HP Load Balancing Module Network Management Command Reference Part number: 5998-2692 Document version: 6PW101-20120217
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Interface configuration commands ······························································································································ 1 General Ethernet interface and subinterface configuration commands ······································································ 1 combo enable ··························································································································································· 1 description ··················
inline-interfaces ······················································································································································ 40 port inline-interfaces ·············································································································································· 41 VLAN configuration commands ································································································································ 43 Basic VLAN
display nat static···················································································································································· 82 display nat statistics ·············································································································································· 83 display userlog export ·········································································································································· 84 nat addr
Interface configuration commands General Ethernet interface and subinterface configuration commands combo enable Syntax combo enable { copper | fiber } View Ethernet interface view (combo interface) Default level 2: System level Parameters copper: Activates the copper combo port. fiber: Activates the fiber combo port. Description Use the combo enable command to activate the copper or fiber combo port. By default, the copper combo port is activated. Combo interfaces are logical interfaces.
View Ethernet interface view, Ethernet subinterface view Default level 2: System level Parameters text: Specifies the interface description, a string of 1 to 80 characters. The string can include case-sensitive letters, digits, special characters (including ~ ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; " ' < > , . /), spaces, and other Unicode characters and symbols. NOTE: • Each Unicode character takes the space of two regular characters.
Parameters interface-type interface-number: Specifies an interface by its type and number. interface-number.subnumber: Specifies a subinterface number, where interface-number is an interface number; subnumber is the number of a subinterface created under the interface. The value range for subnumber is 1 to 4094. |: Filters command output by specifying a regular expression. For more information about regular expressions, see System Management Configuration Guide.
Protocol: (s) - spoofing Interface Link Protocol Main IP NULL0 UP UP(s) -- XGE0/0 UP DOWN -- XGE0/0.11 UP UP 11.0.0.2 Description When you use the begin keyword to filter the output, the system only searches the Layer 3 or Layer 2 interface list. If regular-expression is on the Layer 3 interface list, the system only displays the line that contains regular-expression, and all subsequent lines on the Layer 3 interface list. # Display brief information about all UP interfaces.
Field Description Protocol: (s) - spoofing If the network layer protocol state of an interface is shown as UP, but its link is an on-demand link or not present at all, its protocol attribute includes the spoofing flag (an s in parentheses). This attribute is typical of interface Null 0 and the loopback interfaces. Interface Interface name. Physical link state of the interface: • UP—The link is up. • DOWN—The link is physically down. • ADM—The link has been administratively shut down.
• If both interface type and interface number are specified, the command displays detailed information about only the specified interface. Related commands: interface. Examples # Display detailed information about Layer 3 interface GigabitEthernet 0/1. display interface gigabitethernet 0/1 GigabitEthernet0/1 current state: UP Line protocol current state: UP Description: GigabitEthernet0/1 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 192.168.0.
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e200-8048 Description: GigabitEthernet0/2 Interface Loopback is not set Media type is twisted pair, loopback not set, promiscuous mode set Unknown-speed mode, unknown-duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow-control is not enabled The Maximum Frame Length is 9022 Broadcast MAX-ratio: 100% Unicast MAX-ratio: 100% Multicast MAX-ratio: 100% PVID: 1 Mdi type: auto Port link-type: access Tagged VLAN ID
Field Description Broadcast MAX-ratio Broadcast suppression threshold as a percentage of the interface transmission capability. When the threshold is exceeded, the interface drops broadcast packets. Unicast MAX-ratio Unicast suppression threshold as a percentage of the interface transmission capability. When the threshold is exceeded, the interface drops unknown unicast packets. Multicast MAX-ratio Multicast suppression threshold as a percentage of the interface transmission capability.
Field Description CRC Total number of inbound frames that had a normal length, but contained checksum errors. frame Total number of inbound frames that contained checksum errors and a non-integer number of bytes. - overruns Number of packet drops because the input rate of the port exceeded the queuing capability. Total number of illegal inbound packets: • Fragment frames—CRC error frames shorter than 64 bytes. The length can be an integral or non-integral value.
Field Description late collisions Number of frames that the interface deferred to transmit after transmitting their first 512 bits, because of detected collisions. lost carrier Number of carrier losses during transmission. This counter applies to serial WAN interfaces. - no carrier Number of times that the port failed to detect the carrier when attempting to send frames. This counter applies to serial WAN interfaces. NOTE: If an output field is not available, a hyphen (-) is displayed.
duplex Syntax duplex { auto | full | half } undo duplex View Ethernet interface view Default level 2: System level Parameters auto: Sets the interface to operate in auto-negotiation mode. full: Sets the interface to operate in full-duplex mode. half: Sets the interface to operate in half-duplex mode. This keyword is not available for the fiber combo ports and 10-GE interfaces. Description Use the duplex command to set the duplex mode for an Ethernet interface.
Use the undo flow-control command to disable flow control on the Ethernet interface. By default, flow control is disabled on Ethernet interfaces. To implement flow control on a link, you must enable the flow control function at both ends of the link. Examples # Enable flow control on Ethernet interface Ten-GigabitEthernet 0/0.
# Create Ethernet subinterface Ten-GigabitEthernet 0/0.1 and enter the subinterface view (assuming that Ten-GigabitEthernet 0/0 is a Layer 3 Ethernet interface and the subinterface does not exist). system-view [Sysname] interface Ten-GigabitEthernet 0/0.1 [Sysname-Ten-GigabitEthernet0/0.
Default level 2: System level Parameters bridge: Specifies the Layer 2 mode. route: Specifies the Layer 3 mode. Description Use the port link-mode command to change the working mode of the Ethernet interface. Use the undo port link-mode command to restore the default. NOTE: After you change the operating mode of an Ethernet interface, all the settings of the Ethernet interface are restored to their defaults under the new operating mode.
Parameters interface-type interface-number: Specifies an interface by its type and number. interface-number.subnumber: Subinterface number, where interface-number is an interface number; subnumber is the number of a subinterface created under the interface. The value of subnumber ranges from 1 to 4094. Description Use the reset counters interface command to clear the statistics of an interface or subinterface.
[Sysname-GigabitEthernet0/1] shutdown [Sysname-GigabitEthernet0/1] undo shutdown # Shut down and then bring up Ethernet subinterface GigabitEthernet 0/1.1. system-view [Sysname] interface gigabitethernet 0/1.1 [Sysname-GigabitEthernet0/1.1] shutdown [Sysname-GigabitEthernet0/1.1] undo shutdown speed Syntax speed { 10 | 100 | 1000 | auto } undo speed View Ethernet interface view Default level 2: System level Parameters 10: Sets the interface speed to 10 Mbps.
View Ethernet interface view Default level 2: System level Parameters None Description Use the sub-interface rate-statistic command to enable rate statistics collection for the subinterfaces of an Ethernet interface. Use the undo sub-interface rate-statistic command to disable rate statistics collection for the subinterfaces of an Ethernet interface. By default, the system does not collect rate statistics for Ethernet subinterfaces.
By default, Ethernet interfaces do not suppress broadcast traffic. When broadcast traffic exceeds the broadcast suppression threshold, the interface discards broadcast packets until the broadcast traffic drops below the threshold. Examples # Set the broadcast suppression threshold to 20% on Ethernet interface GigabitEthernet 0/3.
multicast-suppression Syntax multicast-suppression ratio undo multicast-suppression View Layer 2 Ethernet interface view, Layer 2 Ethernet subinterface view Default level 2: System level Parameters ratio: Sets the multicast suppression threshold as a percentage of the transmission capability of an Ethernet interface, in the range 1 to 100. The smaller the percentage, the less multicast traffic is allowed to pass through.
Parameters ratio: Sets the unknown unicast suppression threshold as a percentage of the transmission capability of the Ethernet interface, in the range of 1 to 100. The smaller the percentage, the less unknown unicast traffic is allowed through. Description Use the unicast-suppression command to set the unknown unicast suppression threshold on an Ethernet interface or subinterface. Use the undo unicast-suppression command to restore the default.
NOTE: As the size of MTU decreases, the number of fragments grows. When setting MTU for an interface, you should consider QoS queue lengths (for example, the default FIFO queue length is 75) to avoid a too small MTU causing packet drop in QoS queuing. To achieve the best result, you can tune MTU with the mtu command Examples # Set the MTU to 1430 bytes for the Layer 3 Ethernet interface Ten-GigabitEthernet 0/0.
[Sysname] interface Ten-GigabitEthernet 0/0 [Sysname-Ten-GigabitEthernet0/0] timer hold 20 Loopback and null interface configuration commands description Syntax description text undo description View Loopback interface view, Null 0 interface view Default level 2: System level Parameters text: Specifies the interface description, a string of 1 to 80 characters. The string can include case-sensitive letters, digits, special characters (including ~ ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; " ' < > , .
display interface loopback Syntax display interface loopback [ interface-number ] View Any view Default level 1: Monitor level Parameters interface-number: Loopback interface number, which can be the number of any existing loopback interface. Description Use the display interface loopback command to display the information about a loopback interface. If you do not specify the interface-number argument, this command will display information about all existing loopback interfaces.
Field Description Last clearing of counters The time when the reset counts interface vlan-interface command was last used to clear the interface statistics. Never indicates the reset counters interface command has never been used on the interface since the device’s startup. Average input rate over the last 300 seconds: Last 300 seconds input: 0 bytes/sec, 0 bits/sec, 0 packets/sec • Packets/sec—The average number of packets received per second.
Last clearing of counters: Never Last 300 seconds input: Last 300 seconds output: 0 bytes/sec, 0 packets/sec 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops For the display interface null command output description, see Table 5.
A device has only one null interface, interface Null 0. Interface Null 0 is always up and cannot be removed. Related commands: display interface null. Examples # Enter Null 0 interface view. system-view [Sysname] interface null 0 [Sysname-NULL0] reset counters interface Syntax reset counters interface [ interface-type [ interface-number | interface-number.subnumber ] ] View User view Default level 2: System level Parameters interface-type: Logical interface type.
View Loopback interface view Default level 2: System level Parameters None Description Use the shutdown command to shut down the loopback interface. Use the undo shutdown command to bring up the loopback interface. By default, a loopback interface is up. Examples # Shut down interface loopback 1.
IP addressing configuration commands display ip interface Syntax display ip interface [ interface-type interface-number ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display ip interface command to display information for a specified Layer 3 interface or all Layer 3 interfaces. Examples # Display IP configuration information for interface Ten-GigabitEthernet 0/0.1.
Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 6 Output description Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command. • DOWN—The interface is administratively up but its physical state is down, which may be caused by a connection or link failure. • UP—Both the administrative and physical states of the interface are up.
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Description Total number of ICMP packets received on the interface (the statistics start at the device startup), including the following packets: • • • • • • • • • • • • • • • • Echo reply packets Unreachable packets Source
Examples # Display brief IP configuration information for Ten-GigabitEthernet interfaces. display ip interface brief Ten-GigabitEthernet *down: administratively down (s): spoofing Interface Physical Protocol IP Address Description Ten-GigabitEthernet0/0 up up 192.168.20.144 Ten-Gigab... Ten-GigabitEthernet0/0.1 down down unassigned Ten-Gigab...
mask-length: Subnet mask length, the number of consecutive ones in the mask. mask: Subnet mask in dotted decimal notation. sub: Secondary IP address for the interface. Description Use the ip address command to assign an IP address and mask to the interface. Use the undo ip address command to remove all IP addresses from the interface. Use the undo ip address ip-address { mask | mask-length } command to remove the primary IP address.
MAC address table configuration commands NOTE: • The MAC address table can contain only Layer 2 Ethernet ports. • This document covers only the configuration of static, dynamic, and blackhole MAC address table entries.
Examples # Display the MAC address table entry for MAC address 000f-e201-0101. display mac-address 000f-e201-0101 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME 000f-e201-0101 1 Learned Ten-GigabitEthernet0/0 AGING --- 1 mac address(es) found --- Table 8 Output description Field Description MAC ADDR MAC address. VLAN ID ID of the VLAN to which the MAC address belongs.
display mac-address aging-time Mac address aging time: 300s The output indicates that the aging time of dynamic entries in the MAC address table is 300 seconds. mac-address (interface view) Syntax mac-address { dynamic | static } mac-address vlan vlan-id undo mac-address { dynamic | static } mac-address vlan vlan-id View Ethernet interface view Default level 2: System level Parameters dynamic: Dynamic MAC address entries. These entries can age. static: Static MAC address entries.
undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id undo mac-address [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id undo mac-address [ dynamic | static ] interface interface-type interface-number View System view Default level 2: System level Parameters blackhole: Specifies destination blackhole MAC address entries. These entries do not age, but you can add or remove them.
mac-address timer Syntax mac-address timer { aging seconds | no-aging } undo mac-address timer aging View System view Default level 2: System level Parameters aging seconds: Sets an aging timer for dynamic MAC address entries. The value of the seconds argument ranges from 10 to 630 seconds. no-aging: Sets dynamic MAC address entries not to age. Description Use the mac-address timer command to configure the aging timer for dynamic MAC address entries.
Layer 2 forwarding configuration commands General Layer 2 forwarding configuration commands display mac-forwarding statistics Syntax display mac-forwarding statistics [ interface interface-type interface-number ] View Any view Default level 1: Monitor level Parameters interface-type: Specifies the interface type. interface-number: Specifies the interface number. Description Use the display mac-forwarding statistics command to display Layer 2 forwarding statistics.
Filtered:0 Invalid Tag:0 Table 9 Output description Field Description Total received Total number of received Ethernet frames Filtered Number of frames filtered out by 802.
Examples # Clear all Layer 2 forwarding statistics. reset mac-forwarding statistics Inline forwarding configuration commands display inline-interfaces Syntax display inline-interfaces View Any view Default level 1: Monitor level Parameters None Description Use the display inline-interfaces command to display inline forwarding information. Examples # Display inline forwarding information.
View System view Default level 2: System level Parameters id: ID for an inline forwarding entry, in the range of 1 to 100. blackhole: Configure a blackhole-type inline forwarding entry. reflect: Configure a reflect-type inline forwarding entry. Description Use the inline-interfaces command to create an inline forwarding entry. Use the undo inline-interfaces command to remove an inline forwarding entry.
Examples # Assign Ten-GigabitEthernet 0/0.1 and Ten-GigabitEthernet 0/0.2 to the forward-type inline forwarding entry 2. system-view [Sysname] inline-interfaces 2 [Sysname] interface Ten-GigabitEthernet 0/0.1 [Sysname-Ten-GigabitEthernet0/0.1] port inline-interfaces 2 [Sysname-Ten-GigabitEthernet0/0.1] interface Ten-GigabitEthernet 0/0.2 [Sysname-Ten-GigabitEthernet0/0.
VLAN configuration commands Basic VLAN configuration commands broadcast-suppression Syntax broadcast-suppression ratio undo broadcast-suppression View VLAN view Default level 2: System level Parameters ratio: Sets the percentage of the maximum allowed broadcast traffic to the total bandwidth in a VLAN. The ratio argument ranges from 0 to 100 and defaults to 100. A smaller value indicates less broadcast traffic is allowed to pass through the VLAN.
Default level 2: System level Parameters text: Specifies a description for a VLAN or VLAN interface. The string can include case-sensitive letters, digits, special characters (including ~ ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; " ' < > , . /), spaces, and other Unicode characters and symbols. • For a VLAN, this is a string of 1 to 32 characters. • For a VLAN interface, this is a string of 1 to 80 characters. NOTE: • Each Unicode character takes the space of two regular characters.
Default level 1: Monitor level Parameters vlan-interface-id: VLAN interface number. Description Use the display interface vlan-interface command to display information about a specified or all VLAN interfaces if no interface is specified. Related commands: interface vlan-interface. Examples # Display information for VLAN-interface 2.
Field Last clearing of counters Last 300 seconds input: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec , 0 bits/sec, 0 packets/sec Description The time when the reset counts interface vlan-interface command was last used to clear the interface statistics. Never indicates the reset counters interface command has never been used on the interface since the device’s startup. Average rate of input packets and output packets in the last 300 seconds (in bps and pps).
Route interface: not configured Description: VLAN 0002 Name: VLAN 0002 Broadcast MAX-ratio: 100% Tagged Ports: none Untagged Ports: Ten-GigabitEthernet0/1 # Display VLAN 3 information. display vlan 3 VLAN ID: 3 VLAN Type: static Route Interface: configured IP Address: 1.1.1.1 Subnet Mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: none Table 12 Output description Field Description VLAN Type VLAN type (static or dynamic).
Default level 2: System level Parameters vlan-interface-id: Specifies a VLAN interface number, ranging from 1 to 4094. Description Use the interface vlan-interface command to create a VLAN interface and enter its view or enter the view of an existing VLAN interface. Use the undo interface vlan-interface command to remove the specified VLAN interface. Create the VLAN before you create the VLAN interface.
To connect a VLAN to multiple subnets, assign one primary IP address and multiple secondary IP addresses to a VLAN interface. When configuring IP addresses for a VLAN interface, follow these rules: • The primary IP address you assign to a VLAN interface overwrites the previous one, if any. • Remove all secondary IP addresses before you remove the primary IP address. • To remove all IP addresses, use the undo ip address command without any parameter.
[Sysname-vlan2] name test vlan shutdown Syntax shutdown undo shutdown View VLAN interface view Default level 2: System level Parameters None Description Use the shutdown command to shut down a VLAN interface. Use the undo shutdown command to bring up a VLAN interface. By default, a VLAN interface is up unless all ports in the VLAN are down. You can use the undo shutdown command to bring up a VLAN interface after you have configured related parameters and protocols for the VLAN interface.
all: Creates or removes all VLANs except reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on a device is less than 4094. Description Use the vlan vlan-id command to create a VLAN and enter its view or enter the view of an existing VLAN. Use the vlan vlan-id1 to vlan-id2 command to create VLANs ranging from vlan-id1 to vlan-id2, except reserved VLANs. Use the undo vlan command to remove the specified VLANs.
Parameters hybrid: Displays hybrid ports. trunk: Displays trunk ports. Description Use the display port command to display information about the hybrid or trunk ports on the LB module, including the port names, PVIDs, and allowed VLAN IDs. Examples # Display information about the hybrid ports in the system. display port hybrid Interface PVID VLAN passing XGE0/0.
Description Use the port command to assign the specified access ports to the VLAN. Use the undo port command to remove the specified access ports from the VLAN. By default, all ports are in VLAN 1. This command is only applicable on access ports. All ports are access ports by default, but you can manually configure the port type. For more information, see “port link-type.” Related commands: display vlan. Examples # Assign Ten-GigabitEthernet 0/0.1 through Ten-GigabitEthernet 0/0.2 to VLAN 2.
port hybrid pvid vlan Syntax port hybrid pvid vlan vlan-id undo port hybrid pvid View Ethernet interface view Default level 2: System level Parameters vlan-id: Specifies a VLAN ID, ranging from 1 to 4094. Description Use the port hybrid pvid vlan command to configure the PVID of the hybrid port. Use the undo port hybrid pvid command to restore the default. By default, the PVID of a hybrid port is VLAN 1. You can use a nonexistent VLAN as the PVID for a hybrid port.
Parameters vlan-id-list: Specifies a list of VLANs that the hybrid ports will be assigned to, in the format of [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where vlan-id ranges from 1 to 4094 and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. Be sure that the specified VLANs already exist. tagged: Configures the ports to send the packets of the specified VLANs without removing VLAN tags. untagged: Configures the ports to send the packets of the specified VLANs after removing VLAN tags.
Examples # Configure Ten-GigabitEthernet 0/0 as a trunk port.
port trunk pvid vlan Syntax port trunk pvid vlan vlan-id undo port trunk pvid View Ethernet interface view Default level 2: System level Parameters vlan-id: Specifies a VLAN ID, ranging from 1 to 4094. Description Use the port trunk pvid vlan command to configure the PVID for the trunk port. Use the undo port trunk pvid command to restore the default. By default, the PVID of a trunk port is VLAN 1. You can use a nonexistent VLAN as the PVID for a trunk port.
Isolate-user-VLAN configuration commands display isolate-user-vlan Syntax display isolate-user-vlan [ isolate-user-vlan-id ] View Any view Default level 1: Monitor level Parameters isolate-user-vlan-id: Specifies an isolate-user-VLAN ID, ranging from 1 to 4094. Description Use the display isolate-user-vlan command to display the mapping between an isolate-user-VLAN and secondary VLANs. Related commands: isolate-user-vlan and isolate-user-vlan enable.
Description: VLAN 0003 Name: VLAN 0003 Broadcast MAX-ratio: 100% Tagged Ports: none Untagged Ports: Ten-GigabitEthernet0/0.2 VLAN ID: 4 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0004 Name: VLAN 0004 Broadcast MAX-ratio: 100% Tagged Ports: none Untagged Ports: Ten-GigabitEthernet0/0.3 Table 14 Output description Field Description VLAN Type VLAN type, static or dynamic.
secondary secondary-vlan-id [ to secondary-vlan-id ]: Specifies a secondary VLAN ID or a secondary VLAN ID range. The secondary-vlan-id argument is a secondary VLAN ID, ranging from 1 to 4094. Description Use the isolate-user-vlan command to associate an isolate-user-VLAN with the specified secondary VLANs. Use the undo isolate-user-vlan command to remove the association. By default, an isolate-user-VLAN is not associated with any secondary VLAN. .
Parameters None Description Use the isolate-user-vlan enable command to configure the VLAN as an isolate-user-VLAN. Use the undo isolate-user-vlan enable command to remove the isolate-user-VLAN configuration for the VLAN. By default, no VLAN is an isolate-user-VLAN. An isolate-user-VLAN may include multiple ports, including the one connected to the upstream device. Related commands: display isolate-user-vlan. Examples # Configure VLAN 5 as an isolate-user-VLAN.
ARP configuration commands arp check enable Syntax arp check enable undo arp check enable View System view Default level 2: System level Parameters None Description Use the arp check enable command to enable ARP entry check. With this function enabled, the LB module cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system displays error messages. Use the undo arp check enable command to disable ARP entry check.
Description Use the arp max-learning-num command to configure the maximum number of dynamic ARP entries that an interface can learn. Use the undo arp max-learning-num command to restore the default. When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries. Examples # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries.
Related commands: reset arp, display arp. Examples # Configure a static ARP entry, with the IP address being 202.38.10.2, the MAC address being 00e0-fc01-0000, and the outbound interface being Ten-GigabitEthernet 0/0.1 of VLAN 10. system-view [Sysname] arp static 202.38.10.2 00e0-fc01-0000 10 Ten-GigabitEthernet0/0.
static: Displays static ARP entries. vlan vlan-id: Displays the ARP entries of the specified VLAN. The VLAN ID ranges from 1 to 4,094. interface interface-type interface-number: Displays the ARP entries of the interface specified by the interface-type interface-number argument. |: Uses a regular expression to specify the ARP entries to be displayed. For more information about regular expressions, see System Management Configuration Guide.
display arp ip-address Syntax display arp ip-address [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters ip-address: Displays the ARP entry for the specified IP address. |: Uses a regular expression to specify the ARP entries to be displayed. For more information about regular expressions, see System Management Configuration Guide. begin: Displays the ARP entries from the first one containing the specified string.
Examples # Display the age timer for dynamic ARP entries. display arp timer aging Current ARP aging time is 10 minute(s) naturemask-arp enable Syntax naturemask-arp enable undo naturemask-arp enable View System view Default level 2: System level Parameters None Description Use the naturemask-arp enable command to enable natural mask support for ARP requests. Use the undo naturemask-arp enable command to restore the default. By default, natural mask support for ARP requests is disabled.
Description Use the reset arp command to clear ARP entries except authorized ARP entries from the ARP mapping table. With interface interface-type interface-number or slot slot-number specified, the command clears only dynamic ARP entries of the interface or the interface card. Related commands: arp static, display arp. Examples # Clear all static ARP entries.
Gratuitous ARP configuration commands arp send-gratuitous-arp Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp View Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, VLAN interface view Default level 2: System level Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000.
gratuitous-arp-sending enable Syntax gratuitous-arp-sending enable undo gratuitous-arp-sending enable View System view Default level 2: System level Parameters None Description Use the gratuitous-arp-sending enable command to enable the LB module to send gratuitous ARP packets when receiving ARP requests from another network segment. Use the undo gratuitous-arp-sending enable command to restore the default.
corresponding to the source IP address of the ARP packet exists; if the corresponding ARP entry exists in the cache, the LB module updates the ARP entry regardless of whether this function is enabled. Examples # Enable the gratuitous ARP packet learning function.
Proxy ARP configuration commands display local-proxy-arp Syntax display local-proxy-arp [ interface interface-type interface-number ] View Any view Default level 2: System level Parameters interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number. Description Use the display local-proxy-arp command to display the status of the local proxy ARP.
Related commands: proxy-arp enable.
View VLAN interface view, Ethernet interface view Default level 2: System level Parameters None Description Use the proxy-arp enable command to enable proxy ARP. Use the undo proxy-arp enable command to disable proxy ARP. By default, proxy ARP is disabled. Related commands: display proxy-arp. Examples # Enable proxy ARP on Ten-GigabitEthernet 0/0.1. system-view [Sysname] interface Ten-GigabitEthernet 0/0.1 [Sysname-Ten-GigabitEthernet0/0.
NAT configuration commands display nat address-group Syntax display nat address-group [ group-number ] View Any view Default level 1: Monitor level Parameters group-number: NAT address group number, in the range of 0 to 255. If this argument is not provided, information of all NAT address pools is displayed. Description Use the display nat address-group command to display the NAT address pool information. Related commands: nat address-group. Examples # Display the NAT address pool information.
View Any view Default level 1: Monitor level Parameters None Description Use the display nat all command to display all NAT configuration information. Examples # Display all NAT configuration information. display nat all NAT address-group information: There are currently 1 nat address-group(s) 1 : from 202.110.10.10 to 202.110.10.15 NAT bound information: There are currently 1 nat bound rule(s) Interface: Ten-GigabitEthernet0/0.
tcp-syn ---- aging-time value is 60 (seconds) ftp-ctrl ---- aging-time value is 7200 (seconds) ftp-data ---- aging-time value is 300 (seconds) NAT log information: log enable : enable flow-begin : enable flow-active : 40(minutes) # Display all NAT configuration information. display nat all NAT address-group information: There are currently 2 nat address-group(s) 1 : from 202.110.10.10 to 202.110.10.15 2 : from 202.110.10.20 to 202.110.10.
Destination Mask: --Out-interface : --- Next-hop : --- NAT static enabled information: Interface Direction Ten-GigabitEthernet0/0.2 out-static Table 17 Output description Field Description NAT address-group information NAT address pool information There are currently 1 nat address-group(s) For description on the specific fields, see the display nat address-group command. NAT bound information: Configuration information about internal address-to-external address translation.
NAT bound information: There are currently 3 nat bound rule(s) Interface:Vlan-interface10 Direction: outbound ACL: 2000 Address-group: 319 NO-PAT: Y Address-group: 300 NO-PAT: N VPN-instance: vpn1 Out-interface: --Next-hop: 100.100.100.1 Status:Active Interface:Vlan-interface10 Direction: inbound ACL: 3000 VPN-instance: vpn2 Out-interface: Vlan-interface200 Next-hop: 100.100.110.
View Any view Default level 1: Monitor level Parameters None Description Use the display nat dns-map command to display NAT DNS mapping configuration information. Related commands: nat dns-map. Examples # Display NAT DNS mapping configuration information. display nat dns-map NAT DNS mapping information: There are currently 2 NAT DNS mapping(s) Domain-name: www.server.com Global-IP : 202.113.16.117 Global-port: 80(www) Protocol : 6(tcp) Domain-name: ftp.server.com Global-IP : 202.113.16.
Parameters None Description Use the display nat server command to display information about internal servers. Related commands: nat server. Examples # Display information about internal servers. display nat server NAT server in private network information: There are currently 2 internal server(s) Interface: Vlan-interface10, Protocol: 6(tcp) Global: 100.100.120.120 : 21(ftp) Local : 192.168.100.100 : 21(ftp) Status:Inactive Interface: Vlan-interface11, Protocol: 6(tcp) Global: 100.100.100.
Field Description Private network information of a server. • For a common internal server, this field displays the private IP address and port number of the server, and the name of the VPN instance that the private IP address belongs to. Local • For an internal server in load sharing mode, this field displays the internal server group name, name of the VPN instance that the private IP address belongs to, internal server member information, and the number of current connections of each member.
single static: Local-IP : 4.4.4.4 Global-IP : 5.5.5.
View Any view Default level 1: Monitor level Parameters None Description Use the display nat statistics command to display NAT statistics. Examples # Display NAT statistics.
Description Use the display userlog export command to view the configuration and statistics of logs output to the log server. This command can display all types of logs output to the log server, but it only displays NAT logs in this document. Related commands: reset userlog nat export. Examples # View the configuration and statistics of NAT logs.
address. If the start-address and end-address parameters have the same value, there is only one IP address in the address pool. You cannot remove an address pool that has been associated with an ACL. An address pool is not needed in the case of Easy IP where the interface’s public IP address is used as the translated IP address. Related commands: display nat address-group. Examples # Configure an address pool numbered 1 that contains addresses 202.110.10.10 to 202.110.10.15.
nat outbound Syntax nat outbound [ acl-number ] [ address-group group-number [ no-pat ] ] [ track vrrp virtual-router-id ] undo nat outbound [ acl-number ] [ address-group group-number [ no-pat ] ] [ track vrrp virtual-router-id ] View Interface view Default level 2: System level Parameters acl-number: ACL number, in the range 2000 to 3999. address-group group-number: Specifies an existing address pool for NAT by its index. The group-number argument is in the range of 0 to 255.
• When the undo nat outbound command is executed to remove an association, the NAT address mapping entries depending on the association are not deleted; they will be aged out automatically after 5 to 10 minutes. During this period, the involved users cannot access external networks whereas all the other users are not affected. • When an ACL rule is not operative, no new NAT session entry depending on the rule can be created. However, existing connections are still available for communication.
View Interface view Default level 2: System level Parameters track vrrp virtual-router-id: Associates static NAT with a VRRP group. The virtual-router-id argument indicates the number of the VRRP group, in the range of 1 to 255. Without this argument specified, no VRRP group is associated. Description Use the nat outbound static command to enable static NAT on an interface, making the configured static NAT mappings take effect.
interface-type interface-number: Specifies the interface type and interface number. Only loopback interface is supported and must be configured; otherwise the configuration is considered illegal. current-interface: Uses the current interface address as the public IP address for the internal server. global-port1, global-port2: Specifies a range of ports that have a one-to-one correspondence with the IP addresses of the internal hosts. global-port2 must be greater than global-port1.
CAUTION: When the protocol type is not udp (with a protocol number of 17) or tcp (with a protocol number of 6), you can configure one-to-one NAT between an internal IP address and an external IP address only, but cannot specify port numbers. Examples # Allow external hosts to ping the host with an IP address of 10.110.10.12 in VPN vrf10 by using the ping 202.110.10.11 command. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet 0/1] nat server protocol icmp global 202.
nat static net-to-net Syntax nat static net-to-net local-network global-network { netmask-length | netmask } undo nat static net-to-net local-network global-network { netmask-length | netmask } View System view Default level 2: System level Parameters local-start-address local-end-address: Private network address range, which contains at most 255 IP addresses. local-network: Private network address. global-network: Public network address. mask-length: Length of the network mask. mask: Network mask.
ALG configuration commands alg Syntax alg { all | dns | ftp | h323 | ils | msn | nbt | pptp | qq | rtsp | sip | sqlnet | tftp } undo alg { all | dns | ftp | h323 | ils | msn | nbt | pptp | qq | rtsp | sip | sqlnet | tftp } View System view Default level 2: System level Parameters all: Enables ALG for all protocols. dns: Enables ALG for DNS. ftp: Enables ALG for FTP. h323: Enables ALG for H.323. ils: Enables ALG for ILS. msn: Enables ALG for MSN. nbt: Enables ALG for NBT. pptp: Enables ALG for PPTP.
IP routing configuration commands NOTE: The term router in this document refers to devices with routing capabilities. Basic IP routing configuration commands display ip routing-table Syntax display ip routing-table [ verbose | | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters verbose: Displays detailed routing table information, including that for inactive routes.
display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 1.1.2.0/24 1.1.2.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 1.1.2.1 GE0/1 Direct 0 0 127.0.0.1 InLoop0 2.2.2.0/24 OSPF 2 1.1.2.2 GE0/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 Direct 0 0 192.168.0.1 VT1 192.168.0.1/32 Direct 0 0 127.0.0.
Tunnel ID: 0x0 State: Active NoAdv Label: NULL Age: 06h46m22s Tag: 0 Destination: 2.2.2.0/24 Protocol: OSPF Preference: 10 NextHop: 1.1.2.2 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active Adv Process ID: 1 Cost: 2 Interface: GigabitEthernet0/2 BkInterface: Neighbor : 0.0.0.0 Label: NULL Age: 00h00m53s Tag: 0 Destination: 127.0.0.0/8 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.
BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 Neighbor : 0.0.0.0 Label: NULL State: Active NoAdv Age: 06h46m35s Tag: 0 Displayed first are statistics for the whole routing table, followed by detailed description of each route (in sequence).
Field Description Reject The packets matching a Reject route will be dropped. Besides, the router sends ICMP unreachable messages to the sources of the dropped packets. The Reject routes are usually used for network testing. Static A static route is not lost when you perform the save operation and then restart the router. Routes configured manually are marked as static. Unicast Unicast routes Inactive Inactive routes Invalid Invalid routes WaitQ The route is the WaitQ during route recursion.
[Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.1.0.0 0.0.255.255 [Sysname-acl-basic-2000] rule deny source any # Display brief information about active routes permitted by basic ACL 2000. [Sysname-acl-basic-2000] display ip routing-table acl 2000 Routes Matched by Access list : 2000 Summary Count : 6 Destination/Mask Proto 10.1.1.0/24 10.1.1.2/32 Pre Cost NextHop Interface Direct 0 0 10.1.1.2 Vlan1 Direct 0 0 127.0.0.1 InLoop0 10.1.2.0/24 Direct 0 0 10.1.2.
Tag: 0 Destination: 10.1.2.1/32 Protocol: Direct Process ID: 0 Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 Cost: 0 Interface: InLoopBack0 Neighbour: 0.0.0.0 Label: NULL State: Active NoAdv Age: 1d00h05m42s Tag: 0 Destination: 10.1.3.0/24 Protocol: Direct Process ID: 0 Preference: 0 NextHop: 10.1.3.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 Cost: 0 Interface: GigabitEthernet0/1 Neighbour: 0.0.0.0 Label: NULL State: Active Adv Age: 1d00h05m31s Tag: 0 Destination: 10.1.3.
verbose: Displays detailed routing table information, including both active and inactive routes. With this argument absent, the command displays only brief information about active routes. Description Use the display ip routing-table ip-address command to display information about routes to a specified destination address.
[Sysname] display ip routing-table 11.1.1.1 longer-match Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre 11.1.1.0/24 Static 60 Cost NextHop Interface 0 0.0.0.0 NULL0 # Display route entries by specifying a destination IP address and mask. [Sysname] display ip routing-table 11.1.1.1 24 Routing Table : Public Summary Count : 3 Destination/Mask Proto 11.0.0.0/8 11.1.0.0/16 11.1.1.0/24 Pre Cost NextHop Interface Static 60 0 0.0.0.0 NULL0 Static 60 0 0.0.0.
Parameters ip-prefix-name: IP prefix list name, a string of 1 to 19 characters. verbose: Displays detailed routing table information, including that for inactive routes. With this argument absent, the command displays only brief information about active routes. Description Use the display ip routing-table ip-prefix command to display information about routes permitted by a specified prefix list. This command is usually used together with routing policy display commands.
For description of the output, see Table 25. display ip routing-table protocol Syntax display ip routing-table protocol protocol [ inactive | verbose ] View Any view Default level 1: Monitor level Parameters protocol: Routing protocol. It can be bgp, direct, ospf, rip, static, or guard. inactive: Displays information about only inactive routes. With this argument absent, the command displays information about both active and inactive routes. verbose: Displays detailed routing table information.
Static Routing table Status : < Active> Summary Count : 0 Static Routing table Status : < Inactive> Summary Count : 2 Destination/Mask Proto Pre Cost NextHop Interface 1.2.3.0/24 Static 60 0 1.2.4.5 Vlan10 3.0.0.0/8 Static 60 0 2.2.2.2 GE0/1 For description of the output, see Table 24.
Field Description Total Total number display router id Syntax display router id View Any view Default level 1: Monitor level Parameters None Description Use the display router id command to display the router ID. Examples # Display the router ID. display router id Configured router ID is 1.1.1.1 router id Syntax router id router-id undo router id View System view Default level 2: System level Parameters router-id: Router ID, expressed as an IPv4 address.
• If no loopback interface IP address is available, the highest physical interface IP address is selected as the router ID (regardless of the interface state). • If the interface whose IP address is the router ID is removed or modified, a new router ID is selected.
When you use this command to delete static routes, the system will prompt you to confirm the operation before deleting all the static routes. Related commands: display ip routing-table and ip route-static. Examples # Delete all static routes on the router.
When configuring a unicast static route, follow these guidelines: 1. If the destination IP address and the mask are both 0.0.0.0 (or 0), the configured route is a default route. The default route will be used for forwarding a packet if no route is available for the packet in the routing table. 2. Implement different routing policies by tuning route preference.
View System view Default level 2: System level Parameters default-preference-value: Default preference for static routes, which is in the range of 1 to 255. Description Use the ip route-static default-preference command to configure the default preference for static routes. Use the undo ip route-static default-preference command to restore the default. By default, the default preference of static routes is 60. If no preference is specified when configuring a static route, the default preference is used.
IPv4 DNS configuration commands display dns domain Syntax display dns domain [ dynamic ] View Any view Default level 1: Monitor level Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. Description Use the display dns domain command to display the domain name suffixes. Related commands: dns domain. Examples # Display domain name suffixes. display dns domain Type: D:Dynamic S:Static No.
Default level 1: Monitor level Parameters None Description Use the display dns dynamic-host command to display the information of the dynamic IPv4 domain name resolution cache. Related commands: reset dns dynamic-host. Examples # Display the information of the dynamic IPv4 domain name resolution cache. display dns dynamic-host No. Host IP Address TTL 1 www.baidu.com 202.108.249.134 63000 2 www.yahoo.akadns.net 66.94.230.39 24 3 www.hotmail.com 207.68.172.239 3585 4 www.eyou.
Examples # Display the IPv4 DNS server information. display dns server Type: D:Dynamic DNS Server 1 S:Static Type IP Address S 169.254.65.125 Table 29 Output description Field Description DNS Server Sequence number of the DNS server, configured automatically by the device, starting from 1. Type Type of domain name server: S represents a statically configured DNS server, and D represents a DNS server obtained dynamically through DHCP.
Field Description Time to live. 0 means that the static mapping will never age out. Age Flags Address You can only manually remove the static mappings between host names and IPv4 addresses. Indicates the mapping type. Static represents static IPv4 domain name resolution.
View System view Default level 2: System level Parameters None Description Use the dns proxy enable command to enable DNS proxy. Use the undo dns proxy enable command to disable DNS proxy. By default, DNS proxy is disabled. Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns resolve Syntax dns resolve undo dns resolve View System view Default level 2: System level Parameters None Description Use the dns resolve command to enable dynamic domain name resolution.
undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address View System view, interface view Default level 2: System level Parameters ip-address: IPv4 address of the DNS server. Description Use the dns server command to specify a DNS server. Use the undo dns server to remove DNS server(s). No DNS server is specified by default. Running the undo dns server command in system view will delete all DNS servers configured in system view and interface view.
Description Use the dns spoofing command to enable DNS spoofing. Use the undo dns spoofing command to disable DNS spoofing. By default, DNS spoofing is disabled. With DNS proxy enabled but no DNS server specified or no DNS server reachable, a LB module cannot forward a DNS request, or answer the request. You can enable DNS spoofing on the LB module to spoof a reply with the configured IP address.
reset dns dynamic-host Syntax reset dns dynamic-host View User view Default level 2: System level Parameters None Description Use the reset dns dynamic-host command to clear the information of the dynamic IPv4 domain name resolution cache. Related commands: display dns dynamic-host. Examples # Clear the information of the dynamic IPv4 domain name resolution cache.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a LB module. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ABCDFGILMNPRSTUVW display ip routing-table protocol,104 A display ip routing-table statistics,105 alg,93 display isolate-user-vlan,58 arp check enable,62 display local-proxy-arp,72 arp max-learning-num,62 display mac-address,33 arp send-gratuitous-arp,69 display mac-address aging-time,34 arp static,63 display mac-forwarding statistics,38 arp timer aging,64 display nat address-group,75 B display nat all,75 broadcast-suppression,17 display nat bound,78 broadcast-suppression,43 displa
ip address,48 port hybrid vlan,54 ip address,31 port inline-interfaces,41 ip host,117 port link-mode,13 ip route-static,108 port link-type,55 ip route-static default-preference,109 port trunk permit vlan,56 isolate-user-vlan,59 port trunk pvid vlan,57 isolate-user-vlan enable,60 proxy-arp enable,73 L R local-proxy-arp enable,73 reset arp,67 loopback,13 reset counters interface,26 reset counters interface,14 M reset dns dynamic-host,118 mac-address (interface view),35 reset ip routing-
