VLAN interface view Default level 2: System level Parameters None Description Use the shutdown command to shut down a VLAN interface. Use the undo shutdown command to bring up a VLAN interface. By default, a VLAN interface is up unless all ports in the VLAN are down.
Parameters vlan-id1, vlan-id2: Specifies a VLAN ID, ranging from 1 to 4094. vlan-id1 to vlan-id2: Specifies a VLAN range. all: Creates or removes all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094. Description Use the vlan vlan-id command to create a VLAN and enter its view or enter the view of an existing VLAN.
Examples # Display information about the hybrid ports in the system. display port hybrid Interface GE0/1 PVID 100 VLAN passing Tagged: 1000, 1002, 1500, 1600-1611, 2000, 2555-2558, 3000, 4000 Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100, 150-160, 200, 255, 286, 300-302 # Display information about the trunk ports in the system.
By default, all ports are access ports. However, you can manually configure the port type. For more information, see “port link-type.” You cannot assign Layer 2 aggregate interfaces to a VLAN. Related commands: display vlan. Examples # Assign GigabitEthernet0/1 through GigabitEthernet0/3 to VLAN 2.
system-view [Sysname] vlan 3 [Sysname-vlan3] quit [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port access vlan 3 port hybrid pvid Syntax port hybrid pvid vlan vlan-id undo port hybrid pvid View Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters vlan-id: Specifies a VLAN ID, ranging from 1 to 4094. Description Use the port hybrid pvid command to configure the PVID of the hybrid port.
# Configure VLAN 100 as the PVID of the hybrid Layer 2 aggregate interface Bridge-Aggregation 1.
# Assign the hybrid Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports to VLAN 2, and configure them to send packets of VLAN 2 with tags removed. system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port link-type hybrid [Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged Please wait... Done. Configuring GigabitEthernet0/1... Done. Configuring GigabitEthernet0/2... Done. Configuring GigabitEthernet0/3... Done.
Examples # Configure GigabitEthernet 0/1 as a trunk port. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] port link-type trunk # Configure Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports as hybrid ports.
Examples # Assign the trunk port GigabitEthernet 0/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] port link-type trunk [Sysname-GigabitEthernet0/1] port trunk permit vlan 2 4 50 to 100 Please wait........... Done. # Assign the trunk Layer 2 aggregate interface Bridge-Aggregation 1 to VLAN 2.
• If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port. The local and remote trunk ports must use the same PVID for the traffic of the PVID to be transmitted properly. You must use the port trunk permit vlan command to configure the trunk port to allow and forward packets from the PVID. Related commands: port link-type and port trunk permit vlan. Examples # Configure VLAN 100 as the PVID of the trunk port GigabitEthernet 0/1.
MAC address table configuration commands NOTE: • The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces. Support for MAC address table configuration on ports and interfaces depends on your device model. • This document covers only the configuration of unicast MAC address table entries, including static, dynamic, blackhole..
display mac-address 000f-e201-0101 MAC ADDR VLAN ID STATE PORT INDEX 000f-e201-0101 1 Learned GigabitEthernet0/1 --- 1 mac address(es) found AGING TIME(s) AGING --- Table 11 Output description Field Description MAC ADDR MAC address. VLAN ID ID of the VLAN to which the MAC address belongs. State of a MAC address entry: STATE PORT INDEX • • • • Config static—The static entry manually configured by the user. Config dynamic—The dynamic entry manually configured by the user.
The output indicates that the aging time of dynamic entries in the MAC address table is 300 seconds. mac-address (interface view) Syntax mac-address { dynamic | static } mac-address vlan vlan-id undo mac-address { dynamic | static } mac-address vlan vlan-id View Layer 2 Ethernet interface view,Layer 2 aggregate interface view Default level 2: System level Parameters dynamic: Specifies dynamic MAC address entries. These entries can age. static: Specifies static MAC address entries.
undo mac-address [ { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id ] undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id undo mac-address [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id undo mac-address [ dynamic | static ] interface interface-type interface-number View System view Default level 2: System level Parameters blackhole: Specifies destination blackhole MAC address entries.
mac-address timer Syntax mac-address timer { aging seconds | no-aging } undo mac-address timer aging View System view Default level 2: System level Parameters aging seconds: Sets an aging timer (in seconds) for dynamic MAC address entries.ranging from 10 to 630 seconds. no-aging: Sets dynamic MAC address entries not to age. Description Use the mac-address timer command to configure the aging timer for dynamic MAC address entries. Use the undo mac-address timer command to restore the default.
Spanning tree configuration commands active region-configuration Syntax active region-configuration View MST region view Default level 2: System level Parameters None Description Use the active region-configuration command to activate your MST region configuration. When you configure MST region–related parameters, MSTP launches a new spanning tree calculation process that may cause network topology instability. This is most likely to occur when you configure the VLAN-to-instance mapping table.
Parameters None Description Use the check region-configuration command to display MST region pre-configuration information, including the region name, revision level, and VLAN-to-instance mapping settings.
Default level 1: Monitor level Parameters instance instance-id: Displays the status and statistics of a specific MSTI. The value of instance-id ranges from 0 to 15, where 0 represents the common internal spanning tree (CIST).
• • • { CIST root port of the device { Status of the BPDU guard function (enabled or disabled) CIST port parameters: { Port status { Role { Priority { Path cost { Designated bridge { Designated port { Edge port/non-edge port { Connecting to a point-to-point link or not { Maximum transmission rate (transmit limit) { Status of the root guard function (enabled or disabled) { BPDU format { Boundary port/non-boundary port { Hello time { Max age { Forward delay { Message age
• The number of TCN BPDUs, configuration BPDUs, RST BPDUs, MST BPDUs, and wrong BPDUs received on each port • The number of BPDUs discarded on each port Related commands: reset stp. Examples # In MSTP mode, display the brief spanning tree status and statistics of MSTI 0 on ports GigabitEthernet 0/1 through GigabitEthernet 0/4.
CIST RootPortId :128.48 BPDU-Protection :disabled Bridge ConfigDigest-Snooping :disabled TC or TCN received :2 Time since last TC :0 days 0h:5m:42s ----[Port1(GigabitEthernet0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :32768.000f-e200-2200 / 128.
Table 14 display stp command output description Field Description CIST Bridge The CIST bridge ID, which comprises the device’s priority in the CIST and its MAC address. For example, in output information “32768.000f-e200-2200”, the value preceding the dot is the device’s priority in the CIST, and the value following the dot is the device’s MAC address. Bridge ID The bridge ID, which comprises the device's priority in VLAN 1 and its MAC address. For example, in output information “32768.
Field Description The port is an edge port or non-edge port. Port Edged • Config—Configured value. • Active—Actual value. The port is connected to a point-to-point link or not. Point-to-point • Config—Configured value. • Active—Actual value. Transmit Limit The maximum number of packets sent within each hello time. Protection type on the port: Protection Type • • • • • Root—Root guard. Loop—Loop guard. BPDU—BPDU guard. BPDU/ROOT—BPDU guard and root guard. None—No protection.
Field Description Hello time(s) Interval (in seconds) for the root bridge to send BPDUs. Max hops Maximum hops in the MSTI. display stp abnormal-port Syntax display stp abnormal-port View Any view Default level 1: Monitor level Parameters None Description Use the display stp abnormal-port command to display information about ports blocked by spanning tree protection functions. Examples # In MSTP mode, display information about ports blocked by spanning tree protection functions.
View Any view Default level 1: Monitor level Parameters None Description Use the display stp down-port command to display information about ports shut down by spanning tree protection functions. Examples # Display information about ports shut down by spanning tree protection functions.
• If you do not specify any MSTI, this command displays the historical port role calculation information for all MSTIs. The displayed information is sorted by MSTI ID and by port role calculation time in each MSTI. • If you specify an MSTI, this command displays the historical port role calculation information for the specified MSTI by the sequence of port role calculation time. Examples # In MSTP mode, display the historical port role calculation information for MSTI 2.
display stp region-configuration Oper Configuration Format selector :0 Region name :hello Revision level :0 Configuration digest :0x5f762d9a46311effb7a488a3267fca9f Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20 Table 18 Output description Field Description Format selector Format selector defined by the spanning tree protocol. The default value is 0 and the selector cannot be configured. Region name MST region name.
Table 19 Output description Field Description ExtPathCost External path cost. The device automatically calculates the default path cost of a port, or alternatively, you can use the stp cost command to configure the path cost of a port. IntPathCost Internal path cost. The device automatically calculates the default path cost of a port, or alternatively, you can use the stp cost command to configure the path cost of a port.
Field Description Receive Number of TC/TCN BPDUs received on each port. Send Number of TC/TCN BPDUs sent by each port. instance Syntax instance instance-id vlan vlan-list undo instance instance-id [ vlan vlan-list ] View MST region view Default level 2: System level Parameters instance-id: Specifies an MSTI ID. The value ranges from 0 to 15, where 0 represents the CIST.
undo region-name View MST region view Default level 2: System level Parameters name: Specifies the MST region name, a string of 1 to 32 characters. Description Use the region-name command to configure the MST region name. Use the undo region-name command to restore the default MST region name. By default, the MST region name of a device is its MAC address. The MST region name, the VLAN-to-instance mapping table, and the MSTP revision level of a device determine the device's MST region.
If you specify the interface-list argument, the command clears the spanning tree-related statistics on the specified ports. Without the argument, the command clears the spanning tree-related statistics on all ports. Related commands: display stp. Examples # Clear the spanning tree-related statistics on ports GigabitEthernet 0/1 through GigabitEthernet 0/3.
View System view Default level 2: System level Parameters None Description Use the stp bpdu-protection command to enable the BPDU guard function. Use the undo stp bpdu-protection command to disable the BPDU guard function. By default, the BPDU guard function is disabled. Examples # Enable the BPDU guard function.
system-view [Sysname] stp bridge-diameter 5 stp compliance Syntax stp compliance { auto | dot1s | legacy } undo stp compliance View Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters auto: Configures the ports to recognize the MSTP BPDU format automatically and determine the format of MSTP BPDUs to send. dot1s: Configures the ports to receive and send only standard-format (802.1s-compliant) MSTP BPDUs.
Default level 2: System level Parameters None Description Use the stp config-digest-snooping command to enable Digest Snooping. Use the undo stp config-digest-snooping command to disable Digest Snooping. The feature is disabled by default. Configured in system view, the setting takes effect globally. Configured in Ethernet interface view, the setting takes effect on the interface only. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface.
• With the IEEE 802.1t standard selected for path cost calculation, the cost argument ranges from 1 to 200000000. • With the private standard selected for path cost calculation, the cost argument ranges from 1 to 200000. Description Use the stp cost command to set the path cost of the port or ports. Use the undo stp cost command to restore the default. By default, the device automatically calculates the path costs of ports in each spanning tree based on the corresponding standard.
Description Use the stp edged-port enable command to configure the ports as edge ports. Use the stp edged-port disable command to configure the ports as non-edge ports. Use the undo stp edged-port command to restore the default. By default, all ports are non-edge ports. Configured in Ethernet interface view, the setting takes effect on the interface only. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface.
Description Use the stp enable command to enable the spanning tree feature globally. Use the undo stp enable command to disable the spanning tree feature. Whether the spanning tree feature is disableed globally. By default, the spanning tree feature is enabled on all ports. Configured in system view, the setting takes effect globally. Configured in Ethernet interface view, the setting takes effect on the interface only.
Configured in Ethernet interface view, the setting takes effect on the interface only. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface. Configured on a member port in an aggregation group, the setting takes effect only after the port leaves the aggregation group. You cannot configure edge port settings and loop guard, or configure root guard and loop guard on a port at the same time. Related commands: stp edged-port and stp root-protection.
View System view, Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters None Description Use the stp mcheck command to perform the mCheck operation globally or on a port. If a port on a device running MSTP or RSTP mode connects to an STP device, this port will automatically transition to the STP-compatible mode. However, it cannot automatically transition back to the original mode when: • The STP device is shut down or removed.
Parameters stp: Configures the spanning tree device to work in STP-compatible mode. rstp: Configures the spanning tree device to work in RSTP mode. mstp: Configures the spanning tree device to work in MSTP mode. Description Use the stp mode command to configure the spanning tree work mode. Use the undo stp mode command to restore the default. By default, a spanning tree device works in MSTP mode. Related commands: stp mcheck and stp enable.
stp pathcost-standard Syntax stp pathcost-standard { dot1d-1998 | dot1t | legacy } undo stp pathcost-standard View System view Default level 2: System level Parameters dot1d-1998: Configures the device to calculate the default path cost for ports based on IEEE 802.1d-1998. dot1t: Configures the device to calculate the default path cost for ports based on IEEE 802.1t. legacy: Configures the device to calculate the default path cost for ports based on a private standard.
force-true: Specifies the point-to-point link type. Description Use the stp point-to-point command to configure the link type of the ports. Use the undo stp point-to-point command to restore the default. The default setting is auto and the spanning tree device automatically detects whether a port connects to a point-to-point link. Configured in Ethernet interface view, the setting takes effect on the interface only.
Use the undo stp port priority command to restore the default. By default, the port priority is 128. Configured in Ethernet interface view, the setting takes effect on the interface only. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface. Configured on a member port in an aggregation group, the setting takes effect only after the port leaves the aggregation group.
Examples # In MSTP mode, set the device priority to 4096 in MSTI 1. system-view [Sysname] stp instance 1 priority 4096 stp region-configuration Syntax stp region-configuration undo stp region-configuration View System view Default level 2: System level Parameters None Description Use the stp region-configuration command to enter MST region view. Use the undo stp region-configuration command to restore the default MST region configurations.
Parameters instance instance-id: Configures the device as the root bridge in a particular MSTI. The value of instance-id ranges from 0 to 15, where 0 represents the CIST. Description Use the stp root primary command to configure the device as the root bridge. Use the undo stp root command to restore the default. By default, a device is not a root bridge. To set an MSTP device as the root bridge in a specific MSTI, use this command with the MSTI specified.
system-view [Sysname] stp instance 1 root secondary stp root-protection Syntax stp root-protection undo stp root-protection View Ethernet interface view Layer 2 aggregate interface view Default level 2: System level Parameters None Description Use the stp root-protection command to enable the root guard function on the ports. Use the undo stp root-protection command to restore the default. By default, the root guard function is disabled.
Parameters None Description Use the stp tc-protection enable command to enable the TC-BPDU attack guard function for the device. Use the stp tc-protection disable command to disable the TC-BPDU attack guard function for the device. By default, the TC-BPDU attack guard function is enabled. Examples # Disable the TC-BPDU attack guard function for the device.
Default level 2: System level Parameters time: Sets the forward delay in centiseconds, ranging from 400 to 3000 in steps of 100 (as in 400, 500, 600). Description Use the stp timer forward-delay command to set the forward delay timer of the device. Use the undo stp timer forward-delay command to restore the default. By default, the forward delay timer is 1500 centiseconds. The forward delay timer determines the time interval of state transition.
Hello time is the time interval at which spanning tree devices send configuration BPDUs to maintain spanning tree. If a device fails to receive configuration BPDUs within the set period of time, a new spanning tree calculation process will be triggered due to timeout. HP does not recommend you to set the hello time with this command.
stp timer-factor Syntax stp timer-factor factor undo stp timer-factor View System view Default level 2: System level Parameters factor: Sets the timeout factor, ranging from 1 to 20. Description Use the stp timer-factor command to set the timeout factor, which decides the timeout time. Timeout time = timeout factor × 3 × hello time. Use the undo stp timer-factor command to restore the default. By default, the timeout factor is 3.
Parameters limit: Sets the maximum number of BPDUs the ports can send within each hello time, ranging from 1 to 255. Description Use the stp transmit-limit command to set the maximum transmission rate of the ports, which specifies the maximum number of BPDUs the ports can send within each hello time. Use the undo stp transmit-limit command to restore the default. By default, the maximum transmission rate of all ports is 10. Each port can send up to 10 BPDUs within each hello time.
VLAN 1 will be mapped to MSTI 1, VLAN 2 to MSTI 2, VLAN 15 to MSTI 15, VLAN 16 to MSTI 1, and so on. Related commands: region-name, revision-level, region-configuration, and active region-configuration. Examples # Map VLANs to MSTIs as per modulo 8.
Layer 2 forwarding configuration commands General Layer 2 forwarding configuration commands display bridge forwarding statistics Syntax display bridge forwarding statistics [ interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters interface-type: Specifies the interface type. interface-number: Specifies the interface number. Description Use the display bridge forwarding statistics command to display Layer 2 forwarding statistics.
Filtered:0 Invalid Tag:0 Table 21 Output description Field Description Total received Total number of received Ethernet frames Filtered Number of frames filtered out by 802.
Examples # Clear all Layer 2 forwarding statistics. reset bridge forwarding statistics Inline Layer 2 forwarding configuration commands display inline-interfaces Syntax display inline-interfaces View Any view Default level 1: Monitor level Parameters None Description Use the display inline-interfaces command to display inline Layer 2 forwarding information. Examples # Display inline Layer 2 forwarding information.
View System view Default level 2: System level Parameters id: ID for an inline forwarding entry, in the range of 1 to 100. blackhole: Configures a blackhole-type inline forwarding entry. reflect: Configures a reflect-type inline forwarding entry. Description Use the inline-interfaces command to create an inline forwarding entry. Use the undo inline-interfaces command to remove an inline forwarding entry.
Examples # Assign Ethernet 0/1 and Ethernet 0/2 to forward-type inline forwarding entry 2.
DHCP server configuration commands bims-server Syntax bims-server ip ip-address [ port port-number ] sharekey key undo bims-server View DHCP address pool view Default level 2: System level Parameters ip ip-address: Specifies an IP address for the BIMS server. port port-number: Specifies a port number for the BIMS server in the range 1 to 65534. sharekey key: Specifies a shared key for the BIMS server, which is a string of 1 to 16 characters.
Default level 2: System level Parameters bootfile-name: Boot file name, a string of 1 to 63 characters. Description Use the bootfile-name command to specify a bootfile name in the DHCP address pool for the client. Use the undo bootfile-name command to remove the specified bootfile name. By default, no bootfile name is specified. If you execute the bootfile-name command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree.
dhcp select server global-pool Syntax dhcp select server global-pool [ subaddress ] undo dhcp select server global-pool [ subaddress ] View Interface view Default level 2: System level Parameters subaddress: Supports secondary address allocation. When the DHCP server and client are on the same network segment, the server preferably assigns an IP address from an address pool that resides on the same subnet as the primary IP address of the server interface (connecting to the client).
Default level 2: System level Parameters None Description Use the dhcp server detect command to enable unauthorized DHCP server detection. Use the undo dhcp server detect command to disable the function. By default, the function is disabled. With this function enabled, upon receiving a DHCP request, the DHCP server records the IP addresses of DHCP servers that offered IP addresses to the DHCP client and the receiving interface. Each server detected is recorded only once.
forbidden-ip command. If you have configured to exclude an address range from dynamic assignment, you need to specify the same address range in the undo dhcp server forbidden-ip command instead of specifying one IP address. • Using the dhcp server forbidden-ip command repeatedly can exclude multiple IP address ranges from allocation. Related commands: display dhcp server forbidden-ip, dhcp server ip-pool, network, and static-bind ip-address. Examples # Exclude the IP address range 10.110.1.1 to 10.110.1.
View System view Default level 2: System level Parameters number: Number of ping packets, in the range of 0 to 10. 0 means no ping operation. Description Use the dhcp server ping packets command to specify the maximum number of ping packets on the DHCP server. Use the undo dhcp server ping packets command to restore the default. The number defaults to 1. To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client.
To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address to be assigned by using ICMP. If the server gets a response within the specified interval, the server selects and pings another IP address. If not, the server pings the IP address again until the specified number of ping attempts is reached. If still no response is received, the server assigns the IP address to the requesting client.
Parameters all: Displays information about all IP address conflicts. ip-address: Displays conflict information for a specified IP address. Description Use the display dhcp server conflict command to display information about IP address conflicts. Related commands: reset dhcp server conflict. Examples # Display information about all IP address conflicts. display dhcp server conflict all Address Discover time 4.4.4.1 Apr 25 2007 16:57:20 4.4.4.
IP address Client-identifier/ Lease expiration Type Hardware address 4.4.4.6 3030-3066-2e65-3230- Apr 25 2007 17:10:47 Release 302e-3130-3234-2d457468-6572-6e65-74302f31 --- total 1 entry --- Table 24 Output description Field Description IP address Expired IP addresses Client-identifier/Hardware address IDs or MACs of clients whose IP addresses were expired Lease expiration The lease expiration time Type Types of lease expirations. This field is set to Release.
Parameters None Description Use the display dhcp server forbidden-ip command to display IP addresses excluded from dynamic allocation in DHCP address pool. Examples # Display IP addresses excluded from dynamic allocation in the DHCP address pool. display dhcp server forbidden-ip Global: IP Range from 1.1.0.2 to 1.1.0.3 IP Range from 1.1.1.2 to 1.1.1.3 Pool name: 2 1.1.1.5 1.1.1.
display dhcp server ip-in-use all Pool utilization: 0.39% IP address Client-identifier/ Lease expiration Type Hardware address 10.1.1.1 10.1.1.
Default level 1: Monitor level Parameters None. Description Use the display dhcp server statistics command to display the statistics of the DHCP server. Related commands: reset dhcp server statistics. Examples # Display the statistics on the DHCP server.
Field Description The number of DHCP requests sent from DHCP clients to the DHCP server. The requests include: BOOTP Request • • • • • • DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM BOOTPREQUEST The number of DHCP replies sent from the DHCP server to DHCP clients.
static-bind ip-address 10.10.1.2 mask 255.0.0.0 static-bind mac-address 00e0-00fc-0001 PrevSibling node:0 expired unlimited Extended pool: Pool name: 2 network ip range 1.1.1.0 1.1.1.255 network mask 255.255.255.0 expired 0 0 2 0 Table 28 Output description Field Description Global pool Information of a common address pool Pool name Address pool name network Subnet for address allocation static-bind ip-address 10.10.1.2 mask 255.0.0.
View DHCP address pool view Default level 2: System level Parameters ip-address&<1-8>: DNS server IP address. &<1-8> means you can specify up to eight DNS server addresses separated by spaces. all: Specifies all DNS server addresses to be removed. Description Use the dns-list command to specify DNS server addresses in a DHCP address pool. Use the undo dns-list command to remove DNS server addresses from a DHCP address pool. By default, no DNS server address is specified.
system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] domain-name mydomain.com expired Syntax expired { day day [ hour hour [ minute minute ] ] | unlimited } undo expired View DHCP address pool view Default level 2: System level Parameters day day: Specifies the number of days, in the range of 0 to 365. hour hour: Specifies the number of hours, in the range of 0 to 23. minute minute: Specifies the number of minutes, in the range of 0 to 59.
Parameters ip-address&<1-8>: IP addresses to be excluded from dynamic allocation. &<1-8> indicates that you can specify up to eight IP addresses, separated with spaces. all: Excludes all IP addresses from dynamic allocation. Description Use the forbidden-ip command to exclude IP addresses from dynamic allocation in an extended address pool. Use the undo forbidden-ip command to cancel specified or all excluded IP addresses.
By default, no gateway address is specified. If you use the gateway-list command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. Examples # Specify the gateway address 10.110.1.99 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] gateway-list 10.110.1.
View DHCP address pool view Default level 2: System level Parameters b-node: Broadcast node. A b-node client sends the destination name in a broadcast message. The destination returns the name-to-IP mapping to the client after receiving the message. p-node: Peer-to-peer node. A p-node client sends the destination name in a unicast message to the WINS server, and the WINS server returns the mapping to the client. m-node: Mixed node, a combination of a b-node first and p-node second.
Description Use the network command to specify the subnet for dynamic allocation in a DHCP address pool. Use the undo network command to remove the specified subnet. No subnet is specified by default. You can specify only one subnet for each common address pool. If you use the network command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. Examples # Specify 192.168.8.
Examples # Specify addresses 10.1.1.1 through 10.1.1.150 on subnet 10.1.1.0/24 for dynamic address allocation in common address pool 1. system-view [Sysname] dhcp server ip-pool 1 [Sysname-dhcp-pool-1] network 10.1.1.0 24 [Sysname-dhcp-pool-1] network ip range 10.1.1.1 10.1.1.150 # Specify addresses 192.168.8.1 through 192.168.8.150 for dynamic address allocation in extended address pool 0. system-view [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] network ip range 192.
option Syntax option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } undo option code View DHCP address pool view Default level 2: System level Parameters code: Self-defined option number, in the range of 2 to 254, excluding 12, 50 to 55, 57 to 61, and 82. ascii ascii-string: Specifies an ASCII string with 1 to 255 characters. hex hex-string&<1-16>: Specifies hex digit strings. &<1-16> indicates that you can specify up to 16 hex digit strings, separated by spaces.
ip ip-address: Clears the conflict statistics of a specified IP address. Description Use the reset dhcp server conflict command to clear statistics of IP address conflict(s). Related commands: display dhcp server conflict. Examples # Clears the statistics of all IP address conflicts.
Description Use the reset dhcp server statistics command to clear the statistics of the DHCP server. Related commands: display dhcp server statistics. Examples # Clear the statistics of the DHCP server.
static-bind ip-address Syntax static-bind ip-address ip-address [ mask-length | mask mask ] undo static-bind ip-address View DHCP address pool view Default level 2: System level Parameters ip-address: IP address of a static binding. If no mask and mask length is specified, the natural mask is used. mask-length: Mask length of the IP address, which is the number of 1s in the mask, in the range of 1 to 30. mask mask: Specifies the IP address mask, in dotted decimal format.
undo static-bind mac-address View DHCP address pool view Default level 2: System level Parameters mac-address: The MAC address of a static binding, in the format of H-H-H. Description Use the static-bind mac-address command to statically bind a MAC address to an IP address in a DHCP address pool. Use the undo static-bind mac-address command to remove the statically bound MAC address. By default, no MAC address is statically bound.
Use the undo tftp-server domain-name command to remove the TFTP server name from a DHCP address pool. By default, no TFTP server name is specified. If you perform the tftp-server domain-name command repeatedly, the last configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. Examples # Specify the TFTP server name as aaa in DHCP address pool 0.
voice-config Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] View DHCP address pool view Default level 2: System level Parameters as-ip ip-address: Specifies the IP address for the backup network calling processor. When the primary network calling processor is unavailable, the DHCP client uses the backup network calling processor.
DHCP relay agent configuration commands NOTE: The DHCP relay agent configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces) and Layer 3 aggregate interfaces. dhcp relay address-check enable Syntax dhcp relay address-check enable undo dhcp relay address-check enable View Interface view Default level 2: System level Parameters None Description Use the dhcp relay address-check enable command to enable address check on the relay agent.
dhcp relay information circuit-id format-type Syntax dhcp relay information circuit-id format-type { ascii | hex } undo dhcp relay information circuit-id format-type View Interface view Default level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex.
Description Use the dhcp relay information circuit-id string command to configure the padding content for the user-defined circuit ID sub-option. Use the undo dhcp relay information circuit-id string command to restore the default. By default, the padding content for the circuit ID sub-option depends on the padding format of Option 82. After you configure the padding content for the circuit ID sub-option using this command, ASCII is adopted as the code type.
dhcp relay information format Syntax dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } undo dhcp relay information format View Interface view Default level 2: System level Parameters normal: Specifies the normal padding format. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies access node identifier. By default, the node MAC address is used as the node identifier.
dhcp relay information remote-id format-type Syntax dhcp relay information remote-id format-type { ascii | hex } undo dhcp relay information remote-id format-type View Interface view Default level 2: System view Parameters ascii: Specifies the code type for the remote ID sub-option as ascii. hex: Specifies the code type for the remote ID sub-option as hex. Description Use the dhcp relay information remote-id format-type command to configure the code type for the non-user-defined remote ID sub-option.
Description Use the dhcp relay information remote-id string command to configure the padding content for the user-defined remote ID sub-option. Use the undo dhcp relay information remote-id string command to restore the default. By default, the padding content for the remote ID sub-option depends on the padding format of Option 82. After you configure the padding content for the remote ID sub-option using this command, ASCII is adopted as the code type.
Examples # Configure the DHCP relay agent handling strategy for messages containing Option 82 as keep. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] dhcp relay information enable [Sysname-GigabitEthernet0/1] dhcp relay information strategy keep dhcp relay release ip Syntax dhcp relay release ip client-ip View System view Default level 2: System level Parameters client-ip: DHCP client IP address.
dynamic: Specifies dynamic client entries to be removed. static: Specifies manual client entries to be removed. Description Use the dhcp relay security static command to configure a static client entry, which is the binding between IP address, MAC address, and Layer 3 interface on the relay agent. Use the undo dhcp relay security command to remove specified client entries from the relay agent. No manual client entry is configured on the DHCP relay agent by default.
Examples # Disable the DHCP relay agent from periodically refreshing dynamic client entries. system-view [Sysname] undo dhcp relay security refresh enable dhcp relay security tracker Syntax dhcp relay security tracker { interval | auto } undo dhcp relay security tracker [ interval ] View System view Default level 2: System level Parameters interval: Refreshing interval in seconds, in the range of 1 to 120.
Parameters None Description Use the dhcp relay server-detect command to enable unauthorized DHCP server detection. Use the undo dhcp relay server-detect command to disable unauthorized DHCP server detection. By default, unauthorized DHCP server detection is disabled. With this function enabled, upon receiving a DHCP request, the DHCP relay agent records the IP addresses of all DHCP servers that offered IP addresses to the DHCP client and the receiving interface. Each server detected is recorded only once.
Examples # Specify DHCP server 1.1.1.1 for DHCP server group 1 on the relay agent. system-view [Sysname] dhcp relay server-group 1 ip 1.1.1.1 dhcp relay server-select Syntax dhcp relay server-select group-id undo dhcp relay server-select View Interface view Default level 2: System level Parameters group-id: DHCP server group number to be correlated, in the range of 0 to 19.
Default level 2: System level Parameters None Description Use the dhcp select relay command to enable the relay agent on the current interface. Upon receiving requests from an enabled interface, the relay agent will forward these requests to outside DHCP servers for IP address allocation. Use the undo dhcp select relay command to restore the default. After DHCP is enabled, the DHCP server is enabled on an interface by default.
Table 29 Output description Field Description Server-group DHCP server group number correlated to the interface. display dhcp relay information Syntax display dhcp relay information { all | interface interface-type interface-number } View Any view Default level 1: Monitor level Parameters all: Displays the Option 82 configuration information of all interfaces. interface interface-type interface-number: Displays the Option 82 configuration information of a specified interface.
Field Description Remote ID format-type Non-user-defined code type of the remote ID sub-option, which can be ASCII or HEX.
Field Description Interface Layer 3 interface connecting to the DHCP client. If no interface is recorded in the binding entry, “N/A” is displayed. display dhcp relay security statistics Syntax display dhcp relay security statistics View Any view Default level 1: Monitor level Parameters None Description Use the display dhcp relay security statistics command to display statistics information about bindings of DHCP relay agents.
Default level 1: Monitor level Parameters None Description Use the display dhcp relay security tracker command to display the interval for refreshing dynamic bindings on the relay agent. Examples # Display the interval for refreshing dynamic bindings on the relay agent. display dhcp relay security tracker Current tracker interval : 10s The interval is 10 seconds.
display dhcp relay statistics Syntax display dhcp relay statistics [ server-group { group-id | all } ] View Any view Default level 1: Monitor level Parameters group-id: Specifies a server group number in the range of 0 to 19 about which to display DHCP packet statistics. all: Specifies all server groups about which to display DHCP packet statistics. Information for each group will be displayed.
DHCPACK packets relayed: 0 DHCPNAK packets relayed: 0 BOOTPREPLY packets relayed: 0 DHCP packets sent to servers: 0 DHCPDISCOVER packets sent: 0 DHCPREQUEST packets sent: 0 DHCPINFORM packets sent: 0 DHCPRELEASE packets sent: 0 DHCPDECLINE packets sent: 0 BOOTPREQUEST packets sent: 0 DHCP packets sent to clients: 0 DHCPOFFER packets sent: 0 DHCPACK packets sent: 0 DHCPNAK packets sent: 0 BOOTPREPLY packets sent: 0 # Display DHCP packet statistics related to every server group o
If no server-group is specified, all statistics will be removed from the relay agent. Related commands: display dhcp relay statistics. Examples # Remove all statistics from the DHCP relay agent.
DHCP client configuration commands NOTE: • The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces) and Layer 3 aggregate interfaces. • You cannot configure an interface of an aggregation group as a DHCP client. display dhcp client Syntax display dhcp client [ verbose ] [ interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters verbose: Specifies verbose DHCP client information to be displayed.
Default router: 40.1.1.2 Classless static route: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16 DNS server: 44.1.1.11 DNS server: 44.1.1.12 Domain name: ddd.com Boot server: 200.200.200.200 1.1.1.1 Client ID: 3030-3066-2e65-3234392e-3830-3438-2d566c61-6e2d-696e-74657266-6163-6531 T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.
Field Description Boot server PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43. Client ID Client ID T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. How long the T1 (1/2 lease time) timer will timeout.
BOOTP client configuration commands NOTE: • BOOTP client configuration can only be used on Layer 3 Ethernet interfaces (including subinterfaces), Layer 3 aggregate interfaces. • You cannot configure an interface of an aggregation group as a BOOTP client. display bootp client Syntax display bootp client [ interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters interface interface-type interface-number: Displays the BOOTP client information of the interface.
Field Description Transaction ID Value of the XID field in a BOOTP message, which is a random number chosen when the BOOTP client sends a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server. If the values of the XID field are different in the BOOTP response and request, the BOOTP client will drop the BOOTP response.
IPv4 DNS configuration commands display dns domain Syntax display dns domain [ dynamic ] View Any view Default level 1: Monitor level Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. Description Use the display dns domain command to display the domain name suffixes. Related commands: dns domain. Examples # Display domain name suffixes. display dns domain Type: D:Dynamic S:Static No.
Default level 1: Monitor level Parameters dynamic: Displays the DNS server information dynamically obtained through DHCP or other protocols Description Use the display dns server command to display the IPv4 DNS server information. Related commands: dns server. Examples # Display the IPv4 DNS server information. display dns server Type: D:Dynamic DNS Server 1 S:Static Type IP Address S 169.254.65.
My 0 static 1.1.1.1 Aa 0 static 2.2.2.4 Table 38 Output description Field Description Host Host name Time to live. 0 means that the static mapping will never age out. Age Flags Address You can only manually remove the static mappings between host names and IPv4 addresses. Indicates the mapping type. Static represents static IPv4 domain name resolution.
[Sysname] dns domain com dns proxy enable Syntax dns proxy enable undo dns proxy enable View System view Default level 2: System level Parameters None Description Use the dns proxy enable command to enable DNS proxy. Use the undo dns proxy enable command to disable DNS proxy. By default, DNS proxy is disabled. Examples # Enable DNS proxy.
Examples # Enable dynamic domain name resolution. system-view [Sysname] dns resolve dns server Syntax In system view: dns server ip-address undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address View System view, interface view Default level 2: System level Parameters ip-address: IPv4 address of the DNS server. Description Use the dns server command to specify a DNS server. Use the undo dns server to remove DNS server(s).
ip host Syntax ip host hostname ip-address undo ip host hostname [ ip-address ] View System view Default level 2: System level Parameters hostname: Host name, consisting of 1 to 255 characters, including case-insensitive letters, numbers, hyphens (-), underscores (_), or dots (.). The host name must include at least one letter. ip-address: IPv4 address of the specified host in dotted decimal notation.
DDNS configuration commands ddns apply policy Syntax ddns apply policy policy-name [ fqdn domain-name ] undo ddns apply policy policy-name View Interface view Default level 2: System level Parameters policy-name: DDNS policy name, a case-insensitive string of 1 to 32 characters. fqdn domain-name: Specifies the FQDN for update. The domain-name argument is a case-insensitive string of 1 to 127 characters, and is used to replace in the URL for DDNS update.
undo ddns policy policy-name View System view Default level 2: System level Parameters policy-name: DDNS policy name, a case-insensitive string of 1 to 32 characters. Description Use the ddns policy command to create a DDNS policy and enter its view. Use the undo ddns policy command to delete the DDNS policy. By default, no DDNS policy is created. Related commands: display ddns policy. Examples # Create a DDNS policy named steven_policy and enter its view.
Table 39 Output description Field Description DDNS policy DDNS policy name URL URL address for the DDNS service. This field is empty if no URL address is configured. SSL client policy Name of the associated SSL client policy. This field is empty if no associated SSL client policy is configured.
system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] interval 1 0 1 ssl client policy Syntax ssl client policy policy-name undo ssl client policy View DDNS policy view Default level 2: System level Parameters policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters. Description Use the ssl client policy command to associate a specific SSL client policy with a DDNS policy.
Parameters request-url: URL address for DDNS update requests, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information. Description Use the url command to specify the URL address for DDNS update requests. Use the undo url command to delete the URL address. By default, no URL address is specified for DDNS update requests. The format of the URL address to be specified for DDNS update requests depends on the DDNS server.
ARP configuration commands arp check enable Syntax arp check enable undo arp check enable View System view Default level 2: System level Parameters None Description Use the arp check enable command to enable ARP entry check. With this function enabled, the firewall cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system displays error messages. Use the undo arp check enable command to disable the function.
Description Use the arp max-learning-num command to configure the maximum number of dynamic ARP entries that an interface can learn. Use the undo arp max-learning-num command to restore the default. Examples # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries. system-view [Sysname] interface vlan-interface 40 [Sysname-Vlan-interface40] arp max-learning-num 500 # Specify GigabitEthernet 0/0 to learn up to 1000 dynamic ARP entries.
• If both the vlan-id and ip-address arguments are specified, the IP address of the VLAN interface corresponding to the vlan-id argument must belong to the same network segment as the IP address specified by the ip-address argument. • If no VPN instance is specified in the undo arp command, the corresponding ARP entry in all VPN instances is removed. Related commands: reset arp, display arp. Examples # Configure a static ARP entry, with the IP address being 202.38.10.
Default level 1: Monitor level Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. vlan vlan-id: Displays the ARP entries of the specified VLAN. The VLAN ID ranges from 1 to 4,094. interface interface-type interface-number: Displays the ARP entries of the interface specified by the argument interface-type interface-number. verbose: Displays detailed information about ARP entries.
Field Description VLAN ID VLAN ID contained a static ARP entry Interface Outbound interface in an ARP entry Aging Aging time for a dynamic ARP entry in minutes (“N/A” means unknown aging time or no aging time) Type ARP entry type: D for dynamic, S for static, and A for authorized. Vpn-instance Name Name of VPN instance. [No Vrf] means no VPN instance is configured for the corresponding ARP. # Display the number of all ARP entries.
display arp timer aging Syntax display arp timer aging View Any view Default level 2: System level Parameters None Description Use the display arp timer aging command to display the aging time for dynamic ARP entries. Related commands: arp timer aging. Examples # Display the aging time for dynamic ARP entries.
Related commands: arp static, reset arp. Examples # Display ARP entries for the VPN instance named test. display arp vpn-instance test Type: S-Static D-Dynamic IP Address MAC Address VLAN ID Interface Aging Type 20.1.1.
interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number. Description Use the reset arp command to clear ARP entries except authorized ARP entries from the ARP mapping table. With interface interface-type interface-number or slot slot-number specified, the command clears only dynamic ARP entries of the interface or the interface card. Related commands: arp static and display arp. Examples # Clear all static ARP entries.
Gratuitous ARP configuration commands gratuitous-arp-sending enable Syntax gratuitous-arp-sending enable undo gratuitous-arp-sending enable View System view Default level 2: System level Parameters None Description Use the gratuitous-arp-sending enable command to enable the firewall to send gratuitous ARP packets when receiving ARP requests from another network segment. Use the undo gratuitous-arp-sending enable command to restore the default.
Use the undo gratuitous-arp-learning enable command to disable the function. By default, the function is enabled.
Examples # Enable GigabitEthernet 0/0 to send gratuitous ARP packets every 300 ms.
Proxy ARP configuration commands display local-proxy-arp Syntax display local-proxy-arp [ interface interface-type interface-number ] View Any view Default level 2: System level Parameters interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number. Description Use the display local-proxy-arp command to display the status of the local proxy ARP.
Related commands: proxy-arp enable. Examples # Display the proxy ARP status on GigabitEthernet 0/0 .
View VLAN interface view, Ethernet interface view Default level 2: System level Parameters None Description Use the proxy-arp enable command to enable proxy ARP. Use the undo proxy-arp enable command to disable proxy ARP. By default, proxy ARP is disabled. Related commands: display proxy-arp. Examples # Enable proxy ARP on GigabitEthernet 0/0.
QoS policy commands Class commands display traffic classifier Syntax display traffic classifier { system-defined | user-defined } [ tcl-name ] View Any view Default level 1: Monitor level Parameters system-defined: Displays system-defined classes. user-defined: Displays user-defined classes. tcl-name: Class name, a string of 1 to 31 characters. Description Use the display traffic classifier command to display class information.
if-match Syntax if-match match-criteria undo if-match match-criteria undo if-match acl { acl-number | name acl-name } [ update acl { acl-number | name acl-name } ] View Class view Default level 2: System level Parameters match-criteria: Specifies a match criterion. Table 42 shows the available criteria. acl { acl-number | name acl-name }: Specifies an ACL already referenced in the class by the ACL name or ACL number.
Defining a criterion to match a source MAC address Defining a criterion to match 802.1p priority in customer Defining an ACL-based match criterion If the ACL referenced in the if-match command does not exist, the class cannot be applied to hardware. For a class, you can reference an ACL twice by its name and number with the if-match command, respectively. Defining a criterion to match a destination MAC address You can configure multiple destination MAC address match criteria for a class.
system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl name flow # Change the match criterion of class class1 from ACL 2008 to ACL 2009. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] undo if-match acl 2008 update acl 2009 # Define a match criterion for class class1 to match packets with protocol group ID 2.
Traffic behavior commands car Syntax car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ green action ] [ red action ] undo car View Traffic behavior view Default level 2: System level Parameters cir committed-information-rate: Committed information rate (CIR) in kbps, which specifies an average traffic rate. cbs committed-burst-size: Committed burst size (CBS) in bytes. By default, CBS is the amount of traffic transmitted at the rate of CIR over 500 ms.
Examples # Configure a CAR action in traffic behavior database: • Set the CIR to 200 kbps, CBS to 50000 bytes, and EBS to 0. • Allow the conforming packets to pass, and mark the excess packets with IP precedence 0 and forward them.
Field Description Red Action Action to be taken on red packets, which can be pass or discard traffic behavior Syntax traffic behavior behavior-name undo traffic behavior behavior-name View System view Default level 2: System level Parameters behavior-name: Sets a behavior name, a string of 1 to 31 characters. The specified behavior-name must not be a system-defined traffic behavior name like ef, af, be, and be-flow-based.
Default level 2: System level Parameters tcl-name: Class name, a string of 1 to 31 characters. behavior-name: Behavior name, a string of 1 to 31 characters. Description Use the classifier behavior command to associate a behavior with a class in a QoS policy. Use the undo classifier command to remove a class from the policy. You cannot remove a default class. You can perform a set of QoS actions on a traffic class by associating a traffic behavior with the traffic class.
Policy: test Classifier: default-class Behavior: be -none- Classifier: USER1 Behavior: USER1 -none- Table 44 Output description Field Description Policy Policy name Class name Classifier Behavior A policy can contain multiple classes, and each class is associated with a traffic behavior. A class can be configured with multiple match criteria. For more information, see the traffic classifier command in “Class commands.” Behavior associated with the class. A behavior is associated with a class.
Direction: Outbound Policy: user1 Classifier: default-class Matched : 0(Packets) 0(Bytes) Rule(s) : If-match any Behavior: be -noneClassifier: database Matched : 0(Packets) 0(Bytes) Operator: AND Rule(s) : -noneBehavior: test -none- Table 45 Output description Field Description Interface Interface type and interface number Direction The direction in which the policy is applied to the interface Policy Name of the policy applied to the interface Classifier Class name and configuration information
To successfully apply a policy to an interface, make sure that the total bandwidth assigned to AF and EF in the policy is smaller than the available bandwidth of the interface. If the available bandwidth of the interface is modified to a value smaller the total bandwidth for AF and EF, the applied policy is removed. Settings in interface view take effect on the current interface. Examples # Apply policy USER1 in the outbound direction of GigabitEthernet0/1.
Traffic policing commands display qos car interface Syntax display qos car interface [ interface-type interface-number ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display qos car interface command to display the CAR settings and operational statistics on a specified interface.
Table 46 Output description Field Description Interface Interface name, including interface type and interface number Direction The direction in which traffic policing is applied Rule(s) Match criteria CIR Committed information rate (CIR) in kbps CBS Committed burst size (CBS) in bytes, which specifies the depth of the token bucket for holding bursty traffic EBS Excessive burst size (EBS) in bytes, which specifies the traffic exceeding CBS when two token buckets are used PIR Peak information
Table 47 Output description Field Description List CAR list number Params Match object qos car Syntax qos car { inbound | outbound } { any | acl acl-number | carl carl-index } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ green action ] [ red action ] undo qos car { inbound | outbound } { any | acl acl-number | carl carl-index } View Interface view Default level 2: System Level Parameters inbound: Limit the rate of incoming packets on the interface.
• remark-prec-continue new-precedence: Remarks the packet with a new IP precedence and hands it over to the next CAR policy. The value range is 0 to 7. • remark-prec-pass new-precedence: Remarks the packet with a new IP precedence and permits the packet to pass through. The value range is 0 to 7. Description Use the qos car command to configure a CAR policy on an interface. Use the undo qos car command to delete a CAR policy on an interface.
Description Use the qos carl command to create or modify a CAR list. Use the undo qos-carl command to delete a CAR list. NOTE: When you apply an IP network segment-based CAR list to an interface with the qos car command, the CIR you defined takes different meanings depending on the configuration of the per-address keyword and the shared-bandwidth keyword for the CAR list.
Static routing configuration commands NOTE: The term router in this document refers to a network device running routing protocols. delete static-routes all Syntax delete [ vpn-instance vpn-instance-name ] static-routes all View System view Default level 2: System level Parameters vpn-instance-name: Name of a VPN instance, a string of 1 to 31 case-sensitive characters. Description Use the delete static-routes all command to delete all static routes.
ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] [ public ] | interface-type interface-number [ next-hop-address ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] undo ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } [ next-hop-address [ public ] | interface-typ
1. If the destination IP address and the mask are both 0.0.0.0, the configured route is a default route. If routing table searching fails, the router will use the default route for packet forwarding. 2. Different route management policies can be implemented for different route preference configurations. For example, specifying the same preference for different routes to the same destination address enables load sharing, while specifying different preferences for these routes enables route backup. 3.
ip route-static default-preference Syntax ip route-static default-preference default-preference-value undo ip route-static default-preference View System view Default level 2: System level Parameters default-preference-value: Default preference for static routes, which is in the range of 1 to 255. Description Use the ip route-static default-preference command to configure the default preference for static routes. Use the undo ip route-static default-preference command to restore the default.
RIP configuration commands NOTE: The term router in this document refers to a network device running routing protocols. checkzero Syntax checkzero undo checkzero View RIP view Default level 2: System level Parameters None Description Use the checkzero command to enable zero field check on RIPv1 messages. Use the undo checkzero command to disable zero field check. The zero field check function is enabled by default.
Parameters value: Default metric of redistributed routes, in the range of 0 to 16. Description Use the default cost command to configure the default metric for redistributed routes. Use the undo default cost command to restore the default. By default, the default metric of redistributed routes is 0. When you use the import-route command to redistribute routes from other protocols without specifying a metric, the metric specified by the default cost command applies. Related command: import-route.
system-view [Sysname] rip 100 [Sysname-rip-100] default-route only cost 2 display rip Syntax display rip [ process-id | vpn-instance vpn-instance-name ] View Any view Default level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. vpn-instance vpn-instance-name: Specifies a VPN instance name, a string of 1 to 31 characters. Description Use the display rip command to display the current status and configuration information of the specified RIP process.
Triggered updates sent : 0 Number of routes changes : 0 Number of replies to queries : 0 Table 48 Output description Field Description Public VPN-instance name (or Private VPN-instance name) The RIP process runs under a public VPN instance/The RIP process runs under a private VPN instance RIP process RIP process ID RIP version RIP version 1 or 2 Preference RIP route priority Checkzero Indicates whether the zero field check is enabled for RIPv1 messages.
display rip database Syntax display rip process-id database View Any view Default level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. Description Use the display rip database command to display active routes in the database of the specified RIP process, which are sent in normal RIP routing updates. Examples # Display the active routes in the database of RIP process 100. display rip 100 database 10.0.0.0/8, cost 1, ClassfulSumm 10.0.0.
interface-type interface-number: Specifies an interface. Description Use the display rip interface command to display the RIP interface information of the RIP process. If no interface is specified, information about all RIP interfaces of the RIP process is displayed. Examples # Display all the interface information of RIP process 1. display rip 1 interface Interface-name: GigabitEthernet0/0 Address/Mask:1.1.1.
Default level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. ip-address { mask | mask-length }: Displays route information about a specified IP address. peer ip-address: Displays all routing information learned from a specified neighbor. statistics: Displays the route statistics, including total number of routes and number of routes of each neighbor. Description Use the display rip route command to display the routing information of a specified RIP process.
Table 51 Output description Field Description R — RIP route T — TRIP route P — The route never expires Route Flags A — The route is aging S — The route is suppressed G — The route is in Garbage-collect state Peer 21.0.0.
Default level 2: System level Parameters acl-number: Number of an ACL used to filter outbound routes, in the range of 2000 to 3999. ip-prefix ip-prefix-name: Name of an IP prefix list used to filter outbound routes, a string of 1 to 19 characters. protocol: Filters outbound routes redistributed from a specified routing protocol, which can be bgp, direct, ospf, rip, and static. process-id: Process ID of the specified routing protocol, in the range of 1 to 65535.
system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
[Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit ip source 192.168.10.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] rip 1 [Sysname-rip-1] filter-policy 2000 import # Reference IP prefix list abc on GigabitEthernet 0/0 to filter all received RIP routes. [Sysname-rip-1] filter-policy ip-prefix abc import gigabitethernet 0/0 # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter incoming routes.
[Sysname-rip-1] undo host-route import-route (RIP view) Syntax import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | route-policy route-policy-name | tag tag ] * undo import-route protocol [ process-id ] View RIP view Default level 2: System level Parameters protocol: Specifies a routing protocol from which to redistribute routes, which can be bgp, direct, ospf, rip, or static. process-id: Process ID, in the range of 1 to 65535. The default is 1.
system-view [Sysname] rip 1 [Sysname-rip-1] import-route static cost 4 # Configure the default cost for redistributed routes as 3. [Sysname-rip-1] default cost 3 # Redistribute OSPF routes with the cost being the default cost. [Sysname-rip-1] import-route ospf maximum load-balancing (RIP view) Syntax maximum load-balancing number undo maximum load-balancing View RIP view Default level 2: System level Parameters number: Maximum number of load balanced routes, in the range of 1 to 8.
Description Use the network command to enable RIP on the interface attached to the specified network. Use the undo network command to disable RIP on the interface attached to the specified network. RIP is disabled on an interface by default. RIP runs only on the interfaces attached to the specified network. For an interface not on the specified network, RIP neither receives/sends routes on it nor forwards interface route through it.
peer Syntax peer ip-address undo peer ip-address View RIP view Default level 2: System level Parameters ip-address: IP address of a RIP neighbor, in dotted decimal format. Description Use the peer command to specify the IP address of a neighbor in the non-broadcast multi-access (NBMA) network, where routing updates destined for the peer are unicast, rather than multicast or broadcast. Use the undo peer command to remove the IP address of a neighbor. By default, no neighbor is specified.
By default, the priority of a RIP route is 100. You can specify a routing policy by using the keyword route-policy to set the specified priority to routes matching the routing policy. • If a priority is set for matched routes in the routing policy, the priority applies to these routes. The priority of other routes is the one set by the preference command. • If no priority is set for matched routes in the routing policy, the priority of all routes is the one set by the preference command.
Description Use the reset rip statistics command to clear the statistics of the specified RIP process. This command can be used to clear the statistics of debugging. Examples # Clear statistics in RIP process 100. reset rip 100 statistics rip Syntax rip [ process-id ] [ vpn-instance vpn-instance-name ] undo rip [ process-id ] [ vpn-instance vpn-instance-name ] View System view Default level 2: System level Parameters process-id: RIP process ID, in the range of 1 to 65535. The default is 1.
View Interface view Default level 2: System level Parameters md5: MD5 authentication mode. rfc2453: Uses the message format defined in RFC 2453 (IETF standard). rfc2082: Uses the message format defined in RFC 2082. key-id: MD5 key number, in the range of 1 to 255. key-string: MD5 key string with 1 to 16 characters in plain text format, or 1 to 24 characters in cipher text format.
cost: Cost of the default route, in the range 1 to 15. no-originate: Advertises routes other than a default route. Description Use the rip default-route command to configure the RIP interface to advertise a default route with the specified metric. Use the undo rip default-route command to disable the RIP interface from sending a default route. By default, a RIP interface can advertise a default route if the RIP process is configured with default route advertisement.
rip metricin Syntax rip metricin [ route-policy route-policy-name ] value undo rip metricin View Interface view Default level 2: System level Parameters route-policy route-policy-name: Specifies the name of a routing policy used to add an additional metric for the routes matching it. The name is a string of 1 to 19 characters value: Additional metric added to received routes, in the range of 0 to 16.
rip metricout Syntax rip metricout [ route-policy route-policy-name ] value undo rip metricout View Interface view Parameters value: Additional metric of sent routes, in the range of 1 to 16. Description Use the rip metricout command to add a metric to sent routes. Use the undo rip metricout command to restore the default. By default, the additional metric for sent routes is 1. With the command configured on an interface, the metric of RIP routes sent on the interface will be increased.
Default level 2: System level Parameters None Description Use the rip output command to enable the interface to send RIP messages. Use the undo rip output command to disable the interface from sending RIP messages. Sending RIP messages is enabled on an interface by default. Related commands: rip input. Examples # Enable GigabitEthernet 0/0 to receive RIP messages.
undo rip split-horizon View Interface view Default level 2: System level Parameters None Description Use the rip split-horizon command to enable the split horizon function. Use the undo rip split-horizon command to disable the split horizon function. The split horizon function is enabled by default. • The split horizon function is necessary for preventing routing loops. To disable it in special cases, make sure it is necessary. • In Frame Relay, X.
Description Use the rip summary-address command to configure RIPv2 to advertise a summary route through the interface. Use the undo rip summary-address command to remove the configuration. The summary address is valid only when the automatic summarization is disabled. Related commands: summary. Examples # Advertise a local summary address on GigabitEthernet 0/0. system-view [Sysname] interface gigabitethernet 0/0 [Sysname-GigabitEthernet0/0] rip summary-address 10.0.0.0 255.255.255.
• Receive RIPv1 broadcast messages • Receive RIPv1 unicast messages • Receive RIPv2 broadcast messages • Receive RIPv2 multicast messages • Receive RIPv2 unicast messages When RIPv2 runs on the interface in multicast mode, the interface will: • Send RIPv2 multicast messages • Receive RIPv2 broadcast messages • Receive RIPv2 multicast messages • Receive RIPv2 unicast messages Examples # Configure GigabitEthernet 0/0 to broadcast RIPv2 messages.
summary Syntax summary undo summary View RIP view Default level 2: System level Parameters None Description Use the summary command to enable automatic RIPv2 summarization. Natural masks are used to advertise summary routes so as to reduce the size of routing tables. Use the undo summary command to disable automatic RIPv2 summarization so that all subnet routes can be broadcast. By default, automatic RIPv2 summarization is enabled.
update-value: Update timer time in seconds, in the range of 1 to 3600. Description Use the timers command to configure RIP timers. By adjusting RIP timers, you can improve network performance. Use the undo timers command to restore the default. By default, the garbage-collect timer is 120 seconds, the suppress timer 120 seconds, the timeout timer 180 seconds, and the update timer 30 seconds. RIP is controlled by the four timers. • The update timer defines the interval between routing updates.
Use the undo validate-source-address command to disable the source IP address validation. The source IP address validation is enabled by default. Typically HP does not recommend disabling the validation. Examples # Disable the source IP address validation on incoming RIP routing updates.
OSPF configuration commands NOTE: The term router in this document refers to a network device running routing protocols. abr-summary (OSPF area view) Syntax abr-summary ip-address { mask | mask-length } [ advertise | not-advertise ] [ cost cost ] undo abr-summary ip-address { mask | mask-length } View OSPF area view Default level 2: System level Parameters ip-address: Destination IP address of the summary route, in dotted decimal format. mask: Mask of the IP address in dotted decimal format.
[Sysname-ospf-100-area-0.0.0.1] abr-summary 36.42.0.0 255.255.0.0 area (OSPF view) Syntax area area-id undo area area-id View OSPF view Default level 2: System level Parameters area-id: ID of an area, an IP address or a decimal integer in the range 0 to 4294967295 that is translated into the IP address format by the system. Description Use the area command to create an area and enter area view. Use the undo area command to remove a specified area. No OSPF area is created by default.
cost cost: Specifies the cost of the summary route, in the range 1 to 16777214. For Type-1 external routes, the cost defaults to the largest cost among routes that are summarized. For Type-2 external routes, the cost defaults to the largest cost among routes that are summarized plus 1. not-advertise: Disables advertising the summary route. If the keyword is not specified, the route is advertised.
Description Use the authentication-mode command to specify an authentication mode for the OSPF area. Use the undo authentication-mode command to remove the authentication mode. By default, no authentication mode is configured for an OSPF area. Routers that reside in the same area must have the same authentication mode: non-authentication, simple, or MD5. Related commands: ospf authentication-mode. Examples # Configure OSPF area 0 to use the MD5 ciphertext authentication mode.
default Syntax default { cost cost | limit limit | tag tag | type type } * undo default { cost | limit | tag | type } * View OSPF view Default level 2: System level Parameters cost: Specifies the default cost for redistributed routes, in the range 0 to 16777214. limit: Specifies the default upper limit of routes redistributed per time, in the range 1 to 2147483647. tag: Specifies the default tag for redistributed routes, in the range 0 to 4294967295.
Description Use the default-cost command to configure a cost for the default route advertised to the stub or NSSA area. Use the undo default-cost command to restore the default value. The cost defaults to 1. This command is only applicable to the ABR of a stub area or the ABR/ASBR of an NSSA area. Related commands: stub and nssa. Examples # Configure Area 1 as a stub area, and specify the cost of the default route advertised to the stub area as 20.
By default, no default route is distributed. Using the import-route command cannot redistribute a default route. To do so, use the default-route-advertise command. If no default route exists in the router's routing table, use the default-route-advertise always command to generate a default route in a Type-5 LSA. The default-route-advertise summary cost command is applicable only to VPNs, and the default route is redistributed in a Type-3 LSA.
display ospf abr-asbr Syntax display ospf [ process-id ] abr-asbr View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range 1 to 65535. Use this argument to display information about the routes to the ABR/ASBR under the specified OSPF process. Description Use the display ospf abr-asbr command to display information about the routes to OSPF ABR/ASBR. If you use this command on routers in a stub area, no ASBR information is displayed.
View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range 1 to 65535. ip-address: IP address, in dotted decimal format. mask: IP address mask, in dotted decimal format. mask-length: Mask length, in the range 0 to 32 bits. Description Use the display ospf asbr-summary command to display information about the redistributed routes that are summarized. If no OSPF process is specified, related information of all OSPF processes is displayed.
Field Description Mask Mask of the summary route address Tag Tag of the summary route Status Advertisement status of the summary route Cost Cost to the summary net The Count of Route Number of routes that are summarized Destination Destination address of a summarized route Net Mask Network mask of a summarized route Proto Routing protocol Process Process ID of the routing protocol Type Type of a summarized route Metric Metric of a summarized route display ospf brief Syntax display os
Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 22 RFC 1583 Compatible Area Count: 1 Nssa Area Count: 1 7/5 translator state: Disabled 7/5 translate stability timer interval: 0 ExChange/Loading Neighbors: 0 Area: 0.0.0.1 Authtype: None Area flag: NSSA SPF Scheduled Count: 5 ExChange/Loading Neighbors: 0 Interface: 192.168.1.2 (GigabitEthernet0/0) Cost: 1 State: DR Type: Broadcast MTU: 1500 Priority: 1 Designated Router: 192.168.1.2 Backup Designated Router: 192.168.1.
Field Description SPF Computation count SPF computation count of the OSPF process RFC1583 Compatible Compatible with routing rules defined in RFC 1583 Area Count Area number of the current process Nssa Area Count NSSA area number of the current process State of the translator that translates Type-7 LSAs to Type-5 LSAs. The value can be one of the following: • Enabled: Indicates the translator is specified through 7/5 translator state commands.
Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range 1 to 65535. Description Use the display ospf cumulative command to display OSPF statistics. Use of this command is helpful for troubleshooting. Examples # Display OSPF statistics. display ospf cumulative OSPF Process 1 with Router ID 2.2.2.
Field Description DB Description Database Description packet Link-State Req Link-State Request packet Link-State Update Link-State Update packet Link-State Ack Link-State Acknowledge packet LSAs originated by this router LSAs originated by this router Router Number of Type-1 LSAs originated Network Number of Type-2 LSAs originated Sum-Net Number of Type-3 LSAs originated Sum-Asbr Number of Type-4 LSAs originated External Number of Type-5 LSAs originated NSSA Number of Type-7 LSAs orig
display ospf error OSPF Process 1 with Router ID 192.168.80.
Field Description DD: MTU option mismatch DD packets with mismatched MTU DD: Unknown LSA type DD packets with unknown LSA type DD: Extern option mismatch DD packets with mismatched option field LS ACK: Bad ack Bad LSAck packets for LSU packets LS ACK: Unknown LSA type LSAck packets with unknown LSA type LS REQ: Empty request LSR packets with no request information LS REQ: Bad request Bad LSR packets LS UPD: LSA checksum bad LSU packets with wrong LSA checksum LS UPD: Received less recent L
172.16.0.1 Broadcast DR 1 1 172.16.0.1 0.0.0.0 Table 58 Output description Field Description Area Area ID of the interface IP address Interface IP address (regardless of whether TE is enabled or not) Type Interface network type: PTP, PTMP, Broadcast, or NBMA Interface state defined by interface state machine: • DOWN: In this state, no protocol traffic will be sent or received on the interface.
opaque-area: Displays Type-10 LSA (Opaque-area LSA) information in the LSDB. opaque-as: Displays Type-11 LSA (Opaque-AS LSA) information in the LSDB. opaque-link: Displays Type-9 LSA (Opaque-link LSA) information in the LSDB. router: Displays Type-1 LSA (Router LSA) information in the LSDB. summary: Displays Type-3 LSA (Network Summary LSA) information in the LSDB. link-state-id: Link state ID, in the IP address format.
display ospf 1 lsdb network OSPF Process 1 with Router ID 192.168.1.1 Area: 0.0.0.0 Link State Database Type : Network LS ID : 192.168.0.2 Adv Rtr : 192.168.2.1 LS Age : 922 Len : 32 Options : Seq# : 80000003 Chksum : 0x8d1b Net Mask : 255.255.255.0 E Attached Router 192.168.1.1 Attached Router 192.168.2.1 Area: 0.0.0.1 Link State Database Type : Network LS ID : 192.168.1.2 Adv Rtr : 192.168.1.
Field Description Seq# LSA sequence number Chksum LSA checksum Net Mask Network mask Attached Router ID of the router that established adjacency with the DR, and ID of the DR itself display ospf nexthop Syntax display ospf [ process-id ] nexthop View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range 1 to 65535. Description Use the display ospf nexthop command to display OSPF next hop information.
display ospf peer Syntax display ospf [ process-id ] peer [ verbose | [ interface-type interface-number ] [ neighbor-id ] ] View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range 1 to 65535. verbose: Displays detailed neighbor information. interface-type interface-number: Interface type and interface number. neighbor-id: Neighbor router ID. Description Use the display ospf peer command to display information about OSPF neighbors.
Table 62 Output description Field Area areaID interface IPAddress(InterfaceName)'s neighbors Description Neighbor information of the interface in the specified area: • areaID: Area to which the neighbor belongs. • IPAddress: Interface IP address • InterfaceName: Interface name interface Interface attached with the neighbor Router ID Neighbor router ID Address Neighbor router address GR State GR state Neighbor state: • Down: This is the initial state of a neighbor conversation.
OSPF Process 1 with Router ID 1.1.1.1 Neighbor Brief Information Area: 0.0.0.0 Router ID Address Pri Dead-Time Interface 1.1.1.2 1.1.1.
Table 64 Output description Field Description Area ID Area ID. The state statistics information of all the routers in the area to which the router belongs is displayed.
Type LinkState ID AdvRouter Sequence Age Router 2.2.2.2 1.1.1.1 80000004 1 Network 192.168.0.1 1.1.1.1 Sum-Net 192.168.1.0 1.1.1.
The Router's Neighbor is Router ID 2.2.2.2 Interface 10.1.1.1 Address 10.1.1.2 Area 0.0.0.0 Retransmit list: Type LinkState ID AdvRouter Sequence Age Router 2.2.2.2 2.2.2.2 80000004 1 Network 12.18.0.1 2.2.2.2 Sum-Net 12.18.1.0 2.2.2.
display ospf routing OSPF Process 1 with Router ID 192.168.1.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 192.168.1.0/24 1562 Stub 192.168.1.2 192.168.1.2 0.0.0.0 172.16.0.0/16 1563 Inter 192.168.1.1 192.168.1.1 0.0.0.
Examples # Display OSPF virtual link information. display ospf vlink OSPF Process 1 with Router ID 3.3.3.3 Virtual Links Virtual-link Neighbor-ID -> 2.2.2.2, Neighbor-State: Full Interface: 10.1.2.1 (GiagabitEthernet0/0) Cost: 1562 State: P-2-P Type: Virtual Transit Area: 0.0.0.
Examples # Enable link-local signaling for OSPF process 1. system-view [Sysname] ospf 1 [Sysname-ospf-1] enable link-local-signaling enable log Syntax enable log [ config | error | state ] undo enable log [ config | error | state ] View OSPF view Default level 2: System level Parameters config: Enables configuration logging. error: Enables error logging. state: Enables state logging. Description Use the enable command to enable specified OSPF logging.
Parameters None Description Use the enable out-of-band-resynchronization command to enable the OSPF out-of-band resynchronization (OOB-Resynch) capability. Use the undo enable out-of-band-resynchronization command to disable the OSPF out-of-band resynchronization capability. By default, the capability is disabled. Examples # Enable the out-of-band resynchronization capability for OSPF process 1.
[Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.1] filter ip-prefix my-prefix-list import [Sysname-ospf-100-area-0.0.0.1] filter 2000 export filter-policy export (OSPF view) Syntax filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-id ] ] undo filter-policy export [ protocol [ process-id ] ] View OSPF view Default level 2: System level Parameters acl-number: Number of an ACL used to filter redistributed routes, in the range 2000 to 3999.
[Sysname-ospf-100] filter-policy 2000 export # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter redistributed routes. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
Examples # Filter incoming routes by using ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit ip source 192.168.10.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] ospf 100 [Sysname-ospf-100] filter-policy 2000 import # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter incoming routes. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
import-route (OSPF view) Syntax import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * undo import-route protocol [ process-id | all-processes ] View OSPF view Default level 2: System level Parameters protocol: Redistributes routes from the specified protocol, which can be bgp, direct, ospf, rip, or static. process-id: Process ID, in the range 1 to 65535. The default is 1.
A Type-2 external route is an EGP route, which has low credibility, so OSPF considers the cost from the ASBR to a Type-2 external route is much bigger than the cost from the ASBR to an OSPF internal router. Therefore, the cost from an internal router to a Type-2 external route’s destination equals the cost from the ASBR to the Type-2 external route’s destination. Related commands: default-route-advertise. NOTE: • The import-route command cannot redistribute default routes.
lsa-arrival-interval Syntax lsa-arrival-interval interval undo lsa-arrival-interval View OSPF view Default level 2: System level Parameters interval: Specifies the minimum LSA repeat arrival interval in milliseconds, in the range 0 to 60000. Description Use the lsa-arrival-interval command to specify the minimum LSA repeat arrival interval. Use the undo lsa-arrival-interval command to restore the default. The interval defaults to 1000 milliseconds.
Default level 2: System level Parameters maximum-interval: Maximum LSA generation interval in seconds, in the range 1 to 60. initial-interval: Minimum LSA generation interval in milliseconds, in the range 10 to 60000. The default is 0. incremental-interval: LSA generation incremental interval in milliseconds, in the range 10 to 60000. The default is 5000 milliseconds. Description Use the lsa-generation-interval command to configure the OSPF LSA generation interval.
system-view [Sysname] ospf 100 [Sysname-ospf-100] lsdb-overflow-limit 400000 maximum load-balancing (OSPF view) Syntax maximum load-balancing maximum undo maximum load-balancing View OSPF view Default level 2: System level Parameters maximum: Maximum number of equal cost routes for load balancing, which in the range of 1 to 8 and defaults to 8. No load balancing is available when the number is set to 1.
number: Maximum route number. The value range and default value are 0 to 500000 and 500000 respectively for external routes, 0 to 20000 and 20000 respectively for inter-area routes, and 0 to 2000 and 2000 respectively for intra-area routes. Description Use the maximum-routes command to specify the maximum route number of a specified type, inter-area, intra-area or external. Use the undo maximum-routes command to restore the default route maximum value of a specified type.
[Sysname-ospf-100-area-0.0.0.2] network 131.108.20.0 0.0.0.255 nssa Syntax nssa [ default-route-advertise | translator-stability-interval value ] * no-import-route | no-summary | translate-always | undo nssa View OSPF area view Default level 2: System level Parameters default-route-advertise: Usable on an NSSA ABR or an ASBR only. If it is configured on an NSSA ABR, the ABR generates a default route in a Type-7 LSA into the NSSA regardless of whether the default route is available.
opaque-capability enable Syntax opaque-capability enable undo opaque-capability View OSPF view Default level 2: System level Parameters None Description Use the opaque-capability enable command to enable opaque LSA advertisement and reception. With the command configured, the OSPF device can receive and advertise the Type-9, Type-10 and Type-11 opaque LSAs. Use the undo opaque-capability command to restore the default. The feature is disabled by default.
No OSPF process is enabled by default. You can enable multiple OSPF processes on a router and specify different Router IDs for these processes. When using OSPF as the IGP for VPN implementation, you must bind the OSPF process with a VPN instance. Enabling OSPF first is required before performing other tasks. Examples # Enable OSPF process 100 and specify Router ID 10.10.10.1. system-view [Sysname] ospf 100 router-id 10.10.10.
Use the undo ospf authentication-mode command to remove specified configuration. By default, no authentication is available on an interface. Interfaces attached to the same network segment must have the same authentication password and mode. This configuration is not supported on the null interface. Related commands: authentication-mode. Examples # Configure the network 131.119.0.
Use the undo ospf cost command to restore the default. By default, the OSPF cost for a loopback interface is 0, and an OSPF interface calculates its cost with the formula: interface default OSPF cost=100 Mbps/interface bandwidth(Mbps). Default OSPF costs of some interfaces are: • 1785 for the 56 kbps serial interface • 1562 for the 64 kbps serial interface • 48 for the E1 (2.
[Sysname-GigabitEthernet0/0] ospf dr-priority 8 ospf mtu-enable Syntax ospf mtu-enable undo ospf mtu-enable View Interface view Default level 2: System level Parameters None Description Use the ospf mtu-enable command to enable an interface to add the real MTU into DD packets. Use the undo ospf mtu-enable command to restore the default. By default, an interface adds a MTU of 0 into DD packets, that is, no real MTU is added.
nbma: Specifies the network type as NBMA. p2mp: Specifies the network type as P2MP. unicast: Specifies the P2MP interface to unicast OSPF packets. By default, a P2MP interface multicasts OSPF packets. p2p: Specifies the network type as P2P. Description Use the ospf network-type command to set the network type for an interface. Use the undo ospf network-type command to restore the default network type for an interface. By default, the network type of an interface depends on its link layer protocol.
Default level 2: System level Parameters None Description Use the ospf packet-process prioritized-treatment command to enable OSPF to give priority to receiving and processing Hello packets. Use the undo ospf packet-process prioritized-treatment command to restore the default. By default, this function is not enabled. Examples # Enable OSPF to give priority to receiving and processing Hello packets.
[Sysname] interface gigabitethernet 0/0 [Sysname-GigabitEthernet0/0] ospf timer dead 60 ospf timer hello Syntax ospf timer hello seconds undo ospf timer hello View Interface view Default level 2: System level Parameters seconds: Hello interval in seconds, in the range 1 to 65535. Description Use the ospf timer hello command to set the hello interval on an interface. Use the undo ospf timer hello command to restore the default hello interval on an interface.
Parameters seconds: Poll interval in seconds, in the range 1 to 2147483647. Description Use the ospf timer poll command to set the poll interval on an NBMA interface. Use the undo ospf timer poll command to restore the default value. By default, the poll interval is 120s. When an NBMA interface finds its neighbor is down, it will send hello packets at the poll interval. The poll interval is at least four times the hello interval. This configuration is not supported on the null interface.
system-view [Sysname] interface gigabitethernet 0/0 [Sysname-GigabitEthernet0/0] ospf timer retransmit 8 ospf trans-delay Syntax ospf trans-delay seconds undo ospf trans-delay View Interface view Default level 2: System level Parameters seconds: LSA transmission delay in seconds, in the range 1 to 3600. Description Use the ospf trans-delay command to set the LSA transmission delay on an interface. Use the undo ospf trans-delay command to restore the default.
Parameters ip-address: Neighbor IP address. cost value: Specifies the cost to reach the neighbor, in the range 1 to 65535. dr-priority: Neighbor DR priority, in the range 0 to 255. Description Use the peer command to specify a neighbor, and the DR priority of the neighbor. Use the undo peer command to remove the configuration. On an X.
Description Use the preference command to set the priority of OSPF routes. Use the undo preference command to restore the default. The priority of OSPF internal routes defaults to 10, and the priority of OSPF external routes defaults to 150. If a route policy is specified, priorities defined by the route policy will apply to matching routes, and the priorities set with the preference command apply to OSPF routes not matching the route policy. A router may run multiple routing protocols.
View User view Default level 2: System level Parameters process-id: OSPF process ID, in the range 1 to 65535. Description Use the reset ospf process command to reset all OSPF processes or a specified process. Using the reset ospf process command will: • Clear all invalid LSAs without waiting for their timeouts; • Make a newly configured Router ID take effect; • Start a new round of DR/BDR election; • Not remove any previous OSPF configurations.
undo rfc1583 compatible View OSPF view Default level 2: System level Parameters None Description Use the rfc1583 compatible command to make routing rules defined in RFC 1583 compatible. Use the undo rfc1583 compatible command to disable the function. By default, RFC 1583 routing rules are compatible. RFC 1583 and RFC 2328 have different routing rules on selecting the best route when multiple AS external LSAs describe routes to the same destination. Using this command can make them compatible.
To make no routing information obtained by other routers on a network segment, you can use this command to disable the interface from sending OSPF packets. Examples # Disable an interface from sending OSPF packets.
virnbrstatechange: Virtual interface neighbor state change information. Description Use the snmp-agent trap enable ospf command to enable the sending of SNMP traps for a specified OSPF process. If no process is specified, the feature is enabled for all processes. Use the undo snmp-agent trap enable ospf command to disable the feature. By default, this feature is enabled. For related configurations, see SNMP Commands in System Management and Maintenance Command Reference.
Examples # Configure the SPF calculation maximum interval as 10 seconds, minimum interval as 500 milliseconds and incremental interval as 200 milliseconds. system-view [Sysname] ospf 100 [Sysname-ospf-100] spf-schedule-interval 10 500 200 stub (OSPF area view) Syntax stub [ no-summary ] undo stub View OSPF area view Default level 2: System level Parameters no-summary: Usable only on a stub ABR.
Default level 2: System level Parameters None Description Use the stub-router command to configure the router as a stub router. Use the undo stub-router command to restore the default. By default, no router is configured as a stub router. The router LSAs from the stub router may contain different link type values. A value of 3 means a link to the stub network, so the cost of the link remains unchanged.
Examples # Configure all the interfaces under OSPF process 1 to send up to 10 LSU packets every 30 milliseconds.
As defined in RFC 2328, all non-backbone areas must maintain connectivity to the backbone. You can use the vlink-peer command to configure a virtual link to connect an area to the backbone. Considerations on parameters: • The smaller the hello interval is, the faster the network converges and the more network resources are consumed. • A so small retransmission interval will lead to unnecessary retransmissions. A big value is appropriate for a low speed link.
BGP configuration commands NOTE: The term router in this document refers to a network device running routing protocols. aggregate Syntax aggregate ip-address { mask | mask-length } [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ] * undo aggregate ip-address { mask | mask-length } View BGP view, BGP-VPN instance view Default level 2: System level Parameters ip-address: Summary address.
Keywords Function suppress-policy Used to create a summary route and suppress the advertisement of some summarized routes. If you want to suppress some routes selectively and leave other routes still advertised, use the if-match clause of the route-policy command. origin-policy Selects only routes satisfying the routing policy for route summarization. attribute-policy Sets attributes except the AS-PATH attribute for the summary route. The same work can be done by using the peer route-policy command.
Unlike IGP, BGP has no explicit metric for making load balancing decision. Instead, it implements load balancing by using route selection rules. Related commands: display bgp routing-table. Examples # In BGP view, set the number of routes participating in BGP load balancing to 2. system-view [Sysname] bgp 100 [Sysname-bgp] balance 2 # In BGP-VPN instance view, set the number of routes participating in BGP load balancing to 2 (the VPN has been created).
bestroute compare-med (BGP/BGP-VPN instance view) Syntax bestroute compare-med undo bestroute compare-med View BGP view, BGP-VPN instance view Default level 2: System level Parameters None Description Use the bestroute compare-med command to enable the comparison of the MED for paths from each AS. Use the undo bestroute compare-med command to disable this comparison. This comparison is not enabled by default.
Description Use the bestroute med-confederation command to enable the comparison of the MED for paths from confederation peers during best route selection. Use the undo bestroute med-confederation command to disable the comparison. The comparison is not enabled by default. The system only compares MED values for paths from peers within the confederation. Paths from external ASs are advertised throughout the confederation without MED comparison.
compare-different-as-med (BGP/BGP-VPN instance view) Syntax compare-different-as-med undo compare-different-as-med View BGP view, BGP-VPN instance view Default level 2: System level Parameters None Description Use the compare-different-as-med command to enable the comparison of the MED for paths from peers in different ASs. Use the undo compare-different-as-med command to disable the comparison. The comparison is disabled by default.
Parameters as-number: Number of the AS that contains multiple sub-ASs, in the range 1 to 4294967295. Description Use the confederation id command to configure a confederation ID. Use the undo confederation id command to remove a specified confederation. By default, no confederation ID is configured. Configuring a confederation can reduce IBGP connections in a large AS. You can split the AS into several sub-ASs, and each sub-AS remains fully meshed. These sub-ASs form a confederation.
By default, all routers in the confederation comply with RFC 3065. All devices should be configured with this command to interact with those nonstandard devices in the confederation. Related commands: confederation id and confederation peer-as. Examples # AS100 contains routers not compliant with RFC 3065 and comprises two sub-ASs, 64000 and 65000.
dampening (BGP/BGP-VPN instance view) Syntax dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] * undo dampening View BGP view, BGP-VPN instance view Default level 2: System level Parameters half-life-reachable: Specifies a half-life for active routes from 1 to 45 minutes. By default, the value is 15 minutes. half-life-unreachable: Specifies a half-life for suppressed routes from 1 to 45 minutes. By default, the value is 15 minutes.
[Sysname-bgp-vpn1] dampening 15 15 1000 2000 10000 default ipv4-unicast Syntax default ipv4-unicast undo default ipv4-unicast View BGP view Default level 2: System level Parameters None Description Use the default ipv4-unicast command to enable the default use of IPv4 unicast address family for the peers that are established by using the peer as-number command.
Parameters value: Default local preference, in the range 0 to 4294967295. The larger the value is, the higher the preference is. Description Use the default local-preference command to configure the default local preference. Use the undo default local-preference command to restore the default value. By default, the default local preference is 100. Using this command can affect BGP route selection. Examples # In BGP view, set the default local preference to 180.
Examples # In BGP view, configure the default MED as 25. system-view [Sysname] bgp 100 [Sysname-bgp] default med 25 # In BGP-VPN instance view, configure the default MED as 25 (the VPN has been created).
display bgp group Syntax display bgp group [ group-name ] View Any view Default level 1: Monitor level Parameters group-name: Peer group name, a string of 1 to 47 characters. Description Use the display bgp group command to display peer group information. Examples # Display the information of the peer group aaa.
Field Description Keepalive timer value Keepalive interval Minimum time between advertisement runs Minimum interval for route advertisements Peer Preferred Value Preferred value specified for the routes from the peer No routing policy is configured No routing policy is configured.
100.1.1.0 255.255.255.0 Short-cut Table 71 Output description Field Description BGP Local Router ID BGP Local Router ID Local AS Number Local AS Number Network Network address Mask Mask Route-policy Routing policy Short-cut Short-cut route display bgp paths Syntax display bgp paths [ as-regular-expression ] View Any view Default level 1: Monitor level Parameters as-regular-expression: AS path regular expression, a string of 1 to 80 characters.
Field Description Origin attribute of the path: Indicates the route is interior to the AS. i Summary routes and routes defined by using the network command are considered IGP routes. e Indicates that a route is learned from the exterior gateway protocol (EGP). ? Short for INCOMPLETE. It indicates that the origin of a route is unknown and the route is learned by other means.
Address family IPv4 Unicast: advertised and received Received: Total 5 messages, Update messages 1 Sent: Total 4 messages, Update messages 0 Maximum allowed prefix number: 4294967295 Threshold: 75% Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled ORF advertise capability based on prefix (type 64): Local: both Negotiated: send Peer Preferred Value: 0 Routing policy configured: No routing policy is configured Table 73 Output description
Field Description Minimum time between advertisement runs Minimum route advertisement interval Optional capabilities Optional capabilities enabled by the peer Route refresh capability has been enabled The route-refresh capability has been enabled. ORF advertise capability based on prefix (type 64): The BGP peer supports the ORF capability based on IP prefix. The capability value is 64. Local: both The local BGP router supports both the ORF sending and receiving capabilities.
Field Description Error refers to the error code, which identifies the type of the Notification. Error/SubError SubError refers to the error subcode of the Notification, which identifies the specific information about the reported error. display bgp peer received ip-prefix Syntax display bgp peer ip-address received ip-prefix View Any view Default level 1: Monitor level Parameters ip-address: IP address of a BGP peer.
display bgp routing-table Syntax display bgp routing-table [ ip-address [ { mask | mask-length } [ longer-prefixes ] ] ] View Any view Default level 1: Monitor level Parameters ip-address: Destination IP address. mask: Network mask, in dotted decimal notation. mask-length: Mask length, in the range 0 to 32. longer-prefixes: Matches the longest prefix. Description Use the display bgp routing-table command to display specified BGP routing information in the BGP routing table.
Field Description Status codes: * – valid > – best Status codes d – damped h – history i – internal (IGP) s – summary suppressed (suppressed) S – Stale i – IGP (originated in the AS) Origin e – EGP (learned through EGP) ? – incomplete (learned by some other means) Network Destination network address Next Hop Next hop IP address MED MULTI_EXIT_DISC attribute LocPrf Local preference value PrefVal Preferred value of the route Path AS_PATH attribute, recording the ASs the packet has passed to a
Description Use the display bgp routing as-path-acl command to display BGP routes permitted by an as-path ACL. Examples # Display BGP routes permitted by AS path ACL 1. display bgp routing-table as-path-acl 1 BGP Local router ID is 20.20.20.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? – incomplete *> Network NextHop MED 40.40.40.0/24 30.30.30.
See Table 76 for description of the fields. display bgp routing-table community Syntax display bgp routing-table community [ no-export-subconfed ] * [ whole-match ] aa:nn&<1-13> ] [ no-advertise | no-export | View Any view Default level 1: Monitor level Parameters aa:nn: Community number. Both aa and nn are in the range 0 to 65535. &<1-13>: Argument before it can be entered up to 13 times. no-advertise: Displays BGP routes that cannot be advertised to any peer.
display bgp routing-table community-list Syntax display bgp routing-table community-list { basic-community-list-number [ whole-match ] | adv-community-list-number }&<1-16> View Any view Default level 1: Monitor level Parameters basic-community-list-number: Specifies a basic community-list number from 1 to 99. adv-community-list-number: Specifies an advanced community-list number from 100 to 199. whole-match: Displays routes exactly matching the specified basic-community-list.
Parameters None Description Use the display bgp routing-table dampened command to display dampened BGP routes. Examples # Display dampened BGP routes. display bgp routing-table dampened BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? – incomplete *d Network From Reuse Path/Origin 77.0.0.0 12.1.1.
Reuse Value : 750 Reach HalfLife Time(in second) Unreach HalfLife Time(in : 900 second): 900 Suppress-Limit : 2000 Table 78 Output description Field Description Maximum Suppress Time Maximum Suppress Time Ceiling Value Ceiling penalty value Reuse Value Reuse value Reach HalfLife Time(in second) Half-life time of active routes Unreach HalfLife Time(in second) Half-life time of inactive routes Suppress-Limit Limit for a route to be suppressed display bgp routing-table different-origin-a
display bgp routing-table flap-info Syntax display bgp routing-table flap-info [ regular-expression as-regular-expression | as-path-acl as-path-acl-number | ip-address [ { mask | mask-length } [ longer-match ] ] ] View Any view Default level 1: Monitor level Parameters as-regular-expression: Displays route flap information that matches the AS path regular expression, which is a string of 1 to 80 characters. as-path-acl-number: Displays route flap information matching the AS path ACL.
display bgp routing-table label Syntax display bgp routing-table label View Any view Default level 1: Monitor level Parameters None Description Use the display bgp routing-table label command to display labeled BGP routing information. Examples # Display labeled BGP routing information. display bgp routing-table label BGP Local router ID is 6.6.6.
received-routes: Displays routing information received from the specified peer. network-address: IP address of the destination network. mask: Mask of the destination network, in dotted decimal notation. mask-length: Mask length, in the range 0 to 32. statistic: Displays route statistics. Description Use the display bgp routing-table peer command to display BGP routing information advertised to or received from the specified BGP peer. Related commands: display bgp peer.
display bgp routing-table regular-expression 300$ BGP Local router ID is 20.20.20.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? – incomplete *> Network NextHop MED 40.40.40.0/24 30.30.30.1 0 LocPrf PrefVal Path/Ogn 0 300i See Table 76 for description of the fields.
Default level 2: System level Parameters None Description Use the ebgp-interface-sensitive command to enable the clearing of EBGP session on any interface that becomes down. Use the undo ebgp-interface-sensitive command to disable the function. This function is enabled by default. Examples # In BGP view, enable the clearing of EBGP session on any interface that becomes down.
Description Use the filter-policy export command to configure the filtering of outgoing routes. Use the undo filter-policy export command to remove the filtering. If no routing protocol is specified, all redistributed routes are filtered before being advertised. By default, the filtering is not configured.
Parameters acl-number: Number of an ACL used to filter incoming routing information, ranging from 2000 to 3999. ip-prefix-name: Name of an IP prefix list used to filter incoming routing information, a string of 1 to 19 characters. Description Use the filter-policy import command to configure the filtering of incoming routing information. Use the undo filter-policy import command to disable the filtering. By default, incoming routing information is not filtered.
View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. external: Creates an EBGP peer group, which can be the group of another sub AS in a confederation. internal: Creates an IBGP peer group; not supported in BGP-VPN instance view. Description Use the group command to create a peer group. Use the undo group command to delete a peer group. An IBGP peer group is created if neither internal nor external is specified.
Parameters protocol: Redistributes routes from the specified routing protocol, which can be direct, ospf, rip or static. process-id: Process ID, in the range 1 to 65535. The default is 1. It is available only when the protocol is ospf or rip. all-processes: Redistributes routes from all the processes of the specified protocol. This keyword takes effect only when the protocol is rip or ospf. med-value: Specifies a MED value for redistributed routes, ranging from 0 to 4294967295.
route-policy route-policy-name: Specifies a routing policy name, a string of 1 to 19 characters. Only the Guard routes permitted by the routing policy are redistributed. Description Use the import-route guard command to enable Guard route redistribution into BGP. Use the undo import-route guard command to disable Guard route redistribution into BGP. By default, Guard route redistribution into BGP is disabled.
View BGP view, BGP-VPN instance view Default level 2: System level Parameters ip-address: Destination IP address. mask: Mask of the network address, in dotted decimal notation. mask-length: Mask length, in the range 0 to 32. route-policy-name: Routing policy applied to the route. The name is a string of 1 to 19 characters. Description Use the network command to inject a network to the local BGP routing table. Use the undo network command to remove a network from the BGP routing table.
mask-length: Mask length, in the range 0 to 32. Description Use the network short-cut command to configure an eBGP route as a shortcut route. Use the undo network short-cut command to restore the default. By default, a received eBGP route has a priority of 255. The network short-cut command allows you configure an eBGP route as a shortcut route that has the same priority as a local route and is more likely to become the optimal route. Examples # In BGP view, configure route 10.0.0.
# In BGP-VPN instance view, advertise the community attribute to peer group test (the VPN has been created).
View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. number: Specifies the number of times for which the local AS number can appear in routes from the peer/peer group, in the range 1 to 10. The default number is 1.
ip-address: IP address of a peer. as-number: AS number of the peer or peer group, in the range 1 to 4294967295. Description Use the peer as-number command to specify a peer/peer group with an AS number. Use the undo peer as-number command to delete a peer group. Use the undo peer command to delete a peer. By default, no peer or peer group is specified. You can specify the AS number of a peer in either of the following two ways: • Use the peer ip-address as-number as-number command.
import: Filters incoming routes. Description Use the peer as-path-acl command to configure the filtering of routes incoming from or outgoing to a peer/peer group based on a specified AS path ACL. Use the undo peer as-path-acl command to remove the configuration. By default, no AS path ACL filtering is configured. Examples # In BGP view, reference the AS path ACL 1 to filter routes outgoing to the peer group test.
[Sysname-bgp] peer 160.89.2.33 as-number 100 [Sysname-bgp] peer 160.89.2.33 capability-advertise conventional peer capability-advertise orf Syntax peer { group-name | ip-address } capability-advertise orf ip-prefix { both | receive | send } undo peer { group-name | ip-address } capability-advertise orf ip-prefix { both | receive | send } View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters.
Examples # Enable the ORF capability for the BGP peer 18.10.0.9. Then, after negotiation, the local router can exchange ORF information with the peer 18.10.0.9. system-view [Sysname] bgp 100 [Sysname-bgp] peer 18.10.0.9 as-number 100 [Sysname-bgp] peer 18.10.0.9 capability-advertise orf ip-prefix both The related configuration needs to be made on the peer accordingly. # In BGP-VPN instance view, enable the ORF capability for the BGP peer 18.10.0.9.
system-view [Sysname] bgp 100 [Sysname-bgp] peer 18.10.0.9 as-number 100 [Sysname-bgp] peer 18.10.0.9 capability-advertise orf non-standard [Sysname-bgp] peer 18.10.0.9 capability-advertise orf ip-prefix both # In BGP-VPN instance view, enable the non-standard ORF capability for the BGP peer 18.10.0.9 (suppose the BGP peer 18.10.0.9 can only send non-standard ORF packets). (vpn1 must be created first.
peer connect-interface (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } connect-interface interface-type interface-number undo peer { group-name | ip-address } connect-interface View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string 1 to 47 characters. ip-address: IP address of a peer. interface-type interface-number: Specifies the type and number of the interface.
peer default-route-advertise (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } default-route-advertise [ route-policy route-policy-name ] undo peer { group-name | ip-address } default-route-advertise View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. route-policy-name: Routing policy name, a string of 1 to 19 characters.
Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. description-text: Description information for the peer/peer group, a string of 1 to 79 characters. Description Use the peer description command to configure the description information for a peer/peer group. Use the undo peer description command to remove the description information of a peer/peer group. By default, no description information is configured for a peer/peer group.
You can use the argument hop-count to specify the maximum route hop count of the EBGP connection. Examples # In BGP view, allow establishing the EBGP connection with the peer group test that is on an indirectly connected network. system-view [Sysname] bgp 100 [Sysname-bgp] peer test ebgp-max-hop # In BGP-VPN instance view, allow establishing the EBGP connection with the peer group test that is on an indirectly connected network (the VPN has been created).
View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. as-number: Local autonomous system number, in the range 1 to 4294967295. Description Use the peer fake-as command to configure a fake local AS number for a peer or peer group. Use the undo peer fake-as command to remove the configuration. By default, no fake local AS number is configured for a peer or peer group.
export: Applies the filter-policy to routes advertised to the peer/peer group. import: Applies the filter-policy to routes received from the peer/peer group. Description Use the peer filter-policy command to configure an ACL-based filter policy for a peer or peer group. Use the undo peer filter-policy command to remove the configuration. By default, no ACL-based filter policy is configured for a peer or peer group. Related commands: peer as-path-acl.
Examples # In BGP view, add the peer 10.1.1.1 to the EBGP peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] group test external [Sysname-bgp] peer test as-number 2004 [Sysname-bgp] peer 10.1.1.1 group test # In BGP-VPN view, add the peer 10.1.1.1 to the EBGP peer group test (the VPN has been created).
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer 10.10.10.10 ignore peer ip-prefix Syntax peer { group-name | ip-address } ip-prefix ip-prefix-name { export | import } undo peer { group-name | ip-address } ip-prefix { export | import } View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer.
View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Description Use the peer keep-all-routes command to save original routing information from a peer or peer group, including routes that fail to pass the inbound policy (if configured). Use the undo peer keep-all-routes command to disable this function. By default, the function is not enabled.
Use the undo peer log-change command to remove the configuration. The logging is enabled by default. Examples # In BGP view, enable the logging of session state and event information for peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] peer test log-change # In BGP-VPN instance view, enable the logging of session state and event information for peer group test (the VPN has been created).
[Sysname-bgp-vpn1] peer test next-hop-local peer password Syntax peer { group-name | ip-address } password { cipher | simple } password undo peer { group-name | ip-address } password View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. cipher: Displays the configured password in cipher text format. simple: Displays the configured password in plain text format.
# Perform the similar configuration on the peer. system-view [Sysname] bgp 200 [Sysname-bgp-vpn1] peer 10.1.100.1 password simple aabbcc peer preferred-value (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } preferred-value value undo peer { group-name | ip-address } preferred-value View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer.
system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer 131.108.1.1 preferred-value 50 peer public-as-only (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } public-as-only undo peer { group-name | ip-address } public-as-only View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer.
View BGP view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Description Use the peer reflect-client command to configure the router as a route reflector and specify a peer/peer group as a client. Use the undo peer reflect-client command to remove the configuration. By default, neither the route reflector nor the client is configured. Related commands: reflect between-clients and reflect cluster-id.
percentage-value: Threshold value for the router to display an alarm message (that is, the router displays an alarm message when the ratio of the number of received prefixes to the prefix-number reaches the percentage). It is in the range 1 to 100 and defaults to 75. Description Use the peer route-limit command to set the number of route prefixes that can be received from a peer/peer group. Use the undo peer route-limit command to restore the default. The number is not limited by default.
By default, no routing policy is applied to routes from/to the peer/peer group. The peer route-policy command does not apply the if-match interface clause in the referenced routing policy. Examples # In BGP view, apply routing policy test-policy to routes outgoing to the peer group test.
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer test as-number 100 [Sysname-bgp-vpn1] peer test route-update-interval 10 peer substitute-as (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } substitute-as undo peer { group-name | ip-address } substitute-as View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a sting of 1 to 47 characters. ip-address: IP address of a peer.
Default level 2: System level Parameters group-name: Name of a peer group, a sting of 1 to 47 characters. ip-address: IP address of a peer. keepalive: Keepalive interval in seconds, ranging from 0 to 21845. holdtime: Holdtime interval in seconds, whose value is 0 or in the range of 3 to 65535. Description Use the peer timer command to configure the keepalive interval and holdtime interval for a peer or peer group. Use the undo peer timer command to restore the default.
[Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer test timer keepalive 0 hold 0 preference (BGP/BGP-VPN instance view) Syntax preference { external-preference internal-preference local-preference | route-policy route-policy-name } undo preference View BGP view, BGP-VPN instance view Default level 2: System level Parameters external-preference: Preference of EBGP routes, in the range 1 to 255. internal-preference: Preference of IBGP routes, in the range 1 to 255.
View BGP view Default level 2: System level Parameters None Description Use the reflect between-clients command to enable route reflection between clients. Use the undo reflect between-clients command to disable this function. By default, route reflection between clients is enabled. After a route reflector is configured, it reflects the routes of a client to other clients. If the clients of a route reflector are fully meshed, you need disable route reflection between clients to reduce routing costs.
Examples # Set the cluster ID to 80. system-view [Sysname] bgp 100 [Sysname-bgp] reflector cluster-id 80 refresh bgp Syntax refresh bgp { all | ip-address | group group-name | external | internal } { export | import } View User view Default level 1: Monitor level Parameters all: Soft-resets all BGP connections. ip-address: Soft-resets the BGP connection to a peer. group-name: Soft-resets connections to a peer group, name of which is a sting of 1 to 47 characters. external: EBGP connection.
Parameters as-number: Resets BGP connections to peers in the AS. ip-address: Specifies the IP address of a peer with which to reset the connection. flap-info: Clears route flap information. all: Resets all BGP connections. external: Resets all the EBGP connections. group group-name: Resets connections with the specified BGP peer group. internal: Resets all the iBGP connections. Description Use the reset bgp command to reset specified BGP connections. Examples # Reset all the BGP connections.
View User view Default level 1: Monitor level Parameters ip-address: Clears the flap statistics of a route. mask-length: Mask length, in the range 0 to 32. mask: Network mask, in dotted decimal notation. as-path-acl-number: Clears the flap statistics of routes matching an AS path ACL, number of which is in the range 1 to 256. as-path-regular-expression: Clears the flap statistics of routes matching the AS path regular expression, which is a string of 1 to 80 characters.
View BGP view Default level 2: System level Parameters router-id: Router ID in IP address format. Description Use the router-id command to specify a router ID. Use the undo router-id command to remove the router ID. To run BGP protocol, a router must have a router ID, which is an unsigned 32-bit integer, the unique ID of the router in the AS. You can specify a router ID manually. Otherwise, the system selects the highest IP address among loopback interface addresses as the router ID.
The summary automatic command helps BGP limit the number of routes redistributed from IGP to reduce the size of the routing table. Examples # In BGP view, enable automatic route summarization. system-view [Sysname] bgp 100 [Sysname-bgp] summary automatic # In BGP-VPN instance view, enable automatic summarization (the VPN has been created).
timer (BGP/BGP-VPN instance view) Syntax timer keepalive keepalive hold holdtime undo timer View BGP view, BGP-VPN instance view Default level 2: System level Parameters keepalive: Keepalive interval in seconds, ranging from 0 to 21845. holdtime: Holdtime interval in seconds, whose value is 0 or in the range of 3 to 65535. Description Use the timer command to configure BGP keepalive interval and holdtime interval. Use the undo timer command to restore the default.
system-view [Sysname] bgp 100 [Sysname-bgp] timer keepalive 0 hold 0 # In BGP-VPN instance view, configure both the keepalive interval and holdtime interval for vpn1 as 0 seconds, indicating no peer connection will time out. (vpn1 must be created first.
Basic IP routing configuration commands NOTE: The term router in this document refers to a network device running routing protocols. display ip routing-table Syntax display ip routing-table [ vpn-instance vpn-instance-name ] [ verbose | | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays routing table information for a VPN instance.
Examples # Display brief information about active routes in the routing table. display ip routing-table Routing Tables: Public Destinations : 6 Destination/Mask Proto 127.0.0.0/8 127.0.0.1/32 Routes : 6 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 Direct 0 0 192.168.0.1 GE0/0 192.168.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.1.0/24 Direct 0 0 192.168.1.1 GE0/1 192.168.1.1/32 Direct 0 0 127.0.0.
Tag: 0 Destination: 192.168.0.0/24 Protocol: Direct Preference: 0 NextHop: 192.168.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active Adv Process ID: 0 Cost: 0 Interface: GigabitEthernet0/0 BkInterface: Neighbor : 0.0.0.0 Label: NULL Age: 03h01m36s Tag: 0 Destination: 192.168.0.1/32 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Process ID: 0 Cost: 0 Interface: InLoopBack0 BkInterface: Neighbor : 0.0.0.
Table 83 Output description Field Description Destination Destination address/mask length Protocol Protocol that presents the route Process ID Process ID Preference Priority of the route Cost Cost of the route NextHop Address of the next hop on the route Interface Outbound interface for packets to be forwarded along the route BkNexthop Backup next hop BkInterface Backup outbound interface RelyNextHop The next hop address obtained through routing recursion Neighbour Neighboring address
Field Description Inactive Inactive routes Invalid Invalid routes WaitQ The route is the WaitQ during route recursion. TunE Tunnel GotQ The route is in the GotQ during route recursion. Age Time for which the route has been in the routing table, in the sequence of hour, minute, and second from left to right.
Summary Count : 6 Destination/Mask Proto 10.1.1.0/24 10.1.1.2/32 Pre Cost NextHop Interface Direct 0 0 10.1.1.2 Vlan1 Direct 0 0 127.0.0.1 InLoop0 10.1.2.0/24 Direct 0 0 10.1.2.1 GE0/0 10.1.2.1/32 Direct 0 0 127.0.0.1 InLoop0 10.1.3.0/24 Direct 0 0 10.1.3.1 GE0/1 10.1.3.1/32 Direct 0 0 127.0.0.1 InLoop0 For description of the output, see Table 82. # Display detailed information about both active and inactive routes permitted by basic ACL 2000.
Tunnel ID: 0x0 Label: NULL State: Active NoAdv Age: 1d00h05m42s Tag: 0 Destination: 10.1.3.0/24 Protocol: Direct Process ID: 0 Preference: 0 NextHop: 10.1.3.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 Cost: 0 Interface: GigabitEthernet0/1 Neighbour: 0.0.0.0 Label: NULL State: Active Adv Age: 1d00h05m31s Tag: 0 Destination: 10.1.3.1/32 Protocol: Direct Process ID: 0 Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 Cost: 0 Interface: InLoopBack0 Neighbour: 0.0.0.
Executing the command with different parameters yields different output: • display ip routing-table ip-address The system ANDs the input destination IP address with the subnet mask in each route entry; and ANDs the destination IP address in each route entry with its corresponding subnet mask. If the two operations yield the same result for an entry and this entry is active, it is displayed.
11.1.1.0/24 Static 60 0 0.0.0.0 NULL0 # Display route entries by specifying a destination IP address and mask. [Sysname] display ip routing-table 11.1.1.1 24 Routing Table : Public Summary Count : 3 Destination/Mask Proto 11.0.0.0/8 11.1.0.0/16 11.1.1.0/24 Pre Cost NextHop Interface Static 60 0 0.0.0.0 NULL0 Static 60 0 0.0.0.0 NULL0 Static 60 0 0.0.0.0 NULL0 # Display route entries by specifying a destination IP address and mask and the longer-match keyword.
Description Use the display ip routing-table ip-prefix command to display information about routes permitted by a specified prefix list. This command is intended for the follow-up display of routing policies. If the specified prefix list is not configured, detailed information about all routes (with the verbose keyword) or brief information about all active routes (without the verbose keyword) is displayed. Examples # Configure a prefix list named test, permitting routes with a prefix of 2.2.2.
display ip routing-table protocol Syntax display ip routing-table protocol protocol [ inactive | verbose ] View Any view Default level 1: Monitor level Parameters protocol: Routing protocol. It can be bgp, direct, ospf, rip, static, or guard. inactive: Displays information about only inactive routes. With this argument absent, the command displays information about both active and inactive routes. verbose: Displays detailed routing table information.
Summary Count : 0 Static Routing table Status : < Inactive> Summary Count : 2 Destination/Mask Proto Pre Cost NextHop Interface 1.2.3.0/24 Static 60 0 1.2.4.5 Vlan10 3.0.0.0/8 Static 60 0 2.2.2.2 GE0/1 For description of the output, see Table 82.
Field Description deleted Number of routes marked as deleted, which will be freed after a period. freed Number of routes that got freed, that is, got removed permanently. Total Total number display router id Syntax display router id View Any view Default level 1: Monitor level Parameters None Description Use the display router id command to display the router ID. Examples # Display the router ID. display router id Configured router ID is 1.1.1.
• Select the router ID configured with the router id command; • Select the highest IP address among loopback interfaces as the router ID: • If no loopback interface IP address is available, the highest IP address among physical interfaces is selected as the router ID (regardless of the interface state). • If the interface whose IP address is the router ID is removed or modified, a new router ID is selected.
Policy-based routing configuration commands apply access-vpn vpn-instance Syntax apply access-vpn vpn-instance vpn-instance-name&<1-6> undo apply access-vpn vpn-instance [ vpn-instance-name ]&<1-6> View PBR policy node view Default level 2: System level Parameters vpn-instance-name&<1-6>: Specifies an VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. &<1-6> indicates that you can input up to six VPN instance names.
View PBR policy node view Default level 2: System level Parameters interface-type interface-number: Specifies an interface. track track-entry-number: Specifies a track entry. The track-entry-number argument is in the range 1 to 1024. Description Use the apply default output-interface command to set the default outgoing interface. Use the undo apply default output-interface command to remove the configuration. Using this command can set two outgoing interfaces at most for load sharing.
Note that: • At most two default next hops can be specified in one command line. • Using the undo apply ip-address default next-hop command with a next hop specified removes the default next hop. Using this command without any next hop specified removes all default next hops. Examples # Set the default next hop to 1.1.1.1. system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] apply ip-address default next-hop 1.1.1.
undo apply ip-precedence View PBR policy node view Default level 2: System level Parameters value: Sets the precedence for IP packets. Eight precedence values (0 to 7) are available. Each precedence value corresponds to a precedence type, as shown in Table 85. You can set either a precedence value or a precedence type for IP packets.
Parameters interface-type interface-number: Specifies an interface. track track-entry-number: Specifies a track entry. The track-entry-number argument is in the range 1 to 1024. Description Use the apply output-interface command to set outgoing interface(s) for packets. Use the undo apply output-interface command to remove the configuration. Up to two outgoing interfaces can be specified in one command line for the policy node.
Table 86 Output description Field Description Policy Name Policy name PBR type: interface • local means Local PBR. • A specific interface means the policy has been applied to the interface to implement interface PBR. For example, Virtual-template0.
apply output-interface GigabitEthernet0/2 Table 87 Output description Field Description policy Name Policy name interface Interface where the policy is applied. Local means the policy is applied locally.
Table 88 Output description Field Description Interface GigabitEthernet0/1 policy based routing statistics information PBR statistics on GigabitEthernet0/1. policy-based-route: aaa The policy name is aaa. permit node 5 The match mode of node 5 is permit. if-match acl 3101 Match packets against ACL 3101 apply output-interface GigabitEthernet0/2 The outgoing interface is GigabitEthernet0/2.
if-match acl Syntax if-match acl acl-number undo if-match acl View PBR policy node view Default level 2: System level Parameters acl-number: ACL number, in the range of 2000 to 3999. The number of a basic ACL ranges from 2000 to 2999 and that of an advanced ACL ranges from 3000 to 3999. Description Use the if-match acl command to define an ACL match criterion. Use the undo if-match acl command to remove the ACL match criterion. Examples # Permit the packets matching ACL 2010.
[Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] if-match packet-length 100 200 ip local policy-based-route Syntax ip local policy-based-route policy-name undo ip local policy-based-route policy-name View System view Default level 2: System level Parameters policy-name: Policy name, a string of 1 to 19 characters. Description Use the ip local policy-based-route command to configure local PBR based on a specified policy.
No policy is referenced for interface PBR by default. Note that: • Only one policy can be referenced by an interface for PBR. • The referenced policy applies to all packets arriving on the interface. Examples # Configure PBR based on policy aaa on GigabitEthernet0/1.
reset policy-based-route statistics Syntax reset policy-based-route statistics [ policy-name ] View User view Default level 1: Monitor level Parameters policy-name: Policy name, a string of 1 to 19 characters. Description Use the reset policy-based-route statistics command to clear PBR statistics. If no policy name is specified, this command clears all the PBR statistics. Examples # Clear all PBR statistics.
Multicast routing configuration commands NOTE: The term router in this document refers to both routers and Layer 3 switches. display multicast boundary Syntax display multicast boundary [ group-address [ mask | mask-length ] ] [ interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters group-address: Multicast group address, in the range of 224.0.0.0 to 239.255.255.255. mask: Mask of the multicast group address, 255.255.255.255 by default.
display multicast forwarding-table Syntax display multicast forwarding-table [ source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] | incoming-interface { interface-type interface-number | register } | outgoing-interface { { exclude | include | match } { interface-type interface-number | register } } | statistics ] * [ port-info ] View Any view Default level 1: Monitor level Parameters source-address: Multicast source address.
Total 1 entry Total 1 entry matched 00001. (172.168.0.2, 227.0.0.
Value Meaning 0x00000008 Indicates whether the RP is a PIM domain border router 0x00000010 Indicates that a register outgoing interface is available 0x00000400 Identifies an (S, G) entry to be deleted 0x00008000 Indicates that the (S, G) entry is in the smoothening process after active/standby switchover 0x00010000 Indicates that the (S, G) has been updated during the smoothing process 0x00080000 Indicates that the (S, G) entry has been repeatedly updated and needs to be deleted before a new en
Multicast routing tables are the basis of multicast forwarding. You can view the establishment state of an (S, G) entry by checking the multicast routing table. Related commands: display multicast forwarding-table. Examples # View the routing information in the multicast routing table of the public instance. display multicast routing-table Multicast routing table of VPN-Instance: public net Total 1 entry 00001. (172.168.0.2, 227.0.0.
Description Use the display multicast routing-table static command to view the information of multicast static routes. Examples # View all the multicast static routes in the public instance. display multicast routing-table static Multicast Routing Table of VPN-Instance: public net Routes : 1 Mroute 10.10.0.0/16 Interface = GigabitEthernet0/1 RPF Neighbor = 2.2.2.2 Matched routing protocol = , Route-policy = Preference = 1, Order = 1 Running Configuration = ip rpf-route-static 10.
Default level 1: Monitor level Parameters source-address: Multicast source address. group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255. Description Use the display multicast rpf-info command to view the RPF information of a multicast source. Related commands: display multicast routing-table, display multicast forwarding-table. Examples # View all the RPF information of multicast source 192.168.1.55 in the public network. display multicast rpf-info 192.168.1.
ip rpf-route-static Syntax ip rpf-route-static source-address { mask | mask-length } [ protocol [ process-id ] ] [ route-policy policy-name ] { rpf-nbr-address | interface-type interface-number } [ preference preference ] [ order order-number ] undo ip rpf-route-static source-address { mask | mask-length } [ protocol [ process-id ] ] [ route-policy policy-name ] View System view Default level 2: System level Parameters source-address: Multicast source address. mask: Mask of the multicast source address.
corresponding fields without changing the configuration sequence; otherwise, add a multicast static route. When configuring a multicast static route, you can specify an RPF neighbor only by providing its IP address (rpf-nbr-address) rather than providing the type and number (interface-type interface-number) of the interface connecting the RPF if the interface type of the RPF neighbor is Ethernet, Layer 3 aggregate, Loopback, RPR, or VLAN-interface.
vlan vlan-id: Specifies the VLAN to which the interface belongs. vlan-id is in the range of 1 to 4094. The specified VLAN must exist and the system gives a prompt if the specified interface does not belong to the VLAN. Description Use the mac-address multicast command to configure a static multicast MAC address entry. Use the undo mac-address multicast command to delete a static multicast MAC address entry. By default, no static multicast MAC address entry is configured.
Examples # Trace the path down which the (6.6.6.6, 225.2.1.1) multicast traffic flows to the last-hop router with an IP address of 5.5.5.8. mtracert 6.6.6.6 5.5.5.8 225.2.1.1 Type Ctrl+C to quit mtrace facility Tracing reverse path of (6.6.6.6, 225.2.1.1) from last-hop router (5.5.5.8) to source via multicast routing-table -1 5.5.5.8 Incoming interface address: 4.4.4.8 Previous-hop router address: 4.4.4.
Field Description Forwarding TTL The minimum TTL that a packet is required to have before it can be forwarded over the outgoing interface multicast boundary Syntax multicast boundary group-address { mask | mask-length } undo multicast boundary { group-address { mask | mask-length } | all } View Interface view Default level 2: System level Parameters group-address: Multicast group address, in the range of 224.0.0.0 to 239.255.255.255. mask: Mask of the multicast group address.
multicast forwarding on-demand Syntax multicast forwarding on-demand undo multicast forwarding on-demand View VLAN view Default level 2: System level Parameters None Description Use the multicast forwarding on-demand command to enable the multicast forwarding on-demand function in the VLAN. Use the undo multicast forwarding on-demand command to restore the system default. By default, multicast forwarding on-demand is disabled.
Description Use the multicast forwarding-table downstream-limit command to configure the maximum number of downstream nodes for a single entry in the multicast forwarding table. Use the undo multicast forwarding-table downstream-limit command to restore the system default. By default, the maximum number of downstream nodes for a single multicast forwarding entry is the maximum number allowed by the system. Related commands: display multicast forwarding-table.
undo multicast load-splitting View System view Default level 2: System level Parameters source: Specifies to implement per-source load splitting. source-group: Specifies to implement per-source and per-group load splitting simultaneously. Description Use the multicast load-splitting command to enable load splitting of multicast traffic. Use the undo multicast load-splitting command to disable load splitting of multicast traffic. By default, load splitting of multicast traffic is disabled.
multicast routing-enable Syntax multicast routing-enable undo multicast routing-enable View System view Default level 2: System level Parameters None Description Use the multicast routing-enable command to enable IP multicast routing. Use the undo multicast routing-enable command to disable IP multicast routing. IP multicast routing is disabled by default. You must enable IP multicast routing in the public instance before you can carry out other Layer 3 multicast commands in the corresponding instance.
incoming-interface: Specifies to clear multicast forwarding entries of which the incoming interface is the specified one. interface-type interface-number: Specifies an interface by its type and number. register: Specifies to clear multicast forwarding entries of which the incoming interface is the specified register interface of PIM-SM. all: Specifies to clear all the forwarding entries from the multicast forwarding table.
Description Use the reset multicast routing-table command to clear multicast routing entries from the multicast routing table. When a route entry is deleted from the multicast routing table, the corresponding forwarding entry is also deleted from the multicast forwarding table. Related commands: reset multicast forwarding-table, display multicast routing-table, display multicast forwarding-table. Examples # Clear the route entries related to multicast group 225.5.4.
IGMP configuration commands NOTE: The term router in this document refers to both routers and Layer 3 switches. display igmp group Syntax display igmp group [ group-address | interface interface-type interface-number ] [ static | verbose ] View Any view Default level 1: Monitor level Parameters group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255. interface interface-type interface-number: Displays the IGMP multicast group information about a particular interface.
# Display the detailed information of multicast group 225.1.1.1 in the public instance. display igmp group 225.1.1.1 verbose Interface group report information of VPN-Instance: public net GigabitEthernet0/1(10.10.1.20): Total 1 IGMP Groups reported Group: 225.1.1.1 Uptime: 00:00:34 Expires: 00:00:40 Last reporter: 10.10.1.
Description Use the display igmp interface command to view IGMP configuration and operation information of the specified interface or all IGMP-enabled interfaces. Examples # View the IGMP configuration and operation information on GigabitEthernet 0/1 (downstream interface) in the public instance. display igmp interface GigabitEthernet 0/1 verbose GigabitEthernet0/1(10.10.1.
Field Description Value of maximum query response time for IGMP(in seconds) Maximum response time for IGMP general queries, in seconds Value of last member query interval(in seconds) IGMP last member query interval, in seconds Value of startup query interval(in seconds) IGMP startup query interval, in seconds Value of startup query count Number of IGMP general queries the device sends on startup General query timer expiry Remaining time of the IGMP general query timer, where “off” means that the
Parameters group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255. With no multicast group address included, this command displays the information of all the IGMP proxying groups. verbose: Displays the detailed IGMP proxying group information. Description Use the display igmp proxying group command to view the IGMP proxying group information. Examples # View the IGMP proxying group information of the public instance.
display igmp routing-table Syntax display igmp routing-table [ source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] | flags { act | suc } ] * View Any view Default level 1: Monitor level Parameters source-address: Multicast source address. group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255. mask: Subnet mask of the multicast group/source address, 255.255.255.255 by default.
Table 100 Output description Field Description Routing table of VPN-Instance: public net Public network IGMP routing table 00001 Sequence number of this (*, G) entry (*, 225.1.1.
5.5.5.5 10.1.1.1 100.1.1.10 Table 101 Output description Field Description VPN-Instance: public net Public instance Group Multicast group address Source list List of multicast source addresses display igmp ssm-mapping group Syntax display igmp ssm-mapping group [ group-address | interface interface-type interface-number ] [ verbose ] View Any view Default level 1: Monitor level Parameters group-address: Specifies a multicast group by its IP address, in the range of 224.0.1.0 to 239.255.255.255.
Last reporter: 1.1.1.1 Version1-host-present-timer-expiry: off Source list(Total 1 source): Source: 1.1.1.1 Uptime: 00:00:31 Expires: 00:01:39 Last-member-query-counter: 0 Last-member-query-timer-expiry: off Table 102 Output description Field Description Interface group report information of VPN-Instance: public net Multicast group information created based on IGMP SSM mappings on a public network interface Total 1 IGMP SSM-mapping Group reported One IGMP SSM mapping multicast group was reported.
Description Use the fast-leave command to configure fast leave processing globally. Use the undo fast-leave command to disable fast leave processing globally. By default, fast leave processing is disabled. Namely, the IGMP querier sends IGMP group-specific queries upon receiving an IGMP leave message from a host, instead of sending a leave notification directly to the upstream. This command takes effect on all Layer 3 interfaces. Related commands: igmp fast-leave, last-member-query-interval.
undo igmp enable View Interface view Default level 2: System level Parameters None Description Use the igmp enable command to enable IGMP on the current interface. Use the undo igmp enable command to disable IGMP on the current interface. By default, IGMP is disabled on all interfaces. IP multicast must be enabled in the corresponding instance before this command can take effect. IGMP must be enabled on an interface before any other IGMP feature configured on the interface can take effect.
Related commands: fast-leave and igmp last-member-query-interval. Examples # Enable fast leave processing on GigabitEthernet 0/1. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] igmp fast-leave igmp group-policy Syntax igmp group-policy acl-number [ version-number ] undo igmp group-policy View Interface view Default level 2: System level Parameters acl-number: Basic or advanced ACL number, in the range of 2000 to 3999.
undo igmp last-member-query-interval View Interface view Default level 2: System level Parameters interval: IGMP last member query interval in seconds, with an effective range of 1 to 5. Description Use the igmp last-member-query-interval command to configure the last member query interval, namely the length of time the device waits between sending IGMP group-specific queries, on the current interface. Use the undo igmp last-member-query-interval command to restore the system default.
Examples # Set the maximum response time for IGMP general queries to 8 seconds on GigabitEthernet 0/1. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] igmp max-response-time 8 igmp proxying enable Syntax igmp proxying enable undo igmp proxying enable View Interface view Default level 2: System level Parameters None Description Use the igmp proxying enable command to enable IGMP proxying on an interface.
Parameters None Description Use the igmp proxying forwarding command to enable a non-querier downstream interface to forward multicast traffic. Use the undo igmp proxying forwarding command to disable the forwarding capability of a non-querier downstream interface. By default, a non-querier downstream interface does not forward multicast traffic. Examples # Enable the multicast forwarding capability on GigabitEthernet 0/1, a non-querier downstream interface on the IGMP proxy device.
igmp robust-count Syntax igmp robust-count robust-value undo igmp robust-count View Interface view Default level 2: System level Parameters robust-value: IGMP querier robustness variable, with an effective range of 2 to 5. The IGMP robustness variable determines the default number of general queries the IGMP querier sends on startup and the number of IGMP group-specific queries the IGMP querier sends upon receiving an IGMP leave message.
Use the undo igmp send-router-alert command on the current interface to disable insertion of the Router-Alert option in IGMP messages to be sent. By default, IGMP messages are sent with the Router-Alert option. Related commands: send-router-alert, igmp require-router-alert. Examples # Disable insertion of the Router-Alert option into IGMP messages that leave GigabitEthernet 0/1.
Default level 2: System level Parameters value: Startup query count, namely, the number of queries the IGMP querier sends on startup, with an effective range of 2 to 5. Description Use the igmp startup-query-count command to configure the startup query count on the current interface. Use the undo igmp startup-query-count command to restore the system default. By default, the startup query count is set to the IGMP querier robustness variable.
Examples # Set the startup query interval to 5 seconds on GigabitEthernet 0/1. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] igmp startup-query-interval 5 igmp static-group Syntax igmp static-group group-address [ source source-address ] undo igmp static-group { all | group-address [ source source-address ] } View Interface view Default level 2: System level Parameters group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255.
undo igmp timer other-querier-present View Interface view Default level 2: System level Parameters interval: IGMP other querier present interval in seconds, in the range of 60 to 300. Description Use the igmp timer other-querier-present command to configure the IGMP other querier present interval on the current interface. Use the undo igmp timer other-querier-present command to restore the system default.
By default, the IGMP query interval is 60 seconds. Related commands: timer query, igmp timer other-querier-present, display igmp interface. Examples # Set the IGMP query interval to 125 seconds on GigabitEthernet 0/1.
Parameters interval: Last-member query interval in seconds, with an effective range of 1 to 5. Description Use the last-member-query-interval command to configure the global IGMP last-member query interval. Use the undo last-member-query-interval command to restore the system default. By default, the IGMP last-member query interval is 1 second. Related commands: igmp last-member-query-interval, robust-count, display igmp interface.
undo require-router-alert View Public instance IGMP view Default level 2: System level Parameters None Description Use the require-router-alert command to configure globally the router to discard IGMP messages that do not carry the Router-Alert option. Use the undo require-router-alert command to restore the system default. By default, the device does not check the Router-Alert option, namely it handles all the IGMP messages it received to the upper layer protocol for processing.
Description Use the reset igmp group command to clear IGMP multicast group information. This command cannot clear IGMP multicast group information of static joins. Related commands: display igmp group. Examples # Clear all IGMP multicast group information on all interfaces in the public instance. reset igmp group all # Clear all IGMP multicast group information on GigabitEthernet 0/1 in the public instance.
reset igmp ssm-mapping group all robust-count (IGMP view) Syntax robust-count robust-value undo robust-count View Public instance IGMP view Default level 2: System level Parameters robust-value: IGMP querier robustness variable, with an effective range of 2 to 5. The IGMP robustness variable determines the default number of general queries the IGMP querier sends on startup and the number of IGMP group-specific queries the IGMP querier sends upon receiving an IGMP leave message.
Use the undo send-router-alert command to globally disable insertion of the Router-Alert option into IGMP messages to be sent. By default, an IGMP message carries the Router-Alert option. Related commands: igmp send-router-alert, require-router-alert. Examples # Globally disable the insertion of the Router-Alert option in IGMP messages to be sent in the public instance.
startup-query-count (IGMP view) Syntax startup-query-count value undo startup-query-count View Public instance IGMP view Default level 2: System level Parameters value: Startup query count, namely, the number of queries the IGMP querier sends on startup, with an effective range of 2 to 5. Description Use the startup-query-count command to configure the startup query count globally. Use the undo startup-query-count command to restore the system default.
Use the undo startup-query-interval command to restore the system default. By default, the startup query interval is 1/4 of the “IGMP query interval”. NOTE: By default, the IGMP query interval is 60 seconds, so the startup query interval = 60 / 4 = 15 (seconds). Related commands: igmp-startup-query-interval, timer query. Examples # Set the startup query interval to 5 seconds globally in the public instance.
timer query (IGMP view) Syntax timer query interval undo timer query View Public instance IGMP view Default level 2: System level Parameters interval: IGMP query interval in seconds, namely interval between IGMP general queries, with an effective range of 1 to 18,000. Description Use the timer query command to configure the IGMP query interval globally. Use the undo timer query command to restore the default setting. By default, IGMP query interval is 60 seconds.
Examples # Set the global IGMP version to IGMPv1 in the public instance.
PIM configuration commands NOTE: The term router in this document refers to both routers and Layer 3 switches. auto-rp enable Syntax auto-rp enable undo auto-rp enable View Public instance PIM view Default level 2: System level Parameters None Description Use the auto-rp enable command to enable auto-RP. Use the undo auto-rp enable command to disable auto-RP. By default, auto-RP is disabled. Related commands: static-rp. Examples # Enable auto-RP in the public instance.
Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. When an ACL is defined, the source keyword in the rule command specifies a legal BSR source address range. Description Use the bsr-policy command to configure a legal BSR address range to guard against BSR spoofing. Use the undo bsr-policy command to remove the restriction of the BSR address range. By default, there are no restrictions on the BSR address range, namely the bootstrap messages from any source are regarded to be valid.
Examples # Configure GigabitEthernet 0/1 to be a C-BSR in the public instance. system-view [Sysname] pim [Sysname-pim] c-bsr GigabitEthernet 0/1 c-bsr admin-scope Syntax c-bsr admin-scope undo c-bsr admin-scope View Public instance PIM view Default level 2: System level Parameters None Description Use the c-bsr admin-scope command to enable administrative scoping. Use the undo c-bsr admin-scope command to disable administrative scoping.
priority: Priority of the C-BSR in the global scope zone, in the range of 0 to 255. If you do not include this argument in your command, the corresponding global setting will be used. A larger value of this argument means a higher priority. Description Use the c-bsr global command to configure a C-BSR for the global scope zone. Use the undo c-bsr global command to remove the C-BSR configuration for the global scope zone. By default, no C-BSRs are configured for the global scope zone.
Examples # In the public instance configure the router to be a C-BSR in the admin-scope region associated with the multicast group address 239.0.0.0/8, with the priority of 10. system-view [Sysname] pim [Sysname-pim] c-bsr group 239.0.0.0 255.0.0.0 priority 10 c-bsr hash-length (PIM view) Syntax c-bsr hash-length hash-length undo c-bsr hash-length View Public instance PIM view Default level 2: System level Parameters hash-length: Hash mask length, in the range of 0 to 32.
Description Use the c-bsr holdtime command to configure the BS timeout, namely the length of time a C-BSR waits before it must receive a bootstrap message from the BSR. Use the undo c-bsr holdtime command to restore the system default. By default, the bootstrap timeout value is determined by this formula: BS timeout = BS period × 2 + 10. NOTE: The default BS period is 60 seconds, so the default BS timeout = 60 × 2 + 10 = 130 (seconds). Related commands: c-bsr, c-bsr interval.
c-bsr priority (PIM view) Syntax c-bsr priority priority undo c-bsr priority View Public instance PIM view Default level 2: System level Parameters priority: Priority of the C-BSR, in the range of 0 to 255. A larger value of this argument means a higher priority. Description Use the c-bsr priority command to configure the global C-BSR priority. Use the undo c-bsr priority command to restore the system default. By default, the C-BSR priority is 0. Related commands: c-bsr, c-bsr global, c-bsr group.
priority: Priority of the C-RP, in the range of 0 to 255 and defaulting to 0. A larger value of this argument means a lower priority. hold-interval: C-RP timeout time, in seconds. The effective range is 1 to 65,535. If you do not provide this argument in your command, the corresponding global setting will be used. adv-interval: C-RP-Adv interval in seconds, with an effective range of 1 to 65,535. If you do not provide this argument in your command, the corresponding global setting will be used.
Use the undo c-rp advertisement-interval command to restore the system default. By default, the C-RP-Adv interval is 60 seconds. Related commands: c-rp. Examples # Set the global C-RP-Adv interval to 30 seconds in the public instance.
View Public instance PIM view Default level 2: System level Parameters acl-number: Advanced ACL number, in the range of 3000 to 3999. When the ACL is defined, the source keyword in the rule command specifies the address of a C-RP and the destination keyword specifies the address range of the multicast groups that the C-RP will serve. Description Use the crp-policy command to configure a legal C-RP address range and the range of served multicast groups, so as to guard against C-RP spoofing.
Description Use the display pim bsr-info command to view the BSR information in the PIM domain and the locally configured C-RP information in effect. Related commands: c-bsr, c-rp. Examples # View the BSR information in the PIM-SM domain in the public instance and the locally configured C-RP information in effect. display pim bsr-info VPN-Instance: public net Elected BSR Address: 12.12.12.
Field Description State BSR state Scope Scope of the BSR Uptime Length of time for which this BSR has been up, in hh:mm:ss Next BSR message scheduled at Length of time in which the BSR will expire, in hh:mm:ss Candidate RP Address of the C-RP Priority Priority of the C-RP HoldTime Timeout time of the C-RP Advertisement Interval Interval at which the C-RP sends advertisement messages Next advertisement scheduled at Length of time in which the C-RP will send the next advertisement message,
Table 104 Output description Field Description VPN-Instance: public net Public instance RPF information about: 172.168.0.0 Information of the route to the multicast source 172.168.0.
hello: Displays the number of Hello messages. join-prune: Displays the number of Join/prune messages. state-refresh: Displays the number of state refresh messages. Description Use the display pim control-message counters command to view the statistics information of PIM control messages. Examples # View the statistics information of all types of PIM control messages on all interfaces in the public instance.
Field Description Hello Hello messages Join/Prune Join/prune messages State Refresh State refresh messages BSR Bootstrap messages C-RP C-RP-Adv messages display pim grafts Syntax display pim grafts View Any view Default level 1: Monitor level Parameters None Description Use the display pim grafts command to view the information about unacknowledged graft messages. Examples # View the information about unacknowledged graft messages in the public instance.
View Any view Default level 1: Monitor level Parameters interface-type interface-number: Displays the PIM information on a particular interface. verbose: Displays the detailed PIM information. Description Use the display pim interface command to view the PIM information on the specified interface or all interfaces. Examples # View the PIM information on all interfaces in the public instance.
PIM neighbor tracking (configured): disabled PIM generation ID: 0xF5712241 PIM require generation ID: disabled PIM hello hold interval: 105 s PIM assert hold interval: 180 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 2 Table 108 Output description Field Description VPN-Ins
Field Description Number of routers on network not using LAN delay Number of routers not using the LAN delay field on the subnet where the interface resides Number of routers on network not using neighbor tracking Number of routers not using neighbor tracking on the subnet where the interface resides display pim join-prune Syntax display pim join-prune mode { sm [ flags flag-value ] | ssm } [ interface interface-type interface-number | neighbor neighbor-address ] * [ verbose ] View Any view Default
Table 109 Output description Field Description VPN-Instance: public net Public instance Expiry Time: Expiry time of sending join/prune messages Upstream nbr: IP address of the upstream PIM neighbor and the interface connecting to it (*, G) join(s) Number of (*, G) joins to send (S, G) join(s) Number of (S, G) joins to send (S, G, rpt) prune(s) Number of (S, G, rpt) prunes display pim neighbor Syntax display pim neighbor [ interface interface-type interface-number | neighbor-address | verbose ]
DR Priority: 1 Generation ID: 0x2ACEFE15 Holdtime: 105 s LAN delay: 500 ms Override interval: 2500 ms State refresh interval: 60 s Neighbor tracking: Disabled Table 110 Output description Field Description VPN-Instance: public net Public instance Total Number of Neighbors Total number of PIM neighbors Neighbor IP address of the PIM neighbor Interface Interface connecting the PIM neighbor Uptime Length of time for which the PIM neighbor has been up, in hh:mm:ss Expires/Expiry time Remaining tim
mask: Mask of the multicast group/source address, 255.255.255.255 by default. mask-length: Mask length of the multicast group/source address, in the range of 0 to 32. The system default is 32. incoming-interface: Displays PIM routing entries that contain the specified interface as the incoming interface. interface-type interface-number: Specifies an interface by its type and number. register: Specifies the register interface. This keyword is valid only if mode-type is not specified or is sm.
Related commands: display multicast routing-table. Examples # View the content of the PIM routing table in the public instance. display pim routing-table VPN-Instance: public net Total 0 (*, G) entry; 1 (S, G) entry (172.168.0.12, 227.0.0.1) RP: 2.2.2.
display pim rp-info Syntax display pim rp-info [ group-address ] View Any view Default level 1: Monitor level Parameters group-address: Address of the multicast group of which the RP information is to be displayed, in the range of 224.0.1.0 to 239.255.255.255. If you do not provide a group address, this command will display the RP information corresponding to all multicast groups. Description Use the display pim rp-info command to view the RP information.
Table 112 Output description Field Description VPN-Instance: public net Public instance BSR RP Address is IP address of the RP Group/MaskLen The multicast group served by the RP RP IP address of the RP Priority RP priority HoldTime RP timeout time Uptime Length of time for which the RP has been up, in hh:mm:ss Expires Length of time in which the RP will expire, in hh:mm:ss RP mapping for this group IP address of the RP serving the current multicast group hello-option dr-priority (PIM vie
hello-option holdtime (PIM view) Syntax hello-option holdtime interval undo hello-option holdtime View Public instance PIM view Default level 2: System level Parameters interval: PIM neighbor timeout time in seconds, with an effective range of 1 to 65,535. 65,535 makes the PIM neighbor always reachable. Description Use the hello-option holdtime command to configure the PIM neighbor timeout time. Use the undo hello-option holdtime command to restore the system default.
This command is effective for both PIM-DM and PIM-SM. Related commands: hello-option override-interval, pim hello-option override-interval, pim hello-option lan-delay. Examples # Set the LAN-delay time to 200 milliseconds globally in the public instance.
Default level 2: System level Parameters interval: Prune override interval in milliseconds, with an effective range of 1 to 65,535. Description Use the hello-option override-interval command to configure the global value of the prune override interval. Use the undo hello-option override-interval command to restore the system default. By default, the prune override interval is 2,500 milliseconds. This command is effective for both PIM-DM and PIM-SM. Related commands: override-interval.
[Sysname-pim] holdtime assert 100 holdtime join-prune (PIM view) Syntax holdtime join-prune interval undo holdtime join-prune View Public instance PIM view Default level 2: System level Parameters interval: Join/prune timeout time in seconds, with an effective range of 1 to 65,535. Description Use the holdtime join-prune command to configure the global value of the join/prune timeout time. Use the undo holdtime join-prune command to restore the system default.
Related commands: jp-queue-size. Examples # Set the maximum size of join/prune messages to 1,500 bytes in the public instance. system-view [Sysname] pim [Sysname-pim] jp-pkt-size 1500 jp-queue-size (PIM view) Syntax jp-queue-size queue-size undo jp-queue-size View Public instance PIM view Default level 2: System level Parameters queue-size: Maximum number of (S, G) entries in a join/prune message, in the range of 1 to 4,096.
undo pim View System view Default level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN instance. A VPN instance name is a case sensitive string of up to 31 characters and must not contain any space. Description Use the pim command to enter public instance PIM view. Use the undo pim command to remove all configurations performed in public instance PIM view. IP multicast routing must be enabled in the corresponding instance before this command can take effect.
system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet 0/1] pim bsr-boundary pim dm Syntax pim dm undo pim dm View Interface view Default level 2: System level Parameters None Description Use the pim dm command to enable PIM-DM. Use the undo pim dm command to disable PIM-DM. By default, PIM-DM is disabled. This command can take effect only after IP multicast routing is enabled in the corresponding instance.
Parameters priority: Router priority for DR election, in the range of 0 to 4294967295. A larger value of this argument means a higher priority. Description Use the pim hello-option dr-priority command to configure the router priority for DR election on the current interface. Use the undo pim hello-option dr-priority command to restore the system default. By default, the router priority for DR election is 1. Related commands: hello-option dr-priority.
pim hello-option lan-delay Syntax pim hello-option lan-delay interval undo pim hello-option lan-delay View Interface view Default level 2: System level Parameters interval: LAN-delay time in milliseconds, with an effective range of 1 to 32,767. Description Use the pim hello-option lan-delay command to configure the LAN-delay time, namely the length of time the device waits before processing a prune message, on the current interface.
By default, join suppression is enabled, namely neighbor tracking is disabled. Related commands: hello-option neighbor-tracking. Examples # Disable join suppression on GigabitEthernet 0/1.
Parameters interval: Assert timeout time in seconds, with an effective range of 7 to 2,147,483,647. Description Use the pim holdtime assert command to configure the assert timeout time on the current interface. Use the undo pim holdtime assert command to restore the system default. By default, the assert timeout time is 180 seconds. Related commands: holdtime join-prune, pim holdtime join-prune, holdtime assert. Examples # Set the assert timeout time to 100 seconds on GigabitEthernet 0/1.
View Interface view Default level 2: System level Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. When the ACL is defined, the source keyword in the rule command specifies a legal source address range for hello messages. Description Use the pim neighbor-policy command to configure a legal source address range for hello messages to guard against hello message spoofing. Use the undo pim neighbor-policy command to restore the default.
system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet 0/1] pim require-genid pim sm Syntax pim sm undo pim sm View Interface view Default level 2: System level Parameters None Description Use the pim sm command to enable PIM-SM. Use the undo pim sm command to disable PIM-SM. By default, PIM-SM is disabled. This command can take effect only after IP multicast routing is enabled in the corresponding instance. Related commands: pim dm and multicast routing-enable.
Description Use the pim state-refresh-capable command to enable the state fresh feature on the interface. Use the undo pim state-refresh-capable command to disable the state fresh feature. By default, the state refresh feature is enabled. Related commands: state-refresh-interval, state-refresh-rate-limit, state-refresh-ttl. Examples # Disable state refresh on GigabitEthernet 0/1.
Default level 2: System level Parameters interval: Hello interval in seconds, with an effective range of 1 to 2,147,483,647. Description Use the pim timer hello command to configure on the current interface the interval at which hello messages are sent. Use the undo pim timer hello command to restore the system default. By default, hello messages are sent at the interval of 30 seconds. Related commands: timer hello. Examples # Set the hello interval to 40 seconds on GigabitEthernet 0/1.
pim triggered-hello-delay Syntax pim triggered-hello-delay interval undo pim trigged-hello-delay View Interface view Default level 2: System level Parameters interval: Maximum delay in seconds between hello messages, with an effective range of 1 to 5. Description Use the pim triggered-hello-delay command to configure the maximum delay between hello messages. Use the undo pim triggered-hello-delay command to restore the system default. By default, the maximum delay between hello messages is 5 seconds.
system-view [Sysname] pim [Sysname-pim] probe-interval 6 prune delay (PIM view) Syntax prune delay interval undo prune delay View Public instance PIM view Default level 2: System level Parameters interval: Prune delay time in the range 1 to 128 seconds. Description Use the prune delay command to configure the prune delay time, namely the length of time the device waits between receiving a prune message and taking a prune action. Use the prune delay command to restore the system default.
Use the undo register-policy command to remove the configured register filtering rule. By default, no register filtering rule is configured. Related commands: register-suppression-timeout. Examples # In the public instance configure the RP to accept only those register messages from multicast sources on the subnet of 10.10.0.0/16 for multicast groups on the subnet of 225.1.0.0/16. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule permit ip source 10.10.0.0 0.0.255.
View Public instance PIM view Default level 2: System level Parameters None Description Use the register-whole-checksum command to configure the router to calculate the checksum based on the entire register message. Use the undo register-whole-checksum command to restore the default configuration. By default, the checksum is calculated based on the header in the register message. Related commands: register-policy, register-suppression-timeout.
undo source-lifetime View Public instance PIM view Default level 2: System level Parameters interval: Multicast source lifetime in seconds, with an effective range of 1 to 31,536,000. Description Use the source-lifetime command to configure the multicast source lifetime. Use the undo source-lifetime command to restore the system default. By default, the lifetime of a multicast source is 210 seconds. Examples # Set the multicast source lifetime to 200 seconds in the public instance.
Examples # In the public instance configure the router to accept multicast packets originated from 10.10.1.2 and discard multicast packets originated from 10.10.1.1. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.10.1.2 0 [Sysname-acl-basic-2000] rule deny source 10.10.1.
Once a multicast forwarding entry is created, subsequent multicast data will not be encapsulated in register messages before being forwarded even if a register outgoing interface is available. Therefore, to avoid forwarding failure, do not include the infinity keyword in the spt-switch-threshold command on a device that may become an RP (namely, a static RP or a C-RP). Examples # In the public instance create a group-policy with the ACL number of 2010 and insert the ACL to the first position.
View Public instance PIM view Default level 2: System level Parameters interval: State refresh interval in seconds, with an effective range of 1 to 255. Description Use the state-refresh-interval command to configure the interval between state refresh messages. Use the undo state-refresh-interval command to restore the system default. By default, the state refresh interval is 60 seconds. Related commands: pim state-refresh-capable, state-refresh-rate-limit, state-refresh-ttl.
[Sysname-pim] state-refresh-rate-limit 45 state-refresh-ttl Syntax state-refresh-ttl ttl-value undo state-refresh-ttl View Public instance PIM view Default level 2: System level Parameters ttl-value: TTL value of state refresh messages, in the range of 1 to 255. Description Use the state-refresh-ttl command to configure the TTL value of state refresh messages. Use the undo state-refresh-ttl command to restore the system default. By default, the TTL value of state refresh messages is 255.
preferred: Specifies to give priority to the static RP if the static RP conflicts with the dynamic RP. If you do not include the preferred keyword in your command, the dynamic RP will be given priority, and the static RP takes effect only if no dynamic RP exists in the network or when the dynamic RP fails. Description Use the static-rp command to configure a static RP. Use the undo static-rp command to configure a static RP. By default, no static RP is configured.
Examples # Set the global hello interval to 40 seconds in the public instance. system-view [Sysname] pim [Sysname-pim] timer hello 40 timer join-prune (PIM view) Syntax timer join-prune interval undo timer join-prune View Public instance PIM view Default level 2: System level Parameters interval: Join/prune interval in seconds, with an effective range of 1 to 2,147,483,647. Description Use the timer join-prune command to configure the join/prune interval globally.
MSDP configuration commands NOTE: The term router in this document refers to both routers and Layer 3 switches. cache-sa-enable Syntax cache-sa-enable undo cache-sa-enable View Public instance MSDP view Default level 2: System level Parameters None Description Use the cache-sa-enable command to enable the SA cache mechanism to cache the (S, G) entries contained in SA messages. Use the undo cache-sa-enable command to disable the SA cache mechanism.
Parameters state: Displays the information of MSDP peers in the specified state. connect: Displays the information of MSDP peers in the connecting state. down: Displays the information of MSDP peers in the down state. listen: Displays the information of MSDP peers in the listening state. shutdown: Displays the information of MSDP peers in the deactivated state. up: Displays the information of MSDP peers in the in-session state.
Field Description Reset Count MSDP peer connection reset times display msdp peer-status Syntax display msdp peer-status [ peer-address ] View Any view Default level 1: Monitor level Parameters peer-address: Specifies an MSDP peer by its address. If you do not provide this argument, this command will display the detailed status information of all MSDP peers. Description Use the display msdp peer-status command to view the detailed MSDP peer status information.
Count of RPF check failure: 0 Incoming/outgoing SA messages: 0/0 Incoming/outgoing SA requests: 0/0 Incoming/outgoing SA responses: 0/0 Incoming/outgoing data packets: 0/0 Table 114 Output description Field Description MSDP Peer Information of VPN-Instance: public net Information of the MSDP peer of the public network MSDP Peer MSDP peer address AS Number of the AS where the MSDP peer is located. “?” indicates that the system was unable to obtain the AS number.
Field Description Input queue size Data size cached in the input queue Output queue size Data size cached in the output queue MSDP peer statistics: • Count of RPF check failure: Number of SA messages discarded due to RPF check failure • Incoming/outgoing SA messages: Number of SA messages received and sent Counters for MSDP message • Incoming/outgoing SA requests: Number of SA request received and sent • Incoming/outgoing SA responses: Number of SA responses received and sent • Incoming/outgoing d
Examples # View the information of (S, G) entries in the SA cache in the public instance. display msdp sa-cache MSDP Source-Active Cache Information of VPN-Instance: public net MSDP Total Source-Active Cache - 5 entries MSDP matched 5 entries (Source, Group) Origin RP Pro AS Uptime Expires (10.10.1.2, 225.1.1.1) 10.10.10.10 BGP 100 00:00:11 00:05:49 (10.10.1.3, 225.1.1.1) 10.10.10.10 BGP 100 00:00:11 00:05:49 (10.10.1.2, 225.1.1.2) 10.10.10.10 BGP 100 00:00:11 00:05:49 (10.10.
Description Use the display msdp sa-count command to view the number of (S, G) entries in the SA cache. This command gives the corresponding output only after the cache-sa-enable command is executed. Related commands: cache-sa-enable. Examples # View the number of (S, G) entries in the SA cache for the public instance. display msdp sa-count MSDP Source-Active Count Information of VPN-Instance: public net Number of cached Source-Active entries, counted by Peer Peer's Address Number of SA 10.10.
Parameters None Description Use the encap-data-enable command to enable register message encapsulation in SA messages. Use the undo encap-data-enable command to disable register message encapsulation in SA messages. By default, an SA message contains only an (S, G) entry. No register message is encapsulated in an SA message. Examples # Enable register message encapsulation in SA messages in the public instance.
system-view [Sysname] acl number 3101 [Sysname-acl-adv-3101] rule permit ip source 10.10.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255 [Sysname-acl-adv-3101] quit [Sysname] msdp [Sysname-msdp] import-source acl 3101 msdp Syntax msdp undo msdp View System view Default level 2: System level Parameters None Description Use the msdp command to enable MSDP in the public instance and enter public instance MSDP view.
Default level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the originating-rp command to configure the address of the specified interface as the RP address of SA messages. Use the undo originating-rp command to restore the system default. Be default, the PIM RP address is used as the RP address of SA messages. Examples # Specify the IP address of GigabitEthernet 0/1 as the RP address of SA messages in the public instance.
[Sysname] msdp [Sysname-msdp] peer 125.10.7.6 connect-interface GigabitEthernet 0/1 peer description Syntax peer peer-address description text undo peer peer-address description View Public instance MSDP view Default level 2: System level Parameters peer-address: MSDP peer address. text: Descriptive string of 1 to 80 case sensitive characters including spaces. Description Use the peer description command to configure the description information for the specified MSDP peer.
name: Mesh group name, a case-sensitive string of 1 to 32 characters. A mesh group name must not contain any space. Description Use the peer mesh-group command to configure an MSDP peer as a mesh group member. Use the undo peer mesh-group command to remove an MSDP peer as a mesh group member. By default, an MSDP peer does not belong to any mesh group. Examples # In the public instance, configure the MSDP peer with the IP address of 125.10.7.6 as a member of the mesh group “Grp1”.
peer request-sa-enable Syntax peer peer-address request-sa-enable undo peer peer-address request-sa-enable View Public instance MSDP view Default level 2: System level Parameters peer-address: MSDP peer address. Description Use the peer request-sa-enable command to enable the device to send an SA request message to the specified MSDP peer upon receiving a new join message. Use the undo peer request-sa-enable command to disable the device from sending an SA request message to the specified MSDP peer.
sa-limit: Maximum number of (S, G) entries that the device can cache, in the range of 1 to 8,192. Description Use the peer sa-cache-maximum command to configure the maximum number of (S, G) entries learned from the specified MSDP peer that the device can cache. Use the undo peer sa-cache-maximum command to restore the system default. By default, the device can cache a maximum of 8,192 (S, G) entries learned from any MSDP peer.
system-view [Sysname] acl number 3100 [Sysname-acl-adv-3100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255 [Sysname-acl-adv-3100] quit [Sysname] msdp [Sysname-msdp] peer 125.10.7.6 connect-interface GigabitEthernet 0/1 [Sysname-msdp] peer 125.10.7.
View User view Default level 2: System level Parameters all-instance: Specifies all instances. vpn-instance vpn-instance-name: Specifies a VPN instance. A VPN instance name is a case sensitive string of up to 31 characters and must not contain any space. peer-address: Specifies an MSDP peer by its address. If you do not provide this argument, the TCP connections with all MSDP peers will be reset.
Related commands: cache-sa-enable, display msdp sa-cache. Examples # Clear the (S, G) entries for multicast group 225.5.4.3 from the SA cache of the public instance. reset msdp sa-cache 225.5.4.3 reset msdp statistics Syntax reset msdp statistics [ peer-address ] View User view Default level 2: System level Parameters all-instance: Specifies all instances. vpn-instance vpn-instance-name: Specifies a VPN instance.
Description Use the shutdown command to deactivate manually the connection with the specified MSDP peer. Use the undo shutdown command to reactivate the connection with the specified MSDP peer. By default, the connections with all MSDP peers are active. Related commands: display msdp peer-status. Examples # Deactivate the connection with the MSDP peer 125.10.7.6 in the public instance. system-view [Sysname] msdp [Sysname-msdp] shutdown 125.10.7.
Examples # Configure static RPF peers in the public instance. system-view [Sysname] ip ip-prefix list1 permit 130.10.0.0 16 great-equal 16 less-equal 32 [Sysname] msdp [Sysname-msdp] peer 130.10.7.6 connect-interface GigabitEthernet 0/1 [Sysname-msdp] static-rpf-peer 130.10.7.6 rp-policy list1 timer retry Syntax timer retry interval undo timer retry View Public instance MSDP view Default level 2: System level Parameters interval: Interval between MSDP peer connection retries, in seconds.
SSL configuration commands ciphersuite Syntax ciphersuite [ rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha ] * View SSL server policy view Default level 2: System level Parameters rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA. rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of DES_CBC, and the MAC algorithm of SHA.
Default level 2: System level Parameters None Description Use the client-verify enable command to enable certificate-based SSL client authentication, that is, to enable the SSL server to perform certificate-based authentication of the client during the SSL handshake process. Use the undo client-verify enable command to restore the default. By default, certificate-based SSL client authentication is disabled. Related commands: display ssl server-policy.
[Sysname-ssl-server-policy-policy1] close-mode wait display ssl client-policy Syntax display ssl client-policy { policy-name | all } View Any view Default level 1: Monitor level Parameters policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters. all: Displays information about all SSL client policies. Description Use the display ssl client-policy command to view information about one or all SSL client policies.
Parameters policy-name: SSL server policy name, a case-insensitive string of 1 to 16 characters. all: Displays information about all SSL server policies. Description Use the display ssl server-policy command to view information about one or all SSL server policies. Examples # Display information about SSL server policy policy1.
undo handshake timeout View SSL server policy view Default level 2: System level Parameters time: Handshake timeout time in seconds, in the range 180 to 7200. Description Use the handshake timeout command to set the handshake timeout time for an SSL server policy. Use the undo handshake timeout command to restore the default. By default, the handshake timeout time is 3600 seconds.
[Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] pki-domain server-domain # Configure SSL client policy policy1 to use the PKI domain named client-domain.
View SSL server policy view Default level 2: System level Parameters size: Maximum number of cached sessions, in the range 100 to 1000. time: Caching timeout time in seconds, in the range 1800 to 72000. Description Use the session command to set the maximum number of cached sessions and the caching timeout time. Use the undo session command to restore the default. By default, the maximum number of cached sessions is 500 and the caching timeout time is 3600 seconds.
Description Use the ssl client-policy command to create an SSL policy and enter its view. Use the undo ssl client-policy command to remove a specified or all SSL client policies. Related commands: display ssl client-policy. Examples # Create an SSL client policy named policy1 and enter its view.
View SSL client policy view Default level 2: System level Parameters ssl3.0: Specifies SSL 3.0. tls1.0: Specifies TLS 1.0. Description Use the version command to specify the SSL protocol version for an SSL client policy. Use the undo version command to restore the default. By default, the SSL protocol version for an SSL client policy is TLS 1.0. Related commands: display ssl client-policy. Examples # Specify the SSL protocol version for SSL client policy policy1 as SSL 3.0.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall chassis or a firewall module. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ABCDEFGHIJLMNOPQRSTUVW c-bsr admin-scope,429 A c-bsr global,429 abr-summary (OSPF area view),221 c-bsr group,430 active region-configuration,54 c-bsr hash-length (PIM view),431 aggregate,281 c-bsr holdtime (PIM view),431 apply access-vpn vpn-instance,367 c-bsr interval (PIM view),432 apply default output-interface,367 c-bsr priority (PIM view),433 apply ip-address default next-hop,368 check region-configuration,54 apply ip-address next-hop,369 checkzero,193 apply ip-precedence,369 ci
delete static-routes all,189 display bgp routing-table different-origin-as,306 description,1 display bgp routing-table flap-info,307 description,21 display bgp routing-table label,308 description,32 display bgp routing-table peer,308 description (OSPF/OSPF area view),227 display bgp routing-table regular-expression,309 dhcp enable,97 display bgp routing-table statistic,310 dhcp relay address-check enable,124 display bootp client,146 dhcp relay information circuit-id format-type,125 display br
display qos policy,180 display ip routing-table acl,357 display ip routing-table ip-address,359 display qos policy interface,181 display ip routing-table ip-prefix,361 display rip,195 display ip routing-table protocol,363 display rip database,197 display ip routing-table statistics,364 display rip interface,197 display local-proxy-arp,170 display rip route,198 display mac-address,49 display router id,365 display mac-address aging-time,50 display ssl client-policy,498 display msdp brief,477 d
G inline-interfaces,93 gateway-list,112 instance,67 interface,10 gratuitous-arp-learning enable,167 interface loopback,24 gratuitous-arp-sending enable,167 interface null,24 group (BGP/BGP-VPN instance view),313 interface vlan-interface,36 H interval,156 handshake timeout,499 ip address,37 hello-option dr-priority (PIM view),450 ip address,30 hello-option holdtime (PIM view),451 ip address bootp-alloc,147 hello-option lan-delay (PIM view),451 ip address dhcp-alloc,145 hello-option neighb
peer advertise-ext-community (BGP/BGP-VPN instance view),319 multicast boundary,390 multicast forwarding on-demand,391 peer allow-as-loop (BGP/BGP-VPN instance view),319 multicast forwarding-table downstream-limit,391 peer as-number (BGP/BGP-VPN instance view),320 multicast forwarding-table route-limit,392 multicast load-splitting,392 peer as-path-acl (BGP/BGP-VPN instance view),321 multicast longest-match,393 peer capability-advertise conventional (BGP/BGP-VPN instance view),322 multicast routing-
reflect between-clients (BGP view),344 peer substitute-as (BGP/BGP-VPN instance view),342 peer timer (BGP/BGP-VPN instance view),342 reflector cluster-id (BGP view),345 pim,455 refresh bgp,346 pim bsr-boundary,456 region-name,67 pim dm,457 register-policy (PIM view),467 pim hello-option dr-priority,457 register-suppression-timeout (PIM view),468 pim hello-option holdtime,458 register-whole-checksum (PIM view),468 pim hello-option lan-delay,459 require-router-alert (IGMP view),418 pim hello-op
rip output,213 stp enable,74 rip poison-reverse,214 stp loop-protection,75 rip split-horizon,214 stp max-hops,76 rip summary-address,215 stp mcheck,76 rip version,216 stp mode,77 robust-count (IGMP view),421 stp no-agreement-check,78 router id,365 stp pathcost-standard,79 router-id,348 stp point-to-point,79 S stp port priority,80 stp priority,81 send-router-alert (IGMP view),421 stp region-configuration,82 session,501 stp root primary,82 shutdown,25 stp root secondary,83 shutdown,12
url,157 vlan,39 V vlan-mapping modulo,89 vlink-peer (OSPF area view),279 validate-source-address,219 voice-config,123 version,503 version,220 W version (IGMP view),425 Websites,505 515
