R3166-R3206-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

111

112

113

114

115

116

117

118

119

120

Table Of Contents

Title Page
Contents
Interface management configuration commands
- General Ethernet interface and subinterface configuration commands
- Layer 2 Ethernet interface and subinterface configuration commands
- Layer 3 Ethernet interface and subinterface configuration commands
- Loopback and null interface configuration commands
IP addressing configuration commands
- display ip interface
- display ip interface brief
- ip address
VLAN configuration commands
- Basic VLAN configuration commands
- Port-based VLAN configuration commands
MAC address table configuration commands
- display mac-address
- display mac-address aging-time
- mac-address (interface view)
- mac-address (system view)
- mac-address timer
Spanning tree configuration commands
- active region-configuration
- check region-configuration
- display stp
- display stp abnormal-port
- display stp down-port
- display stp history
- display stp region-configuration
- display stp root
- display stp tc
- instance
- region-name
- reset stp
- revision-level
- stp bpdu-protection
- stp bridge-diameter
- stp compliance
- stp config-digest-snooping
- stp cost
- stp edged-port
- stp enable
- stp loop-protection
- stp max-hops
- stp mcheck
- stp mode
- stp no-agreement-check
- stp pathcost-standard
- stp point-to-point
- stp port priority
- stp priority
- stp region-configuration
- stp root primary
- stp root secondary
- stp root-protection
- stp tc-protection
- stp tc-protection threshold
- stp timer forward-delay
- stp timer hello
- stp timer max-age
- stp timer-factor
- stp transmit-limit
- vlan-mapping modulo
Layer 2 forwarding configuration commands
- General Layer 2 forwarding configuration commands
  - display bridge forwarding statistics
  - reset bridge forwarding statistics
- Inline Layer 2 forwarding configuration commands
DHCP server configuration commands
- bims-server
- bootfile-name
- dhcp enable
- dhcp select server global-pool
- dhcp server detect
- dhcp server forbidden-ip
- dhcp server ip-pool
- dhcp server ping packets
- dhcp server ping timeout
- dhcp server relay information enable
- display dhcp server conflict
- display dhcp server expired
- display dhcp server free-ip
- display dhcp server forbidden-ip
- display dhcp server ip-in-use
- display dhcp server statistics
- display dhcp server tree
- dns-list
- domain-name
- expired
- forbidden-ip
- gateway-list
- nbns-list
- netbios-type
- network
- network ip range
- network mask
- option
- reset dhcp server conflict
- reset dhcp server ip-in-use
- reset dhcp server statistics
- static-bind client-identifier
- static-bind ip-address
- static-bind mac-address
- tftp-server domain-name
- tftp-server ip-address
- voice-config
DHCP relay agent configuration commands
- dhcp relay address-check enable
- dhcp relay information circuit-id format-type
- dhcp relay information circuit-id string
- dhcp relay information enable
- dhcp relay information format
- dhcp relay information remote-id format-type
- dhcp relay information remote-id string
- dhcp relay information strategy
- dhcp relay release ip
- dhcp relay security static
- dhcp relay security refresh enable
- dhcp relay security tracker
- dhcp relay server-detect
- dhcp relay server-group
- dhcp relay server-select
- dhcp select relay
- display dhcp relay
- display dhcp relay information
- display dhcp relay security
- display dhcp relay security statistics
- display dhcp relay security tracker
- display dhcp relay server-group
- display dhcp relay statistics
- reset dhcp relay statistics
DHCP client configuration commands
- display dhcp client
- ip address dhcp-alloc
BOOTP client configuration commands
- display bootp client
- ip address bootp-alloc
IPv4 DNS configuration commands
- display dns domain
- display dns server
- display ip host
- dns domain
- dns proxy enable
- dns resolve
- dns server
- ip host
DDNS configuration commands
- ddns apply policy
- ddns policy
- display ddns policy
- interval
- ssl client policy
- url
ARP configuration commands
- arp check enable
- arp max-learning-num
- arp static
- arp timer aging
- display arp
- display arp ip-address
- display arp timer aging
- display arp vpn-instance
- naturemask-arp enable
- reset arp
Gratuitous ARP configuration commands
- gratuitous-arp-sending enable
- gratuitous-arp-learning enable
- arp send-gratuitous-arp
Proxy ARP configuration commands
- display local-proxy-arp
- display proxy-arp
- local-proxy-arp enable
- proxy-arp enable
QoS policy commands
- Class commands
- Traffic behavior commands
- QoS policy configuration and application commands
Traffic policing commands
- display qos car interface
- display qos carl
- qos car
- qos carl
Static routing configuration commands
- delete static-routes all
- ip route-static
- ip route-static default-preference
RIP configuration commands
- checkzero
- default cost (RIP view)
- default-route
- display rip
- display rip database
- display rip interface
- display rip route
- filter-policy export (RIP view)
- filter-policy import (RIP view)
- host-route
- import-route (RIP view)
- maximum load-balancing (RIP view)
- network
- output-delay
- peer
- preference
- reset rip process
- reset rip statistics
- rip
- rip authentication-mode
- rip default-route
- rip input
- rip metricin
- rip metricout
- rip output
- rip poison-reverse
- rip split-horizon
- rip summary-address
- rip version
- silent-interface (RIP view)
- summary
- timers
- validate-source-address
- version
OSPF configuration commands
- abr-summary (OSPF area view)
- area (OSPF view)
- asbr-summary
- authentication-mode
- bandwidth-reference (OSPF view)
- default
- default-cost (OSPF area view)
- default-route-advertise (OSPF view)
- description (OSPF/OSPF area view)
- display ospf abr-asbr
- display ospf asbr-summary
- display ospf brief
- display ospf cumulative
- display ospf error
- display ospf interface
- display ospf lsdb
- display ospf nexthop
- display ospf peer
- display ospf peer statistics
- display ospf request-queue
- display ospf retrans-queue
- display ospf routing
- display ospf vlink
- enable link-local-signaling
- enable log
- enable out-of-band-resynchronization
- filter
- filter-policy export (OSPF view)
- filter-policy import (OSPF view)
- host-advertise
- import-route (OSPF view)
- log-peer-change
- lsa-arrival-interval
- lsa-generation-interval
- lsdb-overflow-limit
- maximum load-balancing (OSPF view)
- maximum-routes
- network (OSPF area view)
- nssa
- opaque-capability enable
- ospf
- ospf authentication-mode
- ospf cost
- ospf dr-priority
- ospf mtu-enable
- ospf network-type
- ospf packet-process prioritized-treatment
- ospf timer dead
- ospf timer hello
- ospf timer poll
- ospf timer retransmit
- ospf trans-delay
- peer
- preference
- reset ospf counters
- reset ospf process
- reset ospf redistribution
- rfc1583 compatible
- silent-interface (OSPF view)
- snmp-agent trap enable ospf
- spf-schedule-interval
- stub (OSPF area view)
- stub-router
- transmit-pacing
- vlink-peer (OSPF area view)
BGP configuration commands
- aggregate
- balance (BGP/BGP-VPN instance view)
- bestroute as-path-neglect (BGP/BGP-VPN instance view)
- bestroute compare-med (BGP/BGP-VPN instance view)
- bestroute med-confederation (BGP/BGP-VPN instance view)
- bgp
- compare-different-as-med (BGP/BGP-VPN instance view)
- confederation id
- confederation nonstandard
- confederation peer-as
- dampening (BGP/BGP-VPN instance view)
- default ipv4-unicast
- default local-preference (BGP/BGP-VPN instance view)
- default med (BGP/BGP-VPN instance view)
- default-route imported (BGP/BGP-VPN instance view)
- display bgp group
- display bgp network
- display bgp paths
- display bgp peer
- display bgp peer received ip-prefix
- display bgp routing-table
- display bgp routing-table as-path-acl
- display bgp routing-table cidr
- display bgp routing-table community
- display bgp routing-table community-list
- display bgp routing-table dampened
- display bgp routing-table dampening parameter
- display bgp routing-table different-origin-as
- display bgp routing-table flap-info
- display bgp routing-table label
- display bgp routing-table peer
- display bgp routing-table regular-expression
- display bgp routing-table statistic
- ebgp-interface-sensitive
- filter-policy export (BGP/BGP-VPN instance view)
- filter-policy import (BGP/BGP-VPN instance view)
- group (BGP/BGP-VPN instance view)
- import-route (BGP/BGP-VPN instance view)
- import-route guard
- log-peer-change
- network (BGP/BGP-VPN instance view)
- network short-cut (BGP/BGP-VPN instance view)
- peer advertise-community (BGP/BGP-VPN instance view)
- peer advertise-ext-community (BGP/BGP-VPN instance view)
- peer allow-as-loop (BGP/BGP-VPN instance view)
- peer as-number (BGP/BGP-VPN instance view)
- peer as-path-acl (BGP/BGP-VPN instance view)
- peer capability-advertise conventional (BGP/BGP-VPN instance view)
- peer capability-advertise orf
- peer capability-advertise orf non-standard
- peer capability-advertise route-refresh
- peer connect-interface (BGP/BGP-VPN instance view)
- peer default-route-advertise (BGP/BGP-VPN instance view)
- peer description (BGP/BGP-VPN instance view)
- peer ebgp-max-hop (BGP/BGP-VPN instance view)
- peer enable (BGP/BGP-VPN instance view)
- peer fake-as (BGP/BGP-VPN instance view)
- peer filter-policy (BGP/BGP-VPN instance view)
- peer group (BGP/BGP-VPN instance view)
- peer ignore (BGP/BGP-VPN instance view)
- peer ip-prefix
- peer keep-all-routes (BGP/BGP-VPN instance view)
- peer log-change (BGP/BGP-VPN instance view)
- peer next-hop-local (BGP/BGP-VPN instance view)
- peer password
- peer preferred-value (BGP/BGP-VPN instance view)
- peer public-as-only (BGP/BGP-VPN instance view)
- peer reflect-client (BGP/BGP-VPN instance view)
- peer route-limit (BGP/BGP-VPN instance view)
- peer route-policy (BGP/BGP-VPN instance view)
- peer route-update-interval (BGP/BGP-VPN instance view)
- peer substitute-as (BGP/BGP-VPN instance view)
- peer timer (BGP/BGP-VPN instance view)
- preference (BGP/BGP-VPN instance view)
- reflect between-clients (BGP view)
- reflector cluster-id (BGP view)
- refresh bgp
- reset bgp
- reset bgp dampening
- reset bgp flap-info
- reset bgp ipv4 all
- router-id
- summary automatic
- synchronization (BGP view)
- timer (BGP/BGP-VPN instance view)
Basic IP routing configuration commands
- display ip routing-table
- display ip routing-table acl
- display ip routing-table ip-address
- display ip routing-table ip-prefix
- display ip routing-table protocol
- display ip routing-table statistics
- display router id
- router id
- reset ip routing-table statistics protocol
Policy-based routing configuration commands
- apply access-vpn vpn-instance
- apply default output-interface
- apply ip-address default next-hop
- apply ip-address next-hop
- apply ip-precedence
- apply output-interface
- display ip policy-based-route
- display ip policy-based-route setup
- display ip policy-based-route statistics
- display policy-based-route
- if-match acl
- if-match packet-length
- ip local policy-based-route
- ip policy-based-route
- policy-based-route
- reset policy-based-route statistics
Multicast routing configuration commands
- display multicast boundary
- display multicast forwarding-table
- display multicast routing-table
- display multicast routing-table static
- display multicast rpf-info
- ip rpf-route-static
- mac-address multicast
- mtracert
- multicast boundary
- multicast forwarding on-demand
- multicast forwarding-table downstream-limit
- multicast forwarding-table route-limit
- multicast load-splitting
- multicast longest-match
- multicast routing-enable
- reset multicast forwarding-table
- reset multicast routing-table
IGMP configuration commands
- display igmp group
- display igmp interface
- display igmp proxying group
- display igmp routing-table
- display igmp ssm-mapping
- display igmp ssm-mapping group
- fast-leave (IGMP view)
- igmp
- igmp enable
- igmp fast-leave
- igmp group-policy
- igmp last-member-query-interval
- igmp max-response-time
- igmp proxying enable
- igmp proxying forwarding
- igmp require-router-alert
- igmp robust-count
- igmp send-router-alert
- igmp ssm-mapping enable
- igmp startup-query-count
- igmp startup-query-interval
- igmp static-group
- igmp timer other-querier-present
- igmp timer query
- igmp version
- last-member-query-interval (IGMP view)
- max-response-time (IGMP view)
- require-router-alert (IGMP view)
- reset igmp group
- reset igmp ssm-mapping group
- robust-count (IGMP view)
- send-router-alert (IGMP view)
- ssm-mapping (IGMP view)
- startup-query-count (IGMP view)
- startup-query-interval (IGMP view)
- timer other-querier-present (IGMP view)
- timer query (IGMP view)
- version (IGMP view)
PIM configuration commands
- auto-rp enable
- bsr-policy (PIM view)
- c-bsr (PIM view)
- c-bsr admin-scope
- c-bsr global
- c-bsr group
- c-bsr hash-length (PIM view)
- c-bsr holdtime (PIM view)
- c-bsr interval (PIM view)
- c-bsr priority (PIM view)
- c-rp (PIM view)
- c-rp advertisement-interval (PIM view)
- c-rp holdtime (PIM view)
- crp-policy (PIM view)
- display pim bsr-info
- display pim claimed-route
- display pim control-message counters
- display pim grafts
- display pim interface
- display pim join-prune
- display pim neighbor
- display pim routing-table
- display pim rp-info
- hello-option dr-priority (PIM view)
- hello-option holdtime (PIM view)
- hello-option lan-delay (PIM view)
- hello-option neighbor-tracking (PIM view)
- hello-option override-interval (PIM view)
- holdtime assert (PIM view)
- holdtime join-prune (PIM view)
- jp-pkt-size (PIM view)
- jp-queue-size (PIM view)
- pim
- pim bsr-boundary
- pim dm
- pim hello-option dr-priority
- pim hello-option holdtime
- pim hello-option lan-delay
- pim hello-option neighbor-tracking
- pim hello-option override-interval
- pim holdtime assert
- pim holdtime join-prune
- pim neighbor-policy
- pim require-genid
- pim sm
- pim state-refresh-capable
- pim timer graft-retry
- pim timer hello
- pim timer join-prune
- pim triggered-hello-delay
- probe-interval (PIM view)
- prune delay (PIM view)
- register-policy (PIM view)
- register-suppression-timeout (PIM view)
- register-whole-checksum (PIM view)
- reset pim control-message counters
- source-lifetime (PIM view)
- source-policy (PIM view)
- spt-switch-threshold (PIM view)
- ssm-policy (PIM view)
- state-refresh-interval (PIM view)
- state-refresh-rate-limit (PIM view)
- state-refresh-ttl
- static-rp (PIM view)
- timer hello (PIM view)
- timer join-prune (PIM view)
MSDP configuration commands
- cache-sa-enable
- display msdp brief
- display msdp peer-status
- display msdp sa-cache
- display msdp sa-count
- encap-data-enable
- import-source
- msdp
- originating-rp
- peer connect-interface
- peer description
- peer mesh-group
- peer minimum-ttl
- peer request-sa-enable
- peer sa-cache-maximum
- peer sa-policy
- peer sa-request-policy
- reset msdp peer
- reset msdp sa-cache
- reset msdp statistics
- shutdown (MSDP view)
- static-rpf-peer
- timer retry
SSL configuration commands
- ciphersuite
- client-verify enable
- close-mode wait
- display ssl client-policy
- display ssl server-policy
- handshake timeout
- pki-domain
- prefer-cipher
- session
- ssl client-policy
- ssl server-policy
- version
Support and other resources
- Contacting HP
  - Subscription service
- Related information
  - Documents
  - Websites
- Conventions
Index

Default level

2: System level

Parameters

None

Description

Use the dhcp server detect command to enable unauthorized DHCP server detection.

Use the undo dhcp server detect command to disable the function.

By default, the function is disabled.

With this function enabled, upon receiving a DHCP request, the DHCP server records the IP addresses of

DHCP servers that offered IP addresses to the DHCP client and the receiving interface. Each server

detected is recorded only once. The administrator can use this information to check for unauthorized

DHCP servers.

Examples

# Enable unauthorized DHCP server detection.

<Sysname> system-view

[Sysname] dhcp server detect

dhcp server forbidden-ip

Syntax

dhcp server forbidden-ip low-ip-address [ high-ip-address ]

undo dhcp server forbidden-ip low-ip-address [ high-ip-address ]

View

System view

Default level

2: System level

Parameters

low-ip-address: Start IP address of the IP address range to be excluded from dynamic allocation.

high-ip-address: End IP address of the IP address range to be excluded from dynamic allocation. The end

IP address must have a higher sequence than the start one.

Description

Use the dhcp server forbidden-ip command to exclude IP addresses from dynamic allocation.

Use the undo dhcp server forbidden-ip command to remove the configuration.

By default, all IP addresses in a DHCP address pool are assignable except IP addresses of the DHCP

server interfaces.

Note the following:

• When you use the dhcp server forbidden-ip command to exclude an IP address that is bound to a

user from dynamic assignment, the address can be still assigned to the user.

• When you use the undo dhcp server forbidden-ip command to remove the configuration, the

specified address/address range must be consistent with the one specified with the dhcp server