HP High-End Firewalls High Availability Command Reference Part number: 5998-2662 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents VRRP configuration commands ··································································································································· 1 IPv4-based VRRP configuration commands ···················································································································· 1 display vrrp ······························································································································································· 1 display
description (any NQA test type view) ················································································································· 45 destination ip ························································································································································· 46 destination port ······················································································································································ 46 display nqa his
Ethernet link aggregation configuration commands ································································································ 93 default ····································································································································································· 93 description ······························································································································································ 93 display inte
VRRP configuration commands NOTE: • The term router in this document refers to both routers and Layer 3 firewalls. • The interfaces that VRRP involves can only be Layer 3 Ethernet interfaces and Layer 3 aggregate interfaces unless otherwise specified. • VRRP cannot be configured on interfaces in aggregation group.
on the interface is displayed. If you specify neither, the state information of all the VRRP groups on the router is displayed. Examples # Display brief information about all VRRP groups on the device.
Auth Type : Simple Virtual IP : 1.1.1.1 Key Virtual MAC : 0000-5e00-0101 Master IP : 1.1.1.2 : hello VRRP Track Information: Track Object : 1 Track Interface: GE0/3 State : Not Existing Switchover State : Down Pri Reduced : 2 Table 2 Command output Field Description Run Mode Current VRRP working mode. The mode is standard mode.
Field Description Virtual MAC Virtual MAC address that corresponds to the virtual IP address of the VRRP group. It is displayed only when the router is in the state of master. Master IP Primary IP address of the interface where the router in the state of master resides VRRP Track Information Information about the tracked interface or object. It is displayed only when the vrrp vrid track or vrrp vrid track interface command is executed. Track Interface Interface to be tracked.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description Invalid Auth Type Number of packets with authentication failures due to invalid authentication types Auth Type Mismatch Number of packets with authentication failures due to mismatching authentication types Packet Length Errors Number of packets with VRRP packet length errors Address List Errors Number of packets with virtual IP address list errors Become Master Number of times that the router worked as the master Priority Zero Pkts Rcvd Number of received advertisements with
reset vrrp statistics vrrp dot1q Syntax vrrp dot1q vid vlan-id [ secondary-dot1q secondary-vlan-id ] undo vrrp dot1q View Interface view Default level 2: System level Parameters vid vlan-id: Outer VLAN ID, which ranges from 1 to 4094. secondary-dot1q secondary-vlan-id: Inner VLAN ID. The secondary-vlan-id argument ranges from 1 to 4094. Description Use vrrp dot1q to specify a VRRP control VLAN for the subinterface configured with VLAN termination. Use undo vrrp dot1q to restore the default.
Parameters real-mac: Maps the real MAC address of the interface to the virtual IP address of the VRRP group. virtual-mac: Maps the virtual MAC address to the virtual IP address of the VRRP group. Description Use vrrp method to specify the type of the MAC addresses mapped to the virtual IP addresses of the VRRP groups. Use undo vrrp method to restore the default. By default, the virtual MAC addresses are mapped to the virtual IP addresses of the VRRP groups.
Examples # Disable TTL check on VRRP packets. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] vrrp un-check ttl vrrp vrid authentication-mode Syntax vrrp vrid virtual-router-id authentication-mode { md5 | simple } key undo vrrp vrid virtual-router-id authentication-mode View Interface view Default level 2: System level Parameters virtual-router-id: VRRP group number, which ranges from 1 to 255. md5: Authentication using the MD5 algorithm.
[Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] vrrp vrid 1 virtual-ip 10.1.1.1 [Sysname-GigabitEthernet0/1] vrrp vrid 1 authentication-mode simple Sysname vrrp vrid preempt-mode Syntax vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ] undo vrrp vrid virtual-router-id preempt-mode [ timer delay ] View Interface view Default level 2: System level Parameters virtual-router-id: Virtual router ID or VRRP group number, which ranges from 1 to 255.
undo vrrp vrid virtual-router-id priority View Interface view Default level 2: System level Parameters virtual-router-id: VRRP group number, which ranges from 1 to 255. priority-value: Priority value of the router in the specified VRRP group, which ranges from 1 to 254. A higher number indicates a higher priority. Description Use vrrp vrid priority to configure the priority of the router in the specified VRRP group. Use undo vrrp vrid priority to restore the default.
adver-interval: Interval at which the master in the specified VRRP group sends VRRP advertisements. It ranges from 1 to 255 seconds. Description Use vrrp vrid timer advertise to configure the Adver_Timer of the specified VRRP group. Use undo vrrp vrid timer advertise to restore the default. By default the Adver_Timer is 1 second. The Adver_Timer controls the interval at which the master sends VRRP packets.
By default, a VRRP group is not associated with any track entry. When the associated track entry changes to the negative state, the priority of the router in the VRRP group decreases by a specified value, or the router immediately takes over as the master if it is a backup router, depending on your configuration. If neither reduced priority-reduced nor switchover is specified, the priority of the router in the VRRP group decreases by 10 when the track entry changes to negative.
Use undo vrrp vrid track interface to disable tracking the specified interface. By default, no interface is tracked. When the uplink interface of a router in a VRRP group fails, usually the VRRP group cannot be aware of the uplink interface failure. If the router is the master of the VRRP group, hosts on the LAN are not able to access external networks because of the uplink failure. This problem can be solved through tracking a specified uplink interface.
Use undo vrrp vrid virtual-ip to remove an existing VRRP group or the virtual IP address of the VRRP group. By default, no VRRP group is created. The system removes a VRRP group after you delete all the virtual IP addresses in it. The virtual IP address of a VRRP group cannot be 0.0.0.0, 255.255.255.255, loopback address, non A/B/C address and other illegal IP addresses such as 0.0.0.1.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display vrrp ipv6 to display the state information of VRRP groups for IPv6. If you do not specify the verbose keyword, only the brief state information of VRRP groups is displayed. If you specify both an interface and a VRRP group, only the state information of the specified VRRP group on the interface is displayed.
Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface GigabitEthernet0/1 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 150 Running Pri : 140 Preempt Mode : Yes Delay Time : 10 Auth Type : Simple Key : hello Virtual IP : FE80::1 Virtual MAC : 0000-5e00-0201 Master IP : FE80::2 VRRP Track Information: Track Object : 10 Track Interface: GE0/3 State : Not Existing Switchover State : Down Pri Reduced : 50 Table 5
Field Become Master Description Time to wait before the router becomes the master. The unit is milliseconds. Only routers in backup mode have such information. Authentication type: Auth Type • None—No authentication. • Simple—Simple text authentication. Key Authentication key. Virtual IP Virtual IPv6 addresses of the VRRP group. Virtual MAC Virtual MAC address that corresponds to the virtual IPv6 address of the VRRP group. It is displayed only when the router is in the state of master.
Default level 1: Monitor level Parameters interface interface-type interface-number: Displays VRRP group statistics information of the specified interface. interface-type interface-number specifies an interface by its type and number. vrid virtual-router-id: Displays statistics information of the specified VRRP group. virtual-router-id specifies a VRRP group by its group number, which ranges from 1 to 255. |: Filters command output by specifying a regular expression.
Field Description VRID ID of the VRRP group CheckSum Errors Number of packets with checksum errors Version Errors Number of packets with version errors Invalid Type Pkts Rcvd Number of packets with incorrect packet type Advertisement Interval Errors Number of packets with advertisement interval errors Hop Limit Errors Number of packets with hop limit errors Auth Failures Number of packets with authentication failures Invalid Auth Type Number of packets with authentication failures due to in
Description Use reset vrrp ipv6 statistics to clear VRRP group statistics. If you specify both an interface and a VRRP group, the statistics about the specified VRRP group on the specified interface are cleared. If you specify only an interface, the statistics about all the VRRP groups on the interface are cleared. If you specify neither, the statistics about all the VRRP groups on the router are cleared. Related commands: display vrrp ipv6 statistics.
View Interface view Default level 2: System level Parameters virtual-router-id: VRRP group number, which ranges from 1 to 255. simple: Sets the authentication mode to plain text authentication. key: Authentication key of 1 to 8 case-sensitive characters in plain text. Description Use vrrp ipv6 vrid authentication-mode to configure authentication mode and authentication key for the VRRP groups to send and receive VRRP packets. Use undo vrrp ipv6 vrid authentication-mode to restore the default.
Description Use vrrp ipv6 vrid preempt-mode to configure preemption on the router and configure its preemption delay in a specific VRRP group. Use undo vrrp ipv6 vrid preempt-mode to disable preemption on the router in a specific VRRP group. As a result, the router operates in non-preemptive mode. Use undo vrrp ipv6 vrid preempt-mode timer delay to restore the default preemption delay. The router operates in preemption mode and the preemption delay is zero seconds.
Before executing the command, create a VRRP group on an interface and configure the virtual IPv6 address of the VRRP group. The role that a router plays in a VRRP group depends on its priority. A higher priority means that the router is more likely to become the master. Priority 0 is reserved for special use and 255 for the IP address owner. If the router is the IP address owner, its priority is always 255. Therefore, it remains as the master as long as it is functioning properly.
[Sysname-GigabitEthernet0/1] vrrp ipv6 vrid 1 virtual-ip fe80::2 link-local [Sysname-GigabitEthernet0/1] vrrp ipv6 vrid 1 timer advertise 500 vrrp ipv6 vrid track Syntax vrrp ipv6 vrid virtual-router-id track track-entry-number [ reduced priority-reduced | switchover ] undo vrrp ipv6 vrid virtual-router-id track [ track-entry-number ] View Interface view Default level 2: System level Parameters virtual-router-id: Specifies a VRRP group number, which ranges from 1 to 255.
IMPORTANT: You must create the VRRP group and assign a virtual IP address to it before you can associate it with any track entry. The vrrp ipv6 vrid track command cannot take effect on an IP address owner. If you have configured the command on an IP address owner, the configuration takes effect after the router changes to be a non IP address owner. You can create a track entry with the track command before or after you associate it with an IPv6 VRRP group.
Before executing the command, create a VRRP group on an interface and configure the virtual IPv6 address of the VRRP group. If you configure an interface to be tracked on a router that is the IP address owner in a VRRP group, the configuration does not take effect. If the router is not the IP address owner in the VRRP group later, the configuration takes effect. When the status of the tracked interface turns from down or removed to up, the corresponding router restores its priority automatically.
After you remove all virtual IPv6 addresses, the VRRP group is automatically removed. The first address assigned to the group must be removed the last. Related commands: display vrrp ipv6. Examples # Create VRRP group 1, and configure its virtual IPv6 address as fe80::10. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local # Configure the virtual IPv6 address of VRRP group 1 as 1::10.
IPC configuration commands The display commands in this document display only information about active nodes. display ipc channel Syntax display ipc channel { node node-id | self-node } [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters node node-id: Displays channel information for a node. The node-id argument takes a node number of 0 or 1. self-node: Displays channel information for the local node.
Table 7 Command output Field Description ChannelID Channel number, which has been predefined and assigned by the system. One channel number corresponds to one module. The display ipc channel command displays the numbers of the current active modules. Description Description information, which is generated by the internal software of the device, is used to describe the functions of a channel. For example, "FIB4" indicates that the channel is used for Layer 3 fast forwarding. "Prehistorical channel, NO.
Field Description Link status: LinkStatus UP—The connection has been established. DOWN—The connection has been terminated. display ipc multicast-group Syntax display ipc multicast-group { node node-id | self-node } [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters node node-id: Displays multicast group information for a node. The node-id argument takes a node number of 0 or 1.
Field Description ChannelID Channel number display ipc node Syntax display ipc node [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters node node-id: Displays the packet statistics for a node. The node-id argument takes a node number of 0 or 1. self-node: Displays the packet statistics for the local node. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
display ipc performance Syntax display ipc performance { node node-id | self-node } [ channel channel-id ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters node node-id: Displays the IPC performance statistics for a node. The node-id argument takes a node number of 0 or 1. self-node: Displays the IPC performance statistics for the local node.
-----------------------------------------------------------1 1 1 0 82 Statistics for packets acknowledged: Peak 10Sec 1Min 5Min Total-Data -----------------------------------------------------------1 1 1 0 78 Table 12 Command output Field Description Peak Peak rate in pps (average rate is computed every 10 seconds, and the greatest average rate is taken as the peak rate). 10Sec Average rate (in pps) in the last 10 seconds. 1Min Average rate (in pps) in the last 1 minute.
-----------------------------------------------------------UNICAST 0 0 4096 0 0 UNICAST 1 0 4096 0 0 UNICAST 2 0 4096 0 0 UNICAST 3 0 4096 0 0 UNICAST 0 1 4096 0 0 UNICAST 1 1 4096 0 0 UNICAST 2 1 4096 0 0 UNICAST 3 1 4096 0 0 MULTICAST 0 -- 4096 0 0 MULTICAST 1 -- 4096 0 0 MULTICAST 2 -- 512 0 0 MULTICAST 3 -- 512 0 0 MULTICAST 4 -- 512 0 0 MULTICAST 5 -- 512 0 0 MIXCAST 0 -- 2048 0 0 MIXCAST 1 -- 2048 0 0 Table
self-node: Enables IPC performance statistics of the local node. channel channel-id: Enables IPC performance statistics information of the specified channel, where channel-id represents the channel number. The value is in the range 0 to 255. Description Use ipc performance enable to enable IPC performance statistics. Use undo ipc performance to disable IPC performance statistics. By default, IPC performance statistics is disabled.
Track configuration commands display track Syntax display track { track-entry-number | all } [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters track-entry-number: Displays information about the specified track entry, which ranges from 1 to 1024. all: Displays information about all track entries. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Protocol : IPv4 Table 14 Command output Field Description Track ID ID of a track entry. Status of a track entry: Status • Positive—The tracked object functions properly. • Invalid—The tracked object is invalid. • Negative—The tracked object is abnormal. notify 13 seconds later The track module notifies the application modules of the track entry state change 13 seconds later. The information is not displayed after the track module notifies the application modules.
interface interface-type interface-number: Specifies the outgoing interface for BFD echo packets. interface-type interface-number represents the interface type and interface number. remote ip remote-ip: Specifies the destination IP address of the BFD echo packets. local ip local-ip: Specifies the source IP address of the BFD echo packets. delay: Specifies that the track module notifies the application modules of the track entry status change after a specified delay time.
View System view Default level 2: System level Parameters track-entry-number: Track entry ID, which ranges from 1 to 1024. entry admin-name operation-tag: Specifies the NQA test group to be associated with the track entry. admin-name is the name of the NQA test group administrator who creates the NQA operation, a case-insensitive string of 1 to 32 characters. operation-tag is the NQA operation tag, a case-insensitive string of 1 to 32 characters.
View System view Default level 2: System level Parameters track-entry-number: Track entry ID, which ranges from 1 to 1024. interface-type interface-number: Specifies an interface by its type and number . delay: Specifies that the track module notifies the application modules of the track entry status change after a specified delay time. If this keyword is not provided, the track module notifies the application modules immediately when the track entry status changes.
View System view Default level 2: System level Parameters track-entry-number: Track entry ID, which ranges from 1 to 1024. interface-type interface-number: Specifies an interface by its type and number. ipv4: IPv4 protocol status of the interface to be monitored. When the IPv4 protocol status of an interface is up, the status of the track object is Positive. When the IPv4 protocol status of an interface is down, the status of the track object is Negative.
NQA configuration commands NQA client configuration commands data-fill Syntax data-fill string undo data-fill View ICMP echo, UDP echo, UDP jitter test type view Default level 2: System level Parameters string: A case-sensitive string of 1 to 200 characters. Description Use data-fill to configure the string to be filled in the data field of a probe packet. Use undo data-fill to restore the default. By default, the string is the hexadecimal number 00010203040506070809.
data-size Syntax data-size size undo data-size View ICMP echo, UDP echo, UDP jitter test type view Default level 2: System level Parameters size: Size of the data field in a probe packet in bytes. It ranges from 20 to 8100 for probe packets of ICMP echo or UDP echo tests, and from 68 to 8100 for probe packets of UDP jitter tests. Description Use data-size to configure the size of the data field in each ICMP echo request of the ICMP echo tests or in each UDP packet of UDP echo or UDP jitter tests.
Description Use description to give a brief description of a test group, usually, the test type or test purpose of a test group. Use undo description to remove the configured description information. By default, no descriptive string is available for a test group. Examples # Configure the descriptive string for a test group as icmp-probe.
Default level 2: System level Parameters port-number: Destination port number of a test operation, which ranges from 1 to 65535. Description Use destination port to configure a destination port number for a test operation. Use undo destination port to remove the configured destination port number. By default, no destination port number is configured for a test operation. Do not perform a UDP jitter test on ports from 1 to 1023 (known ports).
The display nqa history command cannot show you the results of UDP jitter tests. To know the result of a UDP jitter test, use the display nqa result command to view the probe results of the latest NQA test, or use the display nqa statistics command to view the statistics of NQA tests. Examples # Display the history records of the NQA test group in which the administrator name is administrator, and the operation tag is test.
Parameters admin-name operation-tag: Displays current monitoring results of reaction entries in a test group. If these two arguments are not specified, monitoring results of all reaction entries of all test groups are displayed. admin-name represents the name of the NQA test group administrator who creates the NQA operation. It is a case-insensitive string of 1 to 32 characters. operation-tag represents the test operation tag. It is a case-insensitive string of 1 to 32 characters.
Table 18 Description on the threshold monitoring fields of the display nqa reaction counters command Monitored element probe-duration Threshold type Collect data in Checked Num Over-threshold Num accumulate Probes since the group starts Number of finished probes since the test group starts Number of probes of which the duration exceeds the threshold since the test group starts average — — — consecutive Probes since the test group starts Number of finished probes since the test group starts
Default level 1: Monitor level Parameters admin-name operation-tag: Displays results of the last test of a test group. If these two arguments are not specified, results of the last tests of all test groups are displayed. admin-name represents the name of the NQA test group administrator who creates the NQA operation. It is a case-insensitive string of 1 to 32 characters. operation-tag represents the test operation tag. It is a case-insensitive string of 1 to 32 characters.
Negative SD sum: 56 Negative DS sum: 99 Negative SD average: 14 Negative DS average: 14 Negative SD square sum: 946 Negative DS square sum: 1495 One way results: Max SD delay: 22 Max DS delay: 23 Min SD delay: 7 Min DS delay: 7 Number of SD delay: 10 Number of DS delay: 10 Sum of SD delay: 125 Sum of DS delay: 132 Square sum of SD delay: 1805 Square sum of DS delay: 1988 SD lost packet(s): 0 DS lost packet(s): 0 Lost packet(s) for unknown reason: 0 Table 19 Command output Field Descripti
Field Description Positive DS average Average of positive delay jitter from destination to source Positive SD square sum Square sum of positive delay jitters from source to destination Positive DS square sum Square sum of positive delay jitters from destination to source Min negative SD Minimum absolute value among negative delay jitters from source to destination Min negative DS Minimum absolute value among negative delay jitters from destination to source Max negative SD Maximum absolute valu
display nqa statistics Syntax display nqa statistics [ admin-name operation-tag ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters admin-name operation-tag: Displays statistics of the specified test group. If these two arguments are not specified, statistics of all test groups are displayed. admin-name represents the name of the NQA test group administrator who creates the NQA operation. It is a case-insensitive string of 1 to 32 characters.
Failures due to disconnect: 0 Failures due to no connection: 0 Failures due to sequence error: 0 Failures due to internal error: 0 Failures due to other errors: 0 Packet(s) arrived late: 0 UDP-jitter results: RTT number: 550 Min positive SD: 1 Min positive DS: 1 Max positive SD: 7 Max positive DS: 1 Positive SD number: 220 Positive DS number: 97 Positive SD sum: 283 Positive DS sum: 287 Positive SD average: 1 Positive DS average: 2 Positive SD square sum: 709 Positive DS square sum: 1937 Min neg
Field Description Min/Max/Average round trip time Minimum/maximum/average round-trip time in the unit of millisecond Square-Sum of round trip time Square sum of round-trip time Packet loss in test Average packet loss ratio Failures due to timeout Number of timeout occurrences in a test Failures due to disconnect Number of disconnections by the peer Failures due to no connection Number of failures to connect with the peer Failures due to sequence error Number of failures owing to out-of-sequen
Field Description Negative SD average Average absolute value of negative delay jitters from source to destination Negative DS average Average absolute value of negative delay jitters from destination to source Negative SD square sum Square sum of negative delay jitters from source to destination Negative DS square sum Square sum of negative delay jitters from destination to source One way results Uni-direction delay test result, displayed on in a UDP-Jitter test Max SD delay Maximum delay from
Threshold type Collect data in Checked Num Over-threshold Num average — — — consecutive Probes in the counting interval Number of finished probes in the counting interval Number of probes of which the duration exceeds the threshold in the counting interval accumulate Probes in the counting interval Number of finished probes in the counting interval Number of probe failures in the counting interval consecutive Probes in the counting interval Number of finished probes in the counting interva
Parameters filename: Name of the file transferred between the FTP server and the FTP client. The file name is a case-sensitive string of 1 to 200 characters. Description Use filename to specify a file to be transferred between the FTP server and the FTP client. Use undo filename to restore the default. By default, no file is specified. Examples # Specify the file to be transferred between the FTP server and the FTP client as config.txt.
history-record enable Syntax history-record enable undo history-record enable View Any NQA test type view Default level 2: System level Parameters None Description Use history-record enable to enable the saving of history records of an NQA test group. Use undo history-record enable to disable the history records saving function. By default, history records of an NQA test group are not saved. If the history records saving function is enabled, the system saves the history records.
Description Use history-record keep-time to set the lifetime of the history records in an NQA test group. Use undo history-record keep-time to restore the default. By default, the history records in an NQA test group are kept for 120 minutes. When an NQA test completes, the timing starts. All the records are removed when the lifetime is reached. Examples # Configure the lifetime of the history records in an NQA test group as 100 minutes.
http-version Syntax http-version v1.0 undo http-version View HTTP test type view Default level 2: System level Parameters v1.0: The HTTP version is 1.0 in an HTTP test. Description Use http-version to configure the HTTP version used in an HTTP test. Use undo http-version to restore the default. By default, HTTP 1.0 is used in an HTTP test. Examples # Configure the HTTP version as 1.0 in an HTTP test.
By default, the data transmission mode is active. Examples # Set the data transmission mode to passive for FTP tests. system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] mode passive next-hop Syntax next-hop ip-address undo next-hop View ICMP echo test type view Default level 2: System level Parameters ip-address: IP address of the next hop.
Parameters admin-name: Specifies the name of the NQA test group administrator who creates the NQA test operation, a case-insensitive string of 1 to 32 characters, with "-" excluded. operation-tag: Specifies the tag of a test operation, a case-insensitive string of 1 to 32 characters, with a hyphen (-) excluded. all: All NQA test groups. Description Use nqa to create an NQA test group and enter NQA test group view. Use undo nqa to remove the test group.
nqa agent max-concurrent Syntax nqa agent max-concurrent number undo nqa agent max-concurrent View System view Default level 2: System level Parameters number: Maximum number of the tests that the NQA client can simultaneously perform. The value ranges from 1 to 5. Description Use nqa agent max-concurrent to configure the maximum number of tests that the NQA client can simultaneously perform. Use undo nqa agent max-concurrent to restore the default. By default, the maximum number is 2.
yyyy/mm/dd: Start date of a test group. The default value is the current system time, and yyyy ranges from 2000 to 2035. now: Starts the tests for a test group immediately. lifetime: Specifies the duration of the test operation. lifetime: Duration of the test operation in seconds, which ranges from 1 to 2147483647. forever: Specifies that the tests are performed for a test group forever. Description Use nqa schedule to configure the test start time and test duration for a test group.
system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type ftp [Sysname-nqa-admin-test-ftp] operation put operation (HTTP test type view) Syntax operation { get | post } undo operation View HTTP test type view Default level 2: System level Parameters get: Obtains data from the HTTP server. post: Transfers data to the HTTP server. Description Use operation to configure the HTTP operation type. Use undo operation to restore the default. By default, the HTTP operation type is get.
Description Use operation interface to specify the interface to perform a DHCP test. The specified interface must be up; otherwise, no probe packets can be sent out. Use undo operation interface to restore the default. By default, no interface is specified to perform a DHCP test. Examples # Specify the interface to perform a DHCP test as GigabitEthernet 0/1.
View DHCP, DLSw, FTP, HTTP, ICMP echo, SNMP, TCP, UDP echo, UDP jitter test type view Default level 2: System level Parameters times: Number of probe operations per test, which ranges from 1 to 15. Description Use probe count to configure the number of probe operations to be performed per test. Use undo probe count to restore the default. By default, one probe operation is performed in an NQA test. Probe operations vary with NQA test types.
Parameters packet-interval: Interval for sending packets per probe operation, which ranges from 10 to 60000 milliseconds. Description Use probe packet-interval to configure the interval for sending packets per probe operation. Use the undo probe-interval command to restore the default. By default, the interval is 20 milliseconds. Examples # Configure the UDP jitter test group to send packets at an interval of 100 milliseconds during each probe operation.
probe packet-timeout Syntax probe packet-timeout packet-timeout undo probe packet-timeout View UDP jitter test type view Default level 2: System level Parameters packet-timeout: Timeout time for waiting for responses in a UDP jitter test, which ranges from 10 to 3600000 milliseconds. Description Use probe packet-timeout to configure the timeout time for waiting for a response in a UDP jitter test. Use undo probe packet-timeout to restore the default.
By default, the timeout time is 3000 milliseconds for a probe operation. This command is not supported by UDP jitter tests. Examples # Configure the timeout time for a DHCP probe operation as 10000 milliseconds.
Use the undo reaction command to delete a specified reaction entry. By default, no reaction entry for monitoring one-way delay jitter is configured. Only successful probe packets are monitored. The data of a failed probe packet is not counted. Examples # Create reaction entry 1 for monitoring the average destination-to-source delay jitter of UDP jitter probe packets. Set the upper threshold to 50 milliseconds, and the lower threshold to 5 milliseconds.
lower-threshold: Lower threshold, which ranges from 0 to 3600000. It must not be greater than the upper threshold. Description Use reaction checked-element { owd-ds | owd-sd } to configure a reaction entry for monitoring the one-way delay. You cannot edit a reaction entry. To change the attributes in a reaction entry, use the undo reaction command to delete this entire entry and start over. Use the undo reaction command to delete a specified reaction entry.
trap-only: Specifies to record events and send SNMP trap messages. Description Use reaction checked-element packet-loss to configure a reaction entry for monitoring the packet loss in each test of an NQA operation. You cannot edit a reaction entry. To change the attributes in a reaction entry, use the undo reaction command to delete this entire entry and start over. Use the undo reaction command to delete a specified reaction entry.
action-type: Specifies what action to be triggered to react to certain measurement conditions and it defaults to none. none: Specifies to only record events for terminal display, and not to send any trap messages. trap-only: Specifies to record events and send SNMP trap messages. Description Use reaction checked-element probe-duration to configure a reaction entry for monitoring the probe duration. You cannot edit a reaction entry.
reaction checked-element probe-fail (for trap) Syntax reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ] undo reaction item-number View DHCP, DLSw, FTP, HTTP, ICMP echo, SNMP, TCP, UDP echo test type view Default level 2: System level Parameters item-number: ID for a reaction entry, which ranges from 1 to 10. threshold-type: Specifies a threshold type.
system-view [Sysname] nqa entry admin test [Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-fail threshold-type consecutive 10 action-type trap-only reaction checked-element probe-fail (for trigger) Syntax reaction item-number checked-element probe-fail threshold-type consecutive consecutive-occurrences action-type trigger-only undo reaction item-number View DHCP, DLSw, FTP, HTTP, ICMP echo, SNMP, TCP, UDP echo test type view Default le
reaction checked-element rtt Syntax reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] undo reaction item-number View UDP jitter test type view Default level 2: System level Parameters item-number: ID for a reaction entry, which ranges from 1 to 10. threshold-type: Specifies a threshold type.
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type average threshold-value 50 5 action-type trap-only # Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets. Set the upper threshold to 50 milliseconds, and lower threshold to 5 milliseconds. Before the NQA test group starts, the initial state of the reaction entry is invalid. After each test, the packet round-trip time is checked against the threshold range.
route-option bypass-route Syntax route-option bypass-route undo route-option bypass-route View DLSw, FTP, HTTP, ICMP echo, SNMP, TCP, UDP echo, UDP jitter test type view Default level 2: System level Parameters None Description Use route-option bypass-route to enable the routing table bypass function to test the direct connectivity to the direct destination. Use undo route-option bypass-route to disable the routing table bypass function. By default, the routing table bypass function is disabled.
Use undo source interface to restore the default. By default, no source interface is configured for ICMP echo request packets. If you configure both the source interface command and the source ip command, the source ip command takes effect. Related commands: source ip. Examples # Specify the IP address of interface GigabitEthernet 0/1 as the source IP address of ICMP echo request packets.
source port Syntax source port port-number undo source port View SNMP, UDP echo, UDP jitter test type view Default level 2: System level Parameters port-number: Source port number of probe packets, which ranges from 1 to 50000. Description Use source port to configure the source port of probe packets. Use undo source port to remove the configured port number. By default, no source port number is configured. Examples # Configure port 8000 as the source port of probe packets in the UDP echo test group.
Examples # Configure the hold time of a statistics group as 3 minutes.
Default levels 2: System level Parameters interval: Interval in minutes for collecting statistics of the test results for a test group, which ranges from 1 to 35791394. Description Use statistics interval to configure the interval for collecting test result statistics for a test group. Use undo statistics interval to restore the default. By default, the interval is 60 minutes. NQA groups tests completed in the specified interval, and calculates the test result statistics.
[Sysname-nqa-admin-test-icmp-echo] tos 1 ttl Syntax ttl value undo ttl View DLSw, FTP, HTTP, ICMP echo, SNMP, TCP, UDP echo, UDP jitter test type view Default level 2: System level Parameters value: Maximum number of hops a probe packet traverses in the network, which ranges from 1 to 255. Description Use ttl to configure the maximum number of hops a probe packet traverses in the network. Use undo ttl to restore the default.
snmp: SNMP test. tcp: TCP test. udp-echo: UDP echo test. udp-jitter: UDP jitter test. Description Use type to configure the test type of the current test group and enter test type view. By default, no test type is configured. Examples # Configure the test type of a test group as FTP and enter operation view.
undo username View FTP test type view Default level 2: System level Parameters username: Username used to log in to the FTP server. The username takes a case-sensitive string of 1 to 32 characters. Description Use username to configure a username used to log onto the FTP server. Use undo username to remove the configured username. By default, no username is configured for logging onto the FTP server. Related commands: password and operation. Examples # Configure the login username as administrator.
[Sysname-nqa-admin-test] type icmp-echo [Sysname-nqa-admin-test-icmp-echo] vpn-instance vpn1 NQA server configuration commands NOTE: You only need to configure the NQA server for UDP jitter, TCP, and UDP echo tests. display nqa server status Syntax display nqa server status [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Field Description IP Address IP address specified for the TCP/UDP listening service on the NQA server. Port Port number of the TCP/UDP listening service on the NQA server. Listening service status: Status • active—Listening service is ready. • inactive—Listening service is not ready. nqa server enable Syntax nqa server enable undo nqa server enable View System view Default level 2: System level Parameters None Description Use nqa server enable to enable the NQA server.
Parameters ip-address: IP address specified for the TCP listening service on the NQA server. port-number: Port number specified for the TCP listening service on the NQA server, which ranges from 1 to 50000. Description Use nqa server tcp-connect to create a TCP listening service on the NQA server. Use undo nqa server tcp-connect to remove the TCP listening service created. Configure the command on the NQA server for TCP tests only.
Examples # Create a UDP listening service by using the IP address 169.254.10.2 and port 9000. system-view [Sysname] nqa server udp-echo 169.254.10.
Ethernet link aggregation configuration commands default Syntax default View Layer 2 aggregate interface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view Default level 2: System level Parameters None Description Use default to restore the default settings for an aggregate interface or subinterface. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
View Layer 2 aggregate interface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view Default level 2: System level Parameters text: Specifies the interface description, a string of 1 to 80 characters. Description Use description to configure a description for an interface. Fore example, you can include information such as the purpose of the interface for the ease of management. Use undo description to restore the default setting.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display interface to display aggregate interface information.
Speed or Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description BAGG1 DOWN auto A A 1 Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops # Display brief information about Layer 3 aggregate interface Route-Aggregation 1.
Field Description Input/Output (normal) Statistics of all normal packets received/sent on the interface. Line protocol current state Link layer state of the interface. IP packet processing. Internet protocol processing Disabled indicates that IP packets cannot be processed. For an interface configured with an IP address, this field changes to Internet Address is.
display lacp system-id Syntax display lacp system-id [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Default level 1: Monitor level Parameters bridge-aggregation: Displays the load sharing criterion or criteria of the aggregation group corresponding to the specified Layer 2 aggregate interface. route-aggregation: Displays the load sharing criterion or criteria of the aggregation group corresponding to the specified Layer 3 aggregate interface. interface-number: Specifies an existing aggregate interface number.
Layer 2 traffic: destination-ip address, destination-port, source-ip address, source-port, ip-protocol Layer 3 traffic: destination-ip address, destination-port, source-ip address, source-port, ip-protocol Table 25 Command output Field Description Link-Aggregation Load-Sharing Mode Global link-aggregation load sharing criteria. Link-aggregation load sharing criteria of the aggregation group corresponding to the aggregate interface Bridge-Aggregation 1.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display link-aggregation member-port to display detailed link aggregation information for the specified member ports. If no port is specified, this command displays detailed link aggregation information for all member ports.
View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Actor System ID Local system ID, which comprises the system LACP priority and the system MAC address. AGG Interface Type and number of the aggregate interface. AGG Mode Aggregation group type. Partner ID System ID of the partner, which comprises the system LACP priority and the system MAC address. Select Ports Total number of Selected ports. Unselect Ports Total number of Unselected ports. Share Type Load sharing type.
To display the information about all Layer 2 or Layer 3 aggregation groups, use display link-aggregation verbose bridge-aggregation or display link-aggregation verbose route-aggregation. To display information about all aggregation groups, use display link-aggregation verbose. The bridge-aggregation or route-aggregation keyword is available only after you create Layer 2 or Layer 3 aggregate interfaces on the device.
GE0/3 U 63 1 Table 28 Command output Field Description Load sharing type: Loadsharing Type • Shar—Load sharing. • NonS—Non-load sharing. Port Status Port state: Selected or unselected. LACP state flags: Flags Aggregation Interface • • • • • • • • A—LACP is enabled. B—Indicates the LACP short timeout. C—The sending system detects that the link is aggregatable. D—The sending system detects that the link is synchronized. E—The sending system detects that the incoming frames are collected.
Default level 2: System level Parameters None Description Use enable snmp trap updown to enable link state trapping for the aggregate interface. Use undo enable snmp trap updown to disable link state trapping for the aggregate interface. By default, link state trapping is enabled for an aggregate interface. With the link state trapping function enabled, an aggregate interface generates linkUp trap messages when its link goes up, and linkDown trap messages when its link goes down.
system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] interface route-aggregation Syntax interface route-aggregation { interface-number | interface-number.subnumber } undo interface route-aggregation { interface-number | interface-number.subnumber } View System view Default level 2: System level Parameters interface-number: Specifies a Layer 3 aggregate interface by its number, in the range of 1 to 1024 interface-number.
Default level 2: System level Parameters None Description Use lacp period short to set the LACP timeout interval on a port to the short timeout interval (1 second). Use undo lacp period to restore the default setting. The default LACP timeout interval is the long timeout interval (30 seconds). Examples # Set the LACP timeout interval on GigabitEthernet 0/1 to the short timeout interval (1 second).
undo link-aggregation load-sharing mode View System view, Layer 2 aggregate interface view, Layer 3 aggregate interface view Default level 2: System level Parameters destination-ip: Performs load sharing in link aggregation groups based on destination IP address. destination-port: Performs load sharing in link aggregation groups based on destination port. ip-protocol: Performs load sharing in link aggregation groups based on IP protocol type.
Use undo link-aggregation selected-port maximum to restore the default setting. By default, the maximum number of Selected ports allowed in an aggregation group depends on the hardware capabilities of the member ports. Executing this command might cause some of the selected member ports in the aggregation group to become unselected.
Examples # Configure the minimum number of Selected ports as 3 in the aggregation group corresponding to Layer 2 aggregate interface Bridge-Aggregation 1.
View Ethernet interface view Default level 2: System level Parameters port-priority: Specifies a port aggregation priority, ranging from 0 to 65535. The smaller the value, the higher the port aggregation priority. Description Use link-aggregation port-priority to set the aggregation priority of a port. Use undo link-aggregation port-priority to restore the default setting. The default aggregation priority of a port is 32768.
[Sysname-Route-Aggregation1] mtu 1430 port link-aggregation group Syntax port link-aggregation group number undo port link-aggregation group View Ethernet interface view Default level 2: System level Parameters number: Specifies the number of the aggregate interface corresponding to an aggregation group, in the range of 1 to 1024. Description Use port link-aggregation group to assign the Ethernet interface to the specified aggregation group.
route-aggregation: Clears statistics for Layer 3 aggregate interfaces. interface-number: Specifies an existing aggregate interface number. The value range for the interface-number argument is the set of all existing aggregate interface numbers. Description Use reset counters interface to clear the statistics about the specified aggregate interface or all aggregate interfaces.
shutdown Syntax shutdown undo shutdown View Layer 2 aggregate interface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view Default level 2: System level Parameters None Description Use shutdown to shut down the aggregate interface or subinterface. Use undo shutdown to bring up the aggregate interface or subinterface. By default, aggregate interfaces and subinterfaces are up.
BFD configuration commands The following matrix shows the feature and firewall compatibility: Feature F1000-A-EI/S-EI F1000-E F5000 Firewall module BFD No No Yes No bfd detect-multiplier Syntax bfd detect-multiplier value undo bfd detect-multiplier View Interface view Default level 2: System level Parameters value: Detect time multiplier, in the range of 3 to 50. Description Use bfd detect-multiplier to configure the detection time multiplier.
Parameters ip-address: Source IP address of BFD echo packets. Description Use bfd echo-source-ip to configure the source IP address of BFD echo packets. Use undo bfd echo-source-ip to remove the configured source IP address of BFD echo packets. Do not configure the source IP address of the BFD echo packets to belong to the same network segment as any interface address of the device. Otherwise a large amount of ICMP redirect packets may be sent by the remote device, causing network congestion.
View Interface view Default level 2: System level Parameters value: Minimum interval for receiving BFD control packets, in milliseconds. The value must be a multiple of 10. The value ranges from 10 to 1000, and the default is 400. Description Use bfd min-receive-interval to configure the minimum interval for receiving BFD control packets. Use undo bfd min-receive-interval to restore the default minimum interval for receiving BFD control packets.
Examples # Configure the minimum interval for transmitting BFD control packets on GigabitEthernet 4/2 as 500 milliseconds. system-view [Sysname] interface gigabitethernet 4/2 [Sysname-GigabitEthernet4/2] bfd min-transmit-interval 500 bfd multi-hop destination-port Syntax bfd multi-hop destination-port port-number undo bfd multi-hop destination-port View System view Default level 2: System level Parameters port-number: Destination port number of multi-hop BFD control packets, 3784 or 4784.
passive: Uses the passive mode. In the passive mode, BFD does not actively transmit a BFD control packet to the remote end; it transmits a BFD control packet only after receiving a BFD control packet from the remote end. Description Use bfd session init-mode to configure the mode for establishing a BFD session. Use undo bfd session init-mode to restore the default. By default, BFD uses the active mode. Examples # Configure the session establishment mode as passive.
display bfd interface Syntax display bfd interface [ verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters verbose: Displays detailed interface information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Table 29 Command output Field Description Interface Interface name. Session Num Number of sessions established on the local interface. Min Trans Inter Minimum control packet transmit interval configured on the interface. Min Recv Inter Minimum control packet receive interval configured on the interface. DetectMult Detection time multiplier. Min Echo Recv Inter Minimum echo packet receive interval configured on the interface. Auth mode Session authentication mode: simple, MD5, or SHA-1.
Examples # Display detailed BFD session information on the device. display bfd session verbose Total session number: 1 Up session number: 1 Init mode: Active Session working under Ctrl mode: Local Discr: 1 Source IP: 111.1.1.1 Remote Discr: 1 Destination IP: 111.1.1.
Field Description Session authentication mode: simple, MD5, or SHA-1. Auth mode The device does not support configuring the session authentication mode. Connect Type Connection type of the interface. Running up for Time interval for which the session has been up. Chassis/Board Num Chassis/card maintaining the session. Protocol Registered protocol. Diag Info Diagnostic information about the session.
Use undo snmp-agent trap enable bfd to disable sending BFD traps. By default, sending BFD traps is enabled. Examples # Disable sending BFD traps.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index BDEFHILMNOPRSTUVW display track,38 B display vrrp,1 bfd detect-multiplier,116 display vrrp ipv6,15 bfd echo-source-ip,116 display vrrp ipv6 statistics,18 bfd min-echo-receive-interval,117 display vrrp statistics,4 bfd min-receive-interval,117 Documents,126 bfd min-transmit-interval,118 bfd multi-hop destination-port,119 E bfd session init-mode,119 enable snmp trap updown,105 D F data-fill,44 filename,58 data-size,45 frequency,59 default,93 H description,93 history-record enable
source port,83 nqa agent max-concurrent,65 nqa schedule,65 statistics hold-time,83 nqa server enable,90 statistics interval,84 nqa server tcp-connect,90 statistics max-group,84 nqa server udp-echo,91 Subscription service,126 O T operation (FTP test type view),66 tos,85 operation (HTTP test type view),67 track bfd echo,39 operation interface,67 track interface,41 P track interface protocol,42 track nqa,40 password (FTP test type view),68 ttl,86 port link-aggregation group,113 type,86 p
